🩹 [Patch]: Improve security, update dependencies, and reorganize source files (#19)

This patch modernizes the repository's CI/CD infrastructure by pinning
dependencies to specific commits, improving security posture, fixing
linter warnings, and aligning the source code structure with PSModule
organization standards.

- Fixes #18 

## Changed

### Workflow Security Improvements

- Pinned all GitHub Actions to commit SHAs with version comments for
reproducible builds
- Added `persist-credentials: false` to all checkout steps for improved
security
- Changed Release workflow trigger from `pull_request_target` to
`pull_request` for better fork handling
- Added path filters to Release workflow to only trigger on relevant
file changes (`action.yml`, `src/**`)

### Dependency Management

- Updated Dependabot schedule from `weekly` to `daily` with 7-day
cooldown for balanced update frequency
- Updated `actions/checkout` to `v6.0.2` (SHA:
`de0fac2e4500dabe0009e67214ff5f5447ce83dd`)
- Updated `super-linter/super-linter` to `v8.3.2` (SHA:
`d5b0a2ab116623730dd094f15ddc1b6b25bf7b99`)
- Updated `PSModule/GitHub-Script` to `v1.7.10` (SHA:
`0097f3bbe3f413f3b577b9bcc600727b0ca3201a`)

### Action Migration

- Renamed `Auto-Release.yml` workflow to `Release.yml`
- Migrated from `PSModule/Auto-Release@v1` to
`PSModule/Release-GHRepository@v2.0.1` (SHA:
`88c70461c8f16cc09682005bcf3b7fca4dd8dc1a`)

### Source Reorganization

- Moved source files from `scripts/` to `src/` folder for consistency
with other PSModule actions
- Updated `action.yml` to reference new source path

### Linter Configuration

- Removed `.jscpd.json` configuration file
- Disabled `VALIDATE_BIOME_FORMAT` and `VALIDATE_JSCPD` validators in
super-linter

### Code Quality Fixes

- Fixed `PSAvoidUsingWriteHost` warnings by replacing `Write-Host` with
`Write-Output` in `main.ps1`

### Action Improvements

- Added `Token` input with default value `${{ github.token }}` for
automatic authentication
- Passed `GITHUB_TOKEN` environment variable to the GitHub-Script action

Author: MariusStorhaug

.github/dependabot.yml

@@ -11,4 +11,6 @@ updates:
       - dependencies
       - github-actions
     schedule:
-      interval: weekly
+      interval: daily
+    cooldown:
+      default-days: 7

.github/linters/.jscpd.json

@@ -29,7 +29,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Action-Test
         uses: ./

.github/workflows/Action-Test.yml

@@ -19,14 +19,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Lint code base
-        uses: super-linter/super-linter@latest
+        uses: super-linter/super-linter@d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 # v8.3.2
         env:
           GITHUB_TOKEN: ${{ github.token }}
+          VALIDATE_BIOME_FORMAT: false
+          VALIDATE_JSCPD: false
           VALIDATE_JSON_PRETTIER: false
           VALIDATE_MARKDOWN_PRETTIER: false
           VALIDATE_YAML_PRETTIER: false

.github/workflows/Linter.yml

@@ -1,9 +1,9 @@
-name: Auto-Release
+name: Release
 
-run-name: "Auto-Release - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}"
+run-name: "Release - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}"
 
 on:
-  pull_request_target:
+  pull_request:
     branches:
       - main
     types:
@@ -12,6 +12,9 @@ on:
       - reopened
       - synchronize
       - labeled
+    paths:
+      - 'action.yml'
+      - 'src/**'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -22,13 +25,15 @@ permissions:
   pull-requests: write # Required to create comments on the PRs
 
 jobs:
-  Auto-Release:
+  Release:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
-      - name: Auto-Release
-        uses: PSModule/Auto-Release@v1
+      - name: Release
+        uses: PSModule/Release-GHRepository@88c70461c8f16cc09682005bcf3b7fca4dd8dc1a # v2.0.1
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/Auto-Release.yml .github/workflows/Release.yml.github/workflows/Auto-Release.yml renamed to .github/workflows/Release.yml

@@ -6,12 +6,19 @@ branding:
   icon: clipboard
   color: gray-dark
 
+inputs:
+  Token:
+    description: The GitHub token to use for authentication.
+    required: false
+    default: ${{ github.token }}
+
 runs:
   using: composite
   steps:
     - name: Debug
-      uses: PSModule/GitHub-Script@v1
+      uses: PSModule/GitHub-Script@0097f3bbe3f413f3b577b9bcc600727b0ca3201a # v1.7.10
       env:
+        GITHUB_TOKEN: ${{ inputs.Token }}
         CONTEXT_GITHUB: ${{ toJson(github) }}
         CONTEXT_ENV: ${{ toJson(env) }}
         # CONTEXT_VARS: ${{ toJson(vars) }}
@@ -28,4 +35,4 @@ runs:
         Name: Debug
         Script: |
           # Debug environment
-          ${{ github.action_path }}/scripts/main.ps1
+          ${{ github.action_path }}/src/main.ps1

action.yml

@@ -55,11 +55,11 @@ LogGroup 'Context: [INPUTS]' {
 }
 
 LogGroup 'Network Info' {
-    Write-Host "$(Get-NetIPConfiguration | Out-String)"
+    Write-Output "$(Get-NetIPConfiguration | Out-String)"
 }
 
 LogGroup 'Public IP Info' {
-    Write-Host "$(Get-PublicIP | Out-String)"
+    Write-Output "$(Get-PublicIP | Out-String)"
 }