Skip to content

Bump the github-actions group with 2 updates#366

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-b8adb9d1c1
Closed

Bump the github-actions group with 2 updates#366
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-b8adb9d1c1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 2 updates: PSModule/Build-PSModule and PSModule/Publish-PSModule.

Updates PSModule/Build-PSModule from 4.0.15 to 5.0.0

Release notes

Sourced from PSModule/Build-PSModule's releases.

v5.0.0

🌟 [Major]: Module manifests now stamped with the resolved version at build time (#136)

Module manifests are now stamped with the resolved version and prerelease tag at build time. The resulting artifact contains its final ModuleVersion (and PrivateData.PSData.Prerelease) before tests run, so the bytes that are tested are the bytes that ship.

Inputs on Build-PSModule

Build-PSModule now exposes new module-centric inputs:

Input Required Description
Name No Name of the module to build. Defaults to the repository name.
Version Yes Module version (Major.Minor.Patch) to stamp into the manifest. Build fails with a clear error when omitted or malformed.
Prerelease No Prerelease tag (for example mybranch001) to stamp into PrivateData.PSData.Prerelease. When empty, no prerelease tag is written.
OutputFolder No Path (relative to WorkingDirectory) where the built module is placed. Defaults to outputs/module.

Typical usage downstream of PSModule/Resolve-PSModuleVersion:

- name: Build module
  uses: PSModule/Build-PSModule@v5
  with:
    Version: ${{ steps.resolve.outputs.Version }}
    Prerelease: ${{ steps.resolve.outputs.Prerelease }}

Breaking changes

  • Version is now required. Callers that previously omitted it (relying on the 999.0.0 placeholder) must now pass an explicit version in Major.Minor.Patch format. Builds fail immediately with a clear error when Version is missing or malformed.

Technical details

  • action.yml: adds OutputFolder (default outputs/module), Version (required: true), and Prerelease inputs; Name remains optional and still defaults to the repository name.
  • src/main.ps1: reads OutputFolder, Version, and Prerelease from env; throws immediately when Version is missing or not in Major.Minor.Patch format.
  • src/helpers/Build-PSModule.ps1: ModuleVersion parameter is now [Parameter(Mandatory)].
  • src/helpers/Build/Build-PSModuleManifest.ps1: ModuleVersion is [Parameter(Mandatory)]; the 999.0.0 fallback is removed — the version is assigned directly.

Related PRs:

Commits
  • 672aaa7 🚀 [Feature]: Module manifests now stamped with the resolved version at build ...
  • d97391a Bump super-linter/super-linter from 8.5.0 to 8.6.0 (#133)
  • See full diff in compare view

Updates PSModule/Publish-PSModule from 2.2.4 to 3.0.0

Release notes

Sourced from PSModule/Publish-PSModule's releases.

v3.0.0

🌟 [Major]: Version calculation removed — artifact must be pre-stamped before publish (#71)

Publish-PSModule no longer calculates or mutates the module version. The artifact passed in must already contain the final ModuleVersion (and Prerelease tag, if any) stamped by the upstream build. Published GitHub Releases now include a downloadable zip of the exact module folder that was tested and pushed to the Gallery.

Breaking Changes

Version-calculation inputs have been removed. Callers must supply a pre-stamped artifact:

Removed inputs:

  • AutoPatching
  • IncrementalPrerelease
  • DatePrereleaseFormat
  • VersionPrefix
  • MajorLabels, MinorLabels, PatchLabels, IgnoreLabels
  • ReleaseType

Migration: Consumers on PSModule/Process-PSModule get this for free — the workflow resolves the version in the Plan job and stamps it during Build. Direct callers outside of Process-PSModule must use Resolve-PSModuleVersion to compute the version and Build-PSModule v5+ to stamp it before invoking this action.

New: Module zip uploaded to GitHub Release

After creating a GitHub Release, the module folder is zipped (<Name>-<Version>.zip) and uploaded as a release asset. The zip preserves the <Name>/ directory structure so it can be extracted directly into a PowerShell module path.

Changed: Cleanup only runs after stable releases

The cleanup step (which removes old prerelease tags/releases) now only executes when the publish was a stable release. Previously it could inadvertently delete the just-published prerelease. Cleanup also filters on isPrerelease to avoid accidentally deleting stable releases whose tag happens to match the derived prerelease name.

Technical Details

  • Deleted src/init.ps1 (the old version-calculation script).
  • src/publish.ps1 reads ModuleVersion and Prerelease directly from the downloaded manifest via Import-PowerShellDataFile, validates 3-part format, then publishes untouched via Publish-PSResource.
  • Test-ModuleManifest is called as advisory validation (non-terminating) since the built artifact may reference RequiredModules not installed on the runner. Structural validation is enforced by explicit regex guards on ModuleVersion and Prerelease.
  • src/cleanup.ps1 derives the prerelease name from the PR head ref, filters on isPrerelease, and explicitly excludes the just-published release tag from deletion.
  • action.yml cleanup step gated on env.PSMODULE_PUBLISH_PSMODULE_CONTEXT_IsPrerelease != 'true'.
  • GITHUB_ENV writes use utf8NoBOM encoding to prevent BOM corruption.
  • Zip upload and temp file cleanup wrapped in try/finally for reliable cleanup on failure.
Commits
  • 03c0f8b 🌟 [Major]: Version calculation removed — artifact must be pre-stamped before ...
  • 72572ee Bump super-linter/super-linter from 8.5.0 to 8.6.0 (#69)
  • f27e4ca Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#70)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 2 updates: [PSModule/Build-PSModule](https://github.com/psmodule/build-psmodule) and [PSModule/Publish-PSModule](https://github.com/psmodule/publish-psmodule).


Updates `PSModule/Build-PSModule` from 4.0.15 to 5.0.0
- [Release notes](https://github.com/psmodule/build-psmodule/releases)
- [Commits](PSModule/Build-PSModule@3b368fe...672aaa7)

Updates `PSModule/Publish-PSModule` from 2.2.4 to 3.0.0
- [Release notes](https://github.com/psmodule/publish-psmodule/releases)
- [Commits](PSModule/Publish-PSModule@8917aed...03c0f8b)

---
updated-dependencies:
- dependency-name: PSModule/Build-PSModule
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: PSModule/Publish-PSModule
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code Major labels Jul 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 8, 2026 11:15
@dependabot dependabot Bot added the github_actions Pull requests that update GitHub Actions code label Jul 8, 2026
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
MARKDOWN Pass ✅
NATURAL_LANGUAGE Pass ✅
POWERSHELL Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@dependabot @github

dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/github_actions/github-actions-b8adb9d1c1 branch July 8, 2026 11:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code Major

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant