actions-up 1.2.1 → 1.3.1

package/dist/core/api/resolve-github-token-sync.js

@@ -0,0 +1,48 @@
+import { join } from "node:path";
+import { execFileSync } from "node:child_process";
+import { readFileSync } from "node:fs";
+function resolveGitHubTokenSync() {
+	let fromGithubToken = process.env["GITHUB_TOKEN"];
+	if (fromGithubToken && fromGithubToken.trim() !== "") return fromGithubToken.trim();
+	let fromGhToken = process.env["GH_TOKEN"];
+	if (fromGhToken && fromGhToken.trim() !== "") return fromGhToken.trim();
+	try {
+		let output = execFileSync("gh", ["auth", "token"], {
+			stdio: [
+				"ignore",
+				"pipe",
+				"ignore"
+			],
+			encoding: "utf8",
+			timeout: 500
+		});
+		let token = output.trim();
+		if (token) return token;
+	} catch {}
+	try {
+		let gitConfigPath = join(process.cwd(), ".git", "config");
+		let content = readFileSync(gitConfigPath, "utf8");
+		let directMatch = content.match(/^\s*(?:github\.(?:oauth-token|token)|hub\.oauthtoken)\s*=\s*(?<token>\S[^\n\r]*)$/mu);
+		let directToken = directMatch?.groups?.["token"]?.trim();
+		if (directToken) return directToken;
+		let currentSection = null;
+		for (let rawLine of content.split(/\r?\n/u)) {
+			let line = rawLine.trim();
+			let sectionMatch = line.match(/^\[(?<name>[^\]]+)\]$/u);
+			if (sectionMatch?.groups) {
+				currentSection = sectionMatch.groups["name"].toLowerCase();
+				continue;
+			}
+			if (currentSection === "github") {
+				let tokenMatch = line.match(/^(?:oauth-token|token)\s*=\s*(?<val>\S[^\n\r]*)$/u);
+				if (tokenMatch?.groups?.["val"]) return tokenMatch.groups["val"].trim();
+			}
+			if (currentSection === "hub") {
+				let oauthMatch = line.match(/^oauthtoken\s*=\s*(?<val>\S[^\n\r]*)$/u);
+				if (oauthMatch?.groups?.["val"]) return oauthMatch.groups["val"].trim();
+			}
+		}
+	} catch {}
+	return void 0;
+}
+export { resolveGitHubTokenSync };

package/dist/core/api/update-rate-limit-info.d.ts

@@ -0,0 +1,8 @@
+import { GitHubClientContext } from '../../types/github-client-context';
+/**
+ * Update rate limit information from response headers.
+ *
+ * @param context - Client context with mutable rate limit fields.
+ * @param headers - Response headers map.
+ */
+export declare function updateRateLimitInfo(context: GitHubClientContext, headers: Record<string, undefined | string | number>): void;

package/dist/core/api/update-rate-limit-info.js

@@ -0,0 +1,10 @@
+function updateRateLimitInfo(context, headers) {
+	let remaining = headers["x-ratelimit-remaining"];
+	if (remaining !== void 0) context.rateLimitRemaining = typeof remaining === "string" ? Number.parseInt(remaining, 10) : remaining;
+	let reset = headers["x-ratelimit-reset"];
+	if (reset !== void 0) {
+		let resetTime = typeof reset === "string" ? Number.parseInt(reset, 10) : reset;
+		context.rateLimitReset = /* @__PURE__ */ new Date(resetTime * 1e3);
+	}
+}
+export { updateRateLimitInfo };

package/dist/core/interactive/format-version.d.ts

@@ -1,7 +1,8 @@
 /**
  * Formats a version string for display, handling null/undefined values.
  *
- * @param version - Version string or null/undefined.
+ * @param latestVersion - Latest version string or null/undefined.
+ * @param currentVersion - Current version string or null/undefined.
  * @returns Formatted version string or 'unknown' placeholder.
  */
-export declare function formatVersion(version: undefined | string | null): string;
+export declare function formatVersion(latestVersion: undefined | string | null, currentVersion: undefined | string | null): string;

package/dist/core/interactive/format-version.js

@@ -1,5 +1,36 @@
 import pc from "picocolors";
-function formatVersion(version) {
-	return version ?? pc.gray("unknown");
+import semver from "semver";
+function formatVersion(latestVersion, currentVersion) {
+	if (!latestVersion) return pc.gray("unknown");
+	let latest = semver.parse(latestVersion);
+	let current = currentVersion ? semver.parse(normalizeVersion(currentVersion)) : null;
+	if (!current || !latest) return latestVersion;
+	let change = semver.diff(normalizeVersion(currentVersion), latestVersion);
+	let unstable = current.major === 0;
+	let changeColor = unstable ? pc.yellowBright : pc.gray;
+	let parts = [
+		latest.major,
+		latest.minor,
+		latest.patch
+	];
+	let colors = parts.map((_, i) => {
+		if (change === "major") return pc.redBright;
+		if (change === "minor" && i >= 1) return changeColor;
+		if (change === "patch" && i === 2) return changeColor;
+		return identity;
+	});
+	let result = colors[0](String(parts[0]));
+	if (parts[1] !== void 0) result += colors[0](".") + colors[1](String(parts[1]));
+	if (parts[2] !== void 0) result += colors[1](".") + colors[2](String(parts[2]));
+	return result;
+}
+function normalizeVersion(version) {
+	let cleaned = version.replace(/^v/u, "");
+	let parts = cleaned.split(".");
+	while (parts.length < 3) parts.push("0");
+	return parts.slice(0, 3).join(".");
+}
+function identity(string) {
+	return string;
 }
 export { formatVersion };

package/dist/core/interactive/prompt-update-selection.js

@@ -4,10 +4,11 @@ import { stripAnsi } from "./strip-ansi.js";
 import { padString } from "./pad-string.js";
 import "node:worker_threads";
 import pc from "picocolors";
+import { readFile } from "node:fs/promises";
 import enquirer from "enquirer";
 import path from "node:path";
 const MIN_ACTION_WIDTH = 56;
-const MIN_CURRENT_WIDTH = 10;
+const MIN_CURRENT_WIDTH = 16;
 async function promptUpdateSelection(updates) {
 	if (updates.length === 0) return null;
 	let outdated = updates.filter((update) => update.hasUpdate);
@@ -27,14 +28,33 @@ async function promptUpdateSelection(updates) {
 		});
 		groups.set(file, group);
 	}
+	let currentComputedByIndex = await Promise.all(outdated.map(async (update) => {
+		let display = formatVersionOrSha(update.currentVersion);
+		let effectiveForDiff = update.currentVersion ?? void 0;
+		if (!update.currentVersion || !isSha(update.currentVersion)) return {
+			effectiveForDiff,
+			display
+		};
+		let versionFromComment = await tryReadInlineVersionComment(update.action.file, update.action.line);
+		if (versionFromComment) {
+			let shortSha = update.currentVersion.slice(0, 7);
+			let version = formatVersionOrSha(versionFromComment);
+			display = `${version} ${pc.gray(`(${shortSha})`)}`;
+			effectiveForDiff = versionFromComment;
+		}
+		return {
+			effectiveForDiff,
+			display
+		};
+	}));
 	let choices = [];
 	let maxActionLength = stripAnsi("Action").length;
 	let maxCurrentLength = stripAnsi("Current").length;
-	for (let update of outdated) {
+	for (let [index, update] of outdated.entries()) {
 		let actionNameRaw = update.action.name;
-		let currentRaw = formatVersionOrSha(update.currentVersion);
+		let currentRaw = currentComputedByIndex[index].display;
 		maxActionLength = Math.max(maxActionLength, actionNameRaw.length);
-		maxCurrentLength = Math.max(maxCurrentLength, currentRaw.length);
+		maxCurrentLength = Math.max(maxCurrentLength, stripAnsi(currentRaw).length);
 	}
 	let globalActionWidth = Math.max(maxActionLength, MIN_ACTION_WIDTH);
 	let globalCurrentWidth = Math.max(maxCurrentLength, MIN_CURRENT_WIDTH);
@@ -53,10 +73,11 @@ async function promptUpdateSelection(updates) {
 			target: "Target",
 			arrow: "❯"
 		});
-		for (let { update } of groupOrder) {
+		for (let { update, index } of groupOrder) {
 			let hasSha = Boolean(update.latestSha);
-			let current = formatVersionOrSha(update.currentVersion);
-			let latest = formatVersion(update.latestVersion);
+			let current = currentComputedByIndex[index].display;
+			let effectiveCurrentForDiff = currentComputedByIndex[index]?.effectiveForDiff ?? update.currentVersion;
+			let latest = formatVersion(update.latestVersion, effectiveCurrentForDiff);
 			let actionName = update.action.name;
 			if (update.latestSha) {
 				let shortSha = update.latestSha.slice(0, 7);
@@ -180,6 +201,19 @@ async function promptUpdateSelection(updates) {
 		throw error;
 	}
 }
+async function tryReadInlineVersionComment(filePath, lineNumber) {
+	try {
+		if (!filePath || !lineNumber || lineNumber <= 0) return null;
+		let content = await readFile(filePath, "utf8");
+		let lines = content.split("\n");
+		let index = lineNumber - 1;
+		if (index < 0 || index >= lines.length) return null;
+		let line = lines[index];
+		let match = line.match(/#\s*(?<version>[Vv]?\d+(?:\.\d+){0,2}(?:[+-][\w\-.]+)?)/u);
+		if (match?.groups?.["version"]) return match.groups["version"];
+	} catch {}
+	return null;
+}
 function formatTableRow(row, actionWidth, currentWidth) {
 	let parts = [
 		padString(row.action, actionWidth),
@@ -198,6 +232,6 @@ function isSha(value) {
 function formatVersionOrSha(version) {
 	if (!version) return pc.gray("unknown");
 	if (isSha(version)) return version.slice(0, 7);
-	return version;
+	return version.replace(/^v/u, "");
 }
 export { promptUpdateSelection };

package/dist/core/scan-github-actions.js

@@ -2,8 +2,8 @@ import { ACTIONS_DIRECTORY, GITHUB_DIRECTORY, WORKFLOWS_DIRECTORY } from "./cons
 import { scanWorkflowFile } from "./scan-workflow-file.js";
 import { scanActionFile } from "./scan-action-file.js";
 import { isYamlFile } from "./fs/is-yaml-file.js";
-import { isAbsolute, join, relative, resolve } from "node:path";
 import { readFile, readdir, stat } from "node:fs/promises";
+import { isAbsolute, join, relative, resolve } from "node:path";
 async function scanGitHubActions(rootPath = process.cwd()) {
 	let result = {
 		compositeActions: /* @__PURE__ */ new Map(),

package/dist/package.js

@@ -1,2 +1,2 @@
-const version = "1.2.1";
+const version = "1.3.1";
 export { version };

package/dist/types/github-client-context.d.ts

@@ -0,0 +1,32 @@
+import { TagInfo } from './tag-info';
+/**
+ * Internal client context shared by all API functions.
+ *
+ * Stores auth, rate-limit state, base URL and in-memory caches to decrease the
+ * number of API requests during a single run.
+ */
+export interface GitHubClientContext {
+  /** Lightweight caches keyed by owner/repo (+ extra payload). */
+  caches: {
+    /** Cache of reference type detections (branch/tag/null). */
+    refType: Map<string, 'branch' | 'tag' | null>
+
+    /** Cache of resolved tag metadata (message/date/SHA). */
+    tagInfo: Map<string, TagInfo | null>
+
+    /** Cache of resolved tag commit SHAs. */
+    tagSha: Map<string, string | null>
+  }
+
+  /** Remaining requests available per current rate-limit window. */
+  rateLimitRemaining: number
+
+  /** GitHub token, if available. */
+  token: undefined | string
+
+  /** Scheduled time when rate limit resets. */
+  rateLimitReset: Date
+
+  /** GitHub REST API base URL. */
+  baseUrl: string
+}

package/dist/types/github-client.d.ts

@@ -0,0 +1,42 @@
+import { ReleaseInfo } from './release-info';
+import { TagInfo } from './tag-info';
+/**
+ * Public API surface for interacting with GitHub from Actions Up.
+ *
+ * Methods are thin wrappers around lower-level functions bound to a client
+ * context (auth + rate-limit + caches). All methods are async and return
+ * normalized, serializable data structures.
+ */
+export interface GitHubClient {
+  /** Detect whether a reference is a tag or a branch (or unknown). */
+  getRefType(
+    owner: string,
+    repo: string,
+    reference: string,
+  ): Promise<'branch' | 'tag' | null>
+
+  /** List releases with minimal enrichment. */
+  getAllReleases(
+    owner: string,
+    repo: string,
+    limit?: number,
+  ): Promise<ReleaseInfo[]>
+
+  /** Fetch tag metadata (message/date) and the resolved commit SHA. */
+  getTagInfo(owner: string, repo: string, tag: string): Promise<TagInfo | null>
+
+  /** Resolve commit SHA for a tag without fetching commit data. */
+  getTagSha(owner: string, repo: string, tag: string): Promise<string | null>
+
+  /** List repository tags (name + commit SHA). */
+  getAllTags(owner: string, repo: string, limit?: number): Promise<TagInfo[]>
+
+  /** Fetch the latest release or null when no latest release exists. */
+  getLatestRelease(owner: string, repo: string): Promise<ReleaseInfo | null>
+
+  /** Current rate limit snapshot. */
+  getRateLimitStatus(): { remaining: number; resetAt: Date }
+
+  /** True when remaining requests are below a threshold. */
+  shouldWaitForRateLimit(threshold?: number): boolean
+}

package/dist/types/release-info.d.ts

@@ -0,0 +1,23 @@
+/** Normalized release information used across the tool. */
+export interface ReleaseInfo {
+  /** Release description (body) or null when absent. */
+  description: string | null
+
+  /** True when the release is marked as prerelease. */
+  isPrerelease: boolean
+
+  /** Commit SHA associated with the release tag (may be null). */
+  sha: string | null
+
+  /** Publication date of the release. */
+  publishedAt: Date
+
+  /** Tag name (e.g. V1.2.3). */
+  version: string
+
+  /** Release name or tag name when name is not provided. */
+  name: string
+
+  /** HTML URL of the release page. */
+  url: string
+}

package/dist/types/tag-info.d.ts

@@ -0,0 +1,14 @@
+/** Normalized tag information (message/date) and the resolved commit SHA. */
+export interface TagInfo {
+  /** Tag or commit message, null when absent. */
+  message: string | null
+
+  /** Commit SHA the tag ultimately points to (may be null). */
+  sha: string | null
+
+  /** Date associated with the tag (from release, tagger or commit). */
+  date: Date | null
+
+  /** Tag name (e.g. V1.2.3). */
+  tag: string
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "actions-up",
-  "version": "1.2.1",
+  "version": "1.3.1",
   "description": "Interactive CLI tool to update GitHub Actions to latest versions with SHA pinning",
   "keywords": [
     "github-actions",

package/dist/core/api/client.d.ts

@@ -1,98 +0,0 @@
-interface ReleaseInfo {
-    /** Release description or null if not provided. */
-    description: string | null;
-    /** Whether this release is marked as a pre-release. */
-    isPrerelease: boolean;
-    /** Git commit SHA for this release. */
-    sha: string | null;
-    /** Date when the release was published. */
-    publishedAt: Date;
-    /** Version tag name (e.g., 'v1.2.3'). */
-    version: string;
-    /** Release name or tag name if name not provided. */
-    name: string;
-    /** GitHub URL for this release. */
-    url: string;
-}
-/** Processed tag information with normalized types. */
-interface TagInfo {
-    /** Tag or commit message, null if not provided. */
-    message: string | null;
-    /** Git commit SHA that this tag points to. */
-    sha: string | null;
-    /** Date when the tag was created or committed. */
-    date: Date | null;
-    /** Tag name (e.g., 'v1.2.3'). */
-    tag: string;
-}
-/** GitHub REST API client with optional authentication. */
-export declare class Client {
-    private readonly baseUrl;
-    private readonly token;
-    private rateLimitReset;
-    private rateLimitRemaining;
-    /**
-     * Creates a new GitHub API client.
-     *
-     * @param token - Optional GitHub token for authentication.
-     */
-    constructor(token?: string);
-    private static isRateLimitError;
-    /**
-     * Get specific tag/version information.
-     *
-     * @param owner - The repository owner.
-     * @param repo - The repository name.
-     * @param tag - The tag name to fetch.
-     * @returns Tag information or null if not found.
-     */
-    getTagInfo(owner: string, repo: string, tag: string): Promise<TagInfo | null>;
-    /**
-     * Get all releases for a repository.
-     *
-     * @param owner - The repository owner.
-     * @param repo - The repository name.
-     * @param limit - Maximum number of releases to fetch.
-     * @returns Array of release information.
-     */
-    getAllReleases(owner: string, repo: string, limit?: number): Promise<ReleaseInfo[]>;
-    /**
-     * Get the latest release for a GitHub repository.
-     *
-     * @param owner - The repository owner.
-     * @param repo - The repository name.
-     * @returns Latest release information or null if not found.
-     */
-    getLatestRelease(owner: string, repo: string): Promise<ReleaseInfo | null>;
-    getAllTags(owner: string, repo: string, limit?: number): Promise<TagInfo[]>;
-    getRefType(owner: string, repo: string, reference: string): Promise<'branch' | 'tag' | null>;
-    getRateLimitStatus(): {
-        remaining: number;
-        resetAt: Date;
-    };
-    /**
-     * Check if we should wait before making more requests.
-     *
-     * @param threshold - Minimum remaining requests before waiting.
-     * @returns True if rate limit is below threshold.
-     */
-    shouldWaitForRateLimit(threshold?: number): boolean;
-    private makeRequest;
-    private updateRateLimitInfo;
-}
-/**
- * Resolve GitHub token from multiple sources with descending priority.
- *
- * Priority:
- *
- * 1. Env GITHUB_TOKEN
- * 2. Env GH_TOKEN
- * 3. Gh auth token
- * 4. .git/config keys (github.token, github.oauth-token, hub.oauthtoken).
- *
- * This is a synchronous best-effort resolver without throwing on failures.
- *
- * @returns Token string or undefined when not found.
- */
-export declare function resolveGitHubTokenSync(): undefined | string;
-export {};