Merge pull request #283 from desrosj/update/plugin-rest-endpoint-methods

Update `@octokit/plugin-rest-endpoint-methods` to version 6.x

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '32 12 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/licensed.yml

@@ -14,11 +14,11 @@ jobs:
     name: Check licenses
     steps:
       - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0 # prefer to use a full fetch for licensed workflows
+      # https://github.com/jonabc/setup-licensed/releases/tag/v1.1.1
+      - uses: jonabc/setup-licensed@82c5f4d19e8968efa74a25b132922382c2671fe2
+        with:
+          version: '3.x'
       - run: npm ci
-      - name: Install licensed
-        run: |
-          cd $RUNNER_TEMP
-          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/2.12.2/licensed-2.12.2-linux-x64.tar.gz
-          sudo tar -xzf licensed.tar.gz
-          sudo mv licensed /usr/local/bin/licensed
       - run: licensed status

.github/workflows/pull-request-test.yml

@@ -14,7 +14,7 @@ jobs:
         with:
           script: |
             // Get the existing comments.
-            const {data: comments} = await github.issues.listComments({
+            const {data: comments} = await github.rest.issues.listComments({
               owner: context.repo.owner,
               repo: context.repo.repo,
               issue_number: context.payload.number,
@@ -28,14 +28,14 @@ jobs:
               console.log('Not attempting to write comment on PR from fork');
             } else {
               if (botComment) {
-                await github.issues.updateComment({
+                await github.rest.issues.updateComment({
                   owner: context.repo.owner,
                   repo: context.repo.repo,
                   comment_id: botComment.id,
                   body: commentBody
                 })
               } else {
-                await github.issues.createComment({
+                await github.rest.issues.createComment({
                   owner: context.repo.owner,
                   repo: context.repo.repo,
                   issue_number: context.payload.number,

.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+npm run pre-commit && git add dist/

.licenses/npm/@actions/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/core"
-version: 1.5.0
+version: 1.9.1
 type: npm
 summary: Actions core lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/core

.licenses/npm/@actions/github.dep.yml

@@ -1,30 +1,20 @@
 ---
 name: "@actions/github"
-version: 4.0.0
+version: 5.0.0
 type: npm
 summary: Actions github lib
-homepage: https://github.com/actions/toolkit/tree/master/packages/github
+homepage: https://github.com/actions/toolkit/tree/main/packages/github
 license: mit
 licenses:
-- sources: Auto-generated MIT license text
-  text: |
-    MIT License
+- sources: LICENSE.md
+  text: |-
+    The MIT License (MIT)
 
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
+    Copyright 2019 GitHub
 
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE.
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 notices: []

.licenses/npm/@actions/glob.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/glob"
-version: 0.1.2
+version: 0.2.0
 type: npm
 summary: Actions glob lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/glob

.licenses/npm/@actions/http-client-1.0.11.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/http-client"
-version: 1.0.8
+version: 1.0.11
 type: npm
 summary: Actions Http Client
 homepage: https://github.com/actions/http-client#readme

.licenses/npm/@actions/http-client-2.0.1.dep.yml

@@ -0,0 +1,32 @@
+---
+name: "@actions/http-client"
+version: 2.0.1
+type: npm
+summary: Actions Http Client
+homepage: https://github.com/actions/toolkit/tree/main/packages/http-client
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    Actions Http Client for Node.js
+
+    Copyright (c) GitHub, Inc.
+
+    All rights reserved.
+
+    MIT License
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+    associated documentation files (the "Software"), to deal in the Software without restriction,
+    including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+    and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
+    subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+    LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+    NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+    WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+    SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

.licenses/npm/@octokit/auth-token.dep.yml

@@ -3,7 +3,7 @@ name: "@octokit/auth-token"
 version: 2.5.0
 type: npm
 summary: GitHub API token authentication for browsers and Node.js
-homepage: 
+homepage: https://github.com/octokit/auth-token.js#readme
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/endpoint.dep.yml

@@ -3,7 +3,7 @@ name: "@octokit/endpoint"
 version: 6.0.12
 type: npm
 summary: Turns REST API endpoints into generic request options
-homepage: 
+homepage: https://github.com/octokit/endpoint.js#readme
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/graphql.dep.yml

@@ -3,7 +3,7 @@ name: "@octokit/graphql"
 version: 4.8.0
 type: npm
 summary: GitHub GraphQL API client for browsers and Node
-homepage: 
+homepage: https://github.com/octokit/graphql.js#readme
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/openapi-types-12.11.0.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@octokit/openapi-types"
+version: 12.11.0
+type: npm
+summary: Generated TypeScript definitions based on GitHub's OpenAPI spec for api.github.com
+homepage: 
+license: mit
+licenses:
+- sources: LICENSE
+  text: |-
+    Copyright 2020 Gregor Martynus
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+- sources: README.md
+  text: "[MIT](LICENSE)"
+notices: []

.licenses/npm/@octokit/openapi-types-13.2.0.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/openapi-types"
-version: 10.4.0
+version: 13.2.0
 type: npm
 summary: Generated TypeScript definitions based on GitHub's OpenAPI spec for api.github.com
 homepage: 

.licenses/npm/@octokit/plugin-paginate-rest.dep.yml

@@ -1,8 +1,8 @@
 ---
 name: "@octokit/plugin-paginate-rest"
-version: 2.16.4
+version: 2.17.0
 type: npm
-summary: Octokit plugin to paginate REST API endpoint responses
+summary: 
 homepage: 
 license: mit
 licenses:

.licenses/npm/@octokit/plugin-rest-endpoint-methods-5.16.2.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@octokit/plugin-rest-endpoint-methods"
-version: 4.2.1
+version: 5.16.2
 type: npm
 summary: Octokit plugin adding one method for all of api.github.com REST API endpoints
-homepage: https://github.com/octokit/plugin-rest-endpoint-methods.js#readme
+homepage: 
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/plugin-rest-endpoint-methods-6.3.0.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@octokit/plugin-rest-endpoint-methods"
+version: 6.3.0
+type: npm
+summary: Octokit plugin adding one method for all of api.github.com REST API endpoints
+homepage: 
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License Copyright (c) 2019 Octokit contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+- sources: README.md
+  text: "[MIT](LICENSE)"
+notices: []

.licenses/npm/@octokit/request-error.dep.yml

@@ -3,7 +3,7 @@ name: "@octokit/request-error"
 version: 2.1.0
 type: npm
 summary: Error class for Octokit request errors
-homepage: 
+homepage: https://github.com/octokit/request-error.js#readme
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/request.dep.yml

@@ -4,7 +4,7 @@ version: 5.6.1
 type: npm
 summary: "Send parameterized requests to GitHubâ\x80\x99s APIs with sensible defaults
   in browsers and Node"
-homepage: 
+homepage: https://github.com/octokit/request.js#readme
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/types-6.41.0.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/types"
-version: 6.30.0
+version: 6.41.0
 type: npm
 summary: Shared TypeScript definitions for Octokit projects
 homepage: 

.licenses/npm/@octokit/types-7.1.0.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@octokit/types"
-version: 5.5.0
+version: 7.1.0
 type: npm
 summary: Shared TypeScript definitions for Octokit projects
-homepage: https://github.com/octokit/types.ts#readme
+homepage: 
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@types/node.dep.yml

@@ -1,32 +0,0 @@
----
-name: "@types/node"
-version: 14.6.0
-type: npm
-summary: TypeScript definitions for Node.js
-homepage: https://github.com/DefinitelyTyped/DefinitelyTyped#readme
-license: mit
-licenses:
-- sources: LICENSE
-  text: |2
-        MIT License
-
-        Copyright (c) Microsoft Corporation.
-
-        Permission is hereby granted, free of charge, to any person obtaining a copy
-        of this software and associated documentation files (the "Software"), to deal
-        in the Software without restriction, including without limitation the rights
-        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-        copies of the Software, and to permit persons to whom the Software is
-        furnished to do so, subject to the following conditions:
-
-        The above copyright notice and this permission notice shall be included in all
-        copies or substantial portions of the Software.
-
-        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-        SOFTWARE
-notices: []

.licenses/npm/before-after-hook.dep.yml

@@ -3,7 +3,7 @@ name: before-after-hook
 version: 2.2.2
 type: npm
 summary: asynchronous before/error/after hooks for internal functionality
-homepage: 
+homepage: https://github.com/gr2m/before-after-hook#readme
 license: apache-2.0
 licenses:
 - sources: LICENSE

.licenses/npm/node-fetch.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: node-fetch
-version: 2.6.5
+version: 2.6.7
 type: npm
 summary: A light-weight module that brings window.fetch to node.js
 homepage: https://github.com/bitinn/node-fetch

.licenses/npm/universal-user-agent.dep.yml

@@ -4,7 +4,7 @@ version: 6.0.0
 type: npm
 summary: Get a user agent string in both browser and node
 homepage: https://github.com/gr2m/universal-user-agent#readme
-license: other
+license: isc
 licenses:
 - sources: LICENSE.md
   text: |

.licenses/npm/uuid.dep.yml

@@ -0,0 +1,20 @@
+---
+name: uuid
+version: 8.3.2
+type: npm
+summary: RFC4122 (v1, v4, and v5) UUIDs
+homepage: 
+license: mit
+licenses:
+- sources: LICENSE.md
+  text: |
+    The MIT License (MIT)
+
+    Copyright (c) 2010-2020 Robert Kieffer and other contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

.licenses/npm/webidl-conversions.dep.yml

@@ -3,7 +3,7 @@ name: webidl-conversions
 version: 3.0.1
 type: npm
 summary: Implements the WebIDL algorithms for converting to and from JavaScript values
-homepage: 
+homepage: https://github.com/jsdom/webidl-conversions#readme
 license: bsd-2-clause
 licenses:
 - sources: LICENSE.md

.licenses/npm/whatwg-url.dep.yml

@@ -3,7 +3,7 @@ name: whatwg-url
 version: 5.0.0
 type: npm
 summary: An implementation of the WHATWG URL Standard's URL API and parsing machinery
-homepage: 
+homepage: https://github.com/jsdom/whatwg-url#readme
 license: mit
 licenses:
 - sources: LICENSE.txt

README.md

@@ -7,9 +7,8 @@
 This action makes it easy to quickly write a script in your workflow that
 uses the GitHub API and the workflow run context.
 
-In order to use this action, a `script` input is provided. The value of that
-input should be the body of an asynchronous function call. The following
-arguments will be provided:
+To use this action, provide an input named `script` that contains the body of an asynchronous function call. 
+The following arguments will be provided:
 
 - `github` A pre-authenticated
   [octokit/rest.js](https://octokit.github.io/rest.js) client with pagination plugins
@@ -27,13 +26,26 @@ arguments will be provided:
   our wrapping applied.
 
 Since the `script` is just a function body, these values will already be
-defined, so you don't have to (see examples below).
+defined, so you don't have to import them (see examples below).
 
 See [octokit/rest.js](https://octokit.github.io/rest.js/) for the API client
 documentation.
 
-**Note** This action is still a bit of an experiment—the API may change in
-future versions. 🙂
+## Breaking Changes
+
+### Breaking changes in V6
+
+Version 6 of this action updated the runtime to Node 16 - https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-using-nodejs-v16
+
+All scripts are now run with Node 16 instead of Node 12 and are affected by any breaking changes between Node 12 and 16.
+
+### Breaking changes in V5
+
+Version 5 of this action includes the version 5 of `@actions/github` and `@octokit/plugin-rest-endpoint-methods`. As part of this update, the Octokit context available via `github` no longer has REST methods directly. These methods are available via `github.rest.*` - https://github.com/octokit/plugin-rest-endpoint-methods.js/releases/tag/v5.0.0
+
+For example, `github.issues.createComment` in V4 becomes `github.rest.issues.createComment` in V5
+
+`github.request`, `github.paginate`, and `github.graphql` are unchanged.
 
 ## Development
 
@@ -45,7 +57,7 @@ The return value of the script will be in the step's outputs under the
 "result" key.
 
 ```yaml
-- uses: actions/github-script@v4
+- uses: actions/github-script@v6
   id: set-result
   with:
     script: return "Hello!"
@@ -64,7 +76,7 @@ output of a github-script step. For some workflows, string encoding is preferred
 `result-encoding` input:
 
 ```yaml
-- uses: actions/github-script@v4
+- uses: actions/github-script@v6
   id: my-script
   with:
     result-encoding: string
@@ -82,7 +94,7 @@ By default, github-script will use the token provided to your workflow.
 
 ```yaml
 - name: View context attributes
-  uses: actions/github-script@v4
+  uses: actions/github-script@v6
   with:
     script: console.log(context)
 ```
@@ -98,10 +110,10 @@ jobs:
   comment:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v4
+      - uses: actions/github-script@v6
         with:
           script: |
-            github.issues.createComment({
+            github.rest.issues.createComment({
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
@@ -120,10 +132,10 @@ jobs:
   apply-label:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v4
+      - uses: actions/github-script@v6
         with:
           script: |
-            github.issues.addLabels({
+            github.rest.issues.addLabels({
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
@@ -133,20 +145,22 @@ jobs:
 
 ### Welcome a first-time contributor
 
+You can format text in comments using the same [Markdown syntax](https://docs.github.com/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax) as the GitHub web interface:
+
 ```yaml
-on: pull_request
+on: pull_request_target
 
 jobs:
   welcome:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v4
+      - uses: actions/github-script@v6
         with:
           script: |
             // Get a list of all issues created by the PR opener
             // See: https://octokit.github.io/rest.js/#pagination
             const creator = context.payload.sender.login
-            const opts = github.issues.listForRepo.endpoint.merge({
+            const opts = github.rest.issues.listForRepo.endpoint.merge({
               ...context.issue,
               creator,
               state: 'all'
@@ -163,11 +177,13 @@ jobs:
               }
             }
 
-            await github.issues.createComment({
+            await github.rest.issues.createComment({
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
-              body: 'Welcome, new contributor!'
+              body: `**Welcome**, new contributor!
+
+                Please make sure you're read our [contributing guide](CONTRIBUTING.md) and we look forward to reviewing your Pull request shortly ✨`
             })
 ```
 
@@ -183,7 +199,7 @@ jobs:
   diff:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v4
+      - uses: actions/github-script@v6
         with:
           script: |
             const diff_url = context.payload.pull_request.diff_url
@@ -207,7 +223,7 @@ jobs:
   list-issues:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v4
+      - uses: actions/github-script@v6
         with:
           script: |
             const query = `query($owner:String!, $name:String!, $label:String!) {
@@ -241,7 +257,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/github-script@v4
+      - uses: actions/github-script@v6
         with:
           script: |
             const script = require('./path/to/script.js')
@@ -279,7 +295,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/github-script@v4
+      - uses: actions/github-script@v6
         env:
           SHA: '${{env.parentSHA}}'
         with:
@@ -293,7 +309,7 @@ And then export an async function from your module:
 ```javascript
 module.exports = async ({github, context, core}) => {
   const {SHA} = process.env
-  const commit = await github.repos.getCommit({
+  const commit = await github.rest.repos.getCommit({
     owner: context.repo.owner,
     repo: context.repo.repo,
     ref: `${SHA}`
@@ -323,7 +339,7 @@ jobs:
       - run: npm ci
       # or one-off:
       - run: npm install execa
-      - uses: actions/github-script@v4
+      - uses: actions/github-script@v6
         with:
           script: |
             const execa = require('execa')
@@ -333,6 +349,31 @@ jobs:
             console.log(stdout)
 ```
 
+### Use ESM `import`
+
+To import an ESM file, you'll need to reference your script by an absolute path and ensure you have a `package.json` file with `"type": "module"` specified.
+
+For a script in your repository `src/print-stuff.js`:
+```js
+export default function printStuff() { console.log('stuff') }
+```
+
+```yaml
+on: push
+
+jobs:
+  print-stuff:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/github-script@v6
+        with:
+          script: |
+            const { default: printStuff } = await import('${{ github.workspace }}/src/print-stuff.js')
+
+            await printStuff()
+```
+
 ### Use env as input
 
 You can set env vars to use them in your script:
@@ -344,7 +385,7 @@ jobs:
   echo-input:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v4
+      - uses: actions/github-script@v6
         env:
           FIRST_NAME: Mona
           LAST_NAME: Octocat
@@ -372,11 +413,11 @@ jobs:
   apply-label:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v4
+      - uses: actions/github-script@v6
         with:
           github-token: ${{ secrets.MY_PAT }}
           script: |
-            github.issues.addLabels({
+            github.rest.issues.addLabels({
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,

action.yml

@@ -27,5 +27,5 @@ outputs:
   result:
     description: The return value of the script, stringified with `JSON.stringify`
 runs:
-  using: node12
+  using: node16
   main: dist/index.js

docs/development.md

@@ -25,4 +25,4 @@ Releases are done manually, for now:
 1. Ensure that the build is up to date with `npm run build`. It's also good to ensure you have the correct dependencies installed by running `npm install` before you build.
 1. Bump the [package.json](/package.json#L3) and [package-lock.json](/package-lock.json#L3) version numbers and commit them. I like to do this with `npm version {major,minor,patch} --no-git-tag-version`. This will bump the version numbers but let you manually commit and tag, yourself.
 1. Update documentation (including updated version numbers).
-1. Tag main with the new version number and create a GitHub release. Make sure you also force-create and force-push tags for minor and patch updates. For example, when creating v5.1.0 (a minor bump), you want to create (or update) `v5`, `v5.1`, and `v5.1.0`.
+1. Tag main with the new version number and create a GitHub release. Make sure you also force-create and force-push tags for minor and patch updates. For example, when creating v5.2.0 (a minor bump), you want to create (or update) `v5`, `v5.2`, and `v5.2.0`.

package.json

@@ -1,7 +1,7 @@
 {
   "name": "github-script",
   "description": "A GitHub action for executing a simple script",
-  "version": "4.2.0",
+  "version": "6.2.0",
   "author": "GitHub",
   "license": "MIT",
   "main": "dist/index.js",
@@ -14,12 +14,8 @@
     "style:check": "run-p --continue-on-error --aggregate-output format:check lint",
     "style:write": "run-p --continue-on-error --aggregate-output format:write lint",
     "pre-commit": "run-s style:write test build",
-    "test": "jest"
-  },
-  "husky": {
-    "hooks": {
-      "pre-commit": "npm run pre-commit && git add dist/"
-    }
+    "test": "jest",
+    "prepare": "husky install"
   },
   "jest": {
     "preset": "ts-jest",
@@ -35,27 +31,27 @@
     }
   },
   "dependencies": {
-    "@actions/core": "^1.10.0",
+    "@actions/core": "^1.9.1",
     "@actions/exec": "^1.1.0",
-    "@actions/github": "^4.0.0",
-    "@actions/glob": "^0.1.2",
+    "@actions/github": "^5.0.0",
+    "@actions/glob": "^0.2.0",
     "@actions/io": "^1.1.1",
     "@octokit/core": "^3.5.1",
-    "@octokit/plugin-paginate-rest": "^2.16.4",
-    "@octokit/plugin-rest-endpoint-methods": "^4.2.1"
+    "@octokit/plugin-paginate-rest": "^2.17.0",
+    "@octokit/plugin-rest-endpoint-methods": "^6.3.0"
   },
   "devDependencies": {
-    "@types/jest": "^26.0.24",
+    "@types/jest": "^27.0.2",
     "@typescript-eslint/eslint-plugin": "^3.10.1",
     "@typescript-eslint/parser": "^3.10.1",
     "@vercel/ncc": "^0.23.0",
     "eslint": "^7.32.0",
     "eslint-config-prettier": "^6.15.0",
-    "husky": "^4.2.5",
-    "jest": "^26.6.3",
+    "husky": "^7.0.0",
+    "jest": "^27.2.5",
     "npm-run-all": "^4.1.5",
     "prettier": "^2.0.5",
-    "ts-jest": "^26.5.6",
+    "ts-jest": "^27.0.5",
     "typescript": "^4.3.5"
   }
 }