Bump the actions group with 3 updates (#245 )

Bumps the actions group with 3 updates: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core), [@actions/exec](https://github.com/actions/toolkit/tree/HEAD/packages/exec) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Updates `@actions/core` from 1.11.1 to 2.0.1 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/@actions/artifact@2.0.1/packages/core) Updates `@actions/exec` from 1.1.1 to 2.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/exec/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/exec) Updates `@types/node` from 24.10.1 to 25.0.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@actions/core" dependency-version: 2.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: "@actions/exec" dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: "@types/node" dependency-version: 25.0.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bump the actions group in /.github/workflows with 2 updates (#244 )
2025-12-21 14:55:43 +00:00 · 2025-12-15 12:22:02 -05:00 · 2025-12-09 06:39:58 +13:00 · 2025-12-09 06:39:31 +13:00 · 2025-12-01 11:28:43 -08:00 · 2025-12-01 14:27:51 -05:00
18 changed files with 2481 additions and 1445 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1 @@
-* @Azure/aks-atlanta
+* @Azure/cloud-native-github-action-owners
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,18 @@
+version: 2
+updates:
+   - package-ecosystem: npm
+     directory: /
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'
+   - package-ecosystem: github-actions
+     directory: .github/workflows
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'
--- a/.github/workflows/defaultLabels.yml
+++ b/.github/workflows/defaultLabels.yml
@@ -13,7 +13,7 @@ jobs:

      # Steps represent a sequence of tasks that will be executed as part of the job
      steps:
-         - uses: actions/stale@v9
+         - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d #v10.1.1
           name: Setting issue as idle
           with:
              repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -24,7 +24,7 @@ jobs:
              operations-per-run: 100
              exempt-issue-labels: 'backlog'

-         - uses: actions/stale@v9
+         - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d #v10.1.1
           name: Setting PR as idle
           with:
              repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -7,15 +7,22 @@ on:
 jobs:
   trigger-integration-tests:
      name: Trigger Integration tests
-      runs-on: ubuntu-latest
+      strategy:
+         matrix:
+            os:
+               - ubuntu-latest
+               - ubuntu-24.04-arm
+               - macos-latest # arm
+         fail-fast: false
+      runs-on: ${{ matrix.os }}
      env:
-         HELM_3_8_0: 'v3.8.0'
-         HELM_3_7_2: 'v3.7.2'
-         HELM_NO_V: '3.5.0'
+         HELM_3_18_4: 'v3.18.4'
+         HELM_3_18_0: 'v3.18.0'
+         HELM_NO_V: '3.18.4'
         PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
      steps:
         - name: Check out repository
-           uses: actions/checkout@v4
+           uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         - name: npm install and build
           id: action-npm-build
           run: |
@@ -27,41 +34,41 @@ jobs:
         - name: Setup helm
           uses: ./
           with:
-              version: ${{ env.HELM_3_8_0 }}
-         - name: Validate helm 3.8.0
+              version: ${{ env.HELM_3_18_4 }}
+         - name: Validate helm 3.18.4
           run: |
-              if [[ $(helm version) != *$HELM_3_8_0* ]]; then
-                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN v3.8.0"
+              if [[ $(helm version) != *$HELM_3_18_4* ]]; then
+                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN v3.18.4"
                echo "HELM VERSION OUTPUT: $(helm version)"
                exit 1
              else
-                echo "HELM VERSION $HELM_3_8_0 INSTALLED SUCCESSFULLY"
+                echo "HELM VERSION $HELM_3_18_4 INSTALLED SUCCESSFULLY"
              fi
-         - name: Setup helm 3.7.2
+         - name: Setup helm 3.18.0
           uses: ./
           with:
-              version: ${{ env.HELM_3_7_2 }}
-         - name: Validate 3.7.2
+              version: ${{ env.HELM_3_18_0 }}
+         - name: Validate 3.18.0
           run: |
-              if [[ $(helm version) != *$HELM_3_7_2* ]]; then
-                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN v3.7.2"
+              if [[ $(helm version) != *$HELM_3_18_0* ]]; then
+                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN v3.18.0"
                echo "HELM VERSION OUTPUT: $(helm version)"
                exit 1
              else
-                echo "HELM VERSION $HELM_3_7_2 INSTALLED SUCCESSFULLY"
+                echo "HELM VERSION $HELM_3_18_0 INSTALLED SUCCESSFULLY"
              fi
-         - name: Setup helm 3.5.0 with no v in version
+         - name: Setup helm 3.18.4 with no v in version
           uses: ./
           with:
              version: ${{ env.HELM_NO_V }}
-         - name: Validate 3.5.0 without v in version
+         - name: Validate 3.18.4 without v in version
           run: |
              if [[ $(helm version) != *$HELM_NO_V* ]]; then
-                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN v3.5.0"
+                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN 3.18.4"
                echo "HELM VERSION OUTPUT: $(helm version)"
                exit 1
              else
-                echo "HELM VERSION $HELM_3_5_0 INSTALLED SUCCESSFULLY"
+                echo "HELM VERSION $HELM_NO_V INSTALLED SUCCESSFULLY"
              fi
         - name: Setup helm latest version
           uses: ./
@@ -72,11 +79,7 @@ jobs:
           env:
              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           run: |
-              HELM_LATEST=$(gh release list \
-                --repo helm/helm \
-                --exclude-drafts \
-                --exclude-pre-releases \
-                --limit 1 | awk '{print $4}')
+              HELM_LATEST=$(curl -s https://get.helm.sh/helm-latest-version)

              if [[ $(helm version) != *$HELM_LATEST* ]]; then
                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN $HELM_LATEST"
--- a/.github/workflows/prettify-code.yml
+++ b/.github/workflows/prettify-code.yml
@@ -10,9 +10,7 @@ jobs:
      runs-on: ubuntu-latest
      steps:
         - name: Checkout Repository
-           uses: actions/checkout@v4
+           uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

         - name: Enforce Prettier
-           uses: actionsx/prettier@v3
-           with:
-              args: --check .
+           run: npx prettier --check .
--- a/.github/workflows/release-pr.yml
+++ b/.github/workflows/release-pr.yml
@@ -13,6 +13,6 @@ jobs:
      permissions:
         actions: read
         contents: write
-      uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@v1
+      uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@3c677ba5ab58f5c5c1a6f0cfb176b333b1f27405 # v1.0.3
      with:
         changelogPath: ./CHANGELOG.md
--- a/.github/workflows/tag-and-draft.yml
+++ b/.github/workflows/tag-and-draft.yml
@@ -7,4 +7,4 @@ on:

 jobs:
   tag-and-release:
-      uses: OliverMKing/javascript-release-workflow/.github/workflows/tag-and-release.yml@main
+      uses: OliverMKing/javascript-release-workflow/.github/workflows/tag-and-release.yml@c753e1545b144562237cd1177a95bab21a785cff # main
--- a/.github/workflows/unit-tests.yml
+++ b/.github/workflows/unit-tests.yml
@@ -11,9 +11,18 @@ on: # rebuild any PRs and main branch changes

 jobs:
   build: # make sure build/ci works properly
-      runs-on: ubuntu-latest
+      strategy:
+         matrix:
+            os:
+               - ubuntu-latest
+               - ubuntu-24.04-arm
+               - windows-latest
+               - windows-11-arm
+               - macos-latest # arm
+         fail-fast: false
+      runs-on: ${{ matrix.os }}
      steps:
-         - uses: actions/checkout@v4
+         - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

         - name: Run L0 tests.
           run: |
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -0,0 +1,7 @@
+npm test
+npm run format-check || {
+  echo ""
+  echo "❌ Formatting check failed."
+  echo "💡 Run 'npm run format' or 'prettier --write .' to fix formatting issues."
+  exit 1
+}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,26 @@
 # Change Log

+## [4.3.1] - 2025-08-12
+
+### Changed
+
+- #167 [Pinning Action Dependencies for Security and Reliability](https://github.com/Azure/setup-helm/pull/167)
+- #181 [Fix types, and update node version.](https://github.com/Azure/setup-helm/pull/181)
+- #191 [chore(tests): Mock arch to make tests pass on arm host](https://github.com/Azure/setup-helm/pull/191)
+- #192 [chore: remove unnecessary prebuild script](https://github.com/Azure/setup-helm/pull/192)
+- #203 [Update helm version retrieval to use JSON output for latest version](https://github.com/Azure/setup-helm/pull/203)
+- #207 [ci(workflows): update helm version to v3.18.4 and add matrix for tests](https://github.com/Azure/setup-helm/pull/207)
+
+### Added
+
+- #197 [Add pre-commit hook](https://github.com/Azure/setup-helm/pull/197)
+
+## [4.3.0] - 2025-02-15
+
+- #152 feat: log when restoring from cache
+- #157 Dependencies Update
+- #137 Add dependabot
+
 ## [4.2.0] - 2024-04-15

 - #124 Fix OS detection and download OS-native archive extension
--- a/README.md
+++ b/README.md
@@ -7,14 +7,14 @@ Install a specific version of helm binary on the runner.
 Acceptable values are latest or any semantic version string like v3.5.0 Use this action in workflow to define which version of helm will be used. v2+ of this action only support Helm3.

 ```yaml
- uses: azure/setup-helm@v4.2.0
+- uses: azure/setup-helm@v4.3.0
  with:
     version: '<version>' # default is latest (stable)
  id: install
 ```

 > [!NOTE]
-> If something goes wrong with fetching the latest version the action will use the hardcoded default stable version (currently v3.13.3). If you rely on a certain version higher than the default, you should explicitly use that version instead of latest.
+> If something goes wrong with fetching the latest version the action will use the hardcoded default version (currently v3.18.3). If you rely on a certain version higher than the default, you should explicitly use that version instead of latest.

 The cached helm binary path is prepended to the PATH environment variable as well as stored in the helm-path output variable.
 Refer to the action metadata file for details about all the inputs https://github.com/Azure/setup-helm/blob/master/action.yml
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,34 +1,35 @@
 {
   "name": "setuphelm",
-   "version": "4.2.0",
+   "version": "4.3.1",
   "private": true,
   "description": "Setup helm",
   "author": "Anumita Shenoy",
   "license": "MIT",
   "dependencies": {
-      "@actions/core": "^1.10.0",
-      "@actions/exec": "^1.1.1",
-      "@actions/io": "^1.1.2",
-      "@actions/tool-cache": "2.0.1",
-      "@octokit/action": "^6.0.7",
-      "semver": "^7.5.4"
+      "@actions/core": "^2.0.1",
+      "@actions/exec": "^2.0.0",
+      "@actions/io": "^2.0.0",
+      "@actions/tool-cache": "2.0.2",
+      "@octokit/action": "^8.0.4",
+      "semver": "^7.7.3"
   },
   "main": "lib/index.js",
   "scripts": {
-      "prebuild": "npm i ncc",
-      "build": "ncc build src/run.ts -o lib",
+      "build": "ncc build src/index.ts -o lib",
      "test": "jest",
      "test-coverage": "jest --coverage",
      "format": "prettier --write .",
-      "format-check": "prettier --check ."
+      "format-check": "prettier --check .",
+      "prepare": "husky"
   },
   "devDependencies": {
-      "@types/jest": "^29.5.11",
-      "@types/node": "^20.11.8",
-      "@vercel/ncc": "^0.38.1",
-      "jest": "^29.7.0",
-      "prettier": "^3.2.5",
-      "ts-jest": "^29.1.2",
-      "typescript": "^5.3.3"
+      "@types/jest": "^30.0.0",
+      "@types/node": "^25.0.2",
+      "@vercel/ncc": "^0.38.4",
+      "husky": "^9.1.7",
+      "jest": "^30.2.0",
+      "prettier": "^3.7.4",
+      "ts-jest": "^29.4.6",
+      "typescript": "^5.9.3"
   }
 }
--- a/src/index.ts
+++ b/src/index.ts
@@ -0,0 +1,4 @@
+import {run} from './run'
+import * as core from '@actions/core'
+
+run().catch(core.setFailed)
--- a/src/run.test.ts
+++ b/src/run.test.ts
@@ -67,7 +67,7 @@ describe('run.ts', () => {
      expect(os.arch).toHaveBeenCalled()
   })

-   test('getHelmDownloadURL() - return the URL to download helm for Windows', () => {
+   test('getHelmDownloadURL() - return the URL to download helm for Windows x64', () => {
      jest.spyOn(os, 'platform').mockReturnValue('win32')
      jest.spyOn(os, 'arch').mockReturnValue('x64')

@@ -76,6 +76,15 @@ describe('run.ts', () => {
      expect(os.platform).toHaveBeenCalled()
   })

+   test('getHelmDownloadURL() - return the URL to download helm for Windows arm64', () => {
+      jest.spyOn(os, 'platform').mockReturnValue('win32')
+      jest.spyOn(os, 'arch').mockReturnValue('arm64')
+
+      const expected = 'https://test.tld/helm-v3.8.0-windows-arm64.zip'
+      expect(run.getHelmDownloadURL(downloadBaseURL, 'v3.8.0')).toBe(expected)
+      expect(os.platform).toHaveBeenCalled()
+   })
+
   test('getLatestHelmVersion() - return the latest version of HELM', async () => {
      const res = {
         status: 200,
@@ -88,7 +97,7 @@ describe('run.ts', () => {
   test('getLatestHelmVersion() - return the stable version of HELM when simulating a network error', async () => {
      const errorMessage: string = 'Network Error'
      global.fetch = jest.fn().mockRejectedValueOnce(new Error(errorMessage))
-      expect(await run.getLatestHelmVersion()).toBe('v3.13.3')
+      expect(await run.getLatestHelmVersion()).toBe(run.stableHelmVersion)
   })

   test('getValidVersion() - return version with v prepended', () => {
@@ -99,20 +108,20 @@ describe('run.ts', () => {
      jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => {
         if (file == 'mainFolder')
            return [
-               'file1' as unknown as fs.Dirent,
-               'file2' as unknown as fs.Dirent,
-               'folder1' as unknown as fs.Dirent,
-               'folder2' as unknown as fs.Dirent
+               'file1' as unknown as fs.Dirent<NonSharedBuffer>,
+               'file2' as unknown as fs.Dirent<NonSharedBuffer>,
+               'folder1' as unknown as fs.Dirent<NonSharedBuffer>,
+               'folder2' as unknown as fs.Dirent<NonSharedBuffer>
            ]
         if (file == path.join('mainFolder', 'folder1'))
            return [
-               'file11' as unknown as fs.Dirent,
-               'file12' as unknown as fs.Dirent
+               'file11' as unknown as fs.Dirent<NonSharedBuffer>,
+               'file12' as unknown as fs.Dirent<NonSharedBuffer>
            ]
         if (file == path.join('mainFolder', 'folder2'))
            return [
-               'file21' as unknown as fs.Dirent,
-               'file22' as unknown as fs.Dirent
+               'file21' as unknown as fs.Dirent<NonSharedBuffer>,
+               'file22' as unknown as fs.Dirent<NonSharedBuffer>
            ]
         return []
      })
@@ -134,20 +143,20 @@ describe('run.ts', () => {
      jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => {
         if (file == 'mainFolder')
            return [
-               'file1' as unknown as fs.Dirent,
-               'file2' as unknown as fs.Dirent,
-               'folder1' as unknown as fs.Dirent,
-               'folder2' as unknown as fs.Dirent
+               'file1' as unknown as fs.Dirent<NonSharedBuffer>,
+               'file2' as unknown as fs.Dirent<NonSharedBuffer>,
+               'folder1' as unknown as fs.Dirent<NonSharedBuffer>,
+               'folder2' as unknown as fs.Dirent<NonSharedBuffer>
            ]
         if (file == path.join('mainFolder', 'folder1'))
            return [
-               'file11' as unknown as fs.Dirent,
-               'file12' as unknown as fs.Dirent
+               'file11' as unknown as fs.Dirent<NonSharedBuffer>,
+               'file12' as unknown as fs.Dirent<NonSharedBuffer>
            ]
         if (file == path.join('mainFolder', 'folder2'))
            return [
-               'file21' as unknown as fs.Dirent,
-               'file22' as unknown as fs.Dirent
+               'file21' as unknown as fs.Dirent<NonSharedBuffer>,
+               'file22' as unknown as fs.Dirent<NonSharedBuffer>
            ]
         return []
      })
@@ -166,7 +175,8 @@ describe('run.ts', () => {
   test('findHelm() - change access permissions and find the helm in given directory', () => {
      jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
      jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => {
-         if (file == 'mainFolder') return ['helm.exe' as unknown as fs.Dirent]
+         if (file == 'mainFolder')
+            return ['helm.exe' as unknown as fs.Dirent<NonSharedBuffer>]
         return []
      })
      jest.spyOn(fs, 'statSync').mockImplementation((file) => {
@@ -203,12 +213,15 @@ describe('run.ts', () => {
      const response = JSON.stringify([{tag_name: 'v4.0.0'}])
      jest.spyOn(fs, 'readFileSync').mockReturnValue(response)
      jest.spyOn(os, 'platform').mockReturnValue('win32')
+      jest.spyOn(os, 'arch').mockReturnValue('x64')
      jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
      jest.spyOn(toolCache, 'extractZip').mockResolvedValue('extractedPath')
      jest.spyOn(toolCache, 'cacheDir').mockResolvedValue('pathToCachedDir')
      jest
         .spyOn(fs, 'readdirSync')
-         .mockImplementation((file, _) => ['helm.exe' as unknown as fs.Dirent])
+         .mockImplementation((file, _) => [
+            'helm.exe' as unknown as fs.Dirent<NonSharedBuffer>
+         ])
      jest.spyOn(fs, 'statSync').mockImplementation((file) => {
         const isDirectory =
            (file as string).indexOf('folder') == -1 ? false : true
@@ -236,6 +249,7 @@ describe('run.ts', () => {
         throw 'Unable to download'
      })
      jest.spyOn(os, 'platform').mockReturnValue('win32')
+      jest.spyOn(os, 'arch').mockReturnValue('x64')

      const downloadUrl = 'https://test.tld/helm-v3.2.1-windows-amd64.zip'
      await expect(run.downloadHelm(downloadBaseURL, 'v3.2.1')).rejects.toThrow(
@@ -251,10 +265,11 @@ describe('run.ts', () => {
      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
      jest.spyOn(toolCache, 'extractZip').mockResolvedValue('extractedPath')
      jest.spyOn(os, 'platform').mockReturnValue('win32')
+      jest.spyOn(os, 'arch').mockReturnValue('x64')
      jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
      jest
         .spyOn(fs, 'readdirSync')
-         .mockReturnValue(['helm.exe' as unknown as fs.Dirent])
+         .mockReturnValue(['helm.exe' as unknown as fs.Dirent<NonSharedBuffer>])
      jest.spyOn(fs, 'statSync').mockImplementation((file) => {
         const isDirectory =
            (file as string).indexOf('folder') == -1 ? false : true
@@ -278,6 +293,7 @@ describe('run.ts', () => {
      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
      jest.spyOn(toolCache, 'extractZip').mockResolvedValue('extractedPath')
      jest.spyOn(os, 'platform').mockReturnValue('win32')
+      jest.spyOn(os, 'arch').mockReturnValue('x64')
      jest.spyOn(fs, 'chmodSync').mockImplementation()
      jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => [])
      jest.spyOn(fs, 'statSync').mockImplementation((file) => {
--- a/src/run.ts
+++ b/src/run.ts
@@ -1,5 +1,4 @@
 // Copyright (c) Microsoft Corporation.
-// Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.

 import * as os from 'os'
@@ -11,7 +10,7 @@ import * as toolCache from '@actions/tool-cache'
 import * as core from '@actions/core'

 const helmToolName = 'helm'
-const stableHelmVersion = 'v3.13.3'
+export const stableHelmVersion = 'v3.18.4'

 export async function run() {
   let version = core.getInput('version', {required: true})
@@ -26,7 +25,7 @@ export async function run() {

   const downloadBaseURL = core.getInput('downloadBaseURL', {required: false})

-   core.startGroup(`Downloading ${version}`)
+   core.startGroup(`Installing ${version}`)
   const cachedPath = await downloadHelm(downloadBaseURL, version)
   core.endGroup()

@@ -88,7 +87,10 @@ export async function downloadHelm(
   version: string
 ): Promise<string> {
   let cachedToolpath = toolCache.find(helmToolName, version)
-   if (!cachedToolpath) {
+   if (cachedToolpath) {
+      core.info(`Restoring '${version}' from cache`)
+   } else {
+      core.info(`Downloading '${version}' from '${baseURL}'`)
      let helmDownloadPath
      try {
         helmDownloadPath = await toolCache.downloadTool(
@@ -155,5 +157,3 @@ export var walkSync = function (dir, filelist, fileToFind) {
   })
   return filelist
 }
-
-run().catch(core.setFailed)