Merge pull request #653 from actions/sneha-krip/readme-for-v8

README for updating actions/github-script from v7 to v8

.eslintrc.yml

@@ -5,9 +5,12 @@ extends:
   - eslint:recommended
   - plugin:@typescript-eslint/eslint-recommended
   - plugin:@typescript-eslint/recommended
-  - prettier/@typescript-eslint
+  - prettier
+parserOptions:
+  project: ['tsconfig.eslint.json']
 rules:
   # '@typescript-eslint/explicit-function-return-type': 0
   '@typescript-eslint/no-use-before-define':
     - 2
     - functions: false
+  '@typescript-eslint/no-unnecessary-condition': error

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Ask a question or provide feedback about using this action
+    about: For general Q&A and feedback, see the Discussions tab.
+    url: https://github.com/actions/github-script/discussions
+  - name: Ask a question or provide feedback about GitHub Actions
+    about: Please check out the GitHub community forum for discussions about GitHub Actions
+    url: https://github.com/orgs/community/discussions/categories/actions

.github/actions/install-dependencies/action.yml

@@ -0,0 +1,12 @@
+name: 'Install dependencies'
+description: 'Set up node and install dependencies'
+runs:
+  using: 'composite'
+  steps:
+    - uses: actions/setup-node@v4
+      with:
+        node-version: '24.x'
+        cache: npm
+
+    - run: npm ci
+      shell: bash

.github/dependabot.yml

@@ -0,0 +1,16 @@
+version: 2
+updates:
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+
+  - package-ecosystem: 'github-actions'
+    directory: '/.github/actions/install-dependencies'
+    schedule:
+      interval: 'weekly'
+
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'

.github/workflows/check-dist.yml

@@ -10,27 +10,20 @@ on:
   push:
     branches:
       - main
-    paths-ignore:
-      - '**.md'
   pull_request:
-    paths-ignore:
-      - '**.md'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   check-dist:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
-      - name: Set Node.js 12.x
-        uses: actions/setup-node@v1
-        with:
-          node-version: 12.x
-
-      - name: Install dependencies
-        run: npm ci
+      - uses: ./.github/actions/install-dependencies
 
       - name: Rebuild the dist/ directory
         run: npm run build
@@ -45,7 +38,7 @@ jobs:
         id: diff
 
       # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

.github/workflows/ci.yml

@@ -6,15 +6,14 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
   ci:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
-        with:
-          node-version: 12
-          cache: npm
-      - run: npm ci
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/install-dependencies
       - run: npm run style:check
       - run: npm test

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '32 12 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3

.github/workflows/integration.yml

@@ -6,11 +6,15 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
   test-return:
+    name: 'Integration test: return'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - id: output-set
         uses: ./
         with:
@@ -18,42 +22,307 @@ jobs:
           result-encoding: string
           input-value: output
       - run: |
-          if [[ "${{steps.output-set.outputs.result}}" != "output" ]]; then
+          echo "- Validating output is produced"
+          expected="output"
+          if [[ "${{steps.output-set.outputs.result}}" != "$expected" ]]; then
+            echo $'::error::\u274C' "Expected '$expected', got ${{steps.output-set.outputs.result}}"
             exit 1
           fi
+          echo $'\u2705 Test passed' | tee -a $GITHUB_STEP_SUMMARY
 
   test-relative-require:
+    name: 'Integration test: relative-path require'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - id: output-set
+      - uses: actions/checkout@v4
+      - id: relative-require
         uses: ./
         with:
           script: return require('./package.json').name
           result-encoding: string
-          input-value: output
       - run: |
-          if [[ "${{steps.output-set.outputs.result}}" != "github-script" ]]; then
+          echo "- Validating relative require output"
+          if [[ "${{steps.relative-require.outputs.result}}" != "@actions/github-script" ]]; then
+            echo $'::error::\u274C' "Expected '$expected', got ${{steps.relative-require.outputs.result}}"
             exit 1
           fi
+          echo $'\u2705 Test passed' | tee -a $GITHUB_STEP_SUMMARY
 
   test-npm-require:
+    name: 'Integration test: npm package require'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/cache@v2
-        with:
-          path: ~/.npm
-          key: ${{runner.os}}-npm-${{hashFiles('**/package-lock.json')}}
-          restore-keys: ${{runner.os}}-npm-
-      - run: npm ci
-      - id: output-set
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/install-dependencies
+      - id: npm-require
         uses: ./
         with:
           script: return require('@actions/core/package.json').name
           result-encoding: string
-          input-value: output
       - run: |
-          if [[ "${{steps.output-set.outputs.result}}" != "@actions/core" ]]; then
+          echo "- Validating npm require output"
+          expected="@actions/core"
+          if [[ "${{steps.npm-require.outputs.result}}" != "$expected" ]]; then
+            echo $'::error::\u274C' "Expected '$expected', got ${{steps.npm-require.outputs.result}}"
+            exit 1
+          fi
+          echo $'\u2705 Test passed' | tee -a $GITHUB_STEP_SUMMARY
+
+  test-previews:
+    name: 'Integration test: GraphQL previews option'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/install-dependencies
+      - id: previews-default
+        name: Default previews not set
+        uses: ./
+        with:
+          script: |
+            const endpoint = github.request.endpoint
+            return endpoint({url: "/graphql"}).headers.accept
+          result-encoding: string
+      - id: previews-set-single
+        name: Previews set to a single value
+        uses: ./
+        with:
+          previews: foo
+          script: |
+            const endpoint = github.request.endpoint
+            return endpoint({url: "/graphql"}).headers.accept
+          result-encoding: string
+      - id: previews-set-multiple
+        name: Previews set to comma-separated list
+        uses: ./
+        with:
+          previews: foo,bar,baz
+          script: |
+            const endpoint = github.request.endpoint
+            return endpoint({url: "/graphql"}).headers.accept
+          result-encoding: string
+      - run: |
+          echo "- Validating previews default"
+          expected="application/vnd.github.v3+json"
+          if [[ "${{steps.previews-default.outputs.result}}" != $expected ]]; then
+            echo $'::error::\u274C' "Expected '$expected', got ${{steps.previews-default.outputs.result}}"
+            exit 1
+          fi
+          echo "- Validating previews set to a single value"
+          expected="application/vnd.github.foo-preview+json"
+          if [[ "${{steps.previews-set-single.outputs.result}}" != $expected ]]; then
+            echo $'::error::\u274C' "Expected '$expected', got ${{steps.previews-set-single.outputs.result}}"
+            exit 1
+          fi
+          echo "- Validating previews set to multiple values"
+          expected="application/vnd.github.foo-preview+json,application/vnd.github.bar-preview+json,application/vnd.github.baz-preview+json"
+          if [[ "${{steps.previews-set-multiple.outputs.result}}" != $expected ]]; then
+            echo $'::error::\u274C' "Expected '$expected', got ${{steps.previews-set-multiple.outputs.result}}"
+            exit 1
+          fi
+          echo $'\u2705 Test passed' | tee -a $GITHUB_STEP_SUMMARY
+
+  test-user-agent:
+    name: 'Integration test: user-agent option'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/install-dependencies
+      - id: user-agent-default
+        name: Default user-agent not set
+        uses: ./
+        with:
+          script: |
+            const endpoint = github.request.endpoint
+            return endpoint({}).headers['user-agent']
+          result-encoding: string
+      - id: user-agent-set
+        name: User-agent set
+        uses: ./
+        with:
+          user-agent: foobar
+          script: |
+            const endpoint = github.request.endpoint
+            return endpoint({}).headers['user-agent']
+          result-encoding: string
+      - id: user-agent-empty
+        name: User-agent set to an empty string
+        uses: ./
+        with:
+          user-agent: ''
+          script: |
+            const endpoint = github.request.endpoint
+            return endpoint({}).headers['user-agent']
+          result-encoding: string
+      - run: |
+          echo "- Validating user-agent default"
+          expected="actions/github-script octokit-core.js/"
+          if [[ "${{steps.user-agent-default.outputs.result}}" != "$expected"* ]]; then
+            echo $'::error::\u274C' "Expected user-agent to start with '$expected', got ${{steps.user-agent-default.outputs.result}}"
+            exit 1
+          fi
+          echo "- Validating user-agent set to a value"
+          expected="foobar octokit-core.js/"
+          if [[ "${{steps.user-agent-set.outputs.result}}" != "$expected"* ]]; then
+            echo $'::error::\u274C' "Expected user-agent to start with '$expected', got ${{steps.user-agent-set.outputs.result}}"
+            exit 1
+          fi
+          echo "- Validating user-agent set to an empty string"
+          expected="octokit-core.js/"
+          if [[ "${{steps.user-agent-empty.outputs.result}}" != "$expected"* ]]; then
+            echo $'::error::\u274C' "Expected user-agent to start with '$expected', got ${{steps.user-agent-empty.outputs.result}}"
+            exit 1
+          fi
+          echo $'\u2705 Test passed' | tee -a $GITHUB_STEP_SUMMARY
+
+  test-debug:
+    strategy:
+      matrix:
+        environment: ['', 'debug-integration-test']
+    environment: ${{ matrix.environment }}
+    name: "Integration test: debug option (runner.debug mode ${{ matrix.environment && 'enabled' || 'disabled' }})"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/install-dependencies
+      - id: debug-default
+        name: Default debug not set
+        uses: ./
+        with:
+          script: |
+            const log = github.log
+            return {
+              runnerDebugMode: core.isDebug(),
+              debug: log.debug === console.debug,
+              info: log.info === console.info
+            }
+      - id: debug-true
+        name: Debug set to true
+        uses: ./
+        with:
+          debug: true
+          script: |
+            const log = github.log
+            return {
+              runnerDebugMode: core.isDebug(),
+              debug: log.debug === console.debug,
+              info: log.info === console.info
+            }
+      - id: debug-false
+        name: Debug set to false
+        uses: ./
+        with:
+          debug: false
+          script: |
+            const log = github.log
+            return {
+              runnerDebugMode: core.isDebug(),
+              debug: log.debug === console.debug,
+              info: log.info === console.info
+            }
+      - id: evaluate-tests
+        name: Evaluate test outputs
+        env:
+          RDMODE: ${{ runner.debug == '1' }}
+        run: |
+          # tests table, pipe separated: label | output | expected
+          # leading and trailing spaces on any field are trimmed
+          tests=$(cat << 'TESTS'
+            Validating debug default |\
+              ${{ steps.debug-default.outputs.result }} |\
+              {"runnerDebugMode":${{ env.RDMODE }},"debug":${{ env.RDMODE }},"info":${{ env.RDMODE }}}
+            Validating debug set to true |\
+              ${{ steps.debug-true.outputs.result }} |\
+              {"runnerDebugMode":${{ env.RDMODE }},"debug":true,"info":true}
+            Validating debug set to false |\
+              ${{ steps.debug-false.outputs.result }} |\
+              {"runnerDebugMode":${{ env.RDMODE }},"debug":false,"info":false}
+          TESTS
+          )
+
+          strim() { shopt -s extglob; lt="${1##+( )}"; echo "${lt%%+( )}"; }
+          while IFS='|' read label output expected; do
+            label="$(strim "$label")"; output="$(strim "$output")"; expected="$(strim "$expected")"
+            echo -n "- $label:"
+            if [[ "$output" != "$expected" ]]; then
+              echo $'\n::error::\u274C' "Expected '$expected', got '$output'"
+              exit 1
+            fi
+            echo $' \u2705'
+          done <<< "$tests"
+
+          echo $'\u2705 Test passed' | tee -a $GITHUB_STEP_SUMMARY
+
+  test-base-url:
+    name: 'Integration test: base-url option'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/install-dependencies
+
+      - id: base-url-default
+        name: API URL with base-url not set
+        uses: ./
+        with:
+          script: |
+            const endpoint = github.request.endpoint
+            return endpoint({}).url
+          result-encoding: string
+
+      - id: base-url-default-graphql
+        name: GraphQL URL with base-url not set
+        uses: ./
+        with:
+          script: |
+            const endpoint = github.request.endpoint
+            return endpoint({url: "/graphql"}).url
+          result-encoding: string
+
+      - id: base-url-set
+        name: API URL with base-url set
+        uses: ./
+        with:
+          base-url: https://my.github-enterprise-server.com/api/v3
+          script: |
+            const endpoint = github.request.endpoint
+            return endpoint({}).url
+          result-encoding: string
+
+      - id: base-url-set-graphql
+        name: GraphQL URL with base-url set
+        uses: ./
+        with:
+          base-url: https://my.github-enterprise-server.com/api/v3
+          script: |
+            const endpoint = github.request.endpoint
+            return endpoint({url: "/graphql"}).url
+          result-encoding: string
+
+      - run: |
+          echo "- Validating API URL default"
+          expected="https://api.github.com/"
+          actual="${{steps.base-url-default.outputs.result}}"
+          if [[ "$expected" != "$actual" ]]; then
+            echo $'::error::\u274C' "Expected base-url to equal '$expected', got $actual"
+            exit 1
+          fi
+          echo "- Validating GraphQL URL default"
+          expected="https://api.github.com/graphql"
+          actual="${{steps.base-url-default-graphql.outputs.result}}"
+          if [[ "$expected" != "$actual" ]]; then
+            echo $'::error::\u274C' "Expected base-url to equal '$expected', got $actual"
+            exit 1
+          fi
+          echo "- Validating base-url set to a value"
+          expected="https://my.github-enterprise-server.com/api/v3/"
+          actual="${{steps.base-url-set.outputs.result}}"
+          if [[ "$expected" != "$actual" ]]; then
+            echo $'::error::\u274C' "Expected base-url to equal '$expected', got $actual"
+            exit 1
+          fi
+          echo "- Validating GraphQL URL with base-url set to a value"
+          expected="https://my.github-enterprise-server.com/api/v3/graphql"
+          actual="${{steps.base-url-set-graphql.outputs.result}}"
+          if [[ "$expected" != "$actual" ]]; then
+            echo $'::error::\u274C' "Expected base-url to equal '$expected', got $actual"
             exit 1
           fi

.github/workflows/licensed.yml

@@ -8,17 +8,23 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest
     name: Check licenses
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0 # prefer to use a full fetch for licensed workflows
-      # https://github.com/jonabc/setup-licensed/releases/tag/v1.1.1
-      - uses: jonabc/setup-licensed@82c5f4d19e8968efa74a25b132922382c2671fe2
+      - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1.229.0
         with:
-          version: '3.x'
-      - run: npm ci
+          ruby-version: ruby
+      - uses: github/setup-licensed@v1
+        with:
+          version: '4.x'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: ./.github/actions/install-dependencies
       - run: licensed status

.github/workflows/publish-immutable-actions.yml

@@ -0,0 +1,20 @@
+name: 'Publish Immutable Action Version'
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+
+    steps:
+      - name: Checking out
+        uses: actions/checkout@v4
+      - name: Publish
+        id: publish
+        uses: actions/publish-immutable-action@0.0.4

.github/workflows/pull-request-test.yml

@@ -5,11 +5,15 @@ on:
     branches: [main]
     types: [opened, synchronize]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   pull-request-test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - uses: ./
         with:
           script: |

.github/workflows/stale.yml

@@ -1,31 +0,0 @@
-name: Stale Issues & PRs
-
-on:
-  schedule:
-    - cron: '0 0 * * *'
-  workflow_dispatch:
-
-jobs:
-  mark_stale:
-    name: Mark issues and PRs as stale
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/stale@v3
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          exempt-issue-labels: Not Stale
-          exempt-pr-labels: Not Stale
-          stale-issue-message: >
-            This issue is stale because it has been open for 60 days with no
-            activity. Remove the "Stale" label or comment on the issue, or it
-            will be closed in 7 days.
-          stale-pr-message: >
-            This pull request is stale because it has been open for 60 days
-            with no activity. Remove the "Stale" label or comment on the pull
-            request, or it will be closed in 7 days.
-          close-issue-message: >
-            This issue has been marked as stale and closed due to no activity
-            on it.
-          close-pr-message: >
-            This pull request has been marked as stale and closed due to no
-            activity on it.

.gitignore

@@ -1,2 +1 @@
 /node_modules/
-!/.vscode/

.husky/pre-commit

@@ -1,4 +1 @@
-#!/bin/sh
-. "$(dirname "$0")/_/husky.sh"
-
 npm run pre-commit && git add dist/

.licenses/npm/@actions/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/core"
-version: 1.5.0
+version: 1.10.1
 type: npm
 summary: Actions core lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/core

.licenses/npm/@actions/exec.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/exec"
-version: 1.1.0
+version: 1.1.1
 type: npm
 summary: Actions exec lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/exec

.licenses/npm/@actions/github.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/github"
-version: 5.0.0
+version: 6.0.0
 type: npm
 summary: Actions github lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/github

.licenses/npm/@actions/glob.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/glob"
-version: 0.2.0
+version: 0.4.0
 type: npm
 summary: Actions glob lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/glob

.licenses/npm/@actions/http-client.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@actions/http-client"
-version: 1.0.11
+version: 2.2.0
 type: npm
 summary: Actions Http Client
-homepage: https://github.com/actions/http-client#readme
+homepage: https://github.com/actions/toolkit/tree/main/packages/http-client
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@actions/io.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/io"
-version: 1.1.1
+version: 1.1.3
 type: npm
 summary: Actions io lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/io

.licenses/npm/@fastify/busboy.dep.yml

@@ -0,0 +1,30 @@
+---
+name: "@fastify/busboy"
+version: 2.0.0
+type: npm
+summary: A streaming parser for HTML form data for node.js
+homepage:
+license: mit
+licenses:
+- sources: LICENSE
+  text: |-
+    Copyright Brian White. All rights reserved.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to
+    deal in the Software without restriction, including without limitation the
+    rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+    sell copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in
+    all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+    IN THE SOFTWARE.
+notices: []

.licenses/npm/@octokit/auth-token.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@octokit/auth-token"
-version: 2.5.0
+version: 4.0.0
 type: npm
 summary: GitHub API token authentication for browsers and Node.js
-homepage: https://github.com/octokit/auth-token.js#readme
+homepage:
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/core"
-version: 3.5.1
+version: 5.0.1
 type: npm
 summary: Extendable client for GitHub's REST & GraphQL APIs
 homepage:

.licenses/npm/@octokit/endpoint.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@octokit/endpoint"
-version: 6.0.12
+version: 9.0.0
 type: npm
 summary: Turns REST API endpoints into generic request options
-homepage: https://github.com/octokit/endpoint.js#readme
+homepage:
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/graphql.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@octokit/graphql"
-version: 4.8.0
+version: 7.0.1
 type: npm
 summary: GitHub GraphQL API client for browsers and Node
-homepage: https://github.com/octokit/graphql.js#readme
+homepage:
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/openapi-types-18.0.0.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@octokit/openapi-types"
-version: 11.2.0
+version: 18.0.0
 type: npm
 summary: Generated TypeScript definitions based on GitHub's OpenAPI spec for api.github.com
-homepage: https://github.com/octokit/openapi-types.ts#readme
+homepage:
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/openapi-types-19.0.0.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@octokit/openapi-types"
+version: 19.0.0
+type: npm
+summary: Generated TypeScript definitions based on GitHub's OpenAPI spec for api.github.com
+homepage:
+license: mit
+licenses:
+- sources: LICENSE
+  text: |-
+    Copyright 2020 Gregor Martynus
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+- sources: README.md
+  text: "[MIT](LICENSE)"
+notices: []

.licenses/npm/@octokit/plugin-paginate-rest.dep.yml

@@ -1,8 +1,8 @@
 ---
 name: "@octokit/plugin-paginate-rest"
-version: 2.17.0
+version: 9.0.0
 type: npm
-summary: 
+summary: Octokit plugin to paginate REST API endpoint responses
 homepage:
 license: mit
 licenses:

.licenses/npm/@octokit/plugin-request-log.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@octokit/plugin-request-log"
+version: 4.0.0
+type: npm
+summary: Log all requests and request errors
+homepage:
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License Copyright (c) 2020 Octokit contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+- sources: README.md
+  text: "[MIT](LICENSE)"
+notices: []

.licenses/npm/@octokit/plugin-rest-endpoint-methods.dep.yml

@@ -1,8 +1,8 @@
 ---
 name: "@octokit/plugin-rest-endpoint-methods"
-version: 5.13.0
+version: 10.0.1
 type: npm
-summary: 
+summary: Octokit plugin adding one method for all of api.github.com REST API endpoints
 homepage:
 license: mit
 licenses:

.licenses/npm/@octokit/plugin-retry.dep.yml

@@ -1,16 +1,16 @@
 ---
-name: whatwg-url
-version: 5.0.0
+name: "@octokit/plugin-retry"
+version: 6.0.1
 type: npm
-summary: An implementation of the WHATWG URL Standard's URL API and parsing machinery
-homepage: https://github.com/jsdom/whatwg-url#readme
+summary: Automatic retry plugin for octokit
+homepage:
 license: mit
 licenses:
-- sources: LICENSE.txt
+- sources: LICENSE
   text: |
-    The MIT License (MIT)
+    MIT License
 
-    Copyright (c) 2015–2016 Sebastian Mayr
+    Copyright (c) 2018 Octokit contributors
 
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal
@@ -19,14 +19,16 @@ licenses:
     copies of the Software, and to permit persons to whom the Software is
     furnished to do so, subject to the following conditions:
 
-    The above copyright notice and this permission notice shall be included in
-    all copies or substantial portions of the Software.
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
 
     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-    THE SOFTWARE.
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+- sources: README.md
+  text: "[MIT](LICENSE)"
 notices: []

.licenses/npm/@octokit/request-error.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@octokit/request-error"
-version: 2.1.0
+version: 5.0.0
 type: npm
 summary: Error class for Octokit request errors
-homepage: https://github.com/octokit/request-error.js#readme
+homepage:
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/request.dep.yml

@@ -1,10 +1,10 @@
 ---
 name: "@octokit/request"
-version: 5.6.1
+version: 8.1.1
 type: npm
-summary: "Send parameterized requests to GitHubâ\x80\x99s APIs with sensible defaults
-  in browsers and Node"
-homepage: https://github.com/octokit/request.js#readme
+summary: Send parameterized requests to GitHub's APIs with sensible defaults in browsers
+  and Node
+homepage:
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/types-11.1.0.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@octokit/types"
-version: 6.34.0
+version: 11.1.0
 type: npm
 summary: Shared TypeScript definitions for Octokit projects
-homepage: https://github.com/octokit/types.ts#readme
+homepage:
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/types-12.0.0.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@octokit/types"
+version: 12.0.0
+type: npm
+summary: Shared TypeScript definitions for Octokit projects
+homepage:
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License Copyright (c) 2019 Octokit contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+- sources: README.md
+  text: "[MIT](LICENSE)"
+notices: []

.licenses/npm/@types/node.dep.yml

@@ -0,0 +1,32 @@
+---
+name: "@types/node"
+version: 24.1.0
+type: npm
+summary: TypeScript definitions for node
+homepage: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node
+license: mit
+licenses:
+- sources: LICENSE
+  text: |2
+        MIT License
+
+        Copyright (c) Microsoft Corporation.
+
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE
+notices: []

.licenses/npm/bottleneck.dep.yml

@@ -0,0 +1,31 @@
+---
+name: bottleneck
+version: 2.19.5
+type: npm
+summary: Distributed task scheduler and rate limiter
+homepage: 
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    The MIT License (MIT)
+
+    Copyright (c) 2014 Simon Grondin
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of
+    this software and associated documentation files (the "Software"), to deal in
+    the Software without restriction, including without limitation the rights to
+    use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+    the Software, and to permit persons to whom the Software is furnished to do so,
+    subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+    FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+    COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+    IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+    CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

.licenses/npm/minimatch.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: minimatch
-version: 3.0.4
+version: 3.1.2
 type: npm
 summary: a glob matcher in javascript
-homepage: https://github.com/isaacs/minimatch#readme
+homepage:
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/node-fetch.dep.yml

@@ -1,56 +0,0 @@
----
-name: node-fetch
-version: 2.6.5
-type: npm
-summary: A light-weight module that brings window.fetch to node.js
-homepage: https://github.com/bitinn/node-fetch
-license: mit
-licenses:
-- sources: LICENSE.md
-  text: |+
-    The MIT License (MIT)
-
-    Copyright (c) 2016 David Frank
-
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
-
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE.
-
-- sources: README.md
-  text: |-
-    MIT
-
-    [npm-image]: https://flat.badgen.net/npm/v/node-fetch
-    [npm-url]: https://www.npmjs.com/package/node-fetch
-    [travis-image]: https://flat.badgen.net/travis/bitinn/node-fetch
-    [travis-url]: https://travis-ci.org/bitinn/node-fetch
-    [codecov-image]: https://flat.badgen.net/codecov/c/github/bitinn/node-fetch/master
-    [codecov-url]: https://codecov.io/gh/bitinn/node-fetch
-    [install-size-image]: https://flat.badgen.net/packagephobia/install/node-fetch
-    [install-size-url]: https://packagephobia.now.sh/result?p=node-fetch
-    [discord-image]: https://img.shields.io/discord/619915844268326952?color=%237289DA&label=Discord&style=flat-square
-    [discord-url]: https://discord.gg/Zxbndcm
-    [opencollective-image]: https://opencollective.com/node-fetch/backers.svg
-    [opencollective-url]: https://opencollective.com/node-fetch
-    [whatwg-fetch]: https://fetch.spec.whatwg.org/
-    [response-init]: https://fetch.spec.whatwg.org/#responseinit
-    [node-readable]: https://nodejs.org/api/stream.html#stream_readable_streams
-    [mdn-headers]: https://developer.mozilla.org/en-US/docs/Web/API/Headers
-    [LIMITS.md]: https://github.com/bitinn/node-fetch/blob/master/LIMITS.md
-    [ERROR-HANDLING.md]: https://github.com/bitinn/node-fetch/blob/master/ERROR-HANDLING.md
-    [UPGRADE-GUIDE.md]: https://github.com/bitinn/node-fetch/blob/master/UPGRADE-GUIDE.md
-notices: []

.licenses/npm/undici-types.dep.yml

@@ -1,15 +1,17 @@
 ---
-name: tr46
-version: 0.0.3
+name: undici-types
+version: 7.8.0
 type: npm
-summary: An implementation of the Unicode TR46 spec
-homepage: https://github.com/Sebmaster/tr46.js#readme
+summary: A stand-alone types package for Undici
+homepage: https://undici.nodejs.org
 license: mit
 licenses:
-- sources: Auto-generated MIT license text
+- sources: LICENSE
   text: |
     MIT License
 
+    Copyright (c) Matteo Collina and Undici contributors
+
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal
     in the Software without restriction, including without limitation the rights

.licenses/npm/undici.dep.yml

@@ -0,0 +1,34 @@
+---
+name: undici
+version: 5.28.5
+type: npm
+summary: An HTTP/1.1 client, written from scratch for Node.js
+homepage: https://undici.nodejs.org
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) Matteo Collina and Undici contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+- sources: README.md
+  text: MIT
+notices: []

.licenses/npm/uuid.dep.yml

@@ -0,0 +1,20 @@
+---
+name: uuid
+version: 8.3.2
+type: npm
+summary: RFC4122 (v1, v4, and v5) UUIDs
+homepage: 
+license: mit
+licenses:
+- sources: LICENSE.md
+  text: |
+    The MIT License (MIT)
+
+    Copyright (c) 2010-2020 Robert Kieffer and other contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

.licenses/npm/webidl-conversions.dep.yml

@@ -1,23 +0,0 @@
----
-name: webidl-conversions
-version: 3.0.1
-type: npm
-summary: Implements the WebIDL algorithms for converting to and from JavaScript values
-homepage: https://github.com/jsdom/webidl-conversions#readme
-license: bsd-2-clause
-licenses:
-- sources: LICENSE.md
-  text: |
-    # The BSD 2-Clause License
-
-    Copyright (c) 2014, Domenic Denicola
-    All rights reserved.
-
-    Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-    1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-
-    2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-
-    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-notices: []

.npmrc

@@ -0,0 +1 @@
+engine-strict=true

.vscode/settings.json

@@ -1,10 +0,0 @@
-{
-  "editor.formatOnSave": true,
-  "editor.codeActionsOnSave": {
-    "source.organizeImports": true
-  },
-  "files.exclude": {
-    "**/dist": true,
-    "**/node_modules": true
-  }
-}

CODEOWNERS

@@ -1 +1 @@
-* @actions/actions-experience
+* @actions/actions-launch

README.md

@@ -1,15 +1,34 @@
 # actions/github-script
 
-[![.github/workflows/integration.yml](https://github.com/actions/github-script/workflows/Integration/badge.svg?event=push&branch=main)](https://github.com/actions/github-script/actions?query=workflow%3AIntegration+branch%3Amain+event%3Apush)
-[![.github/workflows/ci.yml](https://github.com/actions/github-script/workflows/CI/badge.svg?event=push&branch=main)](https://github.com/actions/github-script/actions?query=workflow%3ACI+branch%3Amain+event%3Apush)
-[![.github/workflows/licensed.yml](https://github.com/actions/github-script/workflows/Licensed/badge.svg?event=push&branch=main)](https://github.com/actions/github-script/actions?query=workflow%3ALicensed+branch%3Amain+event%3Apush)
+[![Integration](https://github.com/actions/github-script/actions/workflows/integration.yml/badge.svg?branch=main&event=push)](https://github.com/actions/github-script/actions/workflows/integration.yml)
+[![CI](https://github.com/actions/github-script/actions/workflows/ci.yml/badge.svg?branch=main&event=push)](https://github.com/actions/github-script/actions/workflows/ci.yml)
+[![Licensed](https://github.com/actions/github-script/actions/workflows/licensed.yml/badge.svg?branch=main&event=push)](https://github.com/actions/github-script/actions/workflows/licensed.yml)
 
 This action makes it easy to quickly write a script in your workflow that
 uses the GitHub API and the workflow run context.
 
-In order to use this action, a `script` input is provided. The value of that
-input should be the body of an asynchronous function call. The following
-arguments will be provided:
+### Note
+
+Thank you for your interest in this GitHub action, however, right now we are not taking contributions. 
+
+We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features we’re working on and what stage they’re in.
+
+We are taking the following steps to better direct requests related to GitHub Actions, including:
+
+1. We will be directing questions and support requests to our [Community Discussions area](https://github.com/orgs/community/discussions/categories/actions)
+
+2. High Priority bugs can be reported through Community Discussions or you can report these to our support team https://support.github.com/contact/bug-report.
+
+3. Security Issues should be handled as per our [security.md](security.md)
+
+We will still provide security updates for this project and fix major breaking changes during this time.
+
+You are welcome to still raise bugs in this repo.
+
+### This action 
+
+To use this action, provide an input named `script` that contains the body of an asynchronous JavaScript function call.
+The following arguments will be provided:
 
 - `github` A pre-authenticated
   [octokit/rest.js](https://octokit.github.io/rest.js) client with pagination plugins
@@ -32,7 +51,31 @@ defined, so you don't have to import them (see examples below).
 See [octokit/rest.js](https://octokit.github.io/rest.js/) for the API client
 documentation.
 
-## Breaking changes in V5
+## Breaking Changes
+
+### V8
+
+Version 8 of this action updated the runtime to Node 24 - https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions
+
+All scripts are now run with Node 24 instead of Node 20 and are affected by any breaking changes between Node 20 and 24.
+
+**This requires a minimum Actions Runner version of [v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1)**
+
+### V7
+
+Version 7 of this action updated the runtime to Node 20 - https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions
+
+All scripts are now run with Node 20 instead of Node 16 and are affected by any breaking changes between Node 16 and 20
+
+The `previews` input now only applies to GraphQL API calls as REST API previews are no longer necessary - https://github.blog/changelog/2021-10-14-rest-api-preview-promotions/.
+
+### V6
+
+Version 6 of this action updated the runtime to Node 16 - https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions
+
+All scripts are now run with Node 16 instead of Node 12 and are affected by any breaking changes between Node 12 and 16.
+
+### V5
 
 Version 5 of this action includes the version 5 of `@actions/github` and `@octokit/plugin-rest-endpoint-methods`. As part of this update, the Octokit context available via `github` no longer has REST methods directly. These methods are available via `github.rest.*` - https://github.com/octokit/plugin-rest-endpoint-methods.js/releases/tag/v5.0.0
 
@@ -44,13 +87,38 @@ For example, `github.issues.createComment` in V4 becomes `github.rest.issues.cre
 
 See [development.md](/docs/development.md).
 
+## Passing inputs to the script
+
+Actions expressions are evaluated before the `script` is passed to the action, so the result of any expressions
+*will be evaluated as JavaScript code*.
+
+It's highly recommended to *not* evaluate expressions directly in the `script` to avoid
+[script injections](https://docs.github.com/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections)
+and potential `SyntaxError`s when the expression is not valid JavaScript code (particularly when it comes to improperly escaped strings).
+
+To pass inputs, set `env` vars on the action step and reference them in your script with `process.env`:
+
+```yaml
+- uses: actions/github-script@v8
+  env:
+    TITLE: ${{ github.event.pull_request.title }}
+  with:
+    script: |
+      const title = process.env.TITLE;
+      if (title.startsWith('octocat')) {
+        console.log("PR title starts with 'octocat'");
+      } else {
+        console.error("PR title did not start with 'octocat'");
+      }
+```
+
 ## Reading step results
 
 The return value of the script will be in the step's outputs under the
 "result" key.
 
 ```yaml
-- uses: actions/github-script@v5
+- uses: actions/github-script@v8
   id: set-result
   with:
     script: return "Hello!"
@@ -69,13 +137,54 @@ output of a github-script step. For some workflows, string encoding is preferred
 `result-encoding` input:
 
 ```yaml
-- uses: actions/github-script@v5
+- uses: actions/github-script@v8
   id: my-script
   with:
     result-encoding: string
     script: return "I will be string (not JSON) encoded!"
 ```
 
+## Retries
+
+By default, requests made with the `github` instance will not be retried. You can configure this with the `retries` option:
+
+```yaml
+- uses: actions/github-script@v8
+  id: my-script
+  with:
+    result-encoding: string
+    retries: 3
+    script: |
+      github.rest.issues.get({
+        issue_number: context.issue.number,
+        owner: context.repo.owner,
+        repo: context.repo.repo,
+      })
+```
+
+In this example, request failures from `github.rest.issues.get()` will be retried up to 3 times.
+
+You can also configure which status codes should be exempt from retries via the `retry-exempt-status-codes` option:
+
+```yaml
+- uses: actions/github-script@v8
+  id: my-script
+  with:
+    result-encoding: string
+    retries: 3
+    retry-exempt-status-codes: 400,401
+    script: |
+      github.rest.issues.get({
+        issue_number: context.issue.number,
+        owner: context.repo.owner,
+        repo: context.repo.repo,
+      })
+```
+
+By default, the following status codes will not be retried: `400, 401, 403, 404, 422` [(source)](https://github.com/octokit/plugin-retry.js/blob/9a2443746c350b3beedec35cf26e197ea318a261/src/index.ts#L14).
+
+These retries are implemented using the [octokit/plugin-retry.js](https://github.com/octokit/plugin-retry.js) plugin. The retries use [exponential backoff](https://en.wikipedia.org/wiki/Exponential_backoff) to space out retries. ([source](https://github.com/octokit/plugin-retry.js/blob/9a2443746c350b3beedec35cf26e197ea318a261/src/error-request.ts#L13))
+
 ## Examples
 
 Note that `github-token` is optional in this action, and the input is there
@@ -87,7 +196,7 @@ By default, github-script will use the token provided to your workflow.
 
 ```yaml
 - name: View context attributes
-  uses: actions/github-script@v5
+  uses: actions/github-script@v8
   with:
     script: console.log(context)
 ```
@@ -103,7 +212,7 @@ jobs:
   comment:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v5
+      - uses: actions/github-script@v8
         with:
           script: |
             github.rest.issues.createComment({
@@ -125,7 +234,7 @@ jobs:
   apply-label:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v5
+      - uses: actions/github-script@v8
         with:
           script: |
             github.rest.issues.addLabels({
@@ -138,14 +247,16 @@ jobs:
 
 ### Welcome a first-time contributor
 
+You can format text in comments using the same [Markdown syntax](https://docs.github.com/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax) as the GitHub web interface:
+
 ```yaml
-on: pull_request
+on: pull_request_target
 
 jobs:
   welcome:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v5
+      - uses: actions/github-script@v8
         with:
           script: |
             // Get a list of all issues created by the PR opener
@@ -172,7 +283,9 @@ jobs:
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
-              body: 'Welcome, new contributor!'
+              body: `**Welcome**, new contributor!
+
+                Please make sure you've read our [contributing guide](CONTRIBUTING.md) and we look forward to reviewing your Pull request shortly ✨`
             })
 ```
 
@@ -188,7 +301,7 @@ jobs:
   diff:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v5
+      - uses: actions/github-script@v8
         with:
           script: |
             const diff_url = context.payload.pull_request.diff_url
@@ -212,7 +325,7 @@ jobs:
   list-issues:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v5
+      - uses: actions/github-script@v8
         with:
           script: |
             const query = `query($owner:String!, $name:String!, $label:String!) {
@@ -245,8 +358,8 @@ jobs:
   echo-input:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/github-script@v5
+      - uses: actions/checkout@v4
+      - uses: actions/github-script@v8
         with:
           script: |
             const script = require('./path/to/script.js')
@@ -283,8 +396,8 @@ jobs:
   echo-input:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/github-script@v5
+      - uses: actions/checkout@v4
+      - uses: actions/github-script@v8
         env:
           SHA: '${{env.parentSHA}}'
         with:
@@ -321,14 +434,14 @@ jobs:
   echo-input:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 14
+          node-version: '20.x'
       - run: npm ci
       # or one-off:
       - run: npm install execa
-      - uses: actions/github-script@v5
+      - uses: actions/github-script@v8
         with:
           script: |
             const execa = require('execa')
@@ -338,28 +451,53 @@ jobs:
             console.log(stdout)
 ```
 
-### Use env as input
+### Use ESM `import`
 
-You can set env vars to use them in your script:
+To import an ESM file, you'll need to reference your script by an absolute path and ensure you have a `package.json` file with `"type": "module"` specified.
+
+For a script in your repository `src/print-stuff.js`:
+
+```js
+export default function printStuff() {
+  console.log('stuff')
+}
+```
 
 ```yaml
 on: push
 
 jobs:
-  echo-input:
+  print-stuff:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v5
-        env:
-          FIRST_NAME: Mona
-          LAST_NAME: Octocat
+      - uses: actions/checkout@v4
+      - uses: actions/github-script@v8
         with:
           script: |
-            const { FIRST_NAME, LAST_NAME } = process.env
+            const { default: printStuff } = await import('${{ github.workspace }}/src/print-stuff.js')
 
-            console.log(`Hello ${FIRST_NAME} ${LAST_NAME}`)
+            await printStuff()
 ```
 
+### Use scripts with jsDoc support
+
+If you want type support for your scripts, you could use the command below to install the
+`@actions/github-script` type declaration.
+```sh
+$ npm i -D @actions/github-script@github:actions/github-script
+```
+
+And then add the `jsDoc` declaration to your script like this:
+```js
+// @ts-check
+/** @param {import('@actions/github-script').AsyncFunctionArguments} AsyncFunctionArguments */
+export default async ({ core, context }) => {
+  core.debug("Running something at the moment");
+  return context.actor;
+};
+```
+
+
 ### Using a separate GitHub token
 
 The `GITHUB_TOKEN` used by default is scoped to the current repository, see [Authentication in a workflow](https://docs.github.com/actions/reference/authentication-in-a-workflow).
@@ -377,7 +515,7 @@ jobs:
   apply-label:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v5
+      - uses: actions/github-script@v8
         with:
           github-token: ${{ secrets.MY_PAT }}
           script: |
@@ -388,3 +526,45 @@ jobs:
               labels: ['Triage']
             })
 ```
+
+### Using exec package
+
+The provided [@actions/exec](https://github.com/actions/toolkit/tree/main/packages/exec) package allows to execute command or tools in a cross platform way:
+
+```yaml
+on: push
+
+jobs:
+  use-exec:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/github-script@v8
+        with:
+          script: |
+            const exitCode = await exec.exec('echo', ['hello'])
+
+            console.log(exitCode)
+```
+
+`exec` packages provides `getExecOutput` function to retrieve stdout and stderr from executed command:
+
+```yaml
+on: push
+
+jobs:
+  use-get-exec-output:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/github-script@v8
+        with:
+          script: |
+            const {
+              exitCode,
+              stdout,
+              stderr
+            } = await exec.getExecOutput('echo', ['hello']);
+
+            console.log(exitCode, stdout, stderr)
+```      

__test__/get-retry-options.test.ts

@@ -0,0 +1,69 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+import {getRetryOptions} from '../src/retry-options'
+
+describe('getRequestOptions', () => {
+  test('retries disabled if retries == 0', async () => {
+    const [retryOptions, requestOptions] = getRetryOptions(
+      0,
+      [400, 500, 502],
+      []
+    )
+
+    expect(retryOptions.enabled).toBe(false)
+    expect(retryOptions.doNotRetry).toBeFalsy()
+
+    expect(requestOptions?.retries).toBeFalsy()
+  })
+
+  test('properties set if retries > 0', async () => {
+    const [retryOptions, requestOptions] = getRetryOptions(
+      1,
+      [400, 500, 502],
+      []
+    )
+
+    expect(retryOptions.enabled).toBe(true)
+    expect(retryOptions.doNotRetry).toEqual([400, 500, 502])
+
+    expect(requestOptions?.retries).toEqual(1)
+  })
+
+  test('properties set if retries > 0', async () => {
+    const [retryOptions, requestOptions] = getRetryOptions(
+      1,
+      [400, 500, 502],
+      []
+    )
+
+    expect(retryOptions.enabled).toBe(true)
+    expect(retryOptions.doNotRetry).toEqual([400, 500, 502])
+
+    expect(requestOptions?.retries).toEqual(1)
+  })
+
+  test('retryOptions.doNotRetry not set if exemptStatusCodes isEmpty', async () => {
+    const [retryOptions, requestOptions] = getRetryOptions(1, [], [])
+
+    expect(retryOptions.enabled).toBe(true)
+    expect(retryOptions.doNotRetry).toBeUndefined()
+
+    expect(requestOptions?.retries).toEqual(1)
+  })
+
+  test('requestOptions does not override defaults from @actions/github', async () => {
+    const [retryOptions, requestOptions] = getRetryOptions(1, [], {
+      request: {
+        agent: 'default-user-agent'
+      },
+      foo: 'bar'
+    })
+
+    expect(retryOptions.enabled).toBe(true)
+    expect(retryOptions.doNotRetry).toBeUndefined()
+
+    expect(requestOptions?.retries).toEqual(1)
+    expect(requestOptions?.agent).toEqual('default-user-agent')
+    expect(requestOptions?.foo).toBeUndefined() // this should not be in the `options.request` object, but at the same level as `request`
+  })
+})

action.yml

@@ -13,19 +13,28 @@ inputs:
     default: ${{ github.token }}
     required: false
   debug:
-    description: Whether to tell the GitHub client to log details of its requests
-    default: false
+    description: Whether to tell the GitHub client to log details of its requests. true or false. Default is to run in debug mode when the GitHub Actions step debug logging is turned on.
+    default: ${{ runner.debug == '1' }}
   user-agent:
     description: An optional user-agent string
     default: actions/github-script
   previews:
-    description: A comma-separated list of API previews to accept
+    description: A comma-separated list of GraphQL API previews to accept
   result-encoding:
     description: Either "string" or "json" (default "json")—how the result will be encoded
     default: json
+  retries:
+    description: The number of times to retry a request
+    default: "0"
+  retry-exempt-status-codes:
+    description: A comma separated list of status codes that will NOT be retried e.g. "400,500". No effect unless `retries` is set
+    default: 400,401,403,404,422 # from https://github.com/octokit/plugin-retry.js/blob/9a2443746c350b3beedec35cf26e197ea318a261/src/index.ts#L14
+  base-url:
+    description: An optional GitHub REST API URL to connect to a different GitHub instance. For example, https://my.github-enterprise-server.com/api/v3
+    required: false
 outputs:
   result:
     description: The return value of the script, stringified with `JSON.stringify`
 runs:
-  using: node12
+  using: node24
   main: dist/index.js

package.json

@@ -1,13 +1,17 @@
 {
-  "name": "github-script",
+  "name": "@actions/github-script",
   "description": "A GitHub action for executing a simple script",
-  "version": "5.1.0",
+  "engines": {
+    "node": ">=24"
+  },
+  "version": "7.0.1",
   "author": "GitHub",
   "license": "MIT",
   "main": "dist/index.js",
-  "private": true,
+  "types": "types/async-function.d.ts",
   "scripts": {
-    "build": "ncc build src/main.ts",
+    "build": "npm run build:types && ncc build src/main.ts",
+    "build:types": "tsc src/async-function.ts -t es5 --declaration --allowJs --emitDeclarationOnly --outDir types",
     "format:check": "prettier --check src __test__",
     "format:write": "prettier --write src __test__",
     "lint": "eslint src __test__",
@@ -15,43 +19,48 @@
     "style:write": "run-p --continue-on-error --aggregate-output format:write lint",
     "pre-commit": "run-s style:write test build",
     "test": "jest",
-    "prepare": "husky install"
+    "prepare": "husky"
   },
   "jest": {
     "preset": "ts-jest",
     "testEnvironment": "node",
-    "globals": {
-      "ts-jest": {
+    "transform": {
+      "^.+\\.ts$": [
+        "ts-jest",
+        {
           "diagnostics": {
             "ignoreCodes": [
               "151001"
             ]
           }
         }
+      ]
     }
   },
   "dependencies": {
-    "@actions/core": "^1.5.0",
-    "@actions/exec": "^1.1.0",
-    "@actions/github": "^5.0.0",
-    "@actions/glob": "^0.2.0",
-    "@actions/io": "^1.1.1",
-    "@octokit/core": "^3.5.1",
-    "@octokit/plugin-paginate-rest": "^2.17.0",
-    "@octokit/plugin-rest-endpoint-methods": "^5.13.0"
+    "@actions/core": "^1.10.1",
+    "@actions/exec": "^1.1.1",
+    "@actions/github": "^6.0.0",
+    "@actions/glob": "^0.4.0",
+    "@actions/io": "^1.1.3",
+    "@octokit/core": "^5.0.1",
+    "@octokit/plugin-request-log": "^4.0.0",
+    "@octokit/plugin-retry": "^6.0.1",
+    "@types/node": "^24.1.0"
   },
   "devDependencies": {
-    "@types/jest": "^27.0.2",
-    "@typescript-eslint/eslint-plugin": "^3.10.1",
-    "@typescript-eslint/parser": "^3.10.1",
-    "@vercel/ncc": "^0.23.0",
-    "eslint": "^7.32.0",
-    "eslint-config-prettier": "^6.15.0",
-    "husky": "^7.0.0",
-    "jest": "^27.2.5",
+    "@types/jest": "^29.5.5",
+    "@typescript-eslint/eslint-plugin": "^6.7.5",
+    "@typescript-eslint/parser": "^6.7.5",
+    "@vercel/ncc": "^0.38.0",
+    "eslint": "^8.51.0",
+    "eslint-config-prettier": "^9.0.0",
+    "eslint-plugin-prettier": "^5.0.1",
+    "husky": "^9.1.1",
+    "jest": "^29.7.0",
     "npm-run-all": "^4.1.5",
-    "prettier": "^2.0.5",
-    "ts-jest": "^27.0.5",
-    "typescript": "^4.3.5"
+    "prettier": "^3.0.3",
+    "ts-jest": "^29.1.1",
+    "typescript": "^5.2.2"
   }
 }

src/async-function.ts

@@ -7,10 +7,11 @@ import * as io from '@actions/io'
 
 const AsyncFunction = Object.getPrototypeOf(async () => null).constructor
 
-type AsyncFunctionArguments = {
+export declare type AsyncFunctionArguments = {
   context: Context
   core: typeof core
   github: InstanceType<typeof GitHub>
+  octokit: InstanceType<typeof GitHub>
   exec: typeof exec
   glob: typeof glob
   io: typeof io

src/main.ts

@@ -1,9 +1,14 @@
 import * as core from '@actions/core'
 import * as exec from '@actions/exec'
 import {context, getOctokit} from '@actions/github'
+import {defaults as defaultGitHubOptions} from '@actions/github/lib/utils'
 import * as glob from '@actions/glob'
 import * as io from '@actions/io'
+import {requestLog} from '@octokit/plugin-request-log'
+import {retry} from '@octokit/plugin-retry'
+import {RequestRequestOptions} from '@octokit/types'
 import {callAsyncFunction} from './async-function'
+import {RetryOptions, getRetryOptions, parseNumberArray} from './retry-options'
 import {wrapRequire} from './wrap-require'
 
 process.on('unhandledRejection', handleError)
@@ -12,21 +17,43 @@ main().catch(handleError)
 type Options = {
   log?: Console
   userAgent?: string
+  baseUrl?: string
   previews?: string[]
+  retry?: RetryOptions
+  request?: RequestRequestOptions
 }
 
 async function main(): Promise<void> {
   const token = core.getInput('github-token', {required: true})
-  const debug = core.getInput('debug')
+  const debug = core.getBooleanInput('debug')
   const userAgent = core.getInput('user-agent')
   const previews = core.getInput('previews')
+  const baseUrl = core.getInput('base-url')
+  const retries = parseInt(core.getInput('retries'))
+  const exemptStatusCodes = parseNumberArray(
+    core.getInput('retry-exempt-status-codes')
+  )
+  const [retryOpts, requestOpts] = getRetryOptions(
+    retries,
+    exemptStatusCodes,
+    defaultGitHubOptions
+  )
 
-  const opts: Options = {}
-  if (debug === 'true') opts.log = console
-  if (userAgent != null) opts.userAgent = userAgent
-  if (previews != null) opts.previews = previews.split(',')
+  const opts: Options = {
+    log: debug ? console : undefined,
+    userAgent: userAgent || undefined,
+    previews: previews ? previews.split(',') : undefined,
+    retry: retryOpts,
+    request: requestOpts
+  }
 
-  const github = getOctokit(token, opts)
+  // Setting `baseUrl` to undefined will prevent the default value from being used
+  // https://github.com/actions/github-script/issues/436
+  if (baseUrl) {
+    opts.baseUrl = baseUrl
+  }
+
+  const github = getOctokit(token, opts, retry, requestLog)
   const script = core.getInput('script', {required: true})
 
   // Using property/value shorthand on `require` (e.g. `{require}`) causes compilation errors.
@@ -35,6 +62,7 @@ async function main(): Promise<void> {
       require: wrapRequire,
       __original_require__: __non_webpack_require__,
       github,
+      octokit: github,
       context,
       core,
       exec,

src/retry-options.ts

@@ -0,0 +1,53 @@
+import * as core from '@actions/core'
+import {OctokitOptions} from '@octokit/core/dist-types/types'
+import {RequestRequestOptions} from '@octokit/types'
+
+export type RetryOptions = {
+  doNotRetry?: number[]
+  enabled?: boolean
+}
+
+export function getRetryOptions(
+  retries: number,
+  exemptStatusCodes: number[],
+  defaultOptions: OctokitOptions
+): [RetryOptions, RequestRequestOptions | undefined] {
+  if (retries <= 0) {
+    return [{enabled: false}, defaultOptions.request]
+  }
+
+  const retryOptions: RetryOptions = {
+    enabled: true
+  }
+
+  if (exemptStatusCodes.length > 0) {
+    retryOptions.doNotRetry = exemptStatusCodes
+  }
+
+  // The GitHub type has some defaults for `options.request`
+  // see: https://github.com/actions/toolkit/blob/4fbc5c941a57249b19562015edbd72add14be93d/packages/github/src/utils.ts#L15
+  // We pass these in here so they are not overidden.
+  const requestOptions: RequestRequestOptions = {
+    ...defaultOptions.request,
+    retries
+  }
+
+  core.debug(
+    `GitHub client configured with: (retries: ${
+      requestOptions.retries
+    }, retry-exempt-status-code: ${
+      retryOptions.doNotRetry ?? 'octokit default: [400, 401, 403, 404, 422]'
+    })`
+  )
+
+  return [retryOptions, requestOptions]
+}
+
+export function parseNumberArray(listString: string): number[] {
+  if (!listString) {
+    return []
+  }
+
+  const split = listString.trim().split(',')
+  return split.map(x => parseInt(x))
+}

tsconfig.eslint.json

@@ -0,0 +1,4 @@
+{
+  "extends": "./tsconfig.json",
+  "exclude": []
+}

types/async-function.d.ts

@@ -0,0 +1,19 @@
+/// <reference types="node" />
+import * as core from '@actions/core';
+import * as exec from '@actions/exec';
+import { Context } from '@actions/github/lib/context';
+import { GitHub } from '@actions/github/lib/utils';
+import * as glob from '@actions/glob';
+import * as io from '@actions/io';
+export declare type AsyncFunctionArguments = {
+    context: Context;
+    core: typeof core;
+    github: InstanceType<typeof GitHub>;
+    octokit: InstanceType<typeof GitHub>;
+    exec: typeof exec;
+    glob: typeof glob;
+    io: typeof io;
+    require: NodeRequire;
+    __original_require__: NodeRequire;
+};
+export declare function callAsyncFunction<T>(args: AsyncFunctionArguments, source: string): Promise<T>;