actions-up 1.12.1 → 1.14.0

package/dist/cli/build-json-report.d.ts

@@ -0,0 +1,278 @@
+import { ActionUpdate } from '../types/action-update';
+import { UpdateStyle } from '../types/update-style';
+import { ScanResult } from '../types/scan-result';
+import { UpdateMode } from '../types/update-mode';
+/**
+ * High-level status of a JSON report.
+ */
+export type JsonReportStatus = 'updates-available' | 'no-actions-found' | 'nothing-to-check' | 'up-to-date';
+/**
+ * Options used to build a JSON report from the current CLI state.
+ */
+interface BuildJsonReportOptions {
+    /**
+     * Updates excluded by the selected update mode.
+     */
+    blockedByMode: ActionUpdate[];
+    /**
+     * Number of actions that were actually checked after excludes.
+     */
+    actionsToCheckCount: number;
+    /**
+     * Regex patterns supplied through `--exclude`.
+     */
+    excludePatterns: string[];
+    /**
+     * Whether branch references were included in update checks.
+     */
+    includeBranches: boolean;
+    /**
+     * Updates that remain actionable after all filters.
+     */
+    outdated: ActionUpdate[];
+    /**
+     * Final report status.
+     */
+    status: JsonReportStatus;
+    /**
+     * Updates skipped during processing, such as branch references.
+     */
+    skipped: ActionUpdate[];
+    /**
+     * Aggregate scan result for the current run.
+     */
+    scanResult: ScanResult;
+    /**
+     * Directories resolved for scanning.
+     */
+    directories: string[];
+    /**
+     * Whether recursive scanning mode is enabled.
+     */
+    recursive: boolean;
+    /**
+     * Effective update style for the run.
+     */
+    style: UpdateStyle;
+    /**
+     * Effective update mode for the run.
+     */
+    mode: UpdateMode;
+    /**
+     * Minimum age filter in days.
+     */
+    minAge: number;
+    /**
+     * Working directory used for relative path normalization.
+     */
+    cwd?: string;
+}
+/**
+ * Serialized update entry in the JSON report.
+ */
+interface JsonReportUpdate {
+    /**
+     * Style of the final reference.
+     */
+    targetRefStyle: NonNullable<ActionUpdate['targetRefStyle']> | null;
+    /**
+     * Detected style of the current reference in the source file.
+     */
+    currentRefType: ActionUpdate['currentRefType'] | null;
+    /**
+     * Reason why this entry was skipped, if any.
+     */
+    skipReason: ActionUpdate['skipReason'] | null;
+    /**
+     * Processing status for this entry.
+     */
+    status: NonNullable<ActionUpdate['status']>;
+    /**
+     * Version currently used in the workflow or action file.
+     */
+    currentVersion: string | null;
+    /**
+     * Latest version found for this dependency.
+     */
+    latestVersion: string | null;
+    /**
+     * Release publication date in ISO format.
+     */
+    publishedAt: string | null;
+    /**
+     * Original action reference metadata.
+     */
+    action: JsonReportAction;
+    /**
+     * Resolved SHA for the target version.
+     */
+    latestSha: string | null;
+    /**
+     * Final reference that would be written back to the file.
+     */
+    targetRef: string | null;
+    /**
+     * Whether this update crosses a major version boundary.
+     */
+    isBreaking: boolean;
+    /**
+     * Whether an update is available for this entry.
+     */
+    hasUpdate: boolean;
+}
+/**
+ * Aggregate counts included in the JSON report.
+ */
+interface JsonReportSummary {
+    /**
+     * Number of composite actions discovered during scanning.
+     */
+    totalCompositeActions: number;
+    /**
+     * Number of breaking updates among actionable updates.
+     */
+    totalBreakingUpdates: number;
+    /**
+     * Number of actions checked after excludes.
+     */
+    totalActionsChecked: number;
+    /**
+     * Number of updates filtered out by `--mode`.
+     */
+    totalBlockedByMode: number;
+    /**
+     * Number of workflows discovered during scanning.
+     */
+    totalWorkflows: number;
+    /**
+     * Total number of action references found during scanning.
+     */
+    totalActions: number;
+    /**
+     * Number of skipped entries in the report.
+     */
+    totalSkipped: number;
+    /**
+     * Number of actionable updates in the report.
+     */
+    totalUpdates: number;
+}
+/**
+ * Effective CLI options serialized into the report.
+ */
+interface JsonReportOptions {
+    /**
+     * Regex patterns supplied through `--exclude`.
+     */
+    excludePatterns: string[];
+    /**
+     * Whether branch references were checked.
+     */
+    includeBranches: boolean;
+    /**
+     * Resolved scan directories.
+     */
+    directories: string[];
+    /**
+     * Whether recursive scanning mode is enabled.
+     */
+    recursive: boolean;
+    /**
+     * Effective update style.
+     */
+    style: UpdateStyle;
+    /**
+     * Effective update mode.
+     */
+    mode: UpdateMode;
+    /**
+     * Indicates that JSON mode never applies changes.
+     */
+    reportOnly: true;
+    /**
+     * Minimum age filter in days.
+     */
+    minAge: number;
+    /**
+     * Indicates that this payload came from `--json`.
+     */
+    json: true;
+}
+/**
+ * Serialized action reference included in each update entry.
+ */
+interface JsonReportAction {
+    /**
+     * Action reference type detected during scanning.
+     */
+    type: ActionUpdate['action']['type'];
+    /**
+     * Original version or ref from the file, if available.
+     */
+    version: string | null;
+    /**
+     * Relative or absolute file path for the action reference.
+     */
+    file: string | null;
+    /**
+     * Line number of the action reference.
+     */
+    line: number | null;
+    /**
+     * Original `uses` value, if available.
+     */
+    uses: string | null;
+    /**
+     * Workflow job name, when applicable.
+     */
+    job: string | null;
+    /**
+     * Full `owner/repo@ref` string, when available.
+     */
+    ref: string | null;
+    /**
+     * Normalized action name.
+     */
+    name: string;
+}
+/**
+ * Top-level machine-readable report emitted by `--json`.
+ */
+interface JsonReport {
+    /**
+     * Entries filtered out by the selected update mode.
+     */
+    blockedByMode: JsonReportUpdate[];
+    /**
+     * Entries skipped during update checks.
+     */
+    skipped: JsonReportUpdate[];
+    /**
+     * Actionable updates after filtering.
+     */
+    updates: JsonReportUpdate[];
+    /**
+     * Effective options that shaped the report.
+     */
+    options: JsonReportOptions;
+    /**
+     * Aggregate counts for the current run.
+     */
+    summary: JsonReportSummary;
+    /**
+     * Overall outcome for the current run.
+     */
+    status: JsonReportStatus;
+    /**
+     * Version of the JSON payload schema.
+     */
+    schemaVersion: 1;
+}
+/**
+ * Build the machine-readable JSON report returned by `--json`.
+ *
+ * @param options - Current CLI state and computed update data.
+ * @returns Serializable JSON payload for stdout.
+ */
+export declare function buildJsonReport(options: BuildJsonReportOptions): JsonReport;
+export {};

package/dist/cli/build-json-report.js

@@ -0,0 +1,68 @@
+import { isAbsolute, relative, resolve } from "node:path";
+function buildJsonReport(e) {
+	let n = resolve(e.cwd ?? process.cwd());
+	return {
+		summary: {
+			totalBreakingUpdates: e.outdated.filter((e) => e.isBreaking).length,
+			totalCompositeActions: e.scanResult.compositeActions.size,
+			totalWorkflows: e.scanResult.workflows.size,
+			totalActionsChecked: e.actionsToCheckCount,
+			totalBlockedByMode: e.blockedByMode.length,
+			totalActions: e.scanResult.actions.length,
+			totalUpdates: e.outdated.length,
+			totalSkipped: e.skipped.length
+		},
+		options: {
+			directories: e.directories.map((e) => serializeDirectoryPath(e, n)),
+			excludePatterns: e.excludePatterns,
+			includeBranches: e.includeBranches,
+			recursive: e.recursive,
+			minAge: e.minAge,
+			style: e.style,
+			mode: e.mode,
+			reportOnly: !0,
+			json: !0
+		},
+		blockedByMode: e.blockedByMode.map((e) => serializeUpdate(e, n)),
+		updates: e.outdated.map((e) => serializeUpdate(e, n)),
+		skipped: e.skipped.map((e) => serializeUpdate(e, n)),
+		status: e.status,
+		schemaVersion: 1
+	};
+}
+function serializeUpdate(e, n) {
+	return {
+		action: {
+			file: serializePath(e.action.file, n),
+			version: e.action.version ?? null,
+			line: e.action.line ?? null,
+			uses: e.action.uses ?? null,
+			job: e.action.job ?? null,
+			ref: e.action.ref ?? null,
+			name: e.action.name,
+			type: e.action.type
+		},
+		publishedAt: e.publishedAt?.toISOString() ?? null,
+		currentRefType: e.currentRefType ?? null,
+		targetRefStyle: e.targetRefStyle ?? null,
+		currentVersion: e.currentVersion,
+		skipReason: e.skipReason ?? null,
+		latestVersion: e.latestVersion,
+		targetRef: e.targetRef ?? null,
+		isBreaking: e.isBreaking,
+		status: e.status ?? "ok",
+		hasUpdate: e.hasUpdate,
+		latestSha: e.latestSha
+	};
+}
+function serializePath(r, i, a = null) {
+	if (!r) return null;
+	if (!isAbsolute(r)) return r;
+	let o = relative(i, r);
+	return o === "" ? a ?? r : o.startsWith("..") || isAbsolute(o) ? r : o;
+}
+function serializeDirectoryPath(r, i) {
+	let a = relative(i, r);
+	return a === "" ? "." : a.startsWith("..") || isAbsolute(a) ? r : a;
+}
+export { buildJsonReport };

package/dist/cli/index.js

@@ -1,134 +1,208 @@
 import { readInlineVersionComment } from "../core/versions/read-inline-version-comment.js";
 import { isSha } from "../core/versions/is-sha.js";
 import { promptUpdateSelection } from "../core/interactive/prompt-update-selection.js";
+import { resolveTargetReference } from "../core/updates/resolve-target-reference.js";
 import { getCompatibleUpdate } from "../core/api/get-compatible-update.js";
 import { createGitHubClient } from "../core/api/create-github-client.js";
 import { resolveScanDirectories } from "./resolve-scan-directories.js";
 import { getUpdateLevel } from "../core/versions/get-update-level.js";
 import { applyUpdates } from "../core/ast/update/apply-updates.js";
+import { normalizeUpdateStyle } from "./normalize-update-style.js";
 import { printSkippedWarning } from "./print-skipped-warning.js";
 import { normalizeUpdateMode } from "./normalize-update-mode.js";
+import { validateCliOptions } from "./validate-cli-options.js";
 import { shouldIgnore } from "../core/ignore/should-ignore.js";
 import { checkUpdates } from "../core/api/check-updates.js";
 import { mergeScanResults } from "./merge-scan-results.js";
 import { printModeWarning } from "./print-mode-warning.js";
 import { scanRecursive } from "../core/scan-recursive.js";
+import { buildJsonReport } from "./build-json-report.js";
 import { scanGitHubActions } from "../core/scan-github-actions.js";
 import "../core/index.js";
 import { version } from "../package.js";
 import { createSpinner } from "nanospinner";
+import { resolve } from "node:path";
 import "node:worker_threads";
 import pc from "picocolors";
 import cac from "cac";
 function run() {
-	let b = cac("actions-up");
-	b.help().version(version).option("--dir <directory>", "Directory to scan (repeatable). Default: .github, or . with --recursive").option("--dry-run", "Preview changes without applying them").option("--exclude <regex>", "Exclude actions by regex (repeatable)").option("--include-branches", "Also check actions pinned to branches (default: false)").option("--min-age <days>", "Minimum age in days for updates (default: 0)", { default: 0 }).option("--mode <mode>", "Update mode: major, minor, or patch (default: major)", { default: "major" }).option("--recursive, -r", "Recursively scan directories for YAML files").option("--yes, -y", "Skip all confirmations").command("", "Update GitHub Actions").action(async (v) => {
-		console.info(pc.cyan("\n🚀 Actions Up!\n"));
-		let y = createSpinner("Scanning GitHub Actions...").start(), b = resolveScanDirectories({
-			recursive: v.recursive,
+	let T = cac("actions-up");
+	T.help().version(version).option("--dir <directory>", "Directory to scan (repeatable). Default: .github, or . with --recursive").option("--dry-run", "Preview changes without applying them").option("--exclude <regex>", "Exclude actions by regex (repeatable)").option("--include-branches", "Also check actions pinned to branches (default: false)").option("--json", "Output update information as machine-readable JSON").option("--min-age <days>", "Minimum age in days for updates (default: 0)", { default: 0 }).option("--mode <mode>", "Update mode: major, minor, or patch (default: major)", { default: "major" }).option("--style <style>", "Update style: sha or preserve (default: sha)", { default: "sha" }).option("--recursive, -r", "Recursively scan directories for YAML files").option("--yes, -y", "Skip all confirmations").command("", "Update GitHub Actions").action(async (S) => {
+		let w = S.json ?? !1, T = null, E = resolveScanDirectories({
+			recursive: S.recursive,
 			cwd: process.cwd(),
-			dir: v.dir
-		});
+			dir: S.dir
+		}), D = E.map(({ root: e, dir: p }) => resolve(e, p)), O = S.includeBranches ?? !1, k = normalizeUpdateMode(S.mode), A = normalizeUpdateStyle(S.style), j = [];
+		Array.isArray(S.exclude) ? j.push(...S.exclude) : typeof S.exclude == "string" && j.push(S.exclude);
+		let M = j.flatMap((e) => e.split(",")).map((e) => e.trim()).filter(Boolean);
 		try {
-			let m = mergeScanResults(v.recursive ? await Promise.all(b.map(({ root: t, dir: u }) => scanRecursive(t, u))) : await Promise.all(b.map(({ root: t, dir: u }) => scanGitHubActions(t, u)))), x = m.actions.length, S = m.workflows.size, C = m.compositeActions.size;
-			if (y.success(`Found ${pc.yellow(x)} actions in ${pc.yellow(S)} workflows and ${pc.yellow(C)} composite actions`), x === 0) {
+			validateCliOptions({
+				yes: S.yes,
+				json: w
+			}), w || (console.info(pc.cyan("\n🚀 Actions Up!\n")), T = createSpinner("Scanning GitHub Actions...").start());
+			function v({ actionsToCheckCount: e, blockedByMode: p = [], outdated: m = [], skipped: h = [], scanResult: g, status: _ }) {
+				process.stdout.write(`${JSON.stringify(buildJsonReport({
+					recursive: S.recursive ?? !1,
+					excludePatterns: M,
+					directories: D,
+					minAge: S.minAge,
+					actionsToCheckCount: e,
+					includeBranches: O,
+					blockedByMode: p,
+					scanResult: g,
+					outdated: m,
+					skipped: h,
+					status: _,
+					style: A,
+					mode: k
+				}), null, 2)}\n`);
+			}
+			let b = mergeScanResults(S.recursive ? await Promise.all(E.map(({ root: e, dir: p }) => scanRecursive(e, p))) : await Promise.all(E.map(({ root: e, dir: p }) => scanGitHubActions(e, p)))), x = b.actions.length, C = b.workflows.size, j = b.compositeActions.size;
+			if (T?.success(`Found ${pc.yellow(x)} actions in ${pc.yellow(C)} workflows and ${pc.yellow(j)} composite actions`), x === 0) {
+				if (w) {
+					v({
+						status: "no-actions-found",
+						actionsToCheckCount: 0,
+						scanResult: b
+					});
+					return;
+				}
 				console.info(pc.green("\n✨ No GitHub Actions found in this repository"));
 				return;
 			}
-			let w = m.actions, T = [];
-			Array.isArray(v.exclude) ? T.push(...v.exclude) : typeof v.exclude == "string" && T.push(v.exclude);
-			let E = T.flatMap((t) => t.split(",")).map((t) => t.trim()).filter(Boolean);
-			if (E.length > 0) {
-				let { parseExcludePatterns: t } = await import("../core/filters/parse-exclude-patterns.js"), u = t(E);
-				u.length > 0 && (w = w.filter((t) => {
-					let { name: d } = t;
-					for (let t of u) if (t.test(d)) return !1;
+			let N = b.actions;
+			if (M.length > 0) {
+				let { parseExcludePatterns: e } = await import("../core/filters/parse-exclude-patterns.js"), p = e(M);
+				p.length > 0 && (N = N.filter((e) => {
+					let { name: m } = e;
+					for (let e of p) if (e.test(m)) return !1;
 					return !0;
 				}));
 			}
-			if (y = createSpinner("Checking for updates...").start(), w.length === 0) {
-				y.success("No actions to check after excludes"), console.info(pc.green("\n✨ Nothing to check after excludes\n"));
+			if (w || (T = createSpinner("Checking for updates...").start()), N.length === 0) {
+				if (T?.success("No actions to check after excludes"), w) {
+					v({
+						status: "nothing-to-check",
+						actionsToCheckCount: 0,
+						scanResult: b
+					});
+					return;
+				}
+				console.info(pc.green("\n✨ Nothing to check after excludes\n"));
 				return;
 			}
-			let D = process.env.GITHUB_TOKEN, O = createGitHubClient(D), k = v.includeBranches ?? !1, A = await checkUpdates(w, D, {
-				client: O,
-				includeBranches: k
-			}), j = [];
-			await Promise.all(A.map(async (t) => {
-				await shouldIgnore(t.action.file, t.action.line) || j.push(t);
+			let P = process.env.GITHUB_TOKEN, F = createGitHubClient(P), I = await checkUpdates(N, P, {
+				client: F,
+				includeBranches: O,
+				style: A
+			}), L = [];
+			await Promise.all(I.map(async (e) => {
+				await shouldIgnore(e.action.file, e.action.line) || L.push(e);
 			}));
-			let M = j.filter((t) => t.status === "skipped"), N = j.filter((t) => t.hasUpdate), P = v.minAge * 24 * 60 * 60 * 1e3, F = Date.now();
-			N = N.filter((t) => t.publishedAt ? F - t.publishedAt.getTime() >= P : !0);
-			let I = normalizeUpdateMode(v.mode), L = [];
-			if (I !== "major") {
-				let d = /* @__PURE__ */ new Map(), p = /* @__PURE__ */ new Map(), m = /* @__PURE__ */ new Map(), h = await Promise.all(N.map(async (d) => {
-					let f = d.currentVersion;
-					if (isSha(d.currentVersion)) {
-						let u = await readInlineVersionComment(d.action.file, d.action.line, m);
-						u && (f = u);
+			let R = L.filter((e) => e.status === "skipped"), z = L.filter((e) => e.hasUpdate), B = S.minAge * 24 * 60 * 60 * 1e3, V = Date.now();
+			z = z.filter((e) => e.publishedAt ? V - e.publishedAt.getTime() >= B : !0);
+			let H = [];
+			if (k !== "major") {
+				let m = /* @__PURE__ */ new Map(), h = /* @__PURE__ */ new Map(), _ = /* @__PURE__ */ new Map(), v = await Promise.all(z.map(async (m) => {
+					let h = m.currentVersion;
+					if (isSha(m.currentVersion)) {
+						let p = await readInlineVersionComment(m.action.file, m.action.line, _);
+						p && (h = p);
 					}
-					let p = getUpdateLevel(f, d.latestVersion);
+					let g = getUpdateLevel(h, m.latestVersion);
 					return {
-						effectiveCurrentVersion: f,
-						allowed: I === "minor" ? p === "minor" || p === "patch" || p === "none" : p === "patch" || p === "none",
-						update: d
+						effectiveCurrentVersion: h,
+						allowed: k === "minor" ? g === "minor" || g === "patch" || g === "none" : g === "patch" || g === "none",
+						update: m
 					};
-				})), g = [], _ = await Promise.all(h.map(async (t) => {
-					if (t.allowed) return { update: t.update };
-					let u = await getCompatibleUpdate(O, {
-						currentVersion: t.effectiveCurrentVersion,
-						actionName: t.update.action.name,
-						tagsCache: d,
-						shaCache: p,
-						mode: I
+				})), y = [], b = await Promise.all(v.map(async (e) => {
+					if (e.allowed) return { update: e.update };
+					let p = await getCompatibleUpdate(F, {
+						currentVersion: e.effectiveCurrentVersion,
+						actionName: e.update.action.name,
+						tagsCache: m,
+						shaCache: h,
+						mode: k
 					});
-					return u ? { update: {
-						...t.update,
-						latestVersion: u.version,
-						latestSha: u.sha,
+					return p ? { update: {
+						...e.update,
+						latestVersion: p.version,
+						latestSha: p.sha,
 						isBreaking: !1,
 						hasUpdate: !0
-					} } : { blocked: t.update };
+					} } : { blocked: e.update };
 				}));
-				for (let t of _) {
-					if (t.update) {
-						g.push(t.update);
+				for (let e of b) {
+					if (e.update) {
+						y.push(e.update);
 						continue;
 					}
-					L.push(t.blocked);
+					H.push(e.blocked);
 				}
-				N = g;
+				z = y;
 			}
-			let R = N.filter((t) => t.isBreaking);
-			if (N.length === 0) {
-				y.success("All actions are up to date!"), M.length > 0 && printSkippedWarning(M, k), L.length > 0 && printModeWarning(L, I), console.info(pc.green("\n✨ Everything is already at the latest version!\n"));
+			z = z.map((e) => resolveTargetReference(e, A));
+			let U = z.filter((e) => !e.targetRef).map((e) => ({
+				...e,
+				skipReason: "unsupported-style",
+				status: "skipped",
+				hasUpdate: !1
+			}));
+			R.push(...U), z = z.filter((e) => e.targetRef);
+			let W = z.filter((e) => e.isBreaking);
+			if (z.length === 0) {
+				if (T?.success("All actions are up to date!"), w) {
+					v({
+						actionsToCheckCount: N.length,
+						status: "up-to-date",
+						blockedByMode: H,
+						scanResult: b,
+						skipped: R
+					});
+					return;
+				}
+				R.length > 0 && printSkippedWarning(R, O, A), H.length > 0 && printModeWarning(H, k), console.info(pc.green("\n✨ Everything is already at the latest version!\n"));
 				return;
 			}
-			if (y.success(`Found ${pc.yellow(N.length)} updates available${R.length > 0 ? ` (${pc.redBright(R.length)} breaking)` : ""}`), M.length > 0 && printSkippedWarning(M, k), L.length > 0 && printModeWarning(L, I), v.dryRun) {
+			if (T?.success(`Found ${pc.yellow(z.length)} updates available${W.length > 0 ? ` (${pc.redBright(W.length)} breaking)` : ""}`), w) {
+				v({
+					actionsToCheckCount: N.length,
+					status: "updates-available",
+					blockedByMode: H,
+					scanResult: b,
+					outdated: z,
+					skipped: R
+				});
+				return;
+			}
+			if (R.length > 0 && printSkippedWarning(R, O, A), H.length > 0 && printModeWarning(H, k), S.dryRun) {
 				console.info(pc.yellow("\n📋 Dry Run - No changes will be made\n"));
-				for (let t of N) console.info(`${pc.cyan(t.action.file ?? "unknown")}:\n${t.action.name}: ${pc.redBright(t.currentVersion)} → ${pc.green(t.latestVersion)} ${t.latestSha ? pc.gray(`(${t.latestSha.slice(0, 7)})`) : ""}\n`);
-				console.info(pc.gray(`\n${N.length} actions would be updated\n`));
+				for (let e of z) {
+					let p = e.targetRefStyle === "sha" && e.targetRef ? `${e.latestVersion} ${pc.gray(`(${e.targetRef.slice(0, 7)})`)}` : e.targetRef ?? e.latestVersion;
+					console.info(`${pc.cyan(e.action.file ?? "unknown")}:\n${e.action.name}: ${pc.redBright(e.currentVersion)} → ${pc.green(p)}\n`);
+				}
+				console.info(pc.gray(`\n${z.length} actions would be updated\n`));
 				return;
 			}
-			if (v.yes) {
-				let t = N.filter((t) => t.latestSha);
-				if (t.length === 0) {
-					console.info(pc.yellow("\n⚠️ No actions with SHA available for update\n"));
+			if (S.yes) {
+				let e = z.filter((e) => e.targetRef);
+				if (e.length === 0) {
+					console.info(pc.yellow("\n⚠️ No actionable updates available\n"));
 					return;
 				}
-				console.info(pc.yellow(`\n🔄 Updating ${t.length} actions...\n`)), await applyUpdates(t), console.info(pc.green("\n✓ Updates applied successfully!"));
+				console.info(pc.yellow(`\n🔄 Updating ${e.length} actions...\n`)), await applyUpdates(e), console.info(pc.green("\n✓ Updates applied successfully!"));
 			} else {
-				(M.length > 0 || L.length > 0) && console.info("");
-				let t = await promptUpdateSelection(N, { showAge: v.minAge > 0 });
-				if (!t || t.length === 0) {
+				(R.length > 0 || H.length > 0) && console.info("");
+				let e = await promptUpdateSelection(z, { showAge: S.minAge > 0 });
+				if (!e || e.length === 0) {
 					console.info(pc.gray("\nNo updates applied"));
 					return;
 				}
-				console.info(pc.yellow(`\n🔄 Updating ${t.length} selected actions...\n`)), await applyUpdates(t), console.info(pc.green("\n✓ Updates applied successfully!"));
+				console.info(pc.yellow(`\n🔄 Updating ${e.length} selected actions...\n`)), await applyUpdates(e), console.info(pc.green("\n✓ Updates applied successfully!"));
 			}
-		} catch (t) {
-			y.error("Failed"), t instanceof Error && t.name === "GitHubRateLimitError" ? (console.error(pc.yellow("\n⚠️ Rate Limit Exceeded\n")), console.error(t.message), console.error(pc.gray("\nExample: GITHUB_TOKEN=ghp_xxxx actions-up\n"))) : console.error(pc.redBright("\nError:"), t instanceof Error ? t.message : String(t)), process.exit(1);
+		} catch (e) {
+			T?.error("Failed"), e instanceof Error && e.name === "GitHubRateLimitError" ? (console.error(pc.yellow("\n⚠️ Rate Limit Exceeded\n")), console.error(e.message), console.error(pc.gray("\nExample: GITHUB_TOKEN=ghp_xxxx actions-up\n"))) : console.error(pc.redBright("\nError:"), e instanceof Error ? e.message : String(e)), process.exit(1);
 		}
-	}), b.parse();
+	}), T.parse();
 }
 export { run };

package/dist/cli/normalize-update-style.d.ts

@@ -0,0 +1,8 @@
+import { UpdateStyle } from '../types/update-style';
+/**
+ * Normalizes the update style option.
+ *
+ * @param style - Raw style option.
+ * @returns Normalized update style.
+ */
+export declare function normalizeUpdateStyle(style: undefined | string): UpdateStyle;

package/dist/cli/normalize-update-style.js

@@ -0,0 +1,6 @@
+function normalizeUpdateStyle(e) {
+	let t = (e ?? "sha").toLowerCase();
+	if (t === "preserve" || t === "sha") return t;
+	throw Error(`Invalid style "${e}". Expected "sha" or "preserve".`);
+}
+export { normalizeUpdateStyle };

package/dist/cli/print-skipped-warning.d.ts

@@ -1,8 +1,10 @@
+import { UpdateStyle } from '../types/update-style';
 /**
  * Prints a warning message for actions that were skipped during scanning.
  *
  * @param skipped - Array of skipped actions with their current versions.
  * @param includeBranches - Whether branch-pinned actions are being checked.
+ * @param style - Effective update style for the current run.
  */
 export declare function printSkippedWarning(skipped: {
     action: {
@@ -10,5 +12,6 @@ export declare function printSkippedWarning(skipped: {
         uses?: string;
         name: string;
     };
+    skipReason?: 'unsupported-style' | 'unknown' | 'branch';
     currentVersion: string | null;
-}[], includeBranches: boolean): void;
+}[], includeBranches: boolean, style: UpdateStyle): void;