diff --git a/.github/workflows/anglicise.yml b/.github/workflows/anglicise.yml index e4eef29..24ba0de 100644 --- a/.github/workflows/anglicise.yml +++ b/.github/workflows/anglicise.yml @@ -309,8 +309,8 @@ jobs: ! -path "./license-templates/*" \ 2>/dev/null | sort) - echo "## British English Spelling Check" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY + echo "## British English Spelling Check" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" echo "πŸ” Checking $(echo "$FILES" | wc -l) files for American spellings..." | tee -a $GITHUB_STEP_SUMMARY echo "" @@ -358,21 +358,21 @@ jobs: echo "" if [[ $ISSUES_FOUND -gt 0 ]]; then echo "❌ Found $ISSUES_FOUND American spelling(s) in ${#FILES_TO_FIX[@]} file(s)" - echo "" >> $GITHUB_STEP_SUMMARY - echo "❌ **Found $ISSUES_FOUND American spelling(s) to convert**" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "| Location | American πŸ‡ΊπŸ‡Έ | British πŸ‡¬πŸ‡§ | Pattern |" >> $GITHUB_STEP_SUMMARY - echo "|----------|-------------|------------|---------|" >> $GITHUB_STEP_SUMMARY - echo "$ISSUE_OUTPUT" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "πŸ”§ **A pull request will be created with automatic fixes.**" >> $GITHUB_STEP_SUMMARY + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "❌ **Found $ISSUES_FOUND American spelling(s) to convert**" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "| Location | American πŸ‡ΊπŸ‡Έ | British πŸ‡¬πŸ‡§ | Pattern |" >> "$GITHUB_STEP_SUMMARY" + echo "|----------|-------------|------------|---------|" >> "$GITHUB_STEP_SUMMARY" + echo "$ISSUE_OUTPUT" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "πŸ”§ **A pull request will be created with automatic fixes.**" >> "$GITHUB_STEP_SUMMARY" - echo "needs_fix=true" >> $GITHUB_OUTPUT + echo "needs_fix=true" >> "$GITHUB_OUTPUT" else echo "βœ… All spellings conform to British English standards." - echo "" >> $GITHUB_STEP_SUMMARY - echo "βœ… **All spellings conform to British English standards.**" >> $GITHUB_STEP_SUMMARY - echo "needs_fix=false" >> $GITHUB_OUTPUT + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "βœ… **All spellings conform to British English standards.**" >> "$GITHUB_STEP_SUMMARY" + echo "needs_fix=false" >> "$GITHUB_OUTPUT" fi - name: Apply British English fixes @@ -538,4 +538,4 @@ jobs: --head "$BRANCH_NAME" \ --label "automerge" - echo "βœ… Pull request created successfully" + echo "βœ… Pull request created successfully" \ No newline at end of file diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index d688eb7..1eef73b 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -73,7 +73,7 @@ jobs: id: extract run: | if [ ! -f pr-validation.zip ]; then - echo "should_merge=false" >> $GITHUB_OUTPUT + echo "should_merge=false" >> "$GITHUB_OUTPUT" exit 0 fi @@ -83,29 +83,29 @@ jobs: # Verify artifact contains numeric PR number if [ ! -f pr-validation/NUMBER ]; then echo "❌ Missing PR number in validation artifact" - echo "should_merge=false" >> $GITHUB_OUTPUT + echo "should_merge=false" >> "$GITHUB_OUTPUT" exit 0 fi PR_NUMBER=$(cat pr-validation/NUMBER) if ! [[ "$PR_NUMBER" =~ ^[0-9]+$ ]]; then echo "❌ Invalid PR number: $PR_NUMBER" - echo "should_merge=false" >> $GITHUB_OUTPUT + echo "should_merge=false" >> "$GITHUB_OUTPUT" exit 0 fi - echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT - echo "should_merge=true" >> $GITHUB_OUTPUT - echo "head_sha=$(cat pr-validation/HEAD_SHA)" >> $GITHUB_OUTPUT - echo "base_ref=$(cat pr-validation/BASE_REF)" >> $GITHUB_OUTPUT - echo "head_label=$(cat pr-validation/HEAD_LABEL)" >> $GITHUB_OUTPUT + echo "pr_number=$PR_NUMBER" >> "$GITHUB_OUTPUT" + echo "should_merge=true" >> "$GITHUB_OUTPUT" + echo "head_sha=$(cat pr-validation/HEAD_SHA)" >> "$GITHUB_OUTPUT" + echo "base_ref=$(cat pr-validation/BASE_REF)" >> "$GITHUB_OUTPUT" + echo "head_label=$(cat pr-validation/HEAD_LABEL)" >> "$GITHUB_OUTPUT" # Handle multi-line PR title { echo 'pr_title<> $GITHUB_OUTPUT + } >> "$GITHUB_OUTPUT" echo "βœ… Validated PR #$PR_NUMBER from artifact" echo " Reason: $(cat pr-validation/REASON)" @@ -333,5 +333,4 @@ jobs: } catch (error) { core.setFailed(`❌ Failed to merge PR #${prNumber}: ${error.message}`); } - } - + } \ No newline at end of file diff --git a/.github/workflows/bash-lint-advanced.yml b/.github/workflows/bash-lint-advanced.yml index f55540a..8bf85bb 100644 --- a/.github/workflows/bash-lint-advanced.yml +++ b/.github/workflows/bash-lint-advanced.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 with: fetch-depth: 0 @@ -61,8 +61,8 @@ jobs: ERRORS=$(jq '[.[] | select(.level=="error")] | length' /tmp/lint/results.json 2>/dev/null || echo "0") WARNINGS=$(jq '[.[] | select(.level=="warning")] | length' /tmp/lint/results.json 2>/dev/null || echo "0") - echo "errors=$ERRORS" >> $GITHUB_OUTPUT - echo "warnings=$WARNINGS" >> $GITHUB_OUTPUT + echo "errors=$ERRORS" >> "$GITHUB_OUTPUT" + echo "warnings=$WARNINGS" >> "$GITHUB_OUTPUT" cat /tmp/lint/results.json @@ -102,7 +102,7 @@ jobs: - name: Suggest fixes on PR if: github.event_name == 'pull_request' && (steps.shellcheck.outputs.errors > 0 || steps.shellcheck.outputs.warnings > 0) - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b with: script: | const fs = require('fs'); @@ -152,7 +152,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 with: fetch-depth: 0 @@ -163,7 +163,7 @@ jobs: - name: Generate security app token id: app_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 with: app-id: ${{ secrets.XSS_AI }} private-key: ${{ secrets.XSS_PK }} @@ -185,8 +185,8 @@ jobs: -exec shellcheck -f json {} + > /tmp/lint/results.json 2>&1 || true ERRORS=$(jq '[.[] | select(.level=="error")] | length' /tmp/lint/results.json 2>/dev/null || echo "0") - echo "errors=$ERRORS" >> $GITHUB_OUTPUT - [[ "$ERRORS" -gt 0 ]] && echo "has_fixes=true" >> $GITHUB_OUTPUT || echo "has_fixes=false" >> $GITHUB_OUTPUT + echo "errors=$ERRORS" >> "$GITHUB_OUTPUT" + [[ "$ERRORS" -gt 0 ]] && echo "has_fixes=true" >> "$GITHUB_OUTPUT" || echo "has_fixes=false" >> "$GITHUB_OUTPUT" - name: Apply style fixes with shfmt if: steps.check.outputs.has_fixes == 'true' @@ -253,20 +253,20 @@ jobs: run: | ERRORS="${{ needs.shellcheck-analysis.outputs.errors }}" WARNINGS="${{ needs.shellcheck-analysis.outputs.warnings }}" - echo "## πŸ“Š Bash Linting Summary" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Errors**: ${ERRORS:-0}" >> $GITHUB_STEP_SUMMARY - echo "**Warnings**: ${WARNINGS:-0}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "### Next Steps:" >> $GITHUB_STEP_SUMMARY - echo "1. Review issues in workflow annotations" >> $GITHUB_STEP_SUMMARY - echo "2. Check PR comments for detailed suggestions" >> $GITHUB_STEP_SUMMARY - echo "3. Follow linked wiki pages for explanations" >> $GITHUB_STEP_SUMMARY - echo "4. Create PR with fixes" >> $GITHUB_STEP_SUMMARY + echo "## πŸ“Š Bash Linting Summary" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "**Errors**: ${ERRORS:-0}" >> "$GITHUB_STEP_SUMMARY" + echo "**Warnings**: ${WARNINGS:-0}" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "### Next Steps:" >> "$GITHUB_STEP_SUMMARY" + echo "1. Review issues in workflow annotations" >> "$GITHUB_STEP_SUMMARY" + echo "2. Check PR comments for detailed suggestions" >> "$GITHUB_STEP_SUMMARY" + echo "3. Follow linked wiki pages for explanations" >> "$GITHUB_STEP_SUMMARY" + echo "4. Create PR with fixes" >> "$GITHUB_STEP_SUMMARY" # Fail if there are errors if [[ "${ERRORS:-0}" -gt 0 ]]; then - echo "" >> $GITHUB_STEP_SUMMARY - echo "❌ **Errors found - please fix**" >> $GITHUB_STEP_SUMMARY + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "❌ **Errors found - please fix**" >> "$GITHUB_STEP_SUMMARY" exit 1 - fi + fi \ No newline at end of file diff --git a/.github/workflows/bash-lint.yml b/.github/workflows/bash-lint.yml index 4f2993f..ced9611 100644 --- a/.github/workflows/bash-lint.yml +++ b/.github/workflows/bash-lint.yml @@ -44,9 +44,9 @@ jobs: id: find_scripts run: | SCRIPTS=$(find . -type f -name "*.sh" ! -path "./.git/*" ! -path "./node_modules/*" ! -path "./vendor/*") - echo "scripts<> $GITHUB_OUTPUT - echo "$SCRIPTS" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT + echo "scripts<> "$GITHUB_OUTPUT" + echo "$SCRIPTS" >> "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" echo "Script count: $(echo "$SCRIPTS" | wc -l)" - name: Run ShellCheck on all shell scripts @@ -74,17 +74,17 @@ jobs: - name: Summary report if: always() run: | - echo "## Bash Linting Report" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Tool**: ShellCheck" >> $GITHUB_STEP_SUMMARY - echo "**Status**: ${{ job.status }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "### Best Practices Applied" >> $GITHUB_STEP_SUMMARY - echo "- βœ“ Use \`set -e\` for error handling" >> $GITHUB_STEP_SUMMARY - echo "- βœ“ Quote variables to prevent word splitting" >> $GITHUB_STEP_SUMMARY - echo "- βœ“ Use \`[[ ]]\` for conditionals" >> $GITHUB_STEP_SUMMARY - echo "- βœ“ Add meaningful comments" >> $GITHUB_STEP_SUMMARY - echo "- βœ“ Break scripts into functions" >> $GITHUB_STEP_SUMMARY + echo "## Bash Linting Report" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "**Tool**: ShellCheck" >> "$GITHUB_STEP_SUMMARY" + echo "**Status**: ${{ job.status }}" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "### Best Practices Applied" >> "$GITHUB_STEP_SUMMARY" + echo "- βœ“ Use \`set -e\` for error handling" >> "$GITHUB_STEP_SUMMARY" + echo "- βœ“ Quote variables to prevent word splitting" >> "$GITHUB_STEP_SUMMARY" + echo "- βœ“ Use \`[[ ]]\` for conditionals" >> "$GITHUB_STEP_SUMMARY" + echo "- βœ“ Add meaningful comments" >> "$GITHUB_STEP_SUMMARY" + echo "- βœ“ Break scripts into functions" >> "$GITHUB_STEP_SUMMARY" bash-formatting: name: Bash Code Quality @@ -161,4 +161,4 @@ jobs: echo "❌ ShellCheck failed - please fix linting errors" exit 1 fi - echo "βœ… All checks passed!" + echo "βœ… All checks passed!" \ No newline at end of file diff --git a/.github/workflows/central-loader.yml b/.github/workflows/central-loader.yml index 9e60112..292f7cf 100644 --- a/.github/workflows/central-loader.yml +++ b/.github/workflows/central-loader.yml @@ -79,12 +79,12 @@ jobs: steps: - name: Checkout calling repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 with: fetch-depth: 0 - name: Checkout Dev-Control templates - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 with: repository: xaoscience/dev-control path: .dev-control-templates @@ -327,4 +327,4 @@ jobs: else git commit -m "docs: initialise repository templates via Dev-Control" git push - fi + fi \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1741e39..fc41072 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -70,21 +70,21 @@ jobs: - name: Generate security summary run: | - echo "## πŸ”’ CodeQL Security Analysis Complete" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "### Analysis Coverage:" >> $GITHUB_STEP_SUMMARY - echo "- **Auto-detected languages**: JavaScript, Python, Go, Java, C++, C#, Ruby, Swift" >> $GITHUB_STEP_SUMMARY - echo "- **Query suite**: Extended (security-and-quality)" >> $GITHUB_STEP_SUMMARY - echo "- **Schedule**: Push, PR, daily at 2 AM UTC" >> $GITHUB_STEP_SUMMARY - echo "- **Concurrency**: Cancels older scans on new push" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "### Complementary Security:" >> $GITHUB_STEP_SUMMARY - echo "- Shell scripts: bash-lint-advanced workflow (ShellCheck)" >> $GITHUB_STEP_SUMMARY - echo "- Dockerfile: GitHub Advanced Security scanning" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "### Next Steps:" >> $GITHUB_STEP_SUMMARY - echo "1. Check the [Security tab](../../security/code-scanning?tab=alert) for results" >> $GITHUB_STEP_SUMMARY - echo "2. Review any alerts in detail" >> $GITHUB_STEP_SUMMARY - echo "3. Address discovered vulnerabilities" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "[View CodeQL Documentation](https://codeql.github.com/docs/)" >> $GITHUB_STEP_SUMMARY + echo "## πŸ”’ CodeQL Security Analysis Complete" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "### Analysis Coverage:" >> "$GITHUB_STEP_SUMMARY" + echo "- **Auto-detected languages**: JavaScript, Python, Go, Java, C++, C#, Ruby, Swift" >> "$GITHUB_STEP_SUMMARY" + echo "- **Query suite**: Extended (security-and-quality)" >> "$GITHUB_STEP_SUMMARY" + echo "- **Schedule**: Push, PR, daily at 2 AM UTC" >> "$GITHUB_STEP_SUMMARY" + echo "- **Concurrency**: Cancels older scans on new push" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "### Complementary Security:" >> "$GITHUB_STEP_SUMMARY" + echo "- Shell scripts: bash-lint-advanced workflow (ShellCheck)" >> "$GITHUB_STEP_SUMMARY" + echo "- Dockerfile: GitHub Advanced Security scanning" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "### Next Steps:" >> "$GITHUB_STEP_SUMMARY" + echo "1. Check the [Security tab](../../security/code-scanning?tab=alert) for results" >> "$GITHUB_STEP_SUMMARY" + echo "2. Review any alerts in detail" >> "$GITHUB_STEP_SUMMARY" + echo "3. Address discovered vulnerabilities" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "[View CodeQL Documentation](https://codeql.github.com/docs/)" >> "$GITHUB_STEP_SUMMARY" \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cd4ebda..2c14ddf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -194,8 +194,8 @@ jobs: TAG_NAME="v${VERSION}" fi - echo "version=${VERSION}" >> $GITHUB_OUTPUT - echo "tag_name=${TAG_NAME}" >> $GITHUB_OUTPUT + echo "version=${VERSION}" >> "$GITHUB_OUTPUT" + echo "tag_name=${TAG_NAME}" >> "$GITHUB_OUTPUT" echo "πŸ“¦ Release version: ${VERSION}" echo "🏷️ Tag: ${TAG_NAME}" @@ -230,22 +230,22 @@ jobs: git tag -d latest 2>/dev/null || true echo "βœ… Cleaned up β€” will rebuild and republish" RERELEASE="true" - echo "exists=false" >> $GITHUB_OUTPUT + echo "exists=false" >> "$GITHUB_OUTPUT" else echo "⚠️ Release $TAG_NAME exists but is not the latest (latest: $LATEST_TAG)" echo "ℹ️ Only the latest release can be re-released via manual dispatch" - echo "exists=true" >> $GITHUB_OUTPUT + echo "exists=true" >> "$GITHUB_OUTPUT" fi else echo "⏭️ Release $TAG_NAME already exists β€” skipping build (push trigger)" - echo "exists=true" >> $GITHUB_OUTPUT + echo "exists=true" >> "$GITHUB_OUTPUT" fi else echo "πŸ†• Release $TAG_NAME not yet published β€” proceeding" - echo "exists=false" >> $GITHUB_OUTPUT + echo "exists=false" >> "$GITHUB_OUTPUT" fi - echo "rerelease=${RERELEASE}" >> $GITHUB_OUTPUT + echo "rerelease=${RERELEASE}" >> "$GITHUB_OUTPUT" - name: Gather commit history id: commits @@ -274,7 +274,7 @@ jobs: git log --pretty=format:"%s" -20 > .commits-subjects.txt fi - echo "prev_tag=${PREV_TAG}" >> $GITHUB_OUTPUT + echo "prev_tag=${PREV_TAG}" >> "$GITHUB_OUTPUT" - name: Update CHANGELOG.md if: steps.check_release.outputs.exists != 'true' @@ -537,12 +537,12 @@ jobs: # Get full tarball info TARBALL=$(ls dist/dev-control-${VERSION}.tar.gz 2>/dev/null || ls dist/*.tar.gz 2>/dev/null | grep -v lib | head -1) if [[ -n "$TARBALL" ]]; then - echo "tarball_path=${TARBALL}" >> $GITHUB_ENV - echo "tarball_name=$(basename "$TARBALL")" >> $GITHUB_ENV + echo "tarball_path=${TARBALL}" >> "$GITHUB_ENV" + echo "tarball_name=$(basename "$TARBALL")" >> "$GITHUB_ENV" if [[ -f "${TARBALL}.sha256" ]]; then SHA256=$(cat "${TARBALL}.sha256" | awk '{print $1}') - echo "tarball_sha256=${SHA256}" >> $GITHUB_ENV + echo "tarball_sha256=${SHA256}" >> "$GITHUB_ENV" echo "πŸ” Full tarball SHA256: ${SHA256}" fi fi @@ -550,11 +550,11 @@ jobs: # Get lib tarball info LIB_TARBALL="dist/dev-control-lib-${VERSION}.tar.gz" if [[ -f "$LIB_TARBALL" ]]; then - echo "lib_tarball_name=dev-control-lib-${VERSION}.tar.gz" >> $GITHUB_ENV + echo "lib_tarball_name=dev-control-lib-${VERSION}.tar.gz" >> "$GITHUB_ENV" if [[ -f "${LIB_TARBALL}.sha256" ]]; then LIB_SHA256=$(cat "${LIB_TARBALL}.sha256" | awk '{print $1}') - echo "lib_tarball_sha256=${LIB_SHA256}" >> $GITHUB_ENV + echo "lib_tarball_sha256=${LIB_SHA256}" >> "$GITHUB_ENV" echo "πŸ” Lib tarball SHA256: ${LIB_SHA256}" fi fi @@ -628,7 +628,7 @@ jobs: EOF # Output for next step - echo "notes_file=${NOTES_FILE}" >> $GITHUB_OUTPUT + echo "notes_file=${NOTES_FILE}" >> "$GITHUB_OUTPUT" echo "πŸ“ Release notes generated" cat "$NOTES_FILE" @@ -694,20 +694,20 @@ jobs: VERSION="${{ steps.version.outputs.version }}" TAG_NAME="${{ steps.version.outputs.tag_name }}" - echo "## πŸŽ‰ Release Summary" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "| Item | Value |" >> $GITHUB_STEP_SUMMARY - echo "|------|-------|" >> $GITHUB_STEP_SUMMARY - echo "| Version | ${VERSION} |" >> $GITHUB_STEP_SUMMARY - echo "| Tag | ${TAG_NAME} |" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "### Artifacts" >> $GITHUB_STEP_SUMMARY - echo "| Package | File | SHA256 |" >> $GITHUB_STEP_SUMMARY - echo "|---------|------|--------|" >> $GITHUB_STEP_SUMMARY - echo "| Full Toolkit | ${tarball_name} | \`${tarball_sha256:0:16}...\` |" >> $GITHUB_STEP_SUMMARY - echo "| Library Only | ${lib_tarball_name} | \`${lib_tarball_sha256:0:16}...\` |" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "### Links" >> $GITHUB_STEP_SUMMARY - echo "- [Release](https://github.com/$GITHUB_REPOSITORY/releases/tag/${TAG_NAME})" >> $GITHUB_STEP_SUMMARY - echo "- [Full Toolkit](https://github.com/$GITHUB_REPOSITORY/releases/download/${TAG_NAME}/${tarball_name})" >> $GITHUB_STEP_SUMMARY - echo "- [Library Only](https://github.com/$GITHUB_REPOSITORY/releases/download/${TAG_NAME}/${lib_tarball_name})" >> $GITHUB_STEP_SUMMARY + echo "## πŸŽ‰ Release Summary" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "| Item | Value |" >> "$GITHUB_STEP_SUMMARY" + echo "|------|-------|" >> "$GITHUB_STEP_SUMMARY" + echo "| Version | ${VERSION} |" >> "$GITHUB_STEP_SUMMARY" + echo "| Tag | ${TAG_NAME} |" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "### Artifacts" >> "$GITHUB_STEP_SUMMARY" + echo "| Package | File | SHA256 |" >> "$GITHUB_STEP_SUMMARY" + echo "|---------|------|--------|" >> "$GITHUB_STEP_SUMMARY" + echo "| Full Toolkit | ${tarball_name} | \`${tarball_sha256:0:16}...\` |" >> "$GITHUB_STEP_SUMMARY" + echo "| Library Only | ${lib_tarball_name} | \`${lib_tarball_sha256:0:16}...\` |" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "### Links" >> "$GITHUB_STEP_SUMMARY" + echo "- [Release](https://github.com/$GITHUB_REPOSITORY/releases/tag/${TAG_NAME})" >> "$GITHUB_STEP_SUMMARY" + echo "- [Full Toolkit](https://github.com/$GITHUB_REPOSITORY/releases/download/${TAG_NAME}/${tarball_name})" >> "$GITHUB_STEP_SUMMARY" + echo "- [Library Only](https://github.com/$GITHUB_REPOSITORY/releases/download/${TAG_NAME}/${lib_tarball_name})" >> "$GITHUB_STEP_SUMMARY" \ No newline at end of file diff --git a/.github/workflows/replace.yml b/.github/workflows/replace.yml index 45684ed..336c032 100644 --- a/.github/workflows/replace.yml +++ b/.github/workflows/replace.yml @@ -91,14 +91,14 @@ jobs: CHANGED_FILES=0 TOTAL_REPLACEMENTS=0 - echo "## Text Replacement Report" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "πŸ” **Search:** \`$SEARCH_TEXT\`" >> $GITHUB_STEP_SUMMARY - echo "πŸ”„ **Replace:** \`$REPLACE_TEXT\`" >> $GITHUB_STEP_SUMMARY - echo "🚫 **Excluded:** \`$EXCLUDE_PATHS\`" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY + echo "## Text Replacement Report" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" + echo "πŸ” **Search:** \`$SEARCH_TEXT\`" >> "$GITHUB_STEP_SUMMARY" + echo "πŸ”„ **Replace:** \`$REPLACE_TEXT\`" >> "$GITHUB_STEP_SUMMARY" + echo "🚫 **Excluded:** \`$EXCLUDE_PATHS\`" >> "$GITHUB_STEP_SUMMARY" + echo "" >> "$GITHUB_STEP_SUMMARY" echo "πŸ“Š Scanning $TOTAL_FILES files..." | tee -a $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY + echo "" >> "$GITHUB_STEP_SUMMARY" # Process each file while IFS= read -r file; do @@ -114,24 +114,24 @@ jobs: sed -i "s|$(echo "$SEARCH_TEXT" | sed 's/[\/&]/\\&/g')|$(echo "$REPLACE_TEXT" | sed 's/[\/&]/\\&/g')|g" "$file" echo " βœ“ $file ($COUNT replacement(s))" - echo "- \`$file\` - $COUNT occurrence(s)" >> $GITHUB_STEP_SUMMARY + echo "- \`$file\` - $COUNT occurrence(s)" >> "$GITHUB_STEP_SUMMARY" CHANGED_FILES=$((CHANGED_FILES + 1)) TOTAL_REPLACEMENTS=$((TOTAL_REPLACEMENTS + COUNT)) fi done <<< "$FILES" - echo "" >> $GITHUB_STEP_SUMMARY + echo "" >> "$GITHUB_STEP_SUMMARY" if [[ $CHANGED_FILES -gt 0 ]]; then echo "βœ… Replaced $TOTAL_REPLACEMENTS occurrence(s) in $CHANGED_FILES file(s)" - echo "### Summary" >> $GITHUB_STEP_SUMMARY - echo "βœ… **$TOTAL_REPLACEMENTS** replacement(s) in **$CHANGED_FILES** file(s)" >> $GITHUB_STEP_SUMMARY - echo "needs_pr=true" >> $GITHUB_OUTPUT + echo "### Summary" >> "$GITHUB_STEP_SUMMARY" + echo "βœ… **$TOTAL_REPLACEMENTS** replacement(s) in **$CHANGED_FILES** file(s)" >> "$GITHUB_STEP_SUMMARY" + echo "needs_pr=true" >> "$GITHUB_OUTPUT" else echo "ℹ️ No occurrences found" - echo "ℹ️ **No occurrences found**" >> $GITHUB_STEP_SUMMARY - echo "needs_pr=false" >> $GITHUB_OUTPUT + echo "ℹ️ **No occurrences found**" >> "$GITHUB_STEP_SUMMARY" + echo "needs_pr=false" >> "$GITHUB_OUTPUT" fi - name: Setup bot identity (if replacement needed) @@ -182,4 +182,4 @@ jobs: --base "${{ github.ref_name }}" \ --head "$BRANCH_NAME" - echo "βœ… Pull request created successfully" + echo "βœ… Pull request created successfully" \ No newline at end of file diff --git a/.github/workflows/security-autofix.yml b/.github/workflows/security-autofix.yml index d92d551..afa9f5f 100644 --- a/.github/workflows/security-autofix.yml +++ b/.github/workflows/security-autofix.yml @@ -60,7 +60,7 @@ jobs: # Count fixable alerts FIXABLE_COUNT=$(echo "$ALERTS" | jq '[.[] | select(.rule == "actions/code-injection/medium" or .rule == "actions/unpinned-tag")] | length') - echo "fixable_count=$FIXABLE_COUNT" >> $GITHUB_OUTPUT + echo "fixable_count=$FIXABLE_COUNT" >> "$GITHUB_OUTPUT" echo "$ALERTS" > /tmp/alerts.json if [ "$FIXABLE_COUNT" -eq 0 ]; then @@ -155,10 +155,10 @@ jobs: fi done - echo "fixes_applied=$FIXES_APPLIED" >> $GITHUB_OUTPUT - echo "modified_files<> $GITHUB_OUTPUT - echo "$MODIFIED_FILES" | xargs -n1 | sort -u >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT + echo "fixes_applied=$FIXES_APPLIED" >> "$GITHUB_OUTPUT" + echo "modified_files<> "$GITHUB_OUTPUT" + echo "$MODIFIED_FILES" | xargs -n1 | sort -u >> "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" echo "" echo "πŸ“Š Summary: Applied $FIXES_APPLIED fixes across $(echo "$MODIFIED_FILES" | xargs -n1 | sort -u | wc -l) files" @@ -302,4 +302,4 @@ jobs: gh issue create \ --title "πŸ”’ Security Review: CodeQL Alerts Require Manual Fixes" \ --label security-review,help-wanted \ - --body-file /tmp/issue_body.md + --body-file /tmp/issue_body.md \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ec51729..efb42e4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 - name: Install bats run: | @@ -41,10 +41,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 - name: Shellcheck uses: ludeeus/action-shellcheck@0a0fc8d6ded45b42e41fb4bae3e1ec9f4f1a2cb0 with: scandir: './scripts' - severity: warning + severity: warning \ No newline at end of file