Merge pull request #220 from step-security/auto-cherry-pick

chore: Cherry-picked changes from upstream

Author: Raj-StepSecurity

.github/workflows/actions_release.yml

@@ -9,7 +9,11 @@ on:
       script:
         description: "Specify a script to run after audit fix"
         required: false
-        default: "yarn run all"
+        default: "yarn all"
+      node_version:
+        description: "Node.js version to use"
+        required: false
+        default: "24"
 
 permissions:
   contents: read
@@ -24,3 +28,4 @@ jobs:
     with:
       tag: "${{ github.event.inputs.tag }}"
       script: "${{ github.event.inputs.script }}"
+      node_version: ${{ github.event.inputs.node_version || '24' }}

.github/workflows/audit_package.yml

@@ -14,8 +14,12 @@ on:
       script:
         description: "Specify a script to run after audit fix"
         required: false
-        default: "yarn run all"
-  
+        default: "yarn all"
+      node_version:
+        description: "Node.js version to use"
+        required: false
+        default: "24"
+
   schedule:
     - cron: "0 0 * * 1"
 
@@ -26,6 +30,7 @@ jobs:
       base_branch: ${{ inputs.base_branch || 'main' }}
       package_manager: "yarn"
       script: ${{ inputs.script || 'yarn run all' }}
+      node_version: ${{ inputs.node_version || '24' }}
 
 permissions:
   contents: write

.github/workflows/auto_cherry_pick.yml

@@ -15,6 +15,11 @@ on:
         description: "Specify a script to run after audit fix"
         required: false
         default: "yarn run all"
+      node_version:
+        description: "Node.js version to use"
+        required: false
+        default: "24"
+
   pull_request:
     types: [opened, synchronize, labeled]
 
@@ -35,3 +40,5 @@ jobs:
       package_manager: "yarn"
       script: ${{ inputs.script || 'yarn run all' }}
       mode: ${{ github.event_name == 'pull_request' && 'verify' || inputs.mode }}
+      node_version: ${{ inputs.node_version || '24' }}
+

.prettierrc.json

@@ -6,6 +6,5 @@
   "singleQuote": true,
   "trailingComma": "none",
   "bracketSpacing": false,
-  "arrowParens": "avoid",
-  "parser": "typescript"
+  "arrowParens": "avoid"
 }

.yarnrc.yml

@@ -1,13 +1,17 @@
+# https://yarnpkg.com/configuration/yarnrc
+
+compressionLevel: mixed
+enableGlobalCache: false
+enableHardenedMode: true
+
 logFilters:
   - code: YN0013
     level: discard
   - code: YN0019
     level: discard
   - code: YN0076
     level: discard
+  - code: YN0086
+    level: discard
 
 nodeLinker: node-modules
-
-plugins:
-  - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
-    spec: "@yarnpkg/plugin-interactive-tools"

__tests__/context.test.ts

@@ -1,8 +1,8 @@
-import {beforeEach, describe, expect, test} from '@jest/globals';
+import {beforeEach, describe, expect, test} from 'vitest';
 import * as os from 'os';
 import * as path from 'path';
 
-import * as context from '../src/context';
+import * as context from '../src/context.js';
 
 describe('getInputs', () => {
   beforeEach(() => {
@@ -15,7 +15,7 @@ describe('getInputs', () => {
   });
 
   // prettier-ignore
-  test.each([
+  const cases: [number, Map<string, string>, context.Inputs][] = [
     [
       0,
       new Map<string, string>([
@@ -35,7 +35,7 @@ describe('getInputs', () => {
         setHost: false,
         runtimeBasedir: path.join(os.homedir(), `setup-docker-action`),
         githubToken: '',
-      } as context.Inputs
+      }
     ],
     [
       1,
@@ -59,7 +59,7 @@ describe('getInputs', () => {
         setHost: false,
         runtimeBasedir: path.join(os.homedir(), `setup-docker-action`),
         githubToken: '',
-      } as context.Inputs
+      }
     ],
     [
       2,
@@ -79,7 +79,7 @@ describe('getInputs', () => {
         setHost: true,
         runtimeBasedir: path.join(os.homedir(), `setup-docker-action`),
         githubToken: '',
-      } as context.Inputs
+      }
     ],
     [
     3,
@@ -101,7 +101,7 @@ describe('getInputs', () => {
         setHost: false,
         runtimeBasedir: path.join(os.homedir(), `setup-docker-action`),
         githubToken: '',
-      } as context.Inputs
+      }
     ],
     [
       4,
@@ -121,7 +121,7 @@ describe('getInputs', () => {
         setHost: false,
         runtimeBasedir: path.join(os.homedir(), `setup-docker-action`),
         githubToken: '',
-      } as context.Inputs
+      }
     ],
     [
       5,
@@ -142,7 +142,7 @@ describe('getInputs', () => {
         rootless: false,
         runtimeBasedir: path.join(os.homedir(), `setup-docker-action`),
         githubToken: '',
-      } as context.Inputs
+      }
     ],
     [
       6,
@@ -163,7 +163,7 @@ describe('getInputs', () => {
         rootless: false,
         runtimeBasedir: path.join(os.homedir(), `setup-docker-action`),
         githubToken: '',
-      } as context.Inputs
+      }
     ],
     [
       7,
@@ -183,7 +183,7 @@ describe('getInputs', () => {
         rootless: false,
         runtimeBasedir: path.join(os.homedir(), `setup-docker-action`),
         githubToken: '',
-      } as context.Inputs
+      }
     ],
     [
       8,
@@ -203,7 +203,7 @@ describe('getInputs', () => {
         rootless: true,
         runtimeBasedir: path.join(os.homedir(), `setup-docker-action`),
         githubToken: '',
-      } as context.Inputs
+      }
     ],
     [
       9,
@@ -226,10 +226,11 @@ describe('getInputs', () => {
         setHost: false,
         runtimeBasedir: path.join(os.homedir(), `setup-docker-action`),
         githubToken: '',
-      } as context.Inputs
+      }
     ],
-  ])(
-    '[%d] given %p as inputs, returns %p',
+  ];
+  test.each(cases)(
+    '[%d] given %o as inputs, returns %o',
     async (num: number, inputs: Map<string, string>, expected: context.Inputs) => {
       inputs.forEach((value: string, name: string) => {
         setInput(name, value);

__tests__/setup.unit.ts

@@ -0,0 +1,12 @@
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+
+const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-setup-docker-action-'));
+
+process.env = Object.assign({}, process.env, {
+  TEMP: tmpDir,
+  GITHUB_REPOSITORY: 'docker/setup-docker-action',
+  RUNNER_TEMP: path.join(tmpDir, 'runner-temp'),
+  RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache')
+});

action.yml

@@ -45,6 +45,6 @@ outputs:
     description: "Docker TCP address if tcp-port is set"
 
 runs:
-  using: 'node20'
+  using: 'node24'
   main: 'dist/index.js'
   post: 'dist/index.js'

dev.Dockerfile

@@ -1,12 +1,13 @@
 # syntax=docker/dockerfile:1
 
-ARG NODE_VERSION=20
+ARG NODE_VERSION=24
 
 FROM node:${NODE_VERSION}-alpine AS base
-RUN apk add --no-cache cpio findutils git
+RUN apk add --no-cache cpio findutils git rsync
 WORKDIR /src
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/.yarn/cache <<EOT
+  set -e
   corepack enable
   yarn --version
   yarn config set --home enableTelemetry 0
@@ -27,25 +28,34 @@ RUN --mount=type=bind,target=.,rw <<EOT
   git add -A
   cp -rf /vendor/* .
   if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
-    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
+    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor"'
     git status --porcelain -- yarn.lock
     exit 1
   fi
 EOT
 
 FROM deps AS build
-RUN --mount=type=bind,target=.,rw \
+RUN --mount=target=/context \
   --mount=type=cache,target=/src/.yarn/cache \
-  --mount=type=cache,target=/src/node_modules \
-  yarn run build && mkdir /out && cp -Rf dist /out/
+  --mount=type=cache,target=/src/node_modules <<EOT
+  set -e
+  rsync -a /context/. .
+  rm -rf dist
+  yarn run build
+  mkdir /out
+  cp -r dist /out
+EOT
 
 FROM scratch AS build-update
 COPY --from=build /out /
 
 FROM build AS build-validate
-RUN --mount=type=bind,target=.,rw <<EOT
+RUN --mount=target=/context \
+  --mount=target=.,type=tmpfs <<EOT
   set -e
+  rsync -a /context/. .
   git add -A
+  rm -rf dist
   cp -rf /out/* .
   if [ -n "$(git status --porcelain -- dist)" ]; then
     echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
@@ -58,8 +68,7 @@ FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
-  yarn run format \
-  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
+  yarn run format && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
 
 FROM scratch AS format-update
 COPY --from=format /out /
@@ -74,7 +83,7 @@ FROM deps AS test
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
-  yarn run test --coverage --coverageDirectory=/tmp/coverage
+  yarn run test --coverage --coverage.reportsDirectory=/tmp/coverage
 
 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /