Releases: microsoft/apm-action
v1.7.3
What's Changed
- chore: bump APM CLI default to v0.13.0 by @danielmeppiel in #39
Full Changelog: v1.7.2...v1.7.3
Contributors
Assets 2
v1
What's Changed
- Adding Microsoft SECURITY.MD by @microsoft-github-policy-service[bot] in #2
- feat: compact summary-first output for GH AW truncation resilience by @danielmeppiel in #4
- fix: rename marketplace name to Setup APM by @danielmeppiel in #5
New Contributors
- @microsoft-github-policy-service[bot] made their first contribution in #2
- @danielmeppiel made their first contribution in #4
Full Changelog: https://github.com/microsoft/apm-action/commits/v1
What's Changed
- docs: add 'copilot' as primary target name in docs and action.yml by @danielmeppiel in #7
- fix: anchor clearPrimitives boundary to working-directory, not GITHUB_WORKSPACE by @danielmeppiel in #8
- refactor: use path.relative for traversal guard, wrap env mutation in try/finally by @danielmeppiel in #9
Full Changelog: v1.1.0...v1
What's Changed
- fix: mode-aware directory creation + allow absolute bundle paths by @danielmeppiel in #10
Full Changelog: v1.2.0...v1
What's Changed
- fix: implement version pinning with @actions/tool-cache v4 by @danielmeppiel in #11
Full Changelog: v1.3.0...v1
What's Changed
- feat: add audit-report input for SARIF report generation by @danielmeppiel in #14
Full Changelog: v1.3.1...v1
What's Changed
- fix: pass github-token input to APM subprocess as GITHUB_TOKEN by @danielmeppiel in #15
Full Changelog: v1.3.2...v1
What's Changed
- fix: preserve caller's GITHUB_TOKEN when already set in environment by @danielmeppiel in #16
Full Changelog: v1.3.3...v1
What's Changed
- feat: auto-forward github-token as GITHUB_APM_PAT + document private repo auth by @Copilot in #19
New Contributors
- @Copilot made their first contribution in #19
Full Changelog: v1.3.4...v1
What's Changed
- fix: do not shadow caller GITHUB_TOKEN with GITHUB_APM_PAT by @danielmeppiel in #21
Full Changelog: v1.4.0...v1
What's Changed
- chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in #23
Full Changelog: v1.5.0...v1
What's Changed
- chore: bump APM CLI default to v0.12.4 (cuts v1.7.2) by @danielmeppiel in #38
Full Changelog: v1.7.1...v1
Contributors
Assets 2
v1.7.2
What's Changed
- chore: bump APM CLI default to v0.12.4 (cuts v1.7.2) by @danielmeppiel in #38
Full Changelog: v1.7.1...v1.7.2
Contributors
Assets 2
v1.7.1
What's Changed
- fix(install): forward
--targetto additiveapm install(non-isolated) by @danielmeppiel in #36 - docs(changelog): cut 1.7.1 by @danielmeppiel in #37
Full Changelog: v1.7.0...v1.7.1
Contributors
Assets 2
v1.7.0
What's Changed
- fix(isolated): inject target input into generated apm.yml by @danielmeppiel in #33
- fix: validate
targetinput before YAML/CLI interpolation by @danielmeppiel in #34 - docs(changelog): cut 1.7.0 by @danielmeppiel in #35
Full Changelog: v1.6.0...v1.7.0
Contributors
Assets 2
v1.6.0
What's Changed
- feat: bundle-format input + setup-only mode (#24) by @danielmeppiel in #31
- docs(changelog): inventory all releases through v1.6.0 by @danielmeppiel in #32
Full Changelog: v1.5.1...v1.6.0
Contributors
Assets 2
v1.5.1
Security
Bumps handlebars (dev-dep) 4.7.8 -> 4.7.9 to clear CVE-2024-4068 (prototype pollution; transitive braces advisory chain). No runtime behavior changes; handlebars is only used by the test toolchain.
What's Changed
- chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by @dependabot in #23
Floating tags
v1 moved to v1.5.1 (was previously stuck on v1.4.2). Consumers pinning microsoft/apm-action@v1 get the patch automatically.
Full Changelog: v1.5.0...v1.5.1
What's Changed
- chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in #23
Full Changelog: v1.5.0...v1.5.1
Contributors
Assets 2
v1.5.0
What's Changed
- feat: multi-bundle restore via bundles-file: input by @danielmeppiel in #30
Full Changelog: v1.4.2...v1.5.0
Contributors
Assets 2
v1.4.2
What's Changed
- chore(deps): bump picomatch by @dependabot[bot] in #20
- chore(deps-dev): bump flatted from 3.3.4 to 3.4.2 by @dependabot[bot] in #17
- chore(deps): bump undici from 6.23.0 to 6.24.1 by @danielmeppiel in #22
- fix(restore): install APM and unpack via apm CLI to avoid dirtying workspace by @danielmeppiel in #27
New Contributors
- @dependabot[bot] made their first contribution in #20
Full Changelog: v1.4.1...v1.4.2
Contributors
Assets 2
v1.4.1
What's Changed
Bug fix: Do not shadow caller's GITHUB_TOKEN with GITHUB_APM_PAT (#21)
When a caller provides GITHUB_TOKEN via step/job-level env: (e.g., a GitHub App token from gh-aw for cross-org private repo access), the action no longer injects the default github.token into GITHUB_APM_PAT. Since APM CLI's token precedence is GITHUB_APM_PAT > GITHUB_TOKEN, this was causing the wrong token to be used, resulting in "Repository not found" / "Authentication failed" errors.
Also treats empty-string GITHUB_TOKEN as not-provided, ensuring the input token is correctly forwarded in edge cases.
Full Changelog: v1.4.0...v1.4.1
What's Changed
- fix: do not shadow caller GITHUB_TOKEN with GITHUB_APM_PAT by @danielmeppiel in #21
Full Changelog: v1.4.0...v1.4.1