🩹 [Patch]: Current Jwt module ready for maintained publication#18
Merged
Conversation
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> <li>Prepare release v4.3.0 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2237">actions/checkout#2237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/motss"><code>@motss</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li><a href="https://github.com/mouismail"><code>@mouismail</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li><a href="https://github.com/benwells"><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.0">https://github.com/actions/checkout/compare/v4...v4.3.0</a></p> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> <li>README: Suggest <code>user.email</code> to be <code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li> </ul> <h2>v4.1.4</h2> <ul> <li>Disable <code>extensions.worktreeConfig</code> when disabling <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li> <li>Add dependabot config by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li> <li>Bump the minor-actions-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li> <li>Bump word-wrap from 1.2.3 to 1.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li> </ul> <h2>v4.1.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Description This pull request updates the CI/CD pipeline configuration for the repository, focusing on simplifying workflows, improving test coverage requirements, and updating dependencies to use newer versions and inherited secrets. The changes remove redundant or unused workflow files and linter configurations, and enhance the main workflow to support both scheduled and manual runs. **CI/CD Workflow Updates:** * The main workflow `.github/workflows/Process-PSModule.yml` is updated to trigger on manual dispatch and nightly schedule, in addition to pull requests, enabling more flexible automation. * The workflow now uses version `v5` of the reusable workflow and inherits secrets, ensuring up-to-date processes and more secure secret management. * The old nightly workflow `.github/workflows/Nightly-Run.yml` is removed, consolidating scheduled runs into the main workflow. **Linting and Code Quality:** * The linter workflow `.github/workflows/Linter.yml` and its configuration file `.github/linters/.jscpd.json` are removed, indicating a shift away from the previous linting setup. [[1]](diffhunk://#diff-482e65806ed9e4a7320f14964764086b91fed4a28d12e4efde1776472e147e79L1-L32) [[2]](diffhunk://#diff-557094e283c00b23265c1c75872f41c6b1a524a00f0d99dd68ebd22cb63bfdd6L1-L10) **Test Coverage Requirements:** * The code coverage target in `.github/PSModule.yml` is increased from 0% to 50%, raising the quality bar for tests.
This pull request makes several documentation improvements across multiple PowerShell module scripts and updates linter configuration files to adjust validation and markdown linting behaviors. The main focus is on enhancing the clarity of function documentation and refining linting settings for the repository. Documentation improvements: * Added a `.DESCRIPTION` section to the comment-based help in the following PowerShell scripts to provide clearer documentation for each function: `Get-InternalPSModule.ps1`, `Set-InternalPSModule.ps1`, `Get-PSModuleTest.ps1`, `New-PSModuleTest.ps1`, `Set-PSModuleTest.ps1`, and `Test-PSModuleTest.ps1`. [[1]](diffhunk://#diff-d533085d002d932aa51be6a99b640827346d88c08512a00983af0c8dc7f529baR6-R8) [[2]](diffhunk://#diff-d2465a6a821aebd39e6995132c462e41544ade7a93266e7d7eace6674ce350deR6-R8) [[3]](diffhunk://#diff-a3b9ee16763d01dd80ff3c1869dec21710bc923448c25dde66d51401e7b885e7R8-R10) [[4]](diffhunk://#diff-90b55db370b273157a3df0db4b895fca9740d25094d604894640fb0c5b220d9cR8-R10) [[5]](diffhunk://#diff-488943d39ce767faa7f4dd40414635ec01da86c30b9ddd2074150da994093b9aR6-R8) [[6]](diffhunk://#diff-097c3999f7001a5d9698d995993cb0a8b5c2f66962d37151d32ad40d4b6c08eeR6-R8) Linter configuration updates: * Updated `.github/PSModule.yml` to disable several linter validations in the `Linter` section, including Biome format/lint, GitHub Actions Zizmor, JSCPD, and Prettier checks for JSON, Markdown, and YAML. * Modified `.github/linters/.markdown-lint.yml` to disable the `MD024` rule (no duplicate headings), set a custom punctuation list for `MD026`, and made minor formatting adjustments.
The CI workflow reference is now pinned to a specific commit SHA, consistent with all other `uses:` references in the PSModule infrastructure. Dependabot will automatically propose updates when new versions of Process-PSModule are released. ## Changed: Workflow reference pinned to immutable SHA The `Process-PSModule` reusable workflow reference in `.github/workflows/Process-PSModule.yml` was using a mutable major version tag (`@v5`). It is now pinned to the exact commit SHA with the patch-level version in a trailing comment: ```yaml # Before uses: PSModule/Process-PSModule/.github/workflows/workflow.yml@v5 # After uses: PSModule/Process-PSModule@4343d76 # v5.4.5 ``` Dependabot's `github-actions` ecosystem is already configured and will keep this reference up to date automatically.
## Context The reusable workflow [Process-PSModule](https://github.com/PSModule/Process-PSModule) has released [v5.4.6](https://github.com/PSModule/Process-PSModule/releases/tag/v5.4.6), which adds `pull-requests: write` permission to the `Lint-Repository` job, allowing super-linter to post PR comment summaries. ## Changes - Updated `Process-PSModule.yml` workflow reference from pinned SHA (v5.4.5) to `205d193f34cbbaf9992955c21d842bcf98a1859f # v5.4.6`
## Context The [super-linter](https://github.com/super-linter/super-linter) `SPELL_CODESPELL` check flags intentional misspellings in `.github/linters/.textlintrc` (e.g. `environemnt`, `pacakge`). These strings exist as linter configuration patterns and are not actual typos. The [GitHub](https://github.com/PSModule/GitHub), [GoogleFonts](https://github.com/PSModule/GoogleFonts), and [NerdFonts](https://github.com/PSModule/NerdFonts) repos already solved this by adding a `.codespellrc` file. ## Changes - Added `.github/linters/.codespellrc` that tells codespell to skip the `.github/linters` directory and ignore the word `afterall`
…4.6 to 5.5.0 (#10) Bumps [PSModule/Process-PSModule/.github/workflows/workflow.yml](https://github.com/psmodule/process-psmodule) from 5.4.6 to 5.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psmodule/process-psmodule/releases">PSModule/Process-PSModule/.github/workflows/workflow.yml's releases</a>.</em></p> <blockquote> <h2>v5.5.0</h2> <h1>🚀 [Feature]: Release-triggering file patterns now configurable via workflow input (<a href="https://redirect.github.com/psmodule/process-psmodule/issues/301">#301</a>)</h1> <p>Repositories can now control which file changes trigger build, test, and publish stages by configuring the <code>ImportantFilePatterns</code> workflow input or settings file property. The default patterns (<code>^src/</code> and <code>^README\.md$</code>) remain unchanged for backward compatibility.</p> <ul> <li>Fixes <a href="https://redirect.github.com/psmodule/process-psmodule/issues/278">#278</a></li> </ul> <h2>New: Configurable release-triggering file patterns</h2> <p>The <code>ImportantFilePatterns</code> input is now available on the <code>workflow.yml</code> and <code>Get-Settings.yml</code> reusable workflows. Pass a newline-separated list of regex patterns to override the defaults:</p> <pre lang="yaml"><code>jobs: Process: uses: PSModule/Process-PSModule/.github/workflows/workflow.yml@v5 with: ImportantFilePatterns: | ^src/ ^README\.md$ ^examples/ </code></pre> <p>To disable file-change triggering entirely, pass an empty string via the workflow input or set an empty list in <code>.github/PSModule.yml</code>:</p> <pre lang="yaml"><code># In .github/PSModule.yml ImportantFilePatterns: [] </code></pre> <p>Resolution order: settings file → workflow input → workflow input default values.</p> <h2>Changed: PR comment reflects configured patterns</h2> <p>The automated comment posted on PRs when no important files are changed now dynamically lists the configured patterns instead of a hardcoded table.</p> <h2>Technical Details</h2> <ul> <li>Added <code>ImportantFilePatterns</code> input (type: <code>string</code>, newline-separated) to both <code>.github/workflows/workflow.yml</code> and <code>.github/workflows/Get-Settings.yml</code> with explicit defaults (<code>^src/</code> and <code>^README\.md$</code>).</li> <li>Bumped <code>Get-PSModuleSettings</code> action reference from <code>v1.4.4</code> to <code>v1.5.0</code> which implements the settings file and action input support for this feature.</li> <li>Passed <code>ImportantFilePatterns</code> input through the reusable workflow chain to the <code>Get-PSModuleSettings</code> action step.</li> <li>Updated README documentation: new input in the workflow inputs table, new "Customizing important file patterns" section with YAML examples, updated settings file reference and example schema.</li> </ul> <h2>v5.4.7</h2> <h1>🩹 [Patch]: Framework-generated code coverage no longer penalizes module authors (<a href="https://redirect.github.com/psmodule/process-psmodule/issues/310">#310</a>)</h1> <p>Framework-generated boilerplate — type accelerator registration and <code>OnRemove</code> cleanup — is now tested and covered by updated action versions referenced in this workflow. The obsolete <code>$IsWindows</code> PS 5.1 shim is no longer injected into built modules. Coverage from the framework test step and the module test step is already aggregated by Get-CodeCoverage, so module authors' coverage percentages now reflect only the code they wrote.</p> <ul> <li>Fixes <a href="https://redirect.github.com/psmodule/process-psmodule/issues/309">#309</a></li> </ul> <h2>Changed: Build-PSModule updated to v4.0.14</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PSModule/Process-PSModule/commit/11117919e65242d3388727819a751f74ad24ea9e"><code>1111791</code></a> 🚀 [Feature]: Release-triggering file patterns now configurable via workflow i...</li> <li><a href="https://github.com/PSModule/Process-PSModule/commit/3ed96da6f3c2f95b7cd770761f5f2f348020680b"><code>3ed96da</code></a> 🩹 [Patch]: Framework-generated code coverage no longer penalizes module autho...</li> <li>See full diff in <a href="https://github.com/psmodule/process-psmodule/compare/205d193f34cbbaf9992955c21d842bcf98a1859f...11117919e65242d3388727819a751f74ad24ea9e">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The module repository no longer contains placeholder template code from the PSModule framework scaffolding. Only the `New-Jwt` placeholder function remains, signaling that the module is ready for actual JWT implementation work. - Fixes #11 ## Changed: Repository content All template/demo artifacts are removed — classes (`Book`, `SecretWriter`), functions (`Get-PSModuleTest`, `New-PSModuleTest`, `Set-PSModuleTest`, `Test-PSModuleTest`), variables (`Planets`, `Moons`, `SolarSystems`), data files, format definitions, type extensions, init scripts, nested modules, script loaders, examples, and the manifest override file. What remains in `src/`: ``` src/ functions/ public/ New-Jwt.ps1 ``` The `New-Jwt` function emits a warning that it is not yet implemented. This gives CI a valid function to build and test against while development proceeds in #3. ## Changed: Test file The test file is renamed from `PSModuleTest.Tests.ps1` to `Jwt.Tests.ps1` with a single test verifying the placeholder warning output. ## Changed: README Rewritten to describe the Jwt module — name, purpose, installation, and current development status. ## Technical Details - Removed 32 files totaling ~660 lines of template code - Code coverage target in `.github/PSModule.yml` lowered from 50% to 0% — the placeholder function has no meaningful logic to cover - The `manifest.psd1` is removed because it is optional in the PSModule framework (only needed to override generated values); will be recreated in #3 when module metadata is defined - This PR completes the "Skeleton cleanup" section of the implementation plan in #3
Super-linter summary
Super-linter detected linting errors For more information, see the GitHub Actions workflow run Powered by Super-linter GITLEAKSPOWERSHELLTRIVY |
Super-linter summary
Super-linter detected linting errors For more information, see the GitHub Actions workflow run Powered by Super-linter GITLEAKSPOWERSHELLTRIVY |
Super-linter summary
Super-linter detected linting errors For more information, see the GitHub Actions workflow run Powered by Super-linter GITLEAKSPOWERSHELLTRIVY |
Super-linter summary
Super-linter detected linting errors For more information, see the GitHub Actions workflow run Powered by Super-linter GITLEAKSPOWERSHELLTRIVY |
Super-linter summary
All files and directories linted successfully For more information, see the GitHub Actions workflow run Powered by Super-linter |
Super-linter summary
All files and directories linted successfully For more information, see the GitHub Actions workflow run Powered by Super-linter |
Super-linter summary
All files and directories linted successfully For more information, see the GitHub Actions workflow run Powered by Super-linter |
Super-linter summary
All files and directories linted successfully For more information, see the GitHub Actions workflow run Powered by Super-linter |
Super-linter summary
All files and directories linted successfully For more information, see the GitHub Actions workflow run Powered by Super-linter |
…data Without a repo-level .github/linters/trivy.yaml, Super-Linter falls back to its built-in /action/lib/.automation/trivy.yaml which has exit-code:1 enabled. JWT test token strings in tests/Data/TestCases.ps1 are flagged by Trivy's secret scanner, causing the lint step to fail with no source- level change needed. Restore the config to override the default: our scanners list matches the default but without exit-code:1, so real build artifacts continue to be skipped and false positives from test data do not block CI.
Copilot started reviewing on behalf of
Marius Storhaug (MariusStorhaug)
May 10, 2026 20:35
View session
Super-linter summary
All files and directories linted successfully For more information, see the GitHub Actions workflow run Powered by Super-linter |
…n data, RS256 empty-sig guard - Test-Jwt RS256: return false for empty third segment instead of binding exception - Test-Jwt: throw typed FormatException for non-JSON header (no header content in message) - New-Jwt: throw typed FormatException for non-JSON header and payload (no content in messages) - Update test assertion wildcard to match new payload error message text
Super-linter summary
Super-linter detected linting errors For more information, see the GitHub Actions workflow run Powered by Super-linter POWERSHELL |
Copilot started reviewing on behalf of
Marius Storhaug (MariusStorhaug)
May 10, 2026 23:02
View session
Super-linter summary
All files and directories linted successfully For more information, see the GitHub Actions workflow run Powered by Super-linter |
…m exceptions, add src/manifest.psd1 - Test-Jwt RS256: catch FormatException from ConvertFrom-Base64UrlString \[2] and return \False - Test-Jwt + New-Jwt: replace untyped string throws with ArgumentException/NotSupportedException for missing -Cert, missing -Secret, no-RSA-key, and unsupported-algorithm cases - Add src/manifest.psd1 with JWT gallery tags (JWT, JSON, Token, Authentication, Security, PSModule) - Update test assertion wildcard for HS256-requires-Secret message to match new wording
Super-linter summary
All files and directories linted successfully For more information, see the GitHub Actions workflow run Powered by Super-linter |
Copilot started reviewing on behalf of
Marius Storhaug (MariusStorhaug)
May 10, 2026 23:31
View session
Copilot started reviewing on behalf of
Marius Storhaug (MariusStorhaug)
May 11, 2026 15:48
View session
…d tests - New-Jwt/Test-Jwt: throw FormatException when header JSON parses successfully but contains no alg claim, giving a targeted error instead of a misleading NotSupportedException (threads r3215702514 / r3215702516) - New-Jwt/Test-Jwt: add paramName 'Secret' to the HS256 Secret-type ArgumentException so callers can consistently identify the failing parameter (threads r3220268341 / r3220268308) - tests: add coverage for missing alg in New-Jwt and Test-Jwt
4 tasks
Super-linter summary
Super-linter detected linting errors For more information, see the GitHub Actions workflow run Powered by Super-linter POWERSHELL |
Copilot started reviewing on behalf of
Marius Storhaug (MariusStorhaug)
May 11, 2026 18:52
View session
Marius Storhaug (MariusStorhaug)
merged commit 383e134
into
main
32 of 41 checks passed
This was referenced May 11, 2026
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Jwt is aligned with the current maintained module so existing users can continue installing the package and using the established JWT commands from PSModule/Jwt. The source layout now follows Process-PSModule conventions: the package manifest is generated by the build from the module content and structure, while the repository keeps only the lightweight source metadata needed for generation.
Changed: Current JWT module is ready for maintained publication
Jwtcontinues to expose the current JWT module commands and alias expected by existing users:Process-PSModule will generate the publishable module manifest from the source content and structure during the build, keeping the source repository aligned with the same pattern used by the PSModule GitHub module.
Changed: Documentation reflects the current JWT commands
The README now shows how to install and import
Jwt, lists the exported commands, and includes representative usage for creating and validating an HS256 token and reading a token header and payload.Fixed: Source validation checks the maintained command surface
Process-PSModule validation builds the current source module, checks the generated metadata and exported command surface, and runs the Jwt Pester tests against representative token behavior.
Fixed: JWT function error handling and resource management
The JWT functions now handle edge cases correctly and release cryptographic resources properly:
ConvertFrom-Base64UrlString: Rejects impossible base64url lengths instead of trimming malformed input.ConvertTo-Base64UrlString: Invalid input type now throws a typed[System.ArgumentException]instead of an untyped string.Get-JwtHeaderandGet-JwtPayload: Validate JWT segment shape before indexing and report targeted malformed-token errors.New-Jwt: The HS256 Secret type check is now performed before entering thetry/catchblock, preventing error messages from being double-wrapped.HMACSHA256is always disposed viafinally.New-Objectreplaced with::new(). Verbose output reports only payload length instead of payload JSON. RS256 signing usesGetRSAPrivateKey()instead of the obsolete certificatePrivateKeyaccessor.Test-Jwt: Replaced the deprecatedSHA256Managedwith the modern[System.Security.Cryptography.SHA256]::HashData()static method.HMACSHA256is always disposed viafinally. Invalid Secret type throws a typed[System.ArgumentException].New-Objectreplaced with::new(). JWT segment shape is validated before verification, unsignedalg=nonetokens require an empty third segment, HS256 signatures are compared byte-by-byte instead of with plain string equality, malformed HS256 signature encodings return$false, verbose output reports only token length, and RS256 verification usesGetRSAPublicKey()instead of the obsolete public-key accessor.Technical Details
src/manifest.psd1provides the lightweight Process-PSModule source metadata overlay with JWT-related gallery tags. Generated fields such asRootModule,ModuleVersion, GUID, and explicit exports are intentionally left to Process-PSModule.README.mdwas updated to describe the current JWT module commands and representative usage.tests/Jwt.Tests.ps1covers base64url helpers, JWT header/payload extraction, HS256 andnonetoken behavior, malformed JWT shapes, invalid base64url length, invalid HS256 signature encodings, and verbose-output redaction.https://psmodule.io/Jwt/Functions/<FunctionName>/.