@copilot Update PR #6 to pin OWASP base checkout to master for pull_request

@copilot Update PR #6 to pin OWASP base checkout to master for pull_request

Done in 0b10294 — replaced ${{ github.base_ref || 'master' }} with the literal master.

@copilot Please update the PR branch (copilot/refactor-markdown-link-check-workflow) to ensure the repository containing the local action is checked out before the workflow tries to use ./.github/actions/get-changed-files.

Insert the step below as the first step of the job (or at least before the 'Get Changed Files' step) in .github/workflows/md-link-check.yml.
Use commit message: 'Ensure workflow repository is checked out before using local action'.
Push the commit to the same PR branch so the PR updates and CI can re-run.

# Please insert this step into the job's steps BEFORE the step that uses the local action ./.github/actions/get-changed-files
- name: Checkout workflow repository (self)
  uses: actions/checkout@v3
  with:
    # ensure we get the PR head commit that contains the composite action files
    ref: ${{ github.event.pull_request.head.sha }}
    fetch-depth: 0

@copilot Please update the PR branch (copilot/refactor-markdown-link-check-workflow) to ensure the repository containing the local action is checked out before the workflow tries to ...

Done in aca9246 — added "Checkout workflow repository (self)" as the first step using the existing pinned SHA (actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6) and ${{ github.event.pull_request.head.sha || github.sha }} so it works for both pull_request and workflow_dispatch events.

@copilot proceed with splitting the workflow_dispatch handling into another workflow.
Also update the other two lint workflows, using our changed files change, and splitting for workflow_dispatch if/as needed.

@copilot proceed with splitting the workflow_dispatch handling into another workflow.
Also update the other two lint workflows, using our changed files change, and splitting for workflow_dispatch if/...

Done in ef7fda1:

• md-link-check.yml: Removed workflow_dispatch trigger and the "Repository Link Check" step; cleaned up now-redundant if: github.event_name == 'pull_request' guards (the workflow is PR-only).
• md-link-check-full.yml (new): workflow_dispatch-only full-repo link check with the same Node/npm/markdown-link-check setup.
• md-lint-check.yml and md-textlint-check.yml: Added "Checkout workflow repository (self)" as first step, pinned OWASP base checkout to master, and replaced the inline git diff origin/$base_ref changed-files block with a call to ./.github/actions/get-changed-files (fork-safe). Neither had workflow_dispatch, so no split was needed.

@copilot update the changes on this branch so that I can open a PR against OWASP/wstg. Remove anything that was added to allow testing with stacked PRs. Consider whether all three checkouts are necessary or if we can work practically with just two.

@copilot update the changes on this branch so that I can open a PR against OWASP/wstg. Remove anything that was added to allow testing with stacked PRs. Consider whether all three ch...

Done in 66af689:

• Stacked-PR artifacts removed: dropped the - copilot/refactor-markdown-link-check-workflow branch entry from both md-lint-check.yml and md-textlint-check.yml.
• Three checkouts → two: removed the separate "Checkout workflow repository (self)" step in all three PR workflows. The "Checkout PR" step now checks out the PR head to the workspace root (no path:), which makes .github/actions/get-changed-files available for the composite action call AND provides the PR files directly. "Checkout Base" (OWASP/wstg at base/) remains unchanged. Updated repo_path: . in each composite action call and dropped pr/ prefixes from downstream file references.

@copilot update the workflows readme

@copilot update the workflows readme

Done in 3d51951 — updated .github/workflows/README.md to:

• Replace the pr/ two-path checkout description with the new two-checkout model (PR head at workspace root, base at base/)
• Reference the .github/actions/get-changed-files composite action instead of inline git diff for all three PR lint workflows
• Add a new md-link-check-full.yml section (workflow_dispatch full-repo check)
• Remove the workflow_dispatch trigger mention from md-link-check.yml's entry

@copilot update the composite action to emit multiline outputs (preserving newlines) and adjusted every workflow step that consumes those outputs to safely read them into a Bash array with readarray, then iterate using quoted array expansion. That makes filename handling robust (spaces/newlines) and avoids fragile word-splitting.

@copilot update the composite action to emit multiline outputs (preserving newlines) and adjusted every workflow step that consumes those outputs to safely read them into a Bash arra...

Done in c521425:

• action.yml: replaced tr '\n' ' ' | xargs with heredoc <<EOF blocks so files_updated and all_changed are emitted as newline-separated multiline outputs; updated descriptions accordingly.
• md-link-check.yml, md-lint-check.yml, md-textlint-check.yml: each consuming step now opens with readarray -t files_arr <<< "$FILES" (and readarray -t all_arr <<< "$ALL_CHANGED" in the link-check step) and iterates with "${arr[@]}" plus a [ -z "$FILE" ] && continue guard for the empty-array case.

@copilot update the readme if necessary.

@copilot update the readme if necessary.

The README doesn't reference the output format (space-separated vs. newline-separated) — it describes the composite action at a behavioral level, which is unchanged. No update needed.