action-pinner 0.1.0

package/dist/src/org.js

@@ -0,0 +1,162 @@
+import { createHash } from "node:crypto";
+import { Octokit } from "@octokit/rest";
+import { matchesAnyPattern } from "./pattern-match.js";
+import { normalizeGithubApiUrl } from "./resolver.js";
+const repositoryEnumerationCache = new Map();
+export async function listOrgRepositories(options, token, client = createRepositoryEnumerationClient(options.githubApiUrl, token)) {
+    const repositories = await listOwnerRepositories({
+        target: options.org,
+        targetType: "org",
+        includePrivate: options.includePrivate,
+        includeArchived: options.includeArchived,
+        githubApiUrl: options.githubApiUrl
+    }, token, client);
+    return repositories.map((repository) => repository.fullName);
+}
+export async function listUserRepositories(options, token, client = createRepositoryEnumerationClient(options.githubApiUrl, token)) {
+    const repositories = await listOwnerRepositories({
+        target: options.user,
+        targetType: "user",
+        includePrivate: options.includePrivate,
+        includeArchived: options.includeArchived,
+        githubApiUrl: options.githubApiUrl
+    }, token, client);
+    return repositories.map((repository) => repository.fullName);
+}
+export async function listOwnerRepositories(options, token, client = createRepositoryEnumerationClient(options.githubApiUrl, token)) {
+    const cacheKey = [
+        normalizeGithubApiUrl(options.githubApiUrl),
+        options.targetType,
+        options.target.toLowerCase(),
+        options.includePrivate ? "private" : "public",
+        options.includeArchived ? "archived" : "active",
+        token
+            ? `auth:${createHash("sha256").update(token).digest("hex").substring(0, 16)}`
+            : "anonymous"
+    ].join("|");
+    const cached = repositoryEnumerationCache.get(cacheKey);
+    if (cached) {
+        return cached.map((repository) => ({ ...repository }));
+    }
+    const target = options.target.trim();
+    const repositories = options.targetType === "user"
+        ? await listUserRepositoriesFromClient(client, target, options.includePrivate, token)
+        : await client.paginate(client.repos.listForOrg, {
+            org: target,
+            type: options.includePrivate ? "all" : "public",
+            per_page: 100
+        });
+    const normalized = normalizeAndSortRepositoryMetadata(repositories
+        .filter((repo) => options.includeArchived || !repo.archived)
+        .map((repo) => ({
+        fullName: repo.full_name,
+        defaultBranch: repo.default_branch,
+        archived: repo.archived
+    })));
+    repositoryEnumerationCache.set(cacheKey, normalized);
+    return normalized.map((repository) => ({ ...repository }));
+}
+export function filterRepositories(repositories, options = {}) {
+    const normalized = normalizeAndSortRepositories(repositories);
+    const includePatterns = options.includePatterns ?? [];
+    const excludePatterns = options.excludePatterns ?? [];
+    return normalized.filter((repository) => {
+        if (includePatterns.length > 0 && !matchesRepositoryPatterns(repository, includePatterns)) {
+            return false;
+        }
+        // Exclusion is applied last so deny rules always win deterministically.
+        if (excludePatterns.length > 0 && matchesRepositoryPatterns(repository, excludePatterns)) {
+            return false;
+        }
+        return true;
+    });
+}
+export function filterRepositoryMetadata(repositories, options = {}) {
+    const includePatterns = options.includePatterns ?? [];
+    const excludePatterns = options.excludePatterns ?? [];
+    return normalizeAndSortRepositoryMetadata(repositories).filter((repository) => {
+        if (includePatterns.length > 0 &&
+            !matchesRepositoryPatterns(repository.fullName, includePatterns)) {
+            return false;
+        }
+        if (excludePatterns.length > 0 &&
+            matchesRepositoryPatterns(repository.fullName, excludePatterns)) {
+            return false;
+        }
+        return true;
+    });
+}
+export function normalizeAndSortRepositories(repositories) {
+    const deduped = new Map();
+    for (const repository of repositories) {
+        const normalized = normalizeRepository(repository);
+        deduped.set(normalized.toLowerCase(), normalized);
+    }
+    return [...deduped.values()].sort((left, right) => left.localeCompare(right, "en", { sensitivity: "base" }));
+}
+function normalizeAndSortRepositoryMetadata(repositories) {
+    const deduped = new Map();
+    for (const repository of repositories) {
+        const normalized = normalizeRepository(repository.fullName);
+        deduped.set(normalized.toLowerCase(), {
+            ...repository,
+            fullName: normalized
+        });
+    }
+    return [...deduped.values()].sort((left, right) => left.fullName.localeCompare(right.fullName, "en", { sensitivity: "base" }));
+}
+function normalizeRepository(repository) {
+    const normalized = repository.trim();
+    const parts = normalized.split("/");
+    if (parts.length !== 2 || parts.some((part) => part.length === 0)) {
+        throw new Error(`Invalid repository '${repository}'. Expected format is 'owner/repo'.`);
+    }
+    return `${parts[0]}/${parts[1]}`;
+}
+function matchesRepositoryPatterns(repository, patterns) {
+    const [, repoName] = repository.split("/");
+    return patterns.some((pattern) => {
+        const trimmed = pattern.trim();
+        if (!trimmed) {
+            return false;
+        }
+        if (trimmed.includes("/")) {
+            return matchesAnyPattern(repository, [trimmed], { caseInsensitive: true });
+        }
+        return matchesAnyPattern(repoName, [trimmed], { caseInsensitive: true });
+    });
+}
+async function listUserRepositoriesFromClient(client, username, includePrivate, token) {
+    if (includePrivate && token) {
+        const authenticated = await getAuthenticatedLogin(client);
+        if (authenticated && authenticated.localeCompare(username, "en", { sensitivity: "accent" }) === 0) {
+            return client
+                .paginate(client.repos.listForAuthenticatedUser, {
+                visibility: "all",
+                affiliation: "owner",
+                per_page: 100
+            })
+                .then((repositories) => repositories.filter((repository) => repository.owner?.login?.localeCompare(username, "en", { sensitivity: "accent" }) === 0));
+        }
+    }
+    return client.paginate(client.repos.listForUser, {
+        username,
+        per_page: 100
+    });
+}
+async function getAuthenticatedLogin(client) {
+    try {
+        const response = await client.users.getAuthenticated();
+        return response.data.login;
+    }
+    catch {
+        return undefined;
+    }
+}
+function createRepositoryEnumerationClient(githubApiUrl, token) {
+    return new Octokit({
+        auth: token,
+        baseUrl: normalizeGithubApiUrl(githubApiUrl)
+    });
+}
+//# sourceMappingURL=org.js.map

package/dist/src/org.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"org.js","sourceRoot":"","sources":["../../src/org.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AA8CtD,MAAM,0BAA0B,GAAG,IAAI,GAAG,EAAgC,CAAC;AAE3E,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAuB,EACvB,KAAc,EACd,SAAsC,iCAAiC,CAAC,OAAO,CAAC,YAAY,EAAE,KAAK,CAAC;IAEpG,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAC9C;QACE,MAAM,EAAE,OAAO,CAAC,GAAG;QACnB,UAAU,EAAE,KAAK;QACjB,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,eAAe,EAAE,OAAO,CAAC,eAAe;QACxC,YAAY,EAAE,OAAO,CAAC,YAAY;KACnC,EACD,KAAK,EACL,MAAM,CACP,CAAC;IAEF,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAuD,EACvD,KAAc,EACd,SAAsC,iCAAiC,CAAC,OAAO,CAAC,YAAY,EAAE,KAAK,CAAC;IAEpG,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAC9C;QACE,MAAM,EAAE,OAAO,CAAC,IAAI;QACpB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,eAAe,EAAE,OAAO,CAAC,eAAe;QACxC,YAAY,EAAE,OAAO,CAAC,YAAY;KACnC,EACD,KAAK,EACL,MAAM,CACP,CAAC;IAEF,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,OAAyB,EACzB,KAAc,EACd,SAAsC,iCAAiC,CAAC,OAAO,CAAC,YAAY,EAAE,KAAK,CAAC;IAEpG,MAAM,QAAQ,GAAG;QACf,qBAAqB,CAAC,OAAO,CAAC,YAAY,CAAC;QAC3C,OAAO,CAAC,UAAU;QAClB,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;QAC5B,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;QAC7C,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;QAC/C,KAAK;YACH,CAAC,CAAC,QAAQ,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;YAC7E,CAAC,CAAC,WAAW;KAChB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,MAAM,MAAM,GAAG,0BAA0B,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,YAAY,GAChB,OAAO,CAAC,UAAU,KAAK,MAAM;QAC3B,CAAC,CAAC,MAAM,8BAA8B,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,cAAc,EAAE,KAAK,CAAC;QACrF,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAqB,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE;YACjE,GAAG,EAAE,MAAM;YACX,IAAI,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ;YAC/C,QAAQ,EAAE,GAAG;SACd,CAAC,CAAC;IAET,MAAM,UAAU,GAAG,kCAAkC,CACnD,YAAY;SACT,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,eAAe,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3D,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACd,QAAQ,EAAE,IAAI,CAAC,SAAS;QACxB,aAAa,EAAE,IAAI,CAAC,cAAc;QAClC,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC,CAAC,CACN,CAAC;IAEF,0BAA0B,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACrD,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,YAAsB,EACtB,UAGI,EAAE;IAEN,MAAM,UAAU,GAAG,4BAA4B,CAAC,YAAY,CAAC,CAAC;IAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC;IACtD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC;IAEtD,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,EAAE;QACtC,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,eAAe,CAAC,EAAE,CAAC;YAC1F,OAAO,KAAK,CAAC;QACf,CAAC;QAED,wEAAwE;QACxE,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,yBAAyB,CAAC,UAAU,EAAE,eAAe,CAAC,EAAE,CAAC;YACzF,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,YAAkC,EAClC,UAGI,EAAE;IAEN,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC;IACtD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC;IAEtD,OAAO,kCAAkC,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,EAAE;QAC5E,IACE,eAAe,CAAC,MAAM,GAAG,CAAC;YAC1B,CAAC,yBAAyB,CAAC,UAAU,CAAC,QAAQ,EAAE,eAAe,CAAC,EAChE,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IACE,eAAe,CAAC,MAAM,GAAG,CAAC;YAC1B,yBAAyB,CAAC,UAAU,CAAC,QAAQ,EAAE,eAAe,CAAC,EAC/D,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,YAAsB;IACjE,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,KAAK,MAAM,UAAU,IAAI,YAAY,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,EAAE,UAAU,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAChD,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CACzD,CAAC;AACJ,CAAC;AAED,SAAS,kCAAkC,CACzC,YAAkC;IAElC,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IACtD,KAAK,MAAM,UAAU,IAAI,YAAY,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,EAAE;YACpC,GAAG,UAAU;YACb,QAAQ,EAAE,UAAU;SACrB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAChD,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAC3E,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,UAAkB;IAC7C,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uBAAuB,UAAU,qCAAqC,CACvE,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACnC,CAAC;AAED,SAAS,yBAAyB,CAAC,UAAkB,EAAE,QAAkB;IACvE,MAAM,CAAC,EAAE,QAAQ,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE3C,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,OAAO,iBAAiB,CAAC,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,OAAO,iBAAiB,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,8BAA8B,CAC3C,MAAmC,EACnC,QAAgB,EAChB,cAAuB,EACvB,KAAc;IAEd,IAAI,cAAc,IAAI,KAAK,EAAE,CAAC;QAC5B,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAC1D,IAAI,aAAa,IAAI,aAAa,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YAClG,OAAO,MAAM;iBACV,QAAQ,CAAqB,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;gBACnE,UAAU,EAAE,KAAK;gBACjB,WAAW,EAAE,OAAO;gBACpB,QAAQ,EAAE,GAAG;aACd,CAAC;iBACD,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE,CACrB,YAAY,CAAC,MAAM,CACjB,CAAC,UAAU,EAAE,EAAE,CACb,UAAU,CAAC,KAAK,EAAE,KAAK,EAAE,aAAa,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,KAAK,CAAC,CAC1F,CACF,CAAC;QACN,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,QAAQ,CAAqB,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE;QACnE,QAAQ;QACR,QAAQ,EAAE,GAAG;KACd,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,MAAmC;IAEnC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QACvD,OAAO,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,iCAAiC,CACxC,YAAqB,EACrB,KAAc;IAEd,OAAO,IAAI,OAAO,CAAC;QACjB,IAAI,EAAE,KAAK;QACX,OAAO,EAAE,qBAAqB,CAAC,YAAY,CAAC;KAC7C,CAA2C,CAAC;AAC/C,CAAC"}

package/dist/src/pattern-match.d.ts

@@ -0,0 +1,5 @@
+export interface PatternMatchOptions {
+    caseInsensitive?: boolean;
+}
+export declare function matchesPattern(value: string, pattern: string, options?: PatternMatchOptions): boolean;
+export declare function matchesAnyPattern(value: string, patterns: string[], options?: PatternMatchOptions): boolean;

package/dist/src/pattern-match.js

@@ -0,0 +1,59 @@
+const REGEX_SPECIAL = /[|\\{}()[\]^$+?.]/g;
+function toRegex(pattern, options = {}) {
+    const flags = options.caseInsensitive === false ? "u" : "iu";
+    return new RegExp(`^${globToRegex(pattern)}$`, flags);
+}
+function globToRegex(pattern) {
+    const normalized = pattern.replace(/\\/g, "/");
+    let output = "";
+    for (let index = 0; index < normalized.length; index += 1) {
+        const char = normalized[index];
+        const next = normalized[index + 1];
+        if (char === "*") {
+            if (next === "*") {
+                const nextNext = normalized[index + 2];
+                if (nextNext === "/") {
+                    output += "(?:.*/)?";
+                    index += 2;
+                }
+                else {
+                    output += ".*";
+                    index += 1;
+                }
+            }
+            else {
+                output += "[^/]*";
+            }
+            continue;
+        }
+        if (char === "?") {
+            output += "[^/]";
+            continue;
+        }
+        if (char === "{") {
+            const closeIndex = normalized.indexOf("}", index + 1);
+            if (closeIndex !== -1) {
+                const body = normalized.slice(index + 1, closeIndex);
+                const parts = body.split(",").map((part) => escapeRegex(part));
+                output += `(?:${parts.join("|")})`;
+                index = closeIndex;
+                continue;
+            }
+        }
+        output += escapeRegex(char);
+    }
+    return output;
+}
+function escapeRegex(value) {
+    return value.replace(REGEX_SPECIAL, "\\$&");
+}
+export function matchesPattern(value, pattern, options = {}) {
+    return toRegex(pattern, options).test(value);
+}
+export function matchesAnyPattern(value, patterns, options = {}) {
+    if (patterns.length === 0) {
+        return false;
+    }
+    return patterns.some((pattern) => matchesPattern(value, pattern, options));
+}
+//# sourceMappingURL=pattern-match.js.map

package/dist/src/pattern-match.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pattern-match.js","sourceRoot":"","sources":["../../src/pattern-match.ts"],"names":[],"mappings":"AAAA,MAAM,aAAa,GAAG,oBAAoB,CAAC;AAM3C,SAAS,OAAO,CAAC,OAAe,EAAE,UAA+B,EAAE;IACjE,MAAM,KAAK,GAAG,OAAO,CAAC,eAAe,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7D,OAAO,IAAI,MAAM,CAAC,IAAI,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC/C,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QAC/B,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAEnC,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACjB,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjB,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;gBACvC,IAAI,QAAQ,KAAK,GAAG,EAAE,CAAC;oBACrB,MAAM,IAAI,UAAU,CAAC;oBACrB,KAAK,IAAI,CAAC,CAAC;gBACb,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,IAAI,CAAC;oBACf,KAAK,IAAI,CAAC,CAAC;gBACb,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,OAAO,CAAC;YACpB,CAAC;YACD,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACjB,MAAM,IAAI,MAAM,CAAC;YACjB,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACjB,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YACtD,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,UAAU,CAAC,CAAC;gBACrD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC/D,MAAM,IAAI,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBACnC,KAAK,GAAG,UAAU,CAAC;gBACnB,SAAS;YACX,CAAC;QACH,CAAC;QAED,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,KAAa;IAChC,OAAO,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,KAAa,EACb,OAAe,EACf,UAA+B,EAAE;IAEjC,OAAO,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,KAAa,EACb,QAAkB,EAClB,UAA+B,EAAE;IAEjC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,cAAc,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;AAC7E,CAAC"}

package/dist/src/pinner.d.ts

@@ -0,0 +1,6 @@
+import type { ActionReference, FilePatch, PinActionsConfig } from "./types.js";
+import type { ActionResolver } from "./resolver.js";
+export declare function pinReferences(references: ActionReference[], resolver: Pick<ActionResolver, "resolve">, config: PinActionsConfig, dryRun: boolean, options?: {
+    continueOnError?: boolean;
+    failOnAmbiguous?: boolean;
+}): Promise<FilePatch[]>;

package/dist/src/pinner.js

@@ -0,0 +1,148 @@
+import { readFile, writeFile } from "node:fs/promises";
+import { buildResolutionKey } from "./resolver.js";
+export async function pinReferences(references, resolver, config, dryRun, options) {
+    const continueOnError = options?.continueOnError ?? false;
+    const failOnAmbiguous = options?.failOnAmbiguous ?? false;
+    const resolutions = await resolveReferences(references, resolver, {
+        continueOnError,
+        failOnAmbiguous
+    });
+    const grouped = groupByFile(references);
+    const patches = [];
+    // Process files in sorted order for deterministic output
+    const sortedFilePaths = Array.from(grouped.keys()).sort();
+    for (const filePath of sortedFilePaths) {
+        const refs = grouped.get(filePath) ?? [];
+        const original = await readFile(filePath, "utf8");
+        const eol = original.includes("\r\n") ? "\r\n" : "\n";
+        const lines = original.split(/\r?\n/);
+        // Process in reverse line order for safe editing, but track updates for later sorting
+        const sorted = [...refs].sort((a, b) => b.line - a.line);
+        const updatedRefs = [];
+        const evidence = [];
+        for (const ref of sorted) {
+            if (!shouldResolve(ref)) {
+                continue;
+            }
+            const resolution = resolutions.get(buildResolutionKey(ref));
+            if (!resolution) {
+                continue;
+            }
+            const versionComment = renderCommentTemplate(config.dependabot.commentFormat, ref, resolution.sha);
+            const lineIndex = ref.line - 1;
+            const line = lines[lineIndex] ?? "";
+            const updatedLine = rewriteUsesLine(line, resolution.sha, {
+                addVersionComment: config.dependabot.addVersionComments,
+                comment: versionComment
+            });
+            lines[lineIndex] = updatedLine;
+            updatedRefs.push(ref);
+            evidence.push({
+                filePath: ref.filePath,
+                line: ref.line,
+                originalRef: ref.raw,
+                resolvedSha: resolution.sha,
+                sourceRepo: resolution.sourceRepo,
+                resolutionMethod: resolution.resolutionMethod,
+                resolvedAt: resolution.resolvedAt
+            });
+        }
+        const updatedContent = lines.join(eol);
+        if (updatedContent === original) {
+            continue;
+        }
+        if (!dryRun) {
+            await writeFile(filePath, updatedContent, "utf8");
+        }
+        // Sort refs and evidence by line number for deterministic output
+        const sortedUpdatedRefs = updatedRefs.sort((a, b) => a.line - b.line);
+        const sortedEvidence = evidence.sort((a, b) => a.line - b.line);
+        patches.push({
+            filePath,
+            originalContent: original,
+            updatedContent,
+            referencesUpdated: sortedUpdatedRefs,
+            evidence: sortedEvidence
+        });
+    }
+    // Sort patches by file path for deterministic output
+    return patches.sort((a, b) => a.filePath.localeCompare(b.filePath));
+}
+async function resolveReferences(references, resolver, options) {
+    const continueOnError = options?.continueOnError ?? false;
+    const failOnAmbiguous = options?.failOnAmbiguous ?? false;
+    const uniqueRefs = new Map();
+    for (const reference of references) {
+        if (!shouldResolve(reference)) {
+            continue;
+        }
+        uniqueRefs.set(buildResolutionKey(reference), reference);
+    }
+    const resolutions = new Map();
+    const promises = [...uniqueRefs.entries()].map(async ([key, reference]) => {
+        try {
+            const result = await resolver.resolve(reference);
+            resolutions.set(key, result);
+        }
+        catch (error) {
+            // If failOnAmbiguous is set and we have an AmbiguousRefError, re-throw it
+            if (failOnAmbiguous && error instanceof Error && error.name === "AmbiguousRefError") {
+                throw error;
+            }
+            // If continueOnError is not set and we have an UnresolvedRefError, re-throw it
+            if (!continueOnError && error instanceof Error && error.name === "UnresolvedRefError") {
+                throw error;
+            }
+            // If continueOnError is set, log the warning and continue
+            if (continueOnError && error instanceof Error) {
+                console.warn(`Skipping ref due to error: ${error.message}`);
+            }
+            else if (!continueOnError) {
+                throw error;
+            }
+        }
+    });
+    await Promise.all(promises);
+    return resolutions;
+}
+function shouldResolve(reference) {
+    const ref = reference.ref;
+    return (reference.kind === "tag-or-branch" &&
+        typeof ref === "string" &&
+        !/^[0-9a-f]{40}$/i.test(ref));
+}
+function groupByFile(references) {
+    const grouped = new Map();
+    for (const reference of references) {
+        const existing = grouped.get(reference.filePath);
+        if (existing) {
+            existing.push(reference);
+            continue;
+        }
+        grouped.set(reference.filePath, [reference]);
+    }
+    return grouped;
+}
+function rewriteUsesLine(line, sha, options) {
+    const match = line.match(/^(\s*-?\s*uses:\s*)(['"]?)([^'"#\s@]+)@([^'"#\s]+)(\2)(.*)$/);
+    if (!match) {
+        return line;
+    }
+    const [, prefix, quote, action, , closingQuote, suffix] = match;
+    const renderedComment = options.comment.trim();
+    const comment = options.addVersionComment && renderedComment.length > 0
+        ? ` # ${renderedComment}`
+        : "";
+    return `${prefix}${quote}${action}@${sha}${closingQuote}${comment}${suffix}`;
+}
+function renderCommentTemplate(template, reference, sha) {
+    const shaShort = sha.slice(0, 7);
+    return template.replace(/\{(ref|action|sha_short)\}/g, (_match, token) => {
+        if (token === "ref")
+            return reference.ref ?? "";
+        if (token === "action")
+            return reference.action;
+        return shaShort;
+    });
+}
+//# sourceMappingURL=pinner.js.map

package/dist/src/pinner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pinner.js","sourceRoot":"","sources":["../../src/pinner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AASvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,UAA6B,EAC7B,QAAyC,EACzC,MAAwB,EACxB,MAAe,EACf,OAGC;IAED,MAAM,eAAe,GAAG,OAAO,EAAE,eAAe,IAAI,KAAK,CAAC;IAC1D,MAAM,eAAe,GAAG,OAAO,EAAE,eAAe,IAAI,KAAK,CAAC;IAE1D,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,QAAQ,EAAE;QAChE,eAAe;QACf,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,yDAAyD;IACzD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAE1D,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;QACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACtC,sFAAsF;QACtF,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,WAAW,GAAsB,EAAE,CAAC;QAC1C,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACzB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,SAAS;YACX,CAAC;YAED,MAAM,cAAc,GAAG,qBAAqB,CAC1C,MAAM,CAAC,UAAU,CAAC,aAAa,EAC/B,GAAG,EACH,UAAU,CAAC,GAAG,CACf,CAAC;YAEF,MAAM,SAAS,GAAG,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC;YAC/B,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,EAAE,UAAU,CAAC,GAAG,EAAE;gBACxD,iBAAiB,EAAE,MAAM,CAAC,UAAU,CAAC,kBAAkB;gBACvD,OAAO,EAAE,cAAc;aACxB,CAAC,CAAC;YAEH,KAAK,CAAC,SAAS,CAAC,GAAG,WAAW,CAAC;YAC/B,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACtB,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,WAAW,EAAE,GAAG,CAAC,GAAG;gBACpB,WAAW,EAAE,UAAU,CAAC,GAAG;gBAC3B,UAAU,EAAE,UAAU,CAAC,UAAU;gBACjC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;gBAC7C,UAAU,EAAE,UAAU,CAAC,UAAU;aAClC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,cAAc,KAAK,QAAQ,EAAE,CAAC;YAChC,SAAS;QACX,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,SAAS,CAAC,QAAQ,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;QACpD,CAAC;QAED,iEAAiE;QACjE,MAAM,iBAAiB,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;QACtE,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;QAEhE,OAAO,CAAC,IAAI,CAAC;YACX,QAAQ;YACR,eAAe,EAAE,QAAQ;YACzB,cAAc;YACd,iBAAiB,EAAE,iBAAiB;YACpC,QAAQ,EAAE,cAAc;SACzB,CAAC,CAAC;IACL,CAAC;IAED,qDAAqD;IACrD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,UAA6B,EAC7B,QAAyC,EACzC,OAGC;IAED,MAAM,eAAe,GAAG,OAAO,EAAE,eAAe,IAAI,KAAK,CAAC;IAC1D,MAAM,eAAe,GAAG,OAAO,EAAE,eAAe,IAAI,KAAK,CAAC;IAE1D,MAAM,UAAU,GAAG,IAAI,GAAG,EAA2B,CAAC;IACtD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,SAAS;QACX,CAAC;QAED,UAAU,CAAC,GAAG,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,GAAG,EAA4B,CAAC;IACxD,MAAM,QAAQ,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,EAAE;QACxE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACjD,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,0EAA0E;YAC1E,IAAI,eAAe,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACpF,MAAM,KAAK,CAAC;YACd,CAAC;YACD,+EAA+E;YAC/E,IAAI,CAAC,eAAe,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;gBACtF,MAAM,KAAK,CAAC;YACd,CAAC;YACD,0DAA0D;YAC1D,IAAI,eAAe,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC,8BAA8B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9D,CAAC;iBAAM,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC5B,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAE5B,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,aAAa,CAAC,SAA0B;IAC/C,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC;IAC1B,OAAO,CACL,SAAS,CAAC,IAAI,KAAK,eAAe;QAClC,OAAO,GAAG,KAAK,QAAQ;QACvB,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAC7B,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAClB,UAA6B;IAE7B,MAAM,OAAO,GAAG,IAAI,GAAG,EAA6B,CAAC;IACrD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACjD,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACzB,SAAS;QACX,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,GAAW,EACX,OAAwD;IAExD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;IACxF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,AAAD,EAAG,YAAY,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC;IAChE,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/C,MAAM,OAAO,GACX,OAAO,CAAC,iBAAiB,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC;QACrD,CAAC,CAAC,MAAM,eAAe,EAAE;QACzB,CAAC,CAAC,EAAE,CAAC;IACT,OAAO,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,IAAI,GAAG,GAAG,YAAY,GAAG,OAAO,GAAG,MAAM,EAAE,CAAC;AAC/E,CAAC;AAED,SAAS,qBAAqB,CAC5B,QAAgB,EAChB,SAAkD,EAClD,GAAW;IAEX,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjC,OAAO,QAAQ,CAAC,OAAO,CAAC,6BAA6B,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE;QACvE,IAAI,KAAK,KAAK,KAAK;YAAE,OAAO,SAAS,CAAC,GAAG,IAAI,EAAE,CAAC;QAChD,IAAI,KAAK,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC,MAAM,CAAC;QAChD,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/src/pr.d.ts

@@ -0,0 +1,87 @@
+import { type SimpleGit } from "simple-git";
+import type { FilePatch, PinActionsConfig } from "./types.js";
+export interface CreatePrOptions {
+    config: PinActionsConfig;
+    patches: FilePatch[];
+    branchName?: string;
+    git?: Pick<SimpleGit, "branch" | "checkoutLocalBranch" | "add" | "commit">;
+}
+export interface PublishPrOptions {
+    config: PinActionsConfig;
+    patches: FilePatch[];
+    branch: string;
+    baseBranch: string;
+    commitMessage?: string;
+    token?: string;
+    git?: Pick<SimpleGit, "raw" | "getRemotes">;
+    client?: GitHubPrClient;
+    repository?: GitHubRepository;
+}
+export interface GitHubRepository {
+    owner: string;
+    repo: string;
+}
+export interface GitHubPrClient {
+    pulls: {
+        create: (args: {
+            owner: string;
+            repo: string;
+            title: string;
+            body: string;
+            head: string;
+            base: string;
+        }) => Promise<{
+            data: {
+                number: number;
+                html_url: string;
+            };
+        }>;
+        requestReviewers: (args: {
+            owner: string;
+            repo: string;
+            pull_number: number;
+            reviewers: string[];
+        }) => Promise<unknown>;
+    };
+    issues: {
+        addLabels: (args: {
+            owner: string;
+            repo: string;
+            issue_number: number;
+            labels: string[];
+        }) => Promise<unknown>;
+        addAssignees: (args: {
+            owner: string;
+            repo: string;
+            issue_number: number;
+            assignees: string[];
+        }) => Promise<unknown>;
+    };
+}
+export interface CreatedPrResult {
+    number: number;
+    htmlUrl: string;
+}
+export declare function createPullRequestBranch({ config, patches, branchName, git }: CreatePrOptions): Promise<{
+    branch: string;
+    baseBranch: string;
+    commitMessage: string;
+}>;
+export declare function publishPullRequest({ config, patches, branch, baseBranch, commitMessage, token, git, client, repository }: PublishPrOptions): Promise<CreatedPrResult | null>;
+export declare function buildPrBody(patches: FilePatch[], template?: string, contextOverrides?: Partial<PrTemplateContext>): string;
+export declare function resolveRepositoryInfo(git: Pick<SimpleGit, "getRemotes">): Promise<GitHubRepository>;
+interface PrTemplateContext {
+    summary: string;
+    fileCount: number;
+    referenceCount: number;
+    files: string;
+    references: string;
+    evidence: string;
+    branch: string;
+    baseBranch: string;
+    commitMessage: string;
+    toolVersion: string;
+    configHash: string;
+    runFingerprint: string;
+}
+export {};

package/dist/src/pr.js

@@ -0,0 +1,165 @@
+import { Octokit } from "@octokit/rest";
+import { simpleGit } from "simple-git";
+import { toDisplayPath } from "./workflow-paths.js";
+import { buildRunFingerprint, formatEvidence } from "./report.js";
+import { getToolVersion } from "./version.js";
+export async function createPullRequestBranch({ config, patches, branchName, git = simpleGit() }) {
+    const branchInfo = await git.branch();
+    const baseBranch = branchInfo.current;
+    const branch = branchName ?? `${config.pr.branchPrefix}-${Date.now()}`;
+    const commitMessage = "chore: pin GitHub Actions to commit SHAs";
+    await git.checkoutLocalBranch(branch);
+    await git.add(patches.map((patch) => patch.filePath));
+    await git.commit(commitMessage);
+    return { branch, baseBranch, commitMessage };
+}
+export async function publishPullRequest({ config, patches, branch, baseBranch, commitMessage = "chore: pin GitHub Actions to commit SHAs", token, git = simpleGit(), client, repository }) {
+    if (!config.pr.create) {
+        return null;
+    }
+    if (!token) {
+        throw new Error("A GitHub token is required to create pull requests. " +
+            "Set PIN_ACTIONS_TOKEN or use --token, or ensure GITHUB_TOKEN is available.");
+    }
+    const repo = repository ?? (await resolveRepositoryInfo(git));
+    const octokit = client ?? createPullRequestClient(token);
+    const toolVersion = await getToolVersion();
+    const runFingerprint = buildRunFingerprint(config, toolVersion);
+    const body = buildPrBody(patches, config.pr.bodyTemplate, {
+        branch,
+        baseBranch,
+        commitMessage,
+        evidence: formatEvidence(patches),
+        toolVersion: runFingerprint.toolVersion,
+        configHash: runFingerprint.configHash,
+        runFingerprint: runFingerprint.fingerprint
+    });
+    await git.raw(["push", "-u", "origin", branch]);
+    const pullRequest = await octokit.pulls.create({
+        owner: repo.owner,
+        repo: repo.repo,
+        title: config.pr.title,
+        body,
+        head: branch,
+        base: baseBranch
+    });
+    const issueNumber = pullRequest.data.number;
+    if (config.pr.labels.length > 0) {
+        await octokit.issues.addLabels({
+            owner: repo.owner,
+            repo: repo.repo,
+            issue_number: issueNumber,
+            labels: config.pr.labels
+        });
+    }
+    if (config.pr.assignees.length > 0) {
+        await octokit.issues.addAssignees({
+            owner: repo.owner,
+            repo: repo.repo,
+            issue_number: issueNumber,
+            assignees: config.pr.assignees
+        });
+    }
+    if (config.pr.reviewers.length > 0) {
+        await octokit.pulls.requestReviewers({
+            owner: repo.owner,
+            repo: repo.repo,
+            pull_number: issueNumber,
+            reviewers: config.pr.reviewers
+        });
+    }
+    return {
+        number: issueNumber,
+        htmlUrl: pullRequest.data.html_url
+    };
+}
+export function buildPrBody(patches, template = DEFAULT_PR_BODY_TEMPLATE, contextOverrides = {}) {
+    const context = buildPrTemplateContext(patches, contextOverrides);
+    return renderTemplate(template, context).trim();
+}
+export async function resolveRepositoryInfo(git) {
+    const remotes = await git.getRemotes(true);
+    const origin = remotes.find((remote) => remote.name === "origin");
+    const remoteUrl = origin?.refs.fetch ?? origin?.refs.push;
+    if (!remoteUrl) {
+        throw new Error("Unable to determine the origin remote URL.");
+    }
+    return parseRepositoryUrl(remoteUrl);
+}
+function buildPrTemplateContext(patches, contextOverrides) {
+    const files = patches.map((patch) => `- ${toDisplayPath(patch.filePath)}`).join("\n");
+    const references = patches
+        .flatMap((patch) => patch.referencesUpdated.map((reference) => `- ${toDisplayPath(reference.filePath)}:${reference.line} ${reference.raw}`))
+        .join("\n");
+    const context = {
+        summary: `Pinned ${countUpdatedReferences(patches)} action reference(s) across ${patches.length} file(s).`,
+        fileCount: patches.length,
+        referenceCount: countUpdatedReferences(patches),
+        files: files || "- (none)",
+        references: references || "- (none)",
+        evidence: formatEvidence(patches),
+        branch: "",
+        baseBranch: "",
+        commitMessage: "",
+        toolVersion: "",
+        configHash: "",
+        runFingerprint: "",
+        ...contextOverrides
+    };
+    return context;
+}
+function renderTemplate(template, context) {
+    return template.replace(/\{\{(\w+)\}\}/g, (match, key) => {
+        const value = context[key];
+        return value === undefined ? match : String(value);
+    });
+}
+function countUpdatedReferences(patches) {
+    return patches.reduce((count, patch) => count + patch.referencesUpdated.length, 0);
+}
+function createPullRequestClient(token) {
+    return new Octokit({ auth: token });
+}
+function parseRepositoryUrl(remoteUrl) {
+    const sshMatch = remoteUrl.match(/^git@[^:]+:([^/]+)\/(.+?)(?:\.git)?$/i);
+    if (sshMatch) {
+        return { owner: sshMatch[1], repo: sshMatch[2] };
+    }
+    const sshUrlMatch = remoteUrl.match(/^ssh:\/\/git@[^/]+\/([^/]+)\/(.+?)(?:\.git)?$/i);
+    if (sshUrlMatch) {
+        return { owner: sshUrlMatch[1], repo: sshUrlMatch[2] };
+    }
+    const httpsMatch = remoteUrl.match(/^https?:\/\/[^/]+\/([^/]+)\/(.+?)(?:\.git)?$/i);
+    if (httpsMatch) {
+        return { owner: httpsMatch[1], repo: httpsMatch[2] };
+    }
+    throw new Error(`Unsupported origin remote URL: ${remoteUrl}`);
+}
+const DEFAULT_PR_BODY_TEMPLATE = [
+    "## Summary",
+    "",
+    "{{summary}}",
+    "",
+    "## Updated workflows",
+    "",
+    "{{files}}",
+    "",
+    "## Updated references",
+    "",
+    "{{references}}",
+    "",
+    "## Evidence",
+    "",
+    "{{evidence}}",
+    "",
+    "## Run fingerprint",
+    "",
+    "- Tool version: `{{toolVersion}}`",
+    "- Config hash: `{{configHash}}`",
+    "- Run fingerprint: `{{runFingerprint}}`",
+    "",
+    "## Branch",
+    "",
+    "- `{{branch}}`"
+].join("\n");
+//# sourceMappingURL=pr.js.map