actions-up 1.7.0 ā†’ 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/cli/index.js +1 -1
  2. package/dist/core/ast/update/apply-updates.js +5 -2
  3. package/dist/core/scan-github-actions.js +33 -8
  4. package/dist/package.js +1 -1
  5. package/package.json +1 -1
  6. package/readme.md +2 -2
package/dist/cli/index.js CHANGED
@@ -60,7 +60,7 @@ function run() {
60
60
  }
61
61
  console.info(pc.yellow(`\nšŸ”„ Updating ${e.length} actions...\n`)), await applyUpdates(e), console.info(pc.green("\nāœ“ Updates applied successfully!"));
62
62
  } else {
63
- let o = await promptUpdateSelection(y, { showAge: c.minAge > 0 });
63
+ let o = await promptUpdateSelection(x, { showAge: c.minAge > 0 });
64
64
  if (!o || o.length === 0) {
65
65
  console.info(pc.gray("\nNo updates applied"));
66
66
  return;
package/dist/core/ast/update/apply-updates.js CHANGED
@@ -27,8 +27,11 @@ async function applyUpdates(n) {
27
27
  console.error(`Invalid SHA format: ${e.latestSha}`);
28
28
  continue;
29
29
  }
30
- let a = r ? String.raw`(?=[^\S\r\n]|$|#)` : "", o = new RegExp(String.raw`(^\s*-?\s*uses:\s*)(['"]?)(${n})@${r}\2${a}([^\S\r\n]*#[^\r\n]*)?`, "gm"), s = `$1$2$3@${e.latestSha}$2 # ${e.latestVersion}`;
31
- i = i.replace(o, s);
30
+ let a = String.raw`['"]?\buses\b['"]?\s*:\s*`, o = String.raw`(?:^[^\S\n]*(?:-[^\S\n]*)?|[{\[,][^\S\n]*)` + a, s = new RegExp(String.raw`(?<prefix>${o})` + String.raw`(?<quote>['"]?)` + String.raw`(?<name>${n})@${r}` + String.raw`\k<quote>` + String.raw`(?<after>[ \t\]}{,]*)` + String.raw`(?<comment>[^\S\r\n]*#[^\r\n]*)?`, "gm");
31
+ i = i.replace(s, (t, ...n) => {
32
+ let i = n.at(-3), a = n.at(-2), o = n.at(-1), s = a.indexOf("\n", i + t.length), c = (s === -1 ? a.slice(i + t.length) : a.slice(i + t.length, s)).trim().length > 0, l = o.after.endsWith(" ") ? "" : " ", u = c && !o.comment && r !== "" ? "" : `${l}# ${e.latestVersion}`;
33
+ return `${`${o.prefix}${o.quote}${o.name}`}@${`${e.latestSha}${o.quote}${o.after}${u}`}`;
34
+ });
32
35
  }
33
36
  await writeFile(n, i, "utf8");
34
37
  });
package/dist/core/scan-github-actions.js CHANGED
@@ -19,11 +19,19 @@ async function scanGitHubActions(d = process.cwd(), m = GITHUB_DIRECTORY) {
19
19
  function y(e) {
20
20
  return e.includes("..") || e.includes("/") || e.includes("\\") ? (console.warn(`Skipping invalid name: ${e}`), !1) : !0;
21
21
  }
22
- let b = join(v, WORKFLOWS_DIRECTORY);
22
+ async function b(e) {
23
+ try {
24
+ let o = await stat(e);
25
+ return typeof o.isFile == "function" ? o.isFile() : !1;
26
+ } catch {
27
+ return !1;
28
+ }
29
+ }
30
+ let x = join(v, WORKFLOWS_DIRECTORY);
23
31
  try {
24
- if ((await stat(b)).isDirectory()) {
25
- let e = (await readdir(b)).filter((e) => y(e) ? isYamlFile(e) : !1).map(async (e) => {
26
- let o = join(b, e);
32
+ if ((await stat(x)).isDirectory()) {
33
+ let e = (await readdir(x)).filter((e) => y(e) ? isYamlFile(e) : !1).map(async (e) => {
34
+ let o = join(x, e);
27
35
  try {
28
36
  let l = await scanWorkflowFile(o);
29
37
  return {
@@ -42,12 +50,29 @@ async function scanGitHubActions(d = process.cwd(), m = GITHUB_DIRECTORY) {
42
50
  for (let e of o) e.success && e.path && (e.actions.length > 0 ? (h.workflows.set(e.path, e.actions), h.actions.push(...e.actions)) : h.workflows.set(e.path, []));
43
51
  }
44
52
  } catch {}
45
- let x = join(v, ACTIONS_DIRECTORY);
46
53
  try {
47
- if ((await stat(x)).isDirectory()) {
48
- let o = (await readdir(x)).map(async (o) => {
54
+ let e = join(g, "action.yml"), o = join(g, "action.yaml"), s = null, c = [];
55
+ if (await b(e)) try {
56
+ c = await scanActionFile(e), s = e;
57
+ } catch {
58
+ s = null;
59
+ }
60
+ if (!s && await b(o)) try {
61
+ c = await scanActionFile(o), s = o;
62
+ } catch {
63
+ s = null;
64
+ }
65
+ if (s) {
66
+ let e = relative(g, s);
67
+ h.compositeActions.set(e, e), c.length > 0 && h.actions.push(...c);
68
+ }
69
+ } catch {}
70
+ let S = join(v, ACTIONS_DIRECTORY);
71
+ try {
72
+ if ((await stat(S)).isDirectory()) {
73
+ let o = (await readdir(S)).map(async (o) => {
49
74
  if (!y(o)) return null;
50
- let s = join(x, o);
75
+ let s = join(S, o);
51
76
  try {
52
77
  if (!(await stat(s)).isDirectory()) return null;
53
78
  let c = join(s, "action.yml"), u = [];
package/dist/package.js CHANGED
@@ -1,2 +1,2 @@
1
- const version = "1.7.0";
1
+ const version = "1.9.0";
2
2
  export { version };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "actions-up",
3
- "version": "1.7.0",
3
+ "version": "1.9.0",
4
4
  "description": "Interactive CLI tool to update GitHub Actions to latest versions with SHA pinning",
5
5
  "keywords": [
6
6
  "github-actions",
package/readme.md CHANGED
@@ -18,7 +18,7 @@ Interactively upgrade and pin actions to exact commit SHAs for secure, reproduci
18
18
 
19
19
  ## Features
20
20
 
21
- - **Auto-discovery**: Scans all workflows (`.github/workflows/*.yml`) and composite actions (`.github/actions/*/action.yml`)
21
+ - **Auto-discovery**: Scans all workflows (`.github/workflows/*.yml`) and composite actions (`.github/actions/*/action.yml` and root `action.yml`/`action.yaml`)
22
22
  - **Reusable Workflows**: Detects and updates reusable workflow calls at the job level
23
23
  - **SHA pinning**: Updates actions to use commit SHA instead of tags for better security
24
24
  - **Batch Updates**: Update multiple actions at once
@@ -100,7 +100,7 @@ npx actions-up
100
100
 
101
101
  This will:
102
102
 
103
- 1. Scan all `.github/workflows/*.yml` and `.github/actions/*/action.yml` files
103
+ 1. Scan all `.github/workflows/*.yml` and `.github/actions/*/action.yml` files, plus root `action.yml`/`action.yaml`
104
104
  2. Check for available updates
105
105
  3. Show an interactive list to select updates
106
106
  4. Apply selected updates with SHA pinning