step-security
diff --git a/‎.gitattributes‎
Lines changed: 0 additions & 1 deletion b/‎.gitattributes‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎.github/dependabot.yml‎
Lines changed: 0 additions & 11 deletions b/‎.github/dependabot.yml‎
Lines changed: 0 additions & 11 deletions
diff --git a/‎.github/workflows/actions_release.yml‎
Lines changed: 7 additions & 6 deletions b/‎.github/workflows/actions_release.yml‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎.github/workflows/audit_package.yml‎
Lines changed: 7 additions & 0 deletions b/‎.github/workflows/audit_package.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.github/workflows/auto_cherry_pick.yml‎
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/auto_cherry_pick.yml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/build-test.yml‎
Lines changed: 1 addition & 136 deletions b/‎.github/workflows/build-test.yml‎
Lines changed: 1 addition & 136 deletions
diff --git a/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 0 additions & 71 deletions b/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 0 additions & 71 deletions
diff --git a/‎.github/workflows/integration-tests.yml‎
Lines changed: 0 additions & 42 deletions b/‎.github/workflows/integration-tests.yml‎
Lines changed: 0 additions & 42 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 8 deletions b/‎README.md‎
Lines changed: 2 additions & 8 deletions
diff --git a/‎package.json‎
Lines changed: 3 additions & 4 deletions b/‎package.json‎
Lines changed: 3 additions & 4 deletions
@@ -6,11 +6,11 @@ on:
       tag:
         description: "Tag for the release"
         required: true
-      # Uncomment if using yarn
-      # script:
-      #   description: "Specify the build script to run"
-      #   required: true
-      #   type: string
+      script:
+        description: "Specify the build script to run"
+        required: false
+        type: string
+        default: "npm run all"
 
 permissions:
   contents: read
@@ -25,4 +25,5 @@ jobs:
     uses: step-security/reusable-workflows/.github/workflows/actions_release.yaml@v1
     with:
       tag: "${{ github.event.inputs.tag }}"
-      # script: "${{ github.event.inputs.script }}"
+      script: "${{ github.event.inputs.script }}"
+
@@ -11,6 +11,12 @@ on:
         description: "Specify a base branch"
         required: false
         default: "main"
+      script:
+        description: "Specify the build script to run"
+        required: false
+        type: string
+        default: "npm run all"
+
   schedule:
     - cron: "0 0 * * 1"
 
@@ -20,6 +26,7 @@ jobs:
     with:
       force: ${{ inputs.force || false }}
       base_branch: ${{ inputs.base_branch || 'main' }}
+      script: ${{ inputs.script || 'npm run all' }}
 
 permissions:
   contents: write
 
@@ -7,6 +7,11 @@ on:
         description: "Base branch to create the PR against"
         required: true
         default: "main"
+      script:
+        description: "Specify the build script to run"
+        required: false
+        type: string
+        default: "npm run all"
 
 permissions:
   contents: write
@@ -21,3 +26,4 @@ jobs:
       original-owner: "lasith-kg"
       repo-name: "dispatch-workflow"
       base_branch: ${{ inputs.base_branch }}
+      script: ${{ inputs.script || 'npm run all' }}
@@ -1,5 +1,5 @@
 name: 'Build and Test'
-on: # rebuild any PRs and main branch changes
+on:
   pull_request:
   workflow_dispatch:
   push:
@@ -9,12 +9,6 @@ on: # rebuild any PRs and main branch changes
 jobs:  
   integration-tests:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      actions: write
-    env:
-      INTEGRATION_TEST_WORKFLOW_FILE: "integration-tests.yml"
-      INTEGRATION_TEST_WORKFLOW_ID: 64701969 # This ID Will Change On Fork
     steps:
       - uses: actions/checkout@v4
       - id: nvmrc 
@@ -36,132 +30,3 @@ jobs:
           npm ci
       - run: |
           npm run all
-      - uses: ./
-        id: fail-ref-workflow-dispatch
-        name: "Dispatch Workflow using workflow_dispatch Method, to a Non-existent Branch"
-        continue-on-error: true
-        with:
-          dispatch-method: "workflow_dispatch"
-          repo: "${{ github.event.repository.name }}"
-          owner: "${{ github.repository_owner }}"
-          ref: "non-existent-branch/${{ github.run_id }}" # This branch cannot realistically exist
-          workflow: "${{ env.INTEGRATION_TEST_WORKFLOW_FILE }}"
-          token: "${{ secrets.GITHUB_TOKEN }}"
-          workflow-inputs: '{"placeholder": "placeholder"}'
-      - uses: ./
-        id: fail-file-workflow-dispatch
-        name: "Dispatch Workflow using workflow_dispatch Method, to a Non-existent Workflow File"
-        continue-on-error: true
-        with:
-          dispatch-method: "workflow_dispatch"
-          repo: "${{ github.event.repository.name }}"
-          owner: "${{ github.repository_owner }}"
-          ref: "main"
-          workflow: "${{ github.run_id }}.yml" # This workflow file cannot realistically exist
-          token: "${{ secrets.GITHUB_TOKEN }}"
-          workflow-inputs: '{"placeholder": "placeholder"}'
-      - uses: ./
-        id: fail-inputs-workflow-dispatch
-        name: "Dispatch Workflow using workflow_dispatch Method, with an unsupported workflow inputs"
-        continue-on-error: true
-        with:
-          dispatch-method: "workflow_dispatch"
-          repo: "${{ github.event.repository.name }}"
-          owner: "${{ github.repository_owner }}"
-          ref: "main"
-          workflow: "${{ env.INTEGRATION_TEST_WORKFLOW_FILE }}"
-          token: "${{ secrets.GITHUB_TOKEN }}"
-          workflow-inputs: '{"placeholder": 0}' # 0 is not a string type
-      - id: verify-fail-workflow-dispatch
-        name: "Verify Action Outputs for worflow-dispatch"
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          if [[ "${{ steps.fail-ref-workflow-dispatch.outcome }}" != "failure" ]]; then
-            >&2 echo "🔴 fail-ref-workflow-dispatch step was expected to fail"; exit 1
-          fi
-
-          if [[ "${{ steps.fail-file-workflow-dispatch.outcome }}" != "failure" ]]; then
-            >&2 echo "🔴 fail-file-workflow-dispatch step was expected to fail"; exit 1
-          fi
-
-          if [[ "${{ steps.fail-inputs-workflow-dispatch.outcome }}" != "failure" ]]; then
-            >&2 echo "🔴 fail-inputs-workflow-dispatch step was expected to fail"; exit 1
-          fi
-      - uses: ./
-        id: workflow-dispatch
-        name: "Dispatch Using workflow_dispatch Method"
-        with:
-          dispatch-method: "workflow_dispatch"
-          repo: "${{ github.event.repository.name }}"
-          owner: "${{ github.repository_owner }}"
-          ref: "refs/heads/main"
-          workflow: "${{ env.INTEGRATION_TEST_WORKFLOW_FILE }}"
-          token: "${{ secrets.GITHUB_TOKEN }}"
-          workflow-inputs: |
-            {
-              "string-type": "placeholder",
-              "number-type": "1",
-              "boolean-type": "true"
-            }
-      - uses: ./
-        id: repository-dispatch-custom-backoff
-        name: "Dispatch Using repositroy_dispatch Method and custom exponential backoff parameters"
-        with:
-          dispatch-method: "repository_dispatch"
-          event-type: "repository-dispatch"
-          repo: "${{ github.event.repository.name }}"
-          owner: "${{ github.repository_owner }}"
-          token: "${{ secrets.GITHUB_TOKEN }}"
-          workflow-inputs: |
-            {
-              "string-type": "placeholder",
-              "nested": {
-                "number-type": 1,
-                "boolean-type": true
-              }
-            }
-          starting-delay-ms: 150
-          max-attempts: 3
-          time-multiple: 1.5
-      - uses: ./
-        id: wait-repository-dispatch
-        name: "Dispatch Using repository_dispatch Method And Wait For Run-ID"
-        with:
-          dispatch-method: "repository_dispatch"
-          event-type: "repository-dispatch"
-          repo: "${{ github.event.repository.name }}"
-          owner: "${{ github.repository_owner }}"
-          token: "${{ secrets.GITHUB_TOKEN }}"
-          workflow-inputs: |
-            {
-              "string-type": "placeholder",
-              "nested": {
-                "number-type": 1,
-                "boolean-type": true
-              }
-            }
-          discover: true
-      - id: verify-repository-dispatch-outcome
-        name: Await Run ID ${{ steps.wait-repository-dispatch.outputs.run-id }}
-        uses: codex-/await-remote-run@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          repo: ${{ github.event.repository.name }}
-          owner: ${{ github.repository_owner }}
-          run_id: ${{ steps.wait-repository-dispatch.outputs.run-id }}
-      - id: verify-repository-dispatch-outputs
-        name: "Verify Action Outputs for repository-dispatch"
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          # wait-repository-dispatch
-          if [[ -z "${{ steps.wait-repository-dispatch.outputs.run-id }}" ]]; then
-            >&2 echo "🔴 wait-repository-dispatch step should output 'run-id'"; exit 1
-          fi
-
-          if [[ -z "${{ steps.wait-repository-dispatch.outputs.run-url }}" ]]; then
-            >&2 echo "🔴 wait-repository-dispatch step should output 'run-url'"; exit 1
-          fi
@@ -9,12 +9,6 @@ There was a need for this action as currently available actions...
 - Support the `workflow_dispatch` or `repository_dispatch` event, **but not both**
 - Use Run ID extraction algorithms that are either **API-intensive** or **unreliable** on repositories that experience a high velocity of workflows
 
-# Acknowledgements
-
-This GitHub Action is a fork of [`codex-/return-dispatch`](https://github.com/codex-/return-dispatch). This action supported the ability to extract a Run ID, but exclusively supported the `workflow_dispatch` method. I decided to fork this action as it had an intuitive code-base and excellent testing philosophy.
-
-From a **compatibility** and **performance** perspective, this GitHub Action superseedes [`codex-/return-dispatch`](https://github.com/codex-/return-dispatch), as it additionally supports the `repository_dispatch` method and uses a more efficient algorithm to extract the Run ID for a dispatched workflow
-
 # Usage
 
 ## Creating Dispatch Events
@@ -184,14 +178,14 @@ Dispatching a Workflow requires an authenticated `GITHUB_TOKEN`. The required pe
 
 ## Generating a `GITHUB_TOKEN`
 
-There are also multiple methods of generating `GITHUB_TOKEN`. If you are dispatching a workflow from the **current repository**, a **GitHub Actions Token** would be the most secure option. If you are dispatching a workflow to a **remote repository**, I would personally recommend a **GitHub App Token**. GitHub App Tokens are ephemeral (valid for 1 hour) and have fine grained access control over permissions and repositories. Additionally they are not bound to a particular developers identity, unlike a Personal Access Token.
+There are also multiple methods of generating `GITHUB_TOKEN`. If you are dispatching a workflow from the **current repository**, a **GitHub Actions Token** would be the most secure option. If you are dispatching a workflow to a **remote repository**, We would personally recommend a **GitHub App Token**. GitHub App Tokens are ephemeral (valid for 1 hour) and have fine grained access control over permissions and repositories. Additionally they are not bound to a particular developers identity, unlike a Personal Access Token.
 
 - Fine Grained Tokens
   - [GitHub Actions Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication)
   - [GitHub App Token](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow)
   - [Personal Access Token 🆕](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/)
 - Personal Access Tokens (Classic)
-  - I would **strongly** advise using this as they are not as secure as it's [fine-grained replacement](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/) and can potentially be configured without an expiry time.
+  - We would **strongly** advise using this as they are not as secure as it's [fine-grained replacement](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/) and can potentially be configured without an expiry time.
 
 The below table shows the neccessary permissions for all the unique combinations of these factors. If using a Fine Grained Token, ensure that the permissions correspond to the repository that contains the workflow you are attempting to dispatch.
 
 
@@ -11,19 +11,18 @@
     "lint": "eslint src/**/*.ts",
     "package": "ncc build --source-map --license licenses.txt",
     "test": "jest",
-    "all": "npm run build && npm run format && npm run lint && npm run package && npm test",
-    "release": "release-it"
+    "all": "npm run build && npm run format && npm run lint && npm run package && npm test"
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/lasithkoswattagamage/dispatch-workflow.git"
+    "url": "git+https://github.com/step-security/dispatch-workflow.git"
   },
   "keywords": [
     "actions",
     "node",
     "setup"
   ],
-  "author": "",
+  "author": "step-security",
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.10.1",