Bump PSModule/Publish-PSModule from 2.2.4 to 3.0.0

[dependabot]

Bumps PSModule/Publish-PSModule from 2.2.4 to 3.0.0.

Release notes

Sourced from PSModule/Publish-PSModule's releases.

v3.0.0

🌟 [Major]: Version calculation removed — artifact must be pre-stamped before publish (#71)

Publish-PSModule no longer calculates or mutates the module version. The artifact passed in must already contain the final ModuleVersion (and Prerelease tag, if any) stamped by the upstream build. Published GitHub Releases now include a downloadable zip of the exact module folder that was tested and pushed to the Gallery.

Breaking Changes

Version-calculation inputs have been removed. Callers must supply a pre-stamped artifact:

Removed inputs:

• AutoPatching
• IncrementalPrerelease
• DatePrereleaseFormat
• VersionPrefix
• MajorLabels, MinorLabels, PatchLabels, IgnoreLabels
• ReleaseType

Migration: Consumers on PSModule/Process-PSModule get this for free — the workflow resolves the version in the Plan job and stamps it during Build. Direct callers outside of Process-PSModule must use Resolve-PSModuleVersion to compute the version and Build-PSModule v5+ to stamp it before invoking this action.

New: Module zip uploaded to GitHub Release

After creating a GitHub Release, the module folder is zipped (<Name>-<Version>.zip) and uploaded as a release asset. The zip preserves the <Name>/ directory structure so it can be extracted directly into a PowerShell module path.

Changed: Cleanup only runs after stable releases

The cleanup step (which removes old prerelease tags/releases) now only executes when the publish was a stable release. Previously it could inadvertently delete the just-published prerelease. Cleanup also filters on isPrerelease to avoid accidentally deleting stable releases whose tag happens to match the derived prerelease name.

Technical Details

• Deleted src/init.ps1 (the old version-calculation script).
• src/publish.ps1 reads ModuleVersion and Prerelease directly from the downloaded manifest via Import-PowerShellDataFile, validates 3-part format, then publishes untouched via Publish-PSResource.
• Test-ModuleManifest is called as advisory validation (non-terminating) since the built artifact may reference RequiredModules not installed on the runner. Structural validation is enforced by explicit regex guards on ModuleVersion and Prerelease.
• src/cleanup.ps1 derives the prerelease name from the PR head ref, filters on isPrerelease, and explicitly excludes the just-published release tag from deletion.
• action.yml cleanup step gated on env.PSMODULE_PUBLISH_PSMODULE_CONTEXT_IsPrerelease != 'true'.
• GITHUB_ENV writes use utf8NoBOM encoding to prevent BOM corruption.
• Zip upload and temp file cleanup wrapped in try/finally for reliable cleanup on failure.

• Fixes PSModule/Process-PSModule#326
• PSModule/Process-PSModule#342
• PSModule/Resolve-PSModuleVersion#1
• PSModule/Build-PSModule#136

Commits

• 03c0f8b 🌟 [Major]: Version calculation removed — artifact must be pre-stamped before ...
• 72572ee Bump super-linter/super-linter from 8.5.0 to 8.6.0 (#69)
• f27e4ca Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#70)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Super-linter summary

Language	Validation result
CHECKOV	Pass ✅
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
MARKDOWN	Pass ✅
NATURAL_LANGUAGE	Pass ✅
POWERSHELL	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅
YAML	Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter