dist/index.js

"use strict";var T6=Object.create;var Sm=Object.defineProperty;var O6=Object.getOwnPropertyDescriptor;var L6=Object.getOwnPropertyNames;var M6=Object.getPrototypeOf,F6=Object.prototype.hasOwnProperty;var U6=(t,e)=>()=>(t&&(e=t(t=0)),e);var h=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports),q6=(t,e)=>{for(var r in e)Sm(t,r,{get:e[r],enumerable:!0})},xP=(t,e,r,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of L6(e))!F6.call(t,i)&&i!==r&&Sm(t,i,{get:()=>e[i],enumerable:!(n=O6(e,i))||n.enumerable});return t};var Ct=(t,e,r)=>(r=t!=null?T6(M6(t)):{},xP(e||!t||!t.__esModule?Sm(r,"default",{value:t,enumerable:!0}):r,t)),Ui=t=>xP(Sm({},"__esModule",{value:!0}),t);var xm=h(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.toCommandProperties=fc.toCommandValue=void 0;function H6(t){return t==null?"":typeof t=="string"||t instanceof String?t:JSON.stringify(t)}fc.toCommandValue=H6;function j6(t){return Object.keys(t).length?{title:t.title,file:t.file,line:t.startLine,endLine:t.endLine,col:t.startColumn,endColumn:t.endColumn}:{}}fc.toCommandProperties=j6});var DP=h(ri=>{"use strict";var z6=ri&&ri.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),G6=ri&&ri.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Y6=ri&&ri.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&z6(e,t,r);return G6(e,t),e};Object.defineProperty(ri,"__esModule",{value:!0});ri.issue=ri.issueCommand=void 0;var J6=Y6(require("os")),RP=xm();function _P(t,e,r){let n=new LQ(t,e,r);process.stdout.write(n.toString()+J6.EOL)}ri.issueCommand=_P;function V6(t,e=""){_P(t,{},e)}ri.issue=V6;var vP="::",LQ=class{constructor(e,r,n){e||(e="missing.command"),this.command=e,this.properties=r,this.message=n}toString(){let e=vP+this.command;if(this.properties&&Object.keys(this.properties).length>0){e+=" ";let r=!0;for(let n in this.properties)if(this.properties.hasOwnProperty(n)){let i=this.properties[n];i&&(r?r=!1:e+=",",e+=`${n}=${$6(i)}`)}}return e+=`${vP}${W6(this.message)}`,e}};function W6(t){return(0,RP.toCommandValue)(t).replace(/%/g,"%25").replace(/\r/g,"%0D").replace(/\n/g,"%0A")}function $6(t){return(0,RP.toCommandValue)(t).replace(/%/g,"%25").replace(/\r/g,"%0D").replace(/\n/g,"%0A").replace(/:/g,"%3A").replace(/,/g,"%2C")}});var TP=h(ni=>{"use strict";var K6=ni&&ni.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),X6=ni&&ni.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),FQ=ni&&ni.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&K6(e,t,r);return X6(e,t),e};Object.defineProperty(ni,"__esModule",{value:!0});ni.prepareKeyValueMessage=ni.issueFileCommand=void 0;var Z6=FQ(require("crypto")),kP=FQ(require("fs")),MQ=FQ(require("os")),PP=xm();function eX(t,e){let r=process.env[`GITHUB_${t}`];if(!r)throw new Error(`Unable to find environment variable for file command ${t}`);if(!kP.existsSync(r))throw new Error(`Missing file at path: ${r}`);kP.appendFileSync(r,`${(0,PP.toCommandValue)(e)}${MQ.EOL}`,{encoding:"utf8"})}ni.issueFileCommand=eX;function tX(t,e){let r=`ghadelimiter_${Z6.randomUUID()}`,n=(0,PP.toCommandValue)(e);if(t.includes(r))throw new Error(`Unexpected input: name should not contain the delimiter "${r}"`);if(n.includes(r))throw new Error(`Unexpected input: value should 
`,u.message,u.stack);var d=new Error("tunneling socket could not be established, cause="+u.message);d.code="ECONNRESET",e.request.emit("error",d),n.removeSocket(i)}};qs.prototype.removeSocket=function(e){var r=this.sockets.indexOf(e);if(r!==-1){this.sockets.splice(r,1);var n=this.requests.shift();n&&this.createSocket(n,function(i){n.request.onSocket(i)})}};function FP(t,e){var r=this;qs.prototype.createSocket.call(r,t,function(n){var i=t.request.getHeader("host"),s=qQ({},r.options,{socket:n,servername:i?i.replace(/:.*$/,""):t.host}),o=iX.connect(0,s);r.sockets[r.sockets.indexOf(n)]=o,e(o)})}function UP(t,e,r){return typeof t=="string"?{host:t,port:e,localAddress:r}:t}function qQ(t){for(var e=1,r=arguments.length;e<r;++e){var n=arguments[e];if(typeof n=="object")for(var i=Object.keys(n),s=0,o=i.length;s<o;++s){var a=i[s];n[a]!==void 0&&(t[a]=n[a])}}return t}var Do;process.env.NODE_DEBUG&&/\btunnel\b/.test(process.env.NODE_DEBUG)?Do=function(){var t=Array.prototype.slice.call(arguments);typeof t[0]=="string"?t[0]="TUNNEL: "+t[0]:t.unshift("TUNNEL:"),console.error.apply(console,t)}:Do=function(){};gc.debug=Do});var jP=h((lOe,HP)=>{HP.exports=qP()});var It=h((uOe,zP)=>{zP.exports={kClose:Symbol("close"),kDestroy:Symbol("destroy"),kDispatch:Symbol("dispatch"),kUrl:Symbol("url"),kWriting:Symbol("writing"),kResuming:Symbol("resuming"),kQueue:Symbol("queue"),kConnect:Symbol("connect"),kConnecting:Symbol("connecting"),kHeadersList:Symbol("headers list"),kKeepAliveDefaultTimeout:Symbol("default keep alive timeout"),kKeepAliveMaxTimeout:Symbol("max keep alive timeout"),kKeepAliveTimeoutThreshold:Symbol("keep alive timeout threshold"),kKeepAliveTimeoutValue:Symbol("keep alive timeout"),kKeepAlive:Symbol("keep alive"),kHeadersTimeout:Symbol("headers timeout"),kBodyTimeout:Symbol("body timeout"),kServerName:Symbol("server name"),kLocalAddress:Symbol("local address"),kHost:Symbol("host"),kNoRef:Symbol("no ref"),kBodyUsed:Symbol("used"),kRunning:Symbol("running"),kBlocking:Symbol("blocking"),kPending:Symbol("pending"),kSize:Symbol("size"),kBusy:Symbol("busy"),kQueued:Symbol("queued"),kFree:Symbol("free"),kConnected:Symbol("connected"),kClosed:Symbol("closed"),kNeedDrain:Symbol("need drain"),kReset:Symbol("reset"),kDestroyed:Symbol.for("nodejs.stream.destroyed"),kMaxHeadersSize:Symbol("max headers size"),kRunningIdx:Symbol("running index"),kPendingIdx:Symbol("pending index"),kError:Symbol("error"),kClients:Symbol("clients"),kClient:Symbol("client"),kParser:Symbol("parser"),kOnDestroyed:Symbol("destroy callbacks"),kPipelining:Symbol("pipelining"),kSocket:Symbol("socket"),kHostHeader:Symbol("host header"),kConnector:Symbol("connector"),kStrictContentLength:Symbol("strict content length"),kMaxRedirections:Symbol("maxRedirections"),kMaxRequests:Symbol("maxRequestsPerClient"),kProxy:Symbol("proxy agent options"),kCounter:Symbol("socket request counter"),kInterceptors:Symbol("dispatch interceptors"),kMaxResponseSize:Symbol("max response size"),kHTTP2Session:Symbol("http2Session"),kHTTP2SessionState:Symbol("http2Session state"),kHTTP2BuildRequest:Symbol("http2 build request"),kHTTP1BuildRequest:Symbol("http1 build request"),kHTTP2CopyHeaders:Symbol("http2 copy headers"),kHTTPConnVersion:Symbol("http connection version"),kRetryHandlerDefaultRetry:Symbol("retry agent default retry"),kConstruct:Symbol("constructable")}});var At=h((dOe,GP)=>{"use strict";var Vt=class extends Error{constructor(e){super(e),this.name="UndiciError",this.code="UND_ERR"}},HQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="ConnectTimeoutError",this.message=e||"Connect Timeout Error",this.code="UND_ERR_CONNECT_TIMEOUT"}},jQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="HeadersTimeoutError",this.message=e||"Headers Timeout Error",this.code="UND_ERR_HEADERS_TIMEOUT"}},zQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="HeadersOverflowError",this.message=e||"Headers Overflow Error",this.code="UND_ERR_HEADERS_OVERFLOW"}},GQ=class t extends Vt{constructor(e){super
\r
`),$X=/\r\n/g,KX=/^([^:]+):[ \t]?([\x00-\xFF]+)?$/;function pc(t){hT.call(this),t=t||{};let e=this;this.nread=0,this.maxed=!1,this.npairs=0,this.maxHeaderPairs=fT(t,"maxHeaderPairs",2e3),this.maxHeaderSize=fT(t,"maxHeaderSize",80*1024),this.buffer="",this.header={},this.finished=!1,this.ss=new VX(WX),this.ss.on("info",function(r,n,i,s){n&&!e.maxed&&(e.nread+s-i>=e.maxHeaderSize?(s=e.maxHeaderSize-e.nread+i,e.nread=e.maxHeaderSize,e.maxed=!0):e.nread+=s-i,e.buffer+=n.toString("binary",i,s)),r&&e._finish()})}JX(pc,hT);pc.prototype.push=function(t){let e=this.ss.push(t);if(this.finished)return e};pc.prototype.reset=function(){this.finished=!1,this.buffer="",this.header={},this.ss.reset()};pc.prototype._finish=function(){this.buffer&&this._parseHeader(),this.ss.matches=this.ss.maxMatches;let t=this.header;this.header={},this.buffer="",this.finished=!0,this.nread=this.npairs=0,this.maxed=!1,this.emit("header",t)};pc.prototype._parseHeader=function(){if(this.npairs===this.maxHeaderPairs)return;let t=this.buffer.split($X),e=t.length,r,n;for(var i=0;i<e;++i){if(t[i].length===0)continue;if((t[i][0]==="	"||t[i][0]===" ")&&n){this.header[n][this.header[n].length-1]+=t[i];continue}let s=t[i].indexOf(":");if(s===-1||s===0)return;if(r=KX.exec(t[i]),n=r[1].toLowerCase(),this.header[n]=this.header[n]||[],this.header[n].push(r[2]||""),++this.npairs===this.maxHeaderPairs)break}};gT.exports=pc});var hb=h((COe,yT)=>{"use strict";var fb=require("node:stream").Writable,XX=require("node:util").inherits,ZX=ub(),pT=uT(),e5=mT(),t5=45,r5=Buffer.from("-"),n5=Buffer.from(`\r
`),i5=function(){};function qi(t){if(!(this instanceof qi))return new qi(t);if(fb.call(this,t),!t||!t.headerFirst&&typeof t.boundary!="string")throw new TypeError("Boundary required");typeof t.boundary=="string"?this.setBoundary(t.boundary):this._bparser=void 0,this._headerFirst=t.headerFirst,this._dashes=0,this._parts=0,this._finished=!1,this._realFinish=!1,this._isPreamble=!0,this._justMatched=!1,this._firstWrite=!0,this._inHeader=!0,this._part=void 0,this._cb=void 0,this._ignoreData=!1,this._partOpts={highWaterMark:t.partHwm},this._pause=!1;let e=this;this._hparser=new e5(t),this._hparser.on("header",function(r){e._inHeader=!1,e._part.emit("header",r)})}XX(qi,fb);qi.prototype.emit=function(t){if(t==="finish"&&!this._realFinish){if(!this._finished){let e=this;process.nextTick(function(){if(e.emit("error",new Error("Unexpected end of multipart data")),e._part&&!e._ignoreData){let r=e._isPreamble?"Preamble":"Part";e._part.emit("error",new Error(r+" terminated early due to unexpected end of multipart data")),e._part.push(null),process.nextTick(function(){e._realFinish=!0,e.emit("finish"),e._realFinish=!1});return}e._realFinish=!0,e.emit("finish"),e._realFinish=!1})}}else fb.prototype.emit.apply(this,arguments)};qi.prototype._write=function(t,e,r){if(!this._hparser&&!this._bparser)return r();if(this._headerFirst&&this._isPreamble){this._part||(this._part=new pT(this._partOpts),this.listenerCount("preamble")!==0?this.emit("preamble",this._part):this._ignore());let n=this._hparser.push(t);if(!this._inHeader&&n!==void 0&&n<t.length)t=t.slice(n);else return r()}this._firstWrite&&(this._bparser.push(n5),this._firstWrite=!1),this._bparser.push(t),this._pause?this._cb=r:r()};qi.prototype.reset=function(){this._part=void 0,this._bparser=void 0,this._hparser=void 0};qi.prototype.setBoundary=function(t){let e=this;this._bparser=new ZX(`\r
--`+t),this._bparser.on("info",function(r,n,i,s){e._oninfo(r,n,i,s)})};qi.prototype._ignore=function(){this._part&&!this._ignoreData&&(this._ignoreData=!0,this._part.on("error",i5),this._part.resume())};qi.prototype._oninfo=function(t,e,r,n){let i,s=this,o=0,a,A=!0;if(!this._part&&this._justMatched&&e){for(;this._dashes<2&&r+o<n;)if(e[r+o]===t5)++o,++this._dashes;else{this._dashes&&(i=r5),this._dashes=0;break}if(this._dashes===2&&(r+o<n&&this.listenerCount("trailer")!==0&&this.emit("trailer",e.slice(r+o,n)),this.reset(),this._finished=!0,s._parts===0&&(s._realFinish=!0,s.emit("finish"),s._realFinish=!1)),this._dashes)return}this._justMatched&&(this._justMatched=!1),this._part||(this._part=new pT(this._partOpts),this._part._read=function(c){s._unpause()},this._isPreamble&&this.listenerCount("preamble")!==0?this.emit("preamble",this._part):this._isPreamble!==!0&&this.listenerCount("part")!==0?this.emit("part",this._part):this._ignore(),this._isPreamble||(this._inHeader=!0)),e&&r<n&&!this._ignoreData&&(this._isPreamble||!this._inHeader?(i&&(A=this._part.push(i)),A=this._part.push(e.slice(r,n)),A||(this._pause=!0)):!this._isPreamble&&this._inHeader&&(i&&this._hparser.push(i),a=this._hparser.push(e.slice(r,n)),!this._inHeader&&a!==void 0&&a<n&&this._oninfo(!1,e,r+a,n))),t&&(this._hparser.reset(),this._isPreamble?this._isPreamble=!1:r!==n&&(++this._parts,this._part.on("end",function(){--s._parts===0&&(s._finished?(s._realFinish=!0,s.emit("finish"),s._realFinish=!1):s._unpause())})),this._part.push(null),this._part=void 0,this._ignoreData=!1,this._justMatched=!0,this._dashes=0)};qi.prototype._unpause=function(){if(this._pause&&(this._pause=!1,this._cb)){let t=this._cb;this._cb=void 0,t()}};yT.exports=qi});var Tm=h((gb,IT)=>{"use strict";var ET=new TextDecoder("utf-8"),CT=new Map([["utf-8",ET],["utf8",ET]]);function s5(t){let e;for(;;)switch(t){case"utf-8":case"utf8":return Jd.utf8;case"latin1":case"ascii":case"us-ascii":case"iso-8859-1":case"iso8859-1":case"iso88591":case"iso_8859-1":case"windows-1252":case"iso_8859-1:1987":case"cp1252":case"x-cp1252":return Jd.latin1;case"utf16le":case"utf-16le":case"ucs2":case"ucs-2":return Jd.utf16le;case"base64":return Jd.base64;default:if(e===void 0){e=!0,t=t.toLowerCase();continue}return Jd.other.bind(t)}}var Jd={utf8:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.utf8Slice(0,t.length)),latin1:(t,e)=>t.length===0?"":typeof t=="string"?t:t.latin1Slice(0,t.length),utf16le:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.ucs2Slice(0,t.length)),base64:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.base64Slice(0,t.length)),other:(t,e)=>{if(t.length===0)return"";if(typeof t=="string"&&(t=Buffer.from(t,e)),CT.has(gb.toString()))try{return CT.get(gb).decode(t)}catch{}return typeof t=="string"?t:t.toString()}};function o5(t,e,r){return t&&s5(r)(t,e)}IT.exports=o5});var pb=h((IOe,wT)=>{"use strict";var Om=Tm(),BT=/%[a-fA-F0-9][a-fA-F0-9]/g,a5={"%00":"\0","%01":"","%02":"","%03":"","%04":"","%05":"","%06":"","%07":"\x07","%08":"\b","%09":"	","%0a":`
`,"%0A":`
`,"%0b":"\v","%0B":"\v","%0c":"\f","%0C":"\f","%0d":"\r","%0D":"\r","%0e":"","%0E":"","%0f":"","%0F":"","%10":"","%11":"","%12":"","%13":"","%14":"","%15":"","%16":"","%17":"","%18":"","%19":"","%1a":"","%1A":"","%1b":"\x1B","%1B":"\x1B","%1c":"","%1C":"","%1d":"","%1D":"","%1e":"","%1E":"","%1f":"","%1F":"","%20":" ","%21":"!","%22":'"',"%23":"#","%24":"$","%25":"%","%26":"&","%27":"'","%28":"(","%29":")","%2a":"*","%2A":"*","%2b":"+","%2B":"+","%2c":",","%2C":",","%2d":"-","%2D":"-","%2e":".","%2E":".","%2f":"/","%2F":"/","%30":"0","%31":"1","%32":"2","%33":"3","%34":"4","%35":"5","%36":"6","%37":"7","%38":"8","%39":"9","%3a":":","%3A":":","%3b":";","%3B":";","%3c":"<","%3C":"<","%3d":"=","%3D":"=","%3e":">","%3E":">","%3f":"?","%3F":"?","%40":"@","%41":"A","%42":"B","%43":"C","%44":"D","%45":"E","%46":"F","%47":"G","%48":"H","%49":"I","%4a":"J","%4A":"J","%4b":"K","%4B":"K","%4c":"L","%4C":"L","%4d":"M","%4D":"M","%4e":"N","%4E":"N","%4f":"O","%4F":"O","%50":"P","%51":"Q","%52":"R","%53":"S","%54":"T","%55":"U","%56":"V","%57":"W","%58":"X","%59":"Y","%5a":"Z","%5A":"Z","%5b":"[","%5B":"[","%5c":"\\","%5C":"\\","%5d":"]","%5D":"]","%5e":"^","%5E":"^","%5f":"_","%5F":"_","%60":"`","%61":"a","%62":"b","%63":"c","%64":"d","%65":"e","%66":"f","%67":"g","%68":"h","%69":"i","%6a":"j","%6A":"j","%6b":"k","%6B":"k","%6c":"l","%6C":"l","%6d":"m","%6D":"m","%6e":"n","%6E":"n","%6f":"o","%6F":"o","%70":"p","%71":"q","%72":"r","%73":"s","%74":"t","%75":"u","%76":"v","%77":"w","%78":"x","%79":"y","%7a":"z","%7A":"z","%7b":"{","%7B":"{","%7c":"|","%7C":"|","%7d":"}","%7D":"}","%7e":"~","%7E":"~","%7f":"\x7F","%7F":"\x7F","%80":"\x80","%81":"\x81","%82":"\x82","%83":"\x83","%84":"\x84","%85":"\x85","%86":"\x86","%87":"\x87","%88":"\x88","%89":"\x89","%8a":"\x8A","%8A":"\x8A","%8b":"\x8B","%8B":"\x8B","%8c":"\x8C","%8C":"\x8C","%8d":"\x8D","%8D":"\x8D","%8e":"\x8E","%8E":"\x8E","%8f":"\x8F","%8F":"\x8F","%90":"\x90","%91":"\x91","%92":"\x92","%93":"\x93","%94":"\x94","%95":"\x95","%96":"\x96","%97":"\x97","%98":"\x98","%99":"\x99","%9a":"\x9A","%9A":"\x9A","%9b":"\x9B","%9B":"\x9B","%9c":"\x9C","%9C":"\x9C","%9d":"\x9D","%9D":"\x9D","%9e":"\x9E","%9E":"\x9E","%9f":"\x9F","%9F":"\x9F","%a0":"\xA0","%A0":"\xA0","%a1":"\xA1","%A1":"\xA1","%a2":"\xA2","%A2":"\xA2","%a3":"\xA3","%A3":"\xA3","%a4":"\xA4","%A4":"\xA4","%a5":"\xA5","%A5":"\xA5","%a6":"\xA6","%A6":"\xA6","%a7":"\xA7","%A7":"\xA7","%a8":"\xA8","%A8":"\xA8","%a9":"\xA9","%A9":"\xA9","%aa":"\xAA","%Aa":"\xAA","%aA":"\xAA","%AA":"\xAA","%ab":"\xAB","%Ab":"\xAB","%aB":"\xAB","%AB":"\xAB","%ac":"\xAC","%Ac":"\xAC","%aC":"\xAC","%AC":"\xAC","%ad":"\xAD","%Ad":"\xAD","%aD":"\xAD","%AD":"\xAD","%ae":"\xAE","%Ae":"\xAE","%aE":"\xAE","%AE":"\xAE","%af":"\xAF","%Af":"\xAF","%aF":"\xAF","%AF":"\xAF","%b0":"\xB0","%B0":"\xB0","%b1":"\xB1","%B1":"\xB1","%b2":"\xB2","%B2":"\xB2","%b3":"\xB3","%B3":"\xB3","%b4":"\xB4","%B4":"\xB4","%b5":"\xB5","%B5":"\xB5","%b6":"\xB6","%B6":"\xB6","%b7":"\xB7","%B7":"\xB7","%b8":"\xB8","%B8":"\xB8","%b9":"\xB9","%B9":"\xB9","%ba":"\xBA","%Ba":"\xBA","%bA":"\xBA","%BA":"\xBA","%bb":"\xBB","%Bb":"\xBB","%bB":"\xBB","%BB":"\xBB","%bc":"\xBC","%Bc":"\xBC","%bC":"\xBC","%BC":"\xBC","%bd":"\xBD","%Bd":"\xBD","%bD":"\xBD","%BD":"\xBD","%be":"\xBE","%Be":"\xBE","%bE":"\xBE","%BE":"\xBE","%bf":"\xBF","%Bf":"\xBF","%bF":"\xBF","%BF":"\xBF","%c0":"\xC0","%C0":"\xC0","%c1":"\xC1","%C1":"\xC1","%c2":"\xC2","%C2":"\xC2","%c3":"\xC3","%C3":"\xC3","%c4":"\xC4","%C4":"\xC4","%c5":"\xC5","%C5":"\xC5","%c6":"\xC6","%C6":"\xC6","%c7":"\xC7","%C7":"\xC7","%c8":"\xC8","%C8":"\xC8","%c9":"\xC9","%C9":"\xC9","%ca":"\xCA","%Ca":"\xCA","%cA":"\xCA","%CA":"\xCA","%cb":"\xCB","%Cb":"\xCB","%cB":"\xCB","%CB":"\xCB","%cc":"\xCC","%Cc":"\xCC","%cC":"\xCC","%CC":"\xCC","%cd":"\xCD","%Cd":"\xCD","%cD":"\xCD","%CD":"\xCD","%ce":"\xCE","%Ce":"\xCE","%cE":"\xCE","%CE":"\xCE","%cf":"\xCF","%Cf":"\xCF","%cF":"\xCF","%CF":"\xCF","%d0":"\xD0","%D0":"\xD0","%d1":"\xD1","%D1":"\xD1","%d2":"\xD2","%D2":"\xD2","%d3":"\xD3","%D3":"\xD3","%d4":"\xD4","%D4":"\xD4","%d5":"\xD5","%
`))}function oZ(t,e){let{headersList:r}=e,n=(r.get("referrer-policy")??"").split(","),i="";if(n.length>0)for(let s=n.length;s!==0;s--){let o=n[s-1].trim();if(Y5.has(o)){i=o;break}}i!==""&&(t.referrerPolicy=i)}function aZ(){return"allowed"}function AZ(){return"success"}function cZ(){return"success"}function lZ(t){let e=null;e=t.mode,t.headersList.set("sec-fetch-mode",e)}function uZ(t){let e=t.origin;if(t.responseTainting==="cors"||t.mode==="websocket")e&&t.headersList.append("origin",e);else if(t.method!=="GET"&&t.method!=="HEAD"){switch(t.referrerPolicy){case"no-referrer":e=null;break;case"no-referrer-when-downgrade":case"strict-origin":case"strict-origin-when-cross-origin":t.origin&&Nb(t.origin)&&!Nb($d(t))&&(e=null);break;case"same-origin":qm(t,$d(t))||(e=null);break;default:}e&&t.headersList.append("origin",e)}}function dZ(t){return W5.now()}function fZ(t){return{startTime:t.startTime??0,redirectStartTime:0,redirectEndTime:0,postRedirectStartTime:t.startTime??0,finalServiceWorkerStartTime:0,finalNetworkResponseStartTime:0,finalNetworkRequestStartTime:0,endTime:0,encodedBodySize:0,decodedBodySize:0,finalConnectionTimingInfo:null}}function hZ(){return{referrerPolicy:"strict-origin-when-cross-origin"}}function gZ(t){return{referrerPolicy:t.referrerPolicy}}function mZ(t){let e=t.referrerPolicy;Bc(e);let r=null;if(t.referrer==="client"){let a=V5();if(!a||a.origin==="null")return"no-referrer";r=new URL(a)}else t.referrer instanceof URL&&(r=t.referrer);let n=Qb(r),i=Qb(r,!0);n.toString().length>4096&&(n=i);let s=qm(t,n),o=Wd(n)&&!Wd(t.url);switch(e){case"origin":return i??Qb(r,!0);case"unsafe-url":return n;case"same-origin":return s?i:"no-referrer";case"origin-when-cross-origin":return s?n:i;case"strict-origin-when-cross-origin":{let a=$d(t);return qm(n,a)?n:Wd(n)&&!Wd(a)?"no-referrer":i}default:return o?"no-referrer":i}}function Qb(t,e){return Bc(t instanceof URL),t.protocol==="file:"||t.protocol==="about:"||t.protocol==="blank:"?"no-referrer":(t.username="",t.password="",t.hash="",e&&(t.pathname="",t.search=""),t)}function Wd(t){if(!(t instanceof URL))return!1;if(t.href==="about:blank"||t.href==="about:srcdoc"||t.protocol==="data:"||t.protocol==="file:")return!0;return e(t.origin);function e(r){if(r==null||r==="null")return!1;let n=new URL(r);return!!(n.protocol==="https:"||n.protocol==="wss:"||/^127(?:\.[0-9]+){0,2}\.[0-9]+$|^\[(?:0*:)*?:?0*1\]$/.test(n.hostname)||n.hostname==="localhost"||n.hostname.includes("localhost.")||n.hostname.endsWith(".localhost"))}}function pZ(t,e){if(Um===void 0)return!0;let r=ZT(e);if(r==="no metadata"||r.length===0)return!0;let n=EZ(r),i=CZ(r,n);for(let s of i){let o=s.algo,a=s.hash,A=Um.createHash(o).update(t).digest("base64");if(A[A.length-1]==="="&&(A[A.length-2]==="="?A=A.slice(0,-2):A=A.slice(0,-1)),IZ(A,a))return!0}return!1}var yZ=/(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i;function ZT(t){let e=[],r=!0;for(let n of t.split(" ")){r=!1;let i=yZ.exec(n);if(i===null||i.groups===void 0||i.groups.algo===void 0)continue;let s=i.groups.algo.toLowerCase();WT.includes(s)&&e.push(i.groups)}return r===!0?"no metadata":e}function EZ(t){let e=t[0].algo;if(e[3]==="5")return e;for(let r=1;r<t.length;++r){let n=t[r];if(n.algo[3]==="5"){e="sha512";break}else{if(e[3]==="3")continue;n.algo[3]==="3"&&(e="sha384")}}return e}function CZ(t,e){if(t.length===1)return t;let r=0;for(let n=0;n<t.length;++n)t[n].algo===e&&(t[r++]=t[n]);return t.length=r,t}function IZ(t,e){if(t.length!==e.length)return!1;for(let r=0;r<t.length;++r)if(t[r]!==e[r]){if(t[r]==="+"&&e[r]==="-"||t[r]==="/"&&e[r]==="_")continue;return!1}return!0}function BZ(t){}function qm(t,e){return t.origin===e.origin&&t.origin==="null"||t.protocol===e.protocol&&t.hostname===e.hostname&&t.port===e.port}function QZ(){let t,e;return{promise:new Promise((n,i)=>{t=n,e=i}),resolve:t,reject:e}}function bZ(t){return t.controller.state==="aborted"}function NZ(t){return t.controller.state==="aborted"||t.controller.state==="terminated"}var wb={delete:"DELETE",DELETE:"DELETE",get:"GET",GET:"GET",head:"HEAD",
`||t==="	"||t===" "}function Sb(t,e=!0,r=!0){let n=0,i=t.length-1;if(e)for(;n<t.length&&oO(t[n]);n++);if(r)for(;i>0&&oO(t[i]);i--);return t.slice(n,i+1)}function aO(t){return t==="\r"||t===`
`||t==="	"||t==="\f"||t===" "}function WZ(t,e=!0,r=!0){let n=0,i=t.length-1;if(e)for(;n<t.length&&aO(t[n]);n++);if(r)for(;i>0&&aO(t[i]);i--);return t.slice(n,i+1)}uO.exports={dataURLProcessor:GZ,URLSerializer:AO,collectASequenceOfCodePoints:zm,collectASequenceOfCodePointsFast:Qc,stringPercentDecode:cO,parseMIMEType:xb,collectAnHTTPQuotedString:lO,serializeAMimeType:VZ}});var Gm=h((kOe,mO)=>{"use strict";var{Blob:hO,File:dO}=require("buffer"),{types:vb}=require("util"),{kState:On}=js(),{isBlobLike:gO}=ii(),{webidl:Ve}=Vr(),{parseMIMEType:$Z,serializeAMimeType:KZ}=Hi(),{kEnumerableProperty:fO}=Ue(),XZ=new TextEncoder,Kd=class t extends hO{constructor(e,r,n={}){Ve.argumentLengthCheck(arguments,2,{header:"File constructor"}),e=Ve.converters["sequence<BlobPart>"](e),r=Ve.converters.USVString(r),n=Ve.converters.FilePropertyBag(n);let i=r,s=n.type,o;e:{if(s){if(s=$Z(s),s==="failure"){s="";break e}s=KZ(s).toLowerCase()}o=n.lastModified}super(ZZ(e,n),{type:s}),this[On]={name:i,lastModified:o,type:s}}get name(){return Ve.brandCheck(this,t),this[On].name}get lastModified(){return Ve.brandCheck(this,t),this[On].lastModified}get type(){return Ve.brandCheck(this,t),this[On].type}},Rb=class t{constructor(e,r,n={}){let i=r,s=n.type,o=n.lastModified??Date.now();this[On]={blobLike:e,name:i,type:s,lastModified:o}}stream(...e){return Ve.brandCheck(this,t),this[On].blobLike.stream(...e)}arrayBuffer(...e){return Ve.brandCheck(this,t),this[On].blobLike.arrayBuffer(...e)}slice(...e){return Ve.brandCheck(this,t),this[On].blobLike.slice(...e)}text(...e){return Ve.brandCheck(this,t),this[On].blobLike.text(...e)}get size(){return Ve.brandCheck(this,t),this[On].blobLike.size}get type(){return Ve.brandCheck(this,t),this[On].blobLike.type}get name(){return Ve.brandCheck(this,t),this[On].name}get lastModified(){return Ve.brandCheck(this,t),this[On].lastModified}get[Symbol.toStringTag](){return"File"}};Object.defineProperties(Kd.prototype,{[Symbol.toStringTag]:{value:"File",configurable:!0},name:fO,lastModified:fO});Ve.converters.Blob=Ve.interfaceConverter(hO);Ve.converters.BlobPart=function(t,e){if(Ve.util.Type(t)==="Object"){if(gO(t))return Ve.converters.Blob(t,{strict:!1});if(ArrayBuffer.isView(t)||vb.isAnyArrayBuffer(t))return Ve.converters.BufferSource(t,e)}return Ve.converters.USVString(t,e)};Ve.converters["sequence<BlobPart>"]=Ve.sequenceConverter(Ve.converters.BlobPart);Ve.converters.FilePropertyBag=Ve.dictionaryConverter([{key:"lastModified",converter:Ve.converters["long long"],get defaultValue(){return Date.now()}},{key:"type",converter:Ve.converters.DOMString,defaultValue:""},{key:"endings",converter:t=>(t=Ve.converters.DOMString(t),t=t.toLowerCase(),t!=="native"&&(t="transparent"),t),defaultValue:"transparent"}]);function ZZ(t,e){let r=[];for(let n of t)if(typeof n=="string"){let i=n;e.endings==="native"&&(i=e7(i)),r.push(XZ.encode(i))}else vb.isAnyArrayBuffer(n)||vb.isTypedArray(n)?n.buffer?r.push(new Uint8Array(n.buffer,n.byteOffset,n.byteLength)):r.push(new Uint8Array(n)):gO(n)&&r.push(n);return r}function e7(t){let e=`
`;return process.platform==="win32"&&(e=`\r
`),t.replace(/\r?\n/g,e)}function t7(t){return dO&&t instanceof dO||t instanceof Kd||t&&(typeof t.stream=="function"||typeof t.arrayBuffer=="function")&&t[Symbol.toStringTag]==="File"}mO.exports={File:Kd,FileLike:Rb,isFileLike:t7}});var Jm=h((POe,IO)=>{"use strict";var{isBlobLike:Ym,toUSVString:r7,makeIterator:_b}=ii(),{kState:Lr}=js(),{File:CO,FileLike:pO,isFileLike:n7}=Gm(),{webidl:it}=Vr(),{Blob:i7,File:Db}=require("buffer"),yO=Db??CO,bc=class t{constructor(e){if(e!==void 0)throw it.errors.conversionFailed({prefix:"FormData constructor",argument:"Argument 1",types:["undefined"]});this[Lr]=[]}append(e,r,n=void 0){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,2,{header:"FormData.append"}),arguments.length===3&&!Ym(r))throw new TypeError("Failed to execute 'append' on 'FormData': parameter 2 is not of type 'Blob'");e=it.converters.USVString(e),r=Ym(r)?it.converters.Blob(r,{strict:!1}):it.converters.USVString(r),n=arguments.length===3?it.converters.USVString(n):void 0;let i=EO(e,r,n);this[Lr].push(i)}delete(e){it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.delete"}),e=it.converters.USVString(e),this[Lr]=this[Lr].filter(r=>r.name!==e)}get(e){it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.get"}),e=it.converters.USVString(e);let r=this[Lr].findIndex(n=>n.name===e);return r===-1?null:this[Lr][r].value}getAll(e){return it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.getAll"}),e=it.converters.USVString(e),this[Lr].filter(r=>r.name===e).map(r=>r.value)}has(e){return it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.has"}),e=it.converters.USVString(e),this[Lr].findIndex(r=>r.name===e)!==-1}set(e,r,n=void 0){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,2,{header:"FormData.set"}),arguments.length===3&&!Ym(r))throw new TypeError("Failed to execute 'set' on 'FormData': parameter 2 is not of type 'Blob'");e=it.converters.USVString(e),r=Ym(r)?it.converters.Blob(r,{strict:!1}):it.converters.USVString(r),n=arguments.length===3?r7(n):void 0;let i=EO(e,r,n),s=this[Lr].findIndex(o=>o.name===e);s!==-1?this[Lr]=[...this[Lr].slice(0,s),i,...this[Lr].slice(s+1).filter(o=>o.name!==e)]:this[Lr].push(i)}entries(){return it.brandCheck(this,t),_b(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","key+value")}keys(){return it.brandCheck(this,t),_b(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","key")}values(){return it.brandCheck(this,t),_b(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","value")}forEach(e,r=globalThis){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.forEach"}),typeof e!="function")throw new TypeError("Failed to execute 'forEach' on 'FormData': parameter 1 is not of type 'Function'.");for(let[n,i]of this)e.apply(r,[i,n,this])}};bc.prototype[Symbol.iterator]=bc.prototype.entries;Object.defineProperties(bc.prototype,{[Symbol.toStringTag]:{value:"FormData",configurable:!0}});function EO(t,e,r){if(t=Buffer.from(t).toString("utf8"),typeof e=="string")e=Buffer.from(e).toString("utf8");else if(n7(e)||(e=e instanceof i7?new yO([e],"blob",{type:e.type}):new pO(e,"blob",{type:e.type})),r!==void 0){let n={type:e.type,lastModified:e.lastModified};e=Db&&e instanceof Db||e instanceof CO?new yO([e],r,n):new pO(e,r,n)}return{name:t,value:e}}IO.exports={FormData:bc}});var Xd=h((TOe,RO)=>{"use strict";var s7=FT(),Nc=Ue(),{ReadableStreamFrom:o7,isBlobLike:BO,isReadableStreamLike:a7,readableStreamClose:A7,createDeferredPromise:c7,fullyReadBody:l7}=ii(),{FormData:QO}=Jm(),{kState:Gs}=js(),{webidl:kb}=Vr(),{DOMException:wO,structuredClone:u7}=To(),{Blob:d7,File:f7}=require("buffer"),{kBodyUsed:h7}=It(),Pb=require("assert"),{isErrored:g7}=Ue(),{isUint8Array:SO,isArrayBuffer:m7}=require("util/types"),{File:p7}=Gm(),{parseMIMEType:y7,serializeAMimeType:E7}=Hi(),Tb;try{let t=require("node:crypto");Tb=e=>t.randomInt(0,e)}catch{Tb=t=>Math.floor(Math.random(t))}var zs=globalThis.ReadableStream,bO=f7??p7,Vm=new TextEncoder,C7=new TextDecoder;function xO(t,e=!1){zs||(zs=require("stream/web").ReadableS
Content-Disposition: form-data`;let l=E=>E.replace(/\n/g,"%0A").replace(/\r/g,"%0D").replace(/"/g,"%22"),u=E=>E.replace(/\r?\n|\r/g,`\r
`),d=[],f=new Uint8Array([13,10]);s=0;let g=!1;for(let[E,C]of t)if(typeof C=="string"){let I=Vm.encode(c+`; name="${l(u(E))}"\r
\r
${u(C)}\r
`);d.push(I),s+=I.byteLength}else{let I=Vm.encode(`${c}; name="${l(u(E))}"`+(C.name?`; filename="${l(C.name)}"`:"")+`\r
Content-Type: ${C.type||"application/octet-stream"}\r
\r
`);d.push(I,C,f),typeof C.size=="number"?s+=I.byteLength+C.size+f.byteLength:g=!0}let m=Vm.encode(`--${A}--`);d.push(m),s+=m.byteLength,g&&(s=null),i=t,n=async function*(){for(let E of d)E.stream?yield*E.stream():yield E},o="multipart/form-data; boundary="+A}else if(BO(t))i=t,s=t.size,t.type&&(o=t.type);else if(typeof t[Symbol.asyncIterator]=="function"){if(e)throw new TypeError("keepalive");if(Nc.isDisturbed(t)||t.locked)throw new TypeError("Response body object should not be disturbed or locked");r=t instanceof zs?t:o7(t)}if((typeof i=="string"||Nc.isBuffer(i))&&(s=Buffer.byteLength(i)),n!=null){let A;r=new zs({async start(){A=n(t)[Symbol.asyncIterator]()},async pull(c){let{value:l,done:u}=await A.next();return u?queueMicrotask(()=>{c.close()}):g7(r)||c.enqueue(new Uint8Array(l)),c.desiredSize>0},async cancel(c){await A.return()},type:void 0})}return[{stream:r,source:i,length:s},o]}function I7(t,e=!1){return zs||(zs=require("stream/web").ReadableStream),t instanceof zs&&(Pb(!Nc.isDisturbed(t),"The body has already been consumed."),Pb(!t.locked,"The stream is locked.")),xO(t,e)}function B7(t){let[e,r]=t.stream.tee(),n=u7(r,{transfer:[r]}),[,i]=n.tee();return t.stream=e,{stream:i,length:t.length,source:t.source}}async function*NO(t){if(t)if(SO(t))yield t;else{let e=t.stream;if(Nc.isDisturbed(e))throw new TypeError("The body has already been consumed.");if(e.locked)throw new TypeError("The stream is locked.");e[h7]=!0,yield*e}}function Ob(t){if(t.aborted)throw new wO("The operation was aborted.","AbortError")}function Q7(t){return{blob(){return Wm(this,r=>{let n=S7(this);return n==="failure"?n="":n&&(n=E7(n)),new d7([r],{type:n})},t)},arrayBuffer(){return Wm(this,r=>new Uint8Array(r).buffer,t)},text(){return Wm(this,vO,t)},json(){return Wm(this,w7,t)},async formData(){kb.brandCheck(this,t),Ob(this[Gs]);let r=this.headers.get("Content-Type");if(/multipart\/form-data/.test(r)){let n={};for(let[a,A]of this.headers)n[a.toLowerCase()]=A;let i=new QO,s;try{s=new s7({headers:n,preservePath:!0})}catch(a){throw new wO(`${a}`,"AbortError")}s.on("field",(a,A)=>{i.append(a,A)}),s.on("file",(a,A,c,l,u)=>{let d=[];if(l==="base64"||l.toLowerCase()==="base64"){let f="";A.on("data",g=>{f+=g.toString().replace(/[\r\n]/gm,"");let m=f.length-f.length%4;d.push(Buffer.from(f.slice(0,m),"base64")),f=f.slice(m)}),A.on("end",()=>{d.push(Buffer.from(f,"base64")),i.append(a,new bO(d,c,{type:u}))})}else A.on("data",f=>{d.push(f)}),A.on("end",()=>{i.append(a,new bO(d,c,{type:u}))})});let o=new Promise((a,A)=>{s.on("finish",a),s.on("error",c=>A(new TypeError(c)))});if(this.body!==null)for await(let a of NO(this[Gs].body))s.write(a);return s.end(),await o,i}else if(/application\/x-www-form-urlencoded/.test(r)){let n;try{let s="",o=new TextDecoder("utf-8",{ignoreBOM:!0});for await(let a of NO(this[Gs].body)){if(!SO(a))throw new TypeError("Expected Uint8Array chunk");s+=o.decode(a,{stream:!0})}s+=o.decode(),n=new URLSearchParams(s)}catch(s){throw Object.assign(new TypeError,{cause:s})}let i=new QO;for(let[s,o]of n)i.append(s,o);return i}else throw await Promise.resolve(),Ob(this[Gs]),kb.errors.exception({header:`${t.name}.formData`,message:"Could not parse content as FormData."})}}}function b7(t){Object.assign(t.prototype,Q7(t))}async function Wm(t,e,r){if(kb.brandCheck(t,r),Ob(t[Gs]),N7(t[Gs].body))throw new TypeError("Body is unusable");let n=c7(),i=o=>n.reject(o),s=o=>{try{n.resolve(e(o))}catch(a){i(a)}};return t[Gs].body==null?(s(new Uint8Array),n.promise):(await l7(t[Gs].body,s,i),n.promise)}function N7(t){return t!=null&&(t.stream.locked||Nc.isDisturbed(t.stream))}function vO(t){return t.length===0?"":(t[0]===239&&t[1]===187&&t[2]===191&&(t=t.subarray(3)),C7.decode(t))}function w7(t){return JSON.parse(vO(t))}function S7(t){let{headersList:e}=t[Gs],r=e.get("content-type");return r===null?"failure":y7(r)}RO.exports={extractBody:xO,safelyExtractBody:I7,cloneBody:B7,mixinBody:b7}});var PO=h((OOe,kO)=>{"use strict";var{InvalidArgumentError:gt,NotSupportedError:x7}=At(),Ys=require("assert"),{kHTTP2BuildRequest:v7,kHTTP2CopyHeaders:R7,kHTTP1BuildRequest:
`),this.body=E.stream,this.contentLength=E.length}else an.isBlobLike(i)&&this.contentType==null&&i.type&&(this.contentType=i.type,this.headers+=`content-type: ${i.type}\r
`);an.validateHandler(m,n,c),this.servername=an.getServerName(this.host),this[ji]=m,tr.create.hasSubscribers&&tr.create.publish({request:this})}onBodySent(e){if(this[ji].onBodySent)try{return this[ji].onBodySent(e)}catch(r){this.abort(r)}}onRequestSent(){if(tr.bodySent.hasSubscribers&&tr.bodySent.publish({request:this}),this[ji].onRequestSent)try{return this[ji].onRequestSent()}catch(e){this.abort(e)}}onConnect(e){if(Ys(!this.aborted),Ys(!this.completed),this.error)e(this.error);else return this.abort=e,this[ji].onConnect(e)}onHeaders(e,r,n,i){Ys(!this.aborted),Ys(!this.completed),tr.headers.hasSubscribers&&tr.headers.publish({request:this,response:{statusCode:e,headers:r,statusText:i}});try{return this[ji].onHeaders(e,r,n,i)}catch(s){this.abort(s)}}onData(e){Ys(!this.aborted),Ys(!this.completed);try{return this[ji].onData(e)}catch(r){return this.abort(r),!1}}onUpgrade(e,r,n){return Ys(!this.aborted),Ys(!this.completed),this[ji].onUpgrade(e,r,n)}onComplete(e){this.onFinally(),Ys(!this.aborted),this.completed=!0,tr.trailers.hasSubscribers&&tr.trailers.publish({request:this,trailers:e});try{return this[ji].onComplete(e)}catch(r){this.onError(r)}}onError(e){if(this.onFinally(),tr.error.hasSubscribers&&tr.error.publish({request:this,error:e}),!this.aborted)return this.aborted=!0,this[ji].onError(e)}onFinally(){this.errorHandler&&(this.body.off("error",this.errorHandler),this.errorHandler=null),this.endHandler&&(this.body.off("end",this.endHandler),this.endHandler=null)}addHeader(e,r){return Zd(this,e,r),this}static[_7](e,r,n){return new t(e,r,n)}static[v7](e,r,n){let i=r.headers;r={...r,headers:null};let s=new t(e,r,n);if(s.headers={},Array.isArray(i)){if(i.length%2!==0)throw new gt("headers array must be even");for(let o=0;o<i.length;o+=2)Zd(s,i[o],i[o+1],!0)}else if(i&&typeof i=="object"){let o=Object.keys(i);for(let a=0;a<o.length;a++){let A=o[a];Zd(s,A,i[A],!0)}}else if(i!=null)throw new gt("headers must be an object or an array");return s}static[R7](e){let r=e.split(`\r
`),n={};for(let i of r){let[s,o]=i.split(": ");o==null||o.length===0||(n[s]?n[s]+=`,${o}`:n[s]=o)}return n}};function Ha(t,e,r){if(e&&typeof e=="object")throw new gt(`invalid ${t} header`);if(e=e!=null?`${e}`:"",DO.exec(e)!==null)throw new gt(`invalid ${t} header`);return r?e:`${t}: ${e}\r
`}function Zd(t,e,r,n=!1){if(r&&typeof r=="object"&&!Array.isArray(r))throw new gt(`invalid ${e} header`);if(r===void 0)return;if(t.host===null&&e.length===4&&e.toLowerCase()==="host"){if(DO.exec(r)!==null)throw new gt(`invalid ${e} header`);t.host=r}else if(t.contentLength===null&&e.length===14&&e.toLowerCase()==="content-length"){if(t.contentLength=parseInt(r,10),!Number.isFinite(t.contentLength))throw new gt("invalid content-length header")}else if(t.contentType===null&&e.length===12&&e.toLowerCase()==="content-type")t.contentType=r,n?t.headers[e]=Ha(e,r,n):t.headers+=Ha(e,r);else{if(e.length===17&&e.toLowerCase()==="transfer-encoding")throw new gt("invalid transfer-encoding header");if(e.length===10&&e.toLowerCase()==="connection"){let i=typeof r=="string"?r.toLowerCase():null;if(i!=="close"&&i!=="keep-alive")throw new gt("invalid connection header");i==="close"&&(t.reset=!0)}else{if(e.length===10&&e.toLowerCase()==="keep-alive")throw new gt("invalid keep-alive header");if(e.length===7&&e.toLowerCase()==="upgrade")throw new gt("invalid upgrade header");if(e.length===6&&e.toLowerCase()==="expect")throw new x7("expect header not supported");if(_O.exec(e)===null)throw new gt("invalid header key");if(Array.isArray(r))for(let i=0;i<r.length;i++)n?t.headers[e]?t.headers[e]+=`,${Ha(e,r[i],n)}`:t.headers[e]=Ha(e,r[i],n):t.headers+=Ha(e,r[i]);else n?t.headers[e]=Ha(e,r,n):t.headers+=Ha(e,r)}}}kO.exports=Mb});var $m=h((LOe,TO)=>{"use strict";var k7=require("events"),Fb=class extends k7{dispatch(){throw new Error("not implemented")}close(){throw new Error("not implemented")}destroy(){throw new Error("not implemented")}};TO.exports=Fb});var tf=h((MOe,OO)=>{"use strict";var P7=$m(),{ClientDestroyedError:Ub,ClientClosedError:T7,InvalidArgumentError:wc}=At(),{kDestroy:O7,kClose:L7,kDispatch:qb,kInterceptors:ja}=It(),Sc=Symbol("destroyed"),ef=Symbol("closed"),Js=Symbol("onDestroyed"),xc=Symbol("onClosed"),Km=Symbol("Intercepted Dispatch"),Hb=class extends P7{constructor(){super(),this[Sc]=!1,this[Js]=null,this[ef]=!1,this[xc]=[]}get destroyed(){return this[Sc]}get closed(){return this[ef]}get interceptors(){return this[ja]}set interceptors(e){if(e){for(let r=e.length-1;r>=0;r--)if(typeof this[ja][r]!="function")throw new wc("interceptor must be an function")}this[ja]=e}close(e){if(e===void 0)return new Promise((n,i)=>{this.close((s,o)=>s?i(s):n(o))});if(typeof e!="function")throw new wc("invalid callback");if(this[Sc]){queueMicrotask(()=>e(new Ub,null));return}if(this[ef]){this[xc]?this[xc].push(e):queueMicrotask(()=>e(null,null));return}this[ef]=!0,this[xc].push(e);let r=()=>{let n=this[xc];this[xc]=null;for(let i=0;i<n.length;i++)n[i](null,null)};this[L7]().then(()=>this.destroy()).then(()=>{queueMicrotask(r)})}destroy(e,r){if(typeof e=="function"&&(r=e,e=null),r===void 0)return new Promise((i,s)=>{this.destroy(e,(o,a)=>o?s(o):i(a))});if(typeof r!="function")throw new wc("invalid callback");if(this[Sc]){this[Js]?this[Js].push(r):queueMicrotask(()=>r(null,null));return}e||(e=new Ub),this[Sc]=!0,this[Js]=this[Js]||[],this[Js].push(r);let n=()=>{let i=this[Js];this[Js]=null;for(let s=0;s<i.length;s++)i[s](null,null)};this[O7](e).then(()=>{queueMicrotask(n)})}[Km](e,r){if(!this[ja]||this[ja].length===0)return this[Km]=this[qb],this[qb](e,r);let n=this[qb].bind(this);for(let i=this[ja].length-1;i>=0;i--)n=this[ja][i](n);return this[Km]=n,n(e,r)}dispatch(e,r){if(!r||typeof r!="object")throw new wc("handler must be an object");try{if(!e||typeof e!="object")throw new wc("opts must be an object.");if(this[Sc]||this[Js])throw new Ub;if(this[ef])throw new T7;return this[Km](e,r)}catch(n){if(typeof r.onError!="function")throw new wc("invalid onError method");return r.onError(n),!1}}};OO.exports=Hb});var rf=h((qOe,FO)=>{"use strict";var M7=require("net"),LO=require("assert"),MO=Ue(),{InvalidArgumentError:F7,ConnectTimeoutError:U7}=At(),jb,zb;global.FinalizationRegistry&&!process.env.NODE_V8_COVERAGE?zb=class{constructor(e){this._maxCachedSessions=e,this._sessionCache=new Map,this._sessionRegistry=new global.FinalizationRegistry(r=>{if(this._s
`,this[rL]=A??3e5,this[tL]=i??3e5,this[cf]=I??!0,this[pee]=w,this[lf]=T,this[Lo]=null,this[iL]=k>-1?k:-1,this[us]="h1",this[Mn]=null,this[sp]=ve?{openStreams:0,maxConcurrentStreams:H??100}:null,this[sL]=`${this[vr].hostname}${this[vr].port?`:${this[vr].port}`:""}`,this[Bt]=[],this[Qt]=0,this[Ln]=0}get pipelining(){return this[Fo]}set pipelining(e){this[Fo]=e,Fn(this,!0)}get[Ya](){return this[Bt].length-this[Ln]}get[Dt](){return this[Ln]-this[Qt]}get[Ga](){return this[Bt].length-this[Qt]}get[mee](){return!!this[Ot]&&!this[Rc]&&!this[Ot].destroyed}get[Xb](){let e=this[Ot];return e&&(e[Wr]||e[$s]||e[Dc])||this[Ga]>=(this[Fo]||1)||this[Ya]>0}[gee](e){cL(this),this.once("connect",e)}[Cee](e,r){let n=e.origin||this[vr].origin,i=this[us]==="h2"?Kb[Bee](n,e,r):Kb[bee](n,e,r);return this[Bt].push(i),this[za]||(Ae.bodyLength(i.body)==null&&Ae.isIterable(i.body)?(this[za]=1,process.nextTick(Fn,this)):Fn(this,!0)),this[za]&&this[Mo]!==2&&this[Xb]&&(this[Mo]=2),this[Mo]<2}async[yee](){return new Promise(e=>{this[Ga]?this[Lo]=e:e(null)})}async[Eee](e){return new Promise(r=>{let n=this[Bt].splice(this[Ln]);for(let s=0;s<n.length;s++){let o=n[s];$r(this,o,e)}let i=()=>{this[Lo]&&(this[Lo](),this[Lo]=null),r()};this[Mn]!=null&&(Ae.destroy(this[Mn],e),this[Mn]=null,this[sp]=null),this[Ot]?Ae.destroy(this[Ot].on("close",i),e):queueMicrotask(i),Fn(this)})}};function Dee(t){ee(t.code!=="ERR_TLS_CERT_ALTNAME_INVALID"),this[Ot][Rr]=t,cp(this[ls],t)}function kee(t,e,r){let n=new cs(`HTTP/2: "frameError" received - type ${t}, code ${e}`);r===0&&(this[Ot][Rr]=n,cp(this[ls],n))}function Pee(){Ae.destroy(this,new _c("other side closed")),Ae.destroy(this[Ot],new _c("other side closed"))}function Tee(t){let e=this[ls],r=new cs(`HTTP/2: "GOAWAY" frame received with code ${t}`);if(e[Ot]=null,e[Mn]=null,e.destroyed){ee(this[Ya]===0);let n=e[Bt].splice(e[Qt]);for(let i=0;i<n.length;i++){let s=n[i];$r(this,s,r)}}else if(e[Dt]>0){let n=e[Bt][e[Qt]];e[Bt][e[Qt]++]=null,$r(e,n,r)}e[Ln]=e[Qt],ee(e[Dt]===0),e.emit("disconnect",e[vr],[e],r),Fn(e)}var os=qO(),Oee=ep(),Lee=Buffer.alloc(0);async function Mee(){let t=process.env.JEST_WORKER_ID?Vb():void 0,e;try{e=await WebAssembly.compile(Buffer.from(VO(),"base64"))}catch{e=await WebAssembly.compile(Buffer.from(t||Vb(),"base64"))}return await WebAssembly.instantiate(e,{env:{wasm_on_url:(r,n,i)=>0,wasm_on_status:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-As+as.byteOffset;return or.onStatus(new tp(as.buffer,s,i))||0},wasm_on_message_begin:r=>(ee.strictEqual(or.ptr,r),or.onMessageBegin()||0),wasm_on_header_field:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-As+as.byteOffset;return or.onHeaderField(new tp(as.buffer,s,i))||0},wasm_on_header_value:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-As+as.byteOffset;return or.onHeaderValue(new tp(as.buffer,s,i))||0},wasm_on_headers_complete:(r,n,i,s)=>(ee.strictEqual(or.ptr,r),or.onHeadersComplete(n,!!i,!!s)||0),wasm_on_body:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-As+as.byteOffset;return or.onBody(new tp(as.buffer,s,i))||0},wasm_on_message_complete:r=>(ee.strictEqual(or.ptr,r),or.onMessageComplete()||0)}})}var $b=null,t0=Mee();t0.catch();var or=null,as=null,rp=0,As=null,kc=1,ip=2,r0=3,n0=class{constructor(e,r,{exports:n}){ee(Number.isFinite(e[np])&&e[np]>0),this.llhttp=n,this.ptr=this.llhttp.llhttp_alloc(os.TYPE.RESPONSE),this.client=e,this.socket=r,this.timeout=null,this.timeoutValue=null,this.timeoutType=null,this.statusCode=null,this.statusText="",this.upgrade=!1,this.headers=[],this.headersSize=0,this.headersMaxSize=e[np],this.shouldKeepAlive=!1,this.paused=!1,this.resume=this.resume.bind(this),this.bytesRead=0,this.keepAlive="",this.contentLength="",this.connection="",this.maxResponseSize=e[iL]}setTimeout(e,r){this.timeoutType=r,e!==this.timeoutValue?(Wb.clearTimeout(this.timeout),e?(this.timeout=Wb.setTimeout(Fee,e,this),this.timeout.unref&&this.timeout.unref()):this.timeout=null,this.timeoutValue=e):this.timeout&&this.timeout.refresh&&this.timeout.refresh()}resume(){this.socket.destroyed||!this.paused||(ee(this.ptr!=null),ee(or==null),this.llhttp.llhttp_resume(this.ptr),ee
`;return typeof s=="string"?g+=`host: ${s}\r
`:g+=t[XO],o?g+=`connection: upgrade\r
upgrade: ${o}\r
`:t[Fo]&&!f[Wr]?g+=`connection: keep-alive\r
`:g+=`connection: close\r
`,a&&(g+=a),Mr.sendHeaders.hasSubscribers&&Mr.sendHeaders.publish({request:e,headers:g,socket:f}),!r||u===0?(d===0?f.write(`${g}content-length: 0\r
\r
`,"latin1"):(ee(d===null,"no body must not have content length"),f.write(`${g}\r
`,"latin1")),e.onRequestSent()):Ae.isBuffer(r)?(ee(d===r.byteLength,"buffer body must have content length"),f.cork(),f.write(`${g}content-length: ${d}\r
\r
`,"latin1"),f.write(r),f.uncork(),e.onBodySent(r),e.onRequestSent(),l||(f[Wr]=!0)):Ae.isBlobLike(r)?typeof r.stream=="function"?ap({body:r.stream(),client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):dL({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):Ae.isStream(r)?uL({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):Ae.isIterable(r)?ap({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):ee(!1),!0}function Hee(t,e,r){let{body:n,method:i,path:s,host:o,upgrade:a,expectContinue:A,signal:c,headers:l}=r,u;if(typeof l=="string"?u=Kb[Qee](l.trim()):u=l,a)return $r(t,r,new Error("Upgrade not supported for H2")),!1;try{r.onConnect(I=>{r.aborted||r.completed||$r(t,r,I||new s0)})}catch(I){$r(t,r,I)}if(r.aborted)return!1;let d,f=t[sp];if(u[Nee]=o||t[sL],u[wee]=i,i==="CONNECT")return e.ref(),d=e.request(u,{endStream:!1,signal:c}),d.id&&!d.pending?(r.onUpgrade(null,null,d),++f.openStreams):d.once("ready",()=>{r.onUpgrade(null,null,d),++f.openStreams}),d.once("close",()=>{f.openStreams-=1,f.openStreams===0&&e.unref()}),!0;u[See]=s,u[xee]="https";let g=i==="PUT"||i==="POST"||i==="PATCH";n&&typeof n.read=="function"&&n.read(0);let m=Ae.bodyLength(n);if(m==null&&(m=r.contentLength),(m===0||!g)&&(m=null),lL(i)&&m>0&&r.contentLength!=null&&r.contentLength!==m){if(t[cf])return $r(t,r,new Ws),!1;process.emitWarning(new Ws)}m!=null&&(ee(n,"no body must not have content length"),u[vee]=`${m}`),e.ref();let E=i==="GET"||i==="HEAD";return A?(u[Ree]="100-continue",d=e.request(u,{endStream:E,signal:c}),d.once("continue",C)):(d=e.request(u,{endStream:E,signal:c}),C()),++f.openStreams,d.once("response",I=>{let{[_ee]:N,...w}=I;r.onHeaders(Number(N),w,d.resume.bind(d),"")===!1&&d.pause()}),d.once("end",()=>{r.onComplete([])}),d.on("data",I=>{r.onData(I)===!1&&d.pause()}),d.once("close",()=>{f.openStreams-=1,f.openStreams===0&&e.unref()}),d.once("error",function(I){t[Mn]&&!t[Mn].destroyed&&!this.closed&&!this.destroyed&&(f.streams-=1,Ae.destroy(d,I))}),d.once("frameError",(I,N)=>{let w=new cs(`HTTP/2: "frameError" received - type ${I}, code ${N}`);$r(t,r,w),t[Mn]&&!t[Mn].destroyed&&!this.closed&&!this.destroyed&&(f.streams-=1,Ae.destroy(d,w))}),!0;function C(){n?Ae.isBuffer(n)?(ee(m===n.byteLength,"buffer body must have content length"),d.cork(),d.write(n),d.uncork(),d.end(),r.onBodySent(n),r.onRequestSent()):Ae.isBlobLike(n)?typeof n.stream=="function"?ap({client:t,request:r,contentLength:m,h2stream:d,expectsPayload:g,body:n.stream(),socket:t[Ot],header:""}):dL({body:n,client:t,request:r,contentLength:m,expectsPayload:g,h2stream:d,header:"",socket:t[Ot]}):Ae.isStream(n)?uL({body:n,client:t,request:r,contentLength:m,expectsPayload:g,socket:t[Ot],h2stream:d,header:""}):Ae.isIterable(n)?ap({body:n,client:t,request:r,contentLength:m,expectsPayload:g,header:"",h2stream:d,socket:t[Ot]}):ee(!1):r.onRequestSent()}}function uL({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,header:o,expectsPayload:a}){if(ee(s!==0||r[Dt]===0,"stream body cannot be pipelined"),r[us]==="h2"){let m=function(E){n.onBodySent(E)},g=see(e,t,E=>{E?(Ae.destroy(e,E),Ae.destroy(t,E)):n.onRequestSent()});g.on("data",m),g.once("end",()=>{g.removeListener("data",m),Ae.destroy(g)});return}let A=!1,c=new Ap({socket:i,request:n,contentLength:s,client:r,expectsPayload:a,header:o}),l=function(g){if(!A)try{!c.write(g)&&this.pause&&this.pause()}catch(m){Ae.destroy(this,m)}},u=function(){A||e.resume&&e.resume()},d=function(){if(A)return;let g=new s0;queueMicrotask(()=>f(g))},f=function(g){if(!A){if(A=!0,ee(i.destroyed||i[$s]&&r[Dt]<=1),i.off("drain",u).off("error",f),e.removeListener("data",l).removeListener("end",f).removeListener("error",f).removeListener("close",d),!g)try{c.end()}catch(m){g=m}c.destroy(g),g&&(g.code!=="UND_ERR_INFO"||g.message!=="reset")?Ae.destroy(e,g):Ae.destroy(e)}};e.on("data",l).on("end",f).on("error",f).on("close",d),e.resume&&e.resume(),i.on("drain",u).on("error",f)}async function dL({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,heade
\r
`,"latin1"),i.write(c),i.uncork()),n.onBodySent(c),n.onRequestSent(),a||(i[Wr]=!0),Fn(r)}catch(c){Ae.destroy(A?t:i,c)}}async function ap({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,header:o,expectsPayload:a}){ee(s!==0||r[Dt]===0,"iterator body cannot be pipelined");let A=null;function c(){if(A){let d=A;A=null,d()}}let l=()=>new Promise((d,f)=>{ee(A===null),i[Rr]?f(i[Rr]):A=d});if(r[us]==="h2"){t.on("close",c).on("drain",c);try{for await(let d of e){if(i[Rr])throw i[Rr];let f=t.write(d);n.onBodySent(d),f||await l()}}catch(d){t.destroy(d)}finally{n.onRequestSent(),t.end(),t.off("close",c).off("drain",c)}return}i.on("close",c).on("drain",c);let u=new Ap({socket:i,request:n,contentLength:s,client:r,expectsPayload:a,header:o});try{for await(let d of e){if(i[Rr])throw i[Rr];u.write(d)||await l()}u.end()}catch(d){u.destroy(d)}finally{i.off("close",c).off("drain",c)}}var Ap=class{constructor({socket:e,request:r,contentLength:n,client:i,expectsPayload:s,header:o}){this.socket=e,this.request=r,this.contentLength=n,this.client=i,this.bytesWritten=0,this.expectsPayload=s,this.header=o,e[$s]=!0}write(e){let{socket:r,request:n,contentLength:i,client:s,bytesWritten:o,expectsPayload:a,header:A}=this;if(r[Rr])throw r[Rr];if(r.destroyed)return!1;let c=Buffer.byteLength(e);if(!c)return!0;if(i!==null&&o+c>i){if(s[cf])throw new Ws;process.emitWarning(new Ws)}r.cork(),o===0&&(a||(r[Wr]=!0),i===null?r.write(`${A}transfer-encoding: chunked\r
`,"latin1"):r.write(`${A}content-length: ${i}\r
\r
`,"latin1")),i===null&&r.write(`\r
${c.toString(16)}\r
`,"latin1"),this.bytesWritten+=c;let l=r.write(e);return r.uncork(),n.onBodySent(e),l||r[Tt].timeout&&r[Tt].timeoutType===kc&&r[Tt].timeout.refresh&&r[Tt].timeout.refresh(),l}end(){let{socket:e,contentLength:r,client:n,bytesWritten:i,expectsPayload:s,header:o,request:a}=this;if(a.onRequestSent(),e[$s]=!1,e[Rr])throw e[Rr];if(!e.destroyed){if(i===0?s?e.write(`${o}content-length: 0\r
\r
`,"latin1"):e.write(`${o}\r
`,"latin1"):r===null&&e.write(`\r
0\r
\r
`,"latin1"),r!==null&&i!==r){if(n[cf])throw new Ws;process.emitWarning(new Ws)}e[Tt].timeout&&e[Tt].timeoutType===kc&&e[Tt].timeout.refresh&&e[Tt].timeout.refresh(),Fn(n)}}destroy(e){let{socket:r,client:n}=this;r[$s]=!1,e&&(ee(n[Dt]<=1,"pipeline should only contain this request"),Ae.destroy(r,e))}};function $r(t,e,r){try{e.onError(r),ee(e.aborted)}catch(n){t.emit("error",n)}}fL.exports=e0});var gL=h(($Oe,hL)=>{"use strict";var lp=class{constructor(){this.bottom=0,this.top=0,this.list=new Array(2048),this.next=null}isEmpty(){return this.top===this.bottom}isFull(){return(this.top+1&2047)===this.bottom}push(e){this.list[this.top]=e,this.top=this.top+1&2047}shift(){let e=this.list[this.bottom];return e===void 0?null:(this.list[this.bottom]=void 0,this.bottom=this.bottom+1&2047,e)}};hL.exports=class{constructor(){this.head=this.tail=new lp}isEmpty(){return this.head.isEmpty()}push(e){this.head.isFull()&&(this.head=this.head.next=new lp),this.head.push(e)}shift(){let e=this.tail,r=e.shift();return e.isEmpty()&&e.next!==null&&(this.tail=e.next),r}}});var pL=h((KOe,mL)=>{var{kFree:jee,kConnected:zee,kPending:Gee,kQueued:Yee,kRunning:Jee,kSize:Vee}=It(),Ja=Symbol("pool"),o0=class{constructor(e){this[Ja]=e}get connected(){return this[Ja][zee]}get free(){return this[Ja][jee]}get pending(){return this[Ja][Gee]}get queued(){return this[Ja][Yee]}get running(){return this[Ja][Jee]}get size(){return this[Ja][Vee]}};mL.exports=o0});var d0=h((XOe,SL)=>{"use strict";var Wee=tf(),$ee=gL(),{kConnected:a0,kSize:yL,kRunning:EL,kPending:CL,kQueued:df,kBusy:Kee,kFree:Xee,kUrl:Zee,kClose:ete,kDestroy:tte,kDispatch:rte}=It(),nte=pL(),An=Symbol("clients"),Kr=Symbol("needDrain"),ff=Symbol("queue"),A0=Symbol("closed resolve"),c0=Symbol("onDrain"),IL=Symbol("onConnect"),BL=Symbol("onDisconnect"),QL=Symbol("onConnectionError"),l0=Symbol("get dispatcher"),NL=Symbol("add client"),wL=Symbol("remove client"),bL=Symbol("stats"),u0=class extends Wee{constructor(){super(),this[ff]=new $ee,this[An]=[],this[df]=0;let e=this;this[c0]=function(n,i){let s=e[ff],o=!1;for(;!o;){let a=s.shift();if(!a)break;e[df]--,o=!this.dispatch(a.opts,a.handler)}this[Kr]=o,!this[Kr]&&e[Kr]&&(e[Kr]=!1,e.emit("drain",n,[e,...i])),e[A0]&&s.isEmpty()&&Promise.all(e[An].map(a=>a.close())).then(e[A0])},this[IL]=(r,n)=>{e.emit("connect",r,[e,...n])},this[BL]=(r,n,i)=>{e.emit("disconnect",r,[e,...n],i)},this[QL]=(r,n,i)=>{e.emit("connectionError",r,[e,...n],i)},this[bL]=new nte(this)}get[Kee](){return this[Kr]}get[a0](){return this[An].filter(e=>e[a0]).length}get[Xee](){return this[An].filter(e=>e[a0]&&!e[Kr]).length}get[CL](){let e=this[df];for(let{[CL]:r}of this[An])e+=r;return e}get[EL](){let e=0;for(let{[EL]:r}of this[An])e+=r;return e}get[yL](){let e=this[df];for(let{[yL]:r}of this[An])e+=r;return e}get stats(){return this[bL]}async[ete](){return this[ff].isEmpty()?Promise.all(this[An].map(e=>e.close())):new Promise(e=>{this[A0]=e})}async[tte](e){for(;;){let r=this[ff].shift();if(!r)break;r.handler.onError(e)}return Promise.all(this[An].map(r=>r.destroy(e)))}[rte](e,r){let n=this[l0]();return n?n.dispatch(e,r)||(n[Kr]=!0,this[Kr]=!this[l0]()):(this[Kr]=!0,this[ff].push({opts:e,handler:r}),this[df]++),!this[Kr]}[NL](e){return e.on("drain",this[c0]).on("connect",this[IL]).on("disconnect",this[BL]).on("connectionError",this[QL]),this[An].push(e),this[Kr]&&process.nextTick(()=>{this[Kr]&&this[c0](e[Zee],[this,e])}),this}[wL](e){e.close(()=>{let r=this[An].indexOf(e);r!==-1&&this[An].splice(r,1)}),this[Kr]=this[An].some(r=>!r[Kr]&&r.closed!==!0&&r.destroyed!==!0)}};SL.exports={PoolBase:u0,kClients:An,kNeedDrain:Kr,kAddClient:NL,kRemoveClient:wL,kGetDispatcher:l0}});var Pc=h((ZOe,RL)=>{"use strict";var{PoolBase:ite,kClients:up,kNeedDrain:ste,kAddClient:ote,kGetDispatcher:ate}=d0(),Ate=uf(),{InvalidArgumentError:f0}=At(),h0=Ue(),{kUrl:xL,kInterceptors:cte}=It(),lte=rf(),g0=Symbol("options"),m0=Symbol("connections"),vL=Symbol("factory");function ute(t,e){return new Ate(t,e)}var p0=class extends ite{constructor(e,{connections:r,factory:n=ute,connect:i,connectTimeout:s,tls:o,maxCachedSessions
${n.count} ${n.noun} ${n.is} pending:

${e.format(r)}
`.trim())}};AF.exports=tN});var gF=h((bLe,hF)=>{"use strict";var{kProxy:dne,kClose:fne,kDestroy:hne,kInterceptors:gne}=It(),{URL:lF}=require("url"),uF=gf(),mne=Pc(),pne=tf(),{InvalidArgumentError:Cf,RequestAbortedError:yne}=At(),dF=rf(),yf=Symbol("proxy agent"),Dp=Symbol("proxy client"),Ef=Symbol("proxy headers"),rN=Symbol("request tls settings"),Ene=Symbol("proxy tls settings"),fF=Symbol("connect endpoint function");function Cne(t){return t==="https:"?443:80}function Ine(t){if(typeof t=="string"&&(t={uri:t}),!t||!t.uri)throw new Cf("Proxy opts.uri is mandatory");return{uri:t.uri,protocol:t.protocol||"https"}}function Bne(t,e){return new mne(t,e)}var nN=class extends pne{constructor(e){if(super(e),this[dne]=Ine(e),this[yf]=new uF(e),this[gne]=e.interceptors&&e.interceptors.ProxyAgent&&Array.isArray(e.interceptors.ProxyAgent)?e.interceptors.ProxyAgent:[],typeof e=="string"&&(e={uri:e}),!e||!e.uri)throw new Cf("Proxy opts.uri is mandatory");let{clientFactory:r=Bne}=e;if(typeof r!="function")throw new Cf("Proxy opts.clientFactory must be a function.");this[rN]=e.requestTls,this[Ene]=e.proxyTls,this[Ef]=e.headers||{};let n=new lF(e.uri),{origin:i,port:s,host:o,username:a,password:A}=n;if(e.auth&&e.token)throw new Cf("opts.auth cannot be used in combination with opts.token");e.auth?this[Ef]["proxy-authorization"]=`Basic ${e.auth}`:e.token?this[Ef]["proxy-authorization"]=e.token:a&&A&&(this[Ef]["proxy-authorization"]=`Basic ${Buffer.from(`${decodeURIComponent(a)}:${decodeURIComponent(A)}`).toString("base64")}`);let c=dF({...e.proxyTls});this[fF]=dF({...e.requestTls}),this[Dp]=r(n,{connect:c}),this[yf]=new uF({...e,connect:async(l,u)=>{let d=l.host;l.port||(d+=`:${Cne(l.protocol)}`);try{let{socket:f,statusCode:g}=await this[Dp].connect({origin:i,port:s,path:d,signal:l.signal,headers:{...this[Ef],host:o}});if(g!==200&&(f.on("error",()=>{}).destroy(),u(new yne(`Proxy response (${g}) !== 200 when HTTP Tunneling`))),l.protocol!=="https:"){u(null,f);return}let m;this[rN]?m=this[rN].servername:m=l.servername,this[fF]({...l,servername:m,httpSocket:f},u)}catch(f){u(f)}}})}dispatch(e,r){let{host:n}=new lF(e.origin),i=Qne(e.headers);return bne(i),this[yf].dispatch({...e,headers:{...i,host:n}},r)}async[fne](){await this[yf].close(),await this[Dp].close()}async[hne](){await this[yf].destroy(),await this[Dp].destroy()}};function Qne(t){if(Array.isArray(t)){let e={};for(let r=0;r<t.length;r+=2)e[t[r]]=t[r+1];return e}return t}function bne(t){if(t&&Object.keys(t).find(r=>r.toLowerCase()==="proxy-authorization"))throw new Cf("Proxy-Authorization should be sent in ProxyAgent constructor")}hF.exports=nN});var CF=h((NLe,EF)=>{var Za=require("assert"),{kRetryHandlerDefaultRetry:mF}=It(),{RequestRetryError:kp}=At(),{isDisturbed:pF,parseHeaders:Nne,parseRangeHeader:yF}=Ue();function wne(t){let e=Date.now();return new Date(t).getTime()-e}var iN=class t{constructor(e,r){let{retryOptions:n,...i}=e,{retry:s,maxRetries:o,maxTimeout:a,minTimeout:A,timeoutFactor:c,methods:l,errorCodes:u,retryAfter:d,statusCodes:f}=n??{};this.dispatch=r.dispatch,this.handler=r.handler,this.opts=i,this.abort=null,this.aborted=!1,this.retryOpts={retry:s??t[mF],retryAfter:d??!0,maxTimeout:a??30*1e3,timeout:A??500,timeoutFactor:c??2,maxRetries:o??5,methods:l??["GET","HEAD","OPTIONS","PUT","DELETE","TRACE"],statusCodes:f??[500,502,503,504,429],errorCodes:u??["ECONNRESET","ECONNREFUSED","ENOTFOUND","ENETDOWN","ENETUNREACH","EHOSTDOWN","EHOSTUNREACH","EPIPE"]},this.retryCount=0,this.start=0,this.end=null,this.etag=null,this.resume=null,this.handler.onConnect(g=>{this.aborted=!0,this.abort?this.abort(g):this.reason=g})}onRequestSent(){this.handler.onRequestSent&&this.handler.onRequestSent()}onUpgrade(e,r,n){this.handler.onUpgrade&&this.handler.onUpgrade(e,r,n)}onConnect(e){this.aborted?e(this.reason):this.abort=e}onBodySent(e){if(this.handler.onBodySent)return this.handler.onBodySent(e)}static[mF](e,{state:r,opts:n},i){let{statusCode:s,code:o,headers:a}=e,{method:A,retryOptions:c}=n,{maxRetries:l,timeout:u,maxTimeout:d,timeoutFactor:f,statusCodes:g,errorCodes:m,methods:E}=c,{count
 
        Error Code : ${o.statusCode}
 
        Error Message: ${o.message}`)})).result)===null||r===void 0?void 0:r.value;if(!s)throw new Error("Response json body do not have ID Token field");return s})}static getIDToken(e){return v1(this,void 0,void 0,function*(){try{let r=t.getIDTokenUrl();if(e){let i=encodeURIComponent(e);r=`${r}&audience=${i}`}(0,R1.debug)(`ID token url is ${r}`);let n=yield t.getCall(r);return(0,R1.setSecret)(n),n}catch(r){throw new Error(`Error message: ${r.message}`)}})}};sl.OidcClient=JN});var KN=h(fn=>{"use strict";var VN=fn&&fn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(fn,"__esModule",{value:!0});fn.summary=fn.markdownSummary=fn.SUMMARY_DOCS_URL=fn.SUMMARY_ENV_VAR=void 0;var mae=require("os"),WN=require("fs"),{access:pae,appendFile:yae,writeFile:Eae}=WN.promises;fn.SUMMARY_ENV_VAR="GITHUB_STEP_SUMMARY";fn.SUMMARY_DOCS_URL="https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary";var $N=class{constructor(){this._buffer=""}filePath(){return VN(this,void 0,void 0,function*(){if(this._filePath)return this._filePath;let e=process.env[fn.SUMMARY_ENV_VAR];if(!e)throw new Error(`Unable to find environment variable for $${fn.SUMMARY_ENV_VAR}. Check if your runtime environment supports job summaries.`);try{yield pae(e,WN.constants.R_OK|WN.constants.W_OK)}catch{throw new Error(`Unable to access summary file: '${e}'. Check if the file has correct read/write permissions.`)}return this._filePath=e,this._filePath})}wrap(e,r,n={}){let i=Object.entries(n).map(([s,o])=>` ${s}="${o}"`).join("");return r?`<${e}${i}>${r}</${e}>`:`<${e}${i}>`}write(e){return VN(this,void 0,void 0,function*(){let r=!!e?.overwrite,n=yield this.filePath();return yield(r?Eae:yae)(n,this._buffer,{encoding:"utf8"}),this.emptyBuffer()})}clear(){return VN(this,void 0,void 0,function*(){return this.emptyBuffer().write({overwrite:!0})})}stringify(){return this._buffer}isEmptyBuffer(){return this._buffer.length===0}emptyBuffer(){return this._buffer="",this}addRaw(e,r=!1){return this._buffer+=e,r?this.addEOL():this}addEOL(){return this.addRaw(mae.EOL)}addCodeBlock(e,r){let n=Object.assign({},r&&{lang:r}),i=this.wrap("pre",this.wrap("code",e),n);return this.addRaw(i).addEOL()}addList(e,r=!1){let n=r?"ol":"ul",i=e.map(o=>this.wrap("li",o)).join(""),s=this.wrap(n,i);return this.addRaw(s).addEOL()}addTable(e){let r=e.map(i=>{let s=i.map(o=>{if(typeof o=="string")return this.wrap("td",o);let{header:a,data:A,colspan:c,rowspan:l}=o,u=a?"th":"td",d=Object.assign(Object.assign({},c&&{colspan:c}),l&&{rowspan:l});return this.wrap(u,A,d)}).join("");return this.wrap("tr",s)}).join(""),n=this.wrap("table",r);return this.addRaw(n).addEOL()}addDetails(e,r){let n=this.wrap("details",this.wrap("summary",e)+r);return this.addRaw(n).addEOL()}addImage(e,r,n){let{width:i,height:s}=n||{},o=Object.assign(Object.assign({},i&&{width:i}),s&&{height:s}),a=this.wrap("img",null,Object.assign({src:e,alt:r},o));return this.addRaw(a).addEOL()}addHeading(e,r){let n=`h${r}`,i=["h1","h2","h3","h4","h5","h6"].includes(n)?n:"h1",s=this.wrap(i,e);return this.addRaw(s).addEOL()}addSeparator(){let e=this.wrap("hr",null);return this.addRaw(e).addEOL()}addBreak(){let e=this.wrap("br",null);return this.addRaw(e).addEOL()}addQuote(e,r){let n=Object.assign({},r&&{cite:r}),i=this.wrap("blockquote",e,n);return this.addRaw(i).addEOL()}addLink(e,r){let n=this.wrap("a",e,{href:r});return this.addRaw(n).addEOL()}},D1=new $N;fn.markdownSummary=D1;fn.summary=D1});var k1=h(hn=>{"use strict";var Cae=hn&&hn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]}
`);return{name:e,version:r}});qe.platform=K1.default.platform();qe.arch=K1.default.arch();qe.isWindows=qe.platform==="win32";qe.isMacOS=qe.platform==="darwin";qe.isLinux=qe.platform==="linux";function sAe(){return xy(this,void 0,void 0,function*(){return Object.assign(Object.assign({},yield qe.isWindows?rAe():qe.isMacOS?nAe():iAe()),{platform:qe.platform,arch:qe.arch,isWindows:qe.isWindows,isMacOS:qe.isMacOS,isLinux:qe.isLinux})})}qe.getDetails=sAe});var at=h(te=>{"use strict";var oAe=te&&te.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),aAe=te&&te.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),iw=te&&te.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&oAe(e,t,r);return aAe(e,t),e},Z1=te&&te.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(te,"__esModule",{value:!0});te.platform=te.toPlatformPath=te.toWin32Path=te.toPosixPath=te.markdownSummary=te.summary=te.getIDToken=te.getState=te.saveState=te.group=te.endGroup=te.startGroup=te.info=te.notice=te.warning=te.error=te.debug=te.isDebug=te.setFailed=te.setCommandEcho=te.setOutput=te.getBooleanInput=te.getMultilineInput=te.getInput=te.addPath=te.setSecret=te.exportVariable=te.ExitCode=void 0;var ui=DP(),aA=TP(),al=xm(),eq=iw(require("os")),AAe=iw(require("path")),cAe=_1(),nw;(function(t){t[t.Success=0]="Success",t[t.Failure=1]="Failure"})(nw||(te.ExitCode=nw={}));function lAe(t,e){let r=(0,al.toCommandValue)(e);if(process.env[t]=r,process.env.GITHUB_ENV||"")return(0,aA.issueFileCommand)("ENV",(0,aA.prepareKeyValueMessage)(t,e));(0,ui.issueCommand)("set-env",{name:t},r)}te.exportVariable=lAe;function uAe(t){(0,ui.issueCommand)("add-mask",{},t)}te.setSecret=uAe;function dAe(t){process.env.GITHUB_PATH||""?(0,aA.issueFileCommand)("PATH",t):(0,ui.issueCommand)("add-path",{},t),process.env.PATH=`${t}${AAe.delimiter}${process.env.PATH}`}te.addPath=dAe;function sw(t,e){let r=process.env[`INPUT_${t.replace(/ /g,"_").toUpperCase()}`]||"";if(e&&e.required&&!r)throw new Error(`Input required and not supplied: ${t}`);return e&&e.trimWhitespace===!1?r:r.trim()}te.getInput=sw;function fAe(t,e){let r=sw(t,e).split(`
`).filter(n=>n!=="");return e&&e.trimWhitespace===!1?r:r.map(n=>n.trim())}te.getMultilineInput=fAe;function hAe(t,e){let r=["true","True","TRUE"],n=["false","False","FALSE"],i=sw(t,e);if(r.includes(i))return!0;if(n.includes(i))return!1;throw new TypeError(`Input does not meet YAML 1.2 "Core Schema" specification: ${t}
Support boolean input list: \`true | True | TRUE | false | False | FALSE\``)}te.getBooleanInput=hAe;function gAe(t,e){if(process.env.GITHUB_OUTPUT||"")return(0,aA.issueFileCommand)("OUTPUT",(0,aA.prepareKeyValueMessage)(t,e));process.stdout.write(eq.EOL),(0,ui.issueCommand)("set-output",{name:t},(0,al.toCommandValue)(e))}te.setOutput=gAe;function mAe(t){(0,ui.issue)("echo",t?"on":"off")}te.setCommandEcho=mAe;function pAe(t){process.exitCode=nw.Failure,tq(t)}te.setFailed=pAe;function yAe(){return process.env.RUNNER_DEBUG==="1"}te.isDebug=yAe;function EAe(t){(0,ui.issueCommand)("debug",{},t)}te.debug=EAe;function tq(t,e={}){(0,ui.issueCommand)("error",(0,al.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.error=tq;function CAe(t,e={}){(0,ui.issueCommand)("warning",(0,al.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.warning=CAe;function IAe(t,e={}){(0,ui.issueCommand)("notice",(0,al.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.notice=IAe;function BAe(t){process.stdout.write(t+eq.EOL)}te.info=BAe;function rq(t){(0,ui.issue)("group",t)}te.startGroup=rq;function nq(){(0,ui.issue)("endgroup")}te.endGroup=nq;function QAe(t,e){return Z1(this,void 0,void 0,function*(){rq(t);let r;try{r=yield e()}finally{nq()}return r})}te.group=QAe;function bAe(t,e){if(process.env.GITHUB_STATE||"")return(0,aA.issueFileCommand)("STATE",(0,aA.prepareKeyValueMessage)(t,e));(0,ui.issueCommand)("save-state",{name:t},(0,al.toCommandValue)(e))}te.saveState=bAe;function NAe(t){return process.env[`STATE_${t}`]||""}te.getState=NAe;function wAe(t){return Z1(this,void 0,void 0,function*(){return yield cAe.OidcClient.getIDToken(t)})}te.getIDToken=wAe;var SAe=KN();Object.defineProperty(te,"summary",{enumerable:!0,get:function(){return SAe.summary}});var xAe=KN();Object.defineProperty(te,"markdownSummary",{enumerable:!0,get:function(){return xAe.markdownSummary}});var ow=k1();Object.defineProperty(te,"toPosixPath",{enumerable:!0,get:function(){return ow.toPosixPath}});Object.defineProperty(te,"toWin32Path",{enumerable:!0,get:function(){return ow.toWin32Path}});Object.defineProperty(te,"toPlatformPath",{enumerable:!0,get:function(){return ow.toPlatformPath}});te.platform=iw(X1())});var iq=h(Es=>{"use strict";var vAe=Es&&Es.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),RAe=Es&&Es.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),_Ae=Es&&Es.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&vAe(e,t,r);return RAe(e,t),e};Object.defineProperty(Es,"__esModule",{value:!0});Es.getOptions=void 0;var aw=_Ae(at());function DAe(t){let e={followSymbolicLinks:!0,implicitDescendants:!0,omitBrokenSymbolicLinks:!0};return t&&(typeof t.followSymbolicLinks=="boolean"&&(e.followSymbolicLinks=t.followSymbolicLinks,aw.debug(`followSymbolicLinks '${e.followSymbolicLinks}'`)),typeof t.implicitDescendants=="boolean"&&(e.implicitDescendants=t.implicitDescendants,aw.debug(`implicitDescendants '${e.implicitDescendants}'`)),typeof t.omitBrokenSymbolicLinks=="boolean"&&(e.omitBrokenSymbolicLinks=t.omitBrokenSymbolicLinks,aw.debug(`omitBrokenSymbolicLinks '${e.omitBrokenSymbolicLinks}'`))),e}Es.getOptions=DAe});var Ry=h(Mt=>{"use strict";var kAe=Mt&&Mt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),PAe=Mt&&Mt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),TAe=Mt&&Mt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&kAe(e,t,r);return PAe(e,t),e},OAe=Mt&&Mt.__importDefault||function(t){return t&&t.__esModule?t:{defa
   %s`,R,R,I,n);var T=I.type==="*"?fw:I.type==="?"?dw:"\\"+I.type;i=!0,n=n.slice(0,I.reStart)+T+"\\("+R}g(),s&&(n+="\\\\");var U=!1;switch(n.charAt(0)){case"[":case".":case"(":U=!0}for(var k=a.length-1;k>-1;k--){var J=a[k],be=n.slice(0,J.reStart),ve=n.slice(J.reStart,J.reEnd-8),H=n.slice(J.reEnd-8,J.reEnd),_e=n.slice(J.reEnd);H+=_e;var rt=be.split("(").length-1,Or=_e;for(m=0;m<rt;m++)Or=Or.replace(/\)[+*?]?/,"");_e=Or;var fr="";_e===""&&e!==Dy&&(fr="$");var So=be+ve+_e+fr+H;n=So}if(n!==""&&i&&(n="(?=.)"+n),U&&(n=d+n),e===Dy)return[n,i];if(!i)return fce(t);var xo=r.nocase?"i":"";try{var Li=new RegExp("^"+n+"$",xo)}catch{return new RegExp("$.")}return Li._glob=t,Li._src=n,Li}Yn.makeRe=function(t,e){return new Dr(t,e||{}).makeRe()};Dr.prototype.makeRe=dce;function dce(){if(this.regexp||this.regexp===!1)return this.regexp;var t=this.set;if(!t.length)return this.regexp=!1,this.regexp;var e=this.options,r=e.noglobstar?fw:e.dot?ice:sce,n=e.nocase?"i":"",i=t.map(function(s){return s.map(function(o){return o===hw?r:typeof o=="string"?hce(o):o._src}).join("\\/")}).join("|");i="^(?:"+i+")$",this.negate&&(i="^(?!"+i+").*$");try{this.regexp=new RegExp(i,n)}catch{this.regexp=!1}return this.regexp}Yn.match=function(t,e,r){r=r||{};var n=new Dr(e,r);return t=t.filter(function(i){return n.match(i)}),n.options.nonull&&!t.length&&t.push(e),t};Dr.prototype.match=function(e,r){if(typeof r>"u"&&(r=this.partial),this.debug("match",e,this.pattern),this.comment)return!1;if(this.empty)return e==="";if(e==="/"&&r)return!0;var n=this.options;Lf.sep!=="/"&&(e=e.split(Lf.sep).join("/")),e=e.split(Nq),this.debug(this.pattern,"split",e);var i=this.set;this.debug(this.pattern,"set",i);var s,o;for(o=e.length-1;o>=0&&(s=e[o],!s);o--);for(o=0;o<i.length;o++){var a=i[o],A=e;n.matchBase&&a.length===1&&(A=[s]);var c=this.matchOne(A,a,r);if(c)return n.flipNegate?!0:!this.negate}return n.flipNegate?!1:this.negate};Dr.prototype.matchOne=function(t,e,r){var n=this.options;this.debug("matchOne",{this:this,file:t,pattern:e}),this.debug("matchOne",t.length,e.length);for(var i=0,s=0,o=t.length,a=e.length;i<o&&s<a;i++,s++){this.debug("matchOne loop");var A=e[s],c=t[i];if(this.debug(e,A,c),A===!1)return!1;if(A===hw){this.debug("GLOBSTAR",[e,A,c]);var l=i,u=s+1;if(u===a){for(this.debug("** at the end");i<o;i++)if(t[i]==="."||t[i]===".."||!n.dot&&t[i].charAt(0)===".")return!1;return!0}for(;l<o;){var d=t[l];if(this.debug(`
globstar while`,t,l,e,u,d),this.matchOne(t.slice(l),e.slice(u),r))return this.debug("globstar found match!",l,o,d),!0;if(d==="."||d===".."||!n.dot&&d.charAt(0)==="."){this.debug("dot detected!",t,l,e,u);break}this.debug("globstar swallow a segment, and continue"),l++}return!!(r&&(this.debug(`
>>> no match, partial?`,t,l,e,u),l===o))}var f;if(typeof A=="string"?(f=c===A,this.debug("string match",A,c,f)):(f=c.match(A),this.debug("pattern match",A,c,f)),!f)return!1}if(i===o&&s===a)return!0;if(i===o)return r;if(s===a)return i===o-1&&t[i]==="";throw new Error("wtf?")};function fce(t){return t.replace(/\\(.)/g,"$1")}function hce(t){return t.replace(/[-[\]{}()*+?.,\\^$|#\s]/g,"\\$&")}});var vq=h(di=>{"use strict";var gce=di&&di.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),mce=di&&di.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),xq=di&&di.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&gce(e,t,r);return mce(e,t),e},pce=di&&di.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(di,"__esModule",{value:!0});di.Path=void 0;var Mf=xq(require("path")),Wo=xq(Ry()),Ff=pce(require("assert")),yce=process.platform==="win32",mw=class{constructor(e){if(this.segments=[],typeof e=="string")if(Ff.default(e,"Parameter 'itemPath' must not be empty"),e=Wo.safeTrimTrailingSeparator(e),!Wo.hasRoot(e))this.segments=e.split(Mf.sep);else{let r=e,n=Wo.dirname(r);for(;n!==r;){let i=Mf.basename(r);this.segments.unshift(i),r=n,n=Wo.dirname(r)}this.segments.unshift(r)}else{Ff.default(e.length>0,"Parameter 'itemPath' must not be an empty array");for(let r=0;r<e.length;r++){let n=e[r];Ff.default(n,"Parameter 'itemPath' must not contain any empty segments"),n=Wo.normalizeSeparators(e[r]),r===0&&Wo.hasRoot(n)?(n=Wo.safeTrimTrailingSeparator(n),Ff.default(n===Wo.dirname(n),"Parameter 'itemPath' root segment contains information for multiple segments"),this.segments.push(n)):(Ff.default(!n.includes(Mf.sep),"Parameter 'itemPath' contains unexpected path separators"),this.segments.push(n))}}}toString(){let e=this.segments[0],r=e.endsWith(Mf.sep)||yce&&/^[A-Z]:$/i.test(e);for(let n=1;n<this.segments.length;n++)r?r=!1:e+=Mf.sep,e+=this.segments[n];return e}};di.Path=mw});var Rq=h(fi=>{"use strict";var Ece=fi&&fi.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Cce=fi&&fi.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Ew=fi&&fi.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&Ece(e,t,r);return Cce(e,t),e},Ice=fi&&fi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(fi,"__esModule",{value:!0});fi.Pattern=void 0;var Bce=Ew(require("os")),Uf=Ew(require("path")),En=Ew(Ry()),cA=Ice(require("assert")),Qce=gw(),pw=_y(),Py=vq(),to=process.platform==="win32",yw=class t{constructor(e,r=!1,n,i){this.negate=!1;let s;if(typeof e=="string")s=e.trim();else{n=n||[],cA.default(n.length,"Parameter 'segments' must not empty");let c=t.getLiteral(n[0]);cA.default(c&&En.hasAbsoluteRoot(c),"Parameter 'segments' first element must be a root path"),s=new Py.Path(n).toString().trim(),e&&(s=`!${s}`)}for(;s.startsWith("!");)this.negate=!this.negate,s=s.substr(1).trim();s=t.fixupPattern(s,i),this.segments=new Py.Path(s).segments,this.trailingSeparator=En.normalizeSeparators(s).endsWith(Uf.sep),s=En.safeTrimTrailingSeparator(s);let o=!1,a=this.segments.map(c=>t.getLiteral(c)).filter(c=>!o&&!(o=c===""));this.searchPath=new Py.Path(a).toString(),this.rootRegExp=new RegExp(t.regExpEscape(a[0]),to?"i":""),this.isImplicitPattern=r;let A={dot:!0,nobrace:!0,nocase:to,nocomment:!0,noext:!0,nonegate:!0};s=to?s.replace(/\\/g,"/"):s,this.minimatch=new Qce.Minimatch(s,A)}match(e){return this.segments[this.segments.length-1]==="**"?(e=En.normalizeSeparators(e),!e.endsWith(Uf.sep)&&th
`),e=e.replace(/\r/g,`
`));let i=e.split(`
`).map(s=>s.trim());for(let s of i)!s||s.startsWith("#")||n.patterns.push(new Pq.Pattern(s));return n.searchPaths.push(...Oy.getSearchPaths(n.patterns)),n})}static stat(e,r,n){return Iw(this,void 0,void 0,function*(){let i;if(r.followSymbolicLinks)try{i=yield qf.promises.stat(e.path)}catch(s){if(s.code==="ENOENT"){if(r.omitBrokenSymbolicLinks){Bw.debug(`Broken symlink '${e.path}'`);return}throw new Error(`No information found for the path '${e.path}'. This may indicate a broken symbolic link.`)}throw s}else i=yield qf.promises.lstat(e.path);if(i.isDirectory()&&r.followSymbolicLinks){let s=yield qf.promises.realpath(e.path);for(;n.length>=e.level;)n.pop();if(n.some(o=>o===s)){Bw.debug(`Symlink cycle detected for path '${e.path}' and realpath '${s}'`);return}n.push(s)}return i})}};gr.DefaultGlobber=Qw});var Lq=h(cl=>{"use strict";var Rce=cl&&cl.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(cl,"__esModule",{value:!0});cl.create=void 0;var _ce=Oq();function Dce(t,e){return Rce(this,void 0,void 0,function*(){return yield _ce.DefaultGlobber.create(t,e)})}cl.create=Dce});var jq=h((ye,Hq)=>{ye=Hq.exports=xe;var Ke;typeof process=="object"&&process.env&&process.env.NODE_DEBUG&&/\bsemver\b/i.test(process.env.NODE_DEBUG)?Ke=function(){var t=Array.prototype.slice.call(arguments,0);t.unshift("SEMVER"),console.log.apply(console,t)}:Ke=function(){};ye.SEMVER_SPEC_VERSION="2.0.0";var jf=256,Ly=Number.MAX_SAFE_INTEGER||9007199254740991,bw=16,kce=jf-6,ll=ye.re=[],$e=ye.safeRe=[],D=ye.src=[],x=ye.tokens={},Uq=0;function De(t){x[t]=Uq++}var ww="[a-zA-Z0-9-]",Nw=[["\\s",1],["\\d",jf],[ww,kce]];function Gf(t){for(var e=0;e<Nw.length;e++){var r=Nw[e][0],n=Nw[e][1];t=t.split(r+"*").join(r+"{0,"+n+"}").split(r+"+").join(r+"{1,"+n+"}")}return t}De("NUMERICIDENTIFIER");D[x.NUMERICIDENTIFIER]="0|[1-9]\\d*";De("NUMERICIDENTIFIERLOOSE");D[x.NUMERICIDENTIFIERLOOSE]="\\d+";De("NONNUMERICIDENTIFIER");D[x.NONNUMERICIDENTIFIER]="\\d*[a-zA-Z-]"+ww+"*";De("MAINVERSION");D[x.MAINVERSION]="("+D[x.NUMERICIDENTIFIER]+")\\.("+D[x.NUMERICIDENTIFIER]+")\\.("+D[x.NUMERICIDENTIFIER]+")";De("MAINVERSIONLOOSE");D[x.MAINVERSIONLOOSE]="("+D[x.NUMERICIDENTIFIERLOOSE]+")\\.("+D[x.NUMERICIDENTIFIERLOOSE]+")\\.("+D[x.NUMERICIDENTIFIERLOOSE]+")";De("PRERELEASEIDENTIFIER");D[x.PRERELEASEIDENTIFIER]="(?:"+D[x.NUMERICIDENTIFIER]+"|"+D[x.NONNUMERICIDENTIFIER]+")";De("PRERELEASEIDENTIFIERLOOSE");D[x.PRERELEASEIDENTIFIERLOOSE]="(?:"+D[x.NUMERICIDENTIFIERLOOSE]+"|"+D[x.NONNUMERICIDENTIFIER]+")";De("PRERELEASE");D[x.PRERELEASE]="(?:-("+D[x.PRERELEASEIDENTIFIER]+"(?:\\."+D[x.PRERELEASEIDENTIFIER]+")*))";De("PRERELEASELOOSE");D[x.PRERELEASELOOSE]="(?:-?("+D[x.PRERELEASEIDENTIFIERLOOSE]+"(?:\\."+D[x.PRERELEASEIDENTIFIERLOOSE]+")*))";De("BUILDIDENTIFIER");D[x.BUILDIDENTIFIER]=ww+"+";De("BUILD");D[x.BUILD]="(?:\\+("+D[x.BUILDIDENTIFIER]+"(?:\\."+D[x.BUILDIDENTIFIER]+")*))";De("FULL");De("FULLPLAIN");D[x.FULLPLAIN]="v?"+D[x.MAINVERSION]+D[x.PRERELEASE]+"?"+D[x.BUILD]+"?";D[x.FULL]="^"+D[x.FULLPLAIN]+"$";De("LOOSEPLAIN");D[x.LOOSEPLAIN]="[v=\\s]*"+D[x.MAINVERSIONLOOSE]+D[x.PRERELEASELOOSE]+"?"+D[x.BUILD]+"?";De("LOOSE");D[x.LOOSE]="^"+D[x.LOOSEPLAIN]+"$";De("GTLT");D[x.GTLT]="((?:<|>)?=?)";De("XRANGEIDENTIFIERLOOSE");D[x.XRANGEIDENTIFIERLOOSE]=D[x.NUMERICIDENTIFIERLOOSE]+"|x|X|\\*";De("XRANGEIDENTIFIER");D[x.XRANGEIDENTIFIER]=D[x.NUMERICIDENTIFIER]+"|x|X|\\*";De("XRANGEPLAIN");D[x.XRANGEPLAIN]="[v=\\s]*("+D[x.XRANGEIDENTIFIER]+")(?:\\.("+D[x.XRANGEIDENTIFIER]+")(?:\\.("+D[x.XRANGEIDENTIFIER]+")(?:"+D[x.PRERELEASE]+")?"+D[x.BUILD]+"?)?)?";De("XRANGEPLAINLOOSE");D[x.XRANGEPLAINLOOSE]="[v=\\s]*("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:"+D[x.PRERELEASELOOSE]+")?"+D[x.BUILD]+"?)?)?";De("XRANGE");D[x.XRANGE]="^"+D[x.GTLT]+"\\s*"+D[x.XRANGEPLAI
`),{implicitDescendants:!1});try{for(var c=!0,l=yle(A.globGenerator()),u;u=yield l.next(),e=u.done,!e;c=!0){i=u.value,c=!1;let d=i,f=qy.relative(a,d).replace(new RegExp(`\\${qy.sep}`,"g"),"/");Jf.debug(`Matched: ${f}`),f===""?o.push("."):o.push(`${f}`)}}catch(d){r={error:d}}finally{try{!c&&!e&&(n=l.return)&&(yield n.call(l))}finally{if(r)throw r.error}}return o})}Ye.resolvePaths=wle;function Sle(t){return dl(this,void 0,void 0,function*(){return Ble.promisify(_w.unlink)(t)})}Ye.unlinkFile=Sle;function Wq(t,e=[]){return dl(this,void 0,void 0,function*(){let r="";e.push("--version"),Jf.debug(`Checking ${t} ${e.join(" ")}`);try{yield Ele.exec(`${t}`,e,{ignoreReturnCode:!0,silent:!0,listeners:{stdout:n=>r+=n.toString(),stderr:n=>r+=n.toString()}})}catch(n){Jf.debug(n.message)}return r=r.trim(),Jf.debug(r),r})}function xle(){return dl(this,void 0,void 0,function*(){let t=yield Wq("zstd",["--quiet"]),e=Ile.clean(t);return Jf.debug(`zstd version: ${e}`),t===""?dA.CompressionMethod.Gzip:dA.CompressionMethod.ZstdWithoutLong})}Ye.getCompressionMethod=xle;function vle(t){return t===dA.CompressionMethod.Gzip?dA.CacheFilename.Gzip:dA.CacheFilename.Zstd}Ye.getCacheFileName=vle;function Rle(){return dl(this,void 0,void 0,function*(){return _w.existsSync(dA.GnuTarPathOnWindows)?dA.GnuTarPathOnWindows:(yield Wq("tar")).toLowerCase().includes("gnu tar")?Jq.which("tar"):""})}Ye.getGnuTarPathOnWindows=Rle;function _le(t,e){if(e===void 0)throw Error(`Expected ${t} but value was undefiend`);return e}Ye.assertDefined=_le;function Dle(t,e,r=!1){let n=t.slice();return e&&n.push(e),process.platform==="win32"&&!r&&n.push("windows-only"),n.push(Qle),Vq.createHash("sha256").update(n.join("|")).digest("hex")}Ye.getCacheVersion=Dle;function kle(){let t=process.env.ACTIONS_RUNTIME_TOKEN;if(!t)throw new Error("Unable to get the ACTIONS_RUNTIME_TOKEN env variable");return t}Ye.getRuntimeToken=kle});var gi={};q6(gi,{__addDisposableResource:()=>C2,__assign:()=>Hy,__asyncDelegator:()=>d2,__asyncGenerator:()=>u2,__asyncValues:()=>f2,__await:()=>hl,__awaiter:()=>s2,__classPrivateFieldGet:()=>p2,__classPrivateFieldIn:()=>E2,__classPrivateFieldSet:()=>y2,__createBinding:()=>zy,__decorate:()=>Xq,__disposeResources:()=>I2,__esDecorate:()=>e2,__exportStar:()=>a2,__extends:()=>$q,__generator:()=>o2,__importDefault:()=>m2,__importStar:()=>g2,__makeTemplateObject:()=>h2,__metadata:()=>i2,__param:()=>Zq,__propKey:()=>r2,__read:()=>Pw,__rest:()=>Kq,__rewriteRelativeImportExtension:()=>B2,__runInitializers:()=>t2,__setFunctionName:()=>n2,__spread:()=>A2,__spreadArray:()=>l2,__spreadArrays:()=>c2,__values:()=>jy,default:()=>Ole});function $q(t,e){if(typeof e!="function"&&e!==null)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");Dw(t,e);function r(){this.constructor=t}t.prototype=e===null?Object.create(e):(r.prototype=e.prototype,new r)}function Kq(t,e){var r={};for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&e.indexOf(n)<0&&(r[n]=t[n]);if(t!=null&&typeof Object.getOwnPropertySymbols=="function")for(var i=0,n=Object.getOwnPropertySymbols(t);i<n.length;i++)e.indexOf(n[i])<0&&Object.prototype.propertyIsEnumerable.call(t,n[i])&&(r[n[i]]=t[n[i]]);return r}function Xq(t,e,r,n){var i=arguments.length,s=i<3?e:n===null?n=Object.getOwnPropertyDescriptor(e,r):n,o;if(typeof Reflect=="object"&&typeof Reflect.decorate=="function")s=Reflect.decorate(t,e,r,n);else for(var a=t.length-1;a>=0;a--)(o=t[a])&&(s=(i<3?o(s):i>3?o(e,r,s):o(e,r))||s);return i>3&&s&&Object.defineProperty(e,r,s),s}function Zq(t,e){return function(r,n){e(r,n,t)}}function e2(t,e,r,n,i,s){function o(C){if(C!==void 0&&typeof C!="function")throw new TypeError("Function expected");return C}for(var a=n.kind,A=a==="getter"?"get":a==="setter"?"set":"value",c=!e&&t?n.static?t:t.prototype:null,l=e||(c?Object.getOwnPropertyDescriptor(c,n.name):{}),u,d=!1,f=r.length-1;f>=0;f--){var g={};for(var m in n)g[m]=m==="access"?{}:n[m];for(var m in n.access)g.access[m]=n.access[m];g.addInitializer=function(C){if(d)throw new TypeError("Cannot add initializers after decoration has completed"
 ${hue.sanitize(Object.assign(Object.assign({},this),{request:this.request,response:this.response}))}`,enumerable:!1}),Object.setPrototypeOf(this,t.prototype)}};Xf.RestError=gl;gl.REQUEST_SEND_ERROR="REQUEST_SEND_ERROR";gl.PARSE_ERROR="PARSE_ERROR";function gue(t){return t instanceof gl?!0:(0,uue.isError)(t)&&t.name==="RestError"}});var fA=h(Zy=>{"use strict";Object.defineProperty(Zy,"__esModule",{value:!0});Zy.uint8ArrayToString=mue;Zy.stringToUint8Array=pue;function mue(t,e){return Buffer.from(t).toString(e)}function pue(t,e){return Buffer.from(t,e)}});var Zf=h(eE=>{"use strict";Object.defineProperty(eE,"__esModule",{value:!0});eE.logger=void 0;var yue=$f();eE.logger=(0,yue.createClientLogger)("ts-http-runtime")});var G2=h(rE=>{"use strict";Object.defineProperty(rE,"__esModule",{value:!0});rE.getBodyLength=z2;rE.createNodeHttpClient=wue;var aS=(mi(),Ui(gi)),iS=aS.__importStar(require("node:http")),sS=aS.__importStar(require("node:https")),U2=aS.__importStar(require("node:zlib")),Eue=require("node:stream"),q2=Vf(),Cue=Xo(),th=ml(),pl=Zf(),Iue=Kf(),Bue={};function eh(t){return t&&typeof t.pipe=="function"}function H2(t){return t.readable===!1?Promise.resolve():new Promise(e=>{let r=()=>{e(),t.removeListener("close",r),t.removeListener("end",r),t.removeListener("error",r)};t.on("close",r),t.on("end",r),t.on("error",r)})}function j2(t){return t&&typeof t.byteLength=="number"}var tE=class extends Eue.Transform{_transform(e,r,n){this.push(e),this.loadedBytes+=e.length;try{this.progressCallback({loadedBytes:this.loadedBytes}),n()}catch(i){n(i)}}constructor(e){super(),this.loadedBytes=0,this.progressCallback=e}},oS=class{constructor(){this.cachedHttpsAgents=new WeakMap}async sendRequest(e){var r,n,i;let s=new AbortController,o;if(e.abortSignal){if(e.abortSignal.aborted)throw new q2.AbortError("The operation was aborted. Request has already been canceled.");o=d=>{d.type==="abort"&&s.abort()},e.abortSignal.addEventListener("abort",o)}let a;e.timeout>0&&(a=setTimeout(()=>{let d=new Iue.Sanitizer;pl.logger.info(`request to '${d.sanitizeUrl(e.url)}' timed out. canceling...`),s.abort()},e.timeout));let A=e.headers.get("Accept-Encoding"),c=A?.includes("gzip")||A?.includes("deflate"),l=typeof e.body=="function"?e.body():e.body;if(l&&!e.headers.has("Content-Length")){let d=z2(l);d!==null&&e.headers.set("Content-Length",d)}let u;try{if(l&&e.onUploadProgress){let C=e.onUploadProgress,I=new tE(C);I.on("error",N=>{pl.logger.error("Error in upload progress",N)}),eh(l)?l.pipe(I):I.end(l),l=I}let d=await this.makeRequest(e,s,l);a!==void 0&&clearTimeout(a);let f=Que(d),m={status:(r=d.statusCode)!==null&&r!==void 0?r:0,headers:f,request:e};if(e.method==="HEAD")return d.resume(),m;u=c?bue(d,f):d;let E=e.onDownloadProgress;if(E){let C=new tE(E);C.on("error",I=>{pl.logger.error("Error in download progress",I)}),u.pipe(C),u=C}return!((n=e.streamResponseStatusCodes)===null||n===void 0)&&n.has(Number.POSITIVE_INFINITY)||!((i=e.streamResponseStatusCodes)===null||i===void 0)&&i.has(m.status)?m.readableStreamBody=u:m.bodyAsText=await Nue(u),m}finally{if(e.abortSignal&&o){let d=Promise.resolve();eh(l)&&(d=H2(l));let f=Promise.resolve();eh(u)&&(f=H2(u)),Promise.all([d,f]).then(()=>{var g;o&&((g=e.abortSignal)===null||g===void 0||g.removeEventListener("abort",o))}).catch(g=>{pl.logger.warning("Error when cleaning up abortListener on httpRequest",g)})}}}makeRequest(e,r,n){var i;let s=new URL(e.url),o=s.protocol!=="https:";if(o&&!e.allowInsecureConnection)throw new Error(`Cannot connect to ${e.url} while allowInsecureConnection is false.`);let a=(i=e.agent)!==null&&i!==void 0?i:this.getOrCreateAgent(e,o),A=Object.assign({agent:a,hostname:s.hostname,path:`${s.pathname}${s.search}`,port:s.port,method:e.method,headers:e.headers.toJSON({preserveCase:!0})},e.requestOverrides);return new Promise((c,l)=>{let u=o?iS.request(A,c):sS.request(A,c);u.once("error",d=>{var f;l(new th.RestError(d.message,{code:(f=d.code)!==null&&f!==void 0?f:th.RestError.REQUEST_SEND_ERROR,request:e}))}),r.signal.addEventListener("abort",()=>{let d=new q2.AbortError("The operation was abo
`).join(`
`+s),t.push(i+"m+"+dE.exports.humanize(this.diff)+"\x1B[0m")}else t[0]=Tde()+e+" "+t[0]}function Tde(){return mr.inspectOpts.hideDate?"":new Date().toISOString()+" "}function Ode(...t){return process.stderr.write(uE.formatWithOptions(mr.inspectOpts,...t)+`
`)}function Lde(t){t?process.env.DEBUG=t:delete process.env.DEBUG}function Mde(){return process.env.DEBUG}function Fde(t){t.inspectOpts={};let e=Object.keys(mr.inspectOpts);for(let r=0;r<e.length;r++)t.inspectOpts[e[r]]=mr.inspectOpts[e[r]]}dE.exports=vS()(mr);var{formatters:cH}=dE.exports;cH.o=function(t){return this.inspectOpts.colors=this.useColors,uE.inspect(t,this.inspectOpts).split(`
`).map(e=>e.trim()).join(" ")};cH.O=function(t){return this.inspectOpts.colors=this.useColors,uE.inspect(t,this.inspectOpts)}});var fE=h((lFe,RS)=>{typeof process>"u"||process.type==="renderer"||process.browser===!0||process.__nwjs?RS.exports=AH():RS.exports=lH()});var fH=h(In=>{"use strict";var Ude=In&&In.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),qde=In&&In.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),uH=In&&In.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&Ude(e,t,r);return qde(e,t),e};Object.defineProperty(In,"__esModule",{value:!0});In.req=In.json=In.toBuffer=void 0;var Hde=uH(require("http")),jde=uH(require("https"));async function dH(t){let e=0,r=[];for await(let n of t)e+=n.length,r.push(n);return Buffer.concat(r,e)}In.toBuffer=dH;async function zde(t){let r=(await dH(t)).toString("utf8");try{return JSON.parse(r)}catch(n){let i=n;throw i.message+=` (input: ${r})`,i}}In.json=zde;function Gde(t,e={}){let n=((typeof t=="string"?t:t.href).startsWith("https:")?jde:Hde).request(t,e),i=new Promise((s,o)=>{n.once("response",s).once("error",o).end()});return n.then=i.then.bind(i),n}In.req=Gde});var DS=h(Jn=>{"use strict";var gH=Jn&&Jn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Yde=Jn&&Jn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),mH=Jn&&Jn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&gH(e,t,r);return Yde(e,t),e},Jde=Jn&&Jn.__exportStar||function(t,e){for(var r in t)r!=="default"&&!Object.prototype.hasOwnProperty.call(e,r)&&gH(e,t,r)};Object.defineProperty(Jn,"__esModule",{value:!0});Jn.Agent=void 0;var Vde=mH(require("net")),hH=mH(require("http")),Wde=require("https");Jde(fH(),Jn);var Is=Symbol("AgentBaseInternalState"),_S=class extends hH.Agent{constructor(e){super(e),this[Is]={}}isSecureEndpoint(e){if(e){if(typeof e.secureEndpoint=="boolean")return e.secureEndpoint;if(typeof e.protocol=="string")return e.protocol==="https:"}let{stack:r}=new Error;return typeof r!="string"?!1:r.split(`
`).some(n=>n.indexOf("(https.js:")!==-1||n.indexOf("node:https:")!==-1)}incrementSockets(e){if(this.maxSockets===1/0&&this.maxTotalSockets===1/0)return null;this.sockets[e]||(this.sockets[e]=[]);let r=new Vde.Socket({writable:!1});return this.sockets[e].push(r),this.totalSocketCount++,r}decrementSockets(e,r){if(!this.sockets[e]||r===null)return;let n=this.sockets[e],i=n.indexOf(r);i!==-1&&(n.splice(i,1),this.totalSocketCount--,n.length===0&&delete this.sockets[e])}getName(e){return this.isSecureEndpoint(e)?Wde.Agent.prototype.getName.call(this,e):super.getName(e)}createSocket(e,r,n){let i={...r,secureEndpoint:this.isSecureEndpoint(r)},s=this.getName(i),o=this.incrementSockets(s);Promise.resolve().then(()=>this.connect(e,i)).then(a=>{if(this.decrementSockets(s,o),a instanceof hH.Agent)try{return a.addRequest(e,i)}catch(A){return n(A)}this[Is].currentSocket=a,super.createSocket(e,r,n)},a=>{this.decrementSockets(s,o),n(a)})}createConnection(){let e=this[Is].currentSocket;if(this[Is].currentSocket=void 0,!e)throw new Error("No socket was returned in the `connect()` function");return e}get defaultPort(){return this[Is].defaultPort??(this.protocol==="https:"?443:80)}set defaultPort(e){this[Is]&&(this[Is].defaultPort=e)}get protocol(){return this[Is].protocol??(this.isSecureEndpoint()?"https:":"http:")}set protocol(e){this[Is]&&(this[Is].protocol=e)}};Jn.Agent=_S});var pH=h(vl=>{"use strict";var $de=vl&&vl.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(vl,"__esModule",{value:!0});vl.parseProxyResponse=void 0;var Kde=$de(fE()),hE=(0,Kde.default)("https-proxy-agent:parse-proxy-response");function Xde(t){return new Promise((e,r)=>{let n=0,i=[];function s(){let l=t.read();l?c(l):t.once("readable",s)}function o(){t.removeListener("end",a),t.removeListener("error",A),t.removeListener("readable",s)}function a(){o(),hE("onend"),r(new Error("Proxy connection ended before receiving CONNECT response"))}function A(l){o(),hE("onerror %o",l),r(l)}function c(l){i.push(l),n+=l.length;let u=Buffer.concat(i,n),d=u.indexOf(`\r
\r
`);if(d===-1){hE("have not received end of HTTP headers yet..."),s();return}let f=u.slice(0,d).toString("ascii").split(`\r
`),g=f.shift();if(!g)return t.destroy(),r(new Error("No header received from proxy CONNECT response"));let m=g.split(" "),E=+m[1],C=m.slice(2).join(" "),I={};for(let N of f){if(!N)continue;let w=N.indexOf(":");if(w===-1)return t.destroy(),r(new Error(`Invalid header from proxy CONNECT response: "${N}"`));let R=N.slice(0,w).toLowerCase(),T=N.slice(w+1).trimStart(),U=I[R];typeof U=="string"?I[R]=[U,T]:Array.isArray(U)?U.push(T):I[R]=T}hE("got proxy server response: %o %o",g,I),o(),e({connect:{statusCode:E,statusText:C,headers:I},buffered:u})}t.on("error",A),t.on("end",a),s()})}vl.parseProxyResponse=Xde});var QH=h(pi=>{"use strict";var Zde=pi&&pi.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),efe=pi&&pi.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),IH=pi&&pi.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&Zde(e,t,r);return efe(e,t),e},BH=pi&&pi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(pi,"__esModule",{value:!0});pi.HttpsProxyAgent=void 0;var gE=IH(require("net")),yH=IH(require("tls")),tfe=BH(require("assert")),rfe=BH(fE()),nfe=DS(),ife=require("url"),sfe=pH(),ih=(0,rfe.default)("https-proxy-agent"),EH=t=>t.servername===void 0&&t.host&&!gE.isIP(t.host)?{...t,servername:t.host}:t,mE=class extends nfe.Agent{constructor(e,r){super(r),this.options={path:void 0},this.proxy=typeof e=="string"?new ife.URL(e):e,this.proxyHeaders=r?.headers??{},ih("Creating new HttpsProxyAgent instance: %o",this.proxy.href);let n=(this.proxy.hostname||this.proxy.host).replace(/^\[|\]$/g,""),i=this.proxy.port?parseInt(this.proxy.port,10):this.proxy.protocol==="https:"?443:80;this.connectOpts={ALPNProtocols:["http/1.1"],...r?CH(r,"headers"):null,host:n,port:i}}async connect(e,r){let{proxy:n}=this;if(!r.host)throw new TypeError('No "host" provided');let i;n.protocol==="https:"?(ih("Creating `tls.Socket`: %o",this.connectOpts),i=yH.connect(EH(this.connectOpts))):(ih("Creating `net.Socket`: %o",this.connectOpts),i=gE.connect(this.connectOpts));let s=typeof this.proxyHeaders=="function"?this.proxyHeaders():{...this.proxyHeaders},o=gE.isIPv6(r.host)?`[${r.host}]`:r.host,a=`CONNECT ${o}:${r.port} HTTP/1.1\r
`;if(n.username||n.password){let d=`${decodeURIComponent(n.username)}:${decodeURIComponent(n.password)}`;s["Proxy-Authorization"]=`Basic ${Buffer.from(d).toString("base64")}`}s.Host=`${o}:${r.port}`,s["Proxy-Connection"]||(s["Proxy-Connection"]=this.keepAlive?"Keep-Alive":"close");for(let d of Object.keys(s))a+=`${d}: ${s[d]}\r
`;let A=(0,sfe.parseProxyResponse)(i);i.write(`${a}\r
`);let{connect:c,buffered:l}=await A;if(e.emit("proxyConnect",c),this.emit("proxyConnect",c,e),c.statusCode===200)return e.once("socket",ofe),r.secureEndpoint?(ih("Upgrading socket connection to TLS"),yH.connect({...CH(EH(r),"host","path","port"),socket:i})):i;i.destroy();let u=new gE.Socket({writable:!1});return u.readable=!0,e.once("socket",d=>{ih("Replaying proxy buffer for failed request"),(0,tfe.default)(d.listenerCount("data")>0),d.push(l),d.push(null)}),u}};mE.protocols=["http","https"];pi.HttpsProxyAgent=mE;function ofe(t){t.resume()}function CH(t,...e){let r={},n;for(n in t)e.includes(n)||(r[n]=t[n]);return r}});var wH=h(yi=>{"use strict";var afe=yi&&yi.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Afe=yi&&yi.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),NH=yi&&yi.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&afe(e,t,r);return Afe(e,t),e},cfe=yi&&yi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(yi,"__esModule",{value:!0});yi.HttpProxyAgent=void 0;var lfe=NH(require("net")),ufe=NH(require("tls")),dfe=cfe(fE()),ffe=require("events"),hfe=DS(),bH=require("url"),Rl=(0,dfe.default)("http-proxy-agent"),pE=class extends hfe.Agent{constructor(e,r){super(r),this.proxy=typeof e=="string"?new bH.URL(e):e,this.proxyHeaders=r?.headers??{},Rl("Creating new HttpProxyAgent instance: %o",this.proxy.href);let n=(this.proxy.hostname||this.proxy.host).replace(/^\[|\]$/g,""),i=this.proxy.port?parseInt(this.proxy.port,10):this.proxy.protocol==="https:"?443:80;this.connectOpts={...r?gfe(r,"headers"):null,host:n,port:i}}addRequest(e,r){e._header=null,this.setRequestProps(e,r),super.addRequest(e,r)}setRequestProps(e,r){let{proxy:n}=this,i=r.secureEndpoint?"https:":"http:",s=e.getHeader("host")||"localhost",o=`${i}//${s}`,a=new bH.URL(e.path,o);r.port!==80&&(a.port=String(r.port)),e.path=String(a);let A=typeof this.proxyHeaders=="function"?this.proxyHeaders():{...this.proxyHeaders};if(n.username||n.password){let c=`${decodeURIComponent(n.username)}:${decodeURIComponent(n.password)}`;A["Proxy-Authorization"]=`Basic ${Buffer.from(c).toString("base64")}`}A["Proxy-Connection"]||(A["Proxy-Connection"]=this.keepAlive?"Keep-Alive":"close");for(let c of Object.keys(A)){let l=A[c];l&&e.setHeader(c,l)}}async connect(e,r){e._header=null,e.path.includes("://")||this.setRequestProps(e,r);let n,i;Rl("Regenerating stored HTTP header string for request"),e._implicitHeader(),e.outputData&&e.outputData.length>0&&(Rl("Patching connection write() output buffer with updated header"),n=e.outputData[0].data,i=n.indexOf(`\r
\r
`)+4,e.outputData[0].data=e._header+n.substring(i),Rl("Output buffer: %o",e.outputData[0].data));let s;return this.proxy.protocol==="https:"?(Rl("Creating `tls.Socket`: %o",this.connectOpts),s=ufe.connect(this.connectOpts)):(Rl("Creating `net.Socket`: %o",this.connectOpts),s=lfe.connect(this.connectOpts)),await(0,ffe.once)(s,"connect"),s}};pE.protocols=["http","https"];yi.HttpProxyAgent=pE;function gfe(t,...e){let r={},n;for(n in t)e.includes(n)||(r[n]=t[n]);return r}});var kS=h(Ei=>{"use strict";Object.defineProperty(Ei,"__esModule",{value:!0});Ei.globalNoProxyList=Ei.proxyPolicyName=void 0;Ei.loadNoProxy=_H;Ei.getDefaultProxySettings=Nfe;Ei.proxyPolicy=Sfe;var mfe=QH(),pfe=wH(),yfe=Zf(),Efe="HTTPS_PROXY",Cfe="HTTP_PROXY",Ife="ALL_PROXY",Bfe="NO_PROXY";Ei.proxyPolicyName="proxyPolicy";Ei.globalNoProxyList=[];var vH=!1,Qfe=new Map;function yE(t){if(process.env[t])return process.env[t];if(process.env[t.toLowerCase()])return process.env[t.toLowerCase()]}function RH(){if(!process)return;let t=yE(Efe),e=yE(Ife),r=yE(Cfe);return t||e||r}function bfe(t,e,r){if(e.length===0)return!1;let n=new URL(t).hostname;if(r?.has(n))return r.get(n);let i=!1;for(let s of e)s[0]==="."?(n.endsWith(s)||n.length===s.length-1&&n===s.slice(1))&&(i=!0):n===s&&(i=!0);return r?.set(n,i),i}function _H(){let t=yE(Bfe);return vH=!0,t?t.split(",").map(e=>e.trim()).filter(e=>e.length):[]}function Nfe(t){if(!t&&(t=RH(),!t))return;let e=new URL(t);return{host:(e.protocol?e.protocol+"//":"")+e.hostname,port:Number.parseInt(e.port||"80"),username:e.username,password:e.password}}function wfe(){let t=RH();return t?new URL(t):void 0}function SH(t){let e;try{e=new URL(t.host)}catch{throw new Error(`Expecting a valid host string in proxy settings, but found "${t.host}".`)}return e.port=String(t.port),t.username&&(e.username=t.username),t.password&&(e.password=t.password),e}function xH(t,e,r){if(t.agent)return;let i=new URL(t.url).protocol!=="https:";t.tlsSettings&&yfe.logger.warning("TLS settings are not supported in combination with custom Proxy, certificates provided to the client will be ignored.");let s=t.headers.toJSON();i?(e.httpProxyAgent||(e.httpProxyAgent=new pfe.HttpProxyAgent(r,{headers:s})),t.agent=e.httpProxyAgent):(e.httpsProxyAgent||(e.httpsProxyAgent=new mfe.HttpsProxyAgent(r,{headers:s})),t.agent=e.httpsProxyAgent)}function Sfe(t,e){vH||Ei.globalNoProxyList.push(..._H());let r=t?SH(t):wfe(),n={};return{name:Ei.proxyPolicyName,async sendRequest(i,s){var o;return!i.proxySettings&&r&&!bfe(i.url,(o=e?.customNoProxyList)!==null&&o!==void 0?o:Ei.globalNoProxyList,e?.customNoProxyList?void 0:Qfe)?xH(i,n,r):i.proxySettings&&xH(i,n,SH(i.proxySettings)),s(i)}}}});var PS=h(_l=>{"use strict";Object.defineProperty(_l,"__esModule",{value:!0});_l.agentPolicyName=void 0;_l.agentPolicy=xfe;_l.agentPolicyName="agentPolicy";function xfe(t){return{name:_l.agentPolicyName,sendRequest:async(e,r)=>(e.agent||(e.agent=t),r(e))}}});var TS=h(Dl=>{"use strict";Object.defineProperty(Dl,"__esModule",{value:!0});Dl.tlsPolicyName=void 0;Dl.tlsPolicy=vfe;Dl.tlsPolicyName="tlsPolicy";function vfe(t){return{name:Dl.tlsPolicyName,sendRequest:async(e,r)=>(e.tlsSettings||(e.tlsSettings=t),r(e))}}});var sh=h(mA=>{"use strict";Object.defineProperty(mA,"__esModule",{value:!0});mA.isNodeReadableStream=DH;mA.isWebReadableStream=kH;mA.isBinaryBody=Rfe;mA.isReadableStream=PH;mA.isBlob=_fe;function DH(t){return!!(t&&typeof t.pipe=="function")}function kH(t){return!!(t&&typeof t.getReader=="function"&&typeof t.tee=="function")}function Rfe(t){return t!==void 0&&(t instanceof Uint8Array||PH(t)||typeof t=="function"||t instanceof Blob)}function PH(t){return DH(t)||kH(t)}function _fe(t){return typeof t.stream=="function"}});var LH=h(LS=>{"use strict";Object.defineProperty(LS,"__esModule",{value:!0});LS.concat=Tfe;var io=(mi(),Ui(gi)),OS=require("stream"),Dfe=sh();function TH(){return io.__asyncGenerator(this,arguments,function*(){let e=this.getReader();try{for(;;){let{done:r,value:n}=yield io.__await(e.read());if(r)return yield io.__await(void 0);yield yield io.__await(n)}}finally{e.releaseLock
`;return e}function qfe(t){return t instanceof Uint8Array?t.byteLength:(0,Ofe.isBlob)(t)?t.size===-1?void 0:t.size:void 0}function Hfe(t){let e=0;for(let r of t){let n=qfe(r);if(n===void 0)return;e+=n}return e}async function jfe(t,e,r){let n=[(0,kl.stringToUint8Array)(`--${r}`,"utf-8"),...e.flatMap(s=>[(0,kl.stringToUint8Array)(`\r
`,"utf-8"),(0,kl.stringToUint8Array)(Ufe(s.headers),"utf-8"),(0,kl.stringToUint8Array)(`\r
`,"utf-8"),s.body,(0,kl.stringToUint8Array)(`\r
--${r}`,"utf-8")]),(0,kl.stringToUint8Array)(`--\r
\r
`,"utf-8")],i=Hfe(n);i&&t.headers.set("Content-Length",i),t.body=await(0,Mfe.concat)(n)}Pl.multipartPolicyName="multipartPolicy";var zfe=70,Gfe=new Set("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'()+,-./:=?");function Yfe(t){if(t.length>zfe)throw new Error(`Multipart boundary "${t}" exceeds maximum length of 70 characters`);if(Array.from(t).some(e=>!Gfe.has(e)))throw new Error(`Multipart boundary "${t}" contains invalid characters`)}function Jfe(){return{name:Pl.multipartPolicyName,async sendRequest(t,e){var r;if(!t.multipartBody)return e(t);if(t.body)throw new Error("multipartBody and regular body cannot be set at the same time");let n=t.multipartBody.boundary,i=(r=t.headers.get("Content-Type"))!==null&&r!==void 0?r:"multipart/mixed",s=i.match(/^(multipart\/[^ ;]+)(?:; *boundary=(.+))?$/);if(!s)throw new Error(`Got multipart request body, but content-type header was not multipart: ${i}`);let[,o,a]=s;if(a&&n&&a!==n)throw new Error(`Multipart boundary was specified as ${a} in the header, but got ${n} in the request body`);return n??(n=a),n?Yfe(n):n=Ffe(),t.headers.set("Content-Type",`${o}; boundary=${n}`),await jfe(t,t.multipartBody.parts,n),t.multipartBody=void 0,e(t)}}}});var UH=h(FS=>{"use strict";Object.defineProperty(FS,"__esModule",{value:!0});FS.createPipelineFromOptions=ihe;var Vfe=lS(),Wfe=Xw(),$fe=uS(),Kfe=hS(),Xfe=gS(),Zfe=QS(),ehe=xS(),MH=nh(),the=kS(),rhe=PS(),nhe=TS(),FH=MS();function ihe(t){let e=(0,Wfe.createEmptyPipeline)();return MH.isNodeLike&&(t.agent&&e.addPolicy((0,rhe.agentPolicy)(t.agent)),t.tlsOptions&&e.addPolicy((0,nhe.tlsPolicy)(t.tlsOptions)),e.addPolicy((0,the.proxyPolicy)(t.proxyOptions)),e.addPolicy((0,Xfe.decompressResponsePolicy)())),e.addPolicy((0,ehe.formDataPolicy)(),{beforePolicies:[FH.multipartPolicyName]}),e.addPolicy((0,Kfe.userAgentPolicy)(t.userAgentOptions)),e.addPolicy((0,FH.multipartPolicy)(),{afterPhase:"Deserialize"}),e.addPolicy((0,Zfe.defaultRetryPolicy)(t.retryOptions),{phase:"Retry"}),MH.isNodeLike&&e.addPolicy((0,$fe.redirectPolicy)(t.redirectOptions),{afterPhase:"Retry"}),e.addPolicy((0,Vfe.logPolicy)(t.loggingOptions),{afterPhase:"Sign"}),e}});var qH=h(Tl=>{"use strict";Object.defineProperty(Tl,"__esModule",{value:!0});Tl.apiVersionPolicyName=void 0;Tl.apiVersionPolicy=she;Tl.apiVersionPolicyName="ApiVersionPolicy";function she(t){return{name:Tl.apiVersionPolicyName,sendRequest:(e,r)=>{let n=new URL(e.url);return!n.searchParams.get("api-version")&&t.apiVersion&&(e.url=`${e.url}${Array.from(n.searchParams.keys()).length>0?"&":"?"}api-version=${t.apiVersion}`),r(e)}}}});var HH=h(Ol=>{"use strict";Object.defineProperty(Ol,"__esModule",{value:!0});Ol.isOAuth2TokenCredential=ohe;Ol.isBearerTokenCredential=ahe;Ol.isBasicCredential=Ahe;Ol.isApiKeyCredential=che;function ohe(t){return"getOAuth2Token"in t}function ahe(t){return"getBearerToken"in t}function Ahe(t){return"username"in t&&"password"in t}function che(t){return"key"in t}});var oh=h(US=>{"use strict";Object.defineProperty(US,"__esModule",{value:!0});US.ensureSecureConnection=fhe;var lhe=Zf(),jH=!1;function uhe(t,e){if(e.allowInsecureConnection&&t.allowInsecureConnection){let r=new URL(t.url);if(r.hostname==="localhost"||r.hostname==="127.0.0.1")return!0}return!1}function dhe(){let t="Sending token over insecure transport. Assume any token issued is compromised.";lhe.logger.warning(t),typeof(process==null?void 0:process.emitWarning)=="function"&&!jH&&(jH=!0,process.emitWarning(t))}function fhe(t,e){if(!t.url.toLowerCase().startsWith("https://"))if(uhe(t,e))dhe();else throw new Error("Authentication is not permitted for non-TLS protected (non-https) URLs when allowInsecureConnection is false.")}});var zH=h(Ll=>{"use strict";Object.defineProperty(Ll,"__esModule",{value:!0});Ll.apiKeyAuthenticationPolicyName=void 0;Ll.apiKeyAuthenticationPolicy=ghe;var hhe=oh();Ll.apiKeyAuthenticationPolicyName="apiKeyAuthenticationPolicy";function ghe(t){return{name:Ll.apiKeyAuthenticationPolicyName,async sendRequest(e,r){var n,i;(0,hhe.ensureSecureConnection)(e,t);let s=(i=(n=e.authSchemes)!==null&&n!==void 0?n:t.a
`).join(""))}return e(t)}}}});var Sz=h(CA=>{"use strict";Object.defineProperty(CA,"__esModule",{value:!0});CA.auxiliaryAuthenticationHeaderPolicyName=void 0;CA.auxiliaryAuthenticationHeaderPolicy=Vpe;var Gpe=Ox(),Ype=Ah();CA.auxiliaryAuthenticationHeaderPolicyName="auxiliaryAuthenticationHeaderPolicy";var wz="x-ms-authorization-auxiliary";async function Jpe(t){var e,r;let{scopes:n,getAccessToken:i,request:s}=t,o={abortSignal:s.abortSignal,tracingOptions:s.tracingOptions};return(r=(e=await i(n,o))===null||e===void 0?void 0:e.token)!==null&&r!==void 0?r:""}function Vpe(t){let{credentials:e,scopes:r}=t,n=t.logger||Ype.logger,i=new WeakMap;return{name:CA.auxiliaryAuthenticationHeaderPolicyName,async sendRequest(s,o){if(!s.url.toLowerCase().startsWith("https://"))throw new Error("Bearer token authentication for auxiliary header is not permitted for non-TLS protected (non-https) URLs.");if(!e||e.length===0)return n.info(`${CA.auxiliaryAuthenticationHeaderPolicyName} header will not be set due to empty credentials.`),o(s);let a=[];for(let c of e){let l=i.get(c);l||(l=(0,Gpe.createTokenCycler)(c),i.set(c,l)),a.push(Jpe({scopes:Array.isArray(r)?r:[r],request:s,getAccessToken:l,logger:n}))}let A=(await Promise.all(a)).filter(c=>!!c);return A.length===0?(n.warning(`None of the auxiliary tokens are valid. ${wz} header will not be set.`),o(s)):(s.headers.set(wz,A.map(c=>`Bearer ${c}`).join(", ")),o(s))}}}});var oo=h(L=>{"use strict";Object.defineProperty(L,"__esModule",{value:!0});L.createFileFromStream=L.createFile=L.agentPolicyName=L.agentPolicy=L.auxiliaryAuthenticationHeaderPolicyName=L.auxiliaryAuthenticationHeaderPolicy=L.ndJsonPolicyName=L.ndJsonPolicy=L.bearerTokenAuthenticationPolicyName=L.bearerTokenAuthenticationPolicy=L.formDataPolicyName=L.formDataPolicy=L.tlsPolicyName=L.tlsPolicy=L.userAgentPolicyName=L.userAgentPolicy=L.defaultRetryPolicy=L.tracingPolicyName=L.tracingPolicy=L.retryPolicy=L.throttlingRetryPolicyName=L.throttlingRetryPolicy=L.systemErrorRetryPolicyName=L.systemErrorRetryPolicy=L.redirectPolicyName=L.redirectPolicy=L.getDefaultProxySettings=L.proxyPolicyName=L.proxyPolicy=L.multipartPolicyName=L.multipartPolicy=L.logPolicyName=L.logPolicy=L.setClientRequestIdPolicyName=L.setClientRequestIdPolicy=L.exponentialRetryPolicyName=L.exponentialRetryPolicy=L.decompressResponsePolicyName=L.decompressResponsePolicy=L.isRestError=L.RestError=L.createPipelineRequest=L.createHttpHeaders=L.createDefaultHttpClient=L.createPipelineFromOptions=L.createEmptyPipeline=void 0;var Wpe=KS();Object.defineProperty(L,"createEmptyPipeline",{enumerable:!0,get:function(){return Wpe.createEmptyPipeline}});var $pe=cz();Object.defineProperty(L,"createPipelineFromOptions",{enumerable:!0,get:function(){return $pe.createPipelineFromOptions}});var Kpe=lz();Object.defineProperty(L,"createDefaultHttpClient",{enumerable:!0,get:function(){return Kpe.createDefaultHttpClient}});var Xpe=uz();Object.defineProperty(L,"createHttpHeaders",{enumerable:!0,get:function(){return Xpe.createHttpHeaders}});var Zpe=dz();Object.defineProperty(L,"createPipelineRequest",{enumerable:!0,get:function(){return Zpe.createPipelineRequest}});var xz=ME();Object.defineProperty(L,"RestError",{enumerable:!0,get:function(){return xz.RestError}});Object.defineProperty(L,"isRestError",{enumerable:!0,get:function(){return xz.isRestError}});var vz=gx();Object.defineProperty(L,"decompressResponsePolicy",{enumerable:!0,get:function(){return vz.decompressResponsePolicy}});Object.defineProperty(L,"decompressResponsePolicyName",{enumerable:!0,get:function(){return vz.decompressResponsePolicyName}});var Rz=hz();Object.defineProperty(L,"exponentialRetryPolicy",{enumerable:!0,get:function(){return Rz.exponentialRetryPolicy}});Object.defineProperty(L,"exponentialRetryPolicyName",{enumerable:!0,get:function(){return Rz.exponentialRetryPolicyName}});var _z=Cx();Object.defineProperty(L,"setClientRequestIdPolicy",{enumerable:!0,get:function(){return _z.setClientRequestIdPolicy}});Object.defineProperty(L,"setClientRequestIdPolicyName",{enumerable:!0,get:function(){return _z.setClientReques
`&&p[b]!=="\r";b++)P+=p[b];if(P=P.trim(),P[P.length-1]==="/"&&(P=P.substring(0,P.length-1),b--),!s(P)){let ae;return ae=P.trim().length===0?"Invalid space after '<'.":"Tag '"+P+"' is an invalid name.",C("InvalidTag",ae,N(p,b))}let z=f(p,b);if(z===!1)return C("InvalidAttr","Attributes for '"+P+"' have open quote.",N(p,b));let Ee=z.value;if(b=z.index,Ee[Ee.length-1]==="/"){let ae=b-Ee.length;Ee=Ee.substring(0,Ee.length-1);let Fe=m(Ee,y);if(Fe!==!0)return C(Fe.err.code,Fe.err.msg,N(p,ae+Fe.err.line));S=!0}else if(v){if(!z.tagClosed)return C("InvalidTag","Closing tag '"+P+"' doesn't have proper closing.",N(p,b));if(Ee.trim().length>0)return C("InvalidTag","Closing tag '"+P+"' can't have attributes or invalid starting.",N(p,_));if(B.length===0)return C("InvalidTag","Closing tag '"+P+"' has not been opened.",N(p,_));{let ae=B.pop();if(P!==ae.tagName){let Fe=N(p,ae.tagStartPos);return C("InvalidTag","Expected closing tag '"+ae.tagName+"' (opened in line "+Fe.line+", col "+Fe.col+") instead of closing tag '"+P+"'.",N(p,_))}B.length==0&&(Q=!0)}}else{let ae=m(Ee,y);if(ae!==!0)return C(ae.err.code,ae.err.msg,N(p,b-Ee.length+ae.err.line));if(Q===!0)return C("InvalidXml","Multiple possible root nodes found.",N(p,b));y.unpairedTags.indexOf(P)!==-1||B.push({tagName:P,tagStartPos:_}),S=!0}for(b++;b<p.length;b++)if(p[b]==="<"){if(p[b+1]==="!"){b++,b=l(p,b);continue}if(p[b+1]!=="?")break;if(b=c(p,++b),b.err)return b}else if(p[b]==="&"){let ae=E(p,b);if(ae==-1)return C("InvalidChar","char '&' is not expected.",N(p,b));b=ae}else if(Q===!0&&!A(p[b]))return C("InvalidXml","Extra text at the end",N(p,b));p[b]==="<"&&b--}}}return S?B.length==1?C("InvalidTag","Unclosed tag '"+B[0].tagName+"'.",N(p,B[0].tagStartPos)):!(B.length>0)||C("InvalidXml","Invalid '"+JSON.stringify(B.map((b=>b.tagName)),null,4).replace(/\r?\n/g,"")+"' found.",{line:1,col:1}):C("InvalidXml","Start tag expected.",1)}function A(p){return p===" "||p==="	"||p===`
`||p==="\r"}function c(p,y){let B=y;for(;y<p.length;y++)if(!(p[y]!="?"&&p[y]!=" ")){let S=p.substr(B,y-B);if(y>5&&S==="xml")return C("InvalidXml","XML declaration allowed only at the start of the document.",N(p,y));if(p[y]=="?"&&p[y+1]==">"){y++;break}}return y}function l(p,y){if(p.length>y+5&&p[y+1]==="-"&&p[y+2]==="-"){for(y+=3;y<p.length;y++)if(p[y]==="-"&&p[y+1]==="-"&&p[y+2]===">"){y+=2;break}}else if(p.length>y+8&&p[y+1]==="D"&&p[y+2]==="O"&&p[y+3]==="C"&&p[y+4]==="T"&&p[y+5]==="Y"&&p[y+6]==="P"&&p[y+7]==="E"){let B=1;for(y+=8;y<p.length;y++)if(p[y]==="<")B++;else if(p[y]===">"&&(B--,B===0))break}else if(p.length>y+9&&p[y+1]==="["&&p[y+2]==="C"&&p[y+3]==="D"&&p[y+4]==="A"&&p[y+5]==="T"&&p[y+6]==="A"&&p[y+7]==="["){for(y+=8;y<p.length;y++)if(p[y]==="]"&&p[y+1]==="]"&&p[y+2]===">"){y+=2;break}}return y}let u='"',d="'";function f(p,y){let B="",S="",Q=!1;for(;y<p.length;y++){if(p[y]===u||p[y]===d)S===""?S=p[y]:S!==p[y]||(S="");else if(p[y]===">"&&S===""){Q=!0;break}B+=p[y]}return S===""&&{value:B,index:y,tagClosed:Q}}let g=new RegExp(`(\\s*)([^\\s=]+)(\\s*=)?(\\s*(['"])(([\\s\\S])*?)\\5)?`,"g");function m(p,y){let B=i(p,g),S={};for(let Q=0;Q<B.length;Q++){if(B[Q][1].length===0)return C("InvalidAttr","Attribute '"+B[Q][2]+"' has no space in starting.",w(B[Q]));if(B[Q][3]!==void 0&&B[Q][4]===void 0)return C("InvalidAttr","Attribute '"+B[Q][2]+"' is without value.",w(B[Q]));if(B[Q][3]===void 0&&!y.allowBooleanAttributes)return C("InvalidAttr","boolean attribute '"+B[Q][2]+"' is not allowed.",w(B[Q]));let b=B[Q][2];if(!I(b))return C("InvalidAttr","Attribute '"+b+"' is an invalid name.",w(B[Q]));if(S.hasOwnProperty(b))return C("InvalidAttr","Attribute '"+b+"' is repeated.",w(B[Q]));S[b]=1}return!0}function E(p,y){if(p[++y]===";")return-1;if(p[y]==="#")return(function(S,Q){let b=/\d/;for(S[Q]==="x"&&(Q++,b=/[\da-fA-F]/);Q<S.length;Q++){if(S[Q]===";")return Q;if(!S[Q].match(b))break}return-1})(p,++y);let B=0;for(;y<p.length;y++,B++)if(!(p[y].match(/\w/)&&B<20)){if(p[y]===";")break;return-1}return y}function C(p,y,B){return{err:{code:p,msg:y,line:B.line||B,col:B.col}}}function I(p){return s(p)}function N(p,y){let B=p.substring(0,y).split(/\r?\n/);return{line:B.length,col:B[B.length-1].length+1}}function w(p){return p.startIndex+p[1].length}let R={preserveOrder:!1,attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,removeNSPrefix:!1,allowBooleanAttributes:!1,parseTagValue:!0,parseAttributeValue:!1,trimValues:!0,cdataPropName:!1,numberParseOptions:{hex:!0,leadingZeros:!0,eNotation:!0},tagValueProcessor:function(p,y){return y},attributeValueProcessor:function(p,y){return y},stopNodes:[],alwaysCreateTextNode:!1,isArray:()=>!1,commentPropName:!1,unpairedTags:[],processEntities:!0,htmlEntities:!1,ignoreDeclaration:!1,ignorePiTags:!1,transformTagName:!1,transformAttributeName:!1,updateTag:function(p,y,B){return p},captureMetaData:!1},T;T=typeof Symbol!="function"?"@@xmlMetadata":Symbol("XML Node Metadata");class U{constructor(y){this.tagname=y,this.child=[],this[":@"]={}}add(y,B){y==="__proto__"&&(y="#__proto__"),this.child.push({[y]:B})}addChild(y,B){y.tagname==="__proto__"&&(y.tagname="#__proto__"),y[":@"]&&Object.keys(y[":@"]).length>0?this.child.push({[y.tagname]:y.child,":@":y[":@"]}):this.child.push({[y.tagname]:y.child}),B!==void 0&&(this.child[this.child.length-1][T]={startIndex:B})}static getMetaDataSymbol(){return T}}function k(p,y){let B={};if(p[y+3]!=="O"||p[y+4]!=="C"||p[y+5]!=="T"||p[y+6]!=="Y"||p[y+7]!=="P"||p[y+8]!=="E")throw new Error("Invalid Tag instead of DOCTYPE");{y+=9;let S=1,Q=!1,b=!1,_="";for(;y<p.length;y++)if(p[y]!=="<"||b)if(p[y]===">"){if(b?p[y-1]==="-"&&p[y-2]==="-"&&(b=!1,S--):S--,S===0)break}else p[y]==="["?Q=!0:_+=p[y];else{if(Q&&rt(p,"!ENTITY",y)){let v,P;y+=7,[v,P,y]=be(p,y+1),P.indexOf("&")===-1&&(B[v]={regx:RegExp(`&${v};`,"g"),val:P})}else if(Q&&rt(p,"!ELEMENT",y)){y+=8;let{index:v}=_e(p,y+1);y=v}else if(Q&&rt(p,"!ATTLIST",y))y+=8;else if(Q&&rt(p,"!NOTATION",y)){y+=9;let{index:v}=ve(p,y+1);y=v}else{if(!rt(p,"!--",y))throw new Error("Invalid DOCTYPE");b=!0}S++
`);let y=new U("!xml"),B=y,S="",Q="";for(let b=0;b<p.length;b++)if(p[b]==="<")if(p[b+1]==="/"){let _=Fa(p,">",b,"Closing Tag is not closed."),v=p.substring(b+2,_).trim();if(this.options.removeNSPrefix){let Ee=v.indexOf(":");Ee!==-1&&(v=v.substr(Ee+1))}this.options.transformTagName&&(v=this.options.transformTagName(v)),B&&(S=this.saveTextToParentTag(S,B,Q));let P=Q.substring(Q.lastIndexOf(".")+1);if(v&&this.options.unpairedTags.indexOf(v)!==-1)throw new Error(`Unpaired tag can not be used as closing tag: </${v}>`);let z=0;P&&this.options.unpairedTags.indexOf(P)!==-1?(z=Q.lastIndexOf(".",Q.lastIndexOf(".")-1),this.tagsNodeStack.pop()):z=Q.lastIndexOf("."),Q=Q.substring(0,z),B=this.tagsNodeStack.pop(),S="",b=_}else if(p[b+1]==="?"){let _=TQ(p,b,!1,"?>");if(!_)throw new Error("Pi Tag is not closed.");if(S=this.saveTextToParentTag(S,B,Q),!(this.options.ignoreDeclaration&&_.tagName==="?xml"||this.options.ignorePiTags)){let v=new U(_.tagName);v.add(this.options.textNodeName,""),_.tagName!==_.tagExp&&_.attrExpPresent&&(v[":@"]=this.buildAttributesMap(_.tagExp,Q,_.tagName)),this.addChild(B,v,Q,b)}b=_.closeIndex+1}else if(p.substr(b+1,3)==="!--"){let _=Fa(p,"-->",b+4,"Comment is not closed.");if(this.options.commentPropName){let v=p.substring(b+4,_-2);S=this.saveTextToParentTag(S,B,Q),B.add(this.options.commentPropName,[{[this.options.textNodeName]:v}])}b=_}else if(p.substr(b+1,2)==="!D"){let _=k(p,b);this.docTypeEntities=_.entities,b=_.i}else if(p.substr(b+1,2)==="!["){let _=Fa(p,"]]>",b,"CDATA is not closed.")-2,v=p.substring(b+9,_);S=this.saveTextToParentTag(S,B,Q);let P=this.parseTextData(v,B.tagname,Q,!0,!1,!0,!0);P==null&&(P=""),this.options.cdataPropName?B.add(this.options.cdataPropName,[{[this.options.textNodeName]:v}]):B.add(this.options.textNodeName,P),b=_+2}else{let _=TQ(p,b,this.options.removeNSPrefix),v=_.tagName,P=_.rawTagName,z=_.tagExp,Ee=_.attrExpPresent,ae=_.closeIndex;this.options.transformTagName&&(v=this.options.transformTagName(v)),B&&S&&B.tagname!=="!xml"&&(S=this.saveTextToParentTag(S,B,Q,!1));let Fe=B;Fe&&this.options.unpairedTags.indexOf(Fe.tagname)!==-1&&(B=this.tagsNodeStack.pop(),Q=Q.substring(0,Q.lastIndexOf("."))),v!==y.tagname&&(Q+=Q?"."+v:v);let nt=b;if(this.isItStopNode(this.options.stopNodes,Q,v)){let ze="";if(z.length>0&&z.lastIndexOf("/")===z.length-1)v[v.length-1]==="/"?(v=v.substr(0,v.length-1),Q=Q.substr(0,Q.length-1),z=v):z=z.substr(0,z.length-1),b=_.closeIndex;else if(this.options.unpairedTags.indexOf(v)!==-1)b=_.closeIndex;else{let is=this.readStopNodeData(p,P,ae+1);if(!is)throw new Error(`Unexpected end of ${P}`);b=is.i,ze=is.tagContent}let er=new U(v);v!==z&&Ee&&(er[":@"]=this.buildAttributesMap(z,Q,v)),ze&&(ze=this.parseTextData(ze,v,Q,!0,Ee,!0,!0)),Q=Q.substr(0,Q.lastIndexOf(".")),er.add(this.options.textNodeName,ze),this.addChild(B,er,Q,nt)}else{if(z.length>0&&z.lastIndexOf("/")===z.length-1){v[v.length-1]==="/"?(v=v.substr(0,v.length-1),Q=Q.substr(0,Q.length-1),z=v):z=z.substr(0,z.length-1),this.options.transformTagName&&(v=this.options.transformTagName(v));let ze=new U(v);v!==z&&Ee&&(ze[":@"]=this.buildAttributesMap(z,Q,v)),this.addChild(B,ze,Q,nt),Q=Q.substr(0,Q.lastIndexOf("."))}else{let ze=new U(v);this.tagsNodeStack.push(B),v!==z&&Ee&&(ze[":@"]=this.buildAttributesMap(z,Q,v)),this.addChild(B,ze,Q,nt),B=ze}S="",b=ae}}else S+=p[b];return y.child};function p6(p,y,B,S){this.options.captureMetaData||(S=void 0);let Q=this.options.updateTag(y.tagname,B,y[":@"]);Q===!1||(typeof Q=="string"&&(y.tagname=Q),p.addChild(y,S))}let y6=function(p){if(this.options.processEntities){for(let y in this.docTypeEntities){let B=this.docTypeEntities[y];p=p.replace(B.regx,B.val)}for(let y in this.lastEntities){let B=this.lastEntities[y];p=p.replace(B.regex,B.val)}if(this.options.htmlEntities)for(let y in this.htmlEntities){let B=this.htmlEntities[y];p=p.replace(B.regex,B.val)}p=p.replace(this.ampEntity.regex,this.ampEntity.val)}return p};function E6(p,y,B,S){return p&&(S===void 0&&(S=y.child.length===0),(p=this.parseTextData(p,y.tagname,B,!1,!!y[":@"]&&Object.keys(y[":@"]).length!==0,S))!==void 0&&p!==
`),NP(p,y,"",B)}function NP(p,y,B,S){let Q="",b=!1;for(let _=0;_<p.length;_++){let v=p[_],P=x6(v);if(P===void 0)continue;let z="";if(z=B.length===0?P:`${B}.${P}`,P===y.textNodeName){let nt=v[P];v6(z,y)||(nt=y.tagValueProcessor(P,nt),nt=SP(nt,y)),b&&(Q+=S),Q+=nt,b=!1;continue}if(P===y.cdataPropName){b&&(Q+=S),Q+=`<![CDATA[${v[P][0][y.textNodeName]}]]>`,b=!1;continue}if(P===y.commentPropName){Q+=S+`<!--${v[P][0][y.textNodeName]}-->`,b=!0;continue}if(P[0]==="?"){let nt=wP(v[":@"],y),ze=P==="?xml"?"":S,er=v[P][0][y.textNodeName];er=er.length!==0?" "+er:"",Q+=ze+`<${P}${er}${nt}?>`,b=!0;continue}let Ee=S;Ee!==""&&(Ee+=y.indentBy);let ae=S+`<${P}${wP(v[":@"],y)}`,Fe=NP(v[P],y,z,Ee);y.unpairedTags.indexOf(P)!==-1?y.suppressUnpairedNode?Q+=ae+">":Q+=ae+"/>":Fe&&Fe.length!==0||!y.suppressEmptyNode?Fe&&Fe.endsWith(">")?Q+=ae+`>${Fe}${S}</${P}>`:(Q+=ae+">",Fe&&S!==""&&(Fe.includes("/>")||Fe.includes("</"))?Q+=S+y.indentBy+Fe+S:Q+=Fe,Q+=`</${P}>`):Q+=ae+"/>",b=!0}return Q}function x6(p){let y=Object.keys(p);for(let B=0;B<y.length;B++){let S=y[B];if(p.hasOwnProperty(S)&&S!==":@")return S}}function wP(p,y){let B="";if(p&&!y.ignoreAttributes)for(let S in p){if(!p.hasOwnProperty(S))continue;let Q=y.attributeValueProcessor(S,p[S]);Q=SP(Q,y),Q===!0&&y.suppressBooleanAttributes?B+=` ${S.substr(y.attributeNamePrefix.length)}`:B+=` ${S.substr(y.attributeNamePrefix.length)}="${Q}"`}return B}function v6(p,y){let B=(p=p.substr(0,p.length-y.textNodeName.length-1)).substr(p.lastIndexOf(".")+1);for(let S in y.stopNodes)if(y.stopNodes[S]===p||y.stopNodes[S]==="*."+B)return!0;return!1}function SP(p,y){if(p&&p.length>0&&y.processEntities)for(let B=0;B<y.entities.length;B++){let S=y.entities[B];p=p.replace(S.regex,S.val)}return p}let R6={attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,cdataPropName:!1,format:!1,indentBy:"  ",suppressEmptyNode:!1,suppressUnpairedNode:!0,suppressBooleanAttributes:!0,tagValueProcessor:function(p,y){return y},attributeValueProcessor:function(p,y){return y},preserveOrder:!1,commentPropName:!1,unpairedTags:[],entities:[{regex:new RegExp("&","g"),val:"&amp;"},{regex:new RegExp(">","g"),val:"&gt;"},{regex:new RegExp("<","g"),val:"&lt;"},{regex:new RegExp("'","g"),val:"&apos;"},{regex:new RegExp('"',"g"),val:"&quot;"}],processEntities:!0,stopNodes:[],oneListGroup:!1};function Ro(p){this.options=Object.assign({},R6,p),this.options.ignoreAttributes===!0||this.options.attributesGroupName?this.isAttribute=function(){return!1}:(this.ignoreAttributesFn=Mi(this.options.ignoreAttributes),this.attrPrefixLen=this.options.attributeNamePrefix.length,this.isAttribute=k6),this.processTextOrObjNode=_6,this.options.format?(this.indentate=D6,this.tagEndChar=`>
`,this.newLine=`
`):(this.indentate=function(){return""},this.tagEndChar=">",this.newLine="")}function _6(p,y,B,S){let Q=this.j2x(p,B+1,S.concat(y));return p[this.options.textNodeName]!==void 0&&Object.keys(p).length===1?this.buildTextValNode(p[this.options.textNodeName],y,Q.attrStr,B):this.buildObjectNode(Q.val,y,Q.attrStr,B)}function D6(p){return this.options.indentBy.repeat(p)}function k6(p){return!(!p.startsWith(this.options.attributeNamePrefix)||p===this.options.textNodeName)&&p.substr(this.attrPrefixLen)}Ro.prototype.build=function(p){return this.options.preserveOrder?S6(p,this.options):(Array.isArray(p)&&this.options.arrayNodeName&&this.options.arrayNodeName.length>1&&(p={[this.options.arrayNodeName]:p}),this.j2x(p,0,[]).val)},Ro.prototype.j2x=function(p,y,B){let S="",Q="",b=B.join(".");for(let _ in p)if(Object.prototype.hasOwnProperty.call(p,_))if(p[_]===void 0)this.isAttribute(_)&&(Q+="");else if(p[_]===null)this.isAttribute(_)||_===this.options.cdataPropName?Q+="":_[0]==="?"?Q+=this.indentate(y)+"<"+_+"?"+this.tagEndChar:Q+=this.indentate(y)+"<"+_+"/"+this.tagEndChar;else if(p[_]instanceof Date)Q+=this.buildTextValNode(p[_],_,"",y);else if(typeof p[_]!="object"){let v=this.isAttribute(_);if(v&&!this.ignoreAttributesFn(v,b))S+=this.buildAttrPairStr(v,""+p[_]);else if(!v)if(_===this.options.textNodeName){let P=this.options.tagValueProcessor(_,""+p[_]);Q+=this.replaceEntitiesValue(P)}else Q+=this.buildTextValNode(p[_],_,"",y)}else if(Array.isArray(p[_])){let v=p[_].length,P="",z="";for(let Ee=0;Ee<v;Ee++){let ae=p[_][Ee];if(ae!==void 0)if(ae===null)_[0]==="?"?Q+=this.indentate(y)+"<"+_+"?"+this.tagEndChar:Q+=this.indentate(y)+"<"+_+"/"+this.tagEndChar;else if(typeof ae=="object")if(this.options.oneListGroup){let Fe=this.j2x(ae,y+1,B.concat(_));P+=Fe.val,this.options.attributesGroupName&&ae.hasOwnProperty(this.options.attributesGroupName)&&(z+=Fe.attrStr)}else P+=this.processTextOrObjNode(ae,_,y,B);else if(this.options.oneListGroup){let Fe=this.options.tagValueProcessor(_,ae);Fe=this.replaceEntitiesValue(Fe),P+=Fe}else P+=this.buildTextValNode(ae,_,"",y)}this.options.oneListGroup&&(P=this.buildObjectNode(P,_,z,y)),Q+=P}else if(this.options.attributesGroupName&&_===this.options.attributesGroupName){let v=Object.keys(p[_]),P=v.length;for(let z=0;z<P;z++)S+=this.buildAttrPairStr(v[z],""+p[_][v[z]])}else Q+=this.processTextOrObjNode(p[_],_,y,B);return{attrStr:S,val:Q}},Ro.prototype.buildAttrPairStr=function(p,y){return y=this.options.attributeValueProcessor(p,""+y),y=this.replaceEntitiesValue(y),this.options.suppressBooleanAttributes&&y==="true"?" "+p:" "+p+'="'+y+'"'},Ro.prototype.buildObjectNode=function(p,y,B,S){if(p==="")return y[0]==="?"?this.indentate(S)+"<"+y+B+"?"+this.tagEndChar:this.indentate(S)+"<"+y+B+this.closeTag(y)+this.tagEndChar;{let Q="</"+y+this.tagEndChar,b="";return y[0]==="?"&&(b="?",Q=""),!B&&B!==""||p.indexOf("<")!==-1?this.options.commentPropName!==!1&&y===this.options.commentPropName&&b.length===0?this.indentate(S)+`<!--${p}-->`+this.newLine:this.indentate(S)+"<"+y+B+b+this.tagEndChar+p+this.indentate(S)+Q:this.indentate(S)+"<"+y+B+b+">"+p+Q}},Ro.prototype.closeTag=function(p){let y="";return this.options.unpairedTags.indexOf(p)!==-1?this.options.suppressUnpairedNode||(y="/"):y=this.options.suppressEmptyNode?"/":`></${p}`,y},Ro.prototype.buildTextValNode=function(p,y,B,S){if(this.options.cdataPropName!==!1&&y===this.options.cdataPropName)return this.indentate(S)+`<![CDATA[${p}]]>`+this.newLine;if(this.options.commentPropName!==!1&&y===this.options.commentPropName)return this.indentate(S)+`<!--${p}-->`+this.newLine;if(y[0]==="?")return this.indentate(S)+"<"+y+B+"?"+this.tagEndChar;{let Q=this.options.tagValueProcessor(y,p);return Q=this.replaceEntitiesValue(Q),Q===""?this.indentate(S)+"<"+y+B+this.closeTag(y)+this.tagEndChar:this.indentate(S)+"<"+y+B+">"+Q+"</"+y+this.tagEndChar}},Ro.prototype.replaceEntitiesValue=function(p){if(p&&p.length>0&&this.options.processEntities)for(let y=0;y<this.options.entities.length;y++){let B=this.options.entities[y];p=p.replace(B.regex,B.val)}return p};let P6={validate:a};YG.e
	Polling from: ${r.config.operationLocation}
	Operation status: ${l}
	Polling status: ${tY.terminalStates.includes(l)?"Stopped":"Running"}`),l==="succeeded"){let u=o(c,r);if(u!==void 0)return{response:await e(u).catch(eY({state:r,stateProxy:n,isOperationError:a})),status:l}}return{response:c,status:l}}async function ECe(t){let{poll:e,state:r,stateProxy:n,options:i,getOperationStatus:s,getResourceLocation:o,getOperationLocation:a,isOperationError:A,withOperationLocation:c,getPollingInterval:l,processResult:u,getError:d,updateState:f,setDelay:g,isDone:m,setErrorAsResult:E}=t,{operationLocation:C}=r.config;if(C!==void 0){let{response:I,status:N}=await yCe({poll:e,getOperationStatus:s,state:r,stateProxy:n,operationLocation:C,getResourceLocation:o,isOperationError:A,options:i});if(rY({status:N,response:I,state:r,stateProxy:n,isDone:m,processResult:u,getError:d,setErrorAsResult:E}),!tY.terminalStates.includes(N)){let w=l?.(I);w&&g(w);let R=a?.(I,r);if(R!==void 0){let T=C!==R;r.config.operationLocation=R,c?.(R,T)}else c?.(C,!1)}f?.(r,I)}}na.pollOperation=ECe});var mv=h(Ft=>{"use strict";Object.defineProperty(Ft,"__esModule",{value:!0});Ft.pollHttpOperation=Ft.isOperationError=Ft.getResourceLocation=Ft.getOperationStatus=Ft.getOperationLocation=Ft.initHttpOperation=Ft.getStatusFromInitialResponse=Ft.getErrorFromResponse=Ft.parseRetryAfter=Ft.inferLroMode=void 0;var nY=cC(),fv=aC();function iY(t){let{azureAsyncOperation:e,operationLocation:r}=t;return r??e}function sY(t){return t.headers.location}function oY(t){return t.headers["operation-location"]}function aY(t){return t.headers["azure-asyncoperation"]}function CCe(t){var e;let{location:r,requestMethod:n,requestPath:i,resourceLocationConfig:s}=t;switch(n){case"PUT":return i;case"DELETE":return;case"PATCH":return(e=o())!==null&&e!==void 0?e:i;default:return o()}function o(){switch(s){case"azure-async-operation":return;case"original-uri":return i;default:return r}}}function AY(t){let{rawResponse:e,requestMethod:r,requestPath:n,resourceLocationConfig:i}=t,s=oY(e),o=aY(e),a=iY({operationLocation:s,azureAsyncOperation:o}),A=sY(e),c=r?.toLocaleUpperCase();return a!==void 0?{mode:"OperationLocation",operationLocation:a,resourceLocation:CCe({requestMethod:c,location:A,requestPath:n,resourceLocationConfig:i})}:A!==void 0?{mode:"ResourceLocation",operationLocation:A}:c==="PUT"&&n?{mode:"Body",operationLocation:n}:void 0}Ft.inferLroMode=AY;function cY(t){let{status:e,statusCode:r}=t;if(typeof e!="string"&&e!==void 0)throw new Error(`Polling was unsuccessful. Expected status to have a string value or no value but it has instead: ${e}. This doesn't necessarily indicate the operation has failed. Check your Azure subscription or resource status for more information.`);switch(e?.toLocaleLowerCase()){case void 0:return hv(r);case"succeeded":return"succeeded";case"failed":return"failed";case"running":case"accepted":case"started":case"canceling":case"cancelling":return"running";case"canceled":case"cancelled":return"canceled";default:return fv.logger.verbose(`LRO: unrecognized operation status: ${e}`),e}}function ICe(t){var e;let{status:r}=(e=t.body)!==null&&e!==void 0?e:{};return cY({status:r,statusCode:t.statusCode})}function BCe(t){var e,r;let{properties:n,provisioningState:i}=(e=t.body)!==null&&e!==void 0?e:{},s=(r=n?.provisioningState)!==null&&r!==void 0?r:i;return cY({status:s,statusCode:t.statusCode})}function hv(t){return t===202?"running":t<300?"succeeded":"failed"}function lY({rawResponse:t}){let e=t.headers["retry-after"];if(e!==void 0){let r=parseInt(e);return isNaN(r)?QCe(new Date(e)):r*1e3}}Ft.parseRetryAfter=lY;function uY(t){let e=hY(t,"error");if(!e){fv.logger.warning("The long-running operation failed but there is no error property in the response's body");return}if(!e.code||!e.message){fv.logger.warning("The long-running operation failed but the error property in the response's body doesn't contain code or message");return}return e}Ft.getErrorFromResponse=uY;function QCe(t){let e=Math.floor(new Date().getTime()),r=t.getTime();if(e<r)return r-e}function dY(t){let{response:e,state:r,operationLocation:n}=t;function i(){var o;switch((o=r.config.meta
`,UY="HTTP/1.1",eIe="AES256",tIe="DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;",rIe=["Access-Control-Allow-Origin","Cache-Control","Content-Length","Content-Type","Date","Request-Id","traceparent","Transfer-Encoding","User-Agent","x-ms-client-request-id","x-ms-date","x-ms-error-code","x-ms-request-id","x-ms-return-client-request-id","x-ms-version","Accept-Ranges","Content-Disposition","Content-Encoding","Content-Language","Content-MD5","Content-Range","ETag","Last-Modified","Server","Vary","x-ms-content-crc64","x-ms-copy-action","x-ms-copy-completion-time","x-ms-copy-id","x-ms-copy-progress","x-ms-copy-status","x-ms-has-immutability-policy","x-ms-has-legal-hold","x-ms-lease-state","x-ms-lease-status","x-ms-range","x-ms-request-server-encrypted","x-ms-server-encrypted","x-ms-snapshot","x-ms-source-range","If-Match","If-Modified-Since","If-None-Match","If-Unmodified-Since","x-ms-access-tier","x-ms-access-tier-change-time","x-ms-access-tier-inferred","x-ms-account-kind","x-ms-archive-status","x-ms-blob-append-offset","x-ms-blob-cache-control","x-ms-blob-committed-block-count","x-ms-blob-condition-appendpos","x-ms-blob-condition-maxsize","x-ms-blob-content-disposition","x-ms-blob-content-encoding","x-ms-blob-content-language","x-ms-blob-content-length","x-ms-blob-content-md5","x-ms-blob-content-type","x-ms-blob-public-access","x-ms-blob-sequence-number","x-ms-blob-type","x-ms-copy-destination-snapshot","x-ms-creation-time","x-ms-default-encryption-scope","x-ms-delete-snapshots","x-ms-delete-type-permanent","x-ms-deny-encryption-scope-override","x-ms-encryption-algorithm","x-ms-if-sequence-number-eq","x-ms-if-sequence-number-le","x-ms-if-sequence-number-lt","x-ms-incremental-copy","x-ms-lease-action","x-ms-lease-break-period","x-ms-lease-duration","x-ms-lease-id","x-ms-lease-time","x-ms-page-write","x-ms-proposed-lease-id","x-ms-range-get-content-md5","x-ms-rehydrate-priority","x-ms-sequence-number-action","x-ms-sku-name","x-ms-source-content-md5","x-ms-source-if-match","x-ms-source-if-modified-since","x-ms-source-if-none-match","x-ms-source-if-unmodified-since","x-ms-tag-count","x-ms-encryption-key-sha256","x-ms-copy-source-error-code","x-ms-copy-source-status-code","x-ms-if-tags","x-ms-source-if-tags"],nIe=["comp","maxresults","rscc","rscd","rsce","rscl","rsct","se","si","sip","sp","spr","sr","srt","ss","st","sv","include","marker","prefix","copyid","restype","blockid","blocklisttype","delimiter","prevsnapshot","ske","skoid","sks","skt","sktid","skv","snapshot"],iIe="BlobUsesCustomerSpecifiedEncryption",sIe="BlobDoesNotUseCustomerSpecifiedEncryption",oIe=["10000","10001","10002","10003","10004","10100","10101","10102","10103","10104","11000","11001","11002","11003","11004","11100","11101","11102","11103","11104"];function aIe(t){let e=new URL(t),r=e.pathname;return r=r||"/",r=cIe(r),e.pathname=r,e.toString()}function AIe(t){let e="";if(t.search("DevelopmentStorageProxyUri=")!==-1){let r=t.split(";");for(let n of r)n.trim().startsWith("DevelopmentStorageProxyUri=")&&(e=n.trim().match("DevelopmentStorageProxyUri=(.*)")[1])}return e}function QA(t,e){let r=t.split(";");for(let n of r)if(n.trim().startsWith(e))return n.trim().match(e+"=(.*)")[1];return""}function yu(t){let e="";t.startsWith("UseDevelopmentStorage=true")&&(e=AIe(t),t=tIe);let r=QA(t,"BlobEndpoint");if(r=r.endsWith("/")?r.slice(0,-1):r,t.search("DefaultEndpointsProtocol=")!==-1&&t.search("AccountKey=")!==-1){let n="",i="",s=Buffer.from("accountKey","base64"),o="";if(i=QA(t,"AccountName"),s=Buffer.from(QA(t,"AccountKey"),"base64"),!r){n=QA(t,"DefaultEndpointsProtocol");let a=n.toLowerCase();if(a!=="https"&&a!=="http")throw new Error("Invalid DefaultEndpointsProtocol in the provided Connection String. Expecting 'https' or 'http'");if(o=QA(t,"EndpointSuffix"),!o)throw new Error("Invalid EndpointSuffix in the provided Connection String");r=`${n}://${i}.blob.${o}`}if(i){if(s.length===0)throw new Error("
`)+`
`+this.getCanonicalizedHeadersString(e)+this.getCanonicalizedResourceString(e),n=this.factory.computeHMACSHA256(r);return e.headers.set(Ie.AUTHORIZATION,`SharedKey ${this.factory.accountName}:${n}`),e}getHeaderValueToSign(e,r){let n=e.headers.get(r);return!n||r===Ie.CONTENT_LENGTH&&n==="0"?"":n}getCanonicalizedHeadersString(e){let r=e.headers.headersArray().filter(i=>i.name.toLowerCase().startsWith(Ie.PREFIX_FOR_STORAGE));r.sort((i,s)=>YY(i.name.toLowerCase(),s.name.toLowerCase())),r=r.filter((i,s,o)=>!(s>0&&i.name.toLowerCase()===o[s-1].name.toLowerCase()));let n="";return r.forEach(i=>{n+=`${i.name.toLowerCase().trimRight()}:${i.value.trimLeft()}
`}),n}getCanonicalizedResourceString(e){let r=TC(e.url)||"/",n="";n+=`/${this.factory.accountName}${r}`;let i=HY(e.url),s={};if(i){let o=[];for(let a in i)if(Object.prototype.hasOwnProperty.call(i,a)){let A=a.toLowerCase();s[A]=i[a],o.push(A)}o.sort();for(let a of o)n+=`
${a}:${decodeURIComponent(s[a])}`}return n}},qh=class{create(e,r){throw new Error("Method should be implemented in children classes.")}},lt=class extends qh{constructor(e,r){super(),this.accountName=e,this.accountKey=Buffer.from(r,"base64")}create(e,r){return new bC(e,r,this)}computeHMACSHA256(e){return iR.createHmac("sha256",this.accountKey).update(e,"utf8").digest("base64")}},NC=class extends Uh{constructor(e,r){super(e,r)}},dt=class extends qh{create(e,r){return new NC(e,r)}},Nv;function BIe(){return Nv||(Nv=jr.createDefaultHttpClient()),Nv}var QIe="storageBrowserPolicy";function bIe(){return{name:QIe,async sendRequest(t,e){return st.isNode||((t.method==="GET"||t.method==="HEAD")&&(t.url=Ao(t.url,Ji.Parameters.FORCE_BROWSER_NO_CACHE,new Date().getTime().toString())),t.headers.delete(Ie.COOKIE),t.headers.delete(Ie.CONTENT_LENGTH)),e(t)}}}var NIe="storageRetryPolicy",Hh;(function(t){t[t.EXPONENTIAL=0]="EXPONENTIAL",t[t.FIXED=1]="FIXED"})(Hh||(Hh={}));var cu={maxRetryDelayInMs:120*1e3,maxTries:4,retryDelayInMs:4*1e3,retryPolicyType:Hh.EXPONENTIAL,secondaryHost:"",tryTimeoutInMs:void 0},wIe=["ETIMEDOUT","ESOCKETTIMEDOUT","ECONNREFUSED","ECONNRESET","ENOENT","ENOTFOUND","TIMEOUT","EPIPE","REQUEST_SEND_ERROR"],SIe=new kC.AbortError("The operation was aborted.");function xIe(t={}){var e,r,n,i,s,o;let a=(e=t.retryPolicyType)!==null&&e!==void 0?e:cu.retryPolicyType,A=(r=t.maxTries)!==null&&r!==void 0?r:cu.maxTries,c=(n=t.retryDelayInMs)!==null&&n!==void 0?n:cu.retryDelayInMs,l=(i=t.maxRetryDelayInMs)!==null&&i!==void 0?i:cu.maxRetryDelayInMs,u=(s=t.secondaryHost)!==null&&s!==void 0?s:cu.secondaryHost,d=(o=t.tryTimeoutInMs)!==null&&o!==void 0?o:cu.tryTimeoutInMs;function f({isPrimaryRetry:m,attempt:E,response:C,error:I}){var N,w;if(E>=A)return nr.info(`RetryPolicy: Attempt(s) ${E} >= maxTries ${A}, no further try.`),!1;if(I){for(let R of wIe)if(I.name.toUpperCase().includes(R)||I.message.toUpperCase().includes(R)||I.code&&I.code.toString().toUpperCase()===R)return nr.info(`RetryPolicy: Network error ${R} found, will retry.`),!0;if(I?.code==="PARSE_ERROR"&&I?.message.startsWith('Error "Error: Unclosed root tag'))return nr.info("RetryPolicy: Incomplete XML response likely due to service timeout, will retry."),!0}if(C||I){let R=(w=(N=C?.status)!==null&&N!==void 0?N:I?.statusCode)!==null&&w!==void 0?w:0;if(!m&&R===404)return nr.info("RetryPolicy: Secondary access with 404, will retry."),!0;if(R===503||R===500)return nr.info(`RetryPolicy: Will retry for status code ${R}.`),!0}return!1}function g(m,E){let C=0;if(m)switch(a){case Hh.EXPONENTIAL:C=Math.min((Math.pow(2,E-1)-1)*c,l);break;case Hh.FIXED:C=c;break}else C=Math.random()*1e3;return nr.info(`RetryPolicy: Delay for ${C}ms`),C}return{name:NIe,async sendRequest(m,E){d&&(m.url=Ao(m.url,Ji.Parameters.TIMEOUT,String(Math.floor(d/1e3))));let C=m.url,I=u?qY(m.url,u):void 0,N=!1,w=1,R=!0,T,U;for(;R;){let k=N||!I||!["GET","HEAD","OPTIONS"].includes(m.method)||w%2===1;m.url=k?C:I,T=void 0,U=void 0;try{nr.info(`RetryPolicy: =====> Try=${w} ${k?"Primary":"Secondary"}`),T=await E(m),N=N||!k&&T.status===404}catch(J){if(jr.isRestError(J))nr.error(`RetryPolicy: Caught error, message: ${J.message}, code: ${J.code}`),U=J;else throw nr.error(`RetryPolicy: Caught error, message: ${st.getErrorMessage(J)}`),J}R=f({isPrimaryRetry:k,attempt:w,response:T,error:U}),R&&await jY(g(k,w),m.abortSignal,SIe),w++}if(T)return T;throw U??new jr.RestError("RetryPolicy failed without known error.")}}}var vIe="storageSharedKeyCredentialPolicy";function JY(t){function e(s){s.headers.set(Ie.X_MS_DATE,new Date().toUTCString()),s.body&&(typeof s.body=="string"||Buffer.isBuffer(s.body))&&s.body.length>0&&s.headers.set(Ie.CONTENT_LENGTH,Buffer.byteLength(s.body));let o=[s.method.toUpperCase(),r(s,Ie.CONTENT_LANGUAGE),r(s,Ie.CONTENT_ENCODING),r(s,Ie.CONTENT_LENGTH),r(s,Ie.CONTENT_MD5),r(s,Ie.CONTENT_TYPE),r(s,Ie.DATE),r(s,Ie.IF_MODIFIED_SINCE),r(s,Ie.IF_MATCH),r(s,Ie.IF_NONE_MATCH),r(s,Ie.IF_UNMODIFIED_SINCE),r(s,Ie.RANGE)].join(`
`)+`
`+n(s)+i(s),a=iR.createHmac("sha256",t.accountKey).update(o,"utf8").digest("base64");s.headers.set(Ie.AUTHORIZATION,`SharedKey ${t.accountName}:${a}`)}function r(s,o){let a=s.headers.get(o);return!a||o===Ie.CONTENT_LENGTH&&a==="0"?"":a}function n(s){let o=[];for(let[A,c]of s.headers)A.toLowerCase().startsWith(Ie.PREFIX_FOR_STORAGE)&&o.push({name:A,value:c});o.sort((A,c)=>YY(A.name.toLowerCase(),c.name.toLowerCase())),o=o.filter((A,c,l)=>!(c>0&&A.name.toLowerCase()===l[c-1].name.toLowerCase()));let a="";return o.forEach(A=>{a+=`${A.name.toLowerCase().trimRight()}:${A.value.trimLeft()}
`}),a}function i(s){let o=TC(s.url)||"/",a="";a+=`/${t.accountName}${o}`;let A=HY(s.url),c={};if(A){let l=[];for(let u in A)if(Object.prototype.hasOwnProperty.call(A,u)){let d=u.toLowerCase();c[d]=A[u],l.push(d)}l.sort();for(let u of l)a+=`
${u}:${decodeURIComponent(c[u])}`}return a}return{name:vIe,async sendRequest(s,o){return e(s),o(s)}}}var wC=class extends fu{constructor(e,r){super(e,r)}async sendRequest(e){return st.isNode?this._nextPolicy.sendRequest(e):((e.method.toUpperCase()==="GET"||e.method.toUpperCase()==="HEAD")&&(e.url=Ao(e.url,Ji.Parameters.FORCE_BROWSER_NO_CACHE,new Date().getTime().toString())),e.headers.remove(Ie.COOKIE),e.headers.remove(Ie.CONTENT_LENGTH),this._nextPolicy.sendRequest(e))}},SC=class{create(e,r){return new wC(e,r)}},RIe="StorageCorrectContentLengthPolicy";function _Ie(){function t(e){e.body&&(typeof e.body=="string"||Buffer.isBuffer(e.body))&&e.body.length>0&&e.headers.set(Ie.CONTENT_LENGTH,Buffer.byteLength(e.body))}return{name:RIe,async sendRequest(e,r){return t(e),r(e)}}}function Aa(t){if(!t||typeof t!="object")return!1;let e=t;return Array.isArray(e.factories)&&typeof e.options=="object"&&typeof e.toServiceClientOptions=="function"}var jh=class{constructor(e,r={}){this.factories=e,this.options=r}toServiceClientOptions(){return{httpClient:this.options.httpClient,requestPolicyFactories:this.factories}}};function ut(t,e={}){t||(t=new dt);let r=new jh([],e);return r._credential=t,r}function DIe(t){let e=[kIe,$Y,PIe,TIe,OIe,LIe,FIe];if(t.factories.length){let r=t.factories.filter(n=>!e.some(i=>i(n)));if(r.length){let n=r.some(i=>MIe(i));return{wrappedPolicies:DC.createRequestPolicyFactoryPolicy(r),afterRetry:n}}}}function VY(t){var e;let r=t.options,{httpClient:n}=r,i=q.__rest(r,["httpClient"]),s=t._coreHttpClient;s||(s=n?DC.convertHttpClient(n):BIe(),t._coreHttpClient=s);let o=t._corePipeline;if(!o){let a=`azsdk-js-azure-storage-blob/${MY}`,A=i.userAgentOptions&&i.userAgentOptions.userAgentPrefix?`${i.userAgentOptions.userAgentPrefix} ${a}`:`${a}`;o=Lh.createClientPipeline(Object.assign(Object.assign({},i),{loggingOptions:{additionalAllowedHeaderNames:rIe,additionalAllowedQueryParameters:nIe,logger:nr.info},userAgentOptions:{userAgentPrefix:A},serializationOptions:{stringifyXML:Sv.stringifyXML,serializerOptions:{xml:{xmlCharKey:"#"}}},deserializationOptions:{parseXML:Sv.parseXML,serializerOptions:{xml:{xmlCharKey:"#"}}}})),o.removePolicy({phase:"Retry"}),o.removePolicy({name:jr.decompressResponsePolicyName}),o.addPolicy(_Ie()),o.addPolicy(xIe(i.retryOptions),{phase:"Retry"}),o.addPolicy(bIe());let c=DIe(t);c&&o.addPolicy(c.wrappedPolicies,c.afterRetry?{afterPhase:"Retry"}:void 0);let l=WY(t);Ci.isTokenCredential(l)?o.addPolicy(jr.bearerTokenAuthenticationPolicy({credential:l,scopes:(e=i.audience)!==null&&e!==void 0?e:AR,challengeCallbacks:{authorizeRequestOnChallenge:Lh.authorizeRequestOnTenantChallenge}}),{phase:"Sign"}):l instanceof lt&&o.addPolicy(JY({accountName:l.accountName,accountKey:l.accountKey}),{phase:"Sign"}),t._corePipeline=o}return Object.assign(Object.assign({},i),{allowInsecureConnection:!0,httpClient:s,pipeline:o})}function WY(t){if(t._credential)return t._credential;let e=new dt;for(let r of t.factories)if(Ci.isTokenCredential(r.credential))e=r.credential;else if($Y(r))return r;return e}function $Y(t){return t instanceof lt?!0:t.constructor.name==="StorageSharedKeyCredential"}function kIe(t){return t instanceof dt?!0:t.constructor.name==="AnonymousCredential"}function PIe(t){return Ci.isTokenCredential(t.credential)}function TIe(t){return t instanceof SC?!0:t.constructor.name==="StorageBrowserPolicyFactory"}function OIe(t){return t instanceof QC?!0:t.constructor.name==="StorageRetryPolicyFactory"}function LIe(t){return t.constructor.name==="TelemetryPolicyFactory"}function MIe(t){return t.constructor.name==="InjectorPolicyFactory"}function FIe(t){let e=["GenerateClientRequestIdPolicy","TracingPolicy","LogPolicy","ProxyPolicy","DisableResponseDecompressionPolicy","KeepAlivePolicy","DeserializationPolicy"],r={sendRequest:async o=>({request:o,headers:o.headers.clone(),status:500})},n={log(o,a){},shouldLog(o){return!1}},s=t.create(r,n).constructor.name;return e.some(o=>s.startsWith(o))}var lR={serializedName:"BlobServiceProperties",xmlName:"StorageServiceProperties",type:{name:"Composite",className:"BlobServi
`),s=e.computeHMACSHA256(i);return{sasQueryParameters:new Ns(t.version,s,n,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType),stringToSign:i}}function Qbe(t,e){if(t=Lu(t),!t.identifier&&!(t.permissions&&t.expiresOn))throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when 'identifier' is not provided.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=co.parse(t.permissions.toString()).toString():i=lo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Ou(e.accountName,t.containerName,t.blobName),t.identifier,t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl?t.cacheControl:"",t.contentDisposition?t.contentDisposition:"",t.contentEncoding?t.contentEncoding:"",t.contentLanguage?t.contentLanguage:"",t.contentType?t.contentType:""].join(`
`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ns(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType),stringToSign:s}}function bbe(t,e){if(t=Lu(t),!t.identifier&&!(t.permissions&&t.expiresOn))throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when 'identifier' is not provided.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=co.parse(t.permissions.toString()).toString():i=lo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Ou(e.accountName,t.containerName,t.blobName),t.identifier,t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.encryptionScope,t.cacheControl?t.cacheControl:"",t.contentDisposition?t.contentDisposition:"",t.contentEncoding?t.contentEncoding:"",t.contentLanguage?t.contentLanguage:"",t.contentType?t.contentType:""].join(`
`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ns(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,void 0,void 0,void 0,t.encryptionScope),stringToSign:s}}function Nbe(t,e){if(t=Lu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=co.parse(t.permissions.toString()).toString():i=lo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Ou(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ns(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey),stringToSign:s}}function wbe(t,e){if(t=Lu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=co.parse(t.permissions.toString()).toString():i=lo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Ou(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.preauthorizedAgentObjectId,void 0,t.correlationId,t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ns(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey,t.preauthorizedAgentObjectId,t.correlationId),stringToSign:s}}function Sbe(t,e){if(t=Lu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=co.parse(t.permissions.toString()).toString():i=lo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Ou(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.preauthorizedAgentObjectId,void 0,t.correlationId,t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.encryptionScope,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ns(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey,t.preauthorizedAgentObjectId,t.correlationId,t.encryptionScope),stringToSign:s}}function Ou(t,e,r){let n=[`/blob/${t}/${e}`];return r&&n.push(`/${r}`),n.join("")}function Lu(t){let e=t.version?t.version:aR;if(t.snapshotTime&&e<"2018-11-09")throw RangeError("'version' must be >= '2018-11-09' when providing 'snapshotTime'.");if(t.blobName===void 0&&t.snapshotTime)throw RangeError("Must provide 'blobName' when providing 'snapshotTime'.");if(t.versionId&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'versionId'.");if(t.blobName===void 0&&t.versionId)throw RangeError("Must provide 'blobName' when providing 'versionId'.");if(t.permissions&&t.permissions.setImmutabilityPolicy&&e<"2020-08-04")throw RangeError("'version' must be >= '2020-08-04' when provided 'i' permission.");if(t.permissions&&t.permissions.deleteVersion&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'x' permission.");if(t.permissions&&t.permissions.permanentDelete&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'y' permission.");if(t.permissions&&t.permissions.tag&&e<"2019-12-12")throw RangeError("'version' must be >= '2019-12-12' when providing 't' permission.");if(e<"2020-02-10"&&t.permissions&&(t.permissions.move||t.permissions.execute))throw RangeError("'version' must be >= '2020-02-10' when providing the 'm' or 'e' permission.");if(e<"2021-04-10"&&t.permissions&&t.permissions.filterByTags)throw RangeError("'version' must be >= '2021-04-10' when providing the 'f' permission.");if(e<"2020-02-10"&&(t.preauthorizedAgentObjectId||t.correlationId))throw RangeError("'version' must be >= '2020-02-10' when providing 'preauthorizedAgentObjectId' or 'correlationId'.");if(t.encryptionScope&&e<"2020-12-06")throw RangeError("'version' must be >= '2020-12-06' when provided 'encryptionScope' in SAS.");return t.version=e,t}var Jh=class{get leaseId(){return this._leaseId}get url(){return this._url}constructor(e,r){let n=e.storageClientContext;this._url=e.url,e.name===void 0?(this._isContainer=!0,this._containerOrBlobOperation=n.container):(this._isContainer=!1,this._containerOrBlobOperation=n.blob),r||(r=st.randomUUID()),this._leaseId=r}async acquireLease(e,r={}){var n,i,s,o,a;if(this._isContainer&&(!((n=r.conditions)===null||n===void 0)&&n.ifMatch&&((i=r.conditions)===null||i===void 0?void 0:i.ifMatch)!==bs||!((s=r.conditions)===null||s===void 0)&&s.ifNoneMatch&&((o=r.conditions)===null||o===void 0?void 0:o.ifNoneMatch)!==bs||!((a=r.conditions)===null||a===void 0)&&a.tagConditions))throw new RangeError("The IfMatch, IfNoneMatch and tags access conditions are ignored by the service. Values other than undefined or their default values are not acceptable.");return F.withSpan("BlobLeaseClient-acquireLease",r,async A=>{var c;return V(await this._containerOrBlobOperation.acquireLease({abortSignal:r.abortSignal,duration:e,modifiedAccessConditions:Object.assign(Object.assign({},r.conditions),{ifTags:(c=r.conditions)===null||c===void 0?void 0:c.tagConditions}),proposedLeaseId:this._leaseId,tracingOptions:A.tracingOptions}))})}async changeLease(e,r={}){var n,i,s,o,a;if(this._isContainer&&(!((n=r.conditions)===null||n===void 0)&&n.ifMatch&&((i=r.conditions)===null||i===void 0?void 0:i.ifMatch)!==bs||!((s=r.conditions)===null||s===void 0)&&s.ifNoneMatch&&((o=r.conditions)===null||o===void 0?void 0:o.ifNoneMatch)!==bs||!((a=r.conditions)===null||a===void 0)&&a.tagConditions))throw new RangeError("The IfMatch, IfNoneMatch and tags access conditions are ignored by the service. Values other than undefined or their default values are not acceptable.");return F.withSpan("BlobLeaseClient-changeLease",r,async A=>{var c;let l=V(await this._containerOrBlobOperation.changeLease(this._leaseId,e,{abortSignal:r.abortSignal,modifiedAccessConditi
`):o=[e.accountName,n,i,s,t.startsOn?Xe(t.startsOn,!1):"",Xe(t.expiresOn,!1),t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",r,""].join(`
`);let a=e.computeHMACSHA256(o);return{sasQueryParameters:new Ns(r,a,n.toString(),i,s,t.protocol,t.startsOn,t.expiresOn,t.ipRange,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,t.encryptionScope),stringToSign:o}}var nR=class t extends zh{static fromConnectionString(e,r){r=r||{};let n=yu(e);if(n.kind==="AccountConnString")if(st.isNode){let i=new lt(n.accountName,n.accountKey);r.proxyOptions||(r.proxyOptions=jr.getDefaultProxySettings(n.proxyUri));let s=ut(i,r);return new t(n.url,s)}else throw new Error("Account connection string is only supported in Node.js environment");else if(n.kind==="SASConnString"){let i=ut(new dt,r);return new t(n.url+"?"+n.accountSas,i)}else throw new Error("Connection string must be either an Account connection string or a SAS connection string")}constructor(e,r,n){let i;Aa(r)?i=r:st.isNode&&r instanceof lt||r instanceof dt||Ci.isTokenCredential(r)?i=ut(r,n):i=ut(new dt,n),super(e,i),this.serviceContext=this.storageClientContext.service}getContainerClient(e){return new RC(Pt(this.url,encodeURIComponent(e)),this.pipeline)}async createContainer(e,r={}){return F.withSpan("BlobServiceClient-createContainer",r,async n=>{let i=this.getContainerClient(e),s=await i.create(n);return{containerClient:i,containerCreateResponse:s}})}async deleteContainer(e,r={}){return F.withSpan("BlobServiceClient-deleteContainer",r,async n=>this.getContainerClient(e).delete(n))}async undeleteContainer(e,r,n={}){return F.withSpan("BlobServiceClient-undeleteContainer",n,async i=>{let s=this.getContainerClient(n.destinationContainerName||e),o=s.storageClientContext.container,a=V(await o.restore({deletedContainerName:e,deletedContainerVersion:r,tracingOptions:i.tracingOptions}));return{containerClient:s,containerUndeleteResponse:a}})}async renameContainer(e,r,n={}){return F.withSpan("BlobServiceClient-renameContainer",n,async i=>{var s;let o=this.getContainerClient(r),a=o.storageClientContext.container,A=V(await a.rename(e,Object.assign(Object.assign({},i),{sourceLeaseId:(s=n.sourceCondition)===null||s===void 0?void 0:s.leaseId})));return{containerClient:o,containerRenameResponse:A}})}async getProperties(e={}){return F.withSpan("BlobServiceClient-getProperties",e,async r=>V(await this.serviceContext.getProperties({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async setProperties(e,r={}){return F.withSpan("BlobServiceClient-setProperties",r,async n=>V(await this.serviceContext.setProperties(e,{abortSignal:r.abortSignal,tracingOptions:n.tracingOptions})))}async getStatistics(e={}){return F.withSpan("BlobServiceClient-getStatistics",e,async r=>V(await this.serviceContext.getStatistics({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async getAccountInfo(e={}){return F.withSpan("BlobServiceClient-getAccountInfo",e,async r=>V(await this.serviceContext.getAccountInfo({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async listContainersSegment(e,r={}){return F.withSpan("BlobServiceClient-listContainersSegment",r,async n=>V(await this.serviceContext.listContainersSegment(Object.assign(Object.assign({abortSignal:r.abortSignal,marker:e},r),{include:typeof r.include=="string"?[r.include]:r.include,tracingOptions:n.tracingOptions}))))}async findBlobsByTagsSegment(e,r,n={}){return F.withSpan("BlobServiceClient-findBlobsByTagsSegment",n,async i=>{let s=V(await this.serviceContext.filterBlobs({abortSignal:n.abortSignal,where:e,marker:r,maxPageSize:n.maxPageSize,tracingOptions:i.tracingOptions}));return Object.assign(Object.assign({},s),{_response:s._response,blobs:s.blobs.map(a=>{var A;let c="";return((A=a.tags)===null||A===void 0?void 0:A.blobTagSet.length)===1&&(c=a.tags.blobTagSet[0].value),Object.assign(Object.assign({},a),{tags:Ph(a.tags),tagValue:c})})})})}findBlobsByTagsSegments(e,r){return q.__asyncGenerator(this,arguments,function*(i,s,o={}){let a;if(s||s===void 0)do a=yield q.__await(this.findBlobsByTagsSegment(i,s,o)),a.blobs=a.blobs||[],s=a.continuationToken,yield yield q.__await(a);while(s)})}findBlobsByTagsItems(e){return q.__asyncGenerator(this,arguments,functi
If you are using self-hosted runners, please make sure your runner has access to all GitHub endpoints: https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github`;super(r),this.code=e,this.name="NetworkError"}};Qn.NetworkError=HC;HC.isNetworkErrorCode=t=>t?["ECONNRESET","ENOTFOUND","ETIMEDOUT","ECONNREFUSED","EHOSTUNREACH"].includes(t):!1;var jC=class extends Error{constructor(){super(`Cache storage quota has been hit. Unable to upload any new cache entries. Usage is recalculated every 6-12 hours.
More info on storage limits: https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions#calculating-minute-and-storage-spending`),this.name="UsageError"}};Qn.UsageError=jC;jC.isUsageErrorMessage=t=>t?t.includes("insufficient usage"):!1});var m4=h(bn=>{"use strict";var jbe=bn&&bn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),zbe=bn&&bn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Gbe=bn&&bn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&jbe(e,t,r);return zbe(e,t),e},Ybe=bn&&bn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(bn,"__esModule",{value:!0});bn.uploadCacheArchiveSDK=bn.UploadProgress=void 0;var RR=Gbe(at()),Jbe=bR(),Vbe=vR(),zC=class{constructor(e){this.contentLength=e,this.sentBytes=0,this.displayedComplete=!1,this.startTime=Date.now()}setSentBytes(e){this.sentBytes=e}getTransferredBytes(){return this.sentBytes}isDone(){return this.getTransferredBytes()===this.contentLength}display(){if(this.displayedComplete)return;let e=this.sentBytes,r=(100*(e/this.contentLength)).toFixed(1),n=Date.now()-this.startTime,i=(e/(1024*1024)/(n/1e3)).toFixed(1);RR.info(`Sent ${e} of ${this.contentLength} (${r}%), ${i} MBs/sec`),this.isDone()&&(this.displayedComplete=!0)}onProgress(){return e=>{this.setSentBytes(e.loadedBytes)}}startDisplayTimer(e=1e3){let r=()=>{this.display(),this.isDone()||(this.timeoutHandle=setTimeout(r,e))};this.timeoutHandle=setTimeout(r,e)}stopDisplayTimer(){this.timeoutHandle&&(clearTimeout(this.timeoutHandle),this.timeoutHandle=void 0),this.display()}};bn.UploadProgress=zC;function Wbe(t,e,r){var n;return Ybe(this,void 0,void 0,function*(){let i=new Jbe.BlobClient(t),s=i.getBlockBlobClient(),o=new zC((n=r?.archiveSizeBytes)!==null&&n!==void 0?n:0),a={blockSize:r?.uploadChunkSize,concurrency:r?.uploadConcurrency,maxSingleShotSize:128*1024*1024,onProgress:o.onProgress()};try{o.startDisplayTimer(),RR.debug(`BlobClient: ${i.name}:${i.accountName}:${i.containerName}`);let A=yield s.uploadFile(e,a);if(A._response.status>=400)throw new Vbe.InvalidResponseError(`uploadCacheArchiveSDK: upload failed with status code ${A._response.status}`);return A}catch(A){throw RR.warning(`uploadCacheArchiveSDK: internal error uploading cache archive: ${A.message}`),A}finally{o.stopDisplayTimer()}})}bn.uploadCacheArchiveSDK=Wbe});var DR=h(qt=>{"use strict";var $be=qt&&qt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Kbe=qt&&qt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Xbe=qt&&qt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&$be(e,t,r);return Kbe(e,t),e},YC=qt&&qt.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(qt,"__esModule",{value:!0}
Other caches with similar key:`);for(let a of s?.artifactCaches||[])$n.debug(`Cache Key: ${a?.cacheKey}, Cache Version: ${a?.cacheVersion}, Cache Scope: ${a?.scope}, Cache Created: ${a?.creationTime}`)}}})}function L0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n=new v0e.URL(t),i=(0,FR.getDownloadOptions)(r);n.hostname.endsWith(".blob.core.windows.net")?i.useAzureSdk?yield(0,$C.downloadCacheStorageSDK)(t,e,i):i.concurrentBlobDownloads?yield(0,$C.downloadCacheHttpClientConcurrent)(t,e,i):yield(0,$C.downloadCacheHttpClient)(t,e):yield(0,$C.downloadCacheHttpClient)(t,e)})}Nr.downloadCache=L0e;function M0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n=UR(),i=qu.getCacheVersion(e,r?.compressionMethod,r?.enableCrossOsArchive),s={key:t,version:i,cacheSize:r?.cacheSize};return yield(0,ha.retryTypedResponse)("reserveCache",()=>Nn(this,void 0,void 0,function*(){return n.postJson(og("caches"),s)}))})}Nr.reserveCache=M0e;function _4(t,e){return`bytes ${t}-${e}/*`}function F0e(t,e,r,n,i){return Nn(this,void 0,void 0,function*(){$n.debug(`Uploading chunk of size ${i-n+1} bytes at offset ${n} with content range: ${_4(n,i)}`);let s={"Content-Type":"application/octet-stream","Content-Range":_4(n,i)},o=yield(0,ha.retryHttpClientResponse)(`uploadChunk (start: ${n}, end: ${i})`,()=>Nn(this,void 0,void 0,function*(){return t.sendStream("PATCH",e,r(),s)}));if(!(0,ha.isSuccessStatusCode)(o.message.statusCode))throw new Error(`Cache service responded with ${o.message.statusCode} during upload chunk.`)})}function U0e(t,e,r,n){return Nn(this,void 0,void 0,function*(){let i=qu.getArchiveFileSizeInBytes(r),s=og(`caches/${e.toString()}`),o=LR.openSync(r,"r"),a=(0,FR.getUploadOptions)(n),A=qu.assertDefined("uploadConcurrency",a.uploadConcurrency),c=qu.assertDefined("uploadChunkSize",a.uploadChunkSize),l=[...new Array(A).keys()];$n.debug("Awaiting all uploads");let u=0;try{yield Promise.all(l.map(()=>Nn(this,void 0,void 0,function*(){for(;u<i;){let d=Math.min(i-u,c),f=u,g=u+d-1;u+=c,yield F0e(t,s,()=>LR.createReadStream(r,{fd:o,start:f,end:g,autoClose:!1}).on("error",m=>{throw new Error(`Cache upload failed because file read failed with ${m.message}`)}),f,g)}})))}finally{LR.closeSync(o)}})}function q0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n={size:r};return yield(0,ha.retryTypedResponse)("commitCache",()=>Nn(this,void 0,void 0,function*(){return t.postJson(og(`caches/${e.toString()}`),n)}))})}function H0e(t,e,r,n){return Nn(this,void 0,void 0,function*(){if((0,FR.getUploadOptions)(n).useAzureSdk){if(!r)throw new Error("Azure Storage SDK can only be used when a signed URL is provided.");yield(0,R0e.uploadCacheArchiveSDK)(r,e,n)}else{let s=UR();$n.debug("Upload cache"),yield U0e(s,t,e,n),$n.debug("Commiting cache");let o=qu.getArchiveFileSizeInBytes(e);$n.info(`Cache Size: ~${Math.round(o/(1024*1024))} MB (${o} B)`);let a=yield q0e(s,t,o);if(!(0,ha.isSuccessStatusCode)(a.statusCode))throw new Error(`Cache service responded with ${a.statusCode} during commit cache.`);$n.info("Cache saved successfully")}})}Nr.saveCache=H0e});var KC=h(Hu=>{"use strict";Object.defineProperty(Hu,"__esModule",{value:!0});Hu.isJsonObject=Hu.typeofJsonValue=void 0;function j0e(t){let e=typeof t;if(e=="object"){if(Array.isArray(t))return"array";if(t===null)return"null"}return e}Hu.typeofJsonValue=j0e;function z0e(t){return t!==null&&typeof t=="object"&&!Array.isArray(t)}Hu.isJsonObject=z0e});var ZC=h(ju=>{"use strict";Object.defineProperty(ju,"__esModule",{value:!0});ju.base64encode=ju.base64decode=void 0;var mo="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".split(""),XC=[];for(let t=0;t<mo.length;t++)XC[mo[t].charCodeAt(0)]=t;XC[45]=mo.indexOf("+");XC[95]=mo.indexOf("/");function G0e(t){let e=t.length*3/4;t[t.length-2]=="="?e-=2:t[t.length-1]=="="&&(e-=1);let r=new Uint8Array(e),n=0,i=0,s,o=0;for(let a=0;a<t.length;a++){if(s=XC[t.charCodeAt(a)],s===void 0)switch(t[a]){case"=":i=0;case`
`:case"\r":case"	":case" ":continue;default:throw Error("invalid base64 string.")}switch(i){case 0:o=s,i=1;break;case 1:r[n++]=o<<2|(s&48)>>4,o=s,i=2;break;case 2:r[n++]=(o&15)<<4|(s&60)>>2,o=s,i=3;break;case 3:r[n++]=(o&3)<<6|s,i=0;break}}if(i==1)throw Error("invalid base64 string.");return r.subarray(0,n)}ju.base64decode=G0e;function Y0e(t){let e="",r=0,n,i=0;for(let s=0;s<t.length;s++)switch(n=t[s],r){case 0:e+=mo[n>>2],i=(n&3)<<4,r=1;break;case 1:e+=mo[i|n>>4],i=(n&15)<<2,r=2;break;case 2:e+=mo[i|n>>6],e+=mo[n&63],r=0;break}return r&&(e+=mo[i],e+="=",r==1&&(e+="=")),e}ju.base64encode=Y0e});var k4=h(eI=>{"use strict";Object.defineProperty(eI,"__esModule",{value:!0});eI.utf8read=void 0;var qR=t=>String.fromCharCode.apply(String,t);function J0e(t){if(t.length<1)return"";let e=0,r=[],n=[],i=0,s,o=t.length;for(;e<o;)s=t[e++],s<128?n[i++]=s:s>191&&s<224?n[i++]=(s&31)<<6|t[e++]&63:s>239&&s<365?(s=((s&7)<<18|(t[e++]&63)<<12|(t[e++]&63)<<6|t[e++]&63)-65536,n[i++]=55296+(s>>10),n[i++]=56320+(s&1023)):n[i++]=(s&15)<<12|(t[e++]&63)<<6|t[e++]&63,i>8191&&(r.push(qR(n)),i=0);return r.length?(i&&r.push(qR(n.slice(0,i))),r.join("")):qR(n.slice(0,i))}eI.utf8read=J0e});var ag=h(Ss=>{"use strict";Object.defineProperty(Ss,"__esModule",{value:!0});Ss.WireType=Ss.mergeBinaryOptions=Ss.UnknownFieldHandler=void 0;var V0e;(function(t){t.symbol=Symbol.for("protobuf-ts/unknown"),t.onRead=(r,n,i,s,o)=>{(e(n)?n[t.symbol]:n[t.symbol]=[]).push({no:i,wireType:s,data:o})},t.onWrite=(r,n,i)=>{for(let{no:s,wireType:o,data:a}of t.list(n))i.tag(s,o).raw(a)},t.list=(r,n)=>{if(e(r)){let i=r[t.symbol];return n?i.filter(s=>s.no==n):i}return[]},t.last=(r,n)=>t.list(r,n).slice(-1)[0];let e=r=>r&&Array.isArray(r[t.symbol])})(V0e=Ss.UnknownFieldHandler||(Ss.UnknownFieldHandler={}));function W0e(t,e){return Object.assign(Object.assign({},t),e)}Ss.mergeBinaryOptions=W0e;var $0e;(function(t){t[t.Varint=0]="Varint",t[t.Bit64=1]="Bit64",t[t.LengthDelimited=2]="LengthDelimited",t[t.StartGroup=3]="StartGroup",t[t.EndGroup=4]="EndGroup",t[t.Bit32=5]="Bit32"})($0e=Ss.WireType||(Ss.WireType={}))});var rI=h(wn=>{"use strict";Object.defineProperty(wn,"__esModule",{value:!0});wn.varint32read=wn.varint32write=wn.int64toString=wn.int64fromString=wn.varint64write=wn.varint64read=void 0;function K0e(){let t=0,e=0;for(let n=0;n<28;n+=7){let i=this.buf[this.pos++];if(t|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}let r=this.buf[this.pos++];if(t|=(r&15)<<28,e=(r&112)>>4,(r&128)==0)return this.assertBounds(),[t,e];for(let n=3;n<=31;n+=7){let i=this.buf[this.pos++];if(e|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}throw new Error("invalid varint")}wn.varint64read=K0e;function X0e(t,e,r){for(let s=0;s<28;s=s+7){let o=t>>>s,a=!(!(o>>>7)&&e==0),A=(a?o|128:o)&255;if(r.push(A),!a)return}let n=t>>>28&15|(e&7)<<4,i=e>>3!=0;if(r.push((i?n|128:n)&255),!!i){for(let s=3;s<31;s=s+7){let o=e>>>s,a=!!(o>>>7),A=(a?o|128:o)&255;if(r.push(A),!a)return}r.push(e>>>31&1)}}wn.varint64write=X0e;var tI=65536*65536;function Z0e(t){let e=t[0]=="-";e&&(t=t.slice(1));let r=1e6,n=0,i=0;function s(o,a){let A=Number(t.slice(o,a));i*=r,n=n*r+A,n>=tI&&(i=i+(n/tI|0),n=n%tI)}return s(-24,-18),s(-18,-12),s(-12,-6),s(-6),[e,n,i]}wn.int64fromString=Z0e;function eNe(t,e){if(e>>>0<=2097151)return""+(tI*e+(t>>>0));let r=t&16777215,n=(t>>>24|e<<8)>>>0&16777215,i=e>>16&65535,s=r+n*6777216+i*6710656,o=n+i*8147497,a=i*2,A=1e7;s>=A&&(o+=Math.floor(s/A),s%=A),o>=A&&(a+=Math.floor(o/A),o%=A);function c(l,u){let d=l?String(l):"";return u?"0000000".slice(d.length)+d:d}return c(a,0)+c(o,a)+c(s,1)}wn.int64toString=eNe;function tNe(t,e){if(t>=0){for(;t>127;)e.push(t&127|128),t=t>>>7;e.push(t)}else{for(let r=0;r<9;r++)e.push(t&127|128),t=t>>7;e.push(1)}}wn.varint32write=tNe;function rNe(){let t=this.buf[this.pos++],e=t&127;if((t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<7,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<14,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<21,(t&128)==0)return this.assertBounds(),e;t=this.buf
`)}};vI.RpcError=h_});var m_=h(_I=>{"use strict";Object.defineProperty(_I,"__esModule",{value:!0});_I.mergeRpcOptions=void 0;var d3=$u();function bwe(t,e){if(!e)return t;let r={};RI(t,r),RI(e,r);for(let n of Object.keys(e)){let i=e[n];switch(n){case"jsonOptions":r.jsonOptions=d3.mergeJsonOptions(t.jsonOptions,r.jsonOptions);break;case"binaryOptions":r.binaryOptions=d3.mergeBinaryOptions(t.binaryOptions,r.binaryOptions);break;case"meta":r.meta={},RI(t.meta,r.meta),RI(e.meta,r.meta);break;case"interceptors":r.interceptors=t.interceptors?t.interceptors.concat(i):i.concat();break}}return r}_I.mergeRpcOptions=bwe;function RI(t,e){if(!t)return;let r=e;for(let[n,i]of Object.entries(t))i instanceof Date?r[n]=new Date(i.getTime()):Array.isArray(i)?r[n]=i.concat():r[n]=i}});var y_=h(PA=>{"use strict";Object.defineProperty(PA,"__esModule",{value:!0});PA.Deferred=PA.DeferredState=void 0;var Rs;(function(t){t[t.PENDING=0]="PENDING",t[t.REJECTED=1]="REJECTED",t[t.RESOLVED=2]="RESOLVED"})(Rs=PA.DeferredState||(PA.DeferredState={}));var p_=class{constructor(e=!0){this._state=Rs.PENDING,this._promise=new Promise((r,n)=>{this._resolve=r,this._reject=n}),e&&this._promise.catch(r=>{})}get state(){return this._state}get promise(){return this._promise}resolve(e){if(this.state!==Rs.PENDING)throw new Error(`cannot resolve ${Rs[this.state].toLowerCase()}`);this._resolve(e),this._state=Rs.RESOLVED}reject(e){if(this.state!==Rs.PENDING)throw new Error(`cannot reject ${Rs[this.state].toLowerCase()}`);this._reject(e),this._state=Rs.REJECTED}resolvePending(e){this._state===Rs.PENDING&&this.resolve(e)}rejectPending(e){this._state===Rs.PENDING&&this.reject(e)}};PA.Deferred=p_});var C_=h(DI=>{"use strict";Object.defineProperty(DI,"__esModule",{value:!0});DI.RpcOutputStreamController=void 0;var f3=y_(),TA=$u(),E_=class{constructor(){this._lis={nxt:[],msg:[],err:[],cmp:[]},this._closed=!1,this._itState={q:[]}}onNext(e){return this.addLis(e,this._lis.nxt)}onMessage(e){return this.addLis(e,this._lis.msg)}onError(e){return this.addLis(e,this._lis.err)}onComplete(e){return this.addLis(e,this._lis.cmp)}addLis(e,r){return r.push(e),()=>{let n=r.indexOf(e);n>=0&&r.splice(n,1)}}clearLis(){for(let e of Object.values(this._lis))e.splice(0,e.length)}get closed(){return this._closed!==!1}notifyNext(e,r,n){TA.assert((e?1:0)+(r?1:0)+(n?1:0)<=1,"only one emission at a time"),e&&this.notifyMessage(e),r&&this.notifyError(r),n&&this.notifyComplete()}notifyMessage(e){TA.assert(!this.closed,"stream is closed"),this.pushIt({value:e,done:!1}),this._lis.msg.forEach(r=>r(e)),this._lis.nxt.forEach(r=>r(e,void 0,!1))}notifyError(e){TA.assert(!this.closed,"stream is closed"),this._closed=e,this.pushIt(e),this._lis.err.forEach(r=>r(e)),this._lis.nxt.forEach(r=>r(void 0,e,!1)),this.clearLis()}notifyComplete(){TA.assert(!this.closed,"stream is closed"),this._closed=!0,this.pushIt({value:null,done:!0}),this._lis.cmp.forEach(e=>e()),this._lis.nxt.forEach(e=>e(void 0,void 0,!0)),this.clearLis()}[Symbol.asyncIterator](){return this._closed===!0?this.pushIt({value:null,done:!0}):this._closed!==!1&&this.pushIt(this._closed),{next:()=>{let e=this._itState;TA.assert(e,"bad state"),TA.assert(!e.p,"iterator contract broken");let r=e.q.shift();return r?"value"in r?Promise.resolve(r):Promise.reject(r):(e.p=new f3.Deferred,e.p.promise)}}}pushIt(e){let r=this._itState;if(r.p){let n=r.p;TA.assert(n.state==f3.DeferredState.PENDING,"iterator contract broken"),"value"in e?n.resolve(e):n.reject(e),delete r.p}else r.q.push(e)}};DI.RpcOutputStreamController=E_});var B_=h(Ku=>{"use strict";var Nwe=Ku&&Ku.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(Ku,"__esModule",{value:!0});Ku.UnaryCall=void 0;var I_=class{constructor(e,r,n,i,s,o,a){this.method=e,this.requestHeaders=r,this.request=n,this.headers=i,this.response=s,this.s
`:case"\r":case"	":case" ":continue;default:throw Error("invalid base64 string.")}switch(i){case 0:o=s,i=1;break;case 1:r[n++]=o<<2|(s&48)>>4,o=s,i=2;break;case 2:r[n++]=(o&15)<<4|(s&60)>>2,o=s,i=3;break;case 3:r[n++]=(o&3)<<6|s,i=0;break}}if(i==1)throw Error("invalid base64 string.");return r.subarray(0,n)}sd.base64decode=Xwe;function Zwe(t){let e="",r=0,n,i=0;for(let s=0;s<t.length;s++)switch(n=t[s],r){case 0:e+=po[n>>2],i=(n&3)<<4,r=1;break;case 1:e+=po[i|n>>4],i=(n&15)<<2,r=2;break;case 2:e+=po[i|n>>6],e+=po[n&63],r=0;break}return r&&(e+=po[i],e+="=",r==1&&(e+="=")),e}sd.base64encode=Zwe});var C3=h(MI=>{"use strict";Object.defineProperty(MI,"__esModule",{value:!0});MI.utf8read=void 0;var __=t=>String.fromCharCode.apply(String,t);function eSe(t){if(t.length<1)return"";let e=0,r=[],n=[],i=0,s,o=t.length;for(;e<o;)s=t[e++],s<128?n[i++]=s:s>191&&s<224?n[i++]=(s&31)<<6|t[e++]&63:s>239&&s<365?(s=((s&7)<<18|(t[e++]&63)<<12|(t[e++]&63)<<6|t[e++]&63)-65536,n[i++]=55296+(s>>10),n[i++]=56320+(s&1023)):n[i++]=(s&15)<<12|(t[e++]&63)<<6|t[e++]&63,i>8191&&(r.push(__(n)),i=0);return r.length?(i&&r.push(__(n.slice(0,i))),r.join("")):__(n.slice(0,i))}MI.utf8read=eSe});var Ig=h(_s=>{"use strict";Object.defineProperty(_s,"__esModule",{value:!0});_s.WireType=_s.mergeBinaryOptions=_s.UnknownFieldHandler=void 0;var tSe;(function(t){t.symbol=Symbol.for("protobuf-ts/unknown"),t.onRead=(r,n,i,s,o)=>{(e(n)?n[t.symbol]:n[t.symbol]=[]).push({no:i,wireType:s,data:o})},t.onWrite=(r,n,i)=>{for(let{no:s,wireType:o,data:a}of t.list(n))i.tag(s,o).raw(a)},t.list=(r,n)=>{if(e(r)){let i=r[t.symbol];return n?i.filter(s=>s.no==n):i}return[]},t.last=(r,n)=>t.list(r,n).slice(-1)[0];let e=r=>r&&Array.isArray(r[t.symbol])})(tSe=_s.UnknownFieldHandler||(_s.UnknownFieldHandler={}));function rSe(t,e){return Object.assign(Object.assign({},t),e)}_s.mergeBinaryOptions=rSe;var nSe;(function(t){t[t.Varint=0]="Varint",t[t.Bit64=1]="Bit64",t[t.LengthDelimited=2]="LengthDelimited",t[t.StartGroup=3]="StartGroup",t[t.EndGroup=4]="EndGroup",t[t.Bit32=5]="Bit32"})(nSe=_s.WireType||(_s.WireType={}))});var UI=h(xn=>{"use strict";Object.defineProperty(xn,"__esModule",{value:!0});xn.varint32read=xn.varint32write=xn.int64toString=xn.int64fromString=xn.varint64write=xn.varint64read=void 0;function iSe(){let t=0,e=0;for(let n=0;n<28;n+=7){let i=this.buf[this.pos++];if(t|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}let r=this.buf[this.pos++];if(t|=(r&15)<<28,e=(r&112)>>4,(r&128)==0)return this.assertBounds(),[t,e];for(let n=3;n<=31;n+=7){let i=this.buf[this.pos++];if(e|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}throw new Error("invalid varint")}xn.varint64read=iSe;function sSe(t,e,r){for(let s=0;s<28;s=s+7){let o=t>>>s,a=!(!(o>>>7)&&e==0),A=(a?o|128:o)&255;if(r.push(A),!a)return}let n=t>>>28&15|(e&7)<<4,i=e>>3!=0;if(r.push((i?n|128:n)&255),!!i){for(let s=3;s<31;s=s+7){let o=e>>>s,a=!!(o>>>7),A=(a?o|128:o)&255;if(r.push(A),!a)return}r.push(e>>>31&1)}}xn.varint64write=sSe;var FI=65536*65536;function oSe(t){let e=t[0]=="-";e&&(t=t.slice(1));let r=1e6,n=0,i=0;function s(o,a){let A=Number(t.slice(o,a));i*=r,n=n*r+A,n>=FI&&(i=i+(n/FI|0),n=n%FI)}return s(-24,-18),s(-18,-12),s(-12,-6),s(-6),[e,n,i]}xn.int64fromString=oSe;function aSe(t,e){if(e>>>0<=2097151)return""+(FI*e+(t>>>0));let r=t&16777215,n=(t>>>24|e<<8)>>>0&16777215,i=e>>16&65535,s=r+n*6777216+i*6710656,o=n+i*8147497,a=i*2,A=1e7;s>=A&&(o+=Math.floor(s/A),s%=A),o>=A&&(a+=Math.floor(o/A),o%=A);function c(l,u){let d=l?String(l):"";return u?"0000000".slice(d.length)+d:d}return c(a,0)+c(o,a)+c(s,1)}xn.int64toString=aSe;function ASe(t,e){if(t>=0){for(;t>127;)e.push(t&127|128),t=t>>>7;e.push(t)}else{for(let r=0;r<9;r++)e.push(t&127|128),t=t>>7;e.push(1)}}xn.varint32write=ASe;function cSe(){let t=this.buf[this.pos++],e=t&127;if((t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<7,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<14,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<21,(t&128)==0)return this.assertBounds(),e;t=this.buf
`));let n=yield pD(r,"create");yield yD(n,t)})}Yr.createTar=Wxe});var CB=h(Yt=>{"use strict";var $xe=Yt&&Yt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Kxe=Yt&&Yt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Tg=Yt&&Yt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&$xe(e,t,r);return Kxe(e,t),e},Id=Yt&&Yt.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(Yt,"__esModule",{value:!0});Yt.saveCache=Yt.restoreCache=Yt.isFeatureAvailable=Yt.FinalizeCacheError=Yt.ReserveCacheError=Yt.ValidationError=void 0;var he=Tg(at()),pB=Tg(require("path")),_t=Tg(fl()),Cd=Tg(D4()),u$=Tg(a$()),yB=VC(),Ba=l$(),EB=oA(),Ri=class t extends Error{constructor(e){super(e),this.name="ValidationError",Object.setPrototypeOf(this,t.prototype)}};Yt.ValidationError=Ri;var MA=class t extends Error{constructor(e){super(e),this.name="ReserveCacheError",Object.setPrototypeOf(this,t.prototype)}};Yt.ReserveCacheError=MA;var Pg=class t extends Error{constructor(e){super(e),this.name="FinalizeCacheError",Object.setPrototypeOf(this,t.prototype)}};Yt.FinalizeCacheError=Pg;function d$(t){if(!t||t.length===0)throw new Ri("Path Validation Error: At least one directory or file path is required")}function ED(t){if(t.length>512)throw new Ri(`Key Validation Error: ${t} cannot be larger than 512 characters.`);if(!/^[^,]*$/.test(t))throw new Ri(`Key Validation Error: ${t} cannot contain commas.`)}function Xxe(){return(0,yB.getCacheServiceVersion)()==="v2"?!!process.env.ACTIONS_RESULTS_URL:!!process.env.ACTIONS_CACHE_URL}Yt.isFeatureAvailable=Xxe;function Zxe(t,e,r,n,i=!1){return Id(this,void 0,void 0,function*(){let s=(0,yB.getCacheServiceVersion)();return he.debug(`Cache service version: ${s}`),d$(t),s==="v2"?yield tve(t,e,r,n,i):yield eve(t,e,r,n,i)})}Yt.restoreCache=Zxe;function eve(t,e,r,n,i=!1){return Id(this,void 0,void 0,function*(){r=r||[];let s=[e,...r];if(he.debug("Resolved Keys:"),he.debug(JSON.stringify(s)),s.length>10)throw new Ri("Key Validation Error: Keys are limited to a maximum of 10.");for(let A of s)ED(A);let o=yield _t.getCompressionMethod(),a="";try{let A=yield Cd.getCacheEntry(s,t,{compressionMethod:o,enableCrossOsArchive:i});if(!A?.archiveLocation)return;if(n?.lookupOnly)return he.info("Lookup only - skipping download"),A.cacheKey;a=pB.join(yield _t.createTempDirectory(),_t.getCacheFileName(o)),he.debug(`Archive Path: ${a}`),yield Cd.downloadCache(A.archiveLocation,a,n),he.isDebug()&&(yield(0,Ba.listTar)(a,o));let c=_t.getArchiveFileSizeInBytes(a);return he.info(`Cache Size: ~${Math.round(c/(1024*1024))} MB (${c} B)`),yield(0,Ba.extractTar)(a,o),he.info("Cache restored successfully"),A.cacheKey}catch(A){let c=A;if(c.name===Ri.name)throw A;c instanceof EB.HttpClientError&&typeof c.statusCode=="number"&&c.statusCode>=500?he.error(`Failed to restore: ${A.message}`):he.warning(`Failed to restore: ${A.message}`)}finally{try{yield _t.unlinkFile(a)}catch(A){he.debug(`Failed to delete archive: ${A}`)}}})}function tve(t,e,r,n,i=!1){return Id(this,void 0,void 0,function*(){n=Object.assign(Object.assign({},n),{useAzureSdk:!0}),r=r||[];let s=[e,...r];if(he.debug("Resolved Keys:"),he.debug(JSON.stringify(s)),s.length>10)throw new Ri("Key Validation Error: Keys are limited to a maximum of 10.");for(let a of s)ED(a);let o="";try{let a=u$.internalCacheTwirpClient(),A=yield _t.getCompressionMethod(),c={key:e,restoreKeys:r,version:_t.getCacheVers
`),e=e.replace(/\r/g,`
`));let i=e.split(`
`).map(s=>s.trim());for(let s of i)!s||s.startsWith("#")||n.patterns.push(new N$.Pattern(s));return n.searchPaths.push(...SB.getSearchPaths(n.patterns)),n})}static stat(e,r,n){return SD(this,void 0,void 0,function*(){let i;if(r.followSymbolicLinks)try{i=yield qg.promises.stat(e.path)}catch(s){if(s.code==="ENOENT"){if(r.omitBrokenSymbolicLinks){xD.debug(`Broken symlink '${e.path}'`);return}throw new Error(`No information found for the path '${e.path}'. This may indicate a broken symbolic link.`)}throw s}else i=yield qg.promises.lstat(e.path);if(i.isDirectory()&&r.followSymbolicLinks){let s=yield qg.promises.realpath(e.path);for(;n.length>=e.level;)n.pop();if(n.some(o=>o===s)){xD.debug(`Symlink cycle detected for path '${e.path}' and realpath '${s}'`);return}n.push(s)}return i})}};Sr.DefaultGlobber=vD});var _$=h(Dn=>{"use strict";var Lve=Dn&&Dn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Mve=Dn&&Dn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Bd=Dn&&Dn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&Lve(e,t,r);return Mve(e,t),e},Fve=Dn&&Dn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})},Uve=Dn&&Dn.__asyncValues||function(t){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var e=t[Symbol.asyncIterator],r;return e?e.call(t):(t=typeof __values=="function"?__values(t):t[Symbol.iterator](),r={},n("next"),n("throw"),n("return"),r[Symbol.asyncIterator]=function(){return this},r);function n(s){r[s]=t[s]&&function(o){return new Promise(function(a,A){o=t[s](o),i(a,A,o.done,o.value)})}}function i(s,o,a,A){Promise.resolve(A).then(function(c){s({value:c,done:a})},o)}};Object.defineProperty(Dn,"__esModule",{value:!0});Dn.hashFiles=void 0;var x$=Bd(require("crypto")),v$=Bd(at()),R$=Bd(require("fs")),qve=Bd(require("stream")),Hve=Bd(require("util")),jve=Bd(require("path"));function zve(t,e,r=!1){var n,i,s,o,a;return Fve(this,void 0,void 0,function*(){let A=r?v$.info:v$.debug,c=!1,l=e||((a=process.env.GITHUB_WORKSPACE)!==null&&a!==void 0?a:process.cwd()),u=x$.createHash("sha256"),d=0;try{for(var f=!0,g=Uve(t.globGenerator()),m;m=yield g.next(),n=m.done,!n;f=!0){o=m.value,f=!1;let E=o;if(A(E),!E.startsWith(`${l}${jve.sep}`)){A(`Ignore '${E}' since it is not under GITHUB_WORKSPACE.`);continue}if(R$.statSync(E).isDirectory()){A(`Skip directory '${E}'.`);continue}let C=x$.createHash("sha256");yield Hve.promisify(qve.pipeline)(R$.createReadStream(E),C),u.write(C.digest()),d++,c||(c=!0)}}catch(E){i={error:E}}finally{try{!f&&!n&&(s=g.return)&&(yield s.call(g))}finally{if(i)throw i.error}}return u.end(),c?(A(`Found ${d} files to hash.`),u.digest("hex")):(A("No matches found for glob"),"")})}Dn.hashFiles=zve});var P$=h(wa=>{"use strict";var D$=wa&&wa.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(wa,"__esModule",{value:!0});wa.hashFiles=wa.create=void 0;var Gve=S$(),Yve=_$();function k$(t,e){return D$(this,void 0,void 0,function*(){return yield Gve.DefaultGlobber.create(t,e)})}wa.create=k$;function Jve(t,e="",r,n=!1){return D$(this,void 0,void 0,function*(){let i=!0;r&&typeof r.followSymbolicLinks=="boolean"&&(i=r.followSymbolic
`).map(Kve).filter(Boolean)};function Kve(t,e){if(!t||!t.length||t.charAt(0)==="#")return null;var r=t.split(":");return{username:r[0],password:r[1],uid:r[2],gid:r[3],gecos:r[4],homedir:r[5],shell:r[6]}}});var W$=h((R2e,V$)=>{"use strict";var Xve=require("fs"),Zve=J$();function eRe(){if(process.platform==="win32")return process.env.USERPROFILE?process.env.USERPROFILE:process.env.HOMEDRIVE&&process.env.HOMEPATH?process.env.HOMEDRIVE+process.env.HOMEPATH:process.env.HOME?process.env.HOME:null;if(process.env.HOME)return process.env.HOME;var t=nRe("/etc/passwd"),e=tRe(Zve(t),rRe());if(e)return e;var r=process.env.LOGNAME||process.env.USER||process.env.LNAME||process.env.USERNAME;return r?process.platform==="darwin"?"/Users/"+r:"/home/"+r:null}function tRe(t,e){for(var r=t.length,n=0;n<r;n++)if(+t[n].uid===e)return t[n].homedir}function rRe(){return typeof process.geteuid=="function"?process.geteuid():process.getuid()}function nRe(t){try{return Xve.readFileSync(t,"utf8")}catch{return""}}V$.exports=eRe});var K$=h((_2e,RD)=>{"use strict";var $$=require("os");typeof $$.homedir<"u"?RD.exports=$$.homedir:RD.exports=W$()});var eK=h((D2e,Z$)=>{var iRe=K$(),X$=require("path");Z$.exports=function(e){var r=iRe();return e.charCodeAt(0)===126?e.charCodeAt(1)===43?X$.join(process.cwd(),e.slice(2)):r?X$.join(r,e.slice(1)):e:e}});var He=h(Tr=>{"use strict";var _D=Symbol.for("yaml.alias"),tK=Symbol.for("yaml.document"),xB=Symbol.for("yaml.map"),rK=Symbol.for("yaml.pair"),DD=Symbol.for("yaml.scalar"),vB=Symbol.for("yaml.seq"),Io=Symbol.for("yaml.node.type"),sRe=t=>!!t&&typeof t=="object"&&t[Io]===_D,oRe=t=>!!t&&typeof t=="object"&&t[Io]===tK,aRe=t=>!!t&&typeof t=="object"&&t[Io]===xB,ARe=t=>!!t&&typeof t=="object"&&t[Io]===rK,nK=t=>!!t&&typeof t=="object"&&t[Io]===DD,cRe=t=>!!t&&typeof t=="object"&&t[Io]===vB;function iK(t){if(t&&typeof t=="object")switch(t[Io]){case xB:case vB:return!0}return!1}function lRe(t){if(t&&typeof t=="object")switch(t[Io]){case _D:case xB:case DD:case vB:return!0}return!1}var uRe=t=>(nK(t)||iK(t))&&!!t.anchor;Tr.ALIAS=_D;Tr.DOC=tK;Tr.MAP=xB;Tr.NODE_TYPE=Io;Tr.PAIR=rK;Tr.SCALAR=DD;Tr.SEQ=vB;Tr.hasAnchor=uRe;Tr.isAlias=sRe;Tr.isCollection=iK;Tr.isDocument=oRe;Tr.isMap=aRe;Tr.isNode=lRe;Tr.isPair=ARe;Tr.isScalar=nK;Tr.isSeq=cRe});var jg=h(kD=>{"use strict";var dr=He(),kn=Symbol("break visit"),sK=Symbol("skip children"),Ps=Symbol("remove node");function RB(t,e){let r=oK(e);dr.isDocument(t)?bd(null,t.contents,r,Object.freeze([t]))===Ps&&(t.contents=null):bd(null,t,r,Object.freeze([]))}RB.BREAK=kn;RB.SKIP=sK;RB.REMOVE=Ps;function bd(t,e,r,n){let i=aK(t,e,r,n);if(dr.isNode(i)||dr.isPair(i))return AK(t,n,i),bd(t,i,r,n);if(typeof i!="symbol"){if(dr.isCollection(e)){n=Object.freeze(n.concat(e));for(let s=0;s<e.items.length;++s){let o=bd(s,e.items[s],r,n);if(typeof o=="number")s=o-1;else{if(o===kn)return kn;o===Ps&&(e.items.splice(s,1),s-=1)}}}else if(dr.isPair(e)){n=Object.freeze(n.concat(e));let s=bd("key",e.key,r,n);if(s===kn)return kn;s===Ps&&(e.key=null);let o=bd("value",e.value,r,n);if(o===kn)return kn;o===Ps&&(e.value=null)}}return i}async function _B(t,e){let r=oK(e);dr.isDocument(t)?await Nd(null,t.contents,r,Object.freeze([t]))===Ps&&(t.contents=null):await Nd(null,t,r,Object.freeze([]))}_B.BREAK=kn;_B.SKIP=sK;_B.REMOVE=Ps;async function Nd(t,e,r,n){let i=await aK(t,e,r,n);if(dr.isNode(i)||dr.isPair(i))return AK(t,n,i),Nd(t,i,r,n);if(typeof i!="symbol"){if(dr.isCollection(e)){n=Object.freeze(n.concat(e));for(let s=0;s<e.items.length;++s){let o=await Nd(s,e.items[s],r,n);if(typeof o=="number")s=o-1;else{if(o===kn)return kn;o===Ps&&(e.items.splice(s,1),s-=1)}}}else if(dr.isPair(e)){n=Object.freeze(n.concat(e));let s=await Nd("key",e.key,r,n);if(s===kn)return kn;s===Ps&&(e.key=null);let o=await Nd("value",e.value,r,n);if(o===kn)return kn;o===Ps&&(e.value=null)}}return i}function oK(t){return typeof t=="object"&&(t.Collection||t.Node||t.Value)?Object.assign({Alias:t.Node,Map:t.Node,Scalar:t.Node,Seq:t.Node},t.Value&&{Map:t.Value,Scalar:t.Value,Seq:t.Value},t.Collection&&{Map:t.Collection,Seq:t.Collection},t):t}function 
`)}};zg.defaultYaml={explicit:!1,version:"1.2"};zg.defaultTags={"!!":"tag:yaml.org,2002:"};lK.Directives=zg});var DB=h(Gg=>{"use strict";var uK=He(),gRe=jg();function mRe(t){if(/[\x00-\x19\s,[\]{}]/.test(t)){let r=`Anchor must not contain whitespace or control characters: ${JSON.stringify(t)}`;throw new Error(r)}return!0}function dK(t){let e=new Set;return gRe.visit(t,{Value(r,n){n.anchor&&e.add(n.anchor)}}),e}function fK(t,e){for(let r=1;;++r){let n=`${t}${r}`;if(!e.has(n))return n}}function pRe(t,e){let r=[],n=new Map,i=null;return{onAnchor:s=>{r.push(s),i||(i=dK(t));let o=fK(e,i);return i.add(o),o},setAnchors:()=>{for(let s of r){let o=n.get(s);if(typeof o=="object"&&o.anchor&&(uK.isScalar(o.node)||uK.isCollection(o.node)))o.node.anchor=o.anchor;else{let a=new Error("Failed to resolve repeated object (this should not happen)");throw a.source=s,a}}},sourceObjects:n}}Gg.anchorIsValid=mRe;Gg.anchorNames=dK;Gg.createNodeAnchors=pRe;Gg.findNewAnchor=fK});var TD=h(hK=>{"use strict";function Yg(t,e,r,n){if(n&&typeof n=="object")if(Array.isArray(n))for(let i=0,s=n.length;i<s;++i){let o=n[i],a=Yg(t,n,String(i),o);a===void 0?delete n[i]:a!==o&&(n[i]=a)}else if(n instanceof Map)for(let i of Array.from(n.keys())){let s=n.get(i),o=Yg(t,n,i,s);o===void 0?n.delete(i):o!==s&&n.set(i,o)}else if(n instanceof Set)for(let i of Array.from(n)){let s=Yg(t,n,i,i);s===void 0?n.delete(i):s!==i&&(n.delete(i),n.add(s))}else for(let[i,s]of Object.entries(n)){let o=Yg(t,n,i,s);o===void 0?delete n[i]:o!==s&&(n[i]=o)}return t.call(e,r,n)}hK.applyReviver=Yg});var Sa=h(mK=>{"use strict";var yRe=He();function gK(t,e,r){if(Array.isArray(t))return t.map((n,i)=>gK(n,String(i),r));if(t&&typeof t.toJSON=="function"){if(!r||!yRe.hasAnchor(t))return t.toJSON(e,r);let n={aliasCount:0,count:1,res:void 0};r.anchors.set(t,n),r.onCreate=s=>{n.res=s,delete r.onCreate};let i=t.toJSON(e,r);return r.onCreate&&r.onCreate(i),i}return typeof t=="bigint"&&!r?.keep?Number(t):t}mK.toJS=gK});var kB=h(yK=>{"use strict";var ERe=TD(),pK=He(),CRe=Sa(),OD=class{constructor(e){Object.defineProperty(this,pK.NODE_TYPE,{value:e})}clone(){let e=Object.create(Object.getPrototypeOf(this),Object.getOwnPropertyDescriptors(this));return this.range&&(e.range=this.range.slice()),e}toJS(e,{mapAsMap:r,maxAliasCount:n,onAnchor:i,reviver:s}={}){if(!pK.isDocument(e))throw new TypeError("A document argument is required");let o={anchors:new Map,doc:e,keep:!0,mapAsMap:r===!0,mapKeyWarned:!1,maxAliasCount:typeof n=="number"?n:100},a=CRe.toJS(this,"",o);if(typeof i=="function")for(let{count:A,res:c}of o.anchors.values())i(c,A);return typeof s=="function"?ERe.applyReviver(s,{"":a},"",a):a}};yK.NodeBase=OD});var Jg=h(CK=>{"use strict";var IRe=DB(),EK=jg(),PB=He(),BRe=kB(),QRe=Sa(),LD=class extends BRe.NodeBase{constructor(e){super(PB.ALIAS),this.source=e,Object.defineProperty(this,"tag",{set(){throw new Error("Alias nodes cannot have tags")}})}resolve(e){let r;return EK.visit(e,{Node:(n,i)=>{if(i===this)return EK.visit.BREAK;i.anchor===this.source&&(r=i)}}),r}toJSON(e,r){if(!r)return{source:this.source};let{anchors:n,doc:i,maxAliasCount:s}=r,o=this.resolve(i);if(!o){let A=`Unresolved alias (the anchor must be set before the alias): ${this.source}`;throw new ReferenceError(A)}let a=n.get(o);if(a||(QRe.toJS(o,null,r),a=n.get(o)),!a||a.res===void 0){let A="This should not happen: Alias anchor was not resolved?";throw new ReferenceError(A)}if(s>=0&&(a.count+=1,a.aliasCount===0&&(a.aliasCount=TB(i,o,n)),a.count*a.aliasCount>s)){let A="Excessive alias count indicates a resource exhaustion attack";throw new ReferenceError(A)}return a.res}toString(e,r,n){let i=`*${this.source}`;if(e){if(IRe.anchorIsValid(this.source),e.options.verifyAliasOrder&&!e.anchors.has(this.source)){let s=`Unresolved alias (the anchor must be set before the alias): ${this.source}`;throw new Error(s)}if(e.implicitKey)return`${i} `}return i}};function TB(t,e,r){if(PB.isAlias(e)){let n=e.resolve(t),i=r&&n&&r.get(n);return i?i.count*i.aliasCount:0}else if(PB.isCollection(e)){let n=0;for(let i of e.items){let s=TB(t,i,r);s>n&&(n=s)}return n}
`)?qD(r,e):r.includes(`
`)?`
`+qD(r,e):(t.endsWith(" ")?"":" ")+r;MB.indentComment=qD;MB.lineComment=TRe;MB.stringifyComment=PRe});var NK=h($g=>{"use strict";var ORe="flow",HD="block",FB="quoted";function LRe(t,e,r="flow",{indentAtStart:n,lineWidth:i=80,minContentWidth:s=20,onFold:o,onOverflow:a}={}){if(!i||i<0)return t;i<s&&(s=0);let A=Math.max(1+s,1+i-e.length);if(t.length<=A)return t;let c=[],l={},u=i-e.length;typeof n=="number"&&(n>i-Math.max(2,s)?c.push(0):u=i-n);let d,f,g=!1,m=-1,E=-1,C=-1;r===HD&&(m=bK(t,m,e.length),m!==-1&&(u=m+A));for(let N;N=t[m+=1];){if(r===FB&&N==="\\"){switch(E=m,t[m+1]){case"x":m+=3;break;case"u":m+=5;break;case"U":m+=9;break;default:m+=1}C=m}if(N===`
`)r===HD&&(m=bK(t,m,e.length)),u=m+e.length+A,d=void 0;else{if(N===" "&&f&&f!==" "&&f!==`
`&&f!=="	"){let w=t[m+1];w&&w!==" "&&w!==`
`&&w!=="	"&&(d=m)}if(m>=u)if(d)c.push(d),u=d+A,d=void 0;else if(r===FB){for(;f===" "||f==="	";)f=N,N=t[m+=1],g=!0;let w=m>C+1?m-2:E-1;if(l[w])return t;c.push(w),l[w]=!0,u=w+A,d=void 0}else g=!0}f=N}if(g&&a&&a(),c.length===0)return t;o&&o();let I=t.slice(0,c[0]);for(let N=0;N<c.length;++N){let w=c[N],R=c[N+1]||t.length;w===0?I=`
${e}${t.slice(0,R)}`:(r===FB&&l[w]&&(I+=`${t[w]}\\`),I+=`
${e}${t.slice(w+1,R)}`)}return I}function bK(t,e,r){let n=e,i=e+1,s=t[i];for(;s===" "||s==="	";)if(e<i+r)s=t[++e];else{do s=t[++e];while(s&&s!==`
`);n=e,i=e+1,s=t[i]}return n}$g.FOLD_BLOCK=HD;$g.FOLD_FLOW=ORe;$g.FOLD_QUOTED=FB;$g.foldFlowLines=LRe});var Xg=h(wK=>{"use strict";var ts=sr(),va=NK(),qB=(t,e)=>({indentAtStart:e?t.indent.length:t.indentAtStart,lineWidth:t.options.lineWidth,minContentWidth:t.options.minContentWidth}),HB=t=>/^(%|---|\.\.\.)/m.test(t);function MRe(t,e,r){if(!e||e<0)return!1;let n=e-r,i=t.length;if(i<=n)return!1;for(let s=0,o=0;s<i;++s)if(t[s]===`
`){if(s-o>n)return!0;if(o=s+1,i-o<=n)return!1}return!0}function Kg(t,e){let r=JSON.stringify(t);if(e.options.doubleQuotedAsJSON)return r;let{implicitKey:n}=e,i=e.options.doubleQuotedMinMultiLineLength,s=e.indent||(HB(t)?"  ":""),o="",a=0;for(let A=0,c=r[A];c;c=r[++A])if(c===" "&&r[A+1]==="\\"&&r[A+2]==="n"&&(o+=r.slice(a,A)+"\\ ",A+=1,a=A,c="\\"),c==="\\")switch(r[A+1]){case"u":{o+=r.slice(a,A);let l=r.substr(A+2,4);switch(l){case"0000":o+="\\0";break;case"0007":o+="\\a";break;case"000b":o+="\\v";break;case"001b":o+="\\e";break;case"0085":o+="\\N";break;case"00a0":o+="\\_";break;case"2028":o+="\\L";break;case"2029":o+="\\P";break;default:l.substr(0,2)==="00"?o+="\\x"+l.substr(2):o+=r.substr(A,6)}A+=5,a=A+1}break;case"n":if(n||r[A+2]==='"'||r.length<i)A+=1;else{for(o+=r.slice(a,A)+`

`;r[A+2]==="\\"&&r[A+3]==="n"&&r[A+4]!=='"';)o+=`
`,A+=2;o+=s,r[A+2]===" "&&(o+="\\"),A+=1,a=A+1}break;default:A+=1}return o=a?o+r.slice(a):r,n?o:va.foldFlowLines(o,s,va.FOLD_QUOTED,qB(e,!1))}function jD(t,e){if(e.options.singleQuote===!1||e.implicitKey&&t.includes(`
`)||/[ \t]\n|\n[ \t]/.test(t))return Kg(t,e);let r=e.indent||(HB(t)?"  ":""),n="'"+t.replace(/'/g,"''").replace(/\n+/g,`$&
${r}`)+"'";return e.implicitKey?n:va.foldFlowLines(n,r,va.FOLD_FLOW,qB(e,!1))}function wd(t,e){let{singleQuote:r}=e.options,n;if(r===!1)n=Kg;else{let i=t.includes('"'),s=t.includes("'");i&&!s?n=jD:s&&!i?n=Kg:n=r?jD:Kg}return n(t,e)}var zD;try{zD=new RegExp(`(^|(?<!
))
+(?!
|$)`,"g")}catch{zD=/\n+(?!\n|$)/g}function UB({comment:t,type:e,value:r},n,i,s){let{blockQuote:o,commentString:a,lineWidth:A}=n.options;if(!o||/\n[\t ]+$/.test(r)||/^\s*$/.test(r))return wd(r,n);let c=n.indent||(n.forceBlockIndent||HB(r)?"  ":""),l=o==="literal"?!0:o==="folded"||e===ts.Scalar.BLOCK_FOLDED?!1:e===ts.Scalar.BLOCK_LITERAL?!0:!MRe(r,A,c.length);if(!r)return l?`|
`:`>
`;let u,d;for(d=r.length;d>0;--d){let R=r[d-1];if(R!==`
`&&R!=="	"&&R!==" ")break}let f=r.substring(d),g=f.indexOf(`
`);g===-1?u="-":r===f||g!==f.length-1?(u="+",s&&s()):u="",f&&(r=r.slice(0,-f.length),f[f.length-1]===`
`&&(f=f.slice(0,-1)),f=f.replace(zD,`$&${c}`));let m=!1,E,C=-1;for(E=0;E<r.length;++E){let R=r[E];if(R===" ")m=!0;else if(R===`
`)C=E;else break}let I=r.substring(0,C<E?C+1:E);I&&(r=r.substring(I.length),I=I.replace(/\n+/g,`$&${c}`));let w=(m?c?"2":"1":"")+u;if(t&&(w+=" "+a(t.replace(/ ?[\r\n]+/g," ")),i&&i()),!l){let R=r.replace(/\n+/g,`
$&`).replace(/(?:^|\n)([\t ].*)(?:([\n\t ]*)\n(?![\n\t ]))?/g,"$1$2").replace(/\n+/g,`$&${c}`),T=!1,U=qB(n,!0);o!=="folded"&&e!==ts.Scalar.BLOCK_FOLDED&&(U.onOverflow=()=>{T=!0});let k=va.foldFlowLines(`${I}${R}${f}`,c,va.FOLD_BLOCK,U);if(!T)return`>${w}
${c}${k}`}return r=r.replace(/\n+/g,`$&${c}`),`|${w}
${c}${I}${r}${f}`}function FRe(t,e,r,n){let{type:i,value:s}=t,{actualString:o,implicitKey:a,indent:A,indentStep:c,inFlow:l}=e;if(a&&s.includes(`
`)||l&&/[[\]{},]/.test(s))return wd(s,e);if(!s||/^[\n\t ,[\]{}#&*!|>'"%@`]|^[?-]$|^[?-][ \t]|[\n:][ \t]|[ \t]\n|[\n\t ]#|[\n\t :]$/.test(s))return a||l||!s.includes(`
`)?wd(s,e):UB(t,e,r,n);if(!a&&!l&&i!==ts.Scalar.PLAIN&&s.includes(`
`))return UB(t,e,r,n);if(HB(s)){if(A==="")return e.forceBlockIndent=!0,UB(t,e,r,n);if(a&&A===c)return wd(s,e)}let u=s.replace(/\n+/g,`$&
${A}`);if(o){let d=m=>m.default&&m.tag!=="tag:yaml.org,2002:str"&&m.test?.test(u),{compat:f,tags:g}=e.doc.schema;if(g.some(d)||f?.some(d))return wd(s,e)}return a?u:va.foldFlowLines(u,A,va.FOLD_FLOW,qB(e,!1))}function URe(t,e,r,n){let{implicitKey:i,inFlow:s}=e,o=typeof t.value=="string"?t:Object.assign({},t,{value:String(t.value)}),{type:a}=t;a!==ts.Scalar.QUOTE_DOUBLE&&/[\x00-\x08\x0b-\x1f\x7f-\x9f\u{D800}-\u{DFFF}]/u.test(o.value)&&(a=ts.Scalar.QUOTE_DOUBLE);let A=l=>{switch(l){case ts.Scalar.BLOCK_FOLDED:case ts.Scalar.BLOCK_LITERAL:return i||s?wd(o.value,e):UB(o,e,r,n);case ts.Scalar.QUOTE_DOUBLE:return Kg(o.value,e);case ts.Scalar.QUOTE_SINGLE:return jD(o.value,e);case ts.Scalar.PLAIN:return FRe(o,e,r,n);default:return null}},c=A(a);if(c===null){let{defaultKeyType:l,defaultStringType:u}=e.options,d=i&&l||u;if(c=A(d),c===null)throw new Error(`Unsupported default string type ${d}`)}return c}wK.stringifyString=URe});var Zg=h(GD=>{"use strict";var qRe=DB(),Ra=He(),HRe=Wg(),jRe=Xg();function zRe(t,e){let r=Object.assign({blockQuote:!0,commentString:HRe.stringifyComment,defaultKeyType:null,defaultStringType:"PLAIN",directives:null,doubleQuotedAsJSON:!1,doubleQuotedMinMultiLineLength:40,falseStr:"false",flowCollectionPadding:!0,indentSeq:!0,lineWidth:80,minContentWidth:20,nullStr:"null",simpleKeys:!1,singleQuote:null,trueStr:"true",verifyAliasOrder:!0},t.schema.toStringOptions,e),n;switch(r.collectionStyle){case"block":n=!1;break;case"flow":n=!0;break;default:n=null}return{anchors:new Set,doc:t,flowCollectionPadding:r.flowCollectionPadding?" ":"",indent:"",indentStep:typeof r.indent=="number"?" ".repeat(r.indent):"  ",inFlow:n,options:r}}function GRe(t,e){if(e.tag){let i=t.filter(s=>s.tag===e.tag);if(i.length>0)return i.find(s=>s.format===e.format)??i[0]}let r,n;if(Ra.isScalar(e)){n=e.value;let i=t.filter(s=>s.identify?.(n));if(i.length>1){let s=i.filter(o=>o.test);s.length>0&&(i=s)}r=i.find(s=>s.format===e.format)??i.find(s=>!s.format)}else n=e,r=t.find(i=>i.nodeClass&&n instanceof i.nodeClass);if(!r){let i=n?.constructor?.name??typeof n;throw new Error(`Tag not resolved for ${i} value`)}return r}function YRe(t,e,{anchors:r,doc:n}){if(!n.directives)return"";let i=[],s=(Ra.isScalar(t)||Ra.isCollection(t))&&t.anchor;s&&qRe.anchorIsValid(s)&&(r.add(s),i.push(`&${s}`));let o=t.tag?t.tag:e.default?null:e.tag;return o&&i.push(n.directives.tagString(o)),i.join(" ")}function JRe(t,e,r,n){if(Ra.isPair(t))return t.toString(e,r,n);if(Ra.isAlias(t)){if(e.doc.directives)return t.toString(e);if(e.resolvedAliases?.has(t))throw new TypeError("Cannot stringify circular structure without alias nodes");e.resolvedAliases?e.resolvedAliases.add(t):e.resolvedAliases=new Set([t]),t=t.resolve(e.doc)}let i,s=Ra.isNode(t)?t:e.doc.createNode(t,{onTagObj:A=>i=A});i||(i=GRe(e.doc.schema.tags,s));let o=YRe(s,i,e);o.length>0&&(e.indentAtStart=(e.indentAtStart??0)+o.length+1);let a=typeof i.stringify=="function"?i.stringify(s,e,r,n):Ra.isScalar(s)?jRe.stringifyString(s,e,r,n):s.toString(e,r,n);return o?Ra.isScalar(s)||a[0]==="{"||a[0]==="["?`${o} ${a}`:`${o}
${e.indent}${a}`:a}GD.createStringifyContext=zRe;GD.stringify=JRe});var RK=h(vK=>{"use strict";var Bo=He(),SK=sr(),xK=Zg(),em=Wg();function VRe({key:t,value:e},r,n,i){let{allNullValues:s,doc:o,indent:a,indentStep:A,options:{commentString:c,indentSeq:l,simpleKeys:u}}=r,d=Bo.isNode(t)&&t.comment||null;if(u){if(d)throw new Error("With simple keys, key nodes cannot have comments");if(Bo.isCollection(t)||!Bo.isNode(t)&&typeof t=="object"){let U="With simple keys, collection cannot be used as a key value";throw new Error(U)}}let f=!u&&(!t||d&&e==null&&!r.inFlow||Bo.isCollection(t)||(Bo.isScalar(t)?t.type===SK.Scalar.BLOCK_FOLDED||t.type===SK.Scalar.BLOCK_LITERAL:typeof t=="object"));r=Object.assign({},r,{allNullValues:!1,implicitKey:!f&&(u||!s),indent:a+A});let g=!1,m=!1,E=xK.stringify(t,r,()=>g=!0,()=>m=!0);if(!f&&!r.inFlow&&E.length>1024){if(u)throw new Error("With simple keys, single line scalar must not span more than 1024 characters");f=!0}if(r.inFlow){if(s||e==null)return g&&n&&n(),E===""?"?":f?`? ${E}`:E}else if(s&&!u||e==null&&f)return E=`? ${E}`,d&&!g?E+=em.lineComment(E,r.indent,c(d)):m&&i&&i(),E;g&&(d=null),f?(d&&(E+=em.lineComment(E,r.indent,c(d))),E=`? ${E}
${a}:`):(E=`${E}:`,d&&(E+=em.lineComment(E,r.indent,c(d))));let C,I,N;Bo.isNode(e)?(C=!!e.spaceBefore,I=e.commentBefore,N=e.comment):(C=!1,I=null,N=null,e&&typeof e=="object"&&(e=o.createNode(e))),r.implicitKey=!1,!f&&!d&&Bo.isScalar(e)&&(r.indentAtStart=E.length+1),m=!1,!l&&A.length>=2&&!r.inFlow&&!f&&Bo.isSeq(e)&&!e.flow&&!e.tag&&!e.anchor&&(r.indent=r.indent.substring(2));let w=!1,R=xK.stringify(e,r,()=>w=!0,()=>m=!0),T=" ";if(d||C||I){if(T=C?`
`:"",I){let U=c(I);T+=`
${em.indentComment(U,r.indent)}`}R===""&&!r.inFlow?T===`
`&&(T=`

`):T+=`
${r.indent}`}else if(!f&&Bo.isCollection(e)){let U=R[0],k=R.indexOf(`
`),J=k!==-1,be=r.inFlow??e.flow??e.items.length===0;if(J||!be){let ve=!1;if(J&&(U==="&"||U==="!")){let H=R.indexOf(" ");U==="&"&&H!==-1&&H<k&&R[H+1]==="!"&&(H=R.indexOf(" ",H+1)),(H===-1||k<H)&&(ve=!0)}ve||(T=`
${r.indent}`)}}else(R===""||R[0]===`
`)&&(T="");return E+=T+R,r.inFlow?w&&n&&n():N&&!w?E+=em.lineComment(E,r.indent,c(N)):m&&i&&i(),E}vK.stringifyPair=VRe});var JD=h(YD=>{"use strict";var _K=require("node:process");function WRe(t,...e){t==="debug"&&console.log(...e)}function $Re(t,e){(t==="debug"||t==="warn")&&(typeof _K.emitWarning=="function"?_K.emitWarning(e):console.warn(e))}YD.debug=WRe;YD.warn=$Re});var YB=h(GB=>{"use strict";var tm=He(),DK=sr(),jB="<<",zB={identify:t=>t===jB||typeof t=="symbol"&&t.description===jB,default:"key",tag:"tag:yaml.org,2002:merge",test:/^<<$/,resolve:()=>Object.assign(new DK.Scalar(Symbol(jB)),{addToJSMap:kK}),stringify:()=>jB},KRe=(t,e)=>(zB.identify(e)||tm.isScalar(e)&&(!e.type||e.type===DK.Scalar.PLAIN)&&zB.identify(e.value))&&t?.doc.schema.tags.some(r=>r.tag===zB.tag&&r.default);function kK(t,e,r){if(r=t&&tm.isAlias(r)?r.resolve(t.doc):r,tm.isSeq(r))for(let n of r.items)VD(t,e,n);else if(Array.isArray(r))for(let n of r)VD(t,e,n);else VD(t,e,r)}function VD(t,e,r){let n=t&&tm.isAlias(r)?r.resolve(t.doc):r;if(!tm.isMap(n))throw new Error("Merge sources must be maps or map aliases");let i=n.toJSON(null,t,Map);for(let[s,o]of i)e instanceof Map?e.has(s)||e.set(s,o):e instanceof Set?e.add(s):Object.prototype.hasOwnProperty.call(e,s)||Object.defineProperty(e,s,{value:o,writable:!0,enumerable:!0,configurable:!0});return e}GB.addMergeToJSMap=kK;GB.isMergeKey=KRe;GB.merge=zB});var $D=h(OK=>{"use strict";var XRe=JD(),PK=YB(),ZRe=Zg(),TK=He(),WD=Sa();function e_e(t,e,{key:r,value:n}){if(TK.isNode(r)&&r.addToJSMap)r.addToJSMap(t,e,n);else if(PK.isMergeKey(t,r))PK.addMergeToJSMap(t,e,n);else{let i=WD.toJS(r,"",t);if(e instanceof Map)e.set(i,WD.toJS(n,i,t));else if(e instanceof Set)e.add(i);else{let s=t_e(r,i,t),o=WD.toJS(n,s,t);s in e?Object.defineProperty(e,s,{value:o,writable:!0,enumerable:!0,configurable:!0}):e[s]=o}}return e}function t_e(t,e,r){if(e===null)return"";if(typeof e!="object")return String(e);if(TK.isNode(t)&&r?.doc){let n=ZRe.createStringifyContext(r.doc,{});n.anchors=new Set;for(let s of r.anchors.keys())n.anchors.add(s.anchor);n.inFlow=!0,n.inStringifyKey=!0;let i=t.toString(n);if(!r.mapKeyWarned){let s=JSON.stringify(i);s.length>40&&(s=s.substring(0,36)+'..."'),XRe.warn(r.doc.options.logLevel,`Keys with collection values will be stringified due to JS Object restrictions: ${s}. Set mapAsMap: true to use object keys.`),r.mapKeyWarned=!0}return i}return JSON.stringify(e)}OK.addPairToJSMap=e_e});var _a=h(KD=>{"use strict";var LK=Vg(),r_e=RK(),n_e=$D(),JB=He();function i_e(t,e,r){let n=LK.createNode(t,void 0,r),i=LK.createNode(e,void 0,r);return new VB(n,i)}var VB=class t{constructor(e,r=null){Object.defineProperty(this,JB.NODE_TYPE,{value:JB.PAIR}),this.key=e,this.value=r}clone(e){let{key:r,value:n}=this;return JB.isNode(r)&&(r=r.clone(e)),JB.isNode(n)&&(n=n.clone(e)),new t(r,n)}toJSON(e,r){let n=r?.mapAsMap?new Map:{};return n_e.addPairToJSMap(r,n,this)}toString(e,r,n){return e?.doc?r_e.stringifyPair(this,e,r,n):JSON.stringify(this)}};KD.Pair=VB;KD.createPair=i_e});var XD=h(FK=>{"use strict";var jA=He(),MK=Zg(),WB=Wg();function s_e(t,e,r){return(e.inFlow??t.flow?a_e:o_e)(t,e,r)}function o_e({comment:t,items:e},r,{blockItemPrefix:n,flowChars:i,itemIndent:s,onChompKeep:o,onComment:a}){let{indent:A,options:{commentString:c}}=r,l=Object.assign({},r,{indent:s,type:null}),u=!1,d=[];for(let g=0;g<e.length;++g){let m=e[g],E=null;if(jA.isNode(m))!u&&m.spaceBefore&&d.push(""),$B(r,d,m.commentBefore,u),m.comment&&(E=m.comment);else if(jA.isPair(m)){let I=jA.isNode(m.key)?m.key:null;I&&(!u&&I.spaceBefore&&d.push(""),$B(r,d,I.commentBefore,u))}u=!1;let C=MK.stringify(m,l,()=>E=null,()=>u=!0);E&&(C+=WB.lineComment(C,s,c(E))),u&&E&&(u=!1),d.push(n+C)}let f;if(d.length===0)f=i.start+i.end;else{f=d[0];for(let g=1;g<d.length;++g){let m=d[g];f+=m?`
${A}${m}`:`
`}}return t?(f+=`
`+WB.indentComment(c(t),A),a&&a()):u&&o&&o(),f}function a_e({items:t},e,{flowChars:r,itemIndent:n}){let{indent:i,indentStep:s,flowCollectionPadding:o,options:{commentString:a}}=e;n+=s;let A=Object.assign({},e,{indent:n,inFlow:!0,type:null}),c=!1,l=0,u=[];for(let g=0;g<t.length;++g){let m=t[g],E=null;if(jA.isNode(m))m.spaceBefore&&u.push(""),$B(e,u,m.commentBefore,!1),m.comment&&(E=m.comment);else if(jA.isPair(m)){let I=jA.isNode(m.key)?m.key:null;I&&(I.spaceBefore&&u.push(""),$B(e,u,I.commentBefore,!1),I.comment&&(c=!0));let N=jA.isNode(m.value)?m.value:null;N?(N.comment&&(E=N.comment),N.commentBefore&&(c=!0)):m.value==null&&I?.comment&&(E=I.comment)}E&&(c=!0);let C=MK.stringify(m,A,()=>E=null);g<t.length-1&&(C+=","),E&&(C+=WB.lineComment(C,n,a(E))),!c&&(u.length>l||C.includes(`
`))&&(c=!0),u.push(C),l=u.length}let{start:d,end:f}=r;if(u.length===0)return d+f;if(!c){let g=u.reduce((m,E)=>m+E.length+2,2);c=e.options.lineWidth>0&&g>e.options.lineWidth}if(c){let g=d;for(let m of u)g+=m?`
${s}${i}${m}`:`
`;return`${g}
${i}${f}`}else return`${d}${o}${u.join(" ")}${o}${f}`}function $B({indent:t,options:{commentString:e}},r,n,i){if(n&&i&&(n=n.replace(/^\n+/,"")),n){let s=WB.indentComment(e(n),t);r.push(s.trimStart())}}FK.stringifyCollection=s_e});var ka=h(ek=>{"use strict";var A_e=XD(),c_e=$D(),l_e=LB(),Da=He(),KB=_a(),u_e=sr();function rm(t,e){let r=Da.isScalar(e)?e.value:e;for(let n of t)if(Da.isPair(n)&&(n.key===e||n.key===r||Da.isScalar(n.key)&&n.key.value===r))return n}var ZD=class extends l_e.Collection{static get tagName(){return"tag:yaml.org,2002:map"}constructor(e){super(Da.MAP,e),this.items=[]}static from(e,r,n){let{keepUndefined:i,replacer:s}=n,o=new this(e),a=(A,c)=>{if(typeof s=="function")c=s.call(r,A,c);else if(Array.isArray(s)&&!s.includes(A))return;(c!==void 0||i)&&o.items.push(KB.createPair(A,c,n))};if(r instanceof Map)for(let[A,c]of r)a(A,c);else if(r&&typeof r=="object")for(let A of Object.keys(r))a(A,r[A]);return typeof e.sortMapEntries=="function"&&o.items.sort(e.sortMapEntries),o}add(e,r){let n;Da.isPair(e)?n=e:!e||typeof e!="object"||!("key"in e)?n=new KB.Pair(e,e?.value):n=new KB.Pair(e.key,e.value);let i=rm(this.items,n.key),s=this.schema?.sortMapEntries;if(i){if(!r)throw new Error(`Key ${n.key} already set`);Da.isScalar(i.value)&&u_e.isScalarValue(n.value)?i.value.value=n.value:i.value=n.value}else if(s){let o=this.items.findIndex(a=>s(n,a)<0);o===-1?this.items.push(n):this.items.splice(o,0,n)}else this.items.push(n)}delete(e){let r=rm(this.items,e);return r?this.items.splice(this.items.indexOf(r),1).length>0:!1}get(e,r){let i=rm(this.items,e)?.value;return(!r&&Da.isScalar(i)?i.value:i)??void 0}has(e){return!!rm(this.items,e)}set(e,r){this.add(new KB.Pair(e,r),!0)}toJSON(e,r,n){let i=n?new n:r?.mapAsMap?new Map:{};r?.onCreate&&r.onCreate(i);for(let s of this.items)c_e.addPairToJSMap(r,i,s);return i}toString(e,r,n){if(!e)return JSON.stringify(this);for(let i of this.items)if(!Da.isPair(i))throw new Error(`Map items must all be pairs; found ${JSON.stringify(i)} instead`);return!e.allNullValues&&this.hasAllNullValues(!1)&&(e=Object.assign({},e,{allNullValues:!0})),A_e.stringifyCollection(this,e,{blockItemPrefix:"",flowChars:{start:"{",end:"}"},itemIndent:e.indent||"",onChompKeep:n,onComment:r})}};ek.YAMLMap=ZD;ek.findPair=rm});var Sd=h(qK=>{"use strict";var d_e=He(),UK=ka(),f_e={collection:"map",default:!0,nodeClass:UK.YAMLMap,tag:"tag:yaml.org,2002:map",resolve(t,e){return d_e.isMap(t)||e("Expected a mapping for this tag"),t},createNode:(t,e,r)=>UK.YAMLMap.from(t,e,r)};qK.map=f_e});var Pa=h(HK=>{"use strict";var h_e=Vg(),g_e=XD(),m_e=LB(),ZB=He(),p_e=sr(),y_e=Sa(),tk=class extends m_e.Collection{static get tagName(){return"tag:yaml.org,2002:seq"}constructor(e){super(ZB.SEQ,e),this.items=[]}add(e){this.items.push(e)}delete(e){let r=XB(e);return typeof r!="number"?!1:this.items.splice(r,1).length>0}get(e,r){let n=XB(e);if(typeof n!="number")return;let i=this.items[n];return!r&&ZB.isScalar(i)?i.value:i}has(e){let r=XB(e);return typeof r=="number"&&r<this.items.length}set(e,r){let n=XB(e);if(typeof n!="number")throw new Error(`Expected a valid index, not ${e}.`);let i=this.items[n];ZB.isScalar(i)&&p_e.isScalarValue(r)?i.value=r:this.items[n]=r}toJSON(e,r){let n=[];r?.onCreate&&r.onCreate(n);let i=0;for(let s of this.items)n.push(y_e.toJS(s,String(i++),r));return n}toString(e,r,n){return e?g_e.stringifyCollection(this,e,{blockItemPrefix:"- ",flowChars:{start:"[",end:"]"},itemIndent:(e.indent||"")+"  ",onChompKeep:n,onComment:r}):JSON.stringify(this)}static from(e,r,n){let{replacer:i}=n,s=new this(e);if(r&&Symbol.iterator in Object(r)){let o=0;for(let a of r){if(typeof i=="function"){let A=r instanceof Set?a:String(o++);a=i.call(r,A,a)}s.items.push(h_e.createNode(a,void 0,n))}}return s}};function XB(t){let e=ZB.isScalar(t)?t.value:t;return e&&typeof e=="string"&&(e=Number(e)),typeof e=="number"&&Number.isInteger(e)&&e>=0?e:null}HK.YAMLSeq=tk});var xd=h(zK=>{"use strict";var E_e=He(),jK=Pa(),C_e={collection:"seq",default:!0,nodeClass:jK.YAMLSeq,tag:"tag:yaml.org,2002:seq",resolve(t,e){return E_e.isSeq(t)||e("Expected a
`:" ")}return z_e.stringifyString({comment:t,type:e,value:a},n,i,s)}};s9.binary=G_e});var aQ=h(oQ=>{"use strict";var sQ=He(),uk=_a(),Y_e=sr(),J_e=Pa();function o9(t,e){if(sQ.isSeq(t))for(let r=0;r<t.items.length;++r){let n=t.items[r];if(!sQ.isPair(n)){if(sQ.isMap(n)){n.items.length>1&&e("Each pair must have its own sequence indicator");let i=n.items[0]||new uk.Pair(new Y_e.Scalar(null));if(n.commentBefore&&(i.key.commentBefore=i.key.commentBefore?`${n.commentBefore}
${i.key.commentBefore}`:n.commentBefore),n.comment){let s=i.value??i.key;s.comment=s.comment?`${n.comment}
${s.comment}`:n.comment}n=i}t.items[r]=sQ.isPair(n)?n:new uk.Pair(n)}}else e("Expected a sequence for this tag");return t}function a9(t,e,r){let{replacer:n}=r,i=new J_e.YAMLSeq(t);i.tag="tag:yaml.org,2002:pairs";let s=0;if(e&&Symbol.iterator in Object(e))for(let o of e){typeof n=="function"&&(o=n.call(e,String(s++),o));let a,A;if(Array.isArray(o))if(o.length===2)a=o[0],A=o[1];else throw new TypeError(`Expected [key, value] tuple: ${o}`);else if(o&&o instanceof Object){let c=Object.keys(o);if(c.length===1)a=c[0],A=o[a];else throw new TypeError(`Expected tuple with one key, not ${c.length} keys`)}else a=o;i.items.push(uk.createPair(a,A,r))}return i}var V_e={collection:"seq",default:!1,tag:"tag:yaml.org,2002:pairs",resolve:o9,createNode:a9};oQ.createPairs=a9;oQ.pairs=V_e;oQ.resolvePairs=o9});var hk=h(fk=>{"use strict";var A9=He(),dk=Sa(),sm=ka(),W_e=Pa(),c9=aQ(),zA=class t extends W_e.YAMLSeq{constructor(){super(),this.add=sm.YAMLMap.prototype.add.bind(this),this.delete=sm.YAMLMap.prototype.delete.bind(this),this.get=sm.YAMLMap.prototype.get.bind(this),this.has=sm.YAMLMap.prototype.has.bind(this),this.set=sm.YAMLMap.prototype.set.bind(this),this.tag=t.tag}toJSON(e,r){if(!r)return super.toJSON(e);let n=new Map;r?.onCreate&&r.onCreate(n);for(let i of this.items){let s,o;if(A9.isPair(i)?(s=dk.toJS(i.key,"",r),o=dk.toJS(i.value,s,r)):s=dk.toJS(i,"",r),n.has(s))throw new Error("Ordered maps must not include duplicate keys");n.set(s,o)}return n}static from(e,r,n){let i=c9.createPairs(e,r,n),s=new this;return s.items=i.items,s}};zA.tag="tag:yaml.org,2002:omap";var $_e={collection:"seq",identify:t=>t instanceof Map,nodeClass:zA,default:!1,tag:"tag:yaml.org,2002:omap",resolve(t,e){let r=c9.resolvePairs(t,e),n=[];for(let{key:i}of r.items)A9.isScalar(i)&&(n.includes(i.value)?e(`Ordered maps must not include duplicate keys: ${i.value}`):n.push(i.value));return Object.assign(new zA,r)},createNode:(t,e,r)=>zA.from(t,e,r)};fk.YAMLOMap=zA;fk.omap=$_e});var h9=h(gk=>{"use strict";var l9=sr();function u9({value:t,source:e},r){return e&&(t?d9:f9).test.test(e)?e:t?r.options.trueStr:r.options.falseStr}var d9={identify:t=>t===!0,default:!0,tag:"tag:yaml.org,2002:bool",test:/^(?:Y|y|[Yy]es|YES|[Tt]rue|TRUE|[Oo]n|ON)$/,resolve:()=>new l9.Scalar(!0),stringify:u9},f9={identify:t=>t===!1,default:!0,tag:"tag:yaml.org,2002:bool",test:/^(?:N|n|[Nn]o|NO|[Ff]alse|FALSE|[Oo]ff|OFF)$/,resolve:()=>new l9.Scalar(!1),stringify:u9};gk.falseTag=f9;gk.trueTag=d9});var g9=h(AQ=>{"use strict";var K_e=sr(),mk=vd(),X_e={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",test:/^(?:[-+]?\.(?:inf|Inf|INF)|\.nan|\.NaN|\.NAN)$/,resolve:t=>t.slice(-3).toLowerCase()==="nan"?NaN:t[0]==="-"?Number.NEGATIVE_INFINITY:Number.POSITIVE_INFINITY,stringify:mk.stringifyNumber},Z_e={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",format:"EXP",test:/^[-+]?(?:[0-9][0-9_]*)?(?:\.[0-9_]*)?[eE][-+]?[0-9]+$/,resolve:t=>parseFloat(t.replace(/_/g,"")),stringify(t){let e=Number(t.value);return isFinite(e)?e.toExponential():mk.stringifyNumber(t)}},eDe={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",test:/^[-+]?(?:[0-9][0-9_]*)?\.[0-9_]*$/,resolve(t){let e=new K_e.Scalar(parseFloat(t.replace(/_/g,""))),r=t.indexOf(".");if(r!==-1){let n=t.substring(r+1).replace(/_/g,"");n[n.length-1]==="0"&&(e.minFractionDigits=n.length)}return e},stringify:mk.stringifyNumber};AQ.float=eDe;AQ.floatExp=Z_e;AQ.floatNaN=X_e});var p9=h(am=>{"use strict";var m9=vd(),om=t=>typeof t=="bigint"||Number.isInteger(t);function cQ(t,e,r,{intAsBigInt:n}){let i=t[0];if((i==="-"||i==="+")&&(e+=1),t=t.substring(e).replace(/_/g,""),n){switch(r){case 2:t=`0b${t}`;break;case 8:t=`0o${t}`;break;case 16:t=`0x${t}`;break}let o=BigInt(t);return i==="-"?BigInt(-1)*o:o}let s=parseInt(t,r);return i==="-"?-1*s:s}function pk(t,e,r){let{value:n}=t;if(om(n)){let i=n.toString(e);return n<0?"-"+r+i.substr(1):r+i}return m9.stringifyNumber(t)}var tDe={identify:om,default:!0,tag:"tag:yaml.org,2002:int",format:"BIN",test:/^[-+]?0b[0-1_]+$/,resolve:(t,e,r)=>cQ(t,2,2,r),stringify:t
`)?(r.push("..."),r.push(cm.indentComment(A,""))):r.push(`... ${A}`)}else r.push("...");else{let A=t.comment;A&&o&&(A=A.replace(/^\n+/,"")),A&&((!o||a)&&r[r.length-1]!==""&&r.push(""),r.push(cm.indentComment(s(A),"")))}return r.join(`
`)+`
`}P9.stringifyDocument=_De});var lm=h(O9=>{"use strict";var DDe=Jg(),Rd=LB(),Pi=He(),kDe=_a(),PDe=Sa(),TDe=vk(),ODe=T9(),_k=DB(),LDe=TD(),MDe=Vg(),Dk=PD(),kk=class t{constructor(e,r,n){this.commentBefore=null,this.comment=null,this.errors=[],this.warnings=[],Object.defineProperty(this,Pi.NODE_TYPE,{value:Pi.DOC});let i=null;typeof r=="function"||Array.isArray(r)?i=r:n===void 0&&r&&(n=r,r=void 0);let s=Object.assign({intAsBigInt:!1,keepSourceTokens:!1,logLevel:"warn",prettyErrors:!0,strict:!0,stringKeys:!1,uniqueKeys:!0,version:"1.2"},n);this.options=s;let{version:o}=s;n?._directives?(this.directives=n._directives.atDocument(),this.directives.yaml.explicit&&(o=this.directives.yaml.version)):this.directives=new Dk.Directives({version:o}),this.setSchema(o,n),this.contents=e===void 0?null:this.createNode(e,i,n)}clone(){let e=Object.create(t.prototype,{[Pi.NODE_TYPE]:{value:Pi.DOC}});return e.commentBefore=this.commentBefore,e.comment=this.comment,e.errors=this.errors.slice(),e.warnings=this.warnings.slice(),e.options=Object.assign({},this.options),this.directives&&(e.directives=this.directives.clone()),e.schema=this.schema.clone(),e.contents=Pi.isNode(this.contents)?this.contents.clone(e.schema):this.contents,this.range&&(e.range=this.range.slice()),e}add(e){_d(this.contents)&&this.contents.add(e)}addIn(e,r){_d(this.contents)&&this.contents.addIn(e,r)}createAlias(e,r){if(!e.anchor){let n=_k.anchorNames(this);e.anchor=!r||n.has(r)?_k.findNewAnchor(r||"a",n):r}return new DDe.Alias(e.anchor)}createNode(e,r,n){let i;if(typeof r=="function")e=r.call({"":e},"",e),i=r;else if(Array.isArray(r)){let E=I=>typeof I=="number"||I instanceof String||I instanceof Number,C=r.filter(E).map(String);C.length>0&&(r=r.concat(C)),i=r}else n===void 0&&r&&(n=r,r=void 0);let{aliasDuplicateObjects:s,anchorPrefix:o,flow:a,keepUndefined:A,onTagObj:c,tag:l}=n??{},{onAnchor:u,setAnchors:d,sourceObjects:f}=_k.createNodeAnchors(this,o||"a"),g={aliasDuplicateObjects:s??!0,keepUndefined:A??!1,onAnchor:u,onTagObj:c,replacer:i,schema:this.schema,sourceObjects:f},m=MDe.createNode(e,l,g);return a&&Pi.isCollection(m)&&(m.flow=!0),d(),m}createPair(e,r,n={}){let i=this.createNode(e,null,n),s=this.createNode(r,null,n);return new kDe.Pair(i,s)}delete(e){return _d(this.contents)?this.contents.delete(e):!1}deleteIn(e){return Rd.isEmptyPath(e)?this.contents==null?!1:(this.contents=null,!0):_d(this.contents)?this.contents.deleteIn(e):!1}get(e,r){return Pi.isCollection(this.contents)?this.contents.get(e,r):void 0}getIn(e,r){return Rd.isEmptyPath(e)?!r&&Pi.isScalar(this.contents)?this.contents.value:this.contents:Pi.isCollection(this.contents)?this.contents.getIn(e,r):void 0}has(e){return Pi.isCollection(this.contents)?this.contents.has(e):!1}hasIn(e){return Rd.isEmptyPath(e)?this.contents!==void 0:Pi.isCollection(this.contents)?this.contents.hasIn(e):!1}set(e,r){this.contents==null?this.contents=Rd.collectionFromPath(this.schema,[e],r):_d(this.contents)&&this.contents.set(e,r)}setIn(e,r){Rd.isEmptyPath(e)?this.contents=r:this.contents==null?this.contents=Rd.collectionFromPath(this.schema,Array.from(e),r):_d(this.contents)&&this.contents.setIn(e,r)}setSchema(e,r={}){typeof e=="number"&&(e=String(e));let n;switch(e){case"1.1":this.directives?this.directives.yaml.version="1.1":this.directives=new Dk.Directives({version:"1.1"}),n={resolveKnownTags:!1,schema:"yaml-1.1"};break;case"1.2":case"next":this.directives?this.directives.yaml.version=e:this.directives=new Dk.Directives({version:e}),n={resolveKnownTags:!0,schema:"core"};break;case null:this.directives&&delete this.directives,n=null;break;default:{let i=JSON.stringify(e);throw new Error(`Expected '1.1', '1.2' or null as first argument, but found: ${i}`)}}if(r.schema instanceof Object)this.schema=r.schema;else if(n)this.schema=new TDe.Schema(Object.assign(n,r));else throw new Error("With a null YAML version, the { schema: Schema } option is required")}toJS({json:e,jsonArg:r,mapAsMap:n,maxAliasCount:i,onAnchor:s,reviver:o}={}){let a={anchors:new Map,doc:this,keep:!e,mapAsMap:n===!0,mapKeyWarned:!1,maxAliasCount:typeof i=="
`),o=a+o}if(/[^ ]/.test(o)){let a=1,A=r.linePos[1];A&&A.line===n&&A.col>i&&(a=Math.max(1,Math.min(A.col-i,80-s)));let c=" ".repeat(s)+"^".repeat(a);r.message+=`:

${o}
${c}
`}};dm.YAMLError=um;dm.YAMLParseError=Pk;dm.YAMLWarning=Tk;dm.prettifyError=FDe});var hm=h(L9=>{"use strict";function UDe(t,{flow:e,indicator:r,next:n,offset:i,onError:s,parentIndent:o,startOnNewline:a}){let A=!1,c=a,l=a,u="",d="",f=!1,g=!1,m=null,E=null,C=null,I=null,N=null,w=null,R=null;for(let k of t)switch(g&&(k.type!=="space"&&k.type!=="newline"&&k.type!=="comma"&&s(k.offset,"MISSING_CHAR","Tags and anchors must be separated from the next token by white space"),g=!1),m&&(c&&k.type!=="comment"&&k.type!=="newline"&&s(m,"TAB_AS_INDENT","Tabs are not allowed as indentation"),m=null),k.type){case"space":!e&&(r!=="doc-start"||n?.type!=="flow-collection")&&k.source.includes("	")&&(m=k),l=!0;break;case"comment":{l||s(k,"MISSING_CHAR","Comments must be separated from other tokens by white space characters");let J=k.source.substring(1)||" ";u?u+=d+J:u=J,d="",c=!1;break}case"newline":c?u?u+=k.source:(!w||r!=="seq-item-ind")&&(A=!0):d+=k.source,c=!0,f=!0,(E||C)&&(I=k),l=!0;break;case"anchor":E&&s(k,"MULTIPLE_ANCHORS","A node can have at most one anchor"),k.source.endsWith(":")&&s(k.offset+k.source.length-1,"BAD_ALIAS","Anchor ending in : is ambiguous",!0),E=k,R===null&&(R=k.offset),c=!1,l=!1,g=!0;break;case"tag":{C&&s(k,"MULTIPLE_TAGS","A node can have at most one tag"),C=k,R===null&&(R=k.offset),c=!1,l=!1,g=!0;break}case r:(E||C)&&s(k,"BAD_PROP_ORDER",`Anchors and tags must be after the ${k.source} indicator`),w&&s(k,"UNEXPECTED_TOKEN",`Unexpected ${k.source} in ${e??"collection"}`),w=k,c=r==="seq-item-ind"||r==="explicit-key-ind",l=!1;break;case"comma":if(e){N&&s(k,"UNEXPECTED_TOKEN",`Unexpected , in ${e}`),N=k,c=!1,l=!1;break}default:s(k,"UNEXPECTED_TOKEN",`Unexpected ${k.type} token`),c=!1,l=!1}let T=t[t.length-1],U=T?T.offset+T.source.length:i;return g&&n&&n.type!=="space"&&n.type!=="newline"&&n.type!=="comma"&&(n.type!=="scalar"||n.source!=="")&&s(n.offset,"MISSING_CHAR","Tags and anchors must be separated from the next token by white space"),m&&(c&&m.indent<=o||n?.type==="block-map"||n?.type==="block-seq")&&s(m,"TAB_AS_INDENT","Tabs are not allowed as indentation"),{comma:N,found:w,spaceBefore:A,comment:u,hasNewline:f,anchor:E,tag:C,newlineAfterProp:I,end:U,start:R??U}}L9.resolveProps=UDe});var pQ=h(M9=>{"use strict";function Ok(t){if(!t)return null;switch(t.type){case"alias":case"scalar":case"double-quoted-scalar":case"single-quoted-scalar":if(t.source.includes(`
`))return!0;if(t.end){for(let e of t.end)if(e.type==="newline")return!0}return!1;case"flow-collection":for(let e of t.items){for(let r of e.start)if(r.type==="newline")return!0;if(e.sep){for(let r of e.sep)if(r.type==="newline")return!0}if(Ok(e.key)||Ok(e.value))return!0}return!1;default:return!0}}M9.containsNewline=Ok});var Lk=h(F9=>{"use strict";var qDe=pQ();function HDe(t,e,r){if(e?.type==="flow-collection"){let n=e.end[0];n.indent===t&&(n.source==="]"||n.source==="}")&&qDe.containsNewline(e)&&r(n,"BAD_INDENT","Flow end indicator should be more indented than parent",!0)}}F9.flowIndentCheck=HDe});var Mk=h(q9=>{"use strict";var U9=He();function jDe(t,e,r){let{uniqueKeys:n}=t.options;if(n===!1)return!1;let i=typeof n=="function"?n:(s,o)=>s===o||U9.isScalar(s)&&U9.isScalar(o)&&s.value===o.value;return e.some(s=>i(s.key,r))}q9.mapIncludes=jDe});var J9=h(Y9=>{"use strict";var H9=_a(),zDe=ka(),j9=hm(),GDe=pQ(),z9=Lk(),YDe=Mk(),G9="All mapping items must start at the same column";function JDe({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=s?.nodeClass??zDe.YAMLMap,a=new o(r.schema);r.atRoot&&(r.atRoot=!1);let A=n.offset,c=null;for(let l of n.items){let{start:u,key:d,sep:f,value:g}=l,m=j9.resolveProps(u,{indicator:"explicit-key-ind",next:d??f?.[0],offset:A,onError:i,parentIndent:n.indent,startOnNewline:!0}),E=!m.found;if(E){if(d&&(d.type==="block-seq"?i(A,"BLOCK_AS_IMPLICIT_KEY","A block sequence may not be used as an implicit map key"):"indent"in d&&d.indent!==n.indent&&i(A,"BAD_INDENT",G9)),!m.anchor&&!m.tag&&!f){c=m.end,m.comment&&(a.comment?a.comment+=`
`+m.comment:a.comment=m.comment);continue}(m.newlineAfterProp||GDe.containsNewline(d))&&i(d??u[u.length-1],"MULTILINE_IMPLICIT_KEY","Implicit keys need to be on a single line")}else m.found?.indent!==n.indent&&i(A,"BAD_INDENT",G9);r.atKey=!0;let C=m.end,I=d?t(r,d,m,i):e(r,C,u,null,m,i);r.schema.compat&&z9.flowIndentCheck(n.indent,d,i),r.atKey=!1,YDe.mapIncludes(r,a.items,I)&&i(C,"DUPLICATE_KEY","Map keys must be unique");let N=j9.resolveProps(f??[],{indicator:"map-value-ind",next:g,offset:I.range[2],onError:i,parentIndent:n.indent,startOnNewline:!d||d.type==="block-scalar"});if(A=N.end,N.found){E&&(g?.type==="block-map"&&!N.hasNewline&&i(A,"BLOCK_AS_IMPLICIT_KEY","Nested mappings are not allowed in compact mappings"),r.options.strict&&m.start<N.found.offset-1024&&i(I.range,"KEY_OVER_1024_CHARS","The : indicator must be at most 1024 chars after the start of an implicit block mapping key"));let w=g?t(r,g,N,i):e(r,A,f,null,N,i);r.schema.compat&&z9.flowIndentCheck(n.indent,g,i),A=w.range[2];let R=new H9.Pair(I,w);r.options.keepSourceTokens&&(R.srcToken=l),a.items.push(R)}else{E&&i(I.range,"MISSING_CHAR","Implicit map keys need to be followed by map values"),N.comment&&(I.comment?I.comment+=`
`+N.comment:I.comment=N.comment);let w=new H9.Pair(I);r.options.keepSourceTokens&&(w.srcToken=l),a.items.push(w)}}return c&&c<A&&i(c,"IMPOSSIBLE","Map comment with trailing content"),a.range=[n.offset,A,c??A],a}Y9.resolveBlockMap=JDe});var W9=h(V9=>{"use strict";var VDe=Pa(),WDe=hm(),$De=Lk();function KDe({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=s?.nodeClass??VDe.YAMLSeq,a=new o(r.schema);r.atRoot&&(r.atRoot=!1),r.atKey&&(r.atKey=!1);let A=n.offset,c=null;for(let{start:l,value:u}of n.items){let d=WDe.resolveProps(l,{indicator:"seq-item-ind",next:u,offset:A,onError:i,parentIndent:n.indent,startOnNewline:!0});if(!d.found)if(d.anchor||d.tag||u)u&&u.type==="block-seq"?i(d.end,"BAD_INDENT","All sequence items must start at the same column"):i(A,"MISSING_CHAR","Sequence item without - indicator");else{c=d.end,d.comment&&(a.comment=d.comment);continue}let f=u?t(r,u,d,i):e(r,d.end,l,null,d,i);r.schema.compat&&$De.flowIndentCheck(n.indent,u,i),A=f.range[2],a.items.push(f)}return a.range=[n.offset,A,c??A],a}V9.resolveBlockSeq=KDe});var Dd=h($9=>{"use strict";function XDe(t,e,r,n){let i="";if(t){let s=!1,o="";for(let a of t){let{source:A,type:c}=a;switch(c){case"space":s=!0;break;case"comment":{r&&!s&&n(a,"MISSING_CHAR","Comments must be separated from other tokens by white space characters");let l=A.substring(1)||" ";i?i+=o+l:i=l,o="";break}case"newline":i&&(o+=A),s=!0;break;default:n(a,"UNEXPECTED_TOKEN",`Unexpected ${c} at node end`)}e+=A.length}}return{comment:i,offset:e}}$9.resolveEnd=XDe});var e8=h(Z9=>{"use strict";var ZDe=He(),eke=_a(),K9=ka(),tke=Pa(),rke=Dd(),X9=hm(),nke=pQ(),ike=Mk(),Fk="Block collections are not allowed within flow collections",Uk=t=>t&&(t.type==="block-map"||t.type==="block-seq");function ske({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=n.start.source==="{",a=o?"flow map":"flow sequence",A=s?.nodeClass??(o?K9.YAMLMap:tke.YAMLSeq),c=new A(r.schema);c.flow=!0;let l=r.atRoot;l&&(r.atRoot=!1),r.atKey&&(r.atKey=!1);let u=n.offset+n.start.source.length;for(let E=0;E<n.items.length;++E){let C=n.items[E],{start:I,key:N,sep:w,value:R}=C,T=X9.resolveProps(I,{flow:a,indicator:"explicit-key-ind",next:N??w?.[0],offset:u,onError:i,parentIndent:n.indent,startOnNewline:!1});if(!T.found){if(!T.anchor&&!T.tag&&!w&&!R){E===0&&T.comma?i(T.comma,"UNEXPECTED_TOKEN",`Unexpected , in ${a}`):E<n.items.length-1&&i(T.start,"UNEXPECTED_TOKEN",`Unexpected empty item in ${a}`),T.comment&&(c.comment?c.comment+=`
`+T.comment:c.comment=T.comment),u=T.end;continue}!o&&r.options.strict&&nke.containsNewline(N)&&i(N,"MULTILINE_IMPLICIT_KEY","Implicit keys of flow sequence pairs need to be on a single line")}if(E===0)T.comma&&i(T.comma,"UNEXPECTED_TOKEN",`Unexpected , in ${a}`);else if(T.comma||i(T.start,"MISSING_CHAR",`Missing , between ${a} items`),T.comment){let U="";e:for(let k of I)switch(k.type){case"comma":case"space":break;case"comment":U=k.source.substring(1);break e;default:break e}if(U){let k=c.items[c.items.length-1];ZDe.isPair(k)&&(k=k.value??k.key),k.comment?k.comment+=`
`+U:k.comment=U,T.comment=T.comment.substring(U.length+1)}}if(!o&&!w&&!T.found){let U=R?t(r,R,T,i):e(r,T.end,w,null,T,i);c.items.push(U),u=U.range[2],Uk(R)&&i(U.range,"BLOCK_IN_FLOW",Fk)}else{r.atKey=!0;let U=T.end,k=N?t(r,N,T,i):e(r,U,I,null,T,i);Uk(N)&&i(k.range,"BLOCK_IN_FLOW",Fk),r.atKey=!1;let J=X9.resolveProps(w??[],{flow:a,indicator:"map-value-ind",next:R,offset:k.range[2],onError:i,parentIndent:n.indent,startOnNewline:!1});if(J.found){if(!o&&!T.found&&r.options.strict){if(w)for(let H of w){if(H===J.found)break;if(H.type==="newline"){i(H,"MULTILINE_IMPLICIT_KEY","Implicit keys of flow sequence pairs need to be on a single line");break}}T.start<J.found.offset-1024&&i(J.found,"KEY_OVER_1024_CHARS","The : indicator must be at most 1024 chars after the start of an implicit flow sequence key")}}else R&&("source"in R&&R.source&&R.source[0]===":"?i(R,"MISSING_CHAR",`Missing space after : in ${a}`):i(J.start,"MISSING_CHAR",`Missing , or : between ${a} items`));let be=R?t(r,R,J,i):J.found?e(r,J.end,w,null,J,i):null;be?Uk(R)&&i(be.range,"BLOCK_IN_FLOW",Fk):J.comment&&(k.comment?k.comment+=`
`+J.comment:k.comment=J.comment);let ve=new eke.Pair(k,be);if(r.options.keepSourceTokens&&(ve.srcToken=C),o){let H=c;ike.mapIncludes(r,H.items,k)&&i(U,"DUPLICATE_KEY","Map keys must be unique"),H.items.push(ve)}else{let H=new K9.YAMLMap(r.schema);H.flow=!0,H.items.push(ve);let _e=(be??k).range;H.range=[k.range[0],_e[1],_e[2]],c.items.push(H)}u=be?be.range[2]:J.end}}let d=o?"}":"]",[f,...g]=n.end,m=u;if(f&&f.source===d)m=f.offset+f.source.length;else{let E=a[0].toUpperCase()+a.substring(1),C=l?`${E} must end with a ${d}`:`${E} in block collection must be sufficiently indented and end with a ${d}`;i(u,l?"MISSING_CHAR":"BAD_INDENT",C),f&&f.source.length!==1&&g.unshift(f)}if(g.length>0){let E=rke.resolveEnd(g,m,r.options.strict,i);E.comment&&(c.comment?c.comment+=`
`+E.comment:c.comment=E.comment),c.range=[n.offset,m,E.offset]}else c.range=[n.offset,m,m];return c}Z9.resolveFlowCollection=ske});var r8=h(t8=>{"use strict";var oke=He(),ake=sr(),Ake=ka(),cke=Pa(),lke=J9(),uke=W9(),dke=e8();function qk(t,e,r,n,i,s){let o=r.type==="block-map"?lke.resolveBlockMap(t,e,r,n,s):r.type==="block-seq"?uke.resolveBlockSeq(t,e,r,n,s):dke.resolveFlowCollection(t,e,r,n,s),a=o.constructor;return i==="!"||i===a.tagName?(o.tag=a.tagName,o):(i&&(o.tag=i),o)}function fke(t,e,r,n,i){let s=n.tag,o=s?e.directives.tagName(s.source,d=>i(s,"TAG_RESOLVE_FAILED",d)):null;if(r.type==="block-seq"){let{anchor:d,newlineAfterProp:f}=n,g=d&&s?d.offset>s.offset?d:s:d??s;g&&(!f||f.offset<g.offset)&&i(g,"MISSING_CHAR","Missing newline after block sequence props")}let a=r.type==="block-map"?"map":r.type==="block-seq"?"seq":r.start.source==="{"?"map":"seq";if(!s||!o||o==="!"||o===Ake.YAMLMap.tagName&&a==="map"||o===cke.YAMLSeq.tagName&&a==="seq")return qk(t,e,r,i,o);let A=e.schema.tags.find(d=>d.tag===o&&d.collection===a);if(!A){let d=e.schema.knownTags[o];if(d&&d.collection===a)e.schema.tags.push(Object.assign({},d,{default:!1})),A=d;else return d?.collection?i(s,"BAD_COLLECTION_TYPE",`${d.tag} used for ${a} collection, but expects ${d.collection}`,!0):i(s,"TAG_RESOLVE_FAILED",`Unresolved tag: ${o}`,!0),qk(t,e,r,i,o)}let c=qk(t,e,r,i,o,A),l=A.resolve?.(c,d=>i(s,"TAG_RESOLVE_FAILED",d),e.options)??c,u=oke.isNode(l)?l:new ake.Scalar(l);return u.range=c.range,u.tag=o,A?.format&&(u.format=A.format),u}t8.composeCollection=fke});var jk=h(n8=>{"use strict";var Hk=sr();function hke(t,e,r){let n=e.offset,i=gke(e,t.options.strict,r);if(!i)return{value:"",type:null,comment:"",range:[n,n,n]};let s=i.mode===">"?Hk.Scalar.BLOCK_FOLDED:Hk.Scalar.BLOCK_LITERAL,o=e.source?mke(e.source):[],a=o.length;for(let m=o.length-1;m>=0;--m){let E=o[m][1];if(E===""||E==="\r")a=m;else break}if(a===0){let m=i.chomp==="+"&&o.length>0?`
`.repeat(Math.max(1,o.length-1)):"",E=n+i.length;return e.source&&(E+=e.source.length),{value:m,type:s,comment:i.comment,range:[n,E,E]}}let A=e.indent+i.indent,c=e.offset+i.length,l=0;for(let m=0;m<a;++m){let[E,C]=o[m];if(C===""||C==="\r")i.indent===0&&E.length>A&&(A=E.length);else{E.length<A&&r(c+E.length,"MISSING_CHAR","Block scalars with more-indented leading empty lines must use an explicit indentation indicator"),i.indent===0&&(A=E.length),l=m,A===0&&!t.atRoot&&r(c,"BAD_INDENT","Block scalar values in collections must be indented");break}c+=E.length+C.length+1}for(let m=o.length-1;m>=a;--m)o[m][0].length>A&&(a=m+1);let u="",d="",f=!1;for(let m=0;m<l;++m)u+=o[m][0].slice(A)+`
`;for(let m=l;m<a;++m){let[E,C]=o[m];c+=E.length+C.length+1;let I=C[C.length-1]==="\r";if(I&&(C=C.slice(0,-1)),C&&E.length<A){let w=`Block scalar lines must not be less indented than their ${i.indent?"explicit indentation indicator":"first line"}`;r(c-C.length-(I?2:1),"BAD_INDENT",w),E=""}s===Hk.Scalar.BLOCK_LITERAL?(u+=d+E.slice(A)+C,d=`
`):E.length>A||C[0]==="	"?(d===" "?d=`
`:!f&&d===`
`&&(d=`

`),u+=d+E.slice(A)+C,d=`
`,f=!0):C===""?d===`
`?u+=`
`:d=`
`:(u+=d+C,d=" ",f=!1)}switch(i.chomp){case"-":break;case"+":for(let m=a;m<o.length;++m)u+=`
`+o[m][0].slice(A);u[u.length-1]!==`
`&&(u+=`
`);break;default:u+=`
`}let g=n+i.length+e.source.length;return{value:u,type:s,comment:i.comment,range:[n,g,g]}}function gke({offset:t,props:e},r,n){if(e[0].type!=="block-scalar-header")return n(e[0],"IMPOSSIBLE","Block scalar header not found"),null;let{source:i}=e[0],s=i[0],o=0,a="",A=-1;for(let d=1;d<i.length;++d){let f=i[d];if(!a&&(f==="-"||f==="+"))a=f;else{let g=Number(f);!o&&g?o=g:A===-1&&(A=t+d)}}A!==-1&&n(A,"UNEXPECTED_TOKEN",`Block scalar header includes extra characters: ${i}`);let c=!1,l="",u=i.length;for(let d=1;d<e.length;++d){let f=e[d];switch(f.type){case"space":c=!0;case"newline":u+=f.source.length;break;case"comment":r&&!c&&n(f,"MISSING_CHAR","Comments must be separated from other tokens by white space characters"),u+=f.source.length,l=f.source.substring(1);break;case"error":n(f,"UNEXPECTED_TOKEN",f.message),u+=f.source.length;break;default:{let g=`Unexpected token in block scalar header: ${f.type}`;n(f,"UNEXPECTED_TOKEN",g);let m=f.source;m&&typeof m=="string"&&(u+=m.length)}}}return{mode:s,indent:o,chomp:a,comment:l,length:u}}function mke(t){let e=t.split(/\n( *)/),r=e[0],n=r.match(/^( *)/),s=[n?.[1]?[n[1],r.slice(n[1].length)]:["",r]];for(let o=1;o<e.length;o+=2)s.push([e[o],e[o+1]]);return s}n8.resolveBlockScalar=hke});var Gk=h(s8=>{"use strict";var zk=sr(),pke=Dd();function yke(t,e,r){let{offset:n,type:i,source:s,end:o}=t,a,A,c=(d,f,g)=>r(n+d,f,g);switch(i){case"scalar":a=zk.Scalar.PLAIN,A=Eke(s,c);break;case"single-quoted-scalar":a=zk.Scalar.QUOTE_SINGLE,A=Cke(s,c);break;case"double-quoted-scalar":a=zk.Scalar.QUOTE_DOUBLE,A=Ike(s,c);break;default:return r(t,"UNEXPECTED_TOKEN",`Expected a flow scalar value, but found: ${i}`),{value:"",type:null,comment:"",range:[n,n+s.length,n+s.length]}}let l=n+s.length,u=pke.resolveEnd(o,l,e,r);return{value:A,type:a,comment:u.comment,range:[n,l,u.offset]}}function Eke(t,e){let r="";switch(t[0]){case"	":r="a tab character";break;case",":r="flow indicator character ,";break;case"%":r="directive indicator character %";break;case"|":case">":{r=`block scalar indicator ${t[0]}`;break}case"@":case"`":{r=`reserved character ${t[0]}`;break}}return r&&e(0,"BAD_SCALAR_START",`Plain value cannot start with ${r}`),i8(t)}function Cke(t,e){return(t[t.length-1]!=="'"||t.length===1)&&e(t.length,"MISSING_CHAR","Missing closing 'quote"),i8(t.slice(1,-1)).replace(/''/g,"'")}function i8(t){let e,r;try{e=new RegExp(`(.*?)(?<![ 	])[ 	]*\r?
`,"sy"),r=new RegExp(`[ 	]*(.*?)(?:(?<![ 	])[ 	]*)?\r?
`,"sy")}catch{e=/(.*?)[ \t]*\r?\n/sy,r=/[ \t]*(.*?)[ \t]*\r?\n/sy}let n=e.exec(t);if(!n)return t;let i=n[1],s=" ",o=e.lastIndex;for(r.lastIndex=o;n=r.exec(t);)n[1]===""?s===`
`?i+=s:s=`
`:(i+=s+n[1],s=" "),o=r.lastIndex;let a=/[ \t]*(.*)/sy;return a.lastIndex=o,n=a.exec(t),i+s+(n?.[1]??"")}function Ike(t,e){let r="";for(let n=1;n<t.length-1;++n){let i=t[n];if(!(i==="\r"&&t[n+1]===`
`))if(i===`
`){let{fold:s,offset:o}=Bke(t,n);r+=s,n=o}else if(i==="\\"){let s=t[++n],o=Qke[s];if(o)r+=o;else if(s===`
`)for(s=t[n+1];s===" "||s==="	";)s=t[++n+1];else if(s==="\r"&&t[n+1]===`
`)for(s=t[++n+1];s===" "||s==="	";)s=t[++n+1];else if(s==="x"||s==="u"||s==="U"){let a={x:2,u:4,U:8}[s];r+=bke(t,n+1,a,e),n+=a}else{let a=t.substr(n-1,2);e(n-1,"BAD_DQ_ESCAPE",`Invalid escape sequence ${a}`),r+=a}}else if(i===" "||i==="	"){let s=n,o=t[n+1];for(;o===" "||o==="	";)o=t[++n+1];o!==`
`&&!(o==="\r"&&t[n+2]===`
`)&&(r+=n>s?t.slice(s,n+1):i)}else r+=i}return(t[t.length-1]!=='"'||t.length===1)&&e(t.length,"MISSING_CHAR",'Missing closing "quote'),r}function Bke(t,e){let r="",n=t[e+1];for(;(n===" "||n==="	"||n===`
`||n==="\r")&&!(n==="\r"&&t[e+2]!==`
`);)n===`
`&&(r+=`
`),e+=1,n=t[e+1];return r||(r=" "),{fold:r,offset:e}}var Qke={0:"\0",a:"\x07",b:"\b",e:"\x1B",f:"\f",n:`
`,r:"\r",t:"	",v:"\v",N:"\x85",_:"\xA0",L:"\u2028",P:"\u2029"," ":" ",'"':'"',"/":"/","\\":"\\","	":"	"};function bke(t,e,r,n){let i=t.substr(e,r),o=i.length===r&&/^[0-9a-fA-F]+$/.test(i)?parseInt(i,16):NaN;if(isNaN(o)){let a=t.substr(e-2,r+2);return n(e-2,"BAD_DQ_ESCAPE",`Invalid escape sequence ${a}`),a}return String.fromCodePoint(o)}s8.resolveFlowScalar=yke});var A8=h(a8=>{"use strict";var YA=He(),o8=sr(),Nke=jk(),wke=Gk();function Ske(t,e,r,n){let{value:i,type:s,comment:o,range:a}=e.type==="block-scalar"?Nke.resolveBlockScalar(t,e,n):wke.resolveFlowScalar(e,t.options.strict,n),A=r?t.directives.tagName(r.source,u=>n(r,"TAG_RESOLVE_FAILED",u)):null,c;t.options.stringKeys&&t.atKey?c=t.schema[YA.SCALAR]:A?c=xke(t.schema,i,A,r,n):e.type==="scalar"?c=vke(t,i,e,n):c=t.schema[YA.SCALAR];let l;try{let u=c.resolve(i,d=>n(r??e,"TAG_RESOLVE_FAILED",d),t.options);l=YA.isScalar(u)?u:new o8.Scalar(u)}catch(u){let d=u instanceof Error?u.message:String(u);n(r??e,"TAG_RESOLVE_FAILED",d),l=new o8.Scalar(i)}return l.range=a,l.source=i,s&&(l.type=s),A&&(l.tag=A),c.format&&(l.format=c.format),o&&(l.comment=o),l}function xke(t,e,r,n,i){if(r==="!")return t[YA.SCALAR];let s=[];for(let a of t.tags)if(!a.collection&&a.tag===r)if(a.default&&a.test)s.push(a);else return a;for(let a of s)if(a.test?.test(e))return a;let o=t.knownTags[r];return o&&!o.collection?(t.tags.push(Object.assign({},o,{default:!1,test:void 0})),o):(i(n,"TAG_RESOLVE_FAILED",`Unresolved tag: ${r}`,r!=="tag:yaml.org,2002:str"),t[YA.SCALAR])}function vke({atKey:t,directives:e,schema:r},n,i,s){let o=r.tags.find(a=>(a.default===!0||t&&a.default==="key")&&a.test?.test(n))||r[YA.SCALAR];if(r.compat){let a=r.compat.find(A=>A.default&&A.test?.test(n))??r[YA.SCALAR];if(o.tag!==a.tag){let A=e.tagString(o.tag),c=e.tagString(a.tag),l=`Value may be parsed as either ${A} or ${c}`;s(i,"TAG_RESOLVE_FAILED",l,!0)}}return o}a8.composeScalar=Ske});var l8=h(c8=>{"use strict";function Rke(t,e,r){if(e){r===null&&(r=e.length);for(let n=r-1;n>=0;--n){let i=e[n];switch(i.type){case"space":case"comment":case"newline":t-=i.source.length;continue}for(i=e[++n];i?.type==="space";)t+=i.source.length,i=e[++n];break}}return t}c8.emptyScalarPosition=Rke});var f8=h(Jk=>{"use strict";var _ke=Jg(),Dke=He(),kke=r8(),u8=A8(),Pke=Dd(),Tke=l8(),Oke={composeNode:d8,composeEmptyNode:Yk};function d8(t,e,r,n){let i=t.atKey,{spaceBefore:s,comment:o,anchor:a,tag:A}=r,c,l=!0;switch(e.type){case"alias":c=Lke(t,e,n),(a||A)&&n(e,"ALIAS_PROPS","An alias node must not specify any properties");break;case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":case"block-scalar":c=u8.composeScalar(t,e,A,n),a&&(c.anchor=a.source.substring(1));break;case"block-map":case"block-seq":case"flow-collection":c=kke.composeCollection(Oke,t,e,r,n),a&&(c.anchor=a.source.substring(1));break;default:{let u=e.type==="error"?e.message:`Unsupported token (type: ${e.type})`;n(e,"UNEXPECTED_TOKEN",u),c=Yk(t,e.offset,void 0,null,r,n),l=!1}}return a&&c.anchor===""&&n(a,"BAD_ALIAS","Anchor cannot be an empty string"),i&&t.options.stringKeys&&(!Dke.isScalar(c)||typeof c.value!="string"||c.tag&&c.tag!=="tag:yaml.org,2002:str")&&n(A??e,"NON_STRING_KEY","With stringKeys, all keys must be strings"),s&&(c.spaceBefore=!0),o&&(e.type==="scalar"&&e.source===""?c.comment=o:c.commentBefore=o),t.options.keepSourceTokens&&l&&(c.srcToken=e),c}function Yk(t,e,r,n,{spaceBefore:i,comment:s,anchor:o,tag:a,end:A},c){let l={type:"scalar",offset:Tke.emptyScalarPosition(e,r,n),indent:-1,source:""},u=u8.composeScalar(t,l,a,c);return o&&(u.anchor=o.source.substring(1),u.anchor===""&&c(o,"BAD_ALIAS","Anchor cannot be an empty string")),i&&(u.spaceBefore=!0),s&&(u.comment=s,u.range[2]=A),u}function Lke({options:t},{offset:e,source:r,end:n},i){let s=new _ke.Alias(r.substring(1));s.source===""&&i(e,"BAD_ALIAS","Alias cannot be an empty string"),s.source.endsWith(":")&&i(e+r.length-1,"BAD_ALIAS","Alias ending in : is ambiguous",!0);let o=e+r.length,a=Pke.resolveEnd(n,o,t.strict,i);return s.range=[e,o,a.offset],a.comment&&(s.comment=a.comment),s}Jk.composeEmptyNode=Yk;Jk.co

`:`
`)+(s.substring(1)||" "),r=!0,n=!1;break;case"%":t[i+1]?.[0]!=="#"&&(i+=1),r=!1;break;default:r||(n=!0),r=!1}}return{comment:e,afterEmptyLine:n}}var Vk=class{constructor(e={}){this.doc=null,this.atDirectives=!1,this.prelude=[],this.errors=[],this.warnings=[],this.onError=(r,n,i,s)=>{let o=mm(r);s?this.warnings.push(new gm.YAMLWarning(o,n,i)):this.errors.push(new gm.YAMLParseError(o,n,i))},this.directives=new jke.Directives({version:e.version||"1.2"}),this.options=e}decorate(e,r){let{comment:n,afterEmptyLine:i}=y8(this.prelude);if(n){let s=e.contents;if(r)e.comment=e.comment?`${e.comment}
${n}`:n;else if(i||e.directives.docStart||!s)e.commentBefore=n;else if(p8.isCollection(s)&&!s.flow&&s.items.length>0){let o=s.items[0];p8.isPair(o)&&(o=o.key);let a=o.commentBefore;o.commentBefore=a?`${n}
${a}`:n}else{let o=s.commentBefore;s.commentBefore=o?`${n}
${o}`:n}}r?(Array.prototype.push.apply(e.errors,this.errors),Array.prototype.push.apply(e.warnings,this.warnings)):(e.errors=this.errors,e.warnings=this.warnings),this.prelude=[],this.errors=[],this.warnings=[]}streamInfo(){return{comment:y8(this.prelude).comment,directives:this.directives,errors:this.errors,warnings:this.warnings}}*compose(e,r=!1,n=-1){for(let i of e)yield*this.next(i);yield*this.end(r,n)}*next(e){switch(Hke.env.LOG_STREAM&&console.dir(e,{depth:null}),e.type){case"directive":this.directives.add(e.source,(r,n,i)=>{let s=mm(e);s[0]+=r,this.onError(s,"BAD_DIRECTIVE",n,i)}),this.prelude.push(e.source),this.atDirectives=!0;break;case"document":{let r=Gke.composeDoc(this.options,this.directives,e,this.onError);this.atDirectives&&!r.directives.docStart&&this.onError(e,"MISSING_CHAR","Missing directives-end/doc-start indicator line"),this.decorate(r,!1),this.doc&&(yield this.doc),this.doc=r,this.atDirectives=!1;break}case"byte-order-mark":case"space":break;case"comment":case"newline":this.prelude.push(e.source);break;case"error":{let r=e.source?`${e.message}: ${JSON.stringify(e.source)}`:e.message,n=new gm.YAMLParseError(mm(e),"UNEXPECTED_TOKEN",r);this.atDirectives||!this.doc?this.errors.push(n):this.doc.errors.push(n);break}case"doc-end":{if(!this.doc){let n="Unexpected doc-end without preceding document";this.errors.push(new gm.YAMLParseError(mm(e),"UNEXPECTED_TOKEN",n));break}this.doc.directives.docEnd=!0;let r=Yke.resolveEnd(e.end,e.offset+e.source.length,this.doc.options.strict,this.onError);if(this.decorate(this.doc,!0),r.comment){let n=this.doc.comment;this.doc.comment=n?`${n}
${r.comment}`:r.comment}this.doc.range[2]=r.offset;break}default:this.errors.push(new gm.YAMLParseError(mm(e),"UNEXPECTED_TOKEN",`Unsupported token ${e.type}`))}}*end(e=!1,r=-1){if(this.doc)this.decorate(this.doc,!0),yield this.doc,this.doc=null;else if(e){let n=Object.assign({_directives:this.directives},this.options),i=new zke.Document(void 0,n);this.atDirectives&&this.onError(r,"MISSING_CHAR","Missing directives-end indicator line"),i.range=[0,r,r],this.decorate(i,!1),yield i}}};E8.Composer=Vk});var B8=h(yQ=>{"use strict";var Jke=jk(),Vke=Gk(),Wke=fm(),C8=Xg();function $ke(t,e=!0,r){if(t){let n=(i,s,o)=>{let a=typeof i=="number"?i:Array.isArray(i)?i[0]:i.offset;if(r)r(a,s,o);else throw new Wke.YAMLParseError([a,a+1],s,o)};switch(t.type){case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return Vke.resolveFlowScalar(t,e,n);case"block-scalar":return Jke.resolveBlockScalar({options:{strict:e}},t,n)}}return null}function Kke(t,e){let{implicitKey:r=!1,indent:n,inFlow:i=!1,offset:s=-1,type:o="PLAIN"}=e,a=C8.stringifyString({type:o,value:t},{implicitKey:r,indent:n>0?" ".repeat(n):"",inFlow:i,options:{blockQuote:!0,lineWidth:-1}}),A=e.end??[{type:"newline",offset:-1,indent:n,source:`
`}];switch(a[0]){case"|":case">":{let c=a.indexOf(`
`),l=a.substring(0,c),u=a.substring(c+1)+`
`,d=[{type:"block-scalar-header",offset:s,indent:n,source:l}];return I8(d,A)||d.push({type:"newline",offset:-1,indent:n,source:`
`}),{type:"block-scalar",offset:s,indent:n,props:d,source:u}}case'"':return{type:"double-quoted-scalar",offset:s,indent:n,source:a,end:A};case"'":return{type:"single-quoted-scalar",offset:s,indent:n,source:a,end:A};default:return{type:"scalar",offset:s,indent:n,source:a,end:A}}}function Xke(t,e,r={}){let{afterKey:n=!1,implicitKey:i=!1,inFlow:s=!1,type:o}=r,a="indent"in t?t.indent:null;if(n&&typeof a=="number"&&(a+=2),!o)switch(t.type){case"single-quoted-scalar":o="QUOTE_SINGLE";break;case"double-quoted-scalar":o="QUOTE_DOUBLE";break;case"block-scalar":{let c=t.props[0];if(c.type!=="block-scalar-header")throw new Error("Invalid block scalar header");o=c.source[0]===">"?"BLOCK_FOLDED":"BLOCK_LITERAL";break}default:o="PLAIN"}let A=C8.stringifyString({type:o,value:e},{implicitKey:i||a===null,indent:a!==null&&a>0?" ".repeat(a):"",inFlow:s,options:{blockQuote:!0,lineWidth:-1}});switch(A[0]){case"|":case">":Zke(t,A);break;case'"':$k(t,A,"double-quoted-scalar");break;case"'":$k(t,A,"single-quoted-scalar");break;default:$k(t,A,"scalar")}}function Zke(t,e){let r=e.indexOf(`
`),n=e.substring(0,r),i=e.substring(r+1)+`
`;if(t.type==="block-scalar"){let s=t.props[0];if(s.type!=="block-scalar-header")throw new Error("Invalid block scalar header");s.source=n,t.source=i}else{let{offset:s}=t,o="indent"in t?t.indent:-1,a=[{type:"block-scalar-header",offset:s,indent:o,source:n}];I8(a,"end"in t?t.end:void 0)||a.push({type:"newline",offset:-1,indent:o,source:`
`});for(let A of Object.keys(t))A!=="type"&&A!=="offset"&&delete t[A];Object.assign(t,{type:"block-scalar",indent:o,props:a,source:i})}}function I8(t,e){if(e)for(let r of e)switch(r.type){case"space":case"comment":t.push(r);break;case"newline":return t.push(r),!0}return!1}function $k(t,e,r){switch(t.type){case"scalar":case"double-quoted-scalar":case"single-quoted-scalar":t.type=r,t.source=e;break;case"block-scalar":{let n=t.props.slice(1),i=e.length;t.props[0].type==="block-scalar-header"&&(i-=t.props[0].source.length);for(let s of n)s.offset+=i;delete t.props,Object.assign(t,{type:r,source:e,end:n});break}case"block-map":case"block-seq":{let i={type:"newline",offset:t.offset+e.length,indent:t.indent,source:`
`};delete t.items,Object.assign(t,{type:r,source:e,end:[i]});break}default:{let n="indent"in t?t.indent:-1,i="end"in t&&Array.isArray(t.end)?t.end.filter(s=>s.type==="space"||s.type==="comment"||s.type==="newline"):[];for(let s of Object.keys(t))s!=="type"&&s!=="offset"&&delete t[s];Object.assign(t,{type:r,indent:n,source:e,end:i})}}}yQ.createScalarToken=Kke;yQ.resolveAsScalar=$ke;yQ.setScalarValue=Xke});var b8=h(Q8=>{"use strict";var ePe=t=>"type"in t?CQ(t):EQ(t);function CQ(t){switch(t.type){case"block-scalar":{let e="";for(let r of t.props)e+=CQ(r);return e+t.source}case"block-map":case"block-seq":{let e="";for(let r of t.items)e+=EQ(r);return e}case"flow-collection":{let e=t.start.source;for(let r of t.items)e+=EQ(r);for(let r of t.end)e+=r.source;return e}case"document":{let e=EQ(t);if(t.end)for(let r of t.end)e+=r.source;return e}default:{let e=t.source;if("end"in t&&t.end)for(let r of t.end)e+=r.source;return e}}}function EQ({start:t,key:e,sep:r,value:n}){let i="";for(let s of t)i+=s.source;if(e&&(i+=CQ(e)),r)for(let s of r)i+=s.source;return n&&(i+=CQ(n)),i}Q8.stringify=ePe});var x8=h(S8=>{"use strict";var Kk=Symbol("break visit"),tPe=Symbol("skip children"),N8=Symbol("remove item");function JA(t,e){"type"in t&&t.type==="document"&&(t={start:t.start,value:t.value}),w8(Object.freeze([]),t,e)}JA.BREAK=Kk;JA.SKIP=tPe;JA.REMOVE=N8;JA.itemAtPath=(t,e)=>{let r=t;for(let[n,i]of e){let s=r?.[n];if(s&&"items"in s)r=s.items[i];else return}return r};JA.parentCollection=(t,e)=>{let r=JA.itemAtPath(t,e.slice(0,-1)),n=e[e.length-1][0],i=r?.[n];if(i&&"items"in i)return i;throw new Error("Parent collection not found")};function w8(t,e,r){let n=r(e,t);if(typeof n=="symbol")return n;for(let i of["key","value"]){let s=e[i];if(s&&"items"in s){for(let o=0;o<s.items.length;++o){let a=w8(Object.freeze(t.concat([[i,o]])),s.items[o],r);if(typeof a=="number")o=a-1;else{if(a===Kk)return Kk;a===N8&&(s.items.splice(o,1),o-=1)}}typeof n=="function"&&i==="key"&&(n=n(e,t))}}return typeof n=="function"?n(e,t):n}S8.visit=JA});var IQ=h(Pn=>{"use strict";var Xk=B8(),rPe=b8(),nPe=x8(),Zk="\uFEFF",eP="",tP="",rP="",iPe=t=>!!t&&"items"in t,sPe=t=>!!t&&(t.type==="scalar"||t.type==="single-quoted-scalar"||t.type==="double-quoted-scalar"||t.type==="block-scalar");function oPe(t){switch(t){case Zk:return"<BOM>";case eP:return"<DOC>";case tP:return"<FLOW_END>";case rP:return"<SCALAR>";default:return JSON.stringify(t)}}function aPe(t){switch(t){case Zk:return"byte-order-mark";case eP:return"doc-mode";case tP:return"flow-error-end";case rP:return"scalar";case"---":return"doc-start";case"...":return"doc-end";case"":case`
`:case`\r
`:return"newline";case"-":return"seq-item-ind";case"?":return"explicit-key-ind";case":":return"map-value-ind";case"{":return"flow-map-start";case"}":return"flow-map-end";case"[":return"flow-seq-start";case"]":return"flow-seq-end";case",":return"comma"}switch(t[0]){case" ":case"	":return"space";case"#":return"comment";case"%":return"directive-line";case"*":return"alias";case"&":return"anchor";case"!":return"tag";case"'":return"single-quoted-scalar";case'"':return"double-quoted-scalar";case"|":case">":return"block-scalar-header"}return null}Pn.createScalarToken=Xk.createScalarToken;Pn.resolveAsScalar=Xk.resolveAsScalar;Pn.setScalarValue=Xk.setScalarValue;Pn.stringify=rPe.stringify;Pn.visit=nPe.visit;Pn.BOM=Zk;Pn.DOCUMENT=eP;Pn.FLOW_END=tP;Pn.SCALAR=rP;Pn.isCollection=iPe;Pn.isScalar=sPe;Pn.prettyToken=oPe;Pn.tokenType=aPe});var sP=h(R8=>{"use strict";var pm=IQ();function rs(t){switch(t){case void 0:case" ":case`
`:case"\r":case"	":return!0;default:return!1}}var v8=new Set("0123456789ABCDEFabcdef"),APe=new Set("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-#;/?:@&=+$_.!~*'()"),BQ=new Set(",[]{}"),cPe=new Set(` ,[]{}
\r	`),nP=t=>!t||cPe.has(t),iP=class{constructor(){this.atEnd=!1,this.blockScalarIndent=-1,this.blockScalarKeep=!1,this.buffer="",this.flowKey=!1,this.flowLevel=0,this.indentNext=0,this.indentValue=0,this.lineEndPos=null,this.next=null,this.pos=0}*lex(e,r=!1){if(e){if(typeof e!="string")throw TypeError("source is not a string");this.buffer=this.buffer?this.buffer+e:e,this.lineEndPos=null}this.atEnd=!r;let n=this.next??"stream";for(;n&&(r||this.hasChars(1));)n=yield*this.parseNext(n)}atLineEnd(){let e=this.pos,r=this.buffer[e];for(;r===" "||r==="	";)r=this.buffer[++e];return!r||r==="#"||r===`
`?!0:r==="\r"?this.buffer[e+1]===`
`:!1}charAt(e){return this.buffer[this.pos+e]}continueScalar(e){let r=this.buffer[e];if(this.indentNext>0){let n=0;for(;r===" ";)r=this.buffer[++n+e];if(r==="\r"){let i=this.buffer[n+e+1];if(i===`
`||!i&&!this.atEnd)return e+n+1}return r===`
`||n>=this.indentNext||!r&&!this.atEnd?e+n:-1}if(r==="-"||r==="."){let n=this.buffer.substr(e,3);if((n==="---"||n==="...")&&rs(this.buffer[e+3]))return-1}return e}getLine(){let e=this.lineEndPos;return(typeof e!="number"||e!==-1&&e<this.pos)&&(e=this.buffer.indexOf(`
`,this.pos),this.lineEndPos=e),e===-1?this.atEnd?this.buffer.substring(this.pos):null:(this.buffer[e-1]==="\r"&&(e-=1),this.buffer.substring(this.pos,e))}hasChars(e){return this.pos+e<=this.buffer.length}setNext(e){return this.buffer=this.buffer.substring(this.pos),this.pos=0,this.lineEndPos=null,this.next=e,null}peek(e){return this.buffer.substr(this.pos,e)}*parseNext(e){switch(e){case"stream":return yield*this.parseStream();case"line-start":return yield*this.parseLineStart();case"block-start":return yield*this.parseBlockStart();case"doc":return yield*this.parseDocument();case"flow":return yield*this.parseFlowCollection();case"quoted-scalar":return yield*this.parseQuotedScalar();case"block-scalar":return yield*this.parseBlockScalar();case"plain-scalar":return yield*this.parsePlainScalar()}}*parseStream(){let e=this.getLine();if(e===null)return this.setNext("stream");if(e[0]===pm.BOM&&(yield*this.pushCount(1),e=e.substring(1)),e[0]==="%"){let r=e.length,n=e.indexOf("#");for(;n!==-1;){let s=e[n-1];if(s===" "||s==="	"){r=n-1;break}else n=e.indexOf("#",n+1)}for(;;){let s=e[r-1];if(s===" "||s==="	")r-=1;else break}let i=(yield*this.pushCount(r))+(yield*this.pushSpaces(!0));return yield*this.pushCount(e.length-i),this.pushNewline(),"stream"}if(this.atLineEnd()){let r=yield*this.pushSpaces(!0);return yield*this.pushCount(e.length-r),yield*this.pushNewline(),"stream"}return yield pm.DOCUMENT,yield*this.parseLineStart()}*parseLineStart(){let e=this.charAt(0);if(!e&&!this.atEnd)return this.setNext("line-start");if(e==="-"||e==="."){if(!this.atEnd&&!this.hasChars(4))return this.setNext("line-start");let r=this.peek(3);if((r==="---"||r==="...")&&rs(this.charAt(3)))return yield*this.pushCount(3),this.indentValue=0,this.indentNext=0,r==="---"?"doc":"stream"}return this.indentValue=yield*this.pushSpaces(!1),this.indentNext>this.indentValue&&!rs(this.charAt(1))&&(this.indentNext=this.indentValue),yield*this.parseBlockStart()}*parseBlockStart(){let[e,r]=this.peek(2);if(!r&&!this.atEnd)return this.setNext("block-start");if((e==="-"||e==="?"||e===":")&&rs(r)){let n=(yield*this.pushCount(1))+(yield*this.pushSpaces(!0));return this.indentNext=this.indentValue+1,this.indentValue+=n,yield*this.parseBlockStart()}return"doc"}*parseDocument(){yield*this.pushSpaces(!0);let e=this.getLine();if(e===null)return this.setNext("doc");let r=yield*this.pushIndicators();switch(e[r]){case"#":yield*this.pushCount(e.length-r);case void 0:return yield*this.pushNewline(),yield*this.parseLineStart();case"{":case"[":return yield*this.pushCount(1),this.flowKey=!1,this.flowLevel=1,"flow";case"}":case"]":return yield*this.pushCount(1),"doc";case"*":return yield*this.pushUntil(nP),"doc";case'"':case"'":return yield*this.parseQuotedScalar();case"|":case">":return r+=yield*this.parseBlockScalarHeader(),r+=yield*this.pushSpaces(!0),yield*this.pushCount(e.length-r),yield*this.pushNewline(),yield*this.parseBlockScalar();default:return yield*this.parsePlainScalar()}}*parseFlowCollection(){let e,r,n=-1;do e=yield*this.pushNewline(),e>0?(r=yield*this.pushSpaces(!1),this.indentValue=n=r):r=0,r+=yield*this.pushSpaces(!0);while(e+r>0);let i=this.getLine();if(i===null)return this.setNext("flow");if((n!==-1&&n<this.indentNext&&i[0]!=="#"||n===0&&(i.startsWith("---")||i.startsWith("..."))&&rs(i[3]))&&!(n===this.indentNext-1&&this.flowLevel===1&&(i[0]==="]"||i[0]==="}")))return this.flowLevel=0,yield pm.FLOW_END,yield*this.parseLineStart();let s=0;for(;i[s]===",";)s+=yield*this.pushCount(1),s+=yield*this.pushSpaces(!0),this.flowKey=!1;switch(s+=yield*this.pushIndicators(),i[s]){case void 0:return"flow";case"#":return yield*this.pushCount(i.length-s),"flow";case"{":case"[":return yield*this.pushCount(1),this.flowKey=!1,this.flowLevel+=1,"flow";case"}":case"]":return yield*this.pushCount(1),this.flowKey=!0,this.flowLevel-=1,this.flowLevel?"flow":"doc";case"*":return yield*this.pushUntil(nP),"flow";case'"':case"'":return this.flowKey=!0,yield*this.parseQuotedScalar();case":":{let o=this.charAt(1);if(this.flowKey||rs(o)||o===",")return this.flowKey=!1,yield*this.pushCount(1),yield*th
`,this.pos);if(i!==-1){for(;i!==-1;){let s=this.continueScalar(i+1);if(s===-1)break;i=n.indexOf(`
`,s)}i!==-1&&(r=i-(n[i-1]==="\r"?2:1))}if(r===-1){if(!this.atEnd)return this.setNext("quoted-scalar");r=this.buffer.length}return yield*this.pushToIndex(r+1,!1),this.flowLevel?"flow":"doc"}*parseBlockScalarHeader(){this.blockScalarIndent=-1,this.blockScalarKeep=!1;let e=this.pos;for(;;){let r=this.buffer[++e];if(r==="+")this.blockScalarKeep=!0;else if(r>"0"&&r<="9")this.blockScalarIndent=Number(r)-1;else if(r!=="-")break}return yield*this.pushUntil(r=>rs(r)||r==="#")}*parseBlockScalar(){let e=this.pos-1,r=0,n;e:for(let s=this.pos;n=this.buffer[s];++s)switch(n){case" ":r+=1;break;case`
`:e=s,r=0;break;case"\r":{let o=this.buffer[s+1];if(!o&&!this.atEnd)return this.setNext("block-scalar");if(o===`
`)break}default:break e}if(!n&&!this.atEnd)return this.setNext("block-scalar");if(r>=this.indentNext){this.blockScalarIndent===-1?this.indentNext=r:this.indentNext=this.blockScalarIndent+(this.indentNext===0?1:this.indentNext);do{let s=this.continueScalar(e+1);if(s===-1)break;e=this.buffer.indexOf(`
`,s)}while(e!==-1);if(e===-1){if(!this.atEnd)return this.setNext("block-scalar");e=this.buffer.length}}let i=e+1;for(n=this.buffer[i];n===" ";)n=this.buffer[++i];if(n==="	"){for(;n==="	"||n===" "||n==="\r"||n===`
`;)n=this.buffer[++i];e=i-1}else if(!this.blockScalarKeep)do{let s=e-1,o=this.buffer[s];o==="\r"&&(o=this.buffer[--s]);let a=s;for(;o===" ";)o=this.buffer[--s];if(o===`
`&&s>=this.pos&&s+1+r>a)e=s;else break}while(!0);return yield pm.SCALAR,yield*this.pushToIndex(e+1,!0),yield*this.parseLineStart()}*parsePlainScalar(){let e=this.flowLevel>0,r=this.pos-1,n=this.pos-1,i;for(;i=this.buffer[++n];)if(i===":"){let s=this.buffer[n+1];if(rs(s)||e&&BQ.has(s))break;r=n}else if(rs(i)){let s=this.buffer[n+1];if(i==="\r"&&(s===`
`?(n+=1,i=`
`,s=this.buffer[n+1]):r=n),s==="#"||e&&BQ.has(s))break;if(i===`
`){let o=this.continueScalar(n+1);if(o===-1)break;n=Math.max(n,o-2)}}else{if(e&&BQ.has(i))break;r=n}return!i&&!this.atEnd?this.setNext("plain-scalar"):(yield pm.SCALAR,yield*this.pushToIndex(r+1,!0),e?"flow":"doc")}*pushCount(e){return e>0?(yield this.buffer.substr(this.pos,e),this.pos+=e,e):0}*pushToIndex(e,r){let n=this.buffer.slice(this.pos,e);return n?(yield n,this.pos+=n.length,n.length):(r&&(yield""),0)}*pushIndicators(){switch(this.charAt(0)){case"!":return(yield*this.pushTag())+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators());case"&":return(yield*this.pushUntil(nP))+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators());case"-":case"?":case":":{let e=this.flowLevel>0,r=this.charAt(1);if(rs(r)||e&&BQ.has(r))return e?this.flowKey&&(this.flowKey=!1):this.indentNext=this.indentValue+1,(yield*this.pushCount(1))+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators())}}return 0}*pushTag(){if(this.charAt(1)==="<"){let e=this.pos+2,r=this.buffer[e];for(;!rs(r)&&r!==">";)r=this.buffer[++e];return yield*this.pushToIndex(r===">"?e+1:e,!1)}else{let e=this.pos+1,r=this.buffer[e];for(;r;)if(APe.has(r))r=this.buffer[++e];else if(r==="%"&&v8.has(this.buffer[e+1])&&v8.has(this.buffer[e+2]))r=this.buffer[e+=3];else break;return yield*this.pushToIndex(e,!1)}}*pushNewline(){let e=this.buffer[this.pos];return e===`
`?yield*this.pushCount(1):e==="\r"&&this.charAt(1)===`
`?yield*this.pushCount(2):0}*pushSpaces(e){let r=this.pos-1,n;do n=this.buffer[++r];while(n===" "||e&&n==="	");let i=r-this.pos;return i>0&&(yield this.buffer.substr(this.pos,i),this.pos=r),i}*pushUntil(e){let r=this.pos,n=this.buffer[r];for(;!e(n);)n=this.buffer[++r];return yield*this.pushToIndex(r,!1)}};R8.Lexer=iP});var aP=h(_8=>{"use strict";var oP=class{constructor(){this.lineStarts=[],this.addNewLine=e=>this.lineStarts.push(e),this.linePos=e=>{let r=0,n=this.lineStarts.length;for(;r<n;){let s=r+n>>1;this.lineStarts[s]<e?r=s+1:n=s}if(this.lineStarts[r]===e)return{line:r+1,col:1};if(r===0)return{line:0,col:e};let i=this.lineStarts[r-1];return{line:r,col:e-i+1}}}};_8.LineCounter=oP});var cP=h(O8=>{"use strict";var lPe=require("node:process"),D8=IQ(),uPe=sP();function VA(t,e){for(let r=0;r<t.length;++r)if(t[r].type===e)return!0;return!1}function k8(t){for(let e=0;e<t.length;++e)switch(t[e].type){case"space":case"comment":case"newline":break;default:return e}return-1}function T8(t){switch(t?.type){case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":case"flow-collection":return!0;default:return!1}}function QQ(t){switch(t.type){case"document":return t.start;case"block-map":{let e=t.items[t.items.length-1];return e.sep??e.start}case"block-seq":return t.items[t.items.length-1].start;default:return[]}}function kd(t){if(t.length===0)return[];let e=t.length;e:for(;--e>=0;)switch(t[e].type){case"doc-start":case"explicit-key-ind":case"map-value-ind":case"seq-item-ind":case"newline":break e}for(;t[++e]?.type==="space";);return t.splice(e,t.length)}function P8(t){if(t.start.type==="flow-seq-start")for(let e of t.items)e.sep&&!e.value&&!VA(e.start,"explicit-key-ind")&&!VA(e.sep,"map-value-ind")&&(e.key&&(e.value=e.key),delete e.key,T8(e.value)?e.value.end?Array.prototype.push.apply(e.value.end,e.sep):e.value.end=e.sep:Array.prototype.push.apply(e.start,e.sep),delete e.sep)}var AP=class{constructor(e){this.atNewLine=!0,this.atScalar=!1,this.indent=0,this.offset=0,this.onKeyLine=!1,this.stack=[],this.source="",this.type="",this.lexer=new uPe.Lexer,this.onNewLine=e}*parse(e,r=!1){this.onNewLine&&this.offset===0&&this.onNewLine(0);for(let n of this.lexer.lex(e,r))yield*this.next(n);r||(yield*this.end())}*next(e){if(this.source=e,lPe.env.LOG_TOKENS&&console.log("|",D8.prettyToken(e)),this.atScalar){this.atScalar=!1,yield*this.step(),this.offset+=e.length;return}let r=D8.tokenType(e);if(r)if(r==="scalar")this.atNewLine=!1,this.atScalar=!0,this.type="scalar";else{switch(this.type=r,yield*this.step(),r){case"newline":this.atNewLine=!0,this.indent=0,this.onNewLine&&this.onNewLine(this.offset+e.length);break;case"space":this.atNewLine&&e[0]===" "&&(this.indent+=e.length);break;case"explicit-key-ind":case"map-value-ind":case"seq-item-ind":this.atNewLine&&(this.indent+=e.length);break;case"doc-mode":case"flow-error-end":return;default:this.atNewLine=!1}this.offset+=e.length}else{let n=`Not a YAML token: ${e}`;yield*this.pop({type:"error",offset:this.offset,message:n,source:e}),this.offset+=e.length}}*end(){for(;this.stack.length>0;)yield*this.pop()}get sourceToken(){return{type:this.type,offset:this.offset,indent:this.indent,source:this.source}}*step(){let e=this.peek(1);if(this.type==="doc-end"&&(!e||e.type!=="doc-end")){for(;this.stack.length>0;)yield*this.pop();this.stack.push({type:"doc-end",offset:this.offset,source:this.source});return}if(!e)return yield*this.stream();switch(e.type){case"document":return yield*this.document(e);case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return yield*this.scalar(e);case"block-scalar":return yield*this.blockScalar(e);case"block-map":return yield*this.blockMap(e);case"block-seq":return yield*this.blockSequence(e);case"flow-collection":return yield*this.flowCollection(e);case"doc-end":return yield*this.documentEnd(e)}yield*this.pop()}peek(e){return this.stack[this.stack.length-e]}*pop(e){let r=e??this.stack.pop();if(!r)yield{type:"error",offset:this.offset,source:"",message:"Tried to pop an empty stack"};else if(this.stack.length===0)yield r;else
`)+1;for(;r!==0;)this.onNewLine(this.offset+r),r=this.source.indexOf(`
`,r)+1}yield*this.pop();break;default:yield*this.pop(),yield*this.step()}}*blockMap(e){let r=e.items[e.items.length-1];switch(this.type){case"newline":if(this.onKeyLine=!1,r.value){let n="end"in r.value?r.value.end:void 0;(Array.isArray(n)?n[n.length-1]:void 0)?.type==="comment"?n?.push(this.sourceToken):e.items.push({start:[this.sourceToken]})}else r.sep?r.sep.push(this.sourceToken):r.start.push(this.sourceToken);return;case"space":case"comment":if(r.value)e.items.push({start:[this.sourceToken]});else if(r.sep)r.sep.push(this.sourceToken);else{if(this.atIndentedComment(r.start,e.indent)){let i=e.items[e.items.length-2]?.value?.end;if(Array.isArray(i)){Array.prototype.push.apply(i,r.start),i.push(this.sourceToken),e.items.pop();return}}r.start.push(this.sourceToken)}return}if(this.indent>=e.indent){let n=!this.onKeyLine&&this.indent===e.indent,i=n&&(r.sep||r.explicitKey)&&this.type!=="seq-item-ind",s=[];if(i&&r.sep&&!r.value){let o=[];for(let a=0;a<r.sep.length;++a){let A=r.sep[a];switch(A.type){case"newline":o.push(a);break;case"space":break;case"comment":A.indent>e.indent&&(o.length=0);break;default:o.length=0}}o.length>=2&&(s=r.sep.splice(o[1]))}switch(this.type){case"anchor":case"tag":i||r.value?(s.push(this.sourceToken),e.items.push({start:s}),this.onKeyLine=!0):r.sep?r.sep.push(this.sourceToken):r.start.push(this.sourceToken);return;case"explicit-key-ind":!r.sep&&!r.explicitKey?(r.start.push(this.sourceToken),r.explicitKey=!0):i||r.value?(s.push(this.sourceToken),e.items.push({start:s,explicitKey:!0})):this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:[this.sourceToken],explicitKey:!0}]}),this.onKeyLine=!0;return;case"map-value-ind":if(r.explicitKey)if(r.sep)if(r.value)e.items.push({start:[],key:null,sep:[this.sourceToken]});else if(VA(r.sep,"map-value-ind"))this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:s,key:null,sep:[this.sourceToken]}]});else if(T8(r.key)&&!VA(r.sep,"newline")){let o=kd(r.start),a=r.key,A=r.sep;A.push(this.sourceToken),delete r.key,delete r.sep,this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:o,key:a,sep:A}]})}else s.length>0?r.sep=r.sep.concat(s,this.sourceToken):r.sep.push(this.sourceToken);else if(VA(r.start,"newline"))Object.assign(r,{key:null,sep:[this.sourceToken]});else{let o=kd(r.start);this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:o,key:null,sep:[this.sourceToken]}]})}else r.sep?r.value||i?e.items.push({start:s,key:null,sep:[this.sourceToken]}):VA(r.sep,"map-value-ind")?this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:[],key:null,sep:[this.sourceToken]}]}):r.sep.push(this.sourceToken):Object.assign(r,{key:null,sep:[this.sourceToken]});this.onKeyLine=!0;return;case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":{let o=this.flowScalar(this.type);i||r.value?(e.items.push({start:s,key:o,sep:[]}),this.onKeyLine=!0):r.sep?this.stack.push(o):(Object.assign(r,{key:o,sep:[]}),this.onKeyLine=!0);return}default:{let o=this.startBlockValue(e);if(o){n&&o.type!=="block-seq"&&e.items.push({start:s}),this.stack.push(o);return}}}}yield*this.pop(),yield*this.step()}*blockSequence(e){let r=e.items[e.items.length-1];switch(this.type){case"newline":if(r.value){let n="end"in r.value?r.value.end:void 0;(Array.isArray(n)?n[n.length-1]:void 0)?.type==="comment"?n?.push(this.sourceToken):e.items.push({start:[this.sourceToken]})}else r.start.push(this.sourceToken);return;case"space":case"comment":if(r.value)e.items.push({start:[this.sourceToken]});else{if(this.atIndentedComment(r.start,e.indent)){let i=e.items[e.items.length-2]?.value?.end;if(Array.isArray(i)){Array.prototype.push.apply(i,r.start),i.push(this.sourceToken),e.items.pop();return}}r.start.push(this.sourceToken)}return;case"anchor":case"tag":if(r.value||this.indent<=e.indent)break;r.start.push(this.sourceToken);return;case"seq-item-ind":if(this.indent!==e.indent)break;r.value||VA(r.start,"seq-item-ind")?e.items.push({start:[this.sourceTo
`)+1;for(;r!==0;)this.onNewLine(this.offset+r),r=this.source.indexOf(`
`,r)+1}return{type:e,offset:this.offset,indent:this.indent,source:this.source}}startBlockValue(e){switch(this.type){case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return this.flowScalar(this.type);case"block-scalar-header":return{type:"block-scalar",offset:this.offset,indent:this.indent,props:[this.sourceToken],source:""};case"flow-map-start":case"flow-seq-start":return{type:"flow-collection",offset:this.offset,indent:this.indent,start:this.sourceToken,items:[],end:[]};case"seq-item-ind":return{type:"block-seq",offset:this.offset,indent:this.indent,items:[{start:[this.sourceToken]}]};case"explicit-key-ind":{this.onKeyLine=!0;let r=QQ(e),n=kd(r);return n.push(this.sourceToken),{type:"block-map",offset:this.offset,indent:this.indent,items:[{start:n,explicitKey:!0}]}}case"map-value-ind":{this.onKeyLine=!0;let r=QQ(e),n=kd(r);return{type:"block-map",offset:this.offset,indent:this.indent,items:[{start:n,key:null,sep:[this.sourceToken]}]}}}return null}atIndentedComment(e,r){return this.type!=="comment"||this.indent<=r?!1:e.every(n=>n.type==="newline"||n.type==="space")}*documentEnd(e){this.type!=="doc-mode"&&(e.end?e.end.push(this.sourceToken):e.end=[this.sourceToken],this.type==="newline"&&(yield*this.pop()))}*lineEnd(e){switch(this.type){case"comma":case"doc-start":case"doc-end":case"flow-seq-end":case"flow-map-end":case"map-value-ind":yield*this.pop(),yield*this.step();break;case"newline":this.onKeyLine=!1;default:e.end?e.end.push(this.sourceToken):e.end=[this.sourceToken],this.type==="newline"&&(yield*this.pop())}}};O8.Parser=AP});var q8=h(Em=>{"use strict";var L8=Wk(),dPe=lm(),ym=fm(),fPe=JD(),hPe=He(),gPe=aP(),M8=cP();function F8(t){let e=t.prettyErrors!==!1;return{lineCounter:t.lineCounter||e&&new gPe.LineCounter||null,prettyErrors:e}}function mPe(t,e={}){let{lineCounter:r,prettyErrors:n}=F8(e),i=new M8.Parser(r?.addNewLine),s=new L8.Composer(e),o=Array.from(s.compose(i.parse(t)));if(n&&r)for(let a of o)a.errors.forEach(ym.prettifyError(t,r)),a.warnings.forEach(ym.prettifyError(t,r));return o.length>0?o:Object.assign([],{empty:!0},s.streamInfo())}function U8(t,e={}){let{lineCounter:r,prettyErrors:n}=F8(e),i=new M8.Parser(r?.addNewLine),s=new L8.Composer(e),o=null;for(let a of s.compose(i.parse(t),!0,t.length))if(!o)o=a;else if(o.options.logLevel!=="silent"){o.errors.push(new ym.YAMLParseError(a.range.slice(0,2),"MULTIPLE_DOCS","Source contains multiple documents; please use YAML.parseAllDocuments()"));break}return n&&r&&(o.errors.forEach(ym.prettifyError(t,r)),o.warnings.forEach(ym.prettifyError(t,r))),o}function pPe(t,e,r){let n;typeof e=="function"?n=e:r===void 0&&e&&typeof e=="object"&&(r=e);let i=U8(t,r);if(!i)return null;if(i.warnings.forEach(s=>fPe.warn(i.options.logLevel,s)),i.errors.length>0){if(i.options.logLevel!=="silent")throw i.errors[0];i.errors=[]}return i.toJS(Object.assign({reviver:n},r))}function yPe(t,e,r){let n=null;if(typeof e=="function"||Array.isArray(e)?n=e:r===void 0&&e&&(r=e),typeof r=="string"&&(r=r.length),typeof r=="number"){let i=Math.round(r);r=i<1?void 0:i>8?{indent:8}:{indent:i}}if(t===void 0){let{keepUndefined:i}=r??e??{};if(!i)return}return hPe.isDocument(t)&&!n?t.toString(r):new dPe.Document(t,n,r).toString(r)}Em.parse=pPe;Em.parseAllDocuments=mPe;Em.parseDocument=U8;Em.stringify=yPe});var uP=h(tt=>{"use strict";var EPe=Wk(),CPe=lm(),IPe=vk(),lP=fm(),BPe=Jg(),Ta=He(),QPe=_a(),bPe=sr(),NPe=ka(),wPe=Pa(),SPe=IQ(),xPe=sP(),vPe=aP(),RPe=cP(),bQ=q8(),H8=jg();tt.Composer=EPe.Composer;tt.Document=CPe.Document;tt.Schema=IPe.Schema;tt.YAMLError=lP.YAMLError;tt.YAMLParseError=lP.YAMLParseError;tt.YAMLWarning=lP.YAMLWarning;tt.Alias=BPe.Alias;tt.isAlias=Ta.isAlias;tt.isCollection=Ta.isCollection;tt.isDocument=Ta.isDocument;tt.isMap=Ta.isMap;tt.isNode=Ta.isNode;tt.isPair=Ta.isPair;tt.isScalar=Ta.isScalar;tt.isSeq=Ta.isSeq;tt.Pair=QPe.Pair;tt.Scalar=bPe.Scalar;tt.YAMLMap=NPe.YAMLMap;tt.YAMLSeq=wPe.YAMLSeq;tt.CST=SPe;tt.Lexer=xPe.Lexer;tt.LineCounter=vPe.LineCounter;tt.Parser=RPe.Parser;tt.parse=bQ.parse;tt.parseAllDocuments=bQ.parseAllDocuments;tt.parseDocument=bQ.
  - version ${e} in the GitHub Action config with the key "version"
  - version ${i} in the package.json with the key "packageManager"
Remove one of these versions to avoid version mismatch errors like ERR_PNPM_BAD_PM_VERSION`);return e}if(!(typeof i=="string"&&i.startsWith("pnpm@"))&&!(s?.packageManager?.name==="pnpm"&&s.packageManager.version))throw n?new Error(`No pnpm version is specified.
Please specify it by one of the following ways:
  - in the GitHub Action config with the key "version"
  - in the package.json with the key "packageManager"
  - in the package.json with the key "devEngines.packageManager"`):new Error(`No workspace is found.
If you've intended to let pnpm/action-setup read preferred pnpm version from the "packageManager" field in the package.json file,
please run the actions/checkout before pnpm/action-setup.
Otherwise, please specify the pnpm version in the action configuration.`)}function VTe(){return new Promise(t=>{let e=(0,CP.spawn)("node",["--version"],{stdio:["pipe","pipe","pipe"],shell:process.platform==="win32"}),r="";e.stdout.on("data",n=>{r+=n.toString()}),e.on("close",()=>{let n=r.match(/^v(\d+)\.(\d+)/);t(n?{major:parseInt(n[1],10),minor:parseInt(n[2],10)}:{major:0,minor:0})}),e.on("error",()=>t({major:0,minor:0}))})}function o6(t,e,r){return new Promise((n,i)=>{let s=(0,CP.spawn)(t,e,{cwd:r.cwd,stdio:["pipe","inherit","inherit"],shell:process.platform==="win32"});s.on("error",i),s.on("close",n)})}var c6=YTe;async function WTe(t){(0,zd.startGroup)("Running self-installer...");let e=await c6(t);if((0,zd.endGroup)(),e)return(0,zd.setFailed)(`Something went wrong, self-installer exits with code ${e}`)}var l6=WTe;var BP=Ct(at());var wm=Ct(require("path")),IP=Ct(require("process")),DQ=t=>wm.default.join(t.dest,"node_modules",".bin"),kQ=t=>({...IP.default.env,PATH:wm.default.join(DQ(t),"bin")+wm.default.delimiter+DQ(t)+wm.default.delimiter+IP.default.env.PATH});function $Te(t){let e=DQ(t);(0,BP.setOutput)("dest",t.dest),(0,BP.setOutput)("bin_dest",e)}var u6=$Te;var uc=Ct(at()),d6=require("child_process");function KTe(t){let e=kQ(t);for(let r of t.runInstall){let n=["install"];r.recursive&&n.unshift("recursive"),r.args&&n.push(...r.args);let i=["pnpm",...n].join(" ");(0,uc.startGroup)(`Running ${i}...`);let{error:s,status:o}=(0,d6.spawnSync)("pnpm",n,{stdio:"inherit",cwd:r.cwd,shell:!0,env:e});if((0,uc.endGroup)(),s){(0,uc.setFailed)(s);continue}if(o){(0,uc.setFailed)(`Command ${i} (cwd: ${r.cwd}) exits with status ${o}`);continue}}}var f6=KTe;var dc=Ct(at()),h6=require("child_process");function XTe(t){if(t.runInstall.length===0){console.log("Pruning is unnecessary.");return}(0,dc.startGroup)("Running pnpm store prune...");let{error:e,status:r}=(0,h6.spawnSync)("pnpm",["store","prune"],{stdio:"inherit",shell:!0,env:kQ(t)});if((0,dc.endGroup)(),e){(0,dc.warning)(e);return}if(r){(0,dc.warning)(`command pnpm store prune exits with code ${r}`);return}}var g6=XTe;async function ZTe(){let t=s6();(0,Gd.getState)("is_post")==="true"?await tOe(t):await eOe(t)}async function eOe(t){(0,Gd.saveState)("is_post","true"),await l6(t),console.log("Installation Completed!"),u6(t),await q$(t),f6(t)}async function tOe(t){g6(t),await G$(t)}ZTe().catch(t=>{console.error(t),(0,Gd.setFailed)(t)});
/*! Bundled license information:

undici/lib/fetch/body.js:
  (*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> *)

undici/lib/websocket/frame.js:
  (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)

expand-tilde/index.js:
  (*!
   * expand-tilde <https://github.com/jonschlinkert/expand-tilde>
   *
   * Copyright (c) 2015 Jon Schlinkert.
   * Licensed under the MIT license.
   *)
*/
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								"use strict";var T6=Object.create;var Sm=Object.defineProperty;var O6=Object.getOwnPropertyDescriptor;var L6=Object.getOwnPropertyNames;var M6=Object.getPrototypeOf,F6=Object.prototype.hasOwnProperty;var U6=(t,e)=>()=>(t&&(e=t(t=0)),e);var h=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports),q6=(t,e)=>{for(var r in e)Sm(t,r,{get:e[r],enumerable:!0})},xP=(t,e,r,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of L6(e))!F6.call(t,i)&&i!==r&&Sm(t,i,{get:()=>e[i],enumerable:!(n=O6(e,i))||n.enumerable});return t};var Ct=(t,e,r)=>(r=t!=null?T6(M6(t)):{},xP(e||!t||!t.__esModule?Sm(r,"default",{value:t,enumerable:!0}):r,t)),Ui=t=>xP(Sm({},"__esModule",{value:!0}),t);var xm=h(fc=>{"use strict";Object.defineProperty(fc,"__esModule",{value:!0});fc.toCommandProperties=fc.toCommandValue=void 0;function H6(t){return t==null?"":typeof t=="string"||t instanceof String?t:JSON.stringify(t)}fc.toCommandValue=H6;function j6(t){return Object.keys(t).length?{title:t.title,file:t.file,line:t.startLine,endLine:t.endLine,col:t.startColumn,endColumn:t.endColumn}:{}}fc.toCommandProperties=j6});var DP=h(ri=>{"use strict";var z6=ri&&ri.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),G6=ri&&ri.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Y6=ri&&ri.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&z6(e,t,r);return G6(e,t),e};Object.defineProperty(ri,"__esModule",{value:!0});ri.issue=ri.issueCommand=void 0;var J6=Y6(require("os")),RP=xm();function _P(t,e,r){let n=new LQ(t,e,r);process.stdout.write(n.toString()+J6.EOL)}ri.issueCommand=_P;function V6(t,e=""){_P(t,{},e)}ri.issue=V6;var vP="::",LQ=class{constructor(e,r,n){e||(e="missing.command"),this.command=e,this.properties=r,this.message=n}toString(){let e=vP+this.command;if(this.properties&&Object.keys(this.properties).length>0){e+=" ";let r=!0;for(let n in this.properties)if(this.properties.hasOwnProperty(n)){let i=this.properties[n];i&&(r?r=!1:e+=",",e+=`${n}=${$6(i)}`)}}return e+=`${vP}${W6(this.message)}`,e}};function W6(t){return(0,RP.toCommandValue)(t).replace(/%/g,"%25").replace(/\r/g,"%0D").replace(/\n/g,"%0A")}function $6(t){return(0,RP.toCommandValue)(t).replace(/%/g,"%25").replace(/\r/g,"%0D").replace(/\n/g,"%0A").replace(/:/g,"%3A").replace(/,/g,"%2C")}});var TP=h(ni=>{"use strict";var K6=ni&&ni.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),X6=ni&&ni.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),FQ=ni&&ni.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&K6(e,t,r);return X6(e,t),e};Object.defineProperty(ni,"__esModule",{value:!0});ni.prepareKeyValueMessage=ni.issueFileCommand=void 0;var Z6=FQ(require("crypto")),kP=FQ(require("fs")),MQ=FQ(require("os")),PP=xm();function eX(t,e){let r=process.env[`GITHUB_${t}`];if(!r)throw new Error(`Unable to find environment variable for file command ${t}`);if(!kP.existsSync(r))throw new Error(`Missing file at path: ${r}`);kP.appendFileSync(r,`${(0,PP.toCommandValue)(e)}${MQ.EOL}`,{encoding:"utf8"})}ni.issueFileCommand=eX;function tX(t,e){let r=`ghadelimiter_${Z6.randomUUID()}`,n=(0,PP.toCommandValue)(e);if(t.includes(r))throw new Error(`Unexpected input: name should not contain the delimiter "${r}"`);if(n.includes(r))throw new Error(`Unexpected input: value should
 								`,u.message,u.stack);var d=new Error("tunneling socket could not be established, cause="+u.message);d.code="ECONNRESET",e.request.emit("error",d),n.removeSocket(i)}};qs.prototype.removeSocket=function(e){var r=this.sockets.indexOf(e);if(r!==-1){this.sockets.splice(r,1);var n=this.requests.shift();n&&this.createSocket(n,function(i){n.request.onSocket(i)})}};function FP(t,e){var r=this;qs.prototype.createSocket.call(r,t,function(n){var i=t.request.getHeader("host"),s=qQ({},r.options,{socket:n,servername:i?i.replace(/:.*$/,""):t.host}),o=iX.connect(0,s);r.sockets[r.sockets.indexOf(n)]=o,e(o)})}function UP(t,e,r){return typeof t=="string"?{host:t,port:e,localAddress:r}:t}function qQ(t){for(var e=1,r=arguments.length;e<r;++e){var n=arguments[e];if(typeof n=="object")for(var i=Object.keys(n),s=0,o=i.length;s<o;++s){var a=i[s];n[a]!==void 0&&(t[a]=n[a])}}return t}var Do;process.env.NODE_DEBUG&&/\btunnel\b/.test(process.env.NODE_DEBUG)?Do=function(){var t=Array.prototype.slice.call(arguments);typeof t[0]=="string"?t[0]="TUNNEL: "+t[0]:t.unshift("TUNNEL:"),console.error.apply(console,t)}:Do=function(){};gc.debug=Do});var jP=h((lOe,HP)=>{HP.exports=qP()});var It=h((uOe,zP)=>{zP.exports={kClose:Symbol("close"),kDestroy:Symbol("destroy"),kDispatch:Symbol("dispatch"),kUrl:Symbol("url"),kWriting:Symbol("writing"),kResuming:Symbol("resuming"),kQueue:Symbol("queue"),kConnect:Symbol("connect"),kConnecting:Symbol("connecting"),kHeadersList:Symbol("headers list"),kKeepAliveDefaultTimeout:Symbol("default keep alive timeout"),kKeepAliveMaxTimeout:Symbol("max keep alive timeout"),kKeepAliveTimeoutThreshold:Symbol("keep alive timeout threshold"),kKeepAliveTimeoutValue:Symbol("keep alive timeout"),kKeepAlive:Symbol("keep alive"),kHeadersTimeout:Symbol("headers timeout"),kBodyTimeout:Symbol("body timeout"),kServerName:Symbol("server name"),kLocalAddress:Symbol("local address"),kHost:Symbol("host"),kNoRef:Symbol("no ref"),kBodyUsed:Symbol("used"),kRunning:Symbol("running"),kBlocking:Symbol("blocking"),kPending:Symbol("pending"),kSize:Symbol("size"),kBusy:Symbol("busy"),kQueued:Symbol("queued"),kFree:Symbol("free"),kConnected:Symbol("connected"),kClosed:Symbol("closed"),kNeedDrain:Symbol("need drain"),kReset:Symbol("reset"),kDestroyed:Symbol.for("nodejs.stream.destroyed"),kMaxHeadersSize:Symbol("max headers size"),kRunningIdx:Symbol("running index"),kPendingIdx:Symbol("pending index"),kError:Symbol("error"),kClients:Symbol("clients"),kClient:Symbol("client"),kParser:Symbol("parser"),kOnDestroyed:Symbol("destroy callbacks"),kPipelining:Symbol("pipelining"),kSocket:Symbol("socket"),kHostHeader:Symbol("host header"),kConnector:Symbol("connector"),kStrictContentLength:Symbol("strict content length"),kMaxRedirections:Symbol("maxRedirections"),kMaxRequests:Symbol("maxRequestsPerClient"),kProxy:Symbol("proxy agent options"),kCounter:Symbol("socket request counter"),kInterceptors:Symbol("dispatch interceptors"),kMaxResponseSize:Symbol("max response size"),kHTTP2Session:Symbol("http2Session"),kHTTP2SessionState:Symbol("http2Session state"),kHTTP2BuildRequest:Symbol("http2 build request"),kHTTP1BuildRequest:Symbol("http1 build request"),kHTTP2CopyHeaders:Symbol("http2 copy headers"),kHTTPConnVersion:Symbol("http connection version"),kRetryHandlerDefaultRetry:Symbol("retry agent default retry"),kConstruct:Symbol("constructable")}});var At=h((dOe,GP)=>{"use strict";var Vt=class extends Error{constructor(e){super(e),this.name="UndiciError",this.code="UND_ERR"}},HQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="ConnectTimeoutError",this.message=e||"Connect Timeout Error",this.code="UND_ERR_CONNECT_TIMEOUT"}},jQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="HeadersTimeoutError",this.message=e||"Headers Timeout Error",this.code="UND_ERR_HEADERS_TIMEOUT"}},zQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="HeadersOverflowError",this.message=e||"Headers Overflow Error",this.code="UND_ERR_HEADERS_OVERFLOW"}},GQ=class t extends Vt{constructor(e){super
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`),$X=/\r\n/g,KX=/^([^:]+):[ \t]?([\x00-\xFF]+)?$/;function pc(t){hT.call(this),t=t||{};let e=this;this.nread=0,this.maxed=!1,this.npairs=0,this.maxHeaderPairs=fT(t,"maxHeaderPairs",2e3),this.maxHeaderSize=fT(t,"maxHeaderSize",80*1024),this.buffer="",this.header={},this.finished=!1,this.ss=new VX(WX),this.ss.on("info",function(r,n,i,s){n&&!e.maxed&&(e.nread+s-i>=e.maxHeaderSize?(s=e.maxHeaderSize-e.nread+i,e.nread=e.maxHeaderSize,e.maxed=!0):e.nread+=s-i,e.buffer+=n.toString("binary",i,s)),r&&e._finish()})}JX(pc,hT);pc.prototype.push=function(t){let e=this.ss.push(t);if(this.finished)return e};pc.prototype.reset=function(){this.finished=!1,this.buffer="",this.header={},this.ss.reset()};pc.prototype._finish=function(){this.buffer&&this._parseHeader(),this.ss.matches=this.ss.maxMatches;let t=this.header;this.header={},this.buffer="",this.finished=!0,this.nread=this.npairs=0,this.maxed=!1,this.emit("header",t)};pc.prototype._parseHeader=function(){if(this.npairs===this.maxHeaderPairs)return;let t=this.buffer.split($X),e=t.length,r,n;for(var i=0;i<e;++i){if(t[i].length===0)continue;if((t[i][0]==="	"||t[i][0]===" ")&&n){this.header[n][this.header[n].length-1]+=t[i];continue}let s=t[i].indexOf(":");if(s===-1||s===0)return;if(r=KX.exec(t[i]),n=r[1].toLowerCase(),this.header[n]=this.header[n]||[],this.header[n].push(r[2]||""),++this.npairs===this.maxHeaderPairs)break}};gT.exports=pc});var hb=h((COe,yT)=>{"use strict";var fb=require("node:stream").Writable,XX=require("node:util").inherits,ZX=ub(),pT=uT(),e5=mT(),t5=45,r5=Buffer.from("-"),n5=Buffer.from(`\r
 								`),i5=function(){};function qi(t){if(!(this instanceof qi))return new qi(t);if(fb.call(this,t),!t||!t.headerFirst&&typeof t.boundary!="string")throw new TypeError("Boundary required");typeof t.boundary=="string"?this.setBoundary(t.boundary):this._bparser=void 0,this._headerFirst=t.headerFirst,this._dashes=0,this._parts=0,this._finished=!1,this._realFinish=!1,this._isPreamble=!0,this._justMatched=!1,this._firstWrite=!0,this._inHeader=!0,this._part=void 0,this._cb=void 0,this._ignoreData=!1,this._partOpts={highWaterMark:t.partHwm},this._pause=!1;let e=this;this._hparser=new e5(t),this._hparser.on("header",function(r){e._inHeader=!1,e._part.emit("header",r)})}XX(qi,fb);qi.prototype.emit=function(t){if(t==="finish"&&!this._realFinish){if(!this._finished){let e=this;process.nextTick(function(){if(e.emit("error",new Error("Unexpected end of multipart data")),e._part&&!e._ignoreData){let r=e._isPreamble?"Preamble":"Part";e._part.emit("error",new Error(r+" terminated early due to unexpected end of multipart data")),e._part.push(null),process.nextTick(function(){e._realFinish=!0,e.emit("finish"),e._realFinish=!1});return}e._realFinish=!0,e.emit("finish"),e._realFinish=!1})}}else fb.prototype.emit.apply(this,arguments)};qi.prototype._write=function(t,e,r){if(!this._hparser&&!this._bparser)return r();if(this._headerFirst&&this._isPreamble){this._part||(this._part=new pT(this._partOpts),this.listenerCount("preamble")!==0?this.emit("preamble",this._part):this._ignore());let n=this._hparser.push(t);if(!this._inHeader&&n!==void 0&&n<t.length)t=t.slice(n);else return r()}this._firstWrite&&(this._bparser.push(n5),this._firstWrite=!1),this._bparser.push(t),this._pause?this._cb=r:r()};qi.prototype.reset=function(){this._part=void 0,this._bparser=void 0,this._hparser=void 0};qi.prototype.setBoundary=function(t){let e=this;this._bparser=new ZX(`\r
 								--`+t),this._bparser.on("info",function(r,n,i,s){e._oninfo(r,n,i,s)})};qi.prototype._ignore=function(){this._part&&!this._ignoreData&&(this._ignoreData=!0,this._part.on("error",i5),this._part.resume())};qi.prototype._oninfo=function(t,e,r,n){let i,s=this,o=0,a,A=!0;if(!this._part&&this._justMatched&&e){for(;this._dashes<2&&r+o<n;)if(e[r+o]===t5)++o,++this._dashes;else{this._dashes&&(i=r5),this._dashes=0;break}if(this._dashes===2&&(r+o<n&&this.listenerCount("trailer")!==0&&this.emit("trailer",e.slice(r+o,n)),this.reset(),this._finished=!0,s._parts===0&&(s._realFinish=!0,s.emit("finish"),s._realFinish=!1)),this._dashes)return}this._justMatched&&(this._justMatched=!1),this._part||(this._part=new pT(this._partOpts),this._part._read=function(c){s._unpause()},this._isPreamble&&this.listenerCount("preamble")!==0?this.emit("preamble",this._part):this._isPreamble!==!0&&this.listenerCount("part")!==0?this.emit("part",this._part):this._ignore(),this._isPreamble||(this._inHeader=!0)),e&&r<n&&!this._ignoreData&&(this._isPreamble||!this._inHeader?(i&&(A=this._part.push(i)),A=this._part.push(e.slice(r,n)),A||(this._pause=!0)):!this._isPreamble&&this._inHeader&&(i&&this._hparser.push(i),a=this._hparser.push(e.slice(r,n)),!this._inHeader&&a!==void 0&&a<n&&this._oninfo(!1,e,r+a,n))),t&&(this._hparser.reset(),this._isPreamble?this._isPreamble=!1:r!==n&&(++this._parts,this._part.on("end",function(){--s._parts===0&&(s._finished?(s._realFinish=!0,s.emit("finish"),s._realFinish=!1):s._unpause())})),this._part.push(null),this._part=void 0,this._ignoreData=!1,this._justMatched=!0,this._dashes=0)};qi.prototype._unpause=function(){if(this._pause&&(this._pause=!1,this._cb)){let t=this._cb;this._cb=void 0,t()}};yT.exports=qi});var Tm=h((gb,IT)=>{"use strict";var ET=new TextDecoder("utf-8"),CT=new Map([["utf-8",ET],["utf8",ET]]);function s5(t){let e;for(;;)switch(t){case"utf-8":case"utf8":return Jd.utf8;case"latin1":case"ascii":case"us-ascii":case"iso-8859-1":case"iso8859-1":case"iso88591":case"iso_8859-1":case"windows-1252":case"iso_8859-1:1987":case"cp1252":case"x-cp1252":return Jd.latin1;case"utf16le":case"utf-16le":case"ucs2":case"ucs-2":return Jd.utf16le;case"base64":return Jd.base64;default:if(e===void 0){e=!0,t=t.toLowerCase();continue}return Jd.other.bind(t)}}var Jd={utf8:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.utf8Slice(0,t.length)),latin1:(t,e)=>t.length===0?"":typeof t=="string"?t:t.latin1Slice(0,t.length),utf16le:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.ucs2Slice(0,t.length)),base64:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.base64Slice(0,t.length)),other:(t,e)=>{if(t.length===0)return"";if(typeof t=="string"&&(t=Buffer.from(t,e)),CT.has(gb.toString()))try{return CT.get(gb).decode(t)}catch{}return typeof t=="string"?t:t.toString()}};function o5(t,e,r){return t&&s5(r)(t,e)}IT.exports=o5});var pb=h((IOe,wT)=>{"use strict";var Om=Tm(),BT=/%[a-fA-F0-9][a-fA-F0-9]/g,a5={"%00":"\0","%01":"","%02":"","%03":"","%04":"","%05":"","%06":"","%07":"\x07","%08":"\b","%09":"	","%0a":`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`,"%0A":`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`,"%0b":"\v","%0B":"\v","%0c":"\f","%0C":"\f","%0d":"\r","%0D":"\r","%0e":"","%0E":"","%0f":"","%0F":"","%10":"","%11":"","%12":"","%13":"","%14":"","%15":"","%16":"","%17":"","%18":"","%19":"","%1a":"","%1A":"","%1b":"\x1B","%1B":"\x1B","%1c":"","%1C":"","%1d":"","%1D":"","%1e":"","%1E":"","%1f":"","%1F":"","%20":" ","%21":"!","%22":'"',"%23":"#","%24":"$","%25":"%","%26":"&","%27":"'","%28":"(","%29":")","%2a":"*","%2A":"*","%2b":"+","%2B":"+","%2c":",","%2C":",","%2d":"-","%2D":"-","%2e":".","%2E":".","%2f":"/","%2F":"/","%30":"0","%31":"1","%32":"2","%33":"3","%34":"4","%35":"5","%36":"6","%37":"7","%38":"8","%39":"9","%3a":":","%3A":":","%3b":";","%3B":";","%3c":"<","%3C":"<","%3d":"=","%3D":"=","%3e":">","%3E":">","%3f":"?","%3F":"?","%40":"@","%41":"A","%42":"B","%43":"C","%44":"D","%45":"E","%46":"F","%47":"G","%48":"H","%49":"I","%4a":"J","%4A":"J","%4b":"K","%4B":"K","%4c":"L","%4C":"L","%4d":"M","%4D":"M","%4e":"N","%4E":"N","%4f":"O","%4F":"O","%50":"P","%51":"Q","%52":"R","%53":"S","%54":"T","%55":"U","%56":"V","%57":"W","%58":"X","%59":"Y","%5a":"Z","%5A":"Z","%5b":"[","%5B":"[","%5c":"\\","%5C":"\\","%5d":"]","%5D":"]","%5e":"^","%5E":"^","%5f":"_","%5F":"_","%60":"`","%61":"a","%62":"b","%63":"c","%64":"d","%65":"e","%66":"f","%67":"g","%68":"h","%69":"i","%6a":"j","%6A":"j","%6b":"k","%6B":"k","%6c":"l","%6C":"l","%6d":"m","%6D":"m","%6e":"n","%6E":"n","%6f":"o","%6F":"o","%70":"p","%71":"q","%72":"r","%73":"s","%74":"t","%75":"u","%76":"v","%77":"w","%78":"x","%79":"y","%7a":"z","%7A":"z","%7b":"{","%7B":"{","%7c":"|","%7C":"|","%7d":"}","%7D":"}","%7e":"~","%7E":"~","%7f":"\x7F","%7F":"\x7F","%80":"\x80","%81":"\x81","%82":"\x82","%83":"\x83","%84":"\x84","%85":"\x85","%86":"\x86","%87":"\x87","%88":"\x88","%89":"\x89","%8a":"\x8A","%8A":"\x8A","%8b":"\x8B","%8B":"\x8B","%8c":"\x8C","%8C":"\x8C","%8d":"\x8D","%8D":"\x8D","%8e":"\x8E","%8E":"\x8E","%8f":"\x8F","%8F":"\x8F","%90":"\x90","%91":"\x91","%92":"\x92","%93":"\x93","%94":"\x94","%95":"\x95","%96":"\x96","%97":"\x97","%98":"\x98","%99":"\x99","%9a":"\x9A","%9A":"\x9A","%9b":"\x9B","%9B":"\x9B","%9c":"\x9C","%9C":"\x9C","%9d":"\x9D","%9D":"\x9D","%9e":"\x9E","%9E":"\x9E","%9f":"\x9F","%9F":"\x9F","%a0":"\xA0","%A0":"\xA0","%a1":"\xA1","%A1":"\xA1","%a2":"\xA2","%A2":"\xA2","%a3":"\xA3","%A3":"\xA3","%a4":"\xA4","%A4":"\xA4","%a5":"\xA5","%A5":"\xA5","%a6":"\xA6","%A6":"\xA6","%a7":"\xA7","%A7":"\xA7","%a8":"\xA8","%A8":"\xA8","%a9":"\xA9","%A9":"\xA9","%aa":"\xAA","%Aa":"\xAA","%aA":"\xAA","%AA":"\xAA","%ab":"\xAB","%Ab":"\xAB","%aB":"\xAB","%AB":"\xAB","%ac":"\xAC","%Ac":"\xAC","%aC":"\xAC","%AC":"\xAC","%ad":"\xAD","%Ad":"\xAD","%aD":"\xAD","%AD":"\xAD","%ae":"\xAE","%Ae":"\xAE","%aE":"\xAE","%AE":"\xAE","%af":"\xAF","%Af":"\xAF","%aF":"\xAF","%AF":"\xAF","%b0":"\xB0","%B0":"\xB0","%b1":"\xB1","%B1":"\xB1","%b2":"\xB2","%B2":"\xB2","%b3":"\xB3","%B3":"\xB3","%b4":"\xB4","%B4":"\xB4","%b5":"\xB5","%B5":"\xB5","%b6":"\xB6","%B6":"\xB6","%b7":"\xB7","%B7":"\xB7","%b8":"\xB8","%B8":"\xB8","%b9":"\xB9","%B9":"\xB9","%ba":"\xBA","%Ba":"\xBA","%bA":"\xBA","%BA":"\xBA","%bb":"\xBB","%Bb":"\xBB","%bB":"\xBB","%BB":"\xBB","%bc":"\xBC","%Bc":"\xBC","%bC":"\xBC","%BC":"\xBC","%bd":"\xBD","%Bd":"\xBD","%bD":"\xBD","%BD":"\xBD","%be":"\xBE","%Be":"\xBE","%bE":"\xBE","%BE":"\xBE","%bf":"\xBF","%Bf":"\xBF","%bF":"\xBF","%BF":"\xBF","%c0":"\xC0","%C0":"\xC0","%c1":"\xC1","%C1":"\xC1","%c2":"\xC2","%C2":"\xC2","%c3":"\xC3","%C3":"\xC3","%c4":"\xC4","%C4":"\xC4","%c5":"\xC5","%C5":"\xC5","%c6":"\xC6","%C6":"\xC6","%c7":"\xC7","%C7":"\xC7","%c8":"\xC8","%C8":"\xC8","%c9":"\xC9","%C9":"\xC9","%ca":"\xCA","%Ca":"\xCA","%cA":"\xCA","%CA":"\xCA","%cb":"\xCB","%Cb":"\xCB","%cB":"\xCB","%CB":"\xCB","%cc":"\xCC","%Cc":"\xCC","%cC":"\xCC","%CC":"\xCC","%cd":"\xCD","%Cd":"\xCD","%cD":"\xCD","%CD":"\xCD","%ce":"\xCE","%Ce":"\xCE","%cE":"\xCE","%CE":"\xCE","%cf":"\xCF","%Cf":"\xCF","%cF":"\xCF","%CF":"\xCF","%d0":"\xD0","%D0":"\xD0","%d1":"\xD1","%D1":"\xD1","%d2":"\xD2","%D2":"\xD2","%d3":"\xD3","%D3":"\xD3","%d4":"\xD4","%D4":"\xD4","%d5":"\xD5","%
 								`))}function oZ(t,e){let{headersList:r}=e,n=(r.get("referrer-policy")??"").split(","),i="";if(n.length>0)for(let s=n.length;s!==0;s--){let o=n[s-1].trim();if(Y5.has(o)){i=o;break}}i!==""&&(t.referrerPolicy=i)}function aZ(){return"allowed"}function AZ(){return"success"}function cZ(){return"success"}function lZ(t){let e=null;e=t.mode,t.headersList.set("sec-fetch-mode",e)}function uZ(t){let e=t.origin;if(t.responseTainting==="cors"||t.mode==="websocket")e&&t.headersList.append("origin",e);else if(t.method!=="GET"&&t.method!=="HEAD"){switch(t.referrerPolicy){case"no-referrer":e=null;break;case"no-referrer-when-downgrade":case"strict-origin":case"strict-origin-when-cross-origin":t.origin&&Nb(t.origin)&&!Nb($d(t))&&(e=null);break;case"same-origin":qm(t,$d(t))||(e=null);break;default:}e&&t.headersList.append("origin",e)}}function dZ(t){return W5.now()}function fZ(t){return{startTime:t.startTime??0,redirectStartTime:0,redirectEndTime:0,postRedirectStartTime:t.startTime??0,finalServiceWorkerStartTime:0,finalNetworkResponseStartTime:0,finalNetworkRequestStartTime:0,endTime:0,encodedBodySize:0,decodedBodySize:0,finalConnectionTimingInfo:null}}function hZ(){return{referrerPolicy:"strict-origin-when-cross-origin"}}function gZ(t){return{referrerPolicy:t.referrerPolicy}}function mZ(t){let e=t.referrerPolicy;Bc(e);let r=null;if(t.referrer==="client"){let a=V5();if(!a||a.origin==="null")return"no-referrer";r=new URL(a)}else t.referrer instanceof URL&&(r=t.referrer);let n=Qb(r),i=Qb(r,!0);n.toString().length>4096&&(n=i);let s=qm(t,n),o=Wd(n)&&!Wd(t.url);switch(e){case"origin":return i??Qb(r,!0);case"unsafe-url":return n;case"same-origin":return s?i:"no-referrer";case"origin-when-cross-origin":return s?n:i;case"strict-origin-when-cross-origin":{let a=$d(t);return qm(n,a)?n:Wd(n)&&!Wd(a)?"no-referrer":i}default:return o?"no-referrer":i}}function Qb(t,e){return Bc(t instanceof URL),t.protocol==="file:"||t.protocol==="about:"||t.protocol==="blank:"?"no-referrer":(t.username="",t.password="",t.hash="",e&&(t.pathname="",t.search=""),t)}function Wd(t){if(!(t instanceof URL))return!1;if(t.href==="about:blank"||t.href==="about:srcdoc"||t.protocol==="data:"||t.protocol==="file:")return!0;return e(t.origin);function e(r){if(r==null||r==="null")return!1;let n=new URL(r);return!!(n.protocol==="https:"||n.protocol==="wss:"||/^127(?:\.[0-9]+){0,2}\.[0-9]+$|^\[(?:0*:)*?:?0*1\]$/.test(n.hostname)||n.hostname==="localhost"||n.hostname.includes("localhost.")||n.hostname.endsWith(".localhost"))}}function pZ(t,e){if(Um===void 0)return!0;let r=ZT(e);if(r==="no metadata"||r.length===0)return!0;let n=EZ(r),i=CZ(r,n);for(let s of i){let o=s.algo,a=s.hash,A=Um.createHash(o).update(t).digest("base64");if(A[A.length-1]==="="&&(A[A.length-2]==="="?A=A.slice(0,-2):A=A.slice(0,-1)),IZ(A,a))return!0}return!1}var yZ=/(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i;function ZT(t){let e=[],r=!0;for(let n of t.split(" ")){r=!1;let i=yZ.exec(n);if(i===null||i.groups===void 0||i.groups.algo===void 0)continue;let s=i.groups.algo.toLowerCase();WT.includes(s)&&e.push(i.groups)}return r===!0?"no metadata":e}function EZ(t){let e=t[0].algo;if(e[3]==="5")return e;for(let r=1;r<t.length;++r){let n=t[r];if(n.algo[3]==="5"){e="sha512";break}else{if(e[3]==="3")continue;n.algo[3]==="3"&&(e="sha384")}}return e}function CZ(t,e){if(t.length===1)return t;let r=0;for(let n=0;n<t.length;++n)t[n].algo===e&&(t[r++]=t[n]);return t.length=r,t}function IZ(t,e){if(t.length!==e.length)return!1;for(let r=0;r<t.length;++r)if(t[r]!==e[r]){if(t[r]==="+"&&e[r]==="-"||t[r]==="/"&&e[r]==="_")continue;return!1}return!0}function BZ(t){}function qm(t,e){return t.origin===e.origin&&t.origin==="null"||t.protocol===e.protocol&&t.hostname===e.hostname&&t.port===e.port}function QZ(){let t,e;return{promise:new Promise((n,i)=>{t=n,e=i}),resolve:t,reject:e}}function bZ(t){return t.controller.state==="aborted"}function NZ(t){return t.controller.state==="aborted"||t.controller.state==="terminated"}var wb={delete:"DELETE",DELETE:"DELETE",get:"GET",GET:"GET",head:"HEAD",
 								`||t==="	"||t===" "}function Sb(t,e=!0,r=!0){let n=0,i=t.length-1;if(e)for(;n<t.length&&oO(t[n]);n++);if(r)for(;i>0&&oO(t[i]);i--);return t.slice(n,i+1)}function aO(t){return t==="\r"||t===`
 								`||t==="	"||t==="\f"||t===" "}function WZ(t,e=!0,r=!0){let n=0,i=t.length-1;if(e)for(;n<t.length&&aO(t[n]);n++);if(r)for(;i>0&&aO(t[i]);i--);return t.slice(n,i+1)}uO.exports={dataURLProcessor:GZ,URLSerializer:AO,collectASequenceOfCodePoints:zm,collectASequenceOfCodePointsFast:Qc,stringPercentDecode:cO,parseMIMEType:xb,collectAnHTTPQuotedString:lO,serializeAMimeType:VZ}});var Gm=h((kOe,mO)=>{"use strict";var{Blob:hO,File:dO}=require("buffer"),{types:vb}=require("util"),{kState:On}=js(),{isBlobLike:gO}=ii(),{webidl:Ve}=Vr(),{parseMIMEType:$Z,serializeAMimeType:KZ}=Hi(),{kEnumerableProperty:fO}=Ue(),XZ=new TextEncoder,Kd=class t extends hO{constructor(e,r,n={}){Ve.argumentLengthCheck(arguments,2,{header:"File constructor"}),e=Ve.converters["sequence<BlobPart>"](e),r=Ve.converters.USVString(r),n=Ve.converters.FilePropertyBag(n);let i=r,s=n.type,o;e:{if(s){if(s=$Z(s),s==="failure"){s="";break e}s=KZ(s).toLowerCase()}o=n.lastModified}super(ZZ(e,n),{type:s}),this[On]={name:i,lastModified:o,type:s}}get name(){return Ve.brandCheck(this,t),this[On].name}get lastModified(){return Ve.brandCheck(this,t),this[On].lastModified}get type(){return Ve.brandCheck(this,t),this[On].type}},Rb=class t{constructor(e,r,n={}){let i=r,s=n.type,o=n.lastModified??Date.now();this[On]={blobLike:e,name:i,type:s,lastModified:o}}stream(...e){return Ve.brandCheck(this,t),this[On].blobLike.stream(...e)}arrayBuffer(...e){return Ve.brandCheck(this,t),this[On].blobLike.arrayBuffer(...e)}slice(...e){return Ve.brandCheck(this,t),this[On].blobLike.slice(...e)}text(...e){return Ve.brandCheck(this,t),this[On].blobLike.text(...e)}get size(){return Ve.brandCheck(this,t),this[On].blobLike.size}get type(){return Ve.brandCheck(this,t),this[On].blobLike.type}get name(){return Ve.brandCheck(this,t),this[On].name}get lastModified(){return Ve.brandCheck(this,t),this[On].lastModified}get[Symbol.toStringTag](){return"File"}};Object.defineProperties(Kd.prototype,{[Symbol.toStringTag]:{value:"File",configurable:!0},name:fO,lastModified:fO});Ve.converters.Blob=Ve.interfaceConverter(hO);Ve.converters.BlobPart=function(t,e){if(Ve.util.Type(t)==="Object"){if(gO(t))return Ve.converters.Blob(t,{strict:!1});if(ArrayBuffer.isView(t)||vb.isAnyArrayBuffer(t))return Ve.converters.BufferSource(t,e)}return Ve.converters.USVString(t,e)};Ve.converters["sequence<BlobPart>"]=Ve.sequenceConverter(Ve.converters.BlobPart);Ve.converters.FilePropertyBag=Ve.dictionaryConverter([{key:"lastModified",converter:Ve.converters["long long"],get defaultValue(){return Date.now()}},{key:"type",converter:Ve.converters.DOMString,defaultValue:""},{key:"endings",converter:t=>(t=Ve.converters.DOMString(t),t=t.toLowerCase(),t!=="native"&&(t="transparent"),t),defaultValue:"transparent"}]);function ZZ(t,e){let r=[];for(let n of t)if(typeof n=="string"){let i=n;e.endings==="native"&&(i=e7(i)),r.push(XZ.encode(i))}else vb.isAnyArrayBuffer(n)||vb.isTypedArray(n)?n.buffer?r.push(new Uint8Array(n.buffer,n.byteOffset,n.byteLength)):r.push(new Uint8Array(n)):gO(n)&&r.push(n);return r}function e7(t){let e=`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`;return process.platform==="win32"&&(e=`\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`),t.replace(/\r?\n/g,e)}function t7(t){return dO&&t instanceof dO||t instanceof Kd||t&&(typeof t.stream=="function"||typeof t.arrayBuffer=="function")&&t[Symbol.toStringTag]==="File"}mO.exports={File:Kd,FileLike:Rb,isFileLike:t7}});var Jm=h((POe,IO)=>{"use strict";var{isBlobLike:Ym,toUSVString:r7,makeIterator:_b}=ii(),{kState:Lr}=js(),{File:CO,FileLike:pO,isFileLike:n7}=Gm(),{webidl:it}=Vr(),{Blob:i7,File:Db}=require("buffer"),yO=Db??CO,bc=class t{constructor(e){if(e!==void 0)throw it.errors.conversionFailed({prefix:"FormData constructor",argument:"Argument 1",types:["undefined"]});this[Lr]=[]}append(e,r,n=void 0){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,2,{header:"FormData.append"}),arguments.length===3&&!Ym(r))throw new TypeError("Failed to execute 'append' on 'FormData': parameter 2 is not of type 'Blob'");e=it.converters.USVString(e),r=Ym(r)?it.converters.Blob(r,{strict:!1}):it.converters.USVString(r),n=arguments.length===3?it.converters.USVString(n):void 0;let i=EO(e,r,n);this[Lr].push(i)}delete(e){it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.delete"}),e=it.converters.USVString(e),this[Lr]=this[Lr].filter(r=>r.name!==e)}get(e){it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.get"}),e=it.converters.USVString(e);let r=this[Lr].findIndex(n=>n.name===e);return r===-1?null:this[Lr][r].value}getAll(e){return it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.getAll"}),e=it.converters.USVString(e),this[Lr].filter(r=>r.name===e).map(r=>r.value)}has(e){return it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.has"}),e=it.converters.USVString(e),this[Lr].findIndex(r=>r.name===e)!==-1}set(e,r,n=void 0){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,2,{header:"FormData.set"}),arguments.length===3&&!Ym(r))throw new TypeError("Failed to execute 'set' on 'FormData': parameter 2 is not of type 'Blob'");e=it.converters.USVString(e),r=Ym(r)?it.converters.Blob(r,{strict:!1}):it.converters.USVString(r),n=arguments.length===3?r7(n):void 0;let i=EO(e,r,n),s=this[Lr].findIndex(o=>o.name===e);s!==-1?this[Lr]=[...this[Lr].slice(0,s),i,...this[Lr].slice(s+1).filter(o=>o.name!==e)]:this[Lr].push(i)}entries(){return it.brandCheck(this,t),_b(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","key+value")}keys(){return it.brandCheck(this,t),_b(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","key")}values(){return it.brandCheck(this,t),_b(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","value")}forEach(e,r=globalThis){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.forEach"}),typeof e!="function")throw new TypeError("Failed to execute 'forEach' on 'FormData': parameter 1 is not of type 'Function'.");for(let[n,i]of this)e.apply(r,[i,n,this])}};bc.prototype[Symbol.iterator]=bc.prototype.entries;Object.defineProperties(bc.prototype,{[Symbol.toStringTag]:{value:"FormData",configurable:!0}});function EO(t,e,r){if(t=Buffer.from(t).toString("utf8"),typeof e=="string")e=Buffer.from(e).toString("utf8");else if(n7(e)||(e=e instanceof i7?new yO([e],"blob",{type:e.type}):new pO(e,"blob",{type:e.type})),r!==void 0){let n={type:e.type,lastModified:e.lastModified};e=Db&&e instanceof Db||e instanceof CO?new yO([e],r,n):new pO(e,r,n)}return{name:t,value:e}}IO.exports={FormData:bc}});var Xd=h((TOe,RO)=>{"use strict";var s7=FT(),Nc=Ue(),{ReadableStreamFrom:o7,isBlobLike:BO,isReadableStreamLike:a7,readableStreamClose:A7,createDeferredPromise:c7,fullyReadBody:l7}=ii(),{FormData:QO}=Jm(),{kState:Gs}=js(),{webidl:kb}=Vr(),{DOMException:wO,structuredClone:u7}=To(),{Blob:d7,File:f7}=require("buffer"),{kBodyUsed:h7}=It(),Pb=require("assert"),{isErrored:g7}=Ue(),{isUint8Array:SO,isArrayBuffer:m7}=require("util/types"),{File:p7}=Gm(),{parseMIMEType:y7,serializeAMimeType:E7}=Hi(),Tb;try{let t=require("node:crypto");Tb=e=>t.randomInt(0,e)}catch{Tb=t=>Math.floor(Math.random(t))}var zs=globalThis.ReadableStream,bO=f7??p7,Vm=new TextEncoder,C7=new TextDecoder;function xO(t,e=!1){zs||(zs=require("stream/web").ReadableS
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								Content-Disposition: form-data`;let l=E=>E.replace(/\n/g,"%0A").replace(/\r/g,"%0D").replace(/"/g,"%22"),u=E=>E.replace(/\r?\n|\r/g,`\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`),d=[],f=new Uint8Array([13,10]);s=0;let g=!1;for(let[E,C]of t)if(typeof C=="string"){let I=Vm.encode(c+`; name="${l(u(E))}"\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
 								${u(C)}\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`);d.push(I),s+=I.byteLength}else{let I=Vm.encode(`${c}; name="${l(u(E))}"`+(C.name?`; filename="${l(C.name)}"`:"")+`\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								Content-Type: ${C.type||"application/octet-stream"}\r
 								\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`);d.push(I,C,f),typeof C.size=="number"?s+=I.byteLength+C.size+f.byteLength:g=!0}let m=Vm.encode(`--${A}--`);d.push(m),s+=m.byteLength,g&&(s=null),i=t,n=async function*(){for(let E of d)E.stream?yield*E.stream():yield E},o="multipart/form-data; boundary="+A}else if(BO(t))i=t,s=t.size,t.type&&(o=t.type);else if(typeof t[Symbol.asyncIterator]=="function"){if(e)throw new TypeError("keepalive");if(Nc.isDisturbed(t)||t.locked)throw new TypeError("Response body object should not be disturbed or locked");r=t instanceof zs?t:o7(t)}if((typeof i=="string"||Nc.isBuffer(i))&&(s=Buffer.byteLength(i)),n!=null){let A;r=new zs({async start(){A=n(t)[Symbol.asyncIterator]()},async pull(c){let{value:l,done:u}=await A.next();return u?queueMicrotask(()=>{c.close()}):g7(r)||c.enqueue(new Uint8Array(l)),c.desiredSize>0},async cancel(c){await A.return()},type:void 0})}return[{stream:r,source:i,length:s},o]}function I7(t,e=!1){return zs||(zs=require("stream/web").ReadableStream),t instanceof zs&&(Pb(!Nc.isDisturbed(t),"The body has already been consumed."),Pb(!t.locked,"The stream is locked.")),xO(t,e)}function B7(t){let[e,r]=t.stream.tee(),n=u7(r,{transfer:[r]}),[,i]=n.tee();return t.stream=e,{stream:i,length:t.length,source:t.source}}async function*NO(t){if(t)if(SO(t))yield t;else{let e=t.stream;if(Nc.isDisturbed(e))throw new TypeError("The body has already been consumed.");if(e.locked)throw new TypeError("The stream is locked.");e[h7]=!0,yield*e}}function Ob(t){if(t.aborted)throw new wO("The operation was aborted.","AbortError")}function Q7(t){return{blob(){return Wm(this,r=>{let n=S7(this);return n==="failure"?n="":n&&(n=E7(n)),new d7([r],{type:n})},t)},arrayBuffer(){return Wm(this,r=>new Uint8Array(r).buffer,t)},text(){return Wm(this,vO,t)},json(){return Wm(this,w7,t)},async formData(){kb.brandCheck(this,t),Ob(this[Gs]);let r=this.headers.get("Content-Type");if(/multipart\/form-data/.test(r)){let n={};for(let[a,A]of this.headers)n[a.toLowerCase()]=A;let i=new QO,s;try{s=new s7({headers:n,preservePath:!0})}catch(a){throw new wO(`${a}`,"AbortError")}s.on("field",(a,A)=>{i.append(a,A)}),s.on("file",(a,A,c,l,u)=>{let d=[];if(l==="base64"||l.toLowerCase()==="base64"){let f="";A.on("data",g=>{f+=g.toString().replace(/[\r\n]/gm,"");let m=f.length-f.length%4;d.push(Buffer.from(f.slice(0,m),"base64")),f=f.slice(m)}),A.on("end",()=>{d.push(Buffer.from(f,"base64")),i.append(a,new bO(d,c,{type:u}))})}else A.on("data",f=>{d.push(f)}),A.on("end",()=>{i.append(a,new bO(d,c,{type:u}))})});let o=new Promise((a,A)=>{s.on("finish",a),s.on("error",c=>A(new TypeError(c)))});if(this.body!==null)for await(let a of NO(this[Gs].body))s.write(a);return s.end(),await o,i}else if(/application\/x-www-form-urlencoded/.test(r)){let n;try{let s="",o=new TextDecoder("utf-8",{ignoreBOM:!0});for await(let a of NO(this[Gs].body)){if(!SO(a))throw new TypeError("Expected Uint8Array chunk");s+=o.decode(a,{stream:!0})}s+=o.decode(),n=new URLSearchParams(s)}catch(s){throw Object.assign(new TypeError,{cause:s})}let i=new QO;for(let[s,o]of n)i.append(s,o);return i}else throw await Promise.resolve(),Ob(this[Gs]),kb.errors.exception({header:`${t.name}.formData`,message:"Could not parse content as FormData."})}}}function b7(t){Object.assign(t.prototype,Q7(t))}async function Wm(t,e,r){if(kb.brandCheck(t,r),Ob(t[Gs]),N7(t[Gs].body))throw new TypeError("Body is unusable");let n=c7(),i=o=>n.reject(o),s=o=>{try{n.resolve(e(o))}catch(a){i(a)}};return t[Gs].body==null?(s(new Uint8Array),n.promise):(await l7(t[Gs].body,s,i),n.promise)}function N7(t){return t!=null&&(t.stream.locked||Nc.isDisturbed(t.stream))}function vO(t){return t.length===0?"":(t[0]===239&&t[1]===187&&t[2]===191&&(t=t.subarray(3)),C7.decode(t))}function w7(t){return JSON.parse(vO(t))}function S7(t){let{headersList:e}=t[Gs],r=e.get("content-type");return r===null?"failure":y7(r)}RO.exports={extractBody:xO,safelyExtractBody:I7,cloneBody:B7,mixinBody:b7}});var PO=h((OOe,kO)=>{"use strict";var{InvalidArgumentError:gt,NotSupportedError:x7}=At(),Ys=require("assert"),{kHTTP2BuildRequest:v7,kHTTP2CopyHeaders:R7,kHTTP1BuildRequest:
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`),this.body=E.stream,this.contentLength=E.length}else an.isBlobLike(i)&&this.contentType==null&&i.type&&(this.contentType=i.type,this.headers+=`content-type: ${i.type}\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`);an.validateHandler(m,n,c),this.servername=an.getServerName(this.host),this[ji]=m,tr.create.hasSubscribers&&tr.create.publish({request:this})}onBodySent(e){if(this[ji].onBodySent)try{return this[ji].onBodySent(e)}catch(r){this.abort(r)}}onRequestSent(){if(tr.bodySent.hasSubscribers&&tr.bodySent.publish({request:this}),this[ji].onRequestSent)try{return this[ji].onRequestSent()}catch(e){this.abort(e)}}onConnect(e){if(Ys(!this.aborted),Ys(!this.completed),this.error)e(this.error);else return this.abort=e,this[ji].onConnect(e)}onHeaders(e,r,n,i){Ys(!this.aborted),Ys(!this.completed),tr.headers.hasSubscribers&&tr.headers.publish({request:this,response:{statusCode:e,headers:r,statusText:i}});try{return this[ji].onHeaders(e,r,n,i)}catch(s){this.abort(s)}}onData(e){Ys(!this.aborted),Ys(!this.completed);try{return this[ji].onData(e)}catch(r){return this.abort(r),!1}}onUpgrade(e,r,n){return Ys(!this.aborted),Ys(!this.completed),this[ji].onUpgrade(e,r,n)}onComplete(e){this.onFinally(),Ys(!this.aborted),this.completed=!0,tr.trailers.hasSubscribers&&tr.trailers.publish({request:this,trailers:e});try{return this[ji].onComplete(e)}catch(r){this.onError(r)}}onError(e){if(this.onFinally(),tr.error.hasSubscribers&&tr.error.publish({request:this,error:e}),!this.aborted)return this.aborted=!0,this[ji].onError(e)}onFinally(){this.errorHandler&&(this.body.off("error",this.errorHandler),this.errorHandler=null),this.endHandler&&(this.body.off("end",this.endHandler),this.endHandler=null)}addHeader(e,r){return Zd(this,e,r),this}static[_7](e,r,n){return new t(e,r,n)}static[v7](e,r,n){let i=r.headers;r={...r,headers:null};let s=new t(e,r,n);if(s.headers={},Array.isArray(i)){if(i.length%2!==0)throw new gt("headers array must be even");for(let o=0;o<i.length;o+=2)Zd(s,i[o],i[o+1],!0)}else if(i&&typeof i=="object"){let o=Object.keys(i);for(let a=0;a<o.length;a++){let A=o[a];Zd(s,A,i[A],!0)}}else if(i!=null)throw new gt("headers must be an object or an array");return s}static[R7](e){let r=e.split(`\r
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								`),n={};for(let i of r){let[s,o]=i.split(": ");o==null||o.length===0||(n[s]?n[s]+=`,${o}`:n[s]=o)}return n}};function Ha(t,e,r){if(e&&typeof e=="object")throw new gt(`invalid ${t} header`);if(e=e!=null?`${e}`:"",DO.exec(e)!==null)throw new gt(`invalid ${t} header`);return r?e:`${t}: ${e}\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`}function Zd(t,e,r,n=!1){if(r&&typeof r=="object"&&!Array.isArray(r))throw new gt(`invalid ${e} header`);if(r===void 0)return;if(t.host===null&&e.length===4&&e.toLowerCase()==="host"){if(DO.exec(r)!==null)throw new gt(`invalid ${e} header`);t.host=r}else if(t.contentLength===null&&e.length===14&&e.toLowerCase()==="content-length"){if(t.contentLength=parseInt(r,10),!Number.isFinite(t.contentLength))throw new gt("invalid content-length header")}else if(t.contentType===null&&e.length===12&&e.toLowerCase()==="content-type")t.contentType=r,n?t.headers[e]=Ha(e,r,n):t.headers+=Ha(e,r);else{if(e.length===17&&e.toLowerCase()==="transfer-encoding")throw new gt("invalid transfer-encoding header");if(e.length===10&&e.toLowerCase()==="connection"){let i=typeof r=="string"?r.toLowerCase():null;if(i!=="close"&&i!=="keep-alive")throw new gt("invalid connection header");i==="close"&&(t.reset=!0)}else{if(e.length===10&&e.toLowerCase()==="keep-alive")throw new gt("invalid keep-alive header");if(e.length===7&&e.toLowerCase()==="upgrade")throw new gt("invalid upgrade header");if(e.length===6&&e.toLowerCase()==="expect")throw new x7("expect header not supported");if(_O.exec(e)===null)throw new gt("invalid header key");if(Array.isArray(r))for(let i=0;i<r.length;i++)n?t.headers[e]?t.headers[e]+=`,${Ha(e,r[i],n)}`:t.headers[e]=Ha(e,r[i],n):t.headers+=Ha(e,r[i]);else n?t.headers[e]=Ha(e,r,n):t.headers+=Ha(e,r)}}}kO.exports=Mb});var $m=h((LOe,TO)=>{"use strict";var k7=require("events"),Fb=class extends k7{dispatch(){throw new Error("not implemented")}close(){throw new Error("not implemented")}destroy(){throw new Error("not implemented")}};TO.exports=Fb});var tf=h((MOe,OO)=>{"use strict";var P7=$m(),{ClientDestroyedError:Ub,ClientClosedError:T7,InvalidArgumentError:wc}=At(),{kDestroy:O7,kClose:L7,kDispatch:qb,kInterceptors:ja}=It(),Sc=Symbol("destroyed"),ef=Symbol("closed"),Js=Symbol("onDestroyed"),xc=Symbol("onClosed"),Km=Symbol("Intercepted Dispatch"),Hb=class extends P7{constructor(){super(),this[Sc]=!1,this[Js]=null,this[ef]=!1,this[xc]=[]}get destroyed(){return this[Sc]}get closed(){return this[ef]}get interceptors(){return this[ja]}set interceptors(e){if(e){for(let r=e.length-1;r>=0;r--)if(typeof this[ja][r]!="function")throw new wc("interceptor must be an function")}this[ja]=e}close(e){if(e===void 0)return new Promise((n,i)=>{this.close((s,o)=>s?i(s):n(o))});if(typeof e!="function")throw new wc("invalid callback");if(this[Sc]){queueMicrotask(()=>e(new Ub,null));return}if(this[ef]){this[xc]?this[xc].push(e):queueMicrotask(()=>e(null,null));return}this[ef]=!0,this[xc].push(e);let r=()=>{let n=this[xc];this[xc]=null;for(let i=0;i<n.length;i++)n[i](null,null)};this[L7]().then(()=>this.destroy()).then(()=>{queueMicrotask(r)})}destroy(e,r){if(typeof e=="function"&&(r=e,e=null),r===void 0)return new Promise((i,s)=>{this.destroy(e,(o,a)=>o?s(o):i(a))});if(typeof r!="function")throw new wc("invalid callback");if(this[Sc]){this[Js]?this[Js].push(r):queueMicrotask(()=>r(null,null));return}e||(e=new Ub),this[Sc]=!0,this[Js]=this[Js]||[],this[Js].push(r);let n=()=>{let i=this[Js];this[Js]=null;for(let s=0;s<i.length;s++)i[s](null,null)};this[O7](e).then(()=>{queueMicrotask(n)})}[Km](e,r){if(!this[ja]||this[ja].length===0)return this[Km]=this[qb],this[qb](e,r);let n=this[qb].bind(this);for(let i=this[ja].length-1;i>=0;i--)n=this[ja][i](n);return this[Km]=n,n(e,r)}dispatch(e,r){if(!r||typeof r!="object")throw new wc("handler must be an object");try{if(!e||typeof e!="object")throw new wc("opts must be an object.");if(this[Sc]||this[Js])throw new Ub;if(this[ef])throw new T7;return this[Km](e,r)}catch(n){if(typeof r.onError!="function")throw new wc("invalid onError method");return r.onError(n),!1}}};OO.exports=Hb});var rf=h((qOe,FO)=>{"use strict";var M7=require("net"),LO=require("assert"),MO=Ue(),{InvalidArgumentError:F7,ConnectTimeoutError:U7}=At(),jb,zb;global.FinalizationRegistry&&!process.env.NODE_V8_COVERAGE?zb=class{constructor(e){this._maxCachedSessions=e,this._sessionCache=new Map,this._sessionRegistry=new global.FinalizationRegistry(r=>{if(this._s
 								`,this[rL]=A??3e5,this[tL]=i??3e5,this[cf]=I??!0,this[pee]=w,this[lf]=T,this[Lo]=null,this[iL]=k>-1?k:-1,this[us]="h1",this[Mn]=null,this[sp]=ve?{openStreams:0,maxConcurrentStreams:H??100}:null,this[sL]=`${this[vr].hostname}${this[vr].port?`:${this[vr].port}`:""}`,this[Bt]=[],this[Qt]=0,this[Ln]=0}get pipelining(){return this[Fo]}set pipelining(e){this[Fo]=e,Fn(this,!0)}get[Ya](){return this[Bt].length-this[Ln]}get[Dt](){return this[Ln]-this[Qt]}get[Ga](){return this[Bt].length-this[Qt]}get[mee](){return!!this[Ot]&&!this[Rc]&&!this[Ot].destroyed}get[Xb](){let e=this[Ot];return e&&(e[Wr]||e[$s]||e[Dc])||this[Ga]>=(this[Fo]||1)||this[Ya]>0}[gee](e){cL(this),this.once("connect",e)}[Cee](e,r){let n=e.origin||this[vr].origin,i=this[us]==="h2"?Kb[Bee](n,e,r):Kb[bee](n,e,r);return this[Bt].push(i),this[za]||(Ae.bodyLength(i.body)==null&&Ae.isIterable(i.body)?(this[za]=1,process.nextTick(Fn,this)):Fn(this,!0)),this[za]&&this[Mo]!==2&&this[Xb]&&(this[Mo]=2),this[Mo]<2}async[yee](){return new Promise(e=>{this[Ga]?this[Lo]=e:e(null)})}async[Eee](e){return new Promise(r=>{let n=this[Bt].splice(this[Ln]);for(let s=0;s<n.length;s++){let o=n[s];$r(this,o,e)}let i=()=>{this[Lo]&&(this[Lo](),this[Lo]=null),r()};this[Mn]!=null&&(Ae.destroy(this[Mn],e),this[Mn]=null,this[sp]=null),this[Ot]?Ae.destroy(this[Ot].on("close",i),e):queueMicrotask(i),Fn(this)})}};function Dee(t){ee(t.code!=="ERR_TLS_CERT_ALTNAME_INVALID"),this[Ot][Rr]=t,cp(this[ls],t)}function kee(t,e,r){let n=new cs(`HTTP/2: "frameError" received - type ${t}, code ${e}`);r===0&&(this[Ot][Rr]=n,cp(this[ls],n))}function Pee(){Ae.destroy(this,new _c("other side closed")),Ae.destroy(this[Ot],new _c("other side closed"))}function Tee(t){let e=this[ls],r=new cs(`HTTP/2: "GOAWAY" frame received with code ${t}`);if(e[Ot]=null,e[Mn]=null,e.destroyed){ee(this[Ya]===0);let n=e[Bt].splice(e[Qt]);for(let i=0;i<n.length;i++){let s=n[i];$r(this,s,r)}}else if(e[Dt]>0){let n=e[Bt][e[Qt]];e[Bt][e[Qt]++]=null,$r(e,n,r)}e[Ln]=e[Qt],ee(e[Dt]===0),e.emit("disconnect",e[vr],[e],r),Fn(e)}var os=qO(),Oee=ep(),Lee=Buffer.alloc(0);async function Mee(){let t=process.env.JEST_WORKER_ID?Vb():void 0,e;try{e=await WebAssembly.compile(Buffer.from(VO(),"base64"))}catch{e=await WebAssembly.compile(Buffer.from(t||Vb(),"base64"))}return await WebAssembly.instantiate(e,{env:{wasm_on_url:(r,n,i)=>0,wasm_on_status:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-As+as.byteOffset;return or.onStatus(new tp(as.buffer,s,i))||0},wasm_on_message_begin:r=>(ee.strictEqual(or.ptr,r),or.onMessageBegin()||0),wasm_on_header_field:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-As+as.byteOffset;return or.onHeaderField(new tp(as.buffer,s,i))||0},wasm_on_header_value:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-As+as.byteOffset;return or.onHeaderValue(new tp(as.buffer,s,i))||0},wasm_on_headers_complete:(r,n,i,s)=>(ee.strictEqual(or.ptr,r),or.onHeadersComplete(n,!!i,!!s)||0),wasm_on_body:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-As+as.byteOffset;return or.onBody(new tp(as.buffer,s,i))||0},wasm_on_message_complete:r=>(ee.strictEqual(or.ptr,r),or.onMessageComplete()||0)}})}var $b=null,t0=Mee();t0.catch();var or=null,as=null,rp=0,As=null,kc=1,ip=2,r0=3,n0=class{constructor(e,r,{exports:n}){ee(Number.isFinite(e[np])&&e[np]>0),this.llhttp=n,this.ptr=this.llhttp.llhttp_alloc(os.TYPE.RESPONSE),this.client=e,this.socket=r,this.timeout=null,this.timeoutValue=null,this.timeoutType=null,this.statusCode=null,this.statusText="",this.upgrade=!1,this.headers=[],this.headersSize=0,this.headersMaxSize=e[np],this.shouldKeepAlive=!1,this.paused=!1,this.resume=this.resume.bind(this),this.bytesRead=0,this.keepAlive="",this.contentLength="",this.connection="",this.maxResponseSize=e[iL]}setTimeout(e,r){this.timeoutType=r,e!==this.timeoutValue?(Wb.clearTimeout(this.timeout),e?(this.timeout=Wb.setTimeout(Fee,e,this),this.timeout.unref&&this.timeout.unref()):this.timeout=null,this.timeoutValue=e):this.timeout&&this.timeout.refresh&&this.timeout.refresh()}resume(){this.socket.destroyed||!this.paused||(ee(this.ptr!=null),ee(or==null),this.llhttp.llhttp_resume(this.ptr),ee
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`;return typeof s=="string"?g+=`host: ${s}\r
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								`:g+=t[XO],o?g+=`connection: upgrade\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								upgrade: ${o}\r
 								`:t[Fo]&&!f[Wr]?g+=`connection: keep-alive\r
 								`:g+=`connection: close\r
 								`,a&&(g+=a),Mr.sendHeaders.hasSubscribers&&Mr.sendHeaders.publish({request:e,headers:g,socket:f}),!r||u===0?(d===0?f.write(`${g}content-length: 0\r
 								\r
 								`,"latin1"):(ee(d===null,"no body must not have content length"),f.write(`${g}\r
 								`,"latin1")),e.onRequestSent()):Ae.isBuffer(r)?(ee(d===r.byteLength,"buffer body must have content length"),f.cork(),f.write(`${g}content-length: ${d}\r
 								\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`,"latin1"),f.write(r),f.uncork(),e.onBodySent(r),e.onRequestSent(),l||(f[Wr]=!0)):Ae.isBlobLike(r)?typeof r.stream=="function"?ap({body:r.stream(),client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):dL({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):Ae.isStream(r)?uL({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):Ae.isIterable(r)?ap({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):ee(!1),!0}function Hee(t,e,r){let{body:n,method:i,path:s,host:o,upgrade:a,expectContinue:A,signal:c,headers:l}=r,u;if(typeof l=="string"?u=Kb[Qee](l.trim()):u=l,a)return $r(t,r,new Error("Upgrade not supported for H2")),!1;try{r.onConnect(I=>{r.aborted||r.completed||$r(t,r,I||new s0)})}catch(I){$r(t,r,I)}if(r.aborted)return!1;let d,f=t[sp];if(u[Nee]=o||t[sL],u[wee]=i,i==="CONNECT")return e.ref(),d=e.request(u,{endStream:!1,signal:c}),d.id&&!d.pending?(r.onUpgrade(null,null,d),++f.openStreams):d.once("ready",()=>{r.onUpgrade(null,null,d),++f.openStreams}),d.once("close",()=>{f.openStreams-=1,f.openStreams===0&&e.unref()}),!0;u[See]=s,u[xee]="https";let g=i==="PUT"||i==="POST"||i==="PATCH";n&&typeof n.read=="function"&&n.read(0);let m=Ae.bodyLength(n);if(m==null&&(m=r.contentLength),(m===0||!g)&&(m=null),lL(i)&&m>0&&r.contentLength!=null&&r.contentLength!==m){if(t[cf])return $r(t,r,new Ws),!1;process.emitWarning(new Ws)}m!=null&&(ee(n,"no body must not have content length"),u[vee]=`${m}`),e.ref();let E=i==="GET"||i==="HEAD";return A?(u[Ree]="100-continue",d=e.request(u,{endStream:E,signal:c}),d.once("continue",C)):(d=e.request(u,{endStream:E,signal:c}),C()),++f.openStreams,d.once("response",I=>{let{[_ee]:N,...w}=I;r.onHeaders(Number(N),w,d.resume.bind(d),"")===!1&&d.pause()}),d.once("end",()=>{r.onComplete([])}),d.on("data",I=>{r.onData(I)===!1&&d.pause()}),d.once("close",()=>{f.openStreams-=1,f.openStreams===0&&e.unref()}),d.once("error",function(I){t[Mn]&&!t[Mn].destroyed&&!this.closed&&!this.destroyed&&(f.streams-=1,Ae.destroy(d,I))}),d.once("frameError",(I,N)=>{let w=new cs(`HTTP/2: "frameError" received - type ${I}, code ${N}`);$r(t,r,w),t[Mn]&&!t[Mn].destroyed&&!this.closed&&!this.destroyed&&(f.streams-=1,Ae.destroy(d,w))}),!0;function C(){n?Ae.isBuffer(n)?(ee(m===n.byteLength,"buffer body must have content length"),d.cork(),d.write(n),d.uncork(),d.end(),r.onBodySent(n),r.onRequestSent()):Ae.isBlobLike(n)?typeof n.stream=="function"?ap({client:t,request:r,contentLength:m,h2stream:d,expectsPayload:g,body:n.stream(),socket:t[Ot],header:""}):dL({body:n,client:t,request:r,contentLength:m,expectsPayload:g,h2stream:d,header:"",socket:t[Ot]}):Ae.isStream(n)?uL({body:n,client:t,request:r,contentLength:m,expectsPayload:g,socket:t[Ot],h2stream:d,header:""}):Ae.isIterable(n)?ap({body:n,client:t,request:r,contentLength:m,expectsPayload:g,header:"",h2stream:d,socket:t[Ot]}):ee(!1):r.onRequestSent()}}function uL({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,header:o,expectsPayload:a}){if(ee(s!==0||r[Dt]===0,"stream body cannot be pipelined"),r[us]==="h2"){let m=function(E){n.onBodySent(E)},g=see(e,t,E=>{E?(Ae.destroy(e,E),Ae.destroy(t,E)):n.onRequestSent()});g.on("data",m),g.once("end",()=>{g.removeListener("data",m),Ae.destroy(g)});return}let A=!1,c=new Ap({socket:i,request:n,contentLength:s,client:r,expectsPayload:a,header:o}),l=function(g){if(!A)try{!c.write(g)&&this.pause&&this.pause()}catch(m){Ae.destroy(this,m)}},u=function(){A||e.resume&&e.resume()},d=function(){if(A)return;let g=new s0;queueMicrotask(()=>f(g))},f=function(g){if(!A){if(A=!0,ee(i.destroyed||i[$s]&&r[Dt]<=1),i.off("drain",u).off("error",f),e.removeListener("data",l).removeListener("end",f).removeListener("error",f).removeListener("close",d),!g)try{c.end()}catch(m){g=m}c.destroy(g),g&&(g.code!=="UND_ERR_INFO"||g.message!=="reset")?Ae.destroy(e,g):Ae.destroy(e)}};e.on("data",l).on("end",f).on("error",f).on("close",d),e.resume&&e.resume(),i.on("drain",u).on("error",f)}async function dL({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,heade
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`,"latin1"),i.write(c),i.uncork()),n.onBodySent(c),n.onRequestSent(),a||(i[Wr]=!0),Fn(r)}catch(c){Ae.destroy(A?t:i,c)}}async function ap({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,header:o,expectsPayload:a}){ee(s!==0||r[Dt]===0,"iterator body cannot be pipelined");let A=null;function c(){if(A){let d=A;A=null,d()}}let l=()=>new Promise((d,f)=>{ee(A===null),i[Rr]?f(i[Rr]):A=d});if(r[us]==="h2"){t.on("close",c).on("drain",c);try{for await(let d of e){if(i[Rr])throw i[Rr];let f=t.write(d);n.onBodySent(d),f||await l()}}catch(d){t.destroy(d)}finally{n.onRequestSent(),t.end(),t.off("close",c).off("drain",c)}return}i.on("close",c).on("drain",c);let u=new Ap({socket:i,request:n,contentLength:s,client:r,expectsPayload:a,header:o});try{for await(let d of e){if(i[Rr])throw i[Rr];u.write(d)||await l()}u.end()}catch(d){u.destroy(d)}finally{i.off("close",c).off("drain",c)}}var Ap=class{constructor({socket:e,request:r,contentLength:n,client:i,expectsPayload:s,header:o}){this.socket=e,this.request=r,this.contentLength=n,this.client=i,this.bytesWritten=0,this.expectsPayload=s,this.header=o,e[$s]=!0}write(e){let{socket:r,request:n,contentLength:i,client:s,bytesWritten:o,expectsPayload:a,header:A}=this;if(r[Rr])throw r[Rr];if(r.destroyed)return!1;let c=Buffer.byteLength(e);if(!c)return!0;if(i!==null&&o+c>i){if(s[cf])throw new Ws;process.emitWarning(new Ws)}r.cork(),o===0&&(a||(r[Wr]=!0),i===null?r.write(`${A}transfer-encoding: chunked\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`,"latin1"):r.write(`${A}content-length: ${i}\r
 								\r
 								`,"latin1")),i===null&&r.write(`\r
 								${c.toString(16)}\r
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								`,"latin1"),this.bytesWritten+=c;let l=r.write(e);return r.uncork(),n.onBodySent(e),l||r[Tt].timeout&&r[Tt].timeoutType===kc&&r[Tt].timeout.refresh&&r[Tt].timeout.refresh(),l}end(){let{socket:e,contentLength:r,client:n,bytesWritten:i,expectsPayload:s,header:o,request:a}=this;if(a.onRequestSent(),e[$s]=!1,e[Rr])throw e[Rr];if(!e.destroyed){if(i===0?s?e.write(`${o}content-length: 0\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
 								`,"latin1"):e.write(`${o}\r
 								`,"latin1"):r===null&&e.write(`\r
 \r
 								\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`,"latin1"),r!==null&&i!==r){if(n[cf])throw new Ws;process.emitWarning(new Ws)}e[Tt].timeout&&e[Tt].timeoutType===kc&&e[Tt].timeout.refresh&&e[Tt].timeout.refresh(),Fn(n)}}destroy(e){let{socket:r,client:n}=this;r[$s]=!1,e&&(ee(n[Dt]<=1,"pipeline should only contain this request"),Ae.destroy(r,e))}};function $r(t,e,r){try{e.onError(r),ee(e.aborted)}catch(n){t.emit("error",n)}}fL.exports=e0});var gL=h(($Oe,hL)=>{"use strict";var lp=class{constructor(){this.bottom=0,this.top=0,this.list=new Array(2048),this.next=null}isEmpty(){return this.top===this.bottom}isFull(){return(this.top+1&2047)===this.bottom}push(e){this.list[this.top]=e,this.top=this.top+1&2047}shift(){let e=this.list[this.bottom];return e===void 0?null:(this.list[this.bottom]=void 0,this.bottom=this.bottom+1&2047,e)}};hL.exports=class{constructor(){this.head=this.tail=new lp}isEmpty(){return this.head.isEmpty()}push(e){this.head.isFull()&&(this.head=this.head.next=new lp),this.head.push(e)}shift(){let e=this.tail,r=e.shift();return e.isEmpty()&&e.next!==null&&(this.tail=e.next),r}}});var pL=h((KOe,mL)=>{var{kFree:jee,kConnected:zee,kPending:Gee,kQueued:Yee,kRunning:Jee,kSize:Vee}=It(),Ja=Symbol("pool"),o0=class{constructor(e){this[Ja]=e}get connected(){return this[Ja][zee]}get free(){return this[Ja][jee]}get pending(){return this[Ja][Gee]}get queued(){return this[Ja][Yee]}get running(){return this[Ja][Jee]}get size(){return this[Ja][Vee]}};mL.exports=o0});var d0=h((XOe,SL)=>{"use strict";var Wee=tf(),$ee=gL(),{kConnected:a0,kSize:yL,kRunning:EL,kPending:CL,kQueued:df,kBusy:Kee,kFree:Xee,kUrl:Zee,kClose:ete,kDestroy:tte,kDispatch:rte}=It(),nte=pL(),An=Symbol("clients"),Kr=Symbol("needDrain"),ff=Symbol("queue"),A0=Symbol("closed resolve"),c0=Symbol("onDrain"),IL=Symbol("onConnect"),BL=Symbol("onDisconnect"),QL=Symbol("onConnectionError"),l0=Symbol("get dispatcher"),NL=Symbol("add client"),wL=Symbol("remove client"),bL=Symbol("stats"),u0=class extends Wee{constructor(){super(),this[ff]=new $ee,this[An]=[],this[df]=0;let e=this;this[c0]=function(n,i){let s=e[ff],o=!1;for(;!o;){let a=s.shift();if(!a)break;e[df]--,o=!this.dispatch(a.opts,a.handler)}this[Kr]=o,!this[Kr]&&e[Kr]&&(e[Kr]=!1,e.emit("drain",n,[e,...i])),e[A0]&&s.isEmpty()&&Promise.all(e[An].map(a=>a.close())).then(e[A0])},this[IL]=(r,n)=>{e.emit("connect",r,[e,...n])},this[BL]=(r,n,i)=>{e.emit("disconnect",r,[e,...n],i)},this[QL]=(r,n,i)=>{e.emit("connectionError",r,[e,...n],i)},this[bL]=new nte(this)}get[Kee](){return this[Kr]}get[a0](){return this[An].filter(e=>e[a0]).length}get[Xee](){return this[An].filter(e=>e[a0]&&!e[Kr]).length}get[CL](){let e=this[df];for(let{[CL]:r}of this[An])e+=r;return e}get[EL](){let e=0;for(let{[EL]:r}of this[An])e+=r;return e}get[yL](){let e=this[df];for(let{[yL]:r}of this[An])e+=r;return e}get stats(){return this[bL]}async[ete](){return this[ff].isEmpty()?Promise.all(this[An].map(e=>e.close())):new Promise(e=>{this[A0]=e})}async[tte](e){for(;;){let r=this[ff].shift();if(!r)break;r.handler.onError(e)}return Promise.all(this[An].map(r=>r.destroy(e)))}[rte](e,r){let n=this[l0]();return n?n.dispatch(e,r)||(n[Kr]=!0,this[Kr]=!this[l0]()):(this[Kr]=!0,this[ff].push({opts:e,handler:r}),this[df]++),!this[Kr]}[NL](e){return e.on("drain",this[c0]).on("connect",this[IL]).on("disconnect",this[BL]).on("connectionError",this[QL]),this[An].push(e),this[Kr]&&process.nextTick(()=>{this[Kr]&&this[c0](e[Zee],[this,e])}),this}[wL](e){e.close(()=>{let r=this[An].indexOf(e);r!==-1&&this[An].splice(r,1)}),this[Kr]=this[An].some(r=>!r[Kr]&&r.closed!==!0&&r.destroyed!==!0)}};SL.exports={PoolBase:u0,kClients:An,kNeedDrain:Kr,kAddClient:NL,kRemoveClient:wL,kGetDispatcher:l0}});var Pc=h((ZOe,RL)=>{"use strict";var{PoolBase:ite,kClients:up,kNeedDrain:ste,kAddClient:ote,kGetDispatcher:ate}=d0(),Ate=uf(),{InvalidArgumentError:f0}=At(),h0=Ue(),{kUrl:xL,kInterceptors:cte}=It(),lte=rf(),g0=Symbol("options"),m0=Symbol("connections"),vL=Symbol("factory");function ute(t,e){return new Ate(t,e)}var p0=class extends ite{constructor(e,{connections:r,factory:n=ute,connect:i,connectTimeout:s,tls:o,maxCachedSessions
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								${n.count} ${n.noun} ${n.is} pending:
 								${e.format(r)}
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`.trim())}};AF.exports=tN});var gF=h((bLe,hF)=>{"use strict";var{kProxy:dne,kClose:fne,kDestroy:hne,kInterceptors:gne}=It(),{URL:lF}=require("url"),uF=gf(),mne=Pc(),pne=tf(),{InvalidArgumentError:Cf,RequestAbortedError:yne}=At(),dF=rf(),yf=Symbol("proxy agent"),Dp=Symbol("proxy client"),Ef=Symbol("proxy headers"),rN=Symbol("request tls settings"),Ene=Symbol("proxy tls settings"),fF=Symbol("connect endpoint function");function Cne(t){return t==="https:"?443:80}function Ine(t){if(typeof t=="string"&&(t={uri:t}),!t||!t.uri)throw new Cf("Proxy opts.uri is mandatory");return{uri:t.uri,protocol:t.protocol||"https"}}function Bne(t,e){return new mne(t,e)}var nN=class extends pne{constructor(e){if(super(e),this[dne]=Ine(e),this[yf]=new uF(e),this[gne]=e.interceptors&&e.interceptors.ProxyAgent&&Array.isArray(e.interceptors.ProxyAgent)?e.interceptors.ProxyAgent:[],typeof e=="string"&&(e={uri:e}),!e||!e.uri)throw new Cf("Proxy opts.uri is mandatory");let{clientFactory:r=Bne}=e;if(typeof r!="function")throw new Cf("Proxy opts.clientFactory must be a function.");this[rN]=e.requestTls,this[Ene]=e.proxyTls,this[Ef]=e.headers||{};let n=new lF(e.uri),{origin:i,port:s,host:o,username:a,password:A}=n;if(e.auth&&e.token)throw new Cf("opts.auth cannot be used in combination with opts.token");e.auth?this[Ef]["proxy-authorization"]=`Basic ${e.auth}`:e.token?this[Ef]["proxy-authorization"]=e.token:a&&A&&(this[Ef]["proxy-authorization"]=`Basic ${Buffer.from(`${decodeURIComponent(a)}:${decodeURIComponent(A)}`).toString("base64")}`);let c=dF({...e.proxyTls});this[fF]=dF({...e.requestTls}),this[Dp]=r(n,{connect:c}),this[yf]=new uF({...e,connect:async(l,u)=>{let d=l.host;l.port||(d+=`:${Cne(l.protocol)}`);try{let{socket:f,statusCode:g}=await this[Dp].connect({origin:i,port:s,path:d,signal:l.signal,headers:{...this[Ef],host:o}});if(g!==200&&(f.on("error",()=>{}).destroy(),u(new yne(`Proxy response (${g}) !== 200 when HTTP Tunneling`))),l.protocol!=="https:"){u(null,f);return}let m;this[rN]?m=this[rN].servername:m=l.servername,this[fF]({...l,servername:m,httpSocket:f},u)}catch(f){u(f)}}})}dispatch(e,r){let{host:n}=new lF(e.origin),i=Qne(e.headers);return bne(i),this[yf].dispatch({...e,headers:{...i,host:n}},r)}async[fne](){await this[yf].close(),await this[Dp].close()}async[hne](){await this[yf].destroy(),await this[Dp].destroy()}};function Qne(t){if(Array.isArray(t)){let e={};for(let r=0;r<t.length;r+=2)e[t[r]]=t[r+1];return e}return t}function bne(t){if(t&&Object.keys(t).find(r=>r.toLowerCase()==="proxy-authorization"))throw new Cf("Proxy-Authorization should be sent in ProxyAgent constructor")}hF.exports=nN});var CF=h((NLe,EF)=>{var Za=require("assert"),{kRetryHandlerDefaultRetry:mF}=It(),{RequestRetryError:kp}=At(),{isDisturbed:pF,parseHeaders:Nne,parseRangeHeader:yF}=Ue();function wne(t){let e=Date.now();return new Date(t).getTime()-e}var iN=class t{constructor(e,r){let{retryOptions:n,...i}=e,{retry:s,maxRetries:o,maxTimeout:a,minTimeout:A,timeoutFactor:c,methods:l,errorCodes:u,retryAfter:d,statusCodes:f}=n??{};this.dispatch=r.dispatch,this.handler=r.handler,this.opts=i,this.abort=null,this.aborted=!1,this.retryOpts={retry:s??t[mF],retryAfter:d??!0,maxTimeout:a??30*1e3,timeout:A??500,timeoutFactor:c??2,maxRetries:o??5,methods:l??["GET","HEAD","OPTIONS","PUT","DELETE","TRACE"],statusCodes:f??[500,502,503,504,429],errorCodes:u??["ECONNRESET","ECONNREFUSED","ENOTFOUND","ENETDOWN","ENETUNREACH","EHOSTDOWN","EHOSTUNREACH","EPIPE"]},this.retryCount=0,this.start=0,this.end=null,this.etag=null,this.resume=null,this.handler.onConnect(g=>{this.aborted=!0,this.abort?this.abort(g):this.reason=g})}onRequestSent(){this.handler.onRequestSent&&this.handler.onRequestSent()}onUpgrade(e,r,n){this.handler.onUpgrade&&this.handler.onUpgrade(e,r,n)}onConnect(e){this.aborted?e(this.reason):this.abort=e}onBodySent(e){if(this.handler.onBodySent)return this.handler.onBodySent(e)}static[mF](e,{state:r,opts:n},i){let{statusCode:s,code:o,headers:a}=e,{method:A,retryOptions:c}=n,{maxRetries:l,timeout:u,maxTimeout:d,timeoutFactor:f,statusCodes:g,errorCodes:m,methods:E}=c,{count
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
 								        Error Code : ${o.statusCode}
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								        Error Message: ${o.message}`)})).result)===null||r===void 0?void 0:r.value;if(!s)throw new Error("Response json body do not have ID Token field");return s})}static getIDToken(e){return v1(this,void 0,void 0,function*(){try{let r=t.getIDTokenUrl();if(e){let i=encodeURIComponent(e);r=`${r}&audience=${i}`}(0,R1.debug)(`ID token url is ${r}`);let n=yield t.getCall(r);return(0,R1.setSecret)(n),n}catch(r){throw new Error(`Error message: ${r.message}`)}})}};sl.OidcClient=JN});var KN=h(fn=>{"use strict";var VN=fn&&fn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(fn,"__esModule",{value:!0});fn.summary=fn.markdownSummary=fn.SUMMARY_DOCS_URL=fn.SUMMARY_ENV_VAR=void 0;var mae=require("os"),WN=require("fs"),{access:pae,appendFile:yae,writeFile:Eae}=WN.promises;fn.SUMMARY_ENV_VAR="GITHUB_STEP_SUMMARY";fn.SUMMARY_DOCS_URL="https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary";var $N=class{constructor(){this._buffer=""}filePath(){return VN(this,void 0,void 0,function*(){if(this._filePath)return this._filePath;let e=process.env[fn.SUMMARY_ENV_VAR];if(!e)throw new Error(`Unable to find environment variable for $${fn.SUMMARY_ENV_VAR}. Check if your runtime environment supports job summaries.`);try{yield pae(e,WN.constants.R_OK|WN.constants.W_OK)}catch{throw new Error(`Unable to access summary file: '${e}'. Check if the file has correct read/write permissions.`)}return this._filePath=e,this._filePath})}wrap(e,r,n={}){let i=Object.entries(n).map(([s,o])=>` ${s}="${o}"`).join("");return r?`<${e}${i}>${r}</${e}>`:`<${e}${i}>`}write(e){return VN(this,void 0,void 0,function*(){let r=!!e?.overwrite,n=yield this.filePath();return yield(r?Eae:yae)(n,this._buffer,{encoding:"utf8"}),this.emptyBuffer()})}clear(){return VN(this,void 0,void 0,function*(){return this.emptyBuffer().write({overwrite:!0})})}stringify(){return this._buffer}isEmptyBuffer(){return this._buffer.length===0}emptyBuffer(){return this._buffer="",this}addRaw(e,r=!1){return this._buffer+=e,r?this.addEOL():this}addEOL(){return this.addRaw(mae.EOL)}addCodeBlock(e,r){let n=Object.assign({},r&&{lang:r}),i=this.wrap("pre",this.wrap("code",e),n);return this.addRaw(i).addEOL()}addList(e,r=!1){let n=r?"ol":"ul",i=e.map(o=>this.wrap("li",o)).join(""),s=this.wrap(n,i);return this.addRaw(s).addEOL()}addTable(e){let r=e.map(i=>{let s=i.map(o=>{if(typeof o=="string")return this.wrap("td",o);let{header:a,data:A,colspan:c,rowspan:l}=o,u=a?"th":"td",d=Object.assign(Object.assign({},c&&{colspan:c}),l&&{rowspan:l});return this.wrap(u,A,d)}).join("");return this.wrap("tr",s)}).join(""),n=this.wrap("table",r);return this.addRaw(n).addEOL()}addDetails(e,r){let n=this.wrap("details",this.wrap("summary",e)+r);return this.addRaw(n).addEOL()}addImage(e,r,n){let{width:i,height:s}=n||{},o=Object.assign(Object.assign({},i&&{width:i}),s&&{height:s}),a=this.wrap("img",null,Object.assign({src:e,alt:r},o));return this.addRaw(a).addEOL()}addHeading(e,r){let n=`h${r}`,i=["h1","h2","h3","h4","h5","h6"].includes(n)?n:"h1",s=this.wrap(i,e);return this.addRaw(s).addEOL()}addSeparator(){let e=this.wrap("hr",null);return this.addRaw(e).addEOL()}addBreak(){let e=this.wrap("br",null);return this.addRaw(e).addEOL()}addQuote(e,r){let n=Object.assign({},r&&{cite:r}),i=this.wrap("blockquote",e,n);return this.addRaw(i).addEOL()}addLink(e,r){let n=this.wrap("a",e,{href:r});return this.addRaw(n).addEOL()}},D1=new $N;fn.markdownSummary=D1;fn.summary=D1});var k1=h(hn=>{"use strict";var Cae=hn&&hn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]}
 								`);return{name:e,version:r}});qe.platform=K1.default.platform();qe.arch=K1.default.arch();qe.isWindows=qe.platform==="win32";qe.isMacOS=qe.platform==="darwin";qe.isLinux=qe.platform==="linux";function sAe(){return xy(this,void 0,void 0,function*(){return Object.assign(Object.assign({},yield qe.isWindows?rAe():qe.isMacOS?nAe():iAe()),{platform:qe.platform,arch:qe.arch,isWindows:qe.isWindows,isMacOS:qe.isMacOS,isLinux:qe.isLinux})})}qe.getDetails=sAe});var at=h(te=>{"use strict";var oAe=te&&te.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),aAe=te&&te.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),iw=te&&te.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&oAe(e,t,r);return aAe(e,t),e},Z1=te&&te.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(te,"__esModule",{value:!0});te.platform=te.toPlatformPath=te.toWin32Path=te.toPosixPath=te.markdownSummary=te.summary=te.getIDToken=te.getState=te.saveState=te.group=te.endGroup=te.startGroup=te.info=te.notice=te.warning=te.error=te.debug=te.isDebug=te.setFailed=te.setCommandEcho=te.setOutput=te.getBooleanInput=te.getMultilineInput=te.getInput=te.addPath=te.setSecret=te.exportVariable=te.ExitCode=void 0;var ui=DP(),aA=TP(),al=xm(),eq=iw(require("os")),AAe=iw(require("path")),cAe=_1(),nw;(function(t){t[t.Success=0]="Success",t[t.Failure=1]="Failure"})(nw||(te.ExitCode=nw={}));function lAe(t,e){let r=(0,al.toCommandValue)(e);if(process.env[t]=r,process.env.GITHUB_ENV||"")return(0,aA.issueFileCommand)("ENV",(0,aA.prepareKeyValueMessage)(t,e));(0,ui.issueCommand)("set-env",{name:t},r)}te.exportVariable=lAe;function uAe(t){(0,ui.issueCommand)("add-mask",{},t)}te.setSecret=uAe;function dAe(t){process.env.GITHUB_PATH||""?(0,aA.issueFileCommand)("PATH",t):(0,ui.issueCommand)("add-path",{},t),process.env.PATH=`${t}${AAe.delimiter}${process.env.PATH}`}te.addPath=dAe;function sw(t,e){let r=process.env[`INPUT_${t.replace(/ /g,"_").toUpperCase()}`]||"";if(e&&e.required&&!r)throw new Error(`Input required and not supplied: ${t}`);return e&&e.trimWhitespace===!1?r:r.trim()}te.getInput=sw;function fAe(t,e){let r=sw(t,e).split(`
 								`).filter(n=>n!=="");return e&&e.trimWhitespace===!1?r:r.map(n=>n.trim())}te.getMultilineInput=fAe;function hAe(t,e){let r=["true","True","TRUE"],n=["false","False","FALSE"],i=sw(t,e);if(r.includes(i))return!0;if(n.includes(i))return!1;throw new TypeError(`Input does not meet YAML 1.2 "Core Schema" specification: ${t}
 								Support boolean input list: \`true | True | TRUE | false | False | FALSE\``)}te.getBooleanInput=hAe;function gAe(t,e){if(process.env.GITHUB_OUTPUT||"")return(0,aA.issueFileCommand)("OUTPUT",(0,aA.prepareKeyValueMessage)(t,e));process.stdout.write(eq.EOL),(0,ui.issueCommand)("set-output",{name:t},(0,al.toCommandValue)(e))}te.setOutput=gAe;function mAe(t){(0,ui.issue)("echo",t?"on":"off")}te.setCommandEcho=mAe;function pAe(t){process.exitCode=nw.Failure,tq(t)}te.setFailed=pAe;function yAe(){return process.env.RUNNER_DEBUG==="1"}te.isDebug=yAe;function EAe(t){(0,ui.issueCommand)("debug",{},t)}te.debug=EAe;function tq(t,e={}){(0,ui.issueCommand)("error",(0,al.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.error=tq;function CAe(t,e={}){(0,ui.issueCommand)("warning",(0,al.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.warning=CAe;function IAe(t,e={}){(0,ui.issueCommand)("notice",(0,al.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.notice=IAe;function BAe(t){process.stdout.write(t+eq.EOL)}te.info=BAe;function rq(t){(0,ui.issue)("group",t)}te.startGroup=rq;function nq(){(0,ui.issue)("endgroup")}te.endGroup=nq;function QAe(t,e){return Z1(this,void 0,void 0,function*(){rq(t);let r;try{r=yield e()}finally{nq()}return r})}te.group=QAe;function bAe(t,e){if(process.env.GITHUB_STATE||"")return(0,aA.issueFileCommand)("STATE",(0,aA.prepareKeyValueMessage)(t,e));(0,ui.issueCommand)("save-state",{name:t},(0,al.toCommandValue)(e))}te.saveState=bAe;function NAe(t){return process.env[`STATE_${t}`]||""}te.getState=NAe;function wAe(t){return Z1(this,void 0,void 0,function*(){return yield cAe.OidcClient.getIDToken(t)})}te.getIDToken=wAe;var SAe=KN();Object.defineProperty(te,"summary",{enumerable:!0,get:function(){return SAe.summary}});var xAe=KN();Object.defineProperty(te,"markdownSummary",{enumerable:!0,get:function(){return xAe.markdownSummary}});var ow=k1();Object.defineProperty(te,"toPosixPath",{enumerable:!0,get:function(){return ow.toPosixPath}});Object.defineProperty(te,"toWin32Path",{enumerable:!0,get:function(){return ow.toWin32Path}});Object.defineProperty(te,"toPlatformPath",{enumerable:!0,get:function(){return ow.toPlatformPath}});te.platform=iw(X1())});var iq=h(Es=>{"use strict";var vAe=Es&&Es.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),RAe=Es&&Es.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),_Ae=Es&&Es.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&vAe(e,t,r);return RAe(e,t),e};Object.defineProperty(Es,"__esModule",{value:!0});Es.getOptions=void 0;var aw=_Ae(at());function DAe(t){let e={followSymbolicLinks:!0,implicitDescendants:!0,omitBrokenSymbolicLinks:!0};return t&&(typeof t.followSymbolicLinks=="boolean"&&(e.followSymbolicLinks=t.followSymbolicLinks,aw.debug(`followSymbolicLinks '${e.followSymbolicLinks}'`)),typeof t.implicitDescendants=="boolean"&&(e.implicitDescendants=t.implicitDescendants,aw.debug(`implicitDescendants '${e.implicitDescendants}'`)),typeof t.omitBrokenSymbolicLinks=="boolean"&&(e.omitBrokenSymbolicLinks=t.omitBrokenSymbolicLinks,aw.debug(`omitBrokenSymbolicLinks '${e.omitBrokenSymbolicLinks}'`))),e}Es.getOptions=DAe});var Ry=h(Mt=>{"use strict";var kAe=Mt&&Mt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),PAe=Mt&&Mt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),TAe=Mt&&Mt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&kAe(e,t,r);return PAe(e,t),e},OAe=Mt&&Mt.__importDefault||function(t){return t&&t.__esModule?t:{defa
 								   %s`,R,R,I,n);var T=I.type==="*"?fw:I.type==="?"?dw:"\\"+I.type;i=!0,n=n.slice(0,I.reStart)+T+"\\("+R}g(),s&&(n+="\\\\");var U=!1;switch(n.charAt(0)){case"[":case".":case"(":U=!0}for(var k=a.length-1;k>-1;k--){var J=a[k],be=n.slice(0,J.reStart),ve=n.slice(J.reStart,J.reEnd-8),H=n.slice(J.reEnd-8,J.reEnd),_e=n.slice(J.reEnd);H+=_e;var rt=be.split("(").length-1,Or=_e;for(m=0;m<rt;m++)Or=Or.replace(/\)[+*?]?/,"");_e=Or;var fr="";_e===""&&e!==Dy&&(fr="$");var So=be+ve+_e+fr+H;n=So}if(n!==""&&i&&(n="(?=.)"+n),U&&(n=d+n),e===Dy)return[n,i];if(!i)return fce(t);var xo=r.nocase?"i":"";try{var Li=new RegExp("^"+n+"$",xo)}catch{return new RegExp("$.")}return Li._glob=t,Li._src=n,Li}Yn.makeRe=function(t,e){return new Dr(t,e||{}).makeRe()};Dr.prototype.makeRe=dce;function dce(){if(this.regexp||this.regexp===!1)return this.regexp;var t=this.set;if(!t.length)return this.regexp=!1,this.regexp;var e=this.options,r=e.noglobstar?fw:e.dot?ice:sce,n=e.nocase?"i":"",i=t.map(function(s){return s.map(function(o){return o===hw?r:typeof o=="string"?hce(o):o._src}).join("\\/")}).join("|");i="^(?:"+i+")$",this.negate&&(i="^(?!"+i+").*$");try{this.regexp=new RegExp(i,n)}catch{this.regexp=!1}return this.regexp}Yn.match=function(t,e,r){r=r||{};var n=new Dr(e,r);return t=t.filter(function(i){return n.match(i)}),n.options.nonull&&!t.length&&t.push(e),t};Dr.prototype.match=function(e,r){if(typeof r>"u"&&(r=this.partial),this.debug("match",e,this.pattern),this.comment)return!1;if(this.empty)return e==="";if(e==="/"&&r)return!0;var n=this.options;Lf.sep!=="/"&&(e=e.split(Lf.sep).join("/")),e=e.split(Nq),this.debug(this.pattern,"split",e);var i=this.set;this.debug(this.pattern,"set",i);var s,o;for(o=e.length-1;o>=0&&(s=e[o],!s);o--);for(o=0;o<i.length;o++){var a=i[o],A=e;n.matchBase&&a.length===1&&(A=[s]);var c=this.matchOne(A,a,r);if(c)return n.flipNegate?!0:!this.negate}return n.flipNegate?!1:this.negate};Dr.prototype.matchOne=function(t,e,r){var n=this.options;this.debug("matchOne",{this:this,file:t,pattern:e}),this.debug("matchOne",t.length,e.length);for(var i=0,s=0,o=t.length,a=e.length;i<o&&s<a;i++,s++){this.debug("matchOne loop");var A=e[s],c=t[i];if(this.debug(e,A,c),A===!1)return!1;if(A===hw){this.debug("GLOBSTAR",[e,A,c]);var l=i,u=s+1;if(u===a){for(this.debug("** at the end");i<o;i++)if(t[i]==="."||t[i]===".."||!n.dot&&t[i].charAt(0)===".")return!1;return!0}for(;l<o;){var d=t[l];if(this.debug(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								globstar while`,t,l,e,u,d),this.matchOne(t.slice(l),e.slice(u),r))return this.debug("globstar found match!",l,o,d),!0;if(d==="."||d===".."||!n.dot&&d.charAt(0)==="."){this.debug("dot detected!",t,l,e,u);break}this.debug("globstar swallow a segment, and continue"),l++}return!!(r&&(this.debug(`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								>>> no match, partial?`,t,l,e,u),l===o))}var f;if(typeof A=="string"?(f=c===A,this.debug("string match",A,c,f)):(f=c.match(A),this.debug("pattern match",A,c,f)),!f)return!1}if(i===o&&s===a)return!0;if(i===o)return r;if(s===a)return i===o-1&&t[i]==="";throw new Error("wtf?")};function fce(t){return t.replace(/\\(.)/g,"$1")}function hce(t){return t.replace(/[-[\]{}()*+?.,\\^$|#\s]/g,"\\$&")}});var vq=h(di=>{"use strict";var gce=di&&di.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),mce=di&&di.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),xq=di&&di.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&gce(e,t,r);return mce(e,t),e},pce=di&&di.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(di,"__esModule",{value:!0});di.Path=void 0;var Mf=xq(require("path")),Wo=xq(Ry()),Ff=pce(require("assert")),yce=process.platform==="win32",mw=class{constructor(e){if(this.segments=[],typeof e=="string")if(Ff.default(e,"Parameter 'itemPath' must not be empty"),e=Wo.safeTrimTrailingSeparator(e),!Wo.hasRoot(e))this.segments=e.split(Mf.sep);else{let r=e,n=Wo.dirname(r);for(;n!==r;){let i=Mf.basename(r);this.segments.unshift(i),r=n,n=Wo.dirname(r)}this.segments.unshift(r)}else{Ff.default(e.length>0,"Parameter 'itemPath' must not be an empty array");for(let r=0;r<e.length;r++){let n=e[r];Ff.default(n,"Parameter 'itemPath' must not contain any empty segments"),n=Wo.normalizeSeparators(e[r]),r===0&&Wo.hasRoot(n)?(n=Wo.safeTrimTrailingSeparator(n),Ff.default(n===Wo.dirname(n),"Parameter 'itemPath' root segment contains information for multiple segments"),this.segments.push(n)):(Ff.default(!n.includes(Mf.sep),"Parameter 'itemPath' contains unexpected path separators"),this.segments.push(n))}}}toString(){let e=this.segments[0],r=e.endsWith(Mf.sep)||yce&&/^[A-Z]:$/i.test(e);for(let n=1;n<this.segments.length;n++)r?r=!1:e+=Mf.sep,e+=this.segments[n];return e}};di.Path=mw});var Rq=h(fi=>{"use strict";var Ece=fi&&fi.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Cce=fi&&fi.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Ew=fi&&fi.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&Ece(e,t,r);return Cce(e,t),e},Ice=fi&&fi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(fi,"__esModule",{value:!0});fi.Pattern=void 0;var Bce=Ew(require("os")),Uf=Ew(require("path")),En=Ew(Ry()),cA=Ice(require("assert")),Qce=gw(),pw=_y(),Py=vq(),to=process.platform==="win32",yw=class t{constructor(e,r=!1,n,i){this.negate=!1;let s;if(typeof e=="string")s=e.trim();else{n=n||[],cA.default(n.length,"Parameter 'segments' must not empty");let c=t.getLiteral(n[0]);cA.default(c&&En.hasAbsoluteRoot(c),"Parameter 'segments' first element must be a root path"),s=new Py.Path(n).toString().trim(),e&&(s=`!${s}`)}for(;s.startsWith("!");)this.negate=!this.negate,s=s.substr(1).trim();s=t.fixupPattern(s,i),this.segments=new Py.Path(s).segments,this.trailingSeparator=En.normalizeSeparators(s).endsWith(Uf.sep),s=En.safeTrimTrailingSeparator(s);let o=!1,a=this.segments.map(c=>t.getLiteral(c)).filter(c=>!o&&!(o=c===""));this.searchPath=new Py.Path(a).toString(),this.rootRegExp=new RegExp(t.regExpEscape(a[0]),to?"i":""),this.isImplicitPattern=r;let A={dot:!0,nobrace:!0,nocase:to,nocomment:!0,noext:!0,nonegate:!0};s=to?s.replace(/\\/g,"/"):s,this.minimatch=new Qce.Minimatch(s,A)}match(e){return this.segments[this.segments.length-1]==="**"?(e=En.normalizeSeparators(e),!e.endsWith(Uf.sep)&&th
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`),e=e.replace(/\r/g,`
 								`));let i=e.split(`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`).map(s=>s.trim());for(let s of i)!s||s.startsWith("#")||n.patterns.push(new Pq.Pattern(s));return n.searchPaths.push(...Oy.getSearchPaths(n.patterns)),n})}static stat(e,r,n){return Iw(this,void 0,void 0,function*(){let i;if(r.followSymbolicLinks)try{i=yield qf.promises.stat(e.path)}catch(s){if(s.code==="ENOENT"){if(r.omitBrokenSymbolicLinks){Bw.debug(`Broken symlink '${e.path}'`);return}throw new Error(`No information found for the path '${e.path}'. This may indicate a broken symbolic link.`)}throw s}else i=yield qf.promises.lstat(e.path);if(i.isDirectory()&&r.followSymbolicLinks){let s=yield qf.promises.realpath(e.path);for(;n.length>=e.level;)n.pop();if(n.some(o=>o===s)){Bw.debug(`Symlink cycle detected for path '${e.path}' and realpath '${s}'`);return}n.push(s)}return i})}};gr.DefaultGlobber=Qw});var Lq=h(cl=>{"use strict";var Rce=cl&&cl.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(cl,"__esModule",{value:!0});cl.create=void 0;var _ce=Oq();function Dce(t,e){return Rce(this,void 0,void 0,function*(){return yield _ce.DefaultGlobber.create(t,e)})}cl.create=Dce});var jq=h((ye,Hq)=>{ye=Hq.exports=xe;var Ke;typeof process=="object"&&process.env&&process.env.NODE_DEBUG&&/\bsemver\b/i.test(process.env.NODE_DEBUG)?Ke=function(){var t=Array.prototype.slice.call(arguments,0);t.unshift("SEMVER"),console.log.apply(console,t)}:Ke=function(){};ye.SEMVER_SPEC_VERSION="2.0.0";var jf=256,Ly=Number.MAX_SAFE_INTEGER||9007199254740991,bw=16,kce=jf-6,ll=ye.re=[],$e=ye.safeRe=[],D=ye.src=[],x=ye.tokens={},Uq=0;function De(t){x[t]=Uq++}var ww="[a-zA-Z0-9-]",Nw=[["\\s",1],["\\d",jf],[ww,kce]];function Gf(t){for(var e=0;e<Nw.length;e++){var r=Nw[e][0],n=Nw[e][1];t=t.split(r+"*").join(r+"{0,"+n+"}").split(r+"+").join(r+"{1,"+n+"}")}return t}De("NUMERICIDENTIFIER");D[x.NUMERICIDENTIFIER]="0|[1-9]\\d*";De("NUMERICIDENTIFIERLOOSE");D[x.NUMERICIDENTIFIERLOOSE]="\\d+";De("NONNUMERICIDENTIFIER");D[x.NONNUMERICIDENTIFIER]="\\d*[a-zA-Z-]"+ww+"*";De("MAINVERSION");D[x.MAINVERSION]="("+D[x.NUMERICIDENTIFIER]+")\\.("+D[x.NUMERICIDENTIFIER]+")\\.("+D[x.NUMERICIDENTIFIER]+")";De("MAINVERSIONLOOSE");D[x.MAINVERSIONLOOSE]="("+D[x.NUMERICIDENTIFIERLOOSE]+")\\.("+D[x.NUMERICIDENTIFIERLOOSE]+")\\.("+D[x.NUMERICIDENTIFIERLOOSE]+")";De("PRERELEASEIDENTIFIER");D[x.PRERELEASEIDENTIFIER]="(?:"+D[x.NUMERICIDENTIFIER]+"|"+D[x.NONNUMERICIDENTIFIER]+")";De("PRERELEASEIDENTIFIERLOOSE");D[x.PRERELEASEIDENTIFIERLOOSE]="(?:"+D[x.NUMERICIDENTIFIERLOOSE]+"|"+D[x.NONNUMERICIDENTIFIER]+")";De("PRERELEASE");D[x.PRERELEASE]="(?:-("+D[x.PRERELEASEIDENTIFIER]+"(?:\\."+D[x.PRERELEASEIDENTIFIER]+")*))";De("PRERELEASELOOSE");D[x.PRERELEASELOOSE]="(?:-?("+D[x.PRERELEASEIDENTIFIERLOOSE]+"(?:\\."+D[x.PRERELEASEIDENTIFIERLOOSE]+")*))";De("BUILDIDENTIFIER");D[x.BUILDIDENTIFIER]=ww+"+";De("BUILD");D[x.BUILD]="(?:\\+("+D[x.BUILDIDENTIFIER]+"(?:\\."+D[x.BUILDIDENTIFIER]+")*))";De("FULL");De("FULLPLAIN");D[x.FULLPLAIN]="v?"+D[x.MAINVERSION]+D[x.PRERELEASE]+"?"+D[x.BUILD]+"?";D[x.FULL]="^"+D[x.FULLPLAIN]+"$";De("LOOSEPLAIN");D[x.LOOSEPLAIN]="[v=\\s]*"+D[x.MAINVERSIONLOOSE]+D[x.PRERELEASELOOSE]+"?"+D[x.BUILD]+"?";De("LOOSE");D[x.LOOSE]="^"+D[x.LOOSEPLAIN]+"$";De("GTLT");D[x.GTLT]="((?:<|>)?=?)";De("XRANGEIDENTIFIERLOOSE");D[x.XRANGEIDENTIFIERLOOSE]=D[x.NUMERICIDENTIFIERLOOSE]+"|x|X|\\*";De("XRANGEIDENTIFIER");D[x.XRANGEIDENTIFIER]=D[x.NUMERICIDENTIFIER]+"|x|X|\\*";De("XRANGEPLAIN");D[x.XRANGEPLAIN]="[v=\\s]*("+D[x.XRANGEIDENTIFIER]+")(?:\\.("+D[x.XRANGEIDENTIFIER]+")(?:\\.("+D[x.XRANGEIDENTIFIER]+")(?:"+D[x.PRERELEASE]+")?"+D[x.BUILD]+"?)?)?";De("XRANGEPLAINLOOSE");D[x.XRANGEPLAINLOOSE]="[v=\\s]*("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:"+D[x.PRERELEASELOOSE]+")?"+D[x.BUILD]+"?)?)?";De("XRANGE");D[x.XRANGE]="^"+D[x.GTLT]+"\\s*"+D[x.XRANGEPLAI
 								`),{implicitDescendants:!1});try{for(var c=!0,l=yle(A.globGenerator()),u;u=yield l.next(),e=u.done,!e;c=!0){i=u.value,c=!1;let d=i,f=qy.relative(a,d).replace(new RegExp(`\\${qy.sep}`,"g"),"/");Jf.debug(`Matched: ${f}`),f===""?o.push("."):o.push(`${f}`)}}catch(d){r={error:d}}finally{try{!c&&!e&&(n=l.return)&&(yield n.call(l))}finally{if(r)throw r.error}}return o})}Ye.resolvePaths=wle;function Sle(t){return dl(this,void 0,void 0,function*(){return Ble.promisify(_w.unlink)(t)})}Ye.unlinkFile=Sle;function Wq(t,e=[]){return dl(this,void 0,void 0,function*(){let r="";e.push("--version"),Jf.debug(`Checking ${t} ${e.join(" ")}`);try{yield Ele.exec(`${t}`,e,{ignoreReturnCode:!0,silent:!0,listeners:{stdout:n=>r+=n.toString(),stderr:n=>r+=n.toString()}})}catch(n){Jf.debug(n.message)}return r=r.trim(),Jf.debug(r),r})}function xle(){return dl(this,void 0,void 0,function*(){let t=yield Wq("zstd",["--quiet"]),e=Ile.clean(t);return Jf.debug(`zstd version: ${e}`),t===""?dA.CompressionMethod.Gzip:dA.CompressionMethod.ZstdWithoutLong})}Ye.getCompressionMethod=xle;function vle(t){return t===dA.CompressionMethod.Gzip?dA.CacheFilename.Gzip:dA.CacheFilename.Zstd}Ye.getCacheFileName=vle;function Rle(){return dl(this,void 0,void 0,function*(){return _w.existsSync(dA.GnuTarPathOnWindows)?dA.GnuTarPathOnWindows:(yield Wq("tar")).toLowerCase().includes("gnu tar")?Jq.which("tar"):""})}Ye.getGnuTarPathOnWindows=Rle;function _le(t,e){if(e===void 0)throw Error(`Expected ${t} but value was undefiend`);return e}Ye.assertDefined=_le;function Dle(t,e,r=!1){let n=t.slice();return e&&n.push(e),process.platform==="win32"&&!r&&n.push("windows-only"),n.push(Qle),Vq.createHash("sha256").update(n.join("|")).digest("hex")}Ye.getCacheVersion=Dle;function kle(){let t=process.env.ACTIONS_RUNTIME_TOKEN;if(!t)throw new Error("Unable to get the ACTIONS_RUNTIME_TOKEN env variable");return t}Ye.getRuntimeToken=kle});var gi={};q6(gi,{__addDisposableResource:()=>C2,__assign:()=>Hy,__asyncDelegator:()=>d2,__asyncGenerator:()=>u2,__asyncValues:()=>f2,__await:()=>hl,__awaiter:()=>s2,__classPrivateFieldGet:()=>p2,__classPrivateFieldIn:()=>E2,__classPrivateFieldSet:()=>y2,__createBinding:()=>zy,__decorate:()=>Xq,__disposeResources:()=>I2,__esDecorate:()=>e2,__exportStar:()=>a2,__extends:()=>$q,__generator:()=>o2,__importDefault:()=>m2,__importStar:()=>g2,__makeTemplateObject:()=>h2,__metadata:()=>i2,__param:()=>Zq,__propKey:()=>r2,__read:()=>Pw,__rest:()=>Kq,__rewriteRelativeImportExtension:()=>B2,__runInitializers:()=>t2,__setFunctionName:()=>n2,__spread:()=>A2,__spreadArray:()=>l2,__spreadArrays:()=>c2,__values:()=>jy,default:()=>Ole});function $q(t,e){if(typeof e!="function"&&e!==null)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");Dw(t,e);function r(){this.constructor=t}t.prototype=e===null?Object.create(e):(r.prototype=e.prototype,new r)}function Kq(t,e){var r={};for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&e.indexOf(n)<0&&(r[n]=t[n]);if(t!=null&&typeof Object.getOwnPropertySymbols=="function")for(var i=0,n=Object.getOwnPropertySymbols(t);i<n.length;i++)e.indexOf(n[i])<0&&Object.prototype.propertyIsEnumerable.call(t,n[i])&&(r[n[i]]=t[n[i]]);return r}function Xq(t,e,r,n){var i=arguments.length,s=i<3?e:n===null?n=Object.getOwnPropertyDescriptor(e,r):n,o;if(typeof Reflect=="object"&&typeof Reflect.decorate=="function")s=Reflect.decorate(t,e,r,n);else for(var a=t.length-1;a>=0;a--)(o=t[a])&&(s=(i<3?o(s):i>3?o(e,r,s):o(e,r))||s);return i>3&&s&&Object.defineProperty(e,r,s),s}function Zq(t,e){return function(r,n){e(r,n,t)}}function e2(t,e,r,n,i,s){function o(C){if(C!==void 0&&typeof C!="function")throw new TypeError("Function expected");return C}for(var a=n.kind,A=a==="getter"?"get":a==="setter"?"set":"value",c=!e&&t?n.static?t:t.prototype:null,l=e||(c?Object.getOwnPropertyDescriptor(c,n.name):{}),u,d=!1,f=r.length-1;f>=0;f--){var g={};for(var m in n)g[m]=m==="access"?{}:n[m];for(var m in n.access)g.access[m]=n.access[m];g.addInitializer=function(C){if(d)throw new TypeError("Cannot add initializers after decoration has completed"
 								 ${hue.sanitize(Object.assign(Object.assign({},this),{request:this.request,response:this.response}))}`,enumerable:!1}),Object.setPrototypeOf(this,t.prototype)}};Xf.RestError=gl;gl.REQUEST_SEND_ERROR="REQUEST_SEND_ERROR";gl.PARSE_ERROR="PARSE_ERROR";function gue(t){return t instanceof gl?!0:(0,uue.isError)(t)&&t.name==="RestError"}});var fA=h(Zy=>{"use strict";Object.defineProperty(Zy,"__esModule",{value:!0});Zy.uint8ArrayToString=mue;Zy.stringToUint8Array=pue;function mue(t,e){return Buffer.from(t).toString(e)}function pue(t,e){return Buffer.from(t,e)}});var Zf=h(eE=>{"use strict";Object.defineProperty(eE,"__esModule",{value:!0});eE.logger=void 0;var yue=$f();eE.logger=(0,yue.createClientLogger)("ts-http-runtime")});var G2=h(rE=>{"use strict";Object.defineProperty(rE,"__esModule",{value:!0});rE.getBodyLength=z2;rE.createNodeHttpClient=wue;var aS=(mi(),Ui(gi)),iS=aS.__importStar(require("node:http")),sS=aS.__importStar(require("node:https")),U2=aS.__importStar(require("node:zlib")),Eue=require("node:stream"),q2=Vf(),Cue=Xo(),th=ml(),pl=Zf(),Iue=Kf(),Bue={};function eh(t){return t&&typeof t.pipe=="function"}function H2(t){return t.readable===!1?Promise.resolve():new Promise(e=>{let r=()=>{e(),t.removeListener("close",r),t.removeListener("end",r),t.removeListener("error",r)};t.on("close",r),t.on("end",r),t.on("error",r)})}function j2(t){return t&&typeof t.byteLength=="number"}var tE=class extends Eue.Transform{_transform(e,r,n){this.push(e),this.loadedBytes+=e.length;try{this.progressCallback({loadedBytes:this.loadedBytes}),n()}catch(i){n(i)}}constructor(e){super(),this.loadedBytes=0,this.progressCallback=e}},oS=class{constructor(){this.cachedHttpsAgents=new WeakMap}async sendRequest(e){var r,n,i;let s=new AbortController,o;if(e.abortSignal){if(e.abortSignal.aborted)throw new q2.AbortError("The operation was aborted. Request has already been canceled.");o=d=>{d.type==="abort"&&s.abort()},e.abortSignal.addEventListener("abort",o)}let a;e.timeout>0&&(a=setTimeout(()=>{let d=new Iue.Sanitizer;pl.logger.info(`request to '${d.sanitizeUrl(e.url)}' timed out. canceling...`),s.abort()},e.timeout));let A=e.headers.get("Accept-Encoding"),c=A?.includes("gzip")||A?.includes("deflate"),l=typeof e.body=="function"?e.body():e.body;if(l&&!e.headers.has("Content-Length")){let d=z2(l);d!==null&&e.headers.set("Content-Length",d)}let u;try{if(l&&e.onUploadProgress){let C=e.onUploadProgress,I=new tE(C);I.on("error",N=>{pl.logger.error("Error in upload progress",N)}),eh(l)?l.pipe(I):I.end(l),l=I}let d=await this.makeRequest(e,s,l);a!==void 0&&clearTimeout(a);let f=Que(d),m={status:(r=d.statusCode)!==null&&r!==void 0?r:0,headers:f,request:e};if(e.method==="HEAD")return d.resume(),m;u=c?bue(d,f):d;let E=e.onDownloadProgress;if(E){let C=new tE(E);C.on("error",I=>{pl.logger.error("Error in download progress",I)}),u.pipe(C),u=C}return!((n=e.streamResponseStatusCodes)===null||n===void 0)&&n.has(Number.POSITIVE_INFINITY)||!((i=e.streamResponseStatusCodes)===null||i===void 0)&&i.has(m.status)?m.readableStreamBody=u:m.bodyAsText=await Nue(u),m}finally{if(e.abortSignal&&o){let d=Promise.resolve();eh(l)&&(d=H2(l));let f=Promise.resolve();eh(u)&&(f=H2(u)),Promise.all([d,f]).then(()=>{var g;o&&((g=e.abortSignal)===null||g===void 0||g.removeEventListener("abort",o))}).catch(g=>{pl.logger.warning("Error when cleaning up abortListener on httpRequest",g)})}}}makeRequest(e,r,n){var i;let s=new URL(e.url),o=s.protocol!=="https:";if(o&&!e.allowInsecureConnection)throw new Error(`Cannot connect to ${e.url} while allowInsecureConnection is false.`);let a=(i=e.agent)!==null&&i!==void 0?i:this.getOrCreateAgent(e,o),A=Object.assign({agent:a,hostname:s.hostname,path:`${s.pathname}${s.search}`,port:s.port,method:e.method,headers:e.headers.toJSON({preserveCase:!0})},e.requestOverrides);return new Promise((c,l)=>{let u=o?iS.request(A,c):sS.request(A,c);u.once("error",d=>{var f;l(new th.RestError(d.message,{code:(f=d.code)!==null&&f!==void 0?f:th.RestError.REQUEST_SEND_ERROR,request:e}))}),r.signal.addEventListener("abort",()=>{let d=new q2.AbortError("The operation was abo
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`).join(`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`+s),t.push(i+"m+"+dE.exports.humanize(this.diff)+"\x1B[0m")}else t[0]=Tde()+e+" "+t[0]}function Tde(){return mr.inspectOpts.hideDate?"":new Date().toISOString()+" "}function Ode(...t){return process.stderr.write(uE.formatWithOptions(mr.inspectOpts,...t)+`
 								`)}function Lde(t){t?process.env.DEBUG=t:delete process.env.DEBUG}function Mde(){return process.env.DEBUG}function Fde(t){t.inspectOpts={};let e=Object.keys(mr.inspectOpts);for(let r=0;r<e.length;r++)t.inspectOpts[e[r]]=mr.inspectOpts[e[r]]}dE.exports=vS()(mr);var{formatters:cH}=dE.exports;cH.o=function(t){return this.inspectOpts.colors=this.useColors,uE.inspect(t,this.inspectOpts).split(`
 								`).map(e=>e.trim()).join(" ")};cH.O=function(t){return this.inspectOpts.colors=this.useColors,uE.inspect(t,this.inspectOpts)}});var fE=h((lFe,RS)=>{typeof process>"u"||process.type==="renderer"||process.browser===!0||process.__nwjs?RS.exports=AH():RS.exports=lH()});var fH=h(In=>{"use strict";var Ude=In&&In.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),qde=In&&In.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),uH=In&&In.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&Ude(e,t,r);return qde(e,t),e};Object.defineProperty(In,"__esModule",{value:!0});In.req=In.json=In.toBuffer=void 0;var Hde=uH(require("http")),jde=uH(require("https"));async function dH(t){let e=0,r=[];for await(let n of t)e+=n.length,r.push(n);return Buffer.concat(r,e)}In.toBuffer=dH;async function zde(t){let r=(await dH(t)).toString("utf8");try{return JSON.parse(r)}catch(n){let i=n;throw i.message+=` (input: ${r})`,i}}In.json=zde;function Gde(t,e={}){let n=((typeof t=="string"?t:t.href).startsWith("https:")?jde:Hde).request(t,e),i=new Promise((s,o)=>{n.once("response",s).once("error",o).end()});return n.then=i.then.bind(i),n}In.req=Gde});var DS=h(Jn=>{"use strict";var gH=Jn&&Jn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Yde=Jn&&Jn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),mH=Jn&&Jn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&gH(e,t,r);return Yde(e,t),e},Jde=Jn&&Jn.__exportStar||function(t,e){for(var r in t)r!=="default"&&!Object.prototype.hasOwnProperty.call(e,r)&&gH(e,t,r)};Object.defineProperty(Jn,"__esModule",{value:!0});Jn.Agent=void 0;var Vde=mH(require("net")),hH=mH(require("http")),Wde=require("https");Jde(fH(),Jn);var Is=Symbol("AgentBaseInternalState"),_S=class extends hH.Agent{constructor(e){super(e),this[Is]={}}isSecureEndpoint(e){if(e){if(typeof e.secureEndpoint=="boolean")return e.secureEndpoint;if(typeof e.protocol=="string")return e.protocol==="https:"}let{stack:r}=new Error;return typeof r!="string"?!1:r.split(`
 								`).some(n=>n.indexOf("(https.js:")!==-1||n.indexOf("node:https:")!==-1)}incrementSockets(e){if(this.maxSockets===1/0&&this.maxTotalSockets===1/0)return null;this.sockets[e]||(this.sockets[e]=[]);let r=new Vde.Socket({writable:!1});return this.sockets[e].push(r),this.totalSocketCount++,r}decrementSockets(e,r){if(!this.sockets[e]||r===null)return;let n=this.sockets[e],i=n.indexOf(r);i!==-1&&(n.splice(i,1),this.totalSocketCount--,n.length===0&&delete this.sockets[e])}getName(e){return this.isSecureEndpoint(e)?Wde.Agent.prototype.getName.call(this,e):super.getName(e)}createSocket(e,r,n){let i={...r,secureEndpoint:this.isSecureEndpoint(r)},s=this.getName(i),o=this.incrementSockets(s);Promise.resolve().then(()=>this.connect(e,i)).then(a=>{if(this.decrementSockets(s,o),a instanceof hH.Agent)try{return a.addRequest(e,i)}catch(A){return n(A)}this[Is].currentSocket=a,super.createSocket(e,r,n)},a=>{this.decrementSockets(s,o),n(a)})}createConnection(){let e=this[Is].currentSocket;if(this[Is].currentSocket=void 0,!e)throw new Error("No socket was returned in the `connect()` function");return e}get defaultPort(){return this[Is].defaultPort??(this.protocol==="https:"?443:80)}set defaultPort(e){this[Is]&&(this[Is].defaultPort=e)}get protocol(){return this[Is].protocol??(this.isSecureEndpoint()?"https:":"http:")}set protocol(e){this[Is]&&(this[Is].protocol=e)}};Jn.Agent=_S});var pH=h(vl=>{"use strict";var $de=vl&&vl.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(vl,"__esModule",{value:!0});vl.parseProxyResponse=void 0;var Kde=$de(fE()),hE=(0,Kde.default)("https-proxy-agent:parse-proxy-response");function Xde(t){return new Promise((e,r)=>{let n=0,i=[];function s(){let l=t.read();l?c(l):t.once("readable",s)}function o(){t.removeListener("end",a),t.removeListener("error",A),t.removeListener("readable",s)}function a(){o(),hE("onend"),r(new Error("Proxy connection ended before receiving CONNECT response"))}function A(l){o(),hE("onerror %o",l),r(l)}function c(l){i.push(l),n+=l.length;let u=Buffer.concat(i,n),d=u.indexOf(`\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`);if(d===-1){hE("have not received end of HTTP headers yet..."),s();return}let f=u.slice(0,d).toString("ascii").split(`\r
 								`),g=f.shift();if(!g)return t.destroy(),r(new Error("No header received from proxy CONNECT response"));let m=g.split(" "),E=+m[1],C=m.slice(2).join(" "),I={};for(let N of f){if(!N)continue;let w=N.indexOf(":");if(w===-1)return t.destroy(),r(new Error(`Invalid header from proxy CONNECT response: "${N}"`));let R=N.slice(0,w).toLowerCase(),T=N.slice(w+1).trimStart(),U=I[R];typeof U=="string"?I[R]=[U,T]:Array.isArray(U)?U.push(T):I[R]=T}hE("got proxy server response: %o %o",g,I),o(),e({connect:{statusCode:E,statusText:C,headers:I},buffered:u})}t.on("error",A),t.on("end",a),s()})}vl.parseProxyResponse=Xde});var QH=h(pi=>{"use strict";var Zde=pi&&pi.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),efe=pi&&pi.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),IH=pi&&pi.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&Zde(e,t,r);return efe(e,t),e},BH=pi&&pi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(pi,"__esModule",{value:!0});pi.HttpsProxyAgent=void 0;var gE=IH(require("net")),yH=IH(require("tls")),tfe=BH(require("assert")),rfe=BH(fE()),nfe=DS(),ife=require("url"),sfe=pH(),ih=(0,rfe.default)("https-proxy-agent"),EH=t=>t.servername===void 0&&t.host&&!gE.isIP(t.host)?{...t,servername:t.host}:t,mE=class extends nfe.Agent{constructor(e,r){super(r),this.options={path:void 0},this.proxy=typeof e=="string"?new ife.URL(e):e,this.proxyHeaders=r?.headers??{},ih("Creating new HttpsProxyAgent instance: %o",this.proxy.href);let n=(this.proxy.hostname||this.proxy.host).replace(/^\[|\]$/g,""),i=this.proxy.port?parseInt(this.proxy.port,10):this.proxy.protocol==="https:"?443:80;this.connectOpts={ALPNProtocols:["http/1.1"],...r?CH(r,"headers"):null,host:n,port:i}}async connect(e,r){let{proxy:n}=this;if(!r.host)throw new TypeError('No "host" provided');let i;n.protocol==="https:"?(ih("Creating `tls.Socket`: %o",this.connectOpts),i=yH.connect(EH(this.connectOpts))):(ih("Creating `net.Socket`: %o",this.connectOpts),i=gE.connect(this.connectOpts));let s=typeof this.proxyHeaders=="function"?this.proxyHeaders():{...this.proxyHeaders},o=gE.isIPv6(r.host)?`[${r.host}]`:r.host,a=`CONNECT ${o}:${r.port} HTTP/1.1\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`;if(n.username||n.password){let d=`${decodeURIComponent(n.username)}:${decodeURIComponent(n.password)}`;s["Proxy-Authorization"]=`Basic ${Buffer.from(d).toString("base64")}`}s.Host=`${o}:${r.port}`,s["Proxy-Connection"]||(s["Proxy-Connection"]=this.keepAlive?"Keep-Alive":"close");for(let d of Object.keys(s))a+=`${d}: ${s[d]}\r
 								`;let A=(0,sfe.parseProxyResponse)(i);i.write(`${a}\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`);let{connect:c,buffered:l}=await A;if(e.emit("proxyConnect",c),this.emit("proxyConnect",c,e),c.statusCode===200)return e.once("socket",ofe),r.secureEndpoint?(ih("Upgrading socket connection to TLS"),yH.connect({...CH(EH(r),"host","path","port"),socket:i})):i;i.destroy();let u=new gE.Socket({writable:!1});return u.readable=!0,e.once("socket",d=>{ih("Replaying proxy buffer for failed request"),(0,tfe.default)(d.listenerCount("data")>0),d.push(l),d.push(null)}),u}};mE.protocols=["http","https"];pi.HttpsProxyAgent=mE;function ofe(t){t.resume()}function CH(t,...e){let r={},n;for(n in t)e.includes(n)||(r[n]=t[n]);return r}});var wH=h(yi=>{"use strict";var afe=yi&&yi.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Afe=yi&&yi.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),NH=yi&&yi.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&afe(e,t,r);return Afe(e,t),e},cfe=yi&&yi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(yi,"__esModule",{value:!0});yi.HttpProxyAgent=void 0;var lfe=NH(require("net")),ufe=NH(require("tls")),dfe=cfe(fE()),ffe=require("events"),hfe=DS(),bH=require("url"),Rl=(0,dfe.default)("http-proxy-agent"),pE=class extends hfe.Agent{constructor(e,r){super(r),this.proxy=typeof e=="string"?new bH.URL(e):e,this.proxyHeaders=r?.headers??{},Rl("Creating new HttpProxyAgent instance: %o",this.proxy.href);let n=(this.proxy.hostname||this.proxy.host).replace(/^\[|\]$/g,""),i=this.proxy.port?parseInt(this.proxy.port,10):this.proxy.protocol==="https:"?443:80;this.connectOpts={...r?gfe(r,"headers"):null,host:n,port:i}}addRequest(e,r){e._header=null,this.setRequestProps(e,r),super.addRequest(e,r)}setRequestProps(e,r){let{proxy:n}=this,i=r.secureEndpoint?"https:":"http:",s=e.getHeader("host")||"localhost",o=`${i}//${s}`,a=new bH.URL(e.path,o);r.port!==80&&(a.port=String(r.port)),e.path=String(a);let A=typeof this.proxyHeaders=="function"?this.proxyHeaders():{...this.proxyHeaders};if(n.username||n.password){let c=`${decodeURIComponent(n.username)}:${decodeURIComponent(n.password)}`;A["Proxy-Authorization"]=`Basic ${Buffer.from(c).toString("base64")}`}A["Proxy-Connection"]||(A["Proxy-Connection"]=this.keepAlive?"Keep-Alive":"close");for(let c of Object.keys(A)){let l=A[c];l&&e.setHeader(c,l)}}async connect(e,r){e._header=null,e.path.includes("://")||this.setRequestProps(e,r);let n,i;Rl("Regenerating stored HTTP header string for request"),e._implicitHeader(),e.outputData&&e.outputData.length>0&&(Rl("Patching connection write() output buffer with updated header"),n=e.outputData[0].data,i=n.indexOf(`\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`)+4,e.outputData[0].data=e._header+n.substring(i),Rl("Output buffer: %o",e.outputData[0].data));let s;return this.proxy.protocol==="https:"?(Rl("Creating `tls.Socket`: %o",this.connectOpts),s=ufe.connect(this.connectOpts)):(Rl("Creating `net.Socket`: %o",this.connectOpts),s=lfe.connect(this.connectOpts)),await(0,ffe.once)(s,"connect"),s}};pE.protocols=["http","https"];yi.HttpProxyAgent=pE;function gfe(t,...e){let r={},n;for(n in t)e.includes(n)||(r[n]=t[n]);return r}});var kS=h(Ei=>{"use strict";Object.defineProperty(Ei,"__esModule",{value:!0});Ei.globalNoProxyList=Ei.proxyPolicyName=void 0;Ei.loadNoProxy=_H;Ei.getDefaultProxySettings=Nfe;Ei.proxyPolicy=Sfe;var mfe=QH(),pfe=wH(),yfe=Zf(),Efe="HTTPS_PROXY",Cfe="HTTP_PROXY",Ife="ALL_PROXY",Bfe="NO_PROXY";Ei.proxyPolicyName="proxyPolicy";Ei.globalNoProxyList=[];var vH=!1,Qfe=new Map;function yE(t){if(process.env[t])return process.env[t];if(process.env[t.toLowerCase()])return process.env[t.toLowerCase()]}function RH(){if(!process)return;let t=yE(Efe),e=yE(Ife),r=yE(Cfe);return t||e||r}function bfe(t,e,r){if(e.length===0)return!1;let n=new URL(t).hostname;if(r?.has(n))return r.get(n);let i=!1;for(let s of e)s[0]==="."?(n.endsWith(s)||n.length===s.length-1&&n===s.slice(1))&&(i=!0):n===s&&(i=!0);return r?.set(n,i),i}function _H(){let t=yE(Bfe);return vH=!0,t?t.split(",").map(e=>e.trim()).filter(e=>e.length):[]}function Nfe(t){if(!t&&(t=RH(),!t))return;let e=new URL(t);return{host:(e.protocol?e.protocol+"//":"")+e.hostname,port:Number.parseInt(e.port||"80"),username:e.username,password:e.password}}function wfe(){let t=RH();return t?new URL(t):void 0}function SH(t){let e;try{e=new URL(t.host)}catch{throw new Error(`Expecting a valid host string in proxy settings, but found "${t.host}".`)}return e.port=String(t.port),t.username&&(e.username=t.username),t.password&&(e.password=t.password),e}function xH(t,e,r){if(t.agent)return;let i=new URL(t.url).protocol!=="https:";t.tlsSettings&&yfe.logger.warning("TLS settings are not supported in combination with custom Proxy, certificates provided to the client will be ignored.");let s=t.headers.toJSON();i?(e.httpProxyAgent||(e.httpProxyAgent=new pfe.HttpProxyAgent(r,{headers:s})),t.agent=e.httpProxyAgent):(e.httpsProxyAgent||(e.httpsProxyAgent=new mfe.HttpsProxyAgent(r,{headers:s})),t.agent=e.httpsProxyAgent)}function Sfe(t,e){vH||Ei.globalNoProxyList.push(..._H());let r=t?SH(t):wfe(),n={};return{name:Ei.proxyPolicyName,async sendRequest(i,s){var o;return!i.proxySettings&&r&&!bfe(i.url,(o=e?.customNoProxyList)!==null&&o!==void 0?o:Ei.globalNoProxyList,e?.customNoProxyList?void 0:Qfe)?xH(i,n,r):i.proxySettings&&xH(i,n,SH(i.proxySettings)),s(i)}}}});var PS=h(_l=>{"use strict";Object.defineProperty(_l,"__esModule",{value:!0});_l.agentPolicyName=void 0;_l.agentPolicy=xfe;_l.agentPolicyName="agentPolicy";function xfe(t){return{name:_l.agentPolicyName,sendRequest:async(e,r)=>(e.agent||(e.agent=t),r(e))}}});var TS=h(Dl=>{"use strict";Object.defineProperty(Dl,"__esModule",{value:!0});Dl.tlsPolicyName=void 0;Dl.tlsPolicy=vfe;Dl.tlsPolicyName="tlsPolicy";function vfe(t){return{name:Dl.tlsPolicyName,sendRequest:async(e,r)=>(e.tlsSettings||(e.tlsSettings=t),r(e))}}});var sh=h(mA=>{"use strict";Object.defineProperty(mA,"__esModule",{value:!0});mA.isNodeReadableStream=DH;mA.isWebReadableStream=kH;mA.isBinaryBody=Rfe;mA.isReadableStream=PH;mA.isBlob=_fe;function DH(t){return!!(t&&typeof t.pipe=="function")}function kH(t){return!!(t&&typeof t.getReader=="function"&&typeof t.tee=="function")}function Rfe(t){return t!==void 0&&(t instanceof Uint8Array||PH(t)||typeof t=="function"||t instanceof Blob)}function PH(t){return DH(t)||kH(t)}function _fe(t){return typeof t.stream=="function"}});var LH=h(LS=>{"use strict";Object.defineProperty(LS,"__esModule",{value:!0});LS.concat=Tfe;var io=(mi(),Ui(gi)),OS=require("stream"),Dfe=sh();function TH(){return io.__asyncGenerator(this,arguments,function*(){let e=this.getReader();try{for(;;){let{done:r,value:n}=yield io.__await(e.read());if(r)return yield io.__await(void 0);yield yield io.__await(n)}}finally{e.releaseLock
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`;return e}function qfe(t){return t instanceof Uint8Array?t.byteLength:(0,Ofe.isBlob)(t)?t.size===-1?void 0:t.size:void 0}function Hfe(t){let e=0;for(let r of t){let n=qfe(r);if(n===void 0)return;e+=n}return e}async function jfe(t,e,r){let n=[(0,kl.stringToUint8Array)(`--${r}`,"utf-8"),...e.flatMap(s=>[(0,kl.stringToUint8Array)(`\r
 								`,"utf-8"),(0,kl.stringToUint8Array)(Ufe(s.headers),"utf-8"),(0,kl.stringToUint8Array)(`\r
 								`,"utf-8"),s.body,(0,kl.stringToUint8Array)(`\r
 								--${r}`,"utf-8")]),(0,kl.stringToUint8Array)(`--\r
 								\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`,"utf-8")],i=Hfe(n);i&&t.headers.set("Content-Length",i),t.body=await(0,Mfe.concat)(n)}Pl.multipartPolicyName="multipartPolicy";var zfe=70,Gfe=new Set("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'()+,-./:=?");function Yfe(t){if(t.length>zfe)throw new Error(`Multipart boundary "${t}" exceeds maximum length of 70 characters`);if(Array.from(t).some(e=>!Gfe.has(e)))throw new Error(`Multipart boundary "${t}" contains invalid characters`)}function Jfe(){return{name:Pl.multipartPolicyName,async sendRequest(t,e){var r;if(!t.multipartBody)return e(t);if(t.body)throw new Error("multipartBody and regular body cannot be set at the same time");let n=t.multipartBody.boundary,i=(r=t.headers.get("Content-Type"))!==null&&r!==void 0?r:"multipart/mixed",s=i.match(/^(multipart\/[^ ;]+)(?:; *boundary=(.+))?$/);if(!s)throw new Error(`Got multipart request body, but content-type header was not multipart: ${i}`);let[,o,a]=s;if(a&&n&&a!==n)throw new Error(`Multipart boundary was specified as ${a} in the header, but got ${n} in the request body`);return n??(n=a),n?Yfe(n):n=Ffe(),t.headers.set("Content-Type",`${o}; boundary=${n}`),await jfe(t,t.multipartBody.parts,n),t.multipartBody=void 0,e(t)}}}});var UH=h(FS=>{"use strict";Object.defineProperty(FS,"__esModule",{value:!0});FS.createPipelineFromOptions=ihe;var Vfe=lS(),Wfe=Xw(),$fe=uS(),Kfe=hS(),Xfe=gS(),Zfe=QS(),ehe=xS(),MH=nh(),the=kS(),rhe=PS(),nhe=TS(),FH=MS();function ihe(t){let e=(0,Wfe.createEmptyPipeline)();return MH.isNodeLike&&(t.agent&&e.addPolicy((0,rhe.agentPolicy)(t.agent)),t.tlsOptions&&e.addPolicy((0,nhe.tlsPolicy)(t.tlsOptions)),e.addPolicy((0,the.proxyPolicy)(t.proxyOptions)),e.addPolicy((0,Xfe.decompressResponsePolicy)())),e.addPolicy((0,ehe.formDataPolicy)(),{beforePolicies:[FH.multipartPolicyName]}),e.addPolicy((0,Kfe.userAgentPolicy)(t.userAgentOptions)),e.addPolicy((0,FH.multipartPolicy)(),{afterPhase:"Deserialize"}),e.addPolicy((0,Zfe.defaultRetryPolicy)(t.retryOptions),{phase:"Retry"}),MH.isNodeLike&&e.addPolicy((0,$fe.redirectPolicy)(t.redirectOptions),{afterPhase:"Retry"}),e.addPolicy((0,Vfe.logPolicy)(t.loggingOptions),{afterPhase:"Sign"}),e}});var qH=h(Tl=>{"use strict";Object.defineProperty(Tl,"__esModule",{value:!0});Tl.apiVersionPolicyName=void 0;Tl.apiVersionPolicy=she;Tl.apiVersionPolicyName="ApiVersionPolicy";function she(t){return{name:Tl.apiVersionPolicyName,sendRequest:(e,r)=>{let n=new URL(e.url);return!n.searchParams.get("api-version")&&t.apiVersion&&(e.url=`${e.url}${Array.from(n.searchParams.keys()).length>0?"&":"?"}api-version=${t.apiVersion}`),r(e)}}}});var HH=h(Ol=>{"use strict";Object.defineProperty(Ol,"__esModule",{value:!0});Ol.isOAuth2TokenCredential=ohe;Ol.isBearerTokenCredential=ahe;Ol.isBasicCredential=Ahe;Ol.isApiKeyCredential=che;function ohe(t){return"getOAuth2Token"in t}function ahe(t){return"getBearerToken"in t}function Ahe(t){return"username"in t&&"password"in t}function che(t){return"key"in t}});var oh=h(US=>{"use strict";Object.defineProperty(US,"__esModule",{value:!0});US.ensureSecureConnection=fhe;var lhe=Zf(),jH=!1;function uhe(t,e){if(e.allowInsecureConnection&&t.allowInsecureConnection){let r=new URL(t.url);if(r.hostname==="localhost"||r.hostname==="127.0.0.1")return!0}return!1}function dhe(){let t="Sending token over insecure transport. Assume any token issued is compromised.";lhe.logger.warning(t),typeof(process==null?void 0:process.emitWarning)=="function"&&!jH&&(jH=!0,process.emitWarning(t))}function fhe(t,e){if(!t.url.toLowerCase().startsWith("https://"))if(uhe(t,e))dhe();else throw new Error("Authentication is not permitted for non-TLS protected (non-https) URLs when allowInsecureConnection is false.")}});var zH=h(Ll=>{"use strict";Object.defineProperty(Ll,"__esModule",{value:!0});Ll.apiKeyAuthenticationPolicyName=void 0;Ll.apiKeyAuthenticationPolicy=ghe;var hhe=oh();Ll.apiKeyAuthenticationPolicyName="apiKeyAuthenticationPolicy";function ghe(t){return{name:Ll.apiKeyAuthenticationPolicyName,async sendRequest(e,r){var n,i;(0,hhe.ensureSecureConnection)(e,t);let s=(i=(n=e.authSchemes)!==null&&n!==void 0?n:t.a
 								`).join(""))}return e(t)}}}});var Sz=h(CA=>{"use strict";Object.defineProperty(CA,"__esModule",{value:!0});CA.auxiliaryAuthenticationHeaderPolicyName=void 0;CA.auxiliaryAuthenticationHeaderPolicy=Vpe;var Gpe=Ox(),Ype=Ah();CA.auxiliaryAuthenticationHeaderPolicyName="auxiliaryAuthenticationHeaderPolicy";var wz="x-ms-authorization-auxiliary";async function Jpe(t){var e,r;let{scopes:n,getAccessToken:i,request:s}=t,o={abortSignal:s.abortSignal,tracingOptions:s.tracingOptions};return(r=(e=await i(n,o))===null||e===void 0?void 0:e.token)!==null&&r!==void 0?r:""}function Vpe(t){let{credentials:e,scopes:r}=t,n=t.logger||Ype.logger,i=new WeakMap;return{name:CA.auxiliaryAuthenticationHeaderPolicyName,async sendRequest(s,o){if(!s.url.toLowerCase().startsWith("https://"))throw new Error("Bearer token authentication for auxiliary header is not permitted for non-TLS protected (non-https) URLs.");if(!e||e.length===0)return n.info(`${CA.auxiliaryAuthenticationHeaderPolicyName} header will not be set due to empty credentials.`),o(s);let a=[];for(let c of e){let l=i.get(c);l||(l=(0,Gpe.createTokenCycler)(c),i.set(c,l)),a.push(Jpe({scopes:Array.isArray(r)?r:[r],request:s,getAccessToken:l,logger:n}))}let A=(await Promise.all(a)).filter(c=>!!c);return A.length===0?(n.warning(`None of the auxiliary tokens are valid. ${wz} header will not be set.`),o(s)):(s.headers.set(wz,A.map(c=>`Bearer ${c}`).join(", ")),o(s))}}}});var oo=h(L=>{"use strict";Object.defineProperty(L,"__esModule",{value:!0});L.createFileFromStream=L.createFile=L.agentPolicyName=L.agentPolicy=L.auxiliaryAuthenticationHeaderPolicyName=L.auxiliaryAuthenticationHeaderPolicy=L.ndJsonPolicyName=L.ndJsonPolicy=L.bearerTokenAuthenticationPolicyName=L.bearerTokenAuthenticationPolicy=L.formDataPolicyName=L.formDataPolicy=L.tlsPolicyName=L.tlsPolicy=L.userAgentPolicyName=L.userAgentPolicy=L.defaultRetryPolicy=L.tracingPolicyName=L.tracingPolicy=L.retryPolicy=L.throttlingRetryPolicyName=L.throttlingRetryPolicy=L.systemErrorRetryPolicyName=L.systemErrorRetryPolicy=L.redirectPolicyName=L.redirectPolicy=L.getDefaultProxySettings=L.proxyPolicyName=L.proxyPolicy=L.multipartPolicyName=L.multipartPolicy=L.logPolicyName=L.logPolicy=L.setClientRequestIdPolicyName=L.setClientRequestIdPolicy=L.exponentialRetryPolicyName=L.exponentialRetryPolicy=L.decompressResponsePolicyName=L.decompressResponsePolicy=L.isRestError=L.RestError=L.createPipelineRequest=L.createHttpHeaders=L.createDefaultHttpClient=L.createPipelineFromOptions=L.createEmptyPipeline=void 0;var Wpe=KS();Object.defineProperty(L,"createEmptyPipeline",{enumerable:!0,get:function(){return Wpe.createEmptyPipeline}});var $pe=cz();Object.defineProperty(L,"createPipelineFromOptions",{enumerable:!0,get:function(){return $pe.createPipelineFromOptions}});var Kpe=lz();Object.defineProperty(L,"createDefaultHttpClient",{enumerable:!0,get:function(){return Kpe.createDefaultHttpClient}});var Xpe=uz();Object.defineProperty(L,"createHttpHeaders",{enumerable:!0,get:function(){return Xpe.createHttpHeaders}});var Zpe=dz();Object.defineProperty(L,"createPipelineRequest",{enumerable:!0,get:function(){return Zpe.createPipelineRequest}});var xz=ME();Object.defineProperty(L,"RestError",{enumerable:!0,get:function(){return xz.RestError}});Object.defineProperty(L,"isRestError",{enumerable:!0,get:function(){return xz.isRestError}});var vz=gx();Object.defineProperty(L,"decompressResponsePolicy",{enumerable:!0,get:function(){return vz.decompressResponsePolicy}});Object.defineProperty(L,"decompressResponsePolicyName",{enumerable:!0,get:function(){return vz.decompressResponsePolicyName}});var Rz=hz();Object.defineProperty(L,"exponentialRetryPolicy",{enumerable:!0,get:function(){return Rz.exponentialRetryPolicy}});Object.defineProperty(L,"exponentialRetryPolicyName",{enumerable:!0,get:function(){return Rz.exponentialRetryPolicyName}});var _z=Cx();Object.defineProperty(L,"setClientRequestIdPolicy",{enumerable:!0,get:function(){return _z.setClientRequestIdPolicy}});Object.defineProperty(L,"setClientRequestIdPolicyName",{enumerable:!0,get:function(){return _z.setClientReques
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								`&&p[b]!=="\r";b++)P+=p[b];if(P=P.trim(),P[P.length-1]==="/"&&(P=P.substring(0,P.length-1),b--),!s(P)){let ae;return ae=P.trim().length===0?"Invalid space after '<'.":"Tag '"+P+"' is an invalid name.",C("InvalidTag",ae,N(p,b))}let z=f(p,b);if(z===!1)return C("InvalidAttr","Attributes for '"+P+"' have open quote.",N(p,b));let Ee=z.value;if(b=z.index,Ee[Ee.length-1]==="/"){let ae=b-Ee.length;Ee=Ee.substring(0,Ee.length-1);let Fe=m(Ee,y);if(Fe!==!0)return C(Fe.err.code,Fe.err.msg,N(p,ae+Fe.err.line));S=!0}else if(v){if(!z.tagClosed)return C("InvalidTag","Closing tag '"+P+"' doesn't have proper closing.",N(p,b));if(Ee.trim().length>0)return C("InvalidTag","Closing tag '"+P+"' can't have attributes or invalid starting.",N(p,_));if(B.length===0)return C("InvalidTag","Closing tag '"+P+"' has not been opened.",N(p,_));{let ae=B.pop();if(P!==ae.tagName){let Fe=N(p,ae.tagStartPos);return C("InvalidTag","Expected closing tag '"+ae.tagName+"' (opened in line "+Fe.line+", col "+Fe.col+") instead of closing tag '"+P+"'.",N(p,_))}B.length==0&&(Q=!0)}}else{let ae=m(Ee,y);if(ae!==!0)return C(ae.err.code,ae.err.msg,N(p,b-Ee.length+ae.err.line));if(Q===!0)return C("InvalidXml","Multiple possible root nodes found.",N(p,b));y.unpairedTags.indexOf(P)!==-1||B.push({tagName:P,tagStartPos:_}),S=!0}for(b++;b<p.length;b++)if(p[b]==="<"){if(p[b+1]==="!"){b++,b=l(p,b);continue}if(p[b+1]!=="?")break;if(b=c(p,++b),b.err)return b}else if(p[b]==="&"){let ae=E(p,b);if(ae==-1)return C("InvalidChar","char '&' is not expected.",N(p,b));b=ae}else if(Q===!0&&!A(p[b]))return C("InvalidXml","Extra text at the end",N(p,b));p[b]==="<"&&b--}}}return S?B.length==1?C("InvalidTag","Unclosed tag '"+B[0].tagName+"'.",N(p,B[0].tagStartPos)):!(B.length>0)||C("InvalidXml","Invalid '"+JSON.stringify(B.map((b=>b.tagName)),null,4).replace(/\r?\n/g,"")+"' found.",{line:1,col:1}):C("InvalidXml","Start tag expected.",1)}function A(p){return p===" "||p==="	"||p===`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`||p==="\r"}function c(p,y){let B=y;for(;y<p.length;y++)if(!(p[y]!="?"&&p[y]!=" ")){let S=p.substr(B,y-B);if(y>5&&S==="xml")return C("InvalidXml","XML declaration allowed only at the start of the document.",N(p,y));if(p[y]=="?"&&p[y+1]==">"){y++;break}}return y}function l(p,y){if(p.length>y+5&&p[y+1]==="-"&&p[y+2]==="-"){for(y+=3;y<p.length;y++)if(p[y]==="-"&&p[y+1]==="-"&&p[y+2]===">"){y+=2;break}}else if(p.length>y+8&&p[y+1]==="D"&&p[y+2]==="O"&&p[y+3]==="C"&&p[y+4]==="T"&&p[y+5]==="Y"&&p[y+6]==="P"&&p[y+7]==="E"){let B=1;for(y+=8;y<p.length;y++)if(p[y]==="<")B++;else if(p[y]===">"&&(B--,B===0))break}else if(p.length>y+9&&p[y+1]==="["&&p[y+2]==="C"&&p[y+3]==="D"&&p[y+4]==="A"&&p[y+5]==="T"&&p[y+6]==="A"&&p[y+7]==="["){for(y+=8;y<p.length;y++)if(p[y]==="]"&&p[y+1]==="]"&&p[y+2]===">"){y+=2;break}}return y}let u='"',d="'";function f(p,y){let B="",S="",Q=!1;for(;y<p.length;y++){if(p[y]===u||p[y]===d)S===""?S=p[y]:S!==p[y]||(S="");else if(p[y]===">"&&S===""){Q=!0;break}B+=p[y]}return S===""&&{value:B,index:y,tagClosed:Q}}let g=new RegExp(`(\\s*)([^\\s=]+)(\\s*=)?(\\s*(['"])(([\\s\\S])*?)\\5)?`,"g");function m(p,y){let B=i(p,g),S={};for(let Q=0;Q<B.length;Q++){if(B[Q][1].length===0)return C("InvalidAttr","Attribute '"+B[Q][2]+"' has no space in starting.",w(B[Q]));if(B[Q][3]!==void 0&&B[Q][4]===void 0)return C("InvalidAttr","Attribute '"+B[Q][2]+"' is without value.",w(B[Q]));if(B[Q][3]===void 0&&!y.allowBooleanAttributes)return C("InvalidAttr","boolean attribute '"+B[Q][2]+"' is not allowed.",w(B[Q]));let b=B[Q][2];if(!I(b))return C("InvalidAttr","Attribute '"+b+"' is an invalid name.",w(B[Q]));if(S.hasOwnProperty(b))return C("InvalidAttr","Attribute '"+b+"' is repeated.",w(B[Q]));S[b]=1}return!0}function E(p,y){if(p[++y]===";")return-1;if(p[y]==="#")return(function(S,Q){let b=/\d/;for(S[Q]==="x"&&(Q++,b=/[\da-fA-F]/);Q<S.length;Q++){if(S[Q]===";")return Q;if(!S[Q].match(b))break}return-1})(p,++y);let B=0;for(;y<p.length;y++,B++)if(!(p[y].match(/\w/)&&B<20)){if(p[y]===";")break;return-1}return y}function C(p,y,B){return{err:{code:p,msg:y,line:B.line||B,col:B.col}}}function I(p){return s(p)}function N(p,y){let B=p.substring(0,y).split(/\r?\n/);return{line:B.length,col:B[B.length-1].length+1}}function w(p){return p.startIndex+p[1].length}let R={preserveOrder:!1,attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,removeNSPrefix:!1,allowBooleanAttributes:!1,parseTagValue:!0,parseAttributeValue:!1,trimValues:!0,cdataPropName:!1,numberParseOptions:{hex:!0,leadingZeros:!0,eNotation:!0},tagValueProcessor:function(p,y){return y},attributeValueProcessor:function(p,y){return y},stopNodes:[],alwaysCreateTextNode:!1,isArray:()=>!1,commentPropName:!1,unpairedTags:[],processEntities:!0,htmlEntities:!1,ignoreDeclaration:!1,ignorePiTags:!1,transformTagName:!1,transformAttributeName:!1,updateTag:function(p,y,B){return p},captureMetaData:!1},T;T=typeof Symbol!="function"?"@@xmlMetadata":Symbol("XML Node Metadata");class U{constructor(y){this.tagname=y,this.child=[],this[":@"]={}}add(y,B){y==="__proto__"&&(y="#__proto__"),this.child.push({[y]:B})}addChild(y,B){y.tagname==="__proto__"&&(y.tagname="#__proto__"),y[":@"]&&Object.keys(y[":@"]).length>0?this.child.push({[y.tagname]:y.child,":@":y[":@"]}):this.child.push({[y.tagname]:y.child}),B!==void 0&&(this.child[this.child.length-1][T]={startIndex:B})}static getMetaDataSymbol(){return T}}function k(p,y){let B={};if(p[y+3]!=="O"||p[y+4]!=="C"||p[y+5]!=="T"||p[y+6]!=="Y"||p[y+7]!=="P"||p[y+8]!=="E")throw new Error("Invalid Tag instead of DOCTYPE");{y+=9;let S=1,Q=!1,b=!1,_="";for(;y<p.length;y++)if(p[y]!=="<"||b)if(p[y]===">"){if(b?p[y-1]==="-"&&p[y-2]==="-"&&(b=!1,S--):S--,S===0)break}else p[y]==="["?Q=!0:_+=p[y];else{if(Q&&rt(p,"!ENTITY",y)){let v,P;y+=7,[v,P,y]=be(p,y+1),P.indexOf("&")===-1&&(B[v]={regx:RegExp(`&${v};`,"g"),val:P})}else if(Q&&rt(p,"!ELEMENT",y)){y+=8;let{index:v}=_e(p,y+1);y=v}else if(Q&&rt(p,"!ATTLIST",y))y+=8;else if(Q&&rt(p,"!NOTATION",y)){y+=9;let{index:v}=ve(p,y+1);y=v}else{if(!rt(p,"!--",y))throw new Error("Invalid DOCTYPE");b=!0}S++
 								`);let y=new U("!xml"),B=y,S="",Q="";for(let b=0;b<p.length;b++)if(p[b]==="<")if(p[b+1]==="/"){let _=Fa(p,">",b,"Closing Tag is not closed."),v=p.substring(b+2,_).trim();if(this.options.removeNSPrefix){let Ee=v.indexOf(":");Ee!==-1&&(v=v.substr(Ee+1))}this.options.transformTagName&&(v=this.options.transformTagName(v)),B&&(S=this.saveTextToParentTag(S,B,Q));let P=Q.substring(Q.lastIndexOf(".")+1);if(v&&this.options.unpairedTags.indexOf(v)!==-1)throw new Error(`Unpaired tag can not be used as closing tag: </${v}>`);let z=0;P&&this.options.unpairedTags.indexOf(P)!==-1?(z=Q.lastIndexOf(".",Q.lastIndexOf(".")-1),this.tagsNodeStack.pop()):z=Q.lastIndexOf("."),Q=Q.substring(0,z),B=this.tagsNodeStack.pop(),S="",b=_}else if(p[b+1]==="?"){let _=TQ(p,b,!1,"?>");if(!_)throw new Error("Pi Tag is not closed.");if(S=this.saveTextToParentTag(S,B,Q),!(this.options.ignoreDeclaration&&_.tagName==="?xml"||this.options.ignorePiTags)){let v=new U(_.tagName);v.add(this.options.textNodeName,""),_.tagName!==_.tagExp&&_.attrExpPresent&&(v[":@"]=this.buildAttributesMap(_.tagExp,Q,_.tagName)),this.addChild(B,v,Q,b)}b=_.closeIndex+1}else if(p.substr(b+1,3)==="!--"){let _=Fa(p,"-->",b+4,"Comment is not closed.");if(this.options.commentPropName){let v=p.substring(b+4,_-2);S=this.saveTextToParentTag(S,B,Q),B.add(this.options.commentPropName,[{[this.options.textNodeName]:v}])}b=_}else if(p.substr(b+1,2)==="!D"){let _=k(p,b);this.docTypeEntities=_.entities,b=_.i}else if(p.substr(b+1,2)==="!["){let _=Fa(p,"]]>",b,"CDATA is not closed.")-2,v=p.substring(b+9,_);S=this.saveTextToParentTag(S,B,Q);let P=this.parseTextData(v,B.tagname,Q,!0,!1,!0,!0);P==null&&(P=""),this.options.cdataPropName?B.add(this.options.cdataPropName,[{[this.options.textNodeName]:v}]):B.add(this.options.textNodeName,P),b=_+2}else{let _=TQ(p,b,this.options.removeNSPrefix),v=_.tagName,P=_.rawTagName,z=_.tagExp,Ee=_.attrExpPresent,ae=_.closeIndex;this.options.transformTagName&&(v=this.options.transformTagName(v)),B&&S&&B.tagname!=="!xml"&&(S=this.saveTextToParentTag(S,B,Q,!1));let Fe=B;Fe&&this.options.unpairedTags.indexOf(Fe.tagname)!==-1&&(B=this.tagsNodeStack.pop(),Q=Q.substring(0,Q.lastIndexOf("."))),v!==y.tagname&&(Q+=Q?"."+v:v);let nt=b;if(this.isItStopNode(this.options.stopNodes,Q,v)){let ze="";if(z.length>0&&z.lastIndexOf("/")===z.length-1)v[v.length-1]==="/"?(v=v.substr(0,v.length-1),Q=Q.substr(0,Q.length-1),z=v):z=z.substr(0,z.length-1),b=_.closeIndex;else if(this.options.unpairedTags.indexOf(v)!==-1)b=_.closeIndex;else{let is=this.readStopNodeData(p,P,ae+1);if(!is)throw new Error(`Unexpected end of ${P}`);b=is.i,ze=is.tagContent}let er=new U(v);v!==z&&Ee&&(er[":@"]=this.buildAttributesMap(z,Q,v)),ze&&(ze=this.parseTextData(ze,v,Q,!0,Ee,!0,!0)),Q=Q.substr(0,Q.lastIndexOf(".")),er.add(this.options.textNodeName,ze),this.addChild(B,er,Q,nt)}else{if(z.length>0&&z.lastIndexOf("/")===z.length-1){v[v.length-1]==="/"?(v=v.substr(0,v.length-1),Q=Q.substr(0,Q.length-1),z=v):z=z.substr(0,z.length-1),this.options.transformTagName&&(v=this.options.transformTagName(v));let ze=new U(v);v!==z&&Ee&&(ze[":@"]=this.buildAttributesMap(z,Q,v)),this.addChild(B,ze,Q,nt),Q=Q.substr(0,Q.lastIndexOf("."))}else{let ze=new U(v);this.tagsNodeStack.push(B),v!==z&&Ee&&(ze[":@"]=this.buildAttributesMap(z,Q,v)),this.addChild(B,ze,Q,nt),B=ze}S="",b=ae}}else S+=p[b];return y.child};function p6(p,y,B,S){this.options.captureMetaData||(S=void 0);let Q=this.options.updateTag(y.tagname,B,y[":@"]);Q===!1||(typeof Q=="string"&&(y.tagname=Q),p.addChild(y,S))}let y6=function(p){if(this.options.processEntities){for(let y in this.docTypeEntities){let B=this.docTypeEntities[y];p=p.replace(B.regx,B.val)}for(let y in this.lastEntities){let B=this.lastEntities[y];p=p.replace(B.regex,B.val)}if(this.options.htmlEntities)for(let y in this.htmlEntities){let B=this.htmlEntities[y];p=p.replace(B.regex,B.val)}p=p.replace(this.ampEntity.regex,this.ampEntity.val)}return p};function E6(p,y,B,S){return p&&(S===void 0&&(S=y.child.length===0),(p=this.parseTextData(p,y.tagname,B,!1,!!y[":@"]&&Object.keys(y[":@"]).length!==0,S))!==void 0&&p!==
 								`),NP(p,y,"",B)}function NP(p,y,B,S){let Q="",b=!1;for(let _=0;_<p.length;_++){let v=p[_],P=x6(v);if(P===void 0)continue;let z="";if(z=B.length===0?P:`${B}.${P}`,P===y.textNodeName){let nt=v[P];v6(z,y)||(nt=y.tagValueProcessor(P,nt),nt=SP(nt,y)),b&&(Q+=S),Q+=nt,b=!1;continue}if(P===y.cdataPropName){b&&(Q+=S),Q+=`<![CDATA[${v[P][0][y.textNodeName]}]]>`,b=!1;continue}if(P===y.commentPropName){Q+=S+`<!--${v[P][0][y.textNodeName]}-->`,b=!0;continue}if(P[0]==="?"){let nt=wP(v[":@"],y),ze=P==="?xml"?"":S,er=v[P][0][y.textNodeName];er=er.length!==0?" "+er:"",Q+=ze+`<${P}${er}${nt}?>`,b=!0;continue}let Ee=S;Ee!==""&&(Ee+=y.indentBy);let ae=S+`<${P}${wP(v[":@"],y)}`,Fe=NP(v[P],y,z,Ee);y.unpairedTags.indexOf(P)!==-1?y.suppressUnpairedNode?Q+=ae+">":Q+=ae+"/>":Fe&&Fe.length!==0||!y.suppressEmptyNode?Fe&&Fe.endsWith(">")?Q+=ae+`>${Fe}${S}</${P}>`:(Q+=ae+">",Fe&&S!==""&&(Fe.includes("/>")||Fe.includes("</"))?Q+=S+y.indentBy+Fe+S:Q+=Fe,Q+=`</${P}>`):Q+=ae+"/>",b=!0}return Q}function x6(p){let y=Object.keys(p);for(let B=0;B<y.length;B++){let S=y[B];if(p.hasOwnProperty(S)&&S!==":@")return S}}function wP(p,y){let B="";if(p&&!y.ignoreAttributes)for(let S in p){if(!p.hasOwnProperty(S))continue;let Q=y.attributeValueProcessor(S,p[S]);Q=SP(Q,y),Q===!0&&y.suppressBooleanAttributes?B+=` ${S.substr(y.attributeNamePrefix.length)}`:B+=` ${S.substr(y.attributeNamePrefix.length)}="${Q}"`}return B}function v6(p,y){let B=(p=p.substr(0,p.length-y.textNodeName.length-1)).substr(p.lastIndexOf(".")+1);for(let S in y.stopNodes)if(y.stopNodes[S]===p||y.stopNodes[S]==="*."+B)return!0;return!1}function SP(p,y){if(p&&p.length>0&&y.processEntities)for(let B=0;B<y.entities.length;B++){let S=y.entities[B];p=p.replace(S.regex,S.val)}return p}let R6={attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,cdataPropName:!1,format:!1,indentBy:"  ",suppressEmptyNode:!1,suppressUnpairedNode:!0,suppressBooleanAttributes:!0,tagValueProcessor:function(p,y){return y},attributeValueProcessor:function(p,y){return y},preserveOrder:!1,commentPropName:!1,unpairedTags:[],entities:[{regex:new RegExp("&","g"),val:"&amp;"},{regex:new RegExp(">","g"),val:"&gt;"},{regex:new RegExp("<","g"),val:"&lt;"},{regex:new RegExp("'","g"),val:"&apos;"},{regex:new RegExp('"',"g"),val:"&quot;"}],processEntities:!0,stopNodes:[],oneListGroup:!1};function Ro(p){this.options=Object.assign({},R6,p),this.options.ignoreAttributes===!0||this.options.attributesGroupName?this.isAttribute=function(){return!1}:(this.ignoreAttributesFn=Mi(this.options.ignoreAttributes),this.attrPrefixLen=this.options.attributeNamePrefix.length,this.isAttribute=k6),this.processTextOrObjNode=_6,this.options.format?(this.indentate=D6,this.tagEndChar=`>
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`,this.newLine=`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`):(this.indentate=function(){return""},this.tagEndChar=">",this.newLine="")}function _6(p,y,B,S){let Q=this.j2x(p,B+1,S.concat(y));return p[this.options.textNodeName]!==void 0&&Object.keys(p).length===1?this.buildTextValNode(p[this.options.textNodeName],y,Q.attrStr,B):this.buildObjectNode(Q.val,y,Q.attrStr,B)}function D6(p){return this.options.indentBy.repeat(p)}function k6(p){return!(!p.startsWith(this.options.attributeNamePrefix)||p===this.options.textNodeName)&&p.substr(this.attrPrefixLen)}Ro.prototype.build=function(p){return this.options.preserveOrder?S6(p,this.options):(Array.isArray(p)&&this.options.arrayNodeName&&this.options.arrayNodeName.length>1&&(p={[this.options.arrayNodeName]:p}),this.j2x(p,0,[]).val)},Ro.prototype.j2x=function(p,y,B){let S="",Q="",b=B.join(".");for(let _ in p)if(Object.prototype.hasOwnProperty.call(p,_))if(p[_]===void 0)this.isAttribute(_)&&(Q+="");else if(p[_]===null)this.isAttribute(_)||_===this.options.cdataPropName?Q+="":_[0]==="?"?Q+=this.indentate(y)+"<"+_+"?"+this.tagEndChar:Q+=this.indentate(y)+"<"+_+"/"+this.tagEndChar;else if(p[_]instanceof Date)Q+=this.buildTextValNode(p[_],_,"",y);else if(typeof p[_]!="object"){let v=this.isAttribute(_);if(v&&!this.ignoreAttributesFn(v,b))S+=this.buildAttrPairStr(v,""+p[_]);else if(!v)if(_===this.options.textNodeName){let P=this.options.tagValueProcessor(_,""+p[_]);Q+=this.replaceEntitiesValue(P)}else Q+=this.buildTextValNode(p[_],_,"",y)}else if(Array.isArray(p[_])){let v=p[_].length,P="",z="";for(let Ee=0;Ee<v;Ee++){let ae=p[_][Ee];if(ae!==void 0)if(ae===null)_[0]==="?"?Q+=this.indentate(y)+"<"+_+"?"+this.tagEndChar:Q+=this.indentate(y)+"<"+_+"/"+this.tagEndChar;else if(typeof ae=="object")if(this.options.oneListGroup){let Fe=this.j2x(ae,y+1,B.concat(_));P+=Fe.val,this.options.attributesGroupName&&ae.hasOwnProperty(this.options.attributesGroupName)&&(z+=Fe.attrStr)}else P+=this.processTextOrObjNode(ae,_,y,B);else if(this.options.oneListGroup){let Fe=this.options.tagValueProcessor(_,ae);Fe=this.replaceEntitiesValue(Fe),P+=Fe}else P+=this.buildTextValNode(ae,_,"",y)}this.options.oneListGroup&&(P=this.buildObjectNode(P,_,z,y)),Q+=P}else if(this.options.attributesGroupName&&_===this.options.attributesGroupName){let v=Object.keys(p[_]),P=v.length;for(let z=0;z<P;z++)S+=this.buildAttrPairStr(v[z],""+p[_][v[z]])}else Q+=this.processTextOrObjNode(p[_],_,y,B);return{attrStr:S,val:Q}},Ro.prototype.buildAttrPairStr=function(p,y){return y=this.options.attributeValueProcessor(p,""+y),y=this.replaceEntitiesValue(y),this.options.suppressBooleanAttributes&&y==="true"?" "+p:" "+p+'="'+y+'"'},Ro.prototype.buildObjectNode=function(p,y,B,S){if(p==="")return y[0]==="?"?this.indentate(S)+"<"+y+B+"?"+this.tagEndChar:this.indentate(S)+"<"+y+B+this.closeTag(y)+this.tagEndChar;{let Q="</"+y+this.tagEndChar,b="";return y[0]==="?"&&(b="?",Q=""),!B&&B!==""||p.indexOf("<")!==-1?this.options.commentPropName!==!1&&y===this.options.commentPropName&&b.length===0?this.indentate(S)+`<!--${p}-->`+this.newLine:this.indentate(S)+"<"+y+B+b+this.tagEndChar+p+this.indentate(S)+Q:this.indentate(S)+"<"+y+B+b+">"+p+Q}},Ro.prototype.closeTag=function(p){let y="";return this.options.unpairedTags.indexOf(p)!==-1?this.options.suppressUnpairedNode||(y="/"):y=this.options.suppressEmptyNode?"/":`></${p}`,y},Ro.prototype.buildTextValNode=function(p,y,B,S){if(this.options.cdataPropName!==!1&&y===this.options.cdataPropName)return this.indentate(S)+`<![CDATA[${p}]]>`+this.newLine;if(this.options.commentPropName!==!1&&y===this.options.commentPropName)return this.indentate(S)+`<!--${p}-->`+this.newLine;if(y[0]==="?")return this.indentate(S)+"<"+y+B+"?"+this.tagEndChar;{let Q=this.options.tagValueProcessor(y,p);return Q=this.replaceEntitiesValue(Q),Q===""?this.indentate(S)+"<"+y+B+this.closeTag(y)+this.tagEndChar:this.indentate(S)+"<"+y+B+">"+Q+"</"+y+this.tagEndChar}},Ro.prototype.replaceEntitiesValue=function(p){if(p&&p.length>0&&this.options.processEntities)for(let y=0;y<this.options.entities.length;y++){let B=this.options.entities[y];p=p.replace(B.regex,B.val)}return p};let P6={validate:a};YG.e
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+									Polling from: ${r.config.operationLocation}
 									Operation status: ${l}
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+									Polling status: ${tY.terminalStates.includes(l)?"Stopped":"Running"}`),l==="succeeded"){let u=o(c,r);if(u!==void 0)return{response:await e(u).catch(eY({state:r,stateProxy:n,isOperationError:a})),status:l}}return{response:c,status:l}}async function ECe(t){let{poll:e,state:r,stateProxy:n,options:i,getOperationStatus:s,getResourceLocation:o,getOperationLocation:a,isOperationError:A,withOperationLocation:c,getPollingInterval:l,processResult:u,getError:d,updateState:f,setDelay:g,isDone:m,setErrorAsResult:E}=t,{operationLocation:C}=r.config;if(C!==void 0){let{response:I,status:N}=await yCe({poll:e,getOperationStatus:s,state:r,stateProxy:n,operationLocation:C,getResourceLocation:o,isOperationError:A,options:i});if(rY({status:N,response:I,state:r,stateProxy:n,isDone:m,processResult:u,getError:d,setErrorAsResult:E}),!tY.terminalStates.includes(N)){let w=l?.(I);w&&g(w);let R=a?.(I,r);if(R!==void 0){let T=C!==R;r.config.operationLocation=R,c?.(R,T)}else c?.(C,!1)}f?.(r,I)}}na.pollOperation=ECe});var mv=h(Ft=>{"use strict";Object.defineProperty(Ft,"__esModule",{value:!0});Ft.pollHttpOperation=Ft.isOperationError=Ft.getResourceLocation=Ft.getOperationStatus=Ft.getOperationLocation=Ft.initHttpOperation=Ft.getStatusFromInitialResponse=Ft.getErrorFromResponse=Ft.parseRetryAfter=Ft.inferLroMode=void 0;var nY=cC(),fv=aC();function iY(t){let{azureAsyncOperation:e,operationLocation:r}=t;return r??e}function sY(t){return t.headers.location}function oY(t){return t.headers["operation-location"]}function aY(t){return t.headers["azure-asyncoperation"]}function CCe(t){var e;let{location:r,requestMethod:n,requestPath:i,resourceLocationConfig:s}=t;switch(n){case"PUT":return i;case"DELETE":return;case"PATCH":return(e=o())!==null&&e!==void 0?e:i;default:return o()}function o(){switch(s){case"azure-async-operation":return;case"original-uri":return i;default:return r}}}function AY(t){let{rawResponse:e,requestMethod:r,requestPath:n,resourceLocationConfig:i}=t,s=oY(e),o=aY(e),a=iY({operationLocation:s,azureAsyncOperation:o}),A=sY(e),c=r?.toLocaleUpperCase();return a!==void 0?{mode:"OperationLocation",operationLocation:a,resourceLocation:CCe({requestMethod:c,location:A,requestPath:n,resourceLocationConfig:i})}:A!==void 0?{mode:"ResourceLocation",operationLocation:A}:c==="PUT"&&n?{mode:"Body",operationLocation:n}:void 0}Ft.inferLroMode=AY;function cY(t){let{status:e,statusCode:r}=t;if(typeof e!="string"&&e!==void 0)throw new Error(`Polling was unsuccessful. Expected status to have a string value or no value but it has instead: ${e}. This doesn't necessarily indicate the operation has failed. Check your Azure subscription or resource status for more information.`);switch(e?.toLocaleLowerCase()){case void 0:return hv(r);case"succeeded":return"succeeded";case"failed":return"failed";case"running":case"accepted":case"started":case"canceling":case"cancelling":return"running";case"canceled":case"cancelled":return"canceled";default:return fv.logger.verbose(`LRO: unrecognized operation status: ${e}`),e}}function ICe(t){var e;let{status:r}=(e=t.body)!==null&&e!==void 0?e:{};return cY({status:r,statusCode:t.statusCode})}function BCe(t){var e,r;let{properties:n,provisioningState:i}=(e=t.body)!==null&&e!==void 0?e:{},s=(r=n?.provisioningState)!==null&&r!==void 0?r:i;return cY({status:s,statusCode:t.statusCode})}function hv(t){return t===202?"running":t<300?"succeeded":"failed"}function lY({rawResponse:t}){let e=t.headers["retry-after"];if(e!==void 0){let r=parseInt(e);return isNaN(r)?QCe(new Date(e)):r*1e3}}Ft.parseRetryAfter=lY;function uY(t){let e=hY(t,"error");if(!e){fv.logger.warning("The long-running operation failed but there is no error property in the response's body");return}if(!e.code||!e.message){fv.logger.warning("The long-running operation failed but the error property in the response's body doesn't contain code or message");return}return e}Ft.getErrorFromResponse=uY;function QCe(t){let e=Math.floor(new Date().getTime()),r=t.getTime();if(e<r)return r-e}function dY(t){let{response:e,state:r,operationLocation:n}=t;function i(){var o;switch((o=r.config.meta
 								`,UY="HTTP/1.1",eIe="AES256",tIe="DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;",rIe=["Access-Control-Allow-Origin","Cache-Control","Content-Length","Content-Type","Date","Request-Id","traceparent","Transfer-Encoding","User-Agent","x-ms-client-request-id","x-ms-date","x-ms-error-code","x-ms-request-id","x-ms-return-client-request-id","x-ms-version","Accept-Ranges","Content-Disposition","Content-Encoding","Content-Language","Content-MD5","Content-Range","ETag","Last-Modified","Server","Vary","x-ms-content-crc64","x-ms-copy-action","x-ms-copy-completion-time","x-ms-copy-id","x-ms-copy-progress","x-ms-copy-status","x-ms-has-immutability-policy","x-ms-has-legal-hold","x-ms-lease-state","x-ms-lease-status","x-ms-range","x-ms-request-server-encrypted","x-ms-server-encrypted","x-ms-snapshot","x-ms-source-range","If-Match","If-Modified-Since","If-None-Match","If-Unmodified-Since","x-ms-access-tier","x-ms-access-tier-change-time","x-ms-access-tier-inferred","x-ms-account-kind","x-ms-archive-status","x-ms-blob-append-offset","x-ms-blob-cache-control","x-ms-blob-committed-block-count","x-ms-blob-condition-appendpos","x-ms-blob-condition-maxsize","x-ms-blob-content-disposition","x-ms-blob-content-encoding","x-ms-blob-content-language","x-ms-blob-content-length","x-ms-blob-content-md5","x-ms-blob-content-type","x-ms-blob-public-access","x-ms-blob-sequence-number","x-ms-blob-type","x-ms-copy-destination-snapshot","x-ms-creation-time","x-ms-default-encryption-scope","x-ms-delete-snapshots","x-ms-delete-type-permanent","x-ms-deny-encryption-scope-override","x-ms-encryption-algorithm","x-ms-if-sequence-number-eq","x-ms-if-sequence-number-le","x-ms-if-sequence-number-lt","x-ms-incremental-copy","x-ms-lease-action","x-ms-lease-break-period","x-ms-lease-duration","x-ms-lease-id","x-ms-lease-time","x-ms-page-write","x-ms-proposed-lease-id","x-ms-range-get-content-md5","x-ms-rehydrate-priority","x-ms-sequence-number-action","x-ms-sku-name","x-ms-source-content-md5","x-ms-source-if-match","x-ms-source-if-modified-since","x-ms-source-if-none-match","x-ms-source-if-unmodified-since","x-ms-tag-count","x-ms-encryption-key-sha256","x-ms-copy-source-error-code","x-ms-copy-source-status-code","x-ms-if-tags","x-ms-source-if-tags"],nIe=["comp","maxresults","rscc","rscd","rsce","rscl","rsct","se","si","sip","sp","spr","sr","srt","ss","st","sv","include","marker","prefix","copyid","restype","blockid","blocklisttype","delimiter","prevsnapshot","ske","skoid","sks","skt","sktid","skv","snapshot"],iIe="BlobUsesCustomerSpecifiedEncryption",sIe="BlobDoesNotUseCustomerSpecifiedEncryption",oIe=["10000","10001","10002","10003","10004","10100","10101","10102","10103","10104","11000","11001","11002","11003","11004","11100","11101","11102","11103","11104"];function aIe(t){let e=new URL(t),r=e.pathname;return r=r||"/",r=cIe(r),e.pathname=r,e.toString()}function AIe(t){let e="";if(t.search("DevelopmentStorageProxyUri=")!==-1){let r=t.split(";");for(let n of r)n.trim().startsWith("DevelopmentStorageProxyUri=")&&(e=n.trim().match("DevelopmentStorageProxyUri=(.*)")[1])}return e}function QA(t,e){let r=t.split(";");for(let n of r)if(n.trim().startsWith(e))return n.trim().match(e+"=(.*)")[1];return""}function yu(t){let e="";t.startsWith("UseDevelopmentStorage=true")&&(e=AIe(t),t=tIe);let r=QA(t,"BlobEndpoint");if(r=r.endsWith("/")?r.slice(0,-1):r,t.search("DefaultEndpointsProtocol=")!==-1&&t.search("AccountKey=")!==-1){let n="",i="",s=Buffer.from("accountKey","base64"),o="";if(i=QA(t,"AccountName"),s=Buffer.from(QA(t,"AccountKey"),"base64"),!r){n=QA(t,"DefaultEndpointsProtocol");let a=n.toLowerCase();if(a!=="https"&&a!=="http")throw new Error("Invalid DefaultEndpointsProtocol in the provided Connection String. Expecting 'https' or 'http'");if(o=QA(t,"EndpointSuffix"),!o)throw new Error("Invalid EndpointSuffix in the provided Connection String");r=`${n}://${i}.blob.${o}`}if(i){if(s.length===0)throw new Error("
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)+`
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								`+this.getCanonicalizedHeadersString(e)+this.getCanonicalizedResourceString(e),n=this.factory.computeHMACSHA256(r);return e.headers.set(Ie.AUTHORIZATION,`SharedKey ${this.factory.accountName}:${n}`),e}getHeaderValueToSign(e,r){let n=e.headers.get(r);return!n||r===Ie.CONTENT_LENGTH&&n==="0"?"":n}getCanonicalizedHeadersString(e){let r=e.headers.headersArray().filter(i=>i.name.toLowerCase().startsWith(Ie.PREFIX_FOR_STORAGE));r.sort((i,s)=>YY(i.name.toLowerCase(),s.name.toLowerCase())),r=r.filter((i,s,o)=>!(s>0&&i.name.toLowerCase()===o[s-1].name.toLowerCase()));let n="";return r.forEach(i=>{n+=`${i.name.toLowerCase().trimRight()}:${i.value.trimLeft()}
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`}),n}getCanonicalizedResourceString(e){let r=TC(e.url)||"/",n="";n+=`/${this.factory.accountName}${r}`;let i=HY(e.url),s={};if(i){let o=[];for(let a in i)if(Object.prototype.hasOwnProperty.call(i,a)){let A=a.toLowerCase();s[A]=i[a],o.push(A)}o.sort();for(let a of o)n+=`
 								${a}:${decodeURIComponent(s[a])}`}return n}},qh=class{create(e,r){throw new Error("Method should be implemented in children classes.")}},lt=class extends qh{constructor(e,r){super(),this.accountName=e,this.accountKey=Buffer.from(r,"base64")}create(e,r){return new bC(e,r,this)}computeHMACSHA256(e){return iR.createHmac("sha256",this.accountKey).update(e,"utf8").digest("base64")}},NC=class extends Uh{constructor(e,r){super(e,r)}},dt=class extends qh{create(e,r){return new NC(e,r)}},Nv;function BIe(){return Nv||(Nv=jr.createDefaultHttpClient()),Nv}var QIe="storageBrowserPolicy";function bIe(){return{name:QIe,async sendRequest(t,e){return st.isNode||((t.method==="GET"||t.method==="HEAD")&&(t.url=Ao(t.url,Ji.Parameters.FORCE_BROWSER_NO_CACHE,new Date().getTime().toString())),t.headers.delete(Ie.COOKIE),t.headers.delete(Ie.CONTENT_LENGTH)),e(t)}}}var NIe="storageRetryPolicy",Hh;(function(t){t[t.EXPONENTIAL=0]="EXPONENTIAL",t[t.FIXED=1]="FIXED"})(Hh||(Hh={}));var cu={maxRetryDelayInMs:120*1e3,maxTries:4,retryDelayInMs:4*1e3,retryPolicyType:Hh.EXPONENTIAL,secondaryHost:"",tryTimeoutInMs:void 0},wIe=["ETIMEDOUT","ESOCKETTIMEDOUT","ECONNREFUSED","ECONNRESET","ENOENT","ENOTFOUND","TIMEOUT","EPIPE","REQUEST_SEND_ERROR"],SIe=new kC.AbortError("The operation was aborted.");function xIe(t={}){var e,r,n,i,s,o;let a=(e=t.retryPolicyType)!==null&&e!==void 0?e:cu.retryPolicyType,A=(r=t.maxTries)!==null&&r!==void 0?r:cu.maxTries,c=(n=t.retryDelayInMs)!==null&&n!==void 0?n:cu.retryDelayInMs,l=(i=t.maxRetryDelayInMs)!==null&&i!==void 0?i:cu.maxRetryDelayInMs,u=(s=t.secondaryHost)!==null&&s!==void 0?s:cu.secondaryHost,d=(o=t.tryTimeoutInMs)!==null&&o!==void 0?o:cu.tryTimeoutInMs;function f({isPrimaryRetry:m,attempt:E,response:C,error:I}){var N,w;if(E>=A)return nr.info(`RetryPolicy: Attempt(s) ${E} >= maxTries ${A}, no further try.`),!1;if(I){for(let R of wIe)if(I.name.toUpperCase().includes(R)||I.message.toUpperCase().includes(R)||I.code&&I.code.toString().toUpperCase()===R)return nr.info(`RetryPolicy: Network error ${R} found, will retry.`),!0;if(I?.code==="PARSE_ERROR"&&I?.message.startsWith('Error "Error: Unclosed root tag'))return nr.info("RetryPolicy: Incomplete XML response likely due to service timeout, will retry."),!0}if(C||I){let R=(w=(N=C?.status)!==null&&N!==void 0?N:I?.statusCode)!==null&&w!==void 0?w:0;if(!m&&R===404)return nr.info("RetryPolicy: Secondary access with 404, will retry."),!0;if(R===503||R===500)return nr.info(`RetryPolicy: Will retry for status code ${R}.`),!0}return!1}function g(m,E){let C=0;if(m)switch(a){case Hh.EXPONENTIAL:C=Math.min((Math.pow(2,E-1)-1)*c,l);break;case Hh.FIXED:C=c;break}else C=Math.random()*1e3;return nr.info(`RetryPolicy: Delay for ${C}ms`),C}return{name:NIe,async sendRequest(m,E){d&&(m.url=Ao(m.url,Ji.Parameters.TIMEOUT,String(Math.floor(d/1e3))));let C=m.url,I=u?qY(m.url,u):void 0,N=!1,w=1,R=!0,T,U;for(;R;){let k=N||!I||!["GET","HEAD","OPTIONS"].includes(m.method)||w%2===1;m.url=k?C:I,T=void 0,U=void 0;try{nr.info(`RetryPolicy: =====> Try=${w} ${k?"Primary":"Secondary"}`),T=await E(m),N=N||!k&&T.status===404}catch(J){if(jr.isRestError(J))nr.error(`RetryPolicy: Caught error, message: ${J.message}, code: ${J.code}`),U=J;else throw nr.error(`RetryPolicy: Caught error, message: ${st.getErrorMessage(J)}`),J}R=f({isPrimaryRetry:k,attempt:w,response:T,error:U}),R&&await jY(g(k,w),m.abortSignal,SIe),w++}if(T)return T;throw U??new jr.RestError("RetryPolicy failed without known error.")}}}var vIe="storageSharedKeyCredentialPolicy";function JY(t){function e(s){s.headers.set(Ie.X_MS_DATE,new Date().toUTCString()),s.body&&(typeof s.body=="string"||Buffer.isBuffer(s.body))&&s.body.length>0&&s.headers.set(Ie.CONTENT_LENGTH,Buffer.byteLength(s.body));let o=[s.method.toUpperCase(),r(s,Ie.CONTENT_LANGUAGE),r(s,Ie.CONTENT_ENCODING),r(s,Ie.CONTENT_LENGTH),r(s,Ie.CONTENT_MD5),r(s,Ie.CONTENT_TYPE),r(s,Ie.DATE),r(s,Ie.IF_MODIFIED_SINCE),r(s,Ie.IF_MATCH),r(s,Ie.IF_NONE_MATCH),r(s,Ie.IF_UNMODIFIED_SINCE),r(s,Ie.RANGE)].join(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)+`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`+n(s)+i(s),a=iR.createHmac("sha256",t.accountKey).update(o,"utf8").digest("base64");s.headers.set(Ie.AUTHORIZATION,`SharedKey ${t.accountName}:${a}`)}function r(s,o){let a=s.headers.get(o);return!a||o===Ie.CONTENT_LENGTH&&a==="0"?"":a}function n(s){let o=[];for(let[A,c]of s.headers)A.toLowerCase().startsWith(Ie.PREFIX_FOR_STORAGE)&&o.push({name:A,value:c});o.sort((A,c)=>YY(A.name.toLowerCase(),c.name.toLowerCase())),o=o.filter((A,c,l)=>!(c>0&&A.name.toLowerCase()===l[c-1].name.toLowerCase()));let a="";return o.forEach(A=>{a+=`${A.name.toLowerCase().trimRight()}:${A.value.trimLeft()}
 								`}),a}function i(s){let o=TC(s.url)||"/",a="";a+=`/${t.accountName}${o}`;let A=HY(s.url),c={};if(A){let l=[];for(let u in A)if(Object.prototype.hasOwnProperty.call(A,u)){let d=u.toLowerCase();c[d]=A[u],l.push(d)}l.sort();for(let u of l)a+=`
 								${u}:${decodeURIComponent(c[u])}`}return a}return{name:vIe,async sendRequest(s,o){return e(s),o(s)}}}var wC=class extends fu{constructor(e,r){super(e,r)}async sendRequest(e){return st.isNode?this._nextPolicy.sendRequest(e):((e.method.toUpperCase()==="GET"||e.method.toUpperCase()==="HEAD")&&(e.url=Ao(e.url,Ji.Parameters.FORCE_BROWSER_NO_CACHE,new Date().getTime().toString())),e.headers.remove(Ie.COOKIE),e.headers.remove(Ie.CONTENT_LENGTH),this._nextPolicy.sendRequest(e))}},SC=class{create(e,r){return new wC(e,r)}},RIe="StorageCorrectContentLengthPolicy";function _Ie(){function t(e){e.body&&(typeof e.body=="string"||Buffer.isBuffer(e.body))&&e.body.length>0&&e.headers.set(Ie.CONTENT_LENGTH,Buffer.byteLength(e.body))}return{name:RIe,async sendRequest(e,r){return t(e),r(e)}}}function Aa(t){if(!t||typeof t!="object")return!1;let e=t;return Array.isArray(e.factories)&&typeof e.options=="object"&&typeof e.toServiceClientOptions=="function"}var jh=class{constructor(e,r={}){this.factories=e,this.options=r}toServiceClientOptions(){return{httpClient:this.options.httpClient,requestPolicyFactories:this.factories}}};function ut(t,e={}){t||(t=new dt);let r=new jh([],e);return r._credential=t,r}function DIe(t){let e=[kIe,$Y,PIe,TIe,OIe,LIe,FIe];if(t.factories.length){let r=t.factories.filter(n=>!e.some(i=>i(n)));if(r.length){let n=r.some(i=>MIe(i));return{wrappedPolicies:DC.createRequestPolicyFactoryPolicy(r),afterRetry:n}}}}function VY(t){var e;let r=t.options,{httpClient:n}=r,i=q.__rest(r,["httpClient"]),s=t._coreHttpClient;s||(s=n?DC.convertHttpClient(n):BIe(),t._coreHttpClient=s);let o=t._corePipeline;if(!o){let a=`azsdk-js-azure-storage-blob/${MY}`,A=i.userAgentOptions&&i.userAgentOptions.userAgentPrefix?`${i.userAgentOptions.userAgentPrefix} ${a}`:`${a}`;o=Lh.createClientPipeline(Object.assign(Object.assign({},i),{loggingOptions:{additionalAllowedHeaderNames:rIe,additionalAllowedQueryParameters:nIe,logger:nr.info},userAgentOptions:{userAgentPrefix:A},serializationOptions:{stringifyXML:Sv.stringifyXML,serializerOptions:{xml:{xmlCharKey:"#"}}},deserializationOptions:{parseXML:Sv.parseXML,serializerOptions:{xml:{xmlCharKey:"#"}}}})),o.removePolicy({phase:"Retry"}),o.removePolicy({name:jr.decompressResponsePolicyName}),o.addPolicy(_Ie()),o.addPolicy(xIe(i.retryOptions),{phase:"Retry"}),o.addPolicy(bIe());let c=DIe(t);c&&o.addPolicy(c.wrappedPolicies,c.afterRetry?{afterPhase:"Retry"}:void 0);let l=WY(t);Ci.isTokenCredential(l)?o.addPolicy(jr.bearerTokenAuthenticationPolicy({credential:l,scopes:(e=i.audience)!==null&&e!==void 0?e:AR,challengeCallbacks:{authorizeRequestOnChallenge:Lh.authorizeRequestOnTenantChallenge}}),{phase:"Sign"}):l instanceof lt&&o.addPolicy(JY({accountName:l.accountName,accountKey:l.accountKey}),{phase:"Sign"}),t._corePipeline=o}return Object.assign(Object.assign({},i),{allowInsecureConnection:!0,httpClient:s,pipeline:o})}function WY(t){if(t._credential)return t._credential;let e=new dt;for(let r of t.factories)if(Ci.isTokenCredential(r.credential))e=r.credential;else if($Y(r))return r;return e}function $Y(t){return t instanceof lt?!0:t.constructor.name==="StorageSharedKeyCredential"}function kIe(t){return t instanceof dt?!0:t.constructor.name==="AnonymousCredential"}function PIe(t){return Ci.isTokenCredential(t.credential)}function TIe(t){return t instanceof SC?!0:t.constructor.name==="StorageBrowserPolicyFactory"}function OIe(t){return t instanceof QC?!0:t.constructor.name==="StorageRetryPolicyFactory"}function LIe(t){return t.constructor.name==="TelemetryPolicyFactory"}function MIe(t){return t.constructor.name==="InjectorPolicyFactory"}function FIe(t){let e=["GenerateClientRequestIdPolicy","TracingPolicy","LogPolicy","ProxyPolicy","DisableResponseDecompressionPolicy","KeepAlivePolicy","DeserializationPolicy"],r={sendRequest:async o=>({request:o,headers:o.headers.clone(),status:500})},n={log(o,a){},shouldLog(o){return!1}},s=t.create(r,n).constructor.name;return e.some(o=>s.startsWith(o))}var lR={serializedName:"BlobServiceProperties",xmlName:"StorageServiceProperties",type:{name:"Composite",className:"BlobServi
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`),s=e.computeHMACSHA256(i);return{sasQueryParameters:new Ns(t.version,s,n,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType),stringToSign:i}}function Qbe(t,e){if(t=Lu(t),!t.identifier&&!(t.permissions&&t.expiresOn))throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when 'identifier' is not provided.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=co.parse(t.permissions.toString()).toString():i=lo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Ou(e.accountName,t.containerName,t.blobName),t.identifier,t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl?t.cacheControl:"",t.contentDisposition?t.contentDisposition:"",t.contentEncoding?t.contentEncoding:"",t.contentLanguage?t.contentLanguage:"",t.contentType?t.contentType:""].join(`
 								`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ns(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType),stringToSign:s}}function bbe(t,e){if(t=Lu(t),!t.identifier&&!(t.permissions&&t.expiresOn))throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when 'identifier' is not provided.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=co.parse(t.permissions.toString()).toString():i=lo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Ou(e.accountName,t.containerName,t.blobName),t.identifier,t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.encryptionScope,t.cacheControl?t.cacheControl:"",t.contentDisposition?t.contentDisposition:"",t.contentEncoding?t.contentEncoding:"",t.contentLanguage?t.contentLanguage:"",t.contentType?t.contentType:""].join(`
 								`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ns(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,void 0,void 0,void 0,t.encryptionScope),stringToSign:s}}function Nbe(t,e){if(t=Lu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=co.parse(t.permissions.toString()).toString():i=lo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Ou(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
 								`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ns(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey),stringToSign:s}}function wbe(t,e){if(t=Lu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=co.parse(t.permissions.toString()).toString():i=lo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Ou(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.preauthorizedAgentObjectId,void 0,t.correlationId,t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
 								`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ns(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey,t.preauthorizedAgentObjectId,t.correlationId),stringToSign:s}}function Sbe(t,e){if(t=Lu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=co.parse(t.permissions.toString()).toString():i=lo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Ou(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.preauthorizedAgentObjectId,void 0,t.correlationId,t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.encryptionScope,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ns(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey,t.preauthorizedAgentObjectId,t.correlationId,t.encryptionScope),stringToSign:s}}function Ou(t,e,r){let n=[`/blob/${t}/${e}`];return r&&n.push(`/${r}`),n.join("")}function Lu(t){let e=t.version?t.version:aR;if(t.snapshotTime&&e<"2018-11-09")throw RangeError("'version' must be >= '2018-11-09' when providing 'snapshotTime'.");if(t.blobName===void 0&&t.snapshotTime)throw RangeError("Must provide 'blobName' when providing 'snapshotTime'.");if(t.versionId&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'versionId'.");if(t.blobName===void 0&&t.versionId)throw RangeError("Must provide 'blobName' when providing 'versionId'.");if(t.permissions&&t.permissions.setImmutabilityPolicy&&e<"2020-08-04")throw RangeError("'version' must be >= '2020-08-04' when provided 'i' permission.");if(t.permissions&&t.permissions.deleteVersion&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'x' permission.");if(t.permissions&&t.permissions.permanentDelete&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'y' permission.");if(t.permissions&&t.permissions.tag&&e<"2019-12-12")throw RangeError("'version' must be >= '2019-12-12' when providing 't' permission.");if(e<"2020-02-10"&&t.permissions&&(t.permissions.move||t.permissions.execute))throw RangeError("'version' must be >= '2020-02-10' when providing the 'm' or 'e' permission.");if(e<"2021-04-10"&&t.permissions&&t.permissions.filterByTags)throw RangeError("'version' must be >= '2021-04-10' when providing the 'f' permission.");if(e<"2020-02-10"&&(t.preauthorizedAgentObjectId||t.correlationId))throw RangeError("'version' must be >= '2020-02-10' when providing 'preauthorizedAgentObjectId' or 'correlationId'.");if(t.encryptionScope&&e<"2020-12-06")throw RangeError("'version' must be >= '2020-12-06' when provided 'encryptionScope' in SAS.");return t.version=e,t}var Jh=class{get leaseId(){return this._leaseId}get url(){return this._url}constructor(e,r){let n=e.storageClientContext;this._url=e.url,e.name===void 0?(this._isContainer=!0,this._containerOrBlobOperation=n.container):(this._isContainer=!1,this._containerOrBlobOperation=n.blob),r||(r=st.randomUUID()),this._leaseId=r}async acquireLease(e,r={}){var n,i,s,o,a;if(this._isContainer&&(!((n=r.conditions)===null||n===void 0)&&n.ifMatch&&((i=r.conditions)===null||i===void 0?void 0:i.ifMatch)!==bs||!((s=r.conditions)===null||s===void 0)&&s.ifNoneMatch&&((o=r.conditions)===null||o===void 0?void 0:o.ifNoneMatch)!==bs||!((a=r.conditions)===null||a===void 0)&&a.tagConditions))throw new RangeError("The IfMatch, IfNoneMatch and tags access conditions are ignored by the service. Values other than undefined or their default values are not acceptable.");return F.withSpan("BlobLeaseClient-acquireLease",r,async A=>{var c;return V(await this._containerOrBlobOperation.acquireLease({abortSignal:r.abortSignal,duration:e,modifiedAccessConditions:Object.assign(Object.assign({},r.conditions),{ifTags:(c=r.conditions)===null||c===void 0?void 0:c.tagConditions}),proposedLeaseId:this._leaseId,tracingOptions:A.tracingOptions}))})}async changeLease(e,r={}){var n,i,s,o,a;if(this._isContainer&&(!((n=r.conditions)===null||n===void 0)&&n.ifMatch&&((i=r.conditions)===null||i===void 0?void 0:i.ifMatch)!==bs||!((s=r.conditions)===null||s===void 0)&&s.ifNoneMatch&&((o=r.conditions)===null||o===void 0?void 0:o.ifNoneMatch)!==bs||!((a=r.conditions)===null||a===void 0)&&a.tagConditions))throw new RangeError("The IfMatch, IfNoneMatch and tags access conditions are ignored by the service. Values other than undefined or their default values are not acceptable.");return F.withSpan("BlobLeaseClient-changeLease",r,async A=>{var c;let l=V(await this._containerOrBlobOperation.changeLease(this._leaseId,e,{abortSignal:r.abortSignal,modifiedAccessConditi
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`):o=[e.accountName,n,i,s,t.startsOn?Xe(t.startsOn,!1):"",Xe(t.expiresOn,!1),t.ipRange?uo(t.ipRange):"",t.protocol?t.protocol:"",r,""].join(`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`);let a=e.computeHMACSHA256(o);return{sasQueryParameters:new Ns(r,a,n.toString(),i,s,t.protocol,t.startsOn,t.expiresOn,t.ipRange,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,t.encryptionScope),stringToSign:o}}var nR=class t extends zh{static fromConnectionString(e,r){r=r||{};let n=yu(e);if(n.kind==="AccountConnString")if(st.isNode){let i=new lt(n.accountName,n.accountKey);r.proxyOptions||(r.proxyOptions=jr.getDefaultProxySettings(n.proxyUri));let s=ut(i,r);return new t(n.url,s)}else throw new Error("Account connection string is only supported in Node.js environment");else if(n.kind==="SASConnString"){let i=ut(new dt,r);return new t(n.url+"?"+n.accountSas,i)}else throw new Error("Connection string must be either an Account connection string or a SAS connection string")}constructor(e,r,n){let i;Aa(r)?i=r:st.isNode&&r instanceof lt||r instanceof dt||Ci.isTokenCredential(r)?i=ut(r,n):i=ut(new dt,n),super(e,i),this.serviceContext=this.storageClientContext.service}getContainerClient(e){return new RC(Pt(this.url,encodeURIComponent(e)),this.pipeline)}async createContainer(e,r={}){return F.withSpan("BlobServiceClient-createContainer",r,async n=>{let i=this.getContainerClient(e),s=await i.create(n);return{containerClient:i,containerCreateResponse:s}})}async deleteContainer(e,r={}){return F.withSpan("BlobServiceClient-deleteContainer",r,async n=>this.getContainerClient(e).delete(n))}async undeleteContainer(e,r,n={}){return F.withSpan("BlobServiceClient-undeleteContainer",n,async i=>{let s=this.getContainerClient(n.destinationContainerName||e),o=s.storageClientContext.container,a=V(await o.restore({deletedContainerName:e,deletedContainerVersion:r,tracingOptions:i.tracingOptions}));return{containerClient:s,containerUndeleteResponse:a}})}async renameContainer(e,r,n={}){return F.withSpan("BlobServiceClient-renameContainer",n,async i=>{var s;let o=this.getContainerClient(r),a=o.storageClientContext.container,A=V(await a.rename(e,Object.assign(Object.assign({},i),{sourceLeaseId:(s=n.sourceCondition)===null||s===void 0?void 0:s.leaseId})));return{containerClient:o,containerRenameResponse:A}})}async getProperties(e={}){return F.withSpan("BlobServiceClient-getProperties",e,async r=>V(await this.serviceContext.getProperties({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async setProperties(e,r={}){return F.withSpan("BlobServiceClient-setProperties",r,async n=>V(await this.serviceContext.setProperties(e,{abortSignal:r.abortSignal,tracingOptions:n.tracingOptions})))}async getStatistics(e={}){return F.withSpan("BlobServiceClient-getStatistics",e,async r=>V(await this.serviceContext.getStatistics({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async getAccountInfo(e={}){return F.withSpan("BlobServiceClient-getAccountInfo",e,async r=>V(await this.serviceContext.getAccountInfo({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async listContainersSegment(e,r={}){return F.withSpan("BlobServiceClient-listContainersSegment",r,async n=>V(await this.serviceContext.listContainersSegment(Object.assign(Object.assign({abortSignal:r.abortSignal,marker:e},r),{include:typeof r.include=="string"?[r.include]:r.include,tracingOptions:n.tracingOptions}))))}async findBlobsByTagsSegment(e,r,n={}){return F.withSpan("BlobServiceClient-findBlobsByTagsSegment",n,async i=>{let s=V(await this.serviceContext.filterBlobs({abortSignal:n.abortSignal,where:e,marker:r,maxPageSize:n.maxPageSize,tracingOptions:i.tracingOptions}));return Object.assign(Object.assign({},s),{_response:s._response,blobs:s.blobs.map(a=>{var A;let c="";return((A=a.tags)===null||A===void 0?void 0:A.blobTagSet.length)===1&&(c=a.tags.blobTagSet[0].value),Object.assign(Object.assign({},a),{tags:Ph(a.tags),tagValue:c})})})})}findBlobsByTagsSegments(e,r){return q.__asyncGenerator(this,arguments,function*(i,s,o={}){let a;if(s||s===void 0)do a=yield q.__await(this.findBlobsByTagsSegment(i,s,o)),a.blobs=a.blobs||[],s=a.continuationToken,yield yield q.__await(a);while(s)})}findBlobsByTagsItems(e){return q.__asyncGenerator(this,arguments,functi
 								If you are using self-hosted runners, please make sure your runner has access to all GitHub endpoints: https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github`;super(r),this.code=e,this.name="NetworkError"}};Qn.NetworkError=HC;HC.isNetworkErrorCode=t=>t?["ECONNRESET","ENOTFOUND","ETIMEDOUT","ECONNREFUSED","EHOSTUNREACH"].includes(t):!1;var jC=class extends Error{constructor(){super(`Cache storage quota has been hit. Unable to upload any new cache entries. Usage is recalculated every 6-12 hours.
 								More info on storage limits: https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions#calculating-minute-and-storage-spending`),this.name="UsageError"}};Qn.UsageError=jC;jC.isUsageErrorMessage=t=>t?t.includes("insufficient usage"):!1});var m4=h(bn=>{"use strict";var jbe=bn&&bn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),zbe=bn&&bn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Gbe=bn&&bn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&jbe(e,t,r);return zbe(e,t),e},Ybe=bn&&bn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(bn,"__esModule",{value:!0});bn.uploadCacheArchiveSDK=bn.UploadProgress=void 0;var RR=Gbe(at()),Jbe=bR(),Vbe=vR(),zC=class{constructor(e){this.contentLength=e,this.sentBytes=0,this.displayedComplete=!1,this.startTime=Date.now()}setSentBytes(e){this.sentBytes=e}getTransferredBytes(){return this.sentBytes}isDone(){return this.getTransferredBytes()===this.contentLength}display(){if(this.displayedComplete)return;let e=this.sentBytes,r=(100*(e/this.contentLength)).toFixed(1),n=Date.now()-this.startTime,i=(e/(1024*1024)/(n/1e3)).toFixed(1);RR.info(`Sent ${e} of ${this.contentLength} (${r}%), ${i} MBs/sec`),this.isDone()&&(this.displayedComplete=!0)}onProgress(){return e=>{this.setSentBytes(e.loadedBytes)}}startDisplayTimer(e=1e3){let r=()=>{this.display(),this.isDone()||(this.timeoutHandle=setTimeout(r,e))};this.timeoutHandle=setTimeout(r,e)}stopDisplayTimer(){this.timeoutHandle&&(clearTimeout(this.timeoutHandle),this.timeoutHandle=void 0),this.display()}};bn.UploadProgress=zC;function Wbe(t,e,r){var n;return Ybe(this,void 0,void 0,function*(){let i=new Jbe.BlobClient(t),s=i.getBlockBlobClient(),o=new zC((n=r?.archiveSizeBytes)!==null&&n!==void 0?n:0),a={blockSize:r?.uploadChunkSize,concurrency:r?.uploadConcurrency,maxSingleShotSize:128*1024*1024,onProgress:o.onProgress()};try{o.startDisplayTimer(),RR.debug(`BlobClient: ${i.name}:${i.accountName}:${i.containerName}`);let A=yield s.uploadFile(e,a);if(A._response.status>=400)throw new Vbe.InvalidResponseError(`uploadCacheArchiveSDK: upload failed with status code ${A._response.status}`);return A}catch(A){throw RR.warning(`uploadCacheArchiveSDK: internal error uploading cache archive: ${A.message}`),A}finally{o.stopDisplayTimer()}})}bn.uploadCacheArchiveSDK=Wbe});var DR=h(qt=>{"use strict";var $be=qt&&qt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Kbe=qt&&qt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Xbe=qt&&qt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&$be(e,t,r);return Kbe(e,t),e},YC=qt&&qt.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(qt,"__esModule",{value:!0}
 								Other caches with similar key:`);for(let a of s?.artifactCaches||[])$n.debug(`Cache Key: ${a?.cacheKey}, Cache Version: ${a?.cacheVersion}, Cache Scope: ${a?.scope}, Cache Created: ${a?.creationTime}`)}}})}function L0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n=new v0e.URL(t),i=(0,FR.getDownloadOptions)(r);n.hostname.endsWith(".blob.core.windows.net")?i.useAzureSdk?yield(0,$C.downloadCacheStorageSDK)(t,e,i):i.concurrentBlobDownloads?yield(0,$C.downloadCacheHttpClientConcurrent)(t,e,i):yield(0,$C.downloadCacheHttpClient)(t,e):yield(0,$C.downloadCacheHttpClient)(t,e)})}Nr.downloadCache=L0e;function M0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n=UR(),i=qu.getCacheVersion(e,r?.compressionMethod,r?.enableCrossOsArchive),s={key:t,version:i,cacheSize:r?.cacheSize};return yield(0,ha.retryTypedResponse)("reserveCache",()=>Nn(this,void 0,void 0,function*(){return n.postJson(og("caches"),s)}))})}Nr.reserveCache=M0e;function _4(t,e){return`bytes ${t}-${e}/*`}function F0e(t,e,r,n,i){return Nn(this,void 0,void 0,function*(){$n.debug(`Uploading chunk of size ${i-n+1} bytes at offset ${n} with content range: ${_4(n,i)}`);let s={"Content-Type":"application/octet-stream","Content-Range":_4(n,i)},o=yield(0,ha.retryHttpClientResponse)(`uploadChunk (start: ${n}, end: ${i})`,()=>Nn(this,void 0,void 0,function*(){return t.sendStream("PATCH",e,r(),s)}));if(!(0,ha.isSuccessStatusCode)(o.message.statusCode))throw new Error(`Cache service responded with ${o.message.statusCode} during upload chunk.`)})}function U0e(t,e,r,n){return Nn(this,void 0,void 0,function*(){let i=qu.getArchiveFileSizeInBytes(r),s=og(`caches/${e.toString()}`),o=LR.openSync(r,"r"),a=(0,FR.getUploadOptions)(n),A=qu.assertDefined("uploadConcurrency",a.uploadConcurrency),c=qu.assertDefined("uploadChunkSize",a.uploadChunkSize),l=[...new Array(A).keys()];$n.debug("Awaiting all uploads");let u=0;try{yield Promise.all(l.map(()=>Nn(this,void 0,void 0,function*(){for(;u<i;){let d=Math.min(i-u,c),f=u,g=u+d-1;u+=c,yield F0e(t,s,()=>LR.createReadStream(r,{fd:o,start:f,end:g,autoClose:!1}).on("error",m=>{throw new Error(`Cache upload failed because file read failed with ${m.message}`)}),f,g)}})))}finally{LR.closeSync(o)}})}function q0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n={size:r};return yield(0,ha.retryTypedResponse)("commitCache",()=>Nn(this,void 0,void 0,function*(){return t.postJson(og(`caches/${e.toString()}`),n)}))})}function H0e(t,e,r,n){return Nn(this,void 0,void 0,function*(){if((0,FR.getUploadOptions)(n).useAzureSdk){if(!r)throw new Error("Azure Storage SDK can only be used when a signed URL is provided.");yield(0,R0e.uploadCacheArchiveSDK)(r,e,n)}else{let s=UR();$n.debug("Upload cache"),yield U0e(s,t,e,n),$n.debug("Commiting cache");let o=qu.getArchiveFileSizeInBytes(e);$n.info(`Cache Size: ~${Math.round(o/(1024*1024))} MB (${o} B)`);let a=yield q0e(s,t,o);if(!(0,ha.isSuccessStatusCode)(a.statusCode))throw new Error(`Cache service responded with ${a.statusCode} during commit cache.`);$n.info("Cache saved successfully")}})}Nr.saveCache=H0e});var KC=h(Hu=>{"use strict";Object.defineProperty(Hu,"__esModule",{value:!0});Hu.isJsonObject=Hu.typeofJsonValue=void 0;function j0e(t){let e=typeof t;if(e=="object"){if(Array.isArray(t))return"array";if(t===null)return"null"}return e}Hu.typeofJsonValue=j0e;function z0e(t){return t!==null&&typeof t=="object"&&!Array.isArray(t)}Hu.isJsonObject=z0e});var ZC=h(ju=>{"use strict";Object.defineProperty(ju,"__esModule",{value:!0});ju.base64encode=ju.base64decode=void 0;var mo="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".split(""),XC=[];for(let t=0;t<mo.length;t++)XC[mo[t].charCodeAt(0)]=t;XC[45]=mo.indexOf("+");XC[95]=mo.indexOf("/");function G0e(t){let e=t.length*3/4;t[t.length-2]=="="?e-=2:t[t.length-1]=="="&&(e-=1);let r=new Uint8Array(e),n=0,i=0,s,o=0;for(let a=0;a<t.length;a++){if(s=XC[t.charCodeAt(a)],s===void 0)switch(t[a]){case"=":i=0;case`
 								`:case"\r":case"	":case" ":continue;default:throw Error("invalid base64 string.")}switch(i){case 0:o=s,i=1;break;case 1:r[n++]=o<<2|(s&48)>>4,o=s,i=2;break;case 2:r[n++]=(o&15)<<4|(s&60)>>2,o=s,i=3;break;case 3:r[n++]=(o&3)<<6|s,i=0;break}}if(i==1)throw Error("invalid base64 string.");return r.subarray(0,n)}ju.base64decode=G0e;function Y0e(t){let e="",r=0,n,i=0;for(let s=0;s<t.length;s++)switch(n=t[s],r){case 0:e+=mo[n>>2],i=(n&3)<<4,r=1;break;case 1:e+=mo[i|n>>4],i=(n&15)<<2,r=2;break;case 2:e+=mo[i|n>>6],e+=mo[n&63],r=0;break}return r&&(e+=mo[i],e+="=",r==1&&(e+="=")),e}ju.base64encode=Y0e});var k4=h(eI=>{"use strict";Object.defineProperty(eI,"__esModule",{value:!0});eI.utf8read=void 0;var qR=t=>String.fromCharCode.apply(String,t);function J0e(t){if(t.length<1)return"";let e=0,r=[],n=[],i=0,s,o=t.length;for(;e<o;)s=t[e++],s<128?n[i++]=s:s>191&&s<224?n[i++]=(s&31)<<6|t[e++]&63:s>239&&s<365?(s=((s&7)<<18|(t[e++]&63)<<12|(t[e++]&63)<<6|t[e++]&63)-65536,n[i++]=55296+(s>>10),n[i++]=56320+(s&1023)):n[i++]=(s&15)<<12|(t[e++]&63)<<6|t[e++]&63,i>8191&&(r.push(qR(n)),i=0);return r.length?(i&&r.push(qR(n.slice(0,i))),r.join("")):qR(n.slice(0,i))}eI.utf8read=J0e});var ag=h(Ss=>{"use strict";Object.defineProperty(Ss,"__esModule",{value:!0});Ss.WireType=Ss.mergeBinaryOptions=Ss.UnknownFieldHandler=void 0;var V0e;(function(t){t.symbol=Symbol.for("protobuf-ts/unknown"),t.onRead=(r,n,i,s,o)=>{(e(n)?n[t.symbol]:n[t.symbol]=[]).push({no:i,wireType:s,data:o})},t.onWrite=(r,n,i)=>{for(let{no:s,wireType:o,data:a}of t.list(n))i.tag(s,o).raw(a)},t.list=(r,n)=>{if(e(r)){let i=r[t.symbol];return n?i.filter(s=>s.no==n):i}return[]},t.last=(r,n)=>t.list(r,n).slice(-1)[0];let e=r=>r&&Array.isArray(r[t.symbol])})(V0e=Ss.UnknownFieldHandler||(Ss.UnknownFieldHandler={}));function W0e(t,e){return Object.assign(Object.assign({},t),e)}Ss.mergeBinaryOptions=W0e;var $0e;(function(t){t[t.Varint=0]="Varint",t[t.Bit64=1]="Bit64",t[t.LengthDelimited=2]="LengthDelimited",t[t.StartGroup=3]="StartGroup",t[t.EndGroup=4]="EndGroup",t[t.Bit32=5]="Bit32"})($0e=Ss.WireType||(Ss.WireType={}))});var rI=h(wn=>{"use strict";Object.defineProperty(wn,"__esModule",{value:!0});wn.varint32read=wn.varint32write=wn.int64toString=wn.int64fromString=wn.varint64write=wn.varint64read=void 0;function K0e(){let t=0,e=0;for(let n=0;n<28;n+=7){let i=this.buf[this.pos++];if(t|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}let r=this.buf[this.pos++];if(t|=(r&15)<<28,e=(r&112)>>4,(r&128)==0)return this.assertBounds(),[t,e];for(let n=3;n<=31;n+=7){let i=this.buf[this.pos++];if(e|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}throw new Error("invalid varint")}wn.varint64read=K0e;function X0e(t,e,r){for(let s=0;s<28;s=s+7){let o=t>>>s,a=!(!(o>>>7)&&e==0),A=(a?o|128:o)&255;if(r.push(A),!a)return}let n=t>>>28&15|(e&7)<<4,i=e>>3!=0;if(r.push((i?n|128:n)&255),!!i){for(let s=3;s<31;s=s+7){let o=e>>>s,a=!!(o>>>7),A=(a?o|128:o)&255;if(r.push(A),!a)return}r.push(e>>>31&1)}}wn.varint64write=X0e;var tI=65536*65536;function Z0e(t){let e=t[0]=="-";e&&(t=t.slice(1));let r=1e6,n=0,i=0;function s(o,a){let A=Number(t.slice(o,a));i*=r,n=n*r+A,n>=tI&&(i=i+(n/tI|0),n=n%tI)}return s(-24,-18),s(-18,-12),s(-12,-6),s(-6),[e,n,i]}wn.int64fromString=Z0e;function eNe(t,e){if(e>>>0<=2097151)return""+(tI*e+(t>>>0));let r=t&16777215,n=(t>>>24|e<<8)>>>0&16777215,i=e>>16&65535,s=r+n*6777216+i*6710656,o=n+i*8147497,a=i*2,A=1e7;s>=A&&(o+=Math.floor(s/A),s%=A),o>=A&&(a+=Math.floor(o/A),o%=A);function c(l,u){let d=l?String(l):"";return u?"0000000".slice(d.length)+d:d}return c(a,0)+c(o,a)+c(s,1)}wn.int64toString=eNe;function tNe(t,e){if(t>=0){for(;t>127;)e.push(t&127|128),t=t>>>7;e.push(t)}else{for(let r=0;r<9;r++)e.push(t&127|128),t=t>>7;e.push(1)}}wn.varint32write=tNe;function rNe(){let t=this.buf[this.pos++],e=t&127;if((t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<7,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<14,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<21,(t&128)==0)return this.assertBounds(),e;t=this.buf
 								`)}};vI.RpcError=h_});var m_=h(_I=>{"use strict";Object.defineProperty(_I,"__esModule",{value:!0});_I.mergeRpcOptions=void 0;var d3=$u();function bwe(t,e){if(!e)return t;let r={};RI(t,r),RI(e,r);for(let n of Object.keys(e)){let i=e[n];switch(n){case"jsonOptions":r.jsonOptions=d3.mergeJsonOptions(t.jsonOptions,r.jsonOptions);break;case"binaryOptions":r.binaryOptions=d3.mergeBinaryOptions(t.binaryOptions,r.binaryOptions);break;case"meta":r.meta={},RI(t.meta,r.meta),RI(e.meta,r.meta);break;case"interceptors":r.interceptors=t.interceptors?t.interceptors.concat(i):i.concat();break}}return r}_I.mergeRpcOptions=bwe;function RI(t,e){if(!t)return;let r=e;for(let[n,i]of Object.entries(t))i instanceof Date?r[n]=new Date(i.getTime()):Array.isArray(i)?r[n]=i.concat():r[n]=i}});var y_=h(PA=>{"use strict";Object.defineProperty(PA,"__esModule",{value:!0});PA.Deferred=PA.DeferredState=void 0;var Rs;(function(t){t[t.PENDING=0]="PENDING",t[t.REJECTED=1]="REJECTED",t[t.RESOLVED=2]="RESOLVED"})(Rs=PA.DeferredState||(PA.DeferredState={}));var p_=class{constructor(e=!0){this._state=Rs.PENDING,this._promise=new Promise((r,n)=>{this._resolve=r,this._reject=n}),e&&this._promise.catch(r=>{})}get state(){return this._state}get promise(){return this._promise}resolve(e){if(this.state!==Rs.PENDING)throw new Error(`cannot resolve ${Rs[this.state].toLowerCase()}`);this._resolve(e),this._state=Rs.RESOLVED}reject(e){if(this.state!==Rs.PENDING)throw new Error(`cannot reject ${Rs[this.state].toLowerCase()}`);this._reject(e),this._state=Rs.REJECTED}resolvePending(e){this._state===Rs.PENDING&&this.resolve(e)}rejectPending(e){this._state===Rs.PENDING&&this.reject(e)}};PA.Deferred=p_});var C_=h(DI=>{"use strict";Object.defineProperty(DI,"__esModule",{value:!0});DI.RpcOutputStreamController=void 0;var f3=y_(),TA=$u(),E_=class{constructor(){this._lis={nxt:[],msg:[],err:[],cmp:[]},this._closed=!1,this._itState={q:[]}}onNext(e){return this.addLis(e,this._lis.nxt)}onMessage(e){return this.addLis(e,this._lis.msg)}onError(e){return this.addLis(e,this._lis.err)}onComplete(e){return this.addLis(e,this._lis.cmp)}addLis(e,r){return r.push(e),()=>{let n=r.indexOf(e);n>=0&&r.splice(n,1)}}clearLis(){for(let e of Object.values(this._lis))e.splice(0,e.length)}get closed(){return this._closed!==!1}notifyNext(e,r,n){TA.assert((e?1:0)+(r?1:0)+(n?1:0)<=1,"only one emission at a time"),e&&this.notifyMessage(e),r&&this.notifyError(r),n&&this.notifyComplete()}notifyMessage(e){TA.assert(!this.closed,"stream is closed"),this.pushIt({value:e,done:!1}),this._lis.msg.forEach(r=>r(e)),this._lis.nxt.forEach(r=>r(e,void 0,!1))}notifyError(e){TA.assert(!this.closed,"stream is closed"),this._closed=e,this.pushIt(e),this._lis.err.forEach(r=>r(e)),this._lis.nxt.forEach(r=>r(void 0,e,!1)),this.clearLis()}notifyComplete(){TA.assert(!this.closed,"stream is closed"),this._closed=!0,this.pushIt({value:null,done:!0}),this._lis.cmp.forEach(e=>e()),this._lis.nxt.forEach(e=>e(void 0,void 0,!0)),this.clearLis()}[Symbol.asyncIterator](){return this._closed===!0?this.pushIt({value:null,done:!0}):this._closed!==!1&&this.pushIt(this._closed),{next:()=>{let e=this._itState;TA.assert(e,"bad state"),TA.assert(!e.p,"iterator contract broken");let r=e.q.shift();return r?"value"in r?Promise.resolve(r):Promise.reject(r):(e.p=new f3.Deferred,e.p.promise)}}}pushIt(e){let r=this._itState;if(r.p){let n=r.p;TA.assert(n.state==f3.DeferredState.PENDING,"iterator contract broken"),"value"in e?n.resolve(e):n.reject(e),delete r.p}else r.q.push(e)}};DI.RpcOutputStreamController=E_});var B_=h(Ku=>{"use strict";var Nwe=Ku&&Ku.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(Ku,"__esModule",{value:!0});Ku.UnaryCall=void 0;var I_=class{constructor(e,r,n,i,s,o,a){this.method=e,this.requestHeaders=r,this.request=n,this.headers=i,this.response=s,this.s
 								`:case"\r":case"	":case" ":continue;default:throw Error("invalid base64 string.")}switch(i){case 0:o=s,i=1;break;case 1:r[n++]=o<<2|(s&48)>>4,o=s,i=2;break;case 2:r[n++]=(o&15)<<4|(s&60)>>2,o=s,i=3;break;case 3:r[n++]=(o&3)<<6|s,i=0;break}}if(i==1)throw Error("invalid base64 string.");return r.subarray(0,n)}sd.base64decode=Xwe;function Zwe(t){let e="",r=0,n,i=0;for(let s=0;s<t.length;s++)switch(n=t[s],r){case 0:e+=po[n>>2],i=(n&3)<<4,r=1;break;case 1:e+=po[i|n>>4],i=(n&15)<<2,r=2;break;case 2:e+=po[i|n>>6],e+=po[n&63],r=0;break}return r&&(e+=po[i],e+="=",r==1&&(e+="=")),e}sd.base64encode=Zwe});var C3=h(MI=>{"use strict";Object.defineProperty(MI,"__esModule",{value:!0});MI.utf8read=void 0;var __=t=>String.fromCharCode.apply(String,t);function eSe(t){if(t.length<1)return"";let e=0,r=[],n=[],i=0,s,o=t.length;for(;e<o;)s=t[e++],s<128?n[i++]=s:s>191&&s<224?n[i++]=(s&31)<<6|t[e++]&63:s>239&&s<365?(s=((s&7)<<18|(t[e++]&63)<<12|(t[e++]&63)<<6|t[e++]&63)-65536,n[i++]=55296+(s>>10),n[i++]=56320+(s&1023)):n[i++]=(s&15)<<12|(t[e++]&63)<<6|t[e++]&63,i>8191&&(r.push(__(n)),i=0);return r.length?(i&&r.push(__(n.slice(0,i))),r.join("")):__(n.slice(0,i))}MI.utf8read=eSe});var Ig=h(_s=>{"use strict";Object.defineProperty(_s,"__esModule",{value:!0});_s.WireType=_s.mergeBinaryOptions=_s.UnknownFieldHandler=void 0;var tSe;(function(t){t.symbol=Symbol.for("protobuf-ts/unknown"),t.onRead=(r,n,i,s,o)=>{(e(n)?n[t.symbol]:n[t.symbol]=[]).push({no:i,wireType:s,data:o})},t.onWrite=(r,n,i)=>{for(let{no:s,wireType:o,data:a}of t.list(n))i.tag(s,o).raw(a)},t.list=(r,n)=>{if(e(r)){let i=r[t.symbol];return n?i.filter(s=>s.no==n):i}return[]},t.last=(r,n)=>t.list(r,n).slice(-1)[0];let e=r=>r&&Array.isArray(r[t.symbol])})(tSe=_s.UnknownFieldHandler||(_s.UnknownFieldHandler={}));function rSe(t,e){return Object.assign(Object.assign({},t),e)}_s.mergeBinaryOptions=rSe;var nSe;(function(t){t[t.Varint=0]="Varint",t[t.Bit64=1]="Bit64",t[t.LengthDelimited=2]="LengthDelimited",t[t.StartGroup=3]="StartGroup",t[t.EndGroup=4]="EndGroup",t[t.Bit32=5]="Bit32"})(nSe=_s.WireType||(_s.WireType={}))});var UI=h(xn=>{"use strict";Object.defineProperty(xn,"__esModule",{value:!0});xn.varint32read=xn.varint32write=xn.int64toString=xn.int64fromString=xn.varint64write=xn.varint64read=void 0;function iSe(){let t=0,e=0;for(let n=0;n<28;n+=7){let i=this.buf[this.pos++];if(t|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}let r=this.buf[this.pos++];if(t|=(r&15)<<28,e=(r&112)>>4,(r&128)==0)return this.assertBounds(),[t,e];for(let n=3;n<=31;n+=7){let i=this.buf[this.pos++];if(e|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}throw new Error("invalid varint")}xn.varint64read=iSe;function sSe(t,e,r){for(let s=0;s<28;s=s+7){let o=t>>>s,a=!(!(o>>>7)&&e==0),A=(a?o|128:o)&255;if(r.push(A),!a)return}let n=t>>>28&15|(e&7)<<4,i=e>>3!=0;if(r.push((i?n|128:n)&255),!!i){for(let s=3;s<31;s=s+7){let o=e>>>s,a=!!(o>>>7),A=(a?o|128:o)&255;if(r.push(A),!a)return}r.push(e>>>31&1)}}xn.varint64write=sSe;var FI=65536*65536;function oSe(t){let e=t[0]=="-";e&&(t=t.slice(1));let r=1e6,n=0,i=0;function s(o,a){let A=Number(t.slice(o,a));i*=r,n=n*r+A,n>=FI&&(i=i+(n/FI|0),n=n%FI)}return s(-24,-18),s(-18,-12),s(-12,-6),s(-6),[e,n,i]}xn.int64fromString=oSe;function aSe(t,e){if(e>>>0<=2097151)return""+(FI*e+(t>>>0));let r=t&16777215,n=(t>>>24|e<<8)>>>0&16777215,i=e>>16&65535,s=r+n*6777216+i*6710656,o=n+i*8147497,a=i*2,A=1e7;s>=A&&(o+=Math.floor(s/A),s%=A),o>=A&&(a+=Math.floor(o/A),o%=A);function c(l,u){let d=l?String(l):"";return u?"0000000".slice(d.length)+d:d}return c(a,0)+c(o,a)+c(s,1)}xn.int64toString=aSe;function ASe(t,e){if(t>=0){for(;t>127;)e.push(t&127|128),t=t>>>7;e.push(t)}else{for(let r=0;r<9;r++)e.push(t&127|128),t=t>>7;e.push(1)}}xn.varint32write=ASe;function cSe(){let t=this.buf[this.pos++],e=t&127;if((t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<7,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<14,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<21,(t&128)==0)return this.assertBounds(),e;t=this.buf
 								`));let n=yield pD(r,"create");yield yD(n,t)})}Yr.createTar=Wxe});var CB=h(Yt=>{"use strict";var $xe=Yt&&Yt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Kxe=Yt&&Yt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Tg=Yt&&Yt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&$xe(e,t,r);return Kxe(e,t),e},Id=Yt&&Yt.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(Yt,"__esModule",{value:!0});Yt.saveCache=Yt.restoreCache=Yt.isFeatureAvailable=Yt.FinalizeCacheError=Yt.ReserveCacheError=Yt.ValidationError=void 0;var he=Tg(at()),pB=Tg(require("path")),_t=Tg(fl()),Cd=Tg(D4()),u$=Tg(a$()),yB=VC(),Ba=l$(),EB=oA(),Ri=class t extends Error{constructor(e){super(e),this.name="ValidationError",Object.setPrototypeOf(this,t.prototype)}};Yt.ValidationError=Ri;var MA=class t extends Error{constructor(e){super(e),this.name="ReserveCacheError",Object.setPrototypeOf(this,t.prototype)}};Yt.ReserveCacheError=MA;var Pg=class t extends Error{constructor(e){super(e),this.name="FinalizeCacheError",Object.setPrototypeOf(this,t.prototype)}};Yt.FinalizeCacheError=Pg;function d$(t){if(!t||t.length===0)throw new Ri("Path Validation Error: At least one directory or file path is required")}function ED(t){if(t.length>512)throw new Ri(`Key Validation Error: ${t} cannot be larger than 512 characters.`);if(!/^[^,]*$/.test(t))throw new Ri(`Key Validation Error: ${t} cannot contain commas.`)}function Xxe(){return(0,yB.getCacheServiceVersion)()==="v2"?!!process.env.ACTIONS_RESULTS_URL:!!process.env.ACTIONS_CACHE_URL}Yt.isFeatureAvailable=Xxe;function Zxe(t,e,r,n,i=!1){return Id(this,void 0,void 0,function*(){let s=(0,yB.getCacheServiceVersion)();return he.debug(`Cache service version: ${s}`),d$(t),s==="v2"?yield tve(t,e,r,n,i):yield eve(t,e,r,n,i)})}Yt.restoreCache=Zxe;function eve(t,e,r,n,i=!1){return Id(this,void 0,void 0,function*(){r=r||[];let s=[e,...r];if(he.debug("Resolved Keys:"),he.debug(JSON.stringify(s)),s.length>10)throw new Ri("Key Validation Error: Keys are limited to a maximum of 10.");for(let A of s)ED(A);let o=yield _t.getCompressionMethod(),a="";try{let A=yield Cd.getCacheEntry(s,t,{compressionMethod:o,enableCrossOsArchive:i});if(!A?.archiveLocation)return;if(n?.lookupOnly)return he.info("Lookup only - skipping download"),A.cacheKey;a=pB.join(yield _t.createTempDirectory(),_t.getCacheFileName(o)),he.debug(`Archive Path: ${a}`),yield Cd.downloadCache(A.archiveLocation,a,n),he.isDebug()&&(yield(0,Ba.listTar)(a,o));let c=_t.getArchiveFileSizeInBytes(a);return he.info(`Cache Size: ~${Math.round(c/(1024*1024))} MB (${c} B)`),yield(0,Ba.extractTar)(a,o),he.info("Cache restored successfully"),A.cacheKey}catch(A){let c=A;if(c.name===Ri.name)throw A;c instanceof EB.HttpClientError&&typeof c.statusCode=="number"&&c.statusCode>=500?he.error(`Failed to restore: ${A.message}`):he.warning(`Failed to restore: ${A.message}`)}finally{try{yield _t.unlinkFile(a)}catch(A){he.debug(`Failed to delete archive: ${A}`)}}})}function tve(t,e,r,n,i=!1){return Id(this,void 0,void 0,function*(){n=Object.assign(Object.assign({},n),{useAzureSdk:!0}),r=r||[];let s=[e,...r];if(he.debug("Resolved Keys:"),he.debug(JSON.stringify(s)),s.length>10)throw new Ri("Key Validation Error: Keys are limited to a maximum of 10.");for(let a of s)ED(a);let o="";try{let a=u$.internalCacheTwirpClient(),A=yield _t.getCompressionMethod(),c={key:e,restoreKeys:r,version:_t.getCacheVers
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`),e=e.replace(/\r/g,`
 								`));let i=e.split(`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`).map(s=>s.trim());for(let s of i)!s||s.startsWith("#")||n.patterns.push(new N$.Pattern(s));return n.searchPaths.push(...SB.getSearchPaths(n.patterns)),n})}static stat(e,r,n){return SD(this,void 0,void 0,function*(){let i;if(r.followSymbolicLinks)try{i=yield qg.promises.stat(e.path)}catch(s){if(s.code==="ENOENT"){if(r.omitBrokenSymbolicLinks){xD.debug(`Broken symlink '${e.path}'`);return}throw new Error(`No information found for the path '${e.path}'. This may indicate a broken symbolic link.`)}throw s}else i=yield qg.promises.lstat(e.path);if(i.isDirectory()&&r.followSymbolicLinks){let s=yield qg.promises.realpath(e.path);for(;n.length>=e.level;)n.pop();if(n.some(o=>o===s)){xD.debug(`Symlink cycle detected for path '${e.path}' and realpath '${s}'`);return}n.push(s)}return i})}};Sr.DefaultGlobber=vD});var _$=h(Dn=>{"use strict";var Lve=Dn&&Dn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Mve=Dn&&Dn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Bd=Dn&&Dn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&Lve(e,t,r);return Mve(e,t),e},Fve=Dn&&Dn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})},Uve=Dn&&Dn.__asyncValues||function(t){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var e=t[Symbol.asyncIterator],r;return e?e.call(t):(t=typeof __values=="function"?__values(t):t[Symbol.iterator](),r={},n("next"),n("throw"),n("return"),r[Symbol.asyncIterator]=function(){return this},r);function n(s){r[s]=t[s]&&function(o){return new Promise(function(a,A){o=t[s](o),i(a,A,o.done,o.value)})}}function i(s,o,a,A){Promise.resolve(A).then(function(c){s({value:c,done:a})},o)}};Object.defineProperty(Dn,"__esModule",{value:!0});Dn.hashFiles=void 0;var x$=Bd(require("crypto")),v$=Bd(at()),R$=Bd(require("fs")),qve=Bd(require("stream")),Hve=Bd(require("util")),jve=Bd(require("path"));function zve(t,e,r=!1){var n,i,s,o,a;return Fve(this,void 0,void 0,function*(){let A=r?v$.info:v$.debug,c=!1,l=e||((a=process.env.GITHUB_WORKSPACE)!==null&&a!==void 0?a:process.cwd()),u=x$.createHash("sha256"),d=0;try{for(var f=!0,g=Uve(t.globGenerator()),m;m=yield g.next(),n=m.done,!n;f=!0){o=m.value,f=!1;let E=o;if(A(E),!E.startsWith(`${l}${jve.sep}`)){A(`Ignore '${E}' since it is not under GITHUB_WORKSPACE.`);continue}if(R$.statSync(E).isDirectory()){A(`Skip directory '${E}'.`);continue}let C=x$.createHash("sha256");yield Hve.promisify(qve.pipeline)(R$.createReadStream(E),C),u.write(C.digest()),d++,c||(c=!0)}}catch(E){i={error:E}}finally{try{!f&&!n&&(s=g.return)&&(yield s.call(g))}finally{if(i)throw i.error}}return u.end(),c?(A(`Found ${d} files to hash.`),u.digest("hex")):(A("No matches found for glob"),"")})}Dn.hashFiles=zve});var P$=h(wa=>{"use strict";var D$=wa&&wa.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(wa,"__esModule",{value:!0});wa.hashFiles=wa.create=void 0;var Gve=S$(),Yve=_$();function k$(t,e){return D$(this,void 0,void 0,function*(){return yield Gve.DefaultGlobber.create(t,e)})}wa.create=k$;function Jve(t,e="",r,n=!1){return D$(this,void 0,void 0,function*(){let i=!0;r&&typeof r.followSymbolicLinks=="boolean"&&(i=r.followSymbolic
 								`).map(Kve).filter(Boolean)};function Kve(t,e){if(!t||!t.length||t.charAt(0)==="#")return null;var r=t.split(":");return{username:r[0],password:r[1],uid:r[2],gid:r[3],gecos:r[4],homedir:r[5],shell:r[6]}}});var W$=h((R2e,V$)=>{"use strict";var Xve=require("fs"),Zve=J$();function eRe(){if(process.platform==="win32")return process.env.USERPROFILE?process.env.USERPROFILE:process.env.HOMEDRIVE&&process.env.HOMEPATH?process.env.HOMEDRIVE+process.env.HOMEPATH:process.env.HOME?process.env.HOME:null;if(process.env.HOME)return process.env.HOME;var t=nRe("/etc/passwd"),e=tRe(Zve(t),rRe());if(e)return e;var r=process.env.LOGNAME||process.env.USER||process.env.LNAME||process.env.USERNAME;return r?process.platform==="darwin"?"/Users/"+r:"/home/"+r:null}function tRe(t,e){for(var r=t.length,n=0;n<r;n++)if(+t[n].uid===e)return t[n].homedir}function rRe(){return typeof process.geteuid=="function"?process.geteuid():process.getuid()}function nRe(t){try{return Xve.readFileSync(t,"utf8")}catch{return""}}V$.exports=eRe});var K$=h((_2e,RD)=>{"use strict";var $$=require("os");typeof $$.homedir<"u"?RD.exports=$$.homedir:RD.exports=W$()});var eK=h((D2e,Z$)=>{var iRe=K$(),X$=require("path");Z$.exports=function(e){var r=iRe();return e.charCodeAt(0)===126?e.charCodeAt(1)===43?X$.join(process.cwd(),e.slice(2)):r?X$.join(r,e.slice(1)):e:e}});var He=h(Tr=>{"use strict";var _D=Symbol.for("yaml.alias"),tK=Symbol.for("yaml.document"),xB=Symbol.for("yaml.map"),rK=Symbol.for("yaml.pair"),DD=Symbol.for("yaml.scalar"),vB=Symbol.for("yaml.seq"),Io=Symbol.for("yaml.node.type"),sRe=t=>!!t&&typeof t=="object"&&t[Io]===_D,oRe=t=>!!t&&typeof t=="object"&&t[Io]===tK,aRe=t=>!!t&&typeof t=="object"&&t[Io]===xB,ARe=t=>!!t&&typeof t=="object"&&t[Io]===rK,nK=t=>!!t&&typeof t=="object"&&t[Io]===DD,cRe=t=>!!t&&typeof t=="object"&&t[Io]===vB;function iK(t){if(t&&typeof t=="object")switch(t[Io]){case xB:case vB:return!0}return!1}function lRe(t){if(t&&typeof t=="object")switch(t[Io]){case _D:case xB:case DD:case vB:return!0}return!1}var uRe=t=>(nK(t)||iK(t))&&!!t.anchor;Tr.ALIAS=_D;Tr.DOC=tK;Tr.MAP=xB;Tr.NODE_TYPE=Io;Tr.PAIR=rK;Tr.SCALAR=DD;Tr.SEQ=vB;Tr.hasAnchor=uRe;Tr.isAlias=sRe;Tr.isCollection=iK;Tr.isDocument=oRe;Tr.isMap=aRe;Tr.isNode=lRe;Tr.isPair=ARe;Tr.isScalar=nK;Tr.isSeq=cRe});var jg=h(kD=>{"use strict";var dr=He(),kn=Symbol("break visit"),sK=Symbol("skip children"),Ps=Symbol("remove node");function RB(t,e){let r=oK(e);dr.isDocument(t)?bd(null,t.contents,r,Object.freeze([t]))===Ps&&(t.contents=null):bd(null,t,r,Object.freeze([]))}RB.BREAK=kn;RB.SKIP=sK;RB.REMOVE=Ps;function bd(t,e,r,n){let i=aK(t,e,r,n);if(dr.isNode(i)||dr.isPair(i))return AK(t,n,i),bd(t,i,r,n);if(typeof i!="symbol"){if(dr.isCollection(e)){n=Object.freeze(n.concat(e));for(let s=0;s<e.items.length;++s){let o=bd(s,e.items[s],r,n);if(typeof o=="number")s=o-1;else{if(o===kn)return kn;o===Ps&&(e.items.splice(s,1),s-=1)}}}else if(dr.isPair(e)){n=Object.freeze(n.concat(e));let s=bd("key",e.key,r,n);if(s===kn)return kn;s===Ps&&(e.key=null);let o=bd("value",e.value,r,n);if(o===kn)return kn;o===Ps&&(e.value=null)}}return i}async function _B(t,e){let r=oK(e);dr.isDocument(t)?await Nd(null,t.contents,r,Object.freeze([t]))===Ps&&(t.contents=null):await Nd(null,t,r,Object.freeze([]))}_B.BREAK=kn;_B.SKIP=sK;_B.REMOVE=Ps;async function Nd(t,e,r,n){let i=await aK(t,e,r,n);if(dr.isNode(i)||dr.isPair(i))return AK(t,n,i),Nd(t,i,r,n);if(typeof i!="symbol"){if(dr.isCollection(e)){n=Object.freeze(n.concat(e));for(let s=0;s<e.items.length;++s){let o=await Nd(s,e.items[s],r,n);if(typeof o=="number")s=o-1;else{if(o===kn)return kn;o===Ps&&(e.items.splice(s,1),s-=1)}}}else if(dr.isPair(e)){n=Object.freeze(n.concat(e));let s=await Nd("key",e.key,r,n);if(s===kn)return kn;s===Ps&&(e.key=null);let o=await Nd("value",e.value,r,n);if(o===kn)return kn;o===Ps&&(e.value=null)}}return i}function oK(t){return typeof t=="object"&&(t.Collection||t.Node||t.Value)?Object.assign({Alias:t.Node,Map:t.Node,Scalar:t.Node,Seq:t.Node},t.Value&&{Map:t.Value,Scalar:t.Value,Seq:t.Value},t.Collection&&{Map:t.Collection,Seq:t.Collection},t):t}function
 								`)}};zg.defaultYaml={explicit:!1,version:"1.2"};zg.defaultTags={"!!":"tag:yaml.org,2002:"};lK.Directives=zg});var DB=h(Gg=>{"use strict";var uK=He(),gRe=jg();function mRe(t){if(/[\x00-\x19\s,[\]{}]/.test(t)){let r=`Anchor must not contain whitespace or control characters: ${JSON.stringify(t)}`;throw new Error(r)}return!0}function dK(t){let e=new Set;return gRe.visit(t,{Value(r,n){n.anchor&&e.add(n.anchor)}}),e}function fK(t,e){for(let r=1;;++r){let n=`${t}${r}`;if(!e.has(n))return n}}function pRe(t,e){let r=[],n=new Map,i=null;return{onAnchor:s=>{r.push(s),i||(i=dK(t));let o=fK(e,i);return i.add(o),o},setAnchors:()=>{for(let s of r){let o=n.get(s);if(typeof o=="object"&&o.anchor&&(uK.isScalar(o.node)||uK.isCollection(o.node)))o.node.anchor=o.anchor;else{let a=new Error("Failed to resolve repeated object (this should not happen)");throw a.source=s,a}}},sourceObjects:n}}Gg.anchorIsValid=mRe;Gg.anchorNames=dK;Gg.createNodeAnchors=pRe;Gg.findNewAnchor=fK});var TD=h(hK=>{"use strict";function Yg(t,e,r,n){if(n&&typeof n=="object")if(Array.isArray(n))for(let i=0,s=n.length;i<s;++i){let o=n[i],a=Yg(t,n,String(i),o);a===void 0?delete n[i]:a!==o&&(n[i]=a)}else if(n instanceof Map)for(let i of Array.from(n.keys())){let s=n.get(i),o=Yg(t,n,i,s);o===void 0?n.delete(i):o!==s&&n.set(i,o)}else if(n instanceof Set)for(let i of Array.from(n)){let s=Yg(t,n,i,i);s===void 0?n.delete(i):s!==i&&(n.delete(i),n.add(s))}else for(let[i,s]of Object.entries(n)){let o=Yg(t,n,i,s);o===void 0?delete n[i]:o!==s&&(n[i]=o)}return t.call(e,r,n)}hK.applyReviver=Yg});var Sa=h(mK=>{"use strict";var yRe=He();function gK(t,e,r){if(Array.isArray(t))return t.map((n,i)=>gK(n,String(i),r));if(t&&typeof t.toJSON=="function"){if(!r||!yRe.hasAnchor(t))return t.toJSON(e,r);let n={aliasCount:0,count:1,res:void 0};r.anchors.set(t,n),r.onCreate=s=>{n.res=s,delete r.onCreate};let i=t.toJSON(e,r);return r.onCreate&&r.onCreate(i),i}return typeof t=="bigint"&&!r?.keep?Number(t):t}mK.toJS=gK});var kB=h(yK=>{"use strict";var ERe=TD(),pK=He(),CRe=Sa(),OD=class{constructor(e){Object.defineProperty(this,pK.NODE_TYPE,{value:e})}clone(){let e=Object.create(Object.getPrototypeOf(this),Object.getOwnPropertyDescriptors(this));return this.range&&(e.range=this.range.slice()),e}toJS(e,{mapAsMap:r,maxAliasCount:n,onAnchor:i,reviver:s}={}){if(!pK.isDocument(e))throw new TypeError("A document argument is required");let o={anchors:new Map,doc:e,keep:!0,mapAsMap:r===!0,mapKeyWarned:!1,maxAliasCount:typeof n=="number"?n:100},a=CRe.toJS(this,"",o);if(typeof i=="function")for(let{count:A,res:c}of o.anchors.values())i(c,A);return typeof s=="function"?ERe.applyReviver(s,{"":a},"",a):a}};yK.NodeBase=OD});var Jg=h(CK=>{"use strict";var IRe=DB(),EK=jg(),PB=He(),BRe=kB(),QRe=Sa(),LD=class extends BRe.NodeBase{constructor(e){super(PB.ALIAS),this.source=e,Object.defineProperty(this,"tag",{set(){throw new Error("Alias nodes cannot have tags")}})}resolve(e){let r;return EK.visit(e,{Node:(n,i)=>{if(i===this)return EK.visit.BREAK;i.anchor===this.source&&(r=i)}}),r}toJSON(e,r){if(!r)return{source:this.source};let{anchors:n,doc:i,maxAliasCount:s}=r,o=this.resolve(i);if(!o){let A=`Unresolved alias (the anchor must be set before the alias): ${this.source}`;throw new ReferenceError(A)}let a=n.get(o);if(a||(QRe.toJS(o,null,r),a=n.get(o)),!a||a.res===void 0){let A="This should not happen: Alias anchor was not resolved?";throw new ReferenceError(A)}if(s>=0&&(a.count+=1,a.aliasCount===0&&(a.aliasCount=TB(i,o,n)),a.count*a.aliasCount>s)){let A="Excessive alias count indicates a resource exhaustion attack";throw new ReferenceError(A)}return a.res}toString(e,r,n){let i=`*${this.source}`;if(e){if(IRe.anchorIsValid(this.source),e.options.verifyAliasOrder&&!e.anchors.has(this.source)){let s=`Unresolved alias (the anchor must be set before the alias): ${this.source}`;throw new Error(s)}if(e.implicitKey)return`${i} `}return i}};function TB(t,e,r){if(PB.isAlias(e)){let n=e.resolve(t),i=r&&n&&r.get(n);return i?i.count*i.aliasCount:0}else if(PB.isCollection(e)){let n=0;for(let i of e.items){let s=TB(t,i,r);s>n&&(n=s)}return n}
 								`)?qD(r,e):r.includes(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)?`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`+qD(r,e):(t.endsWith(" ")?"":" ")+r;MB.indentComment=qD;MB.lineComment=TRe;MB.stringifyComment=PRe});var NK=h($g=>{"use strict";var ORe="flow",HD="block",FB="quoted";function LRe(t,e,r="flow",{indentAtStart:n,lineWidth:i=80,minContentWidth:s=20,onFold:o,onOverflow:a}={}){if(!i||i<0)return t;i<s&&(s=0);let A=Math.max(1+s,1+i-e.length);if(t.length<=A)return t;let c=[],l={},u=i-e.length;typeof n=="number"&&(n>i-Math.max(2,s)?c.push(0):u=i-n);let d,f,g=!1,m=-1,E=-1,C=-1;r===HD&&(m=bK(t,m,e.length),m!==-1&&(u=m+A));for(let N;N=t[m+=1];){if(r===FB&&N==="\\"){switch(E=m,t[m+1]){case"x":m+=3;break;case"u":m+=5;break;case"U":m+=9;break;default:m+=1}C=m}if(N===`
 								`)r===HD&&(m=bK(t,m,e.length)),u=m+e.length+A,d=void 0;else{if(N===" "&&f&&f!==" "&&f!==`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`&&f!=="	"){let w=t[m+1];w&&w!==" "&&w!==`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`&&w!=="	"&&(d=m)}if(m>=u)if(d)c.push(d),u=d+A,d=void 0;else if(r===FB){for(;f===" "||f==="	";)f=N,N=t[m+=1],g=!0;let w=m>C+1?m-2:E-1;if(l[w])return t;c.push(w),l[w]=!0,u=w+A,d=void 0}else g=!0}f=N}if(g&&a&&a(),c.length===0)return t;o&&o();let I=t.slice(0,c[0]);for(let N=0;N<c.length;++N){let w=c[N],R=c[N+1]||t.length;w===0?I=`
 								${e}${t.slice(0,R)}`:(r===FB&&l[w]&&(I+=`${t[w]}\\`),I+=`
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								${e}${t.slice(w+1,R)}`)}return I}function bK(t,e,r){let n=e,i=e+1,s=t[i];for(;s===" "||s==="	";)if(e<i+r)s=t[++e];else{do s=t[++e];while(s&&s!==`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`);n=e,i=e+1,s=t[i]}return n}$g.FOLD_BLOCK=HD;$g.FOLD_FLOW=ORe;$g.FOLD_QUOTED=FB;$g.foldFlowLines=LRe});var Xg=h(wK=>{"use strict";var ts=sr(),va=NK(),qB=(t,e)=>({indentAtStart:e?t.indent.length:t.indentAtStart,lineWidth:t.options.lineWidth,minContentWidth:t.options.minContentWidth}),HB=t=>/^(%|---|\.\.\.)/m.test(t);function MRe(t,e,r){if(!e||e<0)return!1;let n=e-r,i=t.length;if(i<=n)return!1;for(let s=0,o=0;s<i;++s)if(t[s]===`
 								`){if(s-o>n)return!0;if(o=s+1,i-o<=n)return!1}return!0}function Kg(t,e){let r=JSON.stringify(t);if(e.options.doubleQuotedAsJSON)return r;let{implicitKey:n}=e,i=e.options.doubleQuotedMinMultiLineLength,s=e.indent||(HB(t)?"  ":""),o="",a=0;for(let A=0,c=r[A];c;c=r[++A])if(c===" "&&r[A+1]==="\\"&&r[A+2]==="n"&&(o+=r.slice(a,A)+"\\ ",A+=1,a=A,c="\\"),c==="\\")switch(r[A+1]){case"u":{o+=r.slice(a,A);let l=r.substr(A+2,4);switch(l){case"0000":o+="\\0";break;case"0007":o+="\\a";break;case"000b":o+="\\v";break;case"001b":o+="\\e";break;case"0085":o+="\\N";break;case"00a0":o+="\\_";break;case"2028":o+="\\L";break;case"2029":o+="\\P";break;default:l.substr(0,2)==="00"?o+="\\x"+l.substr(2):o+=r.substr(A,6)}A+=5,a=A+1}break;case"n":if(n||r[A+2]==='"'||r.length<i)A+=1;else{for(o+=r.slice(a,A)+`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
 								`;r[A+2]==="\\"&&r[A+3]==="n"&&r[A+4]!=='"';)o+=`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`,A+=2;o+=s,r[A+2]===" "&&(o+="\\"),A+=1,a=A+1}break;default:A+=1}return o=a?o+r.slice(a):r,n?o:va.foldFlowLines(o,s,va.FOLD_QUOTED,qB(e,!1))}function jD(t,e){if(e.options.singleQuote===!1||e.implicitKey&&t.includes(`
 								`)||/[ \t]\n|\n[ \t]/.test(t))return Kg(t,e);let r=e.indent||(HB(t)?"  ":""),n="'"+t.replace(/'/g,"''").replace(/\n+/g,`$&
 								${r}`)+"'";return e.implicitKey?n:va.foldFlowLines(n,r,va.FOLD_FLOW,qB(e,!1))}function wd(t,e){let{singleQuote:r}=e.options,n;if(r===!1)n=Kg;else{let i=t.includes('"'),s=t.includes("'");i&&!s?n=jD:s&&!i?n=Kg:n=r?jD:Kg}return n(t,e)}var zD;try{zD=new RegExp(`(^|(?<!
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								))
 								+(?!
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								|$)`,"g")}catch{zD=/\n+(?!\n|$)/g}function UB({comment:t,type:e,value:r},n,i,s){let{blockQuote:o,commentString:a,lineWidth:A}=n.options;if(!o||/\n[\t ]+$/.test(r)||/^\s*$/.test(r))return wd(r,n);let c=n.indent||(n.forceBlockIndent||HB(r)?"  ":""),l=o==="literal"?!0:o==="folded"||e===ts.Scalar.BLOCK_FOLDED?!1:e===ts.Scalar.BLOCK_LITERAL?!0:!MRe(r,A,c.length);if(!r)return l?`|
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`:`>
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								`;let u,d;for(d=r.length;d>0;--d){let R=r[d-1];if(R!==`
 								`&&R!=="	"&&R!==" ")break}let f=r.substring(d),g=f.indexOf(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`);g===-1?u="-":r===f||g!==f.length-1?(u="+",s&&s()):u="",f&&(r=r.slice(0,-f.length),f[f.length-1]===`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`&&(f=f.slice(0,-1)),f=f.replace(zD,`$&${c}`));let m=!1,E,C=-1;for(E=0;E<r.length;++E){let R=r[E];if(R===" ")m=!0;else if(R===`
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								`)C=E;else break}let I=r.substring(0,C<E?C+1:E);I&&(r=r.substring(I.length),I=I.replace(/\n+/g,`$&${c}`));let w=(m?c?"2":"1":"")+u;if(t&&(w+=" "+a(t.replace(/ ?[\r\n]+/g," ")),i&&i()),!l){let R=r.replace(/\n+/g,`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								$&`).replace(/(?:^|\n)([\t ].*)(?:([\n\t ]*)\n(?![\n\t ]))?/g,"$1$2").replace(/\n+/g,`$&${c}`),T=!1,U=qB(n,!0);o!=="folded"&&e!==ts.Scalar.BLOCK_FOLDED&&(U.onOverflow=()=>{T=!0});let k=va.foldFlowLines(`${I}${R}${f}`,c,va.FOLD_BLOCK,U);if(!T)return`>${w}
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								${c}${k}`}return r=r.replace(/\n+/g,`$&${c}`),`|${w}
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								${c}${I}${r}${f}`}function FRe(t,e,r,n){let{type:i,value:s}=t,{actualString:o,implicitKey:a,indent:A,indentStep:c,inFlow:l}=e;if(a&&s.includes(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)||l&&/[[\]{},]/.test(s))return wd(s,e);if(!s||/^[\n\t ,[\]{}#&*!|>'"%@`]|^[?-]$|^[?-][ \t]|[\n:][ \t]|[ \t]\n|[\n\t ]#|[\n\t :]$/.test(s))return a||l||!s.includes(`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`)?wd(s,e):UB(t,e,r,n);if(!a&&!l&&i!==ts.Scalar.PLAIN&&s.includes(`
 								`))return UB(t,e,r,n);if(HB(s)){if(A==="")return e.forceBlockIndent=!0,UB(t,e,r,n);if(a&&A===c)return wd(s,e)}let u=s.replace(/\n+/g,`$&
 								${A}`);if(o){let d=m=>m.default&&m.tag!=="tag:yaml.org,2002:str"&&m.test?.test(u),{compat:f,tags:g}=e.doc.schema;if(g.some(d)||f?.some(d))return wd(s,e)}return a?u:va.foldFlowLines(u,A,va.FOLD_FLOW,qB(e,!1))}function URe(t,e,r,n){let{implicitKey:i,inFlow:s}=e,o=typeof t.value=="string"?t:Object.assign({},t,{value:String(t.value)}),{type:a}=t;a!==ts.Scalar.QUOTE_DOUBLE&&/[\x00-\x08\x0b-\x1f\x7f-\x9f\u{D800}-\u{DFFF}]/u.test(o.value)&&(a=ts.Scalar.QUOTE_DOUBLE);let A=l=>{switch(l){case ts.Scalar.BLOCK_FOLDED:case ts.Scalar.BLOCK_LITERAL:return i||s?wd(o.value,e):UB(o,e,r,n);case ts.Scalar.QUOTE_DOUBLE:return Kg(o.value,e);case ts.Scalar.QUOTE_SINGLE:return jD(o.value,e);case ts.Scalar.PLAIN:return FRe(o,e,r,n);default:return null}},c=A(a);if(c===null){let{defaultKeyType:l,defaultStringType:u}=e.options,d=i&&l||u;if(c=A(d),c===null)throw new Error(`Unsupported default string type ${d}`)}return c}wK.stringifyString=URe});var Zg=h(GD=>{"use strict";var qRe=DB(),Ra=He(),HRe=Wg(),jRe=Xg();function zRe(t,e){let r=Object.assign({blockQuote:!0,commentString:HRe.stringifyComment,defaultKeyType:null,defaultStringType:"PLAIN",directives:null,doubleQuotedAsJSON:!1,doubleQuotedMinMultiLineLength:40,falseStr:"false",flowCollectionPadding:!0,indentSeq:!0,lineWidth:80,minContentWidth:20,nullStr:"null",simpleKeys:!1,singleQuote:null,trueStr:"true",verifyAliasOrder:!0},t.schema.toStringOptions,e),n;switch(r.collectionStyle){case"block":n=!1;break;case"flow":n=!0;break;default:n=null}return{anchors:new Set,doc:t,flowCollectionPadding:r.flowCollectionPadding?" ":"",indent:"",indentStep:typeof r.indent=="number"?" ".repeat(r.indent):"  ",inFlow:n,options:r}}function GRe(t,e){if(e.tag){let i=t.filter(s=>s.tag===e.tag);if(i.length>0)return i.find(s=>s.format===e.format)??i[0]}let r,n;if(Ra.isScalar(e)){n=e.value;let i=t.filter(s=>s.identify?.(n));if(i.length>1){let s=i.filter(o=>o.test);s.length>0&&(i=s)}r=i.find(s=>s.format===e.format)??i.find(s=>!s.format)}else n=e,r=t.find(i=>i.nodeClass&&n instanceof i.nodeClass);if(!r){let i=n?.constructor?.name??typeof n;throw new Error(`Tag not resolved for ${i} value`)}return r}function YRe(t,e,{anchors:r,doc:n}){if(!n.directives)return"";let i=[],s=(Ra.isScalar(t)||Ra.isCollection(t))&&t.anchor;s&&qRe.anchorIsValid(s)&&(r.add(s),i.push(`&${s}`));let o=t.tag?t.tag:e.default?null:e.tag;return o&&i.push(n.directives.tagString(o)),i.join(" ")}function JRe(t,e,r,n){if(Ra.isPair(t))return t.toString(e,r,n);if(Ra.isAlias(t)){if(e.doc.directives)return t.toString(e);if(e.resolvedAliases?.has(t))throw new TypeError("Cannot stringify circular structure without alias nodes");e.resolvedAliases?e.resolvedAliases.add(t):e.resolvedAliases=new Set([t]),t=t.resolve(e.doc)}let i,s=Ra.isNode(t)?t:e.doc.createNode(t,{onTagObj:A=>i=A});i||(i=GRe(e.doc.schema.tags,s));let o=YRe(s,i,e);o.length>0&&(e.indentAtStart=(e.indentAtStart??0)+o.length+1);let a=typeof i.stringify=="function"?i.stringify(s,e,r,n):Ra.isScalar(s)?jRe.stringifyString(s,e,r,n):s.toString(e,r,n);return o?Ra.isScalar(s)||a[0]==="{"||a[0]==="["?`${o} ${a}`:`${o}
 								${e.indent}${a}`:a}GD.createStringifyContext=zRe;GD.stringify=JRe});var RK=h(vK=>{"use strict";var Bo=He(),SK=sr(),xK=Zg(),em=Wg();function VRe({key:t,value:e},r,n,i){let{allNullValues:s,doc:o,indent:a,indentStep:A,options:{commentString:c,indentSeq:l,simpleKeys:u}}=r,d=Bo.isNode(t)&&t.comment||null;if(u){if(d)throw new Error("With simple keys, key nodes cannot have comments");if(Bo.isCollection(t)||!Bo.isNode(t)&&typeof t=="object"){let U="With simple keys, collection cannot be used as a key value";throw new Error(U)}}let f=!u&&(!t||d&&e==null&&!r.inFlow||Bo.isCollection(t)||(Bo.isScalar(t)?t.type===SK.Scalar.BLOCK_FOLDED||t.type===SK.Scalar.BLOCK_LITERAL:typeof t=="object"));r=Object.assign({},r,{allNullValues:!1,implicitKey:!f&&(u||!s),indent:a+A});let g=!1,m=!1,E=xK.stringify(t,r,()=>g=!0,()=>m=!0);if(!f&&!r.inFlow&&E.length>1024){if(u)throw new Error("With simple keys, single line scalar must not span more than 1024 characters");f=!0}if(r.inFlow){if(s||e==null)return g&&n&&n(),E===""?"?":f?`? ${E}`:E}else if(s&&!u||e==null&&f)return E=`? ${E}`,d&&!g?E+=em.lineComment(E,r.indent,c(d)):m&&i&&i(),E;g&&(d=null),f?(d&&(E+=em.lineComment(E,r.indent,c(d))),E=`? ${E}
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								${a}:`):(E=`${E}:`,d&&(E+=em.lineComment(E,r.indent,c(d))));let C,I,N;Bo.isNode(e)?(C=!!e.spaceBefore,I=e.commentBefore,N=e.comment):(C=!1,I=null,N=null,e&&typeof e=="object"&&(e=o.createNode(e))),r.implicitKey=!1,!f&&!d&&Bo.isScalar(e)&&(r.indentAtStart=E.length+1),m=!1,!l&&A.length>=2&&!r.inFlow&&!f&&Bo.isSeq(e)&&!e.flow&&!e.tag&&!e.anchor&&(r.indent=r.indent.substring(2));let w=!1,R=xK.stringify(e,r,()=>w=!0,()=>m=!0),T=" ";if(d||C||I){if(T=C?`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`:"",I){let U=c(I);T+=`
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								${em.indentComment(U,r.indent)}`}R===""&&!r.inFlow?T===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`&&(T=`
 								`):T+=`
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								${r.indent}`}else if(!f&&Bo.isCollection(e)){let U=R[0],k=R.indexOf(`
 								`),J=k!==-1,be=r.inFlow??e.flow??e.items.length===0;if(J||!be){let ve=!1;if(J&&(U==="&"||U==="!")){let H=R.indexOf(" ");U==="&"&&H!==-1&&H<k&&R[H+1]==="!"&&(H=R.indexOf(" ",H+1)),(H===-1||k<H)&&(ve=!0)}ve||(T=`
 								${r.indent}`)}}else(R===""||R[0]===`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`)&&(T="");return E+=T+R,r.inFlow?w&&n&&n():N&&!w?E+=em.lineComment(E,r.indent,c(N)):m&&i&&i(),E}vK.stringifyPair=VRe});var JD=h(YD=>{"use strict";var _K=require("node:process");function WRe(t,...e){t==="debug"&&console.log(...e)}function $Re(t,e){(t==="debug"||t==="warn")&&(typeof _K.emitWarning=="function"?_K.emitWarning(e):console.warn(e))}YD.debug=WRe;YD.warn=$Re});var YB=h(GB=>{"use strict";var tm=He(),DK=sr(),jB="<<",zB={identify:t=>t===jB||typeof t=="symbol"&&t.description===jB,default:"key",tag:"tag:yaml.org,2002:merge",test:/^<<$/,resolve:()=>Object.assign(new DK.Scalar(Symbol(jB)),{addToJSMap:kK}),stringify:()=>jB},KRe=(t,e)=>(zB.identify(e)||tm.isScalar(e)&&(!e.type||e.type===DK.Scalar.PLAIN)&&zB.identify(e.value))&&t?.doc.schema.tags.some(r=>r.tag===zB.tag&&r.default);function kK(t,e,r){if(r=t&&tm.isAlias(r)?r.resolve(t.doc):r,tm.isSeq(r))for(let n of r.items)VD(t,e,n);else if(Array.isArray(r))for(let n of r)VD(t,e,n);else VD(t,e,r)}function VD(t,e,r){let n=t&&tm.isAlias(r)?r.resolve(t.doc):r;if(!tm.isMap(n))throw new Error("Merge sources must be maps or map aliases");let i=n.toJSON(null,t,Map);for(let[s,o]of i)e instanceof Map?e.has(s)||e.set(s,o):e instanceof Set?e.add(s):Object.prototype.hasOwnProperty.call(e,s)||Object.defineProperty(e,s,{value:o,writable:!0,enumerable:!0,configurable:!0});return e}GB.addMergeToJSMap=kK;GB.isMergeKey=KRe;GB.merge=zB});var $D=h(OK=>{"use strict";var XRe=JD(),PK=YB(),ZRe=Zg(),TK=He(),WD=Sa();function e_e(t,e,{key:r,value:n}){if(TK.isNode(r)&&r.addToJSMap)r.addToJSMap(t,e,n);else if(PK.isMergeKey(t,r))PK.addMergeToJSMap(t,e,n);else{let i=WD.toJS(r,"",t);if(e instanceof Map)e.set(i,WD.toJS(n,i,t));else if(e instanceof Set)e.add(i);else{let s=t_e(r,i,t),o=WD.toJS(n,s,t);s in e?Object.defineProperty(e,s,{value:o,writable:!0,enumerable:!0,configurable:!0}):e[s]=o}}return e}function t_e(t,e,r){if(e===null)return"";if(typeof e!="object")return String(e);if(TK.isNode(t)&&r?.doc){let n=ZRe.createStringifyContext(r.doc,{});n.anchors=new Set;for(let s of r.anchors.keys())n.anchors.add(s.anchor);n.inFlow=!0,n.inStringifyKey=!0;let i=t.toString(n);if(!r.mapKeyWarned){let s=JSON.stringify(i);s.length>40&&(s=s.substring(0,36)+'..."'),XRe.warn(r.doc.options.logLevel,`Keys with collection values will be stringified due to JS Object restrictions: ${s}. Set mapAsMap: true to use object keys.`),r.mapKeyWarned=!0}return i}return JSON.stringify(e)}OK.addPairToJSMap=e_e});var _a=h(KD=>{"use strict";var LK=Vg(),r_e=RK(),n_e=$D(),JB=He();function i_e(t,e,r){let n=LK.createNode(t,void 0,r),i=LK.createNode(e,void 0,r);return new VB(n,i)}var VB=class t{constructor(e,r=null){Object.defineProperty(this,JB.NODE_TYPE,{value:JB.PAIR}),this.key=e,this.value=r}clone(e){let{key:r,value:n}=this;return JB.isNode(r)&&(r=r.clone(e)),JB.isNode(n)&&(n=n.clone(e)),new t(r,n)}toJSON(e,r){let n=r?.mapAsMap?new Map:{};return n_e.addPairToJSMap(r,n,this)}toString(e,r,n){return e?.doc?r_e.stringifyPair(this,e,r,n):JSON.stringify(this)}};KD.Pair=VB;KD.createPair=i_e});var XD=h(FK=>{"use strict";var jA=He(),MK=Zg(),WB=Wg();function s_e(t,e,r){return(e.inFlow??t.flow?a_e:o_e)(t,e,r)}function o_e({comment:t,items:e},r,{blockItemPrefix:n,flowChars:i,itemIndent:s,onChompKeep:o,onComment:a}){let{indent:A,options:{commentString:c}}=r,l=Object.assign({},r,{indent:s,type:null}),u=!1,d=[];for(let g=0;g<e.length;++g){let m=e[g],E=null;if(jA.isNode(m))!u&&m.spaceBefore&&d.push(""),$B(r,d,m.commentBefore,u),m.comment&&(E=m.comment);else if(jA.isPair(m)){let I=jA.isNode(m.key)?m.key:null;I&&(!u&&I.spaceBefore&&d.push(""),$B(r,d,I.commentBefore,u))}u=!1;let C=MK.stringify(m,l,()=>E=null,()=>u=!0);E&&(C+=WB.lineComment(C,s,c(E))),u&&E&&(u=!1),d.push(n+C)}let f;if(d.length===0)f=i.start+i.end;else{f=d[0];for(let g=1;g<d.length;++g){let m=d[g];f+=m?`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								${A}${m}`:`
 								`}}return t?(f+=`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`+WB.indentComment(c(t),A),a&&a()):u&&o&&o(),f}function a_e({items:t},e,{flowChars:r,itemIndent:n}){let{indent:i,indentStep:s,flowCollectionPadding:o,options:{commentString:a}}=e;n+=s;let A=Object.assign({},e,{indent:n,inFlow:!0,type:null}),c=!1,l=0,u=[];for(let g=0;g<t.length;++g){let m=t[g],E=null;if(jA.isNode(m))m.spaceBefore&&u.push(""),$B(e,u,m.commentBefore,!1),m.comment&&(E=m.comment);else if(jA.isPair(m)){let I=jA.isNode(m.key)?m.key:null;I&&(I.spaceBefore&&u.push(""),$B(e,u,I.commentBefore,!1),I.comment&&(c=!0));let N=jA.isNode(m.value)?m.value:null;N?(N.comment&&(E=N.comment),N.commentBefore&&(c=!0)):m.value==null&&I?.comment&&(E=I.comment)}E&&(c=!0);let C=MK.stringify(m,A,()=>E=null);g<t.length-1&&(C+=","),E&&(C+=WB.lineComment(C,n,a(E))),!c&&(u.length>l||C.includes(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`))&&(c=!0),u.push(C),l=u.length}let{start:d,end:f}=r;if(u.length===0)return d+f;if(!c){let g=u.reduce((m,E)=>m+E.length+2,2);c=e.options.lineWidth>0&&g>e.options.lineWidth}if(c){let g=d;for(let m of u)g+=m?`
 								${s}${i}${m}`:`
 								`;return`${g}
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								${i}${f}`}else return`${d}${o}${u.join(" ")}${o}${f}`}function $B({indent:t,options:{commentString:e}},r,n,i){if(n&&i&&(n=n.replace(/^\n+/,"")),n){let s=WB.indentComment(e(n),t);r.push(s.trimStart())}}FK.stringifyCollection=s_e});var ka=h(ek=>{"use strict";var A_e=XD(),c_e=$D(),l_e=LB(),Da=He(),KB=_a(),u_e=sr();function rm(t,e){let r=Da.isScalar(e)?e.value:e;for(let n of t)if(Da.isPair(n)&&(n.key===e||n.key===r||Da.isScalar(n.key)&&n.key.value===r))return n}var ZD=class extends l_e.Collection{static get tagName(){return"tag:yaml.org,2002:map"}constructor(e){super(Da.MAP,e),this.items=[]}static from(e,r,n){let{keepUndefined:i,replacer:s}=n,o=new this(e),a=(A,c)=>{if(typeof s=="function")c=s.call(r,A,c);else if(Array.isArray(s)&&!s.includes(A))return;(c!==void 0||i)&&o.items.push(KB.createPair(A,c,n))};if(r instanceof Map)for(let[A,c]of r)a(A,c);else if(r&&typeof r=="object")for(let A of Object.keys(r))a(A,r[A]);return typeof e.sortMapEntries=="function"&&o.items.sort(e.sortMapEntries),o}add(e,r){let n;Da.isPair(e)?n=e:!e||typeof e!="object"||!("key"in e)?n=new KB.Pair(e,e?.value):n=new KB.Pair(e.key,e.value);let i=rm(this.items,n.key),s=this.schema?.sortMapEntries;if(i){if(!r)throw new Error(`Key ${n.key} already set`);Da.isScalar(i.value)&&u_e.isScalarValue(n.value)?i.value.value=n.value:i.value=n.value}else if(s){let o=this.items.findIndex(a=>s(n,a)<0);o===-1?this.items.push(n):this.items.splice(o,0,n)}else this.items.push(n)}delete(e){let r=rm(this.items,e);return r?this.items.splice(this.items.indexOf(r),1).length>0:!1}get(e,r){let i=rm(this.items,e)?.value;return(!r&&Da.isScalar(i)?i.value:i)??void 0}has(e){return!!rm(this.items,e)}set(e,r){this.add(new KB.Pair(e,r),!0)}toJSON(e,r,n){let i=n?new n:r?.mapAsMap?new Map:{};r?.onCreate&&r.onCreate(i);for(let s of this.items)c_e.addPairToJSMap(r,i,s);return i}toString(e,r,n){if(!e)return JSON.stringify(this);for(let i of this.items)if(!Da.isPair(i))throw new Error(`Map items must all be pairs; found ${JSON.stringify(i)} instead`);return!e.allNullValues&&this.hasAllNullValues(!1)&&(e=Object.assign({},e,{allNullValues:!0})),A_e.stringifyCollection(this,e,{blockItemPrefix:"",flowChars:{start:"{",end:"}"},itemIndent:e.indent||"",onChompKeep:n,onComment:r})}};ek.YAMLMap=ZD;ek.findPair=rm});var Sd=h(qK=>{"use strict";var d_e=He(),UK=ka(),f_e={collection:"map",default:!0,nodeClass:UK.YAMLMap,tag:"tag:yaml.org,2002:map",resolve(t,e){return d_e.isMap(t)||e("Expected a mapping for this tag"),t},createNode:(t,e,r)=>UK.YAMLMap.from(t,e,r)};qK.map=f_e});var Pa=h(HK=>{"use strict";var h_e=Vg(),g_e=XD(),m_e=LB(),ZB=He(),p_e=sr(),y_e=Sa(),tk=class extends m_e.Collection{static get tagName(){return"tag:yaml.org,2002:seq"}constructor(e){super(ZB.SEQ,e),this.items=[]}add(e){this.items.push(e)}delete(e){let r=XB(e);return typeof r!="number"?!1:this.items.splice(r,1).length>0}get(e,r){let n=XB(e);if(typeof n!="number")return;let i=this.items[n];return!r&&ZB.isScalar(i)?i.value:i}has(e){let r=XB(e);return typeof r=="number"&&r<this.items.length}set(e,r){let n=XB(e);if(typeof n!="number")throw new Error(`Expected a valid index, not ${e}.`);let i=this.items[n];ZB.isScalar(i)&&p_e.isScalarValue(r)?i.value=r:this.items[n]=r}toJSON(e,r){let n=[];r?.onCreate&&r.onCreate(n);let i=0;for(let s of this.items)n.push(y_e.toJS(s,String(i++),r));return n}toString(e,r,n){return e?g_e.stringifyCollection(this,e,{blockItemPrefix:"- ",flowChars:{start:"[",end:"]"},itemIndent:(e.indent||"")+"  ",onChompKeep:n,onComment:r}):JSON.stringify(this)}static from(e,r,n){let{replacer:i}=n,s=new this(e);if(r&&Symbol.iterator in Object(r)){let o=0;for(let a of r){if(typeof i=="function"){let A=r instanceof Set?a:String(o++);a=i.call(r,A,a)}s.items.push(h_e.createNode(a,void 0,n))}}return s}};function XB(t){let e=ZB.isScalar(t)?t.value:t;return e&&typeof e=="string"&&(e=Number(e)),typeof e=="number"&&Number.isInteger(e)&&e>=0?e:null}HK.YAMLSeq=tk});var xd=h(zK=>{"use strict";var E_e=He(),jK=Pa(),C_e={collection:"seq",default:!0,nodeClass:jK.YAMLSeq,tag:"tag:yaml.org,2002:seq",resolve(t,e){return E_e.isSeq(t)||e("Expected a
 								`:" ")}return z_e.stringifyString({comment:t,type:e,value:a},n,i,s)}};s9.binary=G_e});var aQ=h(oQ=>{"use strict";var sQ=He(),uk=_a(),Y_e=sr(),J_e=Pa();function o9(t,e){if(sQ.isSeq(t))for(let r=0;r<t.items.length;++r){let n=t.items[r];if(!sQ.isPair(n)){if(sQ.isMap(n)){n.items.length>1&&e("Each pair must have its own sequence indicator");let i=n.items[0]||new uk.Pair(new Y_e.Scalar(null));if(n.commentBefore&&(i.key.commentBefore=i.key.commentBefore?`${n.commentBefore}
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								${i.key.commentBefore}`:n.commentBefore),n.comment){let s=i.value??i.key;s.comment=s.comment?`${n.comment}
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								${s.comment}`:n.comment}n=i}t.items[r]=sQ.isPair(n)?n:new uk.Pair(n)}}else e("Expected a sequence for this tag");return t}function a9(t,e,r){let{replacer:n}=r,i=new J_e.YAMLSeq(t);i.tag="tag:yaml.org,2002:pairs";let s=0;if(e&&Symbol.iterator in Object(e))for(let o of e){typeof n=="function"&&(o=n.call(e,String(s++),o));let a,A;if(Array.isArray(o))if(o.length===2)a=o[0],A=o[1];else throw new TypeError(`Expected [key, value] tuple: ${o}`);else if(o&&o instanceof Object){let c=Object.keys(o);if(c.length===1)a=c[0],A=o[a];else throw new TypeError(`Expected tuple with one key, not ${c.length} keys`)}else a=o;i.items.push(uk.createPair(a,A,r))}return i}var V_e={collection:"seq",default:!1,tag:"tag:yaml.org,2002:pairs",resolve:o9,createNode:a9};oQ.createPairs=a9;oQ.pairs=V_e;oQ.resolvePairs=o9});var hk=h(fk=>{"use strict";var A9=He(),dk=Sa(),sm=ka(),W_e=Pa(),c9=aQ(),zA=class t extends W_e.YAMLSeq{constructor(){super(),this.add=sm.YAMLMap.prototype.add.bind(this),this.delete=sm.YAMLMap.prototype.delete.bind(this),this.get=sm.YAMLMap.prototype.get.bind(this),this.has=sm.YAMLMap.prototype.has.bind(this),this.set=sm.YAMLMap.prototype.set.bind(this),this.tag=t.tag}toJSON(e,r){if(!r)return super.toJSON(e);let n=new Map;r?.onCreate&&r.onCreate(n);for(let i of this.items){let s,o;if(A9.isPair(i)?(s=dk.toJS(i.key,"",r),o=dk.toJS(i.value,s,r)):s=dk.toJS(i,"",r),n.has(s))throw new Error("Ordered maps must not include duplicate keys");n.set(s,o)}return n}static from(e,r,n){let i=c9.createPairs(e,r,n),s=new this;return s.items=i.items,s}};zA.tag="tag:yaml.org,2002:omap";var $_e={collection:"seq",identify:t=>t instanceof Map,nodeClass:zA,default:!1,tag:"tag:yaml.org,2002:omap",resolve(t,e){let r=c9.resolvePairs(t,e),n=[];for(let{key:i}of r.items)A9.isScalar(i)&&(n.includes(i.value)?e(`Ordered maps must not include duplicate keys: ${i.value}`):n.push(i.value));return Object.assign(new zA,r)},createNode:(t,e,r)=>zA.from(t,e,r)};fk.YAMLOMap=zA;fk.omap=$_e});var h9=h(gk=>{"use strict";var l9=sr();function u9({value:t,source:e},r){return e&&(t?d9:f9).test.test(e)?e:t?r.options.trueStr:r.options.falseStr}var d9={identify:t=>t===!0,default:!0,tag:"tag:yaml.org,2002:bool",test:/^(?:Y|y|[Yy]es|YES|[Tt]rue|TRUE|[Oo]n|ON)$/,resolve:()=>new l9.Scalar(!0),stringify:u9},f9={identify:t=>t===!1,default:!0,tag:"tag:yaml.org,2002:bool",test:/^(?:N|n|[Nn]o|NO|[Ff]alse|FALSE|[Oo]ff|OFF)$/,resolve:()=>new l9.Scalar(!1),stringify:u9};gk.falseTag=f9;gk.trueTag=d9});var g9=h(AQ=>{"use strict";var K_e=sr(),mk=vd(),X_e={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",test:/^(?:[-+]?\.(?:inf|Inf|INF)|\.nan|\.NaN|\.NAN)$/,resolve:t=>t.slice(-3).toLowerCase()==="nan"?NaN:t[0]==="-"?Number.NEGATIVE_INFINITY:Number.POSITIVE_INFINITY,stringify:mk.stringifyNumber},Z_e={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",format:"EXP",test:/^[-+]?(?:[0-9][0-9_]*)?(?:\.[0-9_]*)?[eE][-+]?[0-9]+$/,resolve:t=>parseFloat(t.replace(/_/g,"")),stringify(t){let e=Number(t.value);return isFinite(e)?e.toExponential():mk.stringifyNumber(t)}},eDe={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",test:/^[-+]?(?:[0-9][0-9_]*)?\.[0-9_]*$/,resolve(t){let e=new K_e.Scalar(parseFloat(t.replace(/_/g,""))),r=t.indexOf(".");if(r!==-1){let n=t.substring(r+1).replace(/_/g,"");n[n.length-1]==="0"&&(e.minFractionDigits=n.length)}return e},stringify:mk.stringifyNumber};AQ.float=eDe;AQ.floatExp=Z_e;AQ.floatNaN=X_e});var p9=h(am=>{"use strict";var m9=vd(),om=t=>typeof t=="bigint"||Number.isInteger(t);function cQ(t,e,r,{intAsBigInt:n}){let i=t[0];if((i==="-"||i==="+")&&(e+=1),t=t.substring(e).replace(/_/g,""),n){switch(r){case 2:t=`0b${t}`;break;case 8:t=`0o${t}`;break;case 16:t=`0x${t}`;break}let o=BigInt(t);return i==="-"?BigInt(-1)*o:o}let s=parseInt(t,r);return i==="-"?-1*s:s}function pk(t,e,r){let{value:n}=t;if(om(n)){let i=n.toString(e);return n<0?"-"+r+i.substr(1):r+i}return m9.stringifyNumber(t)}var tDe={identify:om,default:!0,tag:"tag:yaml.org,2002:int",format:"BIN",test:/^[-+]?0b[0-1_]+$/,resolve:(t,e,r)=>cQ(t,2,2,r),stringify:t
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)?(r.push("..."),r.push(cm.indentComment(A,""))):r.push(`... ${A}`)}else r.push("...");else{let A=t.comment;A&&o&&(A=A.replace(/^\n+/,"")),A&&((!o||a)&&r[r.length-1]!==""&&r.push(""),r.push(cm.indentComment(s(A),"")))}return r.join(`
 								`)+`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`}P9.stringifyDocument=_De});var lm=h(O9=>{"use strict";var DDe=Jg(),Rd=LB(),Pi=He(),kDe=_a(),PDe=Sa(),TDe=vk(),ODe=T9(),_k=DB(),LDe=TD(),MDe=Vg(),Dk=PD(),kk=class t{constructor(e,r,n){this.commentBefore=null,this.comment=null,this.errors=[],this.warnings=[],Object.defineProperty(this,Pi.NODE_TYPE,{value:Pi.DOC});let i=null;typeof r=="function"||Array.isArray(r)?i=r:n===void 0&&r&&(n=r,r=void 0);let s=Object.assign({intAsBigInt:!1,keepSourceTokens:!1,logLevel:"warn",prettyErrors:!0,strict:!0,stringKeys:!1,uniqueKeys:!0,version:"1.2"},n);this.options=s;let{version:o}=s;n?._directives?(this.directives=n._directives.atDocument(),this.directives.yaml.explicit&&(o=this.directives.yaml.version)):this.directives=new Dk.Directives({version:o}),this.setSchema(o,n),this.contents=e===void 0?null:this.createNode(e,i,n)}clone(){let e=Object.create(t.prototype,{[Pi.NODE_TYPE]:{value:Pi.DOC}});return e.commentBefore=this.commentBefore,e.comment=this.comment,e.errors=this.errors.slice(),e.warnings=this.warnings.slice(),e.options=Object.assign({},this.options),this.directives&&(e.directives=this.directives.clone()),e.schema=this.schema.clone(),e.contents=Pi.isNode(this.contents)?this.contents.clone(e.schema):this.contents,this.range&&(e.range=this.range.slice()),e}add(e){_d(this.contents)&&this.contents.add(e)}addIn(e,r){_d(this.contents)&&this.contents.addIn(e,r)}createAlias(e,r){if(!e.anchor){let n=_k.anchorNames(this);e.anchor=!r||n.has(r)?_k.findNewAnchor(r||"a",n):r}return new DDe.Alias(e.anchor)}createNode(e,r,n){let i;if(typeof r=="function")e=r.call({"":e},"",e),i=r;else if(Array.isArray(r)){let E=I=>typeof I=="number"||I instanceof String||I instanceof Number,C=r.filter(E).map(String);C.length>0&&(r=r.concat(C)),i=r}else n===void 0&&r&&(n=r,r=void 0);let{aliasDuplicateObjects:s,anchorPrefix:o,flow:a,keepUndefined:A,onTagObj:c,tag:l}=n??{},{onAnchor:u,setAnchors:d,sourceObjects:f}=_k.createNodeAnchors(this,o||"a"),g={aliasDuplicateObjects:s??!0,keepUndefined:A??!1,onAnchor:u,onTagObj:c,replacer:i,schema:this.schema,sourceObjects:f},m=MDe.createNode(e,l,g);return a&&Pi.isCollection(m)&&(m.flow=!0),d(),m}createPair(e,r,n={}){let i=this.createNode(e,null,n),s=this.createNode(r,null,n);return new kDe.Pair(i,s)}delete(e){return _d(this.contents)?this.contents.delete(e):!1}deleteIn(e){return Rd.isEmptyPath(e)?this.contents==null?!1:(this.contents=null,!0):_d(this.contents)?this.contents.deleteIn(e):!1}get(e,r){return Pi.isCollection(this.contents)?this.contents.get(e,r):void 0}getIn(e,r){return Rd.isEmptyPath(e)?!r&&Pi.isScalar(this.contents)?this.contents.value:this.contents:Pi.isCollection(this.contents)?this.contents.getIn(e,r):void 0}has(e){return Pi.isCollection(this.contents)?this.contents.has(e):!1}hasIn(e){return Rd.isEmptyPath(e)?this.contents!==void 0:Pi.isCollection(this.contents)?this.contents.hasIn(e):!1}set(e,r){this.contents==null?this.contents=Rd.collectionFromPath(this.schema,[e],r):_d(this.contents)&&this.contents.set(e,r)}setIn(e,r){Rd.isEmptyPath(e)?this.contents=r:this.contents==null?this.contents=Rd.collectionFromPath(this.schema,Array.from(e),r):_d(this.contents)&&this.contents.setIn(e,r)}setSchema(e,r={}){typeof e=="number"&&(e=String(e));let n;switch(e){case"1.1":this.directives?this.directives.yaml.version="1.1":this.directives=new Dk.Directives({version:"1.1"}),n={resolveKnownTags:!1,schema:"yaml-1.1"};break;case"1.2":case"next":this.directives?this.directives.yaml.version=e:this.directives=new Dk.Directives({version:e}),n={resolveKnownTags:!0,schema:"core"};break;case null:this.directives&&delete this.directives,n=null;break;default:{let i=JSON.stringify(e);throw new Error(`Expected '1.1', '1.2' or null as first argument, but found: ${i}`)}}if(r.schema instanceof Object)this.schema=r.schema;else if(n)this.schema=new TDe.Schema(Object.assign(n,r));else throw new Error("With a null YAML version, the { schema: Schema } option is required")}toJS({json:e,jsonArg:r,mapAsMap:n,maxAliasCount:i,onAnchor:s,reviver:o}={}){let a={anchors:new Map,doc:this,keep:!e,mapAsMap:n===!0,mapKeyWarned:!1,maxAliasCount:typeof i=="
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`),o=a+o}if(/[^ ]/.test(o)){let a=1,A=r.linePos[1];A&&A.line===n&&A.col>i&&(a=Math.max(1,Math.min(A.col-i,80-s)));let c=" ".repeat(s)+"^".repeat(a);r.message+=`:
 								${o}
 								${c}
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`}};dm.YAMLError=um;dm.YAMLParseError=Pk;dm.YAMLWarning=Tk;dm.prettifyError=FDe});var hm=h(L9=>{"use strict";function UDe(t,{flow:e,indicator:r,next:n,offset:i,onError:s,parentIndent:o,startOnNewline:a}){let A=!1,c=a,l=a,u="",d="",f=!1,g=!1,m=null,E=null,C=null,I=null,N=null,w=null,R=null;for(let k of t)switch(g&&(k.type!=="space"&&k.type!=="newline"&&k.type!=="comma"&&s(k.offset,"MISSING_CHAR","Tags and anchors must be separated from the next token by white space"),g=!1),m&&(c&&k.type!=="comment"&&k.type!=="newline"&&s(m,"TAB_AS_INDENT","Tabs are not allowed as indentation"),m=null),k.type){case"space":!e&&(r!=="doc-start"||n?.type!=="flow-collection")&&k.source.includes("	")&&(m=k),l=!0;break;case"comment":{l||s(k,"MISSING_CHAR","Comments must be separated from other tokens by white space characters");let J=k.source.substring(1)||" ";u?u+=d+J:u=J,d="",c=!1;break}case"newline":c?u?u+=k.source:(!w||r!=="seq-item-ind")&&(A=!0):d+=k.source,c=!0,f=!0,(E||C)&&(I=k),l=!0;break;case"anchor":E&&s(k,"MULTIPLE_ANCHORS","A node can have at most one anchor"),k.source.endsWith(":")&&s(k.offset+k.source.length-1,"BAD_ALIAS","Anchor ending in : is ambiguous",!0),E=k,R===null&&(R=k.offset),c=!1,l=!1,g=!0;break;case"tag":{C&&s(k,"MULTIPLE_TAGS","A node can have at most one tag"),C=k,R===null&&(R=k.offset),c=!1,l=!1,g=!0;break}case r:(E||C)&&s(k,"BAD_PROP_ORDER",`Anchors and tags must be after the ${k.source} indicator`),w&&s(k,"UNEXPECTED_TOKEN",`Unexpected ${k.source} in ${e??"collection"}`),w=k,c=r==="seq-item-ind"||r==="explicit-key-ind",l=!1;break;case"comma":if(e){N&&s(k,"UNEXPECTED_TOKEN",`Unexpected , in ${e}`),N=k,c=!1,l=!1;break}default:s(k,"UNEXPECTED_TOKEN",`Unexpected ${k.type} token`),c=!1,l=!1}let T=t[t.length-1],U=T?T.offset+T.source.length:i;return g&&n&&n.type!=="space"&&n.type!=="newline"&&n.type!=="comma"&&(n.type!=="scalar"||n.source!=="")&&s(n.offset,"MISSING_CHAR","Tags and anchors must be separated from the next token by white space"),m&&(c&&m.indent<=o||n?.type==="block-map"||n?.type==="block-seq")&&s(m,"TAB_AS_INDENT","Tabs are not allowed as indentation"),{comma:N,found:w,spaceBefore:A,comment:u,hasNewline:f,anchor:E,tag:C,newlineAfterProp:I,end:U,start:R??U}}L9.resolveProps=UDe});var pQ=h(M9=>{"use strict";function Ok(t){if(!t)return null;switch(t.type){case"alias":case"scalar":case"double-quoted-scalar":case"single-quoted-scalar":if(t.source.includes(`
 								`))return!0;if(t.end){for(let e of t.end)if(e.type==="newline")return!0}return!1;case"flow-collection":for(let e of t.items){for(let r of e.start)if(r.type==="newline")return!0;if(e.sep){for(let r of e.sep)if(r.type==="newline")return!0}if(Ok(e.key)||Ok(e.value))return!0}return!1;default:return!0}}M9.containsNewline=Ok});var Lk=h(F9=>{"use strict";var qDe=pQ();function HDe(t,e,r){if(e?.type==="flow-collection"){let n=e.end[0];n.indent===t&&(n.source==="]"||n.source==="}")&&qDe.containsNewline(e)&&r(n,"BAD_INDENT","Flow end indicator should be more indented than parent",!0)}}F9.flowIndentCheck=HDe});var Mk=h(q9=>{"use strict";var U9=He();function jDe(t,e,r){let{uniqueKeys:n}=t.options;if(n===!1)return!1;let i=typeof n=="function"?n:(s,o)=>s===o||U9.isScalar(s)&&U9.isScalar(o)&&s.value===o.value;return e.some(s=>i(s.key,r))}q9.mapIncludes=jDe});var J9=h(Y9=>{"use strict";var H9=_a(),zDe=ka(),j9=hm(),GDe=pQ(),z9=Lk(),YDe=Mk(),G9="All mapping items must start at the same column";function JDe({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=s?.nodeClass??zDe.YAMLMap,a=new o(r.schema);r.atRoot&&(r.atRoot=!1);let A=n.offset,c=null;for(let l of n.items){let{start:u,key:d,sep:f,value:g}=l,m=j9.resolveProps(u,{indicator:"explicit-key-ind",next:d??f?.[0],offset:A,onError:i,parentIndent:n.indent,startOnNewline:!0}),E=!m.found;if(E){if(d&&(d.type==="block-seq"?i(A,"BLOCK_AS_IMPLICIT_KEY","A block sequence may not be used as an implicit map key"):"indent"in d&&d.indent!==n.indent&&i(A,"BAD_INDENT",G9)),!m.anchor&&!m.tag&&!f){c=m.end,m.comment&&(a.comment?a.comment+=`
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								`+m.comment:a.comment=m.comment);continue}(m.newlineAfterProp||GDe.containsNewline(d))&&i(d??u[u.length-1],"MULTILINE_IMPLICIT_KEY","Implicit keys need to be on a single line")}else m.found?.indent!==n.indent&&i(A,"BAD_INDENT",G9);r.atKey=!0;let C=m.end,I=d?t(r,d,m,i):e(r,C,u,null,m,i);r.schema.compat&&z9.flowIndentCheck(n.indent,d,i),r.atKey=!1,YDe.mapIncludes(r,a.items,I)&&i(C,"DUPLICATE_KEY","Map keys must be unique");let N=j9.resolveProps(f??[],{indicator:"map-value-ind",next:g,offset:I.range[2],onError:i,parentIndent:n.indent,startOnNewline:!d||d.type==="block-scalar"});if(A=N.end,N.found){E&&(g?.type==="block-map"&&!N.hasNewline&&i(A,"BLOCK_AS_IMPLICIT_KEY","Nested mappings are not allowed in compact mappings"),r.options.strict&&m.start<N.found.offset-1024&&i(I.range,"KEY_OVER_1024_CHARS","The : indicator must be at most 1024 chars after the start of an implicit block mapping key"));let w=g?t(r,g,N,i):e(r,A,f,null,N,i);r.schema.compat&&z9.flowIndentCheck(n.indent,g,i),A=w.range[2];let R=new H9.Pair(I,w);r.options.keepSourceTokens&&(R.srcToken=l),a.items.push(R)}else{E&&i(I.range,"MISSING_CHAR","Implicit map keys need to be followed by map values"),N.comment&&(I.comment?I.comment+=`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`+N.comment:I.comment=N.comment);let w=new H9.Pair(I);r.options.keepSourceTokens&&(w.srcToken=l),a.items.push(w)}}return c&&c<A&&i(c,"IMPOSSIBLE","Map comment with trailing content"),a.range=[n.offset,A,c??A],a}Y9.resolveBlockMap=JDe});var W9=h(V9=>{"use strict";var VDe=Pa(),WDe=hm(),$De=Lk();function KDe({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=s?.nodeClass??VDe.YAMLSeq,a=new o(r.schema);r.atRoot&&(r.atRoot=!1),r.atKey&&(r.atKey=!1);let A=n.offset,c=null;for(let{start:l,value:u}of n.items){let d=WDe.resolveProps(l,{indicator:"seq-item-ind",next:u,offset:A,onError:i,parentIndent:n.indent,startOnNewline:!0});if(!d.found)if(d.anchor||d.tag||u)u&&u.type==="block-seq"?i(d.end,"BAD_INDENT","All sequence items must start at the same column"):i(A,"MISSING_CHAR","Sequence item without - indicator");else{c=d.end,d.comment&&(a.comment=d.comment);continue}let f=u?t(r,u,d,i):e(r,d.end,l,null,d,i);r.schema.compat&&$De.flowIndentCheck(n.indent,u,i),A=f.range[2],a.items.push(f)}return a.range=[n.offset,A,c??A],a}V9.resolveBlockSeq=KDe});var Dd=h($9=>{"use strict";function XDe(t,e,r,n){let i="";if(t){let s=!1,o="";for(let a of t){let{source:A,type:c}=a;switch(c){case"space":s=!0;break;case"comment":{r&&!s&&n(a,"MISSING_CHAR","Comments must be separated from other tokens by white space characters");let l=A.substring(1)||" ";i?i+=o+l:i=l,o="";break}case"newline":i&&(o+=A),s=!0;break;default:n(a,"UNEXPECTED_TOKEN",`Unexpected ${c} at node end`)}e+=A.length}}return{comment:i,offset:e}}$9.resolveEnd=XDe});var e8=h(Z9=>{"use strict";var ZDe=He(),eke=_a(),K9=ka(),tke=Pa(),rke=Dd(),X9=hm(),nke=pQ(),ike=Mk(),Fk="Block collections are not allowed within flow collections",Uk=t=>t&&(t.type==="block-map"||t.type==="block-seq");function ske({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=n.start.source==="{",a=o?"flow map":"flow sequence",A=s?.nodeClass??(o?K9.YAMLMap:tke.YAMLSeq),c=new A(r.schema);c.flow=!0;let l=r.atRoot;l&&(r.atRoot=!1),r.atKey&&(r.atKey=!1);let u=n.offset+n.start.source.length;for(let E=0;E<n.items.length;++E){let C=n.items[E],{start:I,key:N,sep:w,value:R}=C,T=X9.resolveProps(I,{flow:a,indicator:"explicit-key-ind",next:N??w?.[0],offset:u,onError:i,parentIndent:n.indent,startOnNewline:!1});if(!T.found){if(!T.anchor&&!T.tag&&!w&&!R){E===0&&T.comma?i(T.comma,"UNEXPECTED_TOKEN",`Unexpected , in ${a}`):E<n.items.length-1&&i(T.start,"UNEXPECTED_TOKEN",`Unexpected empty item in ${a}`),T.comment&&(c.comment?c.comment+=`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`+T.comment:c.comment=T.comment),u=T.end;continue}!o&&r.options.strict&&nke.containsNewline(N)&&i(N,"MULTILINE_IMPLICIT_KEY","Implicit keys of flow sequence pairs need to be on a single line")}if(E===0)T.comma&&i(T.comma,"UNEXPECTED_TOKEN",`Unexpected , in ${a}`);else if(T.comma||i(T.start,"MISSING_CHAR",`Missing , between ${a} items`),T.comment){let U="";e:for(let k of I)switch(k.type){case"comma":case"space":break;case"comment":U=k.source.substring(1);break e;default:break e}if(U){let k=c.items[c.items.length-1];ZDe.isPair(k)&&(k=k.value??k.key),k.comment?k.comment+=`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`+U:k.comment=U,T.comment=T.comment.substring(U.length+1)}}if(!o&&!w&&!T.found){let U=R?t(r,R,T,i):e(r,T.end,w,null,T,i);c.items.push(U),u=U.range[2],Uk(R)&&i(U.range,"BLOCK_IN_FLOW",Fk)}else{r.atKey=!0;let U=T.end,k=N?t(r,N,T,i):e(r,U,I,null,T,i);Uk(N)&&i(k.range,"BLOCK_IN_FLOW",Fk),r.atKey=!1;let J=X9.resolveProps(w??[],{flow:a,indicator:"map-value-ind",next:R,offset:k.range[2],onError:i,parentIndent:n.indent,startOnNewline:!1});if(J.found){if(!o&&!T.found&&r.options.strict){if(w)for(let H of w){if(H===J.found)break;if(H.type==="newline"){i(H,"MULTILINE_IMPLICIT_KEY","Implicit keys of flow sequence pairs need to be on a single line");break}}T.start<J.found.offset-1024&&i(J.found,"KEY_OVER_1024_CHARS","The : indicator must be at most 1024 chars after the start of an implicit flow sequence key")}}else R&&("source"in R&&R.source&&R.source[0]===":"?i(R,"MISSING_CHAR",`Missing space after : in ${a}`):i(J.start,"MISSING_CHAR",`Missing , or : between ${a} items`));let be=R?t(r,R,J,i):J.found?e(r,J.end,w,null,J,i):null;be?Uk(R)&&i(be.range,"BLOCK_IN_FLOW",Fk):J.comment&&(k.comment?k.comment+=`
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								`+J.comment:k.comment=J.comment);let ve=new eke.Pair(k,be);if(r.options.keepSourceTokens&&(ve.srcToken=C),o){let H=c;ike.mapIncludes(r,H.items,k)&&i(U,"DUPLICATE_KEY","Map keys must be unique"),H.items.push(ve)}else{let H=new K9.YAMLMap(r.schema);H.flow=!0,H.items.push(ve);let _e=(be??k).range;H.range=[k.range[0],_e[1],_e[2]],c.items.push(H)}u=be?be.range[2]:J.end}}let d=o?"}":"]",[f,...g]=n.end,m=u;if(f&&f.source===d)m=f.offset+f.source.length;else{let E=a[0].toUpperCase()+a.substring(1),C=l?`${E} must end with a ${d}`:`${E} in block collection must be sufficiently indented and end with a ${d}`;i(u,l?"MISSING_CHAR":"BAD_INDENT",C),f&&f.source.length!==1&&g.unshift(f)}if(g.length>0){let E=rke.resolveEnd(g,m,r.options.strict,i);E.comment&&(c.comment?c.comment+=`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`+E.comment:c.comment=E.comment),c.range=[n.offset,m,E.offset]}else c.range=[n.offset,m,m];return c}Z9.resolveFlowCollection=ske});var r8=h(t8=>{"use strict";var oke=He(),ake=sr(),Ake=ka(),cke=Pa(),lke=J9(),uke=W9(),dke=e8();function qk(t,e,r,n,i,s){let o=r.type==="block-map"?lke.resolveBlockMap(t,e,r,n,s):r.type==="block-seq"?uke.resolveBlockSeq(t,e,r,n,s):dke.resolveFlowCollection(t,e,r,n,s),a=o.constructor;return i==="!"||i===a.tagName?(o.tag=a.tagName,o):(i&&(o.tag=i),o)}function fke(t,e,r,n,i){let s=n.tag,o=s?e.directives.tagName(s.source,d=>i(s,"TAG_RESOLVE_FAILED",d)):null;if(r.type==="block-seq"){let{anchor:d,newlineAfterProp:f}=n,g=d&&s?d.offset>s.offset?d:s:d??s;g&&(!f||f.offset<g.offset)&&i(g,"MISSING_CHAR","Missing newline after block sequence props")}let a=r.type==="block-map"?"map":r.type==="block-seq"?"seq":r.start.source==="{"?"map":"seq";if(!s||!o||o==="!"||o===Ake.YAMLMap.tagName&&a==="map"||o===cke.YAMLSeq.tagName&&a==="seq")return qk(t,e,r,i,o);let A=e.schema.tags.find(d=>d.tag===o&&d.collection===a);if(!A){let d=e.schema.knownTags[o];if(d&&d.collection===a)e.schema.tags.push(Object.assign({},d,{default:!1})),A=d;else return d?.collection?i(s,"BAD_COLLECTION_TYPE",`${d.tag} used for ${a} collection, but expects ${d.collection}`,!0):i(s,"TAG_RESOLVE_FAILED",`Unresolved tag: ${o}`,!0),qk(t,e,r,i,o)}let c=qk(t,e,r,i,o,A),l=A.resolve?.(c,d=>i(s,"TAG_RESOLVE_FAILED",d),e.options)??c,u=oke.isNode(l)?l:new ake.Scalar(l);return u.range=c.range,u.tag=o,A?.format&&(u.format=A.format),u}t8.composeCollection=fke});var jk=h(n8=>{"use strict";var Hk=sr();function hke(t,e,r){let n=e.offset,i=gke(e,t.options.strict,r);if(!i)return{value:"",type:null,comment:"",range:[n,n,n]};let s=i.mode===">"?Hk.Scalar.BLOCK_FOLDED:Hk.Scalar.BLOCK_LITERAL,o=e.source?mke(e.source):[],a=o.length;for(let m=o.length-1;m>=0;--m){let E=o[m][1];if(E===""||E==="\r")a=m;else break}if(a===0){let m=i.chomp==="+"&&o.length>0?`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`.repeat(Math.max(1,o.length-1)):"",E=n+i.length;return e.source&&(E+=e.source.length),{value:m,type:s,comment:i.comment,range:[n,E,E]}}let A=e.indent+i.indent,c=e.offset+i.length,l=0;for(let m=0;m<a;++m){let[E,C]=o[m];if(C===""||C==="\r")i.indent===0&&E.length>A&&(A=E.length);else{E.length<A&&r(c+E.length,"MISSING_CHAR","Block scalars with more-indented leading empty lines must use an explicit indentation indicator"),i.indent===0&&(A=E.length),l=m,A===0&&!t.atRoot&&r(c,"BAD_INDENT","Block scalar values in collections must be indented");break}c+=E.length+C.length+1}for(let m=o.length-1;m>=a;--m)o[m][0].length>A&&(a=m+1);let u="",d="",f=!1;for(let m=0;m<l;++m)u+=o[m][0].slice(A)+`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`;for(let m=l;m<a;++m){let[E,C]=o[m];c+=E.length+C.length+1;let I=C[C.length-1]==="\r";if(I&&(C=C.slice(0,-1)),C&&E.length<A){let w=`Block scalar lines must not be less indented than their ${i.indent?"explicit indentation indicator":"first line"}`;r(c-C.length-(I?2:1),"BAD_INDENT",w),E=""}s===Hk.Scalar.BLOCK_LITERAL?(u+=d+E.slice(A)+C,d=`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`):E.length>A||C[0]==="	"?(d===" "?d=`
 								`:!f&&d===`
 								`&&(d=`
 								`),u+=d+E.slice(A)+C,d=`
 								`,f=!0):C===""?d===`
 								`?u+=`
 								`:d=`
 								`:(u+=d+C,d=" ",f=!1)}switch(i.chomp){case"-":break;case"+":for(let m=a;m<o.length;++m)u+=`
 								`+o[m][0].slice(A);u[u.length-1]!==`
 								`&&(u+=`
 								`);break;default:u+=`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`}let g=n+i.length+e.source.length;return{value:u,type:s,comment:i.comment,range:[n,g,g]}}function gke({offset:t,props:e},r,n){if(e[0].type!=="block-scalar-header")return n(e[0],"IMPOSSIBLE","Block scalar header not found"),null;let{source:i}=e[0],s=i[0],o=0,a="",A=-1;for(let d=1;d<i.length;++d){let f=i[d];if(!a&&(f==="-"||f==="+"))a=f;else{let g=Number(f);!o&&g?o=g:A===-1&&(A=t+d)}}A!==-1&&n(A,"UNEXPECTED_TOKEN",`Block scalar header includes extra characters: ${i}`);let c=!1,l="",u=i.length;for(let d=1;d<e.length;++d){let f=e[d];switch(f.type){case"space":c=!0;case"newline":u+=f.source.length;break;case"comment":r&&!c&&n(f,"MISSING_CHAR","Comments must be separated from other tokens by white space characters"),u+=f.source.length,l=f.source.substring(1);break;case"error":n(f,"UNEXPECTED_TOKEN",f.message),u+=f.source.length;break;default:{let g=`Unexpected token in block scalar header: ${f.type}`;n(f,"UNEXPECTED_TOKEN",g);let m=f.source;m&&typeof m=="string"&&(u+=m.length)}}}return{mode:s,indent:o,chomp:a,comment:l,length:u}}function mke(t){let e=t.split(/\n( *)/),r=e[0],n=r.match(/^( *)/),s=[n?.[1]?[n[1],r.slice(n[1].length)]:["",r]];for(let o=1;o<e.length;o+=2)s.push([e[o],e[o+1]]);return s}n8.resolveBlockScalar=hke});var Gk=h(s8=>{"use strict";var zk=sr(),pke=Dd();function yke(t,e,r){let{offset:n,type:i,source:s,end:o}=t,a,A,c=(d,f,g)=>r(n+d,f,g);switch(i){case"scalar":a=zk.Scalar.PLAIN,A=Eke(s,c);break;case"single-quoted-scalar":a=zk.Scalar.QUOTE_SINGLE,A=Cke(s,c);break;case"double-quoted-scalar":a=zk.Scalar.QUOTE_DOUBLE,A=Ike(s,c);break;default:return r(t,"UNEXPECTED_TOKEN",`Expected a flow scalar value, but found: ${i}`),{value:"",type:null,comment:"",range:[n,n+s.length,n+s.length]}}let l=n+s.length,u=pke.resolveEnd(o,l,e,r);return{value:A,type:a,comment:u.comment,range:[n,l,u.offset]}}function Eke(t,e){let r="";switch(t[0]){case"	":r="a tab character";break;case",":r="flow indicator character ,";break;case"%":r="directive indicator character %";break;case"|":case">":{r=`block scalar indicator ${t[0]}`;break}case"@":case"`":{r=`reserved character ${t[0]}`;break}}return r&&e(0,"BAD_SCALAR_START",`Plain value cannot start with ${r}`),i8(t)}function Cke(t,e){return(t[t.length-1]!=="'"||t.length===1)&&e(t.length,"MISSING_CHAR","Missing closing 'quote"),i8(t.slice(1,-1)).replace(/''/g,"'")}function i8(t){let e,r;try{e=new RegExp(`(.*?)(?<![ 	])[ 	]*\r?
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`,"sy"),r=new RegExp(`[ 	]*(.*?)(?:(?<![ 	])[ 	]*)?\r?
 								`,"sy")}catch{e=/(.*?)[ \t]*\r?\n/sy,r=/[ \t]*(.*?)[ \t]*\r?\n/sy}let n=e.exec(t);if(!n)return t;let i=n[1],s=" ",o=e.lastIndex;for(r.lastIndex=o;n=r.exec(t);)n[1]===""?s===`
 								`?i+=s:s=`
 								`:(i+=s+n[1],s=" "),o=r.lastIndex;let a=/[ \t]*(.*)/sy;return a.lastIndex=o,n=a.exec(t),i+s+(n?.[1]??"")}function Ike(t,e){let r="";for(let n=1;n<t.length-1;++n){let i=t[n];if(!(i==="\r"&&t[n+1]===`
 								`))if(i===`
 								`){let{fold:s,offset:o}=Bke(t,n);r+=s,n=o}else if(i==="\\"){let s=t[++n],o=Qke[s];if(o)r+=o;else if(s===`
 								`)for(s=t[n+1];s===" "||s==="	";)s=t[++n+1];else if(s==="\r"&&t[n+1]===`
 								`)for(s=t[++n+1];s===" "||s==="	";)s=t[++n+1];else if(s==="x"||s==="u"||s==="U"){let a={x:2,u:4,U:8}[s];r+=bke(t,n+1,a,e),n+=a}else{let a=t.substr(n-1,2);e(n-1,"BAD_DQ_ESCAPE",`Invalid escape sequence ${a}`),r+=a}}else if(i===" "||i==="	"){let s=n,o=t[n+1];for(;o===" "||o==="	";)o=t[++n+1];o!==`
 								`&&!(o==="\r"&&t[n+2]===`
 								`)&&(r+=n>s?t.slice(s,n+1):i)}else r+=i}return(t[t.length-1]!=='"'||t.length===1)&&e(t.length,"MISSING_CHAR",'Missing closing "quote'),r}function Bke(t,e){let r="",n=t[e+1];for(;(n===" "||n==="	"||n===`
 								`||n==="\r")&&!(n==="\r"&&t[e+2]!==`
 								`);)n===`
 								`&&(r+=`
 								`),e+=1,n=t[e+1];return r||(r=" "),{fold:r,offset:e}}var Qke={0:"\0",a:"\x07",b:"\b",e:"\x1B",f:"\f",n:`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`,r:"\r",t:"	",v:"\v",N:"\x85",_:"\xA0",L:"\u2028",P:"\u2029"," ":" ",'"':'"',"/":"/","\\":"\\","	":"	"};function bke(t,e,r,n){let i=t.substr(e,r),o=i.length===r&&/^[0-9a-fA-F]+$/.test(i)?parseInt(i,16):NaN;if(isNaN(o)){let a=t.substr(e-2,r+2);return n(e-2,"BAD_DQ_ESCAPE",`Invalid escape sequence ${a}`),a}return String.fromCodePoint(o)}s8.resolveFlowScalar=yke});var A8=h(a8=>{"use strict";var YA=He(),o8=sr(),Nke=jk(),wke=Gk();function Ske(t,e,r,n){let{value:i,type:s,comment:o,range:a}=e.type==="block-scalar"?Nke.resolveBlockScalar(t,e,n):wke.resolveFlowScalar(e,t.options.strict,n),A=r?t.directives.tagName(r.source,u=>n(r,"TAG_RESOLVE_FAILED",u)):null,c;t.options.stringKeys&&t.atKey?c=t.schema[YA.SCALAR]:A?c=xke(t.schema,i,A,r,n):e.type==="scalar"?c=vke(t,i,e,n):c=t.schema[YA.SCALAR];let l;try{let u=c.resolve(i,d=>n(r??e,"TAG_RESOLVE_FAILED",d),t.options);l=YA.isScalar(u)?u:new o8.Scalar(u)}catch(u){let d=u instanceof Error?u.message:String(u);n(r??e,"TAG_RESOLVE_FAILED",d),l=new o8.Scalar(i)}return l.range=a,l.source=i,s&&(l.type=s),A&&(l.tag=A),c.format&&(l.format=c.format),o&&(l.comment=o),l}function xke(t,e,r,n,i){if(r==="!")return t[YA.SCALAR];let s=[];for(let a of t.tags)if(!a.collection&&a.tag===r)if(a.default&&a.test)s.push(a);else return a;for(let a of s)if(a.test?.test(e))return a;let o=t.knownTags[r];return o&&!o.collection?(t.tags.push(Object.assign({},o,{default:!1,test:void 0})),o):(i(n,"TAG_RESOLVE_FAILED",`Unresolved tag: ${r}`,r!=="tag:yaml.org,2002:str"),t[YA.SCALAR])}function vke({atKey:t,directives:e,schema:r},n,i,s){let o=r.tags.find(a=>(a.default===!0||t&&a.default==="key")&&a.test?.test(n))||r[YA.SCALAR];if(r.compat){let a=r.compat.find(A=>A.default&&A.test?.test(n))??r[YA.SCALAR];if(o.tag!==a.tag){let A=e.tagString(o.tag),c=e.tagString(a.tag),l=`Value may be parsed as either ${A} or ${c}`;s(i,"TAG_RESOLVE_FAILED",l,!0)}}return o}a8.composeScalar=Ske});var l8=h(c8=>{"use strict";function Rke(t,e,r){if(e){r===null&&(r=e.length);for(let n=r-1;n>=0;--n){let i=e[n];switch(i.type){case"space":case"comment":case"newline":t-=i.source.length;continue}for(i=e[++n];i?.type==="space";)t+=i.source.length,i=e[++n];break}}return t}c8.emptyScalarPosition=Rke});var f8=h(Jk=>{"use strict";var _ke=Jg(),Dke=He(),kke=r8(),u8=A8(),Pke=Dd(),Tke=l8(),Oke={composeNode:d8,composeEmptyNode:Yk};function d8(t,e,r,n){let i=t.atKey,{spaceBefore:s,comment:o,anchor:a,tag:A}=r,c,l=!0;switch(e.type){case"alias":c=Lke(t,e,n),(a||A)&&n(e,"ALIAS_PROPS","An alias node must not specify any properties");break;case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":case"block-scalar":c=u8.composeScalar(t,e,A,n),a&&(c.anchor=a.source.substring(1));break;case"block-map":case"block-seq":case"flow-collection":c=kke.composeCollection(Oke,t,e,r,n),a&&(c.anchor=a.source.substring(1));break;default:{let u=e.type==="error"?e.message:`Unsupported token (type: ${e.type})`;n(e,"UNEXPECTED_TOKEN",u),c=Yk(t,e.offset,void 0,null,r,n),l=!1}}return a&&c.anchor===""&&n(a,"BAD_ALIAS","Anchor cannot be an empty string"),i&&t.options.stringKeys&&(!Dke.isScalar(c)||typeof c.value!="string"||c.tag&&c.tag!=="tag:yaml.org,2002:str")&&n(A??e,"NON_STRING_KEY","With stringKeys, all keys must be strings"),s&&(c.spaceBefore=!0),o&&(e.type==="scalar"&&e.source===""?c.comment=o:c.commentBefore=o),t.options.keepSourceTokens&&l&&(c.srcToken=e),c}function Yk(t,e,r,n,{spaceBefore:i,comment:s,anchor:o,tag:a,end:A},c){let l={type:"scalar",offset:Tke.emptyScalarPosition(e,r,n),indent:-1,source:""},u=u8.composeScalar(t,l,a,c);return o&&(u.anchor=o.source.substring(1),u.anchor===""&&c(o,"BAD_ALIAS","Anchor cannot be an empty string")),i&&(u.spaceBefore=!0),s&&(u.comment=s,u.range[2]=A),u}function Lke({options:t},{offset:e,source:r,end:n},i){let s=new _ke.Alias(r.substring(1));s.source===""&&i(e,"BAD_ALIAS","Alias cannot be an empty string"),s.source.endsWith(":")&&i(e+r.length-1,"BAD_ALIAS","Alias ending in : is ambiguous",!0);let o=e+r.length,a=Pke.resolveEnd(n,o,t.strict,i);return s.range=[e,o,a.offset],a.comment&&(s.comment=a.comment),s}Jk.composeEmptyNode=Yk;Jk.co
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
 								`:`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`)+(s.substring(1)||" "),r=!0,n=!1;break;case"%":t[i+1]?.[0]!=="#"&&(i+=1),r=!1;break;default:r||(n=!0),r=!1}}return{comment:e,afterEmptyLine:n}}var Vk=class{constructor(e={}){this.doc=null,this.atDirectives=!1,this.prelude=[],this.errors=[],this.warnings=[],this.onError=(r,n,i,s)=>{let o=mm(r);s?this.warnings.push(new gm.YAMLWarning(o,n,i)):this.errors.push(new gm.YAMLParseError(o,n,i))},this.directives=new jke.Directives({version:e.version||"1.2"}),this.options=e}decorate(e,r){let{comment:n,afterEmptyLine:i}=y8(this.prelude);if(n){let s=e.contents;if(r)e.comment=e.comment?`${e.comment}
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								${n}`:n;else if(i||e.directives.docStart||!s)e.commentBefore=n;else if(p8.isCollection(s)&&!s.flow&&s.items.length>0){let o=s.items[0];p8.isPair(o)&&(o=o.key);let a=o.commentBefore;o.commentBefore=a?`${n}
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								${a}`:n}else{let o=s.commentBefore;s.commentBefore=o?`${n}
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								${o}`:n}}r?(Array.prototype.push.apply(e.errors,this.errors),Array.prototype.push.apply(e.warnings,this.warnings)):(e.errors=this.errors,e.warnings=this.warnings),this.prelude=[],this.errors=[],this.warnings=[]}streamInfo(){return{comment:y8(this.prelude).comment,directives:this.directives,errors:this.errors,warnings:this.warnings}}*compose(e,r=!1,n=-1){for(let i of e)yield*this.next(i);yield*this.end(r,n)}*next(e){switch(Hke.env.LOG_STREAM&&console.dir(e,{depth:null}),e.type){case"directive":this.directives.add(e.source,(r,n,i)=>{let s=mm(e);s[0]+=r,this.onError(s,"BAD_DIRECTIVE",n,i)}),this.prelude.push(e.source),this.atDirectives=!0;break;case"document":{let r=Gke.composeDoc(this.options,this.directives,e,this.onError);this.atDirectives&&!r.directives.docStart&&this.onError(e,"MISSING_CHAR","Missing directives-end/doc-start indicator line"),this.decorate(r,!1),this.doc&&(yield this.doc),this.doc=r,this.atDirectives=!1;break}case"byte-order-mark":case"space":break;case"comment":case"newline":this.prelude.push(e.source);break;case"error":{let r=e.source?`${e.message}: ${JSON.stringify(e.source)}`:e.message,n=new gm.YAMLParseError(mm(e),"UNEXPECTED_TOKEN",r);this.atDirectives||!this.doc?this.errors.push(n):this.doc.errors.push(n);break}case"doc-end":{if(!this.doc){let n="Unexpected doc-end without preceding document";this.errors.push(new gm.YAMLParseError(mm(e),"UNEXPECTED_TOKEN",n));break}this.doc.directives.docEnd=!0;let r=Yke.resolveEnd(e.end,e.offset+e.source.length,this.doc.options.strict,this.onError);if(this.decorate(this.doc,!0),r.comment){let n=this.doc.comment;this.doc.comment=n?`${n}
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								${r.comment}`:r.comment}this.doc.range[2]=r.offset;break}default:this.errors.push(new gm.YAMLParseError(mm(e),"UNEXPECTED_TOKEN",`Unsupported token ${e.type}`))}}*end(e=!1,r=-1){if(this.doc)this.decorate(this.doc,!0),yield this.doc,this.doc=null;else if(e){let n=Object.assign({_directives:this.directives},this.options),i=new zke.Document(void 0,n);this.atDirectives&&this.onError(r,"MISSING_CHAR","Missing directives-end indicator line"),i.range=[0,r,r],this.decorate(i,!1),yield i}}};E8.Composer=Vk});var B8=h(yQ=>{"use strict";var Jke=jk(),Vke=Gk(),Wke=fm(),C8=Xg();function $ke(t,e=!0,r){if(t){let n=(i,s,o)=>{let a=typeof i=="number"?i:Array.isArray(i)?i[0]:i.offset;if(r)r(a,s,o);else throw new Wke.YAMLParseError([a,a+1],s,o)};switch(t.type){case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return Vke.resolveFlowScalar(t,e,n);case"block-scalar":return Jke.resolveBlockScalar({options:{strict:e}},t,n)}}return null}function Kke(t,e){let{implicitKey:r=!1,indent:n,inFlow:i=!1,offset:s=-1,type:o="PLAIN"}=e,a=C8.stringifyString({type:o,value:t},{implicitKey:r,indent:n>0?" ".repeat(n):"",inFlow:i,options:{blockQuote:!0,lineWidth:-1}}),A=e.end??[{type:"newline",offset:-1,indent:n,source:`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`}];switch(a[0]){case"|":case">":{let c=a.indexOf(`
 								`),l=a.substring(0,c),u=a.substring(c+1)+`
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								`,d=[{type:"block-scalar-header",offset:s,indent:n,source:l}];return I8(d,A)||d.push({type:"newline",offset:-1,indent:n,source:`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`}),{type:"block-scalar",offset:s,indent:n,props:d,source:u}}case'"':return{type:"double-quoted-scalar",offset:s,indent:n,source:a,end:A};case"'":return{type:"single-quoted-scalar",offset:s,indent:n,source:a,end:A};default:return{type:"scalar",offset:s,indent:n,source:a,end:A}}}function Xke(t,e,r={}){let{afterKey:n=!1,implicitKey:i=!1,inFlow:s=!1,type:o}=r,a="indent"in t?t.indent:null;if(n&&typeof a=="number"&&(a+=2),!o)switch(t.type){case"single-quoted-scalar":o="QUOTE_SINGLE";break;case"double-quoted-scalar":o="QUOTE_DOUBLE";break;case"block-scalar":{let c=t.props[0];if(c.type!=="block-scalar-header")throw new Error("Invalid block scalar header");o=c.source[0]===">"?"BLOCK_FOLDED":"BLOCK_LITERAL";break}default:o="PLAIN"}let A=C8.stringifyString({type:o,value:e},{implicitKey:i||a===null,indent:a!==null&&a>0?" ".repeat(a):"",inFlow:s,options:{blockQuote:!0,lineWidth:-1}});switch(A[0]){case"|":case">":Zke(t,A);break;case'"':$k(t,A,"double-quoted-scalar");break;case"'":$k(t,A,"single-quoted-scalar");break;default:$k(t,A,"scalar")}}function Zke(t,e){let r=e.indexOf(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`),n=e.substring(0,r),i=e.substring(r+1)+`
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								`;if(t.type==="block-scalar"){let s=t.props[0];if(s.type!=="block-scalar-header")throw new Error("Invalid block scalar header");s.source=n,t.source=i}else{let{offset:s}=t,o="indent"in t?t.indent:-1,a=[{type:"block-scalar-header",offset:s,indent:o,source:n}];I8(a,"end"in t?t.end:void 0)||a.push({type:"newline",offset:-1,indent:o,source:`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`});for(let A of Object.keys(t))A!=="type"&&A!=="offset"&&delete t[A];Object.assign(t,{type:"block-scalar",indent:o,props:a,source:i})}}function I8(t,e){if(e)for(let r of e)switch(r.type){case"space":case"comment":t.push(r);break;case"newline":return t.push(r),!0}return!1}function $k(t,e,r){switch(t.type){case"scalar":case"double-quoted-scalar":case"single-quoted-scalar":t.type=r,t.source=e;break;case"block-scalar":{let n=t.props.slice(1),i=e.length;t.props[0].type==="block-scalar-header"&&(i-=t.props[0].source.length);for(let s of n)s.offset+=i;delete t.props,Object.assign(t,{type:r,source:e,end:n});break}case"block-map":case"block-seq":{let i={type:"newline",offset:t.offset+e.length,indent:t.indent,source:`
 								`};delete t.items,Object.assign(t,{type:r,source:e,end:[i]});break}default:{let n="indent"in t?t.indent:-1,i="end"in t&&Array.isArray(t.end)?t.end.filter(s=>s.type==="space"||s.type==="comment"||s.type==="newline"):[];for(let s of Object.keys(t))s!=="type"&&s!=="offset"&&delete t[s];Object.assign(t,{type:r,indent:n,source:e,end:i})}}}yQ.createScalarToken=Kke;yQ.resolveAsScalar=$ke;yQ.setScalarValue=Xke});var b8=h(Q8=>{"use strict";var ePe=t=>"type"in t?CQ(t):EQ(t);function CQ(t){switch(t.type){case"block-scalar":{let e="";for(let r of t.props)e+=CQ(r);return e+t.source}case"block-map":case"block-seq":{let e="";for(let r of t.items)e+=EQ(r);return e}case"flow-collection":{let e=t.start.source;for(let r of t.items)e+=EQ(r);for(let r of t.end)e+=r.source;return e}case"document":{let e=EQ(t);if(t.end)for(let r of t.end)e+=r.source;return e}default:{let e=t.source;if("end"in t&&t.end)for(let r of t.end)e+=r.source;return e}}}function EQ({start:t,key:e,sep:r,value:n}){let i="";for(let s of t)i+=s.source;if(e&&(i+=CQ(e)),r)for(let s of r)i+=s.source;return n&&(i+=CQ(n)),i}Q8.stringify=ePe});var x8=h(S8=>{"use strict";var Kk=Symbol("break visit"),tPe=Symbol("skip children"),N8=Symbol("remove item");function JA(t,e){"type"in t&&t.type==="document"&&(t={start:t.start,value:t.value}),w8(Object.freeze([]),t,e)}JA.BREAK=Kk;JA.SKIP=tPe;JA.REMOVE=N8;JA.itemAtPath=(t,e)=>{let r=t;for(let[n,i]of e){let s=r?.[n];if(s&&"items"in s)r=s.items[i];else return}return r};JA.parentCollection=(t,e)=>{let r=JA.itemAtPath(t,e.slice(0,-1)),n=e[e.length-1][0],i=r?.[n];if(i&&"items"in i)return i;throw new Error("Parent collection not found")};function w8(t,e,r){let n=r(e,t);if(typeof n=="symbol")return n;for(let i of["key","value"]){let s=e[i];if(s&&"items"in s){for(let o=0;o<s.items.length;++o){let a=w8(Object.freeze(t.concat([[i,o]])),s.items[o],r);if(typeof a=="number")o=a-1;else{if(a===Kk)return Kk;a===N8&&(s.items.splice(o,1),o-=1)}}typeof n=="function"&&i==="key"&&(n=n(e,t))}}return typeof n=="function"?n(e,t):n}S8.visit=JA});var IQ=h(Pn=>{"use strict";var Xk=B8(),rPe=b8(),nPe=x8(),Zk="\uFEFF",eP="",tP="",rP="",iPe=t=>!!t&&"items"in t,sPe=t=>!!t&&(t.type==="scalar"||t.type==="single-quoted-scalar"||t.type==="double-quoted-scalar"||t.type==="block-scalar");function oPe(t){switch(t){case Zk:return"<BOM>";case eP:return"<DOC>";case tP:return"<FLOW_END>";case rP:return"<SCALAR>";default:return JSON.stringify(t)}}function aPe(t){switch(t){case Zk:return"byte-order-mark";case eP:return"doc-mode";case tP:return"flow-error-end";case rP:return"scalar";case"---":return"doc-start";case"...":return"doc-end";case"":case`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`:case`\r
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`:return"newline";case"-":return"seq-item-ind";case"?":return"explicit-key-ind";case":":return"map-value-ind";case"{":return"flow-map-start";case"}":return"flow-map-end";case"[":return"flow-seq-start";case"]":return"flow-seq-end";case",":return"comma"}switch(t[0]){case" ":case"	":return"space";case"#":return"comment";case"%":return"directive-line";case"*":return"alias";case"&":return"anchor";case"!":return"tag";case"'":return"single-quoted-scalar";case'"':return"double-quoted-scalar";case"|":case">":return"block-scalar-header"}return null}Pn.createScalarToken=Xk.createScalarToken;Pn.resolveAsScalar=Xk.resolveAsScalar;Pn.setScalarValue=Xk.setScalarValue;Pn.stringify=rPe.stringify;Pn.visit=nPe.visit;Pn.BOM=Zk;Pn.DOCUMENT=eP;Pn.FLOW_END=tP;Pn.SCALAR=rP;Pn.isCollection=iPe;Pn.isScalar=sPe;Pn.prettyToken=oPe;Pn.tokenType=aPe});var sP=h(R8=>{"use strict";var pm=IQ();function rs(t){switch(t){case void 0:case" ":case`
 								`:case"\r":case"	":return!0;default:return!1}}var v8=new Set("0123456789ABCDEFabcdef"),APe=new Set("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-#;/?:@&=+$_.!~*'()"),BQ=new Set(",[]{}"),cPe=new Set(` ,[]{}
 								\r	`),nP=t=>!t||cPe.has(t),iP=class{constructor(){this.atEnd=!1,this.blockScalarIndent=-1,this.blockScalarKeep=!1,this.buffer="",this.flowKey=!1,this.flowLevel=0,this.indentNext=0,this.indentValue=0,this.lineEndPos=null,this.next=null,this.pos=0}*lex(e,r=!1){if(e){if(typeof e!="string")throw TypeError("source is not a string");this.buffer=this.buffer?this.buffer+e:e,this.lineEndPos=null}this.atEnd=!r;let n=this.next??"stream";for(;n&&(r||this.hasChars(1));)n=yield*this.parseNext(n)}atLineEnd(){let e=this.pos,r=this.buffer[e];for(;r===" "||r==="	";)r=this.buffer[++e];return!r||r==="#"||r===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`?!0:r==="\r"?this.buffer[e+1]===`
 								`:!1}charAt(e){return this.buffer[this.pos+e]}continueScalar(e){let r=this.buffer[e];if(this.indentNext>0){let n=0;for(;r===" ";)r=this.buffer[++n+e];if(r==="\r"){let i=this.buffer[n+e+1];if(i===`
 								`||!i&&!this.atEnd)return e+n+1}return r===`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`||n>=this.indentNext||!r&&!this.atEnd?e+n:-1}if(r==="-"||r==="."){let n=this.buffer.substr(e,3);if((n==="---"||n==="...")&&rs(this.buffer[e+3]))return-1}return e}getLine(){let e=this.lineEndPos;return(typeof e!="number"||e!==-1&&e<this.pos)&&(e=this.buffer.indexOf(`
 								`,this.pos),this.lineEndPos=e),e===-1?this.atEnd?this.buffer.substring(this.pos):null:(this.buffer[e-1]==="\r"&&(e-=1),this.buffer.substring(this.pos,e))}hasChars(e){return this.pos+e<=this.buffer.length}setNext(e){return this.buffer=this.buffer.substring(this.pos),this.pos=0,this.lineEndPos=null,this.next=e,null}peek(e){return this.buffer.substr(this.pos,e)}*parseNext(e){switch(e){case"stream":return yield*this.parseStream();case"line-start":return yield*this.parseLineStart();case"block-start":return yield*this.parseBlockStart();case"doc":return yield*this.parseDocument();case"flow":return yield*this.parseFlowCollection();case"quoted-scalar":return yield*this.parseQuotedScalar();case"block-scalar":return yield*this.parseBlockScalar();case"plain-scalar":return yield*this.parsePlainScalar()}}*parseStream(){let e=this.getLine();if(e===null)return this.setNext("stream");if(e[0]===pm.BOM&&(yield*this.pushCount(1),e=e.substring(1)),e[0]==="%"){let r=e.length,n=e.indexOf("#");for(;n!==-1;){let s=e[n-1];if(s===" "||s==="	"){r=n-1;break}else n=e.indexOf("#",n+1)}for(;;){let s=e[r-1];if(s===" "||s==="	")r-=1;else break}let i=(yield*this.pushCount(r))+(yield*this.pushSpaces(!0));return yield*this.pushCount(e.length-i),this.pushNewline(),"stream"}if(this.atLineEnd()){let r=yield*this.pushSpaces(!0);return yield*this.pushCount(e.length-r),yield*this.pushNewline(),"stream"}return yield pm.DOCUMENT,yield*this.parseLineStart()}*parseLineStart(){let e=this.charAt(0);if(!e&&!this.atEnd)return this.setNext("line-start");if(e==="-"||e==="."){if(!this.atEnd&&!this.hasChars(4))return this.setNext("line-start");let r=this.peek(3);if((r==="---"||r==="...")&&rs(this.charAt(3)))return yield*this.pushCount(3),this.indentValue=0,this.indentNext=0,r==="---"?"doc":"stream"}return this.indentValue=yield*this.pushSpaces(!1),this.indentNext>this.indentValue&&!rs(this.charAt(1))&&(this.indentNext=this.indentValue),yield*this.parseBlockStart()}*parseBlockStart(){let[e,r]=this.peek(2);if(!r&&!this.atEnd)return this.setNext("block-start");if((e==="-"||e==="?"||e===":")&&rs(r)){let n=(yield*this.pushCount(1))+(yield*this.pushSpaces(!0));return this.indentNext=this.indentValue+1,this.indentValue+=n,yield*this.parseBlockStart()}return"doc"}*parseDocument(){yield*this.pushSpaces(!0);let e=this.getLine();if(e===null)return this.setNext("doc");let r=yield*this.pushIndicators();switch(e[r]){case"#":yield*this.pushCount(e.length-r);case void 0:return yield*this.pushNewline(),yield*this.parseLineStart();case"{":case"[":return yield*this.pushCount(1),this.flowKey=!1,this.flowLevel=1,"flow";case"}":case"]":return yield*this.pushCount(1),"doc";case"*":return yield*this.pushUntil(nP),"doc";case'"':case"'":return yield*this.parseQuotedScalar();case"|":case">":return r+=yield*this.parseBlockScalarHeader(),r+=yield*this.pushSpaces(!0),yield*this.pushCount(e.length-r),yield*this.pushNewline(),yield*this.parseBlockScalar();default:return yield*this.parsePlainScalar()}}*parseFlowCollection(){let e,r,n=-1;do e=yield*this.pushNewline(),e>0?(r=yield*this.pushSpaces(!1),this.indentValue=n=r):r=0,r+=yield*this.pushSpaces(!0);while(e+r>0);let i=this.getLine();if(i===null)return this.setNext("flow");if((n!==-1&&n<this.indentNext&&i[0]!=="#"||n===0&&(i.startsWith("---")||i.startsWith("..."))&&rs(i[3]))&&!(n===this.indentNext-1&&this.flowLevel===1&&(i[0]==="]"||i[0]==="}")))return this.flowLevel=0,yield pm.FLOW_END,yield*this.parseLineStart();let s=0;for(;i[s]===",";)s+=yield*this.pushCount(1),s+=yield*this.pushSpaces(!0),this.flowKey=!1;switch(s+=yield*this.pushIndicators(),i[s]){case void 0:return"flow";case"#":return yield*this.pushCount(i.length-s),"flow";case"{":case"[":return yield*this.pushCount(1),this.flowKey=!1,this.flowLevel+=1,"flow";case"}":case"]":return yield*this.pushCount(1),this.flowKey=!0,this.flowLevel-=1,this.flowLevel?"flow":"doc";case"*":return yield*this.pushUntil(nP),"flow";case'"':case"'":return this.flowKey=!0,yield*this.parseQuotedScalar();case":":{let o=this.charAt(1);if(this.flowKey||rs(o)||o===",")return this.flowKey=!1,yield*this.pushCount(1),yield*th
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`,this.pos);if(i!==-1){for(;i!==-1;){let s=this.continueScalar(i+1);if(s===-1)break;i=n.indexOf(`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`,s)}i!==-1&&(r=i-(n[i-1]==="\r"?2:1))}if(r===-1){if(!this.atEnd)return this.setNext("quoted-scalar");r=this.buffer.length}return yield*this.pushToIndex(r+1,!1),this.flowLevel?"flow":"doc"}*parseBlockScalarHeader(){this.blockScalarIndent=-1,this.blockScalarKeep=!1;let e=this.pos;for(;;){let r=this.buffer[++e];if(r==="+")this.blockScalarKeep=!0;else if(r>"0"&&r<="9")this.blockScalarIndent=Number(r)-1;else if(r!=="-")break}return yield*this.pushUntil(r=>rs(r)||r==="#")}*parseBlockScalar(){let e=this.pos-1,r=0,n;e:for(let s=this.pos;n=this.buffer[s];++s)switch(n){case" ":r+=1;break;case`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`:e=s,r=0;break;case"\r":{let o=this.buffer[s+1];if(!o&&!this.atEnd)return this.setNext("block-scalar");if(o===`
 								`)break}default:break e}if(!n&&!this.atEnd)return this.setNext("block-scalar");if(r>=this.indentNext){this.blockScalarIndent===-1?this.indentNext=r:this.indentNext=this.blockScalarIndent+(this.indentNext===0?1:this.indentNext);do{let s=this.continueScalar(e+1);if(s===-1)break;e=this.buffer.indexOf(`
 								`,s)}while(e!==-1);if(e===-1){if(!this.atEnd)return this.setNext("block-scalar");e=this.buffer.length}}let i=e+1;for(n=this.buffer[i];n===" ";)n=this.buffer[++i];if(n==="	"){for(;n==="	"||n===" "||n==="\r"||n===`
 								`;)n=this.buffer[++i];e=i-1}else if(!this.blockScalarKeep)do{let s=e-1,o=this.buffer[s];o==="\r"&&(o=this.buffer[--s]);let a=s;for(;o===" ";)o=this.buffer[--s];if(o===`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`&&s>=this.pos&&s+1+r>a)e=s;else break}while(!0);return yield pm.SCALAR,yield*this.pushToIndex(e+1,!0),yield*this.parseLineStart()}*parsePlainScalar(){let e=this.flowLevel>0,r=this.pos-1,n=this.pos-1,i;for(;i=this.buffer[++n];)if(i===":"){let s=this.buffer[n+1];if(rs(s)||e&&BQ.has(s))break;r=n}else if(rs(i)){let s=this.buffer[n+1];if(i==="\r"&&(s===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`?(n+=1,i=`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`,s=this.buffer[n+1]):r=n),s==="#"||e&&BQ.has(s))break;if(i===`
 								`){let o=this.continueScalar(n+1);if(o===-1)break;n=Math.max(n,o-2)}}else{if(e&&BQ.has(i))break;r=n}return!i&&!this.atEnd?this.setNext("plain-scalar"):(yield pm.SCALAR,yield*this.pushToIndex(r+1,!0),e?"flow":"doc")}*pushCount(e){return e>0?(yield this.buffer.substr(this.pos,e),this.pos+=e,e):0}*pushToIndex(e,r){let n=this.buffer.slice(this.pos,e);return n?(yield n,this.pos+=n.length,n.length):(r&&(yield""),0)}*pushIndicators(){switch(this.charAt(0)){case"!":return(yield*this.pushTag())+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators());case"&":return(yield*this.pushUntil(nP))+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators());case"-":case"?":case":":{let e=this.flowLevel>0,r=this.charAt(1);if(rs(r)||e&&BQ.has(r))return e?this.flowKey&&(this.flowKey=!1):this.indentNext=this.indentValue+1,(yield*this.pushCount(1))+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators())}}return 0}*pushTag(){if(this.charAt(1)==="<"){let e=this.pos+2,r=this.buffer[e];for(;!rs(r)&&r!==">";)r=this.buffer[++e];return yield*this.pushToIndex(r===">"?e+1:e,!1)}else{let e=this.pos+1,r=this.buffer[e];for(;r;)if(APe.has(r))r=this.buffer[++e];else if(r==="%"&&v8.has(this.buffer[e+1])&&v8.has(this.buffer[e+2]))r=this.buffer[e+=3];else break;return yield*this.pushToIndex(e,!1)}}*pushNewline(){let e=this.buffer[this.pos];return e===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`?yield*this.pushCount(1):e==="\r"&&this.charAt(1)===`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`?yield*this.pushCount(2):0}*pushSpaces(e){let r=this.pos-1,n;do n=this.buffer[++r];while(n===" "||e&&n==="	");let i=r-this.pos;return i>0&&(yield this.buffer.substr(this.pos,i),this.pos=r),i}*pushUntil(e){let r=this.pos,n=this.buffer[r];for(;!e(n);)n=this.buffer[++r];return yield*this.pushToIndex(r,!1)}};R8.Lexer=iP});var aP=h(_8=>{"use strict";var oP=class{constructor(){this.lineStarts=[],this.addNewLine=e=>this.lineStarts.push(e),this.linePos=e=>{let r=0,n=this.lineStarts.length;for(;r<n;){let s=r+n>>1;this.lineStarts[s]<e?r=s+1:n=s}if(this.lineStarts[r]===e)return{line:r+1,col:1};if(r===0)return{line:0,col:e};let i=this.lineStarts[r-1];return{line:r,col:e-i+1}}}};_8.LineCounter=oP});var cP=h(O8=>{"use strict";var lPe=require("node:process"),D8=IQ(),uPe=sP();function VA(t,e){for(let r=0;r<t.length;++r)if(t[r].type===e)return!0;return!1}function k8(t){for(let e=0;e<t.length;++e)switch(t[e].type){case"space":case"comment":case"newline":break;default:return e}return-1}function T8(t){switch(t?.type){case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":case"flow-collection":return!0;default:return!1}}function QQ(t){switch(t.type){case"document":return t.start;case"block-map":{let e=t.items[t.items.length-1];return e.sep??e.start}case"block-seq":return t.items[t.items.length-1].start;default:return[]}}function kd(t){if(t.length===0)return[];let e=t.length;e:for(;--e>=0;)switch(t[e].type){case"doc-start":case"explicit-key-ind":case"map-value-ind":case"seq-item-ind":case"newline":break e}for(;t[++e]?.type==="space";);return t.splice(e,t.length)}function P8(t){if(t.start.type==="flow-seq-start")for(let e of t.items)e.sep&&!e.value&&!VA(e.start,"explicit-key-ind")&&!VA(e.sep,"map-value-ind")&&(e.key&&(e.value=e.key),delete e.key,T8(e.value)?e.value.end?Array.prototype.push.apply(e.value.end,e.sep):e.value.end=e.sep:Array.prototype.push.apply(e.start,e.sep),delete e.sep)}var AP=class{constructor(e){this.atNewLine=!0,this.atScalar=!1,this.indent=0,this.offset=0,this.onKeyLine=!1,this.stack=[],this.source="",this.type="",this.lexer=new uPe.Lexer,this.onNewLine=e}*parse(e,r=!1){this.onNewLine&&this.offset===0&&this.onNewLine(0);for(let n of this.lexer.lex(e,r))yield*this.next(n);r||(yield*this.end())}*next(e){if(this.source=e,lPe.env.LOG_TOKENS&&console.log("|",D8.prettyToken(e)),this.atScalar){this.atScalar=!1,yield*this.step(),this.offset+=e.length;return}let r=D8.tokenType(e);if(r)if(r==="scalar")this.atNewLine=!1,this.atScalar=!0,this.type="scalar";else{switch(this.type=r,yield*this.step(),r){case"newline":this.atNewLine=!0,this.indent=0,this.onNewLine&&this.onNewLine(this.offset+e.length);break;case"space":this.atNewLine&&e[0]===" "&&(this.indent+=e.length);break;case"explicit-key-ind":case"map-value-ind":case"seq-item-ind":this.atNewLine&&(this.indent+=e.length);break;case"doc-mode":case"flow-error-end":return;default:this.atNewLine=!1}this.offset+=e.length}else{let n=`Not a YAML token: ${e}`;yield*this.pop({type:"error",offset:this.offset,message:n,source:e}),this.offset+=e.length}}*end(){for(;this.stack.length>0;)yield*this.pop()}get sourceToken(){return{type:this.type,offset:this.offset,indent:this.indent,source:this.source}}*step(){let e=this.peek(1);if(this.type==="doc-end"&&(!e||e.type!=="doc-end")){for(;this.stack.length>0;)yield*this.pop();this.stack.push({type:"doc-end",offset:this.offset,source:this.source});return}if(!e)return yield*this.stream();switch(e.type){case"document":return yield*this.document(e);case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return yield*this.scalar(e);case"block-scalar":return yield*this.blockScalar(e);case"block-map":return yield*this.blockMap(e);case"block-seq":return yield*this.blockSequence(e);case"flow-collection":return yield*this.flowCollection(e);case"doc-end":return yield*this.documentEnd(e)}yield*this.pop()}peek(e){return this.stack[this.stack.length-e]}*pop(e){let r=e??this.stack.pop();if(!r)yield{type:"error",offset:this.offset,source:"",message:"Tried to pop an empty stack"};else if(this.stack.length===0)yield r;else
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)+1;for(;r!==0;)this.onNewLine(this.offset+r),r=this.source.indexOf(`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`,r)+1}yield*this.pop();break;default:yield*this.pop(),yield*this.step()}}*blockMap(e){let r=e.items[e.items.length-1];switch(this.type){case"newline":if(this.onKeyLine=!1,r.value){let n="end"in r.value?r.value.end:void 0;(Array.isArray(n)?n[n.length-1]:void 0)?.type==="comment"?n?.push(this.sourceToken):e.items.push({start:[this.sourceToken]})}else r.sep?r.sep.push(this.sourceToken):r.start.push(this.sourceToken);return;case"space":case"comment":if(r.value)e.items.push({start:[this.sourceToken]});else if(r.sep)r.sep.push(this.sourceToken);else{if(this.atIndentedComment(r.start,e.indent)){let i=e.items[e.items.length-2]?.value?.end;if(Array.isArray(i)){Array.prototype.push.apply(i,r.start),i.push(this.sourceToken),e.items.pop();return}}r.start.push(this.sourceToken)}return}if(this.indent>=e.indent){let n=!this.onKeyLine&&this.indent===e.indent,i=n&&(r.sep||r.explicitKey)&&this.type!=="seq-item-ind",s=[];if(i&&r.sep&&!r.value){let o=[];for(let a=0;a<r.sep.length;++a){let A=r.sep[a];switch(A.type){case"newline":o.push(a);break;case"space":break;case"comment":A.indent>e.indent&&(o.length=0);break;default:o.length=0}}o.length>=2&&(s=r.sep.splice(o[1]))}switch(this.type){case"anchor":case"tag":i||r.value?(s.push(this.sourceToken),e.items.push({start:s}),this.onKeyLine=!0):r.sep?r.sep.push(this.sourceToken):r.start.push(this.sourceToken);return;case"explicit-key-ind":!r.sep&&!r.explicitKey?(r.start.push(this.sourceToken),r.explicitKey=!0):i||r.value?(s.push(this.sourceToken),e.items.push({start:s,explicitKey:!0})):this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:[this.sourceToken],explicitKey:!0}]}),this.onKeyLine=!0;return;case"map-value-ind":if(r.explicitKey)if(r.sep)if(r.value)e.items.push({start:[],key:null,sep:[this.sourceToken]});else if(VA(r.sep,"map-value-ind"))this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:s,key:null,sep:[this.sourceToken]}]});else if(T8(r.key)&&!VA(r.sep,"newline")){let o=kd(r.start),a=r.key,A=r.sep;A.push(this.sourceToken),delete r.key,delete r.sep,this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:o,key:a,sep:A}]})}else s.length>0?r.sep=r.sep.concat(s,this.sourceToken):r.sep.push(this.sourceToken);else if(VA(r.start,"newline"))Object.assign(r,{key:null,sep:[this.sourceToken]});else{let o=kd(r.start);this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:o,key:null,sep:[this.sourceToken]}]})}else r.sep?r.value||i?e.items.push({start:s,key:null,sep:[this.sourceToken]}):VA(r.sep,"map-value-ind")?this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:[],key:null,sep:[this.sourceToken]}]}):r.sep.push(this.sourceToken):Object.assign(r,{key:null,sep:[this.sourceToken]});this.onKeyLine=!0;return;case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":{let o=this.flowScalar(this.type);i||r.value?(e.items.push({start:s,key:o,sep:[]}),this.onKeyLine=!0):r.sep?this.stack.push(o):(Object.assign(r,{key:o,sep:[]}),this.onKeyLine=!0);return}default:{let o=this.startBlockValue(e);if(o){n&&o.type!=="block-seq"&&e.items.push({start:s}),this.stack.push(o);return}}}}yield*this.pop(),yield*this.step()}*blockSequence(e){let r=e.items[e.items.length-1];switch(this.type){case"newline":if(r.value){let n="end"in r.value?r.value.end:void 0;(Array.isArray(n)?n[n.length-1]:void 0)?.type==="comment"?n?.push(this.sourceToken):e.items.push({start:[this.sourceToken]})}else r.start.push(this.sourceToken);return;case"space":case"comment":if(r.value)e.items.push({start:[this.sourceToken]});else{if(this.atIndentedComment(r.start,e.indent)){let i=e.items[e.items.length-2]?.value?.end;if(Array.isArray(i)){Array.prototype.push.apply(i,r.start),i.push(this.sourceToken),e.items.pop();return}}r.start.push(this.sourceToken)}return;case"anchor":case"tag":if(r.value||this.indent<=e.indent)break;r.start.push(this.sourceToken);return;case"seq-item-ind":if(this.indent!==e.indent)break;r.value||VA(r.start,"seq-item-ind")?e.items.push({start:[this.sourceTo
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)+1;for(;r!==0;)this.onNewLine(this.offset+r),r=this.source.indexOf(`
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								`,r)+1}return{type:e,offset:this.offset,indent:this.indent,source:this.source}}startBlockValue(e){switch(this.type){case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return this.flowScalar(this.type);case"block-scalar-header":return{type:"block-scalar",offset:this.offset,indent:this.indent,props:[this.sourceToken],source:""};case"flow-map-start":case"flow-seq-start":return{type:"flow-collection",offset:this.offset,indent:this.indent,start:this.sourceToken,items:[],end:[]};case"seq-item-ind":return{type:"block-seq",offset:this.offset,indent:this.indent,items:[{start:[this.sourceToken]}]};case"explicit-key-ind":{this.onKeyLine=!0;let r=QQ(e),n=kd(r);return n.push(this.sourceToken),{type:"block-map",offset:this.offset,indent:this.indent,items:[{start:n,explicitKey:!0}]}}case"map-value-ind":{this.onKeyLine=!0;let r=QQ(e),n=kd(r);return{type:"block-map",offset:this.offset,indent:this.indent,items:[{start:n,key:null,sep:[this.sourceToken]}]}}}return null}atIndentedComment(e,r){return this.type!=="comment"||this.indent<=r?!1:e.every(n=>n.type==="newline"||n.type==="space")}*documentEnd(e){this.type!=="doc-mode"&&(e.end?e.end.push(this.sourceToken):e.end=[this.sourceToken],this.type==="newline"&&(yield*this.pop()))}*lineEnd(e){switch(this.type){case"comma":case"doc-start":case"doc-end":case"flow-seq-end":case"flow-map-end":case"map-value-ind":yield*this.pop(),yield*this.step();break;case"newline":this.onKeyLine=!1;default:e.end?e.end.push(this.sourceToken):e.end=[this.sourceToken],this.type==="newline"&&(yield*this.pop())}}};O8.Parser=AP});var q8=h(Em=>{"use strict";var L8=Wk(),dPe=lm(),ym=fm(),fPe=JD(),hPe=He(),gPe=aP(),M8=cP();function F8(t){let e=t.prettyErrors!==!1;return{lineCounter:t.lineCounter||e&&new gPe.LineCounter||null,prettyErrors:e}}function mPe(t,e={}){let{lineCounter:r,prettyErrors:n}=F8(e),i=new M8.Parser(r?.addNewLine),s=new L8.Composer(e),o=Array.from(s.compose(i.parse(t)));if(n&&r)for(let a of o)a.errors.forEach(ym.prettifyError(t,r)),a.warnings.forEach(ym.prettifyError(t,r));return o.length>0?o:Object.assign([],{empty:!0},s.streamInfo())}function U8(t,e={}){let{lineCounter:r,prettyErrors:n}=F8(e),i=new M8.Parser(r?.addNewLine),s=new L8.Composer(e),o=null;for(let a of s.compose(i.parse(t),!0,t.length))if(!o)o=a;else if(o.options.logLevel!=="silent"){o.errors.push(new ym.YAMLParseError(a.range.slice(0,2),"MULTIPLE_DOCS","Source contains multiple documents; please use YAML.parseAllDocuments()"));break}return n&&r&&(o.errors.forEach(ym.prettifyError(t,r)),o.warnings.forEach(ym.prettifyError(t,r))),o}function pPe(t,e,r){let n;typeof e=="function"?n=e:r===void 0&&e&&typeof e=="object"&&(r=e);let i=U8(t,r);if(!i)return null;if(i.warnings.forEach(s=>fPe.warn(i.options.logLevel,s)),i.errors.length>0){if(i.options.logLevel!=="silent")throw i.errors[0];i.errors=[]}return i.toJS(Object.assign({reviver:n},r))}function yPe(t,e,r){let n=null;if(typeof e=="function"||Array.isArray(e)?n=e:r===void 0&&e&&(r=e),typeof r=="string"&&(r=r.length),typeof r=="number"){let i=Math.round(r);r=i<1?void 0:i>8?{indent:8}:{indent:i}}if(t===void 0){let{keepUndefined:i}=r??e??{};if(!i)return}return hPe.isDocument(t)&&!n?t.toString(r):new dPe.Document(t,n,r).toString(r)}Em.parse=pPe;Em.parseAllDocuments=mPe;Em.parseDocument=U8;Em.stringify=yPe});var uP=h(tt=>{"use strict";var EPe=Wk(),CPe=lm(),IPe=vk(),lP=fm(),BPe=Jg(),Ta=He(),QPe=_a(),bPe=sr(),NPe=ka(),wPe=Pa(),SPe=IQ(),xPe=sP(),vPe=aP(),RPe=cP(),bQ=q8(),H8=jg();tt.Composer=EPe.Composer;tt.Document=CPe.Document;tt.Schema=IPe.Schema;tt.YAMLError=lP.YAMLError;tt.YAMLParseError=lP.YAMLParseError;tt.YAMLWarning=lP.YAMLWarning;tt.Alias=BPe.Alias;tt.isAlias=Ta.isAlias;tt.isCollection=Ta.isCollection;tt.isDocument=Ta.isDocument;tt.isMap=Ta.isMap;tt.isNode=Ta.isNode;tt.isPair=Ta.isPair;tt.isScalar=Ta.isScalar;tt.isSeq=Ta.isSeq;tt.Pair=QPe.Pair;tt.Scalar=bPe.Scalar;tt.YAMLMap=NPe.YAMLMap;tt.YAMLSeq=wPe.YAMLSeq;tt.CST=SPe;tt.Lexer=xPe.Lexer;tt.LineCounter=vPe.LineCounter;tt.Parser=RPe.Parser;tt.parse=bQ.parse;tt.parseAllDocuments=bQ.parseAllDocuments;tt.parseDocument=bQ.
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								  - version ${e} in the GitHub Action config with the key "version"
 								  - version ${i} in the package.json with the key "packageManager"
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								Remove one of these versions to avoid version mismatch errors like ERR_PNPM_BAD_PM_VERSION`);return e}if(!(typeof i=="string"&&i.startsWith("pnpm@"))&&!(s?.packageManager?.name==="pnpm"&&s.packageManager.version))throw n?new Error(`No pnpm version is specified.
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								Please specify it by one of the following ways:
 								  - in the GitHub Action config with the key "version"
-												feat: read pnpm version from devEngines.packageManager (#211)

* feat: read pnpm version from devEngines.packageManager field

When no version is specified in the action config or the packageManager
field of package.json, fall back to devEngines.packageManager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: skip self-update for devEngines.packageManager and add CI tests

pnpm auto-switches to the right version when devEngines.packageManager
is set, so self-update is unnecessary. This also enables range support
(e.g. ">=9.15.0") which self-update doesn't handle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-27 11:10:47 +01:00
+								  - in the package.json with the key "packageManager"
 								  - in the package.json with the key "devEngines.packageManager"`):new Error(`No workspace is found.
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								If you've intended to let pnpm/action-setup read preferred pnpm version from the "packageManager" field in the package.json file,
 								please run the actions/checkout before pnpm/action-setup.
-												fix: Windows standalone mode — bypass broken npm shims (#217)

* fix: overwrite npm .cmd wrappers for @pnpm/exe on Windows

npm creates .cmd wrappers that invoke bin entries through `node`,
but @pnpm/exe bins are native executables, not JavaScript files.
This causes pnpm commands to silently fail on Windows.

* fix: copy pnpm.exe to .bin/ on Windows for standalone mode

The .cmd wrapper approach didn't work because CMD doesn't properly
wait for extensionless PE binaries. Instead, copy the actual .exe
(and .cmd for pnpx) from @pnpm/exe into .bin/ so PATHEXT finds
pnpm.exe directly, bypassing npm's broken node-wrapping shim.

* fix: add @pnpm/exe dir to PATH on Windows instead of .bin shims

On Windows, npm's .bin shims can't properly execute the extensionless
native binaries from @pnpm/exe. Instead of trying to fix the shims,
add the @pnpm/exe directory directly to PATH where pnpm.exe lives.

* test: validate pnpm --version output in CI

All version checks now capture output and assert it matches a semver
pattern. Previously, a silently failing pnpm (exit 0, no output)
would pass the tests.

* debug: log pnpm --version output during setup

* fix: remove duplicate addPath in setOutputs that shadowed pnpm.exe

setOutputs called addPath(node_modules/.bin) AFTER installPnpm had
already added the correct path (@pnpm/exe on Windows). Since
GITHUB_PATH entries are prepended, .bin ended up first in PATH,
causing PowerShell to find npm's broken shims instead of pnpm.exe.

* fix: add PNPM_HOME/bin to PATH on all platforms

* fix: address review feedback — PATH ordering and regex anchoring

- Swap addPath order so pnpmHome (with pnpm.exe) is prepended last
  and has highest precedence over pnpmHome/bin.
- Anchor version regex with $ and allow prerelease suffixes.
											
										
										
											2026-03-27 20:42:10 +01:00
+								Otherwise, please specify the pnpm version in the action configuration.`)}function VTe(){return new Promise(t=>{let e=(0,CP.spawn)("node",["--version"],{stdio:["pipe","pipe","pipe"],shell:process.platform==="win32"}),r="";e.stdout.on("data",n=>{r+=n.toString()}),e.on("close",()=>{let n=r.match(/^v(\d+)\.(\d+)/);t(n?{major:parseInt(n[1],10),minor:parseInt(n[2],10)}:{major:0,minor:0})}),e.on("error",()=>t({major:0,minor:0}))})}function o6(t,e,r){return new Promise((n,i)=>{let s=(0,CP.spawn)(t,e,{cwd:r.cwd,stdio:["pipe","inherit","inherit"],shell:process.platform==="win32"});s.on("error",i),s.on("close",n)})}var c6=YTe;async function WTe(t){(0,zd.startGroup)("Running self-installer...");let e=await c6(t);if((0,zd.endGroup)(),e)return(0,zd.setFailed)(`Something went wrong, self-installer exits with code ${e}`)}var l6=WTe;var BP=Ct(at());var wm=Ct(require("path")),IP=Ct(require("process")),DQ=t=>wm.default.join(t.dest,"node_modules",".bin"),kQ=t=>({...IP.default.env,PATH:wm.default.join(DQ(t),"bin")+wm.default.delimiter+DQ(t)+wm.default.delimiter+IP.default.env.PATH});function $Te(t){let e=DQ(t);(0,BP.setOutput)("dest",t.dest),(0,BP.setOutput)("bin_dest",e)}var u6=$Te;var uc=Ct(at()),d6=require("child_process");function KTe(t){let e=kQ(t);for(let r of t.runInstall){let n=["install"];r.recursive&&n.unshift("recursive"),r.args&&n.push(...r.args);let i=["pnpm",...n].join(" ");(0,uc.startGroup)(`Running ${i}...`);let{error:s,status:o}=(0,d6.spawnSync)("pnpm",n,{stdio:"inherit",cwd:r.cwd,shell:!0,env:e});if((0,uc.endGroup)(),s){(0,uc.setFailed)(s);continue}if(o){(0,uc.setFailed)(`Command ${i} (cwd: ${r.cwd}) exits with status ${o}`);continue}}}var f6=KTe;var dc=Ct(at()),h6=require("child_process");function XTe(t){if(t.runInstall.length===0){console.log("Pruning is unnecessary.");return}(0,dc.startGroup)("Running pnpm store prune...");let{error:e,status:r}=(0,h6.spawnSync)("pnpm",["store","prune"],{stdio:"inherit",shell:!0,env:kQ(t)});if((0,dc.endGroup)(),e){(0,dc.warning)(e);return}if(r){(0,dc.warning)(`command pnpm store prune exits with code ${r}`);return}}var g6=XTe;async function ZTe(){let t=s6();(0,Gd.getState)("is_post")==="true"?await tOe(t):await eOe(t)}async function eOe(t){(0,Gd.saveState)("is_post","true"),await l6(t),console.log("Installation Completed!"),u6(t),await q$(t),f6(t)}async function tOe(t){g6(t),await G$(t)}ZTe().catch(t=>{console.error(t),(0,Gd.setFailed)(t)});
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								/*! Bundled license information:
 								undici/lib/fetch/body.js:
 								  (*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> *)
 								undici/lib/websocket/frame.js:
 								  (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
 								expand-tilde/index.js:
 								  (*!
 								   * expand-tilde <https://github.com/jonschlinkert/expand-tilde>
 								   *
 								   * Copyright (c) 2015 Jon Schlinkert.
 								   * Licensed under the MIT license.
 								   *)
 								*/