[Patch]: Update GitHub Actions dependencies to latest pinned versions#358
Merged
Conversation
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 7.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...9c091bb) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Super-linter summary
All files and directories linted successfully For more information, see the GitHub Actions workflow run Powered by Super-linter |
Bumps [PSModule/Publish-PSModule](https://github.com/psmodule/publish-psmodule) from 2.2.4 to 3.0.0. - [Release notes](https://github.com/psmodule/publish-psmodule/releases) - [Commits](PSModule/Publish-PSModule@8917aed...03c0f8b) --- updated-dependencies: - dependency-name: PSModule/Publish-PSModule dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 8.6.0 to 8.7.0. - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](super-linter/super-linter@9e86335...4ce2083) --- updated-dependencies: - dependency-name: super-linter/super-linter dependency-version: 8.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [super-linter/super-linter/slim](https://github.com/super-linter/super-linter) from 8.6.0 to 8.7.0. - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](super-linter/super-linter@9e86335...4ce2083) --- updated-dependencies: - dependency-name: super-linter/super-linter/slim dependency-version: 8.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…github_actions label
251465b to
4080e41
Compare
Copilot started reviewing on behalf of
Marius Storhaug (MariusStorhaug)
July 7, 2026 22:11
View session
Contributor
There was a problem hiding this comment.
Pull request overview
This PR consolidates Dependabot-driven GitHub Actions updates by repinning workflow uses: references to newer action SHAs/versions and updating Dependabot config so future GitHub Actions updates are grouped into a single PR.
Changes:
- Bump
actions/checkoutpins across workflows from v6.0.2 to v7.0.0 (SHA-pinned). - Bump
super-linter/super-linter(andslim) pins from v8.6.0 to v8.7.0 (SHA-pinned). - Update
.github/dependabot.ymlto use thegithub_actionslabel and group all GitHub Actions updates into one PR.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/Test-SourceCode.yml | Repin actions/checkout to v7.0.0. |
| .github/workflows/Test-ModuleLocal.yml | Repin actions/checkout to v7.0.0. |
| .github/workflows/Test-Module.yml | Repin actions/checkout to v7.0.0 (both jobs). |
| .github/workflows/Release.yml | Repin actions/checkout to v7.0.0. |
| .github/workflows/Publish-Module.yml | Repin actions/checkout to v7.0.0 and bump PSModule/Publish-PSModule to v3.0.0. |
| .github/workflows/Linter.yml | Repin actions/checkout to v7.0.0 and bump super-linter/super-linter to v8.7.0. |
| .github/workflows/Lint-SourceCode.yml | Repin actions/checkout to v7.0.0. |
| .github/workflows/Lint-Repository.yml | Repin actions/checkout to v7.0.0 and bump super-linter/super-linter to v8.7.0. |
| .github/workflows/Get-Settings.yml | Repin actions/checkout to v7.0.0. |
| .github/workflows/Build-Site.yml | Repin actions/checkout to v7.0.0. |
| .github/workflows/Build-Module.yml | Repin actions/checkout to v7.0.0. |
| .github/workflows/Build-Docs.yml | Repin actions/checkout to v7.0.0 and bump super-linter/super-linter/slim to v8.7.0. |
| .github/workflows/BeforeAll-ModuleLocal.yml | Repin actions/checkout to v7.0.0. |
| .github/workflows/AfterAll-ModuleLocal.yml | Repin actions/checkout to v7.0.0. |
| .github/dependabot.yml | Fix label to github_actions and group all github-actions ecosystem updates. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
32
to
34
| - name: Publish module | ||
| uses: PSModule/Publish-PSModule@8917aed588dae1bd1aa2873b1caec1c50c20d255 # v2.2.4 | ||
| uses: PSModule/Publish-PSModule@03c0f8b53d0367c85a0f121f98af9b40c817b0e3 # v3.0.0 | ||
| env: |
Marius Storhaug (MariusStorhaug)
added a commit
that referenced
this pull request
Jul 7, 2026
…363) The module publishing pipeline once again calculates and stamps the real release version before publishing, so consumer releases are versioned and tagged correctly instead of shipping the build-time placeholder. This reverts the premature `Publish-PSModule` major upgrade that left `main` in an inconsistent state. - Relates to #326 (move version calculation ahead of the build step) - Contains the regression introduced by #358 ## Fixed: Releases are versioned correctly again `Publish-PSModule` is pinned back to `v2.2.4`, which calculates the release version (from labels and tags) and stamps it into the module manifest at publish time. On `main`, `Build-PSModule` (v4) only stamps a `999.0.0` placeholder and does not compute the real version, and `Publish-PSModule` v3.0.0 is publish-only — it expects the manifest to already carry the final version. With v3.0.0 in place, nothing in the pipeline computed the real version, so a real consumer release would have published and tagged `999.0.0`. Reverting to `v2.2.4` restores the fully consistent old pipeline: Get-Settings → Build (v4, `999.0.0`) → Publish (v2.2.4, calculates + stamps). Only the `Publish-PSModule` pin is reverted. The other action bumps from #358 (`actions/checkout` v7.0.0, `super-linter` v8.7.0) are left in place. ## Technical Details - `.github/workflows/Publish-Module.yml`: `PSModule/Publish-PSModule` pin reverted `03c0f8b… # v3.0.0` → `8917aed… # v2.2.4`. This is the exact pin #358 replaced; no `with:` inputs changed — v2.2.4 consumes the version-calculation inputs the workflow already passes, whereas v3.0.0 silently ignored them. - `.github/workflows/Publish-Module.yml`: normalized the `APIKey` action input from `secrets.APIKEY` to `secrets.APIKey` to match the `APIKey` secret declaration and the other workflows (`workflow.yml`, `Workflow-Test-*.yml`). GitHub Actions secret names are case-insensitive, so this is a consistency-only change with no behavioral effect (flagged during Copilot review). - This is step 1 (containment) of #326. Follow-ups: release `Resolve-PSModuleVersion` with the #348 fix, then rebase and land PR #342 (Plan job + Build v5 + publish-only Publish) and re-pin the first-party actions together.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Consolidates the currently-passing Dependabot GitHub Actions updates into one change, so the pipeline moves to the latest action versions in a single release instead of separate bumps. It also configures Dependabot to group future GitHub Actions updates into one pull request, so this consolidated form happens automatically from now on.
Superseded Dependabot PRs: #351, #353, #354, #355 — Dependabot closes these automatically once this merges.
Updated GitHub Actions
This bundle includes two major action upgrades, so it is labelled
Majorand cuts a major release of Process-PSModule on merge.Changed: Dependabot groups GitHub Actions updates
.github/dependabot.ymlnow groups allgithub-actionsupdates into a single grouped pull request via agroupsblock. Thegithub_actionslabel is also corrected — it wasgithub-actions, which does not match the repository label and was silently dropped by Dependabot.Technical Details
Each bump is a cherry-pick of the original Dependabot commit, preserving authorship and the
Bump X from A to Bmessages for a clean linear history.All bumps touch only
uses:pins under.github/workflows/; no logic changes.Dependabot grouping added:
This groups every GitHub Actions ecosystem update (all semver levels) into one PR. To keep major bumps as separate PRs for individual review, add
update-types: ["minor", "patch"]under the group — majors then continue to open on their own.No linked issue: this is Dependabot-driven maintenance; the superseded PRs above are the traceability.