actions-up 1.14.0 → 1.14.2

package/dist/core/scan-recursive.js

@@ -1,46 +1,46 @@
-import { isCompositeActionStructure } from "./schema/composite/is-composite-action-structure.js";
-import { scanCompositeActionAst } from "./ast/scanners/scan-composite-action-ast.js";
-import { isWorkflowStructure } from "./schema/workflow/is-workflow-structure.js";
-import { findYamlFilesRecursive } from "./fs/find-yaml-files-recursive.js";
-import { scanWorkflowAst } from "./ast/scanners/scan-workflow-ast.js";
-import { readYamlDocument } from "./fs/read-yaml-document.js";
-import { dirname, relative, resolve } from "node:path";
-async function scanRecursive(u, d) {
+import { isCompositeActionStructure as e } from "./schema/composite/is-composite-action-structure.js";
+import { scanCompositeActionAst as t } from "./ast/scanners/scan-composite-action-ast.js";
+import { isWorkflowStructure as n } from "./schema/workflow/is-workflow-structure.js";
+import { findYamlFilesRecursive as r } from "./fs/find-yaml-files-recursive.js";
+import { scanWorkflowAst as i } from "./ast/scanners/scan-workflow-ast.js";
+import { readYamlDocument as a } from "./fs/read-yaml-document.js";
+import { dirname as o, relative as s, resolve as c } from "node:path";
+async function l(l, d) {
 	let f = {
 		compositeActions: /* @__PURE__ */ new Map(),
 		workflows: /* @__PURE__ */ new Map(),
 		actions: []
-	}, p = resolve(u), m = resolve(p, d), h;
+	}, p = c(l), m = c(p, d), h;
 	try {
-		h = await findYamlFilesRecursive(m);
+		h = await r(m);
 	} catch {
 		return f;
 	}
-	let g = h.map(async (o) => {
-		let s = relative(p, o);
+	let g = h.map(async (r) => {
+		let o = s(p, r);
 		try {
-			let { document: c, content: l } = await readYamlDocument(o), u = c.toJSON();
-			if (isWorkflowStructure(u) && hasKey(u, "jobs")) return {
+			let { document: s, content: c } = await a(r), l = s.toJSON();
+			if (n(l) && u(l, "jobs")) return {
 				type: "workflow",
-				path: s,
-				actions: scanWorkflowAst(c, l, o)
+				path: o,
+				actions: i(s, c, r)
 			};
-			if (isCompositeActionStructure(u) && hasKey(u, "runs")) return {
+			if (e(l) && u(l, "runs")) return {
 				type: "action",
-				path: s,
-				actions: scanCompositeActionAst(c, l, o)
+				path: o,
+				actions: t(s, c, r)
 			};
 		} catch {}
 		return null;
 	}), _ = await Promise.all(g);
 	for (let e of _) if (e) if (e.type === "workflow") f.workflows.set(e.path, e.actions), f.actions.push(...e.actions);
 	else {
-		let i = dirname(e.path), a = i === "." || i === "" ? e.path : i;
-		f.compositeActions.set(a, e.path), f.actions.push(...e.actions);
+		let t = o(e.path), n = t === "." || t === "" ? e.path : t;
+		f.compositeActions.set(n, e.path), f.actions.push(...e.actions);
 	}
 	return f;
 }
-function hasKey(e, i) {
-	return typeof e == "object" && !!e && i in e;
+function u(e, t) {
+	return typeof e == "object" && !!e && t in e;
 }
-export { scanRecursive };
+export { l as scanRecursive };

package/dist/core/scan-workflow-file.js

@@ -1,7 +1,7 @@
-import { scanWorkflowAst } from "./ast/scanners/scan-workflow-ast.js";
-import { readYamlDocument } from "./fs/read-yaml-document.js";
-async function scanWorkflowFile(n) {
-	let { document: r, content: i } = await readYamlDocument(n);
-	return scanWorkflowAst(r, i, n);
+import { scanWorkflowAst as e } from "./ast/scanners/scan-workflow-ast.js";
+import { readYamlDocument as t } from "./fs/read-yaml-document.js";
+async function n(n) {
+	let { document: r, content: i } = await t(n);
+	return e(r, i, n);
 }
-export { scanWorkflowFile };
+export { n as scanWorkflowFile };

package/dist/core/schema/composite/is-composite-action-runs.js

@@ -1,4 +1,4 @@
-function isCompositeActionRuns(e) {
+function e(e) {
 	return typeof e != "object" || !e || Array.isArray(e) ? !1 : "using" in e;
 }
-export { isCompositeActionRuns };
+export { e as isCompositeActionRuns };

package/dist/core/schema/composite/is-composite-action-structure.js

@@ -1,6 +1,6 @@
-function isCompositeActionStructure(e) {
+function e(e) {
 	if (typeof e != "object" || !e || Array.isArray(e)) return !1;
 	let t = e;
 	return "name" in t || "description" in t || "runs" in t;
 }
-export { isCompositeActionStructure };
+export { e as isCompositeActionStructure };

package/dist/core/schema/workflow/is-workflow-structure.js

@@ -1,6 +1,6 @@
-function isWorkflowStructure(e) {
+function e(e) {
 	if (typeof e != "object" || !e || Array.isArray(e)) return !1;
 	let t = e;
 	return "on" in t || "name" in t || "jobs" in t;
 }
-export { isWorkflowStructure };
+export { e as isWorkflowStructure };

package/dist/core/updates/resolve-target-reference.js

@@ -1,24 +1,35 @@
-function resolveTargetReference(e, t) {
-	return e.hasUpdate ? t === "sha" || e.currentRefType === "sha" ? e.latestSha ? {
-		...e,
-		targetRef: e.latestSha,
-		targetRefStyle: "sha"
-	} : {
-		...e,
+import { preserveTagFormat as e } from "../versions/preserve-tag-format.js";
+function t(t, n) {
+	if (!t.hasUpdate) return {
+		...t,
 		targetRefStyle: null,
 		targetRef: null
-	} : e.currentRefType === "tag" && e.latestVersion ? {
-		...e,
-		targetRef: e.latestVersion,
-		targetRefStyle: "tag"
+	};
+	if (n === "sha" || t.currentRefType === "sha") return t.latestSha ? {
+		...t,
+		targetRef: t.latestSha,
+		targetRefStyle: "sha"
 	} : {
-		...e,
+		...t,
 		targetRefStyle: null,
 		targetRef: null
-	} : {
-		...e,
+	};
+	if (t.currentRefType === "tag" && t.latestVersion) {
+		let n = e(t.currentVersion, t.latestVersion);
+		return n ? {
+			...t,
+			targetRef: n,
+			targetRefStyle: "tag"
+		} : {
+			...t,
+			targetRefStyle: null,
+			targetRef: null
+		};
+	}
+	return {
+		...t,
 		targetRefStyle: null,
 		targetRef: null
 	};
 }
-export { resolveTargetReference };
+export { t as resolveTargetReference };

package/dist/core/versions/find-compatible-tag.js

@@ -1,27 +1,27 @@
-import { normalizeVersion } from "./normalize-version.js";
-import { isSemverLike } from "./is-semver-like.js";
-import semver from "semver";
-function findCompatibleTag(r, a, o) {
-	if (!a || !isSemverLike(a) || r.length === 0) return null;
-	let s = semver.valid(normalizeVersion(a));
+import { isSemverLike as e } from "./is-semver-like.js";
+import { normalizeVersion as t } from "./normalize-version.js";
+import n from "semver";
+function r(r, a, o) {
+	if (!a || !e(a) || r.length === 0) return null;
+	let s = n.valid(t(a));
 	if (!s) return null;
-	let c = semver.major(s), l = semver.minor(s), u = [];
+	let c = n.major(s), l = n.minor(s), u = [];
 	for (let i of r) {
-		if (!isSemverLike(i.tag)) continue;
-		let r = semver.valid(normalizeVersion(i.tag));
-		r && semver.gt(r, s) && semver.major(r) === c && (o === "patch" && semver.minor(r) !== l || u.push({
+		if (!e(i.tag)) continue;
+		let r = n.valid(t(i.tag));
+		r && n.gt(r, s) && n.major(r) === c && (o === "patch" && n.minor(r) !== l || u.push({
 			tag: i,
 			parsed: r
 		}));
 	}
-	return u.length === 0 ? null : (u.sort((e, n) => {
-		let r = semver.rcompare(e.parsed, n.parsed);
+	return u.length === 0 ? null : (u.sort((e, t) => {
+		let r = n.rcompare(e.parsed, t.parsed);
 		if (r !== 0) return r;
-		let a = getSemverSpecificity(e.tag.tag);
-		return getSemverSpecificity(n.tag.tag) - a;
+		let a = i(e.tag.tag);
+		return i(t.tag.tag) - a;
 	}), u[0].tag);
 }
-function getSemverSpecificity(e) {
+function i(e) {
 	return e.replace(/^v/u, "").split(".").length;
 }
-export { findCompatibleTag };
+export { r as findCompatibleTag };

package/dist/core/versions/get-update-level.js

@@ -1,10 +1,10 @@
-import semver from "semver";
-function getUpdateLevel(t, r) {
+import e from "semver";
+function t(t, r) {
 	if (!t || !r) return "unknown";
-	let i = normalizeVersion(t), a = normalizeVersion(r);
+	let i = n(t), a = n(r);
 	if (!i || !a) return "unknown";
-	if (semver.eq(i, a)) return "none";
-	let o = semver.diff(i, a);
+	if (e.eq(i, a)) return "none";
+	let o = e.diff(i, a);
 	if (!o) return "none";
 	switch (o) {
 		case "premajor":
@@ -16,8 +16,8 @@ function getUpdateLevel(t, r) {
 		default: return "unknown";
 	}
 }
-function normalizeVersion(t) {
-	let n = semver.coerce(t);
+function n(t) {
+	let n = e.coerce(t);
 	return n ? n.version : null;
 }
-export { getUpdateLevel };
+export { t as getUpdateLevel };

package/dist/core/versions/is-semver-like.js

@@ -1,4 +1,4 @@
-function isSemverLike(e) {
+function e(e) {
 	return typeof e == "string" && /^v?\d+(?:\.\d+){0,2}$/u.test(e.trim());
 }
-export { isSemverLike };
+export { e as isSemverLike };

package/dist/core/versions/is-sha.js

@@ -1,6 +1,6 @@
-function isSha(e) {
+function e(e) {
 	if (!e) return !1;
 	let t = e.replace(/^v/u, "");
 	return /^[0-9a-f]{7,40}$/iu.test(t);
 }
-export { isSha };
+export { e as isSha };

package/dist/core/versions/normalize-version.js

@@ -1,9 +1,9 @@
-import semver from "semver";
-function normalizeVersion(t) {
+import e from "semver";
+function t(t) {
 	if (!t) return null;
 	let n = t.replace(/^v/u, "");
 	if (/^[0-9a-f]{7,40}$/iu.test(n)) return t;
-	let r = semver.coerce(n);
+	let r = e.coerce(n);
 	return r ? r.version : t;
 }
-export { normalizeVersion };
+export { t as normalizeVersion };

package/dist/core/versions/preserve-tag-format.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Preserve the semver granularity of the current tag when projecting a newer
+ * tag reference.
+ *
+ * Examples:
+ *
+ * - `v6` + `v7.0.2` -> `v7`
+ * - `v6.1` + `v6.2.3` -> `v6.2`
+ * - `v6.1.4` + `v6.2.3` -> `v6.2.3`.
+ *
+ * Returns null when the target tag cannot be preserved safely.
+ *
+ * @param currentVersion - Current tag reference found in the workflow.
+ * @param latestVersion - Latest resolved tag reference.
+ * @returns Preserved tag reference or null when preservation is unsafe.
+ */
+export declare function preserveTagFormat(currentVersion: undefined | string | null, latestVersion: undefined | string | null): string | null;

package/dist/core/versions/preserve-tag-format.js

@@ -0,0 +1,11 @@
+import { isSemverLike as e } from "./is-semver-like.js";
+function t(t, n) {
+	if (!t || !n) return null;
+	let r = t.trim(), i = n.trim();
+	if (!e(r) || !e(i)) return null;
+	let a = r.startsWith("v");
+	if (a !== i.startsWith("v")) return null;
+	let o = r.replace(/^v/u, "").split("."), s = i.replace(/^v/u, "").split(".");
+	return s.length < o.length ? null : `${a ? "v" : ""}${s.slice(0, o.length).join(".")}`;
+}
+export { t as preserveTagFormat };

package/dist/core/versions/read-inline-version-comment.js

@@ -1,9 +1,9 @@
-import { readFile } from "node:fs/promises";
-async function readInlineVersionComment(t, n, r) {
+import { readFile as e } from "node:fs/promises";
+async function t(t, n, r) {
 	try {
 		if (!t || !n || n <= 0) return null;
 		let i = r?.get(t);
-		i === void 0 && (i = await readFile(t, "utf8"), r && r.set(t, i));
+		i === void 0 && (i = await e(t, "utf8"), r && r.set(t, i));
 		let a = i.split("\n"), o = n - 1;
 		if (o < 0 || o >= a.length) return null;
 		let s = a[o].match(/#\s*(?<version>[Vv]?\d+(?:\.\d+){0,2}(?:[+-][\w\-.]+)?)/u);
@@ -11,4 +11,4 @@ async function readInlineVersionComment(t, n, r) {
 	} catch {}
 	return null;
 }
-export { readInlineVersionComment };
+export { t as readInlineVersionComment };

package/dist/package.js

@@ -1,2 +1,2 @@
-const version = "1.14.0";
-export { version };
+var e = "1.14.2";
+export { e as version };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "actions-up",
-  "version": "1.14.0",
+  "version": "1.14.2",
   "description": "Interactive CLI tool to update GitHub Actions with SHA pinning or preserved refs",
   "keywords": [
     "github-actions",
@@ -40,8 +40,8 @@
     "enquirer": "^2.4.1",
     "nanospinner": "^1.2.2",
     "picocolors": "^1.1.1",
-    "semver": "^7.7.4",
-    "yaml": "^2.8.3"
+    "semver": "^7.8.0",
+    "yaml": "^2.9.0"
   },
   "engines": {
     "node": "^18.0.0 || >=20.0.0"

package/readme.md

@@ -3,9 +3,8 @@
 <img
   src="https://raw.githubusercontent.com/azat-io/actions-up/main/assets/logo.svg"
   alt="Actions Up logo"
-  width="160"
-  height="160"
   align="right"
+  width="160"
 />
 
 [![Version](https://img.shields.io/npm/v/actions-up.svg?color=fff&labelColor=4493f8)](https://npmjs.com/package/actions-up)
@@ -102,7 +101,8 @@ Per-project
 npm install --save-dev actions-up
 ```
 
-Alternatively, you can install Actions Up with [Homebrew](https://brew.sh)
+Alternatively, you can install Actions Up with
+[Homebrew](https://formulae.brew.sh/formula/actions-up)
 
 ```bash
 brew install actions-up
@@ -214,9 +214,11 @@ Use `--style preserve` to keep the current reference style:
 npx actions-up --style preserve
 ```
 
-`preserve` keeps tag references on tags and SHA references on SHAs. For example,
-`actions/checkout@v5` updates to `actions/checkout@v6.0.2`, while a SHA-pinned
-action continues updating to the latest resolved SHA.
+`preserve` keeps tag references on tags and SHA references on SHAs. Tag refs
+also keep their granularity, so `actions/checkout@v5` updates to
+`actions/checkout@v6`, while `actions/checkout@v5.0` updates to
+`actions/checkout@v6.0`. A SHA-pinned action continues updating to the latest
+resolved SHA.
 
 ## GitHub Actions Integration