.github/release-drafter.yml

@@ -12,7 +12,7 @@ categories:
       - 'changelog:changed'
   - title: Deprecated
     labels:
-      - 'changelog:deprecated '
+      - 'changelog:deprecated'
   - title: Removed
     labels:
     - 'changelog:removed'

.github/workflows/git-auto-commit.yml

@@ -10,17 +10,22 @@ jobs:
   git-auto-commit:
     runs-on: ubuntu-latest
 
+    permissions:
+      # Give the default GITHUB_TOKEN write permission.
+      # https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only/
+      contents: write
+
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Use git-auto-commit-action
       id: "auto-commit-action"
       uses: ./
 
     - name: "no changes detected"
-      if: steps.auto-commit-action.outputs.changes_detected == false
+      if: steps.auto-commit-action.outputs.changes_detected == 'false'
       run: "echo \"No changes detected\""
 
     - name: "changes detected"
-      if: steps.auto-commit-action.outputs.changes_detected == true
+      if: steps.auto-commit-action.outputs.changes_detected == 'true'
       run: "echo \"Changes detected\""

.github/workflows/linter.yml

@@ -9,10 +9,10 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Lint Code Base
-        uses: github/super-linter@v4
+        uses: github/super-linter@v5
         env:
           VALIDATE_ALL_CODEBASE: false
           VALIDATE_MARKDOWN: false

.github/workflows/release-drafter.yml

@@ -8,6 +8,12 @@ on:
 jobs:
   update_release_draft:
     runs-on: ubuntu-latest
+
+    permissions:
+      # Give the default GITHUB_TOKEN write permission.
+      # https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only/
+      contents: write
+
     steps:
       - uses: release-drafter/release-drafter@v5
         env:

.github/workflows/tests.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Install testing dependencies
       run: yarn install

.github/workflows/update-changelog.yaml

@@ -8,9 +8,15 @@ jobs:
   update:
     runs-on: ubuntu-latest
 
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the
+      # updated CHANGELOG back to the repository.
+      # https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only/
+      contents: write
+
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: master
 

.github/workflows/versioning.yml

@@ -7,6 +7,12 @@ on:
 jobs:
   actions-tagger:
     runs-on: windows-latest
+
+    permissions:
+      # Give the default GITHUB_TOKEN write permission.
+      # https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only/
+      contents: write
+
     steps:
       - uses: Actions-R-Us/actions-tagger@latest
         env:

CHANGELOG.md

@@ -5,10 +5,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## [Unreleased](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.4...HEAD)
+## [Unreleased](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.16.0...HEAD)
 
 > TBD
 
+## [v4.16.0](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.4...v4.16.0) - 2022-12-02
+
+### Changed
+
+- Don't commit files when only LF/CRLF changes ([#265](https://github.com/stefanzweifel/git-auto-commit-action/pull/265)) [@ZeroRin](https://github.com/@ZeroRin)
+- Update default email address of github-actions[bot] ([#264](https://github.com/stefanzweifel/git-auto-commit-action/pull/264)) [@Teko012](https://github.com/@Teko012)
+
+### Fixed
+
+- Fix link and text for workflow limitation ([#263](https://github.com/stefanzweifel/git-auto-commit-action/pull/263)) [@Teko012](https://github.com/@Teko012)
+
 ## [v4.15.4](https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.3...v4.15.4) - 2022-11-05
 
 ### Fixed

CODE_OF_CONDUCT.md

@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at hello@stefanzweifel.io. All
+reported by contacting the project team at stefan@stefanzweifel.dev. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.

README.md

@@ -13,14 +13,42 @@ If you want to learn more how this Action works under the hood, check out [this
 
 ## Usage
 
-Add the following step at the end of your job, after other steps that might add or change files.
+Adding git-auto-commit to your Workflow only takes a couple lines of code.
+
+1. Set the `contents`-permission of the default GITHUB_TOKEN to `true`. (Required to push new commits to the repository)
+2. Add the following step at the end of your job, after other steps that might add or change files.
 
 ```yaml
 - uses: stefanzweifel/git-auto-commit-action@v4
 ```
 
-Note that the Action has to be used in a Job that runs on a UNIX system (e.g. `ubuntu-latest`).
-If you don't use the default permission of the GITHUB_TOKEN, give the Job or Workflow at least the `contents: write` permission.
+Your Workflow should look similar to this example.
+
+```yaml
+name: Format
+
+on: push
+
+jobs:
+  format-code:
+    runs-on: ubuntu-latest
+
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the
+      # added or changed files to the repository.
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      # Other steps that change files in the repository
+
+      # Commit all changed files back to the repository
+      - uses: stefanzweifel/git-auto-commit-action@v4
+```
+
+> **Note**  
+> The Action has to be used in a Job that runs on a UNIX system (e.g. `ubuntu-latest`).
 
 The following is an extended example with all available options.
 
@@ -111,8 +139,12 @@ jobs:
   php-cs-fixer:
     runs-on: ubuntu-latest
 
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository.
+      contents: write
+
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
       with:
         ref: ${{ github.head_ref }}
 
@@ -169,7 +201,7 @@ You must use `action/checkout@v2` or later versions to check out the repository.
 In non-`push` events, such as `pull_request`, make sure to specify the `ref` to check out:
 
 ```yaml
-- uses: actions/checkout@v2
+- uses: actions/checkout@v4
   with:
     ref: ${{ github.head_ref }}
 ```
@@ -187,7 +219,7 @@ You can change this by creating a new [Personal Access Token (PAT)](https://gith
 storing the token as a secret in your repository and then passing the new token to the [`actions/checkout`](https://github.com/actions/checkout#usage) Action step.
 
 ```yaml
-- uses: actions/checkout@v2
+- uses: actions/checkout@v4
   with:
     token: ${{ secrets.PAT }}
 ```
@@ -198,17 +230,66 @@ If you work in an organization and don't want to create a PAT from your personal
 
 ### Change to file is not detected
 
-Does your workflow change a file but "git-auto-commit" does not detect the change? Check the `.gitignore` that applies to the respective file. You might have accidentally marked the file to be ignored by git.
+Does your workflow change a file, but "git-auto-commit" does not detect the change? Check the `.gitignore` that applies to the respective file. You might have accidentally marked the file to be ignored by git.
 
 ## Advanced Uses
 
+### Multiline Commit Messages
+
+If your commit message should span multiple lines, you have to create a separate step to generate the string. 
+
+The example below can be used as a starting point to generate a multiline commit meesage. Learn more how multiline strings in GitHub Actions work in the [GitHub documentation](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings).
+
+```yaml
+    # Building a multiline commit message
+    # Adjust to your liking
+    - run: echo "Commit Message 1" >> commitmessage.txt
+    - run: echo "Commit Message 2" >> commitmessage.txt
+    - run: echo "Commit Message 3" >> commitmessage.txt
+
+    # Create a multiline string to be used by the git-auto-commit Action
+    - name: Set commit message
+      id: commit_message_step
+      run: |
+        echo 'commit_message<<EOF' >> $GITHUB_OUTPUT
+        cat commitmessage.txt >> $GITHUB_OUTPUT
+        echo 'EOF' >> $GITHUB_OUTPUT
+
+    # Quick and dirty step to get rid of the temporary file holding the commit message
+    - run: rm -rf commitmessage.txt
+
+    - uses: stefanzweifel/git-auto-commit-action@v4
+      id: commit
+      with:
+        commit_message: ${{ steps.commit_message_step.outputs.commit_message }}
+```  
+
+### Signing Commits & Other Git Command Line Options
+
+Using command lines options needs to be done manually for each workflow which you require the option enabled. So for example signing commits requires you to import the gpg signature each and every time. The following list of actions are worth checking out if you need to automate these tasks regularly.
+
+- [Import GPG Signature](https://github.com/crazy-max/ghaction-import-gpg) (Suggested by [TGTGamer](https://github.com/tgtgamer))
+
+### Push to forks from private repositories
+
+By default, GitHub Actions doesn't run Workflows on forks from private repositories. To enable Actions for **private** repositories enable "Run workflows from pull requests" in your repository settings.
+
+See [this announcement from GitHub](https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/) or the [GitHub docs](https://docs.github.com/en/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository#enabling-workflows-for-private-repository-forks) for details.
+
+
+### Use in forks from public repositories
+
 <details>
-<summary>Use in forks from public repositories</summary>
+<summary>Expand to learn more</summary>
 
-**☝️ Important Notice**: This Action technically works with forks. However, please note that the combination of triggers and their options can cause issues. Please read [the documentation](https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows) on which triggers GitHub Actions support.\
-If you use this Action in combination with a linter/fixer, it's easier if you run the Action on `push` on your `main`-branch.
+> **Note**   
+> This Action technically works with forks. However, please note that the combination of triggers and their options can cause issues. Please read [the documentation](https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows) on which triggers GitHub Actions support.\
+> Ensure your contributors enable "Allow edits by maintainers" when opening a pull request. ([Learn more](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork)) \
+> \
+> **If you use this Action in combination with a linter/fixer, it's easier if you run the Action on `push` on your `main`-branch.**
 
----
+> **Warning**   
+> Due to limitations of GitHub, this Action currently can't push commits to a base repository, if the fork _lives_ under an organisation. See [github/community#6634](https://github.com/orgs/community/discussions/5634) and [this comment](https://github.com/stefanzweifel/git-auto-commit-action/issues/211#issuecomment-1428849944) for details.
 
 By default, this Action will not run on Pull Requests which have been opened by forks. (This is a limitation by GitHub, not by us.)   
 However, there are a couple of ways to use this Actions in Workflows that should be triggered by forked repositories.
@@ -234,10 +315,19 @@ on:
 jobs:
   php-cs-fixer:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
+        # Checkout the fork/head-repository and push changes to the fork.
+        # If you skip this, the base repository will be checked out and changes
+        # will be committed to the base repository!
         repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+        # Checkout the branch made in the fork. Will automatically push changes
+        # back to this branch.
         ref: ${{ github.head_ref }}
 
     - name: Run php-cs-fixer
@@ -248,6 +338,11 @@ jobs:
 
 ### Workflow should run in **forked** repository
 
+> **Warning**   
+> **This part of the documentation is outdated.**   
+> We were not able to configure a GitHub Action workflow for forks, that the workflow would run in the fork / head repository.
+> Please let us know in the [discussions](https://github.com/stefanzweifel/git-auto-commit-action/discussions)-area, if and how you achieved that.
+
 If the workflow should run in the forked repository, follow these steps:
 
 1. In addition to listening to the `pull_request` event in your Workflow triggers, you have to add an additional event: `pull_request_target`. You can learn more about this event in [the GitHub docs](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target).
@@ -271,7 +366,7 @@ jobs:
   php-cs-fixer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
 
     - name: Run php-cs-fixer
       uses: docker://oskarstark/php-cs-fixer-ga
@@ -295,37 +390,15 @@ For more information about running Actions on forks, see [this announcement from
 
 </details>
 
-<details>
-<summary>Push to forks from private repositories</summary>
-
-By default, GitHub Actions doesn't run Workflows on forks from private repositories. To enable Actions for **private** repositories enable "Run workflows from pull requests" in your repository settings.
-
-See [this announcement from GitHub](https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/) or the [GitHub docs](https://docs.github.com/en/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository#enabling-workflows-for-private-repository-forks) for details.
-
-</details>
-
-<details>
-<summary>
-  Signing Commits & Other Git Command Line Options
-</summary>
-
-Using command lines options needs to be done manually for each workflow which you require the option enabled. So for example signing commits requires you to import the gpg signature each and every time. The following list of actions are worth checking out if you need to automate these tasks regularly.
-
-- [Import GPG Signature](https://github.com/crazy-max/ghaction-import-gpg) (Suggested by [TGTGamer](https://github.com/tgtgamer))
-
-</details>
+### Using `--amend` and `--no-edit` as commit options
 
 <details>
-<summary>
-  Using `--amend` and `--no-edit` as commit options
-</summary>
-
-
-
+<summary>Expand to learn more</summary>
 
 If you would like to use this Action to create a commit using [`--amend`](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---amend) and [`--no-edit`](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---no-edit) you need to make some adjustments.
 
-**☝️ Important Notice:** You should understand the implications of rewriting history if you amend a commit that has already been published. [See rebasing](https://git-scm.com/docs/git-rebase#_recovering_from_upstream_rebase)
+> **Warning**   
+> You should understand the implications of rewriting history if you amend a commit that has already been published. [See rebasing](https://git-scm.com/docs/git-rebase#_recovering_from_upstream_rebase).
 
 First, you need to extract the previous commit message by using `git log -1 --pretty=%s`.
 Then you need to provide this last commit message to the Action through the `commit_message` input option.
@@ -335,7 +408,7 @@ Finally, you have to use `push_options: '--force'` to overwrite the git history
 The steps in your workflow might look like this:
 
 ```yaml
-- uses: actions/checkout@master
+- uses: actions/checkout@4
   with:
     # Fetch the last 2 commits instead of just 1. (Fetching just 1 commit would overwrite the whole history)
     fetch-depth: 2
@@ -379,13 +452,14 @@ First, you have to create a new [Personal Access Token (PAT)](https://github.com
 store the token as a secret in your repository and pass the new token to the [`actions/checkout`](https://github.com/actions/checkout#usage) Action step.
 
 ```yaml
-- uses: actions/checkout@v2
+- uses: actions/checkout@v4
   with:
     token: ${{ secrets.PAT }}
 ```
 You can learn more about Personal Access Token in the [GitHub documentation](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token).
 
-**Note:** If you're working in an organisation, and you don't want to create the PAT from your personal account, we recommend using a bot-account for such tokens.
+> **Note**
+> If you're working in an organisation, and you don't want to create the PAT from your personal account, we recommend using a bot-account for such tokens.
 
 
 If you go the "force pushes" route, you have to enable force pushes to a protected branch (See [documentation](https://help.github.com/en/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch)) and update your Workflow to use force push like this.