Merge branch 'main' into dependabot/npm_and_yarn/follow-redirects-1.15.6

hashicorp · May 3, 2024 · a62af0b · a62af0b
2 parents cb42512 + 107c072
commit a62af0b
Show file tree

Hide file tree

Showing 8 changed files with 90 additions and 70 deletions.
diff --git a/.copywrite.hcl b/.copywrite.hcl
@@ -0,0 +1,15 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+schema_version = 1
+
+project {
+    license          = "Apache-2.0"
+    copyright_holder = "HashiCorp, Inc."
+    copyright_year   = 2022
+
+    header_ignore = [
+        "dist/*",
+        "node_modules/",
+  ]
+}
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+version: 2
+
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  # Dependabot only updates HashiCorp GHAs, external GHAs are managed by internal tooling (tsccr)
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    allow:
+      - dependency-name: "hashicorp/*"
diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml
@@ -0,0 +1,24 @@
+---
+name: "HashiCorp: Compliance"
+
+on:
+  push:
+
+permissions:
+  contents: read
+
+jobs:
+  copywrite:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+
+      - uses: hashicorp/setup-copywrite@867a1a2a064a0626db322392806428f7dc59cb3e # v1.1.2
+
+      - run: copywrite headers --plan
+
+      - run: copywrite license --plan
diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
         with:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0

diff --git a/.release-it.json b/.release-it.json
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@hashicorp/github-actions-core",
-  "version": "0.4.1",
+  "version": "1.0.0",
   "description": "A library of functions shared between GitHub Actions.",
   "main": "./dist/index.js",
   "scripts": {
@@ -28,9 +28,9 @@
   },
   "devDependencies": {
     "@vercel/ncc": "^0.38.1",
-    "@types/node": "^20.11.16",
-    "@types/semver": "^7.5.3",
+    "@types/node": "^20.12.8",
+    "@types/semver": "^7.5.8",
     "prettier": "^3.2.5",
-    "typescript": "^5.3.3"
+    "typescript": "^5.4.5"
   }
 }
diff --git a/setup-binary.ts b/setup-binary.ts
@@ -41,7 +41,7 @@ async function fetchBinary(
   const isValidVersion = semver.validRange(version);
   if (!isValidVersion && version !== "latest") {
     throw new Error(
-      "Invalid version, only valid semver versions or 'latest' are allowed",
+      "Invalid version, only valid SemVer versions or 'latest' are allowed",
     );
   }