Merge pull request #137 from actions/joshgross/update-actions-core

Update @actions/core to 1.2.7

.github/workflows/integration.yml

@@ -2,13 +2,15 @@ name: Integration
 
 on:
   push: {branches: main}
+  pull_request: {branches: main}
 
 jobs:
-  integration:
+  test-return:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v2
       - id: output-set
-        uses: actions/github-script@main
+        uses: ./
         with:
           script: return core.getInput('input-value')
           result-encoding: string
@@ -17,3 +19,39 @@ jobs:
           if [[ "${{steps.output-set.outputs.result}}" != "output" ]]; then
             exit 1
           fi
+
+  test-relative-require:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - id: output-set
+        uses: ./
+        with:
+          script: return require('./package.json').name
+          result-encoding: string
+          input-value: output
+      - run: |
+          if [[ "${{steps.output-set.outputs.result}}" != "github-script" ]]; then
+            exit 1
+          fi
+
+  test-npm-require:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/cache@v1
+        with:
+          path: ~/.npm
+          key: ${{runner.os}}-npm-${{hashFiles('**/package-lock.json')}}
+          restore-keys: ${{runner.os}}-npm-
+      - run: npm ci
+      - id: output-set
+        uses: ./
+        with:
+          script: return require('@actions/core/package.json').name
+          result-encoding: string
+          input-value: output
+      - run: |
+          if [[ "${{steps.output-set.outputs.result}}" != "@actions/core" ]]; then
+            exit 1
+          fi

.github/workflows/pull-request-test.yml

@@ -1,3 +1,5 @@
+name: Pull Request Test
+
 on:
   pull_request:
     branches: main
@@ -18,22 +20,26 @@ jobs:
               issue_number: context.payload.number,
             })
 
-            // Find any comment already made by the bot.
-            const botComment = comments.find(comment => comment.user.id === 41898282)
-            const commentBody = "Hello from actions/github-script! (${{ github.sha }})"
+            // Find any comment already made by the bot.                                                                                                    
+            const botComment = comments.find(comment => comment.user.id === 41898282)                                                                       
+            const commentBody = "Hello from actions/github-script! (${{ github.sha }})"                  
 
-            if (botComment) {
-              await github.issues.updateComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                comment_id: botComment.id,
-                body: commentBody
-              })
+            if (context.payload.pull_request.head.repo.full_name !== 'actions/github-script') {
+              console.log('Not attempting to write comment on PR from fork');
             } else {
-              await github.issues.createComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: context.payload.number,
-                body: commentBody
-              })
+              if (botComment) {
+                await github.issues.updateComment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  comment_id: botComment.id,
+                  body: commentBody
+                })
+              } else {
+                await github.issues.createComment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: context.payload.number,
+                  body: commentBody
+                })
+              }
             }

.licenses/npm/@actions/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/core"
-version: 1.2.6
+version: 1.2.7
 type: npm
 summary: Actions core lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/core

.licenses/npm/@actions/glob.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@actions/glob"
+version: 0.1.1
+type: npm
+summary: Actions glob lib
+homepage: https://github.com/actions/toolkit/tree/main/packages/glob
+license: mit
+licenses:
+- sources: LICENSE.md
+  text: |-
+    The MIT License (MIT)
+
+    Copyright 2019 GitHub
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

.licenses/npm/@octokit/auth-token.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/auth-token"
-version: 2.4.2
+version: 2.4.3
 type: npm
 summary: GitHub API token authentication for browsers and Node.js
 homepage: https://github.com/octokit/auth-token.js#readme

.licenses/npm/@octokit/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/core"
-version: 3.1.2
+version: 3.2.1
 type: npm
 summary: Extendable client for GitHub's REST & GraphQL APIs
 homepage: https://github.com/octokit/core.js#readme

.licenses/npm/@octokit/endpoint.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/endpoint"
-version: 6.0.5
+version: 6.0.9
 type: npm
 summary: Turns REST API endpoints into generic request options
 homepage: https://github.com/octokit/endpoint.js#readme

.licenses/npm/@octokit/graphql.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/graphql"
-version: 4.5.4
+version: 4.5.7
 type: npm
 summary: GitHub GraphQL API client for browsers and Node
 homepage: https://github.com/octokit/graphql.js#readme

.licenses/npm/@octokit/plugin-paginate-rest.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/plugin-paginate-rest"
-version: 2.3.0
+version: 2.6.0
 type: npm
 summary: Octokit plugin to paginate REST API endpoint responses
 homepage: https://github.com/octokit/plugin-paginate-rest.js#readme

.licenses/npm/@octokit/plugin-rest-endpoint-methods.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/plugin-rest-endpoint-methods"
-version: 4.1.2
+version: 4.2.1
 type: npm
 summary: Octokit plugin adding one method for all of api.github.com REST API endpoints
 homepage: https://github.com/octokit/plugin-rest-endpoint-methods.js#readme

.licenses/npm/@octokit/request-error.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/request-error"
-version: 2.0.2
+version: 2.0.3
 type: npm
 summary: Error class for Octokit request errors
 homepage: https://github.com/octokit/request-error.js#readme

.licenses/npm/@octokit/request.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/request"
-version: 5.4.7
+version: 5.4.10
 type: npm
 summary: Send parameterized requests to GitHub’s APIs with sensible defaults in browsers
   and Node

.licenses/npm/@octokit/types.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/types"
-version: 5.4.1
+version: 5.5.0
 type: npm
 summary: Shared TypeScript definitions for Octokit projects
 homepage: https://github.com/octokit/types.ts#readme

.licenses/npm/balanced-match.dep.yml

@@ -0,0 +1,55 @@
+---
+name: balanced-match
+version: 1.0.0
+type: npm
+summary: Match balanced character pairs, like "{" and "}"
+homepage: https://github.com/juliangruber/balanced-match
+license: mit
+licenses:
+- sources: LICENSE.md
+  text: |
+    (MIT)
+
+    Copyright (c) 2013 Julian Gruber <julian@juliangruber.com>
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of
+    this software and associated documentation files (the "Software"), to deal in
+    the Software without restriction, including without limitation the rights to
+    use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+    of the Software, and to permit persons to whom the Software is furnished to do
+    so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+- sources: README.md
+  text: |-
+    (MIT)
+
+    Copyright (c) 2013 Julian Gruber <julian@juliangruber.com>
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of
+    this software and associated documentation files (the "Software"), to deal in
+    the Software without restriction, including without limitation the rights to
+    use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+    of the Software, and to permit persons to whom the Software is furnished to do
+    so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/brace-expansion.dep.yml

@@ -0,0 +1,55 @@
+---
+name: brace-expansion
+version: 1.1.11
+type: npm
+summary: Brace expansion as known from sh/bash
+homepage: https://github.com/juliangruber/brace-expansion
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2013 Julian Gruber <julian@juliangruber.com>
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+- sources: README.md
+  text: |-
+    (MIT)
+
+    Copyright (c) 2013 Julian Gruber &lt;julian@juliangruber.com&gt;
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of
+    this software and associated documentation files (the "Software"), to deal in
+    the Software without restriction, including without limitation the rights to
+    use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+    of the Software, and to permit persons to whom the Software is furnished to do
+    so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/concat-map.dep.yml

@@ -0,0 +1,31 @@
+---
+name: concat-map
+version: 0.0.1
+type: npm
+summary: concatenative mapdashery
+homepage: https://github.com/substack/node-concat-map#readme
+license: other
+licenses:
+- sources: LICENSE
+  text: |
+    This software is released under the MIT license:
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of
+    this software and associated documentation files (the "Software"), to deal in
+    the Software without restriction, including without limitation the rights to
+    use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+    the Software, and to permit persons to whom the Software is furnished to do so,
+    subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+    FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+    COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+    IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+    CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+- sources: README.markdown
+  text: MIT
+notices: []

.licenses/npm/is-plain-object.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: is-plain-object
-version: 4.1.1
+version: 5.0.0
 type: npm
 summary: Returns true if an object was created by the `Object` constructor, or Object.create(null).
 homepage: https://github.com/jonschlinkert/is-plain-object

.licenses/npm/minimatch.dep.yml

@@ -0,0 +1,26 @@
+---
+name: minimatch
+version: 3.0.4
+type: npm
+summary: a glob matcher in javascript
+homepage: https://github.com/isaacs/minimatch#readme
+license: isc
+licenses:
+- sources: LICENSE
+  text: |
+    The ISC License
+
+    Copyright (c) Isaac Z. Schlueter and Contributors
+
+    Permission to use, copy, modify, and/or distribute this software for any
+    purpose with or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+
+    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+    IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+notices: []

.licenses/npm/node-fetch.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: node-fetch
-version: 2.6.0
+version: 2.6.1
 type: npm
 summary: A light-weight module that brings window.fetch to node.js
 homepage: https://github.com/bitinn/node-fetch
@@ -42,6 +42,10 @@ licenses:
     [codecov-url]: https://codecov.io/gh/bitinn/node-fetch
     [install-size-image]: https://flat.badgen.net/packagephobia/install/node-fetch
     [install-size-url]: https://packagephobia.now.sh/result?p=node-fetch
+    [discord-image]: https://img.shields.io/discord/619915844268326952?color=%237289DA&label=Discord&style=flat-square
+    [discord-url]: https://discord.gg/Zxbndcm
+    [opencollective-image]: https://opencollective.com/node-fetch/backers.svg
+    [opencollective-url]: https://opencollective.com/node-fetch
     [whatwg-fetch]: https://fetch.spec.whatwg.org/
     [response-init]: https://fetch.spec.whatwg.org/#responseinit
     [node-readable]: https://nodejs.org/api/stream.html#stream_readable_streams

CODEOWNERS

@@ -0,0 +1 @@
+* @actions/actions-experience

README.md

@@ -12,11 +12,18 @@ input should be the body of an asynchronous function call. The following
 arguments will be provided:
 
 - `github` A pre-authenticated
-  [octokit/core.js](https://github.com/octokit/core.js#readme) client with REST endpoints and pagination plugins
+  [octokit/rest.js](https://octokit.github.io/rest.js) client with pagination plugins
 - `context` An object containing the [context of the workflow
   run](https://github.com/actions/toolkit/blob/main/packages/github/src/context.ts)
 - `core` A reference to the [@actions/core](https://github.com/actions/toolkit/tree/main/packages/core) package
+- `glob` A reference to the [@actions/glob](https://github.com/actions/toolkit/tree/main/packages/glob) package
 - `io` A reference to the [@actions/io](https://github.com/actions/toolkit/tree/main/packages/io) package
+- `require` A proxy wrapper around the normal Node.js `require` to enable
+  requiring relative paths (relative to the current working directory) and
+  requiring npm packages installed in the current working directory. If for
+  some reason you need the non-wrapped `require`, there is an escape hatch
+  available: `__original_require__` is the original value of `require` without
+  our wrapping applied.
 
 Since the `script` is just a function body, these values will already be
 defined, so you don't have to (see examples below).
@@ -37,7 +44,7 @@ The return value of the script will be in the step's outputs under the
 "result" key.
 
 ```yaml
-- uses: actions/github-script@v3
+- uses: actions/github-script@v4
   id: set-result
   with:
     script: return "Hello!"
@@ -56,7 +63,7 @@ output of a github-script step. For some workflows, string encoding is preferred
 `result-encoding` input:
 
 ```yaml
-- uses: actions/github-script@v3
+- uses: actions/github-script@v4
   id: my-script
   with:
     github-token: ${{secrets.GITHUB_TOKEN}}
@@ -71,6 +78,15 @@ in case you need to use a non-default token.
 
 By default, github-script will use the token provided to your workflow.
 
+### Print the available attributes of context
+
+```yaml
+- name: View context attributes
+  uses: actions/github-script@v4
+  with:
+    script: console.log(context)
+```
+
 ### Comment on an issue
 
 ```yaml
@@ -82,7 +98,7 @@ jobs:
   comment:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v3
+      - uses: actions/github-script@v4
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -105,7 +121,7 @@ jobs:
   apply-label:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v3
+      - uses: actions/github-script@v4
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -126,7 +142,7 @@ jobs:
   welcome:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v3
+      - uses: actions/github-script@v4
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -170,7 +186,7 @@ jobs:
   diff:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v3
+      - uses: actions/github-script@v4
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
@@ -191,16 +207,15 @@ contain the actual diff text.
 You can use the `github.graphql` object to run custom GraphQL queries against the GitHub API.
 
 ```yaml
-
 jobs:
-  list-packages:
+  list-issues:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v3
+      - uses: actions/github-script@v4
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
-            const query = `query($owner:String!, $name:String!) {
+            const query = `query($owner:String!, $name:String!, $label:String!) {
               repository(owner:$owner, name:$name){
                 issues(first:100, labels: [$label]) {
                   nodes {
@@ -216,7 +231,6 @@ jobs:
             }
             const result = await github.graphql(query, variables)
             console.log(result)
-
 ```
 
 ### Run a separate file
@@ -232,15 +246,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/github-script@v2
+      - uses: actions/github-script@v4
         with:
           script: |
-            const script = require(`${process.env.GITHUB_WORKSPACE}/path/to/script.js`)
+            const script = require('./path/to/script.js')
             console.log(script({github, context}))
 ```
 
-_Note that the script path given to `require()` must be an **absolute path** in this case, hence using [`GITHUB_WORKSPACE`](https://docs.github.com/en/actions/configuring-and-managing-workflows/using-environment-variables#default-environment-variables)._
-
 And then export a function from your module:
 
 ```javascript
@@ -249,9 +261,6 @@ module.exports = ({github, context}) => {
 }
 ```
 
-You can also use async functions in this manner, as long as you `await` it in
-the inline script.
-
 Note that because you can't `require` things like the GitHub context or
 Actions Toolkit libraries, you'll want to pass them as arguments to your
 external function.
@@ -259,3 +268,91 @@ external function.
 Additionally, you'll want to use the [checkout
 action](https://github.com/actions/checkout) to make sure your script file is
 available.
+
+### Run a separate file with an async function
+
+You can also use async functions in this manner, as long as you `await` it in
+the inline script.
+
+In your workflow:
+
+```yaml
+on: push
+
+jobs:
+  echo-input:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/github-script@v4
+        env:
+          SHA: '${{env.parentSHA}}'
+        with:
+          script: |
+            const script = require('./path/to/script.js')
+            await script({github, context, core})
+```
+
+And then export an async function from your module:
+
+```javascript
+module.exports = async ({github, context, core}) => {
+  const {SHA} = process.env
+  const commit = await github.repos.getCommit({
+    owner: context.repo.owner,
+    repo: context.repo.repo,
+    ref: `${SHA}`
+  })
+  core.exportVariable('author', commit.data.commit.author.email)
+}
+```
+
+### Use npm packages
+
+Like importing your own files above, you can also use installed modules:
+
+```yaml
+on: push
+
+jobs:
+  echo-input:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: 14
+      - run: npm ci
+      # or one-off:
+      - run: npm install execa
+      - uses: actions/github-script@v4
+        with:
+          script: |
+            const execa = require('execa')
+
+            const { stdout } = await execa('echo', ['hello', 'world'])
+
+            console.log(stdout)
+```
+
+### Use env as input
+
+You can set env vars to use them in your script:
+
+```yaml
+on: push
+
+jobs:
+  echo-input:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v4
+        env:
+          FIRST_NAME: Mona
+          LAST_NAME: Octocat
+        with:
+          script: |
+            const { FIRST_NAME, LAST_NAME } = process.env
+
+            console.log(`Hello ${FIRST_NAME} ${LAST_NAME}`)
+```

docs/development.md

@@ -22,7 +22,7 @@ well.
 
 Releases are done manually, for now:
 
-1. Ensure that the build is up to date with `npm run build`.
-1. Bump the [package.json](/package.json#L3) and [package-lock.json](/package-lock.json#L3) version numbers and commit them.
+1. Ensure that the build is up to date with `npm run build`. It's also good to ensure you have the correct dependencies installed by running `npm install` before you build.
+1. Bump the [package.json](/package.json#L3) and [package-lock.json](/package-lock.json#L3) version numbers and commit them. I like to do this with `npm version {major,minor,patch} --no-git-tag-version`. This will bump the version numbers but let you manually commit and tag, yourself.
 1. Update documentation (including updated version numbers).
-1. Tag main with the new version number and create a GitHub release.
+1. Tag main with the new version number and create a GitHub release. Make sure you also force-create and force-push tags for minor and patch updates. For example, when creating v5.1.0 (a minor bump), you want to create (or update) `v5`, `v5.1`, and `v5.1.0`.

package.json

@@ -1,7 +1,7 @@
 {
   "name": "github-script",
   "description": "A GitHub action for executing a simple script",
-  "version": "3.0.2",
+  "version": "4.0.2",
   "author": "GitHub",
   "license": "MIT",
   "main": "dist/index.js",
@@ -35,12 +35,13 @@
     }
   },
   "dependencies": {
-    "@actions/core": "^1.2.6",
+    "@actions/core": "^1.2.7",
     "@actions/github": "^4.0.0",
+    "@actions/glob": "^0.1.1",
     "@actions/io": "^1.0.2",
-    "@octokit/core": "^3.1.2",
-    "@octokit/plugin-paginate-rest": "^2.3.0",
-    "@octokit/plugin-rest-endpoint-methods": "^4.1.2"
+    "@octokit/core": "^3.2.1",
+    "@octokit/plugin-paginate-rest": "^2.6.0",
+    "@octokit/plugin-rest-endpoint-methods": "4.2.1"
   },
   "devDependencies": {
     "@types/jest": "^26.0.10",

src/async-function.ts

@@ -1,6 +1,7 @@
 import * as core from '@actions/core'
 import {Context} from '@actions/github/lib/context'
 import {GitHub} from '@actions/github/lib/utils'
+import * as glob from '@actions/glob'
 import * as io from '@actions/io'
 
 const AsyncFunction = Object.getPrototypeOf(async () => null).constructor
@@ -9,8 +10,10 @@ type AsyncFunctionArguments = {
   context: Context
   core: typeof core
   github: InstanceType<typeof GitHub>
+  glob: typeof glob
   io: typeof io
   require: NodeRequire
+  __original_require__: NodeRequire
 }
 
 export function callAsyncFunction<T>(

src/main.ts

@@ -1,7 +1,9 @@
 import * as core from '@actions/core'
 import {context, getOctokit} from '@actions/github'
+import * as glob from '@actions/glob'
 import * as io from '@actions/io'
 import {callAsyncFunction} from './async-function'
+import {wrapRequire} from './wrap-require'
 
 process.on('unhandledRejection', handleError)
 main().catch(handleError)
@@ -28,7 +30,15 @@ async function main(): Promise<void> {
 
   // Using property/value shorthand on `require` (e.g. `{require}`) causes compilation errors.
   const result = await callAsyncFunction(
-    {require: require, github, context, core, io},
+    {
+      require: wrapRequire,
+      __original_require__: __non_webpack_require__,
+      github,
+      context,
+      core,
+      glob,
+      io
+    },
     script
   )
 

src/wrap-require.ts

@@ -0,0 +1,25 @@
+import * as path from 'path'
+
+export const wrapRequire = new Proxy(__non_webpack_require__, {
+  apply: (target, thisArg, [moduleID]) => {
+    if (moduleID.startsWith('.')) {
+      moduleID = path.resolve(moduleID)
+      return target.apply(thisArg, [moduleID])
+    }
+
+    const modulePath = target.resolve.apply(thisArg, [
+      moduleID,
+      {
+        // Webpack does not have an escape hatch for getting the actual
+        // module, other than `eval`.
+        paths: [process.cwd()]
+      }
+    ])
+
+    return target.apply(thisArg, [modulePath])
+  },
+
+  get: (target, prop, receiver) => {
+    Reflect.get(target, prop, receiver)
+  }
+})

types/non-webpack-require.ts

@@ -0,0 +1 @@
+declare const __non_webpack_require__: NodeRequire