Update dependency https://github.com/lkubb/salt-extension-copier to v0.9.0

.copier-answers.yml

@@ -1,6 +1,6 @@
 # Autogenerated. Do not edit this by hand, use `copier update`.
 ---
-_commit: 0.8.0
+_commit: 0.9.0
 _src_path: https://github.com/lkubb/salt-extension-copier
 author: EITR Technologies, LLC
 author_email: devops@eitr.tech

.github/actions/upload-exitstatus/action.yml

@@ -0,0 +1,32 @@
+---
+name: upload-exitstatus
+description: Upload a job's status as an artifact
+inputs:
+  artifact_prefix:
+    required: false
+    default: exitstatus-
+  name:
+    required: false
+    default: ''
+
+runs:
+  using: composite
+
+  steps:
+
+      - name: Set Exit Status
+        if: always()
+        env:
+          OUTFILE: exitstatus/${{ inputs.name == '' && github.job || inputs.name }}
+        shell: bash
+        run: |
+          mkdir exitstatus
+          echo "${{ job.status }}" > "$OUTFILE"
+
+      - name: Upload Exit Status
+        if: always()
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
+        with:
+          name: ${{ inputs.artifact_prefix }}${{ inputs.name == '' && github.job || inputs.name }}
+          path: exitstatus
+          if-no-files-found: error

.github/workflows/ci.yml

@@ -3,37 +3,24 @@ name: CI
 
 on:
   workflow_call:
-    inputs:
-      deploy-docs:
-        required: false
-        type: boolean
-        default: false
-      release:
-        required: false
-        type: boolean
-        default: false
-      version:
-        required: false
-        type: string
-    secrets:
-      PYPI_API_TOKEN:
-        required: false
-      TEST_PYPI_API_TOKEN:
-        required: false
-
 
 jobs:
   get-changed-files:
     name: Get Changed Files
     uses: ./.github/workflows/get-changed-files.yml
+    permissions:
+      contents: read
+      pull-requests: read  # for dorny/paths-filter to read pull requests
 
   pre-commit:
     name: Pre-Commit
-    uses: ./.github/workflows/pre-commit-action.yml
     needs:
       - get-changed-files
+    uses: ./.github/workflows/pre-commit-action.yml
     with:
       changed-files: ${{ needs.get-changed-files.outputs.changed-files }}
+    permissions:
+      contents: read
 
   test:
     name: Test
@@ -46,130 +33,13 @@ jobs:
     needs:
       - pre-commit
     uses: ./.github/workflows/docs-action.yml
-
-  check-prepare-release:
-    name: Check if we can prepare release PR
-    if: >-
-      github.event_name == 'push' &&
-      github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
-    needs:
-      - docs
-      - test
-    runs-on: ubuntu-24.04
-    outputs:
-      news-fragments-available: ${{ steps.check-available.outputs.available }}
-
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
-
-      - name: Check if news fragments are available
-        id: check-available
-        run: |
-          if [ -n "$(find changelog -type f -not -name '.*' -print -quit)" ]; then
-            echo "available=1" >> "$GITHUB_OUTPUT"
-          else
-            echo "available=0" >> "$GITHUB_OUTPUT"
-          fi
-
-  prepare-release:
-    name: Prepare Release PR
-    if: ${{ needs.check-prepare-release.outputs.news-fragments-available == '1' }}
-    needs:
-      - check-prepare-release
-      - docs
-      - test
     permissions:
-      contents: write
-      pull-requests: write
-    uses: ./.github/workflows/prepare-release-action.yml
-
-  deploy-docs:
-    name: Deploy Docs
-    uses: ./.github/workflows/deploy-docs-action.yml
-    # Only build doc deployments from the default branch of the repo and never for PRs,
-    # unless the triggering event was the release PR being merged.
-    if: >-
-      inputs.deploy-docs &&
-      (
-        github.event_name != 'pull_request' ||
-        inputs.release
-      ) &&
-      github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
-    needs:
-      - docs
-      - test
+      contents: read
 
   build-python-package:
     name: Python Package
-    if: ${{ inputs.release && success() }}
-    uses: ./.github/workflows/package-action.yml
     needs:
       - pre-commit
-    with:
-      version: "${{ inputs.version }}"
-
-  deploy-python-package-test-pypi:
-    name: Deploy Python Package (Test PyPI)
-    uses: ./.github/workflows/deploy-package-action.yml
-    if: ${{ inputs.release && success() }}
-    needs:
-      - test
-      - docs
-      - build-python-package
-    secrets:
-      TEST_PYPI_API_TOKEN: "${{ secrets.TEST_PYPI_API_TOKEN }}"
-    with:
-      version: "${{ inputs.version }}"
-
-  deploy-python-package:
-    name: Deploy Python Package (PyPI)
-    uses: ./.github/workflows/deploy-package-action.yml
-    if: ${{ inputs.release && success() }}
-    needs:
-      - deploy-python-package-test-pypi
-    secrets:
-      PYPI_API_TOKEN: "${{ secrets.PYPI_API_TOKEN }}"
-    with:
-      test: false
-      version: "${{ inputs.version }}"
-
-  set-pipeline-exit-status:
-    # This step is just so we can make github require this step, to pass checks
-    # on a pull request instead of requiring all
-    name: Set the CI Pipeline Exit Status
-    runs-on: ubuntu-24.04
-    if: always()
-    needs:
-      - test
-      - docs
-      - deploy-docs
-      - build-python-package
-      - deploy-python-package-test-pypi
-      - deploy-python-package
-
-    steps:
-      - name: Download Exit Status Files
-        if: always()
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131  # v7.0.0
-        with:
-          path: exitstatus
-          pattern: exitstatus-*
-          merge-multiple: true
-
-      - name: Delete Exit Status Artifacts
-        if: always()
-        uses: geekyeggo/delete-artifact@7ee91e82b4a7f3339cd8b14beace3d826a2aac39  # v5.1.0
-        with:
-          name: exitstatus-*
-          useGlob: true
-          failOnError: false
-
-      - name: Set Pipeline Exit Status
-        run: |
-          tree exitstatus
-          grep -RE 'failure|cancelled' exitstatus/ && exit 1 || exit 0
-
-      - name: Done
-        if: always()
-        run:
-          echo "All workflows finished"
+    uses: ./.github/workflows/package-action.yml
+    permissions:
+      contents: read

.github/workflows/deploy-docs-action.yml

@@ -11,6 +11,12 @@ on:
         required: false
         default: html-docs
 
+
+permissions:
+  actions: read  # For downloading artifacts of other runs when called via workflow_run trigger
+  pages: write
+  id-token: write
+
 jobs:
 
   # The released docs are not versioned currently, only the latest ones are deployed.
@@ -31,18 +37,17 @@ jobs:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}
 
-    permissions:
-      pages: write
-      id-token: write
-
     runs-on: ubuntu-24.04
 
     steps:
+
       - name: Download built docs
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131  # v7.0.0
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3  # v8.0.0
         with:
           name: ${{ inputs.artifact-name }}
           path: html-docs
+          github-token: ${{ github.token }}
+          run-id: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.id || github.run_id }}
 
       - name: Upload GitHub Pages artifact
         uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b  # v4.0.0
@@ -63,16 +68,8 @@ jobs:
           name: html-docs-pages
           failOnError: false
 
-      - name: Set Exit Status
-        if: always()
-        run: |
-          mkdir exitstatus
-          echo "${{ job.status }}" > exitstatus/${{ github.job }}
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f  # v6.0.0
-        with:
-          name: exitstatus-${{ github.job }}
-          path: exitstatus
-          if-no-files-found: error
+        uses: ./.github/actions/upload-exitstatus