diff --git a/.github/actions/install-dependencies/action.yml b/.github/actions/install-dependencies/action.yml index 362c93255..82fbe0afd 100644 --- a/.github/actions/install-dependencies/action.yml +++ b/.github/actions/install-dependencies/action.yml @@ -5,7 +5,7 @@ runs: steps: - uses: actions/setup-node@v4 with: - node-version: '20.x' + node-version: '24.x' cache: npm - run: npm ci diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml index 64ea87246..e8eb6d0d6 100644 --- a/.github/workflows/licensed.yml +++ b/.github/workflows/licensed.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 # prefer to use a full fetch for licensed workflows - - uses: ruby/setup-ruby@277ba2a127aba66d45bad0fa2dc56f80dbfedffa # v1.222.0 + - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1.229.0 with: ruby-version: ruby - uses: github/setup-licensed@v1 diff --git a/.licenses/npm/@types/node.dep.yml b/.licenses/npm/@types/node.dep.yml index d5ab59f38..86544f488 100644 --- a/.licenses/npm/@types/node.dep.yml +++ b/.licenses/npm/@types/node.dep.yml @@ -1,6 +1,6 @@ --- name: "@types/node" -version: 20.9.0 +version: 24.1.0 type: npm summary: TypeScript definitions for node homepage: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node diff --git a/.licenses/npm/undici-types.dep.yml b/.licenses/npm/undici-types.dep.yml index a65b8affc..370219bfa 100644 --- a/.licenses/npm/undici-types.dep.yml +++ b/.licenses/npm/undici-types.dep.yml @@ -1,15 +1,17 @@ --- name: undici-types -version: 5.26.5 +version: 7.8.0 type: npm summary: A stand-alone types package for Undici homepage: https://undici.nodejs.org license: mit licenses: -- sources: Auto-generated MIT license text +- sources: LICENSE text: | MIT License + Copyright (c) Matteo Collina and Undici contributors + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights diff --git a/README.md b/README.md index 98cf4486f..3dfe48d4e 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,26 @@ This action makes it easy to quickly write a script in your workflow that uses the GitHub API and the workflow run context. +### Note + +Thank you for your interest in this GitHub action, however, right now we are not taking contributions. + +We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features we’re working on and what stage they’re in. + +We are taking the following steps to better direct requests related to GitHub Actions, including: + +1. We will be directing questions and support requests to our [Community Discussions area](https://github.com/orgs/community/discussions/categories/actions) + +2. High Priority bugs can be reported through Community Discussions or you can report these to our support team https://support.github.com/contact/bug-report. + +3. Security Issues should be handled as per our [security.md](security.md) + +We will still provide security updates for this project and fix major breaking changes during this time. + +You are welcome to still raise bugs in this repo. + +### This action + To use this action, provide an input named `script` that contains the body of an asynchronous JavaScript function call. The following arguments will be provided: @@ -33,6 +53,14 @@ documentation. ## Breaking Changes +### V8 + +Version 8 of this action updated the runtime to Node 24 - https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions + +All scripts are now run with Node 24 instead of Node 20 and are affected by any breaking changes between Node 20 and 24. + +**This requires a minimum Actions Runner version of [v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1)** + ### V7 Version 7 of this action updated the runtime to Node 20 - https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions @@ -59,13 +87,38 @@ For example, `github.issues.createComment` in V4 becomes `github.rest.issues.cre See [development.md](/docs/development.md). +## Passing inputs to the script + +Actions expressions are evaluated before the `script` is passed to the action, so the result of any expressions +*will be evaluated as JavaScript code*. + +It's highly recommended to *not* evaluate expressions directly in the `script` to avoid +[script injections](https://docs.github.com/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections) +and potential `SyntaxError`s when the expression is not valid JavaScript code (particularly when it comes to improperly escaped strings). + +To pass inputs, set `env` vars on the action step and reference them in your script with `process.env`: + +```yaml +- uses: actions/github-script@v8 + env: + TITLE: ${{ github.event.pull_request.title }} + with: + script: | + const title = process.env.TITLE; + if (title.startsWith('octocat')) { + console.log("PR title starts with 'octocat'"); + } else { + console.error("PR title did not start with 'octocat'"); + } +``` + ## Reading step results The return value of the script will be in the step's outputs under the "result" key. ```yaml -- uses: actions/github-script@v7 +- uses: actions/github-script@v8 id: set-result with: script: return "Hello!" @@ -84,7 +137,7 @@ output of a github-script step. For some workflows, string encoding is preferred `result-encoding` input: ```yaml -- uses: actions/github-script@v7 +- uses: actions/github-script@v8 id: my-script with: result-encoding: string @@ -96,7 +149,7 @@ output of a github-script step. For some workflows, string encoding is preferred By default, requests made with the `github` instance will not be retried. You can configure this with the `retries` option: ```yaml -- uses: actions/github-script@v7 +- uses: actions/github-script@v8 id: my-script with: result-encoding: string @@ -114,7 +167,7 @@ In this example, request failures from `github.rest.issues.get()` will be retrie You can also configure which status codes should be exempt from retries via the `retry-exempt-status-codes` option: ```yaml -- uses: actions/github-script@v7 +- uses: actions/github-script@v8 id: my-script with: result-encoding: string @@ -143,7 +196,7 @@ By default, github-script will use the token provided to your workflow. ```yaml - name: View context attributes - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: console.log(context) ``` @@ -159,7 +212,7 @@ jobs: comment: runs-on: ubuntu-latest steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: script: | github.rest.issues.createComment({ @@ -181,7 +234,7 @@ jobs: apply-label: runs-on: ubuntu-latest steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: script: | github.rest.issues.addLabels({ @@ -203,7 +256,7 @@ jobs: welcome: runs-on: ubuntu-latest steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: script: | // Get a list of all issues created by the PR opener @@ -248,7 +301,7 @@ jobs: diff: runs-on: ubuntu-latest steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: script: | const diff_url = context.payload.pull_request.diff_url @@ -272,7 +325,7 @@ jobs: list-issues: runs-on: ubuntu-latest steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: script: | const query = `query($owner:String!, $name:String!, $label:String!) { @@ -306,7 +359,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: script: | const script = require('./path/to/script.js') @@ -344,7 +397,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 env: SHA: '${{env.parentSHA}}' with: @@ -388,7 +441,7 @@ jobs: - run: npm ci # or one-off: - run: npm install execa - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: script: | const execa = require('execa') @@ -418,7 +471,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: script: | const { default: printStuff } = await import('${{ github.workspace }}/src/print-stuff.js') @@ -444,27 +497,6 @@ export default async ({ core, context }) => { }; ``` -### Use env as input - -You can set env vars to use them in your script: - -```yaml -on: push - -jobs: - echo-input: - runs-on: ubuntu-latest - steps: - - uses: actions/github-script@v7 - env: - FIRST_NAME: Mona - LAST_NAME: Octocat - with: - script: | - const { FIRST_NAME, LAST_NAME } = process.env - - console.log(`Hello ${FIRST_NAME} ${LAST_NAME}`) -``` ### Using a separate GitHub token @@ -483,7 +515,7 @@ jobs: apply-label: runs-on: ubuntu-latest steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: github-token: ${{ secrets.MY_PAT }} script: | @@ -507,7 +539,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: script: | const exitCode = await exec.exec('echo', ['hello']) @@ -525,7 +557,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/github-script@v7 + - uses: actions/github-script@v8 with: script: | const { diff --git a/action.yml b/action.yml index 12a726afc..664020876 100644 --- a/action.yml +++ b/action.yml @@ -36,5 +36,5 @@ outputs: result: description: The return value of the script, stringified with `JSON.stringify` runs: - using: node20 + using: node24 main: dist/index.js diff --git a/package-lock.json b/package-lock.json index a5c09ded2..93edb739d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "@octokit/core": "^5.0.1", "@octokit/plugin-request-log": "^4.0.0", "@octokit/plugin-retry": "^6.0.1", - "@types/node": "^20.9.0" + "@types/node": "^24.1.0" }, "devDependencies": { "@types/jest": "^29.5.5", @@ -35,7 +35,7 @@ "typescript": "^5.2.2" }, "engines": { - "node": ">=20.0.0 <21.0.0" + "node": ">=24" } }, "node_modules/@aashutoshrathi/word-wrap": { @@ -1672,11 +1672,12 @@ "dev": true }, "node_modules/@types/node": { - "version": "20.9.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.9.0.tgz", - "integrity": "sha512-nekiGu2NDb1BcVofVcEKMIwzlx4NjHlcjhoxxKBNLtz15Y1z7MYf549DFvkHSId02Ax6kGwWntIBPC3l/JZcmw==", + "version": "24.1.0", + "resolved": "https://registry.npmjs.org/@types/node/-/node-24.1.0.tgz", + "integrity": "sha512-ut5FthK5moxFKH2T1CUOC6ctR67rQRvvHdFLCD2Ql6KXmMuCrjsSsRI9UsLCm9M18BMwClv4pn327UvB7eeO1w==", + "license": "MIT", "dependencies": { - "undici-types": "~5.26.4" + "undici-types": "~7.8.0" } }, "node_modules/@types/semver": { @@ -7113,9 +7114,10 @@ } }, "node_modules/undici-types": { - "version": "5.26.5", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", - "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==" + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.8.0.tgz", + "integrity": "sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw==", + "license": "MIT" }, "node_modules/universal-user-agent": { "version": "6.0.0", @@ -8652,11 +8654,11 @@ "dev": true }, "@types/node": { - "version": "20.9.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.9.0.tgz", - "integrity": "sha512-nekiGu2NDb1BcVofVcEKMIwzlx4NjHlcjhoxxKBNLtz15Y1z7MYf549DFvkHSId02Ax6kGwWntIBPC3l/JZcmw==", + "version": "24.1.0", + "resolved": "https://registry.npmjs.org/@types/node/-/node-24.1.0.tgz", + "integrity": "sha512-ut5FthK5moxFKH2T1CUOC6ctR67rQRvvHdFLCD2Ql6KXmMuCrjsSsRI9UsLCm9M18BMwClv4pn327UvB7eeO1w==", "requires": { - "undici-types": "~5.26.4" + "undici-types": "~7.8.0" } }, "@types/semver": { @@ -12542,9 +12544,9 @@ } }, "undici-types": { - "version": "5.26.5", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", - "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==" + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.8.0.tgz", + "integrity": "sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw==" }, "universal-user-agent": { "version": "6.0.0", diff --git a/package.json b/package.json index 288efac52..287c392ee 100644 --- a/package.json +++ b/package.json @@ -1,15 +1,14 @@ { "name": "@actions/github-script", "description": "A GitHub action for executing a simple script", + "engines": { + "node": ">=24" + }, "version": "7.0.1", "author": "GitHub", "license": "MIT", "main": "dist/index.js", "types": "types/async-function.d.ts", - "private": true, - "engines": { - "node": ">=20.0.0 <21.0.0" - }, "scripts": { "build": "npm run build:types && ncc build src/main.ts", "build:types": "tsc src/async-function.ts -t es5 --declaration --allowJs --emitDeclarationOnly --outDir types", @@ -47,7 +46,7 @@ "@octokit/core": "^5.0.1", "@octokit/plugin-request-log": "^4.0.0", "@octokit/plugin-retry": "^6.0.1", - "@types/node": "^20.9.0" + "@types/node": "^24.1.0" }, "devDependencies": { "@types/jest": "^29.5.5",