build(deps): bump actions/checkout from 5 to 6 in the dependencies group (#32)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Romain Lespinasse <romain.lespinasse@gmail.com>

.github/CODEOWNERS

@@ -0,0 +1 @@
+*       @rlespinasse

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,23 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+    groups:
+      dependencies:
+        patterns:
+          - '*'
+    labels: []

.github/workflows/linter.yml

@@ -0,0 +1,30 @@
+---
+name: Lint Code Base
+
+on: pull_request
+
+permissions: read-all
+
+jobs:
+  build:
+    name: Lint Code Base
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+      statuses: write
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v6
+        with:
+          # Full git history is needed to get a proper
+          # list of changed files within `super-linter`
+          fetch-depth: 0
+
+      - name: Lint Code Base
+        uses: super-linter/super-linter@v8
+        env:
+          VALIDATE_ALL_CODEBASE: false
+          VALIDATE_GITHUB_ACTIONS_ZIZMOR: false
+          VALIDATE_YAML_PRETTIER: false
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/shortify-git-revision.yaml

@@ -1,9 +1,11 @@
+---
 name: Shortify Git Revision
 on:
   push:
     branches:
       - v1.x
   pull_request:
+permissions: read-all
 jobs:
   os-testing:
     strategy:
@@ -13,7 +15,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       # Test 1
       - name: Shortify an existing git revision
@@ -165,7 +167,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
         with:
           path: this-action
           ref: ${{ github.ref }}
@@ -200,17 +202,25 @@ jobs:
           [[ "${{ env.ROOT_COMMIT_SHORT }}" == "${{ steps.short-on-error.outputs.short }}" ]]
         shell: bash
 
+
   release:
     runs-on: ubuntu-latest
-    concurrency:
-      group: release-${{ github.ref }}
     needs:
       - os-testing
       - error-os-testing
+    permissions:
+      contents: write
+      issues: write
+      id-token: write
+      packages: write
+    concurrency:
+      group: release-${{ github.ref }}
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
-      # Release
-      - name: Release this GitHub Action
+      - name: Release That
         uses: rlespinasse/release-that@v1
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}

CODE_OF_CONDUCT.md

@@ -6,8 +6,8 @@ We as members, contributors, and leaders pledge to make participation in our
 community a harassment-free experience for everyone, regardless of age, body
 size, visible or invisible disability, ethnicity, sex characteristics, gender
 identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, religion, or sexual identity
-and orientation.
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
 
 We pledge to act and interact in ways that contribute to an open, welcoming,
 diverse, inclusive, and healthy community.
@@ -22,17 +22,17 @@ community include:
 * Giving and gracefully accepting constructive feedback
 * Accepting responsibility and apologizing to those affected by our mistakes,
   and learning from the experience
-* Focusing on what is best not just for us as individuals, but for the
-  overall community
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
 
 Examples of unacceptable behavior include:
 
-* The use of sexualized language or imagery, and sexual attention or
-  advances of any kind
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
 * Trolling, insulting or derogatory comments, and personal or political attacks
 * Public or private harassment
-* Publishing others' private information, such as a physical or email
-  address, without their explicit permission
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
 * Other conduct which could reasonably be considered inappropriate in a
   professional setting
 
@@ -52,7 +52,7 @@ decisions when appropriate.
 
 This Code of Conduct applies within all community spaces, and also applies when
 an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official e-mail address,
+Examples of representing our community include using an official email address,
 posting via an official social media account, or acting as an appointed
 representative at an online or offline event.
 
@@ -60,7 +60,7 @@ representative at an online or offline event.
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported to the community leaders responsible for enforcement at
-romain.lespinasse@gmail.com.
+<romain.lespinasse@gmail.com>.
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the
@@ -82,15 +82,15 @@ behavior was inappropriate. A public apology may be requested.
 
 ### 2. Warning
 
-**Community Impact**: A violation through a single incident or series
-of actions.
+**Community Impact**: A violation through a single incident or series of
+actions.
 
 **Consequence**: A warning with consequences for continued behavior. No
 interaction with the people involved, including unsolicited interaction with
 those enforcing the Code of Conduct, for a specified period of time. This
 includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or
-permanent ban.
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
 
 ### 3. Temporary Ban
 
@@ -106,23 +106,27 @@ Violating these terms may lead to a permanent ban.
 ### 4. Permanent Ban
 
 **Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior,  harassment of an
+standards, including sustained inappropriate behavior, harassment of an
 individual, or aggression toward or disparagement of classes of individuals.
 
-**Consequence**: A permanent ban from any sort of public interaction within
-the community.
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
 
 ## Attribution
 
 This Code of Conduct is adapted from the [Contributor Covenant][homepage],
-version 2.0, available at
-https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
 
-Community Impact Guidelines were inspired by [Mozilla's code of conduct
-enforcement ladder](https://github.com/mozilla/diversity).
-
-[homepage]: https://www.contributor-covenant.org
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
 
 For answers to common questions about this code of conduct, see the FAQ at
-https://www.contributor-covenant.org/faq. Translations are available at
-https://www.contributor-covenant.org/translations.
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

CONTRIBUTING.md

@@ -0,0 +1,33 @@
+# How to contribute to Shortify Git Revision
+
+## Did you find a bug
+
+* **Do not open up a GitHub issue if the bug is a security vulnerability**, and instead to refer to our [security policy][1].
+
+* **Ensure the bug was not already reported** by searching on GitHub under [Issues][2].
+
+* If you're unable to find an open issue addressing the problem, [open a 'Bug' issue][4].
+Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the expected behavior that is not occurring.
+
+## Did you write a patch that fixes a bug
+
+* Open a new GitHub pull request with the patch.
+
+* Ensure the PR description clearly describes the problem and solution.
+Include the relevant issue number if applicable.
+
+## Do you intend to add a new feature or change an existing one
+
+* Suggest your change by [opening a 'Feature request' issue][5]
+
+## Do you have questions about the source code
+
+* [open an issue][3] with your question.
+
+Thanks!
+
+[1]: https://github.com/rlespinasse/shortify-git-revision/security/policy
+[2]: https://github.com/rlespinasse/shortify-git-revision/issues
+[3]: https://github.com/rlespinasse/shortify-git-revision/issues/new
+[4]: https://github.com/rlespinasse/shortify-git-revision/issues/new?assignees=&labels=bug&template=bug_report.md&title=
+[5]: https://github.com/rlespinasse/shortify-git-revision/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=

README.md

@@ -1,11 +1,22 @@
 # Shortify git revision
 
-> Github Action to shortify a git revision
+> [!NOTE]
+> A GitHub Action that generates shortened Git revision identifiers from full-length commit hashes and exposes them as environment variables.
 
-Produce short revision environment variable based on the input one.
+## Features
 
-If a revision is a bad revision, this action will produce an error message and fail depending on `continue-on-error` input (This behavior can be override with `short-on-error` input).
-`<NAME>`, and `<NAME>_SHORT` environment variable will only be available if the revision is not empty and valid.
+- Converts full Git revisions into their shortened form
+- Validates revision format and handles invalid inputs
+- Provides both full and shortened revisions as environment variables
+- Configurable error handling for invalid revisions
+
+## Behavior
+
+- Creates `<NAME>` and `<NAME>_SHORT` environment variables for valid revisions
+- Environment variables are only set when the input revision is non-empty and valid
+- Handles invalid revisions based on configuration:
+  - Fails by default (controlled by `continue-on-error` input)
+  - Can be customized using `short-on-error` input to override default behavior
 
 ## Usage
 
@@ -85,8 +96,9 @@ If a revision is a bad revision, this action will produce an error message and f
 
 ### `name`
 
-If used with `revision` input, it's the name of the environment variable containing the revision to shortify.
-Otherwise, the `name` input will be used (in upper case) to define a environment variable containing the `revision` input value.
+When providing a `revision` through the revision input, the action will use this environment variable name to store the shortened hash.
+
+If no environment variable is specified, the action automatically creates one using the `name` input (converted to uppercase) to store the provided `revision` value.
 
 ### `revision`
 
@@ -106,8 +118,10 @@ If the input is set to `true`, this action will short a bad revision
 
 The default value is `false`.
 
-> If this input is set to `true`, the input `continue-on-error` input will be ignored.
-> If this input is set to `true`, the input `length` input is mandatory.
+> [!WARNING]
+>
+> - If this input is set to `true`, the input `continue-on-error` input will be ignored.
+> - If this input is set to `true`, the input `length` input is mandatory.
 
 ### `prefix`
 

SECURITY.md

@@ -0,0 +1,22 @@
+# Security Policy
+
+## Supported Versions and Branches
+
+| Version | Supported          | End of Support | Branch | Specific Tags |
+| ------- | ------------------ | -------------- | ------ | ------------- |
+| 1.x     | :white_check_mark: |                | v1.x   | v1            |
+
+A GitHub repository can use one of the available branches as an action inside its workflows.
+
+### End of Life of a branch
+
+Since `2024-10-26`, when a new major version is released,
+
+- The previous one will continue to receive security patches for 3 months,
+- After the 3 months, the branch is deleted, and only the tags remain.
+
+## Reporting a Vulnerability
+
+In this project, you can report a Vulnerability by creating a [draft security advisory](https://github.com/rlespinasse/shortify-git-revision/security/advisories).
+
+If the vulnerability is confirmed, a fix will be produced and the advisory will be published.