skills · whartondylan · Jun 25, 2025 · Jul 2, 2025 · Jul 2, 2025 · Jul 2, 2025
diff --git a/.github/workflows/_lint.yml b/.github/workflows/_lint.yml
@@ -18,7 +18,7 @@ jobs:
           fetch-depth: 0
 
       - name: Super-linter
-        uses: super-linter/super-linter/slim@v7.4.0
+        uses: super-linter/super-linter/slim@v8.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           VALIDATE_GITHUB_ACTIONS: true

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,98 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '18 10 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: actions
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Add any setup steps before running the `github/codeql-action/init` action.
+    # This includes steps like installing compilers or runtimes (`actions/setup-node`
+    # or others). This is typically only required for manual builds.
+    # - name: Setup runtime (example)
+    #   uses: actions/setup-example@v1
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  make bootstrap'
+        echo '  make release'
+        exit 1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/find-exercise-issue.yml b/.github/workflows/find-exercise-issue.yml
@@ -38,7 +38,7 @@ jobs:
             const response = await github.rest.issues.listForRepo({
               owner: context.repo.owner,
               repo: context.repo.repo,
-              state: 'open',
+              state: 'all',
               sort: 'created',    // Sort by creation date
               direction: 'desc',  // Newest first (descending order)
               per_page: 50

diff --git a/.github/workflows/finish-exercise.yml b/.github/workflows/finish-exercise.yml
@@ -22,7 +22,7 @@ permissions:
   issues: write
 
 env:
-  EXERCISE_TOOLKIT_REF: 85962a50afd57183f6703c3d07260bf3a123b3e9
+  EXERCISE_TOOLKIT_REF: 82efbc3de835a2b67d315833bb2f876ae9b4e07a
 
 jobs:
   update_readme:
@@ -43,39 +43,16 @@ jobs:
           path: exercise-toolkit
           ref: ${{ env.EXERCISE_TOOLKIT_REF }}
 
-      - name: Encode socials text
-        id: encode-socials-text
-        uses: actions/github-script@v7
-        env:
-          EXERCISE_TITLE: ${{ inputs.exercise-title }}
-        with:
-          script: |
-            const repoUrl = `https://github.com/${context.repo.owner}/${context.repo.repo}`;
-            const exerciseTitle = process.env.EXERCISE_TITLE;
-
-            const firstLine = exerciseTitle && exerciseTitle.trim() !== ''
-              ? `I just completed the "${exerciseTitle}" GitHub Skills hands-on exercise! 🎉`
-              : `I just completed a GitHub Skills hands-on exercise! 🎉`;
-
-            const socialsText = `${firstLine}
-
-            ${repoUrl}
-
-            #GitHubSkills #OpenSource #GitHubLearn
-            `;
-
-            const encodedText = encodeURIComponent(socialsText);
-            core.setOutput('encoded-text', encodedText);
-
       - name: Build congratulations message from template
         id: build-new-readme
-        uses: skills/action-text-variables@v2
+        uses: skills/action-text-variables@v3
         with:
           template-file: exercise-toolkit/markdown-templates/readme/exercise-finished.md
           template-vars: |
             login: ${{ github.actor }}
             issue_url: ${{ inputs.issue-url }}
-            encoded_socials_text: ${{ steps.encode-socials-text.outputs.encoded-text }}
+            exercise_title: ${{ inputs.exercise-title }}
+            repository_url: https://github.com/${{ github.repository }}
 
       - name: Overwrite README
         env:
@@ -103,7 +80,7 @@ jobs:
 
       - name: Build message - exercise finished
         id: build-finish-message
-        uses: skills/action-text-variables@v2
+        uses: skills/action-text-variables@v3
         with:
           template-file: exercise-toolkit/markdown-templates/step-feedback/exercise-finished.md
           template-vars: |

diff --git a/.github/workflows/start-exercise.yml b/.github/workflows/start-exercise.yml
@@ -30,7 +30,7 @@ permissions:
   issues: write # Create issue
 
 env:
-  EXERCISE_TOOLKIT_REF: 85962a50afd57183f6703c3d07260bf3a123b3e9
+  EXERCISE_TOOLKIT_REF: 82efbc3de835a2b67d315833bb2f876ae9b4e07a
 
 jobs:
   disable_workflows:
@@ -71,7 +71,7 @@ jobs:
 
       - name: Build welcome message from template
         id: build-issue-description
-        uses: skills/action-text-variables@v2
+        uses: skills/action-text-variables@v3
         with:
           template-file: exercise-toolkit/markdown-templates/step-feedback/welcome.md
           template-vars: |
@@ -114,7 +114,7 @@ jobs:
 
       - name: Build welcome message from template
         id: build-new-readme
-        uses: skills/action-text-variables@v2
+        uses: skills/action-text-variables@v3
         with:
           template-file: exercise-toolkit/markdown-templates/readme/exercise-started.md
           template-vars: |

diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml
@@ -0,0 +1,43 @@
+# Simple workflow for deploying static content to GitHub Pages
+name: Deploy static content to Pages
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["main"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Single deploy job since we're just deploying
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          # Upload entire repository
+          path: '.'
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4
diff --git a/README.md b/README.md
@@ -12,6 +12,8 @@
       - [Starting an exercise](#starting-an-exercise)
       - [Finding an exercise](#finding-an-exercise)
     - [📋 Markdown Templates](#-markdown-templates)
+      - [Using with GrantBirki/comment for issue comments](#using-with-grantbirkicomment-for-issue-comments)
+      - [Using with action-text-variables for file updates](#using-with-action-text-variables-for-file-updates)
   - [Notable Resources](#notable-resources)
 
 ## Purpose
@@ -70,7 +72,32 @@ steps:
       cat exercise-toolkit/markdown-templates/step-feedback/checking-work.md
 ```
 
-Markdown templates are often used together with [skills/action-text-variables](https://github.com/skills/action-text-variables) GitHub Action
+#### Using with GrantBirki/comment for issue comments
+
+Templates are often used with [GrantBirki/comment](https://github.com/GrantBirki/comment) to create dynamic comments on issues or pull requests:
+
+```yaml
+steps:
+  - name: Get markdown templates
+    uses: actions/checkout@v4
+    with:
+      repository: skills/exercise-toolkit
+      path: exercise-toolkit
+      ref: <git-tag>
+
+  - name: Create comment - step finished
+    uses: GrantBirki/[email protected]
+    with:
+      file: exercise-toolkit/markdown-templates/step-feedback/step-finished-prepare-next-step.md
+      issue-number: ${{ env.ISSUE_NUMBER }}
+      repository: ${{ env.ISSUE_REPOSITORY }}
+      vars: |
+        next_step_number: 2
+```
+
+#### Using with action-text-variables for file updates
+
+Markdown templates can also be used with [skills/action-text-variables](https://github.com/skills/action-text-variables) to generate dynamic content for any purpose, e.g updating a file.
 
 ```yaml
 steps:
@@ -81,18 +108,20 @@ steps:
       path: exercise-toolkit
       ref: <git-tag>
 
-  - name: Build message - congratulations
-    id: build-message-congratulations
-    uses: skills/action-text-variables@v2
+  - name: Build README from template
+    id: build-readme
+    uses: skills/action-text-variables@v3
     with:
-      template-file: exercise-toolkit/markdown-templates/readme/congratulations.md
+      template-file: exercise-toolkit/markdown-templates/readme/exercise-started.md
       template-vars: |
+        title: ${{ inputs.exercise-title }}
         login: ${{ github.actor }}
+        issue_url: ${{ needs.create_exercise.outputs.issue-url }}
 
-  - name: Echo updated text
-    run: echo "$UPDATED_TEXT"
+  - name: Update README file
+    run: echo "$README_CONTENT" > README.md
     env:
-      UPDATED_TEXT: ${{ steps.build-message-congratulations.outputs.updated-text }}
+      README_CONTENT: ${{ steps.build-readme.outputs.updated-text }}
 ```
 
 ## Notable Resources
@@ -101,4 +130,5 @@ These GitHub Actions are particularly useful when creating GitHub Skills Exercis
 
 - **[skills/action-text-variables](https://github.com/skills/action-text-variables)**: Replace variables in template files with dynamic content
 - **[skills/action-keyphrase-checker](https://github.com/skills/action-keyphrase-checker)**: Verify if specific keyphrases exist in files or content
+- **[GrantBirki/comment](https://github.com/GrantBirki/comment)**: Create comments on GitHub issues or pull requests with support for Nunjucks templating
 
diff --git a/markdown-templates/README.md b/markdown-templates/README.md
@@ -9,7 +9,9 @@ A collection of templates for use in Skills exercises.
 
 ## Template Variables
 
-Several templates contain [mustache style variables](https://mustache.github.io/mustache.5.html). They are intended for use with the [skills/action-text-variables](https://github.com/skills/action-text-variables) GitHub Action, which supports full mustache templating.
+Several templates contain [Nunjucks](https://mozilla.github.io/nunjucks/) style variable templating. They are intended for use with the [skills/action-text-variables](https://github.com/skills/action-text-variables) or [GrantBirki/comment](https://github.com/GrantBirki/comment) GitHub Actions, both of which support full Nunjucks templating.
+
+
 
 ### Example
 
@@ -27,5 +29,10 @@ Hello {{ login }}, nice to meet you!
 }
 ```
 
+#### yaml input
+```yaml
+login: "${{ github.actor }}"
+```
+
 > [!TIP]
-> See [mustache syntax](https://mustache.github.io/mustache.5.html) for all capabilities like iteration and if/then logic.
+> See [Nunjucks templating documentation](https://mozilla.github.io/nunjucks/templating.html) for all capabilities like iteration, conditionals, and more.
diff --git a/markdown-templates/readme/exercise-finished.md b/markdown-templates/readme/exercise-finished.md
@@ -1,3 +1,14 @@
+{% set socials_text -%}
+{%- if exercise_title -%}
+I just completed the "{{ exercise_title }}" GitHub Skills hands-on exercise! 🎉
+{%- else -%}
+I just completed a GitHub Skills hands-on exercise! 🎉
+{%- endif %}
+
+{{ repository_url }}
+
+#GitHubSkills #OpenSource #GitHubLearn
+{%- endset -%}
 
 <div align="center">
 
@@ -11,21 +22,22 @@
 
 **Show off your new skills and inspire others!**
 
-<a href="https://twitter.com/intent/tweet?text={{ encoded_socials_text }}" target="_blank" rel="noopener noreferrer">
+<a href="https://twitter.com/intent/tweet?text={{ socials_text | urlencode }}" target="_blank" rel="noopener noreferrer">
   <img src="https://img.shields.io/badge/Share%20on%20X-1da1f2?style=for-the-badge&logo=x&logoColor=white" alt="Share on X" />
 </a>
-<a href="https://bsky.app/intent/compose?text={{ encoded_socials_text }}" target="_blank" rel="noopener noreferrer">
+<a href="https://bsky.app/intent/compose?text={{ socials_text | urlencode }}" target="_blank" rel="noopener noreferrer">
   <img src="https://img.shields.io/badge/Share%20on%20Bluesky-0085ff?style=for-the-badge&logo=bluesky&logoColor=white" alt="Share on Bluesky" />
 </a>
-<a href="https://www.linkedin.com/feed/?shareActive=true&text={{ encoded_socials_text }}" target="_blank" rel="noopener noreferrer">
+<a href="https://www.linkedin.com/feed/?shareActive=true&text={{ socials_text | urlencode }}" target="_blank" rel="noopener noreferrer">
   <img src="https://img.shields.io/badge/Share%20on%20LinkedIn-0077b5?style=for-the-badge&logo=linkedin&logoColor=white" alt="Share on LinkedIn" />
 </a>
 
 ### 🎯 What's Next?
+
 **Keep the momentum going!**
 
-[![](https://img.shields.io/badge/Return%20to%20Exercise-%E2%86%92-1f883d?style=for-the-badge&logo=github&labelColor=197935)]({{{ issue_url }}})
-[![GitHub Skills](https://img.shields.io/badge/Explore%20GitHub%20Skills-000000?style=for-the-badge&logo=github&logoColor=white)](https://skills.github.com)
+[![](https://img.shields.io/badge/Return%20to%20Exercise-%E2%86%92-1f883d?style=for-the-badge&logo=github&labelColor=197935)]({{ issue_url }})
+[![GitHub Skills](https://img.shields.io/badge/Explore%20GitHub%20Skills-000000?style=for-the-badge&logo=github&logoColor=white)](https://learn.github.com/skills)
 
 *There's no better way to learn than building things!* 🚀