From d051cba30053fa1b1f9420671e04e79caf51356d Mon Sep 17 00:00:00 2001
From: Rob Larsen <rob@htmlcssjavascript.com>
Date: Tue, 9 Sep 2025 18:37:58 +0000
Subject: [PATCH 1/2] trying this a different way!

---
 .github/workflows/build-dist.yml | 45 ++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 .github/workflows/build-dist.yml

diff --git a/.github/workflows/build-dist.yml b/.github/workflows/build-dist.yml
new file mode 100644
index 0000000000..8b965736df
--- /dev/null
+++ b/.github/workflows/build-dist.yml
@@ -0,0 +1,45 @@
+name: Build and PR dist changes
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  build-and-pr-dist:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build project
+        run: npm run build
+
+      - name: Check for dist changes
+        id: git-diff
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git add dist
+          if git diff --cached --quiet; then
+            echo "changed=false" >> $GITHUB_OUTPUT
+          else
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create Pull Request for dist changes
+        if: steps.git-diff.outputs.changed == 'true'
+        uses: peter-evans/create-pull-request@v6
+        with:
+          commit-message: "chore(dist): update dist folder after build"
+          title: "chore(dist): update dist folder after build"
+          body: "This PR updates the dist folder with the latest build output."
+          branch: update-dist-after-build
+          add-paths: dist

From 97a7bc3e2bf38061cc3ee3af15052fcf11886f82 Mon Sep 17 00:00:00 2001
From: Christian Oliff <christian_oliff@trimble.com>
Date: Thu, 11 Sep 2025 10:17:22 +0900
Subject: [PATCH 2/2] Update GitHub Actions to use specific commit SHAs

Changed actions/checkout and actions/setup-node to reference specific commit SHAs for improved security and reproducibility. Also set 'persist-credentials' to false for checkout.
---
 .github/workflows/build-dist.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-dist.yml b/.github/workflows/build-dist.yml
index 8b965736df..3882185381 100644
--- a/.github/workflows/build-dist.yml
+++ b/.github/workflows/build-dist.yml
@@ -9,10 +9,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         with:
           node-version: "lts/*"