feat: Pin sub-actions to full commit SHAs (#175)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: rlespinasse <1280212+rlespinasse@users.noreply.github.com>

.github/CODEOWNERS

@@ -0,0 +1 @@
+*       @rlespinasse

.github/dependabot.yml

@@ -1,27 +1,23 @@
 version: 2
 updates:
-  - package-ecosystem: "github-actions"
-    directory: "/.github/"
+  - package-ecosystem: 'github-actions'
+    directory: '/.github/'
     schedule:
-      interval: "weekly"
+      interval: 'weekly'
     groups:
       dependencies:
         patterns:
-          - "*"
-    reviewers:
-      - "rlespinasse"
-    labels: [ ]
-  - package-ecosystem: "github-actions"
-    directory: "/"
+          - '*'
+    labels: []
+  - package-ecosystem: 'github-actions'
+    directory: '/'
     commit-message:
-      prefix: "feat: "
+      prefix: 'feat: '
     schedule:
-      interval: "weekly"
+      interval: 'weekly'
     groups:
       dependencies:
         patterns:
-          - "rlespinasse/slugify-value"
-          - "rlespinasse/shortify-git-revision"
-    reviewers:
-      - "rlespinasse"
-    labels: [ ]
+          - 'rlespinasse/slugify-value'
+          - 'rlespinasse/shortify-git-revision'
+    labels: []

.github/workflows/check-variables.yml

@@ -0,0 +1,139 @@
+---
+name: Compare GitHub Variables
+
+on:
+  workflow_dispatch: # Manual trigger
+  schedule:
+    - cron: "0 0 * * 1" # Weekly on Monday at midnight
+  pull_request:
+
+permissions: read-all
+
+jobs:
+  compare-variables:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Load environment variables for testing
+        uses: rlespinasse/github-slug-action@v5
+        with:
+          prefix: TEST_
+
+      - name: Compare GitHub variables
+        id: compare
+        run: |
+          # Initialize arrays to store results
+          MISMATCHED_VARS=()
+          TEST_VALUES=()
+          ACTUAL_VALUES=()
+
+          # Get all environment variables
+          ALL_ENV=$(env)
+
+          # Extract TEST_GITHUB variables
+          TEST_VARS=$(echo "$ALL_ENV" | grep "^TEST_GITHUB_" | cut -d= -f1)
+
+          # Check for mismatches
+          for TEST_VAR in $TEST_VARS; do
+          # Get the corresponding GITHUB variable name
+          GITHUB_VAR=${TEST_VAR/TEST_GITHUB_/GITHUB_}
+
+          # Get the values
+          TEST_VALUE="${!TEST_VAR}"
+
+          # Check if the GITHUB variable exists
+          if [[ -n "${!GITHUB_VAR+x}" ]]; then
+            GITHUB_VALUE="${!GITHUB_VAR}"
+
+            # Compare values
+            if [[ "$TEST_VALUE" != "$GITHUB_VALUE" ]]; then
+              MISMATCHED_VARS+=("$TEST_VAR vs $GITHUB_VAR")
+              TEST_VALUES+=("$TEST_VALUE")
+              ACTUAL_VALUES+=("$GITHUB_VALUE")
+              echo "Mismatch found: $TEST_VAR=$TEST_VALUE, $GITHUB_VAR=$GITHUB_VALUE"
+            else
+              echo "Match: $TEST_VAR=$TEST_VALUE, $GITHUB_VAR=$GITHUB_VALUE"
+            fi
+          else
+            echo "Skipping $TEST_VAR as $GITHUB_VAR does not exist"
+          fi
+          done
+
+          # Set output for next steps
+          if [[ ${#MISMATCHED_VARS[@]} -gt 0 ]]; then
+          echo "has_mismatches=true" >>"$GITHUB_OUTPUT"
+
+          # Create a JSON array of mismatched variables for the issue
+          MISMATCHED_JSON=$(printf '"%s",' "${MISMATCHED_VARS[@]}" | sed 's/,$//')
+          MISMATCHED_JSON="[$MISMATCHED_JSON]"
+          echo "mismatched_vars=$MISMATCHED_JSON" >>"$GITHUB_OUTPUT"
+
+          # Create a JSON array of test values
+          TEST_JSON=$(printf '"%s",' "${TEST_VALUES[@]}" | sed 's/,$//')
+          TEST_JSON="[$TEST_JSON]"
+          echo "test_values=$TEST_JSON" >>"$GITHUB_OUTPUT"
+
+          # Create a JSON array of actual values
+          ACTUAL_JSON=$(printf '"%s",' "${ACTUAL_VALUES[@]}" | sed 's/,$//')
+          ACTUAL_JSON="[$ACTUAL_JSON]"
+          echo "actual_values=$ACTUAL_JSON" >>"$GITHUB_OUTPUT"
+
+          # Create summary table
+          {
+            echo "## GitHub Variable Mismatches";
+            echo "| Variable Pair | TEST Value | GITHUB Value |";
+            echo "| ------------- | ---------- | ------------ |";
+          } >>"$GITHUB_STEP_SUMMARY"
+
+          for i in "${!MISMATCHED_VARS[@]}"; do
+            echo "| ${MISMATCHED_VARS[$i]} | ${TEST_VALUES[$i]} | ${ACTUAL_VALUES[$i]} |" >>"$GITHUB_STEP_SUMMARY"
+          done
+          else
+          echo "has_mismatches=false" >>"$GITHUB_OUTPUT"
+          echo "## All GitHub Variables Match" >>"$GITHUB_STEP_SUMMARY"
+          echo "All action GITHUB_ variables match their official GITHUB_ counterparts." >>"$GITHUB_STEP_SUMMARY"
+          fi
+        shell: bash
+
+      - name: Create issue for mismatches
+        if: steps.compare.outputs.has_mismatches == 'true' && github.event_name != 'pull_request'
+        uses: actions/github-script@v8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const mismatchedVars = JSON.parse('${{ steps.compare.outputs.mismatched_vars }}');
+            const testValues = JSON.parse('${{ steps.compare.outputs.test_values }}');
+            const actualValues = JSON.parse('${{ steps.compare.outputs.actual_values }}');
+
+            // Create table for issue body
+            let tableBody = '| Variable Pair | TEST Value | GITHUB Value |\n';
+            tableBody += '| ------------- | ---------- | ------------ |\n';
+
+            for (let i = 0; i < mismatchedVars.length; i++) {
+              tableBody += `| ${mismatchedVars[i]} | ${testValues[i]} | ${actualValues[i]} |\n`;
+            }
+
+            // Create the issue
+            const issueTitle = `GitHub Variable Mismatches Detected - ${new Date().toISOString().split('T')[0]}`;
+            const issueBody = `## GitHub Variable Mismatches Detected\n\nThe following mismatches were found between the action **GITHUB_** variables and their official **GITHUB_** counterparts:\n\n${tableBody}\n\nPlease review these discrepancies and update the test variables as needed.`;
+
+            await github.rest.issues.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              title: issueTitle,
+              body: issueBody,
+              labels: ['bug']
+            });
+
+            console.log('Issue created for GitHub variable mismatches');
+
+      - name: Fail workflow if mismatches detected
+        if: steps.compare.outputs.has_mismatches == 'true' && github.event_name == 'pull_request'
+        run: |
+          echo "::error::GitHub variable mismatches detected! See the summary for details."
+          exit 1

.github/workflows/linter.yml

@@ -15,18 +15,18 @@ jobs:
       statuses: write
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           # Full git history is needed to get a proper
           # list of changed files within `super-linter`
           fetch-depth: 0
 
       - name: Lint Code Base
-        uses: github/super-linter@v7
+        uses: super-linter/super-linter@v8
         env:
           VALIDATE_ALL_CODEBASE: false
+          VALIDATE_GITHUB_ACTIONS_ZIZMOR: false
           VALIDATE_JSCPD: false
-          VALIDATE_JSON_PRETTIER: false
           VALIDATE_MARKDOWN_PRETTIER: false
-          DEFAULT_BRANCH: v5.x
+          VALIDATE_YAML_PRETTIER: false
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/v5-tests-and-release.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Load this action from HEAD
         uses: ./
@@ -94,7 +94,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: this-action
           ref: ${{ github.ref }}
@@ -122,7 +122,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Load this action from HEAD
         uses: ./
@@ -207,7 +207,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: this-action
           ref: ${{ github.ref }}
@@ -230,7 +230,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       # Test 1
       - name: Using correct short length
@@ -269,7 +269,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: this-action
           ref: ${{ github.ref }}
@@ -323,7 +323,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       # Test 1
       - name: Using correct slug max length
@@ -395,7 +395,7 @@ jobs:
       - input-slug-maxlength
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Release this GitHub Action
         uses: rlespinasse/release-that@v1
         with:

CODE_OF_CONDUCT.md

@@ -1,76 +1,133 @@
+
 # Contributor Covenant Code of Conduct
 
 ## Our Pledge
 
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, sex characteristics, gender identity and expression,
-level of experience, education, socio-economic status, nationality, personal
-appearance, race, religion, or sexual identity and orientation.
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
 
 ## Our Standards
 
-Examples of behavior that contributes to creating a positive environment
-include:
+Examples of behavior that contributes to a positive environment for our
+community include:
 
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
 
-Examples of unacceptable behavior by participants include:
+Examples of unacceptable behavior include:
 
-* The use of sexualized language or imagery and unwelcome sexual attention or
- advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
 * Public or private harassment
-* Publishing others' private information, such as a physical or electronic
- address, without explicit permission
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
 * Other conduct which could reasonably be considered inappropriate in a
- professional setting
+  professional setting
 
-## Our Responsibilities
+## Enforcement Responsibilities
 
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
 
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
 
 ## Scope
 
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
 
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at romain.lespinasse@gmail.com. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
+reported to the community leaders responsible for enforcement at
+<romain.lespinasse@gmail.com>.
+All complaints will be reviewed and investigated promptly and fairly.
 
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
 
 [homepage]: https://www.contributor-covenant.org
-
-For answers to common questions about this code of conduct, see
-https://www.contributor-covenant.org/faq
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

README.md

@@ -16,11 +16,11 @@ This GitHub Action will expose the slug/short values of [some GitHub environment
 
 - `SLUG_URL` on a variable to have a `slug` variable compliant to be used in a URL
   - Like `SLUG` but `.`, and `_` are also replaced by `-`
-- `SHORT` on a variable will limit the string size to ~8 characters
+- `SHORT` on a variable will limit the string size to [~8 characters](#with-another-length-for-short-values)
   - Useful for _sha_ value
 - `<KEY>_PART` on a variable will give a part of a variable defined by a key
   - Like `GITHUB_REPOSITORY_OWNER_PART` for the owner part of `GITHUB_REPOSITORY`
-- `<VAR>_CS` on others variables to keep the value case-sensitive
+- `<VAR>_CS` on other variables to keep the value case-sensitive
   - Like `GITHUB_REF_SLUG_CS`
 
 ## Installation
@@ -68,11 +68,19 @@ steps:
   - name: Inject enhanced GitHub environment variables
     uses: rlespinasse/github-slug-action@v5
     with:
-      short-length: 7 # By default it's up to Git to decide, use 8 to have the v3.x behavior
+      short-length: 7 # By default it's up to Git to decide, use 8 to have the v3.x behaviour
 ```
 
+The length of a short sha depends on the size of **your repository** and can differ over time :
+
+- set `7` to keep the `small repository` behaviour,
+- set `8` to reproduce `v3` behaviour,
+- set `4` as the minimum length possible.
+
 > [!WARNING]
-> If you leave it empty, you need to checkout the source first in order to let Git decide the size by itself.
+> If you leave it empty, you need to checkout the source first to let Git decide the size by itself by using [`git rev-parse`][git-revparse] behaviour.
+>
+> The default is the effective value of the [core.abbrev][git-core-abbrev] configuration variable.
 
 ## Available Environment variables
 
@@ -84,9 +92,9 @@ steps:
 
 ### Enhanced variables
 
-- `GITHUB_REF_POINT` will contains the reference name (branch or tag)
+- `GITHUB_REF_POINT` will contain the reference name (branch or tag)
   - based on `GITHUB_HEAD_REF` in a [`pull-request*`][webhooks-and-events] event context,
-  - based on `GITHUB_REF_NAME` in others event context.
+  - based on `GITHUB_REF_NAME` in other event context.
 
 > [!NOTE]
 > All enhanced variables are available in all **slug** formats.
@@ -143,15 +151,15 @@ Same as slug variables but URL-compliant
 
 ### v4 to v5
 
-The **GITHUB_REF_NAME SLUG/SLUG_URL** variables doesn't work the same way as before
+The **GITHUB_REF_NAME SLUG/SLUG_URL** variables don't work the same way as before
 
 > [!TIP]
-> If you use `v5` or related versions, you need to use `GITHUB_REF_POINT` instead of `GITHUB_REF_NAME` to get the behavior of the `v4` action.
+> If you use `v5` or related versions, you need to use `GITHUB_REF_POINT` instead of `GITHUB_REF_NAME` to get the behaviour of the `v4` action.
 
-Before `v5`, the behavior was the same as the GitHub one except on `pull_request*` workflows ([Ready the full story][issue-104]).
+Before `v5`, the behaviour was the same as the GitHub one except on `pull_request*` workflows ([Ready the full story][issue-104]).
 
-- `${{ env.GITHUB_REF_NAME }}` will serve the behavior of this action,
-- `$GITHUB_REF_NAME` will serve the behavior of GitHub Action.
+- `${{ env.GITHUB_REF_NAME }}` will serve the behaviour of this action,
+- `$GITHUB_REF_NAME` will serve the behaviour of GitHub Action.
 
 On `pull_request*` workflows, the content will be `<PR-number>/merge` instead of the branch name.
 So you need to use `GITHUB_REF_POINT` instead
@@ -166,23 +174,23 @@ steps:
 
 ```
 
-Then `${{ env.GITHUB_REF_POINT }}`, and `$GITHUB_REF_POINT` will serve the behavior of this action.
-And `${{ env.GITHUB_REF_NAME }}`, and `$GITHUB_REF_NAME` will serve the behavior of GitHub Action.
+Then `${{ env.GITHUB_REF_POINT }}`, and `$GITHUB_REF_POINT` will serve the behaviour of this action.
+And `${{ env.GITHUB_REF_NAME }}`, and `$GITHUB_REF_NAME` will serve the behaviour of GitHub Action.
 
 ### v3 to v4
 
-Since `v4`, it's Git who manage the short variables by using [`git rev-parse`][git-revparse] behaviour.
-The length of a short sha depends of the size of our repository and can differ over time.
+Since `v4`, Git manages the short variables using [`git rev-parse`][git-revparse] behaviour.
+The length of a short sha depends on the size of **your repository** and can differ over time.
 
-To manage that moving length, you can use `short-length` input
+To manage that moving length, you can use the `short-length` input
 
-- set `7` to reproduce `small repository` behavior
-- set `8` to reproduce `v3` behavior
+- set `7` to reproduce `small repository` behaviour
+- set `8` to reproduce `v3` behaviour
 
 > [!WARNING]
 > The minimum length is 4, the default is the effective value of the [core.abbrev][git-core-abbrev] configuration variable.
 
-So to reproduce previous behavior, use
+So to reproduce previous behaviour, use
 
 ```yaml
 steps:
@@ -199,22 +207,22 @@ steps:
 > [!WARNING]
 > When you set a custom environment variable, you [cannot use any of the default environment variable names][naming-conventions]. For a complete list of these, see [Default environment variables][default-environment-variables]. **If you attempt to override the value of one of these default environment variables, the assignment is ignored.**
 
-If a variable start to be used as default environment variable, the environment variable may have a different behavior than the expected one.
+If a variable starts to be used as a default environment variable, the environment variable may behave differently than the expected one.
 
 If this append, the `${{ env.GITHUB_AWESOME_VARIABLE }}` and `$GITHUB_AWESOME_VARIABLE` expression will not works in the same way.
 
-- `${{ env.GITHUB_AWESOME_VARIABLE }}` will serve the behavior of this action,
-- `$GITHUB_AWESOME_VARIABLE` will serve the behavior of GitHub Action.
+- `${{ env.GITHUB_AWESOME_VARIABLE }}` will serve the behaviour of this action,
+- `$GITHUB_AWESOME_VARIABLE` will serve the behaviour of GitHub Action.
 
-Otherwise the two expression will serve the behavior of this action.
-This will not occurs if you use the `prefix` input to avoid the issue.
+Otherwise, the two expressions will serve the behaviour of this action.
+This will not occur if you use the `prefix` input to avoid the issue.
 
 > [!IMPORTANT]
-> If detected, the maintainers of this action will choose the best course of action depending of the impact.
+> If detected, the maintainers of this action will choose the best course of action depending on the impact.
 
 ### An action could not be found at the URI
 
-If your workflow fail on the `Set up job` task with this kind of log
+If your workflow fails on the `Set up job` task with this kind of log
 
 ```text
 Download action repository 'rlespinasse/github-slug-action@GIT_REFERENCE'
@@ -223,10 +231,10 @@ Download action repository 'rlespinasse/github-slug-action@GIT_REFERENCE'
 
 If the `GIT_REFERENCE` value is
 
-- `v4.x` or after, the branch don't exists anymore following the [end-of-life for a branch](SECURITY.md#end-of-life-of-a-branch) security process.
-- `master`, the branch don't exists anymore, read more about it on the corresponding issue ([EOL issue][issue-15])
+- `v4.x` or after, following the [end-of-life for a branch](SECURITY.md#end-of-life-of-a-branch) security process, this branch can be deleted.
+- `master`, the branch doesn't exist anymore, read more about it on the corresponding issue ([EOL issue][issue-15])
 
-Please, use the current major tag `v5` or a version tag (see [releases pages][releases]) in order to fix your workflow.
+Please, use the current **Major tag** `v5` or a version tag (see [releases pages][releases]) to fix your workflow.
 
 ## Thanks for talking about us
 
@@ -235,17 +243,19 @@ In English :gb:
 - [Action spotlight by Michael Heap][article-2]
 - [Serverless Deploy Previews on GitHub Actions][article-3]
 - [Let's Build a Continuous Delivery and Branching Process with GitHub Actions, Vercel and Heroku][article-4]
+- [Celebrating 5 Years of github-slug-action on sfeir.dev][article-7]
 
 In French :fr:
 
 - [Mettre en place une CI/CD Angular avec GitHub Actions & Netlify][article-1]
 - [GitHub Actions : enfin des pipelines accessibles aux développeurs][talk-1]
+- [GitHub-slug-action : 5 ans d'open source pour cette GitHub Action essentielle au CI/CD][article-6]
 
 In Chinese :cn:
 
 - [利用github-slug-action暴漏GitHub Action上下文中的关键变量][article-5]
 
-> The next one is you. _Don't hesitate to add youself to one of these lists._
+> The next one is you. _Don't hesitate to add yourself to one of these lists._
 
 [examples]: https://github.com/rlespinasse/github-slug-action/tree/v5.x/examples
 [custom-variable]: https://github.com/rlespinasse/github-slug-action/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=
@@ -259,14 +269,16 @@ In Chinese :cn:
 [git-revparse]: https://git-scm.com/docs/git-rev-parse#Documentation/git-rev-parse.txt---shortlength
 [git-core-abbrev]: https://git-scm.com/docs/git-config#Documentation/git-config.txt-coreabbrev
 
-[default-environment-variables]: https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
+[default-environment-variables]: https://docs.github.com/en/actions/reference/workflows-and-actions/variables#default-environment-variables
 [dependabot]: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
 [webhooks-and-events]: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads
-[naming-conventions]: https://docs.github.com/en/actions/reference/environment-variables#naming-conventions-for-environment-variables
+[naming-conventions]: https://docs.github.com/en/actions/reference/workflows-and-actions/variables#naming-conventions-for-configuration-variables
 
 [article-1]: https://esensconsulting.medium.com/mettre-en-place-une-ci-cd-angular-avec-github-actions-netlify-ca0b59b99ed8
 [article-2]: https://michaelheap.com/github-slug-action/
 [article-3]: https://barstool.engineering/serverless-deploy-previews-on-github-actions/
 [article-4]: https://javascript.plainenglish.io/lets-build-a-continuous-delivery-and-branching-process-c27dae09f0b6
 [article-5]: https://eryajf.github.io/HowToStartOpenSource/views/03-github-tips/10-Use-github-slug-action-to-leak-key-variables-in-the-Github-Action-context.html
+[article-6]: https://www.sfeir.dev/5-ans-de-github-slug-action-une-aventure-open-source/
+[article-7]: https://www.romainlespinasse.dev/posts/celebrating-5-years-of-github-slug-action/
 [talk-1]: https://www.youtube.com/watch?v=F5mBDmOQcvE

SECURITY.md

@@ -5,7 +5,7 @@
 | Version | Supported          | End of Support | Branch | Specific Tags |
 | ------- | ------------------ | -------------- | ------ | ------------- |
 | 5.x     | :white_check_mark: |                | v5.x   | v5            |
-| 4.x     | :white_check_mark: | 2025-01-31     | v4.x   | v4            |
+| 4.x     | :x:                | 2025-01-31     |        | v4.x, v4      |
 | 3.x     | :x:                | 2024-01-31     |        | v3.x, v3      |
 | 2.x     | :x:                | 2021-04-05     |        | v2.x, 2.2.0   |
 | 1.x     | :x:                | 2021-04-05     |        | v1.1.x, 1.2.0 |

action.yml

@@ -27,42 +27,42 @@ runs:
         INPUT_SHORT_LENGTH: ${{ inputs.short-length }}
 
     # From Environment Variables
-    - uses: rlespinasse/slugify-value@v1.4.0
+    - uses: rlespinasse/slugify-value@a4879db1eb3db9bbee01dca36f98a8236c2b8239 # v1.4.0
       with:
         key: GITHUB_REPOSITORY
         value: ${{ github.repository }}
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
-    - uses: rlespinasse/slugify-value@v1.4.0
+    - uses: rlespinasse/slugify-value@a4879db1eb3db9bbee01dca36f98a8236c2b8239 # v1.4.0
       with:
         key: GITHUB_REF
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
-    - uses: rlespinasse/slugify-value@v1.4.0
+    - uses: rlespinasse/slugify-value@a4879db1eb3db9bbee01dca36f98a8236c2b8239 # v1.4.0
       with:
         key: GITHUB_HEAD_REF
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
-    - uses: rlespinasse/slugify-value@v1.4.0
+    - uses: rlespinasse/slugify-value@a4879db1eb3db9bbee01dca36f98a8236c2b8239 # v1.4.0
       with:
         key: GITHUB_BASE_REF
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
 
     # From Specific values
-    - uses: rlespinasse/slugify-value@v1.4.0
+    - uses: rlespinasse/slugify-value@a4879db1eb3db9bbee01dca36f98a8236c2b8239 # v1.4.0
       with:
         key: GITHUB_EVENT_REF
         value: ${{ github.event.ref }}
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
-    - uses: rlespinasse/slugify-value@v1.4.0
+    - uses: rlespinasse/slugify-value@a4879db1eb3db9bbee01dca36f98a8236c2b8239 # v1.4.0
       with:
         key: GITHUB_REF_NAME
         value: ${{ github.ref_name }}
         prefix: ${{ inputs.prefix }}
         slug-maxlength: ${{ inputs.slug-maxlength }}
-    - uses: rlespinasse/slugify-value@v1.4.0
+    - uses: rlespinasse/slugify-value@a4879db1eb3db9bbee01dca36f98a8236c2b8239 # v1.4.0
       with:
         key: GITHUB_REF_POINT
         value: ${{ env.GITHUB_HEAD_REF_RAW || env.GITHUB_REF_NAME_RAW }}
@@ -82,7 +82,7 @@ runs:
           echo "::set-output name=github-repository-owner-part::${ownerpart}"
         fi
       shell: bash
-    - uses: rlespinasse/slugify-value@v1.4.0
+    - uses: rlespinasse/slugify-value@a4879db1eb3db9bbee01dca36f98a8236c2b8239 # v1.4.0
       with:
         key: GITHUB_REPOSITORY_OWNER_PART
         value: ${{ steps.get-github-repository-owner-part.outputs.github-repository-owner-part }}
@@ -97,7 +97,7 @@ runs:
           echo "::set-output name=github-repository-name-part::${namepart}"
         fi
       shell: bash
-    - uses: rlespinasse/slugify-value@v1.4.0
+    - uses: rlespinasse/slugify-value@a4879db1eb3db9bbee01dca36f98a8236c2b8239 # v1.4.0
       with:
         key: GITHUB_REPOSITORY_NAME_PART
         value: ${{ steps.get-github-repository-name-part.outputs.github-repository-name-part }}
@@ -105,13 +105,13 @@ runs:
         slug-maxlength: ${{ inputs.slug-maxlength }}
 
     # From sha
-    - uses: rlespinasse/shortify-git-revision@v1.6.0
+    - uses: rlespinasse/shortify-git-revision@c90ba7007ef6c152254d10b9f1a327966ab13077 # v1.6.0
       with:
         name: GITHUB_SHA
         short-on-error: true
         length: ${{ steps.prefligth.outputs.PREFLIGHT_SHORT_LENGTH }}
         prefix: ${{ inputs.prefix }}
-    - uses: rlespinasse/shortify-git-revision@v1.6.0
+    - uses: rlespinasse/shortify-git-revision@c90ba7007ef6c152254d10b9f1a327966ab13077 # v1.6.0
       with:
         name: GITHUB_EVENT_PULL_REQUEST_HEAD_SHA
         revision: ${{ github.event.pull_request.head.sha }}