Skip to content

Bump PSModule/Process-PSModule/.github/workflows/workflow.yml from 5.5.0 to 6.1.4#65

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/PSModule/Process-PSModule/dot-github/workflows/workflow.yml-6.1.4
Open

Bump PSModule/Process-PSModule/.github/workflows/workflow.yml from 5.5.0 to 6.1.4#65
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/PSModule/Process-PSModule/dot-github/workflows/workflow.yml-6.1.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps PSModule/Process-PSModule/.github/workflows/workflow.yml from 5.5.0 to 6.1.4.

Release notes

Sourced from PSModule/Process-PSModule/.github/workflows/workflow.yml's releases.

v6.1.4

🪲 [Fix]: Resolve the current version on non-PR runs (bump Resolve-PSModuleVersion to v1.1.5) (#375)

The Plan job no longer fails on schedule and workflow_dispatch events. Resolve-PSModuleVersion is bumped to v1.1.5, which resolves the current published version on non–pull-request events instead of throwing.

Fixed: non–pull-request runs (schedule / workflow_dispatch)

Since v6.1.0 the Plan job runs Resolve-Version on every event, and the action threw "...must be run from a pull_request event" on non-PR events — failing the whole run (every job needs: Plan). Resolve-PSModuleVersion v1.1.5PSModule/Resolve-PSModuleVersion#100.0.0 for a module that has never been released. Pull-request and merge-to-default-branch behavior is unchanged: labels drive the bump (patch default), and the version preview on regular PRs is retained.

Technical Details

  • .github/workflows/Plan.yml: bump the Resolve-Version pin 8d1dac7 (v1.1.4) → 6a59a88 (v1.1.5). One-line change — no Plan gate or Test-ModuleLocal fallback is needed, because v1.1.5 always populates Settings.Module.Version on non-PR events.
  • This supersedes this PR's earlier Plan.yml gate + 999.0.0 fallback approach, replaced by the root-cause fix in the shared action.
  • Validated: a workflow_dispatch self-test run on this branch completes (previously failed at Plan); the PR self-test resolves a version as before.

v6.1.3

🩹 [Patch]: Bump Invoke-ScriptAnalyzer to v5.0.0 and Test-PSModule to v3.0.14 (#380)

Brings Process-PSModule's lint/test action dependencies to their latest releases: PSModule/Invoke-ScriptAnalyzer v4.1.3 → v5.0.0 and PSModule/Test-PSModule v3.0.13 → v3.0.14. Both preserve the reusable workflow's Settings.Version/Settings.Prerelease contract for consumers.

Changed: Invoke-ScriptAnalyzer upgraded to v5.0.0

Invoke-ScriptAnalyzer v5.0.0 is a major release that repurposed its Version/Prerelease inputs to select the PSScriptAnalyzer module version and moved the GitHub bootstrap-module controls to GitHubVersion/GitHubPrerelease.

The Lint-SourceCode and Lint-Module steps pass Settings.Version/Settings.Prerelease, which in this ecosystem select the GitHub module (the same values feed the Invoke-Pester and GitHub-Script steps). They are now wired to Invoke-ScriptAnalyzer's GitHubVersion/GitHubPrerelease, so those settings keep controlling the GitHub module exactly as before. No change to the Settings contract.

With v5, the action also installs PSScriptAnalyzer itself (latest, since its Version is left unset) instead of relying on the runner's preinstalled copy — so consumer linting now runs against the latest PSScriptAnalyzer.

Changed: Test-PSModule upgraded to v3.0.14

Patch release; Test-PSModule v3.0.14 (which internally bumped Invoke-Pester to v5.1.0) preserves its own Version/Prerelease (GitHub module) contract, so the Test-SourceCode and Test-Module steps need only a SHA update — no input remap.

Technical Details

  • Lint-SourceCode.yml, Test-Module.yml: Invoke-ScriptAnalyzer 6aeb1bc (v4.1.3) → 4d633e4 (v5.0.0); remapped VersionGitHubVersion, PrereleaseGitHubPrerelease.
  • Test-Module.yml, Test-SourceCode.yml: Test-PSModule 25c9cd8 (v3.0.13) → 902c5e5 (v3.0.14).
  • Pester and PSScriptAnalyzer versions left at the v5 defaults (latest); not wired to any Settings key.
  • Scope: the Invoke-Pester step (Test-ModuleLocal.yml, still v4.2.6) is intentionally untouched.
  • Label note: the Settings contract is preserved (hence Patch), but consumer linting now runs against the latest PSScriptAnalyzer — bump to Minor if you'd rather signal that behavior change.

Release notes: Invoke-ScriptAnalyzer v5.0.0

v6.1.2

🪲 [Fix]: Test data reaches module tests in every consumer repository (#377)

Module test workflows now receive the caller-provided test data (secrets and variables) in every repository that consumes Process-PSModule, and version resolution once again honors the bump label on pull requests. Previously the BeforeAll, Test, and AfterAll module jobs failed at the "Expose caller-provided test data" step because they ran a script that shipped only inside Process-PSModule's own repository, so no consumer could actually use the TestData secret introduced in v6.0.0.

... (truncated)

Commits
  • da180ba 🪲 [Fix]: Resolve the current version on non-PR runs (bump Resolve-PSModuleVer...
  • 06fd9ad 🩹 [Patch]: Bump Invoke-ScriptAnalyzer to v5.0.0 and Test-PSModule to v3.0.14 ...
  • d4020f3 🪲 [Fix]: Test data reaches module tests in every consumer repository (#377)
  • ea19a3e 🩹 [Patch]: Render group overview pages as section landing pages (#372)
  • 0d7a2f0 🚀 [Feature]: Plan job decides version before build so tested artifact equals ...
  • 54e2677 Bump PSModule/GitHub-Script from 1.8.0 to 1.9.0 (#367)
  • 1514ac0 📖 [Docs]: Add full dependency tree with Mermaid diagrams (#368)
  • 364ddd6 🌟 [Major]: Fixed test secret inputs replaced by TestData (#365)
  • 8b75537 🪲 [Fix]: Restore correct release versioning in the publish pipeline (#363)
  • 6aa7664 📖 [Docs]: Document the Pester major-version lock in the test pipeline (#362)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [PSModule/Process-PSModule/.github/workflows/workflow.yml](https://github.com/psmodule/process-psmodule) from 5.5.0 to 6.1.4.
- [Release notes](https://github.com/psmodule/process-psmodule/releases)
- [Commits](PSModule/Process-PSModule@1111791...da180ba)

---
updated-dependencies:
- dependency-name: PSModule/Process-PSModule/.github/workflows/workflow.yml
  dependency-version: 6.1.4
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file Major labels Jul 13, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from a team as a code owner July 13, 2026 19:43
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 13, 2026
@github-actions

Copy link
Copy Markdown

No Significant Changes Detected

This PR does not contain changes to files that would trigger a new release:

Pattern Description
^src/ Matches files where path matches this pattern
^README\.md$ Matches files where path matches this pattern

Build, test, and publish stages will be skipped for this PR.

If you believe this is incorrect, please verify that your changes are in the correct locations.

@github-actions

Copy link
Copy Markdown

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
MARKDOWN Pass ✅
NATURAL_LANGUAGE Pass ✅
POWERSHELL Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file Major

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants