chore: Cherry-picked changes from upstream

[github-actions]

Cherry-picked changes from upstream.

[github-actions]

🚀 PR Updated!

The PR has been updated with the latest cherry-picked commits.

@step-security/maintained-actions-dev Please review and approve the changes.

📦 Target Release Version: v6.0.1

⚠️ Completely Skipped Commits Due to only modifying files in: package.json, package-lock.json, yarn.lock, node_modules/, dist/, or .gitignore

• 778341af668090896ca464160c2def5d1d1a3eb0

❗ Missing Files:

• CHANGELOG.md

[claude]

Claude finished @github-actions[bot]'s task —— View job

---

PR Review Complete

Todo List:

• Read CLAUDE.md file for review guidelines (No CLAUDE.md found)
• Examine changed files to understand modifications
• Analyze changes for potential issues
• Provide comprehensive review feedback

Summary of Changes:

• entrypoint.sh & dist/entrypoint.sh (line 48): Commented out _check_if_repository_is_in_detached_state function call
• tests/git-auto-commit.bats (line 1101): Added skip to disable detached state test

---

Review Feedback

✅ Positive Aspects:

1. Code consistency: Both entrypoint.sh and dist/entrypoint.sh were updated identically, maintaining consistency between source and distribution files.
2. Test alignment: The corresponding test was properly disabled with skip to match the behavior change.
3. Clean implementation: Changes use standard commenting approach rather than removing code entirely.

⚠️ Concerns & Recommendations:

1. Missing Documentation (High Priority)
The README.md specifically mentions the importance of avoiding detached state:

"Do this to avoid checking out the repository in a detached state" (line 211)

Recommendation: Update documentation to reflect this behavioral change and explain when/why users might encounter detached states without the check.

2. Potential Silent Failures (Medium Priority)
Removing the detached state check means the action may now silently fail or behave unexpectedly when running in detached HEAD state, rather than providing clear error messaging.

Recommendation: Consider adding logging to indicate when the action detects but allows detached state, so users have visibility into this condition.

3. Missing Changelog Entry (Medium Priority)
This is a breaking behavioral change that should be documented for users upgrading.

Recommendation: Add entry to CHANGELOG.md explaining the change and its implications.

4. Test Coverage Gap (Low Priority)
The disabled test at lines 1100-1118 in tests/git-auto-commit.bats represents a gap in test coverage for detached state scenarios.

Recommendation: Consider replacing the disabled test with a test that verifies the action proceeds successfully in detached state rather than failing.

🔍 Technical Analysis:

File: entrypoint.sh:48 & dist/entrypoint.sh:48

# _check_if_repository_is_in_detached_state

The function _check_if_repository_is_in_detached_state (lines 120-128) remains in the codebase but is no longer invoked. This function previously checked git symbolic-ref HEAD and exited with error code 1 if the repository was in detached state.

Impact: Users working in detached HEAD scenarios (common in CI/CD environments with specific commit checkouts) will no longer encounter blocking errors, but may experience unexpected behavior without clear feedback.

🎯 Overall Assessment:

This change appears to address a legitimate use case where detached HEAD state shouldn't be a blocking condition. However, the implementation lacks supporting documentation and user communication about this behavioral change.

Approval Status: ⚠️ Conditional - The code changes are technically sound, but require documentation updates before merge to maintain user experience quality.

---

[claude]

Claude finished @github-actions[bot]'s task —— View job

---

PR Review Complete

Todo List:

• Read CLAUDE.md file for review guidelines (No CLAUDE.md found)
• Examine changed files to understand modifications
• Analyze changes for potential issues
• Provide comprehensive review feedback

Summary of Changes:

• entrypoint.sh & dist/entrypoint.sh (line 48): Commented out _check_if_repository_is_in_detached_state function call
• tests/git-auto-commit.bats (line 1101): Added skip to disable detached state test

---

Review Feedback

✅ Positive Aspects:

1. Code consistency: Both entrypoint.sh and dist/entrypoint.sh were updated identically, maintaining consistency between source and distribution files.
2. Test alignment: The corresponding test was properly disabled with skip to match the behavior change.
3. Clean implementation: Changes use standard commenting approach rather than removing code entirely.

⚠️ Concerns & Recommendations:

1. Missing Documentation (High Priority)
The README.md specifically mentions the importance of avoiding detached state:

"Do this to avoid checking out the repository in a detached state" (line 211)

Recommendation: Update documentation to reflect this behavioral change and explain when/why users might encounter detached states without the check.

2. Potential Silent Failures (Medium Priority)
Removing the detached state check means the action may now silently fail or behave unexpectedly when running in detached HEAD state, rather than providing clear error messaging.

Recommendation: Consider adding logging to indicate when the action detects but allows detached state, so users have visibility into this condition.

3. Missing Changelog Entry (Medium Priority)
This is a breaking behavioral change that should be documented for users upgrading.

Recommendation: Add entry to CHANGELOG.md explaining the change and its implications.

4. Test Coverage Gap (Low Priority)
The disabled test at lines 1100-1118 in tests/git-auto-commit.bats represents a gap in test coverage for detached state scenarios.

Recommendation: Consider replacing the disabled test with a test that verifies the action proceeds successfully in detached state rather than failing.

🔍 Technical Analysis:

File: entrypoint.sh:48 & dist/entrypoint.sh:48

# _check_if_repository_is_in_detached_state

The function _check_if_repository_is_in_detached_state (lines 120-128) remains in the codebase but is no longer invoked. This function previously checked git symbolic-ref HEAD and exited with error code 1 if the repository was in detached state.

Impact: Users working in detached HEAD scenarios (common in CI/CD environments with specific commit checkouts) will no longer encounter blocking errors, but may experience unexpected behavior without clear feedback.

🎯 Overall Assessment:

This change appears to address a legitimate use case where detached HEAD state shouldn't be a blocking condition. However, the implementation lacks supporting documentation and user communication about this behavioral change.

Approval Status: ⚠️ Conditional - The code changes are technically sound, but require documentation updates before merge to maintain user experience quality.

---

[claude]

Claude finished @github-actions[bot]'s task —— View job

---

PR Review Based on Repository Analysis

Todo List:

• Read CLAUDE.md file for review guidelines (No CLAUDE.md found)
• Examine changed files to understand modifications
• Analyze changes for potential issues
• Provide comprehensive review feedback

Summary of Changes:

• entrypoint.sh & dist/entrypoint.sh (line 48): Commented out _check_if_repository_is_in_detached_state function call
• tests/git-auto-commit.bats (line 1101): Added skip to disable detached state test

---

Review Feedback

✅ Positive Aspects:

1. Code consistency: Both entrypoint.sh and dist/entrypoint.sh were updated identically, maintaining consistency between source and distribution files.
2. Test alignment: The corresponding test was properly disabled with skip to match the behavior change.
3. Clean implementation: Changes use standard commenting approach rather than removing code entirely.

⚠️ Concerns & Recommendations:

1. Missing Documentation (High Priority)
The README.md specifically mentions the importance of avoiding detached state:

"Do this to avoid checking out the repository in a detached state" (line 211)

Recommendation: Update documentation to reflect this behavioral change and explain when/why users might encounter detached states without the check.

2. Potential Silent Failures (Medium Priority)
Removing the detached state check means the action may now silently fail or behave unexpectedly when running in detached HEAD state, rather than providing clear error messaging.

Recommendation: Consider adding logging to indicate when the action detects but allows detached state, so users have visibility into this condition.

3. Missing Changelog Entry (Medium Priority)
This is a breaking behavioral change that should be documented for users upgrading.

Recommendation: Add entry to CHANGELOG.md explaining the change and its implications.

4. Test Coverage Gap (Low Priority)
The disabled test at lines 1100-1118 in tests/git-auto-commit.bats represents a gap in test coverage for detached state scenarios.

Recommendation: Consider replacing the disabled test with a test that verifies the action proceeds successfully in detached state rather than failing.

🔍 Technical Analysis:

File: entrypoint.sh:48 & dist/entrypoint.sh:48

# _check_if_repository_is_in_detached_state

The function _check_if_repository_is_in_detached_state (lines 120-128) remains in the codebase but is no longer invoked. This function previously checked git symbolic-ref HEAD and exited with error code 1 if the repository was in detached state.

Impact: Users working in detached HEAD scenarios (common in CI/CD environments with specific commit checkouts) will no longer encounter blocking errors, but may experience unexpected behavior without clear feedback.

🎯 Overall Assessment:

This change appears to address a legitimate use case where detached HEAD state shouldn't be a blocking condition. However, the implementation lacks supporting documentation and user communication about this behavioral change.

Approval Status: ⚠️ Conditional - The code changes are technically sound, but require documentation updates before merge to maintain user experience quality.

---