npm - @codfish/actions - Versions diffs - 1.1.0 → 2.0.1 - Mend

@codfish/actions 1.1.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/.github/workflows/claude.yml +0 -1
package/AGENT.md +21 -1
package/README.md +22 -17
package/SECURITY.md +2 -2
package/bin/generate-docs.js +2 -2
package/comment/README.md +5 -5
package/npm-publish-pr/README.md +8 -8
package/npm-publish-pr/action.yml +22 -15
package/package.json +1 -1
package/setup-node-and-install/README.md +23 -21
package/setup-node-and-install/action.yml +98 -123
package/tests/integration/comment/basic.bats +11 -11
package/tests/integration/npm-pr-version/basic.bats +131 -46
package/tests/integration/setup-node-and-install/basic.bats +471 -33

package/.github/workflows/claude.yml CHANGED Viewed

@@ -24,7 +24,6 @@ jobs:
       contents: read
       pull-requests: read
       issues: read
-      id-token: write
     steps:
       - name: Checkout repository

package/AGENT.md CHANGED Viewed

@@ -62,7 +62,8 @@ This project uses **pnpm** as the package manager. All commands should use pnpm:
 - `comment` - Creates or updates pull request comments with intelligent upsert functionality using unique tags
   - **IMPORTANT**: Any job using the comment action must include `permissions: pull-requests: write`
 - `setup-node-and-install` - Sets up Node.js environment and installs dependencies with automatic package manager
-  detection, intelligent caching, and .nvmrc/.node-version support
+  detection, intelligent caching, and dynamic Node version detection via input, `.node-version`, `.nvmrc`, or
+  `package.json` `volta.node`. Validation is relaxed; the action no longer fails when no version is detected.
 ## Testing
@@ -127,3 +128,22 @@ The project implements multiple security measures:
 - **Vulnerability auditing**: Regular pnpm audit checks
 - **Note**: Dependency review requires GitHub Advanced Security (available free on public repos, paid feature for
   private repos)
+## Code Quality and File Editing Rules
+### Bats File Editing Rules
+**CRITICAL**: After editing any `.bats` file, ALWAYS check for and remove trailing spaces:
+1. Run: `grep -n " $" path/to/file.bats`
+2. If any trailing spaces are found, remove them immediately
+3. Bats files are NOT automatically formatted by eslint/prettier, so manual cleanup is required
+4. Trailing spaces in bats files can cause test execution issues
+### General File Editing Guidelines
+- Do what has been asked; nothing more, nothing less
+- NEVER create files unless they're absolutely necessary for achieving your goal
+- ALWAYS prefer editing an existing file to creating a new one
+- NEVER proactively create documentation files (\*.md) or README files. Only create documentation files if explicitly
+  requested by the User

package/README.md CHANGED Viewed

@@ -25,8 +25,8 @@ Reference actions using the following format:
 ```yaml
 uses: codfish/actions/{action-name}@main
-uses: codfish/actions/{action-name}@v1
-uses: codfish/actions/{action-name}@v1.0.1
+uses: codfish/actions/{action-name}@v2
+uses: codfish/actions/{action-name}@v2.0.1
 uses: codfish/actions/{action-name}@feature-branch
 uses: codfish/actions/{action-name}@aff1a9d
 ```
@@ -51,7 +51,7 @@ Creates or updates a comment in a pull request with optional tagging for upsert
 ```yaml
 - name: Comment on PR
-  uses: codfish/actions/comment@v1
+  uses: codfish/actions/comment@v2
   with:
     message: '✅ Build successful!'
     tag: 'build-status'
@@ -67,7 +67,7 @@ automatically comments on PR
 | Input          | Description                                                                         | Required | Default          |
 | -------------- | ----------------------------------------------------------------------------------- | -------- | ---------------- |
-| `npm-token`    | Registry authentication token with publish permissions (works with npm/yarn/pnpm)   | No       | -                |
+| `npm-token`    | Registry authentication token with publish permissions (works with npm/yarn/pnpm)   | Yes      | -                |
 | `github-token` | GitHub token with pull request comment permissions (typically secrets.GITHUB_TOKEN) | Yes      | -                |
 | `comment`      | Whether to comment on the PR with the published version (true/false)                | No       | `true`           |
 | `comment-tag`  | Tag to use for PR comments (for comment identification and updates)                 | No       | `npm-publish-pr` |
@@ -86,13 +86,13 @@ automatically comments on PR
 steps:
   - uses: actions/checkout@v5
-  - uses: codfish/actions/setup-node-and-install@v1
+  - uses: codfish/actions/setup-node-and-install@v2
     with:
       node-version: lts/*
   - run: npm run build
-  - uses: codfish/actions/npm-pr-version@v1
+  - uses: codfish/actions/npm-pr-version@v2
     with:
       npm-token: ${{ secrets.NPM_TOKEN }}
       github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -101,16 +101,21 @@ steps:
 ### [setup-node-and-install](./setup-node-and-install/)
 Sets up Node.js environment and installs dependencies with automatic package manager detection (npm/pnpm/yarn),
-intelligent caching, and .nvmrc/.node-version support
+intelligent caching, and version detection via input, .node-version, .nvmrc, or package.json volta.node
 **Inputs:**
-| Input               | Description                                                                                           | Required | Default |
-| ------------------- | ----------------------------------------------------------------------------------------------------- | -------- | ------- |
-| `node-version`      | Node.js version to install (e.g. '24', 'lts/\*'). Defaults to .nvmrc or .node-version file if present | No       | -       |
-| `cache-key-suffix`  | Additional suffix for cache key to enable multiple caches per workflow                                | No       | -       |
-| `install-options`   | Extra command-line options to pass to npm/pnpm/yarn install                                           | No       | -       |
-| `working-directory` | Directory containing package.json and lockfile                                                        | No       | `.`     |
+| Input               | Description                                                                                                                          | Required | Default |
+| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------- |
+| `node-version`      | Node.js version to install (e.g. "24", "lts/\*"). Precedence: node-version input > .node-version > .nvmrc > package.json volta.node. | No       | -       |
+| `install-options`   | Extra command-line options to pass to npm/pnpm/yarn install.                                                                         | No       | -       |
+| `working-directory` | Directory containing package.json and lockfile.                                                                                      | No       | `.`     |
+**Outputs:**
+| Output      | Description                                        |
+| ----------- | -------------------------------------------------- |
+| `cache-hit` | Whether the dependency cache was hit (true/false). |
 **Usage:**
@@ -119,7 +124,7 @@ steps:
   - uses: actions/checkout@v5
   # will install latest Node v18.x
-  - uses: codfish/actions/setup-node-and-install@v1
+  - uses: codfish/actions/setup-node-and-install@v2
     with:
       node-version: 18
       cache-key-suffix: '-${{ github.head_ref || github.event.release.tag_name }}'
@@ -154,7 +159,7 @@ jobs:
     steps:
       - uses: actions/checkout@v5
-      - uses: codfish/actions/setup-node-and-install@v1
+      - uses: codfish/actions/setup-node-and-install@v2
         with:
           node-version: 'lts/*'
@@ -186,7 +191,7 @@ jobs:
           echo "size=$size" >> $GITHUB_OUTPUT
         id: build
-      - uses: codfish/actions/comment@v1
+      - uses: codfish/actions/comment@v2
         with:
           message: |
             ## 🚀 **Build Summary**
@@ -199,7 +204,7 @@ jobs:
           tag: 'build-summary'
           upsert: true
-      - uses: codfish/actions/npm-pr-version@v1
+      - uses: codfish/actions/npm-pr-version@v2
         with:
           npm-token: ${{ secrets.NPM_TOKEN }}
           github-token: ${{ secrets.GITHUB_TOKEN }}

package/SECURITY.md CHANGED Viewed

@@ -90,7 +90,7 @@ When using these GitHub Actions in your workflows:
 ```yaml
 # ✅ Good - Using secrets properly
-- uses: codfish/actions/npm-pr-version@v1
+- uses: codfish/actions/npm-pr-version@v2
   with:
     npm-token: ${{ secrets.NPM_TOKEN }}
     github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -107,7 +107,7 @@ When using these GitHub Actions in your workflows:
 ```yaml
 # ✅ Good - Pinned version
-- uses: codfish/actions/setup-node-and-install@v1.2.3
+- uses: codfish/actions/setup-node-and-install@v2.2.3
 # ⚠️ Caution - Latest main (testing only)
 - uses: codfish/actions/setup-node-and-install@main

package/bin/generate-docs.js CHANGED Viewed

@@ -84,7 +84,7 @@ class DocumentationGenerator {
           // If it doesn't start with a step name, add one
           if (!example.match(/^\s*-\s*name:/m) && !example.match(/^\s*-\s*uses:/m)) {
-            return `- uses: codfish/actions/${dirName}@v1\n${example.replace(/^/gm, '  ')}`;
+            return `- uses: codfish/actions/${dirName}@v2\n${example.replace(/^/gm, '  ')}`;
           }
           return example;
@@ -103,7 +103,7 @@ class DocumentationGenerator {
    * Generate a basic usage example based on action inputs
    */
   generateBasicExample(dirName, inputs = {}) {
-    let example = `- uses: codfish/actions/${dirName}@v1`;
+    let example = `- uses: codfish/actions/${dirName}@v2`;
     const inputKeys = Object.keys(inputs);
     if (inputKeys.length > 0) {

package/comment/README.md CHANGED Viewed

@@ -10,7 +10,7 @@ See [action.yml](action.yml).
 ```yaml
 - name: Comment on PR
-  uses: codfish/actions/comment@v1
+  uses: codfish/actions/comment@v2
   with:
     message: '✅ Build successful!'
     tag: 'build-status'
@@ -34,7 +34,7 @@ See [action.yml](action.yml).
 ### Basic comment
 ```yaml
-- uses: codfish/actions/comment@v1
+- uses: codfish/actions/comment@v2
   with:
     message: 'Hello from GitHub Actions! 👋'
 ```
@@ -45,7 +45,7 @@ Use the `upsert` feature to update the same comment instead of creating multiple
 ```yaml
 - name: Update build status
-  uses: codfish/actions/comment@v1
+  uses: codfish/actions/comment@v2
   with:
     message: |
       ## Build Status
@@ -55,7 +55,7 @@ Use the `upsert` feature to update the same comment instead of creating multiple
 # Later in the workflow...
 - name: Update build status
-  uses: codfish/actions/comment@v1
+  uses: codfish/actions/comment@v2
   with:
     message: |
       ## Build Status
@@ -67,7 +67,7 @@ Use the `upsert` feature to update the same comment instead of creating multiple
 ### Multi-line markdown comment
 ```yaml
-- uses: codfish/actions/comment@v1
+- uses: codfish/actions/comment@v2
   with:
     message: |
       ## 📊 Test Results

package/npm-publish-pr/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# npm-pr-version
+# npm-publish-pr
 Publishes packages with PR-specific version numbers for testing in downstream applications before merging. Automatically
 detects your package manager (npm, yarn, or pnpm) and uses the appropriate publish command. The action generates
@@ -23,13 +23,13 @@ See [action.yml](action.yml).
 steps:
   - uses: actions/checkout@v5
-  - uses: codfish/actions/setup-node-and-install@v1
+  - uses: codfish/actions/setup-node-and-install@v2
     with:
       node-version: lts/*
   - run: npm run build
-  - uses: codfish/actions/npm-pr-version@v1
+  - uses: codfish/actions/npm-pr-version@v2
     with:
       npm-token: ${{ secrets.NPM_TOKEN }}
       github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -38,7 +38,7 @@ steps:
 ### Disable PR Comments
 ```yaml
-- uses: codfish/actions/npm-pr-version@v1
+- uses: codfish/actions/npm-pr-version@v2
   with:
     npm-token: ${{ secrets.NPM_TOKEN }}
     github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -48,7 +48,7 @@ steps:
 ### Custom Comment Tag
 ```yaml
-- uses: codfish/actions/npm-pr-version@v1
+- uses: codfish/actions/npm-pr-version@v2
   with:
     npm-token: ${{ secrets.NPM_TOKEN }}
     github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -72,7 +72,7 @@ jobs:
     steps:
       - uses: actions/checkout@v5
-      - uses: codfish/actions/setup-node-and-install@v1
+      - uses: codfish/actions/setup-node-and-install@v2
         with:
           node-version: 'lts/*'
@@ -80,7 +80,7 @@ jobs:
         run: npm run build
       - name: Publish PR package
-        uses: codfish/actions/npm-pr-version@v1
+        uses: codfish/actions/npm-pr-version@v2
         with:
           npm-token: ${{ secrets.NPM_TOKEN }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -102,7 +102,7 @@ The package is published under the `pr` tag, so it won't interfere with your reg
 | Input          | Description                                                                         | Required | Default          |
 | -------------- | ----------------------------------------------------------------------------------- | -------- | ---------------- |
-| `npm-token`    | Registry authentication token with publish permissions (works with npm/yarn/pnpm)   | No       | -                |
+| `npm-token`    | Registry authentication token with publish permissions (works with npm/yarn/pnpm)   | Yes      | -                |
 | `github-token` | GitHub token with pull request comment permissions (typically secrets.GITHUB_TOKEN) | Yes      | -                |
 | `comment`      | Whether to comment on the PR with the published version (true/false)                | No       | `true`           |
 | `comment-tag`  | Tag to use for PR comments (for comment identification and updates)                 | No       | `npm-publish-pr` |

package/npm-publish-pr/action.yml CHANGED Viewed

@@ -6,7 +6,7 @@ description:
 inputs:
   npm-token:
-    required: false
+    required: true
     description: Registry authentication token with publish permissions (works with npm/yarn/pnpm)
   github-token:
     required: true
@@ -35,7 +35,7 @@ runs:
   using: composite
   steps:
-    - uses: codfish/actions/comment@v1
+    - uses: codfish/actions/comment@v2
       if: inputs.comment == 'true'
       with:
         message: ⏳ Publishing PR version...
@@ -53,11 +53,18 @@ runs:
         package_name=""
         version=""
+        # Function to sanitize error messages for GitHub output
+        sanitize_error() {
+          local message="$1"
+          # Replace newlines with spaces, remove extra whitespace, truncate if too long
+          echo "$message" | tr '\n' ' ' | tr -s ' ' | cut -c1-500
+        }
         # Validate package.json exists
         if [ ! -f "package.json" ]; then
           error_message="❌ ERROR: package.json not found in current directory. Make sure you're running this action in a directory with a package.json file"
           echo "$error_message"
-          echo "error-message=$error_message" >> $GITHUB_OUTPUT
+          echo "error-message=$(sanitize_error "$error_message")" >> $GITHUB_OUTPUT
           exit 1
         fi
@@ -65,7 +72,7 @@ runs:
         if ! jq empty package.json 2>/dev/null; then
           error_message="❌ ERROR: package.json is not valid JSON"
           echo "$error_message"
-          echo "error-message=$error_message" >> $GITHUB_OUTPUT
+          echo "error-message=$(sanitize_error "$error_message")" >> $GITHUB_OUTPUT
           exit 1
         fi
@@ -74,7 +81,7 @@ runs:
         if [ -z "$package_name" ] || [ "$package_name" = "null" ]; then
           error_message="❌ ERROR: package.json must have a 'name' field"
           echo "$error_message"
-          echo "error-message=$error_message" >> $GITHUB_OUTPUT
+          echo "error-message=$(sanitize_error "$error_message")" >> $GITHUB_OUTPUT
           exit 1
         fi
@@ -104,29 +111,29 @@ runs:
         if [ $version_exit_code -ne 0 ]; then
           error_message="❌ ERROR: Failed to update package version. Check if the version format is valid. Error: $version_output"
           echo "$error_message"
-          echo "error-message=$error_message" >> $GITHUB_OUTPUT
+          echo "error-message=$(sanitize_error "$error_message")" >> $GITHUB_OUTPUT
           exit 1
         fi
         # Publish package based on detected package manager
         case "$package_manager" in
           "yarn")
-            publish_output=$(yarn publish --access public --tag pr --new-version $version --no-git-tag-version 2>&1)
+            publish_output=$(yarn publish --access public --tag pr --new-version $version --no-git-tag-version --skip-check-working-tree 2>&1)
             publish_exit_code=$?
             if [ $publish_exit_code -ne 0 ]; then
               error_message="❌ ERROR: Failed to publish package with yarn. Error: $publish_output"
               echo "$error_message"
-              echo "error-message=$error_message" >> $GITHUB_OUTPUT
+              echo "error-message=$(sanitize_error "$error_message")" >> $GITHUB_OUTPUT
               exit 1
             fi
             ;;
           "pnpm")
-            publish_output=$(pnpm publish --access public --tag pr 2>&1)
+            publish_output=$(pnpm publish --no-git-checks --access public --tag pr 2>&1)
             publish_exit_code=$?
             if [ $publish_exit_code -ne 0 ]; then
               error_message="❌ ERROR: Failed to publish package with pnpm. Error: $publish_output"
               echo "$error_message"
-              echo "error-message=$error_message" >> $GITHUB_OUTPUT
+              echo "error-message=$(sanitize_error "$error_message")" >> $GITHUB_OUTPUT
               exit 1
             fi
             ;;
@@ -136,7 +143,7 @@ runs:
             if [ $publish_exit_code -ne 0 ]; then
               error_message="❌ ERROR: Failed to publish package with npm. Error: $publish_output"
               echo "$error_message"
-              echo "error-message=$error_message" >> $GITHUB_OUTPUT
+              echo "error-message=$(sanitize_error "$error_message")" >> $GITHUB_OUTPUT
               exit 1
             fi
             ;;
@@ -148,7 +155,7 @@ runs:
         PR: ${{ github.event.number }}
         SHA: ${{ github.event.pull_request.head.sha }}
-    - uses: codfish/actions/comment@v1
+    - uses: codfish/actions/comment@v2
       if: failure() && inputs.comment == 'true'
       with:
         message: |
@@ -156,16 +163,16 @@ runs:
           Error: ${{ steps.publish.outputs.error-message }}
-          Please check the workflow logs for more details.
+          📋 [View workflow logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details.
         upsert: true
         tag: ${{ inputs.comment-tag }}
-    - uses: codfish/actions/comment@v1
+    - uses: codfish/actions/comment@v2
       if: success() && inputs.comment == 'true'
       with:
         message: |
           ✅ **PR package published successfully!**
-          Install with: `npm install ${{ steps.publish.outputs.package-name }}@${{ steps.publish.outputs.version }}`
+          Install with: <code>npm install ${{ steps.publish.outputs.package-name }}@${{ steps.publish.outputs.version }}</code>
         upsert: true
         tag: ${{ inputs.comment-tag }}

package/package.json CHANGED Viewed

@@ -4,7 +4,7 @@
   "description": "Composite GitHub Actions for my projects.",
   "author": "Chris O'Donnell <chris@codfish.dev>",
   "license": "MIT",
-  "version": "1.1.0",
+  "version": "2.0.1",
   "publishConfig": {
     "access": "public"
   },

package/setup-node-and-install/README.md CHANGED Viewed

@@ -1,14 +1,14 @@
 # setup-node-and-install
 Sets up Node.js environment and installs dependencies with automatic package manager detection, intelligent caching, and
-.nvmrc/.node-version support.
+dynamic Node version detection via the `node-version` input, `.node-version`, `.nvmrc`, or `package.json` `volta.node`.
 This action provides the following functionality:
 - Automatically detects package manager (npm, yarn, or pnpm) from lockfiles
 - Uses GitHub's official `setup-node` action with optimized caching
 - Installs dependencies with appropriate commands based on detected package manager
-- Supports .nvmrc and .node-version files for version specification
+- Supports `.node-version`, `.nvmrc`, and `package.json` `volta.node` for version specification
 - Intelligent caching of node_modules when lockfiles are present
 <!-- DOCTOC SKIP -->
@@ -22,7 +22,7 @@ steps:
   - uses: actions/checkout@v5
   # will install latest Node v18.x
-  - uses: codfish/actions/setup-node-and-install@v1
+  - uses: codfish/actions/setup-node-and-install@v2
     with:
       node-version: 18
       cache-key-suffix: '-${{ github.head_ref || github.event.release.tag_name }}'
@@ -30,8 +30,10 @@ steps:
   - run: npm test
 ```
-The `node-version` input is optional. If not supplied, this action will attempt to use an `.nvmrc` file in your project.
-If neither is supplied, it will fail your workflow.
+The `node-version` input is optional. If not supplied, this action will attempt to resolve a version using, in order:
+1. `.node-version`, 2) `.nvmrc`, 3) `package.json` `volta.node`. If none are present, `actions/setup-node` runs without
+   an explicit version and will use its default behavior.
 The `cache-key-suffix` input is optional. If not supplied, no suffix will be applied to the cache key used to restore
 cache in subsequent workflow runs.
@@ -50,7 +52,7 @@ v18.14.1
 steps:
   - uses: actions/checkout@v5
   # will install Node v18.14.1
-  - uses: codfish/actions/setup-node-and-install@v1
+  - uses: codfish/actions/setup-node-and-install@v2
   - run: npm test
 ```
@@ -65,29 +67,29 @@ steps:
 steps:
   - uses: actions/checkout@v5
   # will install Node v20.10.0
-  - uses: codfish/actions/setup-node-and-install@v1
+  - uses: codfish/actions/setup-node-and-install@v2
   - run: npm test
 ```
-## Node Version File Priority
+## Node Version Resolution Priority
 When multiple version specification methods are present, the action uses this priority order:
 1. **Input parameter** (`node-version`) - highest priority
-2. **`.nvmrc` file** - takes precedence over .node-version
-3. **`.node-version` file** - used if no .nvmrc exists
-4. **Error** - if none of the above are present
+2. **`.node-version` file**
+3. **`.nvmrc` file**
+4. **`package.json` `volta.node` property**
+5. **`actions/setup-node` default behavior** when no version is specified
 ## Inputs
 <!-- start inputs -->
-| Input               | Description                                                                                           | Required | Default |
-| ------------------- | ----------------------------------------------------------------------------------------------------- | -------- | ------- |
-| `node-version`      | Node.js version to install (e.g. '24', 'lts/\*'). Defaults to .nvmrc or .node-version file if present | No       | -       |
-| `cache-key-suffix`  | Additional suffix for cache key to enable multiple caches per workflow                                | No       | -       |
-| `install-options`   | Extra command-line options to pass to npm/pnpm/yarn install                                           | No       | -       |
-| `working-directory` | Directory containing package.json and lockfile                                                        | No       | `.`     |
+| Input               | Description                                                                                                                          | Required | Default |
+| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------- |
+| `node-version`      | Node.js version to install (e.g. "24", "lts/\*"). Precedence: node-version input > .node-version > .nvmrc > package.json volta.node. | No       | -       |
+| `install-options`   | Extra command-line options to pass to npm/pnpm/yarn install.                                                                         | No       | -       |
+| `working-directory` | Directory containing package.json and lockfile.                                                                                      | No       | `.`     |
 <!-- end inputs -->
@@ -103,7 +105,7 @@ The action automatically detects your package manager:
 ### With specific Node version
 ```yaml
-- uses: codfish/actions/setup-node-and-install@v1
+- uses: codfish/actions/setup-node-and-install@v2
   with:
     node-version: '18'
 ```
@@ -111,7 +113,7 @@ The action automatically detects your package manager:
 ### With pnpm in subdirectory
 ```yaml
-- uses: codfish/actions/setup-node-and-install@v1
+- uses: codfish/actions/setup-node-and-install@v2
   with:
     working-directory: './frontend'
     install-options: '--frozen-lockfile'
@@ -120,7 +122,7 @@ The action automatically detects your package manager:
 ### With custom cache key
 ```yaml
-- uses: codfish/actions/setup-node-and-install@v1
+- uses: codfish/actions/setup-node-and-install@v2
   with:
     cache-key-suffix: '-${{ github.head_ref }}'
 ```
@@ -135,5 +137,5 @@ Replace multiple setup steps with this single action:
 -     node-version-file: '.nvmrc'
 -     cache: 'npm'
 - - run: npm ci --prefer-offline --no-audit
-+ - uses: codfish/actions/setup-node-and-install@v1
++ - uses: codfish/actions/setup-node-and-install@v2
 ```