Bump robinraju/release-downloader from 1.10 to 1.11 (#116)

Bumps
[robinraju/release-downloader](https://github.com/robinraju/release-downloader)
from 1.10 to 1.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/robinraju/release-downloader/releases">robinraju/release-downloader's
releases</a>.</em></p>
<blockquote>
<h2>Release Downloader v1.11</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix <code>No assets found in release</code> error by <a
href="https://github.com/robinraju"><code>@​robinraju</code></a> in <a
href="https://redirect.github.com/robinraju/release-downloader/pull/722">robinraju/release-downloader#722</a></li>
<li>Update project config and dependencies by <a
href="https://github.com/robinraju"><code>@​robinraju</code></a> in <a
href="https://redirect.github.com/robinraju/release-downloader/pull/723">robinraju/release-downloader#723</a></li>
<li>Bump <code>@​types/tar</code> from 6.1.12 to 6.1.13 in the
npm-development group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/robinraju/release-downloader/pull/724">robinraju/release-downloader#724</a></li>
<li>Bump the npm-development group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/robinraju/release-downloader/pull/725">robinraju/release-downloader#725</a></li>
<li>Bump the npm-development group across 1 directory with 4 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/robinraju/release-downloader/pull/730">robinraju/release-downloader#730</a></li>
<li>Bump tar from 7.0.1 to 7.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/robinraju/release-downloader/pull/727">robinraju/release-downloader#727</a></li>
<li>Bump the npm-development group across 1 directory with 7 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/robinraju/release-downloader/pull/742">robinraju/release-downloader#742</a></li>
<li>Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/robinraju/release-downloader/pull/737">robinraju/release-downloader#737</a></li>
<li>Bump tar from 7.1.0 to 7.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/robinraju/release-downloader/pull/741">robinraju/release-downloader#741</a></li>
<li>Bump typed-rest-client from 1.8.11 to 2.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/robinraju/release-downloader/pull/744">robinraju/release-downloader#744</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/robinraju/release-downloader/compare/v1.10...v1.11">https://github.com/robinraju/release-downloader/compare/v1.10...v1.11</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/robinraju/release-downloader/commit/a96f54c1b5f5e09e47d9504526e96febd949d4c2"><code>a96f54c</code></a>
Bump typed-rest-client from 1.8.11 to 2.0.1 (<a
href="https://redirect.github.com/robinraju/release-downloader/issues/744">#744</a>)</li>
<li><a
href="https://github.com/robinraju/release-downloader/commit/821aec8754d281c38e1cea249e939ed5af9fc669"><code>821aec8</code></a>
Bump tar from 7.1.0 to 7.4.0 (<a
href="https://redirect.github.com/robinraju/release-downloader/issues/741">#741</a>)</li>
<li><a
href="https://github.com/robinraju/release-downloader/commit/8e9e67a554d01323e1d7462d33eef8a2668e949b"><code>8e9e67a</code></a>
Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group (<a
href="https://redirect.github.com/robinraju/release-downloader/issues/737">#737</a>)</li>
<li><a
href="https://github.com/robinraju/release-downloader/commit/a3cbfc11eebbb78b3b756c8e1e79ea72f0f569d6"><code>a3cbfc1</code></a>
Bump the npm-development group across 1 directory with 7 updates (<a
href="https://redirect.github.com/robinraju/release-downloader/issues/742">#742</a>)</li>
<li><a
href="https://github.com/robinraju/release-downloader/commit/2c0dbf1decf5a80c2fccc8c11dd930dfd427613f"><code>2c0dbf1</code></a>
Bump tar from 7.0.1 to 7.1.0 (<a
href="https://redirect.github.com/robinraju/release-downloader/issues/727">#727</a>)</li>
<li><a
href="https://github.com/robinraju/release-downloader/commit/8ecfadfd54d1e0313cd0f81fb148f168ffb20b6d"><code>8ecfadf</code></a>
Bump the npm-development group across 1 directory with 4 updates (<a
href="https://redirect.github.com/robinraju/release-downloader/issues/730">#730</a>)</li>
<li><a
href="https://github.com/robinraju/release-downloader/commit/8d13112ee2bcab98efd42aaa11b373429735ea80"><code>8d13112</code></a>
Bump the npm-development group with 3 updates (<a
href="https://redirect.github.com/robinraju/release-downloader/issues/725">#725</a>)</li>
<li><a
href="https://github.com/robinraju/release-downloader/commit/8e6a4e0026189fd811225dc1347d00fafb4d9563"><code>8e6a4e0</code></a>
Bump <code>@​types/tar</code> from 6.1.12 to 6.1.13 in the
npm-development group (<a
href="https://redirect.github.com/robinraju/release-downloader/issues/724">#724</a>)</li>
<li><a
href="https://github.com/robinraju/release-downloader/commit/6c76fddc2c9fe3a60e46f40bf36544738c020f96"><code>6c76fdd</code></a>
Update project config and dependencies (<a
href="https://redirect.github.com/robinraju/release-downloader/issues/723">#723</a>)</li>
<li><a
href="https://github.com/robinraju/release-downloader/commit/cb096d8fa1fcb0e897f30b1c571f07e2c8e12479"><code>cb096d8</code></a>
Fix <code>No assets found in release</code> error (<a
href="https://redirect.github.com/robinraju/release-downloader/issues/722">#722</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/robinraju/release-downloader/compare/v1.10...v1.11">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=robinraju/release-downloader&package-manager=github_actions&previous-version=1.10&new-version=1.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: fabasoad <[email protected]>

.github/workflows/release.yml

@@ -1,36 +1,12 @@
 ---
 name: Release
 
-on:
+on: # yamllint disable-line rule:truthy
   push:
     tags:
       - "v*.*.*"
 
 jobs:
-  create-release:
-    name: Create release
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Get changelog
-        id: changelog
-        uses: simbo/changes-since-last-release-action@v1
-      - name: Create release
-        uses: softprops/action-gh-release@v2
-        with:
-          tag_name: ${{ github.ref }}
-          name: ${{ github.ref_name }}
-          token: ${{ secrets.GITHUB_TOKEN }}
-          body: |
-            # Changelog
-
-            ${{ steps.changelog.outputs.log }}
-          draft: false
-          prerelease: false
-      - name: Bump tags
-        uses: fischerscode/tagger@v0
-        with:
-          prefix: v
+  github:
+    name: GitHub
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-github-release.yml@main

.github/workflows/security.yml

@@ -7,45 +7,10 @@ on: # yamllint disable-line rule:truthy
     branches:
       - main
 
-defaults:
-  run:
-    shell: sh
-
 jobs:
-  code-scanning:
-    name: Code scanning
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: "javascript"
-      - name: Perform CodeQL Analysis
-        id: codeql-analysis
-        uses: github/codeql-action/analyze@v3
-      - name: Upload to GHAS
-        if: always()
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          category: "code-scanning"
-          sarif_file: "${{ steps.codeql-analysis.outputs.sarif-output }}"
-  directory-scanning:
-    name: Directory scanning
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Scan current project
-        id: scan-directory
-        uses: anchore/scan-action@v3
-        with:
-          by-cve: "true"
-          path: "."
-      - name: Upload to GHAS
-        if: always()
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          category: "directory-scanning"
-          sarif_file: "${{ steps.scan-directory.outputs.sarif }}"
+  sast:
+    name: SAST
+    permissions:
+      contents: read
+      security-events: write
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-security-sast.yml@main

.github/workflows/sync-labels.yml

@@ -1,23 +1,13 @@
 ---
-name: Sync labels
+name: Labels
 
 on: # yamllint disable-line rule:truthy
   push:
     branches:
       - main
-    paths:
-      - .github/labels.yml
-      - .github/workflows/sync-labels.yml
   workflow_dispatch: {}
 
 jobs:
-  sync-labels:
-    name: Sync labels
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Run Label Syncer
-        uses: micnncim/action-label-syncer@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  maintenance:
+    name: Maintenance
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-sync-labels.yml@main

.github/workflows/update-license.yml

@@ -1,30 +1,11 @@
 ---
-name: Update license
+name: License
 
-on:
+on: # yamllint disable-line rule:truthy
   schedule:
     - cron: "0 5 1 1 *"
 
 jobs:
-  run:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Update LICENSE file
-        uses: FantasticFiasco/action-update-license-year@v3
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          assignees: ${{ github.repository_owner }}
-          labels: enhancement
-          prTitle: Update license copyright year to {{currentYear}}
-          prBody: |
-            ## Changelog
-
-            - Update license copyright year to {{currentYear}}
-
-            ---
-
-            Powered by [FantasticFiasco/action-update-license-year](https://github.com/FantasticFiasco/action-update-license-year)
+  maintenance:
+    name: Maintenance
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-update-license.yml@main

.pre-commit-config.yaml

@@ -1,7 +1,6 @@
 ---
 default_install_hook_types: ["pre-commit", "pre-push"]
 default_stages: ["commit", "push"]
-exclude: ^\.gitleaks\.toml$
 minimum_pre_commit_version: 2.18.0
 repos:
   # Security
@@ -10,12 +9,20 @@ repos:
     hooks:
       - id: detect-secrets
   - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.18.2
+    rev: v8.18.4
     hooks:
       - id: gitleaks
+  - repo: https://github.com/fabasoad/pre-commit-grype
+    rev: v0.3.1
+    hooks:
+      - id: grype-dir
+        stages: ["push"]
+        args:
+          - --grype-args=--by-cve --fail-on=low
+          - --hook-args=--log-level debug
   # Markdown
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.40.0
+    rev: v0.41.0
     hooks:
       - id: markdownlint-fix
         stages: ["commit"]
@@ -27,11 +34,11 @@ repos:
         stages: ["push"]
   # GitHub Actions
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.0
+    rev: v1.7.1
     hooks:
       - id: actionlint
         args: ["-pyflakes="]
-        stages: ["push"]
+        stages: ["commit"]
   # Other
   - repo: https://github.com/pre-commit/mirrors-prettier
     rev: v3.1.0

README.md

@@ -11,13 +11,13 @@ This action sets up a [Mint](https://www.mint-lang.com/) programming language.
 ## Supported OS
 
 <!-- prettier-ignore-start -->
-| OS      | Arch   |                    |
-|---------|--------|--------------------|
-| Windows | All    | :x:                |
-| Linux   | x86_84 | :white_check_mark: |
-| Linux   | arm    | :x:                |
-| macOS   | x86_84 | :white_check_mark: |
-| macOS   | arm    | :x:                |
+| OS      | Arch   |                                 |
+|---------|--------|---------------------------------|
+| Windows | All    | :x:                             |
+| Linux   | x86_84 | :white_check_mark:              |
+| Linux   | arm    | :x:                             |
+| macOS   | x86_84 | :white_check_mark:              |
+| macOS   | arm    | :white_check_mark: `(> 0.19.x)` |
 <!-- prettier-ignore-end -->
 
 ## Prerequisites
@@ -46,8 +46,8 @@ jobs:
     name: Setup
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@main
-      - uses: fabasoad/setup-mint-action@main
+      - uses: actions/checkout@v4
+      - uses: fabasoad/setup-mint-action@v1
       - name: Run script
         run: mint init test-project
 ```

action.yml

@@ -30,7 +30,7 @@ runs:
       working-directory: "${{ github.action_path }}/src"
     - name: Download
       if: ${{ steps.info.outputs.MINT_INSTALLED == 'false' }}
-      uses: robinraju/release-downloader@v1.10
+      uses: robinraju/release-downloader@v1.11
       with:
         repository: mint-lang/mint
         latest: false

src/collect-info.sh

@@ -13,27 +13,31 @@ if_old_version() {
   fi
 }
 
-echo "MINT_INSTALLED=$(if command -v mint >/dev/null 2>&1; then echo true; else echo false; fi)" >> "$GITHUB_OUTPUT"
-mkdir -p "$GITHUB_WORKSPACE/mint"
-echo "MINT_PATH=$GITHUB_WORKSPACE/mint" >> "$GITHUB_OUTPUT"
-if [ "${RUNNER_OS}" = "Linux" ]; then
-  MINT_BINARY=mint-${INPUT_VERSION}-linux
-else
-  if [ "${RUNNER_ARCH#ARM}" != "$RUNNER_ARCH" ]; then
-    if [ "$(if_old_version "${INPUT_VERSION}")" = "true" ]; then
-      msg="${RUNNER_OS} ${RUNNER_ARCH} is not supported by mint ${INPUT_VERSION}."
-      msg="${msg} Try newer version of mint (> 0.19.x)."
-      echo "::error title=OS is not supported::${msg}"
-      exit 1
-    else
-      MINT_BINARY=mint-${INPUT_VERSION}-macos-latest
-    fi
+main() {
+  echo "MINT_INSTALLED=$(if command -v mint >/dev/null 2>&1; then echo true; else echo false; fi)" >> "$GITHUB_OUTPUT"
+  mkdir -p "$GITHUB_WORKSPACE/mint"
+  echo "MINT_PATH=$GITHUB_WORKSPACE/mint" >> "$GITHUB_OUTPUT"
+  if [ "${RUNNER_OS}" = "Linux" ]; then
+    MINT_BINARY=mint-${INPUT_VERSION}-linux
   else
-    if [ "$(if_old_version "${INPUT_VERSION}")" = "true" ]; then
-      MINT_BINARY=mint-${INPUT_VERSION}-osx
+    if [ "${RUNNER_ARCH#ARM}" != "$RUNNER_ARCH" ]; then
+      if [ "$(if_old_version "${INPUT_VERSION}")" = "true" ]; then
+        msg="${RUNNER_OS} ${RUNNER_ARCH} is not supported by mint ${INPUT_VERSION}."
+        msg="${msg} Try newer version of mint (> 0.19.x)."
+        echo "::error title=OS is not supported::${msg}"
+        exit 1
+      else
+        MINT_BINARY=mint-${INPUT_VERSION}-macos-latest
+      fi
     else
-      MINT_BINARY=mint-${INPUT_VERSION}-macos-13
+      if [ "$(if_old_version "${INPUT_VERSION}")" = "true" ]; then
+        MINT_BINARY=mint-${INPUT_VERSION}-osx
+      else
+        MINT_BINARY=mint-${INPUT_VERSION}-macos-13
+      fi
     fi
   fi
-fi
-echo "MINT_BINARY=$MINT_BINARY" >> "$GITHUB_OUTPUT"
+  echo "MINT_BINARY=$MINT_BINARY" >> "$GITHUB_OUTPUT"
+}
+
+main "$@"