actions-up 1.13.0 → 1.14.1

package/dist/core/api/get-reference-type.js

@@ -1,15 +1,15 @@
-import { makeRequest } from "./make-request.js";
-async function getReferenceType(t, n) {
+import { makeRequest as e } from "./make-request.js";
+async function t(t, n) {
 	let { reference: r, owner: i, repo: a } = n, o = `${i}/${a}#${r}`;
 	if (t.caches.refType.has(o)) return t.caches.refType.get(o) ?? null;
 	try {
-		return await makeRequest(t, `/repos/${i}/${a}/git/refs/tags/${r}`), t.caches.refType.set(o, "tag"), "tag";
+		return await e(t, `/repos/${i}/${a}/git/refs/tags/${r}`), t.caches.refType.set(o, "tag"), "tag";
 	} catch {
 		try {
-			return await makeRequest(t, `/repos/${i}/${a}/git/refs/heads/${r}`), t.caches.refType.set(o, "branch"), "branch";
+			return await e(t, `/repos/${i}/${a}/git/refs/heads/${r}`), t.caches.refType.set(o, "branch"), "branch";
 		} catch {
 			return t.caches.refType.set(o, null), null;
 		}
 	}
 }
-export { getReferenceType };
+export { t as getReferenceType };

package/dist/core/api/get-tag-info.js

@@ -1,15 +1,15 @@
-import { makeRequest } from "./make-request.js";
-import { GitHubRateLimitError } from "./internal-rate-limit-error.js";
-async function getTagInfo(n, i) {
+import { makeRequest as e } from "./make-request.js";
+import { GitHubRateLimitError as t } from "./internal-rate-limit-error.js";
+async function n(n, i) {
 	try {
 		let { owner: t, repo: a, tag: o } = i, s = o.replace(/^refs\/tags\//u, ""), c = `${t}/${a}#${s}`;
 		if (n.caches.tagInfo.has(c)) return n.caches.tagInfo.get(c) ?? null;
 		try {
-			let i = (await makeRequest(n, `/repos/${t}/${a}/releases/tags/${s}`)).data, o = i.published_at ? new Date(i.published_at) : null, l = i.body ?? null, u = null;
+			let i = (await e(n, `/repos/${t}/${a}/releases/tags/${s}`)).data, o = i.published_at ? new Date(i.published_at) : null, l = i.body ?? null, u = null;
 			try {
-				let { type: r, sha: i } = (await makeRequest(n, `/repos/${t}/${a}/git/refs/tags/${s}`)).data.object;
+				let { type: r, sha: i } = (await e(n, `/repos/${t}/${a}/git/refs/tags/${s}`)).data.object;
 				if (i && r === "tag") try {
-					let r = (await makeRequest(n, `/repos/${t}/${a}/git/tags/${i}`)).data;
+					let r = (await e(n, `/repos/${t}/${a}/git/tags/${i}`)).data;
 					u = r.object.sha ?? i;
 					let s = r.tagger?.date;
 					!o && s && (o = new Date(s)), !l && typeof r.message == "string" && ({message: l} = r);
@@ -17,13 +17,13 @@ async function getTagInfo(n, i) {
 					u = i;
 				}
 				else if (i && r === "commit" && (u = i, !o || !l)) try {
-					let { message: r, author: s } = (await makeRequest(n, `/repos/${t}/${a}/git/commits/${i}`)).data;
+					let { message: r, author: s } = (await e(n, `/repos/${t}/${a}/git/commits/${i}`)).data;
 					!l && typeof r == "string" && (l = r);
 					let c = s?.date;
 					!o && c && (o = new Date(c));
 				} catch {}
 			} catch {
-				isLikelySha(i.target_commitish) && (u = i.target_commitish);
+				r(i.target_commitish) && (u = i.target_commitish);
 			}
 			let d = {
 				tag: s,
@@ -34,13 +34,13 @@ async function getTagInfo(n, i) {
 			return n.caches.tagInfo.set(c, d), d;
 		} catch {
 			try {
-				let r = (await makeRequest(n, `/repos/${t}/${a}/git/refs/tags/${s}`)).data, { sha: i } = r.object, o = null, l = null;
+				let r = (await e(n, `/repos/${t}/${a}/git/refs/tags/${s}`)).data, { sha: i } = r.object, o = null, l = null;
 				if (r.object.type === "tag") try {
-					let r = (await makeRequest(n, `/repos/${t}/${a}/git/tags/${i}`)).data;
+					let r = (await e(n, `/repos/${t}/${a}/git/tags/${i}`)).data;
 					i = r.object.sha ?? i, o = r.message ?? null, l = r.tagger.date ? new Date(r.tagger.date) : null;
 				} catch {}
 				else try {
-					let r = (await makeRequest(n, `/repos/${t}/${a}/git/commits/${i}`)).data;
+					let r = (await e(n, `/repos/${t}/${a}/git/commits/${i}`)).data;
 					o = r.message ?? null, l = r.author.date ? new Date(r.author.date) : null;
 				} catch {}
 				let u = {
@@ -56,12 +56,12 @@ async function getTagInfo(n, i) {
 			}
 		}
 	} catch (e) {
-		throw e instanceof Error && e.message.includes("rate limit") ? new GitHubRateLimitError(n.rateLimitReset) : e;
+		throw e instanceof Error && e.message.includes("rate limit") ? new t(n.rateLimitReset) : e;
 	}
 }
-function isLikelySha(e) {
+function r(e) {
 	if (typeof e != "string" || e.trim() === "") return !1;
 	let t = e.replace(/^v/u, "");
 	return /^[0-9a-f]{7,40}$/iu.test(t);
 }
-export { getTagInfo };
+export { n as getTagInfo };

package/dist/core/api/get-tag-sha.js

@@ -1,20 +1,20 @@
-import { makeRequest } from "./make-request.js";
-import { GitHubRateLimitError } from "./internal-rate-limit-error.js";
-async function getTagSha(n, r) {
+import { makeRequest as e } from "./make-request.js";
+import { GitHubRateLimitError as t } from "./internal-rate-limit-error.js";
+async function n(n, r) {
 	let { owner: i, repo: a, tag: o } = r, s = o.replace(/^refs\/tags\//u, ""), c = `${i}/${a}#${s}`;
 	if (n.caches.tagSha.has(c)) return n.caches.tagSha.get(c) ?? null;
 	try {
-		let t = (await makeRequest(n, `/repos/${i}/${a}/git/refs/tags/${s}`)).data, r = t.object.sha, o = t.object.type, l = null;
+		let t = (await e(n, `/repos/${i}/${a}/git/refs/tags/${s}`)).data, r = t.object.sha, o = t.object.type, l = null;
 		if (r && o === "tag") try {
-			l = (await makeRequest(n, `/repos/${i}/${a}/git/tags/${r}`)).data.object.sha ?? null;
+			l = (await e(n, `/repos/${i}/${a}/git/tags/${r}`)).data.object.sha ?? null;
 		} catch {
 			l = r;
 		}
 		else r && o === "commit" && (l = r);
 		return n.caches.tagSha.set(c, l), l;
 	} catch (e) {
-		if (e instanceof Error && e.message.includes("rate limit")) throw new GitHubRateLimitError(n.rateLimitReset);
+		if (e instanceof Error && e.message.includes("rate limit")) throw new t(n.rateLimitReset);
 		return n.caches.tagSha.set(c, null), null;
 	}
 }
-export { getTagSha };
+export { n as getTagSha };

package/dist/core/api/internal-rate-limit-error.js

@@ -1,7 +1,7 @@
-var GitHubRateLimitError = class extends Error {
+var e = class extends Error {
 	constructor(e) {
 		let t = e.toLocaleTimeString();
 		super(`GitHub API rate limit exceeded. Resets at ${t}`), this.name = "GitHubRateLimitError";
 	}
 };
-export { GitHubRateLimitError };
+export { e as GitHubRateLimitError };

package/dist/core/api/make-request.js

@@ -1,5 +1,5 @@
-import { updateRateLimitInfo } from "./update-rate-limit-info.js";
-async function makeRequest(t, n, r = {}) {
+import { updateRateLimitInfo as e } from "./update-rate-limit-info.js";
+async function t(t, n, r = {}) {
 	let i = {
 		Accept: "application/vnd.github.v3+json",
 		"User-Agent": "actions-up",
@@ -11,7 +11,7 @@ async function makeRequest(t, n, r = {}) {
 		headers: i
 	}), o = {};
 	for (let [e, t] of a.headers.entries()) o[e] = t;
-	if (updateRateLimitInfo(t, o), !a.ok) {
+	if (e(t, o), !a.ok) {
 		let e = /* @__PURE__ */ Error(`GitHub API error: ${a.status} ${a.statusText}`);
 		if (e.status = a.status, a.status === 403) {
 			let t = await a.text();
@@ -24,4 +24,4 @@ async function makeRequest(t, n, r = {}) {
 		data: await a.json()
 	};
 }
-export { makeRequest };
+export { t as makeRequest };

package/dist/core/api/resolve-github-token-sync.js

@@ -1,13 +1,13 @@
-import { join } from "node:path";
-import { execFileSync } from "node:child_process";
-import { readFileSync } from "node:fs";
-function resolveGitHubTokenSync() {
+import { join as e } from "node:path";
+import { execFileSync as t } from "node:child_process";
+import { readFileSync as n } from "node:fs";
+function r() {
 	let r = process.env.GITHUB_TOKEN;
 	if (r && r.trim() !== "") return r.trim();
 	let i = process.env.GH_TOKEN;
 	if (i && i.trim() !== "") return i.trim();
 	try {
-		let e = execFileSync("gh", ["auth", "token"], {
+		let e = t("gh", ["auth", "token"], {
 			stdio: [
 				"ignore",
 				"pipe",
@@ -19,7 +19,7 @@ function resolveGitHubTokenSync() {
 		if (e) return e;
 	} catch {}
 	try {
-		let t = readFileSync(join(process.cwd(), ".git", "config"), "utf8"), r = t.match(/^\s*(?:github\.(?:oauth-token|token)|hub\.oauthtoken)\s*=\s*(?<token>\S[^\n\r]*)$/mu)?.groups?.token?.trim();
+		let t = n(e(process.cwd(), ".git", "config"), "utf8"), r = t.match(/^\s*(?:github\.(?:oauth-token|token)|hub\.oauthtoken)\s*=\s*(?<token>\S[^\n\r]*)$/mu)?.groups?.token?.trim();
 		if (r) return r;
 		let i = null;
 		for (let e of t.split(/\r?\n/u)) {
@@ -39,4 +39,4 @@ function resolveGitHubTokenSync() {
 		}
 	} catch {}
 }
-export { resolveGitHubTokenSync };
+export { r as resolveGitHubTokenSync };

package/dist/core/api/update-rate-limit-info.js

@@ -1,10 +1,7 @@
-function updateRateLimitInfo(e, t) {
+function e(e, t) {
 	let n = t["x-ratelimit-remaining"];
 	n !== void 0 && (e.rateLimitRemaining = typeof n == "string" ? Number.parseInt(n, 10) : n);
 	let r = t["x-ratelimit-reset"];
-	if (r !== void 0) {
-		let t = typeof r == "string" ? Number.parseInt(r, 10) : r;
-		e.rateLimitReset = /* @__PURE__ */ new Date(t * 1e3);
-	}
+	r !== void 0 && (e.rateLimitReset = /* @__PURE__ */ new Date((typeof r == "string" ? Number.parseInt(r, 10) : r) * 1e3));
 }
-export { updateRateLimitInfo };
+export { e as updateRateLimitInfo };

package/dist/core/ast/guards/has-range.js

@@ -1,4 +1,4 @@
-function hasRange(e) {
+function e(e) {
 	return typeof e == "object" && !!e && "range" in e;
 }
-export { hasRange };
+export { e as hasRange };

package/dist/core/ast/guards/is-node.js

@@ -1,4 +1,4 @@
-function isNode(e) {
+function e(e) {
 	return typeof e == "object" && !!e && "toJSON" in e && typeof e.toJSON == "function";
 }
-export { isNode };
+export { e as isNode };

package/dist/core/ast/guards/is-pair.js

@@ -1,4 +1,4 @@
-function isPair(e) {
+function e(e) {
 	return typeof e == "object" && !!e && "key" in e && "value" in e;
 }
-export { isPair };
+export { e as isPair };

package/dist/core/ast/guards/is-scalar.js

@@ -1,4 +1,4 @@
-function isScalar(e) {
+function e(e) {
 	return typeof e == "object" && !!e && "value" in e;
 }
-export { isScalar };
+export { e as isScalar };

package/dist/core/ast/guards/is-yaml-map.js

@@ -1,4 +1,4 @@
-function isYAMLMap(e) {
+function e(e) {
 	return typeof e == "object" && !!e && "items" in e && Array.isArray(e.items);
 }
-export { isYAMLMap };
+export { e as isYAMLMap };

package/dist/core/ast/guards/is-yaml-sequence.js

@@ -1,4 +1,4 @@
-function isYAMLSequence(e) {
+function e(e) {
 	return typeof e == "object" && !!e && "items" in e && Array.isArray(e.items);
 }
-export { isYAMLSequence };
+export { e as isYAMLSequence };

package/dist/core/ast/scanners/scan-composite-action-ast.js

@@ -1,20 +1,20 @@
-import { isCompositeActionStructure } from "../../schema/composite/is-composite-action-structure.js";
-import { isCompositeActionRuns } from "../../schema/composite/is-composite-action-runs.js";
-import { isYAMLMap } from "../guards/is-yaml-map.js";
-import { extractUsesFromSteps } from "../utils/extract-uses-from-steps.js";
-import { findMapPair } from "../utils/find-map-pair.js";
-function scanCompositeActionAst(a, o, s) {
+import { isCompositeActionStructure as e } from "../../schema/composite/is-composite-action-structure.js";
+import { isCompositeActionRuns as t } from "../../schema/composite/is-composite-action-runs.js";
+import { isYAMLMap as n } from "../guards/is-yaml-map.js";
+import { extractUsesFromSteps as r } from "../utils/extract-uses-from-steps.js";
+import { findMapPair as i } from "../utils/find-map-pair.js";
+function a(a, o, s) {
 	let c = a.toJSON();
-	if (!isCompositeActionStructure(c) || !a.contents || !isYAMLMap(a.contents)) return [];
-	let l = findMapPair(a.contents, "runs");
-	if (!l?.value || !isYAMLMap(l.value)) return [];
+	if (!e(c) || !a.contents || !n(a.contents)) return [];
+	let l = i(a.contents, "runs");
+	if (!l?.value || !n(l.value)) return [];
 	let u = c.runs;
-	if (!u || !isCompositeActionRuns(u) || !u.steps || !Array.isArray(u.steps)) return [];
-	let d = findMapPair(l.value, "steps");
-	return d?.value ? extractUsesFromSteps({
+	if (!u || !t(u) || !u.steps || !Array.isArray(u.steps)) return [];
+	let d = i(l.value, "steps");
+	return d?.value ? r({
 		stepsNode: d.value,
 		filePath: s,
 		content: o
 	}) : [];
 }
-export { scanCompositeActionAst };
+export { a as scanCompositeActionAst };

package/dist/core/ast/scanners/scan-workflow-ast.js

@@ -1,26 +1,26 @@
-import { parseActionReference } from "../../parsing/parse-action-reference.js";
-import { getLineNumberForKey } from "../utils/get-line-number.js";
-import { isYAMLMap } from "../guards/is-yaml-map.js";
-import { isScalar } from "../guards/is-scalar.js";
-import { isNode } from "../guards/is-node.js";
-import { isPair } from "../guards/is-pair.js";
-import { extractUsesFromSteps } from "../utils/extract-uses-from-steps.js";
-import { findMapPair } from "../utils/find-map-pair.js";
-import { isWorkflowStructure } from "../../schema/workflow/is-workflow-structure.js";
-function scanWorkflowAst(l, u, d) {
-	if (!isWorkflowStructure(l.toJSON()) || !l.contents || !isYAMLMap(l.contents)) return [];
-	let f = findMapPair(l.contents, "jobs");
-	if (!f?.value || !isYAMLMap(f.value)) return [];
+import { parseActionReference as e } from "../../parsing/parse-action-reference.js";
+import { getLineNumberForKey as t } from "../utils/get-line-number.js";
+import { isYAMLMap as n } from "../guards/is-yaml-map.js";
+import { isScalar as r } from "../guards/is-scalar.js";
+import { isNode as i } from "../guards/is-node.js";
+import { isPair as a } from "../guards/is-pair.js";
+import { extractUsesFromSteps as o } from "../utils/extract-uses-from-steps.js";
+import { findMapPair as s } from "../utils/find-map-pair.js";
+import { isWorkflowStructure as c } from "../../schema/workflow/is-workflow-structure.js";
+function l(l, u, d) {
+	if (!c(l.toJSON()) || !l.contents || !n(l.contents)) return [];
+	let f = s(l.contents, "jobs");
+	if (!f?.value || !n(f.value)) return [];
 	let p = [];
 	for (let c of f.value.items) {
-		if (!isPair(c) || !c.value || !isNode(c.value) || !isYAMLMap(c.value)) continue;
-		let l = isScalar(c.key) ? String(c.key.value) : void 0, f = findMapPair(c.value, "uses");
-		if (f?.value && f.key && isScalar(f.value)) {
-			let s = parseActionReference(String(f.value.value), d, getLineNumberForKey(u, f.key));
-			s && (l && (s.job = l), p.push(s));
+		if (!a(c) || !c.value || !i(c.value) || !n(c.value)) continue;
+		let l = r(c.key) ? String(c.key.value) : void 0, f = s(c.value, "uses");
+		if (f?.value && f.key && r(f.value)) {
+			let n = e(String(f.value.value), d, t(u, f.key));
+			n && (l && (n.job = l), p.push(n));
 		}
-		let m = findMapPair(c.value, "steps");
-		m?.value && p.push(...extractUsesFromSteps({
+		let m = s(c.value, "steps");
+		m?.value && p.push(...o({
 			stepsNode: m.value,
 			filePath: d,
 			content: u,
@@ -29,4 +29,4 @@ function scanWorkflowAst(l, u, d) {
 	}
 	return p;
 }
-export { scanWorkflowAst };
+export { l as scanWorkflowAst };

package/dist/core/ast/update/apply-updates.d.ts

@@ -1,6 +1,6 @@
 import { ActionUpdate } from '../../../types/action-update';
 /**
- * Apply updates using SHA with version in comment for readability.
+ * Apply updates using the already-resolved target refs.
  *
  * @param updates - Array of updates to apply.
  */

package/dist/core/ast/update/apply-updates.js

@@ -1,40 +1,53 @@
-import { readFile, writeFile } from "node:fs/promises";
-async function applyUpdates(n) {
-	let r = /* @__PURE__ */ new Map();
+import { readFile as e, writeFile as t } from "node:fs/promises";
+async function n(n) {
+	let i = /* @__PURE__ */ new Map();
 	for (let e of n) {
 		let { file: t } = e.action;
 		if (!t) continue;
-		let n = r.get(t) ?? [];
-		n.push(e), r.set(t, n);
+		let n = i.get(t) ?? [];
+		n.push(e), i.set(t, n);
 	}
-	let i = [...r.entries()].map(async ([n, r]) => {
-		let i = await readFile(n, "utf8");
-		for (let e of r) {
-			if (!e.latestSha) continue;
-			function t(e) {
+	let a = [...i.entries()].map(async ([n, i]) => {
+		let a = await e(n, "utf8");
+		for (let e of i) {
+			let t = e.targetRef ?? e.latestSha, n = e.targetRefStyle ?? (e.latestSha ? "sha" : null);
+			if (!t || !n) continue;
+			function i(e) {
 				return e.replaceAll(/[$()*+\-./?[\\\]^{|}]/gu, String.raw`\$&`);
 			}
-			let n = t(e.action.name), r = e.currentVersion ? t(e.currentVersion) : "";
-			if (n.includes("\n") || n.includes("\r")) {
+			let o = i(e.action.name), s = e.currentVersion ? i(e.currentVersion) : "";
+			if (o.includes("\n") || o.includes("\r")) {
 				console.error(`Invalid action name: ${e.action.name}`);
 				continue;
 			}
-			if (r && (r.includes("\n") || r.includes("\r"))) {
+			if (s && (s.includes("\n") || s.includes("\r"))) {
 				console.error(`Invalid version: ${e.currentVersion}`);
 				continue;
 			}
-			if (!/^[\da-f]{40}$/iu.test(e.latestSha)) {
-				console.error(`Invalid SHA format: ${e.latestSha}`);
+			if (t.includes("\n") || t.includes("\r") || t.trim() === "") {
+				console.error(`Invalid target ref: ${t}`);
 				continue;
 			}
-			let a = String.raw`['"]?\buses\b['"]?\s*:\s*`, o = String.raw`(?:^[^\S\n]*(?:-[^\S\n]*)?|[{\[,][^\S\n]*)` + a, s = new RegExp(String.raw`(?<prefix>${o})` + String.raw`(?<quote>['"]?)` + String.raw`(?<name>${n})@${r}` + String.raw`\k<quote>` + String.raw`(?<after>[ \t\]}{,]*)` + String.raw`(?<comment>[^\S\r\n]*#[^\r\n]*)?`, "gm");
-			i = i.replace(s, (t, ...n) => {
-				let i = n.at(-3), a = n.at(-2), o = n.at(-1), s = a.indexOf("\n", i + t.length), c = (s === -1 ? a.slice(i + t.length) : a.slice(i + t.length, s)).trim().length > 0, l = o.after.endsWith(" ") ? "" : " ", u = c && !o.comment && r !== "" ? "" : `${l}# ${e.latestVersion}`;
-				return `${`${o.prefix}${o.quote}${o.name}`}@${`${e.latestSha}${o.quote}${o.after}${u}`}`;
+			if (n === "sha" && !/^[\da-f]{40}$/iu.test(t)) {
+				console.error(`Invalid SHA format: ${t}`);
+				continue;
+			}
+			let c = String.raw`['"]?\buses\b['"]?\s*:\s*`, l = String.raw`(?:^[^\S\n]*(?:-[^\S\n]*)?|[{\[,][^\S\n]*)` + c, u = new RegExp(String.raw`(?<prefix>${l})` + String.raw`(?<quote>['"]?)` + String.raw`(?<name>${o})@${s}` + String.raw`\k<quote>` + String.raw`(?<after>[ \t\]}{,]*)` + String.raw`(?<comment>[^\S\r\n]*#[^\r\n]*)?`, "gm");
+			a = a.replace(u, (i, ...a) => {
+				let o = a.at(-3), c = a.at(-2), l = a.at(-1), u = c.indexOf("\n", o + i.length), d = (u === -1 ? c.slice(o + i.length) : c.slice(o + i.length, u)).trim().length > 0, f = l.after.endsWith(" ") ? "" : " ", p = "";
+				if (n === "sha") p = d && !l.comment && s !== "" ? "" : `${f}# ${e.latestVersion}`;
+				else if (l.comment && !r(l.comment)) {
+					let { comment: e } = l;
+					p = e;
+				}
+				return `${`${l.prefix}${l.quote}${l.name}`}@${`${t}${l.quote}${l.after}${p}`}`;
 			});
 		}
-		await writeFile(n, i, "utf8");
+		await t(n, a, "utf8");
 	});
-	await Promise.all(i);
+	await Promise.all(a);
+}
+function r(e) {
+	return /^#\s*[Vv]?\d+(?:\.\d+){0,2}(?:[+-][\w\-.]+)?\s*$/u.test(e.trim());
 }
-export { applyUpdates };
+export { n as applyUpdates };

package/dist/core/ast/utils/extract-uses-from-steps.js

@@ -1,23 +1,23 @@
-import { parseActionReference } from "../../parsing/parse-action-reference.js";
-import { isYAMLSequence } from "../guards/is-yaml-sequence.js";
-import { getLineNumberForKey } from "./get-line-number.js";
-import { isYAMLMap } from "../guards/is-yaml-map.js";
-import { isScalar } from "../guards/is-scalar.js";
-import { isNode } from "../guards/is-node.js";
-import { isPair } from "../guards/is-pair.js";
-function extractUsesFromSteps(s) {
+import { parseActionReference as e } from "../../parsing/parse-action-reference.js";
+import { isYAMLSequence as t } from "../guards/is-yaml-sequence.js";
+import { getLineNumberForKey as n } from "./get-line-number.js";
+import { isYAMLMap as r } from "../guards/is-yaml-map.js";
+import { isScalar as i } from "../guards/is-scalar.js";
+import { isNode as a } from "../guards/is-node.js";
+import { isPair as o } from "../guards/is-pair.js";
+function s(s) {
 	let { stepsNode: c, filePath: l, content: u, jobName: d } = s;
-	if (!isYAMLSequence(c)) return [];
+	if (!t(c)) return [];
 	let f = [];
-	for (let o of c.items) {
-		if (!isYAMLMap(o) || !isNode(o)) continue;
-		let s = o.toJSON();
+	for (let t of c.items) {
+		if (!r(t) || !a(t)) continue;
+		let s = t.toJSON();
 		if (typeof s != "object" || !s || Array.isArray(s)) continue;
 		let c = s;
 		if (typeof c.uses != "string") continue;
-		let p = o.items.find((e) => isPair(e) && isScalar(e.key) && e.key.value === "uses"), m = p?.key ? getLineNumberForKey(u, p.key) : 0, h = parseActionReference(c.uses, l, m);
+		let p = t.items.find((e) => o(e) && i(e.key) && e.key.value === "uses"), m = p?.key ? n(u, p.key) : 0, h = e(c.uses, l, m);
 		h && (d && (h.job = d), f.push(h));
 	}
 	return f;
 }
-export { extractUsesFromSteps };
+export { s as extractUsesFromSteps };

package/dist/core/ast/utils/find-map-pair.js

@@ -1,7 +1,7 @@
-import { isYAMLMap } from "../guards/is-yaml-map.js";
-import { isScalar } from "../guards/is-scalar.js";
-import { isPair } from "../guards/is-pair.js";
-function findMapPair(r, i) {
-	return !isYAMLMap(r) || !Array.isArray(r.items) ? null : r.items.find((e) => isPair(e) && isScalar(e.key) && e.key.value === i) ?? null;
+import { isYAMLMap as e } from "../guards/is-yaml-map.js";
+import { isScalar as t } from "../guards/is-scalar.js";
+import { isPair as n } from "../guards/is-pair.js";
+function r(r, i) {
+	return !e(r) || !Array.isArray(r.items) ? null : r.items.find((e) => n(e) && t(e.key) && e.key.value === i) ?? null;
 }
-export { findMapPair };
+export { r as findMapPair };

package/dist/core/ast/utils/get-line-number.js

@@ -1,9 +1,9 @@
-import { hasRange } from "../guards/has-range.js";
-function getLineNumberForKey(t, n) {
-	if (hasRange(n) && n.range) {
+import { hasRange as e } from "../guards/has-range.js";
+function t(t, n) {
+	if (e(n) && n.range) {
 		let [e] = n.range;
 		if (typeof e == "number" && Number.isFinite(e)) return t.slice(0, Math.max(0, e)).split("\n").length;
 	}
 	return 0;
 }
-export { getLineNumberForKey };
+export { t as getLineNumberForKey };

package/dist/core/constants.js

@@ -1,2 +1,2 @@
-const GITHUB_DIRECTORY = ".github", WORKFLOWS_DIRECTORY = "workflows", ACTIONS_DIRECTORY = "actions";
-export { ACTIONS_DIRECTORY, GITHUB_DIRECTORY, WORKFLOWS_DIRECTORY };
+var e = ".github", t = "workflows", n = "actions";
+export { n as ACTIONS_DIRECTORY, e as GITHUB_DIRECTORY, t as WORKFLOWS_DIRECTORY };

package/dist/core/filters/parse-exclude-patterns.js

@@ -1,4 +1,4 @@
-function parseExcludePatterns(e) {
+function e(e) {
 	let t = [];
 	for (let n of e) {
 		let e = n.trim();
@@ -20,4 +20,4 @@ function parseExcludePatterns(e) {
 	}
 	return t;
 }
-export { parseExcludePatterns };
+export { e as parseExcludePatterns };

package/dist/core/fs/find-yaml-files-recursive.js

@@ -1,20 +1,20 @@
-import { isYamlFile } from "./is-yaml-file.js";
-import { join } from "node:path";
-import { lstat, readdir } from "node:fs/promises";
-async function findYamlFilesRecursive(i) {
+import { isYamlFile as e } from "./is-yaml-file.js";
+import { join as t } from "node:path";
+import { lstat as n, readdir as r } from "node:fs/promises";
+async function i(i) {
 	let a = [], o = /* @__PURE__ */ new Set();
 	async function s(i) {
-		if ((await lstat(i)).isSymbolicLink() || o.has(i)) return;
+		if ((await n(i)).isSymbolicLink() || o.has(i)) return;
 		o.add(i);
-		let c = (await readdir(i)).map(async (r) => {
+		let c = (await r(i)).map(async (r) => {
 			try {
-				let o = join(i, r), c = await lstat(o);
+				let o = t(i, r), c = await n(o);
 				if (c.isSymbolicLink()) return;
-				c.isDirectory() ? await s(o) : c.isFile() && isYamlFile(r) && a.push(o);
+				c.isDirectory() ? await s(o) : c.isFile() && e(r) && a.push(o);
 			} catch {}
 		});
 		await Promise.all(c);
 	}
 	return await s(i), a;
 }
-export { findYamlFilesRecursive };
+export { i as findYamlFilesRecursive };

package/dist/core/fs/is-yaml-file.js

@@ -1,4 +1,4 @@
-function isYamlFile(e) {
+function e(e) {
 	return e.endsWith(".yml") || e.endsWith(".yaml");
 }
-export { isYamlFile };
+export { e as isYamlFile };

package/dist/core/fs/read-yaml-document.js

@@ -1,10 +1,10 @@
-import { readFile } from "node:fs/promises";
-import { parseDocument } from "yaml";
-async function readYamlDocument(n) {
-	let r = await readFile(n, "utf8");
+import { readFile as e } from "node:fs/promises";
+import { parseDocument as t } from "yaml";
+async function n(n) {
+	let r = await e(n, "utf8");
 	return {
-		document: parseDocument(r),
+		document: t(r),
 		content: r
 	};
 }
-export { readYamlDocument };
+export { n as readYamlDocument };

package/dist/core/ignore/should-ignore.js

@@ -1,7 +1,7 @@
-import { readFile } from "node:fs/promises";
-async function shouldIgnore(t, n) {
+import { readFile as e } from "node:fs/promises";
+async function t(t, n) {
 	if (!t) return !1;
-	let r = (await readFile(t, "utf8")).split("\n");
+	let r = (await e(t, "utf8")).split("\n");
 	for (let e of r) if (e.includes("actions-up-ignore-file")) return !0;
 	if (!n || n <= 0) return !1;
 	let i = /* @__PURE__ */ new Set(), a = !1;
@@ -11,4 +11,4 @@ async function shouldIgnore(t, n) {
 	}
 	return i.has(n);
 }
-export { shouldIgnore };
+export { t as shouldIgnore };

package/dist/core/index.js

@@ -1,5 +1,5 @@
-import { applyUpdates } from "./ast/update/apply-updates.js";
-import { checkUpdates } from "./api/check-updates.js";
-import { scanRecursive } from "./scan-recursive.js";
-import { scanGitHubActions } from "./scan-github-actions.js";
-export { applyUpdates, checkUpdates, scanGitHubActions, scanRecursive };
+import { applyUpdates as e } from "./ast/update/apply-updates.js";
+import { checkUpdates as t } from "./api/check-updates.js";
+import { scanRecursive as n } from "./scan-recursive.js";
+import { scanGitHubActions as r } from "./scan-github-actions.js";
+export { e as applyUpdates, t as checkUpdates, r as scanGitHubActions, n as scanRecursive };