Update with all changes from skills-dev fork #93
Conversation
- Update template_owner parameter in README.md from skills-dev to skills - Ensures users copy the exercise from the correct organization
There was a problem hiding this comment.
Pull request overview
This PR pulls in upstream workflow/template updates (exercise-toolkit v0.7.3 and new comment/check patterns) alongside small learner-content fixes, as part of the broader skills-dev → skills migration effort.
Changes:
- Bump reusable workflows/templates from
skills/exercise-toolkittov0.7.3. - Replace
gh issue comment-based messaging/checks withpeter-evans/find-comment,GrantBirki/comment, andskills/action-keyphrase-checker. - Update learner-facing markdown (fix typo; update “GitHub Skills exercises” link).
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/0-start-exercise.yml | Updates to toolkit v0.7.3 and refactors how step content is posted/enabled. |
| .github/workflows/1-dependency-graph.yml | Refactors step validation/commenting and updates toolkit references. |
| .github/workflows/2-dependabot-alerts.yml | Refactors step validation/commenting and updates toolkit references. |
| .github/workflows/3-dependabot-security.yml | Refactors step validation/commenting and updates toolkit references. |
| .github/workflows/4-dependabot-versions.yml | Refactors step validation/commenting, updates toolkit references, and adjusts end-of-exercise flow. |
| .github/steps/4-dependabot-versions.md | Fixes “pre-poplulated” → “pre-populated”. |
| .github/steps/x-review.md | Updates the link to other GitHub Skills exercises. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| name: Start Exercise | ||
| uses: skills/exercise-toolkit/.github/workflows/start-exercise.yml@v0.6.0 | ||
| uses: skills/exercise-toolkit/.github/workflows/start-exercise.yml@v0.7.3 | ||
| with: | ||
| exercise-title: "Secure your Repository's Supply Chain" | ||
| intro-message: "Let's explore how to secure your repository's supply chain, understand dependencies in your environment, and find vulnerabilities in those dependencies and patch them. 💻✨" |
There was a problem hiding this comment.
The PR description says this change is limited to updating template_owner in README as part of the skills-dev -> skills migration, but this PR also makes substantial functional changes to the exercise workflows (new actions, new commenting/checking logic, workflow enable/disable behavior, and toolkit version bumps). Please update the PR description (or split the PR) so reviewers can validate the additional workflow behavior changes explicitly.
| jobs: | ||
| disable_workflows: | ||
| name: Disable workflows | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Disable all workflows | ||
| run: | | ||
| workflows=$(git ls-files .github/workflows | grep -E '\.yml$|\.yaml$') | ||
| for workflow in $workflows; do | ||
| workflow_name=$(basename "$workflow") | ||
| gh workflow disable "$workflow_name" || true | ||
| done | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| start_exercise: | ||
| if: | | ||
| !github.event.repository.is_template | ||
| name: Start Exercise |
There was a problem hiding this comment.
Step 0 no longer disables the other step workflows. Since Steps 1–3 are also triggered by push events to main, leaving them enabled can cause multiple step workflows to run on the same push and interfere with the intended step-by-step gating. Consider restoring the initial disable-all behavior (or otherwise ensuring only the intended step workflow is enabled at any time).
| uses: skills/exercise-toolkit/.github/workflows/finish-exercise.yml@v0.7.3 | ||
| with: | ||
| issue-url: ${{ needs.find_exercise.outputs.issue-url }} | ||
| exercise-title: "Secure your Repository Supply Chain" |
There was a problem hiding this comment.
exercise-title differs between the start workflow ("Secure your Repository's Supply Chain" in Step 0) and the finish workflow here ("Secure your Repository Supply Chain"). If the toolkit uses this value for matching/display, this inconsistency can break the exercise flow or produce confusing output. Please make the titles consistent across start/finish.
| exercise-title: "Secure your Repository Supply Chain" | |
| exercise-title: "Secure your Repository's Supply Chain" |
3 participants
This PR updates all references from
skills-devorganization toskillsorganization as part of the migration process.Changes
template_ownerparameter in README.md fromskills-devtoskillsPart of the skills-dev to skills organization migration effort.