actions-up 1.4.2 → 1.5.0

package/dist/cli/index.js

@@ -11,11 +11,11 @@ import pc from "picocolors";
 import cac from "cac";
 function run() {
 	let l = cac("actions-up");
-	l.help().version(version).option("--dry-run", "Preview changes without applying them").option("--exclude <regex>", "Exclude actions by regex (repeatable)").option("--yes, -y", "Skip all confirmations").command("", "Update GitHub Actions").action(async (s) => {
+	l.help().version(version).option("--dir <directory>", "Custom directory name (default: .github)").option("--dry-run", "Preview changes without applying them").option("--exclude <regex>", "Exclude actions by regex (repeatable)").option("--yes, -y", "Skip all confirmations").command("", "Update GitHub Actions").action(async (s) => {
 		console.info(pc.cyan("\n🚀 Actions Up!\n"));
 		let c = createSpinner("Scanning GitHub Actions...").start();
 		try {
-			let l = await scanGitHubActions(process.cwd()), u = l.actions.length, d = l.workflows.size, f = l.compositeActions.size;
+			let l = await scanGitHubActions(process.cwd(), s.dir), u = l.actions.length, d = l.workflows.size, f = l.compositeActions.size;
 			if (c.success(`Found ${pc.yellow(u)} actions in ${pc.yellow(d)} workflows and ${pc.yellow(f)} composite actions`), u === 0) {
 				console.info(pc.green("\n✨ No GitHub Actions found in this repository"));
 				return;

package/dist/core/api/check-updates.js

@@ -163,7 +163,6 @@ function createUpdate(e, r, i) {
 	};
 }
 function compareSha(e, n) {
-	if (!e || !n) return !1;
 	let r = e.replace(/^v/u, ""), i = n.replace(/^v/u, ""), a = Math.min(r.length, i.length);
 	return a < 7 ? !1 : r.slice(0, Math.max(0, a)).toLowerCase() === i.slice(0, Math.max(0, a)).toLowerCase();
 }

package/dist/core/ast/update/apply-updates.js

@@ -27,7 +27,7 @@ async function applyUpdates(n) {
 				console.error(`Invalid SHA format: ${e.latestSha}`);
 				continue;
 			}
-			let a = r ? String.raw`(?=[^\S\r\n]|$|#)` : "", o = RegExp(`(^\\s*-?\\s*uses:\\s*)(['"]?)(${n})@${r}\\2${a}([^\\S\\r\\n]*#[^\\r\\n]*)?`, "gm"), s = `$1$2$3@${e.latestSha}$2 # ${e.latestVersion}`;
+			let a = r ? String.raw`(?=[^\S\r\n]|$|#)` : "", o = new RegExp(String.raw`(^\s*-?\s*uses:\s*)(['"]?)(${n})@${r}\2${a}([^\S\r\n]*#[^\r\n]*)?`, "gm"), s = `$1$2$3@${e.latestSha}$2 # ${e.latestVersion}`;
 			i = i.replace(o, s);
 		}
 		await writeFile(n, i, "utf8");

package/dist/core/interactive/prompt-update-selection.js

@@ -79,16 +79,14 @@ async function promptUpdateSelection(o) {
 				name: ""
 			});
 			else {
-				let i = l[e - 1];
-				if (!i) continue;
-				let { update: a, index: s } = i, c = !!a.latestSha, u = c && !a.isBreaking;
+				let { update: i, index: a } = l[e - 1], s = !!i.latestSha, c = s && !i.isBreaking;
 				h.push({
 					message: o,
-					value: String(s),
-					name: String(s),
-					disabled: !c,
+					value: String(a),
+					name: String(a),
+					disabled: !s,
 					indent: "",
-					enabled: u
+					enabled: c
 				});
 			}
 		}
@@ -171,7 +169,6 @@ function formatTableRow(e, i, a) {
 	].join("  ").replace(/\s+$/u, "");
 }
 function isSha(e) {
-	if (!e) return !1;
 	let i = e.replace(/^v/u, "");
 	return /^[0-9a-f]{7,40}$/iu.test(i);
 }

package/dist/core/scan-github-actions.d.ts

@@ -8,10 +8,12 @@ import { ScanResult } from '../types/scan-result';
  *
  * @param rootPath - The root path of the repository to scan. Defaults to
  *   current working directory.
+ * @param ciDirectory - The CI directory name (e.g., '.github' or '.gitea').
+ *   Defaults to '.github'.
  * @returns A promise that resolves to a ScanResult containing:
  *
  *   - Workflows: Map of workflow file paths to their referenced actions
  *   - CompositeActions: Map of composite action names to their directory paths
  *   - Actions: Flat array of all discovered GitHub Actions.
  */
-export declare function scanGitHubActions(rootPath?: string): Promise<ScanResult>;
+export declare function scanGitHubActions(rootPath?: string, ciDirectory?: string): Promise<ScanResult>;

package/dist/core/scan-github-actions.js

@@ -4,96 +4,85 @@ import { scanActionFile } from "./scan-action-file.js";
 import { isYamlFile } from "./fs/is-yaml-file.js";
 import { readFile, readdir, stat } from "node:fs/promises";
 import { isAbsolute, join, relative, resolve } from "node:path";
-async function scanGitHubActions(d = process.cwd()) {
-	let m = {
+async function scanGitHubActions(d = process.cwd(), m = GITHUB_DIRECTORY) {
+	let h = {
 		compositeActions: /* @__PURE__ */ new Map(),
 		workflows: /* @__PURE__ */ new Map(),
 		actions: []
-	}, h = resolve(d);
-	function g(e, o) {
+	}, g = resolve(d);
+	function _(e, o) {
 		let s = relative(e, o);
 		return s !== "" && !s.startsWith("..") && !isAbsolute(s);
 	}
-	let _ = join(h, GITHUB_DIRECTORY);
-	if (!g(h, _)) throw Error("Invalid path: detected path traversal attempt");
-	function v(e) {
+	let v = join(g, m);
+	if (!_(g, v)) throw Error("Invalid path: detected path traversal attempt");
+	function y(e) {
 		return e.includes("..") || e.includes("/") || e.includes("\\") ? (console.warn(`Skipping invalid name: ${e}`), !1) : !0;
 	}
-	let y = join(_, WORKFLOWS_DIRECTORY);
-	if (!g(h, y)) return m;
+	let b = join(v, WORKFLOWS_DIRECTORY);
 	try {
-		if ((await stat(y)).isDirectory()) {
-			let e = (await readdir(y)).filter((e) => v(e) ? isYamlFile(e) : !1).map(async (e) => {
-				let l = join(y, e);
-				if (!g(y, l)) return console.warn(`Skipping file outside workflows directory: ${e}`), {
-					success: !1,
-					actions: [],
-					path: ""
-				};
+		if ((await stat(b)).isDirectory()) {
+			let e = (await readdir(b)).filter((e) => y(e) ? isYamlFile(e) : !1).map(async (e) => {
+				let o = join(b, e);
 				try {
-					let u = await scanWorkflowFile(l);
+					let l = await scanWorkflowFile(o);
 					return {
-						path: `${GITHUB_DIRECTORY}/${WORKFLOWS_DIRECTORY}/${e}`,
+						path: `${m}/${WORKFLOWS_DIRECTORY}/${e}`,
 						success: !0,
-						actions: u
+						actions: l
 					};
 				} catch {
 					return {
-						path: `${GITHUB_DIRECTORY}/${WORKFLOWS_DIRECTORY}/${e}`,
+						path: `${m}/${WORKFLOWS_DIRECTORY}/${e}`,
 						success: !1,
 						actions: []
 					};
 				}
-			}), l = await Promise.all(e);
-			for (let e of l) e.success && e.path && (e.actions.length > 0 ? (m.workflows.set(e.path, e.actions), m.actions.push(...e.actions)) : m.workflows.set(e.path, []));
+			}), o = await Promise.all(e);
+			for (let e of o) e.success && e.path && (e.actions.length > 0 ? (h.workflows.set(e.path, e.actions), h.actions.push(...e.actions)) : h.workflows.set(e.path, []));
 		}
 	} catch {}
-	let b = join(_, ACTIONS_DIRECTORY);
-	if (!g(h, b)) return m;
+	let x = join(v, ACTIONS_DIRECTORY);
 	try {
-		if ((await stat(b)).isDirectory()) {
-			let s = (await readdir(b)).map(async (s) => {
-				if (!v(s)) return null;
-				let c = join(b, s);
-				if (!g(b, c)) return console.warn(`Skipping subdirectory outside actions path: ${s}`), null;
+		if ((await stat(x)).isDirectory()) {
+			let o = (await readdir(x)).map(async (o) => {
+				if (!y(o)) return null;
+				let s = join(x, o);
 				try {
-					if (!(await stat(c)).isDirectory()) return null;
-					let u = join(c, "action.yml");
-					if (!g(c, u)) return null;
-					let d = [];
+					if (!(await stat(s)).isDirectory()) return null;
+					let c = join(s, "action.yml"), u = [];
 					try {
-						d = await scanActionFile(u);
+						u = await scanActionFile(c);
 					} catch {
 						try {
-							if (u = join(c, "action.yaml"), !g(c, u)) return null;
-							d = await scanActionFile(u);
+							c = join(s, "action.yaml"), u = await scanActionFile(c);
 						} catch {
 							return null;
 						}
 					}
 					return {
-						path: `${GITHUB_DIRECTORY}/${ACTIONS_DIRECTORY}/${s}`,
-						name: s,
-						actions: d
+						path: `${m}/${ACTIONS_DIRECTORY}/${o}`,
+						name: o,
+						actions: u
 					};
 				} catch {
 					return null;
 				}
-			}), c = await Promise.all(s);
-			for (let e of c) e && (m.compositeActions.set(e.name, e.path), m.actions.push(...e.actions));
+			}), s = await Promise.all(o);
+			for (let e of s) e && (h.compositeActions.set(e.name, e.path), h.actions.push(...e.actions));
 		}
 	} catch {}
 	try {
-		let e = await getCurrentRepoSlug(h);
+		let e = await getCurrentRepoSlug(g);
 		if (e) {
 			if (process.env.ACTIONS_UP_TEST_THROW === "1") throw Error("test");
 			let o = /* @__PURE__ */ new Set(), s = [];
-			for (let c of m.actions) {
+			for (let c of h.actions) {
 				if (c.type !== "external") continue;
 				let l = c.name.split("/");
 				if (l.length < 3 || `${l[0]}/${l[1]}` !== e) continue;
-				let u = join(h, ...l.slice(2));
-				g(h, u) && (o.has(u) || (o.add(u), s.push(u)));
+				let u = join(g, ...l.slice(2));
+				_(g, u) && (o.has(u) || (o.add(u), s.push(u)));
 			}
 			async function c() {
 				if (s.length === 0) return;
@@ -107,14 +96,14 @@ async function scanGitHubActions(d = process.cwd()) {
 							d = u;
 						}
 						let f = await scanActionFile(d);
-						f.length > 0 && m.actions.push(...f);
+						f.length > 0 && h.actions.push(...f);
 						let p = [];
 						for (let s of f) {
 							if (s.type !== "external") continue;
 							let c = s.name.split("/");
 							if (c.length < 3 || `${c[0]}/${c[1]}` !== e) continue;
-							let l = join(h, ...c.slice(2));
-							g(h, l) && (o.has(l) || (o.add(l), p.push(l)));
+							let l = join(g, ...c.slice(2));
+							_(g, l) && (o.has(l) || (o.add(l), p.push(l)));
 						}
 						return p;
 					} catch {
@@ -127,7 +116,7 @@ async function scanGitHubActions(d = process.cwd()) {
 			await c();
 		}
 	} catch {}
-	return m;
+	return h;
 }
 async function getCurrentRepoSlug(e) {
 	let o = process.env.GITHUB_REPOSITORY;

package/dist/package.js

@@ -1,2 +1,2 @@
-const version = "1.4.2";
+const version = "1.5.0";
 export { version };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "actions-up",
-  "version": "1.4.2",
+  "version": "1.5.0",
   "description": "Interactive CLI tool to update GitHub Actions to latest versions with SHA pinning",
   "keywords": [
     "github-actions",

package/readme.md

@@ -122,6 +122,14 @@ Check for updates without making any changes:
 npx actions-up --dry-run
 ```
 
+### Custom Directory
+
+By default, Actions Up scans the `.github` directory. You can specify a different directory (e.g., for Gitea):
+
+```bash
+npx actions-up --dir .gitea
+```
+
 ## GitHub Actions Integration
 
 ### Automated PR Checks