actions-up 1.8.0 → 1.9.0

package/dist/core/scan-github-actions.js

@@ -19,11 +19,19 @@ async function scanGitHubActions(d = process.cwd(), m = GITHUB_DIRECTORY) {
 	function y(e) {
 		return e.includes("..") || e.includes("/") || e.includes("\\") ? (console.warn(`Skipping invalid name: ${e}`), !1) : !0;
 	}
-	let b = join(v, WORKFLOWS_DIRECTORY);
+	async function b(e) {
+		try {
+			let o = await stat(e);
+			return typeof o.isFile == "function" ? o.isFile() : !1;
+		} catch {
+			return !1;
+		}
+	}
+	let x = join(v, WORKFLOWS_DIRECTORY);
 	try {
-		if ((await stat(b)).isDirectory()) {
-			let e = (await readdir(b)).filter((e) => y(e) ? isYamlFile(e) : !1).map(async (e) => {
-				let o = join(b, e);
+		if ((await stat(x)).isDirectory()) {
+			let e = (await readdir(x)).filter((e) => y(e) ? isYamlFile(e) : !1).map(async (e) => {
+				let o = join(x, e);
 				try {
 					let l = await scanWorkflowFile(o);
 					return {
@@ -42,12 +50,29 @@ async function scanGitHubActions(d = process.cwd(), m = GITHUB_DIRECTORY) {
 			for (let e of o) e.success && e.path && (e.actions.length > 0 ? (h.workflows.set(e.path, e.actions), h.actions.push(...e.actions)) : h.workflows.set(e.path, []));
 		}
 	} catch {}
-	let x = join(v, ACTIONS_DIRECTORY);
 	try {
-		if ((await stat(x)).isDirectory()) {
-			let o = (await readdir(x)).map(async (o) => {
+		let e = join(g, "action.yml"), o = join(g, "action.yaml"), s = null, c = [];
+		if (await b(e)) try {
+			c = await scanActionFile(e), s = e;
+		} catch {
+			s = null;
+		}
+		if (!s && await b(o)) try {
+			c = await scanActionFile(o), s = o;
+		} catch {
+			s = null;
+		}
+		if (s) {
+			let e = relative(g, s);
+			h.compositeActions.set(e, e), c.length > 0 && h.actions.push(...c);
+		}
+	} catch {}
+	let S = join(v, ACTIONS_DIRECTORY);
+	try {
+		if ((await stat(S)).isDirectory()) {
+			let o = (await readdir(S)).map(async (o) => {
 				if (!y(o)) return null;
-				let s = join(x, o);
+				let s = join(S, o);
 				try {
 					if (!(await stat(s)).isDirectory()) return null;
 					let c = join(s, "action.yml"), u = [];

package/dist/package.js

@@ -1,2 +1,2 @@
-const version = "1.8.0";
+const version = "1.9.0";
 export { version };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "actions-up",
-  "version": "1.8.0",
+  "version": "1.9.0",
   "description": "Interactive CLI tool to update GitHub Actions to latest versions with SHA pinning",
   "keywords": [
     "github-actions",

package/readme.md

@@ -18,7 +18,7 @@ Interactively upgrade and pin actions to exact commit SHAs for secure, reproduci
 
 ## Features
 
-- **Auto-discovery**: Scans all workflows (`.github/workflows/*.yml`) and composite actions (`.github/actions/*/action.yml`)
+- **Auto-discovery**: Scans all workflows (`.github/workflows/*.yml`) and composite actions (`.github/actions/*/action.yml` and root `action.yml`/`action.yaml`)
 - **Reusable Workflows**: Detects and updates reusable workflow calls at the job level
 - **SHA pinning**: Updates actions to use commit SHA instead of tags for better security
 - **Batch Updates**: Update multiple actions at once
@@ -100,7 +100,7 @@ npx actions-up
 
 This will:
 
-1. Scan all `.github/workflows/*.yml` and `.github/actions/*/action.yml` files
+1. Scan all `.github/workflows/*.yml` and `.github/actions/*/action.yml` files, plus root `action.yml`/`action.yaml`
 2. Check for available updates
 3. Show an interactive list to select updates
 4. Apply selected updates with SHA pinning