feat: bump github/super-linter from 5 to 6 (#145)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.dependabot/config.xml

@@ -1,6 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"

.github/dependabot.yml

@@ -0,0 +1,27 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/.github/"
+    schedule:
+      interval: "weekly"
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+    reviewers:
+      - "rlespinasse"
+    labels: [ ]
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    commit-message:
+      prefix: "feat: "
+    schedule:
+      interval: "weekly"
+    groups:
+      dependencies:
+        patterns:
+          - "rlespinasse/slugify-value"
+          - "rlespinasse/shortify-git-revision"
+    reviewers:
+      - "rlespinasse"
+    labels: [ ]

.github/workflows/linter.yml

@@ -0,0 +1,27 @@
+---
+name: Lint Code Base
+
+on: pull_request
+
+jobs:
+  build:
+    name: Lint Code Base
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+      statuses: write
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+
+      - name: Lint Code Base
+        uses: github/super-linter@v6
+        env:
+          VALIDATE_ALL_CODEBASE: false
+          DEFAULT_BRANCH: v4.x
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          

.github/workflows/v4-tests-and-release.yml

@@ -1,8 +1,8 @@
-name: "[v4] Test and Release"
+name: '[v4] Test and Release'
 on: [push, pull_request]
 jobs:
   check-v3compatibility:
-    name: "Check v3 compatibility"
+    name: 'Check v3 compatibility'
     strategy:
       fail-fast: false
       matrix:
@@ -10,7 +10,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Load using v4.x with prefix
         uses: ./
@@ -84,7 +84,7 @@ jobs:
         shell: bash
 
   check-v3compatibility-without-checkout:
-    name: "Check v3 compatibility (without checkout)"
+    name: 'Check v3 compatibility (without checkout)'
     needs:
       - check-v3compatibility
     strategy:
@@ -94,7 +94,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: this-action
           ref: ${{ github.ref }}
@@ -115,7 +115,7 @@ jobs:
         shell: bash
 
   display:
-    name: "Display produced variables"
+    name: 'Display produced variables'
     strategy:
       fail-fast: false
       matrix:
@@ -123,7 +123,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Load using v4.x
         uses: ./
@@ -191,7 +191,7 @@ jobs:
         shell: bash
 
   display-without-checkout:
-    name: "Display produced variables (without checkout)"
+    name: 'Display produced variables (without checkout)'
     needs:
       - display
     strategy:
@@ -201,7 +201,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: this-action
           ref: ${{ github.ref }}
@@ -230,13 +230,13 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Test 1
       - name: Using correct short length
         uses: ./
         with:
-          prefix: "CSL_"
+          prefix: 'CSL_'
           short-length: 4
       - name: Using correct length // Validate that all short variables lengths are equals to short-length
         run: |
@@ -248,8 +248,8 @@ jobs:
         id: using-wrong-short-length
         uses: ./
         with:
-          prefix: "WSL_"
-          short-length: "wrong"
+          prefix: 'WSL_'
+          short-length: 'wrong'
         continue-on-error: true
       - name: Using wrong short length // Validate that the action end with an error
         run: |
@@ -269,7 +269,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: this-action
           ref: ${{ github.ref }}
@@ -278,7 +278,7 @@ jobs:
       - name: Using correct short length
         uses: ./this-action
         with:
-          prefix: "CSL_"
+          prefix: 'CSL_'
           short-length: 4
       - name: Using correct length // Validate that all short variables lengths are equals to short-length
         run: |
@@ -290,7 +290,7 @@ jobs:
         id: using-empty-short-length
         uses: ./this-action
         with:
-          prefix: "ESL_"
+          prefix: 'ESL_'
         continue-on-error: true
       - name: Using empty short length // Validate that the action don't end with an error
         run: |
@@ -304,8 +304,8 @@ jobs:
         id: using-wrong-short-length
         uses: ./this-action
         with:
-          prefix: "WSL_"
-          short-length: "wrong"
+          prefix: 'WSL_'
+          short-length: 'wrong'
         continue-on-error: true
       - name: Using wrong short length // Validate that the action end with an error
         run: |
@@ -323,13 +323,13 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Test 1
       - name: Using correct slug max length
         uses: ./
         with:
-          prefix: "CML_"
+          prefix: 'CML_'
           slug-maxlength: 1
       - name: Using correct max length // Validate that all slug variables lengths are equals or under the slug-maxlength
         run: |
@@ -341,8 +341,8 @@ jobs:
         id: using-wrong-slug-max-length
         uses: ./
         with:
-          prefix: "WML_"
-          slug-maxlength: "wrong"
+          prefix: 'WML_'
+          slug-maxlength: 'wrong'
         continue-on-error: true
       - name: Using wrong slug max length // Validate that the action end with an error
         run: |
@@ -356,8 +356,8 @@ jobs:
         id: using-empty-slug-max-length
         uses: ./
         with:
-          prefix: "EML_"
-          slug-maxlength: ""
+          prefix: 'EML_'
+          slug-maxlength: ''
         continue-on-error: true
       - name: Using empty slug max length // Validate that the action end with an error
         run: |
@@ -371,8 +371,8 @@ jobs:
         id: using-nolimit-slug-max-length
         uses: ./
         with:
-          prefix: "NLML_"
-          slug-maxlength: "nolimit"
+          prefix: 'NLML_'
+          slug-maxlength: 'nolimit'
       - name: Using no limit on slug max length // Validate that the action end with an error
         run: |
           [[ "$(env | grep "NLML_" | grep "_SLUG" | wc -l)" -gt 0 ]]
@@ -391,8 +391,8 @@ jobs:
       - input-slug-maxlength
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Release this GitHub Action
         uses: rlespinasse/release-that@v1
         with:
-          without-prefix: true
+          github-token: ${{ secrets.GH_TOKEN }}

README.md

@@ -29,8 +29,9 @@ This GitHub Action will expose the slug/short values of [some GitHub environment
 
 - put the variable content in lower case
 - replace any character by `-` except `0-9`, `a-z`, `.`, and `_`
-- remove leading and trailing `-` character
+- remove leading `-` characters
 - limit the string size to 63 characters
+- remove trailing `-` characters
 
 <details>
   <summary>Others <b>Slug-ish</b> commands are available</summary>
@@ -238,22 +239,30 @@ Please, use the current major tag `v4` or a version tag (see [releases pages][re
 
 ## Thanks for talking about us
 
-- [Mettre en place une CI/CD Angular avec GitHub Actions & Netlify][article-1] (in french :fr:)
+In English :gb:
+
 - [Action spotlight by Michael Heap][article-2]
 - [Serverless Deploy Previews on GitHub Actions][article-3]
 - [Let's Build a Continuous Delivery and Branching Process with Github Actions, Vercel and Heroku][article-4]
-- [Github Actions : enfin des pipelines accessibles aux développeurs][talk-1] (in french :fr:)
-- The next one is you. _Don't hesitate to add youself to this list._
 
-[actions]: https://github.com/rlespinasse/github-slug-action/actions
-[license]: https://github.com/rlespinasse/github-slug-action/blob/v4.x/LICENSE
+In French :fr: 
+
+- [Mettre en place une CI/CD Angular avec GitHub Actions & Netlify][article-1]
+- [Github Actions : enfin des pipelines accessibles aux développeurs][talk-1]
+
+In Chinese :cn:
+
+- [利用github-slug-action暴漏Github Action上下文中的关键变量][article-5]
+
+> The next one is you. _Don't hesitate to add youself to one of these lists._
+
 [examples]: https://github.com/rlespinasse/github-slug-action/tree/v4.x/examples
 [custom-variable]: https://github.com/rlespinasse/github-slug-action/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=
 [releases]: https://github.com/rlespinasse/github-slug-action/releases
 [issue-15]: https://github.com/rlespinasse/github-slug-action/issues/15
 [issue-104]: https://github.com/rlespinasse/github-slug-action/issues/104
 
-[git-revpars]: https://git-scm.com/docs/git-rev-parse#Documentation/git-rev-parse.txt---shortlength
+[git-revparse]: https://git-scm.com/docs/git-rev-parse#Documentation/git-rev-parse.txt---shortlength
 [git-core-abbrev]: https://git-scm.com/docs/git-config#Documentation/git-config.txt-coreabbrev
 
 [default-environment-variables]: https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
@@ -265,4 +274,5 @@ Please, use the current major tag `v4` or a version tag (see [releases pages][re
 [article-2]: https://michaelheap.com/github-slug-action/
 [article-3]: https://barstool.engineering/serverless-deploy-previews-on-github-actions/
 [article-4]: https://javascript.plainenglish.io/lets-build-a-continuous-delivery-and-branching-process-c27dae09f0b6
+[article-5]: https://eryajf.github.io/HowToStartOpenSource/views/03-github-tips/10-Use-github-slug-action-to-leak-key-variables-in-the-Github-Action-context.html
 [talk-1]: https://www.youtube.com/watch?v=F5mBDmOQcvE

SECURITY.md

@@ -2,34 +2,25 @@
 
 ## Supported Versions and Branches
 
-We only support 2 major versions for security patches
-
-| Version | Branch | Supported          | Specific Tags |
-| ------- | ------ | ------------------ | ------------- |
-| 4.x     | v4.x   | :white_check_mark: | v4            |
-| 3.x     | v3.x   | :white_check_mark: |               |
-| < 2.x   |        | :x:                | v2.x, v1.1.x  |
+| Version | Supported          | End of Support | Branch | Specific Tags |
+| ------- | ------------------ | -------------- | ------ | ------------- |
+| 4.x     | :white_check_mark: |                | v4.x   | v4            |
+| 3.x     | :white_check_mark: | 2024-01-31     | v3.x   | v3            |
+| 2.x     | :x:                | 2021-04-05     |        | v2.x, 2.2.0   |
+| 1.x     | :x:                | 2021-04-05     |        | v1.1.x, 1.2.0 |
+| 1.0.x   | :x:                | 2019-11-07     |        | 1.0.2         |
 
 A GitHub repository can used one of the available branches as action inside its workflows.
 
 ### End of Life of a branch
 
-When a branch is not supported anymore, the following process occurs
+Since `2023-10-20`, when a new major version is release,
 
-- Since `v4.x` branch, the branch will be deleted 2 major versions after
-  - So `v4.x` branch will be deleted when `v7.x` branch will have its first release
-  - prefer the `v4` tag to `v4.x` branch as reference in our workflow, 
-- Before `v4.x` branch, the branch will be converted into a tag when the support is dropped
-  - So `v3.x` branch will be converted as tag when `v5.x` branch will have its first release
+- The previous one will continue to receive security patches during a 3-months periods,
+- After the 3-month periods, the branch is deleted, only the tags remains.
 
 ## Reporting a Vulnerability
 
-You can report a Vulnerability by [my email](mailto:romain.lespinasse@gmail.com).
+You can report a Vulnerability by creating a [draft security advisory](https://github.com/rlespinasse/github-slug-action/security/advisories) in this project.
 
-_Vulnerability stages :_
-
-- Reported,
-- Confirmed (or declined),
-- Fixed on maintained version series.
-
-After a vulnerability fix, an GitHub issue will be created as document this vulnerability.
+If the vulnerability is confirm, a fix will be produce and the advisory will be publish.

action.yml

@@ -26,73 +26,87 @@ runs:
         INPUT_SLUG_MAXLENGTH: ${{ inputs.slug-maxlength }}
         INPUT_SHORT_LENGTH: ${{ inputs.short-length }}
 
-    - uses: rlespinasse/slugify-value@v1.2.3
+    # From Environment Variables
+    - uses: rlespinasse/slugify-value@v1.4.0
       with:
         key: GITHUB_REPOSITORY
         value: ${{ github.repository }}
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
-    - uses: rlespinasse/slugify-value@v1.2.3
+    - uses: rlespinasse/slugify-value@v1.4.0
       with:
         key: GITHUB_REF
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
-    - uses: rlespinasse/slugify-value@v1.2.3
+    - uses: rlespinasse/slugify-value@v1.4.0
       with:
         key: GITHUB_HEAD_REF
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
-    - uses: rlespinasse/slugify-value@v1.2.3
+    - uses: rlespinasse/slugify-value@v1.4.0
       with:
         key: GITHUB_BASE_REF
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
 
-    # Specific values
-    - uses: rlespinasse/slugify-value@v1.2.3
+    # From Specific values
+    - uses: rlespinasse/slugify-value@v1.4.0
       with:
         key: GITHUB_EVENT_REF
         value: ${{ github.event.ref }}
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
-
-    # Calculated values
-    - id: get-github-ref-name
-      run: echo "::set-output name=github-ref-name::${{ github.head_ref || github.ref_name }}"
-      shell: bash
-    - uses: rlespinasse/slugify-value@v1.2.3
+    - uses: rlespinasse/slugify-value@v1.4.0
       with:
         key: GITHUB_REF_NAME
-        value: ${{ steps.get-github-ref-name.outputs.github-ref-name }}
+        # Related to https://github.com/rlespinasse/github-slug-action/issues/104
+        value: ${{ env.GITHUB_HEAD_REF_RAW || env.GITHUB_REF_NAME_RAW }}
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
+      env:
+        GITHUB_HEAD_REF_RAW: ${{ github.head_ref }}
+        GITHUB_REF_NAME_RAW: ${{ github.ref_name }}
+
+    # From Calculated values
     - id: get-github-repository-owner-part
-      run: echo "::set-output name=github-repository-owner-part::$(echo $GITHUB_REPOSITORY | cut -d/ -f1)"
+      run: |
+        ownerpart=$(echo $GITHUB_REPOSITORY | cut -d/ -f1)
+        if [ -f "$GITHUB_OUTPUT" ]; then
+          echo "github-repository-owner-part=${ownerpart}" >> "$GITHUB_OUTPUT"
+        else
+          echo "::set-output name=github-repository-owner-part::${ownerpart}"
+        fi
       shell: bash
-    - uses: rlespinasse/slugify-value@v1.2.3
+    - uses: rlespinasse/slugify-value@v1.4.0
       with:
         key: GITHUB_REPOSITORY_OWNER_PART
         value: ${{ steps.get-github-repository-owner-part.outputs.github-repository-owner-part }}
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
     - id: get-github-repository-name-part
-      run: echo "::set-output name=github-repository-name-part::$(echo $GITHUB_REPOSITORY | cut -d/ -f2)"
+      run: |
+        namepart=$(echo $GITHUB_REPOSITORY | cut -d/ -f2)
+        if [ -f "$GITHUB_OUTPUT" ]; then
+          echo "github-repository-name-part=${namepart}" >> "$GITHUB_OUTPUT"
+        else
+          echo "::set-output name=github-repository-name-part::${namepart}"
+        fi
       shell: bash
-    - uses: rlespinasse/slugify-value@v1.2.3
+    - uses: rlespinasse/slugify-value@v1.4.0
       with:
         key: GITHUB_REPOSITORY_NAME_PART
         value: ${{ steps.get-github-repository-name-part.outputs.github-repository-name-part }}
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
 
-    # Short
-    - uses: rlespinasse/shortify-git-revision@v1.4.0
+    # From sha
+    - uses: rlespinasse/shortify-git-revision@v1.6.0
       with:
         name: GITHUB_SHA
         short-on-error: true
         length: ${{ steps.prefligth.outputs.PREFLIGHT_SHORT_LENGTH }}
         prefix: ${{ inputs.prefix }}
-    - uses: rlespinasse/shortify-git-revision@v1.4.0
+    - uses: rlespinasse/shortify-git-revision@v1.6.0
       with:
         name: GITHUB_EVENT_PULL_REQUEST_HEAD_SHA
         revision: ${{ github.event.pull_request.head.sha }}

preflight.sh

@@ -31,4 +31,8 @@ else
   fi
 fi
 echo "::debug ::Set PREFLIGHT_SHORT_LENGTH=$PREFLIGHT_SHORT_LENGTH"
-echo "::set-output name=PREFLIGHT_SHORT_LENGTH::$PREFLIGHT_SHORT_LENGTH"
+if [ -f "$GITHUB_OUTPUT" ]; then
+  echo "PREFLIGHT_SHORT_LENGTH=${PREFLIGHT_SHORT_LENGTH}" >> "$GITHUB_OUTPUT"
+else
+  echo "::set-output name=PREFLIGHT_SHORT_LENGTH::${PREFLIGHT_SHORT_LENGTH}"
+fi