build(deps): bump redhat-plumbers-in-action/differential-shellcheck from 3 to 4

[dependabot]

Bumps redhat-plumbers-in-action/differential-shellcheck from 3 to 4.

Release notes

Sourced from redhat-plumbers-in-action/differential-shellcheck's releases.

v4.0.0

What's Changed

• Tag latest is no longer available. Use major tags instead (e.g. v4).

• Action can be triggered using the GitHub push event

  on:
    push:
  jobs:
  lint:
  runs-on: ubuntu-latest
  steps:
    - uses: actions/checkout@v3
      with:
        fetch-depth: 0
  
  uses: redhat-plumbers-in-action/differential-shellcheck@v4
  with:
  token: ${{ secrets.GITHUB_TOKEN }}

Action now performs full scans on the push event by default and on the manual trigger when requested

SARIF file is now exposed under output sarif for further use.

  - if: ${{ always() }}
    name: Upload artifact with defects in SARIF format
    uses: actions/upload-artifact@v3
    with:
      name: Differential ShellCheck SARIF
      path: ${{ steps.ShellCheck.outputs.sarif }}
      retention-days: 7

Removal of unused output - ENV.LIST_OF_SCRIPTS

Increased code coverage

Some minor bugfixes, ShellCheck fixes, and CI updates

Breaking

• Don't update the latest tag, to avoid breakage 🛑 (#156) @​jamacku

New

• Expose SARIF results as output for further use 📦 (#110) @​jamacku, @​kdudka
• Support full ShellCheck scans 🕵️ (#167) @​jamacku, @​siteshwar

... (truncated)

Changelog

Sourced from redhat-plumbers-in-action/differential-shellcheck's changelog.

Changelog

v4.0.0

• Tag latest is no longer available. Use major tags instead (e.g. v3 or v4).

• Action can be triggered using GitHub push event

  on:
    push:
  jobs:
  lint:
  runs-on: ubuntu-latest
  steps:
    - uses: actions/checkout@v3
      with:
        fetch-depth: 0
  
  uses: redhat-plumbers-in-action/differential-shellcheck@v4
  id: ShellCheck
  with:
  token: ${{ secrets.GITHUB_TOKEN }}

Note: When using --force action doesn't work properly when triggered on push events

Action now perform full scans on push event by default and on manual trigger when requested

Addition of new Summary page for full scans

SARIF file is now exposed under output sarif for further use.

  - if: ${{ always() }}
    name: Upload artifact with defects in SARIF format
    uses: actions/upload-artifact@v3
    with:
      name: Differential ShellCheck SARIF
      path: ${{ steps.ShellCheck.outputs.sarif }}
      retention-days: 7

Removal of unused output - ENV.LIST_OF_SCRIPTS

Increased code coverage

Some minor bugfixes, ShellCheck fixes, and CI updates

v3.3.0

• Container images now based on Fedora 37
• ShellCheck - 0.7.2 -> 0.8.0

... (truncated)

Commits

• 67b2681 v4.0.1
• fde74a1 feat: expose SARIF results for further use
• efc9edd test: use GITHUB_EVENT_NAME only when var is undefined
• c089fbe build(deps): bump test/test_helper/bats-assert
• fad15c0 build(deps): bump test/bats from e6db0b8 to 56507db
• 82b64db build(deps): bump test/test_helper/bats-file from f9154f4 to b45ed3d
• f7858da build(deps): bump release-drafter/release-drafter from 5.21.1 to 5.22.0
• d549173 build(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2
• 1f27553 build(deps): bump actions/checkout from 3.2.0 to 3.3.0
• ec15ac2 build(deps): bump github/super-linter from 4.9.7 to 4.10.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)