actions-up 1.12.1 → 1.13.0

package/dist/cli/build-json-report.d.ts

@@ -0,0 +1,257 @@
+import { ActionUpdate } from '../types/action-update';
+import { ScanResult } from '../types/scan-result';
+import { UpdateMode } from '../types/update-mode';
+/**
+ * High-level status of a JSON report.
+ */
+export type JsonReportStatus = 'updates-available' | 'no-actions-found' | 'nothing-to-check' | 'up-to-date';
+/**
+ * Options used to build a JSON report from the current CLI state.
+ */
+interface BuildJsonReportOptions {
+    /**
+     * Updates excluded by the selected update mode.
+     */
+    blockedByMode: ActionUpdate[];
+    /**
+     * Number of actions that were actually checked after excludes.
+     */
+    actionsToCheckCount: number;
+    /**
+     * Regex patterns supplied through `--exclude`.
+     */
+    excludePatterns: string[];
+    /**
+     * Whether branch references were included in update checks.
+     */
+    includeBranches: boolean;
+    /**
+     * Updates that remain actionable after all filters.
+     */
+    outdated: ActionUpdate[];
+    /**
+     * Final report status.
+     */
+    status: JsonReportStatus;
+    /**
+     * Updates skipped during processing, such as branch references.
+     */
+    skipped: ActionUpdate[];
+    /**
+     * Aggregate scan result for the current run.
+     */
+    scanResult: ScanResult;
+    /**
+     * Directories resolved for scanning.
+     */
+    directories: string[];
+    /**
+     * Whether recursive scanning mode is enabled.
+     */
+    recursive: boolean;
+    /**
+     * Effective update mode for the run.
+     */
+    mode: UpdateMode;
+    /**
+     * Minimum age filter in days.
+     */
+    minAge: number;
+    /**
+     * Working directory used for relative path normalization.
+     */
+    cwd?: string;
+}
+/**
+ * Serialized update entry in the JSON report.
+ */
+interface JsonReportUpdate {
+    /**
+     * Reason why this entry was skipped, if any.
+     */
+    skipReason: ActionUpdate['skipReason'] | null;
+    /**
+     * Processing status for this entry.
+     */
+    status: NonNullable<ActionUpdate['status']>;
+    /**
+     * Version currently used in the workflow or action file.
+     */
+    currentVersion: string | null;
+    /**
+     * Latest version found for this dependency.
+     */
+    latestVersion: string | null;
+    /**
+     * Release publication date in ISO format.
+     */
+    publishedAt: string | null;
+    /**
+     * Original action reference metadata.
+     */
+    action: JsonReportAction;
+    /**
+     * Resolved SHA for the target version.
+     */
+    latestSha: string | null;
+    /**
+     * Whether this update crosses a major version boundary.
+     */
+    isBreaking: boolean;
+    /**
+     * Whether an update is available for this entry.
+     */
+    hasUpdate: boolean;
+}
+/**
+ * Aggregate counts included in the JSON report.
+ */
+interface JsonReportSummary {
+    /**
+     * Number of composite actions discovered during scanning.
+     */
+    totalCompositeActions: number;
+    /**
+     * Number of breaking updates among actionable updates.
+     */
+    totalBreakingUpdates: number;
+    /**
+     * Number of actions checked after excludes.
+     */
+    totalActionsChecked: number;
+    /**
+     * Number of updates filtered out by `--mode`.
+     */
+    totalBlockedByMode: number;
+    /**
+     * Number of workflows discovered during scanning.
+     */
+    totalWorkflows: number;
+    /**
+     * Total number of action references found during scanning.
+     */
+    totalActions: number;
+    /**
+     * Number of skipped entries in the report.
+     */
+    totalSkipped: number;
+    /**
+     * Number of actionable updates in the report.
+     */
+    totalUpdates: number;
+}
+/**
+ * Serialized action reference included in each update entry.
+ */
+interface JsonReportAction {
+    /**
+     * Action reference type detected during scanning.
+     */
+    type: ActionUpdate['action']['type'];
+    /**
+     * Original version or ref from the file, if available.
+     */
+    version: string | null;
+    /**
+     * Relative or absolute file path for the action reference.
+     */
+    file: string | null;
+    /**
+     * Line number of the action reference.
+     */
+    line: number | null;
+    /**
+     * Original `uses` value, if available.
+     */
+    uses: string | null;
+    /**
+     * Workflow job name, when applicable.
+     */
+    job: string | null;
+    /**
+     * Full `owner/repo@ref` string, when available.
+     */
+    ref: string | null;
+    /**
+     * Normalized action name.
+     */
+    name: string;
+}
+/**
+ * Effective CLI options serialized into the report.
+ */
+interface JsonReportOptions {
+    /**
+     * Regex patterns supplied through `--exclude`.
+     */
+    excludePatterns: string[];
+    /**
+     * Whether branch references were checked.
+     */
+    includeBranches: boolean;
+    /**
+     * Resolved scan directories.
+     */
+    directories: string[];
+    /**
+     * Whether recursive scanning mode is enabled.
+     */
+    recursive: boolean;
+    /**
+     * Effective update mode.
+     */
+    mode: UpdateMode;
+    /**
+     * Indicates that JSON mode never applies changes.
+     */
+    reportOnly: true;
+    /**
+     * Minimum age filter in days.
+     */
+    minAge: number;
+    /**
+     * Indicates that this payload came from `--json`.
+     */
+    json: true;
+}
+/**
+ * Top-level machine-readable report emitted by `--json`.
+ */
+interface JsonReport {
+    /**
+     * Entries filtered out by the selected update mode.
+     */
+    blockedByMode: JsonReportUpdate[];
+    /**
+     * Entries skipped during update checks.
+     */
+    skipped: JsonReportUpdate[];
+    /**
+     * Actionable updates after filtering.
+     */
+    updates: JsonReportUpdate[];
+    /**
+     * Effective options that shaped the report.
+     */
+    options: JsonReportOptions;
+    /**
+     * Aggregate counts for the current run.
+     */
+    summary: JsonReportSummary;
+    /**
+     * Overall outcome for the current run.
+     */
+    status: JsonReportStatus;
+    /**
+     * Version of the JSON payload schema.
+     */
+    schemaVersion: 1;
+}
+/**
+ * Build the machine-readable JSON report returned by `--json`.
+ *
+ * @param options - Current CLI state and computed update data.
+ * @returns Serializable JSON payload for stdout.
+ */
+export declare function buildJsonReport(options: BuildJsonReportOptions): JsonReport;
+export {};

package/dist/cli/build-json-report.js

@@ -0,0 +1,64 @@
+import { isAbsolute, relative, resolve } from "node:path";
+function buildJsonReport(e) {
+	let n = resolve(e.cwd ?? process.cwd());
+	return {
+		summary: {
+			totalBreakingUpdates: e.outdated.filter((e) => e.isBreaking).length,
+			totalCompositeActions: e.scanResult.compositeActions.size,
+			totalWorkflows: e.scanResult.workflows.size,
+			totalActionsChecked: e.actionsToCheckCount,
+			totalBlockedByMode: e.blockedByMode.length,
+			totalActions: e.scanResult.actions.length,
+			totalUpdates: e.outdated.length,
+			totalSkipped: e.skipped.length
+		},
+		options: {
+			directories: e.directories.map((e) => serializeDirectoryPath(e, n)),
+			excludePatterns: e.excludePatterns,
+			includeBranches: e.includeBranches,
+			recursive: e.recursive,
+			minAge: e.minAge,
+			mode: e.mode,
+			reportOnly: !0,
+			json: !0
+		},
+		blockedByMode: e.blockedByMode.map((e) => serializeUpdate(e, n)),
+		updates: e.outdated.map((e) => serializeUpdate(e, n)),
+		skipped: e.skipped.map((e) => serializeUpdate(e, n)),
+		status: e.status,
+		schemaVersion: 1
+	};
+}
+function serializeUpdate(e, n) {
+	return {
+		action: {
+			file: serializePath(e.action.file, n),
+			version: e.action.version ?? null,
+			line: e.action.line ?? null,
+			uses: e.action.uses ?? null,
+			job: e.action.job ?? null,
+			ref: e.action.ref ?? null,
+			name: e.action.name,
+			type: e.action.type
+		},
+		publishedAt: e.publishedAt?.toISOString() ?? null,
+		currentVersion: e.currentVersion,
+		skipReason: e.skipReason ?? null,
+		latestVersion: e.latestVersion,
+		isBreaking: e.isBreaking,
+		status: e.status ?? "ok",
+		hasUpdate: e.hasUpdate,
+		latestSha: e.latestSha
+	};
+}
+function serializePath(r, i, a = null) {
+	if (!r) return null;
+	if (!isAbsolute(r)) return r;
+	let o = relative(i, r);
+	return o === "" ? a ?? r : o.startsWith("..") || isAbsolute(o) ? r : o;
+}
+function serializeDirectoryPath(r, i) {
+	let a = relative(i, r);
+	return a === "" ? "." : a.startsWith("..") || isAbsolute(a) ? r : a;
+}
+export { buildJsonReport };

package/dist/cli/index.js

@@ -8,127 +8,186 @@ import { getUpdateLevel } from "../core/versions/get-update-level.js";
 import { applyUpdates } from "../core/ast/update/apply-updates.js";
 import { printSkippedWarning } from "./print-skipped-warning.js";
 import { normalizeUpdateMode } from "./normalize-update-mode.js";
+import { validateCliOptions } from "./validate-cli-options.js";
 import { shouldIgnore } from "../core/ignore/should-ignore.js";
 import { checkUpdates } from "../core/api/check-updates.js";
 import { mergeScanResults } from "./merge-scan-results.js";
 import { printModeWarning } from "./print-mode-warning.js";
 import { scanRecursive } from "../core/scan-recursive.js";
+import { buildJsonReport } from "./build-json-report.js";
 import { scanGitHubActions } from "../core/scan-github-actions.js";
 import "../core/index.js";
 import { version } from "../package.js";
 import { createSpinner } from "nanospinner";
+import { resolve } from "node:path";
 import "node:worker_threads";
 import pc from "picocolors";
 import cac from "cac";
 function run() {
-	let b = cac("actions-up");
-	b.help().version(version).option("--dir <directory>", "Directory to scan (repeatable). Default: .github, or . with --recursive").option("--dry-run", "Preview changes without applying them").option("--exclude <regex>", "Exclude actions by regex (repeatable)").option("--include-branches", "Also check actions pinned to branches (default: false)").option("--min-age <days>", "Minimum age in days for updates (default: 0)", { default: 0 }).option("--mode <mode>", "Update mode: major, minor, or patch (default: major)", { default: "major" }).option("--recursive, -r", "Recursively scan directories for YAML files").option("--yes, -y", "Skip all confirmations").command("", "Update GitHub Actions").action(async (v) => {
-		console.info(pc.cyan("\n🚀 Actions Up!\n"));
-		let y = createSpinner("Scanning GitHub Actions...").start(), b = resolveScanDirectories({
-			recursive: v.recursive,
+	let C = cac("actions-up");
+	C.help().version(version).option("--dir <directory>", "Directory to scan (repeatable). Default: .github, or . with --recursive").option("--dry-run", "Preview changes without applying them").option("--exclude <regex>", "Exclude actions by regex (repeatable)").option("--include-branches", "Also check actions pinned to branches (default: false)").option("--json", "Output update information as machine-readable JSON").option("--min-age <days>", "Minimum age in days for updates (default: 0)", { default: 0 }).option("--mode <mode>", "Update mode: major, minor, or patch (default: major)", { default: "major" }).option("--recursive, -r", "Recursively scan directories for YAML files").option("--yes, -y", "Skip all confirmations").command("", "Update GitHub Actions").action(async (b) => {
+		let S = b.json ?? !1, C = null, w = resolveScanDirectories({
+			recursive: b.recursive,
 			cwd: process.cwd(),
-			dir: v.dir
-		});
+			dir: b.dir
+		}), T = w.map(({ root: e, dir: f }) => resolve(e, f)), E = b.includeBranches ?? !1, D = normalizeUpdateMode(b.mode), O = [];
+		Array.isArray(b.exclude) ? O.push(...b.exclude) : typeof b.exclude == "string" && O.push(b.exclude);
+		let k = O.flatMap((e) => e.split(",")).map((e) => e.trim()).filter(Boolean);
 		try {
-			let m = mergeScanResults(v.recursive ? await Promise.all(b.map(({ root: t, dir: u }) => scanRecursive(t, u))) : await Promise.all(b.map(({ root: t, dir: u }) => scanGitHubActions(t, u)))), x = m.actions.length, S = m.workflows.size, C = m.compositeActions.size;
-			if (y.success(`Found ${pc.yellow(x)} actions in ${pc.yellow(S)} workflows and ${pc.yellow(C)} composite actions`), x === 0) {
+			validateCliOptions({
+				yes: b.yes,
+				json: S
+			}), S || (console.info(pc.cyan("\n🚀 Actions Up!\n")), C = createSpinner("Scanning GitHub Actions...").start());
+			function g({ actionsToCheckCount: e, blockedByMode: f = [], outdated: p = [], skipped: m = [], scanResult: h, status: g }) {
+				process.stdout.write(`${JSON.stringify(buildJsonReport({
+					recursive: b.recursive ?? !1,
+					excludePatterns: k,
+					directories: T,
+					minAge: b.minAge,
+					actionsToCheckCount: e,
+					includeBranches: E,
+					blockedByMode: f,
+					scanResult: h,
+					outdated: p,
+					skipped: m,
+					status: g,
+					mode: D
+				}), null, 2)}\n`);
+			}
+			let y = mergeScanResults(b.recursive ? await Promise.all(w.map(({ root: e, dir: f }) => scanRecursive(e, f))) : await Promise.all(w.map(({ root: e, dir: f }) => scanGitHubActions(e, f)))), x = y.actions.length, O = y.workflows.size, A = y.compositeActions.size;
+			if (C?.success(`Found ${pc.yellow(x)} actions in ${pc.yellow(O)} workflows and ${pc.yellow(A)} composite actions`), x === 0) {
+				if (S) {
+					g({
+						status: "no-actions-found",
+						actionsToCheckCount: 0,
+						scanResult: y
+					});
+					return;
+				}
 				console.info(pc.green("\n✨ No GitHub Actions found in this repository"));
 				return;
 			}
-			let w = m.actions, T = [];
-			Array.isArray(v.exclude) ? T.push(...v.exclude) : typeof v.exclude == "string" && T.push(v.exclude);
-			let E = T.flatMap((t) => t.split(",")).map((t) => t.trim()).filter(Boolean);
-			if (E.length > 0) {
-				let { parseExcludePatterns: t } = await import("../core/filters/parse-exclude-patterns.js"), u = t(E);
-				u.length > 0 && (w = w.filter((t) => {
-					let { name: d } = t;
-					for (let t of u) if (t.test(d)) return !1;
+			let j = y.actions;
+			if (k.length > 0) {
+				let { parseExcludePatterns: e } = await import("../core/filters/parse-exclude-patterns.js"), f = e(k);
+				f.length > 0 && (j = j.filter((e) => {
+					let { name: p } = e;
+					for (let e of f) if (e.test(p)) return !1;
 					return !0;
 				}));
 			}
-			if (y = createSpinner("Checking for updates...").start(), w.length === 0) {
-				y.success("No actions to check after excludes"), console.info(pc.green("\n✨ Nothing to check after excludes\n"));
+			if (S || (C = createSpinner("Checking for updates...").start()), j.length === 0) {
+				if (C?.success("No actions to check after excludes"), S) {
+					g({
+						status: "nothing-to-check",
+						actionsToCheckCount: 0,
+						scanResult: y
+					});
+					return;
+				}
+				console.info(pc.green("\n✨ Nothing to check after excludes\n"));
 				return;
 			}
-			let D = process.env.GITHUB_TOKEN, O = createGitHubClient(D), k = v.includeBranches ?? !1, A = await checkUpdates(w, D, {
-				client: O,
-				includeBranches: k
-			}), j = [];
-			await Promise.all(A.map(async (t) => {
-				await shouldIgnore(t.action.file, t.action.line) || j.push(t);
+			let M = process.env.GITHUB_TOKEN, N = createGitHubClient(M), P = await checkUpdates(j, M, {
+				client: N,
+				includeBranches: E
+			}), F = [];
+			await Promise.all(P.map(async (e) => {
+				await shouldIgnore(e.action.file, e.action.line) || F.push(e);
 			}));
-			let M = j.filter((t) => t.status === "skipped"), N = j.filter((t) => t.hasUpdate), P = v.minAge * 24 * 60 * 60 * 1e3, F = Date.now();
-			N = N.filter((t) => t.publishedAt ? F - t.publishedAt.getTime() >= P : !0);
-			let I = normalizeUpdateMode(v.mode), L = [];
-			if (I !== "major") {
-				let d = /* @__PURE__ */ new Map(), p = /* @__PURE__ */ new Map(), m = /* @__PURE__ */ new Map(), h = await Promise.all(N.map(async (d) => {
-					let f = d.currentVersion;
-					if (isSha(d.currentVersion)) {
-						let u = await readInlineVersionComment(d.action.file, d.action.line, m);
-						u && (f = u);
+			let I = F.filter((e) => e.status === "skipped"), L = F.filter((e) => e.hasUpdate), R = b.minAge * 24 * 60 * 60 * 1e3, z = Date.now();
+			L = L.filter((e) => e.publishedAt ? z - e.publishedAt.getTime() >= R : !0);
+			let B = [];
+			if (D !== "major") {
+				let p = /* @__PURE__ */ new Map(), h = /* @__PURE__ */ new Map(), g = /* @__PURE__ */ new Map(), _ = await Promise.all(L.map(async (p) => {
+					let m = p.currentVersion;
+					if (isSha(p.currentVersion)) {
+						let f = await readInlineVersionComment(p.action.file, p.action.line, g);
+						f && (m = f);
 					}
-					let p = getUpdateLevel(f, d.latestVersion);
+					let h = getUpdateLevel(m, p.latestVersion);
 					return {
-						effectiveCurrentVersion: f,
-						allowed: I === "minor" ? p === "minor" || p === "patch" || p === "none" : p === "patch" || p === "none",
-						update: d
+						effectiveCurrentVersion: m,
+						allowed: D === "minor" ? h === "minor" || h === "patch" || h === "none" : h === "patch" || h === "none",
+						update: p
 					};
-				})), g = [], _ = await Promise.all(h.map(async (t) => {
-					if (t.allowed) return { update: t.update };
-					let u = await getCompatibleUpdate(O, {
-						currentVersion: t.effectiveCurrentVersion,
-						actionName: t.update.action.name,
-						tagsCache: d,
-						shaCache: p,
-						mode: I
+				})), v = [], y = await Promise.all(_.map(async (e) => {
+					if (e.allowed) return { update: e.update };
+					let f = await getCompatibleUpdate(N, {
+						currentVersion: e.effectiveCurrentVersion,
+						actionName: e.update.action.name,
+						tagsCache: p,
+						shaCache: h,
+						mode: D
 					});
-					return u ? { update: {
-						...t.update,
-						latestVersion: u.version,
-						latestSha: u.sha,
+					return f ? { update: {
+						...e.update,
+						latestVersion: f.version,
+						latestSha: f.sha,
 						isBreaking: !1,
 						hasUpdate: !0
-					} } : { blocked: t.update };
+					} } : { blocked: e.update };
 				}));
-				for (let t of _) {
-					if (t.update) {
-						g.push(t.update);
+				for (let e of y) {
+					if (e.update) {
+						v.push(e.update);
 						continue;
 					}
-					L.push(t.blocked);
+					B.push(e.blocked);
+				}
+				L = v;
+			}
+			let V = L.filter((e) => e.isBreaking);
+			if (L.length === 0) {
+				if (C?.success("All actions are up to date!"), S) {
+					g({
+						actionsToCheckCount: j.length,
+						status: "up-to-date",
+						blockedByMode: B,
+						scanResult: y,
+						skipped: I
+					});
+					return;
 				}
-				N = g;
+				I.length > 0 && printSkippedWarning(I, E), B.length > 0 && printModeWarning(B, D), console.info(pc.green("\n✨ Everything is already at the latest version!\n"));
+				return;
 			}
-			let R = N.filter((t) => t.isBreaking);
-			if (N.length === 0) {
-				y.success("All actions are up to date!"), M.length > 0 && printSkippedWarning(M, k), L.length > 0 && printModeWarning(L, I), console.info(pc.green("\n✨ Everything is already at the latest version!\n"));
+			if (C?.success(`Found ${pc.yellow(L.length)} updates available${V.length > 0 ? ` (${pc.redBright(V.length)} breaking)` : ""}`), S) {
+				g({
+					actionsToCheckCount: j.length,
+					status: "updates-available",
+					blockedByMode: B,
+					scanResult: y,
+					outdated: L,
+					skipped: I
+				});
 				return;
 			}
-			if (y.success(`Found ${pc.yellow(N.length)} updates available${R.length > 0 ? ` (${pc.redBright(R.length)} breaking)` : ""}`), M.length > 0 && printSkippedWarning(M, k), L.length > 0 && printModeWarning(L, I), v.dryRun) {
+			if (I.length > 0 && printSkippedWarning(I, E), B.length > 0 && printModeWarning(B, D), b.dryRun) {
 				console.info(pc.yellow("\n📋 Dry Run - No changes will be made\n"));
-				for (let t of N) console.info(`${pc.cyan(t.action.file ?? "unknown")}:\n${t.action.name}: ${pc.redBright(t.currentVersion)} → ${pc.green(t.latestVersion)} ${t.latestSha ? pc.gray(`(${t.latestSha.slice(0, 7)})`) : ""}\n`);
-				console.info(pc.gray(`\n${N.length} actions would be updated\n`));
+				for (let e of L) console.info(`${pc.cyan(e.action.file ?? "unknown")}:\n${e.action.name}: ${pc.redBright(e.currentVersion)} → ${pc.green(e.latestVersion)} ${e.latestSha ? pc.gray(`(${e.latestSha.slice(0, 7)})`) : ""}\n`);
+				console.info(pc.gray(`\n${L.length} actions would be updated\n`));
 				return;
 			}
-			if (v.yes) {
-				let t = N.filter((t) => t.latestSha);
-				if (t.length === 0) {
+			if (b.yes) {
+				let e = L.filter((e) => e.latestSha);
+				if (e.length === 0) {
 					console.info(pc.yellow("\n⚠️ No actions with SHA available for update\n"));
 					return;
 				}
-				console.info(pc.yellow(`\n🔄 Updating ${t.length} actions...\n`)), await applyUpdates(t), console.info(pc.green("\n✓ Updates applied successfully!"));
+				console.info(pc.yellow(`\n🔄 Updating ${e.length} actions...\n`)), await applyUpdates(e), console.info(pc.green("\n✓ Updates applied successfully!"));
 			} else {
-				(M.length > 0 || L.length > 0) && console.info("");
-				let t = await promptUpdateSelection(N, { showAge: v.minAge > 0 });
-				if (!t || t.length === 0) {
+				(I.length > 0 || B.length > 0) && console.info("");
+				let e = await promptUpdateSelection(L, { showAge: b.minAge > 0 });
+				if (!e || e.length === 0) {
 					console.info(pc.gray("\nNo updates applied"));
 					return;
 				}
-				console.info(pc.yellow(`\n🔄 Updating ${t.length} selected actions...\n`)), await applyUpdates(t), console.info(pc.green("\n✓ Updates applied successfully!"));
+				console.info(pc.yellow(`\n🔄 Updating ${e.length} selected actions...\n`)), await applyUpdates(e), console.info(pc.green("\n✓ Updates applied successfully!"));
 			}
-		} catch (t) {
-			y.error("Failed"), t instanceof Error && t.name === "GitHubRateLimitError" ? (console.error(pc.yellow("\n⚠️ Rate Limit Exceeded\n")), console.error(t.message), console.error(pc.gray("\nExample: GITHUB_TOKEN=ghp_xxxx actions-up\n"))) : console.error(pc.redBright("\nError:"), t instanceof Error ? t.message : String(t)), process.exit(1);
+		} catch (e) {
+			C?.error("Failed"), e instanceof Error && e.name === "GitHubRateLimitError" ? (console.error(pc.yellow("\n⚠️ Rate Limit Exceeded\n")), console.error(e.message), console.error(pc.gray("\nExample: GITHUB_TOKEN=ghp_xxxx actions-up\n"))) : console.error(pc.redBright("\nError:"), e instanceof Error ? e.message : String(e)), process.exit(1);
 		}
-	}), b.parse();
+	}), C.parse();
 }
 export { run };

package/dist/cli/validate-cli-options.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Minimal subset of CLI flags that require cross-option validation.
+ */
+interface ValidateCliOptionsInput {
+    /**
+     * Whether JSON report mode is enabled.
+     */
+    json?: boolean;
+    /**
+     * Whether auto-apply mode is enabled.
+     */
+    yes?: boolean;
+}
+/**
+ * Validate combinations of CLI flags before running the pipeline.
+ *
+ * @param options - Parsed CLI flags relevant to cross-option validation.
+ */
+export declare function validateCliOptions(options: ValidateCliOptionsInput): void;
+export {};

package/dist/cli/validate-cli-options.js

@@ -0,0 +1,4 @@
+function validateCliOptions(e) {
+	if (e.json && e.yes) throw Error("--json cannot be used with --yes");
+}
+export { validateCliOptions };

package/dist/core/fs/find-yaml-files-recursive.js

@@ -1,6 +1,6 @@
 import { isYamlFile } from "./is-yaml-file.js";
-import { lstat, readdir } from "node:fs/promises";
 import { join } from "node:path";
+import { lstat, readdir } from "node:fs/promises";
 async function findYamlFilesRecursive(i) {
 	let a = [], o = /* @__PURE__ */ new Set();
 	async function s(i) {

package/dist/core/interactive/prompt-update-selection.js

@@ -4,10 +4,10 @@ import { GITHUB_DIRECTORY } from "../constants.js";
 import { isSha } from "../versions/is-sha.js";
 import { stripAnsi } from "./strip-ansi.js";
 import { padString } from "./pad-string.js";
+import path from "node:path";
 import "node:worker_threads";
 import pc from "picocolors";
 import enquirer from "enquirer";
-import path from "node:path";
 var MIN_ACTION_WIDTH = 40, MIN_JOB_WIDTH = 4, MIN_CURRENT_WIDTH = 16, MAX_VERSION_WIDTH = 7;
 async function promptUpdateSelection(g, v = {}) {
 	let { showAge: y = !1 } = v;
@@ -41,8 +41,8 @@ async function promptUpdateSelection(g, v = {}) {
 		};
 	})), C = [], w = stripAnsi("Action").length, T = stripAnsi("Current").length, E = stripAnsi("Job").length, D = 0, O = !1;
 	for (let [t, a] of b.entries()) {
-		let o = a.action.name, u = S[t], d = u.display, f = a.action.job ?? "–";
-		if (w = Math.max(w, o.length), T = Math.max(T, stripAnsi(d).length, u.versionForPadding && u.shortSha ? stripAnsi(`${padString(u.versionForPadding, D + 1)}${pc.gray(`(${u.shortSha})`)}`).length : 0), E = Math.max(E, f.length), a.latestVersion) {
+		let o = a.action.name, l = S[t], d = l.display, f = a.action.job ?? "–";
+		if (w = Math.max(w, o.length), T = Math.max(T, stripAnsi(d).length, l.versionForPadding && l.shortSha ? stripAnsi(`${padString(l.versionForPadding, D + 1)}${pc.gray(`(${l.shortSha})`)}`).length : 0), E = Math.max(E, f.length), a.latestVersion) {
 			let o = formatVersion(a.latestVersion, S[t]?.effectiveForDiff ?? a.currentVersion);
 			D = Math.max(D, stripAnsi(o).length);
 		}
@@ -56,7 +56,7 @@ async function promptUpdateSelection(g, v = {}) {
 			console.warn(`Unexpected missing group for file: ${a}`);
 			continue;
 		}
-		let s = [], u = o;
+		let s = [], l = o;
 		s.push({
 			current: "Current",
 			action: "Action",
@@ -65,10 +65,10 @@ async function promptUpdateSelection(g, v = {}) {
 			job: "Job",
 			age: "Age"
 		});
-		for (let { update: t, index: a } of u) {
-			let o = !!t.latestSha, u = S[a], d = u.display;
-			u.versionForPadding && u.shortSha && (d = `${padString(u.versionForPadding, M + 1)}${pc.gray(`(${u.shortSha})`)}`);
-			let f = u.effectiveForDiff ?? t.currentVersion, p = formatVersion(t.latestVersion, f), m = t.action.name;
+		for (let { update: t, index: a } of l) {
+			let o = !!t.latestSha, l = S[a], d = l.display;
+			l.versionForPadding && l.shortSha && (d = `${padString(l.versionForPadding, M + 1)}${pc.gray(`(${l.shortSha})`)}`);
+			let f = l.effectiveForDiff ?? t.currentVersion, p = formatVersion(t.latestVersion, f), m = t.action.name;
 			if (t.latestSha) {
 				let i = t.latestSha.slice(0, 7);
 				p = `${padString(p, M + 1)}${pc.gray(`(${i})`)}`;
@@ -101,7 +101,7 @@ async function promptUpdateSelection(g, v = {}) {
 				name: ""
 			});
 			else {
-				let { update: i, index: a } = u[t - 1], s = !!i.latestSha, c = s && !i.isBreaking;
+				let { update: i, index: a } = l[t - 1], s = !!i.latestSha, c = s && !i.isBreaking;
 				_.push({
 					message: o,
 					value: String(a),

package/dist/core/scan-github-actions.js

@@ -2,17 +2,17 @@ import { ACTIONS_DIRECTORY, GITHUB_DIRECTORY, WORKFLOWS_DIRECTORY } from "./cons
 import { isYamlFile } from "./fs/is-yaml-file.js";
 import { scanWorkflowFile } from "./scan-workflow-file.js";
 import { scanActionFile } from "./scan-action-file.js";
-import { readFile, readdir, stat } from "node:fs/promises";
 import { isAbsolute, join, relative, resolve } from "node:path";
-async function scanGitHubActions(d = process.cwd(), m = GITHUB_DIRECTORY) {
+import { readFile, readdir, stat } from "node:fs/promises";
+async function scanGitHubActions(p = process.cwd(), m = GITHUB_DIRECTORY) {
 	let h = {
 		compositeActions: /* @__PURE__ */ new Map(),
 		workflows: /* @__PURE__ */ new Map(),
 		actions: []
-	}, g = resolve(d);
-	function _(e, o) {
-		let s = relative(e, o);
-		return s !== "" && !s.startsWith("..") && !isAbsolute(s);
+	}, g = resolve(p);
+	function _(e, a) {
+		let o = relative(e, a);
+		return o !== "" && !o.startsWith("..") && !isAbsolute(o);
 	}
 	let v = join(g, m);
 	function y(e) {
@@ -20,8 +20,8 @@ async function scanGitHubActions(d = process.cwd(), m = GITHUB_DIRECTORY) {
 	}
 	async function b(e) {
 		try {
-			let o = await stat(e);
-			return typeof o.isFile == "function" ? o.isFile() : !1;
+			let a = await stat(e);
+			return typeof a.isFile == "function" ? a.isFile() : !1;
 		} catch {
 			return !1;
 		}
@@ -30,13 +30,13 @@ async function scanGitHubActions(d = process.cwd(), m = GITHUB_DIRECTORY) {
 	try {
 		if ((await stat(x)).isDirectory()) {
 			let e = (await readdir(x)).filter((e) => y(e) ? isYamlFile(e) : !1).map(async (e) => {
-				let o = join(x, e);
+				let a = join(x, e);
 				try {
-					let c = await scanWorkflowFile(o);
+					let s = await scanWorkflowFile(a);
 					return {
 						path: `${m}/${WORKFLOWS_DIRECTORY}/${e}`,
 						success: !0,
-						actions: c
+						actions: s
 					};
 				} catch {
 					return {
@@ -45,111 +45,111 @@ async function scanGitHubActions(d = process.cwd(), m = GITHUB_DIRECTORY) {
 						actions: []
 					};
 				}
-			}), o = await Promise.all(e);
-			for (let e of o) e.success && e.path && (e.actions.length > 0 ? (h.workflows.set(e.path, e.actions), h.actions.push(...e.actions)) : h.workflows.set(e.path, []));
+			}), a = await Promise.all(e);
+			for (let e of a) e.success && e.path && (e.actions.length > 0 ? (h.workflows.set(e.path, e.actions), h.actions.push(...e.actions)) : h.workflows.set(e.path, []));
 		}
 	} catch {}
 	try {
-		let e = join(g, "action.yml"), o = join(g, "action.yaml"), s = null, c = [];
+		let e = join(g, "action.yml"), a = join(g, "action.yaml"), o = null, s = [];
 		if (await b(e)) try {
-			c = await scanActionFile(e), s = e;
+			s = await scanActionFile(e), o = e;
 		} catch {
-			s = null;
+			o = null;
 		}
-		if (!s && await b(o)) try {
-			c = await scanActionFile(o), s = o;
+		if (!o && await b(a)) try {
+			s = await scanActionFile(a), o = a;
 		} catch {
-			s = null;
+			o = null;
 		}
-		if (s) {
-			let e = relative(g, s);
-			h.compositeActions.set(e, e), c.length > 0 && h.actions.push(...c);
+		if (o) {
+			let e = relative(g, o);
+			h.compositeActions.set(e, e), s.length > 0 && h.actions.push(...s);
 		}
 	} catch {}
 	let S = join(v, ACTIONS_DIRECTORY);
 	try {
 		if ((await stat(S)).isDirectory()) {
-			let o = (await readdir(S)).map(async (o) => {
-				if (!y(o)) return null;
-				let s = join(S, o);
+			let a = (await readdir(S)).map(async (a) => {
+				if (!y(a)) return null;
+				let o = join(S, a);
 				try {
-					if (!(await stat(s)).isDirectory()) return null;
-					let c = join(s, "action.yml"), l = [];
+					if (!(await stat(o)).isDirectory()) return null;
+					let s = join(o, "action.yml"), c = [];
 					try {
-						l = await scanActionFile(c);
+						c = await scanActionFile(s);
 					} catch {
 						try {
-							c = join(s, "action.yaml"), l = await scanActionFile(c);
+							s = join(o, "action.yaml"), c = await scanActionFile(s);
 						} catch {
 							return null;
 						}
 					}
 					return {
-						path: `${m}/${ACTIONS_DIRECTORY}/${o}`,
-						name: o,
-						actions: l
+						path: `${m}/${ACTIONS_DIRECTORY}/${a}`,
+						name: a,
+						actions: c
 					};
 				} catch {
 					return null;
 				}
-			}), s = await Promise.all(o);
-			for (let e of s) e && (h.compositeActions.set(e.name, e.path), h.actions.push(...e.actions));
+			}), o = await Promise.all(a);
+			for (let e of o) e && (h.compositeActions.set(e.name, e.path), h.actions.push(...e.actions));
 		}
 	} catch {}
 	try {
 		let e = await getCurrentRepoSlug(g);
 		if (e) {
 			if (process.env.ACTIONS_UP_TEST_THROW === "1") throw Error("test");
-			let o = /* @__PURE__ */ new Set(), s = [];
-			for (let c of h.actions) {
-				if (c.type !== "external") continue;
-				let l = c.name.split("/");
-				if (l.length < 3 || `${l[0]}/${l[1]}` !== e) continue;
-				let u = join(g, ...l.slice(2));
-				_(g, u) && (o.has(u) || (o.add(u), s.push(u)));
+			let a = /* @__PURE__ */ new Set(), o = [];
+			for (let s of h.actions) {
+				if (s.type !== "external") continue;
+				let c = s.name.split("/");
+				if (c.length < 3 || `${c[0]}/${c[1]}` !== e) continue;
+				let l = join(g, ...c.slice(2));
+				_(g, l) && (a.has(l) || (a.add(l), o.push(l)));
 			}
-			async function c() {
-				if (s.length === 0) return;
-				let l = s.splice(0), d = await Promise.all(l.map(async (s) => {
+			async function s() {
+				if (o.length === 0) return;
+				let c = o.splice(0), u = await Promise.all(c.map(async (o) => {
 					try {
-						let c = join(s, "action.yml"), l = join(s, "action.yaml"), d = c;
+						let s = join(o, "action.yml"), c = join(o, "action.yaml"), u = s;
 						try {
-							if (!(await stat(c)).isFile()) throw Error("not a file");
+							if (!(await stat(s)).isFile()) throw Error("not a file");
 						} catch {
-							if (!(await stat(l)).isFile()) throw Error("not a file");
-							d = l;
+							if (!(await stat(c)).isFile()) throw Error("not a file");
+							u = c;
 						}
-						let f = await scanActionFile(d);
-						f.length > 0 && h.actions.push(...f);
-						let p = [];
-						for (let s of f) {
-							if (s.type !== "external") continue;
-							let c = s.name.split("/");
-							if (c.length < 3 || `${c[0]}/${c[1]}` !== e) continue;
-							let l = join(g, ...c.slice(2));
-							_(g, l) && (o.has(l) || (o.add(l), p.push(l)));
+						let d = await scanActionFile(u);
+						d.length > 0 && h.actions.push(...d);
+						let f = [];
+						for (let o of d) {
+							if (o.type !== "external") continue;
+							let s = o.name.split("/");
+							if (s.length < 3 || `${s[0]}/${s[1]}` !== e) continue;
+							let c = join(g, ...s.slice(2));
+							_(g, c) && (a.has(c) || (a.add(c), f.push(c)));
 						}
-						return p;
+						return f;
 					} catch {
 						return [];
 					}
 				}));
-				for (let e of d) for (let o of e) s.push(o);
-				await c();
+				for (let e of u) for (let a of e) o.push(a);
+				await s();
 			}
-			await c();
+			await s();
 		}
 	} catch {}
 	return h;
 }
 async function getCurrentRepoSlug(e) {
-	let o = process.env.GITHUB_REPOSITORY;
-	if (o && /^[^\s/]+\/[^\s/]+$/u.test(o)) return o;
+	let a = process.env.GITHUB_REPOSITORY;
+	if (a && /^[^\s/]+\/[^\s/]+$/u.test(a)) return a;
 	try {
-		let o = await readFile(join(e, ".git", "config"), "utf8"), s = o.match(/\[remote "origin"\][\s\S]*?url\s*=\s*(?<url>.+)/u)?.groups?.url?.trim();
-		if (s ||= o.match(/url\s*=\s*(?<url>.+)/u)?.groups?.url?.trim(), !s) return null;
-		let c = s.match(/github\.com[/:](?<owner>[^/]+)\/(?<repo>[^./]+)(?:\.git)?$/u);
-		if (c?.groups) return `${c.groups.owner}/${c.groups.repo}`;
+		let a = await readFile(join(e, ".git", "config"), "utf8"), o = a.match(/\[remote "origin"\][\s\S]*?url\s*=\s*(?<url>.+)/u)?.groups?.url?.trim();
+		if (o ||= a.match(/url\s*=\s*(?<url>.+)/u)?.groups?.url?.trim(), !o) return null;
+		let s = o.match(/github\.com[/:](?<owner>[^/]+)\/(?<repo>[^./]+)(?:\.git)?$/u);
+		if (s?.groups) return `${s.groups.owner}/${s.groups.repo}`;
 	} catch {}
 	return null;
 }

package/dist/package.js

@@ -1,2 +1,2 @@
-const version = "1.12.1";
+const version = "1.13.0";
 export { version };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "actions-up",
-  "version": "1.12.1",
+  "version": "1.13.0",
   "description": "Interactive CLI tool to update GitHub Actions to latest versions with SHA pinning",
   "keywords": [
     "github-actions",

package/readme.md

@@ -144,6 +144,17 @@ Check for updates without making any changes:
 npx actions-up --dry-run
 ```
 
+### JSON Mode
+
+Output a machine-readable JSON report instead of the interactive UI:
+
+```bash
+npx actions-up --json
+```
+
+`--json` is report-only: it never writes files, skips the interactive prompt,
+and cannot be combined with `--yes`.
+
 ### Custom Directory
 
 By default, Actions Up scans `.github`.
@@ -235,69 +246,53 @@ jobs:
           echo "## GitHub Actions Update Check" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
 
-          # Initialize variables
-          HAS_UPDATES=false
-          UPDATE_COUNT=0
-
-          # Run actions-up and capture output
+          # Run actions-up and capture machine-readable output
           echo "Running actions-up to check for updates..."
-          actions-up --dry-run > actions-up-raw.txt 2>&1
+          actions-up --json > actions-up-report.json
 
-          # Parse the output to detect updates
-          if grep -q "→" actions-up-raw.txt; then
-            HAS_UPDATES=true
-            # Count the number of updates (lines with arrows)
-            UPDATE_COUNT=$(grep -c "→" actions-up-raw.txt || echo "0")
-          fi
+          UPDATE_COUNT=$(node -pe "JSON.parse(require('node:fs').readFileSync('actions-up-report.json', 'utf8')).summary.totalUpdates")
 
           # Create formatted output
-          if [ "$HAS_UPDATES" = true ]; then
+          if [ "$UPDATE_COUNT" -gt 0 ]; then
             echo "Found $UPDATE_COUNT GitHub Actions with available updates" >> $GITHUB_STEP_SUMMARY
             echo "" >> $GITHUB_STEP_SUMMARY
             echo "<details>" >> $GITHUB_STEP_SUMMARY
-            echo "<summary>Click to see details</summary>" >> $GITHUB_STEP_SUMMARY
+            echo "<summary>Click to see JSON report</summary>" >> $GITHUB_STEP_SUMMARY
             echo "" >> $GITHUB_STEP_SUMMARY
-            echo '```' >> $GITHUB_STEP_SUMMARY
-            cat actions-up-raw.txt >> $GITHUB_STEP_SUMMARY
+            echo '```json' >> $GITHUB_STEP_SUMMARY
+            cat actions-up-report.json >> $GITHUB_STEP_SUMMARY
             echo '```' >> $GITHUB_STEP_SUMMARY
             echo "</details>" >> $GITHUB_STEP_SUMMARY
 
             # Create detailed markdown report with better formatting
-            {
-              echo "## GitHub Actions Update Report"
-              echo ""
+            node --input-type=module <<'EOF'
+            import { readFileSync, writeFileSync } from 'node:fs'
+
+            let report = JSON.parse(readFileSync('actions-up-report.json', 'utf8'))
+            let lines = [
+              '## GitHub Actions Update Report',
+              '',
+              '### Summary',
+              `- **Updates available:** ${report.summary.totalUpdates}`,
+              '',
+              '### Updates',
+              '',
+            ]
+
+            for (let update of report.updates) {
+              let file = update.action.file ?? 'unknown'
+              let currentVersion = update.currentVersion ?? 'unknown'
+              let latestVersion = update.latestVersion ?? 'unknown'
+              lines.push(
+                `- \`${update.action.name}\` in \`${file}\`: \`${currentVersion}\` → \`${latestVersion}\``,
+              )
+            }
 
-              echo "### Summary"
-              echo "- **Updates available:** $UPDATE_COUNT"
-              echo ""
+            lines.push('')
+            lines.push('Run `npx actions-up` locally to review and apply updates.')
 
-              # See the raw output above for details.
-              echo "### How to Update"
-              echo ""
-              echo "Choose from several ways to update these actions:"
-              echo ""
-              echo "#### Option 1: Automatic Update (Recommended)"
-              echo '```bash'
-              echo "# Run this command locally in your repository"
-              echo "npx actions-up"
-              echo '```'
-              echo ""
-              echo "#### Option 2: Manual Update"
-              echo "1. Review each update in the table above"
-              echo "2. For breaking changes, click the Release Notes link to review changes"
-              echo "3. Edit the workflows and update the version numbers"
-              echo "4. Test the changes in your CI/CD pipeline"
-              echo ""
-              echo "---"
-              echo ""
-              echo "<details>"
-              echo "<summary>Raw actions-up output</summary>"
-              echo ""
-              echo '```'
-              cat actions-up-raw.txt
-              echo '```'
-              echo "</details>"
-            } > actions-up-report.md
+            writeFileSync('actions-up-report.md', lines.join('\n'))
+            EOF
 
             echo "has-updates=true" >> $GITHUB_OUTPUT
             echo "update-count=$UPDATE_COUNT" >> $GITHUB_OUTPUT
@@ -470,7 +465,7 @@ Or in GitHub Actions:
 - name: Check for updates
   env:
     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  run: npx actions-up --dry-run
+  run: npx actions-up --json
 ```
 
 ### Skipping Updates