Compare commits

...

37 Commits

Author SHA1 Message Date
Salman Muin Kayser Chishti 8883833d6d chore: fix npm audit vulnerabilities (glob, js-yaml) 2025-12-08 21:14:00 +00:00
Salman Chishti 48f166f6d5 Merge pull request #2175 from actions/prepare-core-1.12.0-release
Prepare @actions/core 2.0.0 release
2025-12-08 16:28:47 +00:00
Salman Muin Kayser Chishti 4bc377e1b4 Timeout time back to normal, as it was like this for debugging 2025-12-08 12:47:19 +00:00
Salman Muin Kayser Chishti bf1b64008f fix: use detached:true on all platforms for exec stream tests
On Windows, detached:true is needed to properly keep stdio handles
open after the parent process exits.
2025-12-08 12:35:33 +00:00
Salman Muin Kayser Chishti 894f77901e fix: improve exec stream tests cross-platform handling
- Update spawn-wait-for-file.js to use proper stdio inheritance
- Add small delay before exit to ensure child process inherits handles
- Simplify test code to use the helper script instead of shell commands
2025-12-08 12:28:52 +00:00
Tingting Wang 7993066184 Merge pull request #2174 from actions/dependabot/npm_and_yarn/packages/attest/tar-7.5.2
Bump tar from 7.5.1 to 7.5.2 in /packages/attest
2025-12-05 17:13:09 -08:00
dependabot[bot] f014075da9 Bump tar from 7.5.1 to 7.5.2 in /packages/attest
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.1 to 7.5.2.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.1...v7.5.2)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-06 01:06:03 +00:00
Tingting Wang 4500de75c1 Merge pull request #2187 from actions/dependabot/npm_and_yarn/packages/attest/glob-10.5.0
Bump glob from 10.4.5 to 10.5.0 in /packages/attest
2025-12-05 17:04:14 -08:00
dependabot[bot] 47017fa24b Bump glob from 10.4.5 to 10.5.0 in /packages/attest
Bumps [glob](https://github.com/isaacs/node-glob) from 10.4.5 to 10.5.0.
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0)

---
updated-dependencies:
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-19 17:36:35 +00:00
Salman Muin Kayser Chishti d97deb1f60 tests(exec): use platform-aware spawn options in spawn-wait-for-file script (detach on Unix, hide window on Windows) 2025-11-18 15:45:59 +00:00
Salman Muin Kayser Chishti df111e1104 tests(glob): set GITHUB_WORKSPACE to __dirname in hash-files.test 2025-11-18 15:32:19 +00:00
Salman Muin Kayser Chishti a3588a70ba update hash files test 2025-11-18 14:21:47 +00:00
Salman Chishti 6b63a2bfc3 Merge pull request #2176 from actions/prepare-exec-2.0.0-release
Prepare @actions/exec 2.0.0 release
2025-11-18 14:13:24 +00:00
Salman Muin Kayser Chishti 290017ff81 update package json 2025-11-04 13:53:28 +00:00
Salman Chishti 2a876cd69d Update packages/exec/RELEASES.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-11-04 13:50:24 +00:00
Salman Muin Kayser Chishti 7cba4c8084 npm install 2025-10-31 16:02:54 +00:00
Salman Muin Kayser Chishti f79b906406 Prepare @actions/exec 2.0.0 release 2025-10-31 15:55:29 +00:00
Salman Muin Kayser Chishti 1bcc453b44 Prepare @actions/core 2.0.0 release 2025-10-31 15:52:21 +00:00
Salman Chishti dcae869a03 Merge pull request #2167 from actions/prepare-http-client-3.0.0-release
Prepare @actions/http-client 3.0.0 release
2025-10-31 15:27:38 +00:00
Salman Chishti 23769d04c7 Merge pull request #2166 from actions/prepare-io-2.0.0-release
Prepare @actions/io 2.0.0 release
2025-10-31 15:27:26 +00:00
Daniel Kennedy d3ab50471b Merge pull request #2168 from actions/danwkennedy/prepare-4.0.0
Artifact: prepare `v4.0.0`
2025-10-24 13:38:36 -04:00
Daniel Kennedy 1388fd1cac Artifact: prepare 4.0.0 2025-10-24 13:28:26 -04:00
Bassem Dghaidi 5b446d2657 Merge pull request #2165 from austenstone/max-list-artifact-2k
fix: artifact pagination bugs and configurable artifact count limits
2025-10-24 17:23:44 +02:00
Austen Stone 006d6978c1 linting 2025-10-22 11:44:21 -04:00
Austen Stone 02afeb1577 style: wrap ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT env var assignment for readability 2025-10-22 11:42:01 -04:00
Salman Chishti d47594b536 Update packages/http-client/RELEASES.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-10-22 15:44:09 +01:00
Salman Muin Kayser Chishti 2823824b94 Prepare @actions/http-client 3.0.0 release 2025-10-22 15:40:17 +01:00
Austen Stone cbc06d6766 fix: ensure max artifact count variable is treated as a string 2025-10-22 07:47:51 -04:00
Austen Stone 9bb6708527 fix: remove redundant check for max artifact count variable 2025-10-22 07:41:31 -04:00
Austen Stone be1151df02 Apply suggestion from @Link-
Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>
2025-10-22 07:39:45 -04:00
Salman Muin Kayser Chishti 130842f4e8 Prepare @actions/io 2.0.0 release 2025-10-21 15:55:10 +01:00
Salman Chishti ab82301c62 Merge pull request #2164 from actions/prepare-attest-2.0.0-release
Prepare @actions/attest 2.0.0 release
2025-10-21 15:08:28 +01:00
Austen Stone fea4f6b5c5 fix: resolve critical pagination bugs and add comprehensive testing
- Fix off-by-one error in pagination loop (< to <=) that prevented fetching last page
- Add Math.ceil() to maxNumberOfPages calculation for proper limit handling
- Replace hardcoded 2000 limit with configurable getMaxArtifactListCount()
- Add pagination test for multi-page artifact listing
- Add environment variable test for ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT
- Add comprehensive test coverage for getMaxArtifactListCount() function

Fixes compound bug where pagination and limit logic capped results at 900 artifacts instead of intended 1000.
2025-10-21 09:22:11 -04:00
Salman Muin Kayser Chishti d3ade9ecfc Prepare @actions/attest 2.0.0 release 2025-10-20 12:07:20 +01:00
functionstackx fb592eec03 Update packages/artifact/src/internal/find/list-artifacts.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-10-17 18:05:06 -04:00
functionstackx 70e79399a2 fix: bumping max list artifact to 2k 2025-10-16 23:13:34 -04:00
Eugene acb230b99a Merge pull request #2160 from actions/ejahnGithub-patch-1
Remove unnecessary Buffer to Uint8Array conversion
2025-10-16 12:22:23 -04:00
23 changed files with 384 additions and 126 deletions
+1 -1
View File
@@ -5,7 +5,7 @@ module.exports = {
testEnvironment: 'node',
testMatch: ['**/__tests__/*.test.ts'],
transform: {
'^.+\\.ts$': 'ts-jest'
'^.+\\.ts$': ['ts-jest', {isolatedModules: true, diagnostics: {warnOnly: true}}]
},
verbose: true
}
+18 -18
View File
@@ -822,9 +822,9 @@
}
},
"node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml": {
"version": "3.14.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
"version": "3.14.2",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
"integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -2100,9 +2100,9 @@
}
},
"node_modules/@npmcli/map-workspaces/node_modules/glob": {
"version": "10.4.5",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.4.5.tgz",
"integrity": "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==",
"version": "10.5.0",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
"integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
"dev": true,
"license": "ISC",
"dependencies": {
@@ -2206,9 +2206,9 @@
}
},
"node_modules/@npmcli/package-json/node_modules/glob": {
"version": "10.4.5",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.4.5.tgz",
"integrity": "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==",
"version": "10.5.0",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
"integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
"dev": true,
"license": "ISC",
"dependencies": {
@@ -3872,9 +3872,9 @@
}
},
"node_modules/@yarnpkg/parsers/node_modules/js-yaml": {
"version": "3.14.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
"version": "3.14.2",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
"integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -4754,9 +4754,9 @@
}
},
"node_modules/cacache/node_modules/glob": {
"version": "10.4.5",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.4.5.tgz",
"integrity": "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==",
"version": "10.5.0",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
"integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
"dev": true,
"license": "ISC",
"dependencies": {
@@ -12955,9 +12955,9 @@
}
},
"node_modules/pacote/node_modules/glob": {
"version": "10.4.5",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.4.5.tgz",
"integrity": "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==",
"version": "10.5.0",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
"integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
"dev": true,
"license": "ISC",
"dependencies": {
+7
View File
@@ -1,5 +1,12 @@
# @actions/artifact Releases
### 4.0.0
- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
- Fix: artifact pagination bugs and configurable artifact count limits [#2165](https://github.com/actions/toolkit/pull/2165)
- Fix: reject the promise on timeout [#2124](https://github.com/actions/toolkit/pull/2124)
- Update dependency versions
### 2.3.3
- Dependency updates [#2049](https://github.com/actions/toolkit/pull/2049)
@@ -105,3 +105,45 @@ describe('uploadConcurrencyEnv', () => {
}).toThrow()
})
})
describe('getMaxArtifactListCount', () => {
beforeEach(() => {
delete process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT
})
it('should return default 1000 when no env set', () => {
expect(config.getMaxArtifactListCount()).toBe(1000)
})
it('should return value set in ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT', () => {
process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = '2000'
expect(config.getMaxArtifactListCount()).toBe(2000)
})
it('should throw if value set in ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT is invalid', () => {
process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = 'abc'
expect(() => {
config.getMaxArtifactListCount()
}).toThrow(
'Invalid value set for ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT env variable'
)
})
it('should throw if ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT is < 1', () => {
process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = '0'
expect(() => {
config.getMaxArtifactListCount()
}).toThrow(
'Invalid value set for ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT env variable'
)
})
it('should throw if ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT is negative', () => {
process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = '-100'
expect(() => {
config.getMaxArtifactListCount()
}).toThrow(
'Invalid value set for ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT env variable'
)
})
})
@@ -170,6 +170,126 @@ describe('list-artifact', () => {
)
).rejects.toThrow('boom')
})
it('should handle pagination correctly when fetching multiple pages', async () => {
const mockRequest = github.getOctokit(fixtures.token)
.request as MockedRequest
const manyArtifacts = Array.from({length: 150}, (_, i) => ({
id: i + 1,
name: `artifact-${i + 1}`,
size: 100,
createdAt: new Date('2023-12-01')
}))
mockRequest
.mockResolvedValueOnce({
status: 200,
headers: {},
url: '',
data: {
...artifactsToListResponse(manyArtifacts.slice(0, 100)),
total_count: 150
}
})
.mockResolvedValueOnce({
status: 200,
headers: {},
url: '',
data: {
...artifactsToListResponse(manyArtifacts.slice(100, 150)),
total_count: 150
}
})
const response = await listArtifactsPublic(
fixtures.runId,
fixtures.owner,
fixtures.repo,
fixtures.token,
false
)
// Verify that both API calls were made
expect(mockRequest).toHaveBeenCalledTimes(2)
// Should return all 150 artifacts across both pages
expect(response.artifacts).toHaveLength(150)
// Verify we got artifacts from both pages
expect(response.artifacts[0].name).toBe('artifact-1')
expect(response.artifacts[99].name).toBe('artifact-100')
expect(response.artifacts[100].name).toBe('artifact-101')
expect(response.artifacts[149].name).toBe('artifact-150')
})
it('should respect ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT environment variable', async () => {
const originalEnv = process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT
process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = '150'
jest.resetModules()
try {
const {listArtifactsPublic: listArtifactsPublicReloaded} = await import(
'../src/internal/find/list-artifacts'
)
const githubReloaded = await import('@actions/github')
const mockRequest = (githubReloaded.getOctokit as jest.Mock)(
fixtures.token
).request as MockedRequest
const manyArtifacts = Array.from({length: 200}, (_, i) => ({
id: i + 1,
name: `artifact-${i + 1}`,
size: 100,
createdAt: new Date('2023-12-01')
}))
mockRequest
.mockResolvedValueOnce({
status: 200,
headers: {},
url: '',
data: {
...artifactsToListResponse(manyArtifacts.slice(0, 100)),
total_count: 200
}
})
.mockResolvedValueOnce({
status: 200,
headers: {},
url: '',
data: {
...artifactsToListResponse(manyArtifacts.slice(100, 150)),
total_count: 200
}
})
const response = await listArtifactsPublicReloaded(
fixtures.runId,
fixtures.owner,
fixtures.repo,
fixtures.token,
false
)
// Should only return 150 artifacts due to the limit
expect(response.artifacts).toHaveLength(150)
expect(response.artifacts[0].name).toBe('artifact-1')
expect(response.artifacts[149].name).toBe('artifact-150')
} finally {
// Restore original environment variable
if (originalEnv !== undefined) {
process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = originalEnv
} else {
delete process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT
}
// Reset modules again to restore original state
jest.resetModules()
}
})
})
describe('internal', () => {
+6 -5
View File
@@ -1,12 +1,12 @@
{
"name": "@actions/artifact",
"version": "3.0.0",
"version": "4.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@actions/artifact",
"version": "3.0.0",
"version": "4.0.0",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.10.0",
@@ -1566,9 +1566,9 @@
}
},
"node_modules/glob": {
"version": "10.4.5",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.4.5.tgz",
"integrity": "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==",
"version": "10.5.0",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
"integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
"license": "ISC",
"dependencies": {
"foreground-child": "^3.1.0",
@@ -2385,6 +2385,7 @@
"version": "5.9.2",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.2.tgz",
"integrity": "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A==",
"dev": true,
"license": "Apache-2.0",
"bin": {
"tsc": "bin/tsc",
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "@actions/artifact",
"version": "3.0.0",
"version": "4.0.0",
"preview": true,
"description": "Actions artifact lib",
"keywords": [
@@ -9,12 +9,12 @@ import {retry} from '@octokit/plugin-retry'
import {OctokitOptions} from '@octokit/core/dist-types/types'
import {internalArtifactTwirpClient} from '../shared/artifact-twirp-client'
import {getBackendIdsFromToken} from '../shared/util'
import {getMaxArtifactListCount} from '../shared/config'
import {ListArtifactsRequest, Timestamp} from '../../generated'
// Limiting to 1000 for perf reasons
const maximumArtifactCount = 1000
const maximumArtifactCount = getMaxArtifactListCount()
const paginationCount = 100
const maxNumberOfPages = maximumArtifactCount / paginationCount
const maxNumberOfPages = Math.ceil(maximumArtifactCount / paginationCount)
export async function listArtifactsPublic(
workflowRunId: number,
@@ -59,7 +59,7 @@ export async function listArtifactsPublic(
const totalArtifactCount = listArtifactResponse.total_count
if (totalArtifactCount > maximumArtifactCount) {
warning(
`Workflow run ${workflowRunId} has more than 1000 artifacts. Results will be incomplete as only the first ${maximumArtifactCount} artifacts will be returned`
`Workflow run ${workflowRunId} has ${totalArtifactCount} artifacts, exceeding the limit of ${maximumArtifactCount}. Results will be incomplete as only the first ${maximumArtifactCount} artifacts will be returned`
)
numberOfPages = maxNumberOfPages
}
@@ -81,7 +81,7 @@ export async function listArtifactsPublic(
// Iterate over any remaining pages
for (
currentPageNumber;
currentPageNumber < numberOfPages;
currentPageNumber <= numberOfPages;
currentPageNumber++
) {
debug(`Fetching page ${currentPageNumber} of artifact list`)
@@ -97,3 +97,19 @@ export function getUploadChunkTimeout(): number {
return timeout
}
// This value can be changed with ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT variable.
// Defaults to 1000 as a safeguard for rate limiting.
export function getMaxArtifactListCount(): number {
const maxCountVar =
process.env['ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT'] || '1000'
const maxCount = parseInt(maxCountVar)
if (isNaN(maxCount) || maxCount < 1) {
throw new Error(
'Invalid value set for ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT env variable'
)
}
return maxCount
}
+7
View File
@@ -1,5 +1,12 @@
# @actions/attest Releases
### 2.0.0
- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
- Bump @sigstore/bundle from 3.0.0 to 3.1.0
- Bump @sigstore/sign from 3.0.0 to 3.1.0
- Bump jose from 5.2.3 to 5.10.0
### 1.6.0
- Update `buildSLSAProvenancePredicate` to populate `workflow.ref` field from the `ref` claim in the OIDC token [#1969](https://github.com/actions/toolkit/pull/1969)
+10 -9
View File
@@ -1,12 +1,12 @@
{
"name": "@actions/attest",
"version": "1.6.0",
"version": "2.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@actions/attest",
"version": "1.6.0",
"version": "2.0.0",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.11.1",
@@ -192,6 +192,7 @@
"resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.2.2.tgz",
"integrity": "sha512-/g2d4sW9nUDJOMz3mabVQvOGhVa4e/BN/Um7yca9Bb2XTzPPnfTWHWQg+IsEYO7M3Vx+EXvaM/I2pJWIMun1bg==",
"license": "MIT",
"peer": true,
"dependencies": {
"@octokit/auth-token": "^4.0.0",
"@octokit/graphql": "^7.1.0",
@@ -895,9 +896,9 @@
}
},
"node_modules/glob": {
"version": "10.4.5",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.4.5.tgz",
"integrity": "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==",
"version": "10.5.0",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
"integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
"license": "ISC",
"dependencies": {
"foreground-child": "^3.1.0",
@@ -1573,10 +1574,10 @@
}
},
"node_modules/tar": {
"version": "7.5.1",
"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.1.tgz",
"integrity": "sha512-nlGpxf+hv0v7GkWBK2V9spgactGOp0qvfWRxUMjqHyzrt3SgwE48DIv/FhqPHJYLHpgW1opq3nERbz5Anq7n1g==",
"license": "ISC",
"version": "7.5.2",
"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.2.tgz",
"integrity": "sha512-7NyxrTE4Anh8km8iEy7o0QYPs+0JKBTj5ZaqHg6B39erLg0qYXN3BijtShwbsNSvQ+LN75+KV+C4QR/f6Gwnpg==",
"license": "BlueOak-1.0.0",
"dependencies": {
"@isaacs/fs-minipass": "^4.0.0",
"chownr": "^3.0.0",
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "@actions/attest",
"version": "1.6.0",
"version": "2.0.0",
"description": "Actions attestation lib",
"keywords": [
"github",
+5 -1
View File
@@ -1,6 +1,10 @@
# @actions/core Releases
### 1.11.1
## 2.0.0
- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
- Bump @actions/http-client from 2.0.1 to 3.0.0
## 1.11.1
- Fix uses of `crypto.randomUUID` on Node 18 and earlier [#1842](https://github.com/actions/toolkit/pull/1842)
### 1.11.0
+48 -11
View File
@@ -1,16 +1,16 @@
{
"name": "@actions/core",
"version": "1.11.1",
"version": "2.0.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "@actions/core",
"version": "1.11.1",
"version": "2.0.0",
"license": "MIT",
"dependencies": {
"@actions/exec": "^1.1.1",
"@actions/http-client": "^2.0.1"
"@actions/http-client": "^3.0.0"
},
"devDependencies": {
"@types/node": "^16.18.112"
@@ -25,11 +25,13 @@
}
},
"node_modules/@actions/http-client": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz",
"integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==",
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-3.0.0.tgz",
"integrity": "sha512-1s3tXAfVMSz9a4ZEBkXXRQD4QhY3+GAsWSbaYpeknPOKEeyRiU3lH+bHiLMZdo2x/fIeQ/hscL1wCkDLVM2DZQ==",
"license": "MIT",
"dependencies": {
"tunnel": "^0.0.6"
"tunnel": "^0.0.6",
"undici": "^5.28.5"
}
},
"node_modules/@actions/io": {
@@ -37,6 +39,15 @@
"resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
"integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
},
"node_modules/@fastify/busboy": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
"integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
"license": "MIT",
"engines": {
"node": ">=14"
}
},
"node_modules/@types/node": {
"version": "16.18.112",
"resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.112.tgz",
@@ -50,6 +61,18 @@
"engines": {
"node": ">=0.6.11 <=0.7.0 || >=0.7.3"
}
},
"node_modules/undici": {
"version": "5.29.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
"integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
"license": "MIT",
"dependencies": {
"@fastify/busboy": "^2.0.0"
},
"engines": {
"node": ">=14.0"
}
}
},
"dependencies": {
@@ -62,11 +85,12 @@
}
},
"@actions/http-client": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz",
"integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==",
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-3.0.0.tgz",
"integrity": "sha512-1s3tXAfVMSz9a4ZEBkXXRQD4QhY3+GAsWSbaYpeknPOKEeyRiU3lH+bHiLMZdo2x/fIeQ/hscL1wCkDLVM2DZQ==",
"requires": {
"tunnel": "^0.0.6"
"tunnel": "^0.0.6",
"undici": "^5.28.5"
}
},
"@actions/io": {
@@ -74,6 +98,11 @@
"resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
"integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
},
"@fastify/busboy": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
"integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="
},
"@types/node": {
"version": "16.18.112",
"resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.112.tgz",
@@ -84,6 +113,14 @@
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
},
"undici": {
"version": "5.29.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
"integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
"requires": {
"@fastify/busboy": "^2.0.0"
}
}
}
}
+2 -2
View File
@@ -1,6 +1,6 @@
{
"name": "@actions/core",
"version": "1.11.1",
"version": "2.0.0",
"description": "Actions core lib",
"keywords": [
"github",
@@ -37,7 +37,7 @@
},
"dependencies": {
"@actions/exec": "^1.1.1",
"@actions/http-client": "^2.0.1"
"@actions/http-client": "^3.0.0"
},
"devDependencies": {
"@types/node": "^16.18.112"
+4
View File
@@ -1,5 +1,9 @@
# @actions/exec Releases
### 2.0.0
- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
- Bump @actions/io dependency from ^1.0.1 to ^2.0.0
### 1.1.1
- Update `lockfileVersion` to `v2` in `package-lock.json [#1024](https://github.com/actions/toolkit/pull/1024)
+21 -64
View File
@@ -11,6 +11,11 @@ import * as io from '@actions/io'
/* eslint-disable @typescript-eslint/unbound-method */
const IS_WINDOWS = process.platform === 'win32'
const SPAWN_WAIT_SCRIPT = path.join(
__dirname,
'scripts',
'spawn-wait-for-file.js'
)
let outstream: stream.Writable
let errstream: stream.Writable
@@ -365,35 +370,20 @@ describe('@actions/exec', () => {
fs.writeFileSync(semaphorePath, '')
const nodePath = await io.which('node', true)
const scriptPath = path.join(__dirname, 'scripts', 'wait-for-file.js')
const debugList: string[] = []
const _testExecOptions = getExecOptions()
_testExecOptions.delay = 500
_testExecOptions.windowsVerbatimArguments = true
_testExecOptions.listeners = {
debug: (data: string) => {
debugList.push(data)
}
}
let exitCode: number
if (IS_WINDOWS) {
const toolName: string = await io.which('cmd.exe', true)
const args = [
'/D', // Disable execution of AutoRun commands from registry.
'/E:ON', // Enable command extensions. Note, command extensions are enabled by default, unless disabled via registry.
'/V:OFF', // Disable delayed environment expansion. Note, delayed environment expansion is disabled by default, unless enabled via registry.
'/S', // Will cause first and last quote after /C to be stripped.
'/C',
`"start "" /B "${nodePath}" "${scriptPath}" "file=${semaphorePath}""`
]
exitCode = await exec.exec(`"${toolName}"`, args, _testExecOptions)
} else {
const toolName: string = await io.which('bash', true)
const args = ['-c', `node '${scriptPath}' 'file=${semaphorePath}' &`]
exitCode = await exec.exec(`"${toolName}"`, args, _testExecOptions)
}
const exitCode = await exec.exec(
`"${nodePath}"`,
[SPAWN_WAIT_SCRIPT, `file=${semaphorePath}`],
_testExecOptions
)
expect(exitCode).toBe(0)
expect(
@@ -411,36 +401,21 @@ describe('@actions/exec', () => {
fs.writeFileSync(semaphorePath, '')
const nodePath = await io.which('node', true)
const scriptPath = path.join(__dirname, 'scripts', 'wait-for-file.js')
const debugList: string[] = []
const _testExecOptions = getExecOptions()
_testExecOptions.delay = 500
_testExecOptions.windowsVerbatimArguments = true
_testExecOptions.listeners = {
debug: (data: string) => {
debugList.push(data)
}
}
let toolName: string
let args: string[]
if (IS_WINDOWS) {
toolName = await io.which('cmd.exe', true)
args = [
'/D', // Disable execution of AutoRun commands from registry.
'/E:ON', // Enable command extensions. Note, command extensions are enabled by default, unless disabled via registry.
'/V:OFF', // Disable delayed environment expansion. Note, delayed environment expansion is disabled by default, unless enabled via registry.
'/S', // Will cause first and last quote after /C to be stripped.
'/C',
`"start "" /B "${nodePath}" "${scriptPath}" "file=${semaphorePath}"" & exit /b 123`
]
} else {
toolName = await io.which('bash', true)
args = ['-c', `node '${scriptPath}' 'file=${semaphorePath}' & exit 123`]
}
await exec
.exec(`"${toolName}"`, args, _testExecOptions)
.exec(
`"${nodePath}"`,
[SPAWN_WAIT_SCRIPT, `file=${semaphorePath}`, 'exitCode=123'],
_testExecOptions
)
.then(() => {
throw new Error('Should not have succeeded')
})
@@ -465,40 +440,22 @@ describe('@actions/exec', () => {
fs.writeFileSync(semaphorePath, '')
const nodePath = await io.which('node', true)
const scriptPath = path.join(__dirname, 'scripts', 'wait-for-file.js')
const debugList: string[] = []
const _testExecOptions = getExecOptions()
_testExecOptions.delay = 500
_testExecOptions.failOnStdErr = true
_testExecOptions.windowsVerbatimArguments = true
_testExecOptions.listeners = {
debug: (data: string) => {
debugList.push(data)
}
}
let toolName: string
let args: string[]
if (IS_WINDOWS) {
toolName = await io.which('cmd.exe', true)
args = [
'/D', // Disable execution of AutoRun commands from registry.
'/E:ON', // Enable command extensions. Note, command extensions are enabled by default, unless disabled via registry.
'/V:OFF', // Disable delayed environment expansion. Note, delayed environment expansion is disabled by default, unless enabled via registry.
'/S', // Will cause first and last quote after /C to be stripped.
'/C',
`"start "" /B "${nodePath}" "${scriptPath}" "file=${semaphorePath}"" & echo hi 1>&2`
]
} else {
toolName = await io.which('bash', true)
args = [
'-c',
`node '${scriptPath}' 'file=${semaphorePath}' & echo hi 1>&2`
]
}
await exec
.exec(`"${toolName}"`, args, _testExecOptions)
.exec(
`"${nodePath}"`,
[SPAWN_WAIT_SCRIPT, `file=${semaphorePath}`, 'stderr=true'],
_testExecOptions
)
.then(() => {
throw new Error('Should not have succeeded')
})
@@ -515,7 +472,7 @@ describe('@actions/exec', () => {
).toBe(1)
fs.unlinkSync(semaphorePath)
})
}, 10000)
it('Exec roots relative tool path using unrooted options.cwd', async () => {
let exitCode: number
@@ -0,0 +1,44 @@
const childProcess = require('child_process')
const path = require('path')
// Parse args
const args = {}
for (const arg of process.argv.slice(2)) {
const idx = arg.indexOf('=')
if (idx !== -1) {
args[arg.slice(0, idx)] = arg.slice(idx + 1)
}
}
const filePath = args.file
if (!filePath) {
throw new Error('file is not specified')
}
// Spawn wait-for-file.js with inherited stdio
// This creates a grandchild process that holds the stdio handles open
// after this process (the child) exits
const waitScript = path.join(__dirname, 'wait-for-file.js')
const isWindows = process.platform === 'win32'
// On Windows, use detached:true to properly keep streams open
// On Unix, detached:true also works and creates a new process group
const child = childProcess.spawn(process.execPath, [waitScript, `file=${filePath}`], {
stdio: ['ignore', 'inherit', 'inherit'],
detached: true,
windowsHide: true
})
// Don't wait for child to exit
child.unref()
// Handle optional stderr output (must happen BEFORE we exit)
if (args.stderr === 'true') {
process.stderr.write('hi')
}
// Small delay to ensure child has started and inherited handles
setTimeout(() => {
const exitCode = args.exitCode ? parseInt(args.exitCode, 10) : 0
process.exit(exitCode)
}, 50)
+6 -6
View File
@@ -1,21 +1,21 @@
{
"name": "@actions/exec",
"version": "1.1.1",
"version": "2.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@actions/exec",
"version": "1.1.1",
"version": "2.0.0",
"license": "MIT",
"dependencies": {
"@actions/io": "^1.0.1"
"@actions/io": "^2.0.0"
}
},
"node_modules/@actions/io": {
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
"integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==",
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/@actions/io/-/io-2.0.0.tgz",
"integrity": "sha512-Jv33IN09XLO+0HS79aaODsvIRyduiF7NY/F6LYeK5oeUmrsz7aFdRphQjFoESF4jS7lMauDOttKALcpapVDIAg==",
"license": "MIT"
}
}
+2 -2
View File
@@ -1,6 +1,6 @@
{
"name": "@actions/exec",
"version": "1.1.1",
"version": "2.0.0",
"description": "Actions exec lib",
"keywords": [
"github",
@@ -36,6 +36,6 @@
"url": "https://github.com/actions/toolkit/issues"
},
"dependencies": {
"@actions/io": "^1.0.1"
"@actions/io": "^2.0.0"
}
}
@@ -4,6 +4,7 @@ import {hashFiles} from '../src/glob'
import {promises as fs} from 'fs'
const IS_WINDOWS = process.platform === 'win32'
const ORIGINAL_GITHUB_WORKSPACE = process.env['GITHUB_WORKSPACE']
/**
* These test focus on the ability of globber to find files
@@ -12,6 +13,16 @@ const IS_WINDOWS = process.platform === 'win32'
describe('globber', () => {
beforeAll(async () => {
await io.rmRF(getTestTemp())
process.env['GITHUB_WORKSPACE'] = __dirname
})
afterAll(async () => {
if (ORIGINAL_GITHUB_WORKSPACE) {
process.env['GITHUB_WORKSPACE'] = ORIGINAL_GITHUB_WORKSPACE
} else {
delete process.env['GITHUB_WORKSPACE']
}
await io.rmRF(getTestTemp())
})
it('basic hashfiles test', async () => {
+3
View File
@@ -1,5 +1,8 @@
## Releases
## 3.0.0
- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
## 2.2.3
- Fixed an issue where proxy username and password were not handled correctly [#1799](https://github.com/actions/toolkit/pull/1799)
+4
View File
@@ -1,5 +1,9 @@
# @actions/io Releases
### 2.0.0
- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
- Ensures consistent behavior for paths on Node 24 with Windows
### 1.1.3
- Replace `child_process.exec` with `fs.rm` in `rmRF` for all OS implementations [#1373](https://github.com/actions/toolkit/pull/1373)