Bump bats from 1.11.0 to 1.11.1 (#353)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/ISSUE_TEMPLATE/bug.yaml

@@ -5,7 +5,7 @@ body:
   - type: markdown
     attributes:
       value: |
-        Before opening a bug report, please search for the behaviour in the existing issues. 
+        Before opening a bug report, please search for the behaviour in existing issues or discussions. 
         
         ---
         
@@ -17,7 +17,7 @@ body:
       description: "Which exact version of git-auto-commit are you using in your Workflow?"
       placeholder: "v4.14.0"
     validations:
-      required: true  
+      required: true
   - type: dropdown
     id: machine
     attributes:
@@ -33,7 +33,7 @@ body:
     id: bug-description
     attributes:
       label: Bug description
-      description: What exactly happened?
+      description: What exactly happened? Please describe your problem in detail.
     validations:
       required: true
   - type: textarea
@@ -52,7 +52,7 @@ body:
     id: example-workflow
     attributes:
       label: Example Workflow
-      description: Please share your GitHub Actions workflow which causes the bug. We use this to reproduce the error. No need for backticks here.
+      description: Please share the YAML-code of your GitHub Actions workflow which causes the bug. We use this to reproduce the error. If the workflow is in a private repostory, please provide a minimal example. (No need for backticks here, the pasted code will be correctly formatted.)
       render: yaml
     validations:
       required: true
@@ -60,5 +60,10 @@ body:
     id: logs
     attributes:
       label: Relevant log output
-      description: If applicable, provide relevant log output. No need for backticks here.
+      description: If applicable, provide relevant log output. Please copy and paste the output here, and make sure to remove any sensitive information. (No need for backticks here, the pasted code will be correctly formatted.)
       render: shell
+  - type: input
+    id: repository-url
+    attributes:
+      label: Repository
+      description: If applicable, please provide the repository where the bug occurred.

.github/ISSUE_TEMPLATE/config.yml

@@ -4,5 +4,5 @@ contact_links:
     url: https://github.com/stefanzweifel/git-auto-commit-action/discussions/new?category=help
     about: If you can't get something to work the way you expect, open a question in our discussion forums.
   - name: Feature Request
-    url: https://github.com/tailwindlabs/tailwindcss/discussions/new?category=ideas
+    url: https://github.com/stefanzweifel/git-auto-commit-action/discussions/new?category=ideas
     about: 'Suggest any ideas you have using our discussion forums.'

.github/workflows/linter.yml

@@ -12,7 +12,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Lint Code Base
-        uses: github/super-linter@v5
+        uses: github/super-linter@v7
         env:
           VALIDATE_ALL_CODEBASE: false
           VALIDATE_MARKDOWN: false

CHANGELOG.md

@@ -5,10 +5,27 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## [Unreleased](https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.0.0...HEAD)
+## [Unreleased](https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.0.1...HEAD)
 
 > TBD
 
+## [v5.0.1](https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.0.0...v5.0.1) - 2024-04-12
+
+### Fixed
+
+- Fail if attempting to execute git commands in a directory that is not a git-repo. ([#326](https://github.com/stefanzweifel/git-auto-commit-action/pull/326)) [@ccomendant](https://github.com/@ccomendant)
+
+### Dependency Updates
+
+- Bump bats from 1.10.0 to 1.11.0 ([#325](https://github.com/stefanzweifel/git-auto-commit-action/pull/325)) [@dependabot](https://github.com/@dependabot)
+- Bump release-drafter/release-drafter from 5 to 6 ([#319](https://github.com/stefanzweifel/git-auto-commit-action/pull/319)) [@dependabot](https://github.com/@dependabot)
+
+### Misc
+
+- Clarify `commit_author` input option ([#315](https://github.com/stefanzweifel/git-auto-commit-action/pull/315)) [@npanuhin](https://github.com/@npanuhin)
+- Add step id explanation for output in README.md ([#324](https://github.com/stefanzweifel/git-auto-commit-action/pull/324)) [@ChristianVermeulen](https://github.com/@ChristianVermeulen)
+- Linux is not UNIX ([#321](https://github.com/stefanzweifel/git-auto-commit-action/pull/321)) [@couling](https://github.com/@couling)
+
 ## [v5.0.0](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.16.0...v5.0.0) - 2023-10-06
 
 New major release that bumps the default runtime to Node 20. There are no other breaking changes.

README.md

@@ -40,8 +40,11 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
 
-      # Other steps that change files in the repository
+      # Other steps that change files in the repository go here
+      # …
 
       # Commit all changed files back to the repository
       - uses: stefanzweifel/git-auto-commit-action@v5
@@ -231,10 +234,17 @@ storing the token as a secret in your repository and then passing the new token
     token: ${{ secrets.PAT }}
 ```
 
-If you create a personal access token, apply the `repo` and `workflow` scopes.
+If you create a personal access token (classic), apply the `repo` and `workflow` scopes.
+If you create a fine-grained personal access token, apply the `Contents`-permissions.
 
 If you work in an organization and don't want to create a PAT from your personal account, we recommend using a [robot account](https://docs.github.com/en/github/getting-started-with-github/types-of-github-accounts) for the token.
 
+### Prevent Infinite Loop when using a Personal Access Token
+
+If you're using a Personal Access Token (PAT) to push commits to GitHub repository, the resulting commit or push can trigger other GitHub Actions workflows. This can result in an infinite loop.
+
+If you would like to prevent this, you can add `skip-checks:true` to the commit message. See [Skipping workflow runs](https://docs.github.com/en/actions/managing-workflow-runs/skipping-workflow-runs) for details.
+
 ### Change to file is not detected
 
 Does your workflow change a file, but "git-auto-commit" does not detect the change? Check the `.gitignore` that applies to the respective file. You might have accidentally marked the file to be ignored by git.
@@ -271,11 +281,32 @@ The example below can be used as a starting point to generate a multiline commit
         commit_message: ${{ steps.commit_message_step.outputs.commit_message }}
 ```  
 
-### Signing Commits & Other Git Command Line Options
+### Signing Commits
 
-Using command lines options needs to be done manually for each workflow which you require the option enabled. So for example signing commits requires you to import the gpg signature each and every time. The following list of actions are worth checking out if you need to automate these tasks regularly.
+If you would like to sign your commits using a GPG key, you will need to use an additional action. 
+You can use the [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) action and follow its setup instructions.
 
-- [Import GPG Signature](https://github.com/crazy-max/ghaction-import-gpg) (Suggested by [TGTGamer](https://github.com/tgtgamer))
+As git-auto-commit by default does not use **your** username and email when creating a commit, you have to override these values in your workflow.
+
+```yml
+- name: "Import GPG key"
+  id: import-gpg
+  uses: crazy-max/ghaction-import-gpg@v6
+  with:
+    gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+    passphrase: ${{ secrets.GPG_PASSPHRASE }}
+    git_user_signingkey: true
+    git_commit_gpgsign: true
+
+- name: "Commit and push changes"
+  uses: stefanzweifel/git-auto-commit-action@v5
+  with:
+     commit_author: "${{ steps.import-gpg.outputs.name }} <${{ steps.import-gpg.outputs.email }}>"
+     commit_user_name: ${{ steps.import-gpg.outputs.name }}
+     commit_user_email: ${{ steps.import-gpg.outputs.email }}
+```
+
+See discussion [#334](https://github.com/stefanzweifel/git-auto-commit-action/discussions/334) for details.
 
 ### Use in forks from private repositories
 
@@ -403,13 +434,25 @@ please update your Workflow configuration and usage of [`actions/checkout`](http
 
 Updating the `token` value with a Personal Access Token should fix your issues.
 
+### git-auto-commit fails to push commit that creates or updates files in `.github/workflows/`
+
+The default `GITHUB_TOKEN` issued by GitHub Action does not have permission to make changes to workflow files located in `.github/workflows/`.
+To fix this, please create a personal access token (PAT) and pass the token to the `actions/checkout`-step in your workflow. (Similar to [how to push to protected branches](https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#push-to-protected-branches)).
+
+If a PAT does not work for you, you could also create a new GitHub app and use it's token in your workflows. See [this comment in #87](https://github.com/stefanzweifel/git-auto-commit-action/issues/87#issuecomment-1939138661) for details.
+
+See [#322](https://github.com/stefanzweifel/git-auto-commit-action/issues/322) for details and discussions around this topic.
+
 ### Push to protected branches
 
-If your repository uses [protected branches](https://help.github.com/en/github/administering-a-repository/configuring-protected-branches) you have to make some changes to your Workflow for the Action to work properly: You need a Personal Access Token and you either have to allow force pushes or the Personal Access Token needs to belong to an Administrator.
+If your repository uses [protected branches](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) you have to make some changes to your Workflow for the Action to work properly: You need a Personal Access Token and you either have to allow force pushes or the Personal Access Token needs to belong to an Administrator.
 
 First, you have to create a new [Personal Access Token (PAT)](https://github.com/settings/tokens/new),
 store the token as a secret in your repository and pass the new token to the [`actions/checkout`](https://github.com/actions/checkout#usage) Action step.
 
+If you create a personal access token (classic), apply the `repo` and `workflow` scopes.
+If you create a fine-grained personal access token, apply the `Contents`-permissions.
+
 ```yaml
 - uses: actions/checkout@v4
   with:

package.json

@@ -1,6 +1,6 @@
 {
   "devDependencies": {
-    "bats": "^1.11.0",
+    "bats": "^1.11.1",
     "bats-assert": "ztombol/bats-assert",
     "bats-support": "ztombol/bats-support"
   },

yarn.lock

@@ -10,7 +10,7 @@ bats-support@ztombol/bats-support:
   version "0.3.0"
   resolved "https://codeload.github.com/ztombol/bats-support/tar.gz/004e707638eedd62e0481e8cdc9223ad471f12ee"
 
-bats@^1.11.0:
-  version "1.11.0"
-  resolved "https://registry.yarnpkg.com/bats/-/bats-1.11.0.tgz#40281f021f5befcc10da54ed5674aa5b181f4953"
-  integrity sha512-qiKdnS4ID3bJ1MaEOKuZe12R4w+t+psJF0ICj+UdkiHBBoObPMHv8xmD3w6F4a5qwUyZUHS+413lxENBNy8xcQ==
+bats@^1.11.1:
+  version "1.11.1"
+  resolved "https://registry.yarnpkg.com/bats/-/bats-1.11.1.tgz#e87fa1161d5110ec3a685e2e233f2f2bfb26ebfd"
+  integrity sha512-Dh26FsiLog+wwQeTkboYo2xYj9rUaPEbibUobnYb3G3M9hva/Kby00wrAN9VB9qqGVhl/pYjjt/LVBWwjXlD2A==