auto1-oss · amarkotasky · Apr 20, 2026 · Feb 17, 2025 · Feb 22, 2025 · Feb 22, 2025
diff --git a/.all-contributorsrc b/.all-contributorsrc
@@ -254,6 +254,34 @@
       "contributions": [
         "code"
       ]
+    },
+    {
+      "login": "RajendraP",
+      "name": "Rajendra Pandey",
+      "avatar_url": "https://avatars.githubusercontent.com/u/8928165?v=4",
+      "profile": "https://github.com/RajendraP",
+      "contributions": [
+        "doc"
+      ]
+    },
+    {
+      "login": "undefined-moe",
+      "name": "undefined",
+      "avatar_url": "https://avatars.githubusercontent.com/u/29992205?v=4",
+      "profile": "https://undefined.moe/",
+      "contributions": [
+        "doc"
+      ]
+    },
+    {
+      "login": "Jellyfrog",
+      "name": "Jellyfrog",
+      "avatar_url": "https://avatars.githubusercontent.com/u/759887?v=4",
+      "profile": "https://github.com/Jellyfrog",
+      "contributions": [
+        "code",
+        "doc"
+      ]
     }
   ],
   "contributorsPerLine": 7,

diff --git a/.github/workflows/codacy-analysis.yml b/.github/workflows/codacy-analysis.yml
@@ -29,12 +29,12 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
       - name: Run Codacy Analysis CLI
         continue-on-error: true
-        uses: codacy/codacy-analysis-cli-action@v4.4.5
+        uses: codacy/codacy-analysis-cli-action@562ee3e92b8e92df8b67e0a5ff8aa8e261919c08 # v4.4.7
         with:
           # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
           # You can also omit the token and run the tools that support default configurations
@@ -51,6 +51,6 @@ jobs:
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
         continue-on-error: true
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v3.29.5
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -43,11 +43,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v3.29.5
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -61,7 +61,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v3.29.5
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -74,6 +74,6 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v3.29.5
       with:
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml
diff --git a/.github/workflows/issue-comment-job-example.yml b/.github/workflows/issue-comment-job-example.yml
@@ -19,7 +19,7 @@ jobs:
           NUMBER: ${{ github.event.issue.number }}
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           submodules: true
           fetch-depth: 0
@@ -104,7 +104,7 @@ jobs:
           NUMBER: ${{ github.event.issue.number }}
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           submodules: true
           fetch-depth: 0

diff --git a/.github/workflows/manual-triggered-job-example.yml b/.github/workflows/manual-triggered-job-example.yml
@@ -5,6 +5,12 @@ permissions:
 
 on:
   workflow_dispatch:
+    inputs:
+      files:
+        required: false
+        type: string
+        default: |
+          **.md **/**.md test/*.txt
 
 jobs:
   test:
@@ -18,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           submodules: true
           fetch-depth: 0
@@ -35,8 +41,8 @@ jobs:
         id: changed-files-glob
         uses: ./
         with:
-          files: |
-            test/*.txt
+          files: ${{ inputs.files }}
+          files_separator: " "  # Space delimited files (default is "\n")
 
       - name: Show output
         run: |

diff --git a/.github/workflows/matrix-example.yml b/.github/workflows/matrix-example.yml
@@ -17,7 +17,7 @@ jobs:
       matrix: ${{ steps.changed-files.outputs.all_changed_files }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
       - name: Get changed files
@@ -39,7 +39,19 @@ jobs:
       fail-fast: false
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Test
         run: |
           echo ${{ matrix.files }}
+
+  conditional-job:
+    name: Run Conditional Job
+    runs-on: ubuntu-latest
+    needs: [changed-files]
+    if: contains(needs.changed-files.outputs.matrix, 'README.md') # Conditional check for README
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Execute Conditional Logic
+        run: |
+          echo "README.md has been changed. Running conditional job."
diff --git a/.github/workflows/multi-job-example.yml b/.github/workflows/multi-job-example.yml
@@ -19,7 +19,7 @@ jobs:
       all_changed_files: ${{ steps.changed-files.outputs.all_changed_files }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
       - name: Get changed files
@@ -45,7 +45,7 @@ jobs:
       all_changed_files: ${{ steps.changed-files.outputs.all_changed_files }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
       - name: Get changed files

diff --git a/.github/workflows/sync-release-version.yml b/.github/workflows/sync-release-version.yml
@@ -13,36 +13,38 @@ jobs:
   update-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
       - name: Run release-tagger
-        uses: tj-actions/release-tagger@v4
+        uses: tj-actions/release-tagger@970a1f5f827a7b90902b0adc904f3bb70c1074e7 # v6.0.6
       - name: Sync release version.
-        uses: tj-actions/sync-release-version@v13
+        uses: tj-actions/sync-release-version@2a7ef0deb39b3ecce887ee99d2261c6cef989d84 # v13.16
         id: sync-release-version
         with:
           pattern: '${{ github.repository }}@'
           only_major: true
+          use_tag_commit_hash: true
           paths: |
             README.md
       - name: Sync release package version.
-        uses: tj-actions/sync-release-version@v13
+        uses: tj-actions/sync-release-version@2a7ef0deb39b3ecce887ee99d2261c6cef989d84 # v13.16
         id: sync-release-package-version
         with:
           pattern: '"version": "'
           strip_prefix: "v"
           paths: |
             package.json
       - name: Run git-cliff
-        uses: tj-actions/git-cliff@v1
+        uses: tj-actions/git-cliff@679041f051a4d2ab452f7e5e7b0eed2abee21131 # v2.2.0
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7.0.5
+        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
         with:
           base: "main"
           labels: "merge when passing"
+          sign-commits: true
           title: "Upgraded to ${{ steps.sync-release-version.outputs.new_version }}"
           branch: "upgrade-to-${{ steps.sync-release-version.outputs.new_version }}"
           commit-message: "Upgraded from ${{ steps.sync-release-version.outputs.old_version }} -> ${{ steps.sync-release-version.outputs.new_version }}"
           body: "View [CHANGES](https://github.com/${{ github.repository }}/compare/${{ steps.sync-release-version.outputs.old_version }}...${{ steps.sync-release-version.outputs.new_version }})"
-          token: ${{ secrets.PAT_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}