Releases: PSModule/Process-PSModule
Release list
v6.1.8
🩹 [Patch]: Consolidate Install-PSModuleHelpers into Install-PSModule (#397)
The Install-PSModuleHelpers action step has been consolidated under the unified Install-PSModule name across all workflow files and composite actions. Obsolete test fixture files that are no longer needed by the test repositories have also been removed.
- Fixes #347
Changed: Install step unified under Install-PSModule
The internal step name Install-PSModuleHelpers is renamed to Install-PSModule in all reusable workflows and composite actions. This affects:
.github/workflows/AfterAll-ModuleLocal.yml.github/workflows/BeforeAll-ModuleLocal.yml.github/workflows/Build-Site.yml.github/workflows/Test-ModuleLocal.yml.github/actions/Build-PSModule/action.yml.github/actions/Document-PSModule/action.yml
There is no change to the behavior or inputs/outputs of these workflows — this is a naming consolidation only.
Changed: Obsolete test fixtures removed
Unused source files, icons, assemblies, and configuration fixtures from the test repositories (srcTestRepo and srcWithManifestTestRepo) have been removed, reducing noise in the repo and simplifying the test structure.
Technical Details
- All step references
uses: ./_wf/.github/actions/Install-PSModuleHelpersreplaced withuses: ./_wf/.github/actions/Install-PSModule. - Deleted:
src/assemblies/LsonLib.dll,src/classes/,src/data/,src/finally.ps1,icon/,README.md,mkdocs.yml, and several other fixtures fromsrcTestRepo. - No consumer-visible API or behavior changes.
v6.1.7
🪲 [Fix]: TestData keys reach setup and teardown phases (#394)
TestData values now reach every module-local phase through the same export path. Setup scripts, module tests, and teardown scripts can rely on identical environment variable names for caller-provided secrets and variables, with secret masking preserved.
- Fixes #386
Fixed: Setup and teardown scripts receive TestData keys
BeforeAll-ModuleLocal, Test-ModuleLocal, and AfterAll-ModuleLocal now all call the same local Expose-TestData action after installing the shared helper module. This keeps TestData parsing, validation, masking, and GITHUB_ENV export behavior identical before each phase runs.
Callers continue to use the existing TestData workflow secret; no interface change is required.
Changed: TestData phase parity is documented
The README now states that the same TestData keys are available in setup, test, and teardown phases, and includes troubleshooting guidance for callers that use secrets: inherit without explicitly creating a TestData JSON payload.
Technical Details
- Added
.github/actions/Expose-TestData/action.ymlas the single workflow step wrapper aroundImport-TestData. - Updated
BeforeAll-ModuleLocal.yml,Test-ModuleLocal.yml, andAfterAll-ModuleLocal.ymlto use the shared action. - Added fixture assertions to both workflow test repositories so
PSMODULE_TEST_SINGLELINE_SECRETandPSMODULE_TEST_VARIABLEare checked inBeforeAll.ps1, Pester tests, andAfterAll.ps1. - Implementation plan progress: core shared export path, parity validation, setup/teardown regression coverage, and README guidance are complete.
- Local validation: helper test scripts passed; setup/teardown fixture assertions passed for both test repositories; touched workflow files passed actionlint with the repository's known
job.workflow_repository/job.workflow_shacontext warnings ignored.
v6.1.6
Bump PSModule/Invoke-Pester from 4.2.6 to 5.1.0 in the github-actions group across 1 directory (#393)
Bumps the github-actions group with 1 update in the / directory: PSModule/Invoke-Pester.
Updates PSModule/Invoke-Pester from 4.2.6 to 5.1.0
Release notes
Sourced from PSModule/Invoke-Pester's releases.
v5.1.0
🚀 [Minor]: Add optional GUID identity pinning to Pester selection (#73)
Adds an optional
Guidinput so a workflow can pin Pester by module identity (GUID), validated at install time. Combined with a#RequiresGUID pin in test files, identity is validated the whole way — on the developer's machine and in CI at discovery, and now also in CI at the action's install step (shifted left, one clear failure point).
- Fixes #68
Added:
Guidinput for module-identity pinningThe optional
Guidinput pins Pester by module identity. After resolving and installing the version, the action validates the loaded module's GUID and fails fast if it does not match — guarding against a different module namedPesteron the runner'sPSModulePath.- uses: PSModule/Invoke-Pester@v5 with: Version: '6.0.0' Guid: 'a699dea5-2c73-4616-a270-1f7abb777e71'Validation now happens at every layer:
- Developer machine / CI at test discovery — via
#Requires -Modules @{ ...; GUID = ... }in test files.- CI at the action's init/install step — via the new
Guidinput (earliest single point of failure).Technical Details
action.yml: new optionalGuidinput, passed to both the init and exec phases viaPSMODULE_INVOKE_PESTER_INPUT_Guid.Install-PSResourceWithRetry: new-Guidparameter; after import, it validates the loaded module'sGuidand throws a clear error on mismatch.Install-PSResourcecannot select by GUID (gallery identity is name + version), so identity is enforced at import.init.ps1/exec.ps1: read the input and pass-Guidthrough.- Tests:
PesterGuidPinpins via both theGuidinput and#Requires(validating the whole way).PesterGuidMatchpins via theGuidinput only (version-only#Requires), asserting a matching GUID lets the run succeed.PesterGuidMismatchpasses a wrongGuidand asserts the action fails.- Docs: README input table updated.
- Verified locally: a correct GUID imports; a wrong GUID throws
Loaded 'Pester' does not match the required GUID ....This closes the last remaining item on #68 — the version-selection core shipped in #71 (v5.0.0), and this adds the optional GUID identity pin.
v5.0.0
🌟 [Major]: Version and Prerelease inputs now control Pester (#71)
Invoke-Pester now treats
VersionandPrereleaseas Pester controls. Workflows that previously used those inputs to choose the GitHub PowerShell module used by the init bootstrap step must rename them toGitHubVersionandGitHubPrerelease. Workflows that did not setVersionorPrereleasekeep installing the latest available Pester by default.
- Related to #68
- Aligns with PSModule/GitHub-Script#97 for NuGet version-range syntax
Breaking Changes
VersionandPrereleasenow apply to Pester, not the GitHub PowerShell module used internally during init.Before this change, a workflow like this selected the GitHub module version:
... (truncated)
Commits
4ff3319🚀 [Minor]: Add optional GUID identity pinning to Pester selection (#73)8a4e652🌟 [Major]: Version and Prerelease inputs now control Pester (#71)0a4e7b3Bump actions/checkout from 6.0.2 to 7.0.0 (#66)3299427Bump super-linter/super-linter from 8.6.0 to 8.7.0 (#67)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
v6.1.5
🩹 [Patch]: Actions are internalized and automatically follow the workflow version (#385)
When you reference Process-PSModule at a release tag, run it from a branch during development, or test it from a fork, the actions it calls now automatically match that same version. There's no more keeping a workflow and its actions in sync by hand — pin the workflow, and the actions follow.
- Fixes #384
New: Actions automatically follow the workflow version in use
Every stage workflow now checks out its own source at the exact commit it is running from, then calls its actions from that local copy instead of a separately pinned action reference. In practice this means:
- Reference a release tag → you get that tag's actions.
- Run a development branch → the branch's actions run together with it, with no separate action release or pin update needed to test a change.
- Fork the repository → your fork's actions are used, not upstream's.
This is possible using job.workflow_repository and job.workflow_sha, a set of GitHub Actions context properties that let a reusable workflow discover its own source repository and commit. This capability did not exist before — it was introduced by GitHub in April 2026 (shipped in Actions Runner v2.334.0, see actions/runner#4335) and is documented in the job context reference. No official GitHub changelog announcement could be found for this change — the runner release and context documentation are the primary references.
GitHub-Script, Invoke-Pester, and Invoke-ScriptAnalyzer continue to be consumed from their own repositories at pinned commits, as before.
No changes are required to consumer workflows. Inputs, outputs, and secrets are unchanged.
Changed: Internalized actions have moved out of their standalone repositories
Build-PSModule, Document-PSModule, Get-PSModuleSettings, Get-PesterCodeCoverage, Get-PesterTestResults, Initialize-PSModule, Install-PSModuleHelpers, Publish-PSModule, Resolve-PSModuleVersion, and Test-PSModule now ship directly inside Process-PSModule instead of living in their own PSModule repositories.
Those standalone repositories are now archived and will be deleted soon. If you reference any of them directly, switch to Process-PSModule instead. The old actions will also be the ones older versions of Process-PSModule will use, so be sure to update to be able to use the framework.
Technical Details
- Ten composite actions are now bundled under
.github/actions/:Build-PSModule,Document-PSModule,Get-PSModuleSettings,Get-PesterCodeCoverage,Get-PesterTestResults,Initialize-PSModule,Install-PSModuleHelpers,Publish-PSModule,Resolve-PSModuleVersion,Test-PSModule. - All stage workflows add a self-checkout step before any action call:
repository: ${{ job.workflow_repository }},ref: ${{ job.workflow_sha }},path: _wf. - Action call sites change from
PSModule/<Name>@<sha>to./_wf/.github/actions/<Name>. - Nested dependencies on
Install-PSModuleHelpersresolve from the same bundled revision. .github/actionlint.yamlis updated to recognize the self-checkout pattern and thejob.workflow_*properties.- Action READMEs and test-suite consolidation are out of scope for this change.
Validation
- MariusTestModule SHA-pinned consumer run passed.
- MariusTestModule ref-based consumer run passed and resolved
feat/internalize-process-actionsto the invoked workflow commit.
v6.1.4
🪲 [Fix]: Resolve the current version on non-PR runs (bump Resolve-PSModuleVersion to v1.1.5) (#375)
The Plan job no longer fails on schedule and workflow_dispatch events. Resolve-PSModuleVersion is bumped to v1.1.5, which resolves the current published version on non–pull-request events instead of throwing.
- Fixes #373
Fixed: non–pull-request runs (schedule / workflow_dispatch)
Since v6.1.0 the Plan job runs Resolve-Version on every event, and the action threw "...must be run from a pull_request event" on non-PR events — failing the whole run (every job needs: Plan). Resolve-PSModuleVersion v1.1.5 (PSModule/Resolve-PSModuleVersion#10) fixes this at the source: on a non-PR event it returns the current published version — no bump, no prerelease, nothing published — floored at 0.0.0 for a module that has never been released. Pull-request and merge-to-default-branch behavior is unchanged: labels drive the bump (patch default), and the version preview on regular PRs is retained.
Technical Details
.github/workflows/Plan.yml: bump theResolve-Versionpin8d1dac7(v1.1.4) →6a59a88(v1.1.5). One-line change — noPlangate orTest-ModuleLocalfallback is needed, because v1.1.5 always populatesSettings.Module.Versionon non-PR events.- This supersedes this PR's earlier
Plan.ymlgate +999.0.0fallback approach, replaced by the root-cause fix in the shared action. - Validated: a
workflow_dispatchself-test run on this branch completes (previously failed atPlan); the PR self-test resolves a version as before.
v6.1.3
🩹 [Patch]: Bump Invoke-ScriptAnalyzer to v5.0.0 and Test-PSModule to v3.0.14 (#380)
Brings Process-PSModule's lint/test action dependencies to their latest releases: PSModule/Invoke-ScriptAnalyzer v4.1.3 → v5.0.0 and PSModule/Test-PSModule v3.0.13 → v3.0.14. Both preserve the reusable workflow's Settings.Version/Settings.Prerelease contract for consumers.
Changed: Invoke-ScriptAnalyzer upgraded to v5.0.0
Invoke-ScriptAnalyzer v5.0.0 is a major release that repurposed its Version/Prerelease inputs to select the PSScriptAnalyzer module version and moved the GitHub bootstrap-module controls to GitHubVersion/GitHubPrerelease.
The Lint-SourceCode and Lint-Module steps pass Settings.Version/Settings.Prerelease, which in this ecosystem select the GitHub module (the same values feed the Invoke-Pester and GitHub-Script steps). They are now wired to Invoke-ScriptAnalyzer's GitHubVersion/GitHubPrerelease, so those settings keep controlling the GitHub module exactly as before. No change to the Settings contract.
With v5, the action also installs PSScriptAnalyzer itself (latest, since its Version is left unset) instead of relying on the runner's preinstalled copy — so consumer linting now runs against the latest PSScriptAnalyzer.
Changed: Test-PSModule upgraded to v3.0.14
Patch release; Test-PSModule v3.0.14 (which internally bumped Invoke-Pester to v5.1.0) preserves its own Version/Prerelease (GitHub module) contract, so the Test-SourceCode and Test-Module steps need only a SHA update — no input remap.
Technical Details
Lint-SourceCode.yml,Test-Module.yml:Invoke-ScriptAnalyzer6aeb1bc(v4.1.3) →4d633e4(v5.0.0); remappedVersion→GitHubVersion,Prerelease→GitHubPrerelease.Test-Module.yml,Test-SourceCode.yml:Test-PSModule25c9cd8(v3.0.13) →902c5e5(v3.0.14).- Pester and PSScriptAnalyzer versions left at the v5 defaults (latest); not wired to any
Settingskey. - Scope: the Invoke-Pester step (
Test-ModuleLocal.yml, still v4.2.6) is intentionally untouched. - Label note: the
Settingscontract is preserved (hencePatch), but consumer linting now runs against the latest PSScriptAnalyzer — bump toMinorif you'd rather signal that behavior change.
Release notes: Invoke-ScriptAnalyzer v5.0.0
v6.1.2
🪲 [Fix]: Test data reaches module tests in every consumer repository (#377)
Module test workflows now receive the caller-provided test data (secrets and variables) in every repository that consumes Process-PSModule, and version resolution once again honors the bump label on pull requests. Previously the BeforeAll, Test, and AfterAll module jobs failed at the "Expose caller-provided test data" step because they ran a script that shipped only inside Process-PSModule's own repository, so no consumer could actually use the TestData secret introduced in v6.0.0.
- Fixes #378
Fixed: Test data now reaches module tests in consumer repositories
The TestData secret (a single-line JSON object of secrets and variables) is now exposed to the BeforeAll, Test, and AfterAll module test jobs in any repository that consumes Process-PSModule. Each job installs the shared helpers and runs the Import-TestData command, which reads the payload, masks the secrets, and publishes every entry as an environment variable for the tests.
The consumer interface is unchanged — callers already pass TestData to workflow.yml (added in v6.0.0), so no migration is required:
secrets:
TestData: >-
{ "secrets": { "TEST_SECRET": "${{ secrets.TEST_SECRET }}" },
"variables": { "TEST_VARIABLE": ${{ toJSON(vars.TEST_VARIABLE) }} } }Secrets arrive masked in the logs; variables arrive verbatim.
Fixed: Bump labels are honored during version resolution on pull requests
Version resolution now always evaluates the Major/Minor/Patch bump label, so a pull request labeled Minor previews the correct next minor version instead of defaulting to a patch prerelease. This is picked up by adopting Resolve-PSModuleVersion v1.1.4.
Technical Details
- Removed
.github/scripts/Expose-TestData.ps1(138 lines); the exposure logic moved into the sharedPSModule/Install-PSModuleHelpersmodule as theImport-TestDatacommand, so it no longer has to be checked out from the caller's repository. BeforeAll-ModuleLocal.yml,Test-ModuleLocal.yml, andAfterAll-ModuleLocal.ymleach now installPSModule/Install-PSModuleHelpers@v1.0.9and runImport-TestData(envPSMODULE_TEST_DATA: ${{ secrets.TestData }}) in place of the deleted script.Plan.yml:PSModule/Resolve-PSModuleVersionpinned to v1.1.4, which contains the always-evaluate-labels fix.Build-Site.yml:Install-PSModuleHelpersbumped v1.0.8 → v1.0.9 so the action resolves to a single version across the repo.README.mddocuments that test data is exposed throughInstall-PSModuleHelpers/Import-TestData.- All action references are pinned to release commit SHAs (IPH v1.0.9 =
8bfb84d557755c67d9b5643efe573bdcae4c1a4a, Resolve v1.1.4 =8d1dac7f326a45ba08060c1e24a5dd6f6f00b3ab); actionlint is clean. - Validated end-to-end on a consumer module: all module test matrix jobs (Linux/Windows/macOS) pass, with a masked secret and a verbatim variable observed in the tests.
v6.1.1
🩹 [Patch]: Render group overview pages as section landing pages (#372)
Module documentation now renders a command group's overview page as that group's section landing page — the content shown when the group is selected in the navigation — instead of a separate page nested under it. This is delivered by bumping the Document-PSModule action, and the behavior is documented in the repository and module-source structure guidance.
- Fixes #371
Changed: Group overview pages are the section landing page
Bumped PSModule/Document-PSModule to v1.0.18 in Build-Docs.yml. v1.0.18 publishes a group's overview page as the section index (/Functions/<Group>/) rather than a page nested under the group. Authors can name the overview after its folder (<Category>/<Category>.md) or provide <Category>/index.md directly; either becomes the section landing page.
Changed: Documentation
Documented the behavior in README.md: added a bullet under the repository expectations and updated the Category.md annotation in the module source-structure tree.
Technical Details
.github/workflows/Build-Docs.yml:Document-PSModule@fb5d349 # v1.0.17->@349090c # v1.0.18.mainalready carries v1.0.17 (install built modules at their real version) from #342; this PR advances the pin to v1.0.18, which delivers the section-index behavior.- The site config already enables
navigation.indexes, so nomkdocs.ymlchange is required.
v6.1.0
🚀 [Feature]: Plan job decides version before build so tested artifact equals published artifact (#342)
The version a module ships with is now decided in a new Plan job that runs before the module is built. The same artifact then flows through tests and publish without being mutated, so the artifact you tested is the artifact that lands in the PowerShell Gallery and on the GitHub Release.
- Fixes #326
New: Plan job replaces Get-Settings
Get-Settings.yml is renamed to Plan.yml. The Plan job runs two steps in sequence and exposes everything downstream jobs need:
Get-PSModuleSettings— loads.github/PSModule.ymland emits the resolvedSettingsJSON.Resolve-PSModuleVersion— reads settings + PR labels, queries existing releases and the PowerShell Gallery, and emits the next version.
Plan job output: a single Settings JSON. The resolved version is merged into it as Settings.Module.{Version, Prerelease, FullVersion, ReleaseType, CreateRelease}, so every downstream job receives one self-contained object with no separate version outputs.
flowchart LR
A[Plan<br/>Get-PSModuleSettings + Resolve-PSModuleVersion] --> B[Build-Module<br/>stamps version into manifest]
B --> C[Test-* / Coverage]
C --> D[Publish-Module<br/>publishes artifact unchanged]Changed: Build-Module now stamps the real version
Build-Module.yml reads the version from Settings.Module.Version / Settings.Module.Prerelease and passes them to Build-PSModule. The built manifest contains the version the module will ship with before any test runs. The 999.0.0 placeholder only appears when no version is provided (for example, direct callers that bypass the Plan job).
Changed: Publish-Module no longer calculates or mutates versions
Publish-Module.yml drops every input that used to drive version calculation:
AutoPatchingDatePrereleaseFormatIgnoreLabelsIncrementalPrereleaseMajorLabels/MinorLabels/PatchLabelsReleaseTypeVersionPrefix
Publish-Module now reads the version straight from the manifest that arrived from Build-Module and pushes it to the PowerShell Gallery as-is. The PR-title / PR-body / heading inputs are unchanged. The job also gains permission to upload release assets so the zipped module can be attached to the GitHub Release.
Fixed: Tested artifact equals published artifact
The placeholder-then-rewrite flow is gone. The bytes tested in Test-Module / Test-ModuleLocal are the same bytes published to the PowerShell Gallery and attached to the GitHub Release.
Technical Details
Plan.yml(renamed fromGet-Settings.yml): adds aResolve-Versionstep (runs unconditionally — it computes the release decision, includingReleaseType) followed by anEnrich-Settingsstep that merges the resolved version intoSettings.Module.*. Plan exposes a singleSettingsoutput on both the job andworkflow_call.workflow.yml: theGet-Settingsjob is renamed toPlanand every downstreamneeds:/with:reference is repointed. Downstream jobs consume the singleneeds.Plan.outputs.Settingsobject (version available underSettings.Module.*).Build-Module.yml: readsSettings.Module.Version/Settings.Module.Prereleaseand passes them asVersion/PrereleasetoBuild-PSModule, falling back to the999.0.0placeholder when a direct caller bypasses Plan and omitsSettings.Module.Publish-Module.yml: removes the seven version-calculation inputs and grantscontents: writepermission for release-asset uploads.README.md: replaces theGet-Settingssection with aPlansection that documents both steps and the artifact-integrity guarantee, and notes the new release-asset upload.PSModule/Build-PSModulepinned to@v5.0.0(SHA672aaa7a91a379c4c6cd14494d03ab5e87e13c52).PSModule/Publish-PSModulepinned to@v3.0.0(SHA03c0f8b53d0367c85a0f121f98af9b40c817b0e3).
Companion repos
| Repo | Change | Link |
|---|---|---|
PSModule/Resolve-PSModuleVersion |
New action — v1.1.0 released | https://github.com/PSModule/Resolve-PSModuleVersion/releases/tag/v1.1.0 |
PSModule/Build-PSModule |
Major — adds Version / Prerelease inputs — v5.0.0 released |
https://github.com/PSModule/Build-PSModule/releases/tag/v5.0.0 |
PSModule/Publish-PSModule |
Major / BREAKING — drops version calculation, publishes pre-stamped artifact, uploads module zip to release — v3.0.0 released | https://github.com/PSModule/Publish-PSModule/releases/tag/v3.0.0 |
Implementation plan progress
- Rename
Get-Settingsjob toPlanand addResolve-PSModuleVersionstep - Expose a single
Settingsoutput (resolved version merged intoSettings.Module.{Version, Prerelease, FullVersion, ReleaseType, CreateRelease}) - Update
Build-Module.ymlto read the version fromSettings.Module.*and stamp it - Strip version-calculation inputs from
Publish-Module.yml - Update
needs/withwiring acrossworkflow.yml - Update
README.md(Plan section + release-asset note) -
Resolve-PSModuleVersionaction implementation (v1.1.0 released) -
Build-PSModuleVersion/Prereleaseinputs (v5.0.0 released) -
Publish-PSModulev3 release (v3.0.0 released — PSModule/Publish-PSModule#71) - Repin
@mainreferences inBuild-Module.ymlandPublish-Module.ymlto released SHAs - End-to-end run on a labeled PR
Notes
- The public input/output contract of
workflow.ymlis unchanged for external consumers — this is internal wiring. - #339 covered the same scope and was closed; this PR restarts the work cleanly off the current
main.
v6.0.1
Bump PSModule/GitHub-Script from 1.8.0 to 1.9.0 (#367)
Bumps PSModule/GitHub-Script from 1.8.0 to 1.9.0.
- Pin:
8083ec1f733f00357ee4d0db0c6056686e483bc0(# v1.9.0) - Release notes: https://github.com/PSModule/GitHub-Script/releases/tag/v1.9.0