Releases: PSModule/Invoke-Pester
Release list
v5.1.0
🚀 [Minor]: Add optional GUID identity pinning to Pester selection (#73)
Adds an optional Guid input so a workflow can pin Pester by module identity (GUID), validated at install time. Combined with a #Requires GUID pin in test files, identity is validated the whole way — on the developer's machine and in CI at discovery, and now also in CI at the action's install step (shifted left, one clear failure point).
- Fixes #68
Added: Guid input for module-identity pinning
The optional Guid input pins Pester by module identity. After resolving and installing the version, the action validates the loaded module's GUID and fails fast if it does not match — guarding against a different module named Pester on the runner's PSModulePath.
- uses: PSModule/Invoke-Pester@v5
with:
Version: '6.0.0'
Guid: 'a699dea5-2c73-4616-a270-1f7abb777e71'Validation now happens at every layer:
- Developer machine / CI at test discovery — via
#Requires -Modules @{ ...; GUID = ... }in test files. - CI at the action's init/install step — via the new
Guidinput (earliest single point of failure).
Technical Details
action.yml: new optionalGuidinput, passed to both the init and exec phases viaPSMODULE_INVOKE_PESTER_INPUT_Guid.Install-PSResourceWithRetry: new-Guidparameter; after import, it validates the loaded module'sGuidand throws a clear error on mismatch.Install-PSResourcecannot select by GUID (gallery identity is name + version), so identity is enforced at import.init.ps1/exec.ps1: read the input and pass-Guidthrough.- Tests:
PesterGuidPinpins via both theGuidinput and#Requires(validating the whole way).PesterGuidMatchpins via theGuidinput only (version-only#Requires), asserting a matching GUID lets the run succeed.PesterGuidMismatchpasses a wrongGuidand asserts the action fails.
- Docs: README input table updated.
- Verified locally: a correct GUID imports; a wrong GUID throws
Loaded 'Pester' does not match the required GUID ....
This closes the last remaining item on #68 — the version-selection core shipped in #71 (v5.0.0), and this adds the optional GUID identity pin.
v5.0.0
🌟 [Major]: Version and Prerelease inputs now control Pester (#71)
Invoke-Pester now treats Version and Prerelease as Pester controls. Workflows that previously used those inputs to choose the GitHub PowerShell module used by the init bootstrap step must rename them to GitHubVersion and GitHubPrerelease. Workflows that did not set Version or Prerelease keep installing the latest available Pester by default.
- Related to #68
- Aligns with PSModule/GitHub-Script#97 for NuGet version-range syntax
Breaking Changes
Version and Prerelease now apply to Pester, not the GitHub PowerShell module used internally during init.
Before this change, a workflow like this selected the GitHub module version:
- uses: PSModule/Invoke-Pester@vPrevious
with:
Version: '1.8.0'
Prerelease: falseAfter this change, use the GitHub-prefixed inputs for the bootstrap module:
- uses: PSModule/Invoke-Pester@vNext
with:
GitHubVersion: '1.8.0'
GitHubPrerelease: falseUse Version and Prerelease only when selecting the Pester version that should run the test suite:
- uses: PSModule/Invoke-Pester@vNext
with:
Version: '[6.0.0,7.0.0)'
Prerelease: falseNew: Pester version selection per workflow
Version accepts NuGet version syntax, including bare exact versions such as 6.0.0, exact-match ranges such as [6.0.0], and bounded ranges such as [5.0.0,6.0.0). When Version is empty, the action installs the latest available Pester version.
Prerelease controls whether prerelease Pester versions are allowed.
Changed: GitHub bootstrap versioning is GitHub-prefixed
The GitHub PowerShell module used by the init bootstrap step remains configurable, but its inputs are now GitHubVersion and GitHubPrerelease so they do not conflict with the action's Pester-focused inputs.
GitHubVersion also documents NuGet version-range syntax and is passed through to the GitHub-Script action's Version input. A bare version stays exact, matching the NuGet/PSResourceGet behavior described in PSModule/GitHub-Script#97.
Changed: Latest remains the default Pester behavior
Existing consumers can omit Version to keep installing the latest available Pester version. Teams that need a cap or exact version can set it in workflow configuration, while per-repository #Requires declarations remain the safety net that fails tests when the loaded Pester does not satisfy the repository's requirement.
Fixed: The loaded Pester version matches the selected version
The action now imports the exact Pester version resolved from the configured constraint. Version reporting also reflects the loaded module, so workflow logs show the Pester version that actually runs the tests.
Technical Details
- Changed the public action API so
VersionandPrereleaseare owned by Pester. - Moved the GitHub module bootstrap controls to
GitHubVersionandGitHubPrerelease, then pass them through toPSModule/GitHub-Scriptas itsVersionandPrereleaseinputs. - Updated init and exec phases to read Pester settings from
PSMODULE_INVOKE_PESTER_INPUT_VersionandPSMODULE_INVOKE_PESTER_INPUT_Prerelease. - Updated
Install-PSResourceWithRetryto pass-Version,-Prerelease, and-PassThrutoInstall-PSResource, resolve the installed/satisfying version, and import it globally withImport-Module -RequiredVersion ... -Global -ErrorAction Stop. - Updated init/exec version logging from
Get-PSResourcetoGet-Moduleso logs report the loaded version rather than the highest installed resource. - Hardened the Pester import to fail fast when
Versionis set but no satisfying installed version can be resolved, instead of silently importing an unconstrained module; the no-Versionfallback now imports with-ErrorAction Stop. - Added Action-Test coverage for a Pester 5.x range (
[5.0.0,6.0.0)) and exact Pester6.0.0; both constraint jobs pass in CI. - This supersedes #70's hardcoded
[6.0.0,7.0.0)action-level lock and leaves GUID identity pinning as a later enhancement for #68.
v4.2.6
Bump PSModule/GitHub-Script from 1.7.10 to 1.8.0 (#64)
Bumps PSModule/GitHub-Script from 1.7.10 to 1.8.0.
Release notes
Sourced from PSModule/GitHub-Script's releases.
v1.8.0
🚀 [Minor]: GitHub API rate limit details now available in action logs (#89)
GitHub API rate limit consumption is now visible directly in the action logs. When enabled, rate limit details - including remaining quota, limit, used count, and reset time for all resource categories - are displayed before and after the user script runs, making it easy to see exactly how many API calls a workflow step consumed.
- Fixes #88
New: Rate limit visibility in action logs
A new
ShowRateLimitinput (default:'false') controls whether rate limit information appears in the logs. When set to'true', a Rate Limits LogGroup appears inside the Info fence before the user script, and another Rate Limits LogGroup appears inside the Outputs fence after it.- uses: PSModule/GitHub-Script@v1 with: ShowRateLimit: 'true' Script: | Get-GitHubRepository -Owner PSModule -Name GitHub-ScriptThe output includes a formatted table of all resource categories returned by
Get-GitHubRateLimit(core, search, graphql, etc.), each showingLimit,Used,Remaining,ResetsAt, andResetsIn.When the input is omitted or set to
'false'(the default), no rate limit output appears.If
ShowRateLimitis enabled butShowInfoorShowOutputis off, the corresponding fence still renders with just the rate limit content inside. For auth types that do not supportGet-GitHubRateLimit(for example GitHub App contexts), a warning is shown instead of failing.Technical Details
- Added
ShowRateLimitinput toaction.ymlwithrequired: falseanddefault: 'false'.- Added
PSMODULE_GITHUB_SCRIPT_INPUT_ShowRateLimitenvironment variable to the composite step.- Created
src/ratelimit.ps1as a helper script (no fence borders) that checks the guard and renders a singleRate LimitsLogGroup.src/ratelimit.ps1now callsGet-GitHubRateLimit -ErrorAction Stopso non-terminating errors are caught reliably in unsupported auth contexts.src/ratelimit.ps1explicitly selectsName,Limit,Used,Remaining,ResetsAt, andResetsInbefore formatting to keep columns deterministic.- Modified
src/info.ps1: adjusted the early-return guard to also considerShowRateLimit, wrapped existing LogGroups inif ($showInfo), and callsratelimit.ps1before the fence close.- Modified
src/outputs.ps1: adjusted the early-return guard to also considerShowRateLimit, wrapped existing output LogGroups inif ($result), and callsratelimit.ps1before the fence close.- The
action.ymlrun block remains in the same flow, whileinfo.ps1andoutputs.ps1invoke the helper internally.- Enabled
ShowRateLimit: trueacross all Action-Test scenarios in.github/workflows/TestWorkflow.yml, including Basic, WithScript path variants, Commands + Outputs, Matrix Creator, WithoutToken, WithPAT, WithUserFGPAT, WithOrgFGPAT, GitHubAppEnt, GitHubAppOrg + quoted inputs, WithKeyVaultKeyReference, WithKeyVaultKeyReferenceLatest, and PreserveCredentials False.
Commits
1ee97bb🚀 [Minor]: GitHub API rate limit details now available in action logs (#89)8649c46Bump azure/login from 2.3.0 to 3.0.0 (#86)e3b0111⚙️ [Maintenance]: Add afterall to codespell ignore words list (#85)2d8efc6Bump super-linter/super-linter from 8.4.0 to 8.5.0 (#84)611c5dc⚙️ [Maintenance]: Update super-linter to v8.4.0 (#83)99556fc⚙️ [Maintenance]: Align workflows across action repositories (#82)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
v4.2.5
Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#63)
Bumps actions/upload-artifact from 7.0.0 to 7.0.1.
Release notes
Sourced from actions/upload-artifact's releases.
v7.0.1
What's Changed
- Update the readme with direct upload details by
@danwkennedyin actions/upload-artifact#795- Readme: bump all the example versions to v7 by
@danwkennedyin actions/upload-artifact#796- Include changes in typespec/ts-http-runtime 0.3.5 by
@yacaovsncin actions/upload-artifact#797Full Changelog: actions/upload-artifact@v7...v7.0.1
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
v4.2.4
Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#61)
Bumps actions/upload-artifact from 6.0.0 to 7.0.0.
Release notes
Sourced from actions/upload-artifact's releases.
v7.0.0
v7 What's new
Direct Uploads
Adds support for uploading single files directly (unzipped). Callers can set the new
archiveparameter tofalseto skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. Thenameparameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.ESM
To support new versions of the
@actions/*packages, we've upgraded the package to ESM.What's Changed
- Add proxy integration test by
@Link- in actions/upload-artifact#754- Upgrade the module to ESM and bump dependencies by
@danwkennedyin actions/upload-artifact#762- Support direct file uploads by
@danwkennedyin actions/upload-artifact#764New Contributors
@Link- made their first contribution in actions/upload-artifact#754Full Changelog: actions/upload-artifact@v6...v7.0.0
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
v4.2.3
🩹[Patch]: Workflow improvements (#55)
This pull request introduces several significant improvements to the GitHub Actions workflows, action implementation, and supporting test infrastructure. The most important changes include a complete overhaul of the release automation, enhancements to the action's prescript functionality, updates to workflow dependencies for improved security and reproducibility, and expanded test scripts for better validation and maintainability.
- Fixes #54
Workflow and Release Automation Updates:
-
Replaces
.github/workflows/Auto-Release.ymland.github/release.ymlwith a new.github/workflows/Release.ymlworkflow that is more targeted, triggers only on relevant changes, and uses a pinned version of thePSModule/Release-GHRepositoryaction for deterministic releases. -
Changes Dependabot update schedule from weekly to daily and introduces a cooldown period, improving dependency management responsiveness.
Action Implementation and Security:
- Refactors the action's execution logic to move prescript execution into a dedicated
src/prescript.ps1script, which safely handles both inline scripts and file paths. Updates references inaction.ymlto use this new script and pins all GitHub Actions to specific commit SHAs for security and reproducibility.
Linter and Workflow Improvements:
-
Updates linter workflow to use pinned versions of
actions/checkoutandsuper-linter/super-linter, disables certain validations for performance, and removes the.github/linters/.jscpd.jsonconfiguration file as duplicate code checks are now disabled. -
Adds an exclusion for the
PSAvoidUsingWriteHostrule in PowerShell Script Analyzer configuration, reflecting intentional usage for GitHub Actions output.
Documentation and Test Infrastructure:
-
Enhances the
README.mddocumentation for action inputs and outputs, improving formatting and clarity for users. -
Adds new PowerShell test scripts (
tests/Prescript.ps1,tests/Show-Status.ps1,tests/Test-ActionResults.ps1) to validate prescript execution, action status reporting, and aggregate test results with summary reporting. Updates test configuration to explicitly set code coverage paths.
Detailed list of most important changes:
1. Workflow and Release Automation
- Replaces legacy auto-release workflows with a new, more secure and targeted
Release.ymlworkflow, using pinned action versions and triggering only on relevant file changes. - Dependabot now checks for updates daily with a 7-day cooldown, improving dependency freshness.
2. Action Implementation and Security
- Moves prescript execution to a new
src/prescript.ps1script that safely handles both inline and file-based scripts, and updatesaction.ymlto use this script. - Pins all third-party GitHub Actions in workflows and action implementation to specific commit SHAs for enhanced security and reproducibility.
3. Linter and Workflow Improvements
- Updates linter workflow to use pinned versions and disables duplicate code checks and certain validations for performance; removes
.jscpd.jsonas it is no longer needed. - Excludes
PSAvoidUsingWriteHostin PowerShell linting to accommodate intentional usage in GitHub Actions.
4. Documentation and Test Infrastructure
- Improves documentation for action inputs and outputs in
README.md, providing clearer descriptions and formatting. - Adds new test scripts for prescript validation, action status display, and aggregate action results, and updates test configuration for code coverage.
v4.2.2
Bump actions/checkout from 5 to 6 (#52)
Bumps actions/checkout from 5 to 6.
Release notes
Sourced from actions/checkout's releases.
v6.0.0
What's Changed
- Update README to include Node.js 24 support details and requirements by
@salmanmkcin actions/checkout#2248- Persist creds to a separate file by
@ericsciplein actions/checkout#2286- v6-beta by
@ericsciplein actions/checkout#2298- update readme/changelog for v6 by
@ericsciplein actions/checkout#2311Full Changelog: actions/checkout@v5.0.0...v6.0.0
v6-beta
What's Changed
Updated persist-credentials to store the credentials under
$RUNNER_TEMPinstead of directly in the local git config.This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.
v5.0.1
What's Changed
- Port v6 cleanup to v5 by
@ericsciplein actions/checkout#2301Full Changelog: actions/checkout@v5...v5.0.1
Changelog
Sourced from actions/checkout's changelog.
Changelog
V6.0.0
- Persist creds to a separate file by
@ericsciplein actions/checkout#2286- Update README to include Node.js 24 support details and requirements by
@salmanmkcin actions/checkout#2248V5.0.1
- Port v6 cleanup to v5 by
@ericsciplein actions/checkout#2301V5.0.0
- Update actions checkout to use node 24 by
@salmanmkcin actions/checkout#2226V4.3.1
- Port v6 cleanup to v4 by
@ericsciplein actions/checkout#2305V4.3.0
- docs: update README.md by
@motssin actions/checkout#1971- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044- Update README.md by
@nebuk89in actions/checkout#2194- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224- Update package dependencies by
@salmanmkcin actions/checkout#2236v4.2.2
url-helper.tsnow leverages well-known environment variables by@jww3in actions/checkout#1941- Expand unit test coverage for
isGhesby@jww3in actions/checkout#1946v4.2.1
- Check out other refs/* by commit if provided, fall back to ref by
@orhantoyin actions/checkout#1924v4.2.0
- Add Ref and Commit outputs by
@lucacomein actions/checkout#1180- Dependency updates by
@dependabot- actions/checkout#1777, actions/checkout#1872v4.1.7
- Bump the minor-npm-dependencies group across 1 directory with 4 updates by
@dependabotin actions/checkout#1739- Bump actions/checkout from 3 to 4 by
@dependabotin actions/checkout#1697- Check out other refs/* by commit by
@orhantoyin actions/checkout#1774- Pin actions/checkout's own workflows to a known, good, stable version. by
@jww3in actions/checkout#1776v4.1.6
- Check platform to set archive extension appropriately by
@cory-millerin actions/checkout#1732v4.1.5
- Update NPM dependencies by
@cory-millerin actions/checkout#1703- Bump github/codeql-action from 2 to 3 by
@dependabotin actions/checkout#1694- Bump actions/setup-node from 1 to 4 by
@dependabotin actions/checkout#1696- Bump actions/upload-artifact from 2 to 4 by
@dependabotin actions/checkout#1695
... (truncated)
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-d...
v4.2.1
Bump actions/upload-artifact from 4 to 5 (#51)
Bumps actions/upload-artifact from 4 to 5.
Release notes
Sourced from actions/upload-artifact's releases.
v5.0.0
What's Changed
BREAKING CHANGE: this update supports Node
v24.x. This is not a breaking change per-se but we're treating it as such.
- Update README.md by
@GhadimiRin actions/upload-artifact#681- Update README.md by
@nebuk89in actions/upload-artifact#712- Readme: spell out the first use of GHES by
@danwkennedyin actions/upload-artifact#727- Update GHES guidance to include reference to Node 20 version by
@patrikpolyakin actions/upload-artifact#725- Bump
@actions/artifacttov4.0.0- Prepare
v5.0.0by@danwkennedyin actions/upload-artifact#734New Contributors
@GhadimiRmade their first contribution in actions/upload-artifact#681@nebuk89made their first contribution in actions/upload-artifact#712@danwkennedymade their first contribution in actions/upload-artifact#727@patrikpolyakmade their first contribution in actions/upload-artifact#725Full Changelog: actions/upload-artifact@v4...v5.0.0
v4.6.2
What's Changed
- Update to use artifact 2.3.2 package & prepare for new upload-artifact release by
@salmanmkcin actions/upload-artifact#685New Contributors
@salmanmkcmade their first contribution in actions/upload-artifact#685Full Changelog: actions/upload-artifact@v4...v4.6.2
v4.6.1
What's Changed
- Update to use artifact 2.2.2 package by
@yacaovsncin actions/upload-artifact#673Full Changelog: actions/upload-artifact@v4...v4.6.1
v4.6.0
What's Changed
- Expose env vars to control concurrency and timeout by
@yacaovsncin actions/upload-artifact#662Full Changelog: actions/upload-artifact@v4...v4.6.0
v4.5.0
What's Changed
- fix: deprecated
Node.jsversion in action by@hamirmahalin actions/upload-artifact#578- Add new
artifact-digestoutput by@bdehamerin actions/upload-artifact#656New Contributors
@hamirmahalmade their first contribution in actions/upload-artifact#578
... (truncated)
Commits
330a01cMerge pull request #734 from actions/danwkennedy/prepare-5.0.003f2824Updategithub.dep.yml905a1ecPreparev5.0.02d9f9cdMerge pull request #725 from patrikpolyak/patch-19687587Merge branch 'main' into patch-12848b2cMerge pull request #727 from danwkennedy/patch-19b51177Spell out the first use of GHEScd231caUpdate GHES guidance to include reference to Node 20 versionde65e23Merge pull request #712 from actions/nebuk89-patch-18747d8cUpdate README.md- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
v4.2.0
🚀[Feature]: Add Notice_Mode input to control test completion notifications (#50)
This release introduces a new Notice_Mode input parameter to control when GitHub notices are displayed for test completion. By default, notices are now only shown on test failure, providing more flexibility in managing action output verbosity.
What's New
- New Input:
Notice_Mode- Controls when GitHub notices are displayed for test completion:Full: Show notices on both success and failure.Failed(default): Show notices only on failure.None: Disable notices entirely.
This provides more flexibility in managing action output verbosity.
Changes
- Enhanced
scripts/exec.ps1to conditionally display notices based on the new input. - Updated
action.ymlto define the new input and pass it via environment variables. - Updated
README.mdwith input documentation. - Minor fix: Corrected case in string replacement method calls.
v4.1.7
🩹 [Patch]: Update Dependabot configuration to include labels for GitHub Actions (#49)
Description
This pull request makes a small configuration update to the Dependabot settings, adding labels to pull requests for GitHub Actions dependencies. This will help with categorizing and filtering dependency updates more easily.
.github/dependabot.yml: Addeddependenciesandgithub-actionslabels to Dependabot PRs for GitHub Actions updates.