chore: Allow use of run-script-and-commit GitHub action from non-Go projects

[lantoli]

Description

Allow use of run-script-and-commit GitHub action from non-Go projects, for example Terraform module repos.

Also fetches tags in case they're needed by the script to execute.

Link to any related issue(s): CLOUDP-365072

Type of change:

• Bug fix (non-breaking change which fixes an issue). Please, add the "bug" label to the PR.
• New feature (non-breaking change which adds functionality). Please, add the "enhancement" label to the PR. A migration guide must be created or updated if the new feature will go in a major version.
• Breaking change (fix or feature that would cause existing functionality to not work as expected). Please, add the "breaking change" label to the PR. A migration guide must be created or updated.
• This change requires a documentation update
• Documentation fix/enhancement

Required Checklist:

• I have signed the MongoDB CLA
• I have read the contributing guides
• I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
• I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
• I have added any necessary documentation (if appropriate)
• I have run make fmt and formatted my code
• If changes include deprecations or removals I have added appropriate changelog entries.
• If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.

Further comments

[semgrep-code-mongodb]

Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".

🚀 Fixed in commit 778f89c 🚀

[lantoli]

/fp no security issue as this code is equivalent to the previous code and we control what paths we pass

[maastha]

it may help to pass this as an env var or atleast validate via regex that repo-path can only be a path-like string

[lantoli]

@maastha cc @manupedrozo @EspenAlbert at the end I've changed repo-path to go-mod-path as it's only used for that, changed here: 778f89c

and adapted CFN repo which is the only one using it: mongodb/mongodbatlas-cloudformation-resources#1526

[Copilot]

Pull request overview

This PR enables the run-script-and-commit GitHub action to work with non-Go projects (such as Terraform modules) by making Go setup conditional based on the presence of a go.mod file.

• Adds conditional logic to detect whether the repository is a Go project
• Makes the Go setup step conditional based on project type detection
• Adds fetch-tags parameter to checkout action

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[manupedrozo]

Suggested change

	go-version-file: ${{ steps.check-go.outputs.go_mod_path }}
	go-version-file: ${{ steps.check-go.outputs.go_mod_path }}

[EspenAlbert]

what repository is checked out here when this is called from a different repo?

[lantoli]

callee repo, for example cluster module repo

[EspenAlbert]

Ty!