actions-up 1.2.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/core/api/client.js +42 -11
  2. package/dist/package.js +1 -1
  3. package/package.json +1 -1
  4. package/readme.md +4 -130
package/dist/core/api/client.js CHANGED
@@ -32,19 +32,45 @@ var Client = class Client {
32
32
  try {
33
33
  let releaseResp = await this.makeRequest(`/repos/${owner}/${repo}/releases/tags/${displayTag}`);
34
34
  let releaseData = releaseResp.data;
35
+ let date = releaseData.published_at ? new Date(releaseData.published_at) : null;
36
+ let message = releaseData.body ?? null;
35
37
  let sha = null;
36
- if (releaseData.target_commitish) try {
37
- let commitResp = await this.makeRequest(`/repos/${owner}/${repo}/commits/${releaseData.target_commitish}`);
38
- let commitData = commitResp.data;
39
- ({sha} = commitData);
38
+ try {
39
+ let referenceResp = await this.makeRequest(`/repos/${owner}/${repo}/git/refs/tags/${displayTag}`);
40
+ let referenceData = referenceResp.data;
41
+ let objectSha = referenceData.object.sha;
42
+ let objectType = referenceData.object.type;
43
+ if (objectSha && objectType === "tag") try {
44
+ let tagResp = await this.makeRequest(`/repos/${owner}/${repo}/git/tags/${objectSha}`);
45
+ let tagData = tagResp.data;
46
+ let tagObject = tagData.object;
47
+ sha = tagObject?.sha ?? null;
48
+ let taggerDate = tagData.tagger?.date;
49
+ if (!date && taggerDate) date = new Date(taggerDate);
50
+ let tagMessage = tagData.message;
51
+ if (!message && typeof tagMessage === "string") message = tagMessage;
52
+ } catch {
53
+ sha = objectSha;
54
+ }
55
+ else if (objectSha && objectType === "commit") {
56
+ sha = objectSha;
57
+ if (!date || !message) try {
58
+ let commitResp = await this.makeRequest(`/repos/${owner}/${repo}/git/commits/${objectSha}`);
59
+ let commitData = commitResp.data;
60
+ let { message: commitMessage } = commitData;
61
+ if (!message && typeof commitMessage === "string") message = commitMessage;
62
+ let authorDate = commitData.author?.date;
63
+ if (!date && authorDate) date = new Date(authorDate);
64
+ } catch {}
65
+ }
40
66
  } catch {
41
- sha = releaseData.target_commitish;
67
+ if (isLikelySha(releaseData.target_commitish)) sha = releaseData.target_commitish;
42
68
  }
43
69
  return {
44
- date: releaseData.published_at ? new Date(releaseData.published_at) : null,
45
- sha: sha ?? releaseData.target_commitish,
46
- message: releaseData.body ?? null,
47
- tag: displayTag
70
+ tag: displayTag,
71
+ message,
72
+ date,
73
+ sha
48
74
  };
49
75
  } catch (releaseError) {
50
76
  if (releaseError && typeof releaseError === "object" && "status" in releaseError && releaseError.status === 404) try {
@@ -94,7 +120,7 @@ var Client = class Client {
94
120
  let tagInfo = await this.getTagInfo(owner, repo, release.tag_name);
95
121
  if (tagInfo) ({sha} = tagInfo);
96
122
  } catch {
97
- sha = release.target_commitish;
123
+ sha = isLikelySha(release.target_commitish) ? release.target_commitish : null;
98
124
  }
99
125
  releaseInfos.push({
100
126
  publishedAt: new Date(release.published_at),
@@ -121,7 +147,7 @@ var Client = class Client {
121
147
  let tagInfo = await this.getTagInfo(owner, repo, release.tag_name);
122
148
  if (tagInfo) ({sha} = tagInfo);
123
149
  } catch {
124
- sha = release.target_commitish;
150
+ sha = isLikelySha(release.target_commitish) ? release.target_commitish : null;
125
151
  }
126
152
  return {
127
153
  publishedAt: new Date(release.published_at),
@@ -258,4 +284,9 @@ function resolveGitHubTokenSync() {
258
284
  } catch {}
259
285
  return void 0;
260
286
  }
287
+ function isLikelySha(value) {
288
+ if (typeof value !== "string" || value.trim() === "") return false;
289
+ let normalized = value.replace(/^v/u, "");
290
+ return /^[0-9a-f]{7,40}$/iu.test(normalized);
291
+ }
261
292
  export { Client };
package/dist/package.js CHANGED
@@ -1,2 +1,2 @@
1
- const version = "1.2.0";
1
+ const version = "1.2.1";
2
2
  export { version };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "actions-up",
3
- "version": "1.2.0",
3
+ "version": "1.2.1",
4
4
  "description": "Interactive CLI tool to update GitHub Actions to latest versions with SHA pinning",
5
5
  "keywords": [
6
6
  "github-actions",
package/readme.md CHANGED
@@ -23,8 +23,8 @@ Interactively upgrade and pin actions to exact commit SHAs for secure, reproduci
23
23
  - **Batch Updates**: Update multiple actions at once
24
24
  - **Interactive Selection**: Choose which actions to update
25
25
  - **Breaking Changes Detection**: Warns about major version updates
26
- - **Fast & Efficient**: Parallel processing with optimized API calls
27
- - **CI/CD Integration**: Can be used as a GitHub Action for automated PR checks
26
+ - **Fast & Efficient**: Optimized API usage with deduped lookups
27
+ - **CI/CD Integration**: Use in GitHub Actions workflows for automated PR checks
28
28
 
29
29
  ###
30
30
 
@@ -167,15 +167,8 @@ jobs:
167
167
  echo "Running actions-up to check for updates..."
168
168
  actions-up --dry-run > actions-up-raw.txt 2>&1 || true
169
169
 
170
- # Strip ANSI color codes from the output
171
- sed -i 's/\x1b\[[0-9;]*m//g' actions-up-raw.txt
172
-
173
- # Also remove any other control characters
174
- sed -i 's/\x1b\[[0-9;]*[a-zA-Z]//g' actions-up-raw.txt
175
-
176
170
  # Parse the output to detect updates
177
- # Look for patterns like "v3 v4" or "would be updated"
178
- if grep -E "(→|would be updated|Update available)" actions-up-raw.txt > /dev/null 2>&1; then
171
+ if grep -q "→" actions-up-raw.txt; then
179
172
  HAS_UPDATES=true
180
173
  # Count the number of updates (lines with arrows)
181
174
  UPDATE_COUNT=$(grep -c "→" actions-up-raw.txt || echo "0")
@@ -198,67 +191,11 @@ jobs:
198
191
  echo "## GitHub Actions Update Report"
199
192
  echo ""
200
193
 
201
- # Extract summary information
202
- TOTAL_ACTIONS=$(grep -oP 'Found \K[0-9]+(?= actions)' actions-up-raw.txt | head -1 || echo "0")
203
- BREAKING_UPDATES=$(grep -oP '\(([0-9]+) breaking\)' actions-up-raw.txt | grep -oP '[0-9]+' || echo "0")
204
-
205
194
  echo "### Summary"
206
- echo "- **Total actions scanned:** $TOTAL_ACTIONS"
207
195
  echo "- **Updates available:** $UPDATE_COUNT"
208
- if [ "$BREAKING_UPDATES" != "0" ]; then
209
- echo "- **Breaking changes:** $BREAKING_UPDATES"
210
- fi
211
196
  echo ""
212
197
 
213
- echo "### Available Updates"
214
- echo ""
215
-
216
- # Format the updates in a table
217
- echo "| Workflow File | Action | Current | Available | Type | Release Notes |"
218
- echo "|--------------|--------|---------|-----------|------|---------------|"
219
-
220
- # Parse each update line
221
- grep "→" actions-up-raw.txt | while IFS= read -r line; do
222
- # Extract workflow file path (remove leading path)
223
- if echo "$line" | grep -q "\.github/workflows/"; then
224
- PREV_FILE=$(echo "$line" | grep -oP '\.github/workflows/[^:]+' | head -1)
225
- fi
226
-
227
- # Skip file path lines, process only action updates
228
- if echo "$line" | grep -q ": .* → "; then
229
- # Extract action name and versions
230
- ACTION=$(echo "$line" | cut -d: -f1 | xargs)
231
- CURRENT=$(echo "$line" | grep -oP 'v[0-9]+(\.[0-9]+)*' | head -1)
232
- NEW=$(echo "$line" | grep -oP '→ \Kv[0-9]+(\.[0-9]+)*' | head -1)
233
-
234
- # Determine if it's a breaking change
235
- CURRENT_MAJOR=$(echo "$CURRENT" | grep -oP 'v\K[0-9]+' || echo "0")
236
- NEW_MAJOR=$(echo "$NEW" | grep -oP 'v\K[0-9]+' || echo "0")
237
-
238
- if [ "$CURRENT_MAJOR" != "$NEW_MAJOR" ]; then
239
- TYPE="Breaking"
240
- # Generate release URL
241
- # Handle both owner/repo and just repo formats
242
- if echo "$ACTION" | grep -q "/"; then
243
- REPO_PATH="$ACTION"
244
- else
245
- # For actions without owner, assume it's under 'actions' org
246
- REPO_PATH="actions/$ACTION"
247
- fi
248
- RELEASE_URL="https://github.com/${REPO_PATH}/releases/tag/${NEW}"
249
- RELEASE_LINK="[Release](${RELEASE_URL})"
250
- else
251
- TYPE="Minor"
252
- RELEASE_LINK="-"
253
- fi
254
-
255
- # Output table row
256
- WORKFLOW_NAME=$(basename "$PREV_FILE" 2>/dev/null || echo "workflow.yml")
257
- echo "| \`$WORKFLOW_NAME\` | $ACTION | $CURRENT | **$NEW** | $TYPE | $RELEASE_LINK |"
258
- fi
259
- done
260
-
261
- echo ""
198
+ # See the raw output above for details.
262
199
  echo "### How to Update"
263
200
  echo ""
264
201
  echo "You have several options to update these actions:"
@@ -275,42 +212,6 @@ jobs:
275
212
  echo "3. Edit the workflow files and update the version numbers"
276
213
  echo "4. Test the changes in your CI/CD pipeline"
277
214
  echo ""
278
- echo "#### Option 3: Selective Update"
279
- echo '```bash'
280
- echo "# Update only non-breaking changes"
281
- echo "npx actions-up --breaking false"
282
- echo '```'
283
- echo ""
284
-
285
- if [ "$BREAKING_UPDATES" != "0" ]; then
286
- echo "### Breaking Changes Warning"
287
- echo ""
288
- echo "This update includes **$BREAKING_UPDATES breaking change(s)**. Please review the release notes before updating:"
289
- echo ""
290
- grep "→" actions-up-raw.txt | while IFS= read -r line; do
291
- if echo "$line" | grep -q ": .* → "; then
292
- ACTION=$(echo "$line" | cut -d: -f1 | xargs)
293
- CURRENT=$(echo "$line" | grep -oP 'v[0-9]+' | head -1)
294
- NEW=$(echo "$line" | grep -oP '→ \Kv[0-9]+(\.[0-9]+)*' | head -1)
295
- CURRENT_MAJOR=$(echo "$CURRENT" | grep -oP '[0-9]+' || echo "0")
296
- NEW_MAJOR=$(echo "$NEW" | grep -oP '[0-9]+' || echo "0")
297
- if [ "$CURRENT_MAJOR" != "$NEW_MAJOR" ]; then
298
- # Generate release URL
299
- if echo "$ACTION" | grep -q "/"; then
300
- REPO_PATH="$ACTION"
301
- else
302
- REPO_PATH="actions/$ACTION"
303
- fi
304
- RELEASE_URL="https://github.com/${REPO_PATH}/releases/tag/${NEW}"
305
- echo "- **$ACTION**: $CURRENT → $NEW - [View Release Notes](${RELEASE_URL})"
306
- fi
307
- fi
308
- done
309
- echo ""
310
- echo "**Important:** Breaking changes may require modifications to your workflow configuration. Always review the release notes and test thoroughly."
311
- echo ""
312
- fi
313
-
314
215
  echo "---"
315
216
  echo ""
316
217
  echo "<details>"
@@ -440,17 +341,6 @@ jobs:
440
341
 
441
342
  </details>
442
343
 
443
- ### Advanced PR Integration with Comments
444
-
445
- For a more sophisticated integration that comments directly on PRs with detailed update information, check out our [example workflow with PR comments](https://github.com/azat-io/actions-up/blob/main/examples/workflows/check-with-comments.yml).
446
-
447
- This advanced workflow:
448
-
449
- - Comments on PRs with a formatted table of available updates
450
- - Adds labels to PRs with outdated actions
451
- - Includes links to release notes for breaking changes
452
- - Updates existing comments instead of creating duplicates
453
-
454
344
  ### Scheduled Checks
455
345
 
456
346
  You can also set up scheduled checks to stay informed about updates:
@@ -518,22 +408,6 @@ Or in GitHub Actions:
518
408
  run: npx actions-up --dry-run
519
409
  ```
520
410
 
521
- ### Command Line Options
522
-
523
- ```bash
524
- # Update all actions without prompts
525
- npx actions-up --yes
526
-
527
- # Check for updates without making changes
528
- npx actions-up --dry-run
529
-
530
- # Update only non-breaking changes
531
- npx actions-up --breaking false
532
-
533
- # Specify custom workflow directory
534
- npx actions-up --workflows ./custom/workflows
535
- ```
536
-
537
411
  ## Security
538
412
 
539
413
  Actions Up promotes security best practices: