Merge remote-tracking branch 'upstream/develop' into resolve-parent-paths-by

Author: stdlib-bot

.github/workflows/check_licenses.yml

@@ -81,7 +81,7 @@ jobs:
       # Install Node.js:
       - name: 'Install Node.js'
         # Pin action to full length commit SHA
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: '20' # 'lts/*'
         timeout-minutes: 5
@@ -128,7 +128,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         if: always()
         with:
           # Define a name for the uploaded artifact:

.github/workflows/cleanup_coverage.yml

@@ -0,0 +1,78 @@
+#/
+# @license Apache-2.0
+#
+# Copyright (c) 2024 The Stdlib Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#/
+
+# Workflow name:
+name: cleanup_coverage
+
+# Workflow triggers:
+on:
+
+  # Trigger the workflow when a pull request is closed (e.g., merged or closed without merging):
+  pull_request_target:
+    types:
+      - closed
+
+# Workflow jobs:
+jobs:
+
+  # Define a job to perform coverage cleanup...
+  cleanup:
+
+    # Define a display name:
+    name: 'Cleanup coverage'
+
+    # Define the type of virtual host machine:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Delete the 'pr-<number>' branch from the 'stdlib-js/www-test-code-coverage' repository:
+      - name: 'Delete coverage branch for PR'
+        env:
+          REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          curl -X DELETE -H "Authorization: token $REPO_GITHUB_TOKEN" \
+            "https://api.github.com/repos/stdlib-js/www-test-code-coverage/git/refs/heads/pr-${PR_NUMBER}" \
+            || echo "Branch pr-${PR_NUMBER} does not exist or could not be deleted."
+
+      # Find and update the '## Coverage Report' comment in the PR
+      - name: 'Update coverage comment in PR'
+        # Pin action to full length commit SHA
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ secrets.CHATBOT_GITHUB_TOKEN }}
+          script: |
+            const prNumber = context.payload.pull_request.number;
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: prNumber,
+            });
+            const coverageComment = comments.find( comment => comment.body && comment.body.includes( '## Coverage Report' ) );
+            if ( coverageComment ) {
+              // Replace URLs with plain text in the coverage report comment body:
+              const updatedBody = coverageComment.body.replace( /<a href="[^"]+">([^<]+)<\/a>/g, '$1' );
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: coverageComment.id,
+                body: updatedBody,
+              });
+            } else {
+              console.log( 'No Coverage Report comment found.' );
+            }

.github/workflows/codeql.yml

@@ -121,7 +121,7 @@ jobs:
       # Install Node.js:
       - name: 'Install Node.js'
         # Pin action to full length commit SHA
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: '20' # 'lts/*'
         timeout-minutes: 5

.github/workflows/generate_pr_commit_message.yml

@@ -76,7 +76,7 @@ jobs:
 
       # Post commit message as PR comment:
       - name: 'Post commit message as PR comment'
-        uses: peter-evans/create-or-update-comment@v3
+        uses: peter-evans/create-or-update-comment@v4
         with:
           token: ${{ secrets.CHATBOT_GITHUB_TOKEN }}
           issue-number: ${{ github.event.pull_request.number }}

.github/workflows/lint_autofix.yml

@@ -25,25 +25,26 @@ on:
   # Allow the workflow to be triggered by other workflows
   workflow_call:
     # Define the input parameters for the workflow:
-      inputs:
-        pull_request_number:
-          description: 'PR number'
-          required: true
-          type: number
-      # Define the secrets accessible by the workflow:
-      secrets:
-        STDLIB_BOT_GITHUB_TOKEN:
-          description: 'GitHub token for stdlb-bot'
-          required: true
-        REPO_GITHUB_TOKEN:
-          description: 'GitHub token for accessing the repository'
-          required: true
-        STDLIB_BOT_GPG_PRIVATE_KEY:
-          description: 'GPG private key for stdlb-bot'
-          required: true
-        STDLIB_BOT_GPG_PASSPHRASE:
-          description: 'GPG passphrase for stdlb-bot'
-          required: true
+    inputs:
+      pull_request_number:
+        description: 'PR number'
+        required: true
+        type: number
+
+    # Define the secrets accessible by the workflow:
+    secrets:
+      STDLIB_BOT_GITHUB_TOKEN:
+        description: 'GitHub token for stdlb-bot'
+        required: true
+      REPO_GITHUB_TOKEN:
+        description: 'GitHub token for accessing the repository'
+        required: true
+      STDLIB_BOT_GPG_PRIVATE_KEY:
+        description: 'GPG private key for stdlb-bot'
+        required: true
+      STDLIB_BOT_GPG_PASSPHRASE:
+        description: 'GPG passphrase for stdlb-bot'
+        required: true
 
 # Workflow jobs:
 jobs:
@@ -100,7 +101,7 @@ jobs:
       # Install Node.js:
       - name: 'Install Node.js'
         # Pin action to full length commit SHA
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: '20' # 'lts/*'
         timeout-minutes: 5
@@ -163,7 +164,7 @@ jobs:
       # Import GPG key to sign commits:
       - name: 'Import GPG key to sign commits'
         # Pin action to full length commit SHA
-        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
+        uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
         with:
           gpg_private_key: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }}

.github/workflows/lint_changed_files.yml

@@ -67,7 +67,7 @@ jobs:
       # Install Node.js:
       - name: 'Install Node.js'
         # Pin action to full length commit SHA
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: '20' # 'lts/*'
         timeout-minutes: 5

.github/workflows/lint_copyright_years.yml

@@ -0,0 +1,116 @@
+#/
+# @license Apache-2.0
+#
+# Copyright (c) 2024 The Stdlib Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#/
+
+# Workflow name:
+name: 'lint_copyright_years'
+
+# Workflow triggers:
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+# Global permissions:
+permissions:
+  # Allow read-only access to the repository contents:
+  contents: read
+
+# Workflow jobs:
+jobs:
+  # Define a job for linting copyright years in newly added files:
+  lint:
+    name: 'Lint Copyright Years'
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checkout the repository:
+      - name: 'Checkout repository'
+        # Pin action to full length commit SHA
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          # Specify whether to remove untracked files before checking out the repository:
+          clean: true
+
+          # Limit clone depth to the last 1000 commits:
+          fetch-depth: 100
+
+          # Specify whether to download Git-LFS files:
+          lfs: false
+        timeout-minutes: 10
+
+      # Get list of newly added files:
+      - name: 'Get list of newly added files'
+        id: added-files
+        run: |
+          page=1
+          files=""
+          while true; do
+              new_files=$(curl -s \
+                -H "Accept: application/vnd.github.v3+json" \
+                -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+                "${{ github.api_url }}/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files?page=$page&per_page=100" \
+                | jq -r '.[] | select(.status == "added") | .filename')
+              if [ -z "$new_files" ]; then
+                  break
+              fi
+              files="$files $new_files"
+              page=$((page+1))
+          done
+          files=$(echo "$files" | tr '\n' ' ' | sed 's/^ //;s/ $//')
+          echo "files=${files}" >> $GITHUB_OUTPUT
+
+      # Check copyright years in newly added files:
+      - name: 'Check copyright years'
+        run: |
+          current_year=$(date +"%Y")
+          files="${{ steps.added-files.outputs.files }}"
+          exit_code=0
+
+          echo "## 📄 Copyright Year Check Results" >> $GITHUB_STEP_SUMMARY
+          echo "_Only newly added files are checked for the current year in the copyright notice._" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          if [[ -z "$files" ]]; then
+            echo "No newly added files to check."
+            echo "No newly added files to check." >> $GITHUB_STEP_SUMMARY
+            exit 0
+          fi
+
+          for file in $files; do
+            if [[ ! -f "$file" ]]; then
+              continue
+            fi
+
+            # Check if file contains stdlib copyright notice:
+            year=$(grep -o 'Copyright (c) [0-9]\{4\} The Stdlib Authors\.' "$file" | sed -E 's/^Copyright \(c\) ([0-9]{4}) The Stdlib Authors\./\1/' || true)
+
+            if [[ -n "$year" ]]; then
+              if [[ "$year" == "$current_year" ]]; then
+                echo "✅ $file: Correct year $year"
+                echo "- ✅ \`$file\`: Year is correct (**$year**)" >> $GITHUB_STEP_SUMMARY
+              else
+                echo "❌ $file: Expected $current_year, found $year"
+                echo "- ❌ **Error**: \`$file\` — Expected year **$current_year**, found **$year**" >> $GITHUB_STEP_SUMMARY
+                exit_code=1
+              fi
+            else
+              echo "⚠️ $file: No copyright notice found"
+              echo "- ⚠️ No copyright notice found in \`$file\`" >> $GITHUB_STEP_SUMMARY
+            fi
+          done
+
+          exit $exit_code

.github/workflows/lint_pr_title.yml

@@ -71,7 +71,7 @@ jobs:
       # Install Node.js:
       - name: 'Install Node.js'
         # Pin action to full length commit SHA
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: '20' # 'lts/*'
         timeout-minutes: 5

.github/workflows/lint_random_files.yml

@@ -108,7 +108,7 @@ jobs:
       # Install Node.js:
       - name: 'Install Node.js'
         # Pin action to full length commit SHA
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: '20' # 'lts/*'
         timeout-minutes: 5
@@ -414,7 +414,7 @@ jobs:
       - name: 'Import GPG key to sign commits'
         if: ${{ github.event.inputs.fix == 'true' }} && ( success() || failure() )
         # Pin action to full length commit SHA
-        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
+        uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
         with:
           gpg_private_key: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }}
@@ -426,7 +426,7 @@ jobs:
         if: ${{ github.event.inputs.fix == 'true' }} && ( success() || failure() )
         id: cpr
         # Pin action to full length commit SHA
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
         with:
           title: 'style: fix lint errors'
           add-paths: ${{ steps.random-files.outputs.files }}

.github/workflows/linux_benchmark.yml

@@ -180,7 +180,7 @@ jobs:
       # Install Node.js:
       - name: 'Install Node.js'
         # Pin action to full length commit SHA
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: ${{ matrix.NODE_VERSION }}
         timeout-minutes: 5
@@ -251,7 +251,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         if: always()
         with:
           # Define a name for the uploaded artifact (ensuring a unique name for each job):