@codfish/actions 2.0.1 → 3.3.1

package/.github/workflows/validate.yml

@@ -1,210 +0,0 @@
-name: Validate
-
-on:
-  push:
-    branches:
-      - main
-  pull_request_target:
-
-jobs:
-  test:
-    name: Test Actions
-    runs-on: ubuntu-latest
-
-    permissions:
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-
-      # Dogfood our own setup-node-and-install action
-      - name: Setup Node.js and install dependencies
-        uses: ./setup-node-and-install
-        with:
-          node-version: 'lts/*'
-
-      - name: Lint commits
-        if: github.event_name == 'pull_request_target'
-        run:
-          npx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }}
-          --verbose
-
-      - name: Lint code
-        run: pnpm lint
-
-      - name: Run tests
-        run: pnpm test
-
-      # Dogfood our own comment action on PRs
-      - name: Comment test results
-        if: github.event_name == 'pull_request_target'
-        uses: ./comment
-        with:
-          message: |
-            ## 🧪 Test Results
-
-            ✅ All tests passed successfully!
-
-            - Linting: ✅ Passed
-            - Unit tests: ✅ Passed
-            - Integration tests: ✅ Passed
-          tag: test-results
-          upsert: true
-
-  test-matrix:
-    name: Test on ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
-        node-version: ['20', '24', 'lts/*']
-      fail-fast: false
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-
-      # Test our setup-node-and-install action across different environments
-      - name: Setup Node.js and install dependencies
-        uses: ./setup-node-and-install
-        with:
-          node-version: ${{ matrix.node-version }}
-
-      - name: Verify Node.js version
-        run: node --version
-
-      - name: Run basic tests
-        run: pnpm test
-
-  integration-test:
-    name: Integration Test - Publish PR Package
-    runs-on: ubuntu-latest
-    if: github.event_name == 'pull_request_target'
-
-    permissions:
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-
-      - name: Setup Node.js and install dependencies
-        uses: ./setup-node-and-install
-        with:
-          node-version: 'lts/*'
-
-      # Create a test package to publish
-      - name: Create test package
-        run: |
-          mkdir -p test-package
-          cd test-package
-          cat > package.json <<EOF
-          {
-            "name": "@codfish/actions-test-package",
-            "version": "1.0.0",
-            "description": "Test package for GitHub Actions validation",
-            "main": "index.js",
-            "private": false
-          }
-          EOF
-          echo "module.exports = { test: true };" > index.js
-
-      # Test our npm-pr-version action (but don't actually publish to avoid spam)
-      - name: Test PR version generation
-        working-directory: test-package
-        env:
-          # Don't actually publish by not providing npm-token
-          PR: ${{ github.event.number }}
-          SHA: ${{ github.event.pull_request.head.sha }}
-        run: |
-          # Test the version generation logic
-          version="0.0.0-PR-${PR}--$(echo ${SHA} | cut -c -7)"
-          echo "Generated version: $version"
-
-          # Test package.json update
-          npm version $version --no-git-tag-version
-
-          # Verify the version was set correctly
-          node -e "console.log('Package version:', require('./package.json').version)"
-
-          # Set output for comment
-          echo "version=$version" >> $GITHUB_OUTPUT
-        id: version-test
-
-      # Dogfood our comment action to report results
-      - name: Report integration test results
-        uses: ./comment
-        with:
-          message: |
-            ## 🚀 Integration Test Results
-
-            **npm-pr-version action test:**
-            - ✅ Version generation: ${{ steps.version-test.outputs.version }}
-            - ✅ package.json update: Successful
-            - ✅ Format validation: Passed
-
-            The action is working correctly! 🎉
-          tag: integration-test-results
-          upsert: true
-
-  validate-action-metadata:
-    name: Validate Action Metadata
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-
-      - name: Validate action.yml files
-        run: |
-          echo "Validating action.yml files..."
-
-          for action_dir in */; do
-            if [ -f "${action_dir}action.yml" ]; then
-              echo "✅ Found action.yml in $action_dir"
-
-              # Basic YAML validation
-              if ! python3 -c "import yaml; yaml.safe_load(open('${action_dir}action.yml'))" 2>/dev/null; then
-                echo "❌ Invalid YAML in ${action_dir}action.yml"
-                exit 1
-              fi
-
-              # Check for required fields
-              if ! grep -q "^name:" "${action_dir}action.yml"; then
-                echo "❌ Missing 'name' field in ${action_dir}action.yml"
-                exit 1
-              fi
-
-              if ! grep -q "^description:" "${action_dir}action.yml"; then
-                echo "❌ Missing 'description' field in ${action_dir}action.yml"
-                exit 1
-              fi
-
-              echo "✅ ${action_dir}action.yml is valid"
-            else
-              echo "⚠️  No action.yml found in $action_dir"
-            fi
-          done
-
-      - name: Validate README files
-        run: |
-          echo "Validating README files..."
-
-          for action_dir in */; do
-            if [ -f "${action_dir}README.md" ]; then
-              echo "✅ Found README.md in $action_dir"
-
-              # Check for basic sections
-              if ! grep -q "# " "${action_dir}README.md"; then
-                echo "❌ Missing main heading in ${action_dir}README.md"
-                exit 1
-              fi
-
-              echo "✅ ${action_dir}README.md looks good"
-            else
-              echo "⚠️  No README.md found in $action_dir"
-            fi
-          done

package/.husky/pre-commit

@@ -1 +0,0 @@
-npx lint-staged

package/.nvmrc

@@ -1 +0,0 @@
-24.8.0

package/AGENT.md

@@ -1,149 +0,0 @@
-# AGENT.md
-
-<!-- DOCTOC SKIP -->
-
-This file provides guidance to AI agents when working with code in this repository.
-
-## Project Overview
-
-This repository contains reusable GitHub Actions for use across multiple projects. Each action is self-contained in its
-own directory at the root level.
-
-## Package Manager
-
-This project uses **pnpm** as the package manager. All commands should use pnpm:
-
-- Install dependencies: `pnpm install`
-- Run tests: `pnpm test`
-- Run linting: `pnpm lint`
-- Format code: `pnpm format`
-- Generate documentation: `pnpm docs:generate`
-- Run specific test types: `pnpm test:integration`, `pnpm test:unit`
-
-## Code Quality Workflow
-
-**IMPORTANT**: Always run the appropriate command after making file changes:
-
-- **For JS/TS/TSX/JSX/YML/YAML files**: Run `pnpm fix` to apply ESLint fixes (CRITICAL for YAML files to prevent
-  formatting issues)
-- **For JSON/MD/CSS files**: Run `pnpm format` to apply Prettier formatting
-- **When in doubt**: Run both commands in sequence
-
-## Action Structure
-
-- Action names: lowercase kebab-case (e.g., `npm-publish-pr`)
-- Each action directory contains:
-  - `action.yml` - Action definition and metadata
-  - Implementation files (JavaScript/TypeScript as needed)
-  - `README.md` - Action-specific documentation
-
-## Development Guidelines
-
-- Actions should be standalone and reusable across different projects
-- Follow GitHub Actions best practices for inputs, outputs, and error handling
-- Use semantic action names that clearly describe their purpose
-- Each action should handle its own dependencies and setup requirements
-- All actions support multiple package managers (npm/yarn/pnpm) when applicable
-- Use comprehensive input validation with clear error messages
-- Include proper error handling and informative logging
-
-## Security Best Practices
-
-- **File Operations**: Use file descriptors (`fs.openSync()`, `fs.readSync()`, `fs.writeSync()`) instead of file names
-  (`fs.readFileSync()`, `fs.writeFileSync()`) to prevent TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities
-- **Resource Management**: Always close file descriptors in `finally` blocks to prevent resource leaks
-- **Atomic Operations**: Keep file descriptors open during entire read-modify-write operations to prevent race
-  conditions
-
-## Current Actions
-
-- `npm-pr-version` - Publishes packages with PR-specific version numbers using detected package manager (npm/yarn/pnpm)
-  for testing in downstream apps before merging
-- `comment` - Creates or updates pull request comments with intelligent upsert functionality using unique tags
-  - **IMPORTANT**: Any job using the comment action must include `permissions: pull-requests: write`
-- `setup-node-and-install` - Sets up Node.js environment and installs dependencies with automatic package manager
-  detection, intelligent caching, and dynamic Node version detection via input, `.node-version`, `.nvmrc`, or
-  `package.json` `volta.node`. Validation is relaxed; the action no longer fails when no version is detected.
-
-## Testing
-
-The project includes comprehensive testing infrastructure:
-
-- **Integration tests**: Test full action workflows using bats
-- **Test fixtures**: Reusable test data for different scenarios
-- **CI/CD validation**: Dogfooding actions in GitHub workflows
-- **Multi-platform testing**: Ubuntu, Windows, macOS support
-
-Run tests with: `pnpm test`
-
-**Cross-Platform Notes:**
-
-- Test scripts use `bash` prefix for Windows compatibility
-- All npm scripts should work on Windows, macOS, and Linux
-- Bats tests require bash to be available (included in Git for Windows)
-
-## Documentation System
-
-### Automated Documentation Generation
-
-- Run `pnpm docs:generate` to update all documentation
-- The script automatically:
-  1. Updates main README.md with action overview using `<!-- start action docs -->` / `<!-- end action docs -->` markers
-  2. Updates individual action README files with inputs/outputs tables using `<!-- start inputs -->` /
-     `<!-- end inputs -->` and `<!-- start outputs -->` / `<!-- end outputs -->` markers
-  3. Runs prettier formatting on all updated documentation
-
-### Documentation Markers
-
-- **Main README.md**: Uses `<!-- start action docs -->` and `<!-- end action docs -->` for the Available Actions section
-- **Action README files**: Uses `<!-- start inputs -->` / `<!-- end inputs -->` for inputs tables and
-  `<!-- start outputs -->` / `<!-- end outputs -->` for outputs tables
-- **CRITICAL: NEVER EDIT AUTO-GENERATED CONTENT**: Never modify content between ANY HTML comment markers in README
-  files:
-  - `<!-- START doctoc generated TOC please keep comment here to allow auto update -->` and
-    `<!-- END doctoc generated TOC please keep comment here to allow auto update -->` (doctoc table of contents)
-  - `<!-- start action docs -->` and `<!-- end action docs -->` (main README action documentation)
-  - `<!-- start inputs -->` and `<!-- end inputs -->` (action inputs tables)
-  - `<!-- start outputs -->` and `<!-- end outputs -->` (action outputs tables)
-  - Any other `<!-- ... -->` comment markers - they indicate auto-generated content
-- All content outside these markers is manually maintained and can be edited
-- **Prettier Protection**: Doctoc blocks are wrapped in `<!-- prettier-ignore-start -->` and
-  `<!-- prettier-ignore-end -->` to prevent formatting
-
-### Workflow Automation
-
-- `.github/workflows/update-docs.yml` automatically runs on changes to `*/action.yml` or `bin/generate-docs.js`
-- Uses `stefanzweifel/git-auto-commit-action` to commit documentation changes
-- Handles both main README.md and all action README files
-- Automatically formats all documentation using prettier
-
-## Security
-
-The project implements multiple security measures:
-
-- **Dependabot**: Automated dependency updates
-- **CodeQL**: Static security analysis
-- **Secret scanning**: TruffleHog for committed secrets (uses default behavior without base/head commits for better
-  compatibility)
-- **Vulnerability auditing**: Regular pnpm audit checks
-- **Note**: Dependency review requires GitHub Advanced Security (available free on public repos, paid feature for
-  private repos)
-
-## Code Quality and File Editing Rules
-
-### Bats File Editing Rules
-
-**CRITICAL**: After editing any `.bats` file, ALWAYS check for and remove trailing spaces:
-
-1. Run: `grep -n " $" path/to/file.bats`
-2. If any trailing spaces are found, remove them immediately
-3. Bats files are NOT automatically formatted by eslint/prettier, so manual cleanup is required
-4. Trailing spaces in bats files can cause test execution issues
-
-### General File Editing Guidelines
-
-- Do what has been asked; nothing more, nothing less
-- NEVER create files unless they're absolutely necessary for achieving your goal
-- ALWAYS prefer editing an existing file to creating a new one
-- NEVER proactively create documentation files (\*.md) or README files. Only create documentation files if explicitly
-  requested by the User

package/CLAUDE.md

@@ -1,3 +0,0 @@
-See [AGENT.md](AGENT.md).
-
-Do not use this file to generate documentation. Use [AGENT.md](AGENT.md) instead.

package/CONTRIBUTING.md

@@ -1,316 +0,0 @@
-# Contributing to codfish/actions
-
-Thank you for your interest in contributing! This document provides guidelines for contributing to this repository.
-
-<!-- prettier-ignore-start -->
-<!-- START doctoc generated TOC please keep comment here to allow auto update -->
-<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
-## Table of Contents
-
-- [Code of Conduct](#code-of-conduct)
-- [Getting Started](#getting-started)
-- [Development Workflow](#development-workflow)
-  - [1. Create a Branch](#1-create-a-branch)
-  - [2. Make Your Changes](#2-make-your-changes)
-  - [3. Test Your Changes](#3-test-your-changes)
-  - [4. Commit Your Changes](#4-commit-your-changes)
-- [Action Development Guidelines](#action-development-guidelines)
-  - [Directory Structure](#directory-structure)
-  - [Action Naming](#action-naming)
-  - [Action Definition (action.yml)](#action-definition-actionyml)
-  - [Implementation Guidelines](#implementation-guidelines)
-  - [Error Handling](#error-handling)
-  - [Package Manager Detection](#package-manager-detection)
-- [Testing](#testing)
-  - [Test Structure](#test-structure)
-  - [Writing Tests](#writing-tests)
-  - [Running Tests](#running-tests)
-- [Documentation](#documentation)
-  - [README Structure](#readme-structure)
-  - [Documentation Updates](#documentation-updates)
-  - [Auto-Generated Documentation](#auto-generated-documentation)
-- [Submitting Changes](#submitting-changes)
-  - [Pull Request Process](#pull-request-process)
-  - [PR Requirements](#pr-requirements)
-  - [Review Process](#review-process)
-- [Action Ideas](#action-ideas)
-- [Getting Help](#getting-help)
-- [Recognition](#recognition)
-
-<!-- END doctoc generated TOC please keep comment here to allow auto update -->
-<!-- prettier-ignore-end -->
-
-## Code of Conduct
-
-This project follows the [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). By participating, you are expected
-to uphold this code.
-
-## Getting Started
-
-1. **Fork the repository** and clone it locally
-2. **Install dependencies**: `pnpm install`
-3. **Set up your development environment**:
-   ```bash
-   # Install act for local testing (optional but recommended)
-   brew install act  # macOS
-   # or
-   curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash  # Linux
-   ```
-
-## Development Workflow
-
-### 1. Create a Branch
-
-```bash
-git checkout -b feature/your-feature-name
-# or
-git checkout -b fix/your-bug-fix
-```
-
-### 2. Make Your Changes
-
-Follow the [Action Development Guidelines](#action-development-guidelines) below.
-
-### 3. Test Your Changes
-
-```bash
-# Run all tests
-pnpm test
-
-# Run specific test types
-pnpm test:integration
-pnpm test:unit
-
-# Run linting
-pnpm lint
-```
-
-### 4. Commit Your Changes
-
-Use clear, descriptive commit messages:
-
-```bash
-git commit -m "feat(setup-node): add yarn berry support"
-git commit -m "fix(comment): handle empty tag input properly"
-git commit -m "docs(npm-pr-version): update README with new examples"
-```
-
-## Action Development Guidelines
-
-### Directory Structure
-
-Each action should be in its own directory at the repository root:
-
-```
-action-name/
-├── action.yml          # Action definition
-├── README.md          # Action documentation
-└── [implementation files]
-```
-
-### Action Naming
-
-- Use **kebab-case** for action directory names
-- Action names should be descriptive and follow the pattern: `verb-noun` or `noun-verb`
-- Examples: `setup-node-and-install`, `npm-pr-version`, `comment`
-
-### Action Definition (action.yml)
-
-```yaml
-name: action-name
-description: Clear, concise description of what the action does
-
-inputs:
-  input-name:
-    description: Clear description of the input parameter
-    required: true|false
-    default: 'default-value' # if applicable
-
-outputs:
-  output-name:
-    description: Clear description of the output
-    value: '${{ steps.step-id.outputs.output-name }}'
-
-runs:
-  using: composite
-  steps:
-    # Implementation steps
-```
-
-### Implementation Guidelines
-
-1. **Use composite actions** for consistency and transparency
-2. **Validate inputs** early with clear error messages
-3. **Handle errors gracefully** with actionable feedback
-4. **Use consistent formatting**:
-   - ❌ for errors
-   - ✅ for success messages
-   - 📦 for package manager operations
-   - 📋 for informational messages
-5. **Support multiple package managers** when applicable (npm/yarn/pnpm)
-6. **Follow security best practices** - never log secrets or sensitive data
-
-### Error Handling
-
-```bash
-# Good error handling example
-if [ ! -f "package.json" ]; then
-  echo "❌ ERROR: package.json not found in current directory"
-  echo "Make sure you're running this action in a directory with a package.json file"
-  exit 1
-fi
-```
-
-### Package Manager Detection
-
-When applicable, detect package managers in this order:
-
-1. `yarn.lock` → yarn
-2. `pnpm-lock.yaml` → pnpm
-3. `package-lock.json` → npm
-4. No lockfile → npm (default)
-
-## Testing
-
-### Test Structure
-
-```
-tests/
-├── integration/           # Full action tests
-│   └── action-name/
-│       └── basic.bats
-├── fixtures/              # Test data
-│   ├── package-json/
-│   └── lockfiles/
-└── scripts/
-    ├── test-runner.sh
-    └── test-helpers.sh
-```
-
-### Writing Tests
-
-1. **Create integration tests** for each action in `tests/integration/action-name/`
-2. **Use the bats testing framework** for shell script testing
-3. **Test error conditions** as well as success scenarios
-4. **Use test fixtures** from `tests/fixtures/` when possible
-
-Example test:
-
-```bash
-@test "action-name: handles valid input" {
-    # Setup
-    cp "$BATS_TEST_DIRNAME/../../../tests/fixtures/package-json/valid.json" package.json
-
-    # Test
-    run bash -c 'your-test-command'
-
-    # Assertions
-    assert_success
-    assert_output_contains "expected-output"
-}
-```
-
-### Running Tests
-
-```bash
-# All tests
-pnpm test
-
-# Specific action tests
-./tests/scripts/test-runner.sh integration
-```
-
-## Documentation
-
-### README Structure
-
-Each action should have a comprehensive README.md with:
-
-1. **Title and description**
-2. **Table of contents** (for longer READMEs)
-3. **Usage section** with basic example
-4. **Inputs table** with descriptions
-5. **Outputs table** (if applicable)
-6. **Examples section** with various use cases
-7. **Special features** (package manager detection, etc.)
-
-### Documentation Updates
-
-- Update action README when changing inputs/outputs
-- **Run `pnpm docs:generate`** to auto-update the main project README
-- Update CLAUDE.md when changing project structure
-- Add inline comments for complex logic
-
-### Auto-Generated Documentation
-
-The main project README's "Available Actions" section is automatically generated from:
-
-- `action.yml` files (name, description, inputs, outputs)
-- Individual action README files (usage examples)
-
-**When to regenerate documentation:**
-
-- After adding a new action
-- After changing action.yml inputs/outputs
-- After updating action descriptions
-- Before submitting a PR
-
-```bash
-# Generate updated documentation
-pnpm docs:generate
-
-# Review the changes
-git diff README.md
-```
-
-## Submitting Changes
-
-### Pull Request Process
-
-1. **Create a descriptive PR title**: `feat(action-name): add new feature`
-2. **Fill out the PR template** completely
-3. **Link related issues** using keywords (Closes #123)
-4. **Request review** from maintainers
-5. **Address feedback** promptly and respectfully
-
-### PR Requirements
-
-- [ ] All tests pass
-- [ ] Code follows existing style guidelines
-- [ ] Documentation is updated
-- [ ] Changes are tested in real GitHub Actions workflows
-- [ ] No security vulnerabilities introduced
-
-### Review Process
-
-1. **Automated checks** must pass (tests, linting, security scans)
-2. **Manual review** by maintainers
-3. **Testing** in real-world scenarios
-4. **Approval** and merge
-
-## Action Ideas
-
-Looking for contribution ideas? Here are some actions that would be valuable:
-
-- `slack-notify` - Send Slack notifications
-- `docker-build-push` - Build and push Docker images
-- `semantic-release` - Automated semantic versioning
-- `cache-restore-save` - Advanced caching patterns
-- `monorepo-changed` - Detect changed packages in monorepos
-- `performance-test` - Lighthouse/performance testing
-
-## Getting Help
-
-- **GitHub Discussions**: Ask questions and discuss ideas
-- **Issues**: Report bugs or request features
-- **Discord/Slack**: [Link if available]
-
-## Recognition
-
-Contributors will be recognized in:
-
-- Commit messages with `Co-authored-by`
-- Release notes
-- Contributors section (if added)
-
-Thank you for contributing! 🎉