actions-up 1.3.1 → 1.4.1

package/dist/core/api/get-latest-release.js

@@ -1,28 +1,25 @@
 import { makeRequest } from "./make-request.js";
 import { GitHubRateLimitError } from "./internal-rate-limit-error.js";
-async function getLatestRelease(context, owner, repo) {
+async function getLatestRelease(r, i, a) {
 	try {
-		let releaseResp = await makeRequest(context, `/repos/${owner}/${repo}/releases/latest`);
-		let release = releaseResp.data;
-		let sha = isLikelySha(release.target_commitish) ? release.target_commitish : null;
+		let n = (await makeRequest(r, `/repos/${i}/${a}/releases/latest`)).data, o = isLikelySha(n.target_commitish) ? n.target_commitish : null;
 		return {
-			publishedAt: new Date(release.published_at),
-			name: release.name ?? release.tag_name,
-			description: release.body ?? null,
-			isPrerelease: release.prerelease,
-			version: release.tag_name,
-			url: release.html_url,
-			sha
+			publishedAt: new Date(n.published_at),
+			name: n.name ?? n.tag_name,
+			description: n.body ?? null,
+			isPrerelease: n.prerelease,
+			version: n.tag_name,
+			url: n.html_url,
+			sha: o
 		};
-	} catch (error) {
-		if (error && typeof error === "object" && "status" in error && error.status === 404) return null;
-		if (error instanceof Error && error.message.includes("rate limit")) throw new GitHubRateLimitError(context.rateLimitReset);
-		throw error;
+	} catch (e) {
+		if (e && typeof e == "object" && "status" in e && e.status === 404) return null;
+		throw e instanceof Error && e.message.includes("rate limit") ? new GitHubRateLimitError(r.rateLimitReset) : e;
 	}
 }
-function isLikelySha(value) {
-	if (typeof value !== "string" || value.trim() === "") return false;
-	let normalized = value.replace(/^v/u, "");
-	return /^[0-9a-f]{7,40}$/iu.test(normalized);
+function isLikelySha(e) {
+	if (typeof e != "string" || e.trim() === "") return !1;
+	let n = e.replace(/^v/u, "");
+	return /^[0-9a-f]{7,40}$/iu.test(n);
 }
 export { getLatestRelease };

package/dist/core/api/get-reference-type.js

@@ -1,20 +1,14 @@
 import { makeRequest } from "./make-request.js";
-async function getReferenceType(context, parameters) {
-	let { reference, owner, repo } = parameters;
-	let cacheKey = `${owner}/${repo}#${reference}`;
-	if (context.caches.refType.has(cacheKey)) return context.caches.refType.get(cacheKey) ?? null;
+async function getReferenceType(t, n) {
+	let { reference: r, owner: i, repo: a } = n, o = `${i}/${a}#${r}`;
+	if (t.caches.refType.has(o)) return t.caches.refType.get(o) ?? null;
 	try {
-		await makeRequest(context, `/repos/${owner}/${repo}/git/refs/tags/${reference}`);
-		context.caches.refType.set(cacheKey, "tag");
-		return "tag";
+		return await makeRequest(t, `/repos/${i}/${a}/git/refs/tags/${r}`), t.caches.refType.set(o, "tag"), "tag";
 	} catch {
 		try {
-			await makeRequest(context, `/repos/${owner}/${repo}/git/refs/heads/${reference}`);
-			context.caches.refType.set(cacheKey, "branch");
-			return "branch";
+			return await makeRequest(t, `/repos/${i}/${a}/git/refs/heads/${r}`), t.caches.refType.set(o, "branch"), "branch";
 		} catch {
-			context.caches.refType.set(cacheKey, null);
-			return null;
+			return t.caches.refType.set(o, null), null;
 		}
 	}
 }

package/dist/core/api/get-tag-info.js

@@ -1,96 +1,67 @@
 import { makeRequest } from "./make-request.js";
 import { GitHubRateLimitError } from "./internal-rate-limit-error.js";
-async function getTagInfo(context, parameters) {
+async function getTagInfo(n, i) {
 	try {
-		let { owner, repo, tag } = parameters;
-		let displayTag = tag.replace(/^refs\/tags\//u, "");
-		let cacheKey = `${owner}/${repo}#${displayTag}`;
-		if (context.caches.tagInfo.has(cacheKey)) return context.caches.tagInfo.get(cacheKey) ?? null;
+		let { owner: t, repo: a, tag: o } = i, s = o.replace(/^refs\/tags\//u, ""), c = `${t}/${a}#${s}`;
+		if (n.caches.tagInfo.has(c)) return n.caches.tagInfo.get(c) ?? null;
 		try {
-			let releaseResp = await makeRequest(context, `/repos/${owner}/${repo}/releases/tags/${displayTag}`);
-			let releaseData = releaseResp.data;
-			let date = releaseData.published_at ? new Date(releaseData.published_at) : null;
-			let message = releaseData.body ?? null;
-			let sha = null;
+			let i = (await makeRequest(n, `/repos/${t}/${a}/releases/tags/${s}`)).data, o = i.published_at ? new Date(i.published_at) : null, l = i.body ?? null, u = null;
 			try {
-				let referenceResp = await makeRequest(context, `/repos/${owner}/${repo}/git/refs/tags/${displayTag}`);
-				let referenceData = referenceResp.data;
-				let { type: objectType, sha: objectSha } = referenceData.object;
-				if (objectSha && objectType === "tag") try {
-					let tagResp = await makeRequest(context, `/repos/${owner}/${repo}/git/tags/${objectSha}`);
-					let tagData = tagResp.data;
-					sha = tagData.object.sha ?? objectSha;
-					let taggerDate = tagData.tagger?.date;
-					if (!date && taggerDate) date = new Date(taggerDate);
-					if (!message && typeof tagData.message === "string") ({message} = tagData);
+				let { type: r, sha: i } = (await makeRequest(n, `/repos/${t}/${a}/git/refs/tags/${s}`)).data.object;
+				if (i && r === "tag") try {
+					let r = (await makeRequest(n, `/repos/${t}/${a}/git/tags/${i}`)).data;
+					u = r.object.sha ?? i;
+					let s = r.tagger?.date;
+					!o && s && (o = new Date(s)), !l && typeof r.message == "string" && ({message: l} = r);
 				} catch {
-					sha = objectSha;
-				}
-				else if (objectSha && objectType === "commit") {
-					sha = objectSha;
-					if (!date || !message) try {
-						let commitResp = await makeRequest(context, `/repos/${owner}/${repo}/git/commits/${objectSha}`);
-						let { message: commitMessage, author } = commitResp.data;
-						if (!message && typeof commitMessage === "string") message = commitMessage;
-						let authorDate = author?.date;
-						if (!date && authorDate) date = new Date(authorDate);
-					} catch (error) {}
+					u = i;
 				}
+				else if (i && r === "commit" && (u = i, !o || !l)) try {
+					let { message: r, author: s } = (await makeRequest(n, `/repos/${t}/${a}/git/commits/${i}`)).data;
+					!l && typeof r == "string" && (l = r);
+					let c = s?.date;
+					!o && c && (o = new Date(c));
+				} catch {}
 			} catch {
-				if (isLikelySha(releaseData.target_commitish)) sha = releaseData.target_commitish;
+				isLikelySha(i.target_commitish) && (u = i.target_commitish);
 			}
-			let result = {
-				tag: displayTag,
-				message,
-				date,
-				sha
+			let d = {
+				tag: s,
+				message: l,
+				date: o,
+				sha: u
 			};
-			context.caches.tagInfo.set(cacheKey, result);
-			return result;
+			return n.caches.tagInfo.set(c, d), d;
 		} catch {
 			try {
-				let referenceResp = await makeRequest(context, `/repos/${owner}/${repo}/git/refs/tags/${displayTag}`);
-				let referenceData = referenceResp.data;
-				let { sha } = referenceData.object;
-				let message = null;
-				let date = null;
-				if (referenceData.object.type === "tag") try {
-					let tagResp = await makeRequest(context, `/repos/${owner}/${repo}/git/tags/${sha}`);
-					let tagData = tagResp.data;
-					sha = tagData.object.sha ?? sha;
-					message = tagData.message ?? null;
-					date = tagData.tagger.date ? new Date(tagData.tagger.date) : null;
-				} catch (error) {}
+				let r = (await makeRequest(n, `/repos/${t}/${a}/git/refs/tags/${s}`)).data, { sha: i } = r.object, o = null, l = null;
+				if (r.object.type === "tag") try {
+					let r = (await makeRequest(n, `/repos/${t}/${a}/git/tags/${i}`)).data;
+					i = r.object.sha ?? i, o = r.message ?? null, l = r.tagger.date ? new Date(r.tagger.date) : null;
+				} catch {}
 				else try {
-					let commitResp = await makeRequest(context, `/repos/${owner}/${repo}/git/commits/${sha}`);
-					let commitData = commitResp.data;
-					message = commitData.message ?? null;
-					date = commitData.author.date ? new Date(commitData.author.date) : null;
-				} catch (error) {}
-				let result = {
-					tag: displayTag,
-					message,
-					date,
-					sha
+					let r = (await makeRequest(n, `/repos/${t}/${a}/git/commits/${i}`)).data;
+					o = r.message ?? null, l = r.author.date ? new Date(r.author.date) : null;
+				} catch {}
+				let u = {
+					tag: s,
+					message: o,
+					date: l,
+					sha: i
 				};
-				context.caches.tagInfo.set(cacheKey, result);
-				return result;
-			} catch (tagError) {
-				if (tagError && typeof tagError === "object" && "status" in tagError) {
-					context.caches.tagInfo.set(cacheKey, null);
-					return null;
-				}
-				throw tagError;
+				return n.caches.tagInfo.set(c, u), u;
+			} catch (e) {
+				if (e && typeof e == "object" && "status" in e) return n.caches.tagInfo.set(c, null), null;
+				throw e;
 			}
 		}
-	} catch (error) {
-		if (error instanceof Error && error.message.includes("rate limit")) throw new GitHubRateLimitError(context.rateLimitReset);
-		throw error;
+	} catch (e) {
+		throw e instanceof Error && e.message.includes("rate limit") ? new GitHubRateLimitError(n.rateLimitReset) : e;
 	}
 }
-function isLikelySha(value) {
-	if (typeof value !== "string" || value.trim() === "") return false;
-	let normalized = value.replace(/^v/u, "");
-	return /^[0-9a-f]{7,40}$/iu.test(normalized);
+function isLikelySha(e) {
+	if (typeof e != "string" || e.trim() === "") return !1;
+	let t = e.replace(/^v/u, "");
+	return /^[0-9a-f]{7,40}$/iu.test(t);
 }
 export { getTagInfo };

package/dist/core/api/get-tag-sha.js

@@ -1,30 +1,20 @@
 import { makeRequest } from "./make-request.js";
 import { GitHubRateLimitError } from "./internal-rate-limit-error.js";
-async function getTagSha(context, parameters) {
-	let { owner, repo, tag } = parameters;
-	let displayTag = tag.replace(/^refs\/tags\//u, "");
-	let cacheKey = `${owner}/${repo}#${displayTag}`;
-	if (context.caches.tagSha.has(cacheKey)) return context.caches.tagSha.get(cacheKey) ?? null;
+async function getTagSha(n, r) {
+	let { owner: i, repo: a, tag: o } = r, s = o.replace(/^refs\/tags\//u, ""), c = `${i}/${a}#${s}`;
+	if (n.caches.tagSha.has(c)) return n.caches.tagSha.get(c) ?? null;
 	try {
-		let referenceResp = await makeRequest(context, `/repos/${owner}/${repo}/git/refs/tags/${displayTag}`);
-		let referenceData = referenceResp.data;
-		let objectSha = referenceData.object.sha;
-		let objectType = referenceData.object.type;
-		let sha = null;
-		if (objectSha && objectType === "tag") try {
-			let tagResp = await makeRequest(context, `/repos/${owner}/${repo}/git/tags/${objectSha}`);
-			let tagData = tagResp.data;
-			sha = tagData.object.sha ?? null;
+		let t = (await makeRequest(n, `/repos/${i}/${a}/git/refs/tags/${s}`)).data, r = t.object.sha, o = t.object.type, l = null;
+		if (r && o === "tag") try {
+			l = (await makeRequest(n, `/repos/${i}/${a}/git/tags/${r}`)).data.object.sha ?? null;
 		} catch {
-			sha = objectSha;
+			l = r;
 		}
-		else if (objectSha && objectType === "commit") sha = objectSha;
-		context.caches.tagSha.set(cacheKey, sha);
-		return sha;
-	} catch (error) {
-		if (error instanceof Error && error.message.includes("rate limit")) throw new GitHubRateLimitError(context.rateLimitReset);
-		context.caches.tagSha.set(cacheKey, null);
-		return null;
+		else r && o === "commit" && (l = r);
+		return n.caches.tagSha.set(c, l), l;
+	} catch (e) {
+		if (e instanceof Error && e.message.includes("rate limit")) throw new GitHubRateLimitError(n.rateLimitReset);
+		return n.caches.tagSha.set(c, null), null;
 	}
 }
 export { getTagSha };

package/dist/core/api/internal-rate-limit-error.js

@@ -1,8 +1,7 @@
 var GitHubRateLimitError = class extends Error {
-	constructor(resetAt) {
-		let resetTime = resetAt.toLocaleTimeString();
-		super(`GitHub API rate limit exceeded. Resets at ${resetTime}`);
-		this.name = "GitHubRateLimitError";
+	constructor(e) {
+		let t = e.toLocaleTimeString();
+		super(`GitHub API rate limit exceeded. Resets at ${t}`), this.name = "GitHubRateLimitError";
 	}
 };
 export { GitHubRateLimitError };

package/dist/core/api/make-request.js

@@ -1,31 +1,28 @@
 import { updateRateLimitInfo } from "./update-rate-limit-info.js";
-async function makeRequest(context, path, options = {}) {
-	let headers = {
+async function makeRequest(t, n, r = {}) {
+	let i = {
 		Accept: "application/vnd.github.v3+json",
 		"User-Agent": "actions-up",
-		...options.headers
+		...r.headers
 	};
-	if (context.token) headers["Authorization"] = `Bearer ${context.token}`;
-	let response = await fetch(`${context.baseUrl}${path}`, {
-		...options,
-		headers
-	});
-	let responseHeaders = {};
-	for (let [key, value] of response.headers.entries()) responseHeaders[key] = value;
-	updateRateLimitInfo(context, responseHeaders);
-	if (!response.ok) {
-		let error = /* @__PURE__ */ new Error(`GitHub API error: ${response.status} ${response.statusText}`);
-		error.status = response.status;
-		if (response.status === 403) {
-			let text = await response.text();
-			if (text.includes("rate limit") || text.includes("API rate limit")) error.message = "API rate limit exceeded";
+	t.token && (i.Authorization = `Bearer ${t.token}`);
+	let a = await fetch(`${t.baseUrl}${n}`, {
+		...r,
+		headers: i
+	}), o = {};
+	for (let [e, t] of a.headers.entries()) o[e] = t;
+	if (updateRateLimitInfo(t, o), !a.ok) {
+		let e = /* @__PURE__ */ Error(`GitHub API error: ${a.status} ${a.statusText}`);
+		if (e.status = a.status, a.status === 403) {
+			let t = await a.text();
+			(t.includes("rate limit") || t.includes("API rate limit")) && (e.message = "API rate limit exceeded");
 		}
-		throw error;
+		throw e;
 	}
-	let data = await response.json();
+	let s = await a.json();
 	return {
-		headers: responseHeaders,
-		data
+		headers: o,
+		data: s
 	};
 }
 export { makeRequest };

package/dist/core/api/resolve-github-token-sync.js

@@ -2,12 +2,12 @@ import { join } from "node:path";
 import { execFileSync } from "node:child_process";
 import { readFileSync } from "node:fs";
 function resolveGitHubTokenSync() {
-	let fromGithubToken = process.env["GITHUB_TOKEN"];
-	if (fromGithubToken && fromGithubToken.trim() !== "") return fromGithubToken.trim();
-	let fromGhToken = process.env["GH_TOKEN"];
-	if (fromGhToken && fromGhToken.trim() !== "") return fromGhToken.trim();
+	let r = process.env.GITHUB_TOKEN;
+	if (r && r.trim() !== "") return r.trim();
+	let i = process.env.GH_TOKEN;
+	if (i && i.trim() !== "") return i.trim();
 	try {
-		let output = execFileSync("gh", ["auth", "token"], {
+		let e = execFileSync("gh", ["auth", "token"], {
 			stdio: [
 				"ignore",
 				"pipe",
@@ -15,34 +15,28 @@ function resolveGitHubTokenSync() {
 			],
 			encoding: "utf8",
 			timeout: 500
-		});
-		let token = output.trim();
-		if (token) return token;
+		}).trim();
+		if (e) return e;
 	} catch {}
 	try {
-		let gitConfigPath = join(process.cwd(), ".git", "config");
-		let content = readFileSync(gitConfigPath, "utf8");
-		let directMatch = content.match(/^\s*(?:github\.(?:oauth-token|token)|hub\.oauthtoken)\s*=\s*(?<token>\S[^\n\r]*)$/mu);
-		let directToken = directMatch?.groups?.["token"]?.trim();
-		if (directToken) return directToken;
-		let currentSection = null;
-		for (let rawLine of content.split(/\r?\n/u)) {
-			let line = rawLine.trim();
-			let sectionMatch = line.match(/^\[(?<name>[^\]]+)\]$/u);
-			if (sectionMatch?.groups) {
-				currentSection = sectionMatch.groups["name"].toLowerCase();
+		let t = join(process.cwd(), ".git", "config"), r = readFileSync(t, "utf8"), i = r.match(/^\s*(?:github\.(?:oauth-token|token)|hub\.oauthtoken)\s*=\s*(?<token>\S[^\n\r]*)$/mu)?.groups?.token?.trim();
+		if (i) return i;
+		let a = null;
+		for (let e of r.split(/\r?\n/u)) {
+			let t = e.trim(), n = t.match(/^\[(?<name>[^\]]+)\]$/u);
+			if (n?.groups) {
+				a = n.groups.name.toLowerCase();
 				continue;
 			}
-			if (currentSection === "github") {
-				let tokenMatch = line.match(/^(?:oauth-token|token)\s*=\s*(?<val>\S[^\n\r]*)$/u);
-				if (tokenMatch?.groups?.["val"]) return tokenMatch.groups["val"].trim();
+			if (a === "github") {
+				let e = t.match(/^(?:oauth-token|token)\s*=\s*(?<val>\S[^\n\r]*)$/u);
+				if (e?.groups?.val) return e.groups.val.trim();
 			}
-			if (currentSection === "hub") {
-				let oauthMatch = line.match(/^oauthtoken\s*=\s*(?<val>\S[^\n\r]*)$/u);
-				if (oauthMatch?.groups?.["val"]) return oauthMatch.groups["val"].trim();
+			if (a === "hub") {
+				let e = t.match(/^oauthtoken\s*=\s*(?<val>\S[^\n\r]*)$/u);
+				if (e?.groups?.val) return e.groups.val.trim();
 			}
 		}
 	} catch {}
-	return void 0;
 }
 export { resolveGitHubTokenSync };

package/dist/core/api/update-rate-limit-info.js

@@ -1,10 +1,10 @@
-function updateRateLimitInfo(context, headers) {
-	let remaining = headers["x-ratelimit-remaining"];
-	if (remaining !== void 0) context.rateLimitRemaining = typeof remaining === "string" ? Number.parseInt(remaining, 10) : remaining;
-	let reset = headers["x-ratelimit-reset"];
-	if (reset !== void 0) {
-		let resetTime = typeof reset === "string" ? Number.parseInt(reset, 10) : reset;
-		context.rateLimitReset = /* @__PURE__ */ new Date(resetTime * 1e3);
+function updateRateLimitInfo(e, t) {
+	let n = t["x-ratelimit-remaining"];
+	n !== void 0 && (e.rateLimitRemaining = typeof n == "string" ? Number.parseInt(n, 10) : n);
+	let r = t["x-ratelimit-reset"];
+	if (r !== void 0) {
+		let t = typeof r == "string" ? Number.parseInt(r, 10) : r;
+		e.rateLimitReset = /* @__PURE__ */ new Date(t * 1e3);
 	}
 }
 export { updateRateLimitInfo };

package/dist/core/ast/guards/has-range.js

@@ -1,4 +1,4 @@
-function hasRange(node) {
-	return node !== null && typeof node === "object" && "range" in node;
+function hasRange(e) {
+	return typeof e == "object" && !!e && "range" in e;
 }
 export { hasRange };

package/dist/core/ast/guards/is-node.js

@@ -1,4 +1,4 @@
-function isNode(node) {
-	return node !== null && typeof node === "object" && "toJSON" in node && typeof node.toJSON === "function";
+function isNode(e) {
+	return typeof e == "object" && !!e && "toJSON" in e && typeof e.toJSON == "function";
 }
 export { isNode };

package/dist/core/ast/guards/is-pair.js

@@ -1,4 +1,4 @@
-function isPair(node) {
-	return node !== null && typeof node === "object" && "key" in node && "value" in node;
+function isPair(e) {
+	return typeof e == "object" && !!e && "key" in e && "value" in e;
 }
 export { isPair };

package/dist/core/ast/guards/is-scalar.js

@@ -1,4 +1,4 @@
-function isScalar(node) {
-	return node !== null && typeof node === "object" && "value" in node;
+function isScalar(e) {
+	return typeof e == "object" && !!e && "value" in e;
 }
 export { isScalar };

package/dist/core/ast/guards/is-yaml-map.js

@@ -1,4 +1,4 @@
-function isYAMLMap(node) {
-	return node !== null && typeof node === "object" && "items" in node && Array.isArray(node.items);
+function isYAMLMap(e) {
+	return typeof e == "object" && !!e && "items" in e && Array.isArray(e.items);
 }
 export { isYAMLMap };

package/dist/core/ast/guards/is-yaml-sequence.js

@@ -1,4 +1,4 @@
-function isYAMLSequence(node) {
-	return node !== null && typeof node === "object" && "items" in node && Array.isArray(node.items);
+function isYAMLSequence(e) {
+	return typeof e == "object" && !!e && "items" in e && Array.isArray(e.items);
 }
 export { isYAMLSequence };

package/dist/core/ast/scanners/scan-composite-action-ast.js

@@ -3,16 +3,14 @@ import { extractUsesFromSteps } from "../utils/extract-uses-from-steps.js";
 import { findMapPair } from "../utils/find-map-pair.js";
 import { isCompositeActionStructure } from "../../schema/composite/is-composite-action-structure.js";
 import { isCompositeActionRuns } from "../../schema/composite/is-composite-action-runs.js";
-function scanCompositeActionAst(document, content, filePath) {
-	let action = document.toJSON();
-	if (!isCompositeActionStructure(action)) return [];
-	if (!document.contents || !isYAMLMap(document.contents)) return [];
-	let runsPair = findMapPair(document.contents, "runs");
-	if (!runsPair?.value || !isYAMLMap(runsPair.value)) return [];
-	let runsJson = action["runs"];
-	if (!runsJson || !isCompositeActionRuns(runsJson) || !runsJson["steps"] || !Array.isArray(runsJson["steps"])) return [];
-	let stepsPair = findMapPair(runsPair.value, "steps");
-	if (!stepsPair?.value) return [];
-	return extractUsesFromSteps(stepsPair.value, filePath, content);
+function scanCompositeActionAst(a, o, s) {
+	let c = a.toJSON();
+	if (!isCompositeActionStructure(c) || !a.contents || !isYAMLMap(a.contents)) return [];
+	let l = findMapPair(a.contents, "runs");
+	if (!l?.value || !isYAMLMap(l.value)) return [];
+	let u = c.runs;
+	if (!u || !isCompositeActionRuns(u) || !u.steps || !Array.isArray(u.steps)) return [];
+	let d = findMapPair(l.value, "steps");
+	return d?.value ? extractUsesFromSteps(d.value, s, o) : [];
 }
 export { scanCompositeActionAst };

package/dist/core/ast/scanners/scan-workflow-ast.js

@@ -4,20 +4,18 @@ import { isNode } from "../guards/is-node.js";
 import { isPair } from "../guards/is-pair.js";
 import { extractUsesFromSteps } from "../utils/extract-uses-from-steps.js";
 import { findMapPair } from "../utils/find-map-pair.js";
-function scanWorkflowAst(document, content, filePath) {
-	let workflow = document.toJSON();
-	if (!isWorkflowStructure(workflow)) return [];
-	if (!document.contents || !isYAMLMap(document.contents)) return [];
-	let jobsPair = findMapPair(document.contents, "jobs");
-	if (!jobsPair?.value || !isYAMLMap(jobsPair.value)) return [];
-	let actions = [];
-	for (let jobNode of jobsPair.value.items) {
-		if (!isPair(jobNode) || !jobNode.value || !isNode(jobNode.value)) continue;
-		if (!isYAMLMap(jobNode.value)) continue;
-		let stepsPair = findMapPair(jobNode.value, "steps");
-		if (!stepsPair?.value) continue;
-		actions.push(...extractUsesFromSteps(stepsPair.value, filePath, content));
+function scanWorkflowAst(o, s, c) {
+	let l = o.toJSON();
+	if (!isWorkflowStructure(l) || !o.contents || !isYAMLMap(o.contents)) return [];
+	let u = findMapPair(o.contents, "jobs");
+	if (!u?.value || !isYAMLMap(u.value)) return [];
+	let d = [];
+	for (let e of u.value.items) {
+		if (!isPair(e) || !e.value || !isNode(e.value) || !isYAMLMap(e.value)) continue;
+		let o = findMapPair(e.value, "steps");
+		if (!o?.value) continue;
+		d.push(...extractUsesFromSteps(o.value, c, s));
 	}
-	return actions;
+	return d;
 }
 export { scanWorkflowAst };

package/dist/core/ast/update/apply-updates.js

@@ -1,40 +1,37 @@
 import { readFile, writeFile } from "node:fs/promises";
-async function applyUpdates(updates) {
-	let updatesByFile = /* @__PURE__ */ new Map();
-	for (let update of updates) {
-		let { file } = update.action;
-		if (!file) continue;
-		let fileUpdates = updatesByFile.get(file) ?? [];
-		fileUpdates.push(update);
-		updatesByFile.set(file, fileUpdates);
+async function applyUpdates(n) {
+	let r = /* @__PURE__ */ new Map();
+	for (let e of n) {
+		let { file: t } = e.action;
+		if (!t) continue;
+		let n = r.get(t) ?? [];
+		n.push(e), r.set(t, n);
 	}
-	let filePromises = [...updatesByFile.entries()].map(async ([filePath, fileUpdates]) => {
-		let content = await readFile(filePath, "utf8");
-		for (let update of fileUpdates) {
-			if (!update.latestSha) continue;
-			function escapeRegExp(string_) {
-				return string_.replaceAll(/[$()*+\-./?[\\\]^{|}]/gu, String.raw`\$&`);
+	let i = [...r.entries()].map(async ([n, r]) => {
+		let i = await readFile(n, "utf8");
+		for (let e of r) {
+			if (!e.latestSha) continue;
+			function t(e) {
+				return e.replaceAll(/[$()*+\-./?[\\\]^{|}]/gu, String.raw`\$&`);
 			}
-			let escapedName = escapeRegExp(update.action.name);
-			let escapedVersion = update.currentVersion ? escapeRegExp(update.currentVersion) : "";
-			if (escapedName.includes("\n") || escapedName.includes("\r")) {
-				console.error(`Invalid action name: ${update.action.name}`);
+			let n = t(e.action.name), r = e.currentVersion ? t(e.currentVersion) : "";
+			if (n.includes("\n") || n.includes("\r")) {
+				console.error(`Invalid action name: ${e.action.name}`);
 				continue;
 			}
-			if (escapedVersion && (escapedVersion.includes("\n") || escapedVersion.includes("\r"))) {
-				console.error(`Invalid version: ${update.currentVersion}`);
+			if (r && (r.includes("\n") || r.includes("\r"))) {
+				console.error(`Invalid version: ${e.currentVersion}`);
 				continue;
 			}
-			if (!/^[\da-f]{40}$/iu.test(update.latestSha)) {
-				console.error(`Invalid SHA format: ${update.latestSha}`);
+			if (!/^[\da-f]{40}$/iu.test(e.latestSha)) {
+				console.error(`Invalid SHA format: ${e.latestSha}`);
 				continue;
 			}
-			let pattern = new RegExp(`(^\\s*-?\\s*uses:\\s*)(['"]?)(${escapedName})@${escapedVersion}\\2(\\s*#[^\\n]*)?`, "gm");
-			let replacement = `$1$2$3@${update.latestSha}$2 # ${update.latestVersion}`;
-			content = content.replace(pattern, replacement);
+			let a = r ? String.raw`(?=[^\S\r\n]|$|#)` : "", o = RegExp(`(^\\s*-?\\s*uses:\\s*)(['"]?)(${n})@${r}\\2${a}([^\\S\\r\\n]*#[^\\r\\n]*)?`, "gm"), s = `$1$2$3@${e.latestSha}$2 # ${e.latestVersion}`;
+			i = i.replace(o, s);
 		}
-		await writeFile(filePath, content, "utf8");
+		await writeFile(n, i, "utf8");
 	});
-	await Promise.all(filePromises);
+	await Promise.all(i);
 }
 export { applyUpdates };