Merge branch 'main' into Mogyuchi-patch-5

.github/files/build/Dockerfile

@@ -1,5 +1,5 @@
-# syntax=docker/dockerfile:1.6.0@sha256:ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021
-FROM --platform=$BUILDPLATFORM busybox:1.36.1-uclibc@sha256:cc71f45a5a48738c4c295314b2bc9bcc18eb0c33e7bb127c3735b751b724141b AS env
+# syntax=docker/dockerfile:1.9.0@sha256:fe40cf4e92cd0c467be2cfc30657a680ae2398318afd50b0c80585784c604f28
+FROM --platform=$BUILDPLATFORM busybox:1.36.1-uclibc@sha256:97d85ff9630b634ddff3e3ff69fd02bc3b69de8dba0c5002eb0ad6915d1bf4c0 AS env
 ARG TARGETPLATFORM
 RUN --mount=type=bind,source=artifact,target=artifact \
     if [ "$TARGETPLATFORM" = 'darwin/amd64' ]; then\

.github/release-please/.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "3.4.22"
+}

.github/.config/release-please-config.json → .github/release-please/release-please-config.json

@@ -71,7 +71,10 @@
       "bump-patch-for-minor-pre-major": false,
       "prerelease": false,
       "include-component-in-tag": false,
-      "pull-request-title-pattern": "release: v${version}"
+      "pull-request-title-pattern": "release: v${version}",
+      "extra-files": [
+        "README.md"
+      ]
     }
   },
   "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"

.github/renovate.json

@@ -5,42 +5,80 @@
     "config:js-app",
     ":automergeAll",
     ":automergePr",
-    ":disablePrControls",
-    ":labels(dependencies, semver:none)",
+    ":labels(dependencies)",
     ":maintainLockFilesWeekly",
     ":pathSemanticCommitType(.github/workflows/**, ci)",
     ":prHourlyLimitNone",
     ":rebaseStalePrs",
     ":semanticCommits",
-    "regexManagers:githubActionsVersions"
+    "customManagers:githubActionsVersions",
+    "security:openssf-scorecard",
+    "workarounds:typesNodeVersioning"
   ],
+  "platformAutomerge": true,
   "automergeStrategy": "squash",
   "assignAutomerge": true,
   "assigneesFromCodeOwners": true,
+  "commitBodyTable": true,
+  "commitMessageAction": "bump",
+  "commitMessageExtra": "from {{#if currentValue}}{{{replace '^v' '' currentValue}}}{{else}}{{{currentDigestShort}}}{{/if}} to {{#if isPinDigest}}{{{newDigestShort}}}{{else}}{{#if isSingleVersion}}{{replace '^v' '' newVersion}}{{else}}{{#if newValue}}{{{newValue}}}{{else}}{{{newDigestShort}}}{{/if}}{{/if}}{{/if}}",
+  "commitMessageTopic": "{{depName}}",
   "dependencyDashboardAutoclose": true,
+  "keepUpdatedLabel": "keepUpdated",
   "prConcurrentLimit": 3,
   "reviewersFromCodeOwners": true,
   "packageRules": [
     {
-      "matchDepTypes": [
-        "dependencies",
-        "require"
+      "matchDepTypes": ["dependencies", "require"],
+      "semanticCommitType": "deps",
+      "semanticCommitScope": null
+    },
+    {
+      "matchDepTypes": ["devDependencies"],
+      "semanticCommitType": "chore",
+      "semanticCommitScope": "deps-dev"
+    },
+    {
+      "matchManagers": ["npm"],
+      "addLabels": ["javascript"],
+      "postUpgradeTasks": {
+        "commands": ["pnpm install --frozen-lockfile --ignore-scripts"],
+        "executionMode": "branch"
+      }
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "addLabels": ["github_actions"],
+      "commitMessageTopic": "{{depName}}"
+    },
+    {
+      "matchManagers": ["custom.regex"],
+      "pinDigests": false
+    },
+    {
+      "matchDepTypes": ["packageManager"],
+      "commitMessageExtra": "from {{{currentVersion}}} to {{{newVersion}}}",
+      "postUpgradeTasks": {
+        "commands": ["corepack use '{{{depName}}}@{{{newVersion}}}'"]
+      }
+    },
+    {
+      "groupName": "discord.js monorepo",
+      "matchUpdateTypes": [
+        "patch",
+        "minor",
+        "major"
       ],
-      "labels": [
-        "dependencies",
-        "semver:patch"
+      "matchPackageNames": [
+        "@discordjs/{/,}**"
       ]
     }
   ],
   "customManagers": [
     {
       "customType": "regex",
-      "fileMatch": [
-        "(^|/)\\.npmrc$"
-      ],
-      "matchStrings": [
-        "use-node-version=(?<currentValue>.*?)\\n"
-      ],
+      "fileMatch": ["(^|/)\\.npmrc$"],
+      "matchStrings": ["use-node-version=(?<currentValue>.*?)\\n"],
       "depNameTemplate": "node",
       "datasourceTemplate": "node-version"
     }

.github/workflows/_renovate.yml

@@ -0,0 +1,84 @@
+on:
+  workflow_call:
+    inputs:
+      renovate_actor:
+        default: "mazi-renovate[bot]"
+        required: false
+        type: string
+      repoCache:
+        description: "Reset or disable the cache?"
+        default: "enabled"
+        required: false
+        type: string
+      dependencyDashboardTitle:
+        default: "Dependency Dashboard"
+        required: false
+        type: string
+      rebaseLabel:
+        default: "rebase"
+        required: false
+        type: string
+      stopUpdatingLabel:
+        default: "stop-updating"
+        required: false
+        type: string
+    secrets:
+      app-id:
+        required: true
+      private-key:
+        required: true
+
+permissions: {}
+
+env:
+  RENOVATE_REPOSITORY_OWNER: 4m-mazi
+  RENOVATE_REPOSITORY_NAME: gh-test
+
+jobs:
+  trigger-renovate:
+    if: >-
+      ${{
+        contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name)
+        || (
+            github.actor != inputs.renovate_actor
+            && (
+                (github.event.issue.title == inputs.dependencyDashboardTitle && github.event.issue.user.login == inputs.renovate_actor)
+                || (
+                    github.event.pull_request.user.login == inputs.renovate_actor
+                    && github.event.pull_request.merged == false
+                    && (
+                        (github.event.action == 'labeled' && github.event.label.name == inputs.rebaseLabel)
+                        || (github.event.action == 'unlabeled' && github.event.label.name == inputs.stopUpdatingLabel)
+                        || contains(fromJSON('["edited", "closed", "synchronize"]'), github.event.action)
+                    )
+                )
+            )
+        )
+      }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate a token
+        id: generate_token
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
+        with:
+          # [permissions]─────────────────────────────────────
+          #   [read and write]
+          #     repo: Contents
+          # ──────────────────────────────────────────────────
+          app-id: ${{ secrets.app-id }}
+          private-key: ${{ secrets.private-key }}
+          owner: ${{ env.RENOVATE_REPOSITORY_OWNER }}
+          repositories: ${{ env.RENOVATE_REPOSITORY_NAME }}
+
+      - name: "Create a repository dispatch event"
+        env:
+          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
+          RENOVATE_REPO: ${{ env.RENOVATE_REPOSITORY_OWNER }}/${{ env.RENOVATE_REPOSITORY_NAME }}
+          CACHE: ${{ inputs.repoCache }}
+        run: |
+          gh api \
+            --method POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            /repos/$RENOVATE_REPO/dispatches \
+             -f "event_type=renovate" -F "client_payload[repoCache]=$CACHE"

.github/workflows/cleanup-caches.yml

@@ -5,14 +5,17 @@ on:
       - closed
   delete:
   workflow_dispatch:
+    inputs:
+      branchNames:
+        description: 'List of branch(ref) names with caches to be deleted'
+        required: false
+        type: string
 
 jobs:
   cleanup:
-    runs-on: ubuntu-latest
     permissions:
       actions: write
-    steps:
-      - name: Cleanup
-        uses: 4m-mazi/souji-action@main
-        with:
-          dry-run: false
+      contents: read
+    uses: 4m-mazi/souji-action/.github/workflows/_souji.yml@20f71e75c2af757e9c7c61391a51b88d593d17b8 # v1.4.0
+    with:
+      branch-names: ${{ inputs.branchNames }}

.github/workflows/debug.yml

@@ -65,12 +65,14 @@ on:
   registry_package:
   release:
   repository_dispatch:
-# schedule:
+    types: [debug]
+  # schedule:
   status:
   watch:
   workflow_call:
   workflow_dispatch:
-# workflow_run:
+  workflow_run:
+    workflows: ["**"]
 
 permissions: {}
 

.github/workflows/deploy.yml

@@ -50,12 +50,12 @@ jobs:
     steps:
       - id: pr-checkout
         if: startsWith( needs.pre-deployment.outputs.branch, 'pull/' ) && endsWith( needs.pre-deployment.outputs.branch, '/merge' )
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           ref: refs/${{ env.BRANCH }}
 
       - if: steps.pr-checkout.conclusion == 'skipped'
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           ref: ${{ env.BRANCH }}
 
@@ -73,7 +73,7 @@ jobs:
           branch: ${{ env.BRANCH }}
 
       - if: ${{ ! cancelled() && github.event_name == 'pull_request_target' }}
-        uses: peter-evans/find-comment@d5fe37641ad8451bdd80312415672ba26c86575e # v3.0.0
+        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
         id: fc
         with:
           issue-number: ${{ github.event.pull_request.number }}

.github/workflows/dispatch-test.yml

@@ -0,0 +1,32 @@
+on:
+  workflow_dispatch:
+    inputs:
+      repoCache:
+        description: "Reset or disable the cache?"
+        type: choice
+        default: enabled
+        options:
+          - enabled
+          - disabled
+          - reset
+
+permissions: {}
+
+jobs:
+  dispatch:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: 'Create a repository dispatch event'
+        env:
+          GH_TOKEN: ${{ github.token }}
+          REPO: '4m-mazi/gh-test'
+          CACHE: ${{ inputs.repoCache }}
+        run: |
+          gh api \
+            --method POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            "/repos/$REPO/dispatches" \
+             -f "event_type=debug" -F "client_payload[repoCache]=$CACHE"

.github/workflows/docker-publish.yml

@@ -21,7 +21,7 @@ env:
   BINARY_NAME: ${{ github.event.repository.name }}
 
   # renovate: datasource=github-releases depName=docker/buildx
-  BUILDX_VERSION: v0.12.1
+  BUILDX_VERSION: v0.16.2
 
 jobs:
   build:
@@ -58,7 +58,7 @@ jobs:
         if: matrix.target == 'x86_64-unknown-linux-musl'
         run: |
           sudo apt-get install -y musl-tools --no-install-recommends
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: stable
@@ -68,12 +68,12 @@ jobs:
           key: ${{ matrix.target }}
       - name: Install cross
         if: ${{ !matrix.os && matrix.use-cross }}
-        uses: taiki-e/install-action@5794068c211bc8f5f4514b7c3f03d6adbe66f1b7 # v2.26.18
+        uses: taiki-e/install-action@d79dff47733726f636463323dd2d82724f6c36ba # v2.42.18
         with:
           tool: cross
       - run: mkdir dist
       - run: ${{ (!matrix.os && matrix.use-cross) && 'cross' || 'cargo' }} rustc --locked --release --target=${{ matrix.target }} -- --emit=link=dist/binary
-      - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+      - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: ${{ matrix.target }}
           path: |
@@ -103,21 +103,21 @@ jobs:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       GH_REPO: ${{ github.repository }}
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           sparse-checkout: |
             .github/files/build/Dockerfile
           sparse-checkout-cone-mode: false
       - name: Download build artifact
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           path: artifact
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
         with:
           version: ${{ env.BUILDX_VERSION }}
       - name: Log in to the Container registry
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -136,7 +136,7 @@ jobs:
             type=ref,event=branch
             type=sha
       - name: Build and push Docker image
-        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0
         with:
           context: .
           file: .github/files/build/Dockerfile