ipfs
diff --git a/‎.github/workflows/apply.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/apply.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/clean.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/clean.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/fix.yml‎
Lines changed: 5 additions & 4 deletions b/‎.github/workflows/fix.yml‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎.github/workflows/plan.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/plan.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/sync.yml‎
Lines changed: 4 additions & 3 deletions b/‎.github/workflows/sync.yml‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎docs/HOWTOS.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/HOWTOS.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/SETUP.md‎
Lines changed: 2 additions & 0 deletions b/‎docs/SETUP.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎scripts/.eslintignore‎
Lines changed: 0 additions & 3 deletions b/‎scripts/.eslintignore‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎scripts/.eslintrc.json‎
Lines changed: 0 additions & 56 deletions b/‎scripts/.eslintrc.json‎
Lines changed: 0 additions & 56 deletions
@@ -67,7 +67,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup terraform
-        uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
+        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
         with:
           terraform_version: 1.2.9
           terraform_wrapper: false
 
@@ -71,7 +71,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup terraform
-        uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
+        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
         with:
           terraform_version: 1.2.9
           terraform_wrapper: false
 
@@ -93,7 +93,7 @@ jobs:
           git fetch origin "pull/${NUMBER}/head"
           rm -rf github && git checkout "${SHA}" -- github
       - name: Setup terraform
-        uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
+        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
         with:
           terraform_version: 1.2.9
           terraform_wrapper: false
@@ -117,7 +117,7 @@ jobs:
       # NOTE(galargh, 2024-02-15): This will only work if GitHub as Code is used for a single organization
       - name: Comment on pull request
         if: github.event_name == 'pull_request_target' && steps.fix.outputs.comment
-        uses: marocchino/sticky-pull-request-comment@fcf6fe9e4a0409cd9316a5011435be0f3327f1e1 # v2.3.1
+        uses: marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db # v2.9.2
         with:
           header: fix
           number: ${{ github.event.pull_request.number }}
@@ -135,10 +135,11 @@ jobs:
     steps:
       - name: Generate app token
         id: token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 # v1.8.0
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
         with:
           app_id: ${{ secrets.RW_GITHUB_APP_ID }}
-          installation_id: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', github.repository_owner)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }}
+          installation_retrieval_mode: id
+          installation_retrieval_payload: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', github.repository_owner)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }}
           private_key: ${{ secrets.RW_GITHUB_APP_PEM_FILE }}
       - name: Checkout
         uses: actions/checkout@v4
 
@@ -80,7 +80,7 @@ jobs:
           git fetch origin "pull/${NUMBER}/head"
           rm -rf github && git checkout "${SHA}" -- github
       - name: Setup terraform
-        uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
+        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
         with:
           terraform_version: 1.2.9
           terraform_wrapper: false
@@ -122,7 +122,7 @@ jobs:
           git fetch origin "pull/${NUMBER}/head"
           rm -rf github && git checkout "${SHA}" -- github
       - name: Setup terraform
-        uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
+        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
         with:
           terraform_version: 1.2.9
           terraform_wrapper: false
@@ -157,7 +157,7 @@ jobs:
           echo 'EOF' >> $GITHUB_ENV
         working-directory: terraform
       - name: Comment on pull request
-        uses: marocchino/sticky-pull-request-comment@fcf6fe9e4a0409cd9316a5011435be0f3327f1e1 # v2.3.1
+        uses: marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db # v2.9.2
         with:
           header: plan
           number: ${{ github.event.pull_request.number }}
 
@@ -65,7 +65,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup terraform
-        uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
+        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
         with:
           terraform_version: 1.2.9
           terraform_wrapper: false
@@ -107,10 +107,11 @@ jobs:
     steps:
       - name: Generate app token
         id: token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 # v1.8.0
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
         with:
           app_id: ${{ secrets.RW_GITHUB_APP_ID }}
-          installation_id: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', github.repository_owner)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }}
+          installation_retrieval_mode: id
+          installation_retrieval_payload: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', github.repository_owner)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }}
           private_key: ${{ secrets.RW_GITHUB_APP_PEM_FILE }}
       - name: Checkout
         uses: actions/checkout@v4
 
@@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 ### Added
+- shared action for adding a collaborator to all repositories
 - clean workflow which removes resources from state
 - information on how to handle private GitHub Management repository
 - warning about GitHub Management repository access
@@ -22,6 +23,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - new args for repositories and branch protection rules
 
 ### Changed
+- **BREAKING**: turned scripts into an ESM project (please ensure you remove the following files during the upgrade: `scripts/.eslintignore`, `scripts/.eslintrc.json`, `scripts/jest.config.js`, `jest.d.ts`, `jest.setup.ts`; please update your imports in the `scripts/src/actions/fix-yaml-config.ts` file to include the `.js` extension)
+- **BREAKING**: Updated the signatures of all the shared actions; now the runAction function will persist the changes to disk while action functions will operate on the in-memory state (please update your imports in the `scripts/src/actions/fix-yaml-config.ts` file accordingly)
 - Synchronization script: to use GitHub API directly instead of relying on TF GH Provider's Data Sources
 - Configuration: replaced multiple JSONs with a single, unified YAML
 - Synchronization script: rewrote the script in JS
@@ -46,6 +49,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - updated upload and download artifacts actions to v4
 
 ### Fixed
+- fixed how terraform state is accessed before it the initial synchronization
 - links to supported resources in HOWTOs
 - posting PR comments when terraform plan output is very long
 - PR parsing in the update workflow
 
@@ -118,7 +118,7 @@ I want to ensure that all the public repositories in my organization have their
 To do that, I ensure the following content is present in `scripts/src/actions/fix-yaml-config.ts`:
 ```ts
 import 'reflect-metadata'
-import { protectDefaultBranches } from './shared/protect-default-branches'
+import { runProtectDefaultBranches } from './shared/protect-default-branches'
 
-protectDefaultBranches()
+runProtectDefaultBranches()
 ```
@@ -143,6 +143,8 @@
     - [ ] Rename the `$GITHUB_ORGANIZATION_NAME.yml` in `github` to the name of the GitHub organization
 - [ ] Push the changes to `$GITHUB_MGMT_REPOSITORY_DEFAULT_BRANCH`
 
+> [!WARNING] Please note that until you [synchronize GitHub Management with GitHub](#github-management-sync-flow) for the first time, the workflows that depend on Terraform state, like `Fix`, `Plan` or `Apply`, will fail. This is because the state is not yet initialized.
+
 ## GitHub Management Sync Flow
 
 - [ ] Follow [How to synchronize GitHub Management with GitHub?](HOWTOS.md#synchronize-github-management-with-github) to commit the terraform lock and initialize terraform state