Merge pull request #181 from actions/joshmgross/update-dependencies

Run npm audit and update dev dependencies

.github/workflows/check-dist.yml

@@ -0,0 +1,52 @@
+# `dist/index.js` is a special file in Actions.
+# When you reference an action with `uses:` in a workflow,
+# `index.js` is the code that will run.
+# For our project, we generate this file through a build process
+# from other source files.
+# We need to make sure the checked-in `index.js` actually matches what we expect it to be.
+name: Check dist/
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    paths-ignore:
+      - '**.md'
+  workflow_dispatch:
+
+jobs:
+  check-dist:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set Node.js 12.x
+        uses: actions/setup-node@v1
+        with:
+          node-version: 12.x
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Rebuild the dist/ directory
+        run: npm run build
+
+      - name: Compare the expected and actual dist/ directories
+        run: |
+          if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
+            echo "Detected uncommitted changes after build.  See status below:"
+            git diff
+            exit 1
+          fi
+        id: diff
+
+      # If index.js was different than expected, upload the expected version as an artifact
+      - uses: actions/upload-artifact@v2
+        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
+        with:
+          name: dist
+          path: dist/

.github/workflows/ci.yml

@@ -1,21 +1,20 @@
 name: CI
 
 on:
-  push: {branches: main}
-  pull_request: {branches: main}
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
 
 jobs:
   ci:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
-        with: {node-version: 13.x}
-      - uses: actions/cache@v1
+      - uses: actions/setup-node@v2
         with:
-          path: ~/.npm
-          key: ${{runner.os}}-npm-${{hashFiles('**/package-lock.json')}}
-          restore-keys: ${{runner.os}}-npm-
+          node-version: 12
+          cache: npm
       - run: npm ci
       - run: npm run style:check
       - run: npm test

.github/workflows/integration.yml

@@ -1,8 +1,10 @@
 name: Integration
 
 on:
-  push: {branches: main}
-  pull_request: {branches: main}
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
 
 jobs:
   test-return:
@@ -39,7 +41,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/cache@v1
+      - uses: actions/cache@v2
         with:
           path: ~/.npm
           key: ${{runner.os}}-npm-${{hashFiles('**/package-lock.json')}}

.github/workflows/licensed.yml

@@ -1,10 +1,12 @@
 name: Licensed
 
 on:
-  push: {branches: main}
-  pull_request: {branches: main}
-  repository_dispatch:
-  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
 
 jobs:
   test:
@@ -12,16 +14,11 @@ jobs:
     name: Check licenses
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/cache@v1
-        with:
-          path: ~/.npm
-          key: ${{runner.os}}-npm-${{hashFiles('**/package-lock.json')}}
-          restore-keys: ${{runner.os}}-npm-
       - run: npm ci
       - name: Install licensed
-        run: |-
+        run: |
           cd $RUNNER_TEMP
-          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/2.9.2/licensed-2.9.2-linux-x64.tar.gz
+          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/2.12.2/licensed-2.12.2-linux-x64.tar.gz
           sudo tar -xzf licensed.tar.gz
           sudo mv licensed /usr/local/bin/licensed
       - run: licensed status

.github/workflows/pull-request-test.yml

@@ -2,7 +2,7 @@ name: Pull Request Test
 
 on:
   pull_request:
-    branches: main
+    branches: [main]
     types: [opened, synchronize]
 
 jobs:

.licenses/npm/@actions/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/core"
-version: 1.2.6
+version: 1.2.7
 type: npm
 summary: Actions core lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/core

.licenses/npm/@actions/exec.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@actions/exec"
+version: 1.1.0
+type: npm
+summary: Actions exec lib
+homepage: https://github.com/actions/toolkit/tree/main/packages/exec
+license: mit
+licenses:
+- sources: LICENSE.md
+  text: |-
+    The MIT License (MIT)
+
+    Copyright 2019 GitHub
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

README.md

@@ -18,6 +18,7 @@ arguments will be provided:
 - `core` A reference to the [@actions/core](https://github.com/actions/toolkit/tree/main/packages/core) package
 - `glob` A reference to the [@actions/glob](https://github.com/actions/toolkit/tree/main/packages/glob) package
 - `io` A reference to the [@actions/io](https://github.com/actions/toolkit/tree/main/packages/io) package
+- `exec` A reference to the [@actions/exec](https://github.com/actions/toolkit/tree/main/packages/exec) package
 - `require` A proxy wrapper around the normal Node.js `require` to enable
   requiring relative paths (relative to the current working directory) and
   requiring npm packages installed in the current working directory. If for
@@ -66,7 +67,6 @@ output of a github-script step. For some workflows, string encoding is preferred
 - uses: actions/github-script@v4
   id: my-script
   with:
-    github-token: ${{secrets.GITHUB_TOKEN}}
     result-encoding: string
     script: return "I will be string (not JSON) encoded!"
 ```
@@ -100,7 +100,6 @@ jobs:
     steps:
       - uses: actions/github-script@v4
         with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
             github.issues.createComment({
               issue_number: context.issue.number,
@@ -123,7 +122,6 @@ jobs:
     steps:
       - uses: actions/github-script@v4
         with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
             github.issues.addLabels({
               issue_number: context.issue.number,
@@ -144,7 +142,6 @@ jobs:
     steps:
       - uses: actions/github-script@v4
         with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
             // Get a list of all issues created by the PR opener
             // See: https://octokit.github.io/rest.js/#pagination
@@ -188,7 +185,6 @@ jobs:
     steps:
       - uses: actions/github-script@v4
         with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
             const diff_url = context.payload.pull_request.diff_url
             const result = await github.request(diff_url)
@@ -213,7 +209,6 @@ jobs:
     steps:
       - uses: actions/github-script@v4
         with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
             const query = `query($owner:String!, $name:String!, $label:String!) {
               repository(owner:$owner, name:$name){
@@ -356,3 +351,32 @@ jobs:
 
             console.log(`Hello ${FIRST_NAME} ${LAST_NAME}`)
 ```
+
+### Using a separate GitHub token
+
+The `GITHUB_TOKEN` used by default is scoped to the current repository, see [Authentication in a workflow](https://docs.github.com/actions/reference/authentication-in-a-workflow).
+
+If you need access to a different repository or an API that the `GITHUB_TOKEN` doesn't have permissions to, you can provide your own [PAT](https://help.github.com/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) as a secret using the `github-token` input.
+
+[Learn more about creating and using encrypted secrets](https://docs.github.com/actions/reference/encrypted-secrets)
+
+```yaml
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  apply-label:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v4
+        with:
+          github-token: ${{ secrets.MY_PAT }}
+          script: |
+            github.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ['Triage']
+            })
+```

package.json

@@ -1,7 +1,7 @@
 {
   "name": "github-script",
   "description": "A GitHub action for executing a simple script",
-  "version": "4.0.0",
+  "version": "4.0.2",
   "author": "GitHub",
   "license": "MIT",
   "main": "dist/index.js",
@@ -35,7 +35,8 @@
     }
   },
   "dependencies": {
-    "@actions/core": "^1.2.6",
+    "@actions/core": "^1.2.7",
+    "@actions/exec": "^1.1.0",
     "@actions/github": "^4.0.0",
     "@actions/glob": "^0.1.1",
     "@actions/io": "^1.0.2",
@@ -44,17 +45,17 @@
     "@octokit/plugin-rest-endpoint-methods": "4.2.1"
   },
   "devDependencies": {
-    "@types/jest": "^26.0.10",
-    "@typescript-eslint/eslint-plugin": "^3.9.1",
-    "@typescript-eslint/parser": "^3.9.1",
+    "@types/jest": "^26.0.24",
+    "@typescript-eslint/eslint-plugin": "^3.10.1",
+    "@typescript-eslint/parser": "^3.10.1",
     "@vercel/ncc": "^0.23.0",
-    "eslint": "^7.7.0",
-    "eslint-config-prettier": "^6.11.0",
+    "eslint": "^7.32.0",
+    "eslint-config-prettier": "^6.15.0",
     "husky": "^4.2.5",
-    "jest": "^26.4.1",
+    "jest": "^26.6.3",
     "npm-run-all": "^4.1.5",
     "prettier": "^2.0.5",
-    "ts-jest": "^26.2.0",
-    "typescript": "^4.0.2"
+    "ts-jest": "^26.5.6",
+    "typescript": "^4.3.5"
   }
 }

src/async-function.ts

@@ -1,4 +1,5 @@
 import * as core from '@actions/core'
+import * as exec from '@actions/exec'
 import {Context} from '@actions/github/lib/context'
 import {GitHub} from '@actions/github/lib/utils'
 import * as glob from '@actions/glob'
@@ -10,6 +11,7 @@ type AsyncFunctionArguments = {
   context: Context
   core: typeof core
   github: InstanceType<typeof GitHub>
+  exec: typeof exec
   glob: typeof glob
   io: typeof io
   require: NodeRequire

src/main.ts

@@ -1,4 +1,5 @@
 import * as core from '@actions/core'
+import * as exec from '@actions/exec'
 import {context, getOctokit} from '@actions/github'
 import * as glob from '@actions/glob'
 import * as io from '@actions/io'
@@ -36,6 +37,7 @@ async function main(): Promise<void> {
       github,
       context,
       core,
+      exec,
       glob,
       io
     },

src/wrap-require.ts

@@ -7,20 +7,16 @@ export const wrapRequire = new Proxy(__non_webpack_require__, {
       return target.apply(thisArg, [moduleID])
     }
 
-    try {
-      return target.apply(thisArg, [moduleID])
-    } catch (err) {
-      const modulePath = target.resolve.apply(thisArg, [
-        moduleID,
-        {
-          // Webpack does not have an escape hatch for getting the actual
-          // module, other than `eval`.
-          paths: eval('module').paths.concat(process.cwd())
-        }
-      ])
+    const modulePath = target.resolve.apply(thisArg, [
+      moduleID,
+      {
+        // Webpack does not have an escape hatch for getting the actual
+        // module, other than `eval`.
+        paths: [process.cwd()]
+      }
+    ])
 
-      return target.apply(thisArg, [modulePath])
-    }
+    return target.apply(thisArg, [modulePath])
   },
 
   get: (target, prop, receiver) => {