From 0531e6922f83cab0615ff033397b4d67b3bdfe63 Mon Sep 17 00:00:00 2001 From: CalvinWilkinson Date: Sun, 17 May 2026 10:16:46 +0100 Subject: [PATCH 01/10] Start work for #292 From dd704c5b3a2b990030d1fb8616e27a91362eb6a1 Mon Sep 17 00:00:00 2001 From: CalvinWilkinson Date: Sun, 17 May 2026 14:04:36 +0100 Subject: [PATCH 02/10] security: pin setup deno action to commit hash instead of tag --- actions/close-milestone/action.yml | 2 +- actions/get-version/action.yml | 2 +- actions/github-release-exists/action.yml | 2 +- actions/jsr-pkg-exists/action.yml | 2 +- actions/milestone-exists/action.yml | 2 +- actions/milestone-items-closed/action.yml | 2 +- actions/nuget-pkg-exists/action.yml | 2 +- actions/release-notes-exist/action.yml | 2 +- actions/rename-milestone/action.yml | 2 +- actions/send-bluesky-release-announcement/action.yml | 2 +- actions/send-x-release-announcement/action.yml | 2 +- actions/transpile-readme/action.yml | 2 +- actions/update-copyright/action.yml | 2 +- actions/validate-sdk-versions/action.yml | 2 +- actions/validate-tag/action.yml | 2 +- actions/validate-version/action.yml | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/actions/close-milestone/action.yml b/actions/close-milestone/action.yml index 6f1ba169..fc286d5b 100644 --- a/actions/close-milestone/action.yml +++ b/actions/close-milestone/action.yml @@ -17,7 +17,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/get-version/action.yml b/actions/get-version/action.yml index 2c6bccad..e1eab4c1 100644 --- a/actions/get-version/action.yml +++ b/actions/get-version/action.yml @@ -14,7 +14,7 @@ runs: uses: actions/checkout@v5 - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/github-release-exists/action.yml b/actions/github-release-exists/action.yml index fef17ad8..11aa7a4d 100644 --- a/actions/github-release-exists/action.yml +++ b/actions/github-release-exists/action.yml @@ -21,7 +21,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/jsr-pkg-exists/action.yml b/actions/jsr-pkg-exists/action.yml index 82a100ab..5d2bd085 100644 --- a/actions/jsr-pkg-exists/action.yml +++ b/actions/jsr-pkg-exists/action.yml @@ -18,7 +18,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/milestone-exists/action.yml b/actions/milestone-exists/action.yml index da488bc7..3a0a616c 100644 --- a/actions/milestone-exists/action.yml +++ b/actions/milestone-exists/action.yml @@ -21,7 +21,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/milestone-items-closed/action.yml b/actions/milestone-items-closed/action.yml index 8893ef36..9505de1c 100644 --- a/actions/milestone-items-closed/action.yml +++ b/actions/milestone-items-closed/action.yml @@ -21,7 +21,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/nuget-pkg-exists/action.yml b/actions/nuget-pkg-exists/action.yml index 4c9c7241..16a8c016 100644 --- a/actions/nuget-pkg-exists/action.yml +++ b/actions/nuget-pkg-exists/action.yml @@ -15,7 +15,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/release-notes-exist/action.yml b/actions/release-notes-exist/action.yml index 47f8ff68..9a433d99 100644 --- a/actions/release-notes-exist/action.yml +++ b/actions/release-notes-exist/action.yml @@ -12,7 +12,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/rename-milestone/action.yml b/actions/rename-milestone/action.yml index f90024cb..9d45b6fb 100644 --- a/actions/rename-milestone/action.yml +++ b/actions/rename-milestone/action.yml @@ -20,7 +20,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/send-bluesky-release-announcement/action.yml b/actions/send-bluesky-release-announcement/action.yml index 09fe7a0b..6340b3ce 100644 --- a/actions/send-bluesky-release-announcement/action.yml +++ b/actions/send-bluesky-release-announcement/action.yml @@ -57,7 +57,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/send-x-release-announcement/action.yml b/actions/send-x-release-announcement/action.yml index 381071b2..f778abb3 100644 --- a/actions/send-x-release-announcement/action.yml +++ b/actions/send-x-release-announcement/action.yml @@ -60,7 +60,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/transpile-readme/action.yml b/actions/transpile-readme/action.yml index 374897cf..d7fb1001 100644 --- a/actions/transpile-readme/action.yml +++ b/actions/transpile-readme/action.yml @@ -11,7 +11,7 @@ runs: uses: actions/checkout@v5 - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/update-copyright/action.yml b/actions/update-copyright/action.yml index 7022bb1d..4c6d9fb9 100644 --- a/actions/update-copyright/action.yml +++ b/actions/update-copyright/action.yml @@ -8,7 +8,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/validate-sdk-versions/action.yml b/actions/validate-sdk-versions/action.yml index a6117629..23d6ae55 100644 --- a/actions/validate-sdk-versions/action.yml +++ b/actions/validate-sdk-versions/action.yml @@ -14,7 +14,7 @@ runs: uses: actions/checkout@v5 - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/validate-tag/action.yml b/actions/validate-tag/action.yml index 7f10e424..b3fc142c 100644 --- a/actions/validate-tag/action.yml +++ b/actions/validate-tag/action.yml @@ -31,7 +31,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true diff --git a/actions/validate-version/action.yml b/actions/validate-version/action.yml index 11c5a76a..c3d21f26 100644 --- a/actions/validate-version/action.yml +++ b/actions/validate-version/action.yml @@ -17,7 +17,7 @@ runs: using: "composite" steps: - name: Setup Deno (v2.7.14) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: v2.7.14 cache: true From 75dcc6644676bbc9be107b0d76ec4a2f04ce9311 Mon Sep 17 00:00:00 2001 From: CalvinWilkinson Date: Sun, 17 May 2026 14:05:26 +0100 Subject: [PATCH 03/10] ci: pin setup deno action to commit hash --- .github/workflows/build-status-check.yml | 2 +- .github/workflows/dotnet-action-release.yml | 2 +- .github/workflows/dotnet-lib-release.yml | 4 ++-- .github/workflows/lint-status-check.yml | 2 +- .github/workflows/release.yml | 8 ++++---- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-status-check.yml b/.github/workflows/build-status-check.yml index f7b0b6ef..f94f79c5 100644 --- a/.github/workflows/build-status-check.yml +++ b/.github/workflows/build-status-check.yml @@ -24,7 +24,7 @@ jobs: ref: ${{ github.event.pull_request.head.ref }} - name: Set Up Deno (${{ vars.DENO_VERSION }}) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: ${{ vars.DENO_VERSION }} diff --git a/.github/workflows/dotnet-action-release.yml b/.github/workflows/dotnet-action-release.yml index a73890fd..10fe0764 100644 --- a/.github/workflows/dotnet-action-release.yml +++ b/.github/workflows/dotnet-action-release.yml @@ -90,7 +90,7 @@ jobs: uses: actions/checkout@v5 - name: Set Up Deno (${{ inputs.deno-version }}) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: ${{ inputs.deno-version }} cache: ${{ inputs.enable-deno-cache }} diff --git a/.github/workflows/dotnet-lib-release.yml b/.github/workflows/dotnet-lib-release.yml index 68cd6ff3..c26227d3 100644 --- a/.github/workflows/dotnet-lib-release.yml +++ b/.github/workflows/dotnet-lib-release.yml @@ -115,7 +115,7 @@ jobs: uses: actions/checkout@v5 - name: Set Up Deno (${{ inputs.deno-version }}) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: ${{ inputs.deno-version }} cache: ${{ inputs.enable-deno-cache }} @@ -286,7 +286,7 @@ jobs: uses: NuGet/setup-nuget@v2 - name: Set Up Deno (${{ inputs.deno-version }}) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: ${{ inputs.deno-version }} cache: ${{ inputs.enable-deno-cache }} diff --git a/.github/workflows/lint-status-check.yml b/.github/workflows/lint-status-check.yml index 761dc1aa..09796860 100644 --- a/.github/workflows/lint-status-check.yml +++ b/.github/workflows/lint-status-check.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@v5 - name: Set Up Deno (${{ vars.DENO_VERSION }}) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: ${{ vars.DENO_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1bff88d5..49bcba60 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -68,7 +68,7 @@ jobs: uses: actions/checkout@v5 - name: Set Up Deno (${{ vars.DENO_VERSION }}) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: ${{ vars.DENO_VERSION }} cache: true @@ -167,7 +167,7 @@ jobs: uses: actions/checkout@v5 - name: Set Up Deno (${{ vars.DENO_VERSION }}) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: ${{ vars.DENO_VERSION }} cache: true @@ -185,7 +185,7 @@ jobs: uses: actions/checkout@v5 - name: Set Up Deno (${{ vars.DENO_VERSION }}) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: ${{ vars.DENO_VERSION }} cache: true @@ -207,7 +207,7 @@ jobs: token: ${{ secrets.CICD_TOKEN }} - name: Set Up Deno (${{ vars.DENO_VERSION }}) - uses: denoland/setup-deno@v2 + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 with: deno-version: ${{ vars.DENO_VERSION }} cache: true From 8c40dbc999daf723bc245be6f5afec5f66d75447 Mon Sep 17 00:00:00 2001 From: CalvinWilkinson Date: Sun, 17 May 2026 14:34:54 +0100 Subject: [PATCH 04/10] chore: improve script file pathing for powershell --- actions/close-milestone/action.yml | 2 +- actions/get-version/action.yml | 2 +- actions/github-release-exists/action.yml | 2 +- actions/jsr-pkg-exists/action.yml | 2 +- actions/milestone-exists/action.yml | 2 +- actions/milestone-items-closed/action.yml | 2 +- actions/nuget-pkg-exists/action.yml | 2 +- actions/release-notes-exist/action.yml | 2 +- actions/rename-milestone/action.yml | 2 +- actions/send-bluesky-release-announcement/action.yml | 2 +- actions/send-x-release-announcement/action.yml | 2 +- actions/transpile-readme/action.yml | 2 +- actions/update-copyright/action.yml | 2 +- actions/validate-sdk-versions/action.yml | 2 +- actions/validate-tag/action.yml | 2 +- actions/validate-version/action.yml | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/actions/close-milestone/action.yml b/actions/close-milestone/action.yml index fc286d5b..09f6d25a 100644 --- a/actions/close-milestone/action.yml +++ b/actions/close-milestone/action.yml @@ -31,6 +31,6 @@ runs: GITHUB_TOKEN: "${{ inputs.github-token }}" DENO_AUTH_TOKENS: "${{ inputs.github-token }}@raw.githubusercontent.com" run: | - $scriptFilePath = "${{ github.action_path }}/close-milestone.ts"; + $scriptFilePath = "$env:ACTION_PATH/close-milestone.ts"; deno run -ERN $scriptFilePath; diff --git a/actions/get-version/action.yml b/actions/get-version/action.yml index e1eab4c1..e5b68d3f 100644 --- a/actions/get-version/action.yml +++ b/actions/get-version/action.yml @@ -26,7 +26,7 @@ runs: VERSION_FILE_PATH: "${{ inputs.version-file-path }}" JSON_PROP_PATH: "${{ inputs.json-prop-path }}" run: | - $scriptFilePath = "${{ github.action_path }}/get-version.ts"; + $scriptFilePath = "$env:ACTION_PATH/get-version.ts"; deno run -ERW $scriptFilePath; outputs: diff --git a/actions/github-release-exists/action.yml b/actions/github-release-exists/action.yml index 11aa7a4d..0a71fa75 100644 --- a/actions/github-release-exists/action.yml +++ b/actions/github-release-exists/action.yml @@ -36,7 +36,7 @@ runs: FAIL_IF_EXISTS: "${{ inputs.fail-if-exists }}" GITHUB_TOKEN: "${{ inputs.github-token }}" run: | - $scriptFilePath = "${{ github.action_path }}/github-release-exists.ts"; + $scriptFilePath = "$env:ACTION_PATH/github-release-exists.ts"; deno run -ERWN $scriptFilePath; outputs: diff --git a/actions/jsr-pkg-exists/action.yml b/actions/jsr-pkg-exists/action.yml index 5d2bd085..574ce804 100644 --- a/actions/jsr-pkg-exists/action.yml +++ b/actions/jsr-pkg-exists/action.yml @@ -32,7 +32,7 @@ runs: VERSION: "${{ inputs.version }}" FAIL_IF_EXISTS: "${{ inputs.fail-if-exists }}" run: | - $scriptFilePath = "${{ github.action_path }}/jsr-pkg-exists.ts"; + $scriptFilePath = "$env:ACTION_PATH/jsr-pkg-exists.ts"; deno run -ERWN $scriptFilePath; outputs: diff --git a/actions/milestone-exists/action.yml b/actions/milestone-exists/action.yml index 3a0a616c..a57bd5d8 100644 --- a/actions/milestone-exists/action.yml +++ b/actions/milestone-exists/action.yml @@ -36,7 +36,7 @@ runs: FAIL_IF_DOES_NOT_EXIST: "${{ inputs.fail-if-does-not-exist }}" GITHUB_TOKEN: "${{ inputs.github-token }}" run: | - $scriptFilePath = "${{ github.action_path }}/milestone-exists.ts"; + $scriptFilePath = "$env:ACTION_PATH/milestone-exists.ts"; deno run -ERWN $scriptFilePath; outputs: diff --git a/actions/milestone-items-closed/action.yml b/actions/milestone-items-closed/action.yml index 9505de1c..d5c0c781 100644 --- a/actions/milestone-items-closed/action.yml +++ b/actions/milestone-items-closed/action.yml @@ -36,7 +36,7 @@ runs: FAIL_IF_ALL_ITEMS_NOT_CLOSED: "${{ inputs.fail-if-all-items-not-closed }}" GITHUB_TOKEN: "${{ inputs.github-token }}" run: | - $scriptFilePath = "${{ github.action_path }}/milestone-items-closed.ts"; + $scriptFilePath = "$env:ACTION_PATH/milestone-items-closed.ts"; deno run -ERWN $scriptFilePath; outputs: diff --git a/actions/nuget-pkg-exists/action.yml b/actions/nuget-pkg-exists/action.yml index 16a8c016..6edb12af 100644 --- a/actions/nuget-pkg-exists/action.yml +++ b/actions/nuget-pkg-exists/action.yml @@ -28,7 +28,7 @@ runs: NUGET_PKG_VERSION: "${{ inputs.nuget-pkg-version }}" FAIL_IF_EXISTS: "${{ inputs.fail-if-exists }}" run: | - $scriptFilePath = "${{ github.action_path }}/nuget-pkg-exists.ts"; + $scriptFilePath = "$env:ACTION_PATH/nuget-pkg-exists.ts"; deno run -ERWN $scriptFilePath; outputs: diff --git a/actions/release-notes-exist/action.yml b/actions/release-notes-exist/action.yml index 9a433d99..69cbc8f0 100644 --- a/actions/release-notes-exist/action.yml +++ b/actions/release-notes-exist/action.yml @@ -25,7 +25,7 @@ runs: FAIL_IF_DOES_NOT_EXIST: "${{ inputs.fail-if-does-not-exist }}" GITHUB_TOKEN: "${{ inputs.github-token }}" run: | - $scriptFilePath = "${{ github.action_path }}/release-notes-exist.ts"; + $scriptFilePath = "$env:ACTION_PATH/release-notes-exist.ts"; deno run -ERWN $scriptFilePath; outputs: diff --git a/actions/rename-milestone/action.yml b/actions/rename-milestone/action.yml index 9d45b6fb..39778e13 100644 --- a/actions/rename-milestone/action.yml +++ b/actions/rename-milestone/action.yml @@ -35,6 +35,6 @@ runs: GITHUB_TOKEN: "${{ inputs.github-token }}" DENO_AUTH_TOKENS: "${{ inputs.github-token }}@raw.githubusercontent.com" run: | - $scriptFilePath = "${{ github.action_path }}/rename-milestone.ts"; + $scriptFilePath = "$env:ACTION_PATH/rename-milestone.ts"; deno run -ERN $scriptFilePath; diff --git a/actions/send-bluesky-release-announcement/action.yml b/actions/send-bluesky-release-announcement/action.yml index 6340b3ce..1ec4f826 100644 --- a/actions/send-bluesky-release-announcement/action.yml +++ b/actions/send-bluesky-release-announcement/action.yml @@ -80,6 +80,6 @@ runs: IDENTIFIER: "${{ inputs.identifier }}" PASSWORD: "${{ inputs.password }}" run: | - $scriptFilePath = "${{ github.action_path }}/send-bluesky-release-announcement.ts"; + $scriptFilePath = "$env:ACTION_PATH/send-bluesky-release-announcement.ts"; deno run -ERN $scriptFilePath; diff --git a/actions/send-x-release-announcement/action.yml b/actions/send-x-release-announcement/action.yml index f778abb3..8547be8f 100644 --- a/actions/send-x-release-announcement/action.yml +++ b/actions/send-x-release-announcement/action.yml @@ -84,6 +84,6 @@ runs: CONSUMER_API_KEY: "${{ inputs.consumer-api-key }}" CONSUMER_API_SECRET: "${{ inputs.consumer-api-secret }}" run: | - $scriptFilePath = "${{ github.action_path }}/send-x-release-announcement.ts"; + $scriptFilePath = "$env:ACTION_PATH/send-x-release-announcement.ts"; deno run -ERN $scriptFilePath; diff --git a/actions/transpile-readme/action.yml b/actions/transpile-readme/action.yml index d7fb1001..25c55bbf 100644 --- a/actions/transpile-readme/action.yml +++ b/actions/transpile-readme/action.yml @@ -22,6 +22,6 @@ runs: BASE_DIR_PATH: "${{ inputs.base-dir-path }}" JSON_PROP_PATH: "${{ inputs.json-prop-path }}" run: | - $scriptFilePath = "${{ github.action_path }}/transpile-readme.ts"; + $scriptFilePath = "$env:ACTION_PATH/transpile-readme.ts"; deno run -ERW $scriptFilePath; diff --git a/actions/update-copyright/action.yml b/actions/update-copyright/action.yml index 4c6d9fb9..c41dacc5 100644 --- a/actions/update-copyright/action.yml +++ b/actions/update-copyright/action.yml @@ -18,6 +18,6 @@ runs: env: CS_PROJ_FILE_NAME: "${{ inputs.cs-proj-file-name }}" run: | - $scriptFilePath = "${{ github.action_path }}/update-copyright.ts"; + $scriptFilePath = "$env:ACTION_PATH/update-copyright.ts"; deno run -ERW $scriptFilePath; diff --git a/actions/validate-sdk-versions/action.yml b/actions/validate-sdk-versions/action.yml index 23d6ae55..76deeb47 100644 --- a/actions/validate-sdk-versions/action.yml +++ b/actions/validate-sdk-versions/action.yml @@ -26,6 +26,6 @@ runs: BASE_SEARCH_DIR_PATH: "${{ inputs.base-search-dir-path }}" NET_SDK_VERSION: "${{ inputs.net-sdk-version }}" run: | - $scriptFilePath = "${{ github.action_path }}/validate-sdk-versions.ts"; + $scriptFilePath = "$env:ACTION_PATH/validate-sdk-versions.ts"; deno run -ER $scriptFilePath; diff --git a/actions/validate-tag/action.yml b/actions/validate-tag/action.yml index b3fc142c..50f33d15 100644 --- a/actions/validate-tag/action.yml +++ b/actions/validate-tag/action.yml @@ -45,7 +45,7 @@ runs: RELEASE_TYPE: "${{ inputs.release-type }}" GITHUB_TOKEN: "${{ inputs.github-token }}" run: | - $scriptFilePath = "${{ github.action_path }}/validate-tag.ts"; + $scriptFilePath = "$env:ACTION_PATH/validate-tag.ts"; deno run -ERWN $scriptFilePath; outputs: diff --git a/actions/validate-version/action.yml b/actions/validate-version/action.yml index c3d21f26..1053333c 100644 --- a/actions/validate-version/action.yml +++ b/actions/validate-version/action.yml @@ -29,6 +29,6 @@ runs: STRIP_V_PREFIX: "${{ inputs.strip-v-prefix }}" RELEASE_TYPE: "${{ inputs.release-type }}" run: | - $scriptFilePath = "${{ github.action_path }}/validate-version.ts"; + $scriptFilePath = "$env:ACTION_PATH/validate-version.ts"; deno run -E $scriptFilePath; From bac7717b90c461b7e384cdfb5b1d36052dc95413 Mon Sep 17 00:00:00 2001 From: CalvinWilkinson Date: Sun, 17 May 2026 14:37:25 +0100 Subject: [PATCH 05/10] feat: create action to get version from deno config file --- actions/get-deno-config-version/action.yml | 57 +++++++ .../get-deno-config-version.ts | 148 ++++++++++++++++++ 2 files changed, 205 insertions(+) create mode 100644 actions/get-deno-config-version/action.yml create mode 100644 actions/get-deno-config-version/get-deno-config-version.ts diff --git a/actions/get-deno-config-version/action.yml b/actions/get-deno-config-version/action.yml new file mode 100644 index 00000000..0dc517ac --- /dev/null +++ b/actions/get-deno-config-version/action.yml @@ -0,0 +1,57 @@ +name: "Get Deno Config Version" +description: "Gets the Deno configuration version for a GitHub repository" +inputs: + config-file-path: + description: | + The path to the Deno configuration file (e.g., deno.json or deno.jsonc) relative to the repository root. + + If a file path is provided: + The action will attempt to read the Deno version from that file. The action + will fail if the file is not found when the 'fail-if-config-not-found' input is set to 'true'. + + If a file path is not provided: + The action will attempt to find a Deno configuration file in the repository by looking for + files named "deno.json" or "deno.jsonc" in the repository root and then recursively in subdirectories. The first + file found will be used to determine the Deno version. The action will fail if the file is not + found when the 'fail-if-config-not-found' input is set to 'true'. + + If a found configuration file does not specify a 'version' property, the action will fail. + required: false + trim-version-prefix: + description: | + Whether to trim the 'v' prefix from the version set to the action output. + + Default: false + required: false + default: "false" + fail-if-config-not-found: + description: | + Whether the action should fail if the Deno configuration file is not found. + + Default: true + required: false + default: "true" +outputs: + deno-config-version: + description: "The version of Deno specified in the configuration file." + value: ${{ steps.get-deno-config-version.outputs.deno-config-version }} +runs: + using: "composite" + steps: + - name: Setup Deno (v2.7.14) + uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 + with: + deno-version: v2.7.14 + cache: true + + - name: Run Script + shell: pwsh + id: get-deno-config-version + env: + CONFIG_FILE_PATH: "${{ inputs.config-file-path }}" + TRIM_VERSION_PREFIX: "${{ inputs.trim-version-prefix }}" + FAIL_IF_CONFIG_NOT_FOUND: "${{ inputs.fail-if-config-not-found }}" + run: | + $scriptFilePath = "$env:ACTION_PATH/get-deno-config-version.ts"; + + deno run -ERWN $scriptFilePath; diff --git a/actions/get-deno-config-version/get-deno-config-version.ts b/actions/get-deno-config-version/get-deno-config-version.ts new file mode 100644 index 00000000..79816535 --- /dev/null +++ b/actions/get-deno-config-version/get-deno-config-version.ts @@ -0,0 +1,148 @@ +import { existsSync, walkSync } from "jsr:@std/fs@1.0.23"; +import { extname, resolve } from "jsr:@std/path@1.1.4"; +import { getEnvVar } from "../../cicd/core/Utils.ts"; +import { printAsGitHubError, printAsGitHubWarning } from "../../cicd/core/github.ts"; + +const scriptName = new URL(import.meta.url).pathname.split("/").pop(); + +const configFilePath = getEnvVar("CONFIG_FILE_PATH", scriptName, false); +const trimVersionPrefix = getEnvVar("TRIM_VERSION_PREFIX", scriptName, false).toLowerCase() === "true"; +const failIfConfigNotFound = getEnvVar("FAIL_IF_CONFIG_NOT_FOUND", scriptName, false).toLowerCase() === "true"; +const githubOutputFilePath = getEnvVar("GITHUB_OUTPUT", scriptName, true); + +const setOutput = (version: string) => { + const sanitized = version.replace(/[\r\n]/g, ""); + Deno.writeTextFileSync(githubOutputFilePath, `\ndeno-config-version=${sanitized}\n`, { append: true }); +}; + +// If a config file path was not provided, search for the a compatible file. +if (configFilePath === "") { + // Search for the file in the repo + const configFilePaths = Array.from(walkSync(Deno.cwd(), { + includeFiles: true, + includeDirs: false, + maxDepth: 10, + skip: [/[/\\](node_modules|\.git|dist|build|out)[/\\]/], + match: [/[/\\]deno\.jsonc?$/], + })).filter((entry) => entry.isFile).map((e) => e.path); + + // If no files where found and the action is configured to fail if no config file is found, fail the action. + if (configFilePaths.length <= 0 && failIfConfigNotFound) { + printAsGitHubError("No config file found in the repository."); + + Deno.exit(1); + } + + if (configFilePaths.length >= 1) { + // Search for a config file that contains the 'version' property. + const configFilePathWithVersion = configFilePaths.find((entry) => { + try { + const fileContent = Deno.readTextFileSync(entry); + const config = JSON.parse(fileContent); + + return "version" in config; + } catch { + return false; + } + }); + + if (configFilePathWithVersion === undefined) { + printAsGitHubWarning("Config files found in the repository, but none of them contains a 'version' property."); + + Deno.exit(1); + } + + const fileContent = Deno.readTextFileSync(configFilePathWithVersion); + const config = JSON.parse(fileContent); + + if (!isValidConfig(config)) { + printAsGitHubError( + `The config file at path: ${configFilePathWithVersion} does not contain a valid 'version' property.`, + ); + + Deno.exit(1); + } + + let version = config.version as string; + + if (trimVersionPrefix) { + version = version.startsWith("v") ? version.substring(1) : version; + } + + setOutput(version); + } else { + printAsGitHubWarning( + `No config file found. Searched for 'deno.json' and 'deno.jsonc' files in the repository starting from path: ${Deno.cwd()}.`, + ); + setOutput(""); + } +} else { + // If the config file path is not in the workspace + const workspaceRoot = Deno.cwd(); + const resolvedPath = resolve(configFilePath); + + if (!resolve(configFilePath).startsWith(`${workspaceRoot}/`) && resolvedPath !== workspaceRoot) { + printAsGitHubError(`CONFIG_FILE_PATH must be within the workspace: ${configFilePath}`); + Deno.exit(1); + } + + // Check if the config file does not exist + if (!existsSync(configFilePath)) { + const message = `Config file not found at path: ${configFilePath}`; + + if (failIfConfigNotFound) { + printAsGitHubError(message); + + Deno.exit(1); + } + + printAsGitHubWarning(message); + setOutput(""); + + Deno.exit(0); + } + + // If the file extension is not '.json' or '.jsonc' + if (![".json", ".jsonc"].includes(extname(configFilePath))) { + printAsGitHubError("The config file must be a '.json' or '.jsonc' file."); + + Deno.exit(1); + } + + try { + const fileContent = Deno.readTextFileSync(configFilePath); + const config = JSON.parse(fileContent); + + if (!isValidConfig(config)) { + printAsGitHubError( + `The config file at path: ${configFilePath} does not contain a valid 'version' property.`, + ); + + Deno.exit(1); + } + + let version = config.version as string; + + if (trimVersionPrefix) { + version = version.startsWith("v") ? version.substring(1) : version; + } + + setOutput(version); + } catch (error) { + printAsGitHubError( + `Error reading or parsing the config file at path: ${configFilePath}. Error: ${error instanceof Error ? error.message : String(error) + }`, + ); + + Deno.exit(1); + } +} + +/** + * Type guard to check if the config is valid and contains a version property of type string. + * @param config The config to check. + * @returns Returns true if the config is valid, false otherwise. + */ +function isValidConfig(config: unknown): config is { version: string } { + return typeof config === "object" && config !== null && "version" in config && typeof config.version === "string"; +} From 7c13d8806afdf84504763d4cf1859adcf4deed6e Mon Sep 17 00:00:00 2001 From: CalvinWilkinson Date: Sun, 17 May 2026 14:41:16 +0100 Subject: [PATCH 06/10] security: pin check repo action to v6.0.2 commit hash --- .github/workflows/build-status-check.yml | 2 +- .github/workflows/dotnet-action-release.yml | 4 ++-- .github/workflows/dotnet-lib-release.yml | 6 +++--- .github/workflows/lint-status-check.yml | 2 +- .github/workflows/release.yml | 8 ++++---- actions/get-version/action.yml | 2 +- actions/transpile-readme/action.yml | 2 +- actions/validate-sdk-versions/action.yml | 2 +- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-status-check.yml b/.github/workflows/build-status-check.yml index f94f79c5..9b1ec83f 100644 --- a/.github/workflows/build-status-check.yml +++ b/.github/workflows/build-status-check.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} diff --git a/.github/workflows/dotnet-action-release.yml b/.github/workflows/dotnet-action-release.yml index 10fe0764..5719275d 100644 --- a/.github/workflows/dotnet-action-release.yml +++ b/.github/workflows/dotnet-action-release.yml @@ -87,7 +87,7 @@ jobs: runs-on: "${{ inputs.runs-on }}" steps: - name: Checkout Repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set Up Deno (${{ inputs.deno-version }}) uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 @@ -226,7 +226,7 @@ jobs: runs-on: "${{ inputs.runs-on }}" steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Create GitHub Release ${{ inputs.dry-run == true && '(Dry Run)' || '' }} if: inputs.dry-run == false diff --git a/.github/workflows/dotnet-lib-release.yml b/.github/workflows/dotnet-lib-release.yml index c26227d3..e4c70afc 100644 --- a/.github/workflows/dotnet-lib-release.yml +++ b/.github/workflows/dotnet-lib-release.yml @@ -112,7 +112,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set Up Deno (${{ inputs.deno-version }}) uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 @@ -248,7 +248,7 @@ jobs: steps: - name: Checkout Repository if: inputs.build-project == true - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set Up .NET SDK (${{ inputs.net-sdk-version }}) if: inputs.build-project == true @@ -275,7 +275,7 @@ jobs: ] steps: - name: Checkout Repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set Up .NET SDK uses: actions/setup-dotnet@v5 diff --git a/.github/workflows/lint-status-check.yml b/.github/workflows/lint-status-check.yml index 09796860..5d24de3c 100644 --- a/.github/workflows/lint-status-check.yml +++ b/.github/workflows/lint-status-check.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set Up Deno (${{ vars.DENO_VERSION }}) uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 49bcba60..3049d19c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -65,7 +65,7 @@ jobs: } - name: Checkout Repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set Up Deno (${{ vars.DENO_VERSION }}) uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 @@ -164,7 +164,7 @@ jobs: needs: [get_and_validate_version, run_prerelease_validation] steps: - name: Checkout Repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set Up Deno (${{ vars.DENO_VERSION }}) uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 @@ -182,7 +182,7 @@ jobs: needs: [get_and_validate_version, run_prerelease_validation] steps: - name: Checkout Repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set Up Deno (${{ vars.DENO_VERSION }}) uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 @@ -202,7 +202,7 @@ jobs: contents: write steps: - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: token: ${{ secrets.CICD_TOKEN }} diff --git a/actions/get-version/action.yml b/actions/get-version/action.yml index e5b68d3f..4eee3c21 100644 --- a/actions/get-version/action.yml +++ b/actions/get-version/action.yml @@ -11,7 +11,7 @@ runs: using: "composite" steps: - name: Checkout Repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Setup Deno (v2.7.14) uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 diff --git a/actions/transpile-readme/action.yml b/actions/transpile-readme/action.yml index 25c55bbf..37c7fc64 100644 --- a/actions/transpile-readme/action.yml +++ b/actions/transpile-readme/action.yml @@ -8,7 +8,7 @@ runs: using: "composite" steps: - name: Checkout Repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Setup Deno (v2.7.14) uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 diff --git a/actions/validate-sdk-versions/action.yml b/actions/validate-sdk-versions/action.yml index 76deeb47..1e4ee846 100644 --- a/actions/validate-sdk-versions/action.yml +++ b/actions/validate-sdk-versions/action.yml @@ -11,7 +11,7 @@ runs: using: "composite" steps: - name: Checkout Repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Setup Deno (v2.7.14) uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 From 41f66fd3dcb531ad80d471c1f78dc206d5328f29 Mon Sep 17 00:00:00 2001 From: CalvinWilkinson Date: Sun, 17 May 2026 14:45:11 +0100 Subject: [PATCH 07/10] security: pin setup dotnet and nuget github actions to commit hash --- .github/workflows/dotnet-lib-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dotnet-lib-release.yml b/.github/workflows/dotnet-lib-release.yml index e4c70afc..4cde8c40 100644 --- a/.github/workflows/dotnet-lib-release.yml +++ b/.github/workflows/dotnet-lib-release.yml @@ -252,7 +252,7 @@ jobs: - name: Set Up .NET SDK (${{ inputs.net-sdk-version }}) if: inputs.build-project == true - uses: actions/setup-dotnet@v5 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 #v5.2.0 with: dotnet-version: ${{ inputs.net-sdk-version }} @@ -278,12 +278,12 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set Up .NET SDK - uses: actions/setup-dotnet@v5 + uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 #v5.2.0 with: dotnet-version: "${{ inputs.net-sdk-version }}" - name: Set Up Nuget - uses: NuGet/setup-nuget@v2 + uses: NuGet/setup-nuget@fd55a6f3b34392fa83fde1454582407d8c714123 #v4.0.0 - name: Set Up Deno (${{ inputs.deno-version }}) uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 #v2.0.4 From 7f16e3494a45734bc514407fae64119e6501d987 Mon Sep 17 00:00:00 2001 From: CalvinWilkinson Date: Sun, 17 May 2026 14:45:25 +0100 Subject: [PATCH 08/10] deps: update deno lock --- deno.lock | 1 + 1 file changed, 1 insertion(+) diff --git a/deno.lock b/deno.lock index 93627495..f43d7fcc 100644 --- a/deno.lock +++ b/deno.lock @@ -32,6 +32,7 @@ "jsr:@std/internal@^1.0.9": "1.0.12", "jsr:@std/io@~0.224.9": "0.224.9", "jsr:@std/io@~0.225.3": "0.225.3", + "jsr:@std/path@*": "1.1.4", "jsr:@std/path@1.0.7": "1.0.7", "jsr:@std/path@1.1.2": "1.1.2", "jsr:@std/path@1.1.4": "1.1.4", From ae804b6b0720f77d0fd756032617ef8b372c8a15 Mon Sep 17 00:00:00 2001 From: CalvinWilkinson Date: Sun, 17 May 2026 14:45:49 +0100 Subject: [PATCH 09/10] ide: add launch config for get deno config version script --- .vscode/launch.json | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.vscode/launch.json b/.vscode/launch.json index 835c8169..d81d8927 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -575,6 +575,32 @@ "runtimeExecutable": "${userHome}/.deno/bin/deno" } }, + { // GET DENO CONFIG VERSION + "name": "Get Deno Config Version", + "request": "launch", + "type": "node", + "program": "${workspaceFolder}/actions/get-deno-config-version/get-deno-config-version.ts", + "cwd": "${workspaceFolder}", + "env": { + "CONFIG_FILE_PATH": "", + "TRIM_VERSION_PREFIX": "false", + "FAIL_IF_CONFIG_NOT_FOUND": "true", + "GITHUB_OUTPUT": "${workspaceFolder}/github_output.txt" + }, + "runtimeArgs": [ + "run", + "-ERWN", + "--inspect-wait", + ], + "attachSimplePort": 9229, + "windows": { + "runtimeExecutable": "${userHome}/.deno/bin/deno.exe" + }, + "linux": { + "runtimeExecutable": "${userHome}/.deno/bin/deno" + }, + "console": "integratedTerminal" + }, { // RELEASE NOTES GENERATOR TOOL "name": "Release Notes Generator Tool", "request": "launch", From 1ab5ddb21ef5b60e7cc2864056238a36cc21a2e3 Mon Sep 17 00:00:00 2001 From: CalvinWilkinson Date: Sun, 17 May 2026 14:45:58 +0100 Subject: [PATCH 10/10] chore: update playground --- cicd/playground.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cicd/playground.ts b/cicd/playground.ts index cdc4b5df..dd9d04cf 100644 --- a/cicd/playground.ts +++ b/cicd/playground.ts @@ -2,3 +2,7 @@ const _ownerName = (Deno.env.get("OWNER_NAME") ?? "").trim(); const _repoName = (Deno.env.get("REPO_NAME") ?? "").trim(); const _token = (Deno.env.get("ROOT_REPO_DIR_PATH") ?? "").trim(); const _rootRepoDirPath = (Deno.env.get("GITHUB_TOKEN") ?? "").trim(); + + + +debugger;