Update README.md

.github/CODEOWNERS

@@ -1 +1 @@
-* @Azure/cloud-native-github-action-owners
+* @Azure/aks-atlanta

.github/dependabot.yml

@@ -1,18 +0,0 @@
-version: 2
-updates:
-   - package-ecosystem: npm
-     directory: /
-     schedule:
-        interval: weekly
-     groups:
-        actions:
-           patterns:
-              - '*'
-   - package-ecosystem: github-actions
-     directory: .github/workflows
-     schedule:
-        interval: weekly
-     groups:
-        actions:
-           patterns:
-              - '*'

.github/workflows/defaultLabels.yml

@@ -13,7 +13,7 @@ jobs:
 
       # Steps represent a sequence of tasks that will be executed as part of the job
       steps:
-         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 #v9.1.0
+         - uses: actions/stale@v9
            name: Setting issue as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -24,7 +24,7 @@ jobs:
               operations-per-run: 100
               exempt-issue-labels: 'backlog'
 
-         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 #v9.1.0
+         - uses: actions/stale@v9
            name: Setting PR as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/integration-tests.yml

@@ -7,23 +7,15 @@ on:
 jobs:
    trigger-integration-tests:
       name: Trigger Integration tests
-      strategy:
-         matrix:
-            os:
-               - ubuntu-latest
-               - ubuntu-24.04-arm
-               - macos-latest # arm
-               - macos-13 # x64
-         fail-fast: false
-      runs-on: ${{ matrix.os }}
+      runs-on: ubuntu-latest
       env:
-         HELM_3_18_4: 'v3.18.4'
-         HELM_3_18_0: 'v3.18.0'
-         HELM_NO_V: '3.18.4'
+         HELM_3_8_0: 'v3.8.0'
+         HELM_3_7_2: 'v3.7.2'
+         HELM_NO_V: '3.5.0'
          PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
       steps:
          - name: Check out repository
-           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+           uses: actions/checkout@v4
          - name: npm install and build
            id: action-npm-build
            run: |
@@ -35,41 +27,41 @@ jobs:
          - name: Setup helm
            uses: ./
            with:
-              version: ${{ env.HELM_3_18_4 }}
-         - name: Validate helm 3.18.4
+              version: ${{ env.HELM_3_8_0 }}
+         - name: Validate helm 3.8.0
            run: |
-              if [[ $(helm version) != *$HELM_3_18_4* ]]; then
-                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN v3.18.4"
+              if [[ $(helm version) != *$HELM_3_8_0* ]]; then
+                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN v3.8.0"
                 echo "HELM VERSION OUTPUT: $(helm version)"
                 exit 1
               else
-                echo "HELM VERSION $HELM_3_18_4 INSTALLED SUCCESSFULLY"
+                echo "HELM VERSION $HELM_3_8_0 INSTALLED SUCCESSFULLY"
               fi
-         - name: Setup helm 3.18.0
+         - name: Setup helm 3.7.2
            uses: ./
            with:
-              version: ${{ env.HELM_3_18_0 }}
-         - name: Validate 3.18.0
+              version: ${{ env.HELM_3_7_2 }}
+         - name: Validate 3.7.2
            run: |
-              if [[ $(helm version) != *$HELM_3_18_0* ]]; then
-                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN v3.18.0"
+              if [[ $(helm version) != *$HELM_3_7_2* ]]; then
+                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN v3.7.2"
                 echo "HELM VERSION OUTPUT: $(helm version)"
                 exit 1
               else
-                echo "HELM VERSION $HELM_3_18_0 INSTALLED SUCCESSFULLY"
+                echo "HELM VERSION $HELM_3_7_2 INSTALLED SUCCESSFULLY"
               fi
-         - name: Setup helm 3.18.4 with no v in version
+         - name: Setup helm 3.5.0 with no v in version
            uses: ./
            with:
               version: ${{ env.HELM_NO_V }}
-         - name: Validate 3.18.4 without v in version
+         - name: Validate 3.5.0 without v in version
            run: |
               if [[ $(helm version) != *$HELM_NO_V* ]]; then
-                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN 3.18.4"
+                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN v3.5.0"
                 echo "HELM VERSION OUTPUT: $(helm version)"
                 exit 1
               else
-                echo "HELM VERSION $HELM_NO_V INSTALLED SUCCESSFULLY"
+                echo "HELM VERSION $HELM_3_5_0 INSTALLED SUCCESSFULLY"
               fi
          - name: Setup helm latest version
            uses: ./
@@ -84,8 +76,7 @@ jobs:
                 --repo helm/helm \
                 --exclude-drafts \
                 --exclude-pre-releases \
-                --json name,isLatest \
-                --jq '.[] | select(.isLatest)|.name' | awk '{print $2}')
+                --limit 1 | awk '{print $4}')
 
               if [[ $(helm version) != *$HELM_LATEST* ]]; then
                 echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN $HELM_LATEST"

.github/workflows/prettify-code.yml

@@ -10,7 +10,9 @@ jobs:
       runs-on: ubuntu-latest
       steps:
          - name: Checkout Repository
-           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+           uses: actions/checkout@v4
 
          - name: Enforce Prettier
-           run: npx prettier --check .
+           uses: actionsx/prettier@v3
+           with:
+              args: --check .

.github/workflows/release-pr.yml

@@ -13,6 +13,6 @@ jobs:
       permissions:
          actions: read
          contents: write
-      uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@3c677ba5ab58f5c5c1a6f0cfb176b333b1f27405 # v1.0.3
+      uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@v1
       with:
          changelogPath: ./CHANGELOG.md

.github/workflows/tag-and-draft.yml

@@ -7,4 +7,4 @@ on:
 
 jobs:
    tag-and-release:
-      uses: OliverMKing/javascript-release-workflow/.github/workflows/tag-and-release.yml@c753e1545b144562237cd1177a95bab21a785cff # main
+      uses: OliverMKing/javascript-release-workflow/.github/workflows/tag-and-release.yml@main

.github/workflows/unit-tests.yml

@@ -11,19 +11,9 @@ on: # rebuild any PRs and main branch changes
 
 jobs:
    build: # make sure build/ci works properly
-      strategy:
-         matrix:
-            os:
-               - ubuntu-latest
-               - ubuntu-24.04-arm
-               - windows-latest
-               - windows-11-arm
-               - macos-latest # arm
-               - macos-13 # x64
-         fail-fast: false
-      runs-on: ${{ matrix.os }}
+      runs-on: ubuntu-latest
       steps:
-         - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+         - uses: actions/checkout@v4
 
          - name: Run L0 tests.
            run: |

.gitignore

@@ -11,6 +11,8 @@ pids
 *.seed
 *.pid.lock
 
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
 
 # Coverage directory used by tools like istanbul
 coverage
@@ -62,3 +64,4 @@ node_modules
 coverage
 
 # Transpiled JS
+lib/

.husky/pre-commit

@@ -1,7 +0,0 @@
-npm test
-npm run format-check || {
-  echo ""
-  echo "❌ Formatting check failed."
-  echo "💡 Run 'npm run format' or 'prettier --write .' to fix formatting issues."
-  exit 1
-}

CHANGELOG.md

@@ -1,34 +1,13 @@
 # Change Log
 
-## [4.3.1] - 2025-08-12
-
-### Changed
-
-- #167 [Pinning Action Dependencies for Security and Reliability](https://github.com/Azure/setup-helm/pull/167)
-- #181 [Fix types, and update node version.](https://github.com/Azure/setup-helm/pull/181)
-- #191 [chore(tests): Mock arch to make tests pass on arm host](https://github.com/Azure/setup-helm/pull/191)
-- #192 [chore: remove unnecessary prebuild script](https://github.com/Azure/setup-helm/pull/192)
-- #203 [Update helm version retrieval to use JSON output for latest version](https://github.com/Azure/setup-helm/pull/203)
-- #207 [ci(workflows): update helm version to v3.18.4 and add matrix for tests](https://github.com/Azure/setup-helm/pull/207)
-
-### Added
-
-- #197 [Add pre-commit hook](https://github.com/Azure/setup-helm/pull/197)
-
-## [4.3.0] - 2025-02-15
-
-- #152 feat: log when restoring from cache
-- #157 Dependencies Update
-- #137 Add dependabot
-
 ## [4.2.0] - 2024-04-15
 
-- #124 Fix OS detection and download OS-native archive extension
+-  #124 Fix OS detection and download OS-native archive extension
 
 ## [4.1.0] - 2024-03-01
 
-- #130 switches to use Helm published file to read latest version instead of using GitHub releases
+-  #130 switches to use Helm published file to read latest version instead of using GitHub releases
 
 ## [4.0.0] - 2024-02-12
 
-- #121 update to node20 as node16 is deprecated
+-  #121 update to node20 as node16 is deprecated

CODE_OF_CONDUCT.md

@@ -4,6 +4,6 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope
 
 Resources:
 
-- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
-- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
-- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
+-  [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+-  [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+-  Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns

README.md

@@ -7,14 +7,14 @@ Install a specific version of helm binary on the runner.
 Acceptable values are latest or any semantic version string like v3.5.0 Use this action in workflow to define which version of helm will be used. v2+ of this action only support Helm3.
 
 ```yaml
-- uses: azure/setup-helm@v4.3.0
+- uses: azure/setup-helm@v4.2.0
   with:
      version: '<version>' # default is latest (stable)
   id: install
 ```
 
 > [!NOTE]
-> If something goes wrong with fetching the latest version the action will use the hardcoded default version (currently v3.18.3). If you rely on a certain version higher than the default, you should explicitly use that version instead of latest.
+> If something goes wrong with fetching the latest version the action will use the hardcoded default stable version (currently v3.13.3). If you rely on a certain version higher than the default, you should explicitly use that version instead of latest.
 
 The cached helm binary path is prepended to the PATH environment variable as well as stored in the helm-path output variable.
 Refer to the action metadata file for details about all the inputs https://github.com/Azure/setup-helm/blob/master/action.yml

SECURITY.md

@@ -18,13 +18,13 @@ You should receive a response within 24 hours. If for some reason you do not, pl
 
 Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
 
-- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
-- Full paths of source file(s) related to the manifestation of the issue
-- The location of the affected source code (tag/branch/commit or direct URL)
-- Any special configuration required to reproduce the issue
-- Step-by-step instructions to reproduce the issue
-- Proof-of-concept or exploit code (if possible)
-- Impact of the issue, including how an attacker might exploit the issue
+-  Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+-  Full paths of source file(s) related to the manifestation of the issue
+-  The location of the affected source code (tag/branch/commit or direct URL)
+-  Any special configuration required to reproduce the issue
+-  Step-by-step instructions to reproduce the issue
+-  Proof-of-concept or exploit code (if possible)
+-  Impact of the issue, including how an attacker might exploit the issue
 
 This information will help us triage your report more quickly.
 

package.json

@@ -1,35 +1,34 @@
 {
    "name": "setuphelm",
-   "version": "4.3.1",
+   "version": "4.2.0",
    "private": true,
    "description": "Setup helm",
    "author": "Anumita Shenoy",
    "license": "MIT",
    "dependencies": {
-      "@actions/core": "^1.11.1",
+      "@actions/core": "^1.10.0",
       "@actions/exec": "^1.1.1",
       "@actions/io": "^1.1.2",
-      "@actions/tool-cache": "2.0.2",
-      "@octokit/action": "^8.0.2",
-      "semver": "^7.7.2"
+      "@actions/tool-cache": "2.0.1",
+      "@octokit/action": "^6.0.7",
+      "semver": "^7.5.4"
    },
    "main": "lib/index.js",
    "scripts": {
-      "build": "ncc build src/index.ts -o lib",
+      "prebuild": "npm i ncc",
+      "build": "ncc build src/run.ts -o lib",
       "test": "jest",
       "test-coverage": "jest --coverage",
       "format": "prettier --write .",
-      "format-check": "prettier --check .",
-      "prepare": "husky"
+      "format-check": "prettier --check ."
    },
    "devDependencies": {
-      "@types/jest": "^30.0.0",
-      "@types/node": "^24.2.1",
-      "@vercel/ncc": "^0.38.3",
-      "husky": "^9.1.7",
-      "jest": "^30.0.5",
-      "prettier": "^3.6.2",
-      "ts-jest": "^29.4.1",
-      "typescript": "^5.9.2"
+      "@types/jest": "^29.5.11",
+      "@types/node": "^20.11.8",
+      "@vercel/ncc": "^0.38.1",
+      "jest": "^29.7.0",
+      "prettier": "^3.2.5",
+      "ts-jest": "^29.1.2",
+      "typescript": "^5.3.3"
    }
 }

src/index.ts

@@ -1,4 +0,0 @@
-import {run} from './run'
-import * as core from '@actions/core'
-
-run().catch(core.setFailed)

src/run.test.ts

@@ -67,7 +67,7 @@ describe('run.ts', () => {
       expect(os.arch).toHaveBeenCalled()
    })
 
-   test('getHelmDownloadURL() - return the URL to download helm for Windows x64', () => {
+   test('getHelmDownloadURL() - return the URL to download helm for Windows', () => {
       jest.spyOn(os, 'platform').mockReturnValue('win32')
       jest.spyOn(os, 'arch').mockReturnValue('x64')
 
@@ -76,15 +76,6 @@ describe('run.ts', () => {
       expect(os.platform).toHaveBeenCalled()
    })
 
-   test('getHelmDownloadURL() - return the URL to download helm for Windows arm64', () => {
-      jest.spyOn(os, 'platform').mockReturnValue('win32')
-      jest.spyOn(os, 'arch').mockReturnValue('arm64')
-
-      const expected = 'https://test.tld/helm-v3.8.0-windows-arm64.zip'
-      expect(run.getHelmDownloadURL(downloadBaseURL, 'v3.8.0')).toBe(expected)
-      expect(os.platform).toHaveBeenCalled()
-   })
-
    test('getLatestHelmVersion() - return the latest version of HELM', async () => {
       const res = {
          status: 200,
@@ -97,7 +88,7 @@ describe('run.ts', () => {
    test('getLatestHelmVersion() - return the stable version of HELM when simulating a network error', async () => {
       const errorMessage: string = 'Network Error'
       global.fetch = jest.fn().mockRejectedValueOnce(new Error(errorMessage))
-      expect(await run.getLatestHelmVersion()).toBe(run.stableHelmVersion)
+      expect(await run.getLatestHelmVersion()).toBe('v3.13.3')
    })
 
    test('getValidVersion() - return version with v prepended', () => {
@@ -108,20 +99,20 @@ describe('run.ts', () => {
       jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => {
          if (file == 'mainFolder')
             return [
-               'file1' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
-               'file2' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
-               'folder1' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
-               'folder2' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
+               'file1' as unknown as fs.Dirent,
+               'file2' as unknown as fs.Dirent,
+               'folder1' as unknown as fs.Dirent,
+               'folder2' as unknown as fs.Dirent
             ]
          if (file == path.join('mainFolder', 'folder1'))
             return [
-               'file11' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
-               'file12' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
+               'file11' as unknown as fs.Dirent,
+               'file12' as unknown as fs.Dirent
             ]
          if (file == path.join('mainFolder', 'folder2'))
             return [
-               'file21' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
-               'file22' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
+               'file21' as unknown as fs.Dirent,
+               'file22' as unknown as fs.Dirent
             ]
          return []
       })
@@ -143,20 +134,20 @@ describe('run.ts', () => {
       jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => {
          if (file == 'mainFolder')
             return [
-               'file1' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
-               'file2' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
-               'folder1' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
-               'folder2' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
+               'file1' as unknown as fs.Dirent,
+               'file2' as unknown as fs.Dirent,
+               'folder1' as unknown as fs.Dirent,
+               'folder2' as unknown as fs.Dirent
             ]
          if (file == path.join('mainFolder', 'folder1'))
             return [
-               'file11' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
-               'file12' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
+               'file11' as unknown as fs.Dirent,
+               'file12' as unknown as fs.Dirent
             ]
          if (file == path.join('mainFolder', 'folder2'))
             return [
-               'file21' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
-               'file22' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
+               'file21' as unknown as fs.Dirent,
+               'file22' as unknown as fs.Dirent
             ]
          return []
       })
@@ -175,8 +166,7 @@ describe('run.ts', () => {
    test('findHelm() - change access permissions and find the helm in given directory', () => {
       jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
       jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => {
-         if (file == 'mainFolder')
-            return ['helm.exe' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>]
+         if (file == 'mainFolder') return ['helm.exe' as unknown as fs.Dirent]
          return []
       })
       jest.spyOn(fs, 'statSync').mockImplementation((file) => {
@@ -213,15 +203,12 @@ describe('run.ts', () => {
       const response = JSON.stringify([{tag_name: 'v4.0.0'}])
       jest.spyOn(fs, 'readFileSync').mockReturnValue(response)
       jest.spyOn(os, 'platform').mockReturnValue('win32')
-      jest.spyOn(os, 'arch').mockReturnValue('x64')
       jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
       jest.spyOn(toolCache, 'extractZip').mockResolvedValue('extractedPath')
       jest.spyOn(toolCache, 'cacheDir').mockResolvedValue('pathToCachedDir')
       jest
          .spyOn(fs, 'readdirSync')
-         .mockImplementation((file, _) => [
-            'helm.exe' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
-         ])
+         .mockImplementation((file, _) => ['helm.exe' as unknown as fs.Dirent])
       jest.spyOn(fs, 'statSync').mockImplementation((file) => {
          const isDirectory =
             (file as string).indexOf('folder') == -1 ? false : true
@@ -249,7 +236,6 @@ describe('run.ts', () => {
          throw 'Unable to download'
       })
       jest.spyOn(os, 'platform').mockReturnValue('win32')
-      jest.spyOn(os, 'arch').mockReturnValue('x64')
 
       const downloadUrl = 'https://test.tld/helm-v3.2.1-windows-amd64.zip'
       await expect(run.downloadHelm(downloadBaseURL, 'v3.2.1')).rejects.toThrow(
@@ -265,13 +251,10 @@ describe('run.ts', () => {
       jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
       jest.spyOn(toolCache, 'extractZip').mockResolvedValue('extractedPath')
       jest.spyOn(os, 'platform').mockReturnValue('win32')
-      jest.spyOn(os, 'arch').mockReturnValue('x64')
       jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
       jest
          .spyOn(fs, 'readdirSync')
-         .mockReturnValue([
-            'helm.exe' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
-         ])
+         .mockReturnValue(['helm.exe' as unknown as fs.Dirent])
       jest.spyOn(fs, 'statSync').mockImplementation((file) => {
          const isDirectory =
             (file as string).indexOf('folder') == -1 ? false : true
@@ -295,7 +278,6 @@ describe('run.ts', () => {
       jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
       jest.spyOn(toolCache, 'extractZip').mockResolvedValue('extractedPath')
       jest.spyOn(os, 'platform').mockReturnValue('win32')
-      jest.spyOn(os, 'arch').mockReturnValue('x64')
       jest.spyOn(fs, 'chmodSync').mockImplementation()
       jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => [])
       jest.spyOn(fs, 'statSync').mockImplementation((file) => {

src/run.ts

@@ -1,4 +1,5 @@
 // Copyright (c) Microsoft Corporation.
+// Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 
 import * as os from 'os'
@@ -10,7 +11,7 @@ import * as toolCache from '@actions/tool-cache'
 import * as core from '@actions/core'
 
 const helmToolName = 'helm'
-export const stableHelmVersion = 'v3.18.4'
+const stableHelmVersion = 'v3.13.3'
 
 export async function run() {
    let version = core.getInput('version', {required: true})
@@ -25,7 +26,7 @@ export async function run() {
 
    const downloadBaseURL = core.getInput('downloadBaseURL', {required: false})
 
-   core.startGroup(`Installing ${version}`)
+   core.startGroup(`Downloading ${version}`)
    const cachedPath = await downloadHelm(downloadBaseURL, version)
    core.endGroup()
 
@@ -87,10 +88,7 @@ export async function downloadHelm(
    version: string
 ): Promise<string> {
    let cachedToolpath = toolCache.find(helmToolName, version)
-   if (cachedToolpath) {
-      core.info(`Restoring '${version}' from cache`)
-   } else {
-      core.info(`Downloading '${version}' from '${baseURL}'`)
+   if (!cachedToolpath) {
       let helmDownloadPath
       try {
          helmDownloadPath = await toolCache.downloadTool(
@@ -157,3 +155,5 @@ export var walkSync = function (dir, filelist, fileToFind) {
    })
    return filelist
 }
+
+run().catch(core.setFailed)