minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

minor updates

chore(renovate): major Update github/codeql-action action to v3 (#341)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

chore: Sync Files - 2023/04/20 -- [bot] synced file(s) with sammcj/automation-repo (#116)

Co-authored-by: gha-template-repo-token-generator[bot] <114375963+gha-template-repo-token-generator[bot]@users.noreply.github.com>

chore(renovate): major Update major to v5 (major) (#105)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

chore(renovate): major Update major to v4 (major) (#224)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

chore(renovate): major Update peter-evans/create-pull-request action to v6 (#398)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

chore(renovate): patch Update pre-commit/action action to v3.0.1 (#459)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

minor updates

chore(renovate): pin Update reviewdog/action-shellcheck digest to 72365a5 (#143)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.gitconfig

@@ -1,101 +1,82 @@
-[credential]
-  helper = store
-
 [core]
-	pager = diff-so-fancy | less --tabs=2 -RFX
   excludesfile = ~/.gitignoreglobal
   ignorecase = true
 
-[include]
-    path = ~/.gitconfig.private
-
-[url "[email protected]:"]
-  insteadOf = https://github.com/
+[credential]
+  helper = store
 
-# Alises
-[alias]
-  init-safe-commit = !~/.safe-commit-hook/install-for-project.sh
-  quick-stats = ! /usr/local/bin/git-quick-stats
-  prune = fetch --prune
-  undo = reset --soft HEAD^
-  glog = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset'
-  logline = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
-  tree = log --graph --decorate --pretty=oneline --abbrev-commit
-  squash-all = "!f(){ git reset $(git commit-tree HEAD^{tree} -m \"${1:-Initial commit}\");};f"
-  scrub = reset --hard @{upstream}
-  recentb = "!r() { refbranch=$1 count=$2; git for-each-ref --sort=-committerdate refs/heads --format='%(refname:short)|%(HEAD)%(color:yellow)%(refname:short)|%(color:bold green)%(committerdate:relative)|%(color:blue)%(subject)|%(color:magenta)%(authorname)%(color:reset)' --color=always --count=${count:-20} | while read line; do branch=$(echo \"$line\" | awk 'BEGIN { FS = \"|\" }; { print $1 }' | tr -d '*'); ahead=$(git rev-list --count \"${refbranch:-origin/master}..${branch}\"); behind=$(git rev-list --count \"${branch}..${refbranch:-origin/master}\"); colorline=$(echo \"$line\" | sed 's/^[^|]*|//'); echo \"$ahead|$behind|$colorline\" | awk -F'|' -vOFS='|' '{$5=substr($5,1,70)}1' ; done | ( echo \"ahead|behind||branch|lastcommit|message|author\\n\" && cat) | column -ts'|';}; r"
-  # https://github.com/nedbat/watchgha
-  runs = "!f() { \
-      watch_gha_runs \
-          \"$(git remote get-url origin)\" \
-          \"$(git rev-parse --abbrev-ref HEAD)\"; \
-  }; f"
+[include]
+  path = ~/.gitconfig.private
 
-# *********************
-# Rebase workflow
-  mainbranch = "!git remote show origin | sed -n '/HEAD branch/s/.*: //p'"
-  synced = "!git pull origin $(git mainbranch) --rebase"
-  update = "!git pull origin $(git rev-parse --abbrev-ref HEAD) --rebase"
-  squash = "!git rebase -v -i $(git mainbranch)"
-  publish = push origin HEAD --force-with-lease
-  pub = publish
-  ammend = commit --amend
-  amend = commit --amend
-# *********************
+#[url "[email protected]:"]
+#  insteadOf = https://github.com/
 
 ## Behaviour
 [init]
   defaultBranch = main
 [push]
   default = current
   autoSetupRemote = true
+	followtags = true
 [pull]
-  rebase = false
+  rebase = true
 [rebase]
   autosquash = true
-[diff]
-  colorMoved = default
-	submodule = log
-[difftool]
-  prompt = false
-[merge]
-  conflictstyle = diff3
-  tool = delta
-[mergetool]
-  prompt = false
 [branch]
   autoSetupMerge = true
-
+	sort = -committerdate
+[mergetool]
+  prompt = false
 [filter "lfs"]
   required = true
   clean = git-lfs clean -- %f
   smudge = git-lfs smudge -- %f
   process = git-lfs filter-process
-
 [tar "tar.xz"]
   command = xz -c
 
-# Delta diff-tool
+### DIFF TOOLING ###
+[core]
+	pager = delta #--features=interactive #,diff-so-fancy,decorations
+  #page = diff-so-fancy | less --tabs=2 -RFX
+[merge]
+	conflictstyle = zdiff3
+  tool = delta
+
+[diff]
+  colorMoved = default
+	submodule = log
+	algorithm = histogram
+	tool = delta
+  # external = delta
+  prompt = false
+
 [delta]
-  side-by-side = false
+  side-by-side = true
   navigate = true
-  features = decorations
-  features = unobtrusive-line-numbers
+  features = decorations unobtrusive-line-numbers diff-so-fancy dark
   syntax-theme = Dracula
-
+  tabs = 4
+  true-color = always
+  hyperlinks = true
+  hyperlinks-file-link-format = "vscode://file/{path}:{line}"
+  # or: hyperlinks-file-link-format = "idea://open?file={path}&line={line}"
+  # or: hyperlinks-file-link-format = "pycharm://open?file={path}&line={line}"
 [delta "interactive"]
-  diffFilter = delta --color-only --dark --features=interactive
+  diffFilter = delta --color-only --dark --features=interactive,unobtrusive-line-numbers,diff-so-fancy
   keep-plus-minus-markers = false
-
 [delta "decorations"]
+  commit-decoration-style = bold yellow box ul
+  file-style = bold yellow ul
+  file-decoration-style = none
+  hunk-header-decoration-style = yellow box
   commit-decoration-style = blue ol
-  commit-style = raw
-  file-style = omit
-  hunk-header-decoration-style = blue box
+  # commit-style = raw
+  # file-style = omit
+  # hunk-header-decoration-style = blue box
   hunk-header-file-style = red
-  hunk-header-line-number-style = "#067a00"
+  # hunk-header-line-number-style = "#067a00"
   hunk-header-style = file line-number syntax
-
 [delta "unobtrusive-line-numbers"]
   line-numbers = true
   line-numbers-minus-style = "#444444"
@@ -106,18 +87,61 @@
   line-numbers-left-style = blue
   line-numbers-right-style = blue
 
-# Kaleidoscope diff-tool
-[difftool "Kaleidoscope"]
-  cmd = ksdiff --partial-changeset --relative-path \"$MERGED\" -- \"$LOCAL\" \"$REMOTE\"
-[mergetool "Kaleidoscope"]
-  cmd = ksdiff --merge --output \"$MERGED\" --base \"$BASE\" -- \"$LOCAL\" --snapshot \"$REMOTE\" --snapshot
-  trustExitCode = true
 
-[safe]
-	directory = /github/workspace
+# Diff-so-fancy diff-tool
 [interactive]
-	diffFilter = diff-so-fancy --patch
+	diffFilter = delta --diff-so-fancy # diff-so-fancy --patch
 [diff-so-fancy]
 	changeHunkIndicators = true
+### END DIFF ###
+
+[safe]
+	directory = /github/workspace
 [status]
 	submodulesummary = 1
+[rerere] # Reuse Recorded Resolution
+	enable = true
+	enabled = true
+	autoUpdate = true
+[help]
+	autocorrect = 1
+[fetch]
+	prunetags = true
+[log]
+	date = iso
+
+# Alases
+[alias]
+  init-safe-commit = !~/.safe-commit-hook/install-for-project.sh
+  quick-stats = ! /usr/local/bin/git-quick-stats
+  prune = fetch --prune
+  undo = reset --soft HEAD^
+  glog = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset'
+  logline = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
+  tree = log --graph --decorate --pretty=oneline --abbrev-commit
+  squash-all = "!f(){ git reset $(git commit-tree HEAD^{tree} -m \"${1:-A new start}\");};f"
+  #squash-all = "!f(){ git reset $(git commit-tree HEAD^{tree} -m \"${1:-Make Actions Great Again}\");};f"
+  scrub = reset --hard @{upstream}
+  recentb = "!r() { refbranch=$1 count=$2; git for-each-ref --sort=-committerdate refs/heads --format='%(refname:short)|%(HEAD)%(color:yellow)%(refname:short)|%(color:bold green)%(committerdate:relative)|%(color:blue)%(subject)|%(color:magenta)%(authorname)%(color:reset)' --color=always --count=${count:-20} | while read line; do branch=$(echo \"$line\" | awk 'BEGIN { FS = \"|\" }; { print $1 }' | tr -d '*'); ahead=$(git rev-list --count \"${refbranch:-origin/master}..${branch}\"); behind=$(git rev-list --count \"${branch}..${refbranch:-origin/master}\"); colorline=$(echo \"$line\" | sed 's/^[^|]*|//'); echo \"$ahead|$behind|$colorline\" | awk -F'|' -vOFS='|' '{$5=substr($5,1,70)}1' ; done | ( echo \"ahead|behind||branch|lastcommit|message|author\\n\" && cat) | column -ts'|';}; r"
+  runs = "!f() { \
+      watch_gha_runs \
+          \"$(git remote get-url origin)\" \
+          \"$(git rev-parse --abbrev-ref HEAD)\"; \
+    }; f"
+
+# *********************
+# Rebase workflow
+  mainbranch = "!git remote show origin | sed -n '/HEAD branch/s/.*: //p'"
+  synced = "!git pull origin $(git mainbranch) --rebase"
+  update = "!git pull origin $(git rev-parse --abbrev-ref HEAD) --rebase"
+  squash = "!git rebase -v -i $(git mainbranch)"
+  publish = push origin HEAD --force-with-lease
+  pub = publish
+  ammend = commit --amend
+  amend = commit --amend
+	fpush = push
+# *********************
+
+
+# [maintenance]
+# 	repo = /path/to/example/repo

.github/workflows/codeball.yml

@@ -27,7 +27,7 @@ concurrency:
 
 jobs:
   codeball-review:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     timeout-minutes: 10
     if: ${{ !github.event.pull_request.draft }}
     name: Run Codeball Code Review

.github/workflows/codeql.yml

@@ -19,15 +19,15 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2
+        uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3
 
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2
+        uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2
+        uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3

.github/workflows/delete-disabled-workflows.yml

@@ -1,39 +1,43 @@
-name: Delete Disabled and Obsolete Workflows
+name: Delete Disabled and Deprecated Workflows
 
 on:
   workflow_dispatch:
     inputs:
       github-token:
         description: 'Custom GitHub Token, to not be rate limited to 1,000 requests, defaults to GITHUB_TOKEN'
         required: false
-      purge-obsoletes:
-        description: 'Delete obsolete workflows, defaults to true'
+      purge-deprecated:
+        description: 'Delete deprecated workflows, defaults to true'
         required: false
         default: "true"
       delete-disabled:
         description: 'Delete disabled workflows, defaults to true'
         required: false
         default: "true"
+      wait-days:
+        description: 'Number of days to wait before deleting disabled workflows, defaults to 7'
+        required: false
+        default: 7
+        type: number
   schedule:
-    # run twice a week on Sunday and Thursday at 00:00
-    - cron: '0 0 * * 0,4'
+    - cron: '0 0 * * 4'  # At 00:00, only on Thursday
 
 permissions:
   actions: write
   contents: read
 
 jobs:
-  delete-obsolete-workflows:
-    runs-on: ubuntu-22.04
+  delete-deprecated-workflows:
+    runs-on: ubuntu-latest
     timeout-minutes: 15
-    if: inputs.purge-obsoletes == true
+    if: inputs.purge-deprecated == true
     steps:
-        - uses: otto-contentfactory/purge-workflow-runs@v1
+        - uses: otto-de/purge-deprecated-workflow-runs@v1
           with:
             token: ${{ inputs.github-token || secrets.GITHUB_TOKEN }}
 
   delete-disabled-workflows:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     timeout-minutes: 15
     if: inputs.delete-disabled == true
     steps:
@@ -46,15 +50,26 @@ jobs:
               repo: context.repo.repo,
             }
 
-            const disabledWorkflows = await github.paginate(
+            // filter out workflows that are not disabled
+            const allDisabledWorkflows = await github.paginate(
               github.rest.actions.listRepoWorkflows,
               githubContext
             ).then(workflows => workflows.filter(workflow => workflow.state == 'disabled_manually'))
 
-            console.log('::group::List of disabled workflows')
+            // filter out workflows that have only been disabled for less than wait-days
+            const disabledWorkflows = allDisabledWorkflows.filter(workflow => {
+              const now = new Date()
+              const disabledAt = new Date(workflow.updated_at)
+              const diff = now - disabledAt
+              const days = diff / (1000 * 60 * 60 * 24)
+              return days > ${{ inputs.wait-days }}
+            })
+
+            console.log(`::group::List of disabled workflows older than ${{ inputs.wait-days }}`)
             console.log(disabledWorkflows)
             console.log('::endgroup::')
 
+            // get the runs for each workflow
             for (const workflow of disabledWorkflows) {
               const runs = await github.paginate(
                 github.rest.actions.listWorkflowRuns,
@@ -64,18 +79,28 @@ jobs:
                 }
               )
 
-              console.log(`::group::Workflow #${workflow.id} >> Runs`)
-              console.log(runs)
+              console.log(`::group::Workflow ${workflow.id} >> Title`)
+              console.log(`::group::Workflow ${workflow.id} >> Runs`)
+
+              // log the title of each run
+              for (const run of runs) {
+                console.log(`::group::Workflow ${workflow.id} >> Run ${run.id} >> Title`)
+                console.log(run.head_commit.message)
+                console.log('::endgroup::')
+              }
               console.log('::endgroup::')
 
+              // delete each run
               for (const run of runs) {
                 const response = await github.rest.actions.deleteWorkflowRun({
                   ...githubContext,
                   run_id: run.id,
                 })
 
-                console.log(`::group::Workflow #${workflow.id} >> Run #${run.id} >> Delete`)
+                console.log(`::group::Workflow ${workflow.id} >> Run ${run.id} >> Delete`)
                 console.log(response)
                 console.log('::endgroup::')
+
               }
+
             }

.github/workflows/detect-secrets-generate-baseline.yml

@@ -29,7 +29,7 @@ jobs:
   detect-secrets-baseline-update:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       - name: "Set output variable to update or create baseline"
         id: baseline
         run: |
@@ -49,7 +49,7 @@ jobs:
           detect_secrets_flags: "${{ env.EXCLUDE_FILES }} ${{ env.EXCLUDE_LINES }} ${{ steps.baseline.outputs.baseline }}"
 
       #  Create a PR with the new baseline
-      - uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4
+      - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           branch: update/security-baseline

.github/workflows/label-sync.yml

@@ -5,7 +5,7 @@ name: "Sync Available Github Labels"
 on:
   workflow_dispatch:
   schedule:
-    - cron: "30 4 * * *"
+    - cron: "30 4 * * 0"
   push:
     paths:
       - .github/config/labels.yml
@@ -25,7 +25,7 @@ concurrency:
 jobs:
   sync-labels:
     name: Sync Github Labels
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3