From 7d5f505de98c725d1508128bfab77a85b4ddbfb5 Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Tue, 2 Sep 2025 19:28:02 -0400 Subject: [PATCH] Bump to Node 24 --- .github/actionlint.yml | 5 +++++ .github/workflows/test.yml | 4 ++-- README.md | 14 +++++++------- action.yml | 2 +- bin/runTests.sh | 21 --------------------- package-lock.json | 14 +++++++------- package.json | 6 +++--- 7 files changed, 25 insertions(+), 41 deletions(-) create mode 100644 .github/actionlint.yml delete mode 100644 bin/runTests.sh diff --git a/.github/actionlint.yml b/.github/actionlint.yml new file mode 100644 index 0000000..e70bf18 --- /dev/null +++ b/.github/actionlint.yml @@ -0,0 +1,5 @@ +paths: + '**/*.yml': + ignore: + # https://github.com/rhysd/actionlint/issues/559 + - 'invalid runner name "node24"' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d001621..132dd18 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -55,7 +55,7 @@ jobs: - name: 'npm build' run: 'npm ci && npm run build' - - uses: 'google-github-actions/auth@v2' # ratchet:exclude + - uses: 'google-github-actions/auth@v3' # ratchet:exclude with: workload_identity_provider: 'projects/251902844862/locations/global/workloadIdentityPools/github/providers/my-repo' service_account: 'iac-scan-plugins@iac-scan-integration-test.iam.gserviceaccount.com' @@ -83,7 +83,7 @@ jobs: - name: 'npm build' run: 'npm ci && npm run build' - - uses: 'google-github-actions/auth@v2' # ratchet:exclude + - uses: 'google-github-actions/auth@v3' # ratchet:exclude with: workload_identity_provider: 'projects/251902844862/locations/global/workloadIdentityPools/github/providers/my-repo' service_account: 'iac-scan-plugins@iac-scan-integration-test.iam.gserviceaccount.com' diff --git a/README.md b/README.md index 00c4b55..f700a45 100644 --- a/README.md +++ b/README.md @@ -21,8 +21,8 @@ Cloud product, please contact [Google Cloud support](https://cloud.google.com/support).** > [!IMPORTANT] -> This action requires the Security Command Center Premium tier or Enterprise -> tier. In the Premium tier, you must be a subscription customer to use this +> This action requires the Security Command Center Premium tier or Enterprise +> tier. In the Premium tier, you must be a subscription customer to use this > action. You must activate Security Command Center at the organization level to > use this feature. @@ -35,7 +35,7 @@ support](https://cloud.google.com/support).** * This action requires a Google Cloud service account which has the **Security Posture Shift-Left Validator** role or the **Security Posture Admin** role on the Google Cloud organization that includes the IaC resources. For more information, see [Authorization](#authorization). -* This action runs using Node 20. If you are using self-hosted GitHub Actions +* This action runs using Node 24. If you are using self-hosted GitHub Actions runners, you must use a [runner version](https://github.com/actions/virtual-environments) that supports this version or later. @@ -54,13 +54,13 @@ jobs: steps: - uses: 'actions/checkout@v4' - id: 'auth' - uses: 'google-github-actions/auth@v2' + uses: 'google-github-actions/auth@v3' with: workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - id: 'analyze-code-security-scc' - uses: 'google-github-actions/analyze-code-security-scc@v0' + uses: 'google-github-actions/analyze-code-security-scc@v1' with: organization_id: '123456789' scan_file_ref: './tf_plan.json' @@ -174,14 +174,14 @@ jobs: steps: - id: 'auth' - uses: 'google-github-actions/auth@v2' + uses: 'google-github-actions/auth@v3' with: workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - id: 'analyze-code-security-scc' - uses: 'google-github-actions/analyze-code-security-scc@v0' + uses: 'google-github-actions/analyze-code-security-scc@v1' ``` diff --git a/action.yml b/action.yml index cb69459..9c5b0f4 100644 --- a/action.yml +++ b/action.yml @@ -110,5 +110,5 @@ outputs: violations are found in the scan file. runs: - using: 'node20' + using: 'node24' main: 'dist/main/index.js' diff --git a/bin/runTests.sh b/bin/runTests.sh deleted file mode 100644 index c47d2f8..0000000 --- a/bin/runTests.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash -set -eEuo pipefail - -# -# As of Node 20, the --test parameter does not support globbing, and it does not -# support variable Windows paths. We also cannot invoke the test runner -# directly, because while it has an API, there's no way to force it to transpile -# the Typescript into JavaScript before passing it to the runner. -# -# So we're left with this solution, which shells out to Node to list all files -# that end in *.test.ts (excluding node_modules/), and then execs out to that -# process. We have to exec so the stderr/stdout and exit code is appropriately -# fed to the caller. -# - -FILES="$(node -e "process.stdout.write(require('node:fs').readdirSync('./', { recursive: true }).filter((e) => {return e.endsWith('.test.ts') && !e.startsWith('node_modules');}).sort().join(' '));")" - -set -x - -# shellcheck disable=SC2086 -exec node --require ts-node/register --test-reporter spec --test ${FILES} diff --git a/package-lock.json b/package-lock.json index 8e98493..32687b9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,7 +11,7 @@ "dependencies": { "@actions/core": "^1.11.1", "@actions/http-client": "^2.2.3", - "@google-github-actions/actions-utils": "^0.8.10", + "@google-github-actions/actions-utils": "^1.0.1", "google-auth-library": "^10.3.0" }, "devDependencies": { @@ -29,7 +29,7 @@ "typescript-eslint": "^8.42.0" }, "engines": { - "node": ">= 20.x", + "node": ">= 24.x", "npm": ">= 11.x" } }, @@ -219,9 +219,9 @@ } }, "node_modules/@google-github-actions/actions-utils": { - "version": "0.8.10", - "resolved": "https://registry.npmjs.org/@google-github-actions/actions-utils/-/actions-utils-0.8.10.tgz", - "integrity": "sha512-NLmKwQgPj0cQyDjbtQIGUYBdPtFIywLbH10RPRuhF6tO7qlO19N76SsaDEiZ7iKlXA9Yfj8TS3lK6wfdJyE+hw==", + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@google-github-actions/actions-utils/-/actions-utils-1.0.1.tgz", + "integrity": "sha512-dEvNcy63a6pkcMsRhWbfjNePsv4kR61O56mQ9rVXvRgjAvRkZTBiM1G7QSnHulMEjhLIlTEGlBIKEKIxCoonkQ==", "license": "Apache-2.0", "dependencies": { "yaml": "^2.8.1" @@ -230,8 +230,8 @@ "actions-gen-readme": "bin/actions-gen-readme.mjs" }, "engines": { - "node": ">= 20.x", - "npm": ">= 10.x" + "node": ">= 24.x", + "npm": ">= 11.x" } }, "node_modules/@humanfs/core": { diff --git a/package.json b/package.json index 5b4a574..1570bbf 100644 --- a/package.json +++ b/package.json @@ -8,10 +8,10 @@ "docs": "./node_modules/.bin/actions-gen-readme", "lint": "eslint .", "format": "eslint . --fix", - "test": "bash ./bin/runTests.sh" + "test": "node --require ts-node/register --test-reporter spec --test tests/**/*.test.ts" }, "engines": { - "node": ">= 20.x", + "node": ">= 24.x", "npm": ">= 11.x" }, "repository": { @@ -29,7 +29,7 @@ "dependencies": { "@actions/core": "^1.11.1", "@actions/http-client": "^2.2.3", - "@google-github-actions/actions-utils": "^0.8.10", + "@google-github-actions/actions-utils": "^1.0.1", "google-auth-library": "^10.3.0" }, "devDependencies": {