Update dependency https://github.com/salt-extensions/salt-extension-copier to v0.9.0

Author: salt-extensions-renovatebot[bot]

.copier-answers.yml

@@ -1,6 +1,6 @@
 # Autogenerated. Do not edit this by hand, use `copier update`.
 ---
-_commit: 0.7.5
+_commit: 0.9.0
 _src_path: https://github.com/salt-extensions/salt-extension-copier
 author: Will Sinatra
 author_email: durrendal@lambdacreate.com

.github/actions/upload-exitstatus/action.yml

@@ -0,0 +1,32 @@
+---
+name: upload-exitstatus
+description: Upload a job's status as an artifact
+inputs:
+  artifact_prefix:
+    required: false
+    default: exitstatus-
+  name:
+    required: false
+    default: ''
+
+runs:
+  using: composite
+
+  steps:
+
+      - name: Set Exit Status
+        if: always()
+        env:
+          OUTFILE: exitstatus/${{ inputs.name == '' && github.job || inputs.name }}
+        shell: bash
+        run: |
+          mkdir exitstatus
+          echo "${{ job.status }}" > "$OUTFILE"
+
+      - name: Upload Exit Status
+        if: always()
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
+        with:
+          name: ${{ inputs.artifact_prefix }}${{ inputs.name == '' && github.job || inputs.name }}
+          path: exitstatus
+          if-no-files-found: error

.github/workflows/ci.yml

@@ -3,37 +3,24 @@ name: CI
 
 on:
   workflow_call:
-    inputs:
-      deploy-docs:
-        required: false
-        type: boolean
-        default: false
-      release:
-        required: false
-        type: boolean
-        default: false
-      version:
-        required: false
-        type: string
-    secrets:
-      PYPI_API_TOKEN:
-        required: false
-      TEST_PYPI_API_TOKEN:
-        required: false
-
 
 jobs:
   get-changed-files:
     name: Get Changed Files
     uses: ./.github/workflows/get-changed-files.yml
+    permissions:
+      contents: read
+      pull-requests: read  # for dorny/paths-filter to read pull requests
 
   pre-commit:
     name: Pre-Commit
-    uses: ./.github/workflows/pre-commit-action.yml
     needs:
       - get-changed-files
+    uses: ./.github/workflows/pre-commit-action.yml
     with:
       changed-files: ${{ needs.get-changed-files.outputs.changed-files }}
+    permissions:
+      contents: read
 
   test:
     name: Test
@@ -46,6 +33,7 @@ jobs:
     needs:
       - pre-commit
     uses: ./.github/workflows/docs-action.yml
+<<<<<<< before updating
 
   check-prepare-release:
     name: Check if we can prepare release PR
@@ -78,33 +66,16 @@ jobs:
       - check-prepare-release
       - docs
       - test
+=======
+>>>>>>> after updating
     permissions:
-      contents: write
-      pull-requests: write
-    uses: ./.github/workflows/prepare-release-action.yml
-
-  deploy-docs:
-    name: Deploy Docs
-    uses: ./.github/workflows/deploy-docs-action.yml
-    # Only build doc deployments from the default branch of the repo and never for PRs,
-    # unless the triggering event was the release PR being merged.
-    if: >-
-      inputs.deploy-docs &&
-      (
-        github.event_name != 'pull_request' ||
-        inputs.release
-      ) &&
-      github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
-    needs:
-      - docs
-      - test
+      contents: read
 
   build-python-package:
     name: Python Package
-    if: ${{ inputs.release && success() }}
-    uses: ./.github/workflows/package-action.yml
     needs:
       - pre-commit
+<<<<<<< before updating
     with:
       version: "${{ inputs.version }}"
 
@@ -173,3 +144,8 @@ jobs:
         if: always()
         run:
           echo "All workflows finished"
+=======
+    uses: ./.github/workflows/package-action.yml
+    permissions:
+      contents: read
+>>>>>>> after updating

.github/workflows/deploy-docs-action.yml

@@ -11,6 +11,12 @@ on:
         required: false
         default: html-docs
 
+
+permissions:
+  actions: read  # For downloading artifacts of other runs when called via workflow_run trigger
+  pages: write
+  id-token: write
+
 jobs:
 
   # The released docs are not versioned currently, only the latest ones are deployed.
@@ -31,18 +37,21 @@ jobs:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}
 
-    permissions:
-      pages: write
-      id-token: write
-
     runs-on: ubuntu-24.04
 
     steps:
+
       - name: Download built docs
+<<<<<<< before updating
         uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131  # v7.0.0
+=======
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3  # v8.0.0
+>>>>>>> after updating
         with:
           name: ${{ inputs.artifact-name }}
           path: html-docs
+          github-token: ${{ github.token }}
+          run-id: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.id || github.run_id }}
 
       - name: Upload GitHub Pages artifact
         uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b  # v4.0.0
@@ -63,16 +72,16 @@ jobs:
           name: html-docs-pages
           failOnError: false
 
-      - name: Set Exit Status
-        if: always()
-        run: |
-          mkdir exitstatus
-          echo "${{ job.status }}" > exitstatus/${{ github.job }}
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
 
       - name: Upload Exit Status
         if: always()
+<<<<<<< before updating
         uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f  # v6.0.0
         with:
           name: exitstatus-${{ github.job }}
           path: exitstatus
           if-no-files-found: error
+=======
+        uses: ./.github/actions/upload-exitstatus
+>>>>>>> after updating

.github/workflows/deploy-package-action.yml

@@ -1,60 +1,152 @@
 ---
-name: Deploy Salt Extension Python Package
+name: Release Salt Extension Python Package
 
 on:
-  workflow_call:
-    inputs:
-      test:
-        type: boolean
-        required: false
-        default: true
-      version:
-        type: string
-        required: true
-    secrets:
-      PYPI_API_TOKEN:
-        required: false
-      TEST_PYPI_API_TOKEN:
-        required: false
+  workflow_run:
+    types:
+      - completed
+    workflows:
+      - Auto PR Releases
+      - Tagged Releases
 
 jobs:
-  build:
-    name: Publish Python Package to ${{ ! inputs.test && 'PyPI' || 'Test PyPI' }}
+  get_version:
+    name: Get package version
     runs-on: ubuntu-24.04
+    if: github.event.workflow_run.conclusion == 'success'
+    permissions:
+      actions: read
+    outputs:
+      version: ${{ steps.extract-version.outputs.version }}
 
     steps:
+      - name: Download expected version
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3  # v8.0.0
+        with:
+          name: version.txt
+          path: ${{ runner.temp }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
+
       - name: Download Python Package Artifacts
+<<<<<<< before updating
         uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131  # v7.0.0
+=======
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3  # v8.0.0
+>>>>>>> after updating
         with:
-          name: salt-extension-${{ inputs.version }}-packages
+          name: salt-extension-packages
           path: dist
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - name: Extract and verify package version
+        id: extract-version
+        run: |-
+          wheel_file="$(find dist -name '*.whl' | head -n 1)"
+          test -n "$wheel_file" || exit 1
+          unzip "$wheel_file" -d "$RUNNER_TEMP/extract"
+          dist_info="$(find "$RUNNER_TEMP/extract" -type d -name '*.dist-info' | head -n 1)"
+          test -n "$dist_info" || exit 1
+          package_version="$(sed -n 's/^Version:\s*\(\S*\)$/\1/p' "$dist_info/METADATA")"
+          test -n "$package_version" || exit 1
+          expected_version="$(cat "$RUNNER_TEMP/version.txt" | head -n 1)"
+          echo "Detected package version: $package_version"
+          echo "Expected version: $expected_version"
+          test "$package_version" = "$expected_version" || exit 1
+          echo "version=$expected_version" >> "$GITHUB_OUTPUT"
+
+  test_release:
+    name: Publish Python Package to Test PyPI
+    runs-on: ubuntu-24.04
+    needs:
+      - get_version
+    permissions:
+      actions: read
+      id-token: write
+
+    steps:
+      - name: Download Python Package Artifacts
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3  # v8.0.0
+        with:
+          name: salt-extension-packages
+          path: dist
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
 
       - name: Publish distribution to Test PyPI
-        uses: pypa/gh-action-pypi-publish@1bb664cc2ddedbbfdde43d4ac135d5836b7bf40f # v1.11.0
-        if: ${{ inputs.test }}
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
         with:
-          attestations: false
+          attestations: ${{ secrets.TEST_PYPI_API_TOKEN == '' }}
           password: ${{ secrets.TEST_PYPI_API_TOKEN }}
           repository-url: https://test.pypi.org/legacy/
+          verbose: ${{ runner.debug == '1' }}
+
+  pypi_release:
+    name: Publish Python Package to PyPI
+    runs-on: ubuntu-24.04
+    needs:
+      - test_release
+    permissions:
+      actions: read
+      id-token: write
+    environment:
+      name: release
+      url: https://pypi.org/p/saltext.nebula
+
+    steps:
+      - name: Download Python Package Artifacts
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3  # v8.0.0
+        with:
+          name: salt-extension-packages
+          path: dist
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - name: Publish distribution to PyPI
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+        with:
+          attestations: ${{ secrets.PYPI_API_TOKEN == '' }}
+          password: ${{ secrets.PYPI_API_TOKEN }}
+          verbose: ${{ runner.debug == '1' }}
+
+  docs_release:
+    name: Deploy Docs
+    uses: ./.github/workflows/deploy-docs-action.yml
+    needs:
+      - pypi_release
+      - get_version
+    permissions:
+      actions: read
+      pages: write
+      id-token: write
+
+  gh_release:
+    name: Create GitHub release
+    runs-on: ubuntu-24.04
+    needs:
+      - pypi_release
+      - get_version
+    permissions:
+      actions: read
+      contents: write
+
+    steps:
+      - name: Download Python Package Artifacts
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3  # v8.0.0
+        with:
+          name: salt-extension-packages
+          path: dist
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
 
       - name: Create GitHub Release
-        if: ${{ !inputs.test }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VERSION: ${{ needs.get_version.outputs.version }}
         run: |
-          gh release create "v${{ inputs.version }}" \
+          gh release create "v${{ needs.get_version.outputs.version }}" \
               --repo="$GITHUB_REPOSITORY" \
-              --title="${GITHUB_REPOSITORY#*/} ${{ inputs.version }}" \
+              --title="${GITHUB_REPOSITORY#*/} $VERSION" \
               --generate-notes \
               dist/*
-
-      - name: Publish distribution to PyPI
-        uses: pypa/gh-action-pypi-publish@1bb664cc2ddedbbfdde43d4ac135d5836b7bf40f # v1.11.0
-        if: ${{ !inputs.test }}
-        with:
-          # Attestations are only submitted when using Trusted Publishing,
-          # which is triggered by secrets.PYPI_API_TOKEN not being set.
-          # They don't work with reusable workflows at the moment.
-          # It's related to https://github.com/pypi/warehouse/issues/11096
-          attestations: false
-          password: ${{ secrets.PYPI_API_TOKEN }}