actions-up 1.2.1 → 1.3.1

package/dist/cli/index.js

@@ -32,10 +32,10 @@ function run() {
 				console.info(pc.green("\n✨ Everything is already at the latest version!\n"));
 				return;
 			}
-			spinner.success(`Found ${pc.yellow(outdated.length)} updates available${breaking.length > 0 ? ` (${pc.red(breaking.length)} breaking)` : ""}`);
+			spinner.success(`Found ${pc.yellow(outdated.length)} updates available${breaking.length > 0 ? ` (${pc.redBright(breaking.length)} breaking)` : ""}`);
 			if (options.dryRun) {
 				console.info(pc.yellow("\n📋 Dry Run - No changes will be made\n"));
-				for (let update of outdated) console.info(`${pc.cyan(update.action.file ?? "unknown")}:\n${update.action.name}: ${pc.red(update.currentVersion)} → ${pc.green(update.latestVersion)} ${update.latestSha ? pc.gray(`(${update.latestSha.slice(0, 7)})`) : ""}\n`);
+				for (let update of outdated) console.info(`${pc.cyan(update.action.file ?? "unknown")}:\n${update.action.name}: ${pc.redBright(update.currentVersion)} → ${pc.green(update.latestVersion)} ${update.latestSha ? pc.gray(`(${update.latestSha.slice(0, 7)})`) : ""}\n`);
 				console.info(pc.gray(`\n${outdated.length} actions would be updated\n`));
 				return;
 			}
@@ -64,7 +64,7 @@ function run() {
 				console.error(pc.yellow("\n⚠️ Rate Limit Exceeded\n"));
 				console.error(error.message);
 				console.error(pc.gray("\nExample: GITHUB_TOKEN=ghp_xxxx actions-up\n"));
-			} else console.error(pc.red("\nError:"), error instanceof Error ? error.message : String(error));
+			} else console.error(pc.redBright("\nError:"), error instanceof Error ? error.message : String(error));
 			process.exit(1);
 		}
 	});

package/dist/core/api/check-updates.js

@@ -1,7 +1,7 @@
-import { Client } from "./client.js";
+import { createGitHubClient } from "./create-github-client.js";
 import semver from "semver";
 async function checkUpdates(actions, token) {
-	let client = new Client(token);
+	let client = createGitHubClient(token);
 	let externalActions = actions.filter((action) => action.type === "external");
 	if (externalActions.length === 0) return [];
 	let uniqueActions = /* @__PURE__ */ new Map();
@@ -35,7 +35,7 @@ async function checkUpdates(actions, token) {
 		try {
 			let currentVersions = uniqueActions.get(actionName);
 			let firstVersion = currentVersions[0]?.version;
-			if (firstVersion) {
+			if (firstVersion && !isSha(firstVersion) && !isSemverLike(firstVersion)) {
 				let referenceType = await client.getRefType(owner, repo, firstVersion);
 				if (referenceType === "branch") return [...results, {
 					version: null,
@@ -45,27 +45,82 @@ async function checkUpdates(actions, token) {
 			}
 			let release = await client.getLatestRelease(owner, repo);
 			if (!release) {
-				let allReleases = await client.getAllReleases(owner, repo, 10);
+				let allReleases = await client.getAllReleases(owner, repo, 1);
 				let stableRelease = allReleases.find((currentRelease) => !currentRelease.isPrerelease);
 				release = stableRelease ?? allReleases[0] ?? null;
 			}
-			if (!release) {
-				let tags = await client.getAllTags(owner, repo, 30);
-				if (tags.length > 0) {
-					let semverTag = tags.find((tag) => /^v?\d+(?:\.\d+){0,2}/u.test(tag.tag));
-					let latestTag = semverTag ?? tags[0];
-					if (latestTag) return [...results, {
-						version: latestTag.tag,
-						sha: latestTag.sha,
-						actionName
-					}];
-				}
-			}
 			if (release) {
 				let { version, sha } = release;
-				if (!sha) try {
-					let tagInfo = await client.getTagInfo(owner, repo, version);
-					sha = tagInfo?.sha ?? null;
+				let considerTags = false;
+				{
+					let normalized = normalizeVersion(version);
+					let hasVersion = Boolean(version && version.trim() !== "");
+					let majorOnly = hasVersion && /^v?\d+$/u.test(version.trim());
+					let valid = semver.valid(normalized);
+					considerTags = !hasVersion || majorOnly || !valid;
+				}
+				if (considerTags) {
+					let tags$1 = await client.getAllTags(owner, repo, 30);
+					if (tags$1.length > 0) {
+						let semverCandidates = tags$1.filter((tag) => isSemverLike(tag.tag)).map((tag) => ({
+							v: semver.valid(normalizeVersion(tag.tag)),
+							raw: tag
+						}));
+						if (semverCandidates.length > 0) {
+							semverCandidates.sort((a, b) => {
+								let cmp = semver.rcompare(a.v, b.v);
+								if (cmp !== 0) return cmp;
+								let aSpecific = /\d+\.\d+/u.test(a.raw.tag) ? 1 : 0;
+								let bSpecific = /\d+\.\d+/u.test(b.raw.tag) ? 1 : 0;
+								return bSpecific - aSpecific;
+							});
+							let best = semverCandidates[0].raw;
+							let releaseSem = semver.valid(normalizeVersion(version) ?? void 0);
+							if (!releaseSem || semver.gt(semverCandidates[0].v, releaseSem) || semver.eq(semverCandidates[0].v, releaseSem) && /\d+\.\d+/u.test(best.tag)) {
+								let tagVersion = best.tag;
+								let tagSha = best.sha?.length ? best.sha : null;
+								if (!tagSha && tagVersion) try {
+									tagSha = await client.getTagSha(owner, repo, tagVersion);
+								} catch {}
+								return [...results, {
+									version: tagVersion,
+									sha: tagSha,
+									actionName
+								}];
+							}
+						}
+					}
+				}
+				if (!sha && version) try {
+					sha = await client.getTagSha(owner, repo, version);
+				} catch {}
+				return [...results, {
+					actionName,
+					version,
+					sha
+				}];
+			}
+			let tags = await client.getAllTags(owner, repo, 30);
+			if (tags.length > 0) {
+				let semverCandidates = tags.filter((tag) => isSemverLike(tag.tag)).map((tag) => ({
+					v: semver.valid(normalizeVersion(tag.tag)),
+					raw: tag
+				}));
+				let best;
+				if (semverCandidates.length > 0) {
+					semverCandidates.sort((a, b) => {
+						let cmp = semver.rcompare(a.v, b.v);
+						if (cmp !== 0) return cmp;
+						let aSpecific = /\d+\.\d+/u.test(a.raw.tag) ? 1 : 0;
+						let bSpecific = /\d+\.\d+/u.test(b.raw.tag) ? 1 : 0;
+						return bSpecific - aSpecific;
+					});
+					best = semverCandidates[0].raw;
+				} else best = tags[0];
+				let version = best.tag;
+				let sha = best.sha?.length ? best.sha : null;
+				if (!sha && version) try {
+					sha = await client.getTagSha(owner, repo, version);
 				} catch {}
 				return [...results, {
 					actionName,
@@ -168,4 +223,9 @@ function isSha(value) {
 	let normalized = value.replace(/^v/u, "");
 	return /^[0-9a-f]{7,40}$/iu.test(normalized);
 }
+function isSemverLike(value) {
+	if (!value) return false;
+	let normalized = value.trim();
+	return /^v?\d+(?:\.\d+){0,2}$/u.test(normalized);
+}
 export { checkUpdates };

package/dist/core/api/create-github-client.d.ts

@@ -0,0 +1,8 @@
+import { GitHubClient } from '../../types/github-client';
+/**
+ * Create a functional GitHub API client with internal caches and rate-limit.
+ *
+ * @param token - Optional GitHub token override.
+ * @returns Client with bound methods.
+ */
+export declare function createGitHubClient(token?: string): GitHubClient;

package/dist/core/api/create-github-client.js

@@ -0,0 +1,55 @@
+import { resolveGitHubTokenSync } from "./resolve-github-token-sync.js";
+import { getReferenceType } from "./get-reference-type.js";
+import { getLatestRelease } from "./get-latest-release.js";
+import { getAllReleases } from "./get-all-releases.js";
+import { getTagInfo } from "./get-tag-info.js";
+import { getAllTags } from "./get-all-tags.js";
+import { getTagSha } from "./get-tag-sha.js";
+function createGitHubClient(token) {
+	let resolved = token ?? process.env["GITHUB_TOKEN"] ?? resolveGitHubTokenSync();
+	let context = {
+		caches: {
+			refType: /* @__PURE__ */ new Map(),
+			tagInfo: /* @__PURE__ */ new Map(),
+			tagSha: /* @__PURE__ */ new Map()
+		},
+		rateLimitRemaining: resolved ? 5e3 : 60,
+		baseUrl: "https://api.github.com",
+		rateLimitReset: /* @__PURE__ */ new Date(),
+		token: resolved
+	};
+	return {
+		getRateLimitStatus: () => ({
+			remaining: context.rateLimitRemaining,
+			resetAt: context.rateLimitReset
+		}),
+		getRefType: (owner, repo, reference) => getReferenceType(context, {
+			reference,
+			owner,
+			repo
+		}),
+		shouldWaitForRateLimit: (threshold = 100) => context.rateLimitRemaining < threshold,
+		getAllReleases: (owner, repo, limit) => getAllReleases(context, {
+			owner,
+			limit,
+			repo
+		}),
+		getAllTags: (owner, repo, limit) => getAllTags(context, {
+			owner,
+			limit,
+			repo
+		}),
+		getTagInfo: (owner, repo, tag) => getTagInfo(context, {
+			owner,
+			repo,
+			tag
+		}),
+		getLatestRelease: (owner, repo) => getLatestRelease(context, owner, repo),
+		getTagSha: (owner, repo, tag) => getTagSha(context, {
+			owner,
+			repo,
+			tag
+		})
+	};
+}
+export { createGitHubClient };

package/dist/core/api/get-all-releases.d.ts

@@ -0,0 +1,20 @@
+import { GitHubClientContext } from '../../types/github-client-context';
+import { ReleaseInfo } from '../../types/release-info';
+/**
+ * Fetch releases for a repository.
+ *
+ * Resolves SHA only for the first returned release via target_commitish when it
+ * looks like a SHA; further enrichment happens at higher levels when needed.
+ *
+ * @param context - Client context.
+ * @param parameters - Request parameters.
+ * @param parameters.owner - Repository owner.
+ * @param parameters.repo - Repository name.
+ * @param parameters.limit - Maximum number of releases to fetch (default 10).
+ * @returns Array of normalized release information.
+ */
+export declare function getAllReleases(context: GitHubClientContext, parameters: {
+    limit?: number;
+    owner: string;
+    repo: string;
+}): Promise<ReleaseInfo[]>;

package/dist/core/api/get-all-releases.js

@@ -0,0 +1,35 @@
+import { makeRequest } from "./make-request.js";
+import { GitHubRateLimitError } from "./internal-rate-limit-error.js";
+async function getAllReleases(context, parameters) {
+	try {
+		let { limit = 10, owner, repo } = parameters;
+		let releasesResp = await makeRequest(context, `/repos/${owner}/${repo}/releases?per_page=${limit}`);
+		let releases = releasesResp.data;
+		let releaseInfos = [];
+		let i = 0;
+		for (let release of releases) {
+			let sha = null;
+			if (i === 0 && release.tag_name) sha = isLikelySha(release.target_commitish) ? release.target_commitish : null;
+			releaseInfos.push({
+				publishedAt: new Date(release.published_at),
+				name: release.name ?? release.tag_name,
+				description: release.body ?? null,
+				isPrerelease: release.prerelease,
+				version: release.tag_name,
+				url: release.html_url,
+				sha
+			});
+			i++;
+		}
+		return releaseInfos;
+	} catch (error) {
+		if (error instanceof Error && error.message.includes("rate limit")) throw new GitHubRateLimitError(context.rateLimitReset);
+		throw error;
+	}
+}
+function isLikelySha(value) {
+	if (typeof value !== "string" || value.trim() === "") return false;
+	let normalized = value.replace(/^v/u, "");
+	return /^[0-9a-f]{7,40}$/iu.test(normalized);
+}
+export { getAllReleases };

package/dist/core/api/get-all-tags.d.ts

@@ -0,0 +1,17 @@
+import { GitHubClientContext } from '../../types/github-client-context';
+import { TagInfo } from '../../types/tag-info';
+/**
+ * Fetch tags list.
+ *
+ * @param context - Client context.
+ * @param parameters - Request parameters.
+ * @param parameters.owner - Repository owner.
+ * @param parameters.repo - Repository name.
+ * @param parameters.limit - Max items.
+ * @returns TagInfo array.
+ */
+export declare function getAllTags(context: GitHubClientContext, parameters: {
+    limit?: number;
+    owner: string;
+    repo: string;
+}): Promise<TagInfo[]>;

package/dist/core/api/get-all-tags.js

@@ -0,0 +1,13 @@
+import { makeRequest } from "./make-request.js";
+async function getAllTags(context, parameters) {
+	let { limit = 30, owner, repo } = parameters;
+	let resp = await makeRequest(context, `/repos/${owner}/${repo}/tags?per_page=${limit}`);
+	let tags = resp.data;
+	return tags.map((tag) => ({
+		sha: tag.commit.sha,
+		tag: tag.name,
+		message: null,
+		date: null
+	}));
+}
+export { getAllTags };

package/dist/core/api/get-latest-release.d.ts

@@ -0,0 +1,15 @@
+import { GitHubClientContext } from '../../types/github-client-context';
+import { ReleaseInfo } from '../../types/release-info';
+/**
+ * Fetch the latest release for a repository.
+ *
+ * If the latest release does not exist (404), returns null. The commit SHA is
+ * taken from target_commitish only when it looks like a SHA; otherwise SHA is
+ * left null and may be resolved later via tag lookups.
+ *
+ * @param context - Client context.
+ * @param owner - Repository owner.
+ * @param repo - Repository name.
+ * @returns Last release info or null when no latest release exists.
+ */
+export declare function getLatestRelease(context: GitHubClientContext, owner: string, repo: string): Promise<ReleaseInfo | null>;

package/dist/core/api/get-latest-release.js

@@ -0,0 +1,28 @@
+import { makeRequest } from "./make-request.js";
+import { GitHubRateLimitError } from "./internal-rate-limit-error.js";
+async function getLatestRelease(context, owner, repo) {
+	try {
+		let releaseResp = await makeRequest(context, `/repos/${owner}/${repo}/releases/latest`);
+		let release = releaseResp.data;
+		let sha = isLikelySha(release.target_commitish) ? release.target_commitish : null;
+		return {
+			publishedAt: new Date(release.published_at),
+			name: release.name ?? release.tag_name,
+			description: release.body ?? null,
+			isPrerelease: release.prerelease,
+			version: release.tag_name,
+			url: release.html_url,
+			sha
+		};
+	} catch (error) {
+		if (error && typeof error === "object" && "status" in error && error.status === 404) return null;
+		if (error instanceof Error && error.message.includes("rate limit")) throw new GitHubRateLimitError(context.rateLimitReset);
+		throw error;
+	}
+}
+function isLikelySha(value) {
+	if (typeof value !== "string" || value.trim() === "") return false;
+	let normalized = value.replace(/^v/u, "");
+	return /^[0-9a-f]{7,40}$/iu.test(normalized);
+}
+export { getLatestRelease };

package/dist/core/api/get-reference-type.d.ts

@@ -0,0 +1,16 @@
+import { GitHubClientContext } from '../../types/github-client-context';
+/**
+ * Detect whether a reference is a tag or a branch.
+ *
+ * @param context - Client context.
+ * @param parameters - Request parameters.
+ * @param parameters.owner - Repository owner.
+ * @param parameters.repo - Repository name.
+ * @param parameters.reference - Reference name.
+ * @returns 'tag' | 'branch' | null.
+ */
+export declare function getReferenceType(context: GitHubClientContext, parameters: {
+    reference: string;
+    owner: string;
+    repo: string;
+}): Promise<'branch' | 'tag' | null>;

package/dist/core/api/get-reference-type.js

@@ -0,0 +1,21 @@
+import { makeRequest } from "./make-request.js";
+async function getReferenceType(context, parameters) {
+	let { reference, owner, repo } = parameters;
+	let cacheKey = `${owner}/${repo}#${reference}`;
+	if (context.caches.refType.has(cacheKey)) return context.caches.refType.get(cacheKey) ?? null;
+	try {
+		await makeRequest(context, `/repos/${owner}/${repo}/git/refs/tags/${reference}`);
+		context.caches.refType.set(cacheKey, "tag");
+		return "tag";
+	} catch {
+		try {
+			await makeRequest(context, `/repos/${owner}/${repo}/git/refs/heads/${reference}`);
+			context.caches.refType.set(cacheKey, "branch");
+			return "branch";
+		} catch {
+			context.caches.refType.set(cacheKey, null);
+			return null;
+		}
+	}
+}
+export { getReferenceType };

package/dist/core/api/get-tag-info.d.ts

@@ -0,0 +1,19 @@
+import { GitHubClientContext } from '../../types/github-client-context';
+import { TagInfo } from '../../types/tag-info';
+/**
+ * Fetch tag information by tag name. Tries release-by-tag first to obtain
+ * metadata (date/message), then resolves the commit SHA via refs. Falls back to
+ * refs-only lookup when release-by-tag is not found.
+ *
+ * @param context - Client context.
+ * @param parameters - Request parameters.
+ * @param parameters.owner - Repository owner.
+ * @param parameters.repo - Repository name.
+ * @param parameters.tag - Tag name (may include 'refs/tags/' prefix).
+ * @returns TagInfo object or null when tag cannot be found.
+ */
+export declare function getTagInfo(context: GitHubClientContext, parameters: {
+    owner: string;
+    repo: string;
+    tag: string;
+}): Promise<TagInfo | null>;

package/dist/core/api/get-tag-info.js

@@ -0,0 +1,96 @@
+import { makeRequest } from "./make-request.js";
+import { GitHubRateLimitError } from "./internal-rate-limit-error.js";
+async function getTagInfo(context, parameters) {
+	try {
+		let { owner, repo, tag } = parameters;
+		let displayTag = tag.replace(/^refs\/tags\//u, "");
+		let cacheKey = `${owner}/${repo}#${displayTag}`;
+		if (context.caches.tagInfo.has(cacheKey)) return context.caches.tagInfo.get(cacheKey) ?? null;
+		try {
+			let releaseResp = await makeRequest(context, `/repos/${owner}/${repo}/releases/tags/${displayTag}`);
+			let releaseData = releaseResp.data;
+			let date = releaseData.published_at ? new Date(releaseData.published_at) : null;
+			let message = releaseData.body ?? null;
+			let sha = null;
+			try {
+				let referenceResp = await makeRequest(context, `/repos/${owner}/${repo}/git/refs/tags/${displayTag}`);
+				let referenceData = referenceResp.data;
+				let { type: objectType, sha: objectSha } = referenceData.object;
+				if (objectSha && objectType === "tag") try {
+					let tagResp = await makeRequest(context, `/repos/${owner}/${repo}/git/tags/${objectSha}`);
+					let tagData = tagResp.data;
+					sha = tagData.object.sha ?? objectSha;
+					let taggerDate = tagData.tagger?.date;
+					if (!date && taggerDate) date = new Date(taggerDate);
+					if (!message && typeof tagData.message === "string") ({message} = tagData);
+				} catch {
+					sha = objectSha;
+				}
+				else if (objectSha && objectType === "commit") {
+					sha = objectSha;
+					if (!date || !message) try {
+						let commitResp = await makeRequest(context, `/repos/${owner}/${repo}/git/commits/${objectSha}`);
+						let { message: commitMessage, author } = commitResp.data;
+						if (!message && typeof commitMessage === "string") message = commitMessage;
+						let authorDate = author?.date;
+						if (!date && authorDate) date = new Date(authorDate);
+					} catch (error) {}
+				}
+			} catch {
+				if (isLikelySha(releaseData.target_commitish)) sha = releaseData.target_commitish;
+			}
+			let result = {
+				tag: displayTag,
+				message,
+				date,
+				sha
+			};
+			context.caches.tagInfo.set(cacheKey, result);
+			return result;
+		} catch {
+			try {
+				let referenceResp = await makeRequest(context, `/repos/${owner}/${repo}/git/refs/tags/${displayTag}`);
+				let referenceData = referenceResp.data;
+				let { sha } = referenceData.object;
+				let message = null;
+				let date = null;
+				if (referenceData.object.type === "tag") try {
+					let tagResp = await makeRequest(context, `/repos/${owner}/${repo}/git/tags/${sha}`);
+					let tagData = tagResp.data;
+					sha = tagData.object.sha ?? sha;
+					message = tagData.message ?? null;
+					date = tagData.tagger.date ? new Date(tagData.tagger.date) : null;
+				} catch (error) {}
+				else try {
+					let commitResp = await makeRequest(context, `/repos/${owner}/${repo}/git/commits/${sha}`);
+					let commitData = commitResp.data;
+					message = commitData.message ?? null;
+					date = commitData.author.date ? new Date(commitData.author.date) : null;
+				} catch (error) {}
+				let result = {
+					tag: displayTag,
+					message,
+					date,
+					sha
+				};
+				context.caches.tagInfo.set(cacheKey, result);
+				return result;
+			} catch (tagError) {
+				if (tagError && typeof tagError === "object" && "status" in tagError) {
+					context.caches.tagInfo.set(cacheKey, null);
+					return null;
+				}
+				throw tagError;
+			}
+		}
+	} catch (error) {
+		if (error instanceof Error && error.message.includes("rate limit")) throw new GitHubRateLimitError(context.rateLimitReset);
+		throw error;
+	}
+}
+function isLikelySha(value) {
+	if (typeof value !== "string" || value.trim() === "") return false;
+	let normalized = value.replace(/^v/u, "");
+	return /^[0-9a-f]{7,40}$/iu.test(normalized);
+}
+export { getTagInfo };

package/dist/core/api/get-tag-sha.d.ts

@@ -0,0 +1,19 @@
+import { GitHubClientContext } from '../../types/github-client-context';
+/**
+ * Resolve commit SHA for a tag without fetching commit metadata.
+ *
+ * Prefers annotated tag target when present; otherwise falls back to the
+ * lightweight tag (commit) SHA.
+ *
+ * @param context - Client context.
+ * @param parameters - Request parameters.
+ * @param parameters.owner - Repository owner.
+ * @param parameters.repo - Repository name.
+ * @param parameters.tag - Tag name (may include 'refs/tags/' prefix).
+ * @returns Commit SHA or null if it cannot be determined.
+ */
+export declare function getTagSha(context: GitHubClientContext, parameters: {
+    owner: string;
+    repo: string;
+    tag: string;
+}): Promise<string | null>;

package/dist/core/api/get-tag-sha.js

@@ -0,0 +1,30 @@
+import { makeRequest } from "./make-request.js";
+import { GitHubRateLimitError } from "./internal-rate-limit-error.js";
+async function getTagSha(context, parameters) {
+	let { owner, repo, tag } = parameters;
+	let displayTag = tag.replace(/^refs\/tags\//u, "");
+	let cacheKey = `${owner}/${repo}#${displayTag}`;
+	if (context.caches.tagSha.has(cacheKey)) return context.caches.tagSha.get(cacheKey) ?? null;
+	try {
+		let referenceResp = await makeRequest(context, `/repos/${owner}/${repo}/git/refs/tags/${displayTag}`);
+		let referenceData = referenceResp.data;
+		let objectSha = referenceData.object.sha;
+		let objectType = referenceData.object.type;
+		let sha = null;
+		if (objectSha && objectType === "tag") try {
+			let tagResp = await makeRequest(context, `/repos/${owner}/${repo}/git/tags/${objectSha}`);
+			let tagData = tagResp.data;
+			sha = tagData.object.sha ?? null;
+		} catch {
+			sha = objectSha;
+		}
+		else if (objectSha && objectType === "commit") sha = objectSha;
+		context.caches.tagSha.set(cacheKey, sha);
+		return sha;
+	} catch (error) {
+		if (error instanceof Error && error.message.includes("rate limit")) throw new GitHubRateLimitError(context.rateLimitReset);
+		context.caches.tagSha.set(cacheKey, null);
+		return null;
+	}
+}
+export { getTagSha };

package/dist/core/api/internal-rate-limit-error.d.ts

@@ -0,0 +1,3 @@
+export declare class GitHubRateLimitError extends Error {
+    constructor(resetAt: Date);
+}

package/dist/core/api/internal-rate-limit-error.js

@@ -0,0 +1,8 @@
+var GitHubRateLimitError = class extends Error {
+	constructor(resetAt) {
+		let resetTime = resetAt.toLocaleTimeString();
+		super(`GitHub API rate limit exceeded. Resets at ${resetTime}`);
+		this.name = "GitHubRateLimitError";
+	}
+};
+export { GitHubRateLimitError };

package/dist/core/api/make-request.d.ts

@@ -0,0 +1,13 @@
+import { GitHubClientContext } from '../../types/github-client-context';
+/**
+ * Perform an HTTP request against GitHub API with auth and rate-limit updates.
+ *
+ * @param context - Client context with token and rate-limit state.
+ * @param path - API path beginning with '/'.
+ * @param options - Request init options.
+ * @returns Response headers and parsed data.
+ */
+export declare function makeRequest(context: GitHubClientContext, path: string, options?: RequestInit): Promise<{
+    headers: Record<string, string>;
+    data: unknown;
+}>;

package/dist/core/api/make-request.js

@@ -0,0 +1,31 @@
+import { updateRateLimitInfo } from "./update-rate-limit-info.js";
+async function makeRequest(context, path, options = {}) {
+	let headers = {
+		Accept: "application/vnd.github.v3+json",
+		"User-Agent": "actions-up",
+		...options.headers
+	};
+	if (context.token) headers["Authorization"] = `Bearer ${context.token}`;
+	let response = await fetch(`${context.baseUrl}${path}`, {
+		...options,
+		headers
+	});
+	let responseHeaders = {};
+	for (let [key, value] of response.headers.entries()) responseHeaders[key] = value;
+	updateRateLimitInfo(context, responseHeaders);
+	if (!response.ok) {
+		let error = /* @__PURE__ */ new Error(`GitHub API error: ${response.status} ${response.statusText}`);
+		error.status = response.status;
+		if (response.status === 403) {
+			let text = await response.text();
+			if (text.includes("rate limit") || text.includes("API rate limit")) error.message = "API rate limit exceeded";
+		}
+		throw error;
+	}
+	let data = await response.json();
+	return {
+		headers: responseHeaders,
+		data
+	};
+}
+export { makeRequest };

package/dist/core/api/resolve-github-token-sync.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Resolve GitHub token from environment, gh CLI, or git config.
+ *
+ * @returns Token string or undefined when not found.
+ */
+export declare function resolveGitHubTokenSync(): undefined | string;