Skip to content

Bump PSModule/Build-PSModule from 4.0.15 to 5.0.0#350

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/PSModule/Build-PSModule-5.0.0
Closed

Bump PSModule/Build-PSModule from 4.0.15 to 5.0.0#350
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/PSModule/Build-PSModule-5.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Copy link
Copy Markdown
Contributor

Bumps PSModule/Build-PSModule from 4.0.15 to 5.0.0.

Release notes

Sourced from PSModule/Build-PSModule's releases.

v5.0.0

🌟 [Major]: Module manifests now stamped with the resolved version at build time (#136)

Module manifests are now stamped with the resolved version and prerelease tag at build time. The resulting artifact contains its final ModuleVersion (and PrivateData.PSData.Prerelease) before tests run, so the bytes that are tested are the bytes that ship.

Inputs on Build-PSModule

Build-PSModule now exposes new module-centric inputs:

Input Required Description
Name No Name of the module to build. Defaults to the repository name.
Version Yes Module version (Major.Minor.Patch) to stamp into the manifest. Build fails with a clear error when omitted or malformed.
Prerelease No Prerelease tag (for example mybranch001) to stamp into PrivateData.PSData.Prerelease. When empty, no prerelease tag is written.
OutputFolder No Path (relative to WorkingDirectory) where the built module is placed. Defaults to outputs/module.

Typical usage downstream of PSModule/Resolve-PSModuleVersion:

- name: Build module
  uses: PSModule/Build-PSModule@v5
  with:
    Version: ${{ steps.resolve.outputs.Version }}
    Prerelease: ${{ steps.resolve.outputs.Prerelease }}

Breaking changes

  • Version is now required. Callers that previously omitted it (relying on the 999.0.0 placeholder) must now pass an explicit version in Major.Minor.Patch format. Builds fail immediately with a clear error when Version is missing or malformed.

Technical details

  • action.yml: adds OutputFolder (default outputs/module), Version (required: true), and Prerelease inputs; Name remains optional and still defaults to the repository name.
  • src/main.ps1: reads OutputFolder, Version, and Prerelease from env; throws immediately when Version is missing or not in Major.Minor.Patch format.
  • src/helpers/Build-PSModule.ps1: ModuleVersion parameter is now [Parameter(Mandatory)].
  • src/helpers/Build/Build-PSModuleManifest.ps1: ModuleVersion is [Parameter(Mandatory)]; the 999.0.0 fallback is removed — the version is assigned directly.

Related PRs:

Commits
  • 672aaa7 🚀 [Feature]: Module manifests now stamped with the resolved version at build ...
  • d97391a Bump super-linter/super-linter from 8.5.0 to 8.6.0 (#133)
  • See full diff in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file Major labels Jun 2, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 2, 2026 08:47
@dependabot @github

dependabot Bot commented on behalf of github Jun 2, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added Major dependencies Pull requests that update a dependency file labels Jun 2, 2026
@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
MARKDOWN Pass ✅
NATURAL_LANGUAGE Pass ✅
POWERSHELL Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

Marius Storhaug (MariusStorhaug) added a commit that referenced this pull request Jul 7, 2026
…#358)

Consolidates the currently-passing Dependabot GitHub Actions updates
into one change, so the pipeline moves to the latest action versions in
a single release instead of separate bumps. It also configures
Dependabot to group future GitHub Actions updates into one pull request,
so this consolidated form happens automatically from now on.

**Superseded Dependabot PRs:** #351, #353, #354, #355 — Dependabot
closes these automatically once this merges.

> ⚠️ **Build-PSModule v5.0.0 (#350) is intentionally excluded.** v5
makes `moduleVersion` a required input, which the current
`Build-Module.yml` does not provide, so it fails CI (6 checks on #350's
own PR too). Adopting it needs the "decide version before build" work in
#342 and should ship with/after that PR. #350 stays open to track it.

## Updated GitHub Actions

| Action | From | To | Bump |
| --- | --- | --- | --- |
| actions/checkout | v6.0.2 | v7.0.0 | Major |
| PSModule/Publish-PSModule | v2.2.4 | v3.0.0 | Major |
| super-linter/super-linter | v8.6.0 | v8.7.0 | Minor |
| super-linter/super-linter/slim | v8.6.0 | v8.7.0 | Minor |

This bundle includes two major action upgrades, so it is labelled
`Major` and cuts a major release of Process-PSModule on merge.

## Changed: Dependabot groups GitHub Actions updates

`.github/dependabot.yml` now groups all `github-actions` updates into a
single grouped pull request via a `groups` block. The `github_actions`
label is also corrected — it was `github-actions`, which does not match
the repository label and was silently dropped by Dependabot.

## Technical Details

- Each bump is a cherry-pick of the original Dependabot commit,
preserving authorship and the `Bump X from A to B` messages for a clean
linear history.
- All bumps touch only `uses:` pins under `.github/workflows/`; no logic
changes.
- Dependabot grouping added:

  ```yaml
  groups:
    github-actions:
      patterns:
        - "*"
  ```

This groups every GitHub Actions ecosystem update (all semver levels)
into one PR. To keep major bumps as separate PRs for individual review,
add `update-types: ["minor", "patch"]` under the group — majors then
continue to open on their own.
- No linked issue: this is Dependabot-driven maintenance; the superseded
PRs above are the traceability.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@MariusStorhaug

Copy link
Copy Markdown
Member

Dependabot (@dependabot) rebase

Bumps [PSModule/Build-PSModule](https://github.com/psmodule/build-psmodule) from 4.0.15 to 5.0.0.
- [Release notes](https://github.com/psmodule/build-psmodule/releases)
- [Commits](PSModule/Build-PSModule@3b368fe...672aaa7)

---
updated-dependencies:
- dependency-name: PSModule/Build-PSModule
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/PSModule/Build-PSModule-5.0.0 branch from 0981cd7 to a23e50b Compare July 7, 2026 22:13
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
MARKDOWN Pass ✅
NATURAL_LANGUAGE Pass ✅
POWERSHELL Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@dependabot @github

dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@MariusStorhaug Marius Storhaug (MariusStorhaug) deleted the dependabot/github_actions/PSModule/Build-PSModule-5.0.0 branch July 7, 2026 23:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file Major

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant