Bump redhat-plumbers-in-action/differential-shellcheck from 3 to 4

[dependabot]

Bumps redhat-plumbers-in-action/differential-shellcheck from 3 to 4.

Release notes

Sourced from redhat-plumbers-in-action/differential-shellcheck's releases.

v4.0.0

What's Changed

• Tag latest is no longer available. Use major tags instead (e.g. v4).

• Action can be triggered using the GitHub push event

  on:
    push:
  jobs:
  lint:
  runs-on: ubuntu-latest
  steps:
    - uses: actions/checkout@v3
      with:
        fetch-depth: 0
  
  uses: redhat-plumbers-in-action/differential-shellcheck@v4
  with:
  token: ${{ secrets.GITHUB_TOKEN }}

Action now performs full scans on the push event by default and on the manual trigger when requested

SARIF file is now exposed under output sarif for further use.

  - if: ${{ always() }}
    name: Upload artifact with defects in SARIF format
    uses: actions/upload-artifact@v3
    with:
      name: Differential ShellCheck SARIF
      path: ${{ steps.ShellCheck.outputs.sarif }}
      retention-days: 7

Removal of unused output - ENV.LIST_OF_SCRIPTS

Increased code coverage

Some minor bugfixes, ShellCheck fixes, and CI updates

Breaking

• Don't update the latest tag, to avoid breakage 🛑 (#156) @​jamacku

New

• Expose SARIF results as output for further use 📦 (#110) @​jamacku, @​kdudka
• Support full ShellCheck scans 🕵️ (#167) @​jamacku, @​siteshwar

... (truncated)

Changelog

Sourced from redhat-plumbers-in-action/differential-shellcheck's changelog.

Changelog

v4.0.0

• Tag latest is no longer available. Use major tags instead (e.g. v3 or v4).

• Action can be triggered using GitHub push event

  on:
    push:
  jobs:
  lint:
  runs-on: ubuntu-latest
  steps:
    - uses: actions/checkout@v3
      with:
        fetch-depth: 0
  
  uses: redhat-plumbers-in-action/differential-shellcheck@v4
  id: ShellCheck
  with:
  token: ${{ secrets.GITHUB_TOKEN }}

Note: When using --force action doesn't work properly when triggered on push events

Action now perform full scans on push event by default and on manual trigger when requested

Addition of new Summary page for full scans

SARIF file is now exposed under output sarif for further use.

  - if: ${{ always() }}
    name: Upload artifact with defects in SARIF format
    uses: actions/upload-artifact@v3
    with:
      name: Differential ShellCheck SARIF
      path: ${{ steps.ShellCheck.outputs.sarif }}
      retention-days: 7

Removal of unused output - ENV.LIST_OF_SCRIPTS

Increased code coverage

Some minor bugfixes, ShellCheck fixes, and CI updates

v3.3.0

• Container images now based on Fedora 37
• ShellCheck - 0.7.2 -> 0.8.0

... (truncated)

Commits

• d24099b v4.0.2
• 876cace doc: improve permission documentation
• bc41a85 build(deps): bump github/codeql-action from 2.1.38 to 2.1.39
• 6a0affe build(deps): bump github/super-linter from 4.10.0 to 4.10.1
• 801b57b build(deps): bump bobheadxi/deployments from 1.3.0 to 1.4.0
• 2d4eb49 test: add summary() test
• 23049a0 test: add full_scan_summary() test
• 66e783b test: add diff_scan_summary() test
• 0b06853 test: add get_number_of() test
• b570b65 test: extend show_versions.bats
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)