v5.5.7

Bump PSModule/GitHub-Script from 1.7.10 to 1.8.0 (#346)

Bumps PSModule/GitHub-Script from 1.7.10 to 1.8.0.

Release notes

Sourced from PSModule/GitHub-Script's releases.

v1.8.0

🚀 [Minor]: GitHub API rate limit details now available in action logs (#89)

GitHub API rate limit consumption is now visible directly in the action logs. When enabled, rate limit details - including remaining quota, limit, used count, and reset time for all resource categories - are displayed before and after the user script runs, making it easy to see exactly how many API calls a workflow step consumed.

• Fixes #88

New: Rate limit visibility in action logs

A new ShowRateLimit input (default: 'false') controls whether rate limit information appears in the logs. When set to 'true', a Rate Limits LogGroup appears inside the Info fence before the user script, and another Rate Limits LogGroup appears inside the Outputs fence after it.

- uses: PSModule/GitHub-Script@v1
  with:
    ShowRateLimit: 'true'
    Script: |
      Get-GitHubRepository -Owner PSModule -Name GitHub-Script

The output includes a formatted table of all resource categories returned by Get-GitHubRateLimit (core, search, graphql, etc.), each showing Limit, Used, Remaining, ResetsAt, and ResetsIn.

When the input is omitted or set to 'false' (the default), no rate limit output appears.

If ShowRateLimit is enabled but ShowInfo or ShowOutput is off, the corresponding fence still renders with just the rate limit content inside. For auth types that do not support Get-GitHubRateLimit (for example GitHub App contexts), a warning is shown instead of failing.

Technical Details

• Added ShowRateLimit input to action.yml with required: false and default: 'false'.
• Added PSMODULE_GITHUB_SCRIPT_INPUT_ShowRateLimit environment variable to the composite step.
• Created src/ratelimit.ps1 as a helper script (no fence borders) that checks the guard and renders a single Rate Limits LogGroup.
• src/ratelimit.ps1 now calls Get-GitHubRateLimit -ErrorAction Stop so non-terminating errors are caught reliably in unsupported auth contexts.
• src/ratelimit.ps1 explicitly selects Name, Limit, Used, Remaining, ResetsAt, and ResetsIn before formatting to keep columns deterministic.
• Modified src/info.ps1: adjusted the early-return guard to also consider ShowRateLimit, wrapped existing LogGroups in if ($showInfo), and calls ratelimit.ps1 before the fence close.
• Modified src/outputs.ps1: adjusted the early-return guard to also consider ShowRateLimit, wrapped existing output LogGroups in if ($result), and calls ratelimit.ps1 before the fence close.
• The action.yml run block remains in the same flow, while info.ps1 and outputs.ps1 invoke the helper internally.
• Enabled ShowRateLimit: true across all Action-Test scenarios in .github/workflows/TestWorkflow.yml, including Basic, WithScript path variants, Commands + Outputs, Matrix Creator, WithoutToken, WithPAT, WithUserFGPAT, WithOrgFGPAT, GitHubAppEnt, GitHubAppOrg + quoted inputs, WithKeyVaultKeyReference, WithKeyVaultKeyReferenceLatest, and PreserveCredentials False.

Commits

• 1ee97bb 🚀 [Minor]: GitHub API rate limit details now available in action logs (#89)
• 8649c46 Bump azure/login from 2.3.0 to 3.0.0 (#86)
• e3b0111 ⚙️ [Maintenance]: Add afterall to codespell ignore words list (#85)
• 2d8efc6 Bump super-linter/super-linter from 8.4.0 to 8.5.0 (#84)
• 611c5dc ⚙️ [Maintenance]: Update super-linter to v8.4.0 (#83)
• 99556fc ⚙️ [Maintenance]: Align workflows across action repositories (#82)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

v5.5.6

Bump PSModule/Build-PSModule from 4.0.14 to 4.0.15 (#345)

Bumps PSModule/Build-PSModule from 4.0.14 to 4.0.15.

Release notes

Sourced from PSModule/Build-PSModule's releases.

v4.0.15

Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#134)

Bumps actions/upload-artifact from 7.0.0 to 7.0.1.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

... (truncated)

Commits

• 3b368fe Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#134)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

v5.5.5

Bump PSModule/Invoke-Pester from 4.2.4 to 4.2.5 (#344)

Bumps PSModule/Invoke-Pester from 4.2.4 to 4.2.5.

Release notes

Sourced from PSModule/Invoke-Pester's releases.

v4.2.5

Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#63)

Bumps actions/upload-artifact from 7.0.0 to 7.0.1.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

... (truncated)

Commits

• 266d1cf Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#63)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

v5.5.4

Bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#340)

Bumps actions/upload-pages-artifact from 4.0.0 to 5.0.0.

Release notes

Sourced from actions/upload-pages-artifact's releases.

v5.0.0

Changelog

• Update upload-artifact action to version 7 @​Tom-van-Woudenberg (#139)
• feat: add include-hidden-files input @​jonchurch (#137)

See details of all code changes since previous release.

Commits

• fc324d3 Merge pull request #139 from Tom-van-Woudenberg/patch-1
• fe9d4b7 Merge branch 'main' into patch-1
• 0ca1617 Merge pull request #137 from jonchurch/include-hidden-files
• 57f0e84 Update action.yml
• 4a90348 v7 --> hash
• 56f665a Update upload-artifact action to version 7
• f7615f5 Add include-hidden-files input
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

v5.5.3

Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#341)

Bumps actions/upload-artifact from 7.0.0 to 7.0.1.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

v5.5.2

🩹 [Patch]: Bump PSModule/Publish-PSModule to v2.2.4 (#312)

The module publishing workflow now uses the latest PSModule/Publish-PSModule action release, so publish jobs run with the newest patch-level fixes while keeping the same workflow behavior.

Changed: Module publishing dependency

The Publish-Module.yml reusable workflow now references PSModule/Publish-PSModule v2.2.4 (pinned by commit SHA) instead of v2.2.3.

- name: Publish module
  uses: PSModule/Publish-PSModule@8917aed588dae1bd1aa2873b1caec1c50c20d255 # v2.2.4

No workflow inputs or invocation patterns changed for consumers.

Technical Details

• Updated one dependency reference in .github/workflows/Publish-Module.yml.
• The action remains SHA-pinned with a version comment for traceability and supply-chain integrity.

v5.5.1

🩹 [Patch]: Reusable workflow dependencies updated (#332)

Reusable workflow dependencies are now updated to newer pinned versions, improving reliability and consistency across repository automation while preserving existing workflow behavior.

Changed: Reusable workflow dependency versions

The repository workflows now use updated pinned versions of key GitHub Actions and PSModule actions. All references remain SHA-pinned with version comments, keeping the same security model while applying dependency updates.

Technical Details

Updated action pins in .github/workflows/Build-Docs.yml, .github/workflows/Build-Site.yml, .github/workflows/Lint-Repository.yml, .github/workflows/Lint-SourceCode.yml, .github/workflows/Linter.yml, .github/workflows/Publish-Site.yml, .github/workflows/Test-Module.yml, and .github/workflows/Test-ModuleLocal.yml. Changes include actions/download-artifact (v8.0.1), actions/deploy-pages (v5.0.0), actions/configure-pages (v6.0.0), PSModule/Invoke-ScriptAnalyzer (v4.1.3), and super-linter/super-linter (v8.6.0).

v5.5.0

🚀 [Feature]: Release-triggering file patterns now configurable via workflow input (#301)

Repositories can now control which file changes trigger build, test, and publish stages by configuring the ImportantFilePatterns workflow input or settings file property. The default patterns (^src/ and ^README\.md$) remain unchanged for backward compatibility.

• Fixes #278

New: Configurable release-triggering file patterns

The ImportantFilePatterns input is now available on the workflow.yml and Get-Settings.yml reusable workflows. Pass a newline-separated list of regex patterns to override the defaults:

jobs:
  Process:
    uses: PSModule/Process-PSModule/.github/workflows/workflow.yml@v5
    with:
      ImportantFilePatterns: |
        ^src/
        ^README\.md$
        ^examples/

To disable file-change triggering entirely, pass an empty string via the workflow input or set an empty list in .github/PSModule.yml:

# In .github/PSModule.yml
ImportantFilePatterns: []

Resolution order: settings file → workflow input → workflow input default values.

Changed: PR comment reflects configured patterns

The automated comment posted on PRs when no important files are changed now dynamically lists the configured patterns instead of a hardcoded table.

Technical Details

• Added ImportantFilePatterns input (type: string, newline-separated) to both .github/workflows/workflow.yml and .github/workflows/Get-Settings.yml with explicit defaults (^src/ and ^README\.md$).
• Bumped Get-PSModuleSettings action reference from v1.4.4 to v1.5.0 which implements the settings file and action input support for this feature.
• Passed ImportantFilePatterns input through the reusable workflow chain to the Get-PSModuleSettings action step.
• Updated README documentation: new input in the workflow inputs table, new "Customizing important file patterns" section with YAML examples, updated settings file reference and example schema.

v5.4.7

🩹 [Patch]: Framework-generated code coverage no longer penalizes module authors (#310)

Framework-generated boilerplate — type accelerator registration and OnRemove cleanup — is now tested and covered by updated action versions referenced in this workflow. The obsolete $IsWindows PS 5.1 shim is no longer injected into built modules. Coverage from the framework test step and the module test step is already aggregated by Get-CodeCoverage, so module authors' coverage percentages now reflect only the code they wrote.

• Fixes #309

Changed: Build-PSModule updated to v4.0.14

Built modules no longer include the $IsWindows = $true Desktop edition shim or its PSScriptAnalyzer suppression attributes. PSModule targets PowerShell LTS (7.6+), where $IsWindows is a built-in automatic variable.

See PSModule/Build-PSModule#132 for details.

Changed: Test-PSModule updated to v3.0.10

The framework module tests now validate that every public class and enum is registered as a type accelerator after import, and that the OnRemove hook cleans them up when the module is removed. These tests produce coverage artifacts that are aggregated with module author test coverage, so framework-generated boilerplate no longer counts against the module author's coverage target.

See PSModule/Test-PSModule#113 for details.

Changed: README documents the framework testing design

The README now explains:

• Why framework-generated code is tested by the framework itself
• How coverage from both the framework test step and the module test step is aggregated
• That module authors do not need to test framework-generated code themselves

Technical Details

• .github/workflows/Build-Module.yml: Updated Build-PSModule from v4.0.13 to v4.0.14 (345728124d201f371a8b0f1aacb98f89000a06dc)
• .github/workflows/Test-Module.yml: Updated Test-PSModule from v3.0.8 to v3.0.10 (8c3337136dc7cf320da39eeb50e776d04bc9ac73)
• .github/workflows/Test-SourceCode.yml: Updated Test-PSModule from v3.0.8 to v3.0.10
• README.md: Added "Code coverage for framework-generated code" paragraph under the Framework test section; added coverage aggregation details under the Get code coverage section; removed reference to the $IsWindows shim
• No workflow structure changes — code coverage was already enabled in Test-Module.yml and Get-PesterCodeCoverage already aggregates all *-CodeCoverage artifacts

v5.4.6

🪲 [Fix]: Super-linter can now post PR comment summaries (#308)

Super-linter's inline PR comment summaries now appear when lint errors are found. Previously, the linter detected issues but silently failed to post the summary comment, requiring developers to navigate to the Actions log to see what went wrong.

• Fixes #307

Fixed: Lint error summaries now visible directly on PRs

When super-linter detects markdown, YAML, or other linting issues, it posts a summary comment on the pull request for quick feedback. This was failing with a 403 error because the Lint-Repository.yml reusable workflow's permissions: block only granted contents: read and statuses: write, omitting the pull-requests: write permission needed by the GitHub Issues API to create comments.

The error looked like this in the Actions log:

[WARN] Failed to call GitHub API: curl: (22) The requested URL returned error: 403
[WARN] Failed to create GitHub issue comment
[WARN] Error while posting pull request summary

Lint failures are still correctly reported — only the inline PR comment was missing.

Technical Details

• Added pull-requests: write to the permissions: block in .github/workflows/Lint-Repository.yml.
• When a reusable workflow defines its own permissions: block, it overrides (not inherits) the calling workflow's permissions. The parent workflows (workflow.yml and consumer repos) already grant pull-requests: write, but Lint-Repository.yml was restricting the GITHUB_TOKEN to a narrower scope.
• No other workflows or jobs are affected — the permission is scoped to the lint job only.