Skip to content

🩹[Patch]: Remove deprecated release.yml and rename Auto-Release to Release-GHRepository #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MariusStorhaug wants to merge 6 commits into
base: main
Choose a base branch
from
Open

🩹[Patch]: Remove deprecated release.yml and rename Auto-Release to Release-GHRepository #60

MariusStorhaug wants to merge 6 commits into from
+13 −37

Conversation

@MariusStorhaug
Copy link
Member

@MariusStorhaug MariusStorhaug commented Jan 22, 2026
edited
Loading

🩹 [Patch]: Rename Auto-Release to Release-GHRepository

This PR updates the workflow to use the renamed release action.

Changed

  • Update Release.yml workflow to use PSModule/Release-GHRepository@v2 instead of the deprecated PSModule/Auto-Release@v1.9.5
  • Remove deprecated release.yml configuration

Summary

The PSModule/Auto-Release action has been renamed to PSModule/Release-GHRepository. This change updates the workflow configuration to reference the new action name and version.

Copilot AI review requested due to automatic review settings January 22, 2026 18:42
Copilot AI reviewed Jan 22, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR removes the deprecated .github/release.yml configuration file as the release configuration has been migrated to the action's input parameters.

Changes:

  • Removed .github/release.yml file containing changelog configuration for automatically generated release notes

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MariusStorhaug MariusStorhaug changed the title 🩹 Remove deprecated release.yml configuration 🩹[Patch] Remove deprecated release.yml configuration Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹[Patch] Remove deprecated release.yml configuration 🩹[Patch]: Remove deprecated release.yml configuration Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹[Patch]: Remove deprecated release.yml configuration 🩹 [Patch] Remove deprecated release.yml configuration Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹 [Patch] Remove deprecated release.yml configuration 🩹[Patch]: Remove deprecated release.yml configuration Jan 22, 2026
@MariusStorhaug MariusStorhaug self-assigned this Jan 22, 2026
@MariusStorhaug MariusStorhaug requested a review from a team as a code owner January 25, 2026 17:31
@MariusStorhaug
feat: Implement automated release process with GitHub Actions
151cf81 
- Remove old publish script and replace it with a new structured approach using init.ps1, publish.ps1, and cleanup.ps1.
- Add GitHub Actions workflow for automated releases triggered by pull request events.
- Introduce new parameters for managing versioning and release types, including support for prereleases and cleanup of old prereleases.
- Enhance logging and error handling throughout the scripts for better traceability.
Copilot AI review requested due to automatic review settings January 25, 2026 20:32
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 25, 2026
View reviewed changes
action.yml
PSMODULE_PUBLISH_PSMODULE_INPUT_VersionPrefix: ${{ inputs.VersionPrefix }}
PSMODULE_PUBLISH_PSMODULE_INPUT_WhatIf: ${{ inputs.WhatIf }}
run: ${{ github.action_path }}/scripts/init.ps1
run: ${{ github.action_path }}/src/init.ps1

Check warning

Code scanning / CodeQL

Code injection Medium

Potential code injection in
${ github.action_path }
Loading
, which may be controlled by an external user.

Copilot Autofix

AI about 5 hours ago

In general, to fix this kind of issue in GitHub Actions, do not interpolate expressions like ${{ ... }} directly into the run: script body. Instead, assign the value to an environment variable using the env: block, then reference it using the shell’s native syntax (e.g. $VAR in bash, $env:VAR in PowerShell). This removes the expression evaluation from the command line construction and prevents an attacker from smuggling shell metacharacters through GitHub’s expression substitution.

For this specific case, we will stop using ${{ github.action_path }}/src/*.ps1 directly in run: and instead expose github.action_path through an environment variable (for example, ACTION_PATH) and use that variable inside the PowerShell command. Since this is a composite action using shell: pwsh, we will call PowerShell with -File pointing at $env:ACTION_PATH/src/init.ps1 (and similarly for publish.ps1 and cleanup.ps1). Concretely:

  • On the “Initialize Publish Context” step, add ACTION_PATH: ${{ github.action_path }} to env: and change run: to something like pwsh -File "$env:ACTION_PATH/src/init.ps1".
  • On the “Publish Module” step, likewise add ACTION_PATH and change the run: line to use it.
  • On the “Cleanup Prereleases” step, do the same.

These are all in action.yml, within the runs.steps section around lines 88–135 in your snippet. No new external dependencies or imports are required; we only adjust the workflow YAML to follow the safe environment-variable pattern.

Suggested changeset 1
action.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/action.yml b/action.yml
--- a/action.yml
+++ b/action.yml
@@ -90,6 +90,7 @@
       shell: pwsh
       working-directory: ${{ inputs.WorkingDirectory }}
       env:
+        ACTION_PATH: ${{ github.action_path }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_Name: ${{ inputs.Name }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_AutoCleanup: ${{ inputs.AutoCleanup }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_AutoPatching: ${{ inputs.AutoPatching }}
@@ -102,7 +103,7 @@
         PSMODULE_PUBLISH_PSMODULE_INPUT_PatchLabels: ${{ inputs.PatchLabels }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_VersionPrefix: ${{ inputs.VersionPrefix }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_WhatIf: ${{ inputs.WhatIf }}
-      run: ${{ github.action_path }}/src/init.ps1
+      run: pwsh -File "$env:ACTION_PATH/src/init.ps1"
 
     - name: Download module artifact
       if: env.PUBLISH_CONTEXT_ShouldPublish == 'true' || inputs.WhatIf == 'true'
@@ -116,6 +117,7 @@
       shell: pwsh
       working-directory: ${{ inputs.WorkingDirectory }}
       env:
+        ACTION_PATH: ${{ github.action_path }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_Name: ${{ inputs.Name }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_ModulePath: ${{ inputs.ModulePath }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_APIKey: ${{ inputs.APIKey }}
@@ -123,12 +125,13 @@
         PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRBodyAsReleaseNotes: ${{ inputs.UsePRBodyAsReleaseNotes }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsReleaseName: ${{ inputs.UsePRTitleAsReleaseName }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsNotesHeading: ${{ inputs.UsePRTitleAsNotesHeading }}
-      run: ${{ github.action_path }}/src/publish.ps1
+      run: pwsh -File "$env:ACTION_PATH/src/publish.ps1"
 
     - name: Cleanup Prereleases
       if: env.PUBLISH_CONTEXT_ShouldCleanup == 'true' || inputs.WhatIf == 'true'
       shell: pwsh
       working-directory: ${{ inputs.WorkingDirectory }}
       env:
+        ACTION_PATH: ${{ github.action_path }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_WhatIf: ${{ inputs.WhatIf }}
-      run: ${{ github.action_path }}/src/cleanup.ps1
+      run: pwsh -File "$env:ACTION_PATH/src/cleanup.ps1"
EOF
@@ -90,6 +90,7 @@
shell: pwsh
working-directory: ${{ inputs.WorkingDirectory }}
env:
ACTION_PATH: ${{ github.action_path }}
PSMODULE_PUBLISH_PSMODULE_INPUT_Name: ${{ inputs.Name }}
PSMODULE_PUBLISH_PSMODULE_INPUT_AutoCleanup: ${{ inputs.AutoCleanup }}
PSMODULE_PUBLISH_PSMODULE_INPUT_AutoPatching: ${{ inputs.AutoPatching }}
@@ -102,7 +103,7 @@
PSMODULE_PUBLISH_PSMODULE_INPUT_PatchLabels: ${{ inputs.PatchLabels }}
PSMODULE_PUBLISH_PSMODULE_INPUT_VersionPrefix: ${{ inputs.VersionPrefix }}
PSMODULE_PUBLISH_PSMODULE_INPUT_WhatIf: ${{ inputs.WhatIf }}
run: ${{ github.action_path }}/src/init.ps1
run: pwsh -File "$env:ACTION_PATH/src/init.ps1"

- name: Download module artifact
if: env.PUBLISH_CONTEXT_ShouldPublish == 'true' || inputs.WhatIf == 'true'
@@ -116,6 +117,7 @@
shell: pwsh
working-directory: ${{ inputs.WorkingDirectory }}
env:
ACTION_PATH: ${{ github.action_path }}
PSMODULE_PUBLISH_PSMODULE_INPUT_Name: ${{ inputs.Name }}
PSMODULE_PUBLISH_PSMODULE_INPUT_ModulePath: ${{ inputs.ModulePath }}
PSMODULE_PUBLISH_PSMODULE_INPUT_APIKey: ${{ inputs.APIKey }}
@@ -123,12 +125,13 @@
PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRBodyAsReleaseNotes: ${{ inputs.UsePRBodyAsReleaseNotes }}
PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsReleaseName: ${{ inputs.UsePRTitleAsReleaseName }}
PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsNotesHeading: ${{ inputs.UsePRTitleAsNotesHeading }}
run: ${{ github.action_path }}/src/publish.ps1
run: pwsh -File "$env:ACTION_PATH/src/publish.ps1"

- name: Cleanup Prereleases
if: env.PUBLISH_CONTEXT_ShouldCleanup == 'true' || inputs.WhatIf == 'true'
shell: pwsh
working-directory: ${{ inputs.WorkingDirectory }}
env:
ACTION_PATH: ${{ github.action_path }}
PSMODULE_PUBLISH_PSMODULE_INPUT_WhatIf: ${{ inputs.WhatIf }}
run: ${{ github.action_path }}/src/cleanup.ps1
run: pwsh -File "$env:ACTION_PATH/src/cleanup.ps1"
Copilot is powered by AI and may make mistakes. Always verify output.
action.yml
PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsReleaseName: ${{ inputs.UsePRTitleAsReleaseName }}
PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsNotesHeading: ${{ inputs.UsePRTitleAsNotesHeading }}
run: ${{ github.action_path }}/scripts/publish.ps1
run: ${{ github.action_path }}/src/publish.ps1

Check warning

Code scanning / CodeQL

Code injection Medium

Potential code injection in
${ github.action_path }
Loading
, which may be controlled by an external user.

Copilot Autofix

AI about 5 hours ago

Copilot could not generate an autofix suggestion

Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.

action.yml
env:
PSMODULE_PUBLISH_PSMODULE_INPUT_WhatIf: ${{ inputs.WhatIf }}
run: ${{ github.action_path }}/scripts/cleanup.ps1
run: ${{ github.action_path }}/src/cleanup.ps1

Check warning

Code scanning / CodeQL

Code injection Medium

Potential code injection in
${ github.action_path }
Loading
, which may be controlled by an external user.

Copilot Autofix

AI about 5 hours ago

In general, to fix this class of problem in GitHub Actions, avoid interpolating expressions like ${{ ... }} directly into run: commands. Instead, assign the expression to an environment variable using the env: block, and then reference that variable using the native syntax of the shell (e.g., $VAR in bash, $env:VAR or $VAR in PowerShell). This limits where untrusted or semi-trusted data can affect command structure.

For this specific case, we should stop embedding ${{ github.action_path }} directly in the run: line and instead: (1) expose github.action_path via an env var (e.g., ACTION_PATH), and (2) call the PowerShell script using that env variable in PowerShell syntax. Since shell: pwsh is used, the simplest syntax is to call & "$env:ACTION_PATH/src/publish.ps1" and & "$env:ACTION_PATH/src/cleanup.ps1". This preserves functionality while avoiding direct expression interpolation in the run: field.

Concretely:

  • In the Publish Module step (around lines 114–126), add ACTION_PATH: ${{ github.action_path }} under env: and replace run: ${{ github.action_path }}/src/publish.ps1 with a multi-line run: script that invokes the script via $env:ACTION_PATH.
  • In the Cleanup Prereleases step (around lines 128–134), similarly add ACTION_PATH: ${{ github.action_path }} under env: and replace run: ${{ github.action_path }}/src/cleanup.ps1 with a multi-line run: block using $env:ACTION_PATH.

No new methods or external libraries are needed; only YAML and PowerShell changes within action.yml.

Suggested changeset 1
action.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/action.yml b/action.yml
--- a/action.yml
+++ b/action.yml
@@ -123,7 +123,9 @@
         PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRBodyAsReleaseNotes: ${{ inputs.UsePRBodyAsReleaseNotes }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsReleaseName: ${{ inputs.UsePRTitleAsReleaseName }}
         PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsNotesHeading: ${{ inputs.UsePRTitleAsNotesHeading }}
-      run: ${{ github.action_path }}/src/publish.ps1
+        ACTION_PATH: ${{ github.action_path }}
+      run: |
+        & "$env:ACTION_PATH/src/publish.ps1"
 
     - name: Cleanup Prereleases
       if: env.PUBLISH_CONTEXT_ShouldCleanup == 'true' || inputs.WhatIf == 'true'
@@ -131,4 +133,6 @@
       working-directory: ${{ inputs.WorkingDirectory }}
       env:
         PSMODULE_PUBLISH_PSMODULE_INPUT_WhatIf: ${{ inputs.WhatIf }}
-      run: ${{ github.action_path }}/src/cleanup.ps1
+        ACTION_PATH: ${{ github.action_path }}
+      run: |
+        & "$env:ACTION_PATH/src/cleanup.ps1"
EOF
@@ -123,7 +123,9 @@
PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRBodyAsReleaseNotes: ${{ inputs.UsePRBodyAsReleaseNotes }}
PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsReleaseName: ${{ inputs.UsePRTitleAsReleaseName }}
PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsNotesHeading: ${{ inputs.UsePRTitleAsNotesHeading }}
run: ${{ github.action_path }}/src/publish.ps1
ACTION_PATH: ${{ github.action_path }}
run: |
& "$env:ACTION_PATH/src/publish.ps1"

- name: Cleanup Prereleases
if: env.PUBLISH_CONTEXT_ShouldCleanup == 'true' || inputs.WhatIf == 'true'
@@ -131,4 +133,6 @@
working-directory: ${{ inputs.WorkingDirectory }}
env:
PSMODULE_PUBLISH_PSMODULE_INPUT_WhatIf: ${{ inputs.WhatIf }}
run: ${{ github.action_path }}/src/cleanup.ps1
ACTION_PATH: ${{ github.action_path }}
run: |
& "$env:ACTION_PATH/src/cleanup.ps1"
Copilot is powered by AI and may make mistakes. Always verify output.
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 6 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

.github/workflows/Release.yml:18

  • The scope of this PR is described as removing the deprecated .github/release.yml configuration, but the changes also introduce new PowerShell scripts under src/, switch the composite action to use those scripts, and adjust the Release workflow’s name, job ID, and path filters. It would be helpful for future maintainers if the PR description (and/or commit message) were updated to reflect these broader behavior and structure changes, not just the removal of the release configuration file.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

action.yml
Comment on lines 123 to +126
PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRBodyAsReleaseNotes: ${{ inputs.UsePRBodyAsReleaseNotes }}
PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsReleaseName: ${{ inputs.UsePRTitleAsReleaseName }}
PSMODULE_PUBLISH_PSMODULE_INPUT_UsePRTitleAsNotesHeading: ${{ inputs.UsePRTitleAsNotesHeading }}
run: ${{ github.action_path }}/scripts/publish.ps1
run: ${{ github.action_path }}/src/publish.ps1
Copy link

Copilot AI Jan 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Publish Module step is configured to run when either PUBLISH_CONTEXT_ShouldPublish == 'true' or inputs.WhatIf == 'true', but init.ps1 only calculates and exports PUBLISH_CONTEXT_NewVersion when ShouldPublish is true. As a result, scenarios where ShouldPublish is false (e.g., due to ignore labels or ReleaseType = 'None') but WhatIf is true will still invoke src/publish.ps1, which then exits with PUBLISH_CONTEXT_NewVersion is not set instead of performing a dry‑run. Consider restricting this step to PUBLISH_CONTEXT_ShouldPublish == 'true' only, or updating init.ps1 to compute and export PUBLISH_CONTEXT_NewVersion for WhatIf runs even when ShouldPublish is false.

Copilot uses AI. Check for mistakes.
@MariusStorhaug MariusStorhaug changed the title 🩹[Patch]: Remove deprecated release.yml configuration 🩹 [Patch]: Standardize Release workflow and remove deprecated config Jan 25, 2026
Copilot AI review requested due to automatic review settings January 25, 2026 21:32
@MariusStorhaug MariusStorhaug changed the title 🩹 [Patch]: Standardize Release workflow and remove deprecated config 🩹[Patch]: Remove deprecated release.yml and rename Auto-Release to Release-GHRepository Jan 25, 2026
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 8 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 0 approving reviews are required to merge this pull request.

Assignees

@MariusStorhaug MariusStorhaug

Labels

Patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MariusStorhaug