actions-up 1.11.0 → 1.12.1

package/dist/cli/index.d.ts

@@ -1,2 +1,4 @@
-/** Run the CLI. */
+/**
+ * Run the CLI.
+ */
 export declare function run(): void;

package/dist/cli/index.js

@@ -1,143 +1,134 @@
 import { readInlineVersionComment } from "../core/versions/read-inline-version-comment.js";
-import { GITHUB_DIRECTORY } from "../core/constants.js";
 import { isSha } from "../core/versions/is-sha.js";
 import { promptUpdateSelection } from "../core/interactive/prompt-update-selection.js";
+import { getCompatibleUpdate } from "../core/api/get-compatible-update.js";
+import { createGitHubClient } from "../core/api/create-github-client.js";
+import { resolveScanDirectories } from "./resolve-scan-directories.js";
 import { getUpdateLevel } from "../core/versions/get-update-level.js";
 import { applyUpdates } from "../core/ast/update/apply-updates.js";
+import { printSkippedWarning } from "./print-skipped-warning.js";
+import { normalizeUpdateMode } from "./normalize-update-mode.js";
 import { shouldIgnore } from "../core/ignore/should-ignore.js";
 import { checkUpdates } from "../core/api/check-updates.js";
+import { mergeScanResults } from "./merge-scan-results.js";
+import { printModeWarning } from "./print-mode-warning.js";
 import { scanRecursive } from "../core/scan-recursive.js";
 import { scanGitHubActions } from "../core/scan-github-actions.js";
 import "../core/index.js";
 import { version } from "../package.js";
-import { relative, resolve } from "node:path";
 import { createSpinner } from "nanospinner";
 import "node:worker_threads";
 import pc from "picocolors";
 import cac from "cac";
 function run() {
 	let b = cac("actions-up");
-	b.help().version(version).option("--dir <directory>", "Custom directory name (default: .github)").option("--dry-run", "Preview changes without applying them").option("--exclude <regex>", "Exclude actions by regex (repeatable)").option("--include-branches", "Also check actions pinned to branches (default: false)").option("--min-age <days>", "Minimum age in days for updates (default: 0)", { default: 0 }).option("--mode <mode>", "Update mode: major, minor, or patch (default: major)", { default: "major" }).option("--recursive, -r", "Recursively scan directories for YAML files").option("--yes, -y", "Skip all confirmations").command("", "Update GitHub Actions").action(async (g) => {
+	b.help().version(version).option("--dir <directory>", "Directory to scan (repeatable). Default: .github, or . with --recursive").option("--dry-run", "Preview changes without applying them").option("--exclude <regex>", "Exclude actions by regex (repeatable)").option("--include-branches", "Also check actions pinned to branches (default: false)").option("--min-age <days>", "Minimum age in days for updates (default: 0)", { default: 0 }).option("--mode <mode>", "Update mode: major, minor, or patch (default: major)", { default: "major" }).option("--recursive, -r", "Recursively scan directories for YAML files").option("--yes, -y", "Skip all confirmations").command("", "Update GitHub Actions").action(async (v) => {
 		console.info(pc.cyan("\n🚀 Actions Up!\n"));
-		let y = createSpinner("Scanning GitHub Actions...").start(), b = [];
-		Array.isArray(g.dir) ? b.push(...g.dir) : typeof g.dir == "string" ? b.push(g.dir) : b.push(GITHUB_DIRECTORY);
-		let x = [...new Set(b.map((e) => {
-			let d = process.cwd();
-			return relative(d, resolve(d, e)) || ".";
-		}))];
+		let y = createSpinner("Scanning GitHub Actions...").start(), b = resolveScanDirectories({
+			recursive: v.recursive,
+			cwd: process.cwd(),
+			dir: v.dir
+		});
 		try {
-			let d = mergeScanResults(g.recursive ? await Promise.all(x.map((e) => scanRecursive(process.cwd(), e))) : await Promise.all(x.map((e) => scanGitHubActions(process.cwd(), e)))), _ = d.actions.length, v = d.workflows.size, b = d.compositeActions.size;
-			if (y.success(`Found ${pc.yellow(_)} actions in ${pc.yellow(v)} workflows and ${pc.yellow(b)} composite actions`), _ === 0) {
+			let m = mergeScanResults(v.recursive ? await Promise.all(b.map(({ root: t, dir: u }) => scanRecursive(t, u))) : await Promise.all(b.map(({ root: t, dir: u }) => scanGitHubActions(t, u)))), x = m.actions.length, S = m.workflows.size, C = m.compositeActions.size;
+			if (y.success(`Found ${pc.yellow(x)} actions in ${pc.yellow(S)} workflows and ${pc.yellow(C)} composite actions`), x === 0) {
 				console.info(pc.green("\n✨ No GitHub Actions found in this repository"));
 				return;
 			}
-			let S = d.actions, C = [];
-			Array.isArray(g.exclude) ? C.push(...g.exclude) : typeof g.exclude == "string" && C.push(g.exclude);
-			let w = C.flatMap((e) => e.split(",")).map((e) => e.trim()).filter(Boolean);
-			if (w.length > 0) {
-				let { parseExcludePatterns: e } = await import("../core/filters/parse-exclude-patterns.js"), d = e(w);
-				d.length > 0 && (S = S.filter((e) => {
-					let { name: f } = e;
-					for (let e of d) if (e.test(f)) return !1;
+			let w = m.actions, T = [];
+			Array.isArray(v.exclude) ? T.push(...v.exclude) : typeof v.exclude == "string" && T.push(v.exclude);
+			let E = T.flatMap((t) => t.split(",")).map((t) => t.trim()).filter(Boolean);
+			if (E.length > 0) {
+				let { parseExcludePatterns: t } = await import("../core/filters/parse-exclude-patterns.js"), u = t(E);
+				u.length > 0 && (w = w.filter((t) => {
+					let { name: d } = t;
+					for (let t of u) if (t.test(d)) return !1;
 					return !0;
 				}));
 			}
-			if (y = createSpinner("Checking for updates...").start(), S.length === 0) {
+			if (y = createSpinner("Checking for updates...").start(), w.length === 0) {
 				y.success("No actions to check after excludes"), console.info(pc.green("\n✨ Nothing to check after excludes\n"));
 				return;
 			}
-			let T = g.includeBranches ?? !1, E = await checkUpdates(S, process.env.GITHUB_TOKEN, { includeBranches: T }), D = [];
-			await Promise.all(E.map(async (e) => {
-				await shouldIgnore(e.action.file, e.action.line) || D.push(e);
+			let D = process.env.GITHUB_TOKEN, O = createGitHubClient(D), k = v.includeBranches ?? !1, A = await checkUpdates(w, D, {
+				client: O,
+				includeBranches: k
+			}), j = [];
+			await Promise.all(A.map(async (t) => {
+				await shouldIgnore(t.action.file, t.action.line) || j.push(t);
 			}));
-			let O = D.filter((e) => e.status === "skipped"), k = D.filter((e) => e.hasUpdate), A = g.minAge * 24 * 60 * 60 * 1e3, j = Date.now();
-			k = k.filter((e) => e.publishedAt ? j - e.publishedAt.getTime() >= A : !0);
-			let M = normalizeUpdateMode(g.mode), N = [];
-			if (M !== "major") {
-				let d = /* @__PURE__ */ new Map(), p = await Promise.all(k.map(async (p) => {
-					let m = p.currentVersion;
-					if (isSha(p.currentVersion)) {
-						let f = await readInlineVersionComment(p.action.file, p.action.line, d);
-						f && (m = f);
+			let M = j.filter((t) => t.status === "skipped"), N = j.filter((t) => t.hasUpdate), P = v.minAge * 24 * 60 * 60 * 1e3, F = Date.now();
+			N = N.filter((t) => t.publishedAt ? F - t.publishedAt.getTime() >= P : !0);
+			let I = normalizeUpdateMode(v.mode), L = [];
+			if (I !== "major") {
+				let d = /* @__PURE__ */ new Map(), p = /* @__PURE__ */ new Map(), m = /* @__PURE__ */ new Map(), h = await Promise.all(N.map(async (d) => {
+					let f = d.currentVersion;
+					if (isSha(d.currentVersion)) {
+						let u = await readInlineVersionComment(d.action.file, d.action.line, m);
+						u && (f = u);
 					}
-					let h = getUpdateLevel(m, p.latestVersion);
+					let p = getUpdateLevel(f, d.latestVersion);
 					return {
-						allowed: M === "minor" ? h === "minor" || h === "patch" || h === "none" : h === "patch" || h === "none",
-						update: p
+						effectiveCurrentVersion: f,
+						allowed: I === "minor" ? p === "minor" || p === "patch" || p === "none" : p === "patch" || p === "none",
+						update: d
 					};
-				})), m = [];
-				for (let e of p) e.allowed ? m.push(e.update) : N.push(e.update);
-				k = m;
+				})), g = [], _ = await Promise.all(h.map(async (t) => {
+					if (t.allowed) return { update: t.update };
+					let u = await getCompatibleUpdate(O, {
+						currentVersion: t.effectiveCurrentVersion,
+						actionName: t.update.action.name,
+						tagsCache: d,
+						shaCache: p,
+						mode: I
+					});
+					return u ? { update: {
+						...t.update,
+						latestVersion: u.version,
+						latestSha: u.sha,
+						isBreaking: !1,
+						hasUpdate: !0
+					} } : { blocked: t.update };
+				}));
+				for (let t of _) {
+					if (t.update) {
+						g.push(t.update);
+						continue;
+					}
+					L.push(t.blocked);
+				}
+				N = g;
 			}
-			let P = k.filter((e) => e.isBreaking);
-			if (k.length === 0) {
-				y.success("All actions are up to date!"), O.length > 0 && printSkippedWarning(O, T), N.length > 0 && printModeWarning(N, M), console.info(pc.green("\n✨ Everything is already at the latest version!\n"));
+			let R = N.filter((t) => t.isBreaking);
+			if (N.length === 0) {
+				y.success("All actions are up to date!"), M.length > 0 && printSkippedWarning(M, k), L.length > 0 && printModeWarning(L, I), console.info(pc.green("\n✨ Everything is already at the latest version!\n"));
 				return;
 			}
-			if (y.success(`Found ${pc.yellow(k.length)} updates available${P.length > 0 ? ` (${pc.redBright(P.length)} breaking)` : ""}`), O.length > 0 && printSkippedWarning(O, T), N.length > 0 && printModeWarning(N, M), g.dryRun) {
+			if (y.success(`Found ${pc.yellow(N.length)} updates available${R.length > 0 ? ` (${pc.redBright(R.length)} breaking)` : ""}`), M.length > 0 && printSkippedWarning(M, k), L.length > 0 && printModeWarning(L, I), v.dryRun) {
 				console.info(pc.yellow("\n📋 Dry Run - No changes will be made\n"));
-				for (let e of k) console.info(`${pc.cyan(e.action.file ?? "unknown")}:\n${e.action.name}: ${pc.redBright(e.currentVersion)} → ${pc.green(e.latestVersion)} ${e.latestSha ? pc.gray(`(${e.latestSha.slice(0, 7)})`) : ""}\n`);
-				console.info(pc.gray(`\n${k.length} actions would be updated\n`));
+				for (let t of N) console.info(`${pc.cyan(t.action.file ?? "unknown")}:\n${t.action.name}: ${pc.redBright(t.currentVersion)} → ${pc.green(t.latestVersion)} ${t.latestSha ? pc.gray(`(${t.latestSha.slice(0, 7)})`) : ""}\n`);
+				console.info(pc.gray(`\n${N.length} actions would be updated\n`));
 				return;
 			}
-			if (g.yes) {
-				let e = k.filter((e) => e.latestSha);
-				if (e.length === 0) {
+			if (v.yes) {
+				let t = N.filter((t) => t.latestSha);
+				if (t.length === 0) {
 					console.info(pc.yellow("\n⚠️ No actions with SHA available for update\n"));
 					return;
 				}
-				console.info(pc.yellow(`\n🔄 Updating ${e.length} actions...\n`)), await applyUpdates(e), console.info(pc.green("\n✓ Updates applied successfully!"));
+				console.info(pc.yellow(`\n🔄 Updating ${t.length} actions...\n`)), await applyUpdates(t), console.info(pc.green("\n✓ Updates applied successfully!"));
 			} else {
-				(O.length > 0 || N.length > 0) && console.info("");
-				let e = await promptUpdateSelection(k, { showAge: g.minAge > 0 });
-				if (!e || e.length === 0) {
+				(M.length > 0 || L.length > 0) && console.info("");
+				let t = await promptUpdateSelection(N, { showAge: v.minAge > 0 });
+				if (!t || t.length === 0) {
 					console.info(pc.gray("\nNo updates applied"));
 					return;
 				}
-				console.info(pc.yellow(`\n🔄 Updating ${e.length} selected actions...\n`)), await applyUpdates(e), console.info(pc.green("\n✓ Updates applied successfully!"));
+				console.info(pc.yellow(`\n🔄 Updating ${t.length} selected actions...\n`)), await applyUpdates(t), console.info(pc.green("\n✓ Updates applied successfully!"));
 			}
-		} catch (e) {
-			y.error("Failed"), e instanceof Error && e.name === "GitHubRateLimitError" ? (console.error(pc.yellow("\n⚠️ Rate Limit Exceeded\n")), console.error(e.message), console.error(pc.gray("\nExample: GITHUB_TOKEN=ghp_xxxx actions-up\n"))) : console.error(pc.redBright("\nError:"), e instanceof Error ? e.message : String(e)), process.exit(1);
+		} catch (t) {
+			y.error("Failed"), t instanceof Error && t.name === "GitHubRateLimitError" ? (console.error(pc.yellow("\n⚠️ Rate Limit Exceeded\n")), console.error(t.message), console.error(pc.gray("\nExample: GITHUB_TOKEN=ghp_xxxx actions-up\n"))) : console.error(pc.redBright("\nError:"), t instanceof Error ? t.message : String(t)), process.exit(1);
 		}
 	}), b.parse();
 }
-function mergeScanResults(e) {
-	let d = {
-		compositeActions: /* @__PURE__ */ new Map(),
-		workflows: /* @__PURE__ */ new Map(),
-		actions: []
-	};
-	for (let f of e) {
-		for (let [e, p] of f.workflows) d.workflows.set(e, p);
-		for (let [, e] of f.compositeActions) d.compositeActions.set(e, e);
-		d.actions.push(...f.actions);
-	}
-	let f = /* @__PURE__ */ new Set();
-	return d.actions = d.actions.filter((e) => {
-		let d = `${e.file}:${e.line}:${e.name}:${e.version}`;
-		return f.has(d) ? !1 : (f.add(d), !0);
-	}), d;
-}
-function printModeWarning(e, d) {
-	if (e.length === 0) return;
-	let f = new Intl.PluralRules("en-US", { type: "cardinal" }).select(e.length) === "one" ? "action" : "actions", p = d === "minor" ? "major" : "major/minor";
-	console.info(pc.yellow(`\n⚠️  Skipped ${e.length} ${f} due to ${p} updates`));
-	for (let d of e) {
-		let e = d.action.uses ?? `${d.action.name}@${d.currentVersion ?? "unknown"}`;
-		console.info(pc.gray(`   • ${e}`));
-	}
-}
-function printSkippedWarning(e, d) {
-	let f = new Intl.PluralRules("en-US", { type: "cardinal" }).select(e.length) === "one" ? "action" : "actions", p = d ? "" : " (use --include-branches to check them)";
-	console.info(pc.yellow(`\n⚠️  Skipped ${e.length} ${f} pinned to branches${p}`));
-	for (let d of e) {
-		let e = d.action.uses ?? `${d.action.name}@${d.currentVersion ?? "unknown"}`;
-		console.info(pc.gray(`   • ${e}`));
-	}
-}
-function normalizeUpdateMode(e) {
-	let d = (e ?? "major").toLowerCase();
-	if (d === "major" || d === "minor" || d === "patch") return d;
-	throw Error(`Invalid mode "${e}". Expected "major", "minor", or "patch".`);
-}
 export { run };

package/dist/cli/merge-scan-results.d.ts

@@ -0,0 +1,8 @@
+import { ScanResult } from '../types/scan-result';
+/**
+ * Merge multiple scan results into one.
+ *
+ * @param results - Array of scan results.
+ * @returns Merged scan result.
+ */
+export declare function mergeScanResults(results: ScanResult[]): ScanResult;

package/dist/cli/merge-scan-results.js

@@ -0,0 +1,18 @@
+function mergeScanResults(e) {
+	let t = {
+		compositeActions: /* @__PURE__ */ new Map(),
+		workflows: /* @__PURE__ */ new Map(),
+		actions: []
+	};
+	for (let [n, r] of e.entries()) {
+		for (let [e, i] of r.workflows) t.workflows.set(`${n}:${e}`, i);
+		for (let [, e] of r.compositeActions) t.compositeActions.set(`${n}:${e}`, e);
+		t.actions.push(...r.actions);
+	}
+	let n = /* @__PURE__ */ new Set();
+	return t.actions = t.actions.filter((e) => {
+		let t = `${e.file}:${e.line}:${e.name}:${e.version}`;
+		return n.has(t) ? !1 : (n.add(t), !0);
+	}), t;
+}
+export { mergeScanResults };

package/dist/cli/normalize-update-mode.d.ts

@@ -0,0 +1,8 @@
+import { UpdateMode } from '../types/update-mode';
+/**
+ * Normalizes the update mode option.
+ *
+ * @param mode - Raw mode option.
+ * @returns Normalized update mode.
+ */
+export declare function normalizeUpdateMode(mode: undefined | string): UpdateMode;

package/dist/cli/normalize-update-mode.js

@@ -0,0 +1,6 @@
+function normalizeUpdateMode(e) {
+	let t = (e ?? "major").toLowerCase();
+	if (t === "major" || t === "minor" || t === "patch") return t;
+	throw Error(`Invalid mode "${e}". Expected "major", "minor", or "patch".`);
+}
+export { normalizeUpdateMode };

package/dist/cli/print-mode-warning.d.ts

@@ -0,0 +1,16 @@
+import { UpdateMode } from '../types/update-mode';
+/**
+ * Prints a warning message for actions that were skipped due to update mode
+ * restrictions.
+ *
+ * @param blocked - Array of blocked actions with their current versions.
+ * @param mode - The current update mode (patch/minor/major).
+ */
+export declare function printModeWarning(blocked: {
+    action: {
+        version?: string | null;
+        uses?: string;
+        name: string;
+    };
+    currentVersion: string | null;
+}[], mode: UpdateMode): void;

package/dist/cli/print-mode-warning.js

@@ -0,0 +1,11 @@
+import pc from "picocolors";
+function printModeWarning(t, n) {
+	if (t.length === 0) return;
+	let r = new Intl.PluralRules("en-US", { type: "cardinal" }).select(t.length) === "one" ? "action" : "actions", i = n === "minor" ? "major" : "major/minor";
+	console.info(pc.yellow(`\n⚠️  Skipped ${t.length} ${r} due to ${i} updates`));
+	for (let n of t) {
+		let t = n.action.uses ?? `${n.action.name}@${n.currentVersion ?? "unknown"}`;
+		console.info(pc.gray(`   • ${t}`));
+	}
+}
+export { printModeWarning };

package/dist/cli/print-skipped-warning.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Prints a warning message for actions that were skipped during scanning.
+ *
+ * @param skipped - Array of skipped actions with their current versions.
+ * @param includeBranches - Whether branch-pinned actions are being checked.
+ */
+export declare function printSkippedWarning(skipped: {
+    action: {
+        version?: string | null;
+        uses?: string;
+        name: string;
+    };
+    currentVersion: string | null;
+}[], includeBranches: boolean): void;

package/dist/cli/print-skipped-warning.js

@@ -0,0 +1,10 @@
+import pc from "picocolors";
+function printSkippedWarning(t, n) {
+	let r = new Intl.PluralRules("en-US", { type: "cardinal" }).select(t.length) === "one" ? "action" : "actions", i = n ? "" : " (use --include-branches to check them)";
+	console.info(pc.yellow(`\n⚠️  Skipped ${t.length} ${r} pinned to branches${i}`));
+	for (let n of t) {
+		let t = n.action.uses ?? `${n.action.name}@${n.currentVersion ?? "unknown"}`;
+		console.info(pc.gray(`   • ${t}`));
+	}
+}
+export { printSkippedWarning };

package/dist/cli/resolve-scan-directories.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Options for resolving scan directories from CLI flags.
+ */
+interface ResolveScanDirectoriesOptions {
+    dir?: string[] | string;
+    recursive?: boolean;
+    cwd: string;
+}
+/**
+ * Resolved directory with root and relative directory.
+ */
+interface ResolvedDirectory {
+    root: string;
+    dir: string;
+}
+/**
+ * Resolve directories to scan from CLI options.
+ *
+ * Defaults:
+ *
+ * - Non-recursive mode: `.github`
+ * - Recursive mode without --dir: `.`.
+ *
+ * @param options - CLI options used to compute scan directories.
+ * @param options.cwd - Current working directory.
+ * @param options.dir - Optional directory flag value(s).
+ * @param options.recursive - Whether recursive mode is enabled.
+ * @returns Unique resolved directories.
+ */
+export declare function resolveScanDirectories(options: ResolveScanDirectoriesOptions): ResolvedDirectory[];
+export {};

package/dist/cli/resolve-scan-directories.js

@@ -0,0 +1,24 @@
+import { GITHUB_DIRECTORY } from "../core/constants.js";
+import { basename, dirname, isAbsolute, relative, resolve } from "node:path";
+function resolveScanDirectories(o) {
+	let { recursive: s, cwd: c, dir: l } = o, u = [];
+	Array.isArray(l) ? u.push(...l) : typeof l == "string" ? u.push(l) : s ? u.push(".") : u.push(GITHUB_DIRECTORY);
+	let d = /* @__PURE__ */ new Set(), f = [];
+	for (let e of u) {
+		let o = resolve(c, e), l = relative(c, o), u = l.startsWith("..") || isAbsolute(l) || resolve(c, l) !== o, p;
+		p = s ? {
+			root: o,
+			dir: "."
+		} : u ? {
+			dir: basename(o),
+			root: dirname(o)
+		} : {
+			dir: l || ".github",
+			root: c
+		};
+		let m = `${p.root}\0${p.dir}`;
+		d.has(m) || (d.add(m), f.push(p));
+	}
+	return f;
+}
+export { resolveScanDirectories };

package/dist/core/api/check-updates.d.ts

@@ -1,3 +1,4 @@
+import { GitHubClient } from '../../types/github-client';
 import { GitHubAction } from '../../types/github-action';
 import { ActionUpdate } from '../../types/action-update';
 /**
@@ -5,9 +6,11 @@ import { ActionUpdate } from '../../types/action-update';
  *
  * @param actions - Array of GitHub Actions to check.
  * @param token - Optional GitHub token for authentication.
- * @param options - Additional options (e.g., include branch refs).
+ * @param options - Additional options (e.g., include branch refs, shared
+ *   client).
  * @returns Array of update information.
  */
 export declare function checkUpdates(actions: GitHubAction[], token?: string, options?: {
     includeBranches?: boolean;
+    client?: GitHubClient;
 }): Promise<ActionUpdate[]>;