Bump @types/node from 22.15.29 to 22.15.30 in the actions group

Bumps the actions group with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `@types/node` from 22.15.29 to 22.15.30
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 22.15.30
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/codeql.yml

@@ -0,0 +1,91 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: 'CodeQL Advanced'
+
+on:
+   push:
+      branches: ['main']
+   pull_request:
+      branches: ['main']
+   schedule:
+      - cron: '15 9 * * 0'
+
+jobs:
+   analyze:
+      name: Analyze (${{ matrix.language }})
+      # Runner size impacts CodeQL analysis time. To learn more, please see:
+      #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+      #   - https://gh.io/supported-runners-and-hardware-resources
+      #   - https://gh.io/using-larger-runners (GitHub.com only)
+      # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+      runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+      permissions:
+         # required for all workflows
+         security-events: write
+
+         # required to fetch internal or private CodeQL packs
+         packages: read
+
+         # only required for workflows in private repositories
+         actions: read
+         contents: read
+
+      strategy:
+         fail-fast: false
+         matrix:
+            include:
+               - language: javascript-typescript
+                 build-mode: none
+            # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+            # Use `c-cpp` to analyze code written in C, C++ or both
+            # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+            # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+            # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+            # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+            # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+            # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+      steps:
+         - name: Checkout repository
+           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+         # Initializes the CodeQL tools for scanning.
+         - name: Initialize CodeQL
+           uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+           with:
+              languages: ${{ matrix.language }}
+              build-mode: ${{ matrix.build-mode }}
+              # If you wish to specify custom queries, you can do so here or in a config file.
+              # By default, queries listed here will override any specified in a config file.
+              # Prefix the list here with "+" to use these queries and those in the config file.
+
+              # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+              # queries: security-extended,security-and-quality
+
+         # If the analyze step fails for one of the languages you are analyzing with
+         # "We were unable to automatically build your code", modify the matrix above
+         # to set the build mode to "manual" for that language. Then modify this step
+         # to build your code.
+         # ℹ️ Command-line programs to run using the OS shell.
+         # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+         - if: matrix.build-mode == 'manual'
+           shell: bash
+           run: |
+              echo 'If you are using a "manual" build mode for one or more of the' \
+                'languages you are analyzing, replace this with the commands to build' \
+                'your code, for example:'
+              echo '  make bootstrap'
+              echo '  make release'
+              exit 1
+         - name: Perform CodeQL Analysis
+           uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+           with:
+              category: '/language:${{matrix.language}}'

.github/workflows/defaultLabels.yml

@@ -8,7 +8,7 @@ jobs:
    label-issues:
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/stale@v3
+         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
            name: Setting issue as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -19,7 +19,7 @@ jobs:
               operations-per-run: 100
               exempt-issue-labels: 'backlog'
 
-         - uses: actions/stale@v3
+         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
            name: Setting PR as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/integration-tests.yml

@@ -17,7 +17,7 @@ jobs:
          KUBECONFIG: /home/runner/.kube/config
          PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
       steps:
-         - uses: actions/checkout@v2
+         - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
            name: Checkout from PR branch
 
          - id: action-npm-build
@@ -29,7 +29,7 @@ jobs:
                 npm run build
               fi
 
-         - uses: actions/setup-python@v2
+         - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
            name: Install Python
            with:
               python-version: '3.x'
@@ -37,13 +37,18 @@ jobs:
          - name: Install requests library
            run: pip install requests
 
+         - name: Setup kubectl latest
+           uses: ./
+           with:
+              version: 'latest'
+
          - name: Validate kubectl setup
            run: python test/validate-kubectl.py latest
 
-         - name: Setup kubectl
+         - name: Setup kubectl old version
            uses: ./
            with:
               version: 'v1.15.1'
 
-         - name: Validate kubectl setup
+         - name: Validate kubectl setup old version
            run: python test/validate-kubectl.py 'v1.15.1'

.github/workflows/prettify-code.yml

@@ -10,9 +10,16 @@ jobs:
       runs-on: ubuntu-latest
       steps:
          - name: Checkout Repository
-           uses: actions/checkout@v2
+           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-         - name: Enforce Prettier
+         - name: Setup Node.js
-           uses: actionsx/prettier@v2
+           uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
            with:
-              args: --check .
+              node-version: 'lts/*'
+              cache: 'npm'
+
+         - name: Install Dependencies
+           run: npm ci
+
+         - name: Run Prettier Check
+           run: npx prettier --check .

.github/workflows/unit-tests.yml

@@ -13,7 +13,7 @@ jobs:
    build: # make sure build/ci works properly
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/checkout@v1
+         - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
          - name: Build and run L0 tests.
            run: |

package.json

@@ -4,7 +4,7 @@
    "private": true,
    "main": "lib/index.js",
    "scripts": {
-      "build": "npm i ncc && npx ncc build src/run.ts -o lib",
+      "build": "npm i ncc && npx ncc build src/index.ts -o lib",
       "test": "jest",
       "test-coverage": "jest --coverage",
       "format": "prettier --write .",
@@ -18,17 +18,17 @@
    "author": "GitHub",
    "license": "MIT",
    "dependencies": {
-      "@actions/core": "^1.10.0",
+      "@actions/core": "^1.11.1",
       "@actions/exec": "^1.0.0",
-      "@actions/tool-cache": "^1.0.0"
+      "@actions/tool-cache": "^2.0.2"
    },
    "devDependencies": {
-      "@types/jest": "^26.0.0",
+      "@types/jest": "^29.5.14",
-      "@types/node": "^12.0.4",
+      "@types/node": "^22.15.30",
-      "@vercel/ncc": "^0.34.0",
+      "@vercel/ncc": "^0.38.3",
-      "jest": "^26.0.1",
+      "jest": "^29.7.0",
-      "prettier": "2.7.1",
+      "prettier": "3.5.3",
-      "ts-jest": "^26.0.0",
+      "ts-jest": "^29.3.4",
-      "typescript": "3.9.2"
+      "typescript": "5.8.3"
    }
 }

src/index.ts

@@ -0,0 +1,4 @@
+import {run} from './run'
+import * as core from '@actions/core'
+
+run().catch(core.setFailed)

src/run.test.ts

@@ -14,18 +14,14 @@ import * as util from 'util'
 describe('Testing all functions in run file.', () => {
    test('getExecutableExtension() - return .exe when os is Windows', () => {
       jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
-
       expect(getExecutableExtension()).toBe('.exe')
       expect(os.type).toBeCalled()
    })
-
    test('getExecutableExtension() - return empty string for non-windows OS', () => {
       jest.spyOn(os, 'type').mockReturnValue('Darwin')
-
       expect(getExecutableExtension()).toBe('')
       expect(os.type).toBeCalled()
    })
-
    test.each([
       ['arm', 'arm'],
       ['arm64', 'arm64'],
@@ -34,12 +30,10 @@ describe('Testing all functions in run file.', () => {
       'getKubectlArch() - return on %s os arch %s kubectl arch',
       (osArch, kubectlArch) => {
          jest.spyOn(os, 'arch').mockReturnValue(osArch)
-
          expect(getKubectlArch()).toBe(kubectlArch)
          expect(os.arch).toBeCalled()
       }
    )
-
    test.each([['arm'], ['arm64'], ['amd64']])(
       'getkubectlDownloadURL() - return the URL to download %s kubectl for Linux',
       (arch) => {
@@ -48,12 +42,10 @@ describe('Testing all functions in run file.', () => {
             'https://dl.k8s.io/release/v1.15.0/bin/linux/%s/kubectl',
             arch
          )
-
          expect(getkubectlDownloadURL('v1.15.0', arch)).toBe(kubectlLinuxUrl)
          expect(os.type).toBeCalled()
       }
    )
-
    test.each([['arm'], ['arm64'], ['amd64']])(
       'getkubectlDownloadURL() - return the URL to download %s kubectl for Darwin',
       (arch) => {
@@ -62,17 +54,14 @@ describe('Testing all functions in run file.', () => {
             'https://dl.k8s.io/release/v1.15.0/bin/darwin/%s/kubectl',
             arch
          )
-
          expect(getkubectlDownloadURL('v1.15.0', arch)).toBe(kubectlDarwinUrl)
          expect(os.type).toBeCalled()
       }
    )
-
    test.each([['arm'], ['arm64'], ['amd64']])(
       'getkubectlDownloadURL() - return the URL to download %s kubectl for Windows',
       (arch) => {
          jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
-
          const kubectlWindowsUrl = util.format(
             'https://dl.k8s.io/release/v1.15.0/bin/windows/%s/kubectl.exe',
             arch
@@ -81,38 +70,31 @@ describe('Testing all functions in run file.', () => {
          expect(os.type).toBeCalled()
       }
    )
-
    test('getStableKubectlVersion() - download stable version file, read version and return it', async () => {
       jest
          .spyOn(toolCache, 'downloadTool')
          .mockReturnValue(Promise.resolve('pathToTool'))
       jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.20.4')
-
       expect(await run.getStableKubectlVersion()).toBe('v1.20.4')
       expect(toolCache.downloadTool).toBeCalled()
-      expect(fs.readFileSync).toBeCalledWith('pathToTool', 'utf8')
+      expect(fs.readFileSync).toHaveBeenCalledWith('pathToTool', 'utf8')
    })
-
    test('getStableKubectlVersion() - return default v1.15.0 if version read is empty', async () => {
       jest
          .spyOn(toolCache, 'downloadTool')
          .mockReturnValue(Promise.resolve('pathToTool'))
       jest.spyOn(fs, 'readFileSync').mockReturnValue('')
-
       expect(await run.getStableKubectlVersion()).toBe('v1.15.0')
       expect(toolCache.downloadTool).toBeCalled()
-      expect(fs.readFileSync).toBeCalledWith('pathToTool', 'utf8')
+      expect(fs.readFileSync).toHaveBeenCalledWith('pathToTool', 'utf8')
    })
-
    test('getStableKubectlVersion() - return default v1.15.0 if unable to download file', async () => {
       jest
          .spyOn(toolCache, 'downloadTool')
          .mockRejectedValue('Unable to download.')
-
       expect(await run.getStableKubectlVersion()).toBe('v1.15.0')
       expect(toolCache.downloadTool).toBeCalled()
    })
-
    test('downloadKubectl() - download kubectl, add it to toolCache and return path to it', async () => {
       jest.spyOn(toolCache, 'find').mockReturnValue('')
       jest
@@ -123,43 +105,37 @@ describe('Testing all functions in run file.', () => {
          .mockReturnValue(Promise.resolve('pathToCachedTool'))
       jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
       jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
-
       expect(await run.downloadKubectl('v1.15.0')).toBe(
          path.join('pathToCachedTool', 'kubectl.exe')
       )
-      expect(toolCache.find).toBeCalledWith('kubectl', 'v1.15.0')
+      expect(toolCache.find).toHaveBeenCalledWith('kubectl', 'v1.15.0')
       expect(toolCache.downloadTool).toBeCalled()
       expect(toolCache.cacheFile).toBeCalled()
       expect(os.type).toBeCalled()
-      expect(fs.chmodSync).toBeCalledWith(
+      expect(fs.chmodSync).toHaveBeenCalledWith(
          path.join('pathToCachedTool', 'kubectl.exe'),
          '775'
       )
    })
-
    test('downloadKubectl() - throw DownloadKubectlFailed error when unable to download kubectl', async () => {
       jest.spyOn(toolCache, 'find').mockReturnValue('')
       jest
          .spyOn(toolCache, 'downloadTool')
          .mockRejectedValue('Unable to download kubectl.')
-
       await expect(run.downloadKubectl('v1.15.0')).rejects.toThrow(
          'DownloadKubectlFailed'
       )
-      expect(toolCache.find).toBeCalledWith('kubectl', 'v1.15.0')
+      expect(toolCache.find).toHaveBeenCalledWith('kubectl', 'v1.15.0')
       expect(toolCache.downloadTool).toBeCalled()
    })
-
    test('downloadKubectl() - throw kubectl not found error when receive 404 response', async () => {
       const kubectlVersion = 'v1.15.0'
       const arch = 'arm128'
-
       jest.spyOn(os, 'arch').mockReturnValue(arch)
       jest.spyOn(toolCache, 'find').mockReturnValue('')
       jest.spyOn(toolCache, 'downloadTool').mockImplementation((_) => {
          throw new toolCache.HTTPError(404)
       })
-
       await expect(run.downloadKubectl(kubectlVersion)).rejects.toThrow(
          util.format(
             "Kubectl '%s' for '%s' arch not found.",
@@ -168,28 +144,26 @@ describe('Testing all functions in run file.', () => {
          )
       )
       expect(os.arch).toBeCalled()
-      expect(toolCache.find).toBeCalledWith('kubectl', kubectlVersion)
+      expect(toolCache.find).toHaveBeenCalledWith('kubectl', kubectlVersion)
       expect(toolCache.downloadTool).toBeCalled()
    })
-
    test('downloadKubectl() - return path to existing cache of kubectl', async () => {
+      jest.spyOn(core, 'getInput').mockImplementation(() => 'v1.15.5')
       jest.spyOn(toolCache, 'find').mockReturnValue('pathToCachedTool')
       jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
       jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
       jest.spyOn(toolCache, 'downloadTool')
-
       expect(await run.downloadKubectl('v1.15.0')).toBe(
          path.join('pathToCachedTool', 'kubectl.exe')
       )
-      expect(toolCache.find).toBeCalledWith('kubectl', 'v1.15.0')
+      expect(toolCache.find).toHaveBeenCalledWith('kubectl', 'v1.15.0')
       expect(os.type).toBeCalled()
-      expect(fs.chmodSync).toBeCalledWith(
+      expect(fs.chmodSync).toHaveBeenCalledWith(
          path.join('pathToCachedTool', 'kubectl.exe'),
          '775'
       )
       expect(toolCache.downloadTool).not.toBeCalled()
    })
-
    test('run() - download specified version and set output', async () => {
       jest.spyOn(core, 'getInput').mockReturnValue('v1.15.5')
       jest.spyOn(toolCache, 'find').mockReturnValue('pathToCachedTool')
@@ -198,16 +172,14 @@ describe('Testing all functions in run file.', () => {
       jest.spyOn(core, 'addPath').mockImplementation()
       jest.spyOn(console, 'log').mockImplementation()
       jest.spyOn(core, 'setOutput').mockImplementation()
-
       expect(await run.run()).toBeUndefined()
-      expect(core.getInput).toBeCalledWith('version', {required: true})
+      expect(core.getInput).toHaveBeenCalledWith('version', {required: true})
-      expect(core.addPath).toBeCalledWith('pathToCachedTool')
+      expect(core.addPath).toHaveBeenCalledWith('pathToCachedTool')
-      expect(core.setOutput).toBeCalledWith(
+      expect(core.setOutput).toHaveBeenCalledWith(
          'kubectl-path',
          path.join('pathToCachedTool', 'kubectl.exe')
       )
    })
-
    test('run() - get latest version, download it and set output', async () => {
       jest.spyOn(core, 'getInput').mockReturnValue('latest')
       jest
@@ -220,14 +192,13 @@ describe('Testing all functions in run file.', () => {
       jest.spyOn(core, 'addPath').mockImplementation()
       jest.spyOn(console, 'log').mockImplementation()
       jest.spyOn(core, 'setOutput').mockImplementation()
-
       expect(await run.run()).toBeUndefined()
-      expect(toolCache.downloadTool).toBeCalledWith(
+      expect(toolCache.downloadTool).toHaveBeenCalledWith(
          'https://storage.googleapis.com/kubernetes-release/release/stable.txt'
       )
-      expect(core.getInput).toBeCalledWith('version', {required: true})
+      expect(core.getInput).toHaveBeenCalledWith('version', {required: true})
-      expect(core.addPath).toBeCalledWith('pathToCachedTool')
+      expect(core.addPath).toHaveBeenCalledWith('pathToCachedTool')
-      expect(core.setOutput).toBeCalledWith(
+      expect(core.setOutput).toHaveBeenCalledWith(
          'kubectl-path',
          path.join('pathToCachedTool', 'kubectl.exe')
       )

src/run.ts

@@ -89,5 +89,3 @@ export async function downloadKubectl(version: string): Promise<string> {
    fs.chmodSync(kubectlPath, '775')
    return kubectlPath
 }
-
-run().catch(core.setFailed)