chore(deps): bump the github-actions-dependencies group across 1 directory with 10 updates

Bumps the github-actions-dependencies group with 10 updates in the / directory: --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-dependencies - dependency-name: hoverkraft-tech/ci-github-nodejs dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml dependency-version: 0.30.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml dependency-version: 0.30.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: actions/create-github-app-token dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: hoverkraft-tech/ci-github-common dependency-version: 0.30.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml dependency-version: 0.30.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml dependency-version: 0.30.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml dependency-version: 0.30.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>
2026-01-08 21:53:06 +08:00 · 2025-11-22 14:20:19 +00:00 · 2025-11-22 14:20:19 +00:00 · 175bf4a061
commit 175bf4a061
parent 9974256204
14 changed files with 248 additions and 275 deletions
--- a/.github/linters/.jscpd.json
+++ b/.github/linters/.jscpd.json
@ -1,3 +1,3 @@
 {
-  "ignore": ["**/dist/**"]
+  "ignore": ["**/dist/**", "**/node_modules/**", "**/coverage/**"]
 }
--- a/.github/workflows/__check-action.yml
+++ b/.github/workflows/__check-action.yml
@ -3,222 +3,193 @@ name: Internal - Tests for action
 on:
  workflow_call:

-permissions:
-  contents: read
+permissions: {}

 jobs:
-  test-action-with-services:
+  test-action:
    runs-on: ubuntu-latest
-    name: Test with services
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    name: ${{ matrix.name }} - ${{ matrix.assertion-name }}
+    permissions:
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: Given multiple services when filtering services
+            assertion-name: "Then only expected services run"
+            compose-file: ./test/docker-compose.yml
+            services: |
+              service-b
+              service-c
+            assertion: |
+              docker compose -f ./test/docker-compose.yml ps

-      - name: Act
-        uses: ./
-        with:
-          compose-file: "./test/docker-compose.yml"
-          services: |
-            service-b
-            service-c
+              docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1)
+              docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1)
+              (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true

-      - name: "Assert: only expected services are running"
-        run: |
-          docker compose -f ./test/docker-compose.yml ps
+          - name: Given compose file when applying down flags
+            assertion-name: "Then teardown honors down flags"
+            compose-file: ./test/docker-compose.yml
+            down-flags: "--volumes"
+            assertion: |
+              docker compose -f ./test/docker-compose.yml ps

-          docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1)
-          docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1)
-          (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true
+              docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 || (echo "Service service-a is not running" && exit 1)
+              (docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 && echo "Service service-b should not be running without profile" && exit 1) || true
+              (docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 && echo "Service service-c should not be running without profile" && exit 1) || true

-  test-action-with-down-flags:
-    runs-on: ubuntu-latest
-    name: Test compose action
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+          - name: Given compose profile when passing compose flags
+            assertion-name: "Then the requested profile is active"
+            compose-file: ./test/docker-compose.yml
+            compose-flags: "--profile profile-1"
+            down-flags: "--volumes"
+            assertion: |
+              docker compose -f ./test/docker-compose.yml -p profile-1 ps || (echo "Profile not used" && exit 1)

-      - name: Act
-        uses: ./
-        with:
-          compose-file: "./test/docker-compose.yml"
-          down-flags: "--volumes"
+          - name: Given image supplied via env when running action
+            assertion-name: "Then compose uses the provided env"
+            compose-file: ./test/docker-compose-with-env.yml
+            image-name: busybox
+            assertion: |
+              docker compose -f ./test/docker-compose-with-env.yml ps

-  test-action-with-compose-flags:
-    runs-on: ubuntu-latest
-    name: Test with compose flags
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+              docker compose -f ./test/docker-compose-with-env.yml ps | grep test-service-a-1 || (echo "Service service-a is not running" && exit 1)

-      - name: Act
-        uses: ./
-        with:
-          compose-file: "./test/docker-compose.yml"
-          compose-flags: "--profile profile-1"
-          down-flags: "--volumes"
+          - name: Given multiple compose files when selecting services
+            assertion-name: "Then only services from selection run"
+            compose-file: |
+              ./test/docker-compose.yml
+              ./test/docker-compose.ci.yml
+            services: |
+              service-b
+              service-d
+            assertion: |
+              docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps

-      - name: "Assert: profile is used"
-        run: |
-          docker compose -f ./test/docker-compose.yml -p profile-1 ps || (echo "Profile not used" && exit 1)
+              docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1)
+              docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-d-1 || (echo "Service service-d is not running" && exit 1)
+              (docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true
+              (docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-c-1 && echo "Unexpected service service-c is running" && exit 1) || true

-  test-action-with-env:
-    runs-on: ubuntu-latest
-    name: Test with env
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+          - name: Given compose file in subdirectory when setting cwd
+            assertion-name: "Then only expected services run"
+            compose-file: docker-compose.yml
+            cwd: ./test
+            services: |
+              service-b
+              service-c
+            assertion: |
+              docker compose -f ./test/docker-compose.yml ps

-      - name: Act
-        uses: ./
-        with:
-          compose-file: "./test/docker-compose-with-env.yml"
-        env:
-          IMAGE_NAME: busybox
+              docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1)
+              docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1)
+              (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true

-      - name: "Assert: env is used"
-        env:
-          IMAGE_NAME: busybox
-        run: |
-          docker compose -f ./test/docker-compose-with-env.yml ps
+          - name: Given absolute compose path when running action
+            assertion-name: "Then only expected services run"
+            compose-file: test/docker-compose.yml
+            use-absolute-path: true
+            services: |
+              service-b
+              service-c
+            assertion: |
+              docker compose -f ./test/docker-compose.yml ps

-          docker compose -f ./test/docker-compose-with-env.yml ps | grep test-service-a-1 || (echo "Service service-a is not running" && exit 1)
+              docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1)
+              docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1)
+              (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true

-  test-action-with-multiple-compose-files:
-    runs-on: ubuntu-latest
-    name: Test with multiple compose files
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+          - name: Given compose with multiple services when using abort-on-container-exit
+            assertion-name: "Then execution stops on container exit"
+            compose-file: test/docker-compose-web-mysql.yml
+            up-flags: "--build --abort-on-container-exit --exit-code-from=web"
+            assertion: |
+              WEB_EXIT_CODE=$(docker compose -f ./test/docker-compose-web-mysql.yml ps web --all --format json | jq ".ExitCode")
+              [ "$WEB_EXIT_CODE" == "0" ] || (echo "Web service did not exit successfully" && exit 1)

-      - name: Act
-        uses: ./
-        with:
-          compose-file: |
-            ./test/docker-compose.yml
-            ./test/docker-compose.ci.yml
-          services: |
-            service-b
-            service-d
+              MYSQL_STATE=$(docker compose -f ./test/docker-compose-web-mysql.yml ps mysql --all --format json | jq -r ".State")
+              if [ "$MYSQL_STATE" = "running" ]; then
+                echo "MySQL service is still running"
+                exit 1
+              fi

-      - name: "Assert: only expected services are running"
-        run: |
-          docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps
+          - name: Given failing dependency when attaching dependencies
+            assertion-name: "Then failing service exits with code 1"
+            compose-file: test/docker-compose-fail.yml
+            up-flags: "--attach-dependencies"
+            assertion: |
+              EXIT_CODE=$(docker compose -f ./test/docker-compose-fail.yml ps service-a --all --format json | jq ".ExitCode")
+              [ "$EXIT_CODE" == "1" ] || (echo "Service service-a did not exit with code 1" && exit 1)

-          docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1)
-          docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-d-1 || (echo "Service service-d is not running" && exit 1)
-          (docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true
-          (docker compose -f ./test/docker-compose.yml -f ./test/docker-compose.ci.yml ps | grep test-service-c-1 && echo "Unexpected service service-c is running" && exit 1) || true
+          - name: Given compose version mismatch when requesting explicit version
+            assertion-name: "Then docker compose reports the requested version"
+            compose-file: ./test/docker-compose.yml
+            compose-version: "2.29.0"
+            expected-compose-version: "2.29.0"
+            ensure-version-mismatch: true
+            assertion: |
+              CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short)
+              echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION"

-  test-action-with-cwd:
-    runs-on: ubuntu-latest
-    name: Test with cwd
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+              if [ "$CURRENT_DOCKER_COMPOSE_VERSION" != "$DOCKER_COMPOSE_VERSION" ]; then
+                echo "Docker compose version is not in $DOCKER_COMPOSE_VERSION version"
+                exit 1
+              fi

-      - name: Act
-        uses: ./
-        with:
-          compose-file: "docker-compose.yml"
-          cwd: "./test"
-          services: |
-            service-b
-            service-c
+          - name: Given compose version mismatch when requesting latest version
+            assertion-name: "Then docker compose reports the requested version"
+            compose-file: ./test/docker-compose.yml
+            compose-version: latest
+            fetch-latest-compose: true
+            ensure-version-mismatch: true
+            assertion: |
+              CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short)
+              echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION"

-      - name: "Assert: only expected services are running"
-        run: |
-          docker compose -f ./test/docker-compose.yml ps
+              if [ "$CURRENT_DOCKER_COMPOSE_VERSION" != "$DOCKER_COMPOSE_VERSION" ]; then
+                echo "Docker compose version is not in $DOCKER_COMPOSE_VERSION version"
+                exit 1
+              fi

-          docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1)
-          docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1)
-          (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true
+          - name: Given custom docker context when providing docker flags
+            assertion-name: "Then docker compose uses that context"
+            compose-file: ./test/docker-compose.yml
+            compose-version: latest
+            docker-flags: "--context test-context"
+            docker-context: test-context
+            assertion: |
+              CURRENT_CONTEXT=$(docker context show)
+              if [ "$CURRENT_CONTEXT" != "test-context" ]; then
+                echo "Docker context is '$CURRENT_CONTEXT' instead of 'test-context'"
+                exit 1
+              fi

-  test-action-with-absolute-path:
-    runs-on: ubuntu-latest
-    name: Test with absolute path
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+              docker compose -f ./test/docker-compose.yml ps

-      - name: Act
-        uses: ./
-        with:
-          compose-file: "${{ github.workspace }}/test/docker-compose.yml"
-          services: |
-            service-b
-            service-c
+              docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 || (echo "Service service-a is not running under custom context" && exit 1)
+              (docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 && echo "Service service-b should not be running without profile" && exit 1) || true

-      - name: "Assert: only expected services are running"
-        run: |
-          docker compose -f ./test/docker-compose.yml ps
-
-          docker compose -f ./test/docker-compose.yml ps | grep test-service-b-1 || (echo "Service service-b is not running" && exit 1)
-          docker compose -f ./test/docker-compose.yml ps | grep test-service-c-1 || (echo "Service service-c is not running" && exit 1)
-          (docker compose -f ./test/docker-compose.yml ps | grep test-service-a-1 && echo "Unexpected service service-a is running" && exit 1) || true
-
-  test-abort-on-container-exit:
-    runs-on: ubuntu-latest
-    name: Test with --abort-on-container-exit
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Act
-        uses: ./
-        with:
-          compose-file: "test/docker-compose-web-mysql.yml"
-          up-flags: "--build --abort-on-container-exit --exit-code-from=web"
-
-  test-attach-dependencies-failure:
-    runs-on: ubuntu-latest
-    name: Test with --attach-dependencies and service failure
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Act
-        uses: ./
-        with:
-          compose-file: "test/docker-compose-fail.yml"
-          up-flags: "--attach-dependencies"
-
-      - name: Assert
-        run: |
-          EXIT_CODE=$(docker compose -f ./test/docker-compose-fail.yml ps service-a --all --format json | jq ".ExitCode")
-          [ "$EXIT_CODE" == "1" ] || (echo "Service service-a did not exit with code 1" && exit 1)
-
-  test-action-with-compose-version:
-    runs-on: ubuntu-latest
-    name: Test with compose version
    env:
-      DOCKER_COMPOSE_VERSION: "2.29.0"
+      DOCKER_COMPOSE_VERSION: ${{ matrix.expected-compose-version || '' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: "Arrange: ensure original docker compose version is not the expected one"
-        run: |
-          CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short)
-          echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION"
-
-          if [ "$CURRENT_DOCKER_COMPOSE_VERSION" == "$DOCKER_COMPOSE_VERSION" ]; then
-            echo "Docker compose version is already in $DOCKER_COMPOSE_VERSION version"
-            exit 1
-          fi
-
-      - name: Act
-        uses: ./
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
-          compose-file: "./test/docker-compose.yml"
-          compose-version: "2.29.0"
+          persist-credentials: false

-      - name: "Assert: compose version is used"
-        run: |
-          CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short)
-          echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION"
+      - name: Set up Docker context
+        if: ${{ matrix.docker-context }}
+        uses: docker/setup-docker-action@efe9e3891a4f7307e689f2100b33a155b900a608 # v4.5.0
+        with:
+          context: ${{ matrix.docker-context }}

-          if [ "$CURRENT_DOCKER_COMPOSE_VERSION" != "$DOCKER_COMPOSE_VERSION" ]; then
-            echo "Docker compose version is not in $DOCKER_COMPOSE_VERSION version"
-            exit 1
-          fi
-
-  test-action-with-compose-version-latest:
-    runs-on: ubuntu-latest
-    name: Test with compose version latest
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Resolve absolute compose path
+        if: ${{ matrix.use-absolute-path }}
+        id: compose-path
+        run: echo "absolute=${GITHUB_WORKSPACE}/${{ matrix.compose-file }}" >> "$GITHUB_OUTPUT"

      - name: "Arrange: retrieve latest version of docker compose"
+        if: ${{ matrix.fetch-latest-compose }}
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          script: |
@ -230,6 +201,7 @@ jobs:
            core.exportVariable('DOCKER_COMPOSE_VERSION', dockerComposeVersion);

      - name: "Arrange: ensure original docker compose version is not the expected one"
+        if: ${{ matrix.ensure-version-mismatch }}
        run: |
          CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short)
          echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION"
@ -242,33 +214,19 @@ jobs:
      - name: Act
        uses: ./
        with:
-          compose-file: "./test/docker-compose.yml"
-          compose-version: "latest"
+          compose-file: ${{ matrix.use-absolute-path && steps.compose-path.outputs.absolute || matrix.compose-file }}
+          services: ${{ matrix.services || '' }}
+          down-flags: ${{ matrix.down-flags || '' }}
+          compose-flags: ${{ matrix.compose-flags || '' }}
+          compose-version: ${{ matrix.compose-version || '' }}
+          cwd: ${{ matrix.cwd || '' }}
+          up-flags: ${{ matrix.up-flags || '' }}
+          docker-flags: ${{ matrix.docker-flags || '' }}
+        env:
+          IMAGE_NAME: ${{ matrix.image-name || '' }}

-      - name: "Assert: compose version is used"
-        run: |
-          CURRENT_DOCKER_COMPOSE_VERSION=$(docker compose version --short)
-          echo "Current docker compose version: $CURRENT_DOCKER_COMPOSE_VERSION"
-
-          if [ "$CURRENT_DOCKER_COMPOSE_VERSION" != "$DOCKER_COMPOSE_VERSION" ]; then
-            echo "Docker compose version is not in $DOCKER_COMPOSE_VERSION version"
-            exit 1
-          fi
-
-  test-action-with-docker-context:
-    runs-on: ubuntu-latest
-    name: Test with docker context
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Set up Docker
-        uses: docker/setup-docker-action@efe9e3891a4f7307e689f2100b33a155b900a608 # v4.5.0
-        with:
-          context: test-context
-
-      - name: Act
-        uses: ./
-        with:
-          docker-flags: "--context test-context"
-          compose-file: "./test/docker-compose.yml"
-          compose-version: "latest"
+      - name: ${{ matrix.assertion-name }}
+        if: ${{ matrix.assertion }}
+        run: ${{ matrix.assertion }}
+        env:
+          IMAGE_NAME: ${{ matrix.image-name || '' }}
--- a/.github/workflows/__check-dist.yml
+++ b/.github/workflows/__check-dist.yml
@ -3,20 +3,25 @@ name: Internal - Checks for dist
 on:
  workflow_call:

-permissions:
-  contents: read
+permissions: {}

 jobs:
  check-dist:
    name: Check dist
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@0264395060bbde4ec3276b6dca84f0db828070f3 # 0.17.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          persist-credentials: false
+
+      - id: setup-node
+        uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@a9809af04394e66675b8644865be1ddcec02cdcd # 0.20.0

      - name: Build dist/ Directory
        id: package
-        run: npm run package
+        run: ${{ steps.setup-node.outputs.run-script-command }} package

      # This will fail the workflow if the PR wasn't created by Dependabot.
      - name: Compare Directories
@ -27,13 +32,3 @@ jobs:
            git diff --ignore-space-at-eol --text dist/
            exit 1
          fi
-
-      # If `dist/` was different than expected, and this was not a Dependabot
-      # PR, upload the expected version as a workflow artifact.
-      - if: ${{ failure() && steps.diff.outcome == 'failure' }}
-        name: Upload Artifact
-        id: upload
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
-        with:
-          name: dist
-          path: dist/
--- a/.github/workflows/__check-nodejs.yml
+++ b/.github/workflows/__check-nodejs.yml
@ -3,17 +3,16 @@ name: Internal - Checks for nodejs
 on:
  workflow_call:

-permissions:
-  contents: read
-  security-events: write
-  id-token: write
+permissions: {}

 jobs:
  test-nodejs:
-    uses: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml@0264395060bbde4ec3276b6dca84f0db828070f3 # 0.17.0
+    uses: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml@a9809af04394e66675b8644865be1ddcec02cdcd # 0.20.0
    permissions:
-      id-token: write
-      security-events: write
      contents: read
+      id-token: write
+      packages: read
+      pull-requests: write
+      security-events: write
    with:
      build: ""
--- a/.github/workflows/__shared-ci.yml
+++ b/.github/workflows/__shared-ci.yml
@ -3,17 +3,16 @@ name: Common Continuous Integration tasks
 on:
  workflow_call:

-permissions:
-  actions: read
-  contents: read
-  packages: read
-  security-events: write
-  statuses: write
-  id-token: write
+permissions: {}

 jobs:
  linter:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+      statuses: write
    with:
      linter-env: |
        FILTER_REGEX_EXCLUDE=dist/**/*
@ -28,14 +27,24 @@ jobs:
    name: Test nodejs
    needs: linter
    uses: ./.github/workflows/__check-nodejs.yml
+    permissions:
+      contents: read
+      id-token: write
+      packages: read
+      pull-requests: write
+      security-events: write
    secrets: inherit

  check-dist:
    name: Test nodejs
    needs: linter
    uses: ./.github/workflows/__check-dist.yml
+    permissions:
+      contents: read

  check-action:
    name: Test action
    needs: [check-nodejs, check-dist]
    uses: ./.github/workflows/__check-action.yml
+    permissions:
+      contents: read
--- a/.github/workflows/greetings.yml
+++ b/.github/workflows/greetings.yml
@ -6,11 +6,12 @@ on:
  pull_request_target:
    branches: [main]

-permissions:
-  contents: read
-  issues: write
-  pull-requests: write
+permissions: {}

 jobs:
  greetings:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
--- a/.github/workflows/main-ci.yml
+++ b/.github/workflows/main-ci.yml
@ -22,10 +22,11 @@ jobs:
    permissions:
      actions: read
      contents: read
+      id-token: write
      packages: read
+      pull-requests: write
      security-events: write
      statuses: write
-      id-token: write
    secrets: inherit

  release:
@ -37,7 +38,9 @@ jobs:
    outputs:
      artifact-id: ${{ steps.upload-artifact.outputs.artifact-id }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          persist-credentials: false

      - name: 📖 Generate documentation
        id: generate-documentation
@ -45,13 +48,13 @@ jobs:
        with:
          source: action.yml

-      - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+      - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
        id: generate-token
        with:
          app-id: ${{ vars.CI_BOT_APP_ID }}
          private-key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }}

-      - uses: hoverkraft-tech/ci-github-common/actions/create-and-merge-pull-request@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0
+      - uses: hoverkraft-tech/ci-github-common/actions/create-and-merge-pull-request@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          branch: docs/actions-workflows-documentation-update
--- a/.github/workflows/need-fix-to-issue.yml
+++ b/.github/workflows/need-fix-to-issue.yml
@ -15,13 +15,14 @@ on:
          before it; to go back further, enter an earlier SHA here"
        required: false

-permissions:
-  contents: read
-  issues: write
+permissions: {}

 jobs:
  main:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1
+    permissions:
+      contents: read
+      issues: write
    with:
      manual-commit-ref: ${{ inputs.manual-commit-ref }}
      manual-base-ref: ${{ inputs.manual-base-ref }}
--- a/.github/workflows/pull-request-ci.yml
+++ b/.github/workflows/pull-request-ci.yml
@ -5,13 +5,7 @@ on:
  pull_request:
    branches: [main]

-permissions:
-  actions: read
-  contents: read
-  packages: read
-  statuses: write
-  security-events: write
-  id-token: write
+permissions: {}

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
@ -20,4 +14,12 @@ concurrency:
 jobs:
  ci:
    uses: ./.github/workflows/__shared-ci.yml
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+      packages: read
+      pull-requests: write
+      security-events: write
+      statuses: write
    secrets: inherit
--- a/.github/workflows/release-new-action-version.yml
+++ b/.github/workflows/release-new-action-version.yml
@ -13,15 +13,16 @@ on:
 env:
  TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}

-permissions:
-  contents: write
+permissions: {}

 jobs:
  update_tag:
    name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
    environment:
      name: releaseNewActionVersion
-    runs-on: ubuntu-latest
    steps:
      - name: Update the ${{ env.TAG_NAME }} tag
        uses: actions/publish-action@23f4c6f12633a2da8f44938b71fde9afec138fb4 # v0.4.0
--- a/.github/workflows/semantic-pull-request.yml
+++ b/.github/workflows/semantic-pull-request.yml
@ -7,10 +7,11 @@ on:
      - edited
      - synchronize

-permissions:
-  contents: write
-  pull-requests: write
+permissions: {}

 jobs:
  main:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1
+    permissions:
+      contents: write
+      pull-requests: write
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -4,10 +4,11 @@ on:
  schedule:
    - cron: "30 1 * * *"

-permissions:
-  issues: write
-  pull-requests: write
+permissions: {}

 jobs:
  main:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml@c314229c3ca6914f7023ffca7afc26753ab99b41 # 0.30.1
+    permissions:
+      issues: write
+      pull-requests: write
--- a/.gitignore
+++ b/.gitignore
@ -12,6 +12,7 @@ lerna-debug.log*

 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+eslint-report.json

 # Runtime data
 pids
--- a/package.json
+++ b/package.json
@ -42,7 +42,8 @@
    "package:post": "ncc build src/post.ts -o dist/post && mv dist/post/index.js dist/post.js && rm -rf dist/post",
    "package:watch": "npm run package -- --watch",
    "lint": "eslint \"src/**/*.{ts,tsx}\"",
-    "all": "npm run format && npm run lint && npm run test && npm run package",
+    "lint:ci": "npm run lint -- --output-file eslint-report.json --format json",
+    "all": "npm run format && npm run lint:ci && npm run test:ci && npm run package",
    "build": "tsc --noEmit",
    "format": "prettier --cache --write .",
    "jest": "jest --detectOpenHandles --forceExit",