pnpm-setup/dist/index.js

"use strict";var qX=Object.create;var _m=Object.defineProperty;var HX=Object.getOwnPropertyDescriptor;var jX=Object.getOwnPropertyNames;var zX=Object.getPrototypeOf,GX=Object.prototype.hasOwnProperty;var YX=(t,e)=>()=>(t&&(e=t(t=0)),e);var h=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports),JX=(t,e)=>{for(var r in e)_m(t,r,{get:e[r],enumerable:!0})},_P=(t,e,r,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of jX(e))!GX.call(t,i)&&i!==r&&_m(t,i,{get:()=>e[i],enumerable:!(n=HX(e,i))||n.enumerable});return t};var gt=(t,e,r)=>(r=t!=null?qX(zX(t)):{},_P(e||!t||!t.__esModule?_m(r,"default",{value:t,enumerable:!0}):r,t)),Ui=t=>_P(_m({},"__esModule",{value:!0}),t);var Dm=h(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.toCommandProperties=gc.toCommandValue=void 0;function VX(t){return t==null?"":typeof t=="string"||t instanceof String?t:JSON.stringify(t)}gc.toCommandValue=VX;function WX(t){return Object.keys(t).length?{title:t.title,file:t.file,line:t.startLine,endLine:t.endLine,col:t.startColumn,endColumn:t.endColumn}:{}}gc.toCommandProperties=WX});var TP=h(ti=>{"use strict";var $X=ti&&ti.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),KX=ti&&ti.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),XX=ti&&ti.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&$X(e,t,r);return KX(e,t),e};Object.defineProperty(ti,"__esModule",{value:!0});ti.issue=ti.issueCommand=void 0;var ZX=XX(require("os")),kP=Dm();function PP(t,e,r){let n=new UQ(t,e,r);process.stdout.write(n.toString()+ZX.EOL)}ti.issueCommand=PP;function e5(t,e=""){PP(t,{},e)}ti.issue=e5;var DP="::",UQ=class{constructor(e,r,n){e||(e="missing.command"),this.command=e,this.properties=r,this.message=n}toString(){let e=DP+this.command;if(this.properties&&Object.keys(this.properties).length>0){e+=" ";let r=!0;for(let n in this.properties)if(this.properties.hasOwnProperty(n)){let i=this.properties[n];i&&(r?r=!1:e+=",",e+=`${n}=${r5(i)}`)}}return e+=`${DP}${t5(this.message)}`,e}};function t5(t){return(0,kP.toCommandValue)(t).replace(/%/g,"%25").replace(/\r/g,"%0D").replace(/\n/g,"%0A")}function r5(t){return(0,kP.toCommandValue)(t).replace(/%/g,"%25").replace(/\r/g,"%0D").replace(/\n/g,"%0A").replace(/:/g,"%3A").replace(/,/g,"%2C")}});var MP=h(ri=>{"use strict";var n5=ri&&ri.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),i5=ri&&ri.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),HQ=ri&&ri.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&n5(e,t,r);return i5(e,t),e};Object.defineProperty(ri,"__esModule",{value:!0});ri.prepareKeyValueMessage=ri.issueFileCommand=void 0;var s5=HQ(require("crypto")),OP=HQ(require("fs")),qQ=HQ(require("os")),LP=Dm();function o5(t,e){let r=process.env[`GITHUB_${t}`];if(!r)throw new Error(`Unable to find environment variable for file command ${t}`);if(!OP.existsSync(r))throw new Error(`Missing file at path: ${r}`);OP.appendFileSync(r,`${(0,LP.toCommandValue)(e)}${qQ.EOL}`,{encoding:"utf8"})}ri.issueFileCommand=o5;function a5(t,e){let r=`ghadelimiter_${s5.randomUUID()}`,n=(0,LP.toCommandValue)(e);if(t.includes(r))throw new Error(`Unexpected input: name should not contain the delimiter "${r}"`);if(n.includes(r))throw new Error(`Unexpected input: value should 
`,u.message,u.stack);var d=new Error("tunneling socket could not be established, cause="+u.message);d.code="ECONNRESET",e.request.emit("error",d),n.removeSocket(i)}};js.prototype.removeSocket=function(e){var r=this.sockets.indexOf(e);if(r!==-1){this.sockets.splice(r,1);var n=this.requests.shift();n&&this.createSocket(n,function(i){n.request.onSocket(i)})}};function HP(t,e){var r=this;js.prototype.createSocket.call(r,t,function(n){var i=t.request.getHeader("host"),s=zQ({},r.options,{socket:n,servername:i?i.replace(/:.*$/,""):t.host}),o=l5.connect(0,s);r.sockets[r.sockets.indexOf(n)]=o,e(o)})}function jP(t,e,r){return typeof t=="string"?{host:t,port:e,localAddress:r}:t}function zQ(t){for(var e=1,r=arguments.length;e<r;++e){var n=arguments[e];if(typeof n=="object")for(var i=Object.keys(n),s=0,o=i.length;s<o;++s){var a=i[s];n[a]!==void 0&&(t[a]=n[a])}}return t}var Po;process.env.NODE_DEBUG&&/\btunnel\b/.test(process.env.NODE_DEBUG)?Po=function(){var t=Array.prototype.slice.call(arguments);typeof t[0]=="string"?t[0]="TUNNEL: "+t[0]:t.unshift("TUNNEL:"),console.error.apply(console,t)}:Po=function(){};pc.debug=Po});var YP=h((EOe,GP)=>{GP.exports=zP()});var It=h((COe,JP)=>{JP.exports={kClose:Symbol("close"),kDestroy:Symbol("destroy"),kDispatch:Symbol("dispatch"),kUrl:Symbol("url"),kWriting:Symbol("writing"),kResuming:Symbol("resuming"),kQueue:Symbol("queue"),kConnect:Symbol("connect"),kConnecting:Symbol("connecting"),kHeadersList:Symbol("headers list"),kKeepAliveDefaultTimeout:Symbol("default keep alive timeout"),kKeepAliveMaxTimeout:Symbol("max keep alive timeout"),kKeepAliveTimeoutThreshold:Symbol("keep alive timeout threshold"),kKeepAliveTimeoutValue:Symbol("keep alive timeout"),kKeepAlive:Symbol("keep alive"),kHeadersTimeout:Symbol("headers timeout"),kBodyTimeout:Symbol("body timeout"),kServerName:Symbol("server name"),kLocalAddress:Symbol("local address"),kHost:Symbol("host"),kNoRef:Symbol("no ref"),kBodyUsed:Symbol("used"),kRunning:Symbol("running"),kBlocking:Symbol("blocking"),kPending:Symbol("pending"),kSize:Symbol("size"),kBusy:Symbol("busy"),kQueued:Symbol("queued"),kFree:Symbol("free"),kConnected:Symbol("connected"),kClosed:Symbol("closed"),kNeedDrain:Symbol("need drain"),kReset:Symbol("reset"),kDestroyed:Symbol.for("nodejs.stream.destroyed"),kMaxHeadersSize:Symbol("max headers size"),kRunningIdx:Symbol("running index"),kPendingIdx:Symbol("pending index"),kError:Symbol("error"),kClients:Symbol("clients"),kClient:Symbol("client"),kParser:Symbol("parser"),kOnDestroyed:Symbol("destroy callbacks"),kPipelining:Symbol("pipelining"),kSocket:Symbol("socket"),kHostHeader:Symbol("host header"),kConnector:Symbol("connector"),kStrictContentLength:Symbol("strict content length"),kMaxRedirections:Symbol("maxRedirections"),kMaxRequests:Symbol("maxRequestsPerClient"),kProxy:Symbol("proxy agent options"),kCounter:Symbol("socket request counter"),kInterceptors:Symbol("dispatch interceptors"),kMaxResponseSize:Symbol("max response size"),kHTTP2Session:Symbol("http2Session"),kHTTP2SessionState:Symbol("http2Session state"),kHTTP2BuildRequest:Symbol("http2 build request"),kHTTP1BuildRequest:Symbol("http1 build request"),kHTTP2CopyHeaders:Symbol("http2 copy headers"),kHTTPConnVersion:Symbol("http connection version"),kRetryHandlerDefaultRetry:Symbol("retry agent default retry"),kConstruct:Symbol("constructable")}});var At=h((IOe,VP)=>{"use strict";var Vt=class extends Error{constructor(e){super(e),this.name="UndiciError",this.code="UND_ERR"}},GQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="ConnectTimeoutError",this.message=e||"Connect Timeout Error",this.code="UND_ERR_CONNECT_TIMEOUT"}},YQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="HeadersTimeoutError",this.message=e||"Headers Timeout Error",this.code="UND_ERR_HEADERS_TIMEOUT"}},JQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="HeadersOverflowError",this.message=e||"Headers Overflow Error",this.code="UND_ERR_HEADERS_OVERFLOW"}},VQ=class t extends Vt{constructor(e){super
\r
`),r6=/\r\n/g,n6=/^([^:]+):[ \t]?([\x00-\xFF]+)?$/;function Ec(t){pT.call(this),t=t||{};let e=this;this.nread=0,this.maxed=!1,this.npairs=0,this.maxHeaderPairs=mT(t,"maxHeaderPairs",2e3),this.maxHeaderSize=mT(t,"maxHeaderSize",80*1024),this.buffer="",this.header={},this.finished=!1,this.ss=new e6(t6),this.ss.on("info",function(r,n,i,s){n&&!e.maxed&&(e.nread+s-i>=e.maxHeaderSize?(s=e.maxHeaderSize-e.nread+i,e.nread=e.maxHeaderSize,e.maxed=!0):e.nread+=s-i,e.buffer+=n.toString("binary",i,s)),r&&e._finish()})}Z5(Ec,pT);Ec.prototype.push=function(t){let e=this.ss.push(t);if(this.finished)return e};Ec.prototype.reset=function(){this.finished=!1,this.buffer="",this.header={},this.ss.reset()};Ec.prototype._finish=function(){this.buffer&&this._parseHeader(),this.ss.matches=this.ss.maxMatches;let t=this.header;this.header={},this.buffer="",this.finished=!0,this.nread=this.npairs=0,this.maxed=!1,this.emit("header",t)};Ec.prototype._parseHeader=function(){if(this.npairs===this.maxHeaderPairs)return;let t=this.buffer.split(r6),e=t.length,r,n;for(var i=0;i<e;++i){if(t[i].length===0)continue;if((t[i][0]==="	"||t[i][0]===" ")&&n){this.header[n][this.header[n].length-1]+=t[i];continue}let s=t[i].indexOf(":");if(s===-1||s===0)return;if(r=n6.exec(t[i]),n=r[1].toLowerCase(),this.header[n]=this.header[n]||[],this.header[n].push(r[2]||""),++this.npairs===this.maxHeaderPairs)break}};yT.exports=Ec});var pb=h((ROe,IT)=>{"use strict";var mb=require("node:stream").Writable,i6=require("node:util").inherits,s6=hb(),CT=hT(),o6=ET(),a6=45,A6=Buffer.from("-"),c6=Buffer.from(`\r
`),l6=function(){};function qi(t){if(!(this instanceof qi))return new qi(t);if(mb.call(this,t),!t||!t.headerFirst&&typeof t.boundary!="string")throw new TypeError("Boundary required");typeof t.boundary=="string"?this.setBoundary(t.boundary):this._bparser=void 0,this._headerFirst=t.headerFirst,this._dashes=0,this._parts=0,this._finished=!1,this._realFinish=!1,this._isPreamble=!0,this._justMatched=!1,this._firstWrite=!0,this._inHeader=!0,this._part=void 0,this._cb=void 0,this._ignoreData=!1,this._partOpts={highWaterMark:t.partHwm},this._pause=!1;let e=this;this._hparser=new o6(t),this._hparser.on("header",function(r){e._inHeader=!1,e._part.emit("header",r)})}i6(qi,mb);qi.prototype.emit=function(t){if(t==="finish"&&!this._realFinish){if(!this._finished){let e=this;process.nextTick(function(){if(e.emit("error",new Error("Unexpected end of multipart data")),e._part&&!e._ignoreData){let r=e._isPreamble?"Preamble":"Part";e._part.emit("error",new Error(r+" terminated early due to unexpected end of multipart data")),e._part.push(null),process.nextTick(function(){e._realFinish=!0,e.emit("finish"),e._realFinish=!1});return}e._realFinish=!0,e.emit("finish"),e._realFinish=!1})}}else mb.prototype.emit.apply(this,arguments)};qi.prototype._write=function(t,e,r){if(!this._hparser&&!this._bparser)return r();if(this._headerFirst&&this._isPreamble){this._part||(this._part=new CT(this._partOpts),this.listenerCount("preamble")!==0?this.emit("preamble",this._part):this._ignore());let n=this._hparser.push(t);if(!this._inHeader&&n!==void 0&&n<t.length)t=t.slice(n);else return r()}this._firstWrite&&(this._bparser.push(c6),this._firstWrite=!1),this._bparser.push(t),this._pause?this._cb=r:r()};qi.prototype.reset=function(){this._part=void 0,this._bparser=void 0,this._hparser=void 0};qi.prototype.setBoundary=function(t){let e=this;this._bparser=new s6(`\r
--`+t),this._bparser.on("info",function(r,n,i,s){e._oninfo(r,n,i,s)})};qi.prototype._ignore=function(){this._part&&!this._ignoreData&&(this._ignoreData=!0,this._part.on("error",l6),this._part.resume())};qi.prototype._oninfo=function(t,e,r,n){let i,s=this,o=0,a,A=!0;if(!this._part&&this._justMatched&&e){for(;this._dashes<2&&r+o<n;)if(e[r+o]===a6)++o,++this._dashes;else{this._dashes&&(i=A6),this._dashes=0;break}if(this._dashes===2&&(r+o<n&&this.listenerCount("trailer")!==0&&this.emit("trailer",e.slice(r+o,n)),this.reset(),this._finished=!0,s._parts===0&&(s._realFinish=!0,s.emit("finish"),s._realFinish=!1)),this._dashes)return}this._justMatched&&(this._justMatched=!1),this._part||(this._part=new CT(this._partOpts),this._part._read=function(c){s._unpause()},this._isPreamble&&this.listenerCount("preamble")!==0?this.emit("preamble",this._part):this._isPreamble!==!0&&this.listenerCount("part")!==0?this.emit("part",this._part):this._ignore(),this._isPreamble||(this._inHeader=!0)),e&&r<n&&!this._ignoreData&&(this._isPreamble||!this._inHeader?(i&&(A=this._part.push(i)),A=this._part.push(e.slice(r,n)),A||(this._pause=!0)):!this._isPreamble&&this._inHeader&&(i&&this._hparser.push(i),a=this._hparser.push(e.slice(r,n)),!this._inHeader&&a!==void 0&&a<n&&this._oninfo(!1,e,r+a,n))),t&&(this._hparser.reset(),this._isPreamble?this._isPreamble=!1:r!==n&&(++this._parts,this._part.on("end",function(){--s._parts===0&&(s._finished?(s._realFinish=!0,s.emit("finish"),s._realFinish=!1):s._unpause())})),this._part.push(null),this._part=void 0,this._ignoreData=!1,this._justMatched=!0,this._dashes=0)};qi.prototype._unpause=function(){if(this._pause&&(this._pause=!1,this._cb)){let t=this._cb;this._cb=void 0,t()}};IT.exports=qi});var Fm=h((yb,bT)=>{"use strict";var BT=new TextDecoder("utf-8"),QT=new Map([["utf-8",BT],["utf8",BT]]);function u6(t){let e;for(;;)switch(t){case"utf-8":case"utf8":return Wd.utf8;case"latin1":case"ascii":case"us-ascii":case"iso-8859-1":case"iso8859-1":case"iso88591":case"iso_8859-1":case"windows-1252":case"iso_8859-1:1987":case"cp1252":case"x-cp1252":return Wd.latin1;case"utf16le":case"utf-16le":case"ucs2":case"ucs-2":return Wd.utf16le;case"base64":return Wd.base64;default:if(e===void 0){e=!0,t=t.toLowerCase();continue}return Wd.other.bind(t)}}var Wd={utf8:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.utf8Slice(0,t.length)),latin1:(t,e)=>t.length===0?"":typeof t=="string"?t:t.latin1Slice(0,t.length),utf16le:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.ucs2Slice(0,t.length)),base64:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.base64Slice(0,t.length)),other:(t,e)=>{if(t.length===0)return"";if(typeof t=="string"&&(t=Buffer.from(t,e)),QT.has(yb.toString()))try{return QT.get(yb).decode(t)}catch{}return typeof t=="string"?t:t.toString()}};function d6(t,e,r){return t&&u6(r)(t,e)}bT.exports=d6});var Cb=h((vOe,RT)=>{"use strict";var Um=Fm(),NT=/%[a-fA-F0-9][a-fA-F0-9]/g,f6={"%00":"\0","%01":"","%02":"","%03":"","%04":"","%05":"","%06":"","%07":"\x07","%08":"\b","%09":"	","%0a":`
`,"%0A":`
`,"%0b":"\v","%0B":"\v","%0c":"\f","%0C":"\f","%0d":"\r","%0D":"\r","%0e":"","%0E":"","%0f":"","%0F":"","%10":"","%11":"","%12":"","%13":"","%14":"","%15":"","%16":"","%17":"","%18":"","%19":"","%1a":"","%1A":"","%1b":"\x1B","%1B":"\x1B","%1c":"","%1C":"","%1d":"","%1D":"","%1e":"","%1E":"","%1f":"","%1F":"","%20":" ","%21":"!","%22":'"',"%23":"#","%24":"$","%25":"%","%26":"&","%27":"'","%28":"(","%29":")","%2a":"*","%2A":"*","%2b":"+","%2B":"+","%2c":",","%2C":",","%2d":"-","%2D":"-","%2e":".","%2E":".","%2f":"/","%2F":"/","%30":"0","%31":"1","%32":"2","%33":"3","%34":"4","%35":"5","%36":"6","%37":"7","%38":"8","%39":"9","%3a":":","%3A":":","%3b":";","%3B":";","%3c":"<","%3C":"<","%3d":"=","%3D":"=","%3e":">","%3E":">","%3f":"?","%3F":"?","%40":"@","%41":"A","%42":"B","%43":"C","%44":"D","%45":"E","%46":"F","%47":"G","%48":"H","%49":"I","%4a":"J","%4A":"J","%4b":"K","%4B":"K","%4c":"L","%4C":"L","%4d":"M","%4D":"M","%4e":"N","%4E":"N","%4f":"O","%4F":"O","%50":"P","%51":"Q","%52":"R","%53":"S","%54":"T","%55":"U","%56":"V","%57":"W","%58":"X","%59":"Y","%5a":"Z","%5A":"Z","%5b":"[","%5B":"[","%5c":"\\","%5C":"\\","%5d":"]","%5D":"]","%5e":"^","%5E":"^","%5f":"_","%5F":"_","%60":"`","%61":"a","%62":"b","%63":"c","%64":"d","%65":"e","%66":"f","%67":"g","%68":"h","%69":"i","%6a":"j","%6A":"j","%6b":"k","%6B":"k","%6c":"l","%6C":"l","%6d":"m","%6D":"m","%6e":"n","%6E":"n","%6f":"o","%6F":"o","%70":"p","%71":"q","%72":"r","%73":"s","%74":"t","%75":"u","%76":"v","%77":"w","%78":"x","%79":"y","%7a":"z","%7A":"z","%7b":"{","%7B":"{","%7c":"|","%7C":"|","%7d":"}","%7D":"}","%7e":"~","%7E":"~","%7f":"\x7F","%7F":"\x7F","%80":"\x80","%81":"\x81","%82":"\x82","%83":"\x83","%84":"\x84","%85":"\x85","%86":"\x86","%87":"\x87","%88":"\x88","%89":"\x89","%8a":"\x8A","%8A":"\x8A","%8b":"\x8B","%8B":"\x8B","%8c":"\x8C","%8C":"\x8C","%8d":"\x8D","%8D":"\x8D","%8e":"\x8E","%8E":"\x8E","%8f":"\x8F","%8F":"\x8F","%90":"\x90","%91":"\x91","%92":"\x92","%93":"\x93","%94":"\x94","%95":"\x95","%96":"\x96","%97":"\x97","%98":"\x98","%99":"\x99","%9a":"\x9A","%9A":"\x9A","%9b":"\x9B","%9B":"\x9B","%9c":"\x9C","%9C":"\x9C","%9d":"\x9D","%9D":"\x9D","%9e":"\x9E","%9E":"\x9E","%9f":"\x9F","%9F":"\x9F","%a0":"\xA0","%A0":"\xA0","%a1":"\xA1","%A1":"\xA1","%a2":"\xA2","%A2":"\xA2","%a3":"\xA3","%A3":"\xA3","%a4":"\xA4","%A4":"\xA4","%a5":"\xA5","%A5":"\xA5","%a6":"\xA6","%A6":"\xA6","%a7":"\xA7","%A7":"\xA7","%a8":"\xA8","%A8":"\xA8","%a9":"\xA9","%A9":"\xA9","%aa":"\xAA","%Aa":"\xAA","%aA":"\xAA","%AA":"\xAA","%ab":"\xAB","%Ab":"\xAB","%aB":"\xAB","%AB":"\xAB","%ac":"\xAC","%Ac":"\xAC","%aC":"\xAC","%AC":"\xAC","%ad":"\xAD","%Ad":"\xAD","%aD":"\xAD","%AD":"\xAD","%ae":"\xAE","%Ae":"\xAE","%aE":"\xAE","%AE":"\xAE","%af":"\xAF","%Af":"\xAF","%aF":"\xAF","%AF":"\xAF","%b0":"\xB0","%B0":"\xB0","%b1":"\xB1","%B1":"\xB1","%b2":"\xB2","%B2":"\xB2","%b3":"\xB3","%B3":"\xB3","%b4":"\xB4","%B4":"\xB4","%b5":"\xB5","%B5":"\xB5","%b6":"\xB6","%B6":"\xB6","%b7":"\xB7","%B7":"\xB7","%b8":"\xB8","%B8":"\xB8","%b9":"\xB9","%B9":"\xB9","%ba":"\xBA","%Ba":"\xBA","%bA":"\xBA","%BA":"\xBA","%bb":"\xBB","%Bb":"\xBB","%bB":"\xBB","%BB":"\xBB","%bc":"\xBC","%Bc":"\xBC","%bC":"\xBC","%BC":"\xBC","%bd":"\xBD","%Bd":"\xBD","%bD":"\xBD","%BD":"\xBD","%be":"\xBE","%Be":"\xBE","%bE":"\xBE","%BE":"\xBE","%bf":"\xBF","%Bf":"\xBF","%bF":"\xBF","%BF":"\xBF","%c0":"\xC0","%C0":"\xC0","%c1":"\xC1","%C1":"\xC1","%c2":"\xC2","%C2":"\xC2","%c3":"\xC3","%C3":"\xC3","%c4":"\xC4","%C4":"\xC4","%c5":"\xC5","%C5":"\xC5","%c6":"\xC6","%C6":"\xC6","%c7":"\xC7","%C7":"\xC7","%c8":"\xC8","%C8":"\xC8","%c9":"\xC9","%C9":"\xC9","%ca":"\xCA","%Ca":"\xCA","%cA":"\xCA","%CA":"\xCA","%cb":"\xCB","%Cb":"\xCB","%cB":"\xCB","%CB":"\xCB","%cc":"\xCC","%Cc":"\xCC","%cC":"\xCC","%CC":"\xCC","%cd":"\xCD","%Cd":"\xCD","%cD":"\xCD","%CD":"\xCD","%ce":"\xCE","%Ce":"\xCE","%cE":"\xCE","%CE":"\xCE","%cf":"\xCF","%Cf":"\xCF","%cF":"\xCF","%CF":"\xCF","%d0":"\xD0","%D0":"\xD0","%d1":"\xD1","%D1":"\xD1","%d2":"\xD2","%D2":"\xD2","%d3":"\xD3","%D3":"\xD3","%d4":"\xD4","%D4":"\xD4","%d5":"\xD5","%
`))}function dZ(t,e){let{headersList:r}=e,n=(r.get("referrer-policy")??"").split(","),i="";if(n.length>0)for(let s=n.length;s!==0;s--){let o=n[s-1].trim();if(X6.has(o)){i=o;break}}i!==""&&(t.referrerPolicy=i)}function fZ(){return"allowed"}function hZ(){return"success"}function gZ(){return"success"}function mZ(t){let e=null;e=t.mode,t.headersList.set("sec-fetch-mode",e)}function pZ(t){let e=t.origin;if(t.responseTainting==="cors"||t.mode==="websocket")e&&t.headersList.append("origin",e);else if(t.method!=="GET"&&t.method!=="HEAD"){switch(t.referrerPolicy){case"no-referrer":e=null;break;case"no-referrer-when-downgrade":case"strict-origin":case"strict-origin-when-cross-origin":t.origin&&xb(t.origin)&&!xb(Xd(t))&&(e=null);break;case"same-origin":Gm(t,Xd(t))||(e=null);break;default:}e&&t.headersList.append("origin",e)}}function yZ(t){return tZ.now()}function EZ(t){return{startTime:t.startTime??0,redirectStartTime:0,redirectEndTime:0,postRedirectStartTime:t.startTime??0,finalServiceWorkerStartTime:0,finalNetworkResponseStartTime:0,finalNetworkRequestStartTime:0,endTime:0,encodedBodySize:0,decodedBodySize:0,finalConnectionTimingInfo:null}}function CZ(){return{referrerPolicy:"strict-origin-when-cross-origin"}}function IZ(t){return{referrerPolicy:t.referrerPolicy}}function BZ(t){let e=t.referrerPolicy;bc(e);let r=null;if(t.referrer==="client"){let a=eZ();if(!a||a.origin==="null")return"no-referrer";r=new URL(a)}else t.referrer instanceof URL&&(r=t.referrer);let n=wb(r),i=wb(r,!0);n.toString().length>4096&&(n=i);let s=Gm(t,n),o=Kd(n)&&!Kd(t.url);switch(e){case"origin":return i??wb(r,!0);case"unsafe-url":return n;case"same-origin":return s?i:"no-referrer";case"origin-when-cross-origin":return s?n:i;case"strict-origin-when-cross-origin":{let a=Xd(t);return Gm(n,a)?n:Kd(n)&&!Kd(a)?"no-referrer":i}default:return o?"no-referrer":i}}function wb(t,e){return bc(t instanceof URL),t.protocol==="file:"||t.protocol==="about:"||t.protocol==="blank:"?"no-referrer":(t.username="",t.password="",t.hash="",e&&(t.pathname="",t.search=""),t)}function Kd(t){if(!(t instanceof URL))return!1;if(t.href==="about:blank"||t.href==="about:srcdoc"||t.protocol==="data:"||t.protocol==="file:")return!0;return e(t.origin);function e(r){if(r==null||r==="null")return!1;let n=new URL(r);return!!(n.protocol==="https:"||n.protocol==="wss:"||/^127(?:\.[0-9]+){0,2}\.[0-9]+$|^\[(?:0*:)*?:?0*1\]$/.test(n.hostname)||n.hostname==="localhost"||n.hostname.includes("localhost.")||n.hostname.endsWith(".localhost"))}}function QZ(t,e){if(zm===void 0)return!0;let r=rO(e);if(r==="no metadata"||r.length===0)return!0;let n=NZ(r),i=wZ(r,n);for(let s of i){let o=s.algo,a=s.hash,A=zm.createHash(o).update(t).digest("base64");if(A[A.length-1]==="="&&(A[A.length-2]==="="?A=A.slice(0,-2):A=A.slice(0,-1)),SZ(A,a))return!0}return!1}var bZ=/(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i;function rO(t){let e=[],r=!0;for(let n of t.split(" ")){r=!1;let i=bZ.exec(n);if(i===null||i.groups===void 0||i.groups.algo===void 0)continue;let s=i.groups.algo.toLowerCase();XT.includes(s)&&e.push(i.groups)}return r===!0?"no metadata":e}function NZ(t){let e=t[0].algo;if(e[3]==="5")return e;for(let r=1;r<t.length;++r){let n=t[r];if(n.algo[3]==="5"){e="sha512";break}else{if(e[3]==="3")continue;n.algo[3]==="3"&&(e="sha384")}}return e}function wZ(t,e){if(t.length===1)return t;let r=0;for(let n=0;n<t.length;++n)t[n].algo===e&&(t[r++]=t[n]);return t.length=r,t}function SZ(t,e){if(t.length!==e.length)return!1;for(let r=0;r<t.length;++r)if(t[r]!==e[r]){if(t[r]==="+"&&e[r]==="-"||t[r]==="/"&&e[r]==="_")continue;return!1}return!0}function xZ(t){}function Gm(t,e){return t.origin===e.origin&&t.origin==="null"||t.protocol===e.protocol&&t.hostname===e.hostname&&t.port===e.port}function RZ(){let t,e;return{promise:new Promise((n,i)=>{t=n,e=i}),resolve:t,reject:e}}function vZ(t){return t.controller.state==="aborted"}function _Z(t){return t.controller.state==="aborted"||t.controller.state==="terminated"}var Rb={delete:"DELETE",DELETE:"DELETE",get:"GET",GET:"GET",head:"HEAD",
`||t==="	"||t===" "}function vb(t,e=!0,r=!0){let n=0,i=t.length-1;if(e)for(;n<t.length&&cO(t[n]);n++);if(r)for(;i>0&&cO(t[i]);i--);return t.slice(n,i+1)}function lO(t){return t==="\r"||t===`
`||t==="	"||t==="\f"||t===" "}function t7(t,e=!0,r=!0){let n=0,i=t.length-1;if(e)for(;n<t.length&&lO(t[n]);n++);if(r)for(;i>0&&lO(t[i]);i--);return t.slice(n,i+1)}hO.exports={dataURLProcessor:KZ,URLSerializer:uO,collectASequenceOfCodePoints:Vm,collectASequenceOfCodePointsFast:Nc,stringPercentDecode:dO,parseMIMEType:_b,collectAnHTTPQuotedString:fO,serializeAMimeType:e7}});var Wm=h((HOe,EO)=>{"use strict";var{Blob:pO,File:gO}=require("buffer"),{types:Db}=require("util"),{kState:On}=Gs(),{isBlobLike:yO}=ni(),{webidl:Ve}=Vr(),{parseMIMEType:r7,serializeAMimeType:n7}=Hi(),{kEnumerableProperty:mO}=Ue(),i7=new TextEncoder,Zd=class t extends pO{constructor(e,r,n={}){Ve.argumentLengthCheck(arguments,2,{header:"File constructor"}),e=Ve.converters["sequence<BlobPart>"](e),r=Ve.converters.USVString(r),n=Ve.converters.FilePropertyBag(n);let i=r,s=n.type,o;e:{if(s){if(s=r7(s),s==="failure"){s="";break e}s=n7(s).toLowerCase()}o=n.lastModified}super(s7(e,n),{type:s}),this[On]={name:i,lastModified:o,type:s}}get name(){return Ve.brandCheck(this,t),this[On].name}get lastModified(){return Ve.brandCheck(this,t),this[On].lastModified}get type(){return Ve.brandCheck(this,t),this[On].type}},kb=class t{constructor(e,r,n={}){let i=r,s=n.type,o=n.lastModified??Date.now();this[On]={blobLike:e,name:i,type:s,lastModified:o}}stream(...e){return Ve.brandCheck(this,t),this[On].blobLike.stream(...e)}arrayBuffer(...e){return Ve.brandCheck(this,t),this[On].blobLike.arrayBuffer(...e)}slice(...e){return Ve.brandCheck(this,t),this[On].blobLike.slice(...e)}text(...e){return Ve.brandCheck(this,t),this[On].blobLike.text(...e)}get size(){return Ve.brandCheck(this,t),this[On].blobLike.size}get type(){return Ve.brandCheck(this,t),this[On].blobLike.type}get name(){return Ve.brandCheck(this,t),this[On].name}get lastModified(){return Ve.brandCheck(this,t),this[On].lastModified}get[Symbol.toStringTag](){return"File"}};Object.defineProperties(Zd.prototype,{[Symbol.toStringTag]:{value:"File",configurable:!0},name:mO,lastModified:mO});Ve.converters.Blob=Ve.interfaceConverter(pO);Ve.converters.BlobPart=function(t,e){if(Ve.util.Type(t)==="Object"){if(yO(t))return Ve.converters.Blob(t,{strict:!1});if(ArrayBuffer.isView(t)||Db.isAnyArrayBuffer(t))return Ve.converters.BufferSource(t,e)}return Ve.converters.USVString(t,e)};Ve.converters["sequence<BlobPart>"]=Ve.sequenceConverter(Ve.converters.BlobPart);Ve.converters.FilePropertyBag=Ve.dictionaryConverter([{key:"lastModified",converter:Ve.converters["long long"],get defaultValue(){return Date.now()}},{key:"type",converter:Ve.converters.DOMString,defaultValue:""},{key:"endings",converter:t=>(t=Ve.converters.DOMString(t),t=t.toLowerCase(),t!=="native"&&(t="transparent"),t),defaultValue:"transparent"}]);function s7(t,e){let r=[];for(let n of t)if(typeof n=="string"){let i=n;e.endings==="native"&&(i=o7(i)),r.push(i7.encode(i))}else Db.isAnyArrayBuffer(n)||Db.isTypedArray(n)?n.buffer?r.push(new Uint8Array(n.buffer,n.byteOffset,n.byteLength)):r.push(new Uint8Array(n)):yO(n)&&r.push(n);return r}function o7(t){let e=`
`;return process.platform==="win32"&&(e=`\r
`),t.replace(/\r?\n/g,e)}function a7(t){return gO&&t instanceof gO||t instanceof Zd||t&&(typeof t.stream=="function"||typeof t.arrayBuffer=="function")&&t[Symbol.toStringTag]==="File"}EO.exports={File:Zd,FileLike:kb,isFileLike:a7}});var Km=h((jOe,bO)=>{"use strict";var{isBlobLike:$m,toUSVString:A7,makeIterator:Pb}=ni(),{kState:Lr}=Gs(),{File:QO,FileLike:CO,isFileLike:c7}=Wm(),{webidl:it}=Vr(),{Blob:l7,File:Tb}=require("buffer"),IO=Tb??QO,wc=class t{constructor(e){if(e!==void 0)throw it.errors.conversionFailed({prefix:"FormData constructor",argument:"Argument 1",types:["undefined"]});this[Lr]=[]}append(e,r,n=void 0){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,2,{header:"FormData.append"}),arguments.length===3&&!$m(r))throw new TypeError("Failed to execute 'append' on 'FormData': parameter 2 is not of type 'Blob'");e=it.converters.USVString(e),r=$m(r)?it.converters.Blob(r,{strict:!1}):it.converters.USVString(r),n=arguments.length===3?it.converters.USVString(n):void 0;let i=BO(e,r,n);this[Lr].push(i)}delete(e){it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.delete"}),e=it.converters.USVString(e),this[Lr]=this[Lr].filter(r=>r.name!==e)}get(e){it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.get"}),e=it.converters.USVString(e);let r=this[Lr].findIndex(n=>n.name===e);return r===-1?null:this[Lr][r].value}getAll(e){return it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.getAll"}),e=it.converters.USVString(e),this[Lr].filter(r=>r.name===e).map(r=>r.value)}has(e){return it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.has"}),e=it.converters.USVString(e),this[Lr].findIndex(r=>r.name===e)!==-1}set(e,r,n=void 0){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,2,{header:"FormData.set"}),arguments.length===3&&!$m(r))throw new TypeError("Failed to execute 'set' on 'FormData': parameter 2 is not of type 'Blob'");e=it.converters.USVString(e),r=$m(r)?it.converters.Blob(r,{strict:!1}):it.converters.USVString(r),n=arguments.length===3?A7(n):void 0;let i=BO(e,r,n),s=this[Lr].findIndex(o=>o.name===e);s!==-1?this[Lr]=[...this[Lr].slice(0,s),i,...this[Lr].slice(s+1).filter(o=>o.name!==e)]:this[Lr].push(i)}entries(){return it.brandCheck(this,t),Pb(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","key+value")}keys(){return it.brandCheck(this,t),Pb(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","key")}values(){return it.brandCheck(this,t),Pb(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","value")}forEach(e,r=globalThis){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.forEach"}),typeof e!="function")throw new TypeError("Failed to execute 'forEach' on 'FormData': parameter 1 is not of type 'Function'.");for(let[n,i]of this)e.apply(r,[i,n,this])}};wc.prototype[Symbol.iterator]=wc.prototype.entries;Object.defineProperties(wc.prototype,{[Symbol.toStringTag]:{value:"FormData",configurable:!0}});function BO(t,e,r){if(t=Buffer.from(t).toString("utf8"),typeof e=="string")e=Buffer.from(e).toString("utf8");else if(c7(e)||(e=e instanceof l7?new IO([e],"blob",{type:e.type}):new CO(e,"blob",{type:e.type})),r!==void 0){let n={type:e.type,lastModified:e.lastModified};e=Tb&&e instanceof Tb||e instanceof QO?new IO([e],r,n):new CO(e,r,n)}return{name:t,value:e}}bO.exports={FormData:wc}});var ef=h((zOe,kO)=>{"use strict";var u7=HT(),Sc=Ue(),{ReadableStreamFrom:d7,isBlobLike:NO,isReadableStreamLike:f7,readableStreamClose:h7,createDeferredPromise:g7,fullyReadBody:m7}=ni(),{FormData:wO}=Km(),{kState:Js}=Gs(),{webidl:Ob}=Vr(),{DOMException:RO,structuredClone:p7}=Lo(),{Blob:y7,File:E7}=require("buffer"),{kBodyUsed:C7}=It(),Lb=require("assert"),{isErrored:I7}=Ue(),{isUint8Array:vO,isArrayBuffer:B7}=require("util/types"),{File:Q7}=Wm(),{parseMIMEType:b7,serializeAMimeType:N7}=Hi(),Mb;try{let t=require("node:crypto");Mb=e=>t.randomInt(0,e)}catch{Mb=t=>Math.floor(Math.random(t))}var Ys=globalThis.ReadableStream,SO=E7??Q7,Xm=new TextEncoder,w7=new TextDecoder;function _O(t,e=!1){Ys||(Ys=require("stream/web").ReadableS
Content-Disposition: form-data`;let l=E=>E.replace(/\n/g,"%0A").replace(/\r/g,"%0D").replace(/"/g,"%22"),u=E=>E.replace(/\r?\n|\r/g,`\r
`),d=[],f=new Uint8Array([13,10]);s=0;let g=!1;for(let[E,C]of t)if(typeof C=="string"){let I=Xm.encode(c+`; name="${l(u(E))}"\r
\r
${u(C)}\r
`);d.push(I),s+=I.byteLength}else{let I=Xm.encode(`${c}; name="${l(u(E))}"`+(C.name?`; filename="${l(C.name)}"`:"")+`\r
Content-Type: ${C.type||"application/octet-stream"}\r
\r
`);d.push(I,C,f),typeof C.size=="number"?s+=I.byteLength+C.size+f.byteLength:g=!0}let m=Xm.encode(`--${A}--`);d.push(m),s+=m.byteLength,g&&(s=null),i=t,n=async function*(){for(let E of d)E.stream?yield*E.stream():yield E},o="multipart/form-data; boundary="+A}else if(NO(t))i=t,s=t.size,t.type&&(o=t.type);else if(typeof t[Symbol.asyncIterator]=="function"){if(e)throw new TypeError("keepalive");if(Sc.isDisturbed(t)||t.locked)throw new TypeError("Response body object should not be disturbed or locked");r=t instanceof Ys?t:d7(t)}if((typeof i=="string"||Sc.isBuffer(i))&&(s=Buffer.byteLength(i)),n!=null){let A;r=new Ys({async start(){A=n(t)[Symbol.asyncIterator]()},async pull(c){let{value:l,done:u}=await A.next();return u?queueMicrotask(()=>{c.close()}):I7(r)||c.enqueue(new Uint8Array(l)),c.desiredSize>0},async cancel(c){await A.return()},type:void 0})}return[{stream:r,source:i,length:s},o]}function S7(t,e=!1){return Ys||(Ys=require("stream/web").ReadableStream),t instanceof Ys&&(Lb(!Sc.isDisturbed(t),"The body has already been consumed."),Lb(!t.locked,"The stream is locked.")),_O(t,e)}function x7(t){let[e,r]=t.stream.tee(),n=p7(r,{transfer:[r]}),[,i]=n.tee();return t.stream=e,{stream:i,length:t.length,source:t.source}}async function*xO(t){if(t)if(vO(t))yield t;else{let e=t.stream;if(Sc.isDisturbed(e))throw new TypeError("The body has already been consumed.");if(e.locked)throw new TypeError("The stream is locked.");e[C7]=!0,yield*e}}function Fb(t){if(t.aborted)throw new RO("The operation was aborted.","AbortError")}function R7(t){return{blob(){return Zm(this,r=>{let n=k7(this);return n==="failure"?n="":n&&(n=N7(n)),new y7([r],{type:n})},t)},arrayBuffer(){return Zm(this,r=>new Uint8Array(r).buffer,t)},text(){return Zm(this,DO,t)},json(){return Zm(this,D7,t)},async formData(){Ob.brandCheck(this,t),Fb(this[Js]);let r=this.headers.get("Content-Type");if(/multipart\/form-data/.test(r)){let n={};for(let[a,A]of this.headers)n[a.toLowerCase()]=A;let i=new wO,s;try{s=new u7({headers:n,preservePath:!0})}catch(a){throw new RO(`${a}`,"AbortError")}s.on("field",(a,A)=>{i.append(a,A)}),s.on("file",(a,A,c,l,u)=>{let d=[];if(l==="base64"||l.toLowerCase()==="base64"){let f="";A.on("data",g=>{f+=g.toString().replace(/[\r\n]/gm,"");let m=f.length-f.length%4;d.push(Buffer.from(f.slice(0,m),"base64")),f=f.slice(m)}),A.on("end",()=>{d.push(Buffer.from(f,"base64")),i.append(a,new SO(d,c,{type:u}))})}else A.on("data",f=>{d.push(f)}),A.on("end",()=>{i.append(a,new SO(d,c,{type:u}))})});let o=new Promise((a,A)=>{s.on("finish",a),s.on("error",c=>A(new TypeError(c)))});if(this.body!==null)for await(let a of xO(this[Js].body))s.write(a);return s.end(),await o,i}else if(/application\/x-www-form-urlencoded/.test(r)){let n;try{let s="",o=new TextDecoder("utf-8",{ignoreBOM:!0});for await(let a of xO(this[Js].body)){if(!vO(a))throw new TypeError("Expected Uint8Array chunk");s+=o.decode(a,{stream:!0})}s+=o.decode(),n=new URLSearchParams(s)}catch(s){throw Object.assign(new TypeError,{cause:s})}let i=new wO;for(let[s,o]of n)i.append(s,o);return i}else throw await Promise.resolve(),Fb(this[Js]),Ob.errors.exception({header:`${t.name}.formData`,message:"Could not parse content as FormData."})}}}function v7(t){Object.assign(t.prototype,R7(t))}async function Zm(t,e,r){if(Ob.brandCheck(t,r),Fb(t[Js]),_7(t[Js].body))throw new TypeError("Body is unusable");let n=g7(),i=o=>n.reject(o),s=o=>{try{n.resolve(e(o))}catch(a){i(a)}};return t[Js].body==null?(s(new Uint8Array),n.promise):(await m7(t[Js].body,s,i),n.promise)}function _7(t){return t!=null&&(t.stream.locked||Sc.isDisturbed(t.stream))}function DO(t){return t.length===0?"":(t[0]===239&&t[1]===187&&t[2]===191&&(t=t.subarray(3)),w7.decode(t))}function D7(t){return JSON.parse(DO(t))}function k7(t){let{headersList:e}=t[Js],r=e.get("content-type");return r===null?"failure":b7(r)}kO.exports={extractBody:_O,safelyExtractBody:S7,cloneBody:x7,mixinBody:v7}});var LO=h((GOe,OO)=>{"use strict";var{InvalidArgumentError:mt,NotSupportedError:P7}=At(),Vs=require("assert"),{kHTTP2BuildRequest:T7,kHTTP2CopyHeaders:O7,kHTTP1BuildRequest:
`),this.body=E.stream,this.contentLength=E.length}else an.isBlobLike(i)&&this.contentType==null&&i.type&&(this.contentType=i.type,this.headers+=`content-type: ${i.type}\r
`);an.validateHandler(m,n,c),this.servername=an.getServerName(this.host),this[ji]=m,tr.create.hasSubscribers&&tr.create.publish({request:this})}onBodySent(e){if(this[ji].onBodySent)try{return this[ji].onBodySent(e)}catch(r){this.abort(r)}}onRequestSent(){if(tr.bodySent.hasSubscribers&&tr.bodySent.publish({request:this}),this[ji].onRequestSent)try{return this[ji].onRequestSent()}catch(e){this.abort(e)}}onConnect(e){if(Vs(!this.aborted),Vs(!this.completed),this.error)e(this.error);else return this.abort=e,this[ji].onConnect(e)}onHeaders(e,r,n,i){Vs(!this.aborted),Vs(!this.completed),tr.headers.hasSubscribers&&tr.headers.publish({request:this,response:{statusCode:e,headers:r,statusText:i}});try{return this[ji].onHeaders(e,r,n,i)}catch(s){this.abort(s)}}onData(e){Vs(!this.aborted),Vs(!this.completed);try{return this[ji].onData(e)}catch(r){return this.abort(r),!1}}onUpgrade(e,r,n){return Vs(!this.aborted),Vs(!this.completed),this[ji].onUpgrade(e,r,n)}onComplete(e){this.onFinally(),Vs(!this.aborted),this.completed=!0,tr.trailers.hasSubscribers&&tr.trailers.publish({request:this,trailers:e});try{return this[ji].onComplete(e)}catch(r){this.onError(r)}}onError(e){if(this.onFinally(),tr.error.hasSubscribers&&tr.error.publish({request:this,error:e}),!this.aborted)return this.aborted=!0,this[ji].onError(e)}onFinally(){this.errorHandler&&(this.body.off("error",this.errorHandler),this.errorHandler=null),this.endHandler&&(this.body.off("end",this.endHandler),this.endHandler=null)}addHeader(e,r){return tf(this,e,r),this}static[L7](e,r,n){return new t(e,r,n)}static[T7](e,r,n){let i=r.headers;r={...r,headers:null};let s=new t(e,r,n);if(s.headers={},Array.isArray(i)){if(i.length%2!==0)throw new mt("headers array must be even");for(let o=0;o<i.length;o+=2)tf(s,i[o],i[o+1],!0)}else if(i&&typeof i=="object"){let o=Object.keys(i);for(let a=0;a<o.length;a++){let A=o[a];tf(s,A,i[A],!0)}}else if(i!=null)throw new mt("headers must be an object or an array");return s}static[O7](e){let r=e.split(`\r
`),n={};for(let i of r){let[s,o]=i.split(": ");o==null||o.length===0||(n[s]?n[s]+=`,${o}`:n[s]=o)}return n}};function za(t,e,r){if(e&&typeof e=="object")throw new mt(`invalid ${t} header`);if(e=e!=null?`${e}`:"",TO.exec(e)!==null)throw new mt(`invalid ${t} header`);return r?e:`${t}: ${e}\r
`}function tf(t,e,r,n=!1){if(r&&typeof r=="object"&&!Array.isArray(r))throw new mt(`invalid ${e} header`);if(r===void 0)return;if(t.host===null&&e.length===4&&e.toLowerCase()==="host"){if(TO.exec(r)!==null)throw new mt(`invalid ${e} header`);t.host=r}else if(t.contentLength===null&&e.length===14&&e.toLowerCase()==="content-length"){if(t.contentLength=parseInt(r,10),!Number.isFinite(t.contentLength))throw new mt("invalid content-length header")}else if(t.contentType===null&&e.length===12&&e.toLowerCase()==="content-type")t.contentType=r,n?t.headers[e]=za(e,r,n):t.headers+=za(e,r);else{if(e.length===17&&e.toLowerCase()==="transfer-encoding")throw new mt("invalid transfer-encoding header");if(e.length===10&&e.toLowerCase()==="connection"){let i=typeof r=="string"?r.toLowerCase():null;if(i!=="close"&&i!=="keep-alive")throw new mt("invalid connection header");i==="close"&&(t.reset=!0)}else{if(e.length===10&&e.toLowerCase()==="keep-alive")throw new mt("invalid keep-alive header");if(e.length===7&&e.toLowerCase()==="upgrade")throw new mt("invalid upgrade header");if(e.length===6&&e.toLowerCase()==="expect")throw new P7("expect header not supported");if(PO.exec(e)===null)throw new mt("invalid header key");if(Array.isArray(r))for(let i=0;i<r.length;i++)n?t.headers[e]?t.headers[e]+=`,${za(e,r[i],n)}`:t.headers[e]=za(e,r[i],n):t.headers+=za(e,r[i]);else n?t.headers[e]=za(e,r,n):t.headers+=za(e,r)}}}OO.exports=qb});var ep=h((YOe,MO)=>{"use strict";var F7=require("events"),Hb=class extends F7{dispatch(){throw new Error("not implemented")}close(){throw new Error("not implemented")}destroy(){throw new Error("not implemented")}};MO.exports=Hb});var nf=h((JOe,FO)=>{"use strict";var U7=ep(),{ClientDestroyedError:jb,ClientClosedError:q7,InvalidArgumentError:xc}=At(),{kDestroy:H7,kClose:j7,kDispatch:zb,kInterceptors:Ga}=It(),Rc=Symbol("destroyed"),rf=Symbol("closed"),Ws=Symbol("onDestroyed"),vc=Symbol("onClosed"),tp=Symbol("Intercepted Dispatch"),Gb=class extends U7{constructor(){super(),this[Rc]=!1,this[Ws]=null,this[rf]=!1,this[vc]=[]}get destroyed(){return this[Rc]}get closed(){return this[rf]}get interceptors(){return this[Ga]}set interceptors(e){if(e){for(let r=e.length-1;r>=0;r--)if(typeof this[Ga][r]!="function")throw new xc("interceptor must be an function")}this[Ga]=e}close(e){if(e===void 0)return new Promise((n,i)=>{this.close((s,o)=>s?i(s):n(o))});if(typeof e!="function")throw new xc("invalid callback");if(this[Rc]){queueMicrotask(()=>e(new jb,null));return}if(this[rf]){this[vc]?this[vc].push(e):queueMicrotask(()=>e(null,null));return}this[rf]=!0,this[vc].push(e);let r=()=>{let n=this[vc];this[vc]=null;for(let i=0;i<n.length;i++)n[i](null,null)};this[j7]().then(()=>this.destroy()).then(()=>{queueMicrotask(r)})}destroy(e,r){if(typeof e=="function"&&(r=e,e=null),r===void 0)return new Promise((i,s)=>{this.destroy(e,(o,a)=>o?s(o):i(a))});if(typeof r!="function")throw new xc("invalid callback");if(this[Rc]){this[Ws]?this[Ws].push(r):queueMicrotask(()=>r(null,null));return}e||(e=new jb),this[Rc]=!0,this[Ws]=this[Ws]||[],this[Ws].push(r);let n=()=>{let i=this[Ws];this[Ws]=null;for(let s=0;s<i.length;s++)i[s](null,null)};this[H7](e).then(()=>{queueMicrotask(n)})}[tp](e,r){if(!this[Ga]||this[Ga].length===0)return this[tp]=this[zb],this[zb](e,r);let n=this[zb].bind(this);for(let i=this[Ga].length-1;i>=0;i--)n=this[Ga][i](n);return this[tp]=n,n(e,r)}dispatch(e,r){if(!r||typeof r!="object")throw new xc("handler must be an object");try{if(!e||typeof e!="object")throw new xc("opts must be an object.");if(this[Rc]||this[Ws])throw new jb;if(this[rf])throw new q7;return this[tp](e,r)}catch(n){if(typeof r.onError!="function")throw new xc("invalid onError method");return r.onError(n),!1}}};FO.exports=Gb});var sf=h(($Oe,HO)=>{"use strict";var z7=require("net"),UO=require("assert"),qO=Ue(),{InvalidArgumentError:G7,ConnectTimeoutError:Y7}=At(),Yb,Jb;global.FinalizationRegistry&&!process.env.NODE_V8_COVERAGE?Jb=class{constructor(e){this._maxCachedSessions=e,this._sessionCache=new Map,this._sessionRegistry=new global.FinalizationRegistry(r=>{if(this._s
`,this[sL]=A??3e5,this[iL]=i??3e5,this[uf]=I??!0,this[Qee]=w,this[df]=T,this[Fo]=null,this[aL]=k>-1?k:-1,this[fs]="h1",this[Mn]=null,this[cp]=Re?{openStreams:0,maxConcurrentStreams:H??100}:null,this[AL]=`${this[Rr].hostname}${this[Rr].port?`:${this[Rr].port}`:""}`,this[Bt]=[],this[Qt]=0,this[Ln]=0}get pipelining(){return this[qo]}set pipelining(e){this[qo]=e,Fn(this,!0)}get[Va](){return this[Bt].length-this[Ln]}get[Dt](){return this[Ln]-this[Qt]}get[Ja](){return this[Bt].length-this[Qt]}get[Bee](){return!!this[Ot]&&!this[Dc]&&!this[Ot].destroyed}get[t0](){let e=this[Ot];return e&&(e[Wr]||e[Xs]||e[Pc])||this[Ja]>=(this[qo]||1)||this[Va]>0}[Iee](e){dL(this),this.once("connect",e)}[wee](e,r){let n=e.origin||this[Rr].origin,i=this[fs]==="h2"?e0[xee](n,e,r):e0[vee](n,e,r);return this[Bt].push(i),this[Ya]||(Ae.bodyLength(i.body)==null&&Ae.isIterable(i.body)?(this[Ya]=1,process.nextTick(Fn,this)):Fn(this,!0)),this[Ya]&&this[Uo]!==2&&this[t0]&&(this[Uo]=2),this[Uo]<2}async[bee](){return new Promise(e=>{this[Ja]?this[Fo]=e:e(null)})}async[Nee](e){return new Promise(r=>{let n=this[Bt].splice(this[Ln]);for(let s=0;s<n.length;s++){let o=n[s];$r(this,o,e)}let i=()=>{this[Fo]&&(this[Fo](),this[Fo]=null),r()};this[Mn]!=null&&(Ae.destroy(this[Mn],e),this[Mn]=null,this[cp]=null),this[Ot]?Ae.destroy(this[Ot].on("close",i),e):queueMicrotask(i),Fn(this)})}};function Mee(t){ee(t.code!=="ERR_TLS_CERT_ALTNAME_INVALID"),this[Ot][vr]=t,fp(this[ds],t)}function Fee(t,e,r){let n=new us(`HTTP/2: "frameError" received - type ${t}, code ${e}`);r===0&&(this[Ot][vr]=n,fp(this[ds],n))}function Uee(){Ae.destroy(this,new kc("other side closed")),Ae.destroy(this[Ot],new kc("other side closed"))}function qee(t){let e=this[ds],r=new us(`HTTP/2: "GOAWAY" frame received with code ${t}`);if(e[Ot]=null,e[Mn]=null,e.destroyed){ee(this[Va]===0);let n=e[Bt].splice(e[Qt]);for(let i=0;i<n.length;i++){let s=n[i];$r(this,s,r)}}else if(e[Dt]>0){let n=e[Bt][e[Qt]];e[Bt][e[Qt]++]=null,$r(e,n,r)}e[Ln]=e[Qt],ee(e[Dt]===0),e.emit("disconnect",e[Rr],[e],r),Fn(e)}var As=zO(),Hee=ip(),jee=Buffer.alloc(0);async function zee(){let t=process.env.JEST_WORKER_ID?Kb():void 0,e;try{e=await WebAssembly.compile(Buffer.from(KO(),"base64"))}catch{e=await WebAssembly.compile(Buffer.from(t||Kb(),"base64"))}return await WebAssembly.instantiate(e,{env:{wasm_on_url:(r,n,i)=>0,wasm_on_status:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-ls+cs.byteOffset;return or.onStatus(new sp(cs.buffer,s,i))||0},wasm_on_message_begin:r=>(ee.strictEqual(or.ptr,r),or.onMessageBegin()||0),wasm_on_header_field:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-ls+cs.byteOffset;return or.onHeaderField(new sp(cs.buffer,s,i))||0},wasm_on_header_value:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-ls+cs.byteOffset;return or.onHeaderValue(new sp(cs.buffer,s,i))||0},wasm_on_headers_complete:(r,n,i,s)=>(ee.strictEqual(or.ptr,r),or.onHeadersComplete(n,!!i,!!s)||0),wasm_on_body:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-ls+cs.byteOffset;return or.onBody(new sp(cs.buffer,s,i))||0},wasm_on_message_complete:r=>(ee.strictEqual(or.ptr,r),or.onMessageComplete()||0)}})}var Zb=null,i0=zee();i0.catch();var or=null,cs=null,op=0,ls=null,Tc=1,Ap=2,s0=3,o0=class{constructor(e,r,{exports:n}){ee(Number.isFinite(e[ap])&&e[ap]>0),this.llhttp=n,this.ptr=this.llhttp.llhttp_alloc(As.TYPE.RESPONSE),this.client=e,this.socket=r,this.timeout=null,this.timeoutValue=null,this.timeoutType=null,this.statusCode=null,this.statusText="",this.upgrade=!1,this.headers=[],this.headersSize=0,this.headersMaxSize=e[ap],this.shouldKeepAlive=!1,this.paused=!1,this.resume=this.resume.bind(this),this.bytesRead=0,this.keepAlive="",this.contentLength="",this.connection="",this.maxResponseSize=e[aL]}setTimeout(e,r){this.timeoutType=r,e!==this.timeoutValue?(Xb.clearTimeout(this.timeout),e?(this.timeout=Xb.setTimeout(Gee,e,this),this.timeout.unref&&this.timeout.unref()):this.timeout=null,this.timeoutValue=e):this.timeout&&this.timeout.refresh&&this.timeout.refresh()}resume(){this.socket.destroyed||!this.paused||(ee(this.ptr!=null),ee(or==null),this.llhttp.llhttp_resume(this.ptr),ee
`;return typeof s=="string"?g+=`host: ${s}\r
`:g+=t[tL],o?g+=`connection: upgrade\r
upgrade: ${o}\r
`:t[qo]&&!f[Wr]?g+=`connection: keep-alive\r
`:g+=`connection: close\r
`,a&&(g+=a),Mr.sendHeaders.hasSubscribers&&Mr.sendHeaders.publish({request:e,headers:g,socket:f}),!r||u===0?(d===0?f.write(`${g}content-length: 0\r
\r
`,"latin1"):(ee(d===null,"no body must not have content length"),f.write(`${g}\r
`,"latin1")),e.onRequestSent()):Ae.isBuffer(r)?(ee(d===r.byteLength,"buffer body must have content length"),f.cork(),f.write(`${g}content-length: ${d}\r
\r
`,"latin1"),f.write(r),f.uncork(),e.onBodySent(r),e.onRequestSent(),l||(f[Wr]=!0)):Ae.isBlobLike(r)?typeof r.stream=="function"?up({body:r.stream(),client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):gL({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):Ae.isStream(r)?hL({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):Ae.isIterable(r)?up({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):ee(!1),!0}function Vee(t,e,r){let{body:n,method:i,path:s,host:o,upgrade:a,expectContinue:A,signal:c,headers:l}=r,u;if(typeof l=="string"?u=e0[Ree](l.trim()):u=l,a)return $r(t,r,new Error("Upgrade not supported for H2")),!1;try{r.onConnect(I=>{r.aborted||r.completed||$r(t,r,I||new A0)})}catch(I){$r(t,r,I)}if(r.aborted)return!1;let d,f=t[cp];if(u[_ee]=o||t[AL],u[Dee]=i,i==="CONNECT")return e.ref(),d=e.request(u,{endStream:!1,signal:c}),d.id&&!d.pending?(r.onUpgrade(null,null,d),++f.openStreams):d.once("ready",()=>{r.onUpgrade(null,null,d),++f.openStreams}),d.once("close",()=>{f.openStreams-=1,f.openStreams===0&&e.unref()}),!0;u[kee]=s,u[Pee]="https";let g=i==="PUT"||i==="POST"||i==="PATCH";n&&typeof n.read=="function"&&n.read(0);let m=Ae.bodyLength(n);if(m==null&&(m=r.contentLength),(m===0||!g)&&(m=null),fL(i)&&m>0&&r.contentLength!=null&&r.contentLength!==m){if(t[uf])return $r(t,r,new Ks),!1;process.emitWarning(new Ks)}m!=null&&(ee(n,"no body must not have content length"),u[Tee]=`${m}`),e.ref();let E=i==="GET"||i==="HEAD";return A?(u[Oee]="100-continue",d=e.request(u,{endStream:E,signal:c}),d.once("continue",C)):(d=e.request(u,{endStream:E,signal:c}),C()),++f.openStreams,d.once("response",I=>{let{[Lee]:N,...w}=I;r.onHeaders(Number(N),w,d.resume.bind(d),"")===!1&&d.pause()}),d.once("end",()=>{r.onComplete([])}),d.on("data",I=>{r.onData(I)===!1&&d.pause()}),d.once("close",()=>{f.openStreams-=1,f.openStreams===0&&e.unref()}),d.once("error",function(I){t[Mn]&&!t[Mn].destroyed&&!this.closed&&!this.destroyed&&(f.streams-=1,Ae.destroy(d,I))}),d.once("frameError",(I,N)=>{let w=new us(`HTTP/2: "frameError" received - type ${I}, code ${N}`);$r(t,r,w),t[Mn]&&!t[Mn].destroyed&&!this.closed&&!this.destroyed&&(f.streams-=1,Ae.destroy(d,w))}),!0;function C(){n?Ae.isBuffer(n)?(ee(m===n.byteLength,"buffer body must have content length"),d.cork(),d.write(n),d.uncork(),d.end(),r.onBodySent(n),r.onRequestSent()):Ae.isBlobLike(n)?typeof n.stream=="function"?up({client:t,request:r,contentLength:m,h2stream:d,expectsPayload:g,body:n.stream(),socket:t[Ot],header:""}):gL({body:n,client:t,request:r,contentLength:m,expectsPayload:g,h2stream:d,header:"",socket:t[Ot]}):Ae.isStream(n)?hL({body:n,client:t,request:r,contentLength:m,expectsPayload:g,socket:t[Ot],h2stream:d,header:""}):Ae.isIterable(n)?up({body:n,client:t,request:r,contentLength:m,expectsPayload:g,header:"",h2stream:d,socket:t[Ot]}):ee(!1):r.onRequestSent()}}function hL({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,header:o,expectsPayload:a}){if(ee(s!==0||r[Dt]===0,"stream body cannot be pipelined"),r[fs]==="h2"){let m=function(E){n.onBodySent(E)},g=uee(e,t,E=>{E?(Ae.destroy(e,E),Ae.destroy(t,E)):n.onRequestSent()});g.on("data",m),g.once("end",()=>{g.removeListener("data",m),Ae.destroy(g)});return}let A=!1,c=new dp({socket:i,request:n,contentLength:s,client:r,expectsPayload:a,header:o}),l=function(g){if(!A)try{!c.write(g)&&this.pause&&this.pause()}catch(m){Ae.destroy(this,m)}},u=function(){A||e.resume&&e.resume()},d=function(){if(A)return;let g=new A0;queueMicrotask(()=>f(g))},f=function(g){if(!A){if(A=!0,ee(i.destroyed||i[Xs]&&r[Dt]<=1),i.off("drain",u).off("error",f),e.removeListener("data",l).removeListener("end",f).removeListener("error",f).removeListener("close",d),!g)try{c.end()}catch(m){g=m}c.destroy(g),g&&(g.code!=="UND_ERR_INFO"||g.message!=="reset")?Ae.destroy(e,g):Ae.destroy(e)}};e.on("data",l).on("end",f).on("error",f).on("close",d),e.resume&&e.resume(),i.on("drain",u).on("error",f)}async function gL({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,heade
\r
`,"latin1"),i.write(c),i.uncork()),n.onBodySent(c),n.onRequestSent(),a||(i[Wr]=!0),Fn(r)}catch(c){Ae.destroy(A?t:i,c)}}async function up({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,header:o,expectsPayload:a}){ee(s!==0||r[Dt]===0,"iterator body cannot be pipelined");let A=null;function c(){if(A){let d=A;A=null,d()}}let l=()=>new Promise((d,f)=>{ee(A===null),i[vr]?f(i[vr]):A=d});if(r[fs]==="h2"){t.on("close",c).on("drain",c);try{for await(let d of e){if(i[vr])throw i[vr];let f=t.write(d);n.onBodySent(d),f||await l()}}catch(d){t.destroy(d)}finally{n.onRequestSent(),t.end(),t.off("close",c).off("drain",c)}return}i.on("close",c).on("drain",c);let u=new dp({socket:i,request:n,contentLength:s,client:r,expectsPayload:a,header:o});try{for await(let d of e){if(i[vr])throw i[vr];u.write(d)||await l()}u.end()}catch(d){u.destroy(d)}finally{i.off("close",c).off("drain",c)}}var dp=class{constructor({socket:e,request:r,contentLength:n,client:i,expectsPayload:s,header:o}){this.socket=e,this.request=r,this.contentLength=n,this.client=i,this.bytesWritten=0,this.expectsPayload=s,this.header=o,e[Xs]=!0}write(e){let{socket:r,request:n,contentLength:i,client:s,bytesWritten:o,expectsPayload:a,header:A}=this;if(r[vr])throw r[vr];if(r.destroyed)return!1;let c=Buffer.byteLength(e);if(!c)return!0;if(i!==null&&o+c>i){if(s[uf])throw new Ks;process.emitWarning(new Ks)}r.cork(),o===0&&(a||(r[Wr]=!0),i===null?r.write(`${A}transfer-encoding: chunked\r
`,"latin1"):r.write(`${A}content-length: ${i}\r
\r
`,"latin1")),i===null&&r.write(`\r
${c.toString(16)}\r
`,"latin1"),this.bytesWritten+=c;let l=r.write(e);return r.uncork(),n.onBodySent(e),l||r[Tt].timeout&&r[Tt].timeoutType===Tc&&r[Tt].timeout.refresh&&r[Tt].timeout.refresh(),l}end(){let{socket:e,contentLength:r,client:n,bytesWritten:i,expectsPayload:s,header:o,request:a}=this;if(a.onRequestSent(),e[Xs]=!1,e[vr])throw e[vr];if(!e.destroyed){if(i===0?s?e.write(`${o}content-length: 0\r
\r
`,"latin1"):e.write(`${o}\r
`,"latin1"):r===null&&e.write(`\r
0\r
\r
`,"latin1"),r!==null&&i!==r){if(n[uf])throw new Ks;process.emitWarning(new Ks)}e[Tt].timeout&&e[Tt].timeoutType===Tc&&e[Tt].timeout.refresh&&e[Tt].timeout.refresh(),Fn(n)}}destroy(e){let{socket:r,client:n}=this;r[Xs]=!1,e&&(ee(n[Dt]<=1,"pipeline should only contain this request"),Ae.destroy(r,e))}};function $r(t,e,r){try{e.onError(r),ee(e.aborted)}catch(n){t.emit("error",n)}}mL.exports=n0});var yL=h((sLe,pL)=>{"use strict";var hp=class{constructor(){this.bottom=0,this.top=0,this.list=new Array(2048),this.next=null}isEmpty(){return this.top===this.bottom}isFull(){return(this.top+1&2047)===this.bottom}push(e){this.list[this.top]=e,this.top=this.top+1&2047}shift(){let e=this.list[this.bottom];return e===void 0?null:(this.list[this.bottom]=void 0,this.bottom=this.bottom+1&2047,e)}};pL.exports=class{constructor(){this.head=this.tail=new hp}isEmpty(){return this.head.isEmpty()}push(e){this.head.isFull()&&(this.head=this.head.next=new hp),this.head.push(e)}shift(){let e=this.tail,r=e.shift();return e.isEmpty()&&e.next!==null&&(this.tail=e.next),r}}});var CL=h((oLe,EL)=>{var{kFree:Wee,kConnected:$ee,kPending:Kee,kQueued:Xee,kRunning:Zee,kSize:ete}=It(),Wa=Symbol("pool"),c0=class{constructor(e){this[Wa]=e}get connected(){return this[Wa][$ee]}get free(){return this[Wa][Wee]}get pending(){return this[Wa][Kee]}get queued(){return this[Wa][Xee]}get running(){return this[Wa][Zee]}get size(){return this[Wa][ete]}};EL.exports=c0});var g0=h((aLe,vL)=>{"use strict";var tte=nf(),rte=yL(),{kConnected:l0,kSize:IL,kRunning:BL,kPending:QL,kQueued:hf,kBusy:nte,kFree:ite,kUrl:ste,kClose:ote,kDestroy:ate,kDispatch:Ate}=It(),cte=CL(),An=Symbol("clients"),Kr=Symbol("needDrain"),gf=Symbol("queue"),u0=Symbol("closed resolve"),d0=Symbol("onDrain"),bL=Symbol("onConnect"),NL=Symbol("onDisconnect"),wL=Symbol("onConnectionError"),f0=Symbol("get dispatcher"),xL=Symbol("add client"),RL=Symbol("remove client"),SL=Symbol("stats"),h0=class extends tte{constructor(){super(),this[gf]=new rte,this[An]=[],this[hf]=0;let e=this;this[d0]=function(n,i){let s=e[gf],o=!1;for(;!o;){let a=s.shift();if(!a)break;e[hf]--,o=!this.dispatch(a.opts,a.handler)}this[Kr]=o,!this[Kr]&&e[Kr]&&(e[Kr]=!1,e.emit("drain",n,[e,...i])),e[u0]&&s.isEmpty()&&Promise.all(e[An].map(a=>a.close())).then(e[u0])},this[bL]=(r,n)=>{e.emit("connect",r,[e,...n])},this[NL]=(r,n,i)=>{e.emit("disconnect",r,[e,...n],i)},this[wL]=(r,n,i)=>{e.emit("connectionError",r,[e,...n],i)},this[SL]=new cte(this)}get[nte](){return this[Kr]}get[l0](){return this[An].filter(e=>e[l0]).length}get[ite](){return this[An].filter(e=>e[l0]&&!e[Kr]).length}get[QL](){let e=this[hf];for(let{[QL]:r}of this[An])e+=r;return e}get[BL](){let e=0;for(let{[BL]:r}of this[An])e+=r;return e}get[IL](){let e=this[hf];for(let{[IL]:r}of this[An])e+=r;return e}get stats(){return this[SL]}async[ote](){return this[gf].isEmpty()?Promise.all(this[An].map(e=>e.close())):new Promise(e=>{this[u0]=e})}async[ate](e){for(;;){let r=this[gf].shift();if(!r)break;r.handler.onError(e)}return Promise.all(this[An].map(r=>r.destroy(e)))}[Ate](e,r){let n=this[f0]();return n?n.dispatch(e,r)||(n[Kr]=!0,this[Kr]=!this[f0]()):(this[Kr]=!0,this[gf].push({opts:e,handler:r}),this[hf]++),!this[Kr]}[xL](e){return e.on("drain",this[d0]).on("connect",this[bL]).on("disconnect",this[NL]).on("connectionError",this[wL]),this[An].push(e),this[Kr]&&process.nextTick(()=>{this[Kr]&&this[d0](e[ste],[this,e])}),this}[RL](e){e.close(()=>{let r=this[An].indexOf(e);r!==-1&&this[An].splice(r,1)}),this[Kr]=this[An].some(r=>!r[Kr]&&r.closed!==!0&&r.destroyed!==!0)}};vL.exports={PoolBase:h0,kClients:An,kNeedDrain:Kr,kAddClient:xL,kRemoveClient:RL,kGetDispatcher:f0}});var Oc=h((ALe,kL)=>{"use strict";var{PoolBase:lte,kClients:gp,kNeedDrain:ute,kAddClient:dte,kGetDispatcher:fte}=g0(),hte=ff(),{InvalidArgumentError:m0}=At(),p0=Ue(),{kUrl:_L,kInterceptors:gte}=It(),mte=sf(),y0=Symbol("options"),E0=Symbol("connections"),DL=Symbol("factory");function pte(t,e){return new hte(t,e)}var C0=class extends lte{constructor(e,{connections:r,factory:n=pte,connect:i,connectTimeout:s,tls:o,maxCachedSessions
${n.count} ${n.noun} ${n.is} pending:

${e.format(r)}
`.trim())}};uF.exports=iN});var yF=h((kLe,pF)=>{"use strict";var{kProxy:yne,kClose:Ene,kDestroy:Cne,kInterceptors:Ine}=It(),{URL:fF}=require("url"),hF=pf(),Bne=Oc(),Qne=nf(),{InvalidArgumentError:Bf,RequestAbortedError:bne}=At(),gF=sf(),Cf=Symbol("proxy agent"),Op=Symbol("proxy client"),If=Symbol("proxy headers"),sN=Symbol("request tls settings"),Nne=Symbol("proxy tls settings"),mF=Symbol("connect endpoint function");function wne(t){return t==="https:"?443:80}function Sne(t){if(typeof t=="string"&&(t={uri:t}),!t||!t.uri)throw new Bf("Proxy opts.uri is mandatory");return{uri:t.uri,protocol:t.protocol||"https"}}function xne(t,e){return new Bne(t,e)}var oN=class extends Qne{constructor(e){if(super(e),this[yne]=Sne(e),this[Cf]=new hF(e),this[Ine]=e.interceptors&&e.interceptors.ProxyAgent&&Array.isArray(e.interceptors.ProxyAgent)?e.interceptors.ProxyAgent:[],typeof e=="string"&&(e={uri:e}),!e||!e.uri)throw new Bf("Proxy opts.uri is mandatory");let{clientFactory:r=xne}=e;if(typeof r!="function")throw new Bf("Proxy opts.clientFactory must be a function.");this[sN]=e.requestTls,this[Nne]=e.proxyTls,this[If]=e.headers||{};let n=new fF(e.uri),{origin:i,port:s,host:o,username:a,password:A}=n;if(e.auth&&e.token)throw new Bf("opts.auth cannot be used in combination with opts.token");e.auth?this[If]["proxy-authorization"]=`Basic ${e.auth}`:e.token?this[If]["proxy-authorization"]=e.token:a&&A&&(this[If]["proxy-authorization"]=`Basic ${Buffer.from(`${decodeURIComponent(a)}:${decodeURIComponent(A)}`).toString("base64")}`);let c=gF({...e.proxyTls});this[mF]=gF({...e.requestTls}),this[Op]=r(n,{connect:c}),this[Cf]=new hF({...e,connect:async(l,u)=>{let d=l.host;l.port||(d+=`:${wne(l.protocol)}`);try{let{socket:f,statusCode:g}=await this[Op].connect({origin:i,port:s,path:d,signal:l.signal,headers:{...this[If],host:o}});if(g!==200&&(f.on("error",()=>{}).destroy(),u(new bne(`Proxy response (${g}) !== 200 when HTTP Tunneling`))),l.protocol!=="https:"){u(null,f);return}let m;this[sN]?m=this[sN].servername:m=l.servername,this[mF]({...l,servername:m,httpSocket:f},u)}catch(f){u(f)}}})}dispatch(e,r){let{host:n}=new fF(e.origin),i=Rne(e.headers);return vne(i),this[Cf].dispatch({...e,headers:{...i,host:n}},r)}async[Ene](){await this[Cf].close(),await this[Op].close()}async[Cne](){await this[Cf].destroy(),await this[Op].destroy()}};function Rne(t){if(Array.isArray(t)){let e={};for(let r=0;r<t.length;r+=2)e[t[r]]=t[r+1];return e}return t}function vne(t){if(t&&Object.keys(t).find(r=>r.toLowerCase()==="proxy-authorization"))throw new Bf("Proxy-Authorization should be sent in ProxyAgent constructor")}pF.exports=oN});var QF=h((PLe,BF)=>{var tA=require("assert"),{kRetryHandlerDefaultRetry:EF}=It(),{RequestRetryError:Lp}=At(),{isDisturbed:CF,parseHeaders:_ne,parseRangeHeader:IF}=Ue();function Dne(t){let e=Date.now();return new Date(t).getTime()-e}var aN=class t{constructor(e,r){let{retryOptions:n,...i}=e,{retry:s,maxRetries:o,maxTimeout:a,minTimeout:A,timeoutFactor:c,methods:l,errorCodes:u,retryAfter:d,statusCodes:f}=n??{};this.dispatch=r.dispatch,this.handler=r.handler,this.opts=i,this.abort=null,this.aborted=!1,this.retryOpts={retry:s??t[EF],retryAfter:d??!0,maxTimeout:a??30*1e3,timeout:A??500,timeoutFactor:c??2,maxRetries:o??5,methods:l??["GET","HEAD","OPTIONS","PUT","DELETE","TRACE"],statusCodes:f??[500,502,503,504,429],errorCodes:u??["ECONNRESET","ECONNREFUSED","ENOTFOUND","ENETDOWN","ENETUNREACH","EHOSTDOWN","EHOSTUNREACH","EPIPE"]},this.retryCount=0,this.start=0,this.end=null,this.etag=null,this.resume=null,this.handler.onConnect(g=>{this.aborted=!0,this.abort?this.abort(g):this.reason=g})}onRequestSent(){this.handler.onRequestSent&&this.handler.onRequestSent()}onUpgrade(e,r,n){this.handler.onUpgrade&&this.handler.onUpgrade(e,r,n)}onConnect(e){this.aborted?e(this.reason):this.abort=e}onBodySent(e){if(this.handler.onBodySent)return this.handler.onBodySent(e)}static[EF](e,{state:r,opts:n},i){let{statusCode:s,code:o,headers:a}=e,{method:A,retryOptions:c}=n,{maxRetries:l,timeout:u,maxTimeout:d,timeoutFactor:f,statusCodes:g,errorCodes:m,methods:E}=c,{count
 
        Error Code : ${o.statusCode}
 
        Error Message: ${o.message}`)})).result)===null||r===void 0?void 0:r.value;if(!s)throw new Error("Response json body do not have ID Token field");return s})}static getIDToken(e){return D1(this,void 0,void 0,function*(){try{let r=t.getIDTokenUrl();if(e){let i=encodeURIComponent(e);r=`${r}&audience=${i}`}(0,k1.debug)(`ID token url is ${r}`);let n=yield t.getCall(r);return(0,k1.setSecret)(n),n}catch(r){throw new Error(`Error message: ${r.message}`)}})}};al.OidcClient=$N});var ew=h(fn=>{"use strict";var KN=fn&&fn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(fn,"__esModule",{value:!0});fn.summary=fn.markdownSummary=fn.SUMMARY_DOCS_URL=fn.SUMMARY_ENV_VAR=void 0;var Bae=require("os"),XN=require("fs"),{access:Qae,appendFile:bae,writeFile:Nae}=XN.promises;fn.SUMMARY_ENV_VAR="GITHUB_STEP_SUMMARY";fn.SUMMARY_DOCS_URL="https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary";var ZN=class{constructor(){this._buffer=""}filePath(){return KN(this,void 0,void 0,function*(){if(this._filePath)return this._filePath;let e=process.env[fn.SUMMARY_ENV_VAR];if(!e)throw new Error(`Unable to find environment variable for $${fn.SUMMARY_ENV_VAR}. Check if your runtime environment supports job summaries.`);try{yield Qae(e,XN.constants.R_OK|XN.constants.W_OK)}catch{throw new Error(`Unable to access summary file: '${e}'. Check if the file has correct read/write permissions.`)}return this._filePath=e,this._filePath})}wrap(e,r,n={}){let i=Object.entries(n).map(([s,o])=>` ${s}="${o}"`).join("");return r?`<${e}${i}>${r}</${e}>`:`<${e}${i}>`}write(e){return KN(this,void 0,void 0,function*(){let r=!!e?.overwrite,n=yield this.filePath();return yield(r?Nae:bae)(n,this._buffer,{encoding:"utf8"}),this.emptyBuffer()})}clear(){return KN(this,void 0,void 0,function*(){return this.emptyBuffer().write({overwrite:!0})})}stringify(){return this._buffer}isEmptyBuffer(){return this._buffer.length===0}emptyBuffer(){return this._buffer="",this}addRaw(e,r=!1){return this._buffer+=e,r?this.addEOL():this}addEOL(){return this.addRaw(Bae.EOL)}addCodeBlock(e,r){let n=Object.assign({},r&&{lang:r}),i=this.wrap("pre",this.wrap("code",e),n);return this.addRaw(i).addEOL()}addList(e,r=!1){let n=r?"ol":"ul",i=e.map(o=>this.wrap("li",o)).join(""),s=this.wrap(n,i);return this.addRaw(s).addEOL()}addTable(e){let r=e.map(i=>{let s=i.map(o=>{if(typeof o=="string")return this.wrap("td",o);let{header:a,data:A,colspan:c,rowspan:l}=o,u=a?"th":"td",d=Object.assign(Object.assign({},c&&{colspan:c}),l&&{rowspan:l});return this.wrap(u,A,d)}).join("");return this.wrap("tr",s)}).join(""),n=this.wrap("table",r);return this.addRaw(n).addEOL()}addDetails(e,r){let n=this.wrap("details",this.wrap("summary",e)+r);return this.addRaw(n).addEOL()}addImage(e,r,n){let{width:i,height:s}=n||{},o=Object.assign(Object.assign({},i&&{width:i}),s&&{height:s}),a=this.wrap("img",null,Object.assign({src:e,alt:r},o));return this.addRaw(a).addEOL()}addHeading(e,r){let n=`h${r}`,i=["h1","h2","h3","h4","h5","h6"].includes(n)?n:"h1",s=this.wrap(i,e);return this.addRaw(s).addEOL()}addSeparator(){let e=this.wrap("hr",null);return this.addRaw(e).addEOL()}addBreak(){let e=this.wrap("br",null);return this.addRaw(e).addEOL()}addQuote(e,r){let n=Object.assign({},r&&{cite:r}),i=this.wrap("blockquote",e,n);return this.addRaw(i).addEOL()}addLink(e,r){let n=this.wrap("a",e,{href:r});return this.addRaw(n).addEOL()}},T1=new ZN;fn.markdownSummary=T1;fn.summary=T1});var O1=h(hn=>{"use strict";var wae=hn&&hn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]}
`);return{name:e,version:r}});qe.platform=eq.default.platform();qe.arch=eq.default.arch();qe.isWindows=qe.platform==="win32";qe.isMacOS=qe.platform==="darwin";qe.isLinux=qe.platform==="linux";function uAe(){return Dy(this,void 0,void 0,function*(){return Object.assign(Object.assign({},yield qe.isWindows?AAe():qe.isMacOS?cAe():lAe()),{platform:qe.platform,arch:qe.arch,isWindows:qe.isWindows,isMacOS:qe.isMacOS,isLinux:qe.isLinux})})}qe.getDetails=uAe});var at=h(te=>{"use strict";var dAe=te&&te.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),fAe=te&&te.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),aw=te&&te.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&dAe(e,t,r);return fAe(e,t),e},rq=te&&te.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(te,"__esModule",{value:!0});te.platform=te.toPlatformPath=te.toWin32Path=te.toPosixPath=te.markdownSummary=te.summary=te.getIDToken=te.getState=te.saveState=te.group=te.endGroup=te.startGroup=te.info=te.notice=te.warning=te.error=te.debug=te.isDebug=te.setFailed=te.setCommandEcho=te.setOutput=te.getBooleanInput=te.getMultilineInput=te.getInput=te.addPath=te.setSecret=te.exportVariable=te.ExitCode=void 0;var li=TP(),cA=MP(),cl=Dm(),nq=aw(require("os")),hAe=aw(require("path")),gAe=P1(),ow;(function(t){t[t.Success=0]="Success",t[t.Failure=1]="Failure"})(ow||(te.ExitCode=ow={}));function mAe(t,e){let r=(0,cl.toCommandValue)(e);if(process.env[t]=r,process.env.GITHUB_ENV||"")return(0,cA.issueFileCommand)("ENV",(0,cA.prepareKeyValueMessage)(t,e));(0,li.issueCommand)("set-env",{name:t},r)}te.exportVariable=mAe;function pAe(t){(0,li.issueCommand)("add-mask",{},t)}te.setSecret=pAe;function yAe(t){process.env.GITHUB_PATH||""?(0,cA.issueFileCommand)("PATH",t):(0,li.issueCommand)("add-path",{},t),process.env.PATH=`${t}${hAe.delimiter}${process.env.PATH}`}te.addPath=yAe;function Aw(t,e){let r=process.env[`INPUT_${t.replace(/ /g,"_").toUpperCase()}`]||"";if(e&&e.required&&!r)throw new Error(`Input required and not supplied: ${t}`);return e&&e.trimWhitespace===!1?r:r.trim()}te.getInput=Aw;function EAe(t,e){let r=Aw(t,e).split(`
`).filter(n=>n!=="");return e&&e.trimWhitespace===!1?r:r.map(n=>n.trim())}te.getMultilineInput=EAe;function CAe(t,e){let r=["true","True","TRUE"],n=["false","False","FALSE"],i=Aw(t,e);if(r.includes(i))return!0;if(n.includes(i))return!1;throw new TypeError(`Input does not meet YAML 1.2 "Core Schema" specification: ${t}
Support boolean input list: \`true | True | TRUE | false | False | FALSE\``)}te.getBooleanInput=CAe;function IAe(t,e){if(process.env.GITHUB_OUTPUT||"")return(0,cA.issueFileCommand)("OUTPUT",(0,cA.prepareKeyValueMessage)(t,e));process.stdout.write(nq.EOL),(0,li.issueCommand)("set-output",{name:t},(0,cl.toCommandValue)(e))}te.setOutput=IAe;function BAe(t){(0,li.issue)("echo",t?"on":"off")}te.setCommandEcho=BAe;function QAe(t){process.exitCode=ow.Failure,iq(t)}te.setFailed=QAe;function bAe(){return process.env.RUNNER_DEBUG==="1"}te.isDebug=bAe;function NAe(t){(0,li.issueCommand)("debug",{},t)}te.debug=NAe;function iq(t,e={}){(0,li.issueCommand)("error",(0,cl.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.error=iq;function wAe(t,e={}){(0,li.issueCommand)("warning",(0,cl.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.warning=wAe;function SAe(t,e={}){(0,li.issueCommand)("notice",(0,cl.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.notice=SAe;function xAe(t){process.stdout.write(t+nq.EOL)}te.info=xAe;function sq(t){(0,li.issue)("group",t)}te.startGroup=sq;function oq(){(0,li.issue)("endgroup")}te.endGroup=oq;function RAe(t,e){return rq(this,void 0,void 0,function*(){sq(t);let r;try{r=yield e()}finally{oq()}return r})}te.group=RAe;function vAe(t,e){if(process.env.GITHUB_STATE||"")return(0,cA.issueFileCommand)("STATE",(0,cA.prepareKeyValueMessage)(t,e));(0,li.issueCommand)("save-state",{name:t},(0,cl.toCommandValue)(e))}te.saveState=vAe;function _Ae(t){return process.env[`STATE_${t}`]||""}te.getState=_Ae;function DAe(t){return rq(this,void 0,void 0,function*(){return yield gAe.OidcClient.getIDToken(t)})}te.getIDToken=DAe;var kAe=ew();Object.defineProperty(te,"summary",{enumerable:!0,get:function(){return kAe.summary}});var PAe=ew();Object.defineProperty(te,"markdownSummary",{enumerable:!0,get:function(){return PAe.markdownSummary}});var cw=O1();Object.defineProperty(te,"toPosixPath",{enumerable:!0,get:function(){return cw.toPosixPath}});Object.defineProperty(te,"toWin32Path",{enumerable:!0,get:function(){return cw.toWin32Path}});Object.defineProperty(te,"toPlatformPath",{enumerable:!0,get:function(){return cw.toPlatformPath}});te.platform=aw(tq())});var aq=h(Is=>{"use strict";var TAe=Is&&Is.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),OAe=Is&&Is.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),LAe=Is&&Is.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&TAe(e,t,r);return OAe(e,t),e};Object.defineProperty(Is,"__esModule",{value:!0});Is.getOptions=void 0;var lw=LAe(at());function MAe(t){let e={followSymbolicLinks:!0,implicitDescendants:!0,omitBrokenSymbolicLinks:!0};return t&&(typeof t.followSymbolicLinks=="boolean"&&(e.followSymbolicLinks=t.followSymbolicLinks,lw.debug(`followSymbolicLinks '${e.followSymbolicLinks}'`)),typeof t.implicitDescendants=="boolean"&&(e.implicitDescendants=t.implicitDescendants,lw.debug(`implicitDescendants '${e.implicitDescendants}'`)),typeof t.omitBrokenSymbolicLinks=="boolean"&&(e.omitBrokenSymbolicLinks=t.omitBrokenSymbolicLinks,lw.debug(`omitBrokenSymbolicLinks '${e.omitBrokenSymbolicLinks}'`))),e}Is.getOptions=MAe});var Py=h(Mt=>{"use strict";var FAe=Mt&&Mt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),UAe=Mt&&Mt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),qAe=Mt&&Mt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&FAe(e,t,r);return UAe(e,t),e},HAe=Mt&&Mt.__importDefault||function(t){return t&&t.__esModule?t:{defa
   %s`,v,v,I,n);var T=I.type==="*"?mw:I.type==="?"?gw:"\\"+I.type;i=!0,n=n.slice(0,I.reStart)+T+"\\("+v}g(),s&&(n+="\\\\");var U=!1;switch(n.charAt(0)){case"[":case".":case"(":U=!0}for(var k=a.length-1;k>-1;k--){var J=a[k],be=n.slice(0,J.reStart),Re=n.slice(J.reStart,J.reEnd-8),H=n.slice(J.reEnd-8,J.reEnd),_e=n.slice(J.reEnd);H+=_e;var rt=be.split("(").length-1,Or=_e;for(m=0;m<rt;m++)Or=Or.replace(/\)[+*?]?/,"");_e=Or;var fr="";_e===""&&e!==Oy&&(fr="$");var Ro=be+Re+_e+fr+H;n=Ro}if(n!==""&&i&&(n="(?=.)"+n),U&&(n=d+n),e===Oy)return[n,i];if(!i)return Ece(t);var vo=r.nocase?"i":"";try{var Li=new RegExp("^"+n+"$",vo)}catch{return new RegExp("$.")}return Li._glob=t,Li._src=n,Li}Yn.makeRe=function(t,e){return new Dr(t,e||{}).makeRe()};Dr.prototype.makeRe=yce;function yce(){if(this.regexp||this.regexp===!1)return this.regexp;var t=this.set;if(!t.length)return this.regexp=!1,this.regexp;var e=this.options,r=e.noglobstar?mw:e.dot?lce:uce,n=e.nocase?"i":"",i=t.map(function(s){return s.map(function(o){return o===pw?r:typeof o=="string"?Cce(o):o._src}).join("\\/")}).join("|");i="^(?:"+i+")$",this.negate&&(i="^(?!"+i+").*$");try{this.regexp=new RegExp(i,n)}catch{this.regexp=!1}return this.regexp}Yn.match=function(t,e,r){r=r||{};var n=new Dr(e,r);return t=t.filter(function(i){return n.match(i)}),n.options.nonull&&!t.length&&t.push(e),t};Dr.prototype.match=function(e,r){if(typeof r>"u"&&(r=this.partial),this.debug("match",e,this.pattern),this.comment)return!1;if(this.empty)return e==="";if(e==="/"&&r)return!0;var n=this.options;Ff.sep!=="/"&&(e=e.split(Ff.sep).join("/")),e=e.split(xq),this.debug(this.pattern,"split",e);var i=this.set;this.debug(this.pattern,"set",i);var s,o;for(o=e.length-1;o>=0&&(s=e[o],!s);o--);for(o=0;o<i.length;o++){var a=i[o],A=e;n.matchBase&&a.length===1&&(A=[s]);var c=this.matchOne(A,a,r);if(c)return n.flipNegate?!0:!this.negate}return n.flipNegate?!1:this.negate};Dr.prototype.matchOne=function(t,e,r){var n=this.options;this.debug("matchOne",{this:this,file:t,pattern:e}),this.debug("matchOne",t.length,e.length);for(var i=0,s=0,o=t.length,a=e.length;i<o&&s<a;i++,s++){this.debug("matchOne loop");var A=e[s],c=t[i];if(this.debug(e,A,c),A===!1)return!1;if(A===pw){this.debug("GLOBSTAR",[e,A,c]);var l=i,u=s+1;if(u===a){for(this.debug("** at the end");i<o;i++)if(t[i]==="."||t[i]===".."||!n.dot&&t[i].charAt(0)===".")return!1;return!0}for(;l<o;){var d=t[l];if(this.debug(`
globstar while`,t,l,e,u,d),this.matchOne(t.slice(l),e.slice(u),r))return this.debug("globstar found match!",l,o,d),!0;if(d==="."||d===".."||!n.dot&&d.charAt(0)==="."){this.debug("dot detected!",t,l,e,u);break}this.debug("globstar swallow a segment, and continue"),l++}return!!(r&&(this.debug(`
>>> no match, partial?`,t,l,e,u),l===o))}var f;if(typeof A=="string"?(f=c===A,this.debug("string match",A,c,f)):(f=c.match(A),this.debug("pattern match",A,c,f)),!f)return!1}if(i===o&&s===a)return!0;if(i===o)return r;if(s===a)return i===o-1&&t[i]==="";throw new Error("wtf?")};function Ece(t){return t.replace(/\\(.)/g,"$1")}function Cce(t){return t.replace(/[-[\]{}()*+?.,\\^$|#\s]/g,"\\$&")}});var Dq=h(ui=>{"use strict";var Ice=ui&&ui.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Bce=ui&&ui.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),_q=ui&&ui.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&Ice(e,t,r);return Bce(e,t),e},Qce=ui&&ui.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(ui,"__esModule",{value:!0});ui.Path=void 0;var Uf=_q(require("path")),Ko=_q(Py()),qf=Qce(require("assert")),bce=process.platform==="win32",Ew=class{constructor(e){if(this.segments=[],typeof e=="string")if(qf.default(e,"Parameter 'itemPath' must not be empty"),e=Ko.safeTrimTrailingSeparator(e),!Ko.hasRoot(e))this.segments=e.split(Uf.sep);else{let r=e,n=Ko.dirname(r);for(;n!==r;){let i=Uf.basename(r);this.segments.unshift(i),r=n,n=Ko.dirname(r)}this.segments.unshift(r)}else{qf.default(e.length>0,"Parameter 'itemPath' must not be an empty array");for(let r=0;r<e.length;r++){let n=e[r];qf.default(n,"Parameter 'itemPath' must not contain any empty segments"),n=Ko.normalizeSeparators(e[r]),r===0&&Ko.hasRoot(n)?(n=Ko.safeTrimTrailingSeparator(n),qf.default(n===Ko.dirname(n),"Parameter 'itemPath' root segment contains information for multiple segments"),this.segments.push(n)):(qf.default(!n.includes(Uf.sep),"Parameter 'itemPath' contains unexpected path separators"),this.segments.push(n))}}}toString(){let e=this.segments[0],r=e.endsWith(Uf.sep)||bce&&/^[A-Z]:$/i.test(e);for(let n=1;n<this.segments.length;n++)r?r=!1:e+=Uf.sep,e+=this.segments[n];return e}};ui.Path=Ew});var kq=h(di=>{"use strict";var Nce=di&&di.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),wce=di&&di.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Bw=di&&di.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&Nce(e,t,r);return wce(e,t),e},Sce=di&&di.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(di,"__esModule",{value:!0});di.Pattern=void 0;var xce=Bw(require("os")),Hf=Bw(require("path")),En=Bw(Py()),uA=Sce(require("assert")),Rce=yw(),Cw=Ty(),My=Dq(),no=process.platform==="win32",Iw=class t{constructor(e,r=!1,n,i){this.negate=!1;let s;if(typeof e=="string")s=e.trim();else{n=n||[],uA.default(n.length,"Parameter 'segments' must not empty");let c=t.getLiteral(n[0]);uA.default(c&&En.hasAbsoluteRoot(c),"Parameter 'segments' first element must be a root path"),s=new My.Path(n).toString().trim(),e&&(s=`!${s}`)}for(;s.startsWith("!");)this.negate=!this.negate,s=s.substr(1).trim();s=t.fixupPattern(s,i),this.segments=new My.Path(s).segments,this.trailingSeparator=En.normalizeSeparators(s).endsWith(Hf.sep),s=En.safeTrimTrailingSeparator(s);let o=!1,a=this.segments.map(c=>t.getLiteral(c)).filter(c=>!o&&!(o=c===""));this.searchPath=new My.Path(a).toString(),this.rootRegExp=new RegExp(t.regExpEscape(a[0]),no?"i":""),this.isImplicitPattern=r;let A={dot:!0,nobrace:!0,nocase:no,nocomment:!0,noext:!0,nonegate:!0};s=no?s.replace(/\\/g,"/"):s,this.minimatch=new Rce.Minimatch(s,A)}match(e){return this.segments[this.segments.length-1]==="**"?(e=En.normalizeSeparators(e),!e.endsWith(Hf.sep)&&th
`),e=e.replace(/\r/g,`
`));let i=e.split(`
`).map(s=>s.trim());for(let s of i)!s||s.startsWith("#")||n.patterns.push(new Lq.Pattern(s));return n.searchPaths.push(...Uy.getSearchPaths(n.patterns)),n})}static stat(e,r,n){return bw(this,void 0,void 0,function*(){let i;if(r.followSymbolicLinks)try{i=yield jf.promises.stat(e.path)}catch(s){if(s.code==="ENOENT"){if(r.omitBrokenSymbolicLinks){Nw.debug(`Broken symlink '${e.path}'`);return}throw new Error(`No information found for the path '${e.path}'. This may indicate a broken symbolic link.`)}throw s}else i=yield jf.promises.lstat(e.path);if(i.isDirectory()&&r.followSymbolicLinks){let s=yield jf.promises.realpath(e.path);for(;n.length>=e.level;)n.pop();if(n.some(o=>o===s)){Nw.debug(`Symlink cycle detected for path '${e.path}' and realpath '${s}'`);return}n.push(s)}return i})}};gr.DefaultGlobber=ww});var Uq=h(ul=>{"use strict";var Oce=ul&&ul.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(ul,"__esModule",{value:!0});ul.create=void 0;var Lce=Fq();function Mce(t,e){return Oce(this,void 0,void 0,function*(){return yield Lce.DefaultGlobber.create(t,e)})}ul.create=Mce});var Yq=h((ye,Gq)=>{ye=Gq.exports=xe;var Ke;typeof process=="object"&&process.env&&process.env.NODE_DEBUG&&/\bsemver\b/i.test(process.env.NODE_DEBUG)?Ke=function(){var t=Array.prototype.slice.call(arguments,0);t.unshift("SEMVER"),console.log.apply(console,t)}:Ke=function(){};ye.SEMVER_SPEC_VERSION="2.0.0";var Gf=256,qy=Number.MAX_SAFE_INTEGER||9007199254740991,Sw=16,Fce=Gf-6,dl=ye.re=[],$e=ye.safeRe=[],D=ye.src=[],x=ye.tokens={},jq=0;function De(t){x[t]=jq++}var Rw="[a-zA-Z0-9-]",xw=[["\\s",1],["\\d",Gf],[Rw,Fce]];function Jf(t){for(var e=0;e<xw.length;e++){var r=xw[e][0],n=xw[e][1];t=t.split(r+"*").join(r+"{0,"+n+"}").split(r+"+").join(r+"{1,"+n+"}")}return t}De("NUMERICIDENTIFIER");D[x.NUMERICIDENTIFIER]="0|[1-9]\\d*";De("NUMERICIDENTIFIERLOOSE");D[x.NUMERICIDENTIFIERLOOSE]="\\d+";De("NONNUMERICIDENTIFIER");D[x.NONNUMERICIDENTIFIER]="\\d*[a-zA-Z-]"+Rw+"*";De("MAINVERSION");D[x.MAINVERSION]="("+D[x.NUMERICIDENTIFIER]+")\\.("+D[x.NUMERICIDENTIFIER]+")\\.("+D[x.NUMERICIDENTIFIER]+")";De("MAINVERSIONLOOSE");D[x.MAINVERSIONLOOSE]="("+D[x.NUMERICIDENTIFIERLOOSE]+")\\.("+D[x.NUMERICIDENTIFIERLOOSE]+")\\.("+D[x.NUMERICIDENTIFIERLOOSE]+")";De("PRERELEASEIDENTIFIER");D[x.PRERELEASEIDENTIFIER]="(?:"+D[x.NUMERICIDENTIFIER]+"|"+D[x.NONNUMERICIDENTIFIER]+")";De("PRERELEASEIDENTIFIERLOOSE");D[x.PRERELEASEIDENTIFIERLOOSE]="(?:"+D[x.NUMERICIDENTIFIERLOOSE]+"|"+D[x.NONNUMERICIDENTIFIER]+")";De("PRERELEASE");D[x.PRERELEASE]="(?:-("+D[x.PRERELEASEIDENTIFIER]+"(?:\\."+D[x.PRERELEASEIDENTIFIER]+")*))";De("PRERELEASELOOSE");D[x.PRERELEASELOOSE]="(?:-?("+D[x.PRERELEASEIDENTIFIERLOOSE]+"(?:\\."+D[x.PRERELEASEIDENTIFIERLOOSE]+")*))";De("BUILDIDENTIFIER");D[x.BUILDIDENTIFIER]=Rw+"+";De("BUILD");D[x.BUILD]="(?:\\+("+D[x.BUILDIDENTIFIER]+"(?:\\."+D[x.BUILDIDENTIFIER]+")*))";De("FULL");De("FULLPLAIN");D[x.FULLPLAIN]="v?"+D[x.MAINVERSION]+D[x.PRERELEASE]+"?"+D[x.BUILD]+"?";D[x.FULL]="^"+D[x.FULLPLAIN]+"$";De("LOOSEPLAIN");D[x.LOOSEPLAIN]="[v=\\s]*"+D[x.MAINVERSIONLOOSE]+D[x.PRERELEASELOOSE]+"?"+D[x.BUILD]+"?";De("LOOSE");D[x.LOOSE]="^"+D[x.LOOSEPLAIN]+"$";De("GTLT");D[x.GTLT]="((?:<|>)?=?)";De("XRANGEIDENTIFIERLOOSE");D[x.XRANGEIDENTIFIERLOOSE]=D[x.NUMERICIDENTIFIERLOOSE]+"|x|X|\\*";De("XRANGEIDENTIFIER");D[x.XRANGEIDENTIFIER]=D[x.NUMERICIDENTIFIER]+"|x|X|\\*";De("XRANGEPLAIN");D[x.XRANGEPLAIN]="[v=\\s]*("+D[x.XRANGEIDENTIFIER]+")(?:\\.("+D[x.XRANGEIDENTIFIER]+")(?:\\.("+D[x.XRANGEIDENTIFIER]+")(?:"+D[x.PRERELEASE]+")?"+D[x.BUILD]+"?)?)?";De("XRANGEPLAINLOOSE");D[x.XRANGEPLAINLOOSE]="[v=\\s]*("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:"+D[x.PRERELEASELOOSE]+")?"+D[x.BUILD]+"?)?)?";De("XRANGE");D[x.XRANGE]="^"+D[x.GTLT]+"\\s*"+D[x.XRANGEPLAI
`),{implicitDescendants:!1});try{for(var c=!0,l=ble(A.globGenerator()),u;u=yield l.next(),e=u.done,!e;c=!0){i=u.value,c=!1;let d=i,f=Gy.relative(a,d).replace(new RegExp(`\\${Gy.sep}`,"g"),"/");Wf.debug(`Matched: ${f}`),f===""?o.push("."):o.push(`${f}`)}}catch(d){r={error:d}}finally{try{!c&&!e&&(n=l.return)&&(yield n.call(l))}finally{if(r)throw r.error}}return o})}Ye.resolvePaths=Dle;function kle(t){return hl(this,void 0,void 0,function*(){return xle.promisify(Pw.unlink)(t)})}Ye.unlinkFile=kle;function Xq(t,e=[]){return hl(this,void 0,void 0,function*(){let r="";e.push("--version"),Wf.debug(`Checking ${t} ${e.join(" ")}`);try{yield Nle.exec(`${t}`,e,{ignoreReturnCode:!0,silent:!0,listeners:{stdout:n=>r+=n.toString(),stderr:n=>r+=n.toString()}})}catch(n){Wf.debug(n.message)}return r=r.trim(),Wf.debug(r),r})}function Ple(){return hl(this,void 0,void 0,function*(){let t=yield Xq("zstd",["--quiet"]),e=Sle.clean(t);return Wf.debug(`zstd version: ${e}`),t===""?hA.CompressionMethod.Gzip:hA.CompressionMethod.ZstdWithoutLong})}Ye.getCompressionMethod=Ple;function Tle(t){return t===hA.CompressionMethod.Gzip?hA.CacheFilename.Gzip:hA.CacheFilename.Zstd}Ye.getCacheFileName=Tle;function Ole(){return hl(this,void 0,void 0,function*(){return Pw.existsSync(hA.GnuTarPathOnWindows)?hA.GnuTarPathOnWindows:(yield Xq("tar")).toLowerCase().includes("gnu tar")?$q.which("tar"):""})}Ye.getGnuTarPathOnWindows=Ole;function Lle(t,e){if(e===void 0)throw Error(`Expected ${t} but value was undefiend`);return e}Ye.assertDefined=Lle;function Mle(t,e,r=!1){let n=t.slice();return e&&n.push(e),process.platform==="win32"&&!r&&n.push("windows-only"),n.push(Rle),Kq.createHash("sha256").update(n.join("|")).digest("hex")}Ye.getCacheVersion=Mle;function Fle(){let t=process.env.ACTIONS_RUNTIME_TOKEN;if(!t)throw new Error("Unable to get the ACTIONS_RUNTIME_TOKEN env variable");return t}Ye.getRuntimeToken=Fle});var hi={};JX(hi,{__addDisposableResource:()=>Q2,__assign:()=>Yy,__asyncDelegator:()=>g2,__asyncGenerator:()=>h2,__asyncValues:()=>m2,__await:()=>ml,__awaiter:()=>A2,__classPrivateFieldGet:()=>C2,__classPrivateFieldIn:()=>B2,__classPrivateFieldSet:()=>I2,__createBinding:()=>Vy,__decorate:()=>t2,__disposeResources:()=>b2,__esDecorate:()=>n2,__exportStar:()=>l2,__extends:()=>Zq,__generator:()=>c2,__importDefault:()=>E2,__importStar:()=>y2,__makeTemplateObject:()=>p2,__metadata:()=>a2,__param:()=>r2,__propKey:()=>s2,__read:()=>Lw,__rest:()=>e2,__rewriteRelativeImportExtension:()=>N2,__runInitializers:()=>i2,__setFunctionName:()=>o2,__spread:()=>u2,__spreadArray:()=>f2,__spreadArrays:()=>d2,__values:()=>Jy,default:()=>Hle});function Zq(t,e){if(typeof e!="function"&&e!==null)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");Tw(t,e);function r(){this.constructor=t}t.prototype=e===null?Object.create(e):(r.prototype=e.prototype,new r)}function e2(t,e){var r={};for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&e.indexOf(n)<0&&(r[n]=t[n]);if(t!=null&&typeof Object.getOwnPropertySymbols=="function")for(var i=0,n=Object.getOwnPropertySymbols(t);i<n.length;i++)e.indexOf(n[i])<0&&Object.prototype.propertyIsEnumerable.call(t,n[i])&&(r[n[i]]=t[n[i]]);return r}function t2(t,e,r,n){var i=arguments.length,s=i<3?e:n===null?n=Object.getOwnPropertyDescriptor(e,r):n,o;if(typeof Reflect=="object"&&typeof Reflect.decorate=="function")s=Reflect.decorate(t,e,r,n);else for(var a=t.length-1;a>=0;a--)(o=t[a])&&(s=(i<3?o(s):i>3?o(e,r,s):o(e,r))||s);return i>3&&s&&Object.defineProperty(e,r,s),s}function r2(t,e){return function(r,n){e(r,n,t)}}function n2(t,e,r,n,i,s){function o(C){if(C!==void 0&&typeof C!="function")throw new TypeError("Function expected");return C}for(var a=n.kind,A=a==="getter"?"get":a==="setter"?"set":"value",c=!e&&t?n.static?t:t.prototype:null,l=e||(c?Object.getOwnPropertyDescriptor(c,n.name):{}),u,d=!1,f=r.length-1;f>=0;f--){var g={};for(var m in n)g[m]=m==="access"?{}:n[m];for(var m in n.access)g.access[m]=n.access[m];g.addInitializer=function(C){if(d)throw new TypeError("Cannot add initializers after decoration has completed"
 ${Cue.sanitize(Object.assign(Object.assign({},this),{request:this.request,response:this.response}))}`,enumerable:!1}),Object.setPrototypeOf(this,t.prototype)}};eh.RestError=pl;pl.REQUEST_SEND_ERROR="REQUEST_SEND_ERROR";pl.PARSE_ERROR="PARSE_ERROR";function Iue(t){return t instanceof pl?!0:(0,pue.isError)(t)&&t.name==="RestError"}});var gA=h(nE=>{"use strict";Object.defineProperty(nE,"__esModule",{value:!0});nE.uint8ArrayToString=Bue;nE.stringToUint8Array=Que;function Bue(t,e){return Buffer.from(t).toString(e)}function Que(t,e){return Buffer.from(t,e)}});var th=h(iE=>{"use strict";Object.defineProperty(iE,"__esModule",{value:!0});iE.logger=void 0;var bue=Xf();iE.logger=(0,bue.createClientLogger)("ts-http-runtime")});var V2=h(oE=>{"use strict";Object.defineProperty(oE,"__esModule",{value:!0});oE.getBodyLength=J2;oE.createNodeHttpClient=Due;var lS=(gi(),Ui(hi)),aS=lS.__importStar(require("node:http")),AS=lS.__importStar(require("node:https")),j2=lS.__importStar(require("node:zlib")),Nue=require("node:stream"),z2=$f(),wue=ea(),nh=yl(),El=th(),Sue=Zf(),xue={};function rh(t){return t&&typeof t.pipe=="function"}function G2(t){return t.readable===!1?Promise.resolve():new Promise(e=>{let r=()=>{e(),t.removeListener("close",r),t.removeListener("end",r),t.removeListener("error",r)};t.on("close",r),t.on("end",r),t.on("error",r)})}function Y2(t){return t&&typeof t.byteLength=="number"}var sE=class extends Nue.Transform{_transform(e,r,n){this.push(e),this.loadedBytes+=e.length;try{this.progressCallback({loadedBytes:this.loadedBytes}),n()}catch(i){n(i)}}constructor(e){super(),this.loadedBytes=0,this.progressCallback=e}},cS=class{constructor(){this.cachedHttpsAgents=new WeakMap}async sendRequest(e){var r,n,i;let s=new AbortController,o;if(e.abortSignal){if(e.abortSignal.aborted)throw new z2.AbortError("The operation was aborted. Request has already been canceled.");o=d=>{d.type==="abort"&&s.abort()},e.abortSignal.addEventListener("abort",o)}let a;e.timeout>0&&(a=setTimeout(()=>{let d=new Sue.Sanitizer;El.logger.info(`request to '${d.sanitizeUrl(e.url)}' timed out. canceling...`),s.abort()},e.timeout));let A=e.headers.get("Accept-Encoding"),c=A?.includes("gzip")||A?.includes("deflate"),l=typeof e.body=="function"?e.body():e.body;if(l&&!e.headers.has("Content-Length")){let d=J2(l);d!==null&&e.headers.set("Content-Length",d)}let u;try{if(l&&e.onUploadProgress){let C=e.onUploadProgress,I=new sE(C);I.on("error",N=>{El.logger.error("Error in upload progress",N)}),rh(l)?l.pipe(I):I.end(l),l=I}let d=await this.makeRequest(e,s,l);a!==void 0&&clearTimeout(a);let f=Rue(d),m={status:(r=d.statusCode)!==null&&r!==void 0?r:0,headers:f,request:e};if(e.method==="HEAD")return d.resume(),m;u=c?vue(d,f):d;let E=e.onDownloadProgress;if(E){let C=new sE(E);C.on("error",I=>{El.logger.error("Error in download progress",I)}),u.pipe(C),u=C}return!((n=e.streamResponseStatusCodes)===null||n===void 0)&&n.has(Number.POSITIVE_INFINITY)||!((i=e.streamResponseStatusCodes)===null||i===void 0)&&i.has(m.status)?m.readableStreamBody=u:m.bodyAsText=await _ue(u),m}finally{if(e.abortSignal&&o){let d=Promise.resolve();rh(l)&&(d=G2(l));let f=Promise.resolve();rh(u)&&(f=G2(u)),Promise.all([d,f]).then(()=>{var g;o&&((g=e.abortSignal)===null||g===void 0||g.removeEventListener("abort",o))}).catch(g=>{El.logger.warning("Error when cleaning up abortListener on httpRequest",g)})}}}makeRequest(e,r,n){var i;let s=new URL(e.url),o=s.protocol!=="https:";if(o&&!e.allowInsecureConnection)throw new Error(`Cannot connect to ${e.url} while allowInsecureConnection is false.`);let a=(i=e.agent)!==null&&i!==void 0?i:this.getOrCreateAgent(e,o),A=Object.assign({agent:a,hostname:s.hostname,path:`${s.pathname}${s.search}`,port:s.port,method:e.method,headers:e.headers.toJSON({preserveCase:!0})},e.requestOverrides);return new Promise((c,l)=>{let u=o?aS.request(A,c):AS.request(A,c);u.once("error",d=>{var f;l(new nh.RestError(d.message,{code:(f=d.code)!==null&&f!==void 0?f:nh.RestError.REQUEST_SEND_ERROR,request:e}))}),r.signal.addEventListener("abort",()=>{let d=new z2.AbortError("The operation was abo
`).join(`
`+s),t.push(i+"m+"+mE.exports.humanize(this.diff)+"\x1B[0m")}else t[0]=qde()+e+" "+t[0]}function qde(){return mr.inspectOpts.hideDate?"":new Date().toISOString()+" "}function Hde(...t){return process.stderr.write(gE.formatWithOptions(mr.inspectOpts,...t)+`
`)}function jde(t){t?process.env.DEBUG=t:delete process.env.DEBUG}function zde(){return process.env.DEBUG}function Gde(t){t.inspectOpts={};let e=Object.keys(mr.inspectOpts);for(let r=0;r<e.length;r++)t.inspectOpts[e[r]]=mr.inspectOpts[e[r]]}mE.exports=DS()(mr);var{formatters:dH}=mE.exports;dH.o=function(t){return this.inspectOpts.colors=this.useColors,gE.inspect(t,this.inspectOpts).split(`
`).map(e=>e.trim()).join(" ")};dH.O=function(t){return this.inspectOpts.colors=this.useColors,gE.inspect(t,this.inspectOpts)}});var pE=h((EFe,kS)=>{typeof process>"u"||process.type==="renderer"||process.browser===!0||process.__nwjs?kS.exports=uH():kS.exports=fH()});var mH=h(In=>{"use strict";var Yde=In&&In.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Jde=In&&In.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),hH=In&&In.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&Yde(e,t,r);return Jde(e,t),e};Object.defineProperty(In,"__esModule",{value:!0});In.req=In.json=In.toBuffer=void 0;var Vde=hH(require("http")),Wde=hH(require("https"));async function gH(t){let e=0,r=[];for await(let n of t)e+=n.length,r.push(n);return Buffer.concat(r,e)}In.toBuffer=gH;async function $de(t){let r=(await gH(t)).toString("utf8");try{return JSON.parse(r)}catch(n){let i=n;throw i.message+=` (input: ${r})`,i}}In.json=$de;function Kde(t,e={}){let n=((typeof t=="string"?t:t.href).startsWith("https:")?Wde:Vde).request(t,e),i=new Promise((s,o)=>{n.once("response",s).once("error",o).end()});return n.then=i.then.bind(i),n}In.req=Kde});var TS=h(Jn=>{"use strict";var yH=Jn&&Jn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Xde=Jn&&Jn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),EH=Jn&&Jn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&yH(e,t,r);return Xde(e,t),e},Zde=Jn&&Jn.__exportStar||function(t,e){for(var r in t)r!=="default"&&!Object.prototype.hasOwnProperty.call(e,r)&&yH(e,t,r)};Object.defineProperty(Jn,"__esModule",{value:!0});Jn.Agent=void 0;var efe=EH(require("net")),pH=EH(require("http")),tfe=require("https");Zde(mH(),Jn);var Qs=Symbol("AgentBaseInternalState"),PS=class extends pH.Agent{constructor(e){super(e),this[Qs]={}}isSecureEndpoint(e){if(e){if(typeof e.secureEndpoint=="boolean")return e.secureEndpoint;if(typeof e.protocol=="string")return e.protocol==="https:"}let{stack:r}=new Error;return typeof r!="string"?!1:r.split(`
`).some(n=>n.indexOf("(https.js:")!==-1||n.indexOf("node:https:")!==-1)}incrementSockets(e){if(this.maxSockets===1/0&&this.maxTotalSockets===1/0)return null;this.sockets[e]||(this.sockets[e]=[]);let r=new efe.Socket({writable:!1});return this.sockets[e].push(r),this.totalSocketCount++,r}decrementSockets(e,r){if(!this.sockets[e]||r===null)return;let n=this.sockets[e],i=n.indexOf(r);i!==-1&&(n.splice(i,1),this.totalSocketCount--,n.length===0&&delete this.sockets[e])}getName(e){return this.isSecureEndpoint(e)?tfe.Agent.prototype.getName.call(this,e):super.getName(e)}createSocket(e,r,n){let i={...r,secureEndpoint:this.isSecureEndpoint(r)},s=this.getName(i),o=this.incrementSockets(s);Promise.resolve().then(()=>this.connect(e,i)).then(a=>{if(this.decrementSockets(s,o),a instanceof pH.Agent)try{return a.addRequest(e,i)}catch(A){return n(A)}this[Qs].currentSocket=a,super.createSocket(e,r,n)},a=>{this.decrementSockets(s,o),n(a)})}createConnection(){let e=this[Qs].currentSocket;if(this[Qs].currentSocket=void 0,!e)throw new Error("No socket was returned in the `connect()` function");return e}get defaultPort(){return this[Qs].defaultPort??(this.protocol==="https:"?443:80)}set defaultPort(e){this[Qs]&&(this[Qs].defaultPort=e)}get protocol(){return this[Qs].protocol??(this.isSecureEndpoint()?"https:":"http:")}set protocol(e){this[Qs]&&(this[Qs].protocol=e)}};Jn.Agent=PS});var CH=h(_l=>{"use strict";var rfe=_l&&_l.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(_l,"__esModule",{value:!0});_l.parseProxyResponse=void 0;var nfe=rfe(pE()),yE=(0,nfe.default)("https-proxy-agent:parse-proxy-response");function ife(t){return new Promise((e,r)=>{let n=0,i=[];function s(){let l=t.read();l?c(l):t.once("readable",s)}function o(){t.removeListener("end",a),t.removeListener("error",A),t.removeListener("readable",s)}function a(){o(),yE("onend"),r(new Error("Proxy connection ended before receiving CONNECT response"))}function A(l){o(),yE("onerror %o",l),r(l)}function c(l){i.push(l),n+=l.length;let u=Buffer.concat(i,n),d=u.indexOf(`\r
\r
`);if(d===-1){yE("have not received end of HTTP headers yet..."),s();return}let f=u.slice(0,d).toString("ascii").split(`\r
`),g=f.shift();if(!g)return t.destroy(),r(new Error("No header received from proxy CONNECT response"));let m=g.split(" "),E=+m[1],C=m.slice(2).join(" "),I={};for(let N of f){if(!N)continue;let w=N.indexOf(":");if(w===-1)return t.destroy(),r(new Error(`Invalid header from proxy CONNECT response: "${N}"`));let v=N.slice(0,w).toLowerCase(),T=N.slice(w+1).trimStart(),U=I[v];typeof U=="string"?I[v]=[U,T]:Array.isArray(U)?U.push(T):I[v]=T}yE("got proxy server response: %o %o",g,I),o(),e({connect:{statusCode:E,statusText:C,headers:I},buffered:u})}t.on("error",A),t.on("end",a),s()})}_l.parseProxyResponse=ife});var wH=h(mi=>{"use strict";var sfe=mi&&mi.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),ofe=mi&&mi.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),bH=mi&&mi.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&sfe(e,t,r);return ofe(e,t),e},NH=mi&&mi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(mi,"__esModule",{value:!0});mi.HttpsProxyAgent=void 0;var EE=bH(require("net")),IH=bH(require("tls")),afe=NH(require("assert")),Afe=NH(pE()),cfe=TS(),lfe=require("url"),ufe=CH(),oh=(0,Afe.default)("https-proxy-agent"),BH=t=>t.servername===void 0&&t.host&&!EE.isIP(t.host)?{...t,servername:t.host}:t,CE=class extends cfe.Agent{constructor(e,r){super(r),this.options={path:void 0},this.proxy=typeof e=="string"?new lfe.URL(e):e,this.proxyHeaders=r?.headers??{},oh("Creating new HttpsProxyAgent instance: %o",this.proxy.href);let n=(this.proxy.hostname||this.proxy.host).replace(/^\[|\]$/g,""),i=this.proxy.port?parseInt(this.proxy.port,10):this.proxy.protocol==="https:"?443:80;this.connectOpts={ALPNProtocols:["http/1.1"],...r?QH(r,"headers"):null,host:n,port:i}}async connect(e,r){let{proxy:n}=this;if(!r.host)throw new TypeError('No "host" provided');let i;n.protocol==="https:"?(oh("Creating `tls.Socket`: %o",this.connectOpts),i=IH.connect(BH(this.connectOpts))):(oh("Creating `net.Socket`: %o",this.connectOpts),i=EE.connect(this.connectOpts));let s=typeof this.proxyHeaders=="function"?this.proxyHeaders():{...this.proxyHeaders},o=EE.isIPv6(r.host)?`[${r.host}]`:r.host,a=`CONNECT ${o}:${r.port} HTTP/1.1\r
`;if(n.username||n.password){let d=`${decodeURIComponent(n.username)}:${decodeURIComponent(n.password)}`;s["Proxy-Authorization"]=`Basic ${Buffer.from(d).toString("base64")}`}s.Host=`${o}:${r.port}`,s["Proxy-Connection"]||(s["Proxy-Connection"]=this.keepAlive?"Keep-Alive":"close");for(let d of Object.keys(s))a+=`${d}: ${s[d]}\r
`;let A=(0,ufe.parseProxyResponse)(i);i.write(`${a}\r
`);let{connect:c,buffered:l}=await A;if(e.emit("proxyConnect",c),this.emit("proxyConnect",c,e),c.statusCode===200)return e.once("socket",dfe),r.secureEndpoint?(oh("Upgrading socket connection to TLS"),IH.connect({...QH(BH(r),"host","path","port"),socket:i})):i;i.destroy();let u=new EE.Socket({writable:!1});return u.readable=!0,e.once("socket",d=>{oh("Replaying proxy buffer for failed request"),(0,afe.default)(d.listenerCount("data")>0),d.push(l),d.push(null)}),u}};CE.protocols=["http","https"];mi.HttpsProxyAgent=CE;function dfe(t){t.resume()}function QH(t,...e){let r={},n;for(n in t)e.includes(n)||(r[n]=t[n]);return r}});var RH=h(pi=>{"use strict";var ffe=pi&&pi.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),hfe=pi&&pi.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),xH=pi&&pi.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&ffe(e,t,r);return hfe(e,t),e},gfe=pi&&pi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(pi,"__esModule",{value:!0});pi.HttpProxyAgent=void 0;var mfe=xH(require("net")),pfe=xH(require("tls")),yfe=gfe(pE()),Efe=require("events"),Cfe=TS(),SH=require("url"),Dl=(0,yfe.default)("http-proxy-agent"),IE=class extends Cfe.Agent{constructor(e,r){super(r),this.proxy=typeof e=="string"?new SH.URL(e):e,this.proxyHeaders=r?.headers??{},Dl("Creating new HttpProxyAgent instance: %o",this.proxy.href);let n=(this.proxy.hostname||this.proxy.host).replace(/^\[|\]$/g,""),i=this.proxy.port?parseInt(this.proxy.port,10):this.proxy.protocol==="https:"?443:80;this.connectOpts={...r?Ife(r,"headers"):null,host:n,port:i}}addRequest(e,r){e._header=null,this.setRequestProps(e,r),super.addRequest(e,r)}setRequestProps(e,r){let{proxy:n}=this,i=r.secureEndpoint?"https:":"http:",s=e.getHeader("host")||"localhost",o=`${i}//${s}`,a=new SH.URL(e.path,o);r.port!==80&&(a.port=String(r.port)),e.path=String(a);let A=typeof this.proxyHeaders=="function"?this.proxyHeaders():{...this.proxyHeaders};if(n.username||n.password){let c=`${decodeURIComponent(n.username)}:${decodeURIComponent(n.password)}`;A["Proxy-Authorization"]=`Basic ${Buffer.from(c).toString("base64")}`}A["Proxy-Connection"]||(A["Proxy-Connection"]=this.keepAlive?"Keep-Alive":"close");for(let c of Object.keys(A)){let l=A[c];l&&e.setHeader(c,l)}}async connect(e,r){e._header=null,e.path.includes("://")||this.setRequestProps(e,r);let n,i;Dl("Regenerating stored HTTP header string for request"),e._implicitHeader(),e.outputData&&e.outputData.length>0&&(Dl("Patching connection write() output buffer with updated header"),n=e.outputData[0].data,i=n.indexOf(`\r
\r
`)+4,e.outputData[0].data=e._header+n.substring(i),Dl("Output buffer: %o",e.outputData[0].data));let s;return this.proxy.protocol==="https:"?(Dl("Creating `tls.Socket`: %o",this.connectOpts),s=pfe.connect(this.connectOpts)):(Dl("Creating `net.Socket`: %o",this.connectOpts),s=mfe.connect(this.connectOpts)),await(0,Efe.once)(s,"connect"),s}};IE.protocols=["http","https"];pi.HttpProxyAgent=IE;function Ife(t,...e){let r={},n;for(n in t)e.includes(n)||(r[n]=t[n]);return r}});var OS=h(yi=>{"use strict";Object.defineProperty(yi,"__esModule",{value:!0});yi.globalNoProxyList=yi.proxyPolicyName=void 0;yi.loadNoProxy=PH;yi.getDefaultProxySettings=_fe;yi.proxyPolicy=kfe;var Bfe=wH(),Qfe=RH(),bfe=th(),Nfe="HTTPS_PROXY",wfe="HTTP_PROXY",Sfe="ALL_PROXY",xfe="NO_PROXY";yi.proxyPolicyName="proxyPolicy";yi.globalNoProxyList=[];var DH=!1,Rfe=new Map;function BE(t){if(process.env[t])return process.env[t];if(process.env[t.toLowerCase()])return process.env[t.toLowerCase()]}function kH(){if(!process)return;let t=BE(Nfe),e=BE(Sfe),r=BE(wfe);return t||e||r}function vfe(t,e,r){if(e.length===0)return!1;let n=new URL(t).hostname;if(r?.has(n))return r.get(n);let i=!1;for(let s of e)s[0]==="."?(n.endsWith(s)||n.length===s.length-1&&n===s.slice(1))&&(i=!0):n===s&&(i=!0);return r?.set(n,i),i}function PH(){let t=BE(xfe);return DH=!0,t?t.split(",").map(e=>e.trim()).filter(e=>e.length):[]}function _fe(t){if(!t&&(t=kH(),!t))return;let e=new URL(t);return{host:(e.protocol?e.protocol+"//":"")+e.hostname,port:Number.parseInt(e.port||"80"),username:e.username,password:e.password}}function Dfe(){let t=kH();return t?new URL(t):void 0}function vH(t){let e;try{e=new URL(t.host)}catch{throw new Error(`Expecting a valid host string in proxy settings, but found "${t.host}".`)}return e.port=String(t.port),t.username&&(e.username=t.username),t.password&&(e.password=t.password),e}function _H(t,e,r){if(t.agent)return;let i=new URL(t.url).protocol!=="https:";t.tlsSettings&&bfe.logger.warning("TLS settings are not supported in combination with custom Proxy, certificates provided to the client will be ignored.");let s=t.headers.toJSON();i?(e.httpProxyAgent||(e.httpProxyAgent=new Qfe.HttpProxyAgent(r,{headers:s})),t.agent=e.httpProxyAgent):(e.httpsProxyAgent||(e.httpsProxyAgent=new Bfe.HttpsProxyAgent(r,{headers:s})),t.agent=e.httpsProxyAgent)}function kfe(t,e){DH||yi.globalNoProxyList.push(...PH());let r=t?vH(t):Dfe(),n={};return{name:yi.proxyPolicyName,async sendRequest(i,s){var o;return!i.proxySettings&&r&&!vfe(i.url,(o=e?.customNoProxyList)!==null&&o!==void 0?o:yi.globalNoProxyList,e?.customNoProxyList?void 0:Rfe)?_H(i,n,r):i.proxySettings&&_H(i,n,vH(i.proxySettings)),s(i)}}}});var LS=h(kl=>{"use strict";Object.defineProperty(kl,"__esModule",{value:!0});kl.agentPolicyName=void 0;kl.agentPolicy=Pfe;kl.agentPolicyName="agentPolicy";function Pfe(t){return{name:kl.agentPolicyName,sendRequest:async(e,r)=>(e.agent||(e.agent=t),r(e))}}});var MS=h(Pl=>{"use strict";Object.defineProperty(Pl,"__esModule",{value:!0});Pl.tlsPolicyName=void 0;Pl.tlsPolicy=Tfe;Pl.tlsPolicyName="tlsPolicy";function Tfe(t){return{name:Pl.tlsPolicyName,sendRequest:async(e,r)=>(e.tlsSettings||(e.tlsSettings=t),r(e))}}});var ah=h(yA=>{"use strict";Object.defineProperty(yA,"__esModule",{value:!0});yA.isNodeReadableStream=TH;yA.isWebReadableStream=OH;yA.isBinaryBody=Ofe;yA.isReadableStream=LH;yA.isBlob=Lfe;function TH(t){return!!(t&&typeof t.pipe=="function")}function OH(t){return!!(t&&typeof t.getReader=="function"&&typeof t.tee=="function")}function Ofe(t){return t!==void 0&&(t instanceof Uint8Array||LH(t)||typeof t=="function"||t instanceof Blob)}function LH(t){return TH(t)||OH(t)}function Lfe(t){return typeof t.stream=="function"}});var UH=h(US=>{"use strict";Object.defineProperty(US,"__esModule",{value:!0});US.concat=qfe;var oo=(gi(),Ui(hi)),FS=require("stream"),Mfe=ah();function MH(){return oo.__asyncGenerator(this,arguments,function*(){let e=this.getReader();try{for(;;){let{done:r,value:n}=yield oo.__await(e.read());if(r)return yield oo.__await(void 0);yield yield oo.__await(n)}}finally{e.releaseLock
`;return e}function Jfe(t){return t instanceof Uint8Array?t.byteLength:(0,Hfe.isBlob)(t)?t.size===-1?void 0:t.size:void 0}function Vfe(t){let e=0;for(let r of t){let n=Jfe(r);if(n===void 0)return;e+=n}return e}async function Wfe(t,e,r){let n=[(0,Tl.stringToUint8Array)(`--${r}`,"utf-8"),...e.flatMap(s=>[(0,Tl.stringToUint8Array)(`\r
`,"utf-8"),(0,Tl.stringToUint8Array)(Yfe(s.headers),"utf-8"),(0,Tl.stringToUint8Array)(`\r
`,"utf-8"),s.body,(0,Tl.stringToUint8Array)(`\r
--${r}`,"utf-8")]),(0,Tl.stringToUint8Array)(`--\r
\r
`,"utf-8")],i=Vfe(n);i&&t.headers.set("Content-Length",i),t.body=await(0,zfe.concat)(n)}Ol.multipartPolicyName="multipartPolicy";var $fe=70,Kfe=new Set("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'()+,-./:=?");function Xfe(t){if(t.length>$fe)throw new Error(`Multipart boundary "${t}" exceeds maximum length of 70 characters`);if(Array.from(t).some(e=>!Kfe.has(e)))throw new Error(`Multipart boundary "${t}" contains invalid characters`)}function Zfe(){return{name:Ol.multipartPolicyName,async sendRequest(t,e){var r;if(!t.multipartBody)return e(t);if(t.body)throw new Error("multipartBody and regular body cannot be set at the same time");let n=t.multipartBody.boundary,i=(r=t.headers.get("Content-Type"))!==null&&r!==void 0?r:"multipart/mixed",s=i.match(/^(multipart\/[^ ;]+)(?:; *boundary=(.+))?$/);if(!s)throw new Error(`Got multipart request body, but content-type header was not multipart: ${i}`);let[,o,a]=s;if(a&&n&&a!==n)throw new Error(`Multipart boundary was specified as ${a} in the header, but got ${n} in the request body`);return n??(n=a),n?Xfe(n):n=Gfe(),t.headers.set("Content-Type",`${o}; boundary=${n}`),await Wfe(t,t.multipartBody.parts,n),t.multipartBody=void 0,e(t)}}}});var jH=h(HS=>{"use strict";Object.defineProperty(HS,"__esModule",{value:!0});HS.createPipelineFromOptions=lhe;var ehe=fS(),the=tS(),rhe=hS(),nhe=pS(),ihe=yS(),she=wS(),ohe=_S(),qH=sh(),ahe=OS(),Ahe=LS(),che=MS(),HH=qS();function lhe(t){let e=(0,the.createEmptyPipeline)();return qH.isNodeLike&&(t.agent&&e.addPolicy((0,Ahe.agentPolicy)(t.agent)),t.tlsOptions&&e.addPolicy((0,che.tlsPolicy)(t.tlsOptions)),e.addPolicy((0,ahe.proxyPolicy)(t.proxyOptions)),e.addPolicy((0,ihe.decompressResponsePolicy)())),e.addPolicy((0,ohe.formDataPolicy)(),{beforePolicies:[HH.multipartPolicyName]}),e.addPolicy((0,nhe.userAgentPolicy)(t.userAgentOptions)),e.addPolicy((0,HH.multipartPolicy)(),{afterPhase:"Deserialize"}),e.addPolicy((0,she.defaultRetryPolicy)(t.retryOptions),{phase:"Retry"}),qH.isNodeLike&&e.addPolicy((0,rhe.redirectPolicy)(t.redirectOptions),{afterPhase:"Retry"}),e.addPolicy((0,ehe.logPolicy)(t.loggingOptions),{afterPhase:"Sign"}),e}});var zH=h(Ll=>{"use strict";Object.defineProperty(Ll,"__esModule",{value:!0});Ll.apiVersionPolicyName=void 0;Ll.apiVersionPolicy=uhe;Ll.apiVersionPolicyName="ApiVersionPolicy";function uhe(t){return{name:Ll.apiVersionPolicyName,sendRequest:(e,r)=>{let n=new URL(e.url);return!n.searchParams.get("api-version")&&t.apiVersion&&(e.url=`${e.url}${Array.from(n.searchParams.keys()).length>0?"&":"?"}api-version=${t.apiVersion}`),r(e)}}}});var GH=h(Ml=>{"use strict";Object.defineProperty(Ml,"__esModule",{value:!0});Ml.isOAuth2TokenCredential=dhe;Ml.isBearerTokenCredential=fhe;Ml.isBasicCredential=hhe;Ml.isApiKeyCredential=ghe;function dhe(t){return"getOAuth2Token"in t}function fhe(t){return"getBearerToken"in t}function hhe(t){return"username"in t&&"password"in t}function ghe(t){return"key"in t}});var Ah=h(jS=>{"use strict";Object.defineProperty(jS,"__esModule",{value:!0});jS.ensureSecureConnection=Ehe;var mhe=th(),YH=!1;function phe(t,e){if(e.allowInsecureConnection&&t.allowInsecureConnection){let r=new URL(t.url);if(r.hostname==="localhost"||r.hostname==="127.0.0.1")return!0}return!1}function yhe(){let t="Sending token over insecure transport. Assume any token issued is compromised.";mhe.logger.warning(t),typeof(process==null?void 0:process.emitWarning)=="function"&&!YH&&(YH=!0,process.emitWarning(t))}function Ehe(t,e){if(!t.url.toLowerCase().startsWith("https://"))if(phe(t,e))yhe();else throw new Error("Authentication is not permitted for non-TLS protected (non-https) URLs when allowInsecureConnection is false.")}});var JH=h(Fl=>{"use strict";Object.defineProperty(Fl,"__esModule",{value:!0});Fl.apiKeyAuthenticationPolicyName=void 0;Fl.apiKeyAuthenticationPolicy=Ihe;var Che=Ah();Fl.apiKeyAuthenticationPolicyName="apiKeyAuthenticationPolicy";function Ihe(t){return{name:Fl.apiKeyAuthenticationPolicyName,async sendRequest(e,r){var n,i;(0,Che.ensureSecureConnection)(e,t);let s=(i=(n=e.authSchemes)!==null&&n!==void 0?n:t.a
`).join(""))}return e(t)}}}});var vz=h(BA=>{"use strict";Object.defineProperty(BA,"__esModule",{value:!0});BA.auxiliaryAuthenticationHeaderPolicyName=void 0;BA.auxiliaryAuthenticationHeaderPolicy=eye;var Kpe=Fx(),Xpe=lh();BA.auxiliaryAuthenticationHeaderPolicyName="auxiliaryAuthenticationHeaderPolicy";var Rz="x-ms-authorization-auxiliary";async function Zpe(t){var e,r;let{scopes:n,getAccessToken:i,request:s}=t,o={abortSignal:s.abortSignal,tracingOptions:s.tracingOptions};return(r=(e=await i(n,o))===null||e===void 0?void 0:e.token)!==null&&r!==void 0?r:""}function eye(t){let{credentials:e,scopes:r}=t,n=t.logger||Xpe.logger,i=new WeakMap;return{name:BA.auxiliaryAuthenticationHeaderPolicyName,async sendRequest(s,o){if(!s.url.toLowerCase().startsWith("https://"))throw new Error("Bearer token authentication for auxiliary header is not permitted for non-TLS protected (non-https) URLs.");if(!e||e.length===0)return n.info(`${BA.auxiliaryAuthenticationHeaderPolicyName} header will not be set due to empty credentials.`),o(s);let a=[];for(let c of e){let l=i.get(c);l||(l=(0,Kpe.createTokenCycler)(c),i.set(c,l)),a.push(Zpe({scopes:Array.isArray(r)?r:[r],request:s,getAccessToken:l,logger:n}))}let A=(await Promise.all(a)).filter(c=>!!c);return A.length===0?(n.warning(`None of the auxiliary tokens are valid. ${Rz} header will not be set.`),o(s)):(s.headers.set(Rz,A.map(c=>`Bearer ${c}`).join(", ")),o(s))}}}});var Ao=h(L=>{"use strict";Object.defineProperty(L,"__esModule",{value:!0});L.createFileFromStream=L.createFile=L.agentPolicyName=L.agentPolicy=L.auxiliaryAuthenticationHeaderPolicyName=L.auxiliaryAuthenticationHeaderPolicy=L.ndJsonPolicyName=L.ndJsonPolicy=L.bearerTokenAuthenticationPolicyName=L.bearerTokenAuthenticationPolicy=L.formDataPolicyName=L.formDataPolicy=L.tlsPolicyName=L.tlsPolicy=L.userAgentPolicyName=L.userAgentPolicy=L.defaultRetryPolicy=L.tracingPolicyName=L.tracingPolicy=L.retryPolicy=L.throttlingRetryPolicyName=L.throttlingRetryPolicy=L.systemErrorRetryPolicyName=L.systemErrorRetryPolicy=L.redirectPolicyName=L.redirectPolicy=L.getDefaultProxySettings=L.proxyPolicyName=L.proxyPolicy=L.multipartPolicyName=L.multipartPolicy=L.logPolicyName=L.logPolicy=L.setClientRequestIdPolicyName=L.setClientRequestIdPolicy=L.exponentialRetryPolicyName=L.exponentialRetryPolicy=L.decompressResponsePolicyName=L.decompressResponsePolicy=L.isRestError=L.RestError=L.createPipelineRequest=L.createHttpHeaders=L.createDefaultHttpClient=L.createPipelineFromOptions=L.createEmptyPipeline=void 0;var tye=ex();Object.defineProperty(L,"createEmptyPipeline",{enumerable:!0,get:function(){return tye.createEmptyPipeline}});var rye=dz();Object.defineProperty(L,"createPipelineFromOptions",{enumerable:!0,get:function(){return rye.createPipelineFromOptions}});var nye=fz();Object.defineProperty(L,"createDefaultHttpClient",{enumerable:!0,get:function(){return nye.createDefaultHttpClient}});var iye=hz();Object.defineProperty(L,"createHttpHeaders",{enumerable:!0,get:function(){return iye.createHttpHeaders}});var sye=gz();Object.defineProperty(L,"createPipelineRequest",{enumerable:!0,get:function(){return sye.createPipelineRequest}});var _z=HE();Object.defineProperty(L,"RestError",{enumerable:!0,get:function(){return _z.RestError}});Object.defineProperty(L,"isRestError",{enumerable:!0,get:function(){return _z.isRestError}});var Dz=yx();Object.defineProperty(L,"decompressResponsePolicy",{enumerable:!0,get:function(){return Dz.decompressResponsePolicy}});Object.defineProperty(L,"decompressResponsePolicyName",{enumerable:!0,get:function(){return Dz.decompressResponsePolicyName}});var kz=pz();Object.defineProperty(L,"exponentialRetryPolicy",{enumerable:!0,get:function(){return kz.exponentialRetryPolicy}});Object.defineProperty(L,"exponentialRetryPolicyName",{enumerable:!0,get:function(){return kz.exponentialRetryPolicyName}});var Pz=Qx();Object.defineProperty(L,"setClientRequestIdPolicy",{enumerable:!0,get:function(){return Pz.setClientRequestIdPolicy}});Object.defineProperty(L,"setClientRequestIdPolicyName",{enumerable:!0,get:function(){return Pz.setClientReques
`&&p[b]!=="\r";b++)P+=p[b];if(P=P.trim(),P[P.length-1]==="/"&&(P=P.substring(0,P.length-1),b--),!s(P)){let ae;return ae=P.trim().length===0?"Invalid space after '<'.":"Tag '"+P+"' is an invalid name.",C("InvalidTag",ae,N(p,b))}let z=f(p,b);if(z===!1)return C("InvalidAttr","Attributes for '"+P+"' have open quote.",N(p,b));let Ee=z.value;if(b=z.index,Ee[Ee.length-1]==="/"){let ae=b-Ee.length;Ee=Ee.substring(0,Ee.length-1);let Fe=m(Ee,y);if(Fe!==!0)return C(Fe.err.code,Fe.err.msg,N(p,ae+Fe.err.line));S=!0}else if(R){if(!z.tagClosed)return C("InvalidTag","Closing tag '"+P+"' doesn't have proper closing.",N(p,b));if(Ee.trim().length>0)return C("InvalidTag","Closing tag '"+P+"' can't have attributes or invalid starting.",N(p,_));if(B.length===0)return C("InvalidTag","Closing tag '"+P+"' has not been opened.",N(p,_));{let ae=B.pop();if(P!==ae.tagName){let Fe=N(p,ae.tagStartPos);return C("InvalidTag","Expected closing tag '"+ae.tagName+"' (opened in line "+Fe.line+", col "+Fe.col+") instead of closing tag '"+P+"'.",N(p,_))}B.length==0&&(Q=!0)}}else{let ae=m(Ee,y);if(ae!==!0)return C(ae.err.code,ae.err.msg,N(p,b-Ee.length+ae.err.line));if(Q===!0)return C("InvalidXml","Multiple possible root nodes found.",N(p,b));y.unpairedTags.indexOf(P)!==-1||B.push({tagName:P,tagStartPos:_}),S=!0}for(b++;b<p.length;b++)if(p[b]==="<"){if(p[b+1]==="!"){b++,b=l(p,b);continue}if(p[b+1]!=="?")break;if(b=c(p,++b),b.err)return b}else if(p[b]==="&"){let ae=E(p,b);if(ae==-1)return C("InvalidChar","char '&' is not expected.",N(p,b));b=ae}else if(Q===!0&&!A(p[b]))return C("InvalidXml","Extra text at the end",N(p,b));p[b]==="<"&&b--}}}return S?B.length==1?C("InvalidTag","Unclosed tag '"+B[0].tagName+"'.",N(p,B[0].tagStartPos)):!(B.length>0)||C("InvalidXml","Invalid '"+JSON.stringify(B.map((b=>b.tagName)),null,4).replace(/\r?\n/g,"")+"' found.",{line:1,col:1}):C("InvalidXml","Start tag expected.",1)}function A(p){return p===" "||p==="	"||p===`
`||p==="\r"}function c(p,y){let B=y;for(;y<p.length;y++)if(!(p[y]!="?"&&p[y]!=" ")){let S=p.substr(B,y-B);if(y>5&&S==="xml")return C("InvalidXml","XML declaration allowed only at the start of the document.",N(p,y));if(p[y]=="?"&&p[y+1]==">"){y++;break}}return y}function l(p,y){if(p.length>y+5&&p[y+1]==="-"&&p[y+2]==="-"){for(y+=3;y<p.length;y++)if(p[y]==="-"&&p[y+1]==="-"&&p[y+2]===">"){y+=2;break}}else if(p.length>y+8&&p[y+1]==="D"&&p[y+2]==="O"&&p[y+3]==="C"&&p[y+4]==="T"&&p[y+5]==="Y"&&p[y+6]==="P"&&p[y+7]==="E"){let B=1;for(y+=8;y<p.length;y++)if(p[y]==="<")B++;else if(p[y]===">"&&(B--,B===0))break}else if(p.length>y+9&&p[y+1]==="["&&p[y+2]==="C"&&p[y+3]==="D"&&p[y+4]==="A"&&p[y+5]==="T"&&p[y+6]==="A"&&p[y+7]==="["){for(y+=8;y<p.length;y++)if(p[y]==="]"&&p[y+1]==="]"&&p[y+2]===">"){y+=2;break}}return y}let u='"',d="'";function f(p,y){let B="",S="",Q=!1;for(;y<p.length;y++){if(p[y]===u||p[y]===d)S===""?S=p[y]:S!==p[y]||(S="");else if(p[y]===">"&&S===""){Q=!0;break}B+=p[y]}return S===""&&{value:B,index:y,tagClosed:Q}}let g=new RegExp(`(\\s*)([^\\s=]+)(\\s*=)?(\\s*(['"])(([\\s\\S])*?)\\5)?`,"g");function m(p,y){let B=i(p,g),S={};for(let Q=0;Q<B.length;Q++){if(B[Q][1].length===0)return C("InvalidAttr","Attribute '"+B[Q][2]+"' has no space in starting.",w(B[Q]));if(B[Q][3]!==void 0&&B[Q][4]===void 0)return C("InvalidAttr","Attribute '"+B[Q][2]+"' is without value.",w(B[Q]));if(B[Q][3]===void 0&&!y.allowBooleanAttributes)return C("InvalidAttr","boolean attribute '"+B[Q][2]+"' is not allowed.",w(B[Q]));let b=B[Q][2];if(!I(b))return C("InvalidAttr","Attribute '"+b+"' is an invalid name.",w(B[Q]));if(S.hasOwnProperty(b))return C("InvalidAttr","Attribute '"+b+"' is repeated.",w(B[Q]));S[b]=1}return!0}function E(p,y){if(p[++y]===";")return-1;if(p[y]==="#")return(function(S,Q){let b=/\d/;for(S[Q]==="x"&&(Q++,b=/[\da-fA-F]/);Q<S.length;Q++){if(S[Q]===";")return Q;if(!S[Q].match(b))break}return-1})(p,++y);let B=0;for(;y<p.length;y++,B++)if(!(p[y].match(/\w/)&&B<20)){if(p[y]===";")break;return-1}return y}function C(p,y,B){return{err:{code:p,msg:y,line:B.line||B,col:B.col}}}function I(p){return s(p)}function N(p,y){let B=p.substring(0,y).split(/\r?\n/);return{line:B.length,col:B[B.length-1].length+1}}function w(p){return p.startIndex+p[1].length}let v={preserveOrder:!1,attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,removeNSPrefix:!1,allowBooleanAttributes:!1,parseTagValue:!0,parseAttributeValue:!1,trimValues:!0,cdataPropName:!1,numberParseOptions:{hex:!0,leadingZeros:!0,eNotation:!0},tagValueProcessor:function(p,y){return y},attributeValueProcessor:function(p,y){return y},stopNodes:[],alwaysCreateTextNode:!1,isArray:()=>!1,commentPropName:!1,unpairedTags:[],processEntities:!0,htmlEntities:!1,ignoreDeclaration:!1,ignorePiTags:!1,transformTagName:!1,transformAttributeName:!1,updateTag:function(p,y,B){return p},captureMetaData:!1},T;T=typeof Symbol!="function"?"@@xmlMetadata":Symbol("XML Node Metadata");class U{constructor(y){this.tagname=y,this.child=[],this[":@"]={}}add(y,B){y==="__proto__"&&(y="#__proto__"),this.child.push({[y]:B})}addChild(y,B){y.tagname==="__proto__"&&(y.tagname="#__proto__"),y[":@"]&&Object.keys(y[":@"]).length>0?this.child.push({[y.tagname]:y.child,":@":y[":@"]}):this.child.push({[y.tagname]:y.child}),B!==void 0&&(this.child[this.child.length-1][T]={startIndex:B})}static getMetaDataSymbol(){return T}}function k(p,y){let B={};if(p[y+3]!=="O"||p[y+4]!=="C"||p[y+5]!=="T"||p[y+6]!=="Y"||p[y+7]!=="P"||p[y+8]!=="E")throw new Error("Invalid Tag instead of DOCTYPE");{y+=9;let S=1,Q=!1,b=!1,_="";for(;y<p.length;y++)if(p[y]!=="<"||b)if(p[y]===">"){if(b?p[y-1]==="-"&&p[y-2]==="-"&&(b=!1,S--):S--,S===0)break}else p[y]==="["?Q=!0:_+=p[y];else{if(Q&&rt(p,"!ENTITY",y)){let R,P;y+=7,[R,P,y]=be(p,y+1),P.indexOf("&")===-1&&(B[R]={regx:RegExp(`&${R};`,"g"),val:P})}else if(Q&&rt(p,"!ELEMENT",y)){y+=8;let{index:R}=_e(p,y+1);y=R}else if(Q&&rt(p,"!ATTLIST",y))y+=8;else if(Q&&rt(p,"!NOTATION",y)){y+=9;let{index:R}=Re(p,y+1);y=R}else{if(!rt(p,"!--",y))throw new Error("Invalid DOCTYPE");b=!0}S++
`);let y=new U("!xml"),B=y,S="",Q="";for(let b=0;b<p.length;b++)if(p[b]==="<")if(p[b+1]==="/"){let _=qa(p,">",b,"Closing Tag is not closed."),R=p.substring(b+2,_).trim();if(this.options.removeNSPrefix){let Ee=R.indexOf(":");Ee!==-1&&(R=R.substr(Ee+1))}this.options.transformTagName&&(R=this.options.transformTagName(R)),B&&(S=this.saveTextToParentTag(S,B,Q));let P=Q.substring(Q.lastIndexOf(".")+1);if(R&&this.options.unpairedTags.indexOf(R)!==-1)throw new Error(`Unpaired tag can not be used as closing tag: </${R}>`);let z=0;P&&this.options.unpairedTags.indexOf(P)!==-1?(z=Q.lastIndexOf(".",Q.lastIndexOf(".")-1),this.tagsNodeStack.pop()):z=Q.lastIndexOf("."),Q=Q.substring(0,z),B=this.tagsNodeStack.pop(),S="",b=_}else if(p[b+1]==="?"){let _=MQ(p,b,!1,"?>");if(!_)throw new Error("Pi Tag is not closed.");if(S=this.saveTextToParentTag(S,B,Q),!(this.options.ignoreDeclaration&&_.tagName==="?xml"||this.options.ignorePiTags)){let R=new U(_.tagName);R.add(this.options.textNodeName,""),_.tagName!==_.tagExp&&_.attrExpPresent&&(R[":@"]=this.buildAttributesMap(_.tagExp,Q,_.tagName)),this.addChild(B,R,Q,b)}b=_.closeIndex+1}else if(p.substr(b+1,3)==="!--"){let _=qa(p,"-->",b+4,"Comment is not closed.");if(this.options.commentPropName){let R=p.substring(b+4,_-2);S=this.saveTextToParentTag(S,B,Q),B.add(this.options.commentPropName,[{[this.options.textNodeName]:R}])}b=_}else if(p.substr(b+1,2)==="!D"){let _=k(p,b);this.docTypeEntities=_.entities,b=_.i}else if(p.substr(b+1,2)==="!["){let _=qa(p,"]]>",b,"CDATA is not closed.")-2,R=p.substring(b+9,_);S=this.saveTextToParentTag(S,B,Q);let P=this.parseTextData(R,B.tagname,Q,!0,!1,!0,!0);P==null&&(P=""),this.options.cdataPropName?B.add(this.options.cdataPropName,[{[this.options.textNodeName]:R}]):B.add(this.options.textNodeName,P),b=_+2}else{let _=MQ(p,b,this.options.removeNSPrefix),R=_.tagName,P=_.rawTagName,z=_.tagExp,Ee=_.attrExpPresent,ae=_.closeIndex;this.options.transformTagName&&(R=this.options.transformTagName(R)),B&&S&&B.tagname!=="!xml"&&(S=this.saveTextToParentTag(S,B,Q,!1));let Fe=B;Fe&&this.options.unpairedTags.indexOf(Fe.tagname)!==-1&&(B=this.tagsNodeStack.pop(),Q=Q.substring(0,Q.lastIndexOf("."))),R!==y.tagname&&(Q+=Q?"."+R:R);let nt=b;if(this.isItStopNode(this.options.stopNodes,Q,R)){let ze="";if(z.length>0&&z.lastIndexOf("/")===z.length-1)R[R.length-1]==="/"?(R=R.substr(0,R.length-1),Q=Q.substr(0,Q.length-1),z=R):z=z.substr(0,z.length-1),b=_.closeIndex;else if(this.options.unpairedTags.indexOf(R)!==-1)b=_.closeIndex;else{let os=this.readStopNodeData(p,P,ae+1);if(!os)throw new Error(`Unexpected end of ${P}`);b=os.i,ze=os.tagContent}let er=new U(R);R!==z&&Ee&&(er[":@"]=this.buildAttributesMap(z,Q,R)),ze&&(ze=this.parseTextData(ze,R,Q,!0,Ee,!0,!0)),Q=Q.substr(0,Q.lastIndexOf(".")),er.add(this.options.textNodeName,ze),this.addChild(B,er,Q,nt)}else{if(z.length>0&&z.lastIndexOf("/")===z.length-1){R[R.length-1]==="/"?(R=R.substr(0,R.length-1),Q=Q.substr(0,Q.length-1),z=R):z=z.substr(0,z.length-1),this.options.transformTagName&&(R=this.options.transformTagName(R));let ze=new U(R);R!==z&&Ee&&(ze[":@"]=this.buildAttributesMap(z,Q,R)),this.addChild(B,ze,Q,nt),Q=Q.substr(0,Q.lastIndexOf("."))}else{let ze=new U(R);this.tagsNodeStack.push(B),R!==z&&Ee&&(ze[":@"]=this.buildAttributesMap(z,Q,R)),this.addChild(B,ze,Q,nt),B=ze}S="",b=ae}}else S+=p[b];return y.child};function QX(p,y,B,S){this.options.captureMetaData||(S=void 0);let Q=this.options.updateTag(y.tagname,B,y[":@"]);Q===!1||(typeof Q=="string"&&(y.tagname=Q),p.addChild(y,S))}let bX=function(p){if(this.options.processEntities){for(let y in this.docTypeEntities){let B=this.docTypeEntities[y];p=p.replace(B.regx,B.val)}for(let y in this.lastEntities){let B=this.lastEntities[y];p=p.replace(B.regex,B.val)}if(this.options.htmlEntities)for(let y in this.htmlEntities){let B=this.htmlEntities[y];p=p.replace(B.regex,B.val)}p=p.replace(this.ampEntity.regex,this.ampEntity.val)}return p};function NX(p,y,B,S){return p&&(S===void 0&&(S=y.child.length===0),(p=this.parseTextData(p,y.tagname,B,!1,!!y[":@"]&&Object.keys(y[":@"]).length!==0,S))!==void 0&&p!==
`),xP(p,y,"",B)}function xP(p,y,B,S){let Q="",b=!1;for(let _=0;_<p.length;_++){let R=p[_],P=PX(R);if(P===void 0)continue;let z="";if(z=B.length===0?P:`${B}.${P}`,P===y.textNodeName){let nt=R[P];TX(z,y)||(nt=y.tagValueProcessor(P,nt),nt=vP(nt,y)),b&&(Q+=S),Q+=nt,b=!1;continue}if(P===y.cdataPropName){b&&(Q+=S),Q+=`<![CDATA[${R[P][0][y.textNodeName]}]]>`,b=!1;continue}if(P===y.commentPropName){Q+=S+`<!--${R[P][0][y.textNodeName]}-->`,b=!0;continue}if(P[0]==="?"){let nt=RP(R[":@"],y),ze=P==="?xml"?"":S,er=R[P][0][y.textNodeName];er=er.length!==0?" "+er:"",Q+=ze+`<${P}${er}${nt}?>`,b=!0;continue}let Ee=S;Ee!==""&&(Ee+=y.indentBy);let ae=S+`<${P}${RP(R[":@"],y)}`,Fe=xP(R[P],y,z,Ee);y.unpairedTags.indexOf(P)!==-1?y.suppressUnpairedNode?Q+=ae+">":Q+=ae+"/>":Fe&&Fe.length!==0||!y.suppressEmptyNode?Fe&&Fe.endsWith(">")?Q+=ae+`>${Fe}${S}</${P}>`:(Q+=ae+">",Fe&&S!==""&&(Fe.includes("/>")||Fe.includes("</"))?Q+=S+y.indentBy+Fe+S:Q+=Fe,Q+=`</${P}>`):Q+=ae+"/>",b=!0}return Q}function PX(p){let y=Object.keys(p);for(let B=0;B<y.length;B++){let S=y[B];if(p.hasOwnProperty(S)&&S!==":@")return S}}function RP(p,y){let B="";if(p&&!y.ignoreAttributes)for(let S in p){if(!p.hasOwnProperty(S))continue;let Q=y.attributeValueProcessor(S,p[S]);Q=vP(Q,y),Q===!0&&y.suppressBooleanAttributes?B+=` ${S.substr(y.attributeNamePrefix.length)}`:B+=` ${S.substr(y.attributeNamePrefix.length)}="${Q}"`}return B}function TX(p,y){let B=(p=p.substr(0,p.length-y.textNodeName.length-1)).substr(p.lastIndexOf(".")+1);for(let S in y.stopNodes)if(y.stopNodes[S]===p||y.stopNodes[S]==="*."+B)return!0;return!1}function vP(p,y){if(p&&p.length>0&&y.processEntities)for(let B=0;B<y.entities.length;B++){let S=y.entities[B];p=p.replace(S.regex,S.val)}return p}let OX={attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,cdataPropName:!1,format:!1,indentBy:"  ",suppressEmptyNode:!1,suppressUnpairedNode:!0,suppressBooleanAttributes:!0,tagValueProcessor:function(p,y){return y},attributeValueProcessor:function(p,y){return y},preserveOrder:!1,commentPropName:!1,unpairedTags:[],entities:[{regex:new RegExp("&","g"),val:"&amp;"},{regex:new RegExp(">","g"),val:"&gt;"},{regex:new RegExp("<","g"),val:"&lt;"},{regex:new RegExp("'","g"),val:"&apos;"},{regex:new RegExp('"',"g"),val:"&quot;"}],processEntities:!0,stopNodes:[],oneListGroup:!1};function Do(p){this.options=Object.assign({},OX,p),this.options.ignoreAttributes===!0||this.options.attributesGroupName?this.isAttribute=function(){return!1}:(this.ignoreAttributesFn=Mi(this.options.ignoreAttributes),this.attrPrefixLen=this.options.attributeNamePrefix.length,this.isAttribute=FX),this.processTextOrObjNode=LX,this.options.format?(this.indentate=MX,this.tagEndChar=`>
`,this.newLine=`
`):(this.indentate=function(){return""},this.tagEndChar=">",this.newLine="")}function LX(p,y,B,S){let Q=this.j2x(p,B+1,S.concat(y));return p[this.options.textNodeName]!==void 0&&Object.keys(p).length===1?this.buildTextValNode(p[this.options.textNodeName],y,Q.attrStr,B):this.buildObjectNode(Q.val,y,Q.attrStr,B)}function MX(p){return this.options.indentBy.repeat(p)}function FX(p){return!(!p.startsWith(this.options.attributeNamePrefix)||p===this.options.textNodeName)&&p.substr(this.attrPrefixLen)}Do.prototype.build=function(p){return this.options.preserveOrder?kX(p,this.options):(Array.isArray(p)&&this.options.arrayNodeName&&this.options.arrayNodeName.length>1&&(p={[this.options.arrayNodeName]:p}),this.j2x(p,0,[]).val)},Do.prototype.j2x=function(p,y,B){let S="",Q="",b=B.join(".");for(let _ in p)if(Object.prototype.hasOwnProperty.call(p,_))if(p[_]===void 0)this.isAttribute(_)&&(Q+="");else if(p[_]===null)this.isAttribute(_)||_===this.options.cdataPropName?Q+="":_[0]==="?"?Q+=this.indentate(y)+"<"+_+"?"+this.tagEndChar:Q+=this.indentate(y)+"<"+_+"/"+this.tagEndChar;else if(p[_]instanceof Date)Q+=this.buildTextValNode(p[_],_,"",y);else if(typeof p[_]!="object"){let R=this.isAttribute(_);if(R&&!this.ignoreAttributesFn(R,b))S+=this.buildAttrPairStr(R,""+p[_]);else if(!R)if(_===this.options.textNodeName){let P=this.options.tagValueProcessor(_,""+p[_]);Q+=this.replaceEntitiesValue(P)}else Q+=this.buildTextValNode(p[_],_,"",y)}else if(Array.isArray(p[_])){let R=p[_].length,P="",z="";for(let Ee=0;Ee<R;Ee++){let ae=p[_][Ee];if(ae!==void 0)if(ae===null)_[0]==="?"?Q+=this.indentate(y)+"<"+_+"?"+this.tagEndChar:Q+=this.indentate(y)+"<"+_+"/"+this.tagEndChar;else if(typeof ae=="object")if(this.options.oneListGroup){let Fe=this.j2x(ae,y+1,B.concat(_));P+=Fe.val,this.options.attributesGroupName&&ae.hasOwnProperty(this.options.attributesGroupName)&&(z+=Fe.attrStr)}else P+=this.processTextOrObjNode(ae,_,y,B);else if(this.options.oneListGroup){let Fe=this.options.tagValueProcessor(_,ae);Fe=this.replaceEntitiesValue(Fe),P+=Fe}else P+=this.buildTextValNode(ae,_,"",y)}this.options.oneListGroup&&(P=this.buildObjectNode(P,_,z,y)),Q+=P}else if(this.options.attributesGroupName&&_===this.options.attributesGroupName){let R=Object.keys(p[_]),P=R.length;for(let z=0;z<P;z++)S+=this.buildAttrPairStr(R[z],""+p[_][R[z]])}else Q+=this.processTextOrObjNode(p[_],_,y,B);return{attrStr:S,val:Q}},Do.prototype.buildAttrPairStr=function(p,y){return y=this.options.attributeValueProcessor(p,""+y),y=this.replaceEntitiesValue(y),this.options.suppressBooleanAttributes&&y==="true"?" "+p:" "+p+'="'+y+'"'},Do.prototype.buildObjectNode=function(p,y,B,S){if(p==="")return y[0]==="?"?this.indentate(S)+"<"+y+B+"?"+this.tagEndChar:this.indentate(S)+"<"+y+B+this.closeTag(y)+this.tagEndChar;{let Q="</"+y+this.tagEndChar,b="";return y[0]==="?"&&(b="?",Q=""),!B&&B!==""||p.indexOf("<")!==-1?this.options.commentPropName!==!1&&y===this.options.commentPropName&&b.length===0?this.indentate(S)+`<!--${p}-->`+this.newLine:this.indentate(S)+"<"+y+B+b+this.tagEndChar+p+this.indentate(S)+Q:this.indentate(S)+"<"+y+B+b+">"+p+Q}},Do.prototype.closeTag=function(p){let y="";return this.options.unpairedTags.indexOf(p)!==-1?this.options.suppressUnpairedNode||(y="/"):y=this.options.suppressEmptyNode?"/":`></${p}`,y},Do.prototype.buildTextValNode=function(p,y,B,S){if(this.options.cdataPropName!==!1&&y===this.options.cdataPropName)return this.indentate(S)+`<![CDATA[${p}]]>`+this.newLine;if(this.options.commentPropName!==!1&&y===this.options.commentPropName)return this.indentate(S)+`<!--${p}-->`+this.newLine;if(y[0]==="?")return this.indentate(S)+"<"+y+B+"?"+this.tagEndChar;{let Q=this.options.tagValueProcessor(y,p);return Q=this.replaceEntitiesValue(Q),Q===""?this.indentate(S)+"<"+y+B+this.closeTag(y)+this.tagEndChar:this.indentate(S)+"<"+y+B+">"+Q+"</"+y+this.tagEndChar}},Do.prototype.replaceEntitiesValue=function(p){if(p&&p.length>0&&this.options.processEntities)for(let y=0;y<this.options.entities.length;y++){let B=this.options.entities[y];p=p.replace(B.regex,B.val)}return p};let UX={validate:a};WG.e
	Polling from: ${r.config.operationLocation}
	Operation status: ${l}
	Polling status: ${iY.terminalStates.includes(l)?"Stopped":"Running"}`),l==="succeeded"){let u=o(c,r);if(u!==void 0)return{response:await e(u).catch(nY({state:r,stateProxy:n,isOperationError:a})),status:l}}return{response:c,status:l}}async function NCe(t){let{poll:e,state:r,stateProxy:n,options:i,getOperationStatus:s,getResourceLocation:o,getOperationLocation:a,isOperationError:A,withOperationLocation:c,getPollingInterval:l,processResult:u,getError:d,updateState:f,setDelay:g,isDone:m,setErrorAsResult:E}=t,{operationLocation:C}=r.config;if(C!==void 0){let{response:I,status:N}=await bCe({poll:e,getOperationStatus:s,state:r,stateProxy:n,operationLocation:C,getResourceLocation:o,isOperationError:A,options:i});if(sY({status:N,response:I,state:r,stateProxy:n,isDone:m,processResult:u,getError:d,setErrorAsResult:E}),!iY.terminalStates.includes(N)){let w=l?.(I);w&&g(w);let v=a?.(I,r);if(v!==void 0){let T=C!==v;r.config.operationLocation=v,c?.(v,T)}else c?.(C,!1)}f?.(r,I)}}sa.pollOperation=NCe});var ER=h(Ft=>{"use strict";Object.defineProperty(Ft,"__esModule",{value:!0});Ft.pollHttpOperation=Ft.isOperationError=Ft.getResourceLocation=Ft.getOperationStatus=Ft.getOperationLocation=Ft.initHttpOperation=Ft.getStatusFromInitialResponse=Ft.getErrorFromResponse=Ft.parseRetryAfter=Ft.inferLroMode=void 0;var oY=fC(),mR=uC();function aY(t){let{azureAsyncOperation:e,operationLocation:r}=t;return r??e}function AY(t){return t.headers.location}function cY(t){return t.headers["operation-location"]}function lY(t){return t.headers["azure-asyncoperation"]}function wCe(t){var e;let{location:r,requestMethod:n,requestPath:i,resourceLocationConfig:s}=t;switch(n){case"PUT":return i;case"DELETE":return;case"PATCH":return(e=o())!==null&&e!==void 0?e:i;default:return o()}function o(){switch(s){case"azure-async-operation":return;case"original-uri":return i;default:return r}}}function uY(t){let{rawResponse:e,requestMethod:r,requestPath:n,resourceLocationConfig:i}=t,s=cY(e),o=lY(e),a=aY({operationLocation:s,azureAsyncOperation:o}),A=AY(e),c=r?.toLocaleUpperCase();return a!==void 0?{mode:"OperationLocation",operationLocation:a,resourceLocation:wCe({requestMethod:c,location:A,requestPath:n,resourceLocationConfig:i})}:A!==void 0?{mode:"ResourceLocation",operationLocation:A}:c==="PUT"&&n?{mode:"Body",operationLocation:n}:void 0}Ft.inferLroMode=uY;function dY(t){let{status:e,statusCode:r}=t;if(typeof e!="string"&&e!==void 0)throw new Error(`Polling was unsuccessful. Expected status to have a string value or no value but it has instead: ${e}. This doesn't necessarily indicate the operation has failed. Check your Azure subscription or resource status for more information.`);switch(e?.toLocaleLowerCase()){case void 0:return pR(r);case"succeeded":return"succeeded";case"failed":return"failed";case"running":case"accepted":case"started":case"canceling":case"cancelling":return"running";case"canceled":case"cancelled":return"canceled";default:return mR.logger.verbose(`LRO: unrecognized operation status: ${e}`),e}}function SCe(t){var e;let{status:r}=(e=t.body)!==null&&e!==void 0?e:{};return dY({status:r,statusCode:t.statusCode})}function xCe(t){var e,r;let{properties:n,provisioningState:i}=(e=t.body)!==null&&e!==void 0?e:{},s=(r=n?.provisioningState)!==null&&r!==void 0?r:i;return dY({status:s,statusCode:t.statusCode})}function pR(t){return t===202?"running":t<300?"succeeded":"failed"}function fY({rawResponse:t}){let e=t.headers["retry-after"];if(e!==void 0){let r=parseInt(e);return isNaN(r)?RCe(new Date(e)):r*1e3}}Ft.parseRetryAfter=fY;function hY(t){let e=pY(t,"error");if(!e){mR.logger.warning("The long-running operation failed but there is no error property in the response's body");return}if(!e.code||!e.message){mR.logger.warning("The long-running operation failed but the error property in the response's body doesn't contain code or message");return}return e}Ft.getErrorFromResponse=hY;function RCe(t){let e=Math.floor(new Date().getTime()),r=t.getTime();if(e<r)return r-e}function gY(t){let{response:e,state:r,operationLocation:n}=t;function i(){var o;switch((o=r.config.meta
`,jY="HTTP/1.1",oIe="AES256",aIe="DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;",AIe=["Access-Control-Allow-Origin","Cache-Control","Content-Length","Content-Type","Date","Request-Id","traceparent","Transfer-Encoding","User-Agent","x-ms-client-request-id","x-ms-date","x-ms-error-code","x-ms-request-id","x-ms-return-client-request-id","x-ms-version","Accept-Ranges","Content-Disposition","Content-Encoding","Content-Language","Content-MD5","Content-Range","ETag","Last-Modified","Server","Vary","x-ms-content-crc64","x-ms-copy-action","x-ms-copy-completion-time","x-ms-copy-id","x-ms-copy-progress","x-ms-copy-status","x-ms-has-immutability-policy","x-ms-has-legal-hold","x-ms-lease-state","x-ms-lease-status","x-ms-range","x-ms-request-server-encrypted","x-ms-server-encrypted","x-ms-snapshot","x-ms-source-range","If-Match","If-Modified-Since","If-None-Match","If-Unmodified-Since","x-ms-access-tier","x-ms-access-tier-change-time","x-ms-access-tier-inferred","x-ms-account-kind","x-ms-archive-status","x-ms-blob-append-offset","x-ms-blob-cache-control","x-ms-blob-committed-block-count","x-ms-blob-condition-appendpos","x-ms-blob-condition-maxsize","x-ms-blob-content-disposition","x-ms-blob-content-encoding","x-ms-blob-content-language","x-ms-blob-content-length","x-ms-blob-content-md5","x-ms-blob-content-type","x-ms-blob-public-access","x-ms-blob-sequence-number","x-ms-blob-type","x-ms-copy-destination-snapshot","x-ms-creation-time","x-ms-default-encryption-scope","x-ms-delete-snapshots","x-ms-delete-type-permanent","x-ms-deny-encryption-scope-override","x-ms-encryption-algorithm","x-ms-if-sequence-number-eq","x-ms-if-sequence-number-le","x-ms-if-sequence-number-lt","x-ms-incremental-copy","x-ms-lease-action","x-ms-lease-break-period","x-ms-lease-duration","x-ms-lease-id","x-ms-lease-time","x-ms-page-write","x-ms-proposed-lease-id","x-ms-range-get-content-md5","x-ms-rehydrate-priority","x-ms-sequence-number-action","x-ms-sku-name","x-ms-source-content-md5","x-ms-source-if-match","x-ms-source-if-modified-since","x-ms-source-if-none-match","x-ms-source-if-unmodified-since","x-ms-tag-count","x-ms-encryption-key-sha256","x-ms-copy-source-error-code","x-ms-copy-source-status-code","x-ms-if-tags","x-ms-source-if-tags"],cIe=["comp","maxresults","rscc","rscd","rsce","rscl","rsct","se","si","sip","sp","spr","sr","srt","ss","st","sv","include","marker","prefix","copyid","restype","blockid","blocklisttype","delimiter","prevsnapshot","ske","skoid","sks","skt","sktid","skv","snapshot"],lIe="BlobUsesCustomerSpecifiedEncryption",uIe="BlobDoesNotUseCustomerSpecifiedEncryption",dIe=["10000","10001","10002","10003","10004","10100","10101","10102","10103","10104","11000","11001","11002","11003","11004","11100","11101","11102","11103","11104"];function fIe(t){let e=new URL(t),r=e.pathname;return r=r||"/",r=gIe(r),e.pathname=r,e.toString()}function hIe(t){let e="";if(t.search("DevelopmentStorageProxyUri=")!==-1){let r=t.split(";");for(let n of r)n.trim().startsWith("DevelopmentStorageProxyUri=")&&(e=n.trim().match("DevelopmentStorageProxyUri=(.*)")[1])}return e}function NA(t,e){let r=t.split(";");for(let n of r)if(n.trim().startsWith(e))return n.trim().match(e+"=(.*)")[1];return""}function Cu(t){let e="";t.startsWith("UseDevelopmentStorage=true")&&(e=hIe(t),t=aIe);let r=NA(t,"BlobEndpoint");if(r=r.endsWith("/")?r.slice(0,-1):r,t.search("DefaultEndpointsProtocol=")!==-1&&t.search("AccountKey=")!==-1){let n="",i="",s=Buffer.from("accountKey","base64"),o="";if(i=NA(t,"AccountName"),s=Buffer.from(NA(t,"AccountKey"),"base64"),!r){n=NA(t,"DefaultEndpointsProtocol");let a=n.toLowerCase();if(a!=="https"&&a!=="http")throw new Error("Invalid DefaultEndpointsProtocol in the provided Connection String. Expecting 'https' or 'http'");if(o=NA(t,"EndpointSuffix"),!o)throw new Error("Invalid EndpointSuffix in the provided Connection String");r=`${n}://${i}.blob.${o}`}if(i){if(s.length===0)throw new Error("
`)+`
`+this.getCanonicalizedHeadersString(e)+this.getCanonicalizedResourceString(e),n=this.factory.computeHMACSHA256(r);return e.headers.set(Ie.AUTHORIZATION,`SharedKey ${this.factory.accountName}:${n}`),e}getHeaderValueToSign(e,r){let n=e.headers.get(r);return!n||r===Ie.CONTENT_LENGTH&&n==="0"?"":n}getCanonicalizedHeadersString(e){let r=e.headers.headersArray().filter(i=>i.name.toLowerCase().startsWith(Ie.PREFIX_FOR_STORAGE));r.sort((i,s)=>WY(i.name.toLowerCase(),s.name.toLowerCase())),r=r.filter((i,s,o)=>!(s>0&&i.name.toLowerCase()===o[s-1].name.toLowerCase()));let n="";return r.forEach(i=>{n+=`${i.name.toLowerCase().trimRight()}:${i.value.trimLeft()}
`}),n}getCanonicalizedResourceString(e){let r=FC(e.url)||"/",n="";n+=`/${this.factory.accountName}${r}`;let i=GY(e.url),s={};if(i){let o=[];for(let a in i)if(Object.prototype.hasOwnProperty.call(i,a)){let A=a.toLowerCase();s[A]=i[a],o.push(A)}o.sort();for(let a of o)n+=`
${a}:${decodeURIComponent(s[a])}`}return n}},jh=class{create(e,r){throw new Error("Method should be implemented in children classes.")}},lt=class extends jh{constructor(e,r){super(),this.accountName=e,this.accountKey=Buffer.from(r,"base64")}create(e,r){return new xC(e,r,this)}computeHMACSHA256(e){return av.createHmac("sha256",this.accountKey).update(e,"utf8").digest("base64")}},RC=class extends Hh{constructor(e,r){super(e,r)}},dt=class extends jh{create(e,r){return new RC(e,r)}},xR;function xIe(){return xR||(xR=jr.createDefaultHttpClient()),xR}var RIe="storageBrowserPolicy";function vIe(){return{name:RIe,async sendRequest(t,e){return st.isNode||((t.method==="GET"||t.method==="HEAD")&&(t.url=lo(t.url,Ji.Parameters.FORCE_BROWSER_NO_CACHE,new Date().getTime().toString())),t.headers.delete(Ie.COOKIE),t.headers.delete(Ie.CONTENT_LENGTH)),e(t)}}}var _Ie="storageRetryPolicy",zh;(function(t){t[t.EXPONENTIAL=0]="EXPONENTIAL",t[t.FIXED=1]="FIXED"})(zh||(zh={}));var uu={maxRetryDelayInMs:120*1e3,maxTries:4,retryDelayInMs:4*1e3,retryPolicyType:zh.EXPONENTIAL,secondaryHost:"",tryTimeoutInMs:void 0},DIe=["ETIMEDOUT","ESOCKETTIMEDOUT","ECONNREFUSED","ECONNRESET","ENOENT","ENOTFOUND","TIMEOUT","EPIPE","REQUEST_SEND_ERROR"],kIe=new LC.AbortError("The operation was aborted.");function PIe(t={}){var e,r,n,i,s,o;let a=(e=t.retryPolicyType)!==null&&e!==void 0?e:uu.retryPolicyType,A=(r=t.maxTries)!==null&&r!==void 0?r:uu.maxTries,c=(n=t.retryDelayInMs)!==null&&n!==void 0?n:uu.retryDelayInMs,l=(i=t.maxRetryDelayInMs)!==null&&i!==void 0?i:uu.maxRetryDelayInMs,u=(s=t.secondaryHost)!==null&&s!==void 0?s:uu.secondaryHost,d=(o=t.tryTimeoutInMs)!==null&&o!==void 0?o:uu.tryTimeoutInMs;function f({isPrimaryRetry:m,attempt:E,response:C,error:I}){var N,w;if(E>=A)return nr.info(`RetryPolicy: Attempt(s) ${E} >= maxTries ${A}, no further try.`),!1;if(I){for(let v of DIe)if(I.name.toUpperCase().includes(v)||I.message.toUpperCase().includes(v)||I.code&&I.code.toString().toUpperCase()===v)return nr.info(`RetryPolicy: Network error ${v} found, will retry.`),!0;if(I?.code==="PARSE_ERROR"&&I?.message.startsWith('Error "Error: Unclosed root tag'))return nr.info("RetryPolicy: Incomplete XML response likely due to service timeout, will retry."),!0}if(C||I){let v=(w=(N=C?.status)!==null&&N!==void 0?N:I?.statusCode)!==null&&w!==void 0?w:0;if(!m&&v===404)return nr.info("RetryPolicy: Secondary access with 404, will retry."),!0;if(v===503||v===500)return nr.info(`RetryPolicy: Will retry for status code ${v}.`),!0}return!1}function g(m,E){let C=0;if(m)switch(a){case zh.EXPONENTIAL:C=Math.min((Math.pow(2,E-1)-1)*c,l);break;case zh.FIXED:C=c;break}else C=Math.random()*1e3;return nr.info(`RetryPolicy: Delay for ${C}ms`),C}return{name:_Ie,async sendRequest(m,E){d&&(m.url=lo(m.url,Ji.Parameters.TIMEOUT,String(Math.floor(d/1e3))));let C=m.url,I=u?zY(m.url,u):void 0,N=!1,w=1,v=!0,T,U;for(;v;){let k=N||!I||!["GET","HEAD","OPTIONS"].includes(m.method)||w%2===1;m.url=k?C:I,T=void 0,U=void 0;try{nr.info(`RetryPolicy: =====> Try=${w} ${k?"Primary":"Secondary"}`),T=await E(m),N=N||!k&&T.status===404}catch(J){if(jr.isRestError(J))nr.error(`RetryPolicy: Caught error, message: ${J.message}, code: ${J.code}`),U=J;else throw nr.error(`RetryPolicy: Caught error, message: ${st.getErrorMessage(J)}`),J}v=f({isPrimaryRetry:k,attempt:w,response:T,error:U}),v&&await YY(g(k,w),m.abortSignal,kIe),w++}if(T)return T;throw U??new jr.RestError("RetryPolicy failed without known error.")}}}var TIe="storageSharedKeyCredentialPolicy";function $Y(t){function e(s){s.headers.set(Ie.X_MS_DATE,new Date().toUTCString()),s.body&&(typeof s.body=="string"||Buffer.isBuffer(s.body))&&s.body.length>0&&s.headers.set(Ie.CONTENT_LENGTH,Buffer.byteLength(s.body));let o=[s.method.toUpperCase(),r(s,Ie.CONTENT_LANGUAGE),r(s,Ie.CONTENT_ENCODING),r(s,Ie.CONTENT_LENGTH),r(s,Ie.CONTENT_MD5),r(s,Ie.CONTENT_TYPE),r(s,Ie.DATE),r(s,Ie.IF_MODIFIED_SINCE),r(s,Ie.IF_MATCH),r(s,Ie.IF_NONE_MATCH),r(s,Ie.IF_UNMODIFIED_SINCE),r(s,Ie.RANGE)].join(`
`)+`
`+n(s)+i(s),a=av.createHmac("sha256",t.accountKey).update(o,"utf8").digest("base64");s.headers.set(Ie.AUTHORIZATION,`SharedKey ${t.accountName}:${a}`)}function r(s,o){let a=s.headers.get(o);return!a||o===Ie.CONTENT_LENGTH&&a==="0"?"":a}function n(s){let o=[];for(let[A,c]of s.headers)A.toLowerCase().startsWith(Ie.PREFIX_FOR_STORAGE)&&o.push({name:A,value:c});o.sort((A,c)=>WY(A.name.toLowerCase(),c.name.toLowerCase())),o=o.filter((A,c,l)=>!(c>0&&A.name.toLowerCase()===l[c-1].name.toLowerCase()));let a="";return o.forEach(A=>{a+=`${A.name.toLowerCase().trimRight()}:${A.value.trimLeft()}
`}),a}function i(s){let o=FC(s.url)||"/",a="";a+=`/${t.accountName}${o}`;let A=GY(s.url),c={};if(A){let l=[];for(let u in A)if(Object.prototype.hasOwnProperty.call(A,u)){let d=u.toLowerCase();c[d]=A[u],l.push(d)}l.sort();for(let u of l)a+=`
${u}:${decodeURIComponent(c[u])}`}return a}return{name:TIe,async sendRequest(s,o){return e(s),o(s)}}}var vC=class extends gu{constructor(e,r){super(e,r)}async sendRequest(e){return st.isNode?this._nextPolicy.sendRequest(e):((e.method.toUpperCase()==="GET"||e.method.toUpperCase()==="HEAD")&&(e.url=lo(e.url,Ji.Parameters.FORCE_BROWSER_NO_CACHE,new Date().getTime().toString())),e.headers.remove(Ie.COOKIE),e.headers.remove(Ie.CONTENT_LENGTH),this._nextPolicy.sendRequest(e))}},_C=class{create(e,r){return new vC(e,r)}},OIe="StorageCorrectContentLengthPolicy";function LIe(){function t(e){e.body&&(typeof e.body=="string"||Buffer.isBuffer(e.body))&&e.body.length>0&&e.headers.set(Ie.CONTENT_LENGTH,Buffer.byteLength(e.body))}return{name:OIe,async sendRequest(e,r){return t(e),r(e)}}}function la(t){if(!t||typeof t!="object")return!1;let e=t;return Array.isArray(e.factories)&&typeof e.options=="object"&&typeof e.toServiceClientOptions=="function"}var Gh=class{constructor(e,r={}){this.factories=e,this.options=r}toServiceClientOptions(){return{httpClient:this.options.httpClient,requestPolicyFactories:this.factories}}};function ut(t,e={}){t||(t=new dt);let r=new Gh([],e);return r._credential=t,r}function MIe(t){let e=[FIe,ZY,UIe,qIe,HIe,jIe,GIe];if(t.factories.length){let r=t.factories.filter(n=>!e.some(i=>i(n)));if(r.length){let n=r.some(i=>zIe(i));return{wrappedPolicies:OC.createRequestPolicyFactoryPolicy(r),afterRetry:n}}}}function KY(t){var e;let r=t.options,{httpClient:n}=r,i=q.__rest(r,["httpClient"]),s=t._coreHttpClient;s||(s=n?OC.convertHttpClient(n):xIe(),t._coreHttpClient=s);let o=t._corePipeline;if(!o){let a=`azsdk-js-azure-storage-blob/${qY}`,A=i.userAgentOptions&&i.userAgentOptions.userAgentPrefix?`${i.userAgentOptions.userAgentPrefix} ${a}`:`${a}`;o=Fh.createClientPipeline(Object.assign(Object.assign({},i),{loggingOptions:{additionalAllowedHeaderNames:AIe,additionalAllowedQueryParameters:cIe,logger:nr.info},userAgentOptions:{userAgentPrefix:A},serializationOptions:{stringifyXML:vR.stringifyXML,serializerOptions:{xml:{xmlCharKey:"#"}}},deserializationOptions:{parseXML:vR.parseXML,serializerOptions:{xml:{xmlCharKey:"#"}}}})),o.removePolicy({phase:"Retry"}),o.removePolicy({name:jr.decompressResponsePolicyName}),o.addPolicy(LIe()),o.addPolicy(PIe(i.retryOptions),{phase:"Retry"}),o.addPolicy(vIe());let c=MIe(t);c&&o.addPolicy(c.wrappedPolicies,c.afterRetry?{afterPhase:"Retry"}:void 0);let l=XY(t);Ei.isTokenCredential(l)?o.addPolicy(jr.bearerTokenAuthenticationPolicy({credential:l,scopes:(e=i.audience)!==null&&e!==void 0?e:uv,challengeCallbacks:{authorizeRequestOnChallenge:Fh.authorizeRequestOnTenantChallenge}}),{phase:"Sign"}):l instanceof lt&&o.addPolicy($Y({accountName:l.accountName,accountKey:l.accountKey}),{phase:"Sign"}),t._corePipeline=o}return Object.assign(Object.assign({},i),{allowInsecureConnection:!0,httpClient:s,pipeline:o})}function XY(t){if(t._credential)return t._credential;let e=new dt;for(let r of t.factories)if(Ei.isTokenCredential(r.credential))e=r.credential;else if(ZY(r))return r;return e}function ZY(t){return t instanceof lt?!0:t.constructor.name==="StorageSharedKeyCredential"}function FIe(t){return t instanceof dt?!0:t.constructor.name==="AnonymousCredential"}function UIe(t){return Ei.isTokenCredential(t.credential)}function qIe(t){return t instanceof _C?!0:t.constructor.name==="StorageBrowserPolicyFactory"}function HIe(t){return t instanceof SC?!0:t.constructor.name==="StorageRetryPolicyFactory"}function jIe(t){return t.constructor.name==="TelemetryPolicyFactory"}function zIe(t){return t.constructor.name==="InjectorPolicyFactory"}function GIe(t){let e=["GenerateClientRequestIdPolicy","TracingPolicy","LogPolicy","ProxyPolicy","DisableResponseDecompressionPolicy","KeepAlivePolicy","DeserializationPolicy"],r={sendRequest:async o=>({request:o,headers:o.headers.clone(),status:500})},n={log(o,a){},shouldLog(o){return!1}},s=t.create(r,n).constructor.name;return e.some(o=>s.startsWith(o))}var fv={serializedName:"BlobServiceProperties",xmlName:"StorageServiceProperties",type:{name:"Composite",className:"BlobServi
`),s=e.computeHMACSHA256(i);return{sasQueryParameters:new Ss(t.version,s,n,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType),stringToSign:i}}function Rbe(t,e){if(t=Fu(t),!t.identifier&&!(t.permissions&&t.expiresOn))throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when 'identifier' is not provided.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=uo.parse(t.permissions.toString()).toString():i=fo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Mu(e.accountName,t.containerName,t.blobName),t.identifier,t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl?t.cacheControl:"",t.contentDisposition?t.contentDisposition:"",t.contentEncoding?t.contentEncoding:"",t.contentLanguage?t.contentLanguage:"",t.contentType?t.contentType:""].join(`
`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ss(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType),stringToSign:s}}function vbe(t,e){if(t=Fu(t),!t.identifier&&!(t.permissions&&t.expiresOn))throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when 'identifier' is not provided.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=uo.parse(t.permissions.toString()).toString():i=fo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Mu(e.accountName,t.containerName,t.blobName),t.identifier,t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.encryptionScope,t.cacheControl?t.cacheControl:"",t.contentDisposition?t.contentDisposition:"",t.contentEncoding?t.contentEncoding:"",t.contentLanguage?t.contentLanguage:"",t.contentType?t.contentType:""].join(`
`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ss(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,void 0,void 0,void 0,t.encryptionScope),stringToSign:s}}function _be(t,e){if(t=Fu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=uo.parse(t.permissions.toString()).toString():i=fo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Mu(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ss(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey),stringToSign:s}}function Dbe(t,e){if(t=Fu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=uo.parse(t.permissions.toString()).toString():i=fo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Mu(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.preauthorizedAgentObjectId,void 0,t.correlationId,t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ss(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey,t.preauthorizedAgentObjectId,t.correlationId),stringToSign:s}}function kbe(t,e){if(t=Fu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=uo.parse(t.permissions.toString()).toString():i=fo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Mu(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.preauthorizedAgentObjectId,void 0,t.correlationId,t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.encryptionScope,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ss(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey,t.preauthorizedAgentObjectId,t.correlationId,t.encryptionScope),stringToSign:s}}function Mu(t,e,r){let n=[`/blob/${t}/${e}`];return r&&n.push(`/${r}`),n.join("")}function Fu(t){let e=t.version?t.version:lv;if(t.snapshotTime&&e<"2018-11-09")throw RangeError("'version' must be >= '2018-11-09' when providing 'snapshotTime'.");if(t.blobName===void 0&&t.snapshotTime)throw RangeError("Must provide 'blobName' when providing 'snapshotTime'.");if(t.versionId&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'versionId'.");if(t.blobName===void 0&&t.versionId)throw RangeError("Must provide 'blobName' when providing 'versionId'.");if(t.permissions&&t.permissions.setImmutabilityPolicy&&e<"2020-08-04")throw RangeError("'version' must be >= '2020-08-04' when provided 'i' permission.");if(t.permissions&&t.permissions.deleteVersion&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'x' permission.");if(t.permissions&&t.permissions.permanentDelete&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'y' permission.");if(t.permissions&&t.permissions.tag&&e<"2019-12-12")throw RangeError("'version' must be >= '2019-12-12' when providing 't' permission.");if(e<"2020-02-10"&&t.permissions&&(t.permissions.move||t.permissions.execute))throw RangeError("'version' must be >= '2020-02-10' when providing the 'm' or 'e' permission.");if(e<"2021-04-10"&&t.permissions&&t.permissions.filterByTags)throw RangeError("'version' must be >= '2021-04-10' when providing the 'f' permission.");if(e<"2020-02-10"&&(t.preauthorizedAgentObjectId||t.correlationId))throw RangeError("'version' must be >= '2020-02-10' when providing 'preauthorizedAgentObjectId' or 'correlationId'.");if(t.encryptionScope&&e<"2020-12-06")throw RangeError("'version' must be >= '2020-12-06' when provided 'encryptionScope' in SAS.");return t.version=e,t}var Wh=class{get leaseId(){return this._leaseId}get url(){return this._url}constructor(e,r){let n=e.storageClientContext;this._url=e.url,e.name===void 0?(this._isContainer=!0,this._containerOrBlobOperation=n.container):(this._isContainer=!1,this._containerOrBlobOperation=n.blob),r||(r=st.randomUUID()),this._leaseId=r}async acquireLease(e,r={}){var n,i,s,o,a;if(this._isContainer&&(!((n=r.conditions)===null||n===void 0)&&n.ifMatch&&((i=r.conditions)===null||i===void 0?void 0:i.ifMatch)!==ws||!((s=r.conditions)===null||s===void 0)&&s.ifNoneMatch&&((o=r.conditions)===null||o===void 0?void 0:o.ifNoneMatch)!==ws||!((a=r.conditions)===null||a===void 0)&&a.tagConditions))throw new RangeError("The IfMatch, IfNoneMatch and tags access conditions are ignored by the service. Values other than undefined or their default values are not acceptable.");return F.withSpan("BlobLeaseClient-acquireLease",r,async A=>{var c;return V(await this._containerOrBlobOperation.acquireLease({abortSignal:r.abortSignal,duration:e,modifiedAccessConditions:Object.assign(Object.assign({},r.conditions),{ifTags:(c=r.conditions)===null||c===void 0?void 0:c.tagConditions}),proposedLeaseId:this._leaseId,tracingOptions:A.tracingOptions}))})}async changeLease(e,r={}){var n,i,s,o,a;if(this._isContainer&&(!((n=r.conditions)===null||n===void 0)&&n.ifMatch&&((i=r.conditions)===null||i===void 0?void 0:i.ifMatch)!==ws||!((s=r.conditions)===null||s===void 0)&&s.ifNoneMatch&&((o=r.conditions)===null||o===void 0?void 0:o.ifNoneMatch)!==ws||!((a=r.conditions)===null||a===void 0)&&a.tagConditions))throw new RangeError("The IfMatch, IfNoneMatch and tags access conditions are ignored by the service. Values other than undefined or their default values are not acceptable.");return F.withSpan("BlobLeaseClient-changeLease",r,async A=>{var c;let l=V(await this._containerOrBlobOperation.changeLease(this._leaseId,e,{abortSignal:r.abortSignal,modifiedAccessConditi
`):o=[e.accountName,n,i,s,t.startsOn?Xe(t.startsOn,!1):"",Xe(t.expiresOn,!1),t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",r,""].join(`
`);let a=e.computeHMACSHA256(o);return{sasQueryParameters:new Ss(r,a,n.toString(),i,s,t.protocol,t.startsOn,t.expiresOn,t.ipRange,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,t.encryptionScope),stringToSign:o}}var ov=class t extends Yh{static fromConnectionString(e,r){r=r||{};let n=Cu(e);if(n.kind==="AccountConnString")if(st.isNode){let i=new lt(n.accountName,n.accountKey);r.proxyOptions||(r.proxyOptions=jr.getDefaultProxySettings(n.proxyUri));let s=ut(i,r);return new t(n.url,s)}else throw new Error("Account connection string is only supported in Node.js environment");else if(n.kind==="SASConnString"){let i=ut(new dt,r);return new t(n.url+"?"+n.accountSas,i)}else throw new Error("Connection string must be either an Account connection string or a SAS connection string")}constructor(e,r,n){let i;la(r)?i=r:st.isNode&&r instanceof lt||r instanceof dt||Ei.isTokenCredential(r)?i=ut(r,n):i=ut(new dt,n),super(e,i),this.serviceContext=this.storageClientContext.service}getContainerClient(e){return new PC(Pt(this.url,encodeURIComponent(e)),this.pipeline)}async createContainer(e,r={}){return F.withSpan("BlobServiceClient-createContainer",r,async n=>{let i=this.getContainerClient(e),s=await i.create(n);return{containerClient:i,containerCreateResponse:s}})}async deleteContainer(e,r={}){return F.withSpan("BlobServiceClient-deleteContainer",r,async n=>this.getContainerClient(e).delete(n))}async undeleteContainer(e,r,n={}){return F.withSpan("BlobServiceClient-undeleteContainer",n,async i=>{let s=this.getContainerClient(n.destinationContainerName||e),o=s.storageClientContext.container,a=V(await o.restore({deletedContainerName:e,deletedContainerVersion:r,tracingOptions:i.tracingOptions}));return{containerClient:s,containerUndeleteResponse:a}})}async renameContainer(e,r,n={}){return F.withSpan("BlobServiceClient-renameContainer",n,async i=>{var s;let o=this.getContainerClient(r),a=o.storageClientContext.container,A=V(await a.rename(e,Object.assign(Object.assign({},i),{sourceLeaseId:(s=n.sourceCondition)===null||s===void 0?void 0:s.leaseId})));return{containerClient:o,containerRenameResponse:A}})}async getProperties(e={}){return F.withSpan("BlobServiceClient-getProperties",e,async r=>V(await this.serviceContext.getProperties({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async setProperties(e,r={}){return F.withSpan("BlobServiceClient-setProperties",r,async n=>V(await this.serviceContext.setProperties(e,{abortSignal:r.abortSignal,tracingOptions:n.tracingOptions})))}async getStatistics(e={}){return F.withSpan("BlobServiceClient-getStatistics",e,async r=>V(await this.serviceContext.getStatistics({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async getAccountInfo(e={}){return F.withSpan("BlobServiceClient-getAccountInfo",e,async r=>V(await this.serviceContext.getAccountInfo({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async listContainersSegment(e,r={}){return F.withSpan("BlobServiceClient-listContainersSegment",r,async n=>V(await this.serviceContext.listContainersSegment(Object.assign(Object.assign({abortSignal:r.abortSignal,marker:e},r),{include:typeof r.include=="string"?[r.include]:r.include,tracingOptions:n.tracingOptions}))))}async findBlobsByTagsSegment(e,r,n={}){return F.withSpan("BlobServiceClient-findBlobsByTagsSegment",n,async i=>{let s=V(await this.serviceContext.filterBlobs({abortSignal:n.abortSignal,where:e,marker:r,maxPageSize:n.maxPageSize,tracingOptions:i.tracingOptions}));return Object.assign(Object.assign({},s),{_response:s._response,blobs:s.blobs.map(a=>{var A;let c="";return((A=a.tags)===null||A===void 0?void 0:A.blobTagSet.length)===1&&(c=a.tags.blobTagSet[0].value),Object.assign(Object.assign({},a),{tags:Oh(a.tags),tagValue:c})})})})}findBlobsByTagsSegments(e,r){return q.__asyncGenerator(this,arguments,function*(i,s,o={}){let a;if(s||s===void 0)do a=yield q.__await(this.findBlobsByTagsSegment(i,s,o)),a.blobs=a.blobs||[],s=a.continuationToken,yield yield q.__await(a);while(s)})}findBlobsByTagsItems(e){return q.__asyncGenerator(this,arguments,functi
If you are using self-hosted runners, please make sure your runner has access to all GitHub endpoints: https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github`;super(r),this.code=e,this.name="NetworkError"}};Qn.NetworkError=YC;YC.isNetworkErrorCode=t=>t?["ECONNRESET","ENOTFOUND","ETIMEDOUT","ECONNREFUSED","EHOSTUNREACH"].includes(t):!1;var JC=class extends Error{constructor(){super(`Cache storage quota has been hit. Unable to upload any new cache entries. Usage is recalculated every 6-12 hours.
More info on storage limits: https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions#calculating-minute-and-storage-spending`),this.name="UsageError"}};Qn.UsageError=JC;JC.isUsageErrorMessage=t=>t?t.includes("insufficient usage"):!1});var E3=h(bn=>{"use strict";var Wbe=bn&&bn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),$be=bn&&bn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Kbe=bn&&bn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&Wbe(e,t,r);return $be(e,t),e},Xbe=bn&&bn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(bn,"__esModule",{value:!0});bn.uploadCacheArchiveSDK=bn.UploadProgress=void 0;var kv=Kbe(at()),Zbe=Sv(),e0e=Dv(),VC=class{constructor(e){this.contentLength=e,this.sentBytes=0,this.displayedComplete=!1,this.startTime=Date.now()}setSentBytes(e){this.sentBytes=e}getTransferredBytes(){return this.sentBytes}isDone(){return this.getTransferredBytes()===this.contentLength}display(){if(this.displayedComplete)return;let e=this.sentBytes,r=(100*(e/this.contentLength)).toFixed(1),n=Date.now()-this.startTime,i=(e/(1024*1024)/(n/1e3)).toFixed(1);kv.info(`Sent ${e} of ${this.contentLength} (${r}%), ${i} MBs/sec`),this.isDone()&&(this.displayedComplete=!0)}onProgress(){return e=>{this.setSentBytes(e.loadedBytes)}}startDisplayTimer(e=1e3){let r=()=>{this.display(),this.isDone()||(this.timeoutHandle=setTimeout(r,e))};this.timeoutHandle=setTimeout(r,e)}stopDisplayTimer(){this.timeoutHandle&&(clearTimeout(this.timeoutHandle),this.timeoutHandle=void 0),this.display()}};bn.UploadProgress=VC;function t0e(t,e,r){var n;return Xbe(this,void 0,void 0,function*(){let i=new Zbe.BlobClient(t),s=i.getBlockBlobClient(),o=new VC((n=r?.archiveSizeBytes)!==null&&n!==void 0?n:0),a={blockSize:r?.uploadChunkSize,concurrency:r?.uploadConcurrency,maxSingleShotSize:128*1024*1024,onProgress:o.onProgress()};try{o.startDisplayTimer(),kv.debug(`BlobClient: ${i.name}:${i.accountName}:${i.containerName}`);let A=yield s.uploadFile(e,a);if(A._response.status>=400)throw new e0e.InvalidResponseError(`uploadCacheArchiveSDK: upload failed with status code ${A._response.status}`);return A}catch(A){throw kv.warning(`uploadCacheArchiveSDK: internal error uploading cache archive: ${A.message}`),A}finally{o.stopDisplayTimer()}})}bn.uploadCacheArchiveSDK=t0e});var Tv=h(qt=>{"use strict";var r0e=qt&&qt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),n0e=qt&&qt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),i0e=qt&&qt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&r0e(e,t,r);return n0e(e,t),e},$C=qt&&qt.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(qt,"__esModule",{value:!0}
Other caches with similar key:`);for(let a of s?.artifactCaches||[])$n.debug(`Cache Key: ${a?.cacheKey}, Cache Version: ${a?.cacheVersion}, Cache Scope: ${a?.scope}, Cache Created: ${a?.creationTime}`)}}})}function j0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n=new T0e.URL(t),i=(0,Hv.getDownloadOptions)(r);n.hostname.endsWith(".blob.core.windows.net")?i.useAzureSdk?yield(0,eI.downloadCacheStorageSDK)(t,e,i):i.concurrentBlobDownloads?yield(0,eI.downloadCacheHttpClientConcurrent)(t,e,i):yield(0,eI.downloadCacheHttpClient)(t,e):yield(0,eI.downloadCacheHttpClient)(t,e)})}Nr.downloadCache=j0e;function z0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n=jv(),i=ju.getCacheVersion(e,r?.compressionMethod,r?.enableCrossOsArchive),s={key:t,version:i,cacheSize:r?.cacheSize};return yield(0,ma.retryTypedResponse)("reserveCache",()=>Nn(this,void 0,void 0,function*(){return n.postJson(Ag("caches"),s)}))})}Nr.reserveCache=z0e;function P3(t,e){return`bytes ${t}-${e}/*`}function G0e(t,e,r,n,i){return Nn(this,void 0,void 0,function*(){$n.debug(`Uploading chunk of size ${i-n+1} bytes at offset ${n} with content range: ${P3(n,i)}`);let s={"Content-Type":"application/octet-stream","Content-Range":P3(n,i)},o=yield(0,ma.retryHttpClientResponse)(`uploadChunk (start: ${n}, end: ${i})`,()=>Nn(this,void 0,void 0,function*(){return t.sendStream("PATCH",e,r(),s)}));if(!(0,ma.isSuccessStatusCode)(o.message.statusCode))throw new Error(`Cache service responded with ${o.message.statusCode} during upload chunk.`)})}function Y0e(t,e,r,n){return Nn(this,void 0,void 0,function*(){let i=ju.getArchiveFileSizeInBytes(r),s=Ag(`caches/${e.toString()}`),o=Uv.openSync(r,"r"),a=(0,Hv.getUploadOptions)(n),A=ju.assertDefined("uploadConcurrency",a.uploadConcurrency),c=ju.assertDefined("uploadChunkSize",a.uploadChunkSize),l=[...new Array(A).keys()];$n.debug("Awaiting all uploads");let u=0;try{yield Promise.all(l.map(()=>Nn(this,void 0,void 0,function*(){for(;u<i;){let d=Math.min(i-u,c),f=u,g=u+d-1;u+=c,yield G0e(t,s,()=>Uv.createReadStream(r,{fd:o,start:f,end:g,autoClose:!1}).on("error",m=>{throw new Error(`Cache upload failed because file read failed with ${m.message}`)}),f,g)}})))}finally{Uv.closeSync(o)}})}function J0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n={size:r};return yield(0,ma.retryTypedResponse)("commitCache",()=>Nn(this,void 0,void 0,function*(){return t.postJson(Ag(`caches/${e.toString()}`),n)}))})}function V0e(t,e,r,n){return Nn(this,void 0,void 0,function*(){if((0,Hv.getUploadOptions)(n).useAzureSdk){if(!r)throw new Error("Azure Storage SDK can only be used when a signed URL is provided.");yield(0,O0e.uploadCacheArchiveSDK)(r,e,n)}else{let s=jv();$n.debug("Upload cache"),yield Y0e(s,t,e,n),$n.debug("Commiting cache");let o=ju.getArchiveFileSizeInBytes(e);$n.info(`Cache Size: ~${Math.round(o/(1024*1024))} MB (${o} B)`);let a=yield J0e(s,t,o);if(!(0,ma.isSuccessStatusCode)(a.statusCode))throw new Error(`Cache service responded with ${a.statusCode} during commit cache.`);$n.info("Cache saved successfully")}})}Nr.saveCache=V0e});var tI=h(zu=>{"use strict";Object.defineProperty(zu,"__esModule",{value:!0});zu.isJsonObject=zu.typeofJsonValue=void 0;function W0e(t){let e=typeof t;if(e=="object"){if(Array.isArray(t))return"array";if(t===null)return"null"}return e}zu.typeofJsonValue=W0e;function $0e(t){return t!==null&&typeof t=="object"&&!Array.isArray(t)}zu.isJsonObject=$0e});var nI=h(Gu=>{"use strict";Object.defineProperty(Gu,"__esModule",{value:!0});Gu.base64encode=Gu.base64decode=void 0;var yo="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".split(""),rI=[];for(let t=0;t<yo.length;t++)rI[yo[t].charCodeAt(0)]=t;rI[45]=yo.indexOf("+");rI[95]=yo.indexOf("/");function K0e(t){let e=t.length*3/4;t[t.length-2]=="="?e-=2:t[t.length-1]=="="&&(e-=1);let r=new Uint8Array(e),n=0,i=0,s,o=0;for(let a=0;a<t.length;a++){if(s=rI[t.charCodeAt(a)],s===void 0)switch(t[a]){case"=":i=0;case`
`:case"\r":case"	":case" ":continue;default:throw Error("invalid base64 string.")}switch(i){case 0:o=s,i=1;break;case 1:r[n++]=o<<2|(s&48)>>4,o=s,i=2;break;case 2:r[n++]=(o&15)<<4|(s&60)>>2,o=s,i=3;break;case 3:r[n++]=(o&3)<<6|s,i=0;break}}if(i==1)throw Error("invalid base64 string.");return r.subarray(0,n)}Gu.base64decode=K0e;function X0e(t){let e="",r=0,n,i=0;for(let s=0;s<t.length;s++)switch(n=t[s],r){case 0:e+=yo[n>>2],i=(n&3)<<4,r=1;break;case 1:e+=yo[i|n>>4],i=(n&15)<<2,r=2;break;case 2:e+=yo[i|n>>6],e+=yo[n&63],r=0;break}return r&&(e+=yo[i],e+="=",r==1&&(e+="=")),e}Gu.base64encode=X0e});var O3=h(iI=>{"use strict";Object.defineProperty(iI,"__esModule",{value:!0});iI.utf8read=void 0;var zv=t=>String.fromCharCode.apply(String,t);function Z0e(t){if(t.length<1)return"";let e=0,r=[],n=[],i=0,s,o=t.length;for(;e<o;)s=t[e++],s<128?n[i++]=s:s>191&&s<224?n[i++]=(s&31)<<6|t[e++]&63:s>239&&s<365?(s=((s&7)<<18|(t[e++]&63)<<12|(t[e++]&63)<<6|t[e++]&63)-65536,n[i++]=55296+(s>>10),n[i++]=56320+(s&1023)):n[i++]=(s&15)<<12|(t[e++]&63)<<6|t[e++]&63,i>8191&&(r.push(zv(n)),i=0);return r.length?(i&&r.push(zv(n.slice(0,i))),r.join("")):zv(n.slice(0,i))}iI.utf8read=Z0e});var cg=h(Rs=>{"use strict";Object.defineProperty(Rs,"__esModule",{value:!0});Rs.WireType=Rs.mergeBinaryOptions=Rs.UnknownFieldHandler=void 0;var eNe;(function(t){t.symbol=Symbol.for("protobuf-ts/unknown"),t.onRead=(r,n,i,s,o)=>{(e(n)?n[t.symbol]:n[t.symbol]=[]).push({no:i,wireType:s,data:o})},t.onWrite=(r,n,i)=>{for(let{no:s,wireType:o,data:a}of t.list(n))i.tag(s,o).raw(a)},t.list=(r,n)=>{if(e(r)){let i=r[t.symbol];return n?i.filter(s=>s.no==n):i}return[]},t.last=(r,n)=>t.list(r,n).slice(-1)[0];let e=r=>r&&Array.isArray(r[t.symbol])})(eNe=Rs.UnknownFieldHandler||(Rs.UnknownFieldHandler={}));function tNe(t,e){return Object.assign(Object.assign({},t),e)}Rs.mergeBinaryOptions=tNe;var rNe;(function(t){t[t.Varint=0]="Varint",t[t.Bit64=1]="Bit64",t[t.LengthDelimited=2]="LengthDelimited",t[t.StartGroup=3]="StartGroup",t[t.EndGroup=4]="EndGroup",t[t.Bit32=5]="Bit32"})(rNe=Rs.WireType||(Rs.WireType={}))});var oI=h(wn=>{"use strict";Object.defineProperty(wn,"__esModule",{value:!0});wn.varint32read=wn.varint32write=wn.int64toString=wn.int64fromString=wn.varint64write=wn.varint64read=void 0;function nNe(){let t=0,e=0;for(let n=0;n<28;n+=7){let i=this.buf[this.pos++];if(t|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}let r=this.buf[this.pos++];if(t|=(r&15)<<28,e=(r&112)>>4,(r&128)==0)return this.assertBounds(),[t,e];for(let n=3;n<=31;n+=7){let i=this.buf[this.pos++];if(e|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}throw new Error("invalid varint")}wn.varint64read=nNe;function iNe(t,e,r){for(let s=0;s<28;s=s+7){let o=t>>>s,a=!(!(o>>>7)&&e==0),A=(a?o|128:o)&255;if(r.push(A),!a)return}let n=t>>>28&15|(e&7)<<4,i=e>>3!=0;if(r.push((i?n|128:n)&255),!!i){for(let s=3;s<31;s=s+7){let o=e>>>s,a=!!(o>>>7),A=(a?o|128:o)&255;if(r.push(A),!a)return}r.push(e>>>31&1)}}wn.varint64write=iNe;var sI=65536*65536;function sNe(t){let e=t[0]=="-";e&&(t=t.slice(1));let r=1e6,n=0,i=0;function s(o,a){let A=Number(t.slice(o,a));i*=r,n=n*r+A,n>=sI&&(i=i+(n/sI|0),n=n%sI)}return s(-24,-18),s(-18,-12),s(-12,-6),s(-6),[e,n,i]}wn.int64fromString=sNe;function oNe(t,e){if(e>>>0<=2097151)return""+(sI*e+(t>>>0));let r=t&16777215,n=(t>>>24|e<<8)>>>0&16777215,i=e>>16&65535,s=r+n*6777216+i*6710656,o=n+i*8147497,a=i*2,A=1e7;s>=A&&(o+=Math.floor(s/A),s%=A),o>=A&&(a+=Math.floor(o/A),o%=A);function c(l,u){let d=l?String(l):"";return u?"0000000".slice(d.length)+d:d}return c(a,0)+c(o,a)+c(s,1)}wn.int64toString=oNe;function aNe(t,e){if(t>=0){for(;t>127;)e.push(t&127|128),t=t>>>7;e.push(t)}else{for(let r=0;r<9;r++)e.push(t&127|128),t=t>>7;e.push(1)}}wn.varint32write=aNe;function ANe(){let t=this.buf[this.pos++],e=t&127;if((t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<7,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<14,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<21,(t&128)==0)return this.assertBounds(),e;t=this.buf
`)}};kI.RpcError=p_});var E_=h(TI=>{"use strict";Object.defineProperty(TI,"__esModule",{value:!0});TI.mergeRpcOptions=void 0;var g4=Xu();function vwe(t,e){if(!e)return t;let r={};PI(t,r),PI(e,r);for(let n of Object.keys(e)){let i=e[n];switch(n){case"jsonOptions":r.jsonOptions=g4.mergeJsonOptions(t.jsonOptions,r.jsonOptions);break;case"binaryOptions":r.binaryOptions=g4.mergeBinaryOptions(t.binaryOptions,r.binaryOptions);break;case"meta":r.meta={},PI(t.meta,r.meta),PI(e.meta,r.meta);break;case"interceptors":r.interceptors=t.interceptors?t.interceptors.concat(i):i.concat();break}}return r}TI.mergeRpcOptions=vwe;function PI(t,e){if(!t)return;let r=e;for(let[n,i]of Object.entries(t))i instanceof Date?r[n]=new Date(i.getTime()):Array.isArray(i)?r[n]=i.concat():r[n]=i}});var I_=h(OA=>{"use strict";Object.defineProperty(OA,"__esModule",{value:!0});OA.Deferred=OA.DeferredState=void 0;var Ds;(function(t){t[t.PENDING=0]="PENDING",t[t.REJECTED=1]="REJECTED",t[t.RESOLVED=2]="RESOLVED"})(Ds=OA.DeferredState||(OA.DeferredState={}));var C_=class{constructor(e=!0){this._state=Ds.PENDING,this._promise=new Promise((r,n)=>{this._resolve=r,this._reject=n}),e&&this._promise.catch(r=>{})}get state(){return this._state}get promise(){return this._promise}resolve(e){if(this.state!==Ds.PENDING)throw new Error(`cannot resolve ${Ds[this.state].toLowerCase()}`);this._resolve(e),this._state=Ds.RESOLVED}reject(e){if(this.state!==Ds.PENDING)throw new Error(`cannot reject ${Ds[this.state].toLowerCase()}`);this._reject(e),this._state=Ds.REJECTED}resolvePending(e){this._state===Ds.PENDING&&this.resolve(e)}rejectPending(e){this._state===Ds.PENDING&&this.reject(e)}};OA.Deferred=C_});var Q_=h(OI=>{"use strict";Object.defineProperty(OI,"__esModule",{value:!0});OI.RpcOutputStreamController=void 0;var m4=I_(),LA=Xu(),B_=class{constructor(){this._lis={nxt:[],msg:[],err:[],cmp:[]},this._closed=!1,this._itState={q:[]}}onNext(e){return this.addLis(e,this._lis.nxt)}onMessage(e){return this.addLis(e,this._lis.msg)}onError(e){return this.addLis(e,this._lis.err)}onComplete(e){return this.addLis(e,this._lis.cmp)}addLis(e,r){return r.push(e),()=>{let n=r.indexOf(e);n>=0&&r.splice(n,1)}}clearLis(){for(let e of Object.values(this._lis))e.splice(0,e.length)}get closed(){return this._closed!==!1}notifyNext(e,r,n){LA.assert((e?1:0)+(r?1:0)+(n?1:0)<=1,"only one emission at a time"),e&&this.notifyMessage(e),r&&this.notifyError(r),n&&this.notifyComplete()}notifyMessage(e){LA.assert(!this.closed,"stream is closed"),this.pushIt({value:e,done:!1}),this._lis.msg.forEach(r=>r(e)),this._lis.nxt.forEach(r=>r(e,void 0,!1))}notifyError(e){LA.assert(!this.closed,"stream is closed"),this._closed=e,this.pushIt(e),this._lis.err.forEach(r=>r(e)),this._lis.nxt.forEach(r=>r(void 0,e,!1)),this.clearLis()}notifyComplete(){LA.assert(!this.closed,"stream is closed"),this._closed=!0,this.pushIt({value:null,done:!0}),this._lis.cmp.forEach(e=>e()),this._lis.nxt.forEach(e=>e(void 0,void 0,!0)),this.clearLis()}[Symbol.asyncIterator](){return this._closed===!0?this.pushIt({value:null,done:!0}):this._closed!==!1&&this.pushIt(this._closed),{next:()=>{let e=this._itState;LA.assert(e,"bad state"),LA.assert(!e.p,"iterator contract broken");let r=e.q.shift();return r?"value"in r?Promise.resolve(r):Promise.reject(r):(e.p=new m4.Deferred,e.p.promise)}}}pushIt(e){let r=this._itState;if(r.p){let n=r.p;LA.assert(n.state==m4.DeferredState.PENDING,"iterator contract broken"),"value"in e?n.resolve(e):n.reject(e),delete r.p}else r.q.push(e)}};OI.RpcOutputStreamController=B_});var N_=h(Zu=>{"use strict";var _we=Zu&&Zu.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(Zu,"__esModule",{value:!0});Zu.UnaryCall=void 0;var b_=class{constructor(e,r,n,i,s,o,a){this.method=e,this.requestHeaders=r,this.request=n,this.headers=i,this.response=s,this.s
`:case"\r":case"	":case" ":continue;default:throw Error("invalid base64 string.")}switch(i){case 0:o=s,i=1;break;case 1:r[n++]=o<<2|(s&48)>>4,o=s,i=2;break;case 2:r[n++]=(o&15)<<4|(s&60)>>2,o=s,i=3;break;case 3:r[n++]=(o&3)<<6|s,i=0;break}}if(i==1)throw Error("invalid base64 string.");return r.subarray(0,n)}ad.base64decode=iSe;function sSe(t){let e="",r=0,n,i=0;for(let s=0;s<t.length;s++)switch(n=t[s],r){case 0:e+=Eo[n>>2],i=(n&3)<<4,r=1;break;case 1:e+=Eo[i|n>>4],i=(n&15)<<2,r=2;break;case 2:e+=Eo[i|n>>6],e+=Eo[n&63],r=0;break}return r&&(e+=Eo[i],e+="=",r==1&&(e+="=")),e}ad.base64encode=sSe});var Q4=h(HI=>{"use strict";Object.defineProperty(HI,"__esModule",{value:!0});HI.utf8read=void 0;var P_=t=>String.fromCharCode.apply(String,t);function oSe(t){if(t.length<1)return"";let e=0,r=[],n=[],i=0,s,o=t.length;for(;e<o;)s=t[e++],s<128?n[i++]=s:s>191&&s<224?n[i++]=(s&31)<<6|t[e++]&63:s>239&&s<365?(s=((s&7)<<18|(t[e++]&63)<<12|(t[e++]&63)<<6|t[e++]&63)-65536,n[i++]=55296+(s>>10),n[i++]=56320+(s&1023)):n[i++]=(s&15)<<12|(t[e++]&63)<<6|t[e++]&63,i>8191&&(r.push(P_(n)),i=0);return r.length?(i&&r.push(P_(n.slice(0,i))),r.join("")):P_(n.slice(0,i))}HI.utf8read=oSe});var Qg=h(ks=>{"use strict";Object.defineProperty(ks,"__esModule",{value:!0});ks.WireType=ks.mergeBinaryOptions=ks.UnknownFieldHandler=void 0;var aSe;(function(t){t.symbol=Symbol.for("protobuf-ts/unknown"),t.onRead=(r,n,i,s,o)=>{(e(n)?n[t.symbol]:n[t.symbol]=[]).push({no:i,wireType:s,data:o})},t.onWrite=(r,n,i)=>{for(let{no:s,wireType:o,data:a}of t.list(n))i.tag(s,o).raw(a)},t.list=(r,n)=>{if(e(r)){let i=r[t.symbol];return n?i.filter(s=>s.no==n):i}return[]},t.last=(r,n)=>t.list(r,n).slice(-1)[0];let e=r=>r&&Array.isArray(r[t.symbol])})(aSe=ks.UnknownFieldHandler||(ks.UnknownFieldHandler={}));function ASe(t,e){return Object.assign(Object.assign({},t),e)}ks.mergeBinaryOptions=ASe;var cSe;(function(t){t[t.Varint=0]="Varint",t[t.Bit64=1]="Bit64",t[t.LengthDelimited=2]="LengthDelimited",t[t.StartGroup=3]="StartGroup",t[t.EndGroup=4]="EndGroup",t[t.Bit32=5]="Bit32"})(cSe=ks.WireType||(ks.WireType={}))});var zI=h(xn=>{"use strict";Object.defineProperty(xn,"__esModule",{value:!0});xn.varint32read=xn.varint32write=xn.int64toString=xn.int64fromString=xn.varint64write=xn.varint64read=void 0;function lSe(){let t=0,e=0;for(let n=0;n<28;n+=7){let i=this.buf[this.pos++];if(t|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}let r=this.buf[this.pos++];if(t|=(r&15)<<28,e=(r&112)>>4,(r&128)==0)return this.assertBounds(),[t,e];for(let n=3;n<=31;n+=7){let i=this.buf[this.pos++];if(e|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}throw new Error("invalid varint")}xn.varint64read=lSe;function uSe(t,e,r){for(let s=0;s<28;s=s+7){let o=t>>>s,a=!(!(o>>>7)&&e==0),A=(a?o|128:o)&255;if(r.push(A),!a)return}let n=t>>>28&15|(e&7)<<4,i=e>>3!=0;if(r.push((i?n|128:n)&255),!!i){for(let s=3;s<31;s=s+7){let o=e>>>s,a=!!(o>>>7),A=(a?o|128:o)&255;if(r.push(A),!a)return}r.push(e>>>31&1)}}xn.varint64write=uSe;var jI=65536*65536;function dSe(t){let e=t[0]=="-";e&&(t=t.slice(1));let r=1e6,n=0,i=0;function s(o,a){let A=Number(t.slice(o,a));i*=r,n=n*r+A,n>=jI&&(i=i+(n/jI|0),n=n%jI)}return s(-24,-18),s(-18,-12),s(-12,-6),s(-6),[e,n,i]}xn.int64fromString=dSe;function fSe(t,e){if(e>>>0<=2097151)return""+(jI*e+(t>>>0));let r=t&16777215,n=(t>>>24|e<<8)>>>0&16777215,i=e>>16&65535,s=r+n*6777216+i*6710656,o=n+i*8147497,a=i*2,A=1e7;s>=A&&(o+=Math.floor(s/A),s%=A),o>=A&&(a+=Math.floor(o/A),o%=A);function c(l,u){let d=l?String(l):"";return u?"0000000".slice(d.length)+d:d}return c(a,0)+c(o,a)+c(s,1)}xn.int64toString=fSe;function hSe(t,e){if(t>=0){for(;t>127;)e.push(t&127|128),t=t>>>7;e.push(t)}else{for(let r=0;r<9;r++)e.push(t&127|128),t=t>>7;e.push(1)}}xn.varint32write=hSe;function gSe(){let t=this.buf[this.pos++],e=t&127;if((t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<7,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<14,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<21,(t&128)==0)return this.assertBounds(),e;t=this.buf
`));let n=yield CD(r,"create");yield ID(n,t)})}Yr.createTar=tRe});var bB=h(Yt=>{"use strict";var rRe=Yt&&Yt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),nRe=Yt&&Yt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Lg=Yt&&Yt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&rRe(e,t,r);return nRe(e,t),e},Qd=Yt&&Yt.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(Yt,"__esModule",{value:!0});Yt.saveCache=Yt.restoreCache=Yt.isFeatureAvailable=Yt.FinalizeCacheError=Yt.ReserveCacheError=Yt.ValidationError=void 0;var he=Lg(at()),IB=Lg(require("path")),_t=Lg(gl()),Bd=Lg(T3()),h$=Lg(l$()),BB=XC(),ba=f$(),QB=AA(),Ri=class t extends Error{constructor(e){super(e),this.name="ValidationError",Object.setPrototypeOf(this,t.prototype)}};Yt.ValidationError=Ri;var UA=class t extends Error{constructor(e){super(e),this.name="ReserveCacheError",Object.setPrototypeOf(this,t.prototype)}};Yt.ReserveCacheError=UA;var Og=class t extends Error{constructor(e){super(e),this.name="FinalizeCacheError",Object.setPrototypeOf(this,t.prototype)}};Yt.FinalizeCacheError=Og;function g$(t){if(!t||t.length===0)throw new Ri("Path Validation Error: At least one directory or file path is required")}function BD(t){if(t.length>512)throw new Ri(`Key Validation Error: ${t} cannot be larger than 512 characters.`);if(!/^[^,]*$/.test(t))throw new Ri(`Key Validation Error: ${t} cannot contain commas.`)}function iRe(){return(0,BB.getCacheServiceVersion)()==="v2"?!!process.env.ACTIONS_RESULTS_URL:!!process.env.ACTIONS_CACHE_URL}Yt.isFeatureAvailable=iRe;function sRe(t,e,r,n,i=!1){return Qd(this,void 0,void 0,function*(){let s=(0,BB.getCacheServiceVersion)();return he.debug(`Cache service version: ${s}`),g$(t),s==="v2"?yield aRe(t,e,r,n,i):yield oRe(t,e,r,n,i)})}Yt.restoreCache=sRe;function oRe(t,e,r,n,i=!1){return Qd(this,void 0,void 0,function*(){r=r||[];let s=[e,...r];if(he.debug("Resolved Keys:"),he.debug(JSON.stringify(s)),s.length>10)throw new Ri("Key Validation Error: Keys are limited to a maximum of 10.");for(let A of s)BD(A);let o=yield _t.getCompressionMethod(),a="";try{let A=yield Bd.getCacheEntry(s,t,{compressionMethod:o,enableCrossOsArchive:i});if(!A?.archiveLocation)return;if(n?.lookupOnly)return he.info("Lookup only - skipping download"),A.cacheKey;a=IB.join(yield _t.createTempDirectory(),_t.getCacheFileName(o)),he.debug(`Archive Path: ${a}`),yield Bd.downloadCache(A.archiveLocation,a,n),he.isDebug()&&(yield(0,ba.listTar)(a,o));let c=_t.getArchiveFileSizeInBytes(a);return he.info(`Cache Size: ~${Math.round(c/(1024*1024))} MB (${c} B)`),yield(0,ba.extractTar)(a,o),he.info("Cache restored successfully"),A.cacheKey}catch(A){let c=A;if(c.name===Ri.name)throw A;c instanceof QB.HttpClientError&&typeof c.statusCode=="number"&&c.statusCode>=500?he.error(`Failed to restore: ${A.message}`):he.warning(`Failed to restore: ${A.message}`)}finally{try{yield _t.unlinkFile(a)}catch(A){he.debug(`Failed to delete archive: ${A}`)}}})}function aRe(t,e,r,n,i=!1){return Qd(this,void 0,void 0,function*(){n=Object.assign(Object.assign({},n),{useAzureSdk:!0}),r=r||[];let s=[e,...r];if(he.debug("Resolved Keys:"),he.debug(JSON.stringify(s)),s.length>10)throw new Ri("Key Validation Error: Keys are limited to a maximum of 10.");for(let a of s)BD(a);let o="";try{let a=h$.internalCacheTwirpClient(),A=yield _t.getCompressionMethod(),c={key:e,restoreKeys:r,version:_t.getCacheVers
`),e=e.replace(/\r/g,`
`));let i=e.split(`
`).map(s=>s.trim());for(let s of i)!s||s.startsWith("#")||n.patterns.push(new x$.Pattern(s));return n.searchPaths.push(..._B.getSearchPaths(n.patterns)),n})}static stat(e,r,n){return vD(this,void 0,void 0,function*(){let i;if(r.followSymbolicLinks)try{i=yield jg.promises.stat(e.path)}catch(s){if(s.code==="ENOENT"){if(r.omitBrokenSymbolicLinks){_D.debug(`Broken symlink '${e.path}'`);return}throw new Error(`No information found for the path '${e.path}'. This may indicate a broken symbolic link.`)}throw s}else i=yield jg.promises.lstat(e.path);if(i.isDirectory()&&r.followSymbolicLinks){let s=yield jg.promises.realpath(e.path);for(;n.length>=e.level;)n.pop();if(n.some(o=>o===s)){_D.debug(`Symlink cycle detected for path '${e.path}' and realpath '${s}'`);return}n.push(s)}return i})}};Sr.DefaultGlobber=DD});var P$=h(Dn=>{"use strict";var jRe=Dn&&Dn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),zRe=Dn&&Dn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),bd=Dn&&Dn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&jRe(e,t,r);return zRe(e,t),e},GRe=Dn&&Dn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})},YRe=Dn&&Dn.__asyncValues||function(t){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var e=t[Symbol.asyncIterator],r;return e?e.call(t):(t=typeof __values=="function"?__values(t):t[Symbol.iterator](),r={},n("next"),n("throw"),n("return"),r[Symbol.asyncIterator]=function(){return this},r);function n(s){r[s]=t[s]&&function(o){return new Promise(function(a,A){o=t[s](o),i(a,A,o.done,o.value)})}}function i(s,o,a,A){Promise.resolve(A).then(function(c){s({value:c,done:a})},o)}};Object.defineProperty(Dn,"__esModule",{value:!0});Dn.hashFiles=void 0;var _$=bd(require("crypto")),D$=bd(at()),k$=bd(require("fs")),JRe=bd(require("stream")),VRe=bd(require("util")),WRe=bd(require("path"));function $Re(t,e,r=!1){var n,i,s,o,a;return GRe(this,void 0,void 0,function*(){let A=r?D$.info:D$.debug,c=!1,l=e||((a=process.env.GITHUB_WORKSPACE)!==null&&a!==void 0?a:process.cwd()),u=_$.createHash("sha256"),d=0;try{for(var f=!0,g=YRe(t.globGenerator()),m;m=yield g.next(),n=m.done,!n;f=!0){o=m.value,f=!1;let E=o;if(A(E),!E.startsWith(`${l}${WRe.sep}`)){A(`Ignore '${E}' since it is not under GITHUB_WORKSPACE.`);continue}if(k$.statSync(E).isDirectory()){A(`Skip directory '${E}'.`);continue}let C=_$.createHash("sha256");yield VRe.promisify(JRe.pipeline)(k$.createReadStream(E),C),u.write(C.digest()),d++,c||(c=!0)}}catch(E){i={error:E}}finally{try{!f&&!n&&(s=g.return)&&(yield s.call(g))}finally{if(i)throw i.error}}return u.end(),c?(A(`Found ${d} files to hash.`),u.digest("hex")):(A("No matches found for glob"),"")})}Dn.hashFiles=$Re});var L$=h(xa=>{"use strict";var T$=xa&&xa.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(xa,"__esModule",{value:!0});xa.hashFiles=xa.create=void 0;var KRe=v$(),XRe=P$();function O$(t,e){return T$(this,void 0,void 0,function*(){return yield KRe.DefaultGlobber.create(t,e)})}xa.create=O$;function ZRe(t,e="",r,n=!1){return T$(this,void 0,void 0,function*(){let i=!0;r&&typeof r.followSymbolicLinks=="boolean"&&(i=r.followSymbolic
`).map(nve).filter(Boolean)};function nve(t,e){if(!t||!t.length||t.charAt(0)==="#")return null;var r=t.split(":");return{username:r[0],password:r[1],uid:r[2],gid:r[3],gecos:r[4],homedir:r[5],shell:r[6]}}});var X$=h((F2e,K$)=>{"use strict";var ive=require("fs"),sve=$$();function ove(){if(process.platform==="win32")return process.env.USERPROFILE?process.env.USERPROFILE:process.env.HOMEDRIVE&&process.env.HOMEPATH?process.env.HOMEDRIVE+process.env.HOMEPATH:process.env.HOME?process.env.HOME:null;if(process.env.HOME)return process.env.HOME;var t=cve("/etc/passwd"),e=ave(sve(t),Ave());if(e)return e;var r=process.env.LOGNAME||process.env.USER||process.env.LNAME||process.env.USERNAME;return r?process.platform==="darwin"?"/Users/"+r:"/home/"+r:null}function ave(t,e){for(var r=t.length,n=0;n<r;n++)if(+t[n].uid===e)return t[n].homedir}function Ave(){return typeof process.geteuid=="function"?process.geteuid():process.getuid()}function cve(t){try{return ive.readFileSync(t,"utf8")}catch{return""}}K$.exports=ove});var eK=h((U2e,kD)=>{"use strict";var Z$=require("os");typeof Z$.homedir<"u"?kD.exports=Z$.homedir:kD.exports=X$()});var nK=h((q2e,rK)=>{var lve=eK(),tK=require("path");rK.exports=function(e){var r=lve();return e.charCodeAt(0)===126?e.charCodeAt(1)===43?tK.join(process.cwd(),e.slice(2)):r?tK.join(r,e.slice(1)):e:e}});var He=h(Tr=>{"use strict";var PD=Symbol.for("yaml.alias"),iK=Symbol.for("yaml.document"),DB=Symbol.for("yaml.map"),sK=Symbol.for("yaml.pair"),TD=Symbol.for("yaml.scalar"),kB=Symbol.for("yaml.seq"),Qo=Symbol.for("yaml.node.type"),uve=t=>!!t&&typeof t=="object"&&t[Qo]===PD,dve=t=>!!t&&typeof t=="object"&&t[Qo]===iK,fve=t=>!!t&&typeof t=="object"&&t[Qo]===DB,hve=t=>!!t&&typeof t=="object"&&t[Qo]===sK,oK=t=>!!t&&typeof t=="object"&&t[Qo]===TD,gve=t=>!!t&&typeof t=="object"&&t[Qo]===kB;function aK(t){if(t&&typeof t=="object")switch(t[Qo]){case DB:case kB:return!0}return!1}function mve(t){if(t&&typeof t=="object")switch(t[Qo]){case PD:case DB:case TD:case kB:return!0}return!1}var pve=t=>(oK(t)||aK(t))&&!!t.anchor;Tr.ALIAS=PD;Tr.DOC=iK;Tr.MAP=DB;Tr.NODE_TYPE=Qo;Tr.PAIR=sK;Tr.SCALAR=TD;Tr.SEQ=kB;Tr.hasAnchor=pve;Tr.isAlias=uve;Tr.isCollection=aK;Tr.isDocument=dve;Tr.isMap=fve;Tr.isNode=mve;Tr.isPair=hve;Tr.isScalar=oK;Tr.isSeq=gve});var Gg=h(OD=>{"use strict";var dr=He(),kn=Symbol("break visit"),AK=Symbol("skip children"),Os=Symbol("remove node");function PB(t,e){let r=cK(e);dr.isDocument(t)?wd(null,t.contents,r,Object.freeze([t]))===Os&&(t.contents=null):wd(null,t,r,Object.freeze([]))}PB.BREAK=kn;PB.SKIP=AK;PB.REMOVE=Os;function wd(t,e,r,n){let i=lK(t,e,r,n);if(dr.isNode(i)||dr.isPair(i))return uK(t,n,i),wd(t,i,r,n);if(typeof i!="symbol"){if(dr.isCollection(e)){n=Object.freeze(n.concat(e));for(let s=0;s<e.items.length;++s){let o=wd(s,e.items[s],r,n);if(typeof o=="number")s=o-1;else{if(o===kn)return kn;o===Os&&(e.items.splice(s,1),s-=1)}}}else if(dr.isPair(e)){n=Object.freeze(n.concat(e));let s=wd("key",e.key,r,n);if(s===kn)return kn;s===Os&&(e.key=null);let o=wd("value",e.value,r,n);if(o===kn)return kn;o===Os&&(e.value=null)}}return i}async function TB(t,e){let r=cK(e);dr.isDocument(t)?await Sd(null,t.contents,r,Object.freeze([t]))===Os&&(t.contents=null):await Sd(null,t,r,Object.freeze([]))}TB.BREAK=kn;TB.SKIP=AK;TB.REMOVE=Os;async function Sd(t,e,r,n){let i=await lK(t,e,r,n);if(dr.isNode(i)||dr.isPair(i))return uK(t,n,i),Sd(t,i,r,n);if(typeof i!="symbol"){if(dr.isCollection(e)){n=Object.freeze(n.concat(e));for(let s=0;s<e.items.length;++s){let o=await Sd(s,e.items[s],r,n);if(typeof o=="number")s=o-1;else{if(o===kn)return kn;o===Os&&(e.items.splice(s,1),s-=1)}}}else if(dr.isPair(e)){n=Object.freeze(n.concat(e));let s=await Sd("key",e.key,r,n);if(s===kn)return kn;s===Os&&(e.key=null);let o=await Sd("value",e.value,r,n);if(o===kn)return kn;o===Os&&(e.value=null)}}return i}function cK(t){return typeof t=="object"&&(t.Collection||t.Node||t.Value)?Object.assign({Alias:t.Node,Map:t.Node,Scalar:t.Node,Seq:t.Node},t.Value&&{Map:t.Value,Scalar:t.Value,Seq:t.Value},t.Collection&&{Map:t.Collection,Seq:t.Collection},t):t}function 
`)}};Yg.defaultYaml={explicit:!1,version:"1.2"};Yg.defaultTags={"!!":"tag:yaml.org,2002:"};fK.Directives=Yg});var OB=h(Jg=>{"use strict";var hK=He(),Ive=Gg();function Bve(t){if(/[\x00-\x19\s,[\]{}]/.test(t)){let r=`Anchor must not contain whitespace or control characters: ${JSON.stringify(t)}`;throw new Error(r)}return!0}function gK(t){let e=new Set;return Ive.visit(t,{Value(r,n){n.anchor&&e.add(n.anchor)}}),e}function mK(t,e){for(let r=1;;++r){let n=`${t}${r}`;if(!e.has(n))return n}}function Qve(t,e){let r=[],n=new Map,i=null;return{onAnchor:s=>{r.push(s),i||(i=gK(t));let o=mK(e,i);return i.add(o),o},setAnchors:()=>{for(let s of r){let o=n.get(s);if(typeof o=="object"&&o.anchor&&(hK.isScalar(o.node)||hK.isCollection(o.node)))o.node.anchor=o.anchor;else{let a=new Error("Failed to resolve repeated object (this should not happen)");throw a.source=s,a}}},sourceObjects:n}}Jg.anchorIsValid=Bve;Jg.anchorNames=gK;Jg.createNodeAnchors=Qve;Jg.findNewAnchor=mK});var MD=h(pK=>{"use strict";function Vg(t,e,r,n){if(n&&typeof n=="object")if(Array.isArray(n))for(let i=0,s=n.length;i<s;++i){let o=n[i],a=Vg(t,n,String(i),o);a===void 0?delete n[i]:a!==o&&(n[i]=a)}else if(n instanceof Map)for(let i of Array.from(n.keys())){let s=n.get(i),o=Vg(t,n,i,s);o===void 0?n.delete(i):o!==s&&n.set(i,o)}else if(n instanceof Set)for(let i of Array.from(n)){let s=Vg(t,n,i,i);s===void 0?n.delete(i):s!==i&&(n.delete(i),n.add(s))}else for(let[i,s]of Object.entries(n)){let o=Vg(t,n,i,s);o===void 0?delete n[i]:o!==s&&(n[i]=o)}return t.call(e,r,n)}pK.applyReviver=Vg});var Ra=h(EK=>{"use strict";var bve=He();function yK(t,e,r){if(Array.isArray(t))return t.map((n,i)=>yK(n,String(i),r));if(t&&typeof t.toJSON=="function"){if(!r||!bve.hasAnchor(t))return t.toJSON(e,r);let n={aliasCount:0,count:1,res:void 0};r.anchors.set(t,n),r.onCreate=s=>{n.res=s,delete r.onCreate};let i=t.toJSON(e,r);return r.onCreate&&r.onCreate(i),i}return typeof t=="bigint"&&!r?.keep?Number(t):t}EK.toJS=yK});var LB=h(IK=>{"use strict";var Nve=MD(),CK=He(),wve=Ra(),FD=class{constructor(e){Object.defineProperty(this,CK.NODE_TYPE,{value:e})}clone(){let e=Object.create(Object.getPrototypeOf(this),Object.getOwnPropertyDescriptors(this));return this.range&&(e.range=this.range.slice()),e}toJS(e,{mapAsMap:r,maxAliasCount:n,onAnchor:i,reviver:s}={}){if(!CK.isDocument(e))throw new TypeError("A document argument is required");let o={anchors:new Map,doc:e,keep:!0,mapAsMap:r===!0,mapKeyWarned:!1,maxAliasCount:typeof n=="number"?n:100},a=wve.toJS(this,"",o);if(typeof i=="function")for(let{count:A,res:c}of o.anchors.values())i(c,A);return typeof s=="function"?Nve.applyReviver(s,{"":a},"",a):a}};IK.NodeBase=FD});var Wg=h(QK=>{"use strict";var Sve=OB(),BK=Gg(),MB=He(),xve=LB(),Rve=Ra(),UD=class extends xve.NodeBase{constructor(e){super(MB.ALIAS),this.source=e,Object.defineProperty(this,"tag",{set(){throw new Error("Alias nodes cannot have tags")}})}resolve(e){let r;return BK.visit(e,{Node:(n,i)=>{if(i===this)return BK.visit.BREAK;i.anchor===this.source&&(r=i)}}),r}toJSON(e,r){if(!r)return{source:this.source};let{anchors:n,doc:i,maxAliasCount:s}=r,o=this.resolve(i);if(!o){let A=`Unresolved alias (the anchor must be set before the alias): ${this.source}`;throw new ReferenceError(A)}let a=n.get(o);if(a||(Rve.toJS(o,null,r),a=n.get(o)),!a||a.res===void 0){let A="This should not happen: Alias anchor was not resolved?";throw new ReferenceError(A)}if(s>=0&&(a.count+=1,a.aliasCount===0&&(a.aliasCount=FB(i,o,n)),a.count*a.aliasCount>s)){let A="Excessive alias count indicates a resource exhaustion attack";throw new ReferenceError(A)}return a.res}toString(e,r,n){let i=`*${this.source}`;if(e){if(Sve.anchorIsValid(this.source),e.options.verifyAliasOrder&&!e.anchors.has(this.source)){let s=`Unresolved alias (the anchor must be set before the alias): ${this.source}`;throw new Error(s)}if(e.implicitKey)return`${i} `}return i}};function FB(t,e,r){if(MB.isAlias(e)){let n=e.resolve(t),i=r&&n&&r.get(n);return i?i.count*i.aliasCount:0}else if(MB.isCollection(e)){let n=0;for(let i of e.items){let s=FB(t,i,r);s>n&&(n=s)}return n}
`)?zD(r,e):r.includes(`
`)?`
`+zD(r,e):(t.endsWith(" ")?"":" ")+r;HB.indentComment=zD;HB.lineComment=qve;HB.stringifyComment=Uve});var xK=h(Xg=>{"use strict";var Hve="flow",GD="block",jB="quoted";function jve(t,e,r="flow",{indentAtStart:n,lineWidth:i=80,minContentWidth:s=20,onFold:o,onOverflow:a}={}){if(!i||i<0)return t;i<s&&(s=0);let A=Math.max(1+s,1+i-e.length);if(t.length<=A)return t;let c=[],l={},u=i-e.length;typeof n=="number"&&(n>i-Math.max(2,s)?c.push(0):u=i-n);let d,f,g=!1,m=-1,E=-1,C=-1;r===GD&&(m=SK(t,m,e.length),m!==-1&&(u=m+A));for(let N;N=t[m+=1];){if(r===jB&&N==="\\"){switch(E=m,t[m+1]){case"x":m+=3;break;case"u":m+=5;break;case"U":m+=9;break;default:m+=1}C=m}if(N===`
`)r===GD&&(m=SK(t,m,e.length)),u=m+e.length+A,d=void 0;else{if(N===" "&&f&&f!==" "&&f!==`
`&&f!=="	"){let w=t[m+1];w&&w!==" "&&w!==`
`&&w!=="	"&&(d=m)}if(m>=u)if(d)c.push(d),u=d+A,d=void 0;else if(r===jB){for(;f===" "||f==="	";)f=N,N=t[m+=1],g=!0;let w=m>C+1?m-2:E-1;if(l[w])return t;c.push(w),l[w]=!0,u=w+A,d=void 0}else g=!0}f=N}if(g&&a&&a(),c.length===0)return t;o&&o();let I=t.slice(0,c[0]);for(let N=0;N<c.length;++N){let w=c[N],v=c[N+1]||t.length;w===0?I=`
${e}${t.slice(0,v)}`:(r===jB&&l[w]&&(I+=`${t[w]}\\`),I+=`
${e}${t.slice(w+1,v)}`)}return I}function SK(t,e,r){let n=e,i=e+1,s=t[i];for(;s===" "||s==="	";)if(e<i+r)s=t[++e];else{do s=t[++e];while(s&&s!==`
`);n=e,i=e+1,s=t[i]}return n}Xg.FOLD_BLOCK=GD;Xg.FOLD_FLOW=Hve;Xg.FOLD_QUOTED=jB;Xg.foldFlowLines=jve});var em=h(RK=>{"use strict";var ts=sr(),_a=xK(),GB=(t,e)=>({indentAtStart:e?t.indent.length:t.indentAtStart,lineWidth:t.options.lineWidth,minContentWidth:t.options.minContentWidth}),YB=t=>/^(%|---|\.\.\.)/m.test(t);function zve(t,e,r){if(!e||e<0)return!1;let n=e-r,i=t.length;if(i<=n)return!1;for(let s=0,o=0;s<i;++s)if(t[s]===`
`){if(s-o>n)return!0;if(o=s+1,i-o<=n)return!1}return!0}function Zg(t,e){let r=JSON.stringify(t);if(e.options.doubleQuotedAsJSON)return r;let{implicitKey:n}=e,i=e.options.doubleQuotedMinMultiLineLength,s=e.indent||(YB(t)?"  ":""),o="",a=0;for(let A=0,c=r[A];c;c=r[++A])if(c===" "&&r[A+1]==="\\"&&r[A+2]==="n"&&(o+=r.slice(a,A)+"\\ ",A+=1,a=A,c="\\"),c==="\\")switch(r[A+1]){case"u":{o+=r.slice(a,A);let l=r.substr(A+2,4);switch(l){case"0000":o+="\\0";break;case"0007":o+="\\a";break;case"000b":o+="\\v";break;case"001b":o+="\\e";break;case"0085":o+="\\N";break;case"00a0":o+="\\_";break;case"2028":o+="\\L";break;case"2029":o+="\\P";break;default:l.substr(0,2)==="00"?o+="\\x"+l.substr(2):o+=r.substr(A,6)}A+=5,a=A+1}break;case"n":if(n||r[A+2]==='"'||r.length<i)A+=1;else{for(o+=r.slice(a,A)+`

`;r[A+2]==="\\"&&r[A+3]==="n"&&r[A+4]!=='"';)o+=`
`,A+=2;o+=s,r[A+2]===" "&&(o+="\\"),A+=1,a=A+1}break;default:A+=1}return o=a?o+r.slice(a):r,n?o:_a.foldFlowLines(o,s,_a.FOLD_QUOTED,GB(e,!1))}function YD(t,e){if(e.options.singleQuote===!1||e.implicitKey&&t.includes(`
`)||/[ \t]\n|\n[ \t]/.test(t))return Zg(t,e);let r=e.indent||(YB(t)?"  ":""),n="'"+t.replace(/'/g,"''").replace(/\n+/g,`$&
${r}`)+"'";return e.implicitKey?n:_a.foldFlowLines(n,r,_a.FOLD_FLOW,GB(e,!1))}function xd(t,e){let{singleQuote:r}=e.options,n;if(r===!1)n=Zg;else{let i=t.includes('"'),s=t.includes("'");i&&!s?n=YD:s&&!i?n=Zg:n=r?YD:Zg}return n(t,e)}var JD;try{JD=new RegExp(`(^|(?<!
))
+(?!
|$)`,"g")}catch{JD=/\n+(?!\n|$)/g}function zB({comment:t,type:e,value:r},n,i,s){let{blockQuote:o,commentString:a,lineWidth:A}=n.options;if(!o||/\n[\t ]+$/.test(r)||/^\s*$/.test(r))return xd(r,n);let c=n.indent||(n.forceBlockIndent||YB(r)?"  ":""),l=o==="literal"?!0:o==="folded"||e===ts.Scalar.BLOCK_FOLDED?!1:e===ts.Scalar.BLOCK_LITERAL?!0:!zve(r,A,c.length);if(!r)return l?`|
`:`>
`;let u,d;for(d=r.length;d>0;--d){let v=r[d-1];if(v!==`
`&&v!=="	"&&v!==" ")break}let f=r.substring(d),g=f.indexOf(`
`);g===-1?u="-":r===f||g!==f.length-1?(u="+",s&&s()):u="",f&&(r=r.slice(0,-f.length),f[f.length-1]===`
`&&(f=f.slice(0,-1)),f=f.replace(JD,`$&${c}`));let m=!1,E,C=-1;for(E=0;E<r.length;++E){let v=r[E];if(v===" ")m=!0;else if(v===`
`)C=E;else break}let I=r.substring(0,C<E?C+1:E);I&&(r=r.substring(I.length),I=I.replace(/\n+/g,`$&${c}`));let w=(m?c?"2":"1":"")+u;if(t&&(w+=" "+a(t.replace(/ ?[\r\n]+/g," ")),i&&i()),!l){let v=r.replace(/\n+/g,`
$&`).replace(/(?:^|\n)([\t ].*)(?:([\n\t ]*)\n(?![\n\t ]))?/g,"$1$2").replace(/\n+/g,`$&${c}`),T=!1,U=GB(n,!0);o!=="folded"&&e!==ts.Scalar.BLOCK_FOLDED&&(U.onOverflow=()=>{T=!0});let k=_a.foldFlowLines(`${I}${v}${f}`,c,_a.FOLD_BLOCK,U);if(!T)return`>${w}
${c}${k}`}return r=r.replace(/\n+/g,`$&${c}`),`|${w}
${c}${I}${r}${f}`}function Gve(t,e,r,n){let{type:i,value:s}=t,{actualString:o,implicitKey:a,indent:A,indentStep:c,inFlow:l}=e;if(a&&s.includes(`
`)||l&&/[[\]{},]/.test(s))return xd(s,e);if(!s||/^[\n\t ,[\]{}#&*!|>'"%@`]|^[?-]$|^[?-][ \t]|[\n:][ \t]|[ \t]\n|[\n\t ]#|[\n\t :]$/.test(s))return a||l||!s.includes(`
`)?xd(s,e):zB(t,e,r,n);if(!a&&!l&&i!==ts.Scalar.PLAIN&&s.includes(`
`))return zB(t,e,r,n);if(YB(s)){if(A==="")return e.forceBlockIndent=!0,zB(t,e,r,n);if(a&&A===c)return xd(s,e)}let u=s.replace(/\n+/g,`$&
${A}`);if(o){let d=m=>m.default&&m.tag!=="tag:yaml.org,2002:str"&&m.test?.test(u),{compat:f,tags:g}=e.doc.schema;if(g.some(d)||f?.some(d))return xd(s,e)}return a?u:_a.foldFlowLines(u,A,_a.FOLD_FLOW,GB(e,!1))}function Yve(t,e,r,n){let{implicitKey:i,inFlow:s}=e,o=typeof t.value=="string"?t:Object.assign({},t,{value:String(t.value)}),{type:a}=t;a!==ts.Scalar.QUOTE_DOUBLE&&/[\x00-\x08\x0b-\x1f\x7f-\x9f\u{D800}-\u{DFFF}]/u.test(o.value)&&(a=ts.Scalar.QUOTE_DOUBLE);let A=l=>{switch(l){case ts.Scalar.BLOCK_FOLDED:case ts.Scalar.BLOCK_LITERAL:return i||s?xd(o.value,e):zB(o,e,r,n);case ts.Scalar.QUOTE_DOUBLE:return Zg(o.value,e);case ts.Scalar.QUOTE_SINGLE:return YD(o.value,e);case ts.Scalar.PLAIN:return Gve(o,e,r,n);default:return null}},c=A(a);if(c===null){let{defaultKeyType:l,defaultStringType:u}=e.options,d=i&&l||u;if(c=A(d),c===null)throw new Error(`Unsupported default string type ${d}`)}return c}RK.stringifyString=Yve});var tm=h(VD=>{"use strict";var Jve=OB(),Da=He(),Vve=Kg(),Wve=em();function $ve(t,e){let r=Object.assign({blockQuote:!0,commentString:Vve.stringifyComment,defaultKeyType:null,defaultStringType:"PLAIN",directives:null,doubleQuotedAsJSON:!1,doubleQuotedMinMultiLineLength:40,falseStr:"false",flowCollectionPadding:!0,indentSeq:!0,lineWidth:80,minContentWidth:20,nullStr:"null",simpleKeys:!1,singleQuote:null,trueStr:"true",verifyAliasOrder:!0},t.schema.toStringOptions,e),n;switch(r.collectionStyle){case"block":n=!1;break;case"flow":n=!0;break;default:n=null}return{anchors:new Set,doc:t,flowCollectionPadding:r.flowCollectionPadding?" ":"",indent:"",indentStep:typeof r.indent=="number"?" ".repeat(r.indent):"  ",inFlow:n,options:r}}function Kve(t,e){if(e.tag){let i=t.filter(s=>s.tag===e.tag);if(i.length>0)return i.find(s=>s.format===e.format)??i[0]}let r,n;if(Da.isScalar(e)){n=e.value;let i=t.filter(s=>s.identify?.(n));if(i.length>1){let s=i.filter(o=>o.test);s.length>0&&(i=s)}r=i.find(s=>s.format===e.format)??i.find(s=>!s.format)}else n=e,r=t.find(i=>i.nodeClass&&n instanceof i.nodeClass);if(!r){let i=n?.constructor?.name??typeof n;throw new Error(`Tag not resolved for ${i} value`)}return r}function Xve(t,e,{anchors:r,doc:n}){if(!n.directives)return"";let i=[],s=(Da.isScalar(t)||Da.isCollection(t))&&t.anchor;s&&Jve.anchorIsValid(s)&&(r.add(s),i.push(`&${s}`));let o=t.tag?t.tag:e.default?null:e.tag;return o&&i.push(n.directives.tagString(o)),i.join(" ")}function Zve(t,e,r,n){if(Da.isPair(t))return t.toString(e,r,n);if(Da.isAlias(t)){if(e.doc.directives)return t.toString(e);if(e.resolvedAliases?.has(t))throw new TypeError("Cannot stringify circular structure without alias nodes");e.resolvedAliases?e.resolvedAliases.add(t):e.resolvedAliases=new Set([t]),t=t.resolve(e.doc)}let i,s=Da.isNode(t)?t:e.doc.createNode(t,{onTagObj:A=>i=A});i||(i=Kve(e.doc.schema.tags,s));let o=Xve(s,i,e);o.length>0&&(e.indentAtStart=(e.indentAtStart??0)+o.length+1);let a=typeof i.stringify=="function"?i.stringify(s,e,r,n):Da.isScalar(s)?Wve.stringifyString(s,e,r,n):s.toString(e,r,n);return o?Da.isScalar(s)||a[0]==="{"||a[0]==="["?`${o} ${a}`:`${o}
${e.indent}${a}`:a}VD.createStringifyContext=$ve;VD.stringify=Zve});var kK=h(DK=>{"use strict";var bo=He(),vK=sr(),_K=tm(),rm=Kg();function e_e({key:t,value:e},r,n,i){let{allNullValues:s,doc:o,indent:a,indentStep:A,options:{commentString:c,indentSeq:l,simpleKeys:u}}=r,d=bo.isNode(t)&&t.comment||null;if(u){if(d)throw new Error("With simple keys, key nodes cannot have comments");if(bo.isCollection(t)||!bo.isNode(t)&&typeof t=="object"){let U="With simple keys, collection cannot be used as a key value";throw new Error(U)}}let f=!u&&(!t||d&&e==null&&!r.inFlow||bo.isCollection(t)||(bo.isScalar(t)?t.type===vK.Scalar.BLOCK_FOLDED||t.type===vK.Scalar.BLOCK_LITERAL:typeof t=="object"));r=Object.assign({},r,{allNullValues:!1,implicitKey:!f&&(u||!s),indent:a+A});let g=!1,m=!1,E=_K.stringify(t,r,()=>g=!0,()=>m=!0);if(!f&&!r.inFlow&&E.length>1024){if(u)throw new Error("With simple keys, single line scalar must not span more than 1024 characters");f=!0}if(r.inFlow){if(s||e==null)return g&&n&&n(),E===""?"?":f?`? ${E}`:E}else if(s&&!u||e==null&&f)return E=`? ${E}`,d&&!g?E+=rm.lineComment(E,r.indent,c(d)):m&&i&&i(),E;g&&(d=null),f?(d&&(E+=rm.lineComment(E,r.indent,c(d))),E=`? ${E}
${a}:`):(E=`${E}:`,d&&(E+=rm.lineComment(E,r.indent,c(d))));let C,I,N;bo.isNode(e)?(C=!!e.spaceBefore,I=e.commentBefore,N=e.comment):(C=!1,I=null,N=null,e&&typeof e=="object"&&(e=o.createNode(e))),r.implicitKey=!1,!f&&!d&&bo.isScalar(e)&&(r.indentAtStart=E.length+1),m=!1,!l&&A.length>=2&&!r.inFlow&&!f&&bo.isSeq(e)&&!e.flow&&!e.tag&&!e.anchor&&(r.indent=r.indent.substring(2));let w=!1,v=_K.stringify(e,r,()=>w=!0,()=>m=!0),T=" ";if(d||C||I){if(T=C?`
`:"",I){let U=c(I);T+=`
${rm.indentComment(U,r.indent)}`}v===""&&!r.inFlow?T===`
`&&(T=`

`):T+=`
${r.indent}`}else if(!f&&bo.isCollection(e)){let U=v[0],k=v.indexOf(`
`),J=k!==-1,be=r.inFlow??e.flow??e.items.length===0;if(J||!be){let Re=!1;if(J&&(U==="&"||U==="!")){let H=v.indexOf(" ");U==="&"&&H!==-1&&H<k&&v[H+1]==="!"&&(H=v.indexOf(" ",H+1)),(H===-1||k<H)&&(Re=!0)}Re||(T=`
${r.indent}`)}}else(v===""||v[0]===`
`)&&(T="");return E+=T+v,r.inFlow?w&&n&&n():N&&!w?E+=rm.lineComment(E,r.indent,c(N)):m&&i&&i(),E}DK.stringifyPair=e_e});var $D=h(WD=>{"use strict";var PK=require("node:process");function t_e(t,...e){t==="debug"&&console.log(...e)}function r_e(t,e){(t==="debug"||t==="warn")&&(typeof PK.emitWarning=="function"?PK.emitWarning(e):console.warn(e))}WD.debug=t_e;WD.warn=r_e});var $B=h(WB=>{"use strict";var nm=He(),TK=sr(),JB="<<",VB={identify:t=>t===JB||typeof t=="symbol"&&t.description===JB,default:"key",tag:"tag:yaml.org,2002:merge",test:/^<<$/,resolve:()=>Object.assign(new TK.Scalar(Symbol(JB)),{addToJSMap:OK}),stringify:()=>JB},n_e=(t,e)=>(VB.identify(e)||nm.isScalar(e)&&(!e.type||e.type===TK.Scalar.PLAIN)&&VB.identify(e.value))&&t?.doc.schema.tags.some(r=>r.tag===VB.tag&&r.default);function OK(t,e,r){if(r=t&&nm.isAlias(r)?r.resolve(t.doc):r,nm.isSeq(r))for(let n of r.items)KD(t,e,n);else if(Array.isArray(r))for(let n of r)KD(t,e,n);else KD(t,e,r)}function KD(t,e,r){let n=t&&nm.isAlias(r)?r.resolve(t.doc):r;if(!nm.isMap(n))throw new Error("Merge sources must be maps or map aliases");let i=n.toJSON(null,t,Map);for(let[s,o]of i)e instanceof Map?e.has(s)||e.set(s,o):e instanceof Set?e.add(s):Object.prototype.hasOwnProperty.call(e,s)||Object.defineProperty(e,s,{value:o,writable:!0,enumerable:!0,configurable:!0});return e}WB.addMergeToJSMap=OK;WB.isMergeKey=n_e;WB.merge=VB});var ZD=h(FK=>{"use strict";var i_e=$D(),LK=$B(),s_e=tm(),MK=He(),XD=Ra();function o_e(t,e,{key:r,value:n}){if(MK.isNode(r)&&r.addToJSMap)r.addToJSMap(t,e,n);else if(LK.isMergeKey(t,r))LK.addMergeToJSMap(t,e,n);else{let i=XD.toJS(r,"",t);if(e instanceof Map)e.set(i,XD.toJS(n,i,t));else if(e instanceof Set)e.add(i);else{let s=a_e(r,i,t),o=XD.toJS(n,s,t);s in e?Object.defineProperty(e,s,{value:o,writable:!0,enumerable:!0,configurable:!0}):e[s]=o}}return e}function a_e(t,e,r){if(e===null)return"";if(typeof e!="object")return String(e);if(MK.isNode(t)&&r?.doc){let n=s_e.createStringifyContext(r.doc,{});n.anchors=new Set;for(let s of r.anchors.keys())n.anchors.add(s.anchor);n.inFlow=!0,n.inStringifyKey=!0;let i=t.toString(n);if(!r.mapKeyWarned){let s=JSON.stringify(i);s.length>40&&(s=s.substring(0,36)+'..."'),i_e.warn(r.doc.options.logLevel,`Keys with collection values will be stringified due to JS Object restrictions: ${s}. Set mapAsMap: true to use object keys.`),r.mapKeyWarned=!0}return i}return JSON.stringify(e)}FK.addPairToJSMap=o_e});var ka=h(ek=>{"use strict";var UK=$g(),A_e=kK(),c_e=ZD(),KB=He();function l_e(t,e,r){let n=UK.createNode(t,void 0,r),i=UK.createNode(e,void 0,r);return new XB(n,i)}var XB=class t{constructor(e,r=null){Object.defineProperty(this,KB.NODE_TYPE,{value:KB.PAIR}),this.key=e,this.value=r}clone(e){let{key:r,value:n}=this;return KB.isNode(r)&&(r=r.clone(e)),KB.isNode(n)&&(n=n.clone(e)),new t(r,n)}toJSON(e,r){let n=r?.mapAsMap?new Map:{};return c_e.addPairToJSMap(r,n,this)}toString(e,r,n){return e?.doc?A_e.stringifyPair(this,e,r,n):JSON.stringify(this)}};ek.Pair=XB;ek.createPair=l_e});var tk=h(HK=>{"use strict";var GA=He(),qK=tm(),ZB=Kg();function u_e(t,e,r){return(e.inFlow??t.flow?f_e:d_e)(t,e,r)}function d_e({comment:t,items:e},r,{blockItemPrefix:n,flowChars:i,itemIndent:s,onChompKeep:o,onComment:a}){let{indent:A,options:{commentString:c}}=r,l=Object.assign({},r,{indent:s,type:null}),u=!1,d=[];for(let g=0;g<e.length;++g){let m=e[g],E=null;if(GA.isNode(m))!u&&m.spaceBefore&&d.push(""),eQ(r,d,m.commentBefore,u),m.comment&&(E=m.comment);else if(GA.isPair(m)){let I=GA.isNode(m.key)?m.key:null;I&&(!u&&I.spaceBefore&&d.push(""),eQ(r,d,I.commentBefore,u))}u=!1;let C=qK.stringify(m,l,()=>E=null,()=>u=!0);E&&(C+=ZB.lineComment(C,s,c(E))),u&&E&&(u=!1),d.push(n+C)}let f;if(d.length===0)f=i.start+i.end;else{f=d[0];for(let g=1;g<d.length;++g){let m=d[g];f+=m?`
${A}${m}`:`
`}}return t?(f+=`
`+ZB.indentComment(c(t),A),a&&a()):u&&o&&o(),f}function f_e({items:t},e,{flowChars:r,itemIndent:n}){let{indent:i,indentStep:s,flowCollectionPadding:o,options:{commentString:a}}=e;n+=s;let A=Object.assign({},e,{indent:n,inFlow:!0,type:null}),c=!1,l=0,u=[];for(let g=0;g<t.length;++g){let m=t[g],E=null;if(GA.isNode(m))m.spaceBefore&&u.push(""),eQ(e,u,m.commentBefore,!1),m.comment&&(E=m.comment);else if(GA.isPair(m)){let I=GA.isNode(m.key)?m.key:null;I&&(I.spaceBefore&&u.push(""),eQ(e,u,I.commentBefore,!1),I.comment&&(c=!0));let N=GA.isNode(m.value)?m.value:null;N?(N.comment&&(E=N.comment),N.commentBefore&&(c=!0)):m.value==null&&I?.comment&&(E=I.comment)}E&&(c=!0);let C=qK.stringify(m,A,()=>E=null);g<t.length-1&&(C+=","),E&&(C+=ZB.lineComment(C,n,a(E))),!c&&(u.length>l||C.includes(`
`))&&(c=!0),u.push(C),l=u.length}let{start:d,end:f}=r;if(u.length===0)return d+f;if(!c){let g=u.reduce((m,E)=>m+E.length+2,2);c=e.options.lineWidth>0&&g>e.options.lineWidth}if(c){let g=d;for(let m of u)g+=m?`
${s}${i}${m}`:`
`;return`${g}
${i}${f}`}else return`${d}${o}${u.join(" ")}${o}${f}`}function eQ({indent:t,options:{commentString:e}},r,n,i){if(n&&i&&(n=n.replace(/^\n+/,"")),n){let s=ZB.indentComment(e(n),t);r.push(s.trimStart())}}HK.stringifyCollection=u_e});var Ta=h(nk=>{"use strict";var h_e=tk(),g_e=ZD(),m_e=qB(),Pa=He(),tQ=ka(),p_e=sr();function im(t,e){let r=Pa.isScalar(e)?e.value:e;for(let n of t)if(Pa.isPair(n)&&(n.key===e||n.key===r||Pa.isScalar(n.key)&&n.key.value===r))return n}var rk=class extends m_e.Collection{static get tagName(){return"tag:yaml.org,2002:map"}constructor(e){super(Pa.MAP,e),this.items=[]}static from(e,r,n){let{keepUndefined:i,replacer:s}=n,o=new this(e),a=(A,c)=>{if(typeof s=="function")c=s.call(r,A,c);else if(Array.isArray(s)&&!s.includes(A))return;(c!==void 0||i)&&o.items.push(tQ.createPair(A,c,n))};if(r instanceof Map)for(let[A,c]of r)a(A,c);else if(r&&typeof r=="object")for(let A of Object.keys(r))a(A,r[A]);return typeof e.sortMapEntries=="function"&&o.items.sort(e.sortMapEntries),o}add(e,r){let n;Pa.isPair(e)?n=e:!e||typeof e!="object"||!("key"in e)?n=new tQ.Pair(e,e?.value):n=new tQ.Pair(e.key,e.value);let i=im(this.items,n.key),s=this.schema?.sortMapEntries;if(i){if(!r)throw new Error(`Key ${n.key} already set`);Pa.isScalar(i.value)&&p_e.isScalarValue(n.value)?i.value.value=n.value:i.value=n.value}else if(s){let o=this.items.findIndex(a=>s(n,a)<0);o===-1?this.items.push(n):this.items.splice(o,0,n)}else this.items.push(n)}delete(e){let r=im(this.items,e);return r?this.items.splice(this.items.indexOf(r),1).length>0:!1}get(e,r){let i=im(this.items,e)?.value;return(!r&&Pa.isScalar(i)?i.value:i)??void 0}has(e){return!!im(this.items,e)}set(e,r){this.add(new tQ.Pair(e,r),!0)}toJSON(e,r,n){let i=n?new n:r?.mapAsMap?new Map:{};r?.onCreate&&r.onCreate(i);for(let s of this.items)g_e.addPairToJSMap(r,i,s);return i}toString(e,r,n){if(!e)return JSON.stringify(this);for(let i of this.items)if(!Pa.isPair(i))throw new Error(`Map items must all be pairs; found ${JSON.stringify(i)} instead`);return!e.allNullValues&&this.hasAllNullValues(!1)&&(e=Object.assign({},e,{allNullValues:!0})),h_e.stringifyCollection(this,e,{blockItemPrefix:"",flowChars:{start:"{",end:"}"},itemIndent:e.indent||"",onChompKeep:n,onComment:r})}};nk.YAMLMap=rk;nk.findPair=im});var Rd=h(zK=>{"use strict";var y_e=He(),jK=Ta(),E_e={collection:"map",default:!0,nodeClass:jK.YAMLMap,tag:"tag:yaml.org,2002:map",resolve(t,e){return y_e.isMap(t)||e("Expected a mapping for this tag"),t},createNode:(t,e,r)=>jK.YAMLMap.from(t,e,r)};zK.map=E_e});var Oa=h(GK=>{"use strict";var C_e=$g(),I_e=tk(),B_e=qB(),nQ=He(),Q_e=sr(),b_e=Ra(),ik=class extends B_e.Collection{static get tagName(){return"tag:yaml.org,2002:seq"}constructor(e){super(nQ.SEQ,e),this.items=[]}add(e){this.items.push(e)}delete(e){let r=rQ(e);return typeof r!="number"?!1:this.items.splice(r,1).length>0}get(e,r){let n=rQ(e);if(typeof n!="number")return;let i=this.items[n];return!r&&nQ.isScalar(i)?i.value:i}has(e){let r=rQ(e);return typeof r=="number"&&r<this.items.length}set(e,r){let n=rQ(e);if(typeof n!="number")throw new Error(`Expected a valid index, not ${e}.`);let i=this.items[n];nQ.isScalar(i)&&Q_e.isScalarValue(r)?i.value=r:this.items[n]=r}toJSON(e,r){let n=[];r?.onCreate&&r.onCreate(n);let i=0;for(let s of this.items)n.push(b_e.toJS(s,String(i++),r));return n}toString(e,r,n){return e?I_e.stringifyCollection(this,e,{blockItemPrefix:"- ",flowChars:{start:"[",end:"]"},itemIndent:(e.indent||"")+"  ",onChompKeep:n,onComment:r}):JSON.stringify(this)}static from(e,r,n){let{replacer:i}=n,s=new this(e);if(r&&Symbol.iterator in Object(r)){let o=0;for(let a of r){if(typeof i=="function"){let A=r instanceof Set?a:String(o++);a=i.call(r,A,a)}s.items.push(C_e.createNode(a,void 0,n))}}return s}};function rQ(t){let e=nQ.isScalar(t)?t.value:t;return e&&typeof e=="string"&&(e=Number(e)),typeof e=="number"&&Number.isInteger(e)&&e>=0?e:null}GK.YAMLSeq=ik});var vd=h(JK=>{"use strict";var N_e=He(),YK=Oa(),w_e={collection:"seq",default:!0,nodeClass:YK.YAMLSeq,tag:"tag:yaml.org,2002:seq",resolve(t,e){return N_e.isSeq(t)||e("Expected a
`:" ")}return $_e.stringifyString({comment:t,type:e,value:a},n,i,s)}};A9.binary=K_e});var uQ=h(lQ=>{"use strict";var cQ=He(),hk=ka(),X_e=sr(),Z_e=Oa();function c9(t,e){if(cQ.isSeq(t))for(let r=0;r<t.items.length;++r){let n=t.items[r];if(!cQ.isPair(n)){if(cQ.isMap(n)){n.items.length>1&&e("Each pair must have its own sequence indicator");let i=n.items[0]||new hk.Pair(new X_e.Scalar(null));if(n.commentBefore&&(i.key.commentBefore=i.key.commentBefore?`${n.commentBefore}
${i.key.commentBefore}`:n.commentBefore),n.comment){let s=i.value??i.key;s.comment=s.comment?`${n.comment}
${s.comment}`:n.comment}n=i}t.items[r]=cQ.isPair(n)?n:new hk.Pair(n)}}else e("Expected a sequence for this tag");return t}function l9(t,e,r){let{replacer:n}=r,i=new Z_e.YAMLSeq(t);i.tag="tag:yaml.org,2002:pairs";let s=0;if(e&&Symbol.iterator in Object(e))for(let o of e){typeof n=="function"&&(o=n.call(e,String(s++),o));let a,A;if(Array.isArray(o))if(o.length===2)a=o[0],A=o[1];else throw new TypeError(`Expected [key, value] tuple: ${o}`);else if(o&&o instanceof Object){let c=Object.keys(o);if(c.length===1)a=c[0],A=o[a];else throw new TypeError(`Expected tuple with one key, not ${c.length} keys`)}else a=o;i.items.push(hk.createPair(a,A,r))}return i}var eDe={collection:"seq",default:!1,tag:"tag:yaml.org,2002:pairs",resolve:c9,createNode:l9};lQ.createPairs=l9;lQ.pairs=eDe;lQ.resolvePairs=c9});var pk=h(mk=>{"use strict";var u9=He(),gk=Ra(),am=Ta(),tDe=Oa(),d9=uQ(),YA=class t extends tDe.YAMLSeq{constructor(){super(),this.add=am.YAMLMap.prototype.add.bind(this),this.delete=am.YAMLMap.prototype.delete.bind(this),this.get=am.YAMLMap.prototype.get.bind(this),this.has=am.YAMLMap.prototype.has.bind(this),this.set=am.YAMLMap.prototype.set.bind(this),this.tag=t.tag}toJSON(e,r){if(!r)return super.toJSON(e);let n=new Map;r?.onCreate&&r.onCreate(n);for(let i of this.items){let s,o;if(u9.isPair(i)?(s=gk.toJS(i.key,"",r),o=gk.toJS(i.value,s,r)):s=gk.toJS(i,"",r),n.has(s))throw new Error("Ordered maps must not include duplicate keys");n.set(s,o)}return n}static from(e,r,n){let i=d9.createPairs(e,r,n),s=new this;return s.items=i.items,s}};YA.tag="tag:yaml.org,2002:omap";var rDe={collection:"seq",identify:t=>t instanceof Map,nodeClass:YA,default:!1,tag:"tag:yaml.org,2002:omap",resolve(t,e){let r=d9.resolvePairs(t,e),n=[];for(let{key:i}of r.items)u9.isScalar(i)&&(n.includes(i.value)?e(`Ordered maps must not include duplicate keys: ${i.value}`):n.push(i.value));return Object.assign(new YA,r)},createNode:(t,e,r)=>YA.from(t,e,r)};mk.YAMLOMap=YA;mk.omap=rDe});var p9=h(yk=>{"use strict";var f9=sr();function h9({value:t,source:e},r){return e&&(t?g9:m9).test.test(e)?e:t?r.options.trueStr:r.options.falseStr}var g9={identify:t=>t===!0,default:!0,tag:"tag:yaml.org,2002:bool",test:/^(?:Y|y|[Yy]es|YES|[Tt]rue|TRUE|[Oo]n|ON)$/,resolve:()=>new f9.Scalar(!0),stringify:h9},m9={identify:t=>t===!1,default:!0,tag:"tag:yaml.org,2002:bool",test:/^(?:N|n|[Nn]o|NO|[Ff]alse|FALSE|[Oo]ff|OFF)$/,resolve:()=>new f9.Scalar(!1),stringify:h9};yk.falseTag=m9;yk.trueTag=g9});var y9=h(dQ=>{"use strict";var nDe=sr(),Ek=_d(),iDe={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",test:/^(?:[-+]?\.(?:inf|Inf|INF)|\.nan|\.NaN|\.NAN)$/,resolve:t=>t.slice(-3).toLowerCase()==="nan"?NaN:t[0]==="-"?Number.NEGATIVE_INFINITY:Number.POSITIVE_INFINITY,stringify:Ek.stringifyNumber},sDe={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",format:"EXP",test:/^[-+]?(?:[0-9][0-9_]*)?(?:\.[0-9_]*)?[eE][-+]?[0-9]+$/,resolve:t=>parseFloat(t.replace(/_/g,"")),stringify(t){let e=Number(t.value);return isFinite(e)?e.toExponential():Ek.stringifyNumber(t)}},oDe={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",test:/^[-+]?(?:[0-9][0-9_]*)?\.[0-9_]*$/,resolve(t){let e=new nDe.Scalar(parseFloat(t.replace(/_/g,""))),r=t.indexOf(".");if(r!==-1){let n=t.substring(r+1).replace(/_/g,"");n[n.length-1]==="0"&&(e.minFractionDigits=n.length)}return e},stringify:Ek.stringifyNumber};dQ.float=oDe;dQ.floatExp=sDe;dQ.floatNaN=iDe});var C9=h(cm=>{"use strict";var E9=_d(),Am=t=>typeof t=="bigint"||Number.isInteger(t);function fQ(t,e,r,{intAsBigInt:n}){let i=t[0];if((i==="-"||i==="+")&&(e+=1),t=t.substring(e).replace(/_/g,""),n){switch(r){case 2:t=`0b${t}`;break;case 8:t=`0o${t}`;break;case 16:t=`0x${t}`;break}let o=BigInt(t);return i==="-"?BigInt(-1)*o:o}let s=parseInt(t,r);return i==="-"?-1*s:s}function Ck(t,e,r){let{value:n}=t;if(Am(n)){let i=n.toString(e);return n<0?"-"+r+i.substr(1):r+i}return E9.stringifyNumber(t)}var aDe={identify:Am,default:!0,tag:"tag:yaml.org,2002:int",format:"BIN",test:/^[-+]?0b[0-1_]+$/,resolve:(t,e,r)=>fQ(t,2,2,r),stringify:t
`)?(r.push("..."),r.push(um.indentComment(A,""))):r.push(`... ${A}`)}else r.push("...");else{let A=t.comment;A&&o&&(A=A.replace(/^\n+/,"")),A&&((!o||a)&&r[r.length-1]!==""&&r.push(""),r.push(um.indentComment(s(A),"")))}return r.join(`
`)+`
`}L9.stringifyDocument=LDe});var dm=h(F9=>{"use strict";var MDe=Wg(),Dd=qB(),ki=He(),FDe=ka(),UDe=Ra(),qDe=Dk(),HDe=M9(),Pk=OB(),jDe=MD(),zDe=$g(),Tk=LD(),Ok=class t{constructor(e,r,n){this.commentBefore=null,this.comment=null,this.errors=[],this.warnings=[],Object.defineProperty(this,ki.NODE_TYPE,{value:ki.DOC});let i=null;typeof r=="function"||Array.isArray(r)?i=r:n===void 0&&r&&(n=r,r=void 0);let s=Object.assign({intAsBigInt:!1,keepSourceTokens:!1,logLevel:"warn",prettyErrors:!0,strict:!0,stringKeys:!1,uniqueKeys:!0,version:"1.2"},n);this.options=s;let{version:o}=s;n?._directives?(this.directives=n._directives.atDocument(),this.directives.yaml.explicit&&(o=this.directives.yaml.version)):this.directives=new Tk.Directives({version:o}),this.setSchema(o,n),this.contents=e===void 0?null:this.createNode(e,i,n)}clone(){let e=Object.create(t.prototype,{[ki.NODE_TYPE]:{value:ki.DOC}});return e.commentBefore=this.commentBefore,e.comment=this.comment,e.errors=this.errors.slice(),e.warnings=this.warnings.slice(),e.options=Object.assign({},this.options),this.directives&&(e.directives=this.directives.clone()),e.schema=this.schema.clone(),e.contents=ki.isNode(this.contents)?this.contents.clone(e.schema):this.contents,this.range&&(e.range=this.range.slice()),e}add(e){kd(this.contents)&&this.contents.add(e)}addIn(e,r){kd(this.contents)&&this.contents.addIn(e,r)}createAlias(e,r){if(!e.anchor){let n=Pk.anchorNames(this);e.anchor=!r||n.has(r)?Pk.findNewAnchor(r||"a",n):r}return new MDe.Alias(e.anchor)}createNode(e,r,n){let i;if(typeof r=="function")e=r.call({"":e},"",e),i=r;else if(Array.isArray(r)){let E=I=>typeof I=="number"||I instanceof String||I instanceof Number,C=r.filter(E).map(String);C.length>0&&(r=r.concat(C)),i=r}else n===void 0&&r&&(n=r,r=void 0);let{aliasDuplicateObjects:s,anchorPrefix:o,flow:a,keepUndefined:A,onTagObj:c,tag:l}=n??{},{onAnchor:u,setAnchors:d,sourceObjects:f}=Pk.createNodeAnchors(this,o||"a"),g={aliasDuplicateObjects:s??!0,keepUndefined:A??!1,onAnchor:u,onTagObj:c,replacer:i,schema:this.schema,sourceObjects:f},m=zDe.createNode(e,l,g);return a&&ki.isCollection(m)&&(m.flow=!0),d(),m}createPair(e,r,n={}){let i=this.createNode(e,null,n),s=this.createNode(r,null,n);return new FDe.Pair(i,s)}delete(e){return kd(this.contents)?this.contents.delete(e):!1}deleteIn(e){return Dd.isEmptyPath(e)?this.contents==null?!1:(this.contents=null,!0):kd(this.contents)?this.contents.deleteIn(e):!1}get(e,r){return ki.isCollection(this.contents)?this.contents.get(e,r):void 0}getIn(e,r){return Dd.isEmptyPath(e)?!r&&ki.isScalar(this.contents)?this.contents.value:this.contents:ki.isCollection(this.contents)?this.contents.getIn(e,r):void 0}has(e){return ki.isCollection(this.contents)?this.contents.has(e):!1}hasIn(e){return Dd.isEmptyPath(e)?this.contents!==void 0:ki.isCollection(this.contents)?this.contents.hasIn(e):!1}set(e,r){this.contents==null?this.contents=Dd.collectionFromPath(this.schema,[e],r):kd(this.contents)&&this.contents.set(e,r)}setIn(e,r){Dd.isEmptyPath(e)?this.contents=r:this.contents==null?this.contents=Dd.collectionFromPath(this.schema,Array.from(e),r):kd(this.contents)&&this.contents.setIn(e,r)}setSchema(e,r={}){typeof e=="number"&&(e=String(e));let n;switch(e){case"1.1":this.directives?this.directives.yaml.version="1.1":this.directives=new Tk.Directives({version:"1.1"}),n={resolveKnownTags:!1,schema:"yaml-1.1"};break;case"1.2":case"next":this.directives?this.directives.yaml.version=e:this.directives=new Tk.Directives({version:e}),n={resolveKnownTags:!0,schema:"core"};break;case null:this.directives&&delete this.directives,n=null;break;default:{let i=JSON.stringify(e);throw new Error(`Expected '1.1', '1.2' or null as first argument, but found: ${i}`)}}if(r.schema instanceof Object)this.schema=r.schema;else if(n)this.schema=new qDe.Schema(Object.assign(n,r));else throw new Error("With a null YAML version, the { schema: Schema } option is required")}toJS({json:e,jsonArg:r,mapAsMap:n,maxAliasCount:i,onAnchor:s,reviver:o}={}){let a={anchors:new Map,doc:this,keep:!e,mapAsMap:n===!0,mapKeyWarned:!1,maxAliasCount:typeof i=="
`),o=a+o}if(/[^ ]/.test(o)){let a=1,A=r.linePos[1];A&&A.line===n&&A.col>i&&(a=Math.max(1,Math.min(A.col-i,80-s)));let c=" ".repeat(s)+"^".repeat(a);r.message+=`:

${o}
${c}
`}};hm.YAMLError=fm;hm.YAMLParseError=Lk;hm.YAMLWarning=Mk;hm.prettifyError=GDe});var mm=h(U9=>{"use strict";function YDe(t,{flow:e,indicator:r,next:n,offset:i,onError:s,parentIndent:o,startOnNewline:a}){let A=!1,c=a,l=a,u="",d="",f=!1,g=!1,m=null,E=null,C=null,I=null,N=null,w=null,v=null;for(let k of t)switch(g&&(k.type!=="space"&&k.type!=="newline"&&k.type!=="comma"&&s(k.offset,"MISSING_CHAR","Tags and anchors must be separated from the next token by white space"),g=!1),m&&(c&&k.type!=="comment"&&k.type!=="newline"&&s(m,"TAB_AS_INDENT","Tabs are not allowed as indentation"),m=null),k.type){case"space":!e&&(r!=="doc-start"||n?.type!=="flow-collection")&&k.source.includes("	")&&(m=k),l=!0;break;case"comment":{l||s(k,"MISSING_CHAR","Comments must be separated from other tokens by white space characters");let J=k.source.substring(1)||" ";u?u+=d+J:u=J,d="",c=!1;break}case"newline":c?u?u+=k.source:(!w||r!=="seq-item-ind")&&(A=!0):d+=k.source,c=!0,f=!0,(E||C)&&(I=k),l=!0;break;case"anchor":E&&s(k,"MULTIPLE_ANCHORS","A node can have at most one anchor"),k.source.endsWith(":")&&s(k.offset+k.source.length-1,"BAD_ALIAS","Anchor ending in : is ambiguous",!0),E=k,v===null&&(v=k.offset),c=!1,l=!1,g=!0;break;case"tag":{C&&s(k,"MULTIPLE_TAGS","A node can have at most one tag"),C=k,v===null&&(v=k.offset),c=!1,l=!1,g=!0;break}case r:(E||C)&&s(k,"BAD_PROP_ORDER",`Anchors and tags must be after the ${k.source} indicator`),w&&s(k,"UNEXPECTED_TOKEN",`Unexpected ${k.source} in ${e??"collection"}`),w=k,c=r==="seq-item-ind"||r==="explicit-key-ind",l=!1;break;case"comma":if(e){N&&s(k,"UNEXPECTED_TOKEN",`Unexpected , in ${e}`),N=k,c=!1,l=!1;break}default:s(k,"UNEXPECTED_TOKEN",`Unexpected ${k.type} token`),c=!1,l=!1}let T=t[t.length-1],U=T?T.offset+T.source.length:i;return g&&n&&n.type!=="space"&&n.type!=="newline"&&n.type!=="comma"&&(n.type!=="scalar"||n.source!=="")&&s(n.offset,"MISSING_CHAR","Tags and anchors must be separated from the next token by white space"),m&&(c&&m.indent<=o||n?.type==="block-map"||n?.type==="block-seq")&&s(m,"TAB_AS_INDENT","Tabs are not allowed as indentation"),{comma:N,found:w,spaceBefore:A,comment:u,hasNewline:f,anchor:E,tag:C,newlineAfterProp:I,end:U,start:v??U}}U9.resolveProps=YDe});var IQ=h(q9=>{"use strict";function Fk(t){if(!t)return null;switch(t.type){case"alias":case"scalar":case"double-quoted-scalar":case"single-quoted-scalar":if(t.source.includes(`
`))return!0;if(t.end){for(let e of t.end)if(e.type==="newline")return!0}return!1;case"flow-collection":for(let e of t.items){for(let r of e.start)if(r.type==="newline")return!0;if(e.sep){for(let r of e.sep)if(r.type==="newline")return!0}if(Fk(e.key)||Fk(e.value))return!0}return!1;default:return!0}}q9.containsNewline=Fk});var Uk=h(H9=>{"use strict";var JDe=IQ();function VDe(t,e,r){if(e?.type==="flow-collection"){let n=e.end[0];n.indent===t&&(n.source==="]"||n.source==="}")&&JDe.containsNewline(e)&&r(n,"BAD_INDENT","Flow end indicator should be more indented than parent",!0)}}H9.flowIndentCheck=VDe});var qk=h(z9=>{"use strict";var j9=He();function WDe(t,e,r){let{uniqueKeys:n}=t.options;if(n===!1)return!1;let i=typeof n=="function"?n:(s,o)=>s===o||j9.isScalar(s)&&j9.isScalar(o)&&s.value===o.value;return e.some(s=>i(s.key,r))}z9.mapIncludes=WDe});var $9=h(W9=>{"use strict";var G9=ka(),$De=Ta(),Y9=mm(),KDe=IQ(),J9=Uk(),XDe=qk(),V9="All mapping items must start at the same column";function ZDe({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=s?.nodeClass??$De.YAMLMap,a=new o(r.schema);r.atRoot&&(r.atRoot=!1);let A=n.offset,c=null;for(let l of n.items){let{start:u,key:d,sep:f,value:g}=l,m=Y9.resolveProps(u,{indicator:"explicit-key-ind",next:d??f?.[0],offset:A,onError:i,parentIndent:n.indent,startOnNewline:!0}),E=!m.found;if(E){if(d&&(d.type==="block-seq"?i(A,"BLOCK_AS_IMPLICIT_KEY","A block sequence may not be used as an implicit map key"):"indent"in d&&d.indent!==n.indent&&i(A,"BAD_INDENT",V9)),!m.anchor&&!m.tag&&!f){c=m.end,m.comment&&(a.comment?a.comment+=`
`+m.comment:a.comment=m.comment);continue}(m.newlineAfterProp||KDe.containsNewline(d))&&i(d??u[u.length-1],"MULTILINE_IMPLICIT_KEY","Implicit keys need to be on a single line")}else m.found?.indent!==n.indent&&i(A,"BAD_INDENT",V9);r.atKey=!0;let C=m.end,I=d?t(r,d,m,i):e(r,C,u,null,m,i);r.schema.compat&&J9.flowIndentCheck(n.indent,d,i),r.atKey=!1,XDe.mapIncludes(r,a.items,I)&&i(C,"DUPLICATE_KEY","Map keys must be unique");let N=Y9.resolveProps(f??[],{indicator:"map-value-ind",next:g,offset:I.range[2],onError:i,parentIndent:n.indent,startOnNewline:!d||d.type==="block-scalar"});if(A=N.end,N.found){E&&(g?.type==="block-map"&&!N.hasNewline&&i(A,"BLOCK_AS_IMPLICIT_KEY","Nested mappings are not allowed in compact mappings"),r.options.strict&&m.start<N.found.offset-1024&&i(I.range,"KEY_OVER_1024_CHARS","The : indicator must be at most 1024 chars after the start of an implicit block mapping key"));let w=g?t(r,g,N,i):e(r,A,f,null,N,i);r.schema.compat&&J9.flowIndentCheck(n.indent,g,i),A=w.range[2];let v=new G9.Pair(I,w);r.options.keepSourceTokens&&(v.srcToken=l),a.items.push(v)}else{E&&i(I.range,"MISSING_CHAR","Implicit map keys need to be followed by map values"),N.comment&&(I.comment?I.comment+=`
`+N.comment:I.comment=N.comment);let w=new G9.Pair(I);r.options.keepSourceTokens&&(w.srcToken=l),a.items.push(w)}}return c&&c<A&&i(c,"IMPOSSIBLE","Map comment with trailing content"),a.range=[n.offset,A,c??A],a}W9.resolveBlockMap=ZDe});var X9=h(K9=>{"use strict";var eke=Oa(),tke=mm(),rke=Uk();function nke({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=s?.nodeClass??eke.YAMLSeq,a=new o(r.schema);r.atRoot&&(r.atRoot=!1),r.atKey&&(r.atKey=!1);let A=n.offset,c=null;for(let{start:l,value:u}of n.items){let d=tke.resolveProps(l,{indicator:"seq-item-ind",next:u,offset:A,onError:i,parentIndent:n.indent,startOnNewline:!0});if(!d.found)if(d.anchor||d.tag||u)u&&u.type==="block-seq"?i(d.end,"BAD_INDENT","All sequence items must start at the same column"):i(A,"MISSING_CHAR","Sequence item without - indicator");else{c=d.end,d.comment&&(a.comment=d.comment);continue}let f=u?t(r,u,d,i):e(r,d.end,l,null,d,i);r.schema.compat&&rke.flowIndentCheck(n.indent,u,i),A=f.range[2],a.items.push(f)}return a.range=[n.offset,A,c??A],a}K9.resolveBlockSeq=nke});var Pd=h(Z9=>{"use strict";function ike(t,e,r,n){let i="";if(t){let s=!1,o="";for(let a of t){let{source:A,type:c}=a;switch(c){case"space":s=!0;break;case"comment":{r&&!s&&n(a,"MISSING_CHAR","Comments must be separated from other tokens by white space characters");let l=A.substring(1)||" ";i?i+=o+l:i=l,o="";break}case"newline":i&&(o+=A),s=!0;break;default:n(a,"UNEXPECTED_TOKEN",`Unexpected ${c} at node end`)}e+=A.length}}return{comment:i,offset:e}}Z9.resolveEnd=ike});var n8=h(r8=>{"use strict";var ske=He(),oke=ka(),e8=Ta(),ake=Oa(),Ake=Pd(),t8=mm(),cke=IQ(),lke=qk(),Hk="Block collections are not allowed within flow collections",jk=t=>t&&(t.type==="block-map"||t.type==="block-seq");function uke({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=n.start.source==="{",a=o?"flow map":"flow sequence",A=s?.nodeClass??(o?e8.YAMLMap:ake.YAMLSeq),c=new A(r.schema);c.flow=!0;let l=r.atRoot;l&&(r.atRoot=!1),r.atKey&&(r.atKey=!1);let u=n.offset+n.start.source.length;for(let E=0;E<n.items.length;++E){let C=n.items[E],{start:I,key:N,sep:w,value:v}=C,T=t8.resolveProps(I,{flow:a,indicator:"explicit-key-ind",next:N??w?.[0],offset:u,onError:i,parentIndent:n.indent,startOnNewline:!1});if(!T.found){if(!T.anchor&&!T.tag&&!w&&!v){E===0&&T.comma?i(T.comma,"UNEXPECTED_TOKEN",`Unexpected , in ${a}`):E<n.items.length-1&&i(T.start,"UNEXPECTED_TOKEN",`Unexpected empty item in ${a}`),T.comment&&(c.comment?c.comment+=`
`+T.comment:c.comment=T.comment),u=T.end;continue}!o&&r.options.strict&&cke.containsNewline(N)&&i(N,"MULTILINE_IMPLICIT_KEY","Implicit keys of flow sequence pairs need to be on a single line")}if(E===0)T.comma&&i(T.comma,"UNEXPECTED_TOKEN",`Unexpected , in ${a}`);else if(T.comma||i(T.start,"MISSING_CHAR",`Missing , between ${a} items`),T.comment){let U="";e:for(let k of I)switch(k.type){case"comma":case"space":break;case"comment":U=k.source.substring(1);break e;default:break e}if(U){let k=c.items[c.items.length-1];ske.isPair(k)&&(k=k.value??k.key),k.comment?k.comment+=`
`+U:k.comment=U,T.comment=T.comment.substring(U.length+1)}}if(!o&&!w&&!T.found){let U=v?t(r,v,T,i):e(r,T.end,w,null,T,i);c.items.push(U),u=U.range[2],jk(v)&&i(U.range,"BLOCK_IN_FLOW",Hk)}else{r.atKey=!0;let U=T.end,k=N?t(r,N,T,i):e(r,U,I,null,T,i);jk(N)&&i(k.range,"BLOCK_IN_FLOW",Hk),r.atKey=!1;let J=t8.resolveProps(w??[],{flow:a,indicator:"map-value-ind",next:v,offset:k.range[2],onError:i,parentIndent:n.indent,startOnNewline:!1});if(J.found){if(!o&&!T.found&&r.options.strict){if(w)for(let H of w){if(H===J.found)break;if(H.type==="newline"){i(H,"MULTILINE_IMPLICIT_KEY","Implicit keys of flow sequence pairs need to be on a single line");break}}T.start<J.found.offset-1024&&i(J.found,"KEY_OVER_1024_CHARS","The : indicator must be at most 1024 chars after the start of an implicit flow sequence key")}}else v&&("source"in v&&v.source&&v.source[0]===":"?i(v,"MISSING_CHAR",`Missing space after : in ${a}`):i(J.start,"MISSING_CHAR",`Missing , or : between ${a} items`));let be=v?t(r,v,J,i):J.found?e(r,J.end,w,null,J,i):null;be?jk(v)&&i(be.range,"BLOCK_IN_FLOW",Hk):J.comment&&(k.comment?k.comment+=`
`+J.comment:k.comment=J.comment);let Re=new oke.Pair(k,be);if(r.options.keepSourceTokens&&(Re.srcToken=C),o){let H=c;lke.mapIncludes(r,H.items,k)&&i(U,"DUPLICATE_KEY","Map keys must be unique"),H.items.push(Re)}else{let H=new e8.YAMLMap(r.schema);H.flow=!0,H.items.push(Re);let _e=(be??k).range;H.range=[k.range[0],_e[1],_e[2]],c.items.push(H)}u=be?be.range[2]:J.end}}let d=o?"}":"]",[f,...g]=n.end,m=u;if(f&&f.source===d)m=f.offset+f.source.length;else{let E=a[0].toUpperCase()+a.substring(1),C=l?`${E} must end with a ${d}`:`${E} in block collection must be sufficiently indented and end with a ${d}`;i(u,l?"MISSING_CHAR":"BAD_INDENT",C),f&&f.source.length!==1&&g.unshift(f)}if(g.length>0){let E=Ake.resolveEnd(g,m,r.options.strict,i);E.comment&&(c.comment?c.comment+=`
`+E.comment:c.comment=E.comment),c.range=[n.offset,m,E.offset]}else c.range=[n.offset,m,m];return c}r8.resolveFlowCollection=uke});var s8=h(i8=>{"use strict";var dke=He(),fke=sr(),hke=Ta(),gke=Oa(),mke=$9(),pke=X9(),yke=n8();function zk(t,e,r,n,i,s){let o=r.type==="block-map"?mke.resolveBlockMap(t,e,r,n,s):r.type==="block-seq"?pke.resolveBlockSeq(t,e,r,n,s):yke.resolveFlowCollection(t,e,r,n,s),a=o.constructor;return i==="!"||i===a.tagName?(o.tag=a.tagName,o):(i&&(o.tag=i),o)}function Eke(t,e,r,n,i){let s=n.tag,o=s?e.directives.tagName(s.source,d=>i(s,"TAG_RESOLVE_FAILED",d)):null;if(r.type==="block-seq"){let{anchor:d,newlineAfterProp:f}=n,g=d&&s?d.offset>s.offset?d:s:d??s;g&&(!f||f.offset<g.offset)&&i(g,"MISSING_CHAR","Missing newline after block sequence props")}let a=r.type==="block-map"?"map":r.type==="block-seq"?"seq":r.start.source==="{"?"map":"seq";if(!s||!o||o==="!"||o===hke.YAMLMap.tagName&&a==="map"||o===gke.YAMLSeq.tagName&&a==="seq")return zk(t,e,r,i,o);let A=e.schema.tags.find(d=>d.tag===o&&d.collection===a);if(!A){let d=e.schema.knownTags[o];if(d&&d.collection===a)e.schema.tags.push(Object.assign({},d,{default:!1})),A=d;else return d?.collection?i(s,"BAD_COLLECTION_TYPE",`${d.tag} used for ${a} collection, but expects ${d.collection}`,!0):i(s,"TAG_RESOLVE_FAILED",`Unresolved tag: ${o}`,!0),zk(t,e,r,i,o)}let c=zk(t,e,r,i,o,A),l=A.resolve?.(c,d=>i(s,"TAG_RESOLVE_FAILED",d),e.options)??c,u=dke.isNode(l)?l:new fke.Scalar(l);return u.range=c.range,u.tag=o,A?.format&&(u.format=A.format),u}i8.composeCollection=Eke});var Yk=h(o8=>{"use strict";var Gk=sr();function Cke(t,e,r){let n=e.offset,i=Ike(e,t.options.strict,r);if(!i)return{value:"",type:null,comment:"",range:[n,n,n]};let s=i.mode===">"?Gk.Scalar.BLOCK_FOLDED:Gk.Scalar.BLOCK_LITERAL,o=e.source?Bke(e.source):[],a=o.length;for(let m=o.length-1;m>=0;--m){let E=o[m][1];if(E===""||E==="\r")a=m;else break}if(a===0){let m=i.chomp==="+"&&o.length>0?`
`.repeat(Math.max(1,o.length-1)):"",E=n+i.length;return e.source&&(E+=e.source.length),{value:m,type:s,comment:i.comment,range:[n,E,E]}}let A=e.indent+i.indent,c=e.offset+i.length,l=0;for(let m=0;m<a;++m){let[E,C]=o[m];if(C===""||C==="\r")i.indent===0&&E.length>A&&(A=E.length);else{E.length<A&&r(c+E.length,"MISSING_CHAR","Block scalars with more-indented leading empty lines must use an explicit indentation indicator"),i.indent===0&&(A=E.length),l=m,A===0&&!t.atRoot&&r(c,"BAD_INDENT","Block scalar values in collections must be indented");break}c+=E.length+C.length+1}for(let m=o.length-1;m>=a;--m)o[m][0].length>A&&(a=m+1);let u="",d="",f=!1;for(let m=0;m<l;++m)u+=o[m][0].slice(A)+`
`;for(let m=l;m<a;++m){let[E,C]=o[m];c+=E.length+C.length+1;let I=C[C.length-1]==="\r";if(I&&(C=C.slice(0,-1)),C&&E.length<A){let w=`Block scalar lines must not be less indented than their ${i.indent?"explicit indentation indicator":"first line"}`;r(c-C.length-(I?2:1),"BAD_INDENT",w),E=""}s===Gk.Scalar.BLOCK_LITERAL?(u+=d+E.slice(A)+C,d=`
`):E.length>A||C[0]==="	"?(d===" "?d=`
`:!f&&d===`
`&&(d=`

`),u+=d+E.slice(A)+C,d=`
`,f=!0):C===""?d===`
`?u+=`
`:d=`
`:(u+=d+C,d=" ",f=!1)}switch(i.chomp){case"-":break;case"+":for(let m=a;m<o.length;++m)u+=`
`+o[m][0].slice(A);u[u.length-1]!==`
`&&(u+=`
`);break;default:u+=`
`}let g=n+i.length+e.source.length;return{value:u,type:s,comment:i.comment,range:[n,g,g]}}function Ike({offset:t,props:e},r,n){if(e[0].type!=="block-scalar-header")return n(e[0],"IMPOSSIBLE","Block scalar header not found"),null;let{source:i}=e[0],s=i[0],o=0,a="",A=-1;for(let d=1;d<i.length;++d){let f=i[d];if(!a&&(f==="-"||f==="+"))a=f;else{let g=Number(f);!o&&g?o=g:A===-1&&(A=t+d)}}A!==-1&&n(A,"UNEXPECTED_TOKEN",`Block scalar header includes extra characters: ${i}`);let c=!1,l="",u=i.length;for(let d=1;d<e.length;++d){let f=e[d];switch(f.type){case"space":c=!0;case"newline":u+=f.source.length;break;case"comment":r&&!c&&n(f,"MISSING_CHAR","Comments must be separated from other tokens by white space characters"),u+=f.source.length,l=f.source.substring(1);break;case"error":n(f,"UNEXPECTED_TOKEN",f.message),u+=f.source.length;break;default:{let g=`Unexpected token in block scalar header: ${f.type}`;n(f,"UNEXPECTED_TOKEN",g);let m=f.source;m&&typeof m=="string"&&(u+=m.length)}}}return{mode:s,indent:o,chomp:a,comment:l,length:u}}function Bke(t){let e=t.split(/\n( *)/),r=e[0],n=r.match(/^( *)/),s=[n?.[1]?[n[1],r.slice(n[1].length)]:["",r]];for(let o=1;o<e.length;o+=2)s.push([e[o],e[o+1]]);return s}o8.resolveBlockScalar=Cke});var Vk=h(A8=>{"use strict";var Jk=sr(),Qke=Pd();function bke(t,e,r){let{offset:n,type:i,source:s,end:o}=t,a,A,c=(d,f,g)=>r(n+d,f,g);switch(i){case"scalar":a=Jk.Scalar.PLAIN,A=Nke(s,c);break;case"single-quoted-scalar":a=Jk.Scalar.QUOTE_SINGLE,A=wke(s,c);break;case"double-quoted-scalar":a=Jk.Scalar.QUOTE_DOUBLE,A=Ske(s,c);break;default:return r(t,"UNEXPECTED_TOKEN",`Expected a flow scalar value, but found: ${i}`),{value:"",type:null,comment:"",range:[n,n+s.length,n+s.length]}}let l=n+s.length,u=Qke.resolveEnd(o,l,e,r);return{value:A,type:a,comment:u.comment,range:[n,l,u.offset]}}function Nke(t,e){let r="";switch(t[0]){case"	":r="a tab character";break;case",":r="flow indicator character ,";break;case"%":r="directive indicator character %";break;case"|":case">":{r=`block scalar indicator ${t[0]}`;break}case"@":case"`":{r=`reserved character ${t[0]}`;break}}return r&&e(0,"BAD_SCALAR_START",`Plain value cannot start with ${r}`),a8(t)}function wke(t,e){return(t[t.length-1]!=="'"||t.length===1)&&e(t.length,"MISSING_CHAR","Missing closing 'quote"),a8(t.slice(1,-1)).replace(/''/g,"'")}function a8(t){let e,r;try{e=new RegExp(`(.*?)(?<![ 	])[ 	]*\r?
`,"sy"),r=new RegExp(`[ 	]*(.*?)(?:(?<![ 	])[ 	]*)?\r?
`,"sy")}catch{e=/(.*?)[ \t]*\r?\n/sy,r=/[ \t]*(.*?)[ \t]*\r?\n/sy}let n=e.exec(t);if(!n)return t;let i=n[1],s=" ",o=e.lastIndex;for(r.lastIndex=o;n=r.exec(t);)n[1]===""?s===`
`?i+=s:s=`
`:(i+=s+n[1],s=" "),o=r.lastIndex;let a=/[ \t]*(.*)/sy;return a.lastIndex=o,n=a.exec(t),i+s+(n?.[1]??"")}function Ske(t,e){let r="";for(let n=1;n<t.length-1;++n){let i=t[n];if(!(i==="\r"&&t[n+1]===`
`))if(i===`
`){let{fold:s,offset:o}=xke(t,n);r+=s,n=o}else if(i==="\\"){let s=t[++n],o=Rke[s];if(o)r+=o;else if(s===`
`)for(s=t[n+1];s===" "||s==="	";)s=t[++n+1];else if(s==="\r"&&t[n+1]===`
`)for(s=t[++n+1];s===" "||s==="	";)s=t[++n+1];else if(s==="x"||s==="u"||s==="U"){let a={x:2,u:4,U:8}[s];r+=vke(t,n+1,a,e),n+=a}else{let a=t.substr(n-1,2);e(n-1,"BAD_DQ_ESCAPE",`Invalid escape sequence ${a}`),r+=a}}else if(i===" "||i==="	"){let s=n,o=t[n+1];for(;o===" "||o==="	";)o=t[++n+1];o!==`
`&&!(o==="\r"&&t[n+2]===`
`)&&(r+=n>s?t.slice(s,n+1):i)}else r+=i}return(t[t.length-1]!=='"'||t.length===1)&&e(t.length,"MISSING_CHAR",'Missing closing "quote'),r}function xke(t,e){let r="",n=t[e+1];for(;(n===" "||n==="	"||n===`
`||n==="\r")&&!(n==="\r"&&t[e+2]!==`
`);)n===`
`&&(r+=`
`),e+=1,n=t[e+1];return r||(r=" "),{fold:r,offset:e}}var Rke={0:"\0",a:"\x07",b:"\b",e:"\x1B",f:"\f",n:`
`,r:"\r",t:"	",v:"\v",N:"\x85",_:"\xA0",L:"\u2028",P:"\u2029"," ":" ",'"':'"',"/":"/","\\":"\\","	":"	"};function vke(t,e,r,n){let i=t.substr(e,r),o=i.length===r&&/^[0-9a-fA-F]+$/.test(i)?parseInt(i,16):NaN;if(isNaN(o)){let a=t.substr(e-2,r+2);return n(e-2,"BAD_DQ_ESCAPE",`Invalid escape sequence ${a}`),a}return String.fromCodePoint(o)}A8.resolveFlowScalar=bke});var u8=h(l8=>{"use strict";var VA=He(),c8=sr(),_ke=Yk(),Dke=Vk();function kke(t,e,r,n){let{value:i,type:s,comment:o,range:a}=e.type==="block-scalar"?_ke.resolveBlockScalar(t,e,n):Dke.resolveFlowScalar(e,t.options.strict,n),A=r?t.directives.tagName(r.source,u=>n(r,"TAG_RESOLVE_FAILED",u)):null,c;t.options.stringKeys&&t.atKey?c=t.schema[VA.SCALAR]:A?c=Pke(t.schema,i,A,r,n):e.type==="scalar"?c=Tke(t,i,e,n):c=t.schema[VA.SCALAR];let l;try{let u=c.resolve(i,d=>n(r??e,"TAG_RESOLVE_FAILED",d),t.options);l=VA.isScalar(u)?u:new c8.Scalar(u)}catch(u){let d=u instanceof Error?u.message:String(u);n(r??e,"TAG_RESOLVE_FAILED",d),l=new c8.Scalar(i)}return l.range=a,l.source=i,s&&(l.type=s),A&&(l.tag=A),c.format&&(l.format=c.format),o&&(l.comment=o),l}function Pke(t,e,r,n,i){if(r==="!")return t[VA.SCALAR];let s=[];for(let a of t.tags)if(!a.collection&&a.tag===r)if(a.default&&a.test)s.push(a);else return a;for(let a of s)if(a.test?.test(e))return a;let o=t.knownTags[r];return o&&!o.collection?(t.tags.push(Object.assign({},o,{default:!1,test:void 0})),o):(i(n,"TAG_RESOLVE_FAILED",`Unresolved tag: ${r}`,r!=="tag:yaml.org,2002:str"),t[VA.SCALAR])}function Tke({atKey:t,directives:e,schema:r},n,i,s){let o=r.tags.find(a=>(a.default===!0||t&&a.default==="key")&&a.test?.test(n))||r[VA.SCALAR];if(r.compat){let a=r.compat.find(A=>A.default&&A.test?.test(n))??r[VA.SCALAR];if(o.tag!==a.tag){let A=e.tagString(o.tag),c=e.tagString(a.tag),l=`Value may be parsed as either ${A} or ${c}`;s(i,"TAG_RESOLVE_FAILED",l,!0)}}return o}l8.composeScalar=kke});var f8=h(d8=>{"use strict";function Oke(t,e,r){if(e){r===null&&(r=e.length);for(let n=r-1;n>=0;--n){let i=e[n];switch(i.type){case"space":case"comment":case"newline":t-=i.source.length;continue}for(i=e[++n];i?.type==="space";)t+=i.source.length,i=e[++n];break}}return t}d8.emptyScalarPosition=Oke});var m8=h($k=>{"use strict";var Lke=Wg(),Mke=He(),Fke=s8(),h8=u8(),Uke=Pd(),qke=f8(),Hke={composeNode:g8,composeEmptyNode:Wk};function g8(t,e,r,n){let i=t.atKey,{spaceBefore:s,comment:o,anchor:a,tag:A}=r,c,l=!0;switch(e.type){case"alias":c=jke(t,e,n),(a||A)&&n(e,"ALIAS_PROPS","An alias node must not specify any properties");break;case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":case"block-scalar":c=h8.composeScalar(t,e,A,n),a&&(c.anchor=a.source.substring(1));break;case"block-map":case"block-seq":case"flow-collection":c=Fke.composeCollection(Hke,t,e,r,n),a&&(c.anchor=a.source.substring(1));break;default:{let u=e.type==="error"?e.message:`Unsupported token (type: ${e.type})`;n(e,"UNEXPECTED_TOKEN",u),c=Wk(t,e.offset,void 0,null,r,n),l=!1}}return a&&c.anchor===""&&n(a,"BAD_ALIAS","Anchor cannot be an empty string"),i&&t.options.stringKeys&&(!Mke.isScalar(c)||typeof c.value!="string"||c.tag&&c.tag!=="tag:yaml.org,2002:str")&&n(A??e,"NON_STRING_KEY","With stringKeys, all keys must be strings"),s&&(c.spaceBefore=!0),o&&(e.type==="scalar"&&e.source===""?c.comment=o:c.commentBefore=o),t.options.keepSourceTokens&&l&&(c.srcToken=e),c}function Wk(t,e,r,n,{spaceBefore:i,comment:s,anchor:o,tag:a,end:A},c){let l={type:"scalar",offset:qke.emptyScalarPosition(e,r,n),indent:-1,source:""},u=h8.composeScalar(t,l,a,c);return o&&(u.anchor=o.source.substring(1),u.anchor===""&&c(o,"BAD_ALIAS","Anchor cannot be an empty string")),i&&(u.spaceBefore=!0),s&&(u.comment=s,u.range[2]=A),u}function jke({options:t},{offset:e,source:r,end:n},i){let s=new Lke.Alias(r.substring(1));s.source===""&&i(e,"BAD_ALIAS","Alias cannot be an empty string"),s.source.endsWith(":")&&i(e+r.length-1,"BAD_ALIAS","Alias ending in : is ambiguous",!0);let o=e+r.length,a=Uke.resolveEnd(n,o,t.strict,i);return s.range=[e,o,a.offset],a.comment&&(s.comment=a.comment),s}$k.composeEmptyNode=Wk;$k.co

`:`
`)+(s.substring(1)||" "),r=!0,n=!1;break;case"%":t[i+1]?.[0]!=="#"&&(i+=1),r=!1;break;default:r||(n=!0),r=!1}}return{comment:e,afterEmptyLine:n}}var Kk=class{constructor(e={}){this.doc=null,this.atDirectives=!1,this.prelude=[],this.errors=[],this.warnings=[],this.onError=(r,n,i,s)=>{let o=ym(r);s?this.warnings.push(new pm.YAMLWarning(o,n,i)):this.errors.push(new pm.YAMLParseError(o,n,i))},this.directives=new Wke.Directives({version:e.version||"1.2"}),this.options=e}decorate(e,r){let{comment:n,afterEmptyLine:i}=I8(this.prelude);if(n){let s=e.contents;if(r)e.comment=e.comment?`${e.comment}
${n}`:n;else if(i||e.directives.docStart||!s)e.commentBefore=n;else if(C8.isCollection(s)&&!s.flow&&s.items.length>0){let o=s.items[0];C8.isPair(o)&&(o=o.key);let a=o.commentBefore;o.commentBefore=a?`${n}
${a}`:n}else{let o=s.commentBefore;s.commentBefore=o?`${n}
${o}`:n}}r?(Array.prototype.push.apply(e.errors,this.errors),Array.prototype.push.apply(e.warnings,this.warnings)):(e.errors=this.errors,e.warnings=this.warnings),this.prelude=[],this.errors=[],this.warnings=[]}streamInfo(){return{comment:I8(this.prelude).comment,directives:this.directives,errors:this.errors,warnings:this.warnings}}*compose(e,r=!1,n=-1){for(let i of e)yield*this.next(i);yield*this.end(r,n)}*next(e){switch(Vke.env.LOG_STREAM&&console.dir(e,{depth:null}),e.type){case"directive":this.directives.add(e.source,(r,n,i)=>{let s=ym(e);s[0]+=r,this.onError(s,"BAD_DIRECTIVE",n,i)}),this.prelude.push(e.source),this.atDirectives=!0;break;case"document":{let r=Kke.composeDoc(this.options,this.directives,e,this.onError);this.atDirectives&&!r.directives.docStart&&this.onError(e,"MISSING_CHAR","Missing directives-end/doc-start indicator line"),this.decorate(r,!1),this.doc&&(yield this.doc),this.doc=r,this.atDirectives=!1;break}case"byte-order-mark":case"space":break;case"comment":case"newline":this.prelude.push(e.source);break;case"error":{let r=e.source?`${e.message}: ${JSON.stringify(e.source)}`:e.message,n=new pm.YAMLParseError(ym(e),"UNEXPECTED_TOKEN",r);this.atDirectives||!this.doc?this.errors.push(n):this.doc.errors.push(n);break}case"doc-end":{if(!this.doc){let n="Unexpected doc-end without preceding document";this.errors.push(new pm.YAMLParseError(ym(e),"UNEXPECTED_TOKEN",n));break}this.doc.directives.docEnd=!0;let r=Xke.resolveEnd(e.end,e.offset+e.source.length,this.doc.options.strict,this.onError);if(this.decorate(this.doc,!0),r.comment){let n=this.doc.comment;this.doc.comment=n?`${n}
${r.comment}`:r.comment}this.doc.range[2]=r.offset;break}default:this.errors.push(new pm.YAMLParseError(ym(e),"UNEXPECTED_TOKEN",`Unsupported token ${e.type}`))}}*end(e=!1,r=-1){if(this.doc)this.decorate(this.doc,!0),yield this.doc,this.doc=null;else if(e){let n=Object.assign({_directives:this.directives},this.options),i=new $ke.Document(void 0,n);this.atDirectives&&this.onError(r,"MISSING_CHAR","Missing directives-end indicator line"),i.range=[0,r,r],this.decorate(i,!1),yield i}}};B8.Composer=Kk});var N8=h(BQ=>{"use strict";var Zke=Yk(),ePe=Vk(),tPe=gm(),Q8=em();function rPe(t,e=!0,r){if(t){let n=(i,s,o)=>{let a=typeof i=="number"?i:Array.isArray(i)?i[0]:i.offset;if(r)r(a,s,o);else throw new tPe.YAMLParseError([a,a+1],s,o)};switch(t.type){case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return ePe.resolveFlowScalar(t,e,n);case"block-scalar":return Zke.resolveBlockScalar({options:{strict:e}},t,n)}}return null}function nPe(t,e){let{implicitKey:r=!1,indent:n,inFlow:i=!1,offset:s=-1,type:o="PLAIN"}=e,a=Q8.stringifyString({type:o,value:t},{implicitKey:r,indent:n>0?" ".repeat(n):"",inFlow:i,options:{blockQuote:!0,lineWidth:-1}}),A=e.end??[{type:"newline",offset:-1,indent:n,source:`
`}];switch(a[0]){case"|":case">":{let c=a.indexOf(`
`),l=a.substring(0,c),u=a.substring(c+1)+`
`,d=[{type:"block-scalar-header",offset:s,indent:n,source:l}];return b8(d,A)||d.push({type:"newline",offset:-1,indent:n,source:`
`}),{type:"block-scalar",offset:s,indent:n,props:d,source:u}}case'"':return{type:"double-quoted-scalar",offset:s,indent:n,source:a,end:A};case"'":return{type:"single-quoted-scalar",offset:s,indent:n,source:a,end:A};default:return{type:"scalar",offset:s,indent:n,source:a,end:A}}}function iPe(t,e,r={}){let{afterKey:n=!1,implicitKey:i=!1,inFlow:s=!1,type:o}=r,a="indent"in t?t.indent:null;if(n&&typeof a=="number"&&(a+=2),!o)switch(t.type){case"single-quoted-scalar":o="QUOTE_SINGLE";break;case"double-quoted-scalar":o="QUOTE_DOUBLE";break;case"block-scalar":{let c=t.props[0];if(c.type!=="block-scalar-header")throw new Error("Invalid block scalar header");o=c.source[0]===">"?"BLOCK_FOLDED":"BLOCK_LITERAL";break}default:o="PLAIN"}let A=Q8.stringifyString({type:o,value:e},{implicitKey:i||a===null,indent:a!==null&&a>0?" ".repeat(a):"",inFlow:s,options:{blockQuote:!0,lineWidth:-1}});switch(A[0]){case"|":case">":sPe(t,A);break;case'"':Zk(t,A,"double-quoted-scalar");break;case"'":Zk(t,A,"single-quoted-scalar");break;default:Zk(t,A,"scalar")}}function sPe(t,e){let r=e.indexOf(`
`),n=e.substring(0,r),i=e.substring(r+1)+`
`;if(t.type==="block-scalar"){let s=t.props[0];if(s.type!=="block-scalar-header")throw new Error("Invalid block scalar header");s.source=n,t.source=i}else{let{offset:s}=t,o="indent"in t?t.indent:-1,a=[{type:"block-scalar-header",offset:s,indent:o,source:n}];b8(a,"end"in t?t.end:void 0)||a.push({type:"newline",offset:-1,indent:o,source:`
`});for(let A of Object.keys(t))A!=="type"&&A!=="offset"&&delete t[A];Object.assign(t,{type:"block-scalar",indent:o,props:a,source:i})}}function b8(t,e){if(e)for(let r of e)switch(r.type){case"space":case"comment":t.push(r);break;case"newline":return t.push(r),!0}return!1}function Zk(t,e,r){switch(t.type){case"scalar":case"double-quoted-scalar":case"single-quoted-scalar":t.type=r,t.source=e;break;case"block-scalar":{let n=t.props.slice(1),i=e.length;t.props[0].type==="block-scalar-header"&&(i-=t.props[0].source.length);for(let s of n)s.offset+=i;delete t.props,Object.assign(t,{type:r,source:e,end:n});break}case"block-map":case"block-seq":{let i={type:"newline",offset:t.offset+e.length,indent:t.indent,source:`
`};delete t.items,Object.assign(t,{type:r,source:e,end:[i]});break}default:{let n="indent"in t?t.indent:-1,i="end"in t&&Array.isArray(t.end)?t.end.filter(s=>s.type==="space"||s.type==="comment"||s.type==="newline"):[];for(let s of Object.keys(t))s!=="type"&&s!=="offset"&&delete t[s];Object.assign(t,{type:r,indent:n,source:e,end:i})}}}BQ.createScalarToken=nPe;BQ.resolveAsScalar=rPe;BQ.setScalarValue=iPe});var S8=h(w8=>{"use strict";var oPe=t=>"type"in t?bQ(t):QQ(t);function bQ(t){switch(t.type){case"block-scalar":{let e="";for(let r of t.props)e+=bQ(r);return e+t.source}case"block-map":case"block-seq":{let e="";for(let r of t.items)e+=QQ(r);return e}case"flow-collection":{let e=t.start.source;for(let r of t.items)e+=QQ(r);for(let r of t.end)e+=r.source;return e}case"document":{let e=QQ(t);if(t.end)for(let r of t.end)e+=r.source;return e}default:{let e=t.source;if("end"in t&&t.end)for(let r of t.end)e+=r.source;return e}}}function QQ({start:t,key:e,sep:r,value:n}){let i="";for(let s of t)i+=s.source;if(e&&(i+=bQ(e)),r)for(let s of r)i+=s.source;return n&&(i+=bQ(n)),i}w8.stringify=oPe});var _8=h(v8=>{"use strict";var eP=Symbol("break visit"),aPe=Symbol("skip children"),x8=Symbol("remove item");function WA(t,e){"type"in t&&t.type==="document"&&(t={start:t.start,value:t.value}),R8(Object.freeze([]),t,e)}WA.BREAK=eP;WA.SKIP=aPe;WA.REMOVE=x8;WA.itemAtPath=(t,e)=>{let r=t;for(let[n,i]of e){let s=r?.[n];if(s&&"items"in s)r=s.items[i];else return}return r};WA.parentCollection=(t,e)=>{let r=WA.itemAtPath(t,e.slice(0,-1)),n=e[e.length-1][0],i=r?.[n];if(i&&"items"in i)return i;throw new Error("Parent collection not found")};function R8(t,e,r){let n=r(e,t);if(typeof n=="symbol")return n;for(let i of["key","value"]){let s=e[i];if(s&&"items"in s){for(let o=0;o<s.items.length;++o){let a=R8(Object.freeze(t.concat([[i,o]])),s.items[o],r);if(typeof a=="number")o=a-1;else{if(a===eP)return eP;a===x8&&(s.items.splice(o,1),o-=1)}}typeof n=="function"&&i==="key"&&(n=n(e,t))}}return typeof n=="function"?n(e,t):n}v8.visit=WA});var NQ=h(Pn=>{"use strict";var tP=N8(),APe=S8(),cPe=_8(),rP="\uFEFF",nP="",iP="",sP="",lPe=t=>!!t&&"items"in t,uPe=t=>!!t&&(t.type==="scalar"||t.type==="single-quoted-scalar"||t.type==="double-quoted-scalar"||t.type==="block-scalar");function dPe(t){switch(t){case rP:return"<BOM>";case nP:return"<DOC>";case iP:return"<FLOW_END>";case sP:return"<SCALAR>";default:return JSON.stringify(t)}}function fPe(t){switch(t){case rP:return"byte-order-mark";case nP:return"doc-mode";case iP:return"flow-error-end";case sP:return"scalar";case"---":return"doc-start";case"...":return"doc-end";case"":case`
`:case`\r
`:return"newline";case"-":return"seq-item-ind";case"?":return"explicit-key-ind";case":":return"map-value-ind";case"{":return"flow-map-start";case"}":return"flow-map-end";case"[":return"flow-seq-start";case"]":return"flow-seq-end";case",":return"comma"}switch(t[0]){case" ":case"	":return"space";case"#":return"comment";case"%":return"directive-line";case"*":return"alias";case"&":return"anchor";case"!":return"tag";case"'":return"single-quoted-scalar";case'"':return"double-quoted-scalar";case"|":case">":return"block-scalar-header"}return null}Pn.createScalarToken=tP.createScalarToken;Pn.resolveAsScalar=tP.resolveAsScalar;Pn.setScalarValue=tP.setScalarValue;Pn.stringify=APe.stringify;Pn.visit=cPe.visit;Pn.BOM=rP;Pn.DOCUMENT=nP;Pn.FLOW_END=iP;Pn.SCALAR=sP;Pn.isCollection=lPe;Pn.isScalar=uPe;Pn.prettyToken=dPe;Pn.tokenType=fPe});var AP=h(k8=>{"use strict";var Em=NQ();function rs(t){switch(t){case void 0:case" ":case`
`:case"\r":case"	":return!0;default:return!1}}var D8=new Set("0123456789ABCDEFabcdef"),hPe=new Set("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-#;/?:@&=+$_.!~*'()"),wQ=new Set(",[]{}"),gPe=new Set(` ,[]{}
\r	`),oP=t=>!t||gPe.has(t),aP=class{constructor(){this.atEnd=!1,this.blockScalarIndent=-1,this.blockScalarKeep=!1,this.buffer="",this.flowKey=!1,this.flowLevel=0,this.indentNext=0,this.indentValue=0,this.lineEndPos=null,this.next=null,this.pos=0}*lex(e,r=!1){if(e){if(typeof e!="string")throw TypeError("source is not a string");this.buffer=this.buffer?this.buffer+e:e,this.lineEndPos=null}this.atEnd=!r;let n=this.next??"stream";for(;n&&(r||this.hasChars(1));)n=yield*this.parseNext(n)}atLineEnd(){let e=this.pos,r=this.buffer[e];for(;r===" "||r==="	";)r=this.buffer[++e];return!r||r==="#"||r===`
`?!0:r==="\r"?this.buffer[e+1]===`
`:!1}charAt(e){return this.buffer[this.pos+e]}continueScalar(e){let r=this.buffer[e];if(this.indentNext>0){let n=0;for(;r===" ";)r=this.buffer[++n+e];if(r==="\r"){let i=this.buffer[n+e+1];if(i===`
`||!i&&!this.atEnd)return e+n+1}return r===`
`||n>=this.indentNext||!r&&!this.atEnd?e+n:-1}if(r==="-"||r==="."){let n=this.buffer.substr(e,3);if((n==="---"||n==="...")&&rs(this.buffer[e+3]))return-1}return e}getLine(){let e=this.lineEndPos;return(typeof e!="number"||e!==-1&&e<this.pos)&&(e=this.buffer.indexOf(`
`,this.pos),this.lineEndPos=e),e===-1?this.atEnd?this.buffer.substring(this.pos):null:(this.buffer[e-1]==="\r"&&(e-=1),this.buffer.substring(this.pos,e))}hasChars(e){return this.pos+e<=this.buffer.length}setNext(e){return this.buffer=this.buffer.substring(this.pos),this.pos=0,this.lineEndPos=null,this.next=e,null}peek(e){return this.buffer.substr(this.pos,e)}*parseNext(e){switch(e){case"stream":return yield*this.parseStream();case"line-start":return yield*this.parseLineStart();case"block-start":return yield*this.parseBlockStart();case"doc":return yield*this.parseDocument();case"flow":return yield*this.parseFlowCollection();case"quoted-scalar":return yield*this.parseQuotedScalar();case"block-scalar":return yield*this.parseBlockScalar();case"plain-scalar":return yield*this.parsePlainScalar()}}*parseStream(){let e=this.getLine();if(e===null)return this.setNext("stream");if(e[0]===Em.BOM&&(yield*this.pushCount(1),e=e.substring(1)),e[0]==="%"){let r=e.length,n=e.indexOf("#");for(;n!==-1;){let s=e[n-1];if(s===" "||s==="	"){r=n-1;break}else n=e.indexOf("#",n+1)}for(;;){let s=e[r-1];if(s===" "||s==="	")r-=1;else break}let i=(yield*this.pushCount(r))+(yield*this.pushSpaces(!0));return yield*this.pushCount(e.length-i),this.pushNewline(),"stream"}if(this.atLineEnd()){let r=yield*this.pushSpaces(!0);return yield*this.pushCount(e.length-r),yield*this.pushNewline(),"stream"}return yield Em.DOCUMENT,yield*this.parseLineStart()}*parseLineStart(){let e=this.charAt(0);if(!e&&!this.atEnd)return this.setNext("line-start");if(e==="-"||e==="."){if(!this.atEnd&&!this.hasChars(4))return this.setNext("line-start");let r=this.peek(3);if((r==="---"||r==="...")&&rs(this.charAt(3)))return yield*this.pushCount(3),this.indentValue=0,this.indentNext=0,r==="---"?"doc":"stream"}return this.indentValue=yield*this.pushSpaces(!1),this.indentNext>this.indentValue&&!rs(this.charAt(1))&&(this.indentNext=this.indentValue),yield*this.parseBlockStart()}*parseBlockStart(){let[e,r]=this.peek(2);if(!r&&!this.atEnd)return this.setNext("block-start");if((e==="-"||e==="?"||e===":")&&rs(r)){let n=(yield*this.pushCount(1))+(yield*this.pushSpaces(!0));return this.indentNext=this.indentValue+1,this.indentValue+=n,yield*this.parseBlockStart()}return"doc"}*parseDocument(){yield*this.pushSpaces(!0);let e=this.getLine();if(e===null)return this.setNext("doc");let r=yield*this.pushIndicators();switch(e[r]){case"#":yield*this.pushCount(e.length-r);case void 0:return yield*this.pushNewline(),yield*this.parseLineStart();case"{":case"[":return yield*this.pushCount(1),this.flowKey=!1,this.flowLevel=1,"flow";case"}":case"]":return yield*this.pushCount(1),"doc";case"*":return yield*this.pushUntil(oP),"doc";case'"':case"'":return yield*this.parseQuotedScalar();case"|":case">":return r+=yield*this.parseBlockScalarHeader(),r+=yield*this.pushSpaces(!0),yield*this.pushCount(e.length-r),yield*this.pushNewline(),yield*this.parseBlockScalar();default:return yield*this.parsePlainScalar()}}*parseFlowCollection(){let e,r,n=-1;do e=yield*this.pushNewline(),e>0?(r=yield*this.pushSpaces(!1),this.indentValue=n=r):r=0,r+=yield*this.pushSpaces(!0);while(e+r>0);let i=this.getLine();if(i===null)return this.setNext("flow");if((n!==-1&&n<this.indentNext&&i[0]!=="#"||n===0&&(i.startsWith("---")||i.startsWith("..."))&&rs(i[3]))&&!(n===this.indentNext-1&&this.flowLevel===1&&(i[0]==="]"||i[0]==="}")))return this.flowLevel=0,yield Em.FLOW_END,yield*this.parseLineStart();let s=0;for(;i[s]===",";)s+=yield*this.pushCount(1),s+=yield*this.pushSpaces(!0),this.flowKey=!1;switch(s+=yield*this.pushIndicators(),i[s]){case void 0:return"flow";case"#":return yield*this.pushCount(i.length-s),"flow";case"{":case"[":return yield*this.pushCount(1),this.flowKey=!1,this.flowLevel+=1,"flow";case"}":case"]":return yield*this.pushCount(1),this.flowKey=!0,this.flowLevel-=1,this.flowLevel?"flow":"doc";case"*":return yield*this.pushUntil(oP),"flow";case'"':case"'":return this.flowKey=!0,yield*this.parseQuotedScalar();case":":{let o=this.charAt(1);if(this.flowKey||rs(o)||o===",")return this.flowKey=!1,yield*this.pushCount(1),yield*th
`,this.pos);if(i!==-1){for(;i!==-1;){let s=this.continueScalar(i+1);if(s===-1)break;i=n.indexOf(`
`,s)}i!==-1&&(r=i-(n[i-1]==="\r"?2:1))}if(r===-1){if(!this.atEnd)return this.setNext("quoted-scalar");r=this.buffer.length}return yield*this.pushToIndex(r+1,!1),this.flowLevel?"flow":"doc"}*parseBlockScalarHeader(){this.blockScalarIndent=-1,this.blockScalarKeep=!1;let e=this.pos;for(;;){let r=this.buffer[++e];if(r==="+")this.blockScalarKeep=!0;else if(r>"0"&&r<="9")this.blockScalarIndent=Number(r)-1;else if(r!=="-")break}return yield*this.pushUntil(r=>rs(r)||r==="#")}*parseBlockScalar(){let e=this.pos-1,r=0,n;e:for(let s=this.pos;n=this.buffer[s];++s)switch(n){case" ":r+=1;break;case`
`:e=s,r=0;break;case"\r":{let o=this.buffer[s+1];if(!o&&!this.atEnd)return this.setNext("block-scalar");if(o===`
`)break}default:break e}if(!n&&!this.atEnd)return this.setNext("block-scalar");if(r>=this.indentNext){this.blockScalarIndent===-1?this.indentNext=r:this.indentNext=this.blockScalarIndent+(this.indentNext===0?1:this.indentNext);do{let s=this.continueScalar(e+1);if(s===-1)break;e=this.buffer.indexOf(`
`,s)}while(e!==-1);if(e===-1){if(!this.atEnd)return this.setNext("block-scalar");e=this.buffer.length}}let i=e+1;for(n=this.buffer[i];n===" ";)n=this.buffer[++i];if(n==="	"){for(;n==="	"||n===" "||n==="\r"||n===`
`;)n=this.buffer[++i];e=i-1}else if(!this.blockScalarKeep)do{let s=e-1,o=this.buffer[s];o==="\r"&&(o=this.buffer[--s]);let a=s;for(;o===" ";)o=this.buffer[--s];if(o===`
`&&s>=this.pos&&s+1+r>a)e=s;else break}while(!0);return yield Em.SCALAR,yield*this.pushToIndex(e+1,!0),yield*this.parseLineStart()}*parsePlainScalar(){let e=this.flowLevel>0,r=this.pos-1,n=this.pos-1,i;for(;i=this.buffer[++n];)if(i===":"){let s=this.buffer[n+1];if(rs(s)||e&&wQ.has(s))break;r=n}else if(rs(i)){let s=this.buffer[n+1];if(i==="\r"&&(s===`
`?(n+=1,i=`
`,s=this.buffer[n+1]):r=n),s==="#"||e&&wQ.has(s))break;if(i===`
`){let o=this.continueScalar(n+1);if(o===-1)break;n=Math.max(n,o-2)}}else{if(e&&wQ.has(i))break;r=n}return!i&&!this.atEnd?this.setNext("plain-scalar"):(yield Em.SCALAR,yield*this.pushToIndex(r+1,!0),e?"flow":"doc")}*pushCount(e){return e>0?(yield this.buffer.substr(this.pos,e),this.pos+=e,e):0}*pushToIndex(e,r){let n=this.buffer.slice(this.pos,e);return n?(yield n,this.pos+=n.length,n.length):(r&&(yield""),0)}*pushIndicators(){switch(this.charAt(0)){case"!":return(yield*this.pushTag())+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators());case"&":return(yield*this.pushUntil(oP))+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators());case"-":case"?":case":":{let e=this.flowLevel>0,r=this.charAt(1);if(rs(r)||e&&wQ.has(r))return e?this.flowKey&&(this.flowKey=!1):this.indentNext=this.indentValue+1,(yield*this.pushCount(1))+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators())}}return 0}*pushTag(){if(this.charAt(1)==="<"){let e=this.pos+2,r=this.buffer[e];for(;!rs(r)&&r!==">";)r=this.buffer[++e];return yield*this.pushToIndex(r===">"?e+1:e,!1)}else{let e=this.pos+1,r=this.buffer[e];for(;r;)if(hPe.has(r))r=this.buffer[++e];else if(r==="%"&&D8.has(this.buffer[e+1])&&D8.has(this.buffer[e+2]))r=this.buffer[e+=3];else break;return yield*this.pushToIndex(e,!1)}}*pushNewline(){let e=this.buffer[this.pos];return e===`
`?yield*this.pushCount(1):e==="\r"&&this.charAt(1)===`
`?yield*this.pushCount(2):0}*pushSpaces(e){let r=this.pos-1,n;do n=this.buffer[++r];while(n===" "||e&&n==="	");let i=r-this.pos;return i>0&&(yield this.buffer.substr(this.pos,i),this.pos=r),i}*pushUntil(e){let r=this.pos,n=this.buffer[r];for(;!e(n);)n=this.buffer[++r];return yield*this.pushToIndex(r,!1)}};k8.Lexer=aP});var lP=h(P8=>{"use strict";var cP=class{constructor(){this.lineStarts=[],this.addNewLine=e=>this.lineStarts.push(e),this.linePos=e=>{let r=0,n=this.lineStarts.length;for(;r<n;){let s=r+n>>1;this.lineStarts[s]<e?r=s+1:n=s}if(this.lineStarts[r]===e)return{line:r+1,col:1};if(r===0)return{line:0,col:e};let i=this.lineStarts[r-1];return{line:r,col:e-i+1}}}};P8.LineCounter=cP});var dP=h(F8=>{"use strict";var mPe=require("node:process"),T8=NQ(),pPe=AP();function $A(t,e){for(let r=0;r<t.length;++r)if(t[r].type===e)return!0;return!1}function O8(t){for(let e=0;e<t.length;++e)switch(t[e].type){case"space":case"comment":case"newline":break;default:return e}return-1}function M8(t){switch(t?.type){case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":case"flow-collection":return!0;default:return!1}}function SQ(t){switch(t.type){case"document":return t.start;case"block-map":{let e=t.items[t.items.length-1];return e.sep??e.start}case"block-seq":return t.items[t.items.length-1].start;default:return[]}}function Td(t){if(t.length===0)return[];let e=t.length;e:for(;--e>=0;)switch(t[e].type){case"doc-start":case"explicit-key-ind":case"map-value-ind":case"seq-item-ind":case"newline":break e}for(;t[++e]?.type==="space";);return t.splice(e,t.length)}function L8(t){if(t.start.type==="flow-seq-start")for(let e of t.items)e.sep&&!e.value&&!$A(e.start,"explicit-key-ind")&&!$A(e.sep,"map-value-ind")&&(e.key&&(e.value=e.key),delete e.key,M8(e.value)?e.value.end?Array.prototype.push.apply(e.value.end,e.sep):e.value.end=e.sep:Array.prototype.push.apply(e.start,e.sep),delete e.sep)}var uP=class{constructor(e){this.atNewLine=!0,this.atScalar=!1,this.indent=0,this.offset=0,this.onKeyLine=!1,this.stack=[],this.source="",this.type="",this.lexer=new pPe.Lexer,this.onNewLine=e}*parse(e,r=!1){this.onNewLine&&this.offset===0&&this.onNewLine(0);for(let n of this.lexer.lex(e,r))yield*this.next(n);r||(yield*this.end())}*next(e){if(this.source=e,mPe.env.LOG_TOKENS&&console.log("|",T8.prettyToken(e)),this.atScalar){this.atScalar=!1,yield*this.step(),this.offset+=e.length;return}let r=T8.tokenType(e);if(r)if(r==="scalar")this.atNewLine=!1,this.atScalar=!0,this.type="scalar";else{switch(this.type=r,yield*this.step(),r){case"newline":this.atNewLine=!0,this.indent=0,this.onNewLine&&this.onNewLine(this.offset+e.length);break;case"space":this.atNewLine&&e[0]===" "&&(this.indent+=e.length);break;case"explicit-key-ind":case"map-value-ind":case"seq-item-ind":this.atNewLine&&(this.indent+=e.length);break;case"doc-mode":case"flow-error-end":return;default:this.atNewLine=!1}this.offset+=e.length}else{let n=`Not a YAML token: ${e}`;yield*this.pop({type:"error",offset:this.offset,message:n,source:e}),this.offset+=e.length}}*end(){for(;this.stack.length>0;)yield*this.pop()}get sourceToken(){return{type:this.type,offset:this.offset,indent:this.indent,source:this.source}}*step(){let e=this.peek(1);if(this.type==="doc-end"&&(!e||e.type!=="doc-end")){for(;this.stack.length>0;)yield*this.pop();this.stack.push({type:"doc-end",offset:this.offset,source:this.source});return}if(!e)return yield*this.stream();switch(e.type){case"document":return yield*this.document(e);case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return yield*this.scalar(e);case"block-scalar":return yield*this.blockScalar(e);case"block-map":return yield*this.blockMap(e);case"block-seq":return yield*this.blockSequence(e);case"flow-collection":return yield*this.flowCollection(e);case"doc-end":return yield*this.documentEnd(e)}yield*this.pop()}peek(e){return this.stack[this.stack.length-e]}*pop(e){let r=e??this.stack.pop();if(!r)yield{type:"error",offset:this.offset,source:"",message:"Tried to pop an empty stack"};else if(this.stack.length===0)yield r;else
`)+1;for(;r!==0;)this.onNewLine(this.offset+r),r=this.source.indexOf(`
`,r)+1}yield*this.pop();break;default:yield*this.pop(),yield*this.step()}}*blockMap(e){let r=e.items[e.items.length-1];switch(this.type){case"newline":if(this.onKeyLine=!1,r.value){let n="end"in r.value?r.value.end:void 0;(Array.isArray(n)?n[n.length-1]:void 0)?.type==="comment"?n?.push(this.sourceToken):e.items.push({start:[this.sourceToken]})}else r.sep?r.sep.push(this.sourceToken):r.start.push(this.sourceToken);return;case"space":case"comment":if(r.value)e.items.push({start:[this.sourceToken]});else if(r.sep)r.sep.push(this.sourceToken);else{if(this.atIndentedComment(r.start,e.indent)){let i=e.items[e.items.length-2]?.value?.end;if(Array.isArray(i)){Array.prototype.push.apply(i,r.start),i.push(this.sourceToken),e.items.pop();return}}r.start.push(this.sourceToken)}return}if(this.indent>=e.indent){let n=!this.onKeyLine&&this.indent===e.indent,i=n&&(r.sep||r.explicitKey)&&this.type!=="seq-item-ind",s=[];if(i&&r.sep&&!r.value){let o=[];for(let a=0;a<r.sep.length;++a){let A=r.sep[a];switch(A.type){case"newline":o.push(a);break;case"space":break;case"comment":A.indent>e.indent&&(o.length=0);break;default:o.length=0}}o.length>=2&&(s=r.sep.splice(o[1]))}switch(this.type){case"anchor":case"tag":i||r.value?(s.push(this.sourceToken),e.items.push({start:s}),this.onKeyLine=!0):r.sep?r.sep.push(this.sourceToken):r.start.push(this.sourceToken);return;case"explicit-key-ind":!r.sep&&!r.explicitKey?(r.start.push(this.sourceToken),r.explicitKey=!0):i||r.value?(s.push(this.sourceToken),e.items.push({start:s,explicitKey:!0})):this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:[this.sourceToken],explicitKey:!0}]}),this.onKeyLine=!0;return;case"map-value-ind":if(r.explicitKey)if(r.sep)if(r.value)e.items.push({start:[],key:null,sep:[this.sourceToken]});else if($A(r.sep,"map-value-ind"))this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:s,key:null,sep:[this.sourceToken]}]});else if(M8(r.key)&&!$A(r.sep,"newline")){let o=Td(r.start),a=r.key,A=r.sep;A.push(this.sourceToken),delete r.key,delete r.sep,this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:o,key:a,sep:A}]})}else s.length>0?r.sep=r.sep.concat(s,this.sourceToken):r.sep.push(this.sourceToken);else if($A(r.start,"newline"))Object.assign(r,{key:null,sep:[this.sourceToken]});else{let o=Td(r.start);this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:o,key:null,sep:[this.sourceToken]}]})}else r.sep?r.value||i?e.items.push({start:s,key:null,sep:[this.sourceToken]}):$A(r.sep,"map-value-ind")?this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:[],key:null,sep:[this.sourceToken]}]}):r.sep.push(this.sourceToken):Object.assign(r,{key:null,sep:[this.sourceToken]});this.onKeyLine=!0;return;case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":{let o=this.flowScalar(this.type);i||r.value?(e.items.push({start:s,key:o,sep:[]}),this.onKeyLine=!0):r.sep?this.stack.push(o):(Object.assign(r,{key:o,sep:[]}),this.onKeyLine=!0);return}default:{let o=this.startBlockValue(e);if(o){n&&o.type!=="block-seq"&&e.items.push({start:s}),this.stack.push(o);return}}}}yield*this.pop(),yield*this.step()}*blockSequence(e){let r=e.items[e.items.length-1];switch(this.type){case"newline":if(r.value){let n="end"in r.value?r.value.end:void 0;(Array.isArray(n)?n[n.length-1]:void 0)?.type==="comment"?n?.push(this.sourceToken):e.items.push({start:[this.sourceToken]})}else r.start.push(this.sourceToken);return;case"space":case"comment":if(r.value)e.items.push({start:[this.sourceToken]});else{if(this.atIndentedComment(r.start,e.indent)){let i=e.items[e.items.length-2]?.value?.end;if(Array.isArray(i)){Array.prototype.push.apply(i,r.start),i.push(this.sourceToken),e.items.pop();return}}r.start.push(this.sourceToken)}return;case"anchor":case"tag":if(r.value||this.indent<=e.indent)break;r.start.push(this.sourceToken);return;case"seq-item-ind":if(this.indent!==e.indent)break;r.value||$A(r.start,"seq-item-ind")?e.items.push({start:[this.sourceTo
`)+1;for(;r!==0;)this.onNewLine(this.offset+r),r=this.source.indexOf(`
`,r)+1}return{type:e,offset:this.offset,indent:this.indent,source:this.source}}startBlockValue(e){switch(this.type){case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return this.flowScalar(this.type);case"block-scalar-header":return{type:"block-scalar",offset:this.offset,indent:this.indent,props:[this.sourceToken],source:""};case"flow-map-start":case"flow-seq-start":return{type:"flow-collection",offset:this.offset,indent:this.indent,start:this.sourceToken,items:[],end:[]};case"seq-item-ind":return{type:"block-seq",offset:this.offset,indent:this.indent,items:[{start:[this.sourceToken]}]};case"explicit-key-ind":{this.onKeyLine=!0;let r=SQ(e),n=Td(r);return n.push(this.sourceToken),{type:"block-map",offset:this.offset,indent:this.indent,items:[{start:n,explicitKey:!0}]}}case"map-value-ind":{this.onKeyLine=!0;let r=SQ(e),n=Td(r);return{type:"block-map",offset:this.offset,indent:this.indent,items:[{start:n,key:null,sep:[this.sourceToken]}]}}}return null}atIndentedComment(e,r){return this.type!=="comment"||this.indent<=r?!1:e.every(n=>n.type==="newline"||n.type==="space")}*documentEnd(e){this.type!=="doc-mode"&&(e.end?e.end.push(this.sourceToken):e.end=[this.sourceToken],this.type==="newline"&&(yield*this.pop()))}*lineEnd(e){switch(this.type){case"comma":case"doc-start":case"doc-end":case"flow-seq-end":case"flow-map-end":case"map-value-ind":yield*this.pop(),yield*this.step();break;case"newline":this.onKeyLine=!1;default:e.end?e.end.push(this.sourceToken):e.end=[this.sourceToken],this.type==="newline"&&(yield*this.pop())}}};F8.Parser=uP});var z8=h(Im=>{"use strict";var U8=Xk(),yPe=dm(),Cm=gm(),EPe=$D(),CPe=He(),IPe=lP(),q8=dP();function H8(t){let e=t.prettyErrors!==!1;return{lineCounter:t.lineCounter||e&&new IPe.LineCounter||null,prettyErrors:e}}function BPe(t,e={}){let{lineCounter:r,prettyErrors:n}=H8(e),i=new q8.Parser(r?.addNewLine),s=new U8.Composer(e),o=Array.from(s.compose(i.parse(t)));if(n&&r)for(let a of o)a.errors.forEach(Cm.prettifyError(t,r)),a.warnings.forEach(Cm.prettifyError(t,r));return o.length>0?o:Object.assign([],{empty:!0},s.streamInfo())}function j8(t,e={}){let{lineCounter:r,prettyErrors:n}=H8(e),i=new q8.Parser(r?.addNewLine),s=new U8.Composer(e),o=null;for(let a of s.compose(i.parse(t),!0,t.length))if(!o)o=a;else if(o.options.logLevel!=="silent"){o.errors.push(new Cm.YAMLParseError(a.range.slice(0,2),"MULTIPLE_DOCS","Source contains multiple documents; please use YAML.parseAllDocuments()"));break}return n&&r&&(o.errors.forEach(Cm.prettifyError(t,r)),o.warnings.forEach(Cm.prettifyError(t,r))),o}function QPe(t,e,r){let n;typeof e=="function"?n=e:r===void 0&&e&&typeof e=="object"&&(r=e);let i=j8(t,r);if(!i)return null;if(i.warnings.forEach(s=>EPe.warn(i.options.logLevel,s)),i.errors.length>0){if(i.options.logLevel!=="silent")throw i.errors[0];i.errors=[]}return i.toJS(Object.assign({reviver:n},r))}function bPe(t,e,r){let n=null;if(typeof e=="function"||Array.isArray(e)?n=e:r===void 0&&e&&(r=e),typeof r=="string"&&(r=r.length),typeof r=="number"){let i=Math.round(r);r=i<1?void 0:i>8?{indent:8}:{indent:i}}if(t===void 0){let{keepUndefined:i}=r??e??{};if(!i)return}return CPe.isDocument(t)&&!n?t.toString(r):new yPe.Document(t,n,r).toString(r)}Im.parse=QPe;Im.parseAllDocuments=BPe;Im.parseDocument=j8;Im.stringify=bPe});var hP=h(tt=>{"use strict";var NPe=Xk(),wPe=dm(),SPe=Dk(),fP=gm(),xPe=Wg(),La=He(),RPe=ka(),vPe=sr(),_Pe=Ta(),DPe=Oa(),kPe=NQ(),PPe=AP(),TPe=lP(),OPe=dP(),xQ=z8(),G8=Gg();tt.Composer=NPe.Composer;tt.Document=wPe.Document;tt.Schema=SPe.Schema;tt.YAMLError=fP.YAMLError;tt.YAMLParseError=fP.YAMLParseError;tt.YAMLWarning=fP.YAMLWarning;tt.Alias=xPe.Alias;tt.isAlias=La.isAlias;tt.isCollection=La.isCollection;tt.isDocument=La.isDocument;tt.isMap=La.isMap;tt.isNode=La.isNode;tt.isPair=La.isPair;tt.isScalar=La.isScalar;tt.isSeq=La.isSeq;tt.Pair=RPe.Pair;tt.Scalar=vPe.Scalar;tt.YAMLMap=_Pe.YAMLMap;tt.YAMLSeq=DPe.YAMLSeq;tt.CST=kPe;tt.Lexer=PPe.Lexer;tt.LineCounter=TPe.LineCounter;tt.Parser=OPe.Parser;tt.parse=xQ.parse;tt.parseAllDocuments=xQ.parseAllDocuments;tt.parseDocument=xQ.
exec ${t} "$@"
`}function cX(t){return`@ECHO off\r
${t} %*\r
`}function lX(t){return`#!/usr/bin/env pwsh
${t} @args
`}async function KTe(t,e){try{await(0,ss.unlink)(e)}catch{}await(0,ss.symlink)(t,e)}async function XTe(t,e,r){try{await(0,ss.unlink)(t)}catch{}await(0,ss.writeFile)(t,e,{mode:r})}function ZTe(t,e){let r=e?is.default.join("..","@pnpm","exe","pnpm"):is.default.join("..","pnpm","bin","pnpm.cjs");if((0,QP.existsSync)(is.default.resolve(t,r)))return r;if((0,QP.existsSync)(is.default.join(t,"pnpm")))return"pnpm"}async function bP(t,e,r=process.platform){let n=r==="win32",i=ZTe(t,e);if(i)if(n){await(0,ss.writeFile)(is.default.join(t,"pn.cmd"),cX(`"%~dp0\\${i}"`)),await(0,ss.writeFile)(is.default.join(t,"pn.ps1"),lX(`& "$PSScriptRoot\\${i}"`));for(let s of["pnpx","pnx"])await(0,ss.writeFile)(is.default.join(t,`${s}.cmd`),cX(`"%~dp0\\${i}" dlx`)),await(0,ss.writeFile)(is.default.join(t,`${s}.ps1`),lX(`& "$PSScriptRoot\\${i}" dlx`))}else{await KTe(i,is.default.join(t,"pn"));for(let s of["pnpx","pnx"]){let o=`"$(dirname "$0")/${i}"`;await XTe(is.default.join(t,s),$Te(`${o} dlx`),493)}}}var eOe=JSON.stringify({private:!0,dependencies:{pnpm:IP.packages["node_modules/pnpm"].version}}),tOe=JSON.stringify({private:!0,dependencies:{"@pnpm/exe":BP.packages["node_modules/@pnpm/exe"].version}});async function rOe(t){let{version:e,dest:r,packageJsonFile:n,standalone:i}=t;await(0,qs.rm)(r,{recursive:!0,force:!0}),await(0,qs.mkdir)(r,{recursive:!0});let s=i?BP:IP,o=i?tOe:eOe;await(0,qs.writeFile)(Oi.default.join(r,"package.json"),o),await(0,qs.writeFile)(Oi.default.join(r,"package-lock.json"),JSON.stringify(s));let a=await uX("npm",["ci"],{cwd:r});if(a!==0)return a;let A=Oi.default.join(r,"node_modules",".bin");(0,Sm.addPath)(A),(0,Sm.addPath)(Oi.default.join(A,"bin")),(0,Sm.exportVariable)("PNPM_HOME",A);let c=Oi.default.join(A,"pnpm");if(!(0,xm.existsSync)(c)){await(0,qs.mkdir)(A,{recursive:!0});let f=i?Oi.default.join("..","@pnpm","exe","pnpm"):Oi.default.join("..","pnpm","bin","pnpm.cjs");await(0,qs.symlink)(f,c)}let l=i?Oi.default.join(r,"node_modules","@pnpm","exe","pnpm"):Oi.default.join(r,"node_modules","pnpm","bin","pnpm.cjs"),u=nOe({version:e,packageJsonFile:n});if(u){let f=i?l:process.execPath,m=await uX(f,i?["self-update",u]:[l,"self-update",u],{cwd:r});if(m!==0)return m}await bP(A,i);let d=Oi.default.join(A,"bin");return(0,xm.existsSync)(d)&&await bP(d,i),0}function nOe(t){let{version:e,packageJsonFile:r}=t,{GITHUB_WORKSPACE:n}=process.env,i;if(n)try{let s=(0,xm.readFileSync)(Oi.default.join(n,r),"utf8");({packageManager:i}=r.endsWith(".yaml")?(0,hX.parse)(s,{merge:!0}):JSON.parse(s))}catch(s){if(!fX.default.types.isNativeError(s)||!("code"in s)||s.code!=="ENOENT")throw s}if(e){if(typeof i=="string"&&i.startsWith("pnpm@")&&i.replace("pnpm@","")!==e)throw new Error(`Multiple versions of pnpm specified:
  - version ${e} in the GitHub Action config with the key "version"
  - version ${i} in the package.json with the key "packageManager"
Remove one of these versions to avoid version mismatch errors like ERR_PNPM_BAD_PM_VERSION`);return e}if(typeof i=="string"&&i.startsWith("pnpm@"))return i.replace("pnpm@","").replace(/\+.*$/,"");throw n?new Error(`No pnpm version is specified.
Please specify it by one of the following ways:
  - in the GitHub Action config with the key "version"
  - in the package.json with the key "packageManager"`):new Error(`No workspace is found.
If you've intended to let pnpm/action-setup read preferred pnpm version from the "packageManager" field in the package.json file,
please run the actions/checkout before pnpm/action-setup.
Otherwise, please specify the pnpm version in the action configuration.`)}function uX(t,e,r){return new Promise((n,i)=>{let s=(0,dX.spawn)(t,e,{cwd:r.cwd,stdio:["pipe","inherit","inherit"],shell:process.platform==="win32"});s.on("error",i),s.on("close",n)})}var gX=rOe;async function iOe(t){(0,Yd.startGroup)("Running self-installer...");let e=await gX(t);if((0,Yd.endGroup)(),e)return(0,Yd.setFailed)(`Something went wrong, self-installer exits with code ${e}`)}var mX=iOe;var vm=gt(at());var Rm=gt(require("path")),NP=gt(require("process")),TQ=t=>Rm.default.join(t.dest,"node_modules",".bin"),OQ=t=>({...NP.default.env,PATH:Rm.default.join(TQ(t),"bin")+Rm.default.delimiter+TQ(t)+Rm.default.delimiter+NP.default.env.PATH});function sOe(t){let e=TQ(t);(0,vm.addPath)(e),(0,vm.setOutput)("dest",t.dest),(0,vm.setOutput)("bin_dest",e)}var pX=sOe;var fc=gt(at()),yX=require("child_process");function oOe(t){let e=OQ(t);for(let r of t.runInstall){let n=["install"];r.recursive&&n.unshift("recursive"),r.args&&n.push(...r.args);let i=["pnpm",...n].join(" ");(0,fc.startGroup)(`Running ${i}...`);let{error:s,status:o}=(0,yX.spawnSync)("pnpm",n,{stdio:"inherit",cwd:r.cwd,shell:!0,env:e});if((0,fc.endGroup)(),s){(0,fc.setFailed)(s);continue}if(o){(0,fc.setFailed)(`Command ${i} (cwd: ${r.cwd}) exits with status ${o}`);continue}}}var EX=oOe;var hc=gt(at()),CX=require("child_process");function aOe(t){if(t.runInstall.length===0){console.log("Pruning is unnecessary.");return}(0,hc.startGroup)("Running pnpm store prune...");let{error:e,status:r}=(0,CX.spawnSync)("pnpm",["store","prune"],{stdio:"inherit",shell:!0,env:OQ(t)});if((0,hc.endGroup)(),e){(0,hc.warning)(e);return}if(r){(0,hc.warning)(`command pnpm store prune exits with code ${r}`);return}}var IX=aOe;async function AOe(){let t=AX();(0,Jd.getState)("is_post")==="true"?await lOe(t):await cOe(t)}async function cOe(t){(0,Jd.saveState)("is_post","true"),await mX(t),console.log("Installation Completed!"),pX(t),await z$(t),EX(t)}async function lOe(t){IX(t),await V$(t)}AOe().catch(t=>{console.error(t),(0,Jd.setFailed)(t)});
/*! Bundled license information:

undici/lib/fetch/body.js:
  (*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> *)

undici/lib/websocket/frame.js:
  (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)

expand-tilde/index.js:
  (*!
   * expand-tilde <https://github.com/jonschlinkert/expand-tilde>
   *
   * Copyright (c) 2015 Jon Schlinkert.
   * Licensed under the MIT license.
   *)
*/
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								"use strict";var qX=Object.create;var _m=Object.defineProperty;var HX=Object.getOwnPropertyDescriptor;var jX=Object.getOwnPropertyNames;var zX=Object.getPrototypeOf,GX=Object.prototype.hasOwnProperty;var YX=(t,e)=>()=>(t&&(e=t(t=0)),e);var h=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports),JX=(t,e)=>{for(var r in e)_m(t,r,{get:e[r],enumerable:!0})},_P=(t,e,r,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of jX(e))!GX.call(t,i)&&i!==r&&_m(t,i,{get:()=>e[i],enumerable:!(n=HX(e,i))||n.enumerable});return t};var gt=(t,e,r)=>(r=t!=null?qX(zX(t)):{},_P(e||!t||!t.__esModule?_m(r,"default",{value:t,enumerable:!0}):r,t)),Ui=t=>_P(_m({},"__esModule",{value:!0}),t);var Dm=h(gc=>{"use strict";Object.defineProperty(gc,"__esModule",{value:!0});gc.toCommandProperties=gc.toCommandValue=void 0;function VX(t){return t==null?"":typeof t=="string"||t instanceof String?t:JSON.stringify(t)}gc.toCommandValue=VX;function WX(t){return Object.keys(t).length?{title:t.title,file:t.file,line:t.startLine,endLine:t.endLine,col:t.startColumn,endColumn:t.endColumn}:{}}gc.toCommandProperties=WX});var TP=h(ti=>{"use strict";var $X=ti&&ti.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),KX=ti&&ti.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),XX=ti&&ti.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&$X(e,t,r);return KX(e,t),e};Object.defineProperty(ti,"__esModule",{value:!0});ti.issue=ti.issueCommand=void 0;var ZX=XX(require("os")),kP=Dm();function PP(t,e,r){let n=new UQ(t,e,r);process.stdout.write(n.toString()+ZX.EOL)}ti.issueCommand=PP;function e5(t,e=""){PP(t,{},e)}ti.issue=e5;var DP="::",UQ=class{constructor(e,r,n){e||(e="missing.command"),this.command=e,this.properties=r,this.message=n}toString(){let e=DP+this.command;if(this.properties&&Object.keys(this.properties).length>0){e+=" ";let r=!0;for(let n in this.properties)if(this.properties.hasOwnProperty(n)){let i=this.properties[n];i&&(r?r=!1:e+=",",e+=`${n}=${r5(i)}`)}}return e+=`${DP}${t5(this.message)}`,e}};function t5(t){return(0,kP.toCommandValue)(t).replace(/%/g,"%25").replace(/\r/g,"%0D").replace(/\n/g,"%0A")}function r5(t){return(0,kP.toCommandValue)(t).replace(/%/g,"%25").replace(/\r/g,"%0D").replace(/\n/g,"%0A").replace(/:/g,"%3A").replace(/,/g,"%2C")}});var MP=h(ri=>{"use strict";var n5=ri&&ri.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),i5=ri&&ri.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),HQ=ri&&ri.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&n5(e,t,r);return i5(e,t),e};Object.defineProperty(ri,"__esModule",{value:!0});ri.prepareKeyValueMessage=ri.issueFileCommand=void 0;var s5=HQ(require("crypto")),OP=HQ(require("fs")),qQ=HQ(require("os")),LP=Dm();function o5(t,e){let r=process.env[`GITHUB_${t}`];if(!r)throw new Error(`Unable to find environment variable for file command ${t}`);if(!OP.existsSync(r))throw new Error(`Missing file at path: ${r}`);OP.appendFileSync(r,`${(0,LP.toCommandValue)(e)}${qQ.EOL}`,{encoding:"utf8"})}ri.issueFileCommand=o5;function a5(t,e){let r=`ghadelimiter_${s5.randomUUID()}`,n=(0,LP.toCommandValue)(e);if(t.includes(r))throw new Error(`Unexpected input: name should not contain the delimiter "${r}"`);if(n.includes(r))throw new Error(`Unexpected input: value should
 								`,u.message,u.stack);var d=new Error("tunneling socket could not be established, cause="+u.message);d.code="ECONNRESET",e.request.emit("error",d),n.removeSocket(i)}};js.prototype.removeSocket=function(e){var r=this.sockets.indexOf(e);if(r!==-1){this.sockets.splice(r,1);var n=this.requests.shift();n&&this.createSocket(n,function(i){n.request.onSocket(i)})}};function HP(t,e){var r=this;js.prototype.createSocket.call(r,t,function(n){var i=t.request.getHeader("host"),s=zQ({},r.options,{socket:n,servername:i?i.replace(/:.*$/,""):t.host}),o=l5.connect(0,s);r.sockets[r.sockets.indexOf(n)]=o,e(o)})}function jP(t,e,r){return typeof t=="string"?{host:t,port:e,localAddress:r}:t}function zQ(t){for(var e=1,r=arguments.length;e<r;++e){var n=arguments[e];if(typeof n=="object")for(var i=Object.keys(n),s=0,o=i.length;s<o;++s){var a=i[s];n[a]!==void 0&&(t[a]=n[a])}}return t}var Po;process.env.NODE_DEBUG&&/\btunnel\b/.test(process.env.NODE_DEBUG)?Po=function(){var t=Array.prototype.slice.call(arguments);typeof t[0]=="string"?t[0]="TUNNEL: "+t[0]:t.unshift("TUNNEL:"),console.error.apply(console,t)}:Po=function(){};pc.debug=Po});var YP=h((EOe,GP)=>{GP.exports=zP()});var It=h((COe,JP)=>{JP.exports={kClose:Symbol("close"),kDestroy:Symbol("destroy"),kDispatch:Symbol("dispatch"),kUrl:Symbol("url"),kWriting:Symbol("writing"),kResuming:Symbol("resuming"),kQueue:Symbol("queue"),kConnect:Symbol("connect"),kConnecting:Symbol("connecting"),kHeadersList:Symbol("headers list"),kKeepAliveDefaultTimeout:Symbol("default keep alive timeout"),kKeepAliveMaxTimeout:Symbol("max keep alive timeout"),kKeepAliveTimeoutThreshold:Symbol("keep alive timeout threshold"),kKeepAliveTimeoutValue:Symbol("keep alive timeout"),kKeepAlive:Symbol("keep alive"),kHeadersTimeout:Symbol("headers timeout"),kBodyTimeout:Symbol("body timeout"),kServerName:Symbol("server name"),kLocalAddress:Symbol("local address"),kHost:Symbol("host"),kNoRef:Symbol("no ref"),kBodyUsed:Symbol("used"),kRunning:Symbol("running"),kBlocking:Symbol("blocking"),kPending:Symbol("pending"),kSize:Symbol("size"),kBusy:Symbol("busy"),kQueued:Symbol("queued"),kFree:Symbol("free"),kConnected:Symbol("connected"),kClosed:Symbol("closed"),kNeedDrain:Symbol("need drain"),kReset:Symbol("reset"),kDestroyed:Symbol.for("nodejs.stream.destroyed"),kMaxHeadersSize:Symbol("max headers size"),kRunningIdx:Symbol("running index"),kPendingIdx:Symbol("pending index"),kError:Symbol("error"),kClients:Symbol("clients"),kClient:Symbol("client"),kParser:Symbol("parser"),kOnDestroyed:Symbol("destroy callbacks"),kPipelining:Symbol("pipelining"),kSocket:Symbol("socket"),kHostHeader:Symbol("host header"),kConnector:Symbol("connector"),kStrictContentLength:Symbol("strict content length"),kMaxRedirections:Symbol("maxRedirections"),kMaxRequests:Symbol("maxRequestsPerClient"),kProxy:Symbol("proxy agent options"),kCounter:Symbol("socket request counter"),kInterceptors:Symbol("dispatch interceptors"),kMaxResponseSize:Symbol("max response size"),kHTTP2Session:Symbol("http2Session"),kHTTP2SessionState:Symbol("http2Session state"),kHTTP2BuildRequest:Symbol("http2 build request"),kHTTP1BuildRequest:Symbol("http1 build request"),kHTTP2CopyHeaders:Symbol("http2 copy headers"),kHTTPConnVersion:Symbol("http connection version"),kRetryHandlerDefaultRetry:Symbol("retry agent default retry"),kConstruct:Symbol("constructable")}});var At=h((IOe,VP)=>{"use strict";var Vt=class extends Error{constructor(e){super(e),this.name="UndiciError",this.code="UND_ERR"}},GQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="ConnectTimeoutError",this.message=e||"Connect Timeout Error",this.code="UND_ERR_CONNECT_TIMEOUT"}},YQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="HeadersTimeoutError",this.message=e||"Headers Timeout Error",this.code="UND_ERR_HEADERS_TIMEOUT"}},JQ=class t extends Vt{constructor(e){super(e),Error.captureStackTrace(this,t),this.name="HeadersOverflowError",this.message=e||"Headers Overflow Error",this.code="UND_ERR_HEADERS_OVERFLOW"}},VQ=class t extends Vt{constructor(e){super
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`),r6=/\r\n/g,n6=/^([^:]+):[ \t]?([\x00-\xFF]+)?$/;function Ec(t){pT.call(this),t=t||{};let e=this;this.nread=0,this.maxed=!1,this.npairs=0,this.maxHeaderPairs=mT(t,"maxHeaderPairs",2e3),this.maxHeaderSize=mT(t,"maxHeaderSize",80*1024),this.buffer="",this.header={},this.finished=!1,this.ss=new e6(t6),this.ss.on("info",function(r,n,i,s){n&&!e.maxed&&(e.nread+s-i>=e.maxHeaderSize?(s=e.maxHeaderSize-e.nread+i,e.nread=e.maxHeaderSize,e.maxed=!0):e.nread+=s-i,e.buffer+=n.toString("binary",i,s)),r&&e._finish()})}Z5(Ec,pT);Ec.prototype.push=function(t){let e=this.ss.push(t);if(this.finished)return e};Ec.prototype.reset=function(){this.finished=!1,this.buffer="",this.header={},this.ss.reset()};Ec.prototype._finish=function(){this.buffer&&this._parseHeader(),this.ss.matches=this.ss.maxMatches;let t=this.header;this.header={},this.buffer="",this.finished=!0,this.nread=this.npairs=0,this.maxed=!1,this.emit("header",t)};Ec.prototype._parseHeader=function(){if(this.npairs===this.maxHeaderPairs)return;let t=this.buffer.split(r6),e=t.length,r,n;for(var i=0;i<e;++i){if(t[i].length===0)continue;if((t[i][0]==="	"||t[i][0]===" ")&&n){this.header[n][this.header[n].length-1]+=t[i];continue}let s=t[i].indexOf(":");if(s===-1||s===0)return;if(r=n6.exec(t[i]),n=r[1].toLowerCase(),this.header[n]=this.header[n]||[],this.header[n].push(r[2]||""),++this.npairs===this.maxHeaderPairs)break}};yT.exports=Ec});var pb=h((ROe,IT)=>{"use strict";var mb=require("node:stream").Writable,i6=require("node:util").inherits,s6=hb(),CT=hT(),o6=ET(),a6=45,A6=Buffer.from("-"),c6=Buffer.from(`\r
 								`),l6=function(){};function qi(t){if(!(this instanceof qi))return new qi(t);if(mb.call(this,t),!t||!t.headerFirst&&typeof t.boundary!="string")throw new TypeError("Boundary required");typeof t.boundary=="string"?this.setBoundary(t.boundary):this._bparser=void 0,this._headerFirst=t.headerFirst,this._dashes=0,this._parts=0,this._finished=!1,this._realFinish=!1,this._isPreamble=!0,this._justMatched=!1,this._firstWrite=!0,this._inHeader=!0,this._part=void 0,this._cb=void 0,this._ignoreData=!1,this._partOpts={highWaterMark:t.partHwm},this._pause=!1;let e=this;this._hparser=new o6(t),this._hparser.on("header",function(r){e._inHeader=!1,e._part.emit("header",r)})}i6(qi,mb);qi.prototype.emit=function(t){if(t==="finish"&&!this._realFinish){if(!this._finished){let e=this;process.nextTick(function(){if(e.emit("error",new Error("Unexpected end of multipart data")),e._part&&!e._ignoreData){let r=e._isPreamble?"Preamble":"Part";e._part.emit("error",new Error(r+" terminated early due to unexpected end of multipart data")),e._part.push(null),process.nextTick(function(){e._realFinish=!0,e.emit("finish"),e._realFinish=!1});return}e._realFinish=!0,e.emit("finish"),e._realFinish=!1})}}else mb.prototype.emit.apply(this,arguments)};qi.prototype._write=function(t,e,r){if(!this._hparser&&!this._bparser)return r();if(this._headerFirst&&this._isPreamble){this._part||(this._part=new CT(this._partOpts),this.listenerCount("preamble")!==0?this.emit("preamble",this._part):this._ignore());let n=this._hparser.push(t);if(!this._inHeader&&n!==void 0&&n<t.length)t=t.slice(n);else return r()}this._firstWrite&&(this._bparser.push(c6),this._firstWrite=!1),this._bparser.push(t),this._pause?this._cb=r:r()};qi.prototype.reset=function(){this._part=void 0,this._bparser=void 0,this._hparser=void 0};qi.prototype.setBoundary=function(t){let e=this;this._bparser=new s6(`\r
 								--`+t),this._bparser.on("info",function(r,n,i,s){e._oninfo(r,n,i,s)})};qi.prototype._ignore=function(){this._part&&!this._ignoreData&&(this._ignoreData=!0,this._part.on("error",l6),this._part.resume())};qi.prototype._oninfo=function(t,e,r,n){let i,s=this,o=0,a,A=!0;if(!this._part&&this._justMatched&&e){for(;this._dashes<2&&r+o<n;)if(e[r+o]===a6)++o,++this._dashes;else{this._dashes&&(i=A6),this._dashes=0;break}if(this._dashes===2&&(r+o<n&&this.listenerCount("trailer")!==0&&this.emit("trailer",e.slice(r+o,n)),this.reset(),this._finished=!0,s._parts===0&&(s._realFinish=!0,s.emit("finish"),s._realFinish=!1)),this._dashes)return}this._justMatched&&(this._justMatched=!1),this._part||(this._part=new CT(this._partOpts),this._part._read=function(c){s._unpause()},this._isPreamble&&this.listenerCount("preamble")!==0?this.emit("preamble",this._part):this._isPreamble!==!0&&this.listenerCount("part")!==0?this.emit("part",this._part):this._ignore(),this._isPreamble||(this._inHeader=!0)),e&&r<n&&!this._ignoreData&&(this._isPreamble||!this._inHeader?(i&&(A=this._part.push(i)),A=this._part.push(e.slice(r,n)),A||(this._pause=!0)):!this._isPreamble&&this._inHeader&&(i&&this._hparser.push(i),a=this._hparser.push(e.slice(r,n)),!this._inHeader&&a!==void 0&&a<n&&this._oninfo(!1,e,r+a,n))),t&&(this._hparser.reset(),this._isPreamble?this._isPreamble=!1:r!==n&&(++this._parts,this._part.on("end",function(){--s._parts===0&&(s._finished?(s._realFinish=!0,s.emit("finish"),s._realFinish=!1):s._unpause())})),this._part.push(null),this._part=void 0,this._ignoreData=!1,this._justMatched=!0,this._dashes=0)};qi.prototype._unpause=function(){if(this._pause&&(this._pause=!1,this._cb)){let t=this._cb;this._cb=void 0,t()}};IT.exports=qi});var Fm=h((yb,bT)=>{"use strict";var BT=new TextDecoder("utf-8"),QT=new Map([["utf-8",BT],["utf8",BT]]);function u6(t){let e;for(;;)switch(t){case"utf-8":case"utf8":return Wd.utf8;case"latin1":case"ascii":case"us-ascii":case"iso-8859-1":case"iso8859-1":case"iso88591":case"iso_8859-1":case"windows-1252":case"iso_8859-1:1987":case"cp1252":case"x-cp1252":return Wd.latin1;case"utf16le":case"utf-16le":case"ucs2":case"ucs-2":return Wd.utf16le;case"base64":return Wd.base64;default:if(e===void 0){e=!0,t=t.toLowerCase();continue}return Wd.other.bind(t)}}var Wd={utf8:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.utf8Slice(0,t.length)),latin1:(t,e)=>t.length===0?"":typeof t=="string"?t:t.latin1Slice(0,t.length),utf16le:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.ucs2Slice(0,t.length)),base64:(t,e)=>t.length===0?"":(typeof t=="string"&&(t=Buffer.from(t,e)),t.base64Slice(0,t.length)),other:(t,e)=>{if(t.length===0)return"";if(typeof t=="string"&&(t=Buffer.from(t,e)),QT.has(yb.toString()))try{return QT.get(yb).decode(t)}catch{}return typeof t=="string"?t:t.toString()}};function d6(t,e,r){return t&&u6(r)(t,e)}bT.exports=d6});var Cb=h((vOe,RT)=>{"use strict";var Um=Fm(),NT=/%[a-fA-F0-9][a-fA-F0-9]/g,f6={"%00":"\0","%01":"","%02":"","%03":"","%04":"","%05":"","%06":"","%07":"\x07","%08":"\b","%09":"	","%0a":`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`,"%0A":`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`,"%0b":"\v","%0B":"\v","%0c":"\f","%0C":"\f","%0d":"\r","%0D":"\r","%0e":"","%0E":"","%0f":"","%0F":"","%10":"","%11":"","%12":"","%13":"","%14":"","%15":"","%16":"","%17":"","%18":"","%19":"","%1a":"","%1A":"","%1b":"\x1B","%1B":"\x1B","%1c":"","%1C":"","%1d":"","%1D":"","%1e":"","%1E":"","%1f":"","%1F":"","%20":" ","%21":"!","%22":'"',"%23":"#","%24":"$","%25":"%","%26":"&","%27":"'","%28":"(","%29":")","%2a":"*","%2A":"*","%2b":"+","%2B":"+","%2c":",","%2C":",","%2d":"-","%2D":"-","%2e":".","%2E":".","%2f":"/","%2F":"/","%30":"0","%31":"1","%32":"2","%33":"3","%34":"4","%35":"5","%36":"6","%37":"7","%38":"8","%39":"9","%3a":":","%3A":":","%3b":";","%3B":";","%3c":"<","%3C":"<","%3d":"=","%3D":"=","%3e":">","%3E":">","%3f":"?","%3F":"?","%40":"@","%41":"A","%42":"B","%43":"C","%44":"D","%45":"E","%46":"F","%47":"G","%48":"H","%49":"I","%4a":"J","%4A":"J","%4b":"K","%4B":"K","%4c":"L","%4C":"L","%4d":"M","%4D":"M","%4e":"N","%4E":"N","%4f":"O","%4F":"O","%50":"P","%51":"Q","%52":"R","%53":"S","%54":"T","%55":"U","%56":"V","%57":"W","%58":"X","%59":"Y","%5a":"Z","%5A":"Z","%5b":"[","%5B":"[","%5c":"\\","%5C":"\\","%5d":"]","%5D":"]","%5e":"^","%5E":"^","%5f":"_","%5F":"_","%60":"`","%61":"a","%62":"b","%63":"c","%64":"d","%65":"e","%66":"f","%67":"g","%68":"h","%69":"i","%6a":"j","%6A":"j","%6b":"k","%6B":"k","%6c":"l","%6C":"l","%6d":"m","%6D":"m","%6e":"n","%6E":"n","%6f":"o","%6F":"o","%70":"p","%71":"q","%72":"r","%73":"s","%74":"t","%75":"u","%76":"v","%77":"w","%78":"x","%79":"y","%7a":"z","%7A":"z","%7b":"{","%7B":"{","%7c":"|","%7C":"|","%7d":"}","%7D":"}","%7e":"~","%7E":"~","%7f":"\x7F","%7F":"\x7F","%80":"\x80","%81":"\x81","%82":"\x82","%83":"\x83","%84":"\x84","%85":"\x85","%86":"\x86","%87":"\x87","%88":"\x88","%89":"\x89","%8a":"\x8A","%8A":"\x8A","%8b":"\x8B","%8B":"\x8B","%8c":"\x8C","%8C":"\x8C","%8d":"\x8D","%8D":"\x8D","%8e":"\x8E","%8E":"\x8E","%8f":"\x8F","%8F":"\x8F","%90":"\x90","%91":"\x91","%92":"\x92","%93":"\x93","%94":"\x94","%95":"\x95","%96":"\x96","%97":"\x97","%98":"\x98","%99":"\x99","%9a":"\x9A","%9A":"\x9A","%9b":"\x9B","%9B":"\x9B","%9c":"\x9C","%9C":"\x9C","%9d":"\x9D","%9D":"\x9D","%9e":"\x9E","%9E":"\x9E","%9f":"\x9F","%9F":"\x9F","%a0":"\xA0","%A0":"\xA0","%a1":"\xA1","%A1":"\xA1","%a2":"\xA2","%A2":"\xA2","%a3":"\xA3","%A3":"\xA3","%a4":"\xA4","%A4":"\xA4","%a5":"\xA5","%A5":"\xA5","%a6":"\xA6","%A6":"\xA6","%a7":"\xA7","%A7":"\xA7","%a8":"\xA8","%A8":"\xA8","%a9":"\xA9","%A9":"\xA9","%aa":"\xAA","%Aa":"\xAA","%aA":"\xAA","%AA":"\xAA","%ab":"\xAB","%Ab":"\xAB","%aB":"\xAB","%AB":"\xAB","%ac":"\xAC","%Ac":"\xAC","%aC":"\xAC","%AC":"\xAC","%ad":"\xAD","%Ad":"\xAD","%aD":"\xAD","%AD":"\xAD","%ae":"\xAE","%Ae":"\xAE","%aE":"\xAE","%AE":"\xAE","%af":"\xAF","%Af":"\xAF","%aF":"\xAF","%AF":"\xAF","%b0":"\xB0","%B0":"\xB0","%b1":"\xB1","%B1":"\xB1","%b2":"\xB2","%B2":"\xB2","%b3":"\xB3","%B3":"\xB3","%b4":"\xB4","%B4":"\xB4","%b5":"\xB5","%B5":"\xB5","%b6":"\xB6","%B6":"\xB6","%b7":"\xB7","%B7":"\xB7","%b8":"\xB8","%B8":"\xB8","%b9":"\xB9","%B9":"\xB9","%ba":"\xBA","%Ba":"\xBA","%bA":"\xBA","%BA":"\xBA","%bb":"\xBB","%Bb":"\xBB","%bB":"\xBB","%BB":"\xBB","%bc":"\xBC","%Bc":"\xBC","%bC":"\xBC","%BC":"\xBC","%bd":"\xBD","%Bd":"\xBD","%bD":"\xBD","%BD":"\xBD","%be":"\xBE","%Be":"\xBE","%bE":"\xBE","%BE":"\xBE","%bf":"\xBF","%Bf":"\xBF","%bF":"\xBF","%BF":"\xBF","%c0":"\xC0","%C0":"\xC0","%c1":"\xC1","%C1":"\xC1","%c2":"\xC2","%C2":"\xC2","%c3":"\xC3","%C3":"\xC3","%c4":"\xC4","%C4":"\xC4","%c5":"\xC5","%C5":"\xC5","%c6":"\xC6","%C6":"\xC6","%c7":"\xC7","%C7":"\xC7","%c8":"\xC8","%C8":"\xC8","%c9":"\xC9","%C9":"\xC9","%ca":"\xCA","%Ca":"\xCA","%cA":"\xCA","%CA":"\xCA","%cb":"\xCB","%Cb":"\xCB","%cB":"\xCB","%CB":"\xCB","%cc":"\xCC","%Cc":"\xCC","%cC":"\xCC","%CC":"\xCC","%cd":"\xCD","%Cd":"\xCD","%cD":"\xCD","%CD":"\xCD","%ce":"\xCE","%Ce":"\xCE","%cE":"\xCE","%CE":"\xCE","%cf":"\xCF","%Cf":"\xCF","%cF":"\xCF","%CF":"\xCF","%d0":"\xD0","%D0":"\xD0","%d1":"\xD1","%D1":"\xD1","%d2":"\xD2","%D2":"\xD2","%d3":"\xD3","%D3":"\xD3","%d4":"\xD4","%D4":"\xD4","%d5":"\xD5","%
 								`))}function dZ(t,e){let{headersList:r}=e,n=(r.get("referrer-policy")??"").split(","),i="";if(n.length>0)for(let s=n.length;s!==0;s--){let o=n[s-1].trim();if(X6.has(o)){i=o;break}}i!==""&&(t.referrerPolicy=i)}function fZ(){return"allowed"}function hZ(){return"success"}function gZ(){return"success"}function mZ(t){let e=null;e=t.mode,t.headersList.set("sec-fetch-mode",e)}function pZ(t){let e=t.origin;if(t.responseTainting==="cors"||t.mode==="websocket")e&&t.headersList.append("origin",e);else if(t.method!=="GET"&&t.method!=="HEAD"){switch(t.referrerPolicy){case"no-referrer":e=null;break;case"no-referrer-when-downgrade":case"strict-origin":case"strict-origin-when-cross-origin":t.origin&&xb(t.origin)&&!xb(Xd(t))&&(e=null);break;case"same-origin":Gm(t,Xd(t))||(e=null);break;default:}e&&t.headersList.append("origin",e)}}function yZ(t){return tZ.now()}function EZ(t){return{startTime:t.startTime??0,redirectStartTime:0,redirectEndTime:0,postRedirectStartTime:t.startTime??0,finalServiceWorkerStartTime:0,finalNetworkResponseStartTime:0,finalNetworkRequestStartTime:0,endTime:0,encodedBodySize:0,decodedBodySize:0,finalConnectionTimingInfo:null}}function CZ(){return{referrerPolicy:"strict-origin-when-cross-origin"}}function IZ(t){return{referrerPolicy:t.referrerPolicy}}function BZ(t){let e=t.referrerPolicy;bc(e);let r=null;if(t.referrer==="client"){let a=eZ();if(!a||a.origin==="null")return"no-referrer";r=new URL(a)}else t.referrer instanceof URL&&(r=t.referrer);let n=wb(r),i=wb(r,!0);n.toString().length>4096&&(n=i);let s=Gm(t,n),o=Kd(n)&&!Kd(t.url);switch(e){case"origin":return i??wb(r,!0);case"unsafe-url":return n;case"same-origin":return s?i:"no-referrer";case"origin-when-cross-origin":return s?n:i;case"strict-origin-when-cross-origin":{let a=Xd(t);return Gm(n,a)?n:Kd(n)&&!Kd(a)?"no-referrer":i}default:return o?"no-referrer":i}}function wb(t,e){return bc(t instanceof URL),t.protocol==="file:"||t.protocol==="about:"||t.protocol==="blank:"?"no-referrer":(t.username="",t.password="",t.hash="",e&&(t.pathname="",t.search=""),t)}function Kd(t){if(!(t instanceof URL))return!1;if(t.href==="about:blank"||t.href==="about:srcdoc"||t.protocol==="data:"||t.protocol==="file:")return!0;return e(t.origin);function e(r){if(r==null||r==="null")return!1;let n=new URL(r);return!!(n.protocol==="https:"||n.protocol==="wss:"||/^127(?:\.[0-9]+){0,2}\.[0-9]+$|^\[(?:0*:)*?:?0*1\]$/.test(n.hostname)||n.hostname==="localhost"||n.hostname.includes("localhost.")||n.hostname.endsWith(".localhost"))}}function QZ(t,e){if(zm===void 0)return!0;let r=rO(e);if(r==="no metadata"||r.length===0)return!0;let n=NZ(r),i=wZ(r,n);for(let s of i){let o=s.algo,a=s.hash,A=zm.createHash(o).update(t).digest("base64");if(A[A.length-1]==="="&&(A[A.length-2]==="="?A=A.slice(0,-2):A=A.slice(0,-1)),SZ(A,a))return!0}return!1}var bZ=/(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i;function rO(t){let e=[],r=!0;for(let n of t.split(" ")){r=!1;let i=bZ.exec(n);if(i===null||i.groups===void 0||i.groups.algo===void 0)continue;let s=i.groups.algo.toLowerCase();XT.includes(s)&&e.push(i.groups)}return r===!0?"no metadata":e}function NZ(t){let e=t[0].algo;if(e[3]==="5")return e;for(let r=1;r<t.length;++r){let n=t[r];if(n.algo[3]==="5"){e="sha512";break}else{if(e[3]==="3")continue;n.algo[3]==="3"&&(e="sha384")}}return e}function wZ(t,e){if(t.length===1)return t;let r=0;for(let n=0;n<t.length;++n)t[n].algo===e&&(t[r++]=t[n]);return t.length=r,t}function SZ(t,e){if(t.length!==e.length)return!1;for(let r=0;r<t.length;++r)if(t[r]!==e[r]){if(t[r]==="+"&&e[r]==="-"||t[r]==="/"&&e[r]==="_")continue;return!1}return!0}function xZ(t){}function Gm(t,e){return t.origin===e.origin&&t.origin==="null"||t.protocol===e.protocol&&t.hostname===e.hostname&&t.port===e.port}function RZ(){let t,e;return{promise:new Promise((n,i)=>{t=n,e=i}),resolve:t,reject:e}}function vZ(t){return t.controller.state==="aborted"}function _Z(t){return t.controller.state==="aborted"||t.controller.state==="terminated"}var Rb={delete:"DELETE",DELETE:"DELETE",get:"GET",GET:"GET",head:"HEAD",
 								`||t==="	"||t===" "}function vb(t,e=!0,r=!0){let n=0,i=t.length-1;if(e)for(;n<t.length&&cO(t[n]);n++);if(r)for(;i>0&&cO(t[i]);i--);return t.slice(n,i+1)}function lO(t){return t==="\r"||t===`
 								`||t==="	"||t==="\f"||t===" "}function t7(t,e=!0,r=!0){let n=0,i=t.length-1;if(e)for(;n<t.length&&lO(t[n]);n++);if(r)for(;i>0&&lO(t[i]);i--);return t.slice(n,i+1)}hO.exports={dataURLProcessor:KZ,URLSerializer:uO,collectASequenceOfCodePoints:Vm,collectASequenceOfCodePointsFast:Nc,stringPercentDecode:dO,parseMIMEType:_b,collectAnHTTPQuotedString:fO,serializeAMimeType:e7}});var Wm=h((HOe,EO)=>{"use strict";var{Blob:pO,File:gO}=require("buffer"),{types:Db}=require("util"),{kState:On}=Gs(),{isBlobLike:yO}=ni(),{webidl:Ve}=Vr(),{parseMIMEType:r7,serializeAMimeType:n7}=Hi(),{kEnumerableProperty:mO}=Ue(),i7=new TextEncoder,Zd=class t extends pO{constructor(e,r,n={}){Ve.argumentLengthCheck(arguments,2,{header:"File constructor"}),e=Ve.converters["sequence<BlobPart>"](e),r=Ve.converters.USVString(r),n=Ve.converters.FilePropertyBag(n);let i=r,s=n.type,o;e:{if(s){if(s=r7(s),s==="failure"){s="";break e}s=n7(s).toLowerCase()}o=n.lastModified}super(s7(e,n),{type:s}),this[On]={name:i,lastModified:o,type:s}}get name(){return Ve.brandCheck(this,t),this[On].name}get lastModified(){return Ve.brandCheck(this,t),this[On].lastModified}get type(){return Ve.brandCheck(this,t),this[On].type}},kb=class t{constructor(e,r,n={}){let i=r,s=n.type,o=n.lastModified??Date.now();this[On]={blobLike:e,name:i,type:s,lastModified:o}}stream(...e){return Ve.brandCheck(this,t),this[On].blobLike.stream(...e)}arrayBuffer(...e){return Ve.brandCheck(this,t),this[On].blobLike.arrayBuffer(...e)}slice(...e){return Ve.brandCheck(this,t),this[On].blobLike.slice(...e)}text(...e){return Ve.brandCheck(this,t),this[On].blobLike.text(...e)}get size(){return Ve.brandCheck(this,t),this[On].blobLike.size}get type(){return Ve.brandCheck(this,t),this[On].blobLike.type}get name(){return Ve.brandCheck(this,t),this[On].name}get lastModified(){return Ve.brandCheck(this,t),this[On].lastModified}get[Symbol.toStringTag](){return"File"}};Object.defineProperties(Zd.prototype,{[Symbol.toStringTag]:{value:"File",configurable:!0},name:mO,lastModified:mO});Ve.converters.Blob=Ve.interfaceConverter(pO);Ve.converters.BlobPart=function(t,e){if(Ve.util.Type(t)==="Object"){if(yO(t))return Ve.converters.Blob(t,{strict:!1});if(ArrayBuffer.isView(t)||Db.isAnyArrayBuffer(t))return Ve.converters.BufferSource(t,e)}return Ve.converters.USVString(t,e)};Ve.converters["sequence<BlobPart>"]=Ve.sequenceConverter(Ve.converters.BlobPart);Ve.converters.FilePropertyBag=Ve.dictionaryConverter([{key:"lastModified",converter:Ve.converters["long long"],get defaultValue(){return Date.now()}},{key:"type",converter:Ve.converters.DOMString,defaultValue:""},{key:"endings",converter:t=>(t=Ve.converters.DOMString(t),t=t.toLowerCase(),t!=="native"&&(t="transparent"),t),defaultValue:"transparent"}]);function s7(t,e){let r=[];for(let n of t)if(typeof n=="string"){let i=n;e.endings==="native"&&(i=o7(i)),r.push(i7.encode(i))}else Db.isAnyArrayBuffer(n)||Db.isTypedArray(n)?n.buffer?r.push(new Uint8Array(n.buffer,n.byteOffset,n.byteLength)):r.push(new Uint8Array(n)):yO(n)&&r.push(n);return r}function o7(t){let e=`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`;return process.platform==="win32"&&(e=`\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`),t.replace(/\r?\n/g,e)}function a7(t){return gO&&t instanceof gO||t instanceof Zd||t&&(typeof t.stream=="function"||typeof t.arrayBuffer=="function")&&t[Symbol.toStringTag]==="File"}EO.exports={File:Zd,FileLike:kb,isFileLike:a7}});var Km=h((jOe,bO)=>{"use strict";var{isBlobLike:$m,toUSVString:A7,makeIterator:Pb}=ni(),{kState:Lr}=Gs(),{File:QO,FileLike:CO,isFileLike:c7}=Wm(),{webidl:it}=Vr(),{Blob:l7,File:Tb}=require("buffer"),IO=Tb??QO,wc=class t{constructor(e){if(e!==void 0)throw it.errors.conversionFailed({prefix:"FormData constructor",argument:"Argument 1",types:["undefined"]});this[Lr]=[]}append(e,r,n=void 0){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,2,{header:"FormData.append"}),arguments.length===3&&!$m(r))throw new TypeError("Failed to execute 'append' on 'FormData': parameter 2 is not of type 'Blob'");e=it.converters.USVString(e),r=$m(r)?it.converters.Blob(r,{strict:!1}):it.converters.USVString(r),n=arguments.length===3?it.converters.USVString(n):void 0;let i=BO(e,r,n);this[Lr].push(i)}delete(e){it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.delete"}),e=it.converters.USVString(e),this[Lr]=this[Lr].filter(r=>r.name!==e)}get(e){it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.get"}),e=it.converters.USVString(e);let r=this[Lr].findIndex(n=>n.name===e);return r===-1?null:this[Lr][r].value}getAll(e){return it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.getAll"}),e=it.converters.USVString(e),this[Lr].filter(r=>r.name===e).map(r=>r.value)}has(e){return it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.has"}),e=it.converters.USVString(e),this[Lr].findIndex(r=>r.name===e)!==-1}set(e,r,n=void 0){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,2,{header:"FormData.set"}),arguments.length===3&&!$m(r))throw new TypeError("Failed to execute 'set' on 'FormData': parameter 2 is not of type 'Blob'");e=it.converters.USVString(e),r=$m(r)?it.converters.Blob(r,{strict:!1}):it.converters.USVString(r),n=arguments.length===3?A7(n):void 0;let i=BO(e,r,n),s=this[Lr].findIndex(o=>o.name===e);s!==-1?this[Lr]=[...this[Lr].slice(0,s),i,...this[Lr].slice(s+1).filter(o=>o.name!==e)]:this[Lr].push(i)}entries(){return it.brandCheck(this,t),Pb(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","key+value")}keys(){return it.brandCheck(this,t),Pb(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","key")}values(){return it.brandCheck(this,t),Pb(()=>this[Lr].map(e=>[e.name,e.value]),"FormData","value")}forEach(e,r=globalThis){if(it.brandCheck(this,t),it.argumentLengthCheck(arguments,1,{header:"FormData.forEach"}),typeof e!="function")throw new TypeError("Failed to execute 'forEach' on 'FormData': parameter 1 is not of type 'Function'.");for(let[n,i]of this)e.apply(r,[i,n,this])}};wc.prototype[Symbol.iterator]=wc.prototype.entries;Object.defineProperties(wc.prototype,{[Symbol.toStringTag]:{value:"FormData",configurable:!0}});function BO(t,e,r){if(t=Buffer.from(t).toString("utf8"),typeof e=="string")e=Buffer.from(e).toString("utf8");else if(c7(e)||(e=e instanceof l7?new IO([e],"blob",{type:e.type}):new CO(e,"blob",{type:e.type})),r!==void 0){let n={type:e.type,lastModified:e.lastModified};e=Tb&&e instanceof Tb||e instanceof QO?new IO([e],r,n):new CO(e,r,n)}return{name:t,value:e}}bO.exports={FormData:wc}});var ef=h((zOe,kO)=>{"use strict";var u7=HT(),Sc=Ue(),{ReadableStreamFrom:d7,isBlobLike:NO,isReadableStreamLike:f7,readableStreamClose:h7,createDeferredPromise:g7,fullyReadBody:m7}=ni(),{FormData:wO}=Km(),{kState:Js}=Gs(),{webidl:Ob}=Vr(),{DOMException:RO,structuredClone:p7}=Lo(),{Blob:y7,File:E7}=require("buffer"),{kBodyUsed:C7}=It(),Lb=require("assert"),{isErrored:I7}=Ue(),{isUint8Array:vO,isArrayBuffer:B7}=require("util/types"),{File:Q7}=Wm(),{parseMIMEType:b7,serializeAMimeType:N7}=Hi(),Mb;try{let t=require("node:crypto");Mb=e=>t.randomInt(0,e)}catch{Mb=t=>Math.floor(Math.random(t))}var Ys=globalThis.ReadableStream,SO=E7??Q7,Xm=new TextEncoder,w7=new TextDecoder;function _O(t,e=!1){Ys||(Ys=require("stream/web").ReadableS
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								Content-Disposition: form-data`;let l=E=>E.replace(/\n/g,"%0A").replace(/\r/g,"%0D").replace(/"/g,"%22"),u=E=>E.replace(/\r?\n|\r/g,`\r
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`),d=[],f=new Uint8Array([13,10]);s=0;let g=!1;for(let[E,C]of t)if(typeof C=="string"){let I=Xm.encode(c+`; name="${l(u(E))}"\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
 								${u(C)}\r
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`);d.push(I),s+=I.byteLength}else{let I=Xm.encode(`${c}; name="${l(u(E))}"`+(C.name?`; filename="${l(C.name)}"`:"")+`\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								Content-Type: ${C.type||"application/octet-stream"}\r
 								\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`);d.push(I,C,f),typeof C.size=="number"?s+=I.byteLength+C.size+f.byteLength:g=!0}let m=Xm.encode(`--${A}--`);d.push(m),s+=m.byteLength,g&&(s=null),i=t,n=async function*(){for(let E of d)E.stream?yield*E.stream():yield E},o="multipart/form-data; boundary="+A}else if(NO(t))i=t,s=t.size,t.type&&(o=t.type);else if(typeof t[Symbol.asyncIterator]=="function"){if(e)throw new TypeError("keepalive");if(Sc.isDisturbed(t)||t.locked)throw new TypeError("Response body object should not be disturbed or locked");r=t instanceof Ys?t:d7(t)}if((typeof i=="string"||Sc.isBuffer(i))&&(s=Buffer.byteLength(i)),n!=null){let A;r=new Ys({async start(){A=n(t)[Symbol.asyncIterator]()},async pull(c){let{value:l,done:u}=await A.next();return u?queueMicrotask(()=>{c.close()}):I7(r)||c.enqueue(new Uint8Array(l)),c.desiredSize>0},async cancel(c){await A.return()},type:void 0})}return[{stream:r,source:i,length:s},o]}function S7(t,e=!1){return Ys||(Ys=require("stream/web").ReadableStream),t instanceof Ys&&(Lb(!Sc.isDisturbed(t),"The body has already been consumed."),Lb(!t.locked,"The stream is locked.")),_O(t,e)}function x7(t){let[e,r]=t.stream.tee(),n=p7(r,{transfer:[r]}),[,i]=n.tee();return t.stream=e,{stream:i,length:t.length,source:t.source}}async function*xO(t){if(t)if(vO(t))yield t;else{let e=t.stream;if(Sc.isDisturbed(e))throw new TypeError("The body has already been consumed.");if(e.locked)throw new TypeError("The stream is locked.");e[C7]=!0,yield*e}}function Fb(t){if(t.aborted)throw new RO("The operation was aborted.","AbortError")}function R7(t){return{blob(){return Zm(this,r=>{let n=k7(this);return n==="failure"?n="":n&&(n=N7(n)),new y7([r],{type:n})},t)},arrayBuffer(){return Zm(this,r=>new Uint8Array(r).buffer,t)},text(){return Zm(this,DO,t)},json(){return Zm(this,D7,t)},async formData(){Ob.brandCheck(this,t),Fb(this[Js]);let r=this.headers.get("Content-Type");if(/multipart\/form-data/.test(r)){let n={};for(let[a,A]of this.headers)n[a.toLowerCase()]=A;let i=new wO,s;try{s=new u7({headers:n,preservePath:!0})}catch(a){throw new RO(`${a}`,"AbortError")}s.on("field",(a,A)=>{i.append(a,A)}),s.on("file",(a,A,c,l,u)=>{let d=[];if(l==="base64"||l.toLowerCase()==="base64"){let f="";A.on("data",g=>{f+=g.toString().replace(/[\r\n]/gm,"");let m=f.length-f.length%4;d.push(Buffer.from(f.slice(0,m),"base64")),f=f.slice(m)}),A.on("end",()=>{d.push(Buffer.from(f,"base64")),i.append(a,new SO(d,c,{type:u}))})}else A.on("data",f=>{d.push(f)}),A.on("end",()=>{i.append(a,new SO(d,c,{type:u}))})});let o=new Promise((a,A)=>{s.on("finish",a),s.on("error",c=>A(new TypeError(c)))});if(this.body!==null)for await(let a of xO(this[Js].body))s.write(a);return s.end(),await o,i}else if(/application\/x-www-form-urlencoded/.test(r)){let n;try{let s="",o=new TextDecoder("utf-8",{ignoreBOM:!0});for await(let a of xO(this[Js].body)){if(!vO(a))throw new TypeError("Expected Uint8Array chunk");s+=o.decode(a,{stream:!0})}s+=o.decode(),n=new URLSearchParams(s)}catch(s){throw Object.assign(new TypeError,{cause:s})}let i=new wO;for(let[s,o]of n)i.append(s,o);return i}else throw await Promise.resolve(),Fb(this[Js]),Ob.errors.exception({header:`${t.name}.formData`,message:"Could not parse content as FormData."})}}}function v7(t){Object.assign(t.prototype,R7(t))}async function Zm(t,e,r){if(Ob.brandCheck(t,r),Fb(t[Js]),_7(t[Js].body))throw new TypeError("Body is unusable");let n=g7(),i=o=>n.reject(o),s=o=>{try{n.resolve(e(o))}catch(a){i(a)}};return t[Js].body==null?(s(new Uint8Array),n.promise):(await m7(t[Js].body,s,i),n.promise)}function _7(t){return t!=null&&(t.stream.locked||Sc.isDisturbed(t.stream))}function DO(t){return t.length===0?"":(t[0]===239&&t[1]===187&&t[2]===191&&(t=t.subarray(3)),w7.decode(t))}function D7(t){return JSON.parse(DO(t))}function k7(t){let{headersList:e}=t[Js],r=e.get("content-type");return r===null?"failure":b7(r)}kO.exports={extractBody:_O,safelyExtractBody:S7,cloneBody:x7,mixinBody:v7}});var LO=h((GOe,OO)=>{"use strict";var{InvalidArgumentError:mt,NotSupportedError:P7}=At(),Vs=require("assert"),{kHTTP2BuildRequest:T7,kHTTP2CopyHeaders:O7,kHTTP1BuildRequest:
-												fix: handle Windows with .cmd/.ps1 shims and add tests

- Extract ensureAliasLinks to its own module for testability
- On Windows, create .cmd and .ps1 shims instead of symlinks
- On Unix, create symlinks (as before)
- Skip alias creation when targets don't exist (pnpm v10)
- Add vitest and 8 tests covering unix/windows/skip/no-overwrite

											
										
										
											2026-03-26 18:41:05 +01:00
+								`),this.body=E.stream,this.contentLength=E.length}else an.isBlobLike(i)&&this.contentType==null&&i.type&&(this.contentType=i.type,this.headers+=`content-type: ${i.type}\r
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`);an.validateHandler(m,n,c),this.servername=an.getServerName(this.host),this[ji]=m,tr.create.hasSubscribers&&tr.create.publish({request:this})}onBodySent(e){if(this[ji].onBodySent)try{return this[ji].onBodySent(e)}catch(r){this.abort(r)}}onRequestSent(){if(tr.bodySent.hasSubscribers&&tr.bodySent.publish({request:this}),this[ji].onRequestSent)try{return this[ji].onRequestSent()}catch(e){this.abort(e)}}onConnect(e){if(Vs(!this.aborted),Vs(!this.completed),this.error)e(this.error);else return this.abort=e,this[ji].onConnect(e)}onHeaders(e,r,n,i){Vs(!this.aborted),Vs(!this.completed),tr.headers.hasSubscribers&&tr.headers.publish({request:this,response:{statusCode:e,headers:r,statusText:i}});try{return this[ji].onHeaders(e,r,n,i)}catch(s){this.abort(s)}}onData(e){Vs(!this.aborted),Vs(!this.completed);try{return this[ji].onData(e)}catch(r){return this.abort(r),!1}}onUpgrade(e,r,n){return Vs(!this.aborted),Vs(!this.completed),this[ji].onUpgrade(e,r,n)}onComplete(e){this.onFinally(),Vs(!this.aborted),this.completed=!0,tr.trailers.hasSubscribers&&tr.trailers.publish({request:this,trailers:e});try{return this[ji].onComplete(e)}catch(r){this.onError(r)}}onError(e){if(this.onFinally(),tr.error.hasSubscribers&&tr.error.publish({request:this,error:e}),!this.aborted)return this.aborted=!0,this[ji].onError(e)}onFinally(){this.errorHandler&&(this.body.off("error",this.errorHandler),this.errorHandler=null),this.endHandler&&(this.body.off("end",this.endHandler),this.endHandler=null)}addHeader(e,r){return tf(this,e,r),this}static[L7](e,r,n){return new t(e,r,n)}static[T7](e,r,n){let i=r.headers;r={...r,headers:null};let s=new t(e,r,n);if(s.headers={},Array.isArray(i)){if(i.length%2!==0)throw new mt("headers array must be even");for(let o=0;o<i.length;o+=2)tf(s,i[o],i[o+1],!0)}else if(i&&typeof i=="object"){let o=Object.keys(i);for(let a=0;a<o.length;a++){let A=o[a];tf(s,A,i[A],!0)}}else if(i!=null)throw new mt("headers must be an object or an array");return s}static[O7](e){let r=e.split(`\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`),n={};for(let i of r){let[s,o]=i.split(": ");o==null||o.length===0||(n[s]?n[s]+=`,${o}`:n[s]=o)}return n}};function za(t,e,r){if(e&&typeof e=="object")throw new mt(`invalid ${t} header`);if(e=e!=null?`${e}`:"",TO.exec(e)!==null)throw new mt(`invalid ${t} header`);return r?e:`${t}: ${e}\r
 								`}function tf(t,e,r,n=!1){if(r&&typeof r=="object"&&!Array.isArray(r))throw new mt(`invalid ${e} header`);if(r===void 0)return;if(t.host===null&&e.length===4&&e.toLowerCase()==="host"){if(TO.exec(r)!==null)throw new mt(`invalid ${e} header`);t.host=r}else if(t.contentLength===null&&e.length===14&&e.toLowerCase()==="content-length"){if(t.contentLength=parseInt(r,10),!Number.isFinite(t.contentLength))throw new mt("invalid content-length header")}else if(t.contentType===null&&e.length===12&&e.toLowerCase()==="content-type")t.contentType=r,n?t.headers[e]=za(e,r,n):t.headers+=za(e,r);else{if(e.length===17&&e.toLowerCase()==="transfer-encoding")throw new mt("invalid transfer-encoding header");if(e.length===10&&e.toLowerCase()==="connection"){let i=typeof r=="string"?r.toLowerCase():null;if(i!=="close"&&i!=="keep-alive")throw new mt("invalid connection header");i==="close"&&(t.reset=!0)}else{if(e.length===10&&e.toLowerCase()==="keep-alive")throw new mt("invalid keep-alive header");if(e.length===7&&e.toLowerCase()==="upgrade")throw new mt("invalid upgrade header");if(e.length===6&&e.toLowerCase()==="expect")throw new P7("expect header not supported");if(PO.exec(e)===null)throw new mt("invalid header key");if(Array.isArray(r))for(let i=0;i<r.length;i++)n?t.headers[e]?t.headers[e]+=`,${za(e,r[i],n)}`:t.headers[e]=za(e,r[i],n):t.headers+=za(e,r[i]);else n?t.headers[e]=za(e,r,n):t.headers+=za(e,r)}}}OO.exports=qb});var ep=h((YOe,MO)=>{"use strict";var F7=require("events"),Hb=class extends F7{dispatch(){throw new Error("not implemented")}close(){throw new Error("not implemented")}destroy(){throw new Error("not implemented")}};MO.exports=Hb});var nf=h((JOe,FO)=>{"use strict";var U7=ep(),{ClientDestroyedError:jb,ClientClosedError:q7,InvalidArgumentError:xc}=At(),{kDestroy:H7,kClose:j7,kDispatch:zb,kInterceptors:Ga}=It(),Rc=Symbol("destroyed"),rf=Symbol("closed"),Ws=Symbol("onDestroyed"),vc=Symbol("onClosed"),tp=Symbol("Intercepted Dispatch"),Gb=class extends U7{constructor(){super(),this[Rc]=!1,this[Ws]=null,this[rf]=!1,this[vc]=[]}get destroyed(){return this[Rc]}get closed(){return this[rf]}get interceptors(){return this[Ga]}set interceptors(e){if(e){for(let r=e.length-1;r>=0;r--)if(typeof this[Ga][r]!="function")throw new xc("interceptor must be an function")}this[Ga]=e}close(e){if(e===void 0)return new Promise((n,i)=>{this.close((s,o)=>s?i(s):n(o))});if(typeof e!="function")throw new xc("invalid callback");if(this[Rc]){queueMicrotask(()=>e(new jb,null));return}if(this[rf]){this[vc]?this[vc].push(e):queueMicrotask(()=>e(null,null));return}this[rf]=!0,this[vc].push(e);let r=()=>{let n=this[vc];this[vc]=null;for(let i=0;i<n.length;i++)n[i](null,null)};this[j7]().then(()=>this.destroy()).then(()=>{queueMicrotask(r)})}destroy(e,r){if(typeof e=="function"&&(r=e,e=null),r===void 0)return new Promise((i,s)=>{this.destroy(e,(o,a)=>o?s(o):i(a))});if(typeof r!="function")throw new xc("invalid callback");if(this[Rc]){this[Ws]?this[Ws].push(r):queueMicrotask(()=>r(null,null));return}e||(e=new jb),this[Rc]=!0,this[Ws]=this[Ws]||[],this[Ws].push(r);let n=()=>{let i=this[Ws];this[Ws]=null;for(let s=0;s<i.length;s++)i[s](null,null)};this[H7](e).then(()=>{queueMicrotask(n)})}[tp](e,r){if(!this[Ga]||this[Ga].length===0)return this[tp]=this[zb],this[zb](e,r);let n=this[zb].bind(this);for(let i=this[Ga].length-1;i>=0;i--)n=this[Ga][i](n);return this[tp]=n,n(e,r)}dispatch(e,r){if(!r||typeof r!="object")throw new xc("handler must be an object");try{if(!e||typeof e!="object")throw new xc("opts must be an object.");if(this[Rc]||this[Ws])throw new jb;if(this[rf])throw new q7;return this[tp](e,r)}catch(n){if(typeof r.onError!="function")throw new xc("invalid onError method");return r.onError(n),!1}}};FO.exports=Gb});var sf=h(($Oe,HO)=>{"use strict";var z7=require("net"),UO=require("assert"),qO=Ue(),{InvalidArgumentError:G7,ConnectTimeoutError:Y7}=At(),Yb,Jb;global.FinalizationRegistry&&!process.env.NODE_V8_COVERAGE?Jb=class{constructor(e){this._maxCachedSessions=e,this._sessionCache=new Map,this._sessionRegistry=new global.FinalizationRegistry(r=>{if(this._s
 								`,this[sL]=A??3e5,this[iL]=i??3e5,this[uf]=I??!0,this[Qee]=w,this[df]=T,this[Fo]=null,this[aL]=k>-1?k:-1,this[fs]="h1",this[Mn]=null,this[cp]=Re?{openStreams:0,maxConcurrentStreams:H??100}:null,this[AL]=`${this[Rr].hostname}${this[Rr].port?`:${this[Rr].port}`:""}`,this[Bt]=[],this[Qt]=0,this[Ln]=0}get pipelining(){return this[qo]}set pipelining(e){this[qo]=e,Fn(this,!0)}get[Va](){return this[Bt].length-this[Ln]}get[Dt](){return this[Ln]-this[Qt]}get[Ja](){return this[Bt].length-this[Qt]}get[Bee](){return!!this[Ot]&&!this[Dc]&&!this[Ot].destroyed}get[t0](){let e=this[Ot];return e&&(e[Wr]||e[Xs]||e[Pc])||this[Ja]>=(this[qo]||1)||this[Va]>0}[Iee](e){dL(this),this.once("connect",e)}[wee](e,r){let n=e.origin||this[Rr].origin,i=this[fs]==="h2"?e0[xee](n,e,r):e0[vee](n,e,r);return this[Bt].push(i),this[Ya]||(Ae.bodyLength(i.body)==null&&Ae.isIterable(i.body)?(this[Ya]=1,process.nextTick(Fn,this)):Fn(this,!0)),this[Ya]&&this[Uo]!==2&&this[t0]&&(this[Uo]=2),this[Uo]<2}async[bee](){return new Promise(e=>{this[Ja]?this[Fo]=e:e(null)})}async[Nee](e){return new Promise(r=>{let n=this[Bt].splice(this[Ln]);for(let s=0;s<n.length;s++){let o=n[s];$r(this,o,e)}let i=()=>{this[Fo]&&(this[Fo](),this[Fo]=null),r()};this[Mn]!=null&&(Ae.destroy(this[Mn],e),this[Mn]=null,this[cp]=null),this[Ot]?Ae.destroy(this[Ot].on("close",i),e):queueMicrotask(i),Fn(this)})}};function Mee(t){ee(t.code!=="ERR_TLS_CERT_ALTNAME_INVALID"),this[Ot][vr]=t,fp(this[ds],t)}function Fee(t,e,r){let n=new us(`HTTP/2: "frameError" received - type ${t}, code ${e}`);r===0&&(this[Ot][vr]=n,fp(this[ds],n))}function Uee(){Ae.destroy(this,new kc("other side closed")),Ae.destroy(this[Ot],new kc("other side closed"))}function qee(t){let e=this[ds],r=new us(`HTTP/2: "GOAWAY" frame received with code ${t}`);if(e[Ot]=null,e[Mn]=null,e.destroyed){ee(this[Va]===0);let n=e[Bt].splice(e[Qt]);for(let i=0;i<n.length;i++){let s=n[i];$r(this,s,r)}}else if(e[Dt]>0){let n=e[Bt][e[Qt]];e[Bt][e[Qt]++]=null,$r(e,n,r)}e[Ln]=e[Qt],ee(e[Dt]===0),e.emit("disconnect",e[Rr],[e],r),Fn(e)}var As=zO(),Hee=ip(),jee=Buffer.alloc(0);async function zee(){let t=process.env.JEST_WORKER_ID?Kb():void 0,e;try{e=await WebAssembly.compile(Buffer.from(KO(),"base64"))}catch{e=await WebAssembly.compile(Buffer.from(t||Kb(),"base64"))}return await WebAssembly.instantiate(e,{env:{wasm_on_url:(r,n,i)=>0,wasm_on_status:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-ls+cs.byteOffset;return or.onStatus(new sp(cs.buffer,s,i))||0},wasm_on_message_begin:r=>(ee.strictEqual(or.ptr,r),or.onMessageBegin()||0),wasm_on_header_field:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-ls+cs.byteOffset;return or.onHeaderField(new sp(cs.buffer,s,i))||0},wasm_on_header_value:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-ls+cs.byteOffset;return or.onHeaderValue(new sp(cs.buffer,s,i))||0},wasm_on_headers_complete:(r,n,i,s)=>(ee.strictEqual(or.ptr,r),or.onHeadersComplete(n,!!i,!!s)||0),wasm_on_body:(r,n,i)=>{ee.strictEqual(or.ptr,r);let s=n-ls+cs.byteOffset;return or.onBody(new sp(cs.buffer,s,i))||0},wasm_on_message_complete:r=>(ee.strictEqual(or.ptr,r),or.onMessageComplete()||0)}})}var Zb=null,i0=zee();i0.catch();var or=null,cs=null,op=0,ls=null,Tc=1,Ap=2,s0=3,o0=class{constructor(e,r,{exports:n}){ee(Number.isFinite(e[ap])&&e[ap]>0),this.llhttp=n,this.ptr=this.llhttp.llhttp_alloc(As.TYPE.RESPONSE),this.client=e,this.socket=r,this.timeout=null,this.timeoutValue=null,this.timeoutType=null,this.statusCode=null,this.statusText="",this.upgrade=!1,this.headers=[],this.headersSize=0,this.headersMaxSize=e[ap],this.shouldKeepAlive=!1,this.paused=!1,this.resume=this.resume.bind(this),this.bytesRead=0,this.keepAlive="",this.contentLength="",this.connection="",this.maxResponseSize=e[aL]}setTimeout(e,r){this.timeoutType=r,e!==this.timeoutValue?(Xb.clearTimeout(this.timeout),e?(this.timeout=Xb.setTimeout(Gee,e,this),this.timeout.unref&&this.timeout.unref()):this.timeout=null,this.timeoutValue=e):this.timeout&&this.timeout.refresh&&this.timeout.refresh()}resume(){this.socket.destroyed||!this.paused||(ee(this.ptr!=null),ee(or==null),this.llhttp.llhttp_resume(this.ptr),ee
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`;return typeof s=="string"?g+=`host: ${s}\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`:g+=t[tL],o?g+=`connection: upgrade\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								upgrade: ${o}\r
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`:t[qo]&&!f[Wr]?g+=`connection: keep-alive\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`:g+=`connection: close\r
-												fix: handle Windows with .cmd/.ps1 shims and add tests

- Extract ensureAliasLinks to its own module for testability
- On Windows, create .cmd and .ps1 shims instead of symlinks
- On Unix, create symlinks (as before)
- Skip alias creation when targets don't exist (pnpm v10)
- Add vitest and 8 tests covering unix/windows/skip/no-overwrite

											
										
										
											2026-03-26 18:41:05 +01:00
+								`,a&&(g+=a),Mr.sendHeaders.hasSubscribers&&Mr.sendHeaders.publish({request:e,headers:g,socket:f}),!r||u===0?(d===0?f.write(`${g}content-length: 0\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
 								`,"latin1"):(ee(d===null,"no body must not have content length"),f.write(`${g}\r
 								`,"latin1")),e.onRequestSent()):Ae.isBuffer(r)?(ee(d===r.byteLength,"buffer body must have content length"),f.cork(),f.write(`${g}content-length: ${d}\r
 								\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`,"latin1"),f.write(r),f.uncork(),e.onBodySent(r),e.onRequestSent(),l||(f[Wr]=!0)):Ae.isBlobLike(r)?typeof r.stream=="function"?up({body:r.stream(),client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):gL({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):Ae.isStream(r)?hL({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):Ae.isIterable(r)?up({body:r,client:t,request:e,socket:f,contentLength:d,header:g,expectsPayload:l}):ee(!1),!0}function Vee(t,e,r){let{body:n,method:i,path:s,host:o,upgrade:a,expectContinue:A,signal:c,headers:l}=r,u;if(typeof l=="string"?u=e0[Ree](l.trim()):u=l,a)return $r(t,r,new Error("Upgrade not supported for H2")),!1;try{r.onConnect(I=>{r.aborted||r.completed||$r(t,r,I||new A0)})}catch(I){$r(t,r,I)}if(r.aborted)return!1;let d,f=t[cp];if(u[_ee]=o||t[AL],u[Dee]=i,i==="CONNECT")return e.ref(),d=e.request(u,{endStream:!1,signal:c}),d.id&&!d.pending?(r.onUpgrade(null,null,d),++f.openStreams):d.once("ready",()=>{r.onUpgrade(null,null,d),++f.openStreams}),d.once("close",()=>{f.openStreams-=1,f.openStreams===0&&e.unref()}),!0;u[kee]=s,u[Pee]="https";let g=i==="PUT"||i==="POST"||i==="PATCH";n&&typeof n.read=="function"&&n.read(0);let m=Ae.bodyLength(n);if(m==null&&(m=r.contentLength),(m===0||!g)&&(m=null),fL(i)&&m>0&&r.contentLength!=null&&r.contentLength!==m){if(t[uf])return $r(t,r,new Ks),!1;process.emitWarning(new Ks)}m!=null&&(ee(n,"no body must not have content length"),u[Tee]=`${m}`),e.ref();let E=i==="GET"||i==="HEAD";return A?(u[Oee]="100-continue",d=e.request(u,{endStream:E,signal:c}),d.once("continue",C)):(d=e.request(u,{endStream:E,signal:c}),C()),++f.openStreams,d.once("response",I=>{let{[Lee]:N,...w}=I;r.onHeaders(Number(N),w,d.resume.bind(d),"")===!1&&d.pause()}),d.once("end",()=>{r.onComplete([])}),d.on("data",I=>{r.onData(I)===!1&&d.pause()}),d.once("close",()=>{f.openStreams-=1,f.openStreams===0&&e.unref()}),d.once("error",function(I){t[Mn]&&!t[Mn].destroyed&&!this.closed&&!this.destroyed&&(f.streams-=1,Ae.destroy(d,I))}),d.once("frameError",(I,N)=>{let w=new us(`HTTP/2: "frameError" received - type ${I}, code ${N}`);$r(t,r,w),t[Mn]&&!t[Mn].destroyed&&!this.closed&&!this.destroyed&&(f.streams-=1,Ae.destroy(d,w))}),!0;function C(){n?Ae.isBuffer(n)?(ee(m===n.byteLength,"buffer body must have content length"),d.cork(),d.write(n),d.uncork(),d.end(),r.onBodySent(n),r.onRequestSent()):Ae.isBlobLike(n)?typeof n.stream=="function"?up({client:t,request:r,contentLength:m,h2stream:d,expectsPayload:g,body:n.stream(),socket:t[Ot],header:""}):gL({body:n,client:t,request:r,contentLength:m,expectsPayload:g,h2stream:d,header:"",socket:t[Ot]}):Ae.isStream(n)?hL({body:n,client:t,request:r,contentLength:m,expectsPayload:g,socket:t[Ot],h2stream:d,header:""}):Ae.isIterable(n)?up({body:n,client:t,request:r,contentLength:m,expectsPayload:g,header:"",h2stream:d,socket:t[Ot]}):ee(!1):r.onRequestSent()}}function hL({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,header:o,expectsPayload:a}){if(ee(s!==0||r[Dt]===0,"stream body cannot be pipelined"),r[fs]==="h2"){let m=function(E){n.onBodySent(E)},g=uee(e,t,E=>{E?(Ae.destroy(e,E),Ae.destroy(t,E)):n.onRequestSent()});g.on("data",m),g.once("end",()=>{g.removeListener("data",m),Ae.destroy(g)});return}let A=!1,c=new dp({socket:i,request:n,contentLength:s,client:r,expectsPayload:a,header:o}),l=function(g){if(!A)try{!c.write(g)&&this.pause&&this.pause()}catch(m){Ae.destroy(this,m)}},u=function(){A||e.resume&&e.resume()},d=function(){if(A)return;let g=new A0;queueMicrotask(()=>f(g))},f=function(g){if(!A){if(A=!0,ee(i.destroyed||i[Xs]&&r[Dt]<=1),i.off("drain",u).off("error",f),e.removeListener("data",l).removeListener("end",f).removeListener("error",f).removeListener("close",d),!g)try{c.end()}catch(m){g=m}c.destroy(g),g&&(g.code!=="UND_ERR_INFO"||g.message!=="reset")?Ae.destroy(e,g):Ae.destroy(e)}};e.on("data",l).on("end",f).on("error",f).on("close",d),e.resume&&e.resume(),i.on("drain",u).on("error",f)}async function gL({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,heade
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`,"latin1"),i.write(c),i.uncork()),n.onBodySent(c),n.onRequestSent(),a||(i[Wr]=!0),Fn(r)}catch(c){Ae.destroy(A?t:i,c)}}async function up({h2stream:t,body:e,client:r,request:n,socket:i,contentLength:s,header:o,expectsPayload:a}){ee(s!==0||r[Dt]===0,"iterator body cannot be pipelined");let A=null;function c(){if(A){let d=A;A=null,d()}}let l=()=>new Promise((d,f)=>{ee(A===null),i[vr]?f(i[vr]):A=d});if(r[fs]==="h2"){t.on("close",c).on("drain",c);try{for await(let d of e){if(i[vr])throw i[vr];let f=t.write(d);n.onBodySent(d),f||await l()}}catch(d){t.destroy(d)}finally{n.onRequestSent(),t.end(),t.off("close",c).off("drain",c)}return}i.on("close",c).on("drain",c);let u=new dp({socket:i,request:n,contentLength:s,client:r,expectsPayload:a,header:o});try{for await(let d of e){if(i[vr])throw i[vr];u.write(d)||await l()}u.end()}catch(d){u.destroy(d)}finally{i.off("close",c).off("drain",c)}}var dp=class{constructor({socket:e,request:r,contentLength:n,client:i,expectsPayload:s,header:o}){this.socket=e,this.request=r,this.contentLength=n,this.client=i,this.bytesWritten=0,this.expectsPayload=s,this.header=o,e[Xs]=!0}write(e){let{socket:r,request:n,contentLength:i,client:s,bytesWritten:o,expectsPayload:a,header:A}=this;if(r[vr])throw r[vr];if(r.destroyed)return!1;let c=Buffer.byteLength(e);if(!c)return!0;if(i!==null&&o+c>i){if(s[uf])throw new Ks;process.emitWarning(new Ks)}r.cork(),o===0&&(a||(r[Wr]=!0),i===null?r.write(`${A}transfer-encoding: chunked\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`,"latin1"):r.write(`${A}content-length: ${i}\r
 								\r
 								`,"latin1")),i===null&&r.write(`\r
 								${c.toString(16)}\r
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`,"latin1"),this.bytesWritten+=c;let l=r.write(e);return r.uncork(),n.onBodySent(e),l||r[Tt].timeout&&r[Tt].timeoutType===Tc&&r[Tt].timeout.refresh&&r[Tt].timeout.refresh(),l}end(){let{socket:e,contentLength:r,client:n,bytesWritten:i,expectsPayload:s,header:o,request:a}=this;if(a.onRequestSent(),e[Xs]=!1,e[vr])throw e[vr];if(!e.destroyed){if(i===0?s?e.write(`${o}content-length: 0\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
 								`,"latin1"):e.write(`${o}\r
 								`,"latin1"):r===null&&e.write(`\r
 \r
 								\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`,"latin1"),r!==null&&i!==r){if(n[uf])throw new Ks;process.emitWarning(new Ks)}e[Tt].timeout&&e[Tt].timeoutType===Tc&&e[Tt].timeout.refresh&&e[Tt].timeout.refresh(),Fn(n)}}destroy(e){let{socket:r,client:n}=this;r[Xs]=!1,e&&(ee(n[Dt]<=1,"pipeline should only contain this request"),Ae.destroy(r,e))}};function $r(t,e,r){try{e.onError(r),ee(e.aborted)}catch(n){t.emit("error",n)}}mL.exports=n0});var yL=h((sLe,pL)=>{"use strict";var hp=class{constructor(){this.bottom=0,this.top=0,this.list=new Array(2048),this.next=null}isEmpty(){return this.top===this.bottom}isFull(){return(this.top+1&2047)===this.bottom}push(e){this.list[this.top]=e,this.top=this.top+1&2047}shift(){let e=this.list[this.bottom];return e===void 0?null:(this.list[this.bottom]=void 0,this.bottom=this.bottom+1&2047,e)}};pL.exports=class{constructor(){this.head=this.tail=new hp}isEmpty(){return this.head.isEmpty()}push(e){this.head.isFull()&&(this.head=this.head.next=new hp),this.head.push(e)}shift(){let e=this.tail,r=e.shift();return e.isEmpty()&&e.next!==null&&(this.tail=e.next),r}}});var CL=h((oLe,EL)=>{var{kFree:Wee,kConnected:$ee,kPending:Kee,kQueued:Xee,kRunning:Zee,kSize:ete}=It(),Wa=Symbol("pool"),c0=class{constructor(e){this[Wa]=e}get connected(){return this[Wa][$ee]}get free(){return this[Wa][Wee]}get pending(){return this[Wa][Kee]}get queued(){return this[Wa][Xee]}get running(){return this[Wa][Zee]}get size(){return this[Wa][ete]}};EL.exports=c0});var g0=h((aLe,vL)=>{"use strict";var tte=nf(),rte=yL(),{kConnected:l0,kSize:IL,kRunning:BL,kPending:QL,kQueued:hf,kBusy:nte,kFree:ite,kUrl:ste,kClose:ote,kDestroy:ate,kDispatch:Ate}=It(),cte=CL(),An=Symbol("clients"),Kr=Symbol("needDrain"),gf=Symbol("queue"),u0=Symbol("closed resolve"),d0=Symbol("onDrain"),bL=Symbol("onConnect"),NL=Symbol("onDisconnect"),wL=Symbol("onConnectionError"),f0=Symbol("get dispatcher"),xL=Symbol("add client"),RL=Symbol("remove client"),SL=Symbol("stats"),h0=class extends tte{constructor(){super(),this[gf]=new rte,this[An]=[],this[hf]=0;let e=this;this[d0]=function(n,i){let s=e[gf],o=!1;for(;!o;){let a=s.shift();if(!a)break;e[hf]--,o=!this.dispatch(a.opts,a.handler)}this[Kr]=o,!this[Kr]&&e[Kr]&&(e[Kr]=!1,e.emit("drain",n,[e,...i])),e[u0]&&s.isEmpty()&&Promise.all(e[An].map(a=>a.close())).then(e[u0])},this[bL]=(r,n)=>{e.emit("connect",r,[e,...n])},this[NL]=(r,n,i)=>{e.emit("disconnect",r,[e,...n],i)},this[wL]=(r,n,i)=>{e.emit("connectionError",r,[e,...n],i)},this[SL]=new cte(this)}get[nte](){return this[Kr]}get[l0](){return this[An].filter(e=>e[l0]).length}get[ite](){return this[An].filter(e=>e[l0]&&!e[Kr]).length}get[QL](){let e=this[hf];for(let{[QL]:r}of this[An])e+=r;return e}get[BL](){let e=0;for(let{[BL]:r}of this[An])e+=r;return e}get[IL](){let e=this[hf];for(let{[IL]:r}of this[An])e+=r;return e}get stats(){return this[SL]}async[ote](){return this[gf].isEmpty()?Promise.all(this[An].map(e=>e.close())):new Promise(e=>{this[u0]=e})}async[ate](e){for(;;){let r=this[gf].shift();if(!r)break;r.handler.onError(e)}return Promise.all(this[An].map(r=>r.destroy(e)))}[Ate](e,r){let n=this[f0]();return n?n.dispatch(e,r)||(n[Kr]=!0,this[Kr]=!this[f0]()):(this[Kr]=!0,this[gf].push({opts:e,handler:r}),this[hf]++),!this[Kr]}[xL](e){return e.on("drain",this[d0]).on("connect",this[bL]).on("disconnect",this[NL]).on("connectionError",this[wL]),this[An].push(e),this[Kr]&&process.nextTick(()=>{this[Kr]&&this[d0](e[ste],[this,e])}),this}[RL](e){e.close(()=>{let r=this[An].indexOf(e);r!==-1&&this[An].splice(r,1)}),this[Kr]=this[An].some(r=>!r[Kr]&&r.closed!==!0&&r.destroyed!==!0)}};vL.exports={PoolBase:h0,kClients:An,kNeedDrain:Kr,kAddClient:xL,kRemoveClient:RL,kGetDispatcher:f0}});var Oc=h((ALe,kL)=>{"use strict";var{PoolBase:lte,kClients:gp,kNeedDrain:ute,kAddClient:dte,kGetDispatcher:fte}=g0(),hte=ff(),{InvalidArgumentError:m0}=At(),p0=Ue(),{kUrl:_L,kInterceptors:gte}=It(),mte=sf(),y0=Symbol("options"),E0=Symbol("connections"),DL=Symbol("factory");function pte(t,e){return new hte(t,e)}var C0=class extends lte{constructor(e,{connections:r,factory:n=pte,connect:i,connectTimeout:s,tls:o,maxCachedSessions
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								${n.count} ${n.noun} ${n.is} pending:
 								${e.format(r)}
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`.trim())}};uF.exports=iN});var yF=h((kLe,pF)=>{"use strict";var{kProxy:yne,kClose:Ene,kDestroy:Cne,kInterceptors:Ine}=It(),{URL:fF}=require("url"),hF=pf(),Bne=Oc(),Qne=nf(),{InvalidArgumentError:Bf,RequestAbortedError:bne}=At(),gF=sf(),Cf=Symbol("proxy agent"),Op=Symbol("proxy client"),If=Symbol("proxy headers"),sN=Symbol("request tls settings"),Nne=Symbol("proxy tls settings"),mF=Symbol("connect endpoint function");function wne(t){return t==="https:"?443:80}function Sne(t){if(typeof t=="string"&&(t={uri:t}),!t||!t.uri)throw new Bf("Proxy opts.uri is mandatory");return{uri:t.uri,protocol:t.protocol||"https"}}function xne(t,e){return new Bne(t,e)}var oN=class extends Qne{constructor(e){if(super(e),this[yne]=Sne(e),this[Cf]=new hF(e),this[Ine]=e.interceptors&&e.interceptors.ProxyAgent&&Array.isArray(e.interceptors.ProxyAgent)?e.interceptors.ProxyAgent:[],typeof e=="string"&&(e={uri:e}),!e||!e.uri)throw new Bf("Proxy opts.uri is mandatory");let{clientFactory:r=xne}=e;if(typeof r!="function")throw new Bf("Proxy opts.clientFactory must be a function.");this[sN]=e.requestTls,this[Nne]=e.proxyTls,this[If]=e.headers||{};let n=new fF(e.uri),{origin:i,port:s,host:o,username:a,password:A}=n;if(e.auth&&e.token)throw new Bf("opts.auth cannot be used in combination with opts.token");e.auth?this[If]["proxy-authorization"]=`Basic ${e.auth}`:e.token?this[If]["proxy-authorization"]=e.token:a&&A&&(this[If]["proxy-authorization"]=`Basic ${Buffer.from(`${decodeURIComponent(a)}:${decodeURIComponent(A)}`).toString("base64")}`);let c=gF({...e.proxyTls});this[mF]=gF({...e.requestTls}),this[Op]=r(n,{connect:c}),this[Cf]=new hF({...e,connect:async(l,u)=>{let d=l.host;l.port||(d+=`:${wne(l.protocol)}`);try{let{socket:f,statusCode:g}=await this[Op].connect({origin:i,port:s,path:d,signal:l.signal,headers:{...this[If],host:o}});if(g!==200&&(f.on("error",()=>{}).destroy(),u(new bne(`Proxy response (${g}) !== 200 when HTTP Tunneling`))),l.protocol!=="https:"){u(null,f);return}let m;this[sN]?m=this[sN].servername:m=l.servername,this[mF]({...l,servername:m,httpSocket:f},u)}catch(f){u(f)}}})}dispatch(e,r){let{host:n}=new fF(e.origin),i=Rne(e.headers);return vne(i),this[Cf].dispatch({...e,headers:{...i,host:n}},r)}async[Ene](){await this[Cf].close(),await this[Op].close()}async[Cne](){await this[Cf].destroy(),await this[Op].destroy()}};function Rne(t){if(Array.isArray(t)){let e={};for(let r=0;r<t.length;r+=2)e[t[r]]=t[r+1];return e}return t}function vne(t){if(t&&Object.keys(t).find(r=>r.toLowerCase()==="proxy-authorization"))throw new Bf("Proxy-Authorization should be sent in ProxyAgent constructor")}pF.exports=oN});var QF=h((PLe,BF)=>{var tA=require("assert"),{kRetryHandlerDefaultRetry:EF}=It(),{RequestRetryError:Lp}=At(),{isDisturbed:CF,parseHeaders:_ne,parseRangeHeader:IF}=Ue();function Dne(t){let e=Date.now();return new Date(t).getTime()-e}var aN=class t{constructor(e,r){let{retryOptions:n,...i}=e,{retry:s,maxRetries:o,maxTimeout:a,minTimeout:A,timeoutFactor:c,methods:l,errorCodes:u,retryAfter:d,statusCodes:f}=n??{};this.dispatch=r.dispatch,this.handler=r.handler,this.opts=i,this.abort=null,this.aborted=!1,this.retryOpts={retry:s??t[EF],retryAfter:d??!0,maxTimeout:a??30*1e3,timeout:A??500,timeoutFactor:c??2,maxRetries:o??5,methods:l??["GET","HEAD","OPTIONS","PUT","DELETE","TRACE"],statusCodes:f??[500,502,503,504,429],errorCodes:u??["ECONNRESET","ECONNREFUSED","ENOTFOUND","ENETDOWN","ENETUNREACH","EHOSTDOWN","EHOSTUNREACH","EPIPE"]},this.retryCount=0,this.start=0,this.end=null,this.etag=null,this.resume=null,this.handler.onConnect(g=>{this.aborted=!0,this.abort?this.abort(g):this.reason=g})}onRequestSent(){this.handler.onRequestSent&&this.handler.onRequestSent()}onUpgrade(e,r,n){this.handler.onUpgrade&&this.handler.onUpgrade(e,r,n)}onConnect(e){this.aborted?e(this.reason):this.abort=e}onBodySent(e){if(this.handler.onBodySent)return this.handler.onBodySent(e)}static[EF](e,{state:r,opts:n},i){let{statusCode:s,code:o,headers:a}=e,{method:A,retryOptions:c}=n,{maxRetries:l,timeout:u,maxTimeout:d,timeoutFactor:f,statusCodes:g,errorCodes:m,methods:E}=c,{count
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
 								        Error Code : ${o.statusCode}
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								        Error Message: ${o.message}`)})).result)===null||r===void 0?void 0:r.value;if(!s)throw new Error("Response json body do not have ID Token field");return s})}static getIDToken(e){return D1(this,void 0,void 0,function*(){try{let r=t.getIDTokenUrl();if(e){let i=encodeURIComponent(e);r=`${r}&audience=${i}`}(0,k1.debug)(`ID token url is ${r}`);let n=yield t.getCall(r);return(0,k1.setSecret)(n),n}catch(r){throw new Error(`Error message: ${r.message}`)}})}};al.OidcClient=$N});var ew=h(fn=>{"use strict";var KN=fn&&fn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(fn,"__esModule",{value:!0});fn.summary=fn.markdownSummary=fn.SUMMARY_DOCS_URL=fn.SUMMARY_ENV_VAR=void 0;var Bae=require("os"),XN=require("fs"),{access:Qae,appendFile:bae,writeFile:Nae}=XN.promises;fn.SUMMARY_ENV_VAR="GITHUB_STEP_SUMMARY";fn.SUMMARY_DOCS_URL="https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary";var ZN=class{constructor(){this._buffer=""}filePath(){return KN(this,void 0,void 0,function*(){if(this._filePath)return this._filePath;let e=process.env[fn.SUMMARY_ENV_VAR];if(!e)throw new Error(`Unable to find environment variable for $${fn.SUMMARY_ENV_VAR}. Check if your runtime environment supports job summaries.`);try{yield Qae(e,XN.constants.R_OK|XN.constants.W_OK)}catch{throw new Error(`Unable to access summary file: '${e}'. Check if the file has correct read/write permissions.`)}return this._filePath=e,this._filePath})}wrap(e,r,n={}){let i=Object.entries(n).map(([s,o])=>` ${s}="${o}"`).join("");return r?`<${e}${i}>${r}</${e}>`:`<${e}${i}>`}write(e){return KN(this,void 0,void 0,function*(){let r=!!e?.overwrite,n=yield this.filePath();return yield(r?Nae:bae)(n,this._buffer,{encoding:"utf8"}),this.emptyBuffer()})}clear(){return KN(this,void 0,void 0,function*(){return this.emptyBuffer().write({overwrite:!0})})}stringify(){return this._buffer}isEmptyBuffer(){return this._buffer.length===0}emptyBuffer(){return this._buffer="",this}addRaw(e,r=!1){return this._buffer+=e,r?this.addEOL():this}addEOL(){return this.addRaw(Bae.EOL)}addCodeBlock(e,r){let n=Object.assign({},r&&{lang:r}),i=this.wrap("pre",this.wrap("code",e),n);return this.addRaw(i).addEOL()}addList(e,r=!1){let n=r?"ol":"ul",i=e.map(o=>this.wrap("li",o)).join(""),s=this.wrap(n,i);return this.addRaw(s).addEOL()}addTable(e){let r=e.map(i=>{let s=i.map(o=>{if(typeof o=="string")return this.wrap("td",o);let{header:a,data:A,colspan:c,rowspan:l}=o,u=a?"th":"td",d=Object.assign(Object.assign({},c&&{colspan:c}),l&&{rowspan:l});return this.wrap(u,A,d)}).join("");return this.wrap("tr",s)}).join(""),n=this.wrap("table",r);return this.addRaw(n).addEOL()}addDetails(e,r){let n=this.wrap("details",this.wrap("summary",e)+r);return this.addRaw(n).addEOL()}addImage(e,r,n){let{width:i,height:s}=n||{},o=Object.assign(Object.assign({},i&&{width:i}),s&&{height:s}),a=this.wrap("img",null,Object.assign({src:e,alt:r},o));return this.addRaw(a).addEOL()}addHeading(e,r){let n=`h${r}`,i=["h1","h2","h3","h4","h5","h6"].includes(n)?n:"h1",s=this.wrap(i,e);return this.addRaw(s).addEOL()}addSeparator(){let e=this.wrap("hr",null);return this.addRaw(e).addEOL()}addBreak(){let e=this.wrap("br",null);return this.addRaw(e).addEOL()}addQuote(e,r){let n=Object.assign({},r&&{cite:r}),i=this.wrap("blockquote",e,n);return this.addRaw(i).addEOL()}addLink(e,r){let n=this.wrap("a",e,{href:r});return this.addRaw(n).addEOL()}},T1=new ZN;fn.markdownSummary=T1;fn.summary=T1});var O1=h(hn=>{"use strict";var wae=hn&&hn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]}
 								`);return{name:e,version:r}});qe.platform=eq.default.platform();qe.arch=eq.default.arch();qe.isWindows=qe.platform==="win32";qe.isMacOS=qe.platform==="darwin";qe.isLinux=qe.platform==="linux";function uAe(){return Dy(this,void 0,void 0,function*(){return Object.assign(Object.assign({},yield qe.isWindows?AAe():qe.isMacOS?cAe():lAe()),{platform:qe.platform,arch:qe.arch,isWindows:qe.isWindows,isMacOS:qe.isMacOS,isLinux:qe.isLinux})})}qe.getDetails=uAe});var at=h(te=>{"use strict";var dAe=te&&te.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),fAe=te&&te.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),aw=te&&te.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&dAe(e,t,r);return fAe(e,t),e},rq=te&&te.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(te,"__esModule",{value:!0});te.platform=te.toPlatformPath=te.toWin32Path=te.toPosixPath=te.markdownSummary=te.summary=te.getIDToken=te.getState=te.saveState=te.group=te.endGroup=te.startGroup=te.info=te.notice=te.warning=te.error=te.debug=te.isDebug=te.setFailed=te.setCommandEcho=te.setOutput=te.getBooleanInput=te.getMultilineInput=te.getInput=te.addPath=te.setSecret=te.exportVariable=te.ExitCode=void 0;var li=TP(),cA=MP(),cl=Dm(),nq=aw(require("os")),hAe=aw(require("path")),gAe=P1(),ow;(function(t){t[t.Success=0]="Success",t[t.Failure=1]="Failure"})(ow||(te.ExitCode=ow={}));function mAe(t,e){let r=(0,cl.toCommandValue)(e);if(process.env[t]=r,process.env.GITHUB_ENV||"")return(0,cA.issueFileCommand)("ENV",(0,cA.prepareKeyValueMessage)(t,e));(0,li.issueCommand)("set-env",{name:t},r)}te.exportVariable=mAe;function pAe(t){(0,li.issueCommand)("add-mask",{},t)}te.setSecret=pAe;function yAe(t){process.env.GITHUB_PATH||""?(0,cA.issueFileCommand)("PATH",t):(0,li.issueCommand)("add-path",{},t),process.env.PATH=`${t}${hAe.delimiter}${process.env.PATH}`}te.addPath=yAe;function Aw(t,e){let r=process.env[`INPUT_${t.replace(/ /g,"_").toUpperCase()}`]||"";if(e&&e.required&&!r)throw new Error(`Input required and not supplied: ${t}`);return e&&e.trimWhitespace===!1?r:r.trim()}te.getInput=Aw;function EAe(t,e){let r=Aw(t,e).split(`
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`).filter(n=>n!=="");return e&&e.trimWhitespace===!1?r:r.map(n=>n.trim())}te.getMultilineInput=EAe;function CAe(t,e){let r=["true","True","TRUE"],n=["false","False","FALSE"],i=Aw(t,e);if(r.includes(i))return!0;if(n.includes(i))return!1;throw new TypeError(`Input does not meet YAML 1.2 "Core Schema" specification: ${t}
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								Support boolean input list: \`true | True | TRUE | false | False | FALSE\``)}te.getBooleanInput=CAe;function IAe(t,e){if(process.env.GITHUB_OUTPUT||"")return(0,cA.issueFileCommand)("OUTPUT",(0,cA.prepareKeyValueMessage)(t,e));process.stdout.write(nq.EOL),(0,li.issueCommand)("set-output",{name:t},(0,cl.toCommandValue)(e))}te.setOutput=IAe;function BAe(t){(0,li.issue)("echo",t?"on":"off")}te.setCommandEcho=BAe;function QAe(t){process.exitCode=ow.Failure,iq(t)}te.setFailed=QAe;function bAe(){return process.env.RUNNER_DEBUG==="1"}te.isDebug=bAe;function NAe(t){(0,li.issueCommand)("debug",{},t)}te.debug=NAe;function iq(t,e={}){(0,li.issueCommand)("error",(0,cl.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.error=iq;function wAe(t,e={}){(0,li.issueCommand)("warning",(0,cl.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.warning=wAe;function SAe(t,e={}){(0,li.issueCommand)("notice",(0,cl.toCommandProperties)(e),t instanceof Error?t.toString():t)}te.notice=SAe;function xAe(t){process.stdout.write(t+nq.EOL)}te.info=xAe;function sq(t){(0,li.issue)("group",t)}te.startGroup=sq;function oq(){(0,li.issue)("endgroup")}te.endGroup=oq;function RAe(t,e){return rq(this,void 0,void 0,function*(){sq(t);let r;try{r=yield e()}finally{oq()}return r})}te.group=RAe;function vAe(t,e){if(process.env.GITHUB_STATE||"")return(0,cA.issueFileCommand)("STATE",(0,cA.prepareKeyValueMessage)(t,e));(0,li.issueCommand)("save-state",{name:t},(0,cl.toCommandValue)(e))}te.saveState=vAe;function _Ae(t){return process.env[`STATE_${t}`]||""}te.getState=_Ae;function DAe(t){return rq(this,void 0,void 0,function*(){return yield gAe.OidcClient.getIDToken(t)})}te.getIDToken=DAe;var kAe=ew();Object.defineProperty(te,"summary",{enumerable:!0,get:function(){return kAe.summary}});var PAe=ew();Object.defineProperty(te,"markdownSummary",{enumerable:!0,get:function(){return PAe.markdownSummary}});var cw=O1();Object.defineProperty(te,"toPosixPath",{enumerable:!0,get:function(){return cw.toPosixPath}});Object.defineProperty(te,"toWin32Path",{enumerable:!0,get:function(){return cw.toWin32Path}});Object.defineProperty(te,"toPlatformPath",{enumerable:!0,get:function(){return cw.toPlatformPath}});te.platform=aw(tq())});var aq=h(Is=>{"use strict";var TAe=Is&&Is.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),OAe=Is&&Is.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),LAe=Is&&Is.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&TAe(e,t,r);return OAe(e,t),e};Object.defineProperty(Is,"__esModule",{value:!0});Is.getOptions=void 0;var lw=LAe(at());function MAe(t){let e={followSymbolicLinks:!0,implicitDescendants:!0,omitBrokenSymbolicLinks:!0};return t&&(typeof t.followSymbolicLinks=="boolean"&&(e.followSymbolicLinks=t.followSymbolicLinks,lw.debug(`followSymbolicLinks '${e.followSymbolicLinks}'`)),typeof t.implicitDescendants=="boolean"&&(e.implicitDescendants=t.implicitDescendants,lw.debug(`implicitDescendants '${e.implicitDescendants}'`)),typeof t.omitBrokenSymbolicLinks=="boolean"&&(e.omitBrokenSymbolicLinks=t.omitBrokenSymbolicLinks,lw.debug(`omitBrokenSymbolicLinks '${e.omitBrokenSymbolicLinks}'`))),e}Is.getOptions=MAe});var Py=h(Mt=>{"use strict";var FAe=Mt&&Mt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),UAe=Mt&&Mt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),qAe=Mt&&Mt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&FAe(e,t,r);return UAe(e,t),e},HAe=Mt&&Mt.__importDefault||function(t){return t&&t.__esModule?t:{defa
 								   %s`,v,v,I,n);var T=I.type==="*"?mw:I.type==="?"?gw:"\\"+I.type;i=!0,n=n.slice(0,I.reStart)+T+"\\("+v}g(),s&&(n+="\\\\");var U=!1;switch(n.charAt(0)){case"[":case".":case"(":U=!0}for(var k=a.length-1;k>-1;k--){var J=a[k],be=n.slice(0,J.reStart),Re=n.slice(J.reStart,J.reEnd-8),H=n.slice(J.reEnd-8,J.reEnd),_e=n.slice(J.reEnd);H+=_e;var rt=be.split("(").length-1,Or=_e;for(m=0;m<rt;m++)Or=Or.replace(/\)[+*?]?/,"");_e=Or;var fr="";_e===""&&e!==Oy&&(fr="$");var Ro=be+Re+_e+fr+H;n=Ro}if(n!==""&&i&&(n="(?=.)"+n),U&&(n=d+n),e===Oy)return[n,i];if(!i)return Ece(t);var vo=r.nocase?"i":"";try{var Li=new RegExp("^"+n+"$",vo)}catch{return new RegExp("$.")}return Li._glob=t,Li._src=n,Li}Yn.makeRe=function(t,e){return new Dr(t,e||{}).makeRe()};Dr.prototype.makeRe=yce;function yce(){if(this.regexp||this.regexp===!1)return this.regexp;var t=this.set;if(!t.length)return this.regexp=!1,this.regexp;var e=this.options,r=e.noglobstar?mw:e.dot?lce:uce,n=e.nocase?"i":"",i=t.map(function(s){return s.map(function(o){return o===pw?r:typeof o=="string"?Cce(o):o._src}).join("\\/")}).join("|");i="^(?:"+i+")$",this.negate&&(i="^(?!"+i+").*$");try{this.regexp=new RegExp(i,n)}catch{this.regexp=!1}return this.regexp}Yn.match=function(t,e,r){r=r||{};var n=new Dr(e,r);return t=t.filter(function(i){return n.match(i)}),n.options.nonull&&!t.length&&t.push(e),t};Dr.prototype.match=function(e,r){if(typeof r>"u"&&(r=this.partial),this.debug("match",e,this.pattern),this.comment)return!1;if(this.empty)return e==="";if(e==="/"&&r)return!0;var n=this.options;Ff.sep!=="/"&&(e=e.split(Ff.sep).join("/")),e=e.split(xq),this.debug(this.pattern,"split",e);var i=this.set;this.debug(this.pattern,"set",i);var s,o;for(o=e.length-1;o>=0&&(s=e[o],!s);o--);for(o=0;o<i.length;o++){var a=i[o],A=e;n.matchBase&&a.length===1&&(A=[s]);var c=this.matchOne(A,a,r);if(c)return n.flipNegate?!0:!this.negate}return n.flipNegate?!1:this.negate};Dr.prototype.matchOne=function(t,e,r){var n=this.options;this.debug("matchOne",{this:this,file:t,pattern:e}),this.debug("matchOne",t.length,e.length);for(var i=0,s=0,o=t.length,a=e.length;i<o&&s<a;i++,s++){this.debug("matchOne loop");var A=e[s],c=t[i];if(this.debug(e,A,c),A===!1)return!1;if(A===pw){this.debug("GLOBSTAR",[e,A,c]);var l=i,u=s+1;if(u===a){for(this.debug("** at the end");i<o;i++)if(t[i]==="."||t[i]===".."||!n.dot&&t[i].charAt(0)===".")return!1;return!0}for(;l<o;){var d=t[l];if(this.debug(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								globstar while`,t,l,e,u,d),this.matchOne(t.slice(l),e.slice(u),r))return this.debug("globstar found match!",l,o,d),!0;if(d==="."||d===".."||!n.dot&&d.charAt(0)==="."){this.debug("dot detected!",t,l,e,u);break}this.debug("globstar swallow a segment, and continue"),l++}return!!(r&&(this.debug(`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								>>> no match, partial?`,t,l,e,u),l===o))}var f;if(typeof A=="string"?(f=c===A,this.debug("string match",A,c,f)):(f=c.match(A),this.debug("pattern match",A,c,f)),!f)return!1}if(i===o&&s===a)return!0;if(i===o)return r;if(s===a)return i===o-1&&t[i]==="";throw new Error("wtf?")};function Ece(t){return t.replace(/\\(.)/g,"$1")}function Cce(t){return t.replace(/[-[\]{}()*+?.,\\^$|#\s]/g,"\\$&")}});var Dq=h(ui=>{"use strict";var Ice=ui&&ui.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Bce=ui&&ui.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),_q=ui&&ui.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&Ice(e,t,r);return Bce(e,t),e},Qce=ui&&ui.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(ui,"__esModule",{value:!0});ui.Path=void 0;var Uf=_q(require("path")),Ko=_q(Py()),qf=Qce(require("assert")),bce=process.platform==="win32",Ew=class{constructor(e){if(this.segments=[],typeof e=="string")if(qf.default(e,"Parameter 'itemPath' must not be empty"),e=Ko.safeTrimTrailingSeparator(e),!Ko.hasRoot(e))this.segments=e.split(Uf.sep);else{let r=e,n=Ko.dirname(r);for(;n!==r;){let i=Uf.basename(r);this.segments.unshift(i),r=n,n=Ko.dirname(r)}this.segments.unshift(r)}else{qf.default(e.length>0,"Parameter 'itemPath' must not be an empty array");for(let r=0;r<e.length;r++){let n=e[r];qf.default(n,"Parameter 'itemPath' must not contain any empty segments"),n=Ko.normalizeSeparators(e[r]),r===0&&Ko.hasRoot(n)?(n=Ko.safeTrimTrailingSeparator(n),qf.default(n===Ko.dirname(n),"Parameter 'itemPath' root segment contains information for multiple segments"),this.segments.push(n)):(qf.default(!n.includes(Uf.sep),"Parameter 'itemPath' contains unexpected path separators"),this.segments.push(n))}}}toString(){let e=this.segments[0],r=e.endsWith(Uf.sep)||bce&&/^[A-Z]:$/i.test(e);for(let n=1;n<this.segments.length;n++)r?r=!1:e+=Uf.sep,e+=this.segments[n];return e}};ui.Path=Ew});var kq=h(di=>{"use strict";var Nce=di&&di.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r),Object.defineProperty(t,n,{enumerable:!0,get:function(){return e[r]}})}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),wce=di&&di.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Bw=di&&di.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.hasOwnProperty.call(t,r)&&Nce(e,t,r);return wce(e,t),e},Sce=di&&di.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(di,"__esModule",{value:!0});di.Pattern=void 0;var xce=Bw(require("os")),Hf=Bw(require("path")),En=Bw(Py()),uA=Sce(require("assert")),Rce=yw(),Cw=Ty(),My=Dq(),no=process.platform==="win32",Iw=class t{constructor(e,r=!1,n,i){this.negate=!1;let s;if(typeof e=="string")s=e.trim();else{n=n||[],uA.default(n.length,"Parameter 'segments' must not empty");let c=t.getLiteral(n[0]);uA.default(c&&En.hasAbsoluteRoot(c),"Parameter 'segments' first element must be a root path"),s=new My.Path(n).toString().trim(),e&&(s=`!${s}`)}for(;s.startsWith("!");)this.negate=!this.negate,s=s.substr(1).trim();s=t.fixupPattern(s,i),this.segments=new My.Path(s).segments,this.trailingSeparator=En.normalizeSeparators(s).endsWith(Hf.sep),s=En.safeTrimTrailingSeparator(s);let o=!1,a=this.segments.map(c=>t.getLiteral(c)).filter(c=>!o&&!(o=c===""));this.searchPath=new My.Path(a).toString(),this.rootRegExp=new RegExp(t.regExpEscape(a[0]),no?"i":""),this.isImplicitPattern=r;let A={dot:!0,nobrace:!0,nocase:no,nocomment:!0,noext:!0,nonegate:!0};s=no?s.replace(/\\/g,"/"):s,this.minimatch=new Rce.Minimatch(s,A)}match(e){return this.segments[this.segments.length-1]==="**"?(e=En.normalizeSeparators(e),!e.endsWith(Hf.sep)&&th
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`),e=e.replace(/\r/g,`
 								`));let i=e.split(`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`).map(s=>s.trim());for(let s of i)!s||s.startsWith("#")||n.patterns.push(new Lq.Pattern(s));return n.searchPaths.push(...Uy.getSearchPaths(n.patterns)),n})}static stat(e,r,n){return bw(this,void 0,void 0,function*(){let i;if(r.followSymbolicLinks)try{i=yield jf.promises.stat(e.path)}catch(s){if(s.code==="ENOENT"){if(r.omitBrokenSymbolicLinks){Nw.debug(`Broken symlink '${e.path}'`);return}throw new Error(`No information found for the path '${e.path}'. This may indicate a broken symbolic link.`)}throw s}else i=yield jf.promises.lstat(e.path);if(i.isDirectory()&&r.followSymbolicLinks){let s=yield jf.promises.realpath(e.path);for(;n.length>=e.level;)n.pop();if(n.some(o=>o===s)){Nw.debug(`Symlink cycle detected for path '${e.path}' and realpath '${s}'`);return}n.push(s)}return i})}};gr.DefaultGlobber=ww});var Uq=h(ul=>{"use strict";var Oce=ul&&ul.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(ul,"__esModule",{value:!0});ul.create=void 0;var Lce=Fq();function Mce(t,e){return Oce(this,void 0,void 0,function*(){return yield Lce.DefaultGlobber.create(t,e)})}ul.create=Mce});var Yq=h((ye,Gq)=>{ye=Gq.exports=xe;var Ke;typeof process=="object"&&process.env&&process.env.NODE_DEBUG&&/\bsemver\b/i.test(process.env.NODE_DEBUG)?Ke=function(){var t=Array.prototype.slice.call(arguments,0);t.unshift("SEMVER"),console.log.apply(console,t)}:Ke=function(){};ye.SEMVER_SPEC_VERSION="2.0.0";var Gf=256,qy=Number.MAX_SAFE_INTEGER||9007199254740991,Sw=16,Fce=Gf-6,dl=ye.re=[],$e=ye.safeRe=[],D=ye.src=[],x=ye.tokens={},jq=0;function De(t){x[t]=jq++}var Rw="[a-zA-Z0-9-]",xw=[["\\s",1],["\\d",Gf],[Rw,Fce]];function Jf(t){for(var e=0;e<xw.length;e++){var r=xw[e][0],n=xw[e][1];t=t.split(r+"*").join(r+"{0,"+n+"}").split(r+"+").join(r+"{1,"+n+"}")}return t}De("NUMERICIDENTIFIER");D[x.NUMERICIDENTIFIER]="0|[1-9]\\d*";De("NUMERICIDENTIFIERLOOSE");D[x.NUMERICIDENTIFIERLOOSE]="\\d+";De("NONNUMERICIDENTIFIER");D[x.NONNUMERICIDENTIFIER]="\\d*[a-zA-Z-]"+Rw+"*";De("MAINVERSION");D[x.MAINVERSION]="("+D[x.NUMERICIDENTIFIER]+")\\.("+D[x.NUMERICIDENTIFIER]+")\\.("+D[x.NUMERICIDENTIFIER]+")";De("MAINVERSIONLOOSE");D[x.MAINVERSIONLOOSE]="("+D[x.NUMERICIDENTIFIERLOOSE]+")\\.("+D[x.NUMERICIDENTIFIERLOOSE]+")\\.("+D[x.NUMERICIDENTIFIERLOOSE]+")";De("PRERELEASEIDENTIFIER");D[x.PRERELEASEIDENTIFIER]="(?:"+D[x.NUMERICIDENTIFIER]+"|"+D[x.NONNUMERICIDENTIFIER]+")";De("PRERELEASEIDENTIFIERLOOSE");D[x.PRERELEASEIDENTIFIERLOOSE]="(?:"+D[x.NUMERICIDENTIFIERLOOSE]+"|"+D[x.NONNUMERICIDENTIFIER]+")";De("PRERELEASE");D[x.PRERELEASE]="(?:-("+D[x.PRERELEASEIDENTIFIER]+"(?:\\."+D[x.PRERELEASEIDENTIFIER]+")*))";De("PRERELEASELOOSE");D[x.PRERELEASELOOSE]="(?:-?("+D[x.PRERELEASEIDENTIFIERLOOSE]+"(?:\\."+D[x.PRERELEASEIDENTIFIERLOOSE]+")*))";De("BUILDIDENTIFIER");D[x.BUILDIDENTIFIER]=Rw+"+";De("BUILD");D[x.BUILD]="(?:\\+("+D[x.BUILDIDENTIFIER]+"(?:\\."+D[x.BUILDIDENTIFIER]+")*))";De("FULL");De("FULLPLAIN");D[x.FULLPLAIN]="v?"+D[x.MAINVERSION]+D[x.PRERELEASE]+"?"+D[x.BUILD]+"?";D[x.FULL]="^"+D[x.FULLPLAIN]+"$";De("LOOSEPLAIN");D[x.LOOSEPLAIN]="[v=\\s]*"+D[x.MAINVERSIONLOOSE]+D[x.PRERELEASELOOSE]+"?"+D[x.BUILD]+"?";De("LOOSE");D[x.LOOSE]="^"+D[x.LOOSEPLAIN]+"$";De("GTLT");D[x.GTLT]="((?:<|>)?=?)";De("XRANGEIDENTIFIERLOOSE");D[x.XRANGEIDENTIFIERLOOSE]=D[x.NUMERICIDENTIFIERLOOSE]+"|x|X|\\*";De("XRANGEIDENTIFIER");D[x.XRANGEIDENTIFIER]=D[x.NUMERICIDENTIFIER]+"|x|X|\\*";De("XRANGEPLAIN");D[x.XRANGEPLAIN]="[v=\\s]*("+D[x.XRANGEIDENTIFIER]+")(?:\\.("+D[x.XRANGEIDENTIFIER]+")(?:\\.("+D[x.XRANGEIDENTIFIER]+")(?:"+D[x.PRERELEASE]+")?"+D[x.BUILD]+"?)?)?";De("XRANGEPLAINLOOSE");D[x.XRANGEPLAINLOOSE]="[v=\\s]*("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:\\.("+D[x.XRANGEIDENTIFIERLOOSE]+")(?:"+D[x.PRERELEASELOOSE]+")?"+D[x.BUILD]+"?)?)?";De("XRANGE");D[x.XRANGE]="^"+D[x.GTLT]+"\\s*"+D[x.XRANGEPLAI
 								`),{implicitDescendants:!1});try{for(var c=!0,l=ble(A.globGenerator()),u;u=yield l.next(),e=u.done,!e;c=!0){i=u.value,c=!1;let d=i,f=Gy.relative(a,d).replace(new RegExp(`\\${Gy.sep}`,"g"),"/");Wf.debug(`Matched: ${f}`),f===""?o.push("."):o.push(`${f}`)}}catch(d){r={error:d}}finally{try{!c&&!e&&(n=l.return)&&(yield n.call(l))}finally{if(r)throw r.error}}return o})}Ye.resolvePaths=Dle;function kle(t){return hl(this,void 0,void 0,function*(){return xle.promisify(Pw.unlink)(t)})}Ye.unlinkFile=kle;function Xq(t,e=[]){return hl(this,void 0,void 0,function*(){let r="";e.push("--version"),Wf.debug(`Checking ${t} ${e.join(" ")}`);try{yield Nle.exec(`${t}`,e,{ignoreReturnCode:!0,silent:!0,listeners:{stdout:n=>r+=n.toString(),stderr:n=>r+=n.toString()}})}catch(n){Wf.debug(n.message)}return r=r.trim(),Wf.debug(r),r})}function Ple(){return hl(this,void 0,void 0,function*(){let t=yield Xq("zstd",["--quiet"]),e=Sle.clean(t);return Wf.debug(`zstd version: ${e}`),t===""?hA.CompressionMethod.Gzip:hA.CompressionMethod.ZstdWithoutLong})}Ye.getCompressionMethod=Ple;function Tle(t){return t===hA.CompressionMethod.Gzip?hA.CacheFilename.Gzip:hA.CacheFilename.Zstd}Ye.getCacheFileName=Tle;function Ole(){return hl(this,void 0,void 0,function*(){return Pw.existsSync(hA.GnuTarPathOnWindows)?hA.GnuTarPathOnWindows:(yield Xq("tar")).toLowerCase().includes("gnu tar")?$q.which("tar"):""})}Ye.getGnuTarPathOnWindows=Ole;function Lle(t,e){if(e===void 0)throw Error(`Expected ${t} but value was undefiend`);return e}Ye.assertDefined=Lle;function Mle(t,e,r=!1){let n=t.slice();return e&&n.push(e),process.platform==="win32"&&!r&&n.push("windows-only"),n.push(Rle),Kq.createHash("sha256").update(n.join("|")).digest("hex")}Ye.getCacheVersion=Mle;function Fle(){let t=process.env.ACTIONS_RUNTIME_TOKEN;if(!t)throw new Error("Unable to get the ACTIONS_RUNTIME_TOKEN env variable");return t}Ye.getRuntimeToken=Fle});var hi={};JX(hi,{__addDisposableResource:()=>Q2,__assign:()=>Yy,__asyncDelegator:()=>g2,__asyncGenerator:()=>h2,__asyncValues:()=>m2,__await:()=>ml,__awaiter:()=>A2,__classPrivateFieldGet:()=>C2,__classPrivateFieldIn:()=>B2,__classPrivateFieldSet:()=>I2,__createBinding:()=>Vy,__decorate:()=>t2,__disposeResources:()=>b2,__esDecorate:()=>n2,__exportStar:()=>l2,__extends:()=>Zq,__generator:()=>c2,__importDefault:()=>E2,__importStar:()=>y2,__makeTemplateObject:()=>p2,__metadata:()=>a2,__param:()=>r2,__propKey:()=>s2,__read:()=>Lw,__rest:()=>e2,__rewriteRelativeImportExtension:()=>N2,__runInitializers:()=>i2,__setFunctionName:()=>o2,__spread:()=>u2,__spreadArray:()=>f2,__spreadArrays:()=>d2,__values:()=>Jy,default:()=>Hle});function Zq(t,e){if(typeof e!="function"&&e!==null)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");Tw(t,e);function r(){this.constructor=t}t.prototype=e===null?Object.create(e):(r.prototype=e.prototype,new r)}function e2(t,e){var r={};for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&e.indexOf(n)<0&&(r[n]=t[n]);if(t!=null&&typeof Object.getOwnPropertySymbols=="function")for(var i=0,n=Object.getOwnPropertySymbols(t);i<n.length;i++)e.indexOf(n[i])<0&&Object.prototype.propertyIsEnumerable.call(t,n[i])&&(r[n[i]]=t[n[i]]);return r}function t2(t,e,r,n){var i=arguments.length,s=i<3?e:n===null?n=Object.getOwnPropertyDescriptor(e,r):n,o;if(typeof Reflect=="object"&&typeof Reflect.decorate=="function")s=Reflect.decorate(t,e,r,n);else for(var a=t.length-1;a>=0;a--)(o=t[a])&&(s=(i<3?o(s):i>3?o(e,r,s):o(e,r))||s);return i>3&&s&&Object.defineProperty(e,r,s),s}function r2(t,e){return function(r,n){e(r,n,t)}}function n2(t,e,r,n,i,s){function o(C){if(C!==void 0&&typeof C!="function")throw new TypeError("Function expected");return C}for(var a=n.kind,A=a==="getter"?"get":a==="setter"?"set":"value",c=!e&&t?n.static?t:t.prototype:null,l=e||(c?Object.getOwnPropertyDescriptor(c,n.name):{}),u,d=!1,f=r.length-1;f>=0;f--){var g={};for(var m in n)g[m]=m==="access"?{}:n[m];for(var m in n.access)g.access[m]=n.access[m];g.addInitializer=function(C){if(d)throw new TypeError("Cannot add initializers after decoration has completed"
 								 ${Cue.sanitize(Object.assign(Object.assign({},this),{request:this.request,response:this.response}))}`,enumerable:!1}),Object.setPrototypeOf(this,t.prototype)}};eh.RestError=pl;pl.REQUEST_SEND_ERROR="REQUEST_SEND_ERROR";pl.PARSE_ERROR="PARSE_ERROR";function Iue(t){return t instanceof pl?!0:(0,pue.isError)(t)&&t.name==="RestError"}});var gA=h(nE=>{"use strict";Object.defineProperty(nE,"__esModule",{value:!0});nE.uint8ArrayToString=Bue;nE.stringToUint8Array=Que;function Bue(t,e){return Buffer.from(t).toString(e)}function Que(t,e){return Buffer.from(t,e)}});var th=h(iE=>{"use strict";Object.defineProperty(iE,"__esModule",{value:!0});iE.logger=void 0;var bue=Xf();iE.logger=(0,bue.createClientLogger)("ts-http-runtime")});var V2=h(oE=>{"use strict";Object.defineProperty(oE,"__esModule",{value:!0});oE.getBodyLength=J2;oE.createNodeHttpClient=Due;var lS=(gi(),Ui(hi)),aS=lS.__importStar(require("node:http")),AS=lS.__importStar(require("node:https")),j2=lS.__importStar(require("node:zlib")),Nue=require("node:stream"),z2=$f(),wue=ea(),nh=yl(),El=th(),Sue=Zf(),xue={};function rh(t){return t&&typeof t.pipe=="function"}function G2(t){return t.readable===!1?Promise.resolve():new Promise(e=>{let r=()=>{e(),t.removeListener("close",r),t.removeListener("end",r),t.removeListener("error",r)};t.on("close",r),t.on("end",r),t.on("error",r)})}function Y2(t){return t&&typeof t.byteLength=="number"}var sE=class extends Nue.Transform{_transform(e,r,n){this.push(e),this.loadedBytes+=e.length;try{this.progressCallback({loadedBytes:this.loadedBytes}),n()}catch(i){n(i)}}constructor(e){super(),this.loadedBytes=0,this.progressCallback=e}},cS=class{constructor(){this.cachedHttpsAgents=new WeakMap}async sendRequest(e){var r,n,i;let s=new AbortController,o;if(e.abortSignal){if(e.abortSignal.aborted)throw new z2.AbortError("The operation was aborted. Request has already been canceled.");o=d=>{d.type==="abort"&&s.abort()},e.abortSignal.addEventListener("abort",o)}let a;e.timeout>0&&(a=setTimeout(()=>{let d=new Sue.Sanitizer;El.logger.info(`request to '${d.sanitizeUrl(e.url)}' timed out. canceling...`),s.abort()},e.timeout));let A=e.headers.get("Accept-Encoding"),c=A?.includes("gzip")||A?.includes("deflate"),l=typeof e.body=="function"?e.body():e.body;if(l&&!e.headers.has("Content-Length")){let d=J2(l);d!==null&&e.headers.set("Content-Length",d)}let u;try{if(l&&e.onUploadProgress){let C=e.onUploadProgress,I=new sE(C);I.on("error",N=>{El.logger.error("Error in upload progress",N)}),rh(l)?l.pipe(I):I.end(l),l=I}let d=await this.makeRequest(e,s,l);a!==void 0&&clearTimeout(a);let f=Rue(d),m={status:(r=d.statusCode)!==null&&r!==void 0?r:0,headers:f,request:e};if(e.method==="HEAD")return d.resume(),m;u=c?vue(d,f):d;let E=e.onDownloadProgress;if(E){let C=new sE(E);C.on("error",I=>{El.logger.error("Error in download progress",I)}),u.pipe(C),u=C}return!((n=e.streamResponseStatusCodes)===null||n===void 0)&&n.has(Number.POSITIVE_INFINITY)||!((i=e.streamResponseStatusCodes)===null||i===void 0)&&i.has(m.status)?m.readableStreamBody=u:m.bodyAsText=await _ue(u),m}finally{if(e.abortSignal&&o){let d=Promise.resolve();rh(l)&&(d=G2(l));let f=Promise.resolve();rh(u)&&(f=G2(u)),Promise.all([d,f]).then(()=>{var g;o&&((g=e.abortSignal)===null||g===void 0||g.removeEventListener("abort",o))}).catch(g=>{El.logger.warning("Error when cleaning up abortListener on httpRequest",g)})}}}makeRequest(e,r,n){var i;let s=new URL(e.url),o=s.protocol!=="https:";if(o&&!e.allowInsecureConnection)throw new Error(`Cannot connect to ${e.url} while allowInsecureConnection is false.`);let a=(i=e.agent)!==null&&i!==void 0?i:this.getOrCreateAgent(e,o),A=Object.assign({agent:a,hostname:s.hostname,path:`${s.pathname}${s.search}`,port:s.port,method:e.method,headers:e.headers.toJSON({preserveCase:!0})},e.requestOverrides);return new Promise((c,l)=>{let u=o?aS.request(A,c):AS.request(A,c);u.once("error",d=>{var f;l(new nh.RestError(d.message,{code:(f=d.code)!==null&&f!==void 0?f:nh.RestError.REQUEST_SEND_ERROR,request:e}))}),r.signal.addEventListener("abort",()=>{let d=new z2.AbortError("The operation was abo
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`).join(`
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`+s),t.push(i+"m+"+mE.exports.humanize(this.diff)+"\x1B[0m")}else t[0]=qde()+e+" "+t[0]}function qde(){return mr.inspectOpts.hideDate?"":new Date().toISOString()+" "}function Hde(...t){return process.stderr.write(gE.formatWithOptions(mr.inspectOpts,...t)+`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`)}function jde(t){t?process.env.DEBUG=t:delete process.env.DEBUG}function zde(){return process.env.DEBUG}function Gde(t){t.inspectOpts={};let e=Object.keys(mr.inspectOpts);for(let r=0;r<e.length;r++)t.inspectOpts[e[r]]=mr.inspectOpts[e[r]]}mE.exports=DS()(mr);var{formatters:dH}=mE.exports;dH.o=function(t){return this.inspectOpts.colors=this.useColors,gE.inspect(t,this.inspectOpts).split(`
 								`).map(e=>e.trim()).join(" ")};dH.O=function(t){return this.inspectOpts.colors=this.useColors,gE.inspect(t,this.inspectOpts)}});var pE=h((EFe,kS)=>{typeof process>"u"||process.type==="renderer"||process.browser===!0||process.__nwjs?kS.exports=uH():kS.exports=fH()});var mH=h(In=>{"use strict";var Yde=In&&In.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Jde=In&&In.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),hH=In&&In.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&Yde(e,t,r);return Jde(e,t),e};Object.defineProperty(In,"__esModule",{value:!0});In.req=In.json=In.toBuffer=void 0;var Vde=hH(require("http")),Wde=hH(require("https"));async function gH(t){let e=0,r=[];for await(let n of t)e+=n.length,r.push(n);return Buffer.concat(r,e)}In.toBuffer=gH;async function $de(t){let r=(await gH(t)).toString("utf8");try{return JSON.parse(r)}catch(n){let i=n;throw i.message+=` (input: ${r})`,i}}In.json=$de;function Kde(t,e={}){let n=((typeof t=="string"?t:t.href).startsWith("https:")?Wde:Vde).request(t,e),i=new Promise((s,o)=>{n.once("response",s).once("error",o).end()});return n.then=i.then.bind(i),n}In.req=Kde});var TS=h(Jn=>{"use strict";var yH=Jn&&Jn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),Xde=Jn&&Jn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),EH=Jn&&Jn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&yH(e,t,r);return Xde(e,t),e},Zde=Jn&&Jn.__exportStar||function(t,e){for(var r in t)r!=="default"&&!Object.prototype.hasOwnProperty.call(e,r)&&yH(e,t,r)};Object.defineProperty(Jn,"__esModule",{value:!0});Jn.Agent=void 0;var efe=EH(require("net")),pH=EH(require("http")),tfe=require("https");Zde(mH(),Jn);var Qs=Symbol("AgentBaseInternalState"),PS=class extends pH.Agent{constructor(e){super(e),this[Qs]={}}isSecureEndpoint(e){if(e){if(typeof e.secureEndpoint=="boolean")return e.secureEndpoint;if(typeof e.protocol=="string")return e.protocol==="https:"}let{stack:r}=new Error;return typeof r!="string"?!1:r.split(`
 								`).some(n=>n.indexOf("(https.js:")!==-1||n.indexOf("node:https:")!==-1)}incrementSockets(e){if(this.maxSockets===1/0&&this.maxTotalSockets===1/0)return null;this.sockets[e]||(this.sockets[e]=[]);let r=new efe.Socket({writable:!1});return this.sockets[e].push(r),this.totalSocketCount++,r}decrementSockets(e,r){if(!this.sockets[e]||r===null)return;let n=this.sockets[e],i=n.indexOf(r);i!==-1&&(n.splice(i,1),this.totalSocketCount--,n.length===0&&delete this.sockets[e])}getName(e){return this.isSecureEndpoint(e)?tfe.Agent.prototype.getName.call(this,e):super.getName(e)}createSocket(e,r,n){let i={...r,secureEndpoint:this.isSecureEndpoint(r)},s=this.getName(i),o=this.incrementSockets(s);Promise.resolve().then(()=>this.connect(e,i)).then(a=>{if(this.decrementSockets(s,o),a instanceof pH.Agent)try{return a.addRequest(e,i)}catch(A){return n(A)}this[Qs].currentSocket=a,super.createSocket(e,r,n)},a=>{this.decrementSockets(s,o),n(a)})}createConnection(){let e=this[Qs].currentSocket;if(this[Qs].currentSocket=void 0,!e)throw new Error("No socket was returned in the `connect()` function");return e}get defaultPort(){return this[Qs].defaultPort??(this.protocol==="https:"?443:80)}set defaultPort(e){this[Qs]&&(this[Qs].defaultPort=e)}get protocol(){return this[Qs].protocol??(this.isSecureEndpoint()?"https:":"http:")}set protocol(e){this[Qs]&&(this[Qs].protocol=e)}};Jn.Agent=PS});var CH=h(_l=>{"use strict";var rfe=_l&&_l.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(_l,"__esModule",{value:!0});_l.parseProxyResponse=void 0;var nfe=rfe(pE()),yE=(0,nfe.default)("https-proxy-agent:parse-proxy-response");function ife(t){return new Promise((e,r)=>{let n=0,i=[];function s(){let l=t.read();l?c(l):t.once("readable",s)}function o(){t.removeListener("end",a),t.removeListener("error",A),t.removeListener("readable",s)}function a(){o(),yE("onend"),r(new Error("Proxy connection ended before receiving CONNECT response"))}function A(l){o(),yE("onerror %o",l),r(l)}function c(l){i.push(l),n+=l.length;let u=Buffer.concat(i,n),d=u.indexOf(`\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`);if(d===-1){yE("have not received end of HTTP headers yet..."),s();return}let f=u.slice(0,d).toString("ascii").split(`\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`),g=f.shift();if(!g)return t.destroy(),r(new Error("No header received from proxy CONNECT response"));let m=g.split(" "),E=+m[1],C=m.slice(2).join(" "),I={};for(let N of f){if(!N)continue;let w=N.indexOf(":");if(w===-1)return t.destroy(),r(new Error(`Invalid header from proxy CONNECT response: "${N}"`));let v=N.slice(0,w).toLowerCase(),T=N.slice(w+1).trimStart(),U=I[v];typeof U=="string"?I[v]=[U,T]:Array.isArray(U)?U.push(T):I[v]=T}yE("got proxy server response: %o %o",g,I),o(),e({connect:{statusCode:E,statusText:C,headers:I},buffered:u})}t.on("error",A),t.on("end",a),s()})}_l.parseProxyResponse=ife});var wH=h(mi=>{"use strict";var sfe=mi&&mi.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),ofe=mi&&mi.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),bH=mi&&mi.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&sfe(e,t,r);return ofe(e,t),e},NH=mi&&mi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(mi,"__esModule",{value:!0});mi.HttpsProxyAgent=void 0;var EE=bH(require("net")),IH=bH(require("tls")),afe=NH(require("assert")),Afe=NH(pE()),cfe=TS(),lfe=require("url"),ufe=CH(),oh=(0,Afe.default)("https-proxy-agent"),BH=t=>t.servername===void 0&&t.host&&!EE.isIP(t.host)?{...t,servername:t.host}:t,CE=class extends cfe.Agent{constructor(e,r){super(r),this.options={path:void 0},this.proxy=typeof e=="string"?new lfe.URL(e):e,this.proxyHeaders=r?.headers??{},oh("Creating new HttpsProxyAgent instance: %o",this.proxy.href);let n=(this.proxy.hostname||this.proxy.host).replace(/^\[|\]$/g,""),i=this.proxy.port?parseInt(this.proxy.port,10):this.proxy.protocol==="https:"?443:80;this.connectOpts={ALPNProtocols:["http/1.1"],...r?QH(r,"headers"):null,host:n,port:i}}async connect(e,r){let{proxy:n}=this;if(!r.host)throw new TypeError('No "host" provided');let i;n.protocol==="https:"?(oh("Creating `tls.Socket`: %o",this.connectOpts),i=IH.connect(BH(this.connectOpts))):(oh("Creating `net.Socket`: %o",this.connectOpts),i=EE.connect(this.connectOpts));let s=typeof this.proxyHeaders=="function"?this.proxyHeaders():{...this.proxyHeaders},o=EE.isIPv6(r.host)?`[${r.host}]`:r.host,a=`CONNECT ${o}:${r.port} HTTP/1.1\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`;if(n.username||n.password){let d=`${decodeURIComponent(n.username)}:${decodeURIComponent(n.password)}`;s["Proxy-Authorization"]=`Basic ${Buffer.from(d).toString("base64")}`}s.Host=`${o}:${r.port}`,s["Proxy-Connection"]||(s["Proxy-Connection"]=this.keepAlive?"Keep-Alive":"close");for(let d of Object.keys(s))a+=`${d}: ${s[d]}\r
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`;let A=(0,ufe.parseProxyResponse)(i);i.write(`${a}\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`);let{connect:c,buffered:l}=await A;if(e.emit("proxyConnect",c),this.emit("proxyConnect",c,e),c.statusCode===200)return e.once("socket",dfe),r.secureEndpoint?(oh("Upgrading socket connection to TLS"),IH.connect({...QH(BH(r),"host","path","port"),socket:i})):i;i.destroy();let u=new EE.Socket({writable:!1});return u.readable=!0,e.once("socket",d=>{oh("Replaying proxy buffer for failed request"),(0,afe.default)(d.listenerCount("data")>0),d.push(l),d.push(null)}),u}};CE.protocols=["http","https"];mi.HttpsProxyAgent=CE;function dfe(t){t.resume()}function QH(t,...e){let r={},n;for(n in t)e.includes(n)||(r[n]=t[n]);return r}});var RH=h(pi=>{"use strict";var ffe=pi&&pi.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),hfe=pi&&pi.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),xH=pi&&pi.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&ffe(e,t,r);return hfe(e,t),e},gfe=pi&&pi.__importDefault||function(t){return t&&t.__esModule?t:{default:t}};Object.defineProperty(pi,"__esModule",{value:!0});pi.HttpProxyAgent=void 0;var mfe=xH(require("net")),pfe=xH(require("tls")),yfe=gfe(pE()),Efe=require("events"),Cfe=TS(),SH=require("url"),Dl=(0,yfe.default)("http-proxy-agent"),IE=class extends Cfe.Agent{constructor(e,r){super(r),this.proxy=typeof e=="string"?new SH.URL(e):e,this.proxyHeaders=r?.headers??{},Dl("Creating new HttpProxyAgent instance: %o",this.proxy.href);let n=(this.proxy.hostname||this.proxy.host).replace(/^\[|\]$/g,""),i=this.proxy.port?parseInt(this.proxy.port,10):this.proxy.protocol==="https:"?443:80;this.connectOpts={...r?Ife(r,"headers"):null,host:n,port:i}}addRequest(e,r){e._header=null,this.setRequestProps(e,r),super.addRequest(e,r)}setRequestProps(e,r){let{proxy:n}=this,i=r.secureEndpoint?"https:":"http:",s=e.getHeader("host")||"localhost",o=`${i}//${s}`,a=new SH.URL(e.path,o);r.port!==80&&(a.port=String(r.port)),e.path=String(a);let A=typeof this.proxyHeaders=="function"?this.proxyHeaders():{...this.proxyHeaders};if(n.username||n.password){let c=`${decodeURIComponent(n.username)}:${decodeURIComponent(n.password)}`;A["Proxy-Authorization"]=`Basic ${Buffer.from(c).toString("base64")}`}A["Proxy-Connection"]||(A["Proxy-Connection"]=this.keepAlive?"Keep-Alive":"close");for(let c of Object.keys(A)){let l=A[c];l&&e.setHeader(c,l)}}async connect(e,r){e._header=null,e.path.includes("://")||this.setRequestProps(e,r);let n,i;Dl("Regenerating stored HTTP header string for request"),e._implicitHeader(),e.outputData&&e.outputData.length>0&&(Dl("Patching connection write() output buffer with updated header"),n=e.outputData[0].data,i=n.indexOf(`\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`)+4,e.outputData[0].data=e._header+n.substring(i),Dl("Output buffer: %o",e.outputData[0].data));let s;return this.proxy.protocol==="https:"?(Dl("Creating `tls.Socket`: %o",this.connectOpts),s=pfe.connect(this.connectOpts)):(Dl("Creating `net.Socket`: %o",this.connectOpts),s=mfe.connect(this.connectOpts)),await(0,Efe.once)(s,"connect"),s}};IE.protocols=["http","https"];pi.HttpProxyAgent=IE;function Ife(t,...e){let r={},n;for(n in t)e.includes(n)||(r[n]=t[n]);return r}});var OS=h(yi=>{"use strict";Object.defineProperty(yi,"__esModule",{value:!0});yi.globalNoProxyList=yi.proxyPolicyName=void 0;yi.loadNoProxy=PH;yi.getDefaultProxySettings=_fe;yi.proxyPolicy=kfe;var Bfe=wH(),Qfe=RH(),bfe=th(),Nfe="HTTPS_PROXY",wfe="HTTP_PROXY",Sfe="ALL_PROXY",xfe="NO_PROXY";yi.proxyPolicyName="proxyPolicy";yi.globalNoProxyList=[];var DH=!1,Rfe=new Map;function BE(t){if(process.env[t])return process.env[t];if(process.env[t.toLowerCase()])return process.env[t.toLowerCase()]}function kH(){if(!process)return;let t=BE(Nfe),e=BE(Sfe),r=BE(wfe);return t||e||r}function vfe(t,e,r){if(e.length===0)return!1;let n=new URL(t).hostname;if(r?.has(n))return r.get(n);let i=!1;for(let s of e)s[0]==="."?(n.endsWith(s)||n.length===s.length-1&&n===s.slice(1))&&(i=!0):n===s&&(i=!0);return r?.set(n,i),i}function PH(){let t=BE(xfe);return DH=!0,t?t.split(",").map(e=>e.trim()).filter(e=>e.length):[]}function _fe(t){if(!t&&(t=kH(),!t))return;let e=new URL(t);return{host:(e.protocol?e.protocol+"//":"")+e.hostname,port:Number.parseInt(e.port||"80"),username:e.username,password:e.password}}function Dfe(){let t=kH();return t?new URL(t):void 0}function vH(t){let e;try{e=new URL(t.host)}catch{throw new Error(`Expecting a valid host string in proxy settings, but found "${t.host}".`)}return e.port=String(t.port),t.username&&(e.username=t.username),t.password&&(e.password=t.password),e}function _H(t,e,r){if(t.agent)return;let i=new URL(t.url).protocol!=="https:";t.tlsSettings&&bfe.logger.warning("TLS settings are not supported in combination with custom Proxy, certificates provided to the client will be ignored.");let s=t.headers.toJSON();i?(e.httpProxyAgent||(e.httpProxyAgent=new Qfe.HttpProxyAgent(r,{headers:s})),t.agent=e.httpProxyAgent):(e.httpsProxyAgent||(e.httpsProxyAgent=new Bfe.HttpsProxyAgent(r,{headers:s})),t.agent=e.httpsProxyAgent)}function kfe(t,e){DH||yi.globalNoProxyList.push(...PH());let r=t?vH(t):Dfe(),n={};return{name:yi.proxyPolicyName,async sendRequest(i,s){var o;return!i.proxySettings&&r&&!vfe(i.url,(o=e?.customNoProxyList)!==null&&o!==void 0?o:yi.globalNoProxyList,e?.customNoProxyList?void 0:Rfe)?_H(i,n,r):i.proxySettings&&_H(i,n,vH(i.proxySettings)),s(i)}}}});var LS=h(kl=>{"use strict";Object.defineProperty(kl,"__esModule",{value:!0});kl.agentPolicyName=void 0;kl.agentPolicy=Pfe;kl.agentPolicyName="agentPolicy";function Pfe(t){return{name:kl.agentPolicyName,sendRequest:async(e,r)=>(e.agent||(e.agent=t),r(e))}}});var MS=h(Pl=>{"use strict";Object.defineProperty(Pl,"__esModule",{value:!0});Pl.tlsPolicyName=void 0;Pl.tlsPolicy=Tfe;Pl.tlsPolicyName="tlsPolicy";function Tfe(t){return{name:Pl.tlsPolicyName,sendRequest:async(e,r)=>(e.tlsSettings||(e.tlsSettings=t),r(e))}}});var ah=h(yA=>{"use strict";Object.defineProperty(yA,"__esModule",{value:!0});yA.isNodeReadableStream=TH;yA.isWebReadableStream=OH;yA.isBinaryBody=Ofe;yA.isReadableStream=LH;yA.isBlob=Lfe;function TH(t){return!!(t&&typeof t.pipe=="function")}function OH(t){return!!(t&&typeof t.getReader=="function"&&typeof t.tee=="function")}function Ofe(t){return t!==void 0&&(t instanceof Uint8Array||LH(t)||typeof t=="function"||t instanceof Blob)}function LH(t){return TH(t)||OH(t)}function Lfe(t){return typeof t.stream=="function"}});var UH=h(US=>{"use strict";Object.defineProperty(US,"__esModule",{value:!0});US.concat=qfe;var oo=(gi(),Ui(hi)),FS=require("stream"),Mfe=ah();function MH(){return oo.__asyncGenerator(this,arguments,function*(){let e=this.getReader();try{for(;;){let{done:r,value:n}=yield oo.__await(e.read());if(r)return yield oo.__await(void 0);yield yield oo.__await(n)}}finally{e.releaseLock
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`;return e}function Jfe(t){return t instanceof Uint8Array?t.byteLength:(0,Hfe.isBlob)(t)?t.size===-1?void 0:t.size:void 0}function Vfe(t){let e=0;for(let r of t){let n=Jfe(r);if(n===void 0)return;e+=n}return e}async function Wfe(t,e,r){let n=[(0,Tl.stringToUint8Array)(`--${r}`,"utf-8"),...e.flatMap(s=>[(0,Tl.stringToUint8Array)(`\r
 								`,"utf-8"),(0,Tl.stringToUint8Array)(Yfe(s.headers),"utf-8"),(0,Tl.stringToUint8Array)(`\r
-												fix: force-replace npm's broken bin shims for pn/pnx aliases

npm creates bin shims in .bin/ that point to an isolated copy in
.bin/.tools/. After self-update, setup.js fixes the main copy in
node_modules/@pnpm/exe/ but the .tools copy retains stale placeholder
files. Always replace the bin links so they point directly to the
fixed files instead of npm's broken .tools shims.

											
										
										
											2026-03-26 18:54:54 +01:00
+								`,"utf-8"),s.body,(0,Tl.stringToUint8Array)(`\r
 								--${r}`,"utf-8")]),(0,Tl.stringToUint8Array)(`--\r
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`,"utf-8")],i=Vfe(n);i&&t.headers.set("Content-Length",i),t.body=await(0,zfe.concat)(n)}Ol.multipartPolicyName="multipartPolicy";var $fe=70,Kfe=new Set("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'()+,-./:=?");function Xfe(t){if(t.length>$fe)throw new Error(`Multipart boundary "${t}" exceeds maximum length of 70 characters`);if(Array.from(t).some(e=>!Kfe.has(e)))throw new Error(`Multipart boundary "${t}" contains invalid characters`)}function Zfe(){return{name:Ol.multipartPolicyName,async sendRequest(t,e){var r;if(!t.multipartBody)return e(t);if(t.body)throw new Error("multipartBody and regular body cannot be set at the same time");let n=t.multipartBody.boundary,i=(r=t.headers.get("Content-Type"))!==null&&r!==void 0?r:"multipart/mixed",s=i.match(/^(multipart\/[^ ;]+)(?:; *boundary=(.+))?$/);if(!s)throw new Error(`Got multipart request body, but content-type header was not multipart: ${i}`);let[,o,a]=s;if(a&&n&&a!==n)throw new Error(`Multipart boundary was specified as ${a} in the header, but got ${n} in the request body`);return n??(n=a),n?Xfe(n):n=Gfe(),t.headers.set("Content-Type",`${o}; boundary=${n}`),await Wfe(t,t.multipartBody.parts,n),t.multipartBody=void 0,e(t)}}}});var jH=h(HS=>{"use strict";Object.defineProperty(HS,"__esModule",{value:!0});HS.createPipelineFromOptions=lhe;var ehe=fS(),the=tS(),rhe=hS(),nhe=pS(),ihe=yS(),she=wS(),ohe=_S(),qH=sh(),ahe=OS(),Ahe=LS(),che=MS(),HH=qS();function lhe(t){let e=(0,the.createEmptyPipeline)();return qH.isNodeLike&&(t.agent&&e.addPolicy((0,Ahe.agentPolicy)(t.agent)),t.tlsOptions&&e.addPolicy((0,che.tlsPolicy)(t.tlsOptions)),e.addPolicy((0,ahe.proxyPolicy)(t.proxyOptions)),e.addPolicy((0,ihe.decompressResponsePolicy)())),e.addPolicy((0,ohe.formDataPolicy)(),{beforePolicies:[HH.multipartPolicyName]}),e.addPolicy((0,nhe.userAgentPolicy)(t.userAgentOptions)),e.addPolicy((0,HH.multipartPolicy)(),{afterPhase:"Deserialize"}),e.addPolicy((0,she.defaultRetryPolicy)(t.retryOptions),{phase:"Retry"}),qH.isNodeLike&&e.addPolicy((0,rhe.redirectPolicy)(t.redirectOptions),{afterPhase:"Retry"}),e.addPolicy((0,ehe.logPolicy)(t.loggingOptions),{afterPhase:"Sign"}),e}});var zH=h(Ll=>{"use strict";Object.defineProperty(Ll,"__esModule",{value:!0});Ll.apiVersionPolicyName=void 0;Ll.apiVersionPolicy=uhe;Ll.apiVersionPolicyName="ApiVersionPolicy";function uhe(t){return{name:Ll.apiVersionPolicyName,sendRequest:(e,r)=>{let n=new URL(e.url);return!n.searchParams.get("api-version")&&t.apiVersion&&(e.url=`${e.url}${Array.from(n.searchParams.keys()).length>0?"&":"?"}api-version=${t.apiVersion}`),r(e)}}}});var GH=h(Ml=>{"use strict";Object.defineProperty(Ml,"__esModule",{value:!0});Ml.isOAuth2TokenCredential=dhe;Ml.isBearerTokenCredential=fhe;Ml.isBasicCredential=hhe;Ml.isApiKeyCredential=ghe;function dhe(t){return"getOAuth2Token"in t}function fhe(t){return"getBearerToken"in t}function hhe(t){return"username"in t&&"password"in t}function ghe(t){return"key"in t}});var Ah=h(jS=>{"use strict";Object.defineProperty(jS,"__esModule",{value:!0});jS.ensureSecureConnection=Ehe;var mhe=th(),YH=!1;function phe(t,e){if(e.allowInsecureConnection&&t.allowInsecureConnection){let r=new URL(t.url);if(r.hostname==="localhost"||r.hostname==="127.0.0.1")return!0}return!1}function yhe(){let t="Sending token over insecure transport. Assume any token issued is compromised.";mhe.logger.warning(t),typeof(process==null?void 0:process.emitWarning)=="function"&&!YH&&(YH=!0,process.emitWarning(t))}function Ehe(t,e){if(!t.url.toLowerCase().startsWith("https://"))if(phe(t,e))yhe();else throw new Error("Authentication is not permitted for non-TLS protected (non-https) URLs when allowInsecureConnection is false.")}});var JH=h(Fl=>{"use strict";Object.defineProperty(Fl,"__esModule",{value:!0});Fl.apiKeyAuthenticationPolicyName=void 0;Fl.apiKeyAuthenticationPolicy=Ihe;var Che=Ah();Fl.apiKeyAuthenticationPolicyName="apiKeyAuthenticationPolicy";function Ihe(t){return{name:Fl.apiKeyAuthenticationPolicyName,async sendRequest(e,r){var n,i;(0,Che.ensureSecureConnection)(e,t);let s=(i=(n=e.authSchemes)!==null&&n!==void 0?n:t.a
 								`).join(""))}return e(t)}}}});var vz=h(BA=>{"use strict";Object.defineProperty(BA,"__esModule",{value:!0});BA.auxiliaryAuthenticationHeaderPolicyName=void 0;BA.auxiliaryAuthenticationHeaderPolicy=eye;var Kpe=Fx(),Xpe=lh();BA.auxiliaryAuthenticationHeaderPolicyName="auxiliaryAuthenticationHeaderPolicy";var Rz="x-ms-authorization-auxiliary";async function Zpe(t){var e,r;let{scopes:n,getAccessToken:i,request:s}=t,o={abortSignal:s.abortSignal,tracingOptions:s.tracingOptions};return(r=(e=await i(n,o))===null||e===void 0?void 0:e.token)!==null&&r!==void 0?r:""}function eye(t){let{credentials:e,scopes:r}=t,n=t.logger||Xpe.logger,i=new WeakMap;return{name:BA.auxiliaryAuthenticationHeaderPolicyName,async sendRequest(s,o){if(!s.url.toLowerCase().startsWith("https://"))throw new Error("Bearer token authentication for auxiliary header is not permitted for non-TLS protected (non-https) URLs.");if(!e||e.length===0)return n.info(`${BA.auxiliaryAuthenticationHeaderPolicyName} header will not be set due to empty credentials.`),o(s);let a=[];for(let c of e){let l=i.get(c);l||(l=(0,Kpe.createTokenCycler)(c),i.set(c,l)),a.push(Zpe({scopes:Array.isArray(r)?r:[r],request:s,getAccessToken:l,logger:n}))}let A=(await Promise.all(a)).filter(c=>!!c);return A.length===0?(n.warning(`None of the auxiliary tokens are valid. ${Rz} header will not be set.`),o(s)):(s.headers.set(Rz,A.map(c=>`Bearer ${c}`).join(", ")),o(s))}}}});var Ao=h(L=>{"use strict";Object.defineProperty(L,"__esModule",{value:!0});L.createFileFromStream=L.createFile=L.agentPolicyName=L.agentPolicy=L.auxiliaryAuthenticationHeaderPolicyName=L.auxiliaryAuthenticationHeaderPolicy=L.ndJsonPolicyName=L.ndJsonPolicy=L.bearerTokenAuthenticationPolicyName=L.bearerTokenAuthenticationPolicy=L.formDataPolicyName=L.formDataPolicy=L.tlsPolicyName=L.tlsPolicy=L.userAgentPolicyName=L.userAgentPolicy=L.defaultRetryPolicy=L.tracingPolicyName=L.tracingPolicy=L.retryPolicy=L.throttlingRetryPolicyName=L.throttlingRetryPolicy=L.systemErrorRetryPolicyName=L.systemErrorRetryPolicy=L.redirectPolicyName=L.redirectPolicy=L.getDefaultProxySettings=L.proxyPolicyName=L.proxyPolicy=L.multipartPolicyName=L.multipartPolicy=L.logPolicyName=L.logPolicy=L.setClientRequestIdPolicyName=L.setClientRequestIdPolicy=L.exponentialRetryPolicyName=L.exponentialRetryPolicy=L.decompressResponsePolicyName=L.decompressResponsePolicy=L.isRestError=L.RestError=L.createPipelineRequest=L.createHttpHeaders=L.createDefaultHttpClient=L.createPipelineFromOptions=L.createEmptyPipeline=void 0;var tye=ex();Object.defineProperty(L,"createEmptyPipeline",{enumerable:!0,get:function(){return tye.createEmptyPipeline}});var rye=dz();Object.defineProperty(L,"createPipelineFromOptions",{enumerable:!0,get:function(){return rye.createPipelineFromOptions}});var nye=fz();Object.defineProperty(L,"createDefaultHttpClient",{enumerable:!0,get:function(){return nye.createDefaultHttpClient}});var iye=hz();Object.defineProperty(L,"createHttpHeaders",{enumerable:!0,get:function(){return iye.createHttpHeaders}});var sye=gz();Object.defineProperty(L,"createPipelineRequest",{enumerable:!0,get:function(){return sye.createPipelineRequest}});var _z=HE();Object.defineProperty(L,"RestError",{enumerable:!0,get:function(){return _z.RestError}});Object.defineProperty(L,"isRestError",{enumerable:!0,get:function(){return _z.isRestError}});var Dz=yx();Object.defineProperty(L,"decompressResponsePolicy",{enumerable:!0,get:function(){return Dz.decompressResponsePolicy}});Object.defineProperty(L,"decompressResponsePolicyName",{enumerable:!0,get:function(){return Dz.decompressResponsePolicyName}});var kz=pz();Object.defineProperty(L,"exponentialRetryPolicy",{enumerable:!0,get:function(){return kz.exponentialRetryPolicy}});Object.defineProperty(L,"exponentialRetryPolicyName",{enumerable:!0,get:function(){return kz.exponentialRetryPolicyName}});var Pz=Qx();Object.defineProperty(L,"setClientRequestIdPolicy",{enumerable:!0,get:function(){return Pz.setClientRequestIdPolicy}});Object.defineProperty(L,"setClientRequestIdPolicyName",{enumerable:!0,get:function(){return Pz.setClientReques
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`&&p[b]!=="\r";b++)P+=p[b];if(P=P.trim(),P[P.length-1]==="/"&&(P=P.substring(0,P.length-1),b--),!s(P)){let ae;return ae=P.trim().length===0?"Invalid space after '<'.":"Tag '"+P+"' is an invalid name.",C("InvalidTag",ae,N(p,b))}let z=f(p,b);if(z===!1)return C("InvalidAttr","Attributes for '"+P+"' have open quote.",N(p,b));let Ee=z.value;if(b=z.index,Ee[Ee.length-1]==="/"){let ae=b-Ee.length;Ee=Ee.substring(0,Ee.length-1);let Fe=m(Ee,y);if(Fe!==!0)return C(Fe.err.code,Fe.err.msg,N(p,ae+Fe.err.line));S=!0}else if(R){if(!z.tagClosed)return C("InvalidTag","Closing tag '"+P+"' doesn't have proper closing.",N(p,b));if(Ee.trim().length>0)return C("InvalidTag","Closing tag '"+P+"' can't have attributes or invalid starting.",N(p,_));if(B.length===0)return C("InvalidTag","Closing tag '"+P+"' has not been opened.",N(p,_));{let ae=B.pop();if(P!==ae.tagName){let Fe=N(p,ae.tagStartPos);return C("InvalidTag","Expected closing tag '"+ae.tagName+"' (opened in line "+Fe.line+", col "+Fe.col+") instead of closing tag '"+P+"'.",N(p,_))}B.length==0&&(Q=!0)}}else{let ae=m(Ee,y);if(ae!==!0)return C(ae.err.code,ae.err.msg,N(p,b-Ee.length+ae.err.line));if(Q===!0)return C("InvalidXml","Multiple possible root nodes found.",N(p,b));y.unpairedTags.indexOf(P)!==-1||B.push({tagName:P,tagStartPos:_}),S=!0}for(b++;b<p.length;b++)if(p[b]==="<"){if(p[b+1]==="!"){b++,b=l(p,b);continue}if(p[b+1]!=="?")break;if(b=c(p,++b),b.err)return b}else if(p[b]==="&"){let ae=E(p,b);if(ae==-1)return C("InvalidChar","char '&' is not expected.",N(p,b));b=ae}else if(Q===!0&&!A(p[b]))return C("InvalidXml","Extra text at the end",N(p,b));p[b]==="<"&&b--}}}return S?B.length==1?C("InvalidTag","Unclosed tag '"+B[0].tagName+"'.",N(p,B[0].tagStartPos)):!(B.length>0)||C("InvalidXml","Invalid '"+JSON.stringify(B.map((b=>b.tagName)),null,4).replace(/\r?\n/g,"")+"' found.",{line:1,col:1}):C("InvalidXml","Start tag expected.",1)}function A(p){return p===" "||p==="	"||p===`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`||p==="\r"}function c(p,y){let B=y;for(;y<p.length;y++)if(!(p[y]!="?"&&p[y]!=" ")){let S=p.substr(B,y-B);if(y>5&&S==="xml")return C("InvalidXml","XML declaration allowed only at the start of the document.",N(p,y));if(p[y]=="?"&&p[y+1]==">"){y++;break}}return y}function l(p,y){if(p.length>y+5&&p[y+1]==="-"&&p[y+2]==="-"){for(y+=3;y<p.length;y++)if(p[y]==="-"&&p[y+1]==="-"&&p[y+2]===">"){y+=2;break}}else if(p.length>y+8&&p[y+1]==="D"&&p[y+2]==="O"&&p[y+3]==="C"&&p[y+4]==="T"&&p[y+5]==="Y"&&p[y+6]==="P"&&p[y+7]==="E"){let B=1;for(y+=8;y<p.length;y++)if(p[y]==="<")B++;else if(p[y]===">"&&(B--,B===0))break}else if(p.length>y+9&&p[y+1]==="["&&p[y+2]==="C"&&p[y+3]==="D"&&p[y+4]==="A"&&p[y+5]==="T"&&p[y+6]==="A"&&p[y+7]==="["){for(y+=8;y<p.length;y++)if(p[y]==="]"&&p[y+1]==="]"&&p[y+2]===">"){y+=2;break}}return y}let u='"',d="'";function f(p,y){let B="",S="",Q=!1;for(;y<p.length;y++){if(p[y]===u||p[y]===d)S===""?S=p[y]:S!==p[y]||(S="");else if(p[y]===">"&&S===""){Q=!0;break}B+=p[y]}return S===""&&{value:B,index:y,tagClosed:Q}}let g=new RegExp(`(\\s*)([^\\s=]+)(\\s*=)?(\\s*(['"])(([\\s\\S])*?)\\5)?`,"g");function m(p,y){let B=i(p,g),S={};for(let Q=0;Q<B.length;Q++){if(B[Q][1].length===0)return C("InvalidAttr","Attribute '"+B[Q][2]+"' has no space in starting.",w(B[Q]));if(B[Q][3]!==void 0&&B[Q][4]===void 0)return C("InvalidAttr","Attribute '"+B[Q][2]+"' is without value.",w(B[Q]));if(B[Q][3]===void 0&&!y.allowBooleanAttributes)return C("InvalidAttr","boolean attribute '"+B[Q][2]+"' is not allowed.",w(B[Q]));let b=B[Q][2];if(!I(b))return C("InvalidAttr","Attribute '"+b+"' is an invalid name.",w(B[Q]));if(S.hasOwnProperty(b))return C("InvalidAttr","Attribute '"+b+"' is repeated.",w(B[Q]));S[b]=1}return!0}function E(p,y){if(p[++y]===";")return-1;if(p[y]==="#")return(function(S,Q){let b=/\d/;for(S[Q]==="x"&&(Q++,b=/[\da-fA-F]/);Q<S.length;Q++){if(S[Q]===";")return Q;if(!S[Q].match(b))break}return-1})(p,++y);let B=0;for(;y<p.length;y++,B++)if(!(p[y].match(/\w/)&&B<20)){if(p[y]===";")break;return-1}return y}function C(p,y,B){return{err:{code:p,msg:y,line:B.line||B,col:B.col}}}function I(p){return s(p)}function N(p,y){let B=p.substring(0,y).split(/\r?\n/);return{line:B.length,col:B[B.length-1].length+1}}function w(p){return p.startIndex+p[1].length}let v={preserveOrder:!1,attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,removeNSPrefix:!1,allowBooleanAttributes:!1,parseTagValue:!0,parseAttributeValue:!1,trimValues:!0,cdataPropName:!1,numberParseOptions:{hex:!0,leadingZeros:!0,eNotation:!0},tagValueProcessor:function(p,y){return y},attributeValueProcessor:function(p,y){return y},stopNodes:[],alwaysCreateTextNode:!1,isArray:()=>!1,commentPropName:!1,unpairedTags:[],processEntities:!0,htmlEntities:!1,ignoreDeclaration:!1,ignorePiTags:!1,transformTagName:!1,transformAttributeName:!1,updateTag:function(p,y,B){return p},captureMetaData:!1},T;T=typeof Symbol!="function"?"@@xmlMetadata":Symbol("XML Node Metadata");class U{constructor(y){this.tagname=y,this.child=[],this[":@"]={}}add(y,B){y==="__proto__"&&(y="#__proto__"),this.child.push({[y]:B})}addChild(y,B){y.tagname==="__proto__"&&(y.tagname="#__proto__"),y[":@"]&&Object.keys(y[":@"]).length>0?this.child.push({[y.tagname]:y.child,":@":y[":@"]}):this.child.push({[y.tagname]:y.child}),B!==void 0&&(this.child[this.child.length-1][T]={startIndex:B})}static getMetaDataSymbol(){return T}}function k(p,y){let B={};if(p[y+3]!=="O"||p[y+4]!=="C"||p[y+5]!=="T"||p[y+6]!=="Y"||p[y+7]!=="P"||p[y+8]!=="E")throw new Error("Invalid Tag instead of DOCTYPE");{y+=9;let S=1,Q=!1,b=!1,_="";for(;y<p.length;y++)if(p[y]!=="<"||b)if(p[y]===">"){if(b?p[y-1]==="-"&&p[y-2]==="-"&&(b=!1,S--):S--,S===0)break}else p[y]==="["?Q=!0:_+=p[y];else{if(Q&&rt(p,"!ENTITY",y)){let R,P;y+=7,[R,P,y]=be(p,y+1),P.indexOf("&")===-1&&(B[R]={regx:RegExp(`&${R};`,"g"),val:P})}else if(Q&&rt(p,"!ELEMENT",y)){y+=8;let{index:R}=_e(p,y+1);y=R}else if(Q&&rt(p,"!ATTLIST",y))y+=8;else if(Q&&rt(p,"!NOTATION",y)){y+=9;let{index:R}=Re(p,y+1);y=R}else{if(!rt(p,"!--",y))throw new Error("Invalid DOCTYPE");b=!0}S++
 								`);let y=new U("!xml"),B=y,S="",Q="";for(let b=0;b<p.length;b++)if(p[b]==="<")if(p[b+1]==="/"){let _=qa(p,">",b,"Closing Tag is not closed."),R=p.substring(b+2,_).trim();if(this.options.removeNSPrefix){let Ee=R.indexOf(":");Ee!==-1&&(R=R.substr(Ee+1))}this.options.transformTagName&&(R=this.options.transformTagName(R)),B&&(S=this.saveTextToParentTag(S,B,Q));let P=Q.substring(Q.lastIndexOf(".")+1);if(R&&this.options.unpairedTags.indexOf(R)!==-1)throw new Error(`Unpaired tag can not be used as closing tag: </${R}>`);let z=0;P&&this.options.unpairedTags.indexOf(P)!==-1?(z=Q.lastIndexOf(".",Q.lastIndexOf(".")-1),this.tagsNodeStack.pop()):z=Q.lastIndexOf("."),Q=Q.substring(0,z),B=this.tagsNodeStack.pop(),S="",b=_}else if(p[b+1]==="?"){let _=MQ(p,b,!1,"?>");if(!_)throw new Error("Pi Tag is not closed.");if(S=this.saveTextToParentTag(S,B,Q),!(this.options.ignoreDeclaration&&_.tagName==="?xml"||this.options.ignorePiTags)){let R=new U(_.tagName);R.add(this.options.textNodeName,""),_.tagName!==_.tagExp&&_.attrExpPresent&&(R[":@"]=this.buildAttributesMap(_.tagExp,Q,_.tagName)),this.addChild(B,R,Q,b)}b=_.closeIndex+1}else if(p.substr(b+1,3)==="!--"){let _=qa(p,"-->",b+4,"Comment is not closed.");if(this.options.commentPropName){let R=p.substring(b+4,_-2);S=this.saveTextToParentTag(S,B,Q),B.add(this.options.commentPropName,[{[this.options.textNodeName]:R}])}b=_}else if(p.substr(b+1,2)==="!D"){let _=k(p,b);this.docTypeEntities=_.entities,b=_.i}else if(p.substr(b+1,2)==="!["){let _=qa(p,"]]>",b,"CDATA is not closed.")-2,R=p.substring(b+9,_);S=this.saveTextToParentTag(S,B,Q);let P=this.parseTextData(R,B.tagname,Q,!0,!1,!0,!0);P==null&&(P=""),this.options.cdataPropName?B.add(this.options.cdataPropName,[{[this.options.textNodeName]:R}]):B.add(this.options.textNodeName,P),b=_+2}else{let _=MQ(p,b,this.options.removeNSPrefix),R=_.tagName,P=_.rawTagName,z=_.tagExp,Ee=_.attrExpPresent,ae=_.closeIndex;this.options.transformTagName&&(R=this.options.transformTagName(R)),B&&S&&B.tagname!=="!xml"&&(S=this.saveTextToParentTag(S,B,Q,!1));let Fe=B;Fe&&this.options.unpairedTags.indexOf(Fe.tagname)!==-1&&(B=this.tagsNodeStack.pop(),Q=Q.substring(0,Q.lastIndexOf("."))),R!==y.tagname&&(Q+=Q?"."+R:R);let nt=b;if(this.isItStopNode(this.options.stopNodes,Q,R)){let ze="";if(z.length>0&&z.lastIndexOf("/")===z.length-1)R[R.length-1]==="/"?(R=R.substr(0,R.length-1),Q=Q.substr(0,Q.length-1),z=R):z=z.substr(0,z.length-1),b=_.closeIndex;else if(this.options.unpairedTags.indexOf(R)!==-1)b=_.closeIndex;else{let os=this.readStopNodeData(p,P,ae+1);if(!os)throw new Error(`Unexpected end of ${P}`);b=os.i,ze=os.tagContent}let er=new U(R);R!==z&&Ee&&(er[":@"]=this.buildAttributesMap(z,Q,R)),ze&&(ze=this.parseTextData(ze,R,Q,!0,Ee,!0,!0)),Q=Q.substr(0,Q.lastIndexOf(".")),er.add(this.options.textNodeName,ze),this.addChild(B,er,Q,nt)}else{if(z.length>0&&z.lastIndexOf("/")===z.length-1){R[R.length-1]==="/"?(R=R.substr(0,R.length-1),Q=Q.substr(0,Q.length-1),z=R):z=z.substr(0,z.length-1),this.options.transformTagName&&(R=this.options.transformTagName(R));let ze=new U(R);R!==z&&Ee&&(ze[":@"]=this.buildAttributesMap(z,Q,R)),this.addChild(B,ze,Q,nt),Q=Q.substr(0,Q.lastIndexOf("."))}else{let ze=new U(R);this.tagsNodeStack.push(B),R!==z&&Ee&&(ze[":@"]=this.buildAttributesMap(z,Q,R)),this.addChild(B,ze,Q,nt),B=ze}S="",b=ae}}else S+=p[b];return y.child};function QX(p,y,B,S){this.options.captureMetaData||(S=void 0);let Q=this.options.updateTag(y.tagname,B,y[":@"]);Q===!1||(typeof Q=="string"&&(y.tagname=Q),p.addChild(y,S))}let bX=function(p){if(this.options.processEntities){for(let y in this.docTypeEntities){let B=this.docTypeEntities[y];p=p.replace(B.regx,B.val)}for(let y in this.lastEntities){let B=this.lastEntities[y];p=p.replace(B.regex,B.val)}if(this.options.htmlEntities)for(let y in this.htmlEntities){let B=this.htmlEntities[y];p=p.replace(B.regex,B.val)}p=p.replace(this.ampEntity.regex,this.ampEntity.val)}return p};function NX(p,y,B,S){return p&&(S===void 0&&(S=y.child.length===0),(p=this.parseTextData(p,y.tagname,B,!1,!!y[":@"]&&Object.keys(y[":@"]).length!==0,S))!==void 0&&p!==
 								`),xP(p,y,"",B)}function xP(p,y,B,S){let Q="",b=!1;for(let _=0;_<p.length;_++){let R=p[_],P=PX(R);if(P===void 0)continue;let z="";if(z=B.length===0?P:`${B}.${P}`,P===y.textNodeName){let nt=R[P];TX(z,y)||(nt=y.tagValueProcessor(P,nt),nt=vP(nt,y)),b&&(Q+=S),Q+=nt,b=!1;continue}if(P===y.cdataPropName){b&&(Q+=S),Q+=`<![CDATA[${R[P][0][y.textNodeName]}]]>`,b=!1;continue}if(P===y.commentPropName){Q+=S+`<!--${R[P][0][y.textNodeName]}-->`,b=!0;continue}if(P[0]==="?"){let nt=RP(R[":@"],y),ze=P==="?xml"?"":S,er=R[P][0][y.textNodeName];er=er.length!==0?" "+er:"",Q+=ze+`<${P}${er}${nt}?>`,b=!0;continue}let Ee=S;Ee!==""&&(Ee+=y.indentBy);let ae=S+`<${P}${RP(R[":@"],y)}`,Fe=xP(R[P],y,z,Ee);y.unpairedTags.indexOf(P)!==-1?y.suppressUnpairedNode?Q+=ae+">":Q+=ae+"/>":Fe&&Fe.length!==0||!y.suppressEmptyNode?Fe&&Fe.endsWith(">")?Q+=ae+`>${Fe}${S}</${P}>`:(Q+=ae+">",Fe&&S!==""&&(Fe.includes("/>")||Fe.includes("</"))?Q+=S+y.indentBy+Fe+S:Q+=Fe,Q+=`</${P}>`):Q+=ae+"/>",b=!0}return Q}function PX(p){let y=Object.keys(p);for(let B=0;B<y.length;B++){let S=y[B];if(p.hasOwnProperty(S)&&S!==":@")return S}}function RP(p,y){let B="";if(p&&!y.ignoreAttributes)for(let S in p){if(!p.hasOwnProperty(S))continue;let Q=y.attributeValueProcessor(S,p[S]);Q=vP(Q,y),Q===!0&&y.suppressBooleanAttributes?B+=` ${S.substr(y.attributeNamePrefix.length)}`:B+=` ${S.substr(y.attributeNamePrefix.length)}="${Q}"`}return B}function TX(p,y){let B=(p=p.substr(0,p.length-y.textNodeName.length-1)).substr(p.lastIndexOf(".")+1);for(let S in y.stopNodes)if(y.stopNodes[S]===p||y.stopNodes[S]==="*."+B)return!0;return!1}function vP(p,y){if(p&&p.length>0&&y.processEntities)for(let B=0;B<y.entities.length;B++){let S=y.entities[B];p=p.replace(S.regex,S.val)}return p}let OX={attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,cdataPropName:!1,format:!1,indentBy:"  ",suppressEmptyNode:!1,suppressUnpairedNode:!0,suppressBooleanAttributes:!0,tagValueProcessor:function(p,y){return y},attributeValueProcessor:function(p,y){return y},preserveOrder:!1,commentPropName:!1,unpairedTags:[],entities:[{regex:new RegExp("&","g"),val:"&amp;"},{regex:new RegExp(">","g"),val:"&gt;"},{regex:new RegExp("<","g"),val:"&lt;"},{regex:new RegExp("'","g"),val:"&apos;"},{regex:new RegExp('"',"g"),val:"&quot;"}],processEntities:!0,stopNodes:[],oneListGroup:!1};function Do(p){this.options=Object.assign({},OX,p),this.options.ignoreAttributes===!0||this.options.attributesGroupName?this.isAttribute=function(){return!1}:(this.ignoreAttributesFn=Mi(this.options.ignoreAttributes),this.attrPrefixLen=this.options.attributeNamePrefix.length,this.isAttribute=FX),this.processTextOrObjNode=LX,this.options.format?(this.indentate=MX,this.tagEndChar=`>
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`,this.newLine=`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`):(this.indentate=function(){return""},this.tagEndChar=">",this.newLine="")}function LX(p,y,B,S){let Q=this.j2x(p,B+1,S.concat(y));return p[this.options.textNodeName]!==void 0&&Object.keys(p).length===1?this.buildTextValNode(p[this.options.textNodeName],y,Q.attrStr,B):this.buildObjectNode(Q.val,y,Q.attrStr,B)}function MX(p){return this.options.indentBy.repeat(p)}function FX(p){return!(!p.startsWith(this.options.attributeNamePrefix)||p===this.options.textNodeName)&&p.substr(this.attrPrefixLen)}Do.prototype.build=function(p){return this.options.preserveOrder?kX(p,this.options):(Array.isArray(p)&&this.options.arrayNodeName&&this.options.arrayNodeName.length>1&&(p={[this.options.arrayNodeName]:p}),this.j2x(p,0,[]).val)},Do.prototype.j2x=function(p,y,B){let S="",Q="",b=B.join(".");for(let _ in p)if(Object.prototype.hasOwnProperty.call(p,_))if(p[_]===void 0)this.isAttribute(_)&&(Q+="");else if(p[_]===null)this.isAttribute(_)||_===this.options.cdataPropName?Q+="":_[0]==="?"?Q+=this.indentate(y)+"<"+_+"?"+this.tagEndChar:Q+=this.indentate(y)+"<"+_+"/"+this.tagEndChar;else if(p[_]instanceof Date)Q+=this.buildTextValNode(p[_],_,"",y);else if(typeof p[_]!="object"){let R=this.isAttribute(_);if(R&&!this.ignoreAttributesFn(R,b))S+=this.buildAttrPairStr(R,""+p[_]);else if(!R)if(_===this.options.textNodeName){let P=this.options.tagValueProcessor(_,""+p[_]);Q+=this.replaceEntitiesValue(P)}else Q+=this.buildTextValNode(p[_],_,"",y)}else if(Array.isArray(p[_])){let R=p[_].length,P="",z="";for(let Ee=0;Ee<R;Ee++){let ae=p[_][Ee];if(ae!==void 0)if(ae===null)_[0]==="?"?Q+=this.indentate(y)+"<"+_+"?"+this.tagEndChar:Q+=this.indentate(y)+"<"+_+"/"+this.tagEndChar;else if(typeof ae=="object")if(this.options.oneListGroup){let Fe=this.j2x(ae,y+1,B.concat(_));P+=Fe.val,this.options.attributesGroupName&&ae.hasOwnProperty(this.options.attributesGroupName)&&(z+=Fe.attrStr)}else P+=this.processTextOrObjNode(ae,_,y,B);else if(this.options.oneListGroup){let Fe=this.options.tagValueProcessor(_,ae);Fe=this.replaceEntitiesValue(Fe),P+=Fe}else P+=this.buildTextValNode(ae,_,"",y)}this.options.oneListGroup&&(P=this.buildObjectNode(P,_,z,y)),Q+=P}else if(this.options.attributesGroupName&&_===this.options.attributesGroupName){let R=Object.keys(p[_]),P=R.length;for(let z=0;z<P;z++)S+=this.buildAttrPairStr(R[z],""+p[_][R[z]])}else Q+=this.processTextOrObjNode(p[_],_,y,B);return{attrStr:S,val:Q}},Do.prototype.buildAttrPairStr=function(p,y){return y=this.options.attributeValueProcessor(p,""+y),y=this.replaceEntitiesValue(y),this.options.suppressBooleanAttributes&&y==="true"?" "+p:" "+p+'="'+y+'"'},Do.prototype.buildObjectNode=function(p,y,B,S){if(p==="")return y[0]==="?"?this.indentate(S)+"<"+y+B+"?"+this.tagEndChar:this.indentate(S)+"<"+y+B+this.closeTag(y)+this.tagEndChar;{let Q="</"+y+this.tagEndChar,b="";return y[0]==="?"&&(b="?",Q=""),!B&&B!==""||p.indexOf("<")!==-1?this.options.commentPropName!==!1&&y===this.options.commentPropName&&b.length===0?this.indentate(S)+`<!--${p}-->`+this.newLine:this.indentate(S)+"<"+y+B+b+this.tagEndChar+p+this.indentate(S)+Q:this.indentate(S)+"<"+y+B+b+">"+p+Q}},Do.prototype.closeTag=function(p){let y="";return this.options.unpairedTags.indexOf(p)!==-1?this.options.suppressUnpairedNode||(y="/"):y=this.options.suppressEmptyNode?"/":`></${p}`,y},Do.prototype.buildTextValNode=function(p,y,B,S){if(this.options.cdataPropName!==!1&&y===this.options.cdataPropName)return this.indentate(S)+`<![CDATA[${p}]]>`+this.newLine;if(this.options.commentPropName!==!1&&y===this.options.commentPropName)return this.indentate(S)+`<!--${p}-->`+this.newLine;if(y[0]==="?")return this.indentate(S)+"<"+y+B+"?"+this.tagEndChar;{let Q=this.options.tagValueProcessor(y,p);return Q=this.replaceEntitiesValue(Q),Q===""?this.indentate(S)+"<"+y+B+this.closeTag(y)+this.tagEndChar:this.indentate(S)+"<"+y+B+">"+Q+"</"+y+this.tagEndChar}},Do.prototype.replaceEntitiesValue=function(p){if(p&&p.length>0&&this.options.processEntities)for(let y=0;y<this.options.entities.length;y++){let B=this.options.entities[y];p=p.replace(B.regex,B.val)}return p};let UX={validate:a};WG.e
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+									Polling from: ${r.config.operationLocation}
 									Operation status: ${l}
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+									Polling status: ${iY.terminalStates.includes(l)?"Stopped":"Running"}`),l==="succeeded"){let u=o(c,r);if(u!==void 0)return{response:await e(u).catch(nY({state:r,stateProxy:n,isOperationError:a})),status:l}}return{response:c,status:l}}async function NCe(t){let{poll:e,state:r,stateProxy:n,options:i,getOperationStatus:s,getResourceLocation:o,getOperationLocation:a,isOperationError:A,withOperationLocation:c,getPollingInterval:l,processResult:u,getError:d,updateState:f,setDelay:g,isDone:m,setErrorAsResult:E}=t,{operationLocation:C}=r.config;if(C!==void 0){let{response:I,status:N}=await bCe({poll:e,getOperationStatus:s,state:r,stateProxy:n,operationLocation:C,getResourceLocation:o,isOperationError:A,options:i});if(sY({status:N,response:I,state:r,stateProxy:n,isDone:m,processResult:u,getError:d,setErrorAsResult:E}),!iY.terminalStates.includes(N)){let w=l?.(I);w&&g(w);let v=a?.(I,r);if(v!==void 0){let T=C!==v;r.config.operationLocation=v,c?.(v,T)}else c?.(C,!1)}f?.(r,I)}}sa.pollOperation=NCe});var ER=h(Ft=>{"use strict";Object.defineProperty(Ft,"__esModule",{value:!0});Ft.pollHttpOperation=Ft.isOperationError=Ft.getResourceLocation=Ft.getOperationStatus=Ft.getOperationLocation=Ft.initHttpOperation=Ft.getStatusFromInitialResponse=Ft.getErrorFromResponse=Ft.parseRetryAfter=Ft.inferLroMode=void 0;var oY=fC(),mR=uC();function aY(t){let{azureAsyncOperation:e,operationLocation:r}=t;return r??e}function AY(t){return t.headers.location}function cY(t){return t.headers["operation-location"]}function lY(t){return t.headers["azure-asyncoperation"]}function wCe(t){var e;let{location:r,requestMethod:n,requestPath:i,resourceLocationConfig:s}=t;switch(n){case"PUT":return i;case"DELETE":return;case"PATCH":return(e=o())!==null&&e!==void 0?e:i;default:return o()}function o(){switch(s){case"azure-async-operation":return;case"original-uri":return i;default:return r}}}function uY(t){let{rawResponse:e,requestMethod:r,requestPath:n,resourceLocationConfig:i}=t,s=cY(e),o=lY(e),a=aY({operationLocation:s,azureAsyncOperation:o}),A=AY(e),c=r?.toLocaleUpperCase();return a!==void 0?{mode:"OperationLocation",operationLocation:a,resourceLocation:wCe({requestMethod:c,location:A,requestPath:n,resourceLocationConfig:i})}:A!==void 0?{mode:"ResourceLocation",operationLocation:A}:c==="PUT"&&n?{mode:"Body",operationLocation:n}:void 0}Ft.inferLroMode=uY;function dY(t){let{status:e,statusCode:r}=t;if(typeof e!="string"&&e!==void 0)throw new Error(`Polling was unsuccessful. Expected status to have a string value or no value but it has instead: ${e}. This doesn't necessarily indicate the operation has failed. Check your Azure subscription or resource status for more information.`);switch(e?.toLocaleLowerCase()){case void 0:return pR(r);case"succeeded":return"succeeded";case"failed":return"failed";case"running":case"accepted":case"started":case"canceling":case"cancelling":return"running";case"canceled":case"cancelled":return"canceled";default:return mR.logger.verbose(`LRO: unrecognized operation status: ${e}`),e}}function SCe(t){var e;let{status:r}=(e=t.body)!==null&&e!==void 0?e:{};return dY({status:r,statusCode:t.statusCode})}function xCe(t){var e,r;let{properties:n,provisioningState:i}=(e=t.body)!==null&&e!==void 0?e:{},s=(r=n?.provisioningState)!==null&&r!==void 0?r:i;return dY({status:s,statusCode:t.statusCode})}function pR(t){return t===202?"running":t<300?"succeeded":"failed"}function fY({rawResponse:t}){let e=t.headers["retry-after"];if(e!==void 0){let r=parseInt(e);return isNaN(r)?RCe(new Date(e)):r*1e3}}Ft.parseRetryAfter=fY;function hY(t){let e=pY(t,"error");if(!e){mR.logger.warning("The long-running operation failed but there is no error property in the response's body");return}if(!e.code||!e.message){mR.logger.warning("The long-running operation failed but the error property in the response's body doesn't contain code or message");return}return e}Ft.getErrorFromResponse=hY;function RCe(t){let e=Math.floor(new Date().getTime()),r=t.getTime();if(e<r)return r-e}function gY(t){let{response:e,state:r,operationLocation:n}=t;function i(){var o;switch((o=r.config.meta
 								`,jY="HTTP/1.1",oIe="AES256",aIe="DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;",AIe=["Access-Control-Allow-Origin","Cache-Control","Content-Length","Content-Type","Date","Request-Id","traceparent","Transfer-Encoding","User-Agent","x-ms-client-request-id","x-ms-date","x-ms-error-code","x-ms-request-id","x-ms-return-client-request-id","x-ms-version","Accept-Ranges","Content-Disposition","Content-Encoding","Content-Language","Content-MD5","Content-Range","ETag","Last-Modified","Server","Vary","x-ms-content-crc64","x-ms-copy-action","x-ms-copy-completion-time","x-ms-copy-id","x-ms-copy-progress","x-ms-copy-status","x-ms-has-immutability-policy","x-ms-has-legal-hold","x-ms-lease-state","x-ms-lease-status","x-ms-range","x-ms-request-server-encrypted","x-ms-server-encrypted","x-ms-snapshot","x-ms-source-range","If-Match","If-Modified-Since","If-None-Match","If-Unmodified-Since","x-ms-access-tier","x-ms-access-tier-change-time","x-ms-access-tier-inferred","x-ms-account-kind","x-ms-archive-status","x-ms-blob-append-offset","x-ms-blob-cache-control","x-ms-blob-committed-block-count","x-ms-blob-condition-appendpos","x-ms-blob-condition-maxsize","x-ms-blob-content-disposition","x-ms-blob-content-encoding","x-ms-blob-content-language","x-ms-blob-content-length","x-ms-blob-content-md5","x-ms-blob-content-type","x-ms-blob-public-access","x-ms-blob-sequence-number","x-ms-blob-type","x-ms-copy-destination-snapshot","x-ms-creation-time","x-ms-default-encryption-scope","x-ms-delete-snapshots","x-ms-delete-type-permanent","x-ms-deny-encryption-scope-override","x-ms-encryption-algorithm","x-ms-if-sequence-number-eq","x-ms-if-sequence-number-le","x-ms-if-sequence-number-lt","x-ms-incremental-copy","x-ms-lease-action","x-ms-lease-break-period","x-ms-lease-duration","x-ms-lease-id","x-ms-lease-time","x-ms-page-write","x-ms-proposed-lease-id","x-ms-range-get-content-md5","x-ms-rehydrate-priority","x-ms-sequence-number-action","x-ms-sku-name","x-ms-source-content-md5","x-ms-source-if-match","x-ms-source-if-modified-since","x-ms-source-if-none-match","x-ms-source-if-unmodified-since","x-ms-tag-count","x-ms-encryption-key-sha256","x-ms-copy-source-error-code","x-ms-copy-source-status-code","x-ms-if-tags","x-ms-source-if-tags"],cIe=["comp","maxresults","rscc","rscd","rsce","rscl","rsct","se","si","sip","sp","spr","sr","srt","ss","st","sv","include","marker","prefix","copyid","restype","blockid","blocklisttype","delimiter","prevsnapshot","ske","skoid","sks","skt","sktid","skv","snapshot"],lIe="BlobUsesCustomerSpecifiedEncryption",uIe="BlobDoesNotUseCustomerSpecifiedEncryption",dIe=["10000","10001","10002","10003","10004","10100","10101","10102","10103","10104","11000","11001","11002","11003","11004","11100","11101","11102","11103","11104"];function fIe(t){let e=new URL(t),r=e.pathname;return r=r||"/",r=gIe(r),e.pathname=r,e.toString()}function hIe(t){let e="";if(t.search("DevelopmentStorageProxyUri=")!==-1){let r=t.split(";");for(let n of r)n.trim().startsWith("DevelopmentStorageProxyUri=")&&(e=n.trim().match("DevelopmentStorageProxyUri=(.*)")[1])}return e}function NA(t,e){let r=t.split(";");for(let n of r)if(n.trim().startsWith(e))return n.trim().match(e+"=(.*)")[1];return""}function Cu(t){let e="";t.startsWith("UseDevelopmentStorage=true")&&(e=hIe(t),t=aIe);let r=NA(t,"BlobEndpoint");if(r=r.endsWith("/")?r.slice(0,-1):r,t.search("DefaultEndpointsProtocol=")!==-1&&t.search("AccountKey=")!==-1){let n="",i="",s=Buffer.from("accountKey","base64"),o="";if(i=NA(t,"AccountName"),s=Buffer.from(NA(t,"AccountKey"),"base64"),!r){n=NA(t,"DefaultEndpointsProtocol");let a=n.toLowerCase();if(a!=="https"&&a!=="http")throw new Error("Invalid DefaultEndpointsProtocol in the provided Connection String. Expecting 'https' or 'http'");if(o=NA(t,"EndpointSuffix"),!o)throw new Error("Invalid EndpointSuffix in the provided Connection String");r=`${n}://${i}.blob.${o}`}if(i){if(s.length===0)throw new Error("
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)+`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`+this.getCanonicalizedHeadersString(e)+this.getCanonicalizedResourceString(e),n=this.factory.computeHMACSHA256(r);return e.headers.set(Ie.AUTHORIZATION,`SharedKey ${this.factory.accountName}:${n}`),e}getHeaderValueToSign(e,r){let n=e.headers.get(r);return!n||r===Ie.CONTENT_LENGTH&&n==="0"?"":n}getCanonicalizedHeadersString(e){let r=e.headers.headersArray().filter(i=>i.name.toLowerCase().startsWith(Ie.PREFIX_FOR_STORAGE));r.sort((i,s)=>WY(i.name.toLowerCase(),s.name.toLowerCase())),r=r.filter((i,s,o)=>!(s>0&&i.name.toLowerCase()===o[s-1].name.toLowerCase()));let n="";return r.forEach(i=>{n+=`${i.name.toLowerCase().trimRight()}:${i.value.trimLeft()}
 								`}),n}getCanonicalizedResourceString(e){let r=FC(e.url)||"/",n="";n+=`/${this.factory.accountName}${r}`;let i=GY(e.url),s={};if(i){let o=[];for(let a in i)if(Object.prototype.hasOwnProperty.call(i,a)){let A=a.toLowerCase();s[A]=i[a],o.push(A)}o.sort();for(let a of o)n+=`
 								${a}:${decodeURIComponent(s[a])}`}return n}},jh=class{create(e,r){throw new Error("Method should be implemented in children classes.")}},lt=class extends jh{constructor(e,r){super(),this.accountName=e,this.accountKey=Buffer.from(r,"base64")}create(e,r){return new xC(e,r,this)}computeHMACSHA256(e){return av.createHmac("sha256",this.accountKey).update(e,"utf8").digest("base64")}},RC=class extends Hh{constructor(e,r){super(e,r)}},dt=class extends jh{create(e,r){return new RC(e,r)}},xR;function xIe(){return xR||(xR=jr.createDefaultHttpClient()),xR}var RIe="storageBrowserPolicy";function vIe(){return{name:RIe,async sendRequest(t,e){return st.isNode||((t.method==="GET"||t.method==="HEAD")&&(t.url=lo(t.url,Ji.Parameters.FORCE_BROWSER_NO_CACHE,new Date().getTime().toString())),t.headers.delete(Ie.COOKIE),t.headers.delete(Ie.CONTENT_LENGTH)),e(t)}}}var _Ie="storageRetryPolicy",zh;(function(t){t[t.EXPONENTIAL=0]="EXPONENTIAL",t[t.FIXED=1]="FIXED"})(zh||(zh={}));var uu={maxRetryDelayInMs:120*1e3,maxTries:4,retryDelayInMs:4*1e3,retryPolicyType:zh.EXPONENTIAL,secondaryHost:"",tryTimeoutInMs:void 0},DIe=["ETIMEDOUT","ESOCKETTIMEDOUT","ECONNREFUSED","ECONNRESET","ENOENT","ENOTFOUND","TIMEOUT","EPIPE","REQUEST_SEND_ERROR"],kIe=new LC.AbortError("The operation was aborted.");function PIe(t={}){var e,r,n,i,s,o;let a=(e=t.retryPolicyType)!==null&&e!==void 0?e:uu.retryPolicyType,A=(r=t.maxTries)!==null&&r!==void 0?r:uu.maxTries,c=(n=t.retryDelayInMs)!==null&&n!==void 0?n:uu.retryDelayInMs,l=(i=t.maxRetryDelayInMs)!==null&&i!==void 0?i:uu.maxRetryDelayInMs,u=(s=t.secondaryHost)!==null&&s!==void 0?s:uu.secondaryHost,d=(o=t.tryTimeoutInMs)!==null&&o!==void 0?o:uu.tryTimeoutInMs;function f({isPrimaryRetry:m,attempt:E,response:C,error:I}){var N,w;if(E>=A)return nr.info(`RetryPolicy: Attempt(s) ${E} >= maxTries ${A}, no further try.`),!1;if(I){for(let v of DIe)if(I.name.toUpperCase().includes(v)||I.message.toUpperCase().includes(v)||I.code&&I.code.toString().toUpperCase()===v)return nr.info(`RetryPolicy: Network error ${v} found, will retry.`),!0;if(I?.code==="PARSE_ERROR"&&I?.message.startsWith('Error "Error: Unclosed root tag'))return nr.info("RetryPolicy: Incomplete XML response likely due to service timeout, will retry."),!0}if(C||I){let v=(w=(N=C?.status)!==null&&N!==void 0?N:I?.statusCode)!==null&&w!==void 0?w:0;if(!m&&v===404)return nr.info("RetryPolicy: Secondary access with 404, will retry."),!0;if(v===503||v===500)return nr.info(`RetryPolicy: Will retry for status code ${v}.`),!0}return!1}function g(m,E){let C=0;if(m)switch(a){case zh.EXPONENTIAL:C=Math.min((Math.pow(2,E-1)-1)*c,l);break;case zh.FIXED:C=c;break}else C=Math.random()*1e3;return nr.info(`RetryPolicy: Delay for ${C}ms`),C}return{name:_Ie,async sendRequest(m,E){d&&(m.url=lo(m.url,Ji.Parameters.TIMEOUT,String(Math.floor(d/1e3))));let C=m.url,I=u?zY(m.url,u):void 0,N=!1,w=1,v=!0,T,U;for(;v;){let k=N||!I||!["GET","HEAD","OPTIONS"].includes(m.method)||w%2===1;m.url=k?C:I,T=void 0,U=void 0;try{nr.info(`RetryPolicy: =====> Try=${w} ${k?"Primary":"Secondary"}`),T=await E(m),N=N||!k&&T.status===404}catch(J){if(jr.isRestError(J))nr.error(`RetryPolicy: Caught error, message: ${J.message}, code: ${J.code}`),U=J;else throw nr.error(`RetryPolicy: Caught error, message: ${st.getErrorMessage(J)}`),J}v=f({isPrimaryRetry:k,attempt:w,response:T,error:U}),v&&await YY(g(k,w),m.abortSignal,kIe),w++}if(T)return T;throw U??new jr.RestError("RetryPolicy failed without known error.")}}}var TIe="storageSharedKeyCredentialPolicy";function $Y(t){function e(s){s.headers.set(Ie.X_MS_DATE,new Date().toUTCString()),s.body&&(typeof s.body=="string"||Buffer.isBuffer(s.body))&&s.body.length>0&&s.headers.set(Ie.CONTENT_LENGTH,Buffer.byteLength(s.body));let o=[s.method.toUpperCase(),r(s,Ie.CONTENT_LANGUAGE),r(s,Ie.CONTENT_ENCODING),r(s,Ie.CONTENT_LENGTH),r(s,Ie.CONTENT_MD5),r(s,Ie.CONTENT_TYPE),r(s,Ie.DATE),r(s,Ie.IF_MODIFIED_SINCE),r(s,Ie.IF_MATCH),r(s,Ie.IF_NONE_MATCH),r(s,Ie.IF_UNMODIFIED_SINCE),r(s,Ie.RANGE)].join(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)+`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`+n(s)+i(s),a=av.createHmac("sha256",t.accountKey).update(o,"utf8").digest("base64");s.headers.set(Ie.AUTHORIZATION,`SharedKey ${t.accountName}:${a}`)}function r(s,o){let a=s.headers.get(o);return!a||o===Ie.CONTENT_LENGTH&&a==="0"?"":a}function n(s){let o=[];for(let[A,c]of s.headers)A.toLowerCase().startsWith(Ie.PREFIX_FOR_STORAGE)&&o.push({name:A,value:c});o.sort((A,c)=>WY(A.name.toLowerCase(),c.name.toLowerCase())),o=o.filter((A,c,l)=>!(c>0&&A.name.toLowerCase()===l[c-1].name.toLowerCase()));let a="";return o.forEach(A=>{a+=`${A.name.toLowerCase().trimRight()}:${A.value.trimLeft()}
 								`}),a}function i(s){let o=FC(s.url)||"/",a="";a+=`/${t.accountName}${o}`;let A=GY(s.url),c={};if(A){let l=[];for(let u in A)if(Object.prototype.hasOwnProperty.call(A,u)){let d=u.toLowerCase();c[d]=A[u],l.push(d)}l.sort();for(let u of l)a+=`
 								${u}:${decodeURIComponent(c[u])}`}return a}return{name:TIe,async sendRequest(s,o){return e(s),o(s)}}}var vC=class extends gu{constructor(e,r){super(e,r)}async sendRequest(e){return st.isNode?this._nextPolicy.sendRequest(e):((e.method.toUpperCase()==="GET"||e.method.toUpperCase()==="HEAD")&&(e.url=lo(e.url,Ji.Parameters.FORCE_BROWSER_NO_CACHE,new Date().getTime().toString())),e.headers.remove(Ie.COOKIE),e.headers.remove(Ie.CONTENT_LENGTH),this._nextPolicy.sendRequest(e))}},_C=class{create(e,r){return new vC(e,r)}},OIe="StorageCorrectContentLengthPolicy";function LIe(){function t(e){e.body&&(typeof e.body=="string"||Buffer.isBuffer(e.body))&&e.body.length>0&&e.headers.set(Ie.CONTENT_LENGTH,Buffer.byteLength(e.body))}return{name:OIe,async sendRequest(e,r){return t(e),r(e)}}}function la(t){if(!t||typeof t!="object")return!1;let e=t;return Array.isArray(e.factories)&&typeof e.options=="object"&&typeof e.toServiceClientOptions=="function"}var Gh=class{constructor(e,r={}){this.factories=e,this.options=r}toServiceClientOptions(){return{httpClient:this.options.httpClient,requestPolicyFactories:this.factories}}};function ut(t,e={}){t||(t=new dt);let r=new Gh([],e);return r._credential=t,r}function MIe(t){let e=[FIe,ZY,UIe,qIe,HIe,jIe,GIe];if(t.factories.length){let r=t.factories.filter(n=>!e.some(i=>i(n)));if(r.length){let n=r.some(i=>zIe(i));return{wrappedPolicies:OC.createRequestPolicyFactoryPolicy(r),afterRetry:n}}}}function KY(t){var e;let r=t.options,{httpClient:n}=r,i=q.__rest(r,["httpClient"]),s=t._coreHttpClient;s||(s=n?OC.convertHttpClient(n):xIe(),t._coreHttpClient=s);let o=t._corePipeline;if(!o){let a=`azsdk-js-azure-storage-blob/${qY}`,A=i.userAgentOptions&&i.userAgentOptions.userAgentPrefix?`${i.userAgentOptions.userAgentPrefix} ${a}`:`${a}`;o=Fh.createClientPipeline(Object.assign(Object.assign({},i),{loggingOptions:{additionalAllowedHeaderNames:AIe,additionalAllowedQueryParameters:cIe,logger:nr.info},userAgentOptions:{userAgentPrefix:A},serializationOptions:{stringifyXML:vR.stringifyXML,serializerOptions:{xml:{xmlCharKey:"#"}}},deserializationOptions:{parseXML:vR.parseXML,serializerOptions:{xml:{xmlCharKey:"#"}}}})),o.removePolicy({phase:"Retry"}),o.removePolicy({name:jr.decompressResponsePolicyName}),o.addPolicy(LIe()),o.addPolicy(PIe(i.retryOptions),{phase:"Retry"}),o.addPolicy(vIe());let c=MIe(t);c&&o.addPolicy(c.wrappedPolicies,c.afterRetry?{afterPhase:"Retry"}:void 0);let l=XY(t);Ei.isTokenCredential(l)?o.addPolicy(jr.bearerTokenAuthenticationPolicy({credential:l,scopes:(e=i.audience)!==null&&e!==void 0?e:uv,challengeCallbacks:{authorizeRequestOnChallenge:Fh.authorizeRequestOnTenantChallenge}}),{phase:"Sign"}):l instanceof lt&&o.addPolicy($Y({accountName:l.accountName,accountKey:l.accountKey}),{phase:"Sign"}),t._corePipeline=o}return Object.assign(Object.assign({},i),{allowInsecureConnection:!0,httpClient:s,pipeline:o})}function XY(t){if(t._credential)return t._credential;let e=new dt;for(let r of t.factories)if(Ei.isTokenCredential(r.credential))e=r.credential;else if(ZY(r))return r;return e}function ZY(t){return t instanceof lt?!0:t.constructor.name==="StorageSharedKeyCredential"}function FIe(t){return t instanceof dt?!0:t.constructor.name==="AnonymousCredential"}function UIe(t){return Ei.isTokenCredential(t.credential)}function qIe(t){return t instanceof _C?!0:t.constructor.name==="StorageBrowserPolicyFactory"}function HIe(t){return t instanceof SC?!0:t.constructor.name==="StorageRetryPolicyFactory"}function jIe(t){return t.constructor.name==="TelemetryPolicyFactory"}function zIe(t){return t.constructor.name==="InjectorPolicyFactory"}function GIe(t){let e=["GenerateClientRequestIdPolicy","TracingPolicy","LogPolicy","ProxyPolicy","DisableResponseDecompressionPolicy","KeepAlivePolicy","DeserializationPolicy"],r={sendRequest:async o=>({request:o,headers:o.headers.clone(),status:500})},n={log(o,a){},shouldLog(o){return!1}},s=t.create(r,n).constructor.name;return e.some(o=>s.startsWith(o))}var fv={serializedName:"BlobServiceProperties",xmlName:"StorageServiceProperties",type:{name:"Composite",className:"BlobServi
 								`),s=e.computeHMACSHA256(i);return{sasQueryParameters:new Ss(t.version,s,n,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType),stringToSign:i}}function Rbe(t,e){if(t=Fu(t),!t.identifier&&!(t.permissions&&t.expiresOn))throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when 'identifier' is not provided.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=uo.parse(t.permissions.toString()).toString():i=fo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Mu(e.accountName,t.containerName,t.blobName),t.identifier,t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl?t.cacheControl:"",t.contentDisposition?t.contentDisposition:"",t.contentEncoding?t.contentEncoding:"",t.contentLanguage?t.contentLanguage:"",t.contentType?t.contentType:""].join(`
 								`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ss(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType),stringToSign:s}}function vbe(t,e){if(t=Fu(t),!t.identifier&&!(t.permissions&&t.expiresOn))throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when 'identifier' is not provided.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=uo.parse(t.permissions.toString()).toString():i=fo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Mu(e.accountName,t.containerName,t.blobName),t.identifier,t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.encryptionScope,t.cacheControl?t.cacheControl:"",t.contentDisposition?t.contentDisposition:"",t.contentEncoding?t.contentEncoding:"",t.contentLanguage?t.contentLanguage:"",t.contentType?t.contentType:""].join(`
 								`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ss(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,void 0,void 0,void 0,t.encryptionScope),stringToSign:s}}function _be(t,e){if(t=Fu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=uo.parse(t.permissions.toString()).toString():i=fo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Mu(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
 								`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ss(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey),stringToSign:s}}function Dbe(t,e){if(t=Fu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=uo.parse(t.permissions.toString()).toString():i=fo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Mu(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.preauthorizedAgentObjectId,void 0,t.correlationId,t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
 								`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ss(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey,t.preauthorizedAgentObjectId,t.correlationId),stringToSign:s}}function kbe(t,e){if(t=Fu(t),!t.permissions||!t.expiresOn)throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");let r="c",n=t.snapshotTime;t.blobName&&(r="b",t.snapshotTime?r="bs":t.versionId&&(r="bv",n=t.versionId));let i;t.permissions&&(t.blobName?i=uo.parse(t.permissions.toString()).toString():i=fo.parse(t.permissions.toString()).toString());let s=[i||"",t.startsOn?Xe(t.startsOn,!1):"",t.expiresOn?Xe(t.expiresOn,!1):"",Mu(e.accountName,t.containerName,t.blobName),e.userDelegationKey.signedObjectId,e.userDelegationKey.signedTenantId,e.userDelegationKey.signedStartsOn?Xe(e.userDelegationKey.signedStartsOn,!1):"",e.userDelegationKey.signedExpiresOn?Xe(e.userDelegationKey.signedExpiresOn,!1):"",e.userDelegationKey.signedService,e.userDelegationKey.signedVersion,t.preauthorizedAgentObjectId,void 0,t.correlationId,t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",t.version,r,n,t.encryptionScope,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType].join(`
 								`),o=e.computeHMACSHA256(s);return{sasQueryParameters:new Ss(t.version,o,i,void 0,void 0,t.protocol,t.startsOn,t.expiresOn,t.ipRange,t.identifier,r,t.cacheControl,t.contentDisposition,t.contentEncoding,t.contentLanguage,t.contentType,e.userDelegationKey,t.preauthorizedAgentObjectId,t.correlationId,t.encryptionScope),stringToSign:s}}function Mu(t,e,r){let n=[`/blob/${t}/${e}`];return r&&n.push(`/${r}`),n.join("")}function Fu(t){let e=t.version?t.version:lv;if(t.snapshotTime&&e<"2018-11-09")throw RangeError("'version' must be >= '2018-11-09' when providing 'snapshotTime'.");if(t.blobName===void 0&&t.snapshotTime)throw RangeError("Must provide 'blobName' when providing 'snapshotTime'.");if(t.versionId&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'versionId'.");if(t.blobName===void 0&&t.versionId)throw RangeError("Must provide 'blobName' when providing 'versionId'.");if(t.permissions&&t.permissions.setImmutabilityPolicy&&e<"2020-08-04")throw RangeError("'version' must be >= '2020-08-04' when provided 'i' permission.");if(t.permissions&&t.permissions.deleteVersion&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'x' permission.");if(t.permissions&&t.permissions.permanentDelete&&e<"2019-10-10")throw RangeError("'version' must be >= '2019-10-10' when providing 'y' permission.");if(t.permissions&&t.permissions.tag&&e<"2019-12-12")throw RangeError("'version' must be >= '2019-12-12' when providing 't' permission.");if(e<"2020-02-10"&&t.permissions&&(t.permissions.move||t.permissions.execute))throw RangeError("'version' must be >= '2020-02-10' when providing the 'm' or 'e' permission.");if(e<"2021-04-10"&&t.permissions&&t.permissions.filterByTags)throw RangeError("'version' must be >= '2021-04-10' when providing the 'f' permission.");if(e<"2020-02-10"&&(t.preauthorizedAgentObjectId||t.correlationId))throw RangeError("'version' must be >= '2020-02-10' when providing 'preauthorizedAgentObjectId' or 'correlationId'.");if(t.encryptionScope&&e<"2020-12-06")throw RangeError("'version' must be >= '2020-12-06' when provided 'encryptionScope' in SAS.");return t.version=e,t}var Wh=class{get leaseId(){return this._leaseId}get url(){return this._url}constructor(e,r){let n=e.storageClientContext;this._url=e.url,e.name===void 0?(this._isContainer=!0,this._containerOrBlobOperation=n.container):(this._isContainer=!1,this._containerOrBlobOperation=n.blob),r||(r=st.randomUUID()),this._leaseId=r}async acquireLease(e,r={}){var n,i,s,o,a;if(this._isContainer&&(!((n=r.conditions)===null||n===void 0)&&n.ifMatch&&((i=r.conditions)===null||i===void 0?void 0:i.ifMatch)!==ws||!((s=r.conditions)===null||s===void 0)&&s.ifNoneMatch&&((o=r.conditions)===null||o===void 0?void 0:o.ifNoneMatch)!==ws||!((a=r.conditions)===null||a===void 0)&&a.tagConditions))throw new RangeError("The IfMatch, IfNoneMatch and tags access conditions are ignored by the service. Values other than undefined or their default values are not acceptable.");return F.withSpan("BlobLeaseClient-acquireLease",r,async A=>{var c;return V(await this._containerOrBlobOperation.acquireLease({abortSignal:r.abortSignal,duration:e,modifiedAccessConditions:Object.assign(Object.assign({},r.conditions),{ifTags:(c=r.conditions)===null||c===void 0?void 0:c.tagConditions}),proposedLeaseId:this._leaseId,tracingOptions:A.tracingOptions}))})}async changeLease(e,r={}){var n,i,s,o,a;if(this._isContainer&&(!((n=r.conditions)===null||n===void 0)&&n.ifMatch&&((i=r.conditions)===null||i===void 0?void 0:i.ifMatch)!==ws||!((s=r.conditions)===null||s===void 0)&&s.ifNoneMatch&&((o=r.conditions)===null||o===void 0?void 0:o.ifNoneMatch)!==ws||!((a=r.conditions)===null||a===void 0)&&a.tagConditions))throw new RangeError("The IfMatch, IfNoneMatch and tags access conditions are ignored by the service. Values other than undefined or their default values are not acceptable.");return F.withSpan("BlobLeaseClient-changeLease",r,async A=>{var c;let l=V(await this._containerOrBlobOperation.changeLease(this._leaseId,e,{abortSignal:r.abortSignal,modifiedAccessConditi
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`):o=[e.accountName,n,i,s,t.startsOn?Xe(t.startsOn,!1):"",Xe(t.expiresOn,!1),t.ipRange?ho(t.ipRange):"",t.protocol?t.protocol:"",r,""].join(`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`);let a=e.computeHMACSHA256(o);return{sasQueryParameters:new Ss(r,a,n.toString(),i,s,t.protocol,t.startsOn,t.expiresOn,t.ipRange,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,void 0,t.encryptionScope),stringToSign:o}}var ov=class t extends Yh{static fromConnectionString(e,r){r=r||{};let n=Cu(e);if(n.kind==="AccountConnString")if(st.isNode){let i=new lt(n.accountName,n.accountKey);r.proxyOptions||(r.proxyOptions=jr.getDefaultProxySettings(n.proxyUri));let s=ut(i,r);return new t(n.url,s)}else throw new Error("Account connection string is only supported in Node.js environment");else if(n.kind==="SASConnString"){let i=ut(new dt,r);return new t(n.url+"?"+n.accountSas,i)}else throw new Error("Connection string must be either an Account connection string or a SAS connection string")}constructor(e,r,n){let i;la(r)?i=r:st.isNode&&r instanceof lt||r instanceof dt||Ei.isTokenCredential(r)?i=ut(r,n):i=ut(new dt,n),super(e,i),this.serviceContext=this.storageClientContext.service}getContainerClient(e){return new PC(Pt(this.url,encodeURIComponent(e)),this.pipeline)}async createContainer(e,r={}){return F.withSpan("BlobServiceClient-createContainer",r,async n=>{let i=this.getContainerClient(e),s=await i.create(n);return{containerClient:i,containerCreateResponse:s}})}async deleteContainer(e,r={}){return F.withSpan("BlobServiceClient-deleteContainer",r,async n=>this.getContainerClient(e).delete(n))}async undeleteContainer(e,r,n={}){return F.withSpan("BlobServiceClient-undeleteContainer",n,async i=>{let s=this.getContainerClient(n.destinationContainerName||e),o=s.storageClientContext.container,a=V(await o.restore({deletedContainerName:e,deletedContainerVersion:r,tracingOptions:i.tracingOptions}));return{containerClient:s,containerUndeleteResponse:a}})}async renameContainer(e,r,n={}){return F.withSpan("BlobServiceClient-renameContainer",n,async i=>{var s;let o=this.getContainerClient(r),a=o.storageClientContext.container,A=V(await a.rename(e,Object.assign(Object.assign({},i),{sourceLeaseId:(s=n.sourceCondition)===null||s===void 0?void 0:s.leaseId})));return{containerClient:o,containerRenameResponse:A}})}async getProperties(e={}){return F.withSpan("BlobServiceClient-getProperties",e,async r=>V(await this.serviceContext.getProperties({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async setProperties(e,r={}){return F.withSpan("BlobServiceClient-setProperties",r,async n=>V(await this.serviceContext.setProperties(e,{abortSignal:r.abortSignal,tracingOptions:n.tracingOptions})))}async getStatistics(e={}){return F.withSpan("BlobServiceClient-getStatistics",e,async r=>V(await this.serviceContext.getStatistics({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async getAccountInfo(e={}){return F.withSpan("BlobServiceClient-getAccountInfo",e,async r=>V(await this.serviceContext.getAccountInfo({abortSignal:e.abortSignal,tracingOptions:r.tracingOptions})))}async listContainersSegment(e,r={}){return F.withSpan("BlobServiceClient-listContainersSegment",r,async n=>V(await this.serviceContext.listContainersSegment(Object.assign(Object.assign({abortSignal:r.abortSignal,marker:e},r),{include:typeof r.include=="string"?[r.include]:r.include,tracingOptions:n.tracingOptions}))))}async findBlobsByTagsSegment(e,r,n={}){return F.withSpan("BlobServiceClient-findBlobsByTagsSegment",n,async i=>{let s=V(await this.serviceContext.filterBlobs({abortSignal:n.abortSignal,where:e,marker:r,maxPageSize:n.maxPageSize,tracingOptions:i.tracingOptions}));return Object.assign(Object.assign({},s),{_response:s._response,blobs:s.blobs.map(a=>{var A;let c="";return((A=a.tags)===null||A===void 0?void 0:A.blobTagSet.length)===1&&(c=a.tags.blobTagSet[0].value),Object.assign(Object.assign({},a),{tags:Oh(a.tags),tagValue:c})})})})}findBlobsByTagsSegments(e,r){return q.__asyncGenerator(this,arguments,function*(i,s,o={}){let a;if(s||s===void 0)do a=yield q.__await(this.findBlobsByTagsSegment(i,s,o)),a.blobs=a.blobs||[],s=a.continuationToken,yield yield q.__await(a);while(s)})}findBlobsByTagsItems(e){return q.__asyncGenerator(this,arguments,functi
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								If you are using self-hosted runners, please make sure your runner has access to all GitHub endpoints: https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github`;super(r),this.code=e,this.name="NetworkError"}};Qn.NetworkError=YC;YC.isNetworkErrorCode=t=>t?["ECONNRESET","ENOTFOUND","ETIMEDOUT","ECONNREFUSED","EHOSTUNREACH"].includes(t):!1;var JC=class extends Error{constructor(){super(`Cache storage quota has been hit. Unable to upload any new cache entries. Usage is recalculated every 6-12 hours.
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								More info on storage limits: https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions#calculating-minute-and-storage-spending`),this.name="UsageError"}};Qn.UsageError=JC;JC.isUsageErrorMessage=t=>t?t.includes("insufficient usage"):!1});var E3=h(bn=>{"use strict";var Wbe=bn&&bn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),$be=bn&&bn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Kbe=bn&&bn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&Wbe(e,t,r);return $be(e,t),e},Xbe=bn&&bn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(bn,"__esModule",{value:!0});bn.uploadCacheArchiveSDK=bn.UploadProgress=void 0;var kv=Kbe(at()),Zbe=Sv(),e0e=Dv(),VC=class{constructor(e){this.contentLength=e,this.sentBytes=0,this.displayedComplete=!1,this.startTime=Date.now()}setSentBytes(e){this.sentBytes=e}getTransferredBytes(){return this.sentBytes}isDone(){return this.getTransferredBytes()===this.contentLength}display(){if(this.displayedComplete)return;let e=this.sentBytes,r=(100*(e/this.contentLength)).toFixed(1),n=Date.now()-this.startTime,i=(e/(1024*1024)/(n/1e3)).toFixed(1);kv.info(`Sent ${e} of ${this.contentLength} (${r}%), ${i} MBs/sec`),this.isDone()&&(this.displayedComplete=!0)}onProgress(){return e=>{this.setSentBytes(e.loadedBytes)}}startDisplayTimer(e=1e3){let r=()=>{this.display(),this.isDone()||(this.timeoutHandle=setTimeout(r,e))};this.timeoutHandle=setTimeout(r,e)}stopDisplayTimer(){this.timeoutHandle&&(clearTimeout(this.timeoutHandle),this.timeoutHandle=void 0),this.display()}};bn.UploadProgress=VC;function t0e(t,e,r){var n;return Xbe(this,void 0,void 0,function*(){let i=new Zbe.BlobClient(t),s=i.getBlockBlobClient(),o=new VC((n=r?.archiveSizeBytes)!==null&&n!==void 0?n:0),a={blockSize:r?.uploadChunkSize,concurrency:r?.uploadConcurrency,maxSingleShotSize:128*1024*1024,onProgress:o.onProgress()};try{o.startDisplayTimer(),kv.debug(`BlobClient: ${i.name}:${i.accountName}:${i.containerName}`);let A=yield s.uploadFile(e,a);if(A._response.status>=400)throw new e0e.InvalidResponseError(`uploadCacheArchiveSDK: upload failed with status code ${A._response.status}`);return A}catch(A){throw kv.warning(`uploadCacheArchiveSDK: internal error uploading cache archive: ${A.message}`),A}finally{o.stopDisplayTimer()}})}bn.uploadCacheArchiveSDK=t0e});var Tv=h(qt=>{"use strict";var r0e=qt&&qt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),n0e=qt&&qt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),i0e=qt&&qt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&r0e(e,t,r);return n0e(e,t),e},$C=qt&&qt.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(qt,"__esModule",{value:!0}
 								Other caches with similar key:`);for(let a of s?.artifactCaches||[])$n.debug(`Cache Key: ${a?.cacheKey}, Cache Version: ${a?.cacheVersion}, Cache Scope: ${a?.scope}, Cache Created: ${a?.creationTime}`)}}})}function j0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n=new T0e.URL(t),i=(0,Hv.getDownloadOptions)(r);n.hostname.endsWith(".blob.core.windows.net")?i.useAzureSdk?yield(0,eI.downloadCacheStorageSDK)(t,e,i):i.concurrentBlobDownloads?yield(0,eI.downloadCacheHttpClientConcurrent)(t,e,i):yield(0,eI.downloadCacheHttpClient)(t,e):yield(0,eI.downloadCacheHttpClient)(t,e)})}Nr.downloadCache=j0e;function z0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n=jv(),i=ju.getCacheVersion(e,r?.compressionMethod,r?.enableCrossOsArchive),s={key:t,version:i,cacheSize:r?.cacheSize};return yield(0,ma.retryTypedResponse)("reserveCache",()=>Nn(this,void 0,void 0,function*(){return n.postJson(Ag("caches"),s)}))})}Nr.reserveCache=z0e;function P3(t,e){return`bytes ${t}-${e}/*`}function G0e(t,e,r,n,i){return Nn(this,void 0,void 0,function*(){$n.debug(`Uploading chunk of size ${i-n+1} bytes at offset ${n} with content range: ${P3(n,i)}`);let s={"Content-Type":"application/octet-stream","Content-Range":P3(n,i)},o=yield(0,ma.retryHttpClientResponse)(`uploadChunk (start: ${n}, end: ${i})`,()=>Nn(this,void 0,void 0,function*(){return t.sendStream("PATCH",e,r(),s)}));if(!(0,ma.isSuccessStatusCode)(o.message.statusCode))throw new Error(`Cache service responded with ${o.message.statusCode} during upload chunk.`)})}function Y0e(t,e,r,n){return Nn(this,void 0,void 0,function*(){let i=ju.getArchiveFileSizeInBytes(r),s=Ag(`caches/${e.toString()}`),o=Uv.openSync(r,"r"),a=(0,Hv.getUploadOptions)(n),A=ju.assertDefined("uploadConcurrency",a.uploadConcurrency),c=ju.assertDefined("uploadChunkSize",a.uploadChunkSize),l=[...new Array(A).keys()];$n.debug("Awaiting all uploads");let u=0;try{yield Promise.all(l.map(()=>Nn(this,void 0,void 0,function*(){for(;u<i;){let d=Math.min(i-u,c),f=u,g=u+d-1;u+=c,yield G0e(t,s,()=>Uv.createReadStream(r,{fd:o,start:f,end:g,autoClose:!1}).on("error",m=>{throw new Error(`Cache upload failed because file read failed with ${m.message}`)}),f,g)}})))}finally{Uv.closeSync(o)}})}function J0e(t,e,r){return Nn(this,void 0,void 0,function*(){let n={size:r};return yield(0,ma.retryTypedResponse)("commitCache",()=>Nn(this,void 0,void 0,function*(){return t.postJson(Ag(`caches/${e.toString()}`),n)}))})}function V0e(t,e,r,n){return Nn(this,void 0,void 0,function*(){if((0,Hv.getUploadOptions)(n).useAzureSdk){if(!r)throw new Error("Azure Storage SDK can only be used when a signed URL is provided.");yield(0,O0e.uploadCacheArchiveSDK)(r,e,n)}else{let s=jv();$n.debug("Upload cache"),yield Y0e(s,t,e,n),$n.debug("Commiting cache");let o=ju.getArchiveFileSizeInBytes(e);$n.info(`Cache Size: ~${Math.round(o/(1024*1024))} MB (${o} B)`);let a=yield J0e(s,t,o);if(!(0,ma.isSuccessStatusCode)(a.statusCode))throw new Error(`Cache service responded with ${a.statusCode} during commit cache.`);$n.info("Cache saved successfully")}})}Nr.saveCache=V0e});var tI=h(zu=>{"use strict";Object.defineProperty(zu,"__esModule",{value:!0});zu.isJsonObject=zu.typeofJsonValue=void 0;function W0e(t){let e=typeof t;if(e=="object"){if(Array.isArray(t))return"array";if(t===null)return"null"}return e}zu.typeofJsonValue=W0e;function $0e(t){return t!==null&&typeof t=="object"&&!Array.isArray(t)}zu.isJsonObject=$0e});var nI=h(Gu=>{"use strict";Object.defineProperty(Gu,"__esModule",{value:!0});Gu.base64encode=Gu.base64decode=void 0;var yo="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".split(""),rI=[];for(let t=0;t<yo.length;t++)rI[yo[t].charCodeAt(0)]=t;rI[45]=yo.indexOf("+");rI[95]=yo.indexOf("/");function K0e(t){let e=t.length*3/4;t[t.length-2]=="="?e-=2:t[t.length-1]=="="&&(e-=1);let r=new Uint8Array(e),n=0,i=0,s,o=0;for(let a=0;a<t.length;a++){if(s=rI[t.charCodeAt(a)],s===void 0)switch(t[a]){case"=":i=0;case`
 								`:case"\r":case"	":case" ":continue;default:throw Error("invalid base64 string.")}switch(i){case 0:o=s,i=1;break;case 1:r[n++]=o<<2|(s&48)>>4,o=s,i=2;break;case 2:r[n++]=(o&15)<<4|(s&60)>>2,o=s,i=3;break;case 3:r[n++]=(o&3)<<6|s,i=0;break}}if(i==1)throw Error("invalid base64 string.");return r.subarray(0,n)}Gu.base64decode=K0e;function X0e(t){let e="",r=0,n,i=0;for(let s=0;s<t.length;s++)switch(n=t[s],r){case 0:e+=yo[n>>2],i=(n&3)<<4,r=1;break;case 1:e+=yo[i|n>>4],i=(n&15)<<2,r=2;break;case 2:e+=yo[i|n>>6],e+=yo[n&63],r=0;break}return r&&(e+=yo[i],e+="=",r==1&&(e+="=")),e}Gu.base64encode=X0e});var O3=h(iI=>{"use strict";Object.defineProperty(iI,"__esModule",{value:!0});iI.utf8read=void 0;var zv=t=>String.fromCharCode.apply(String,t);function Z0e(t){if(t.length<1)return"";let e=0,r=[],n=[],i=0,s,o=t.length;for(;e<o;)s=t[e++],s<128?n[i++]=s:s>191&&s<224?n[i++]=(s&31)<<6|t[e++]&63:s>239&&s<365?(s=((s&7)<<18|(t[e++]&63)<<12|(t[e++]&63)<<6|t[e++]&63)-65536,n[i++]=55296+(s>>10),n[i++]=56320+(s&1023)):n[i++]=(s&15)<<12|(t[e++]&63)<<6|t[e++]&63,i>8191&&(r.push(zv(n)),i=0);return r.length?(i&&r.push(zv(n.slice(0,i))),r.join("")):zv(n.slice(0,i))}iI.utf8read=Z0e});var cg=h(Rs=>{"use strict";Object.defineProperty(Rs,"__esModule",{value:!0});Rs.WireType=Rs.mergeBinaryOptions=Rs.UnknownFieldHandler=void 0;var eNe;(function(t){t.symbol=Symbol.for("protobuf-ts/unknown"),t.onRead=(r,n,i,s,o)=>{(e(n)?n[t.symbol]:n[t.symbol]=[]).push({no:i,wireType:s,data:o})},t.onWrite=(r,n,i)=>{for(let{no:s,wireType:o,data:a}of t.list(n))i.tag(s,o).raw(a)},t.list=(r,n)=>{if(e(r)){let i=r[t.symbol];return n?i.filter(s=>s.no==n):i}return[]},t.last=(r,n)=>t.list(r,n).slice(-1)[0];let e=r=>r&&Array.isArray(r[t.symbol])})(eNe=Rs.UnknownFieldHandler||(Rs.UnknownFieldHandler={}));function tNe(t,e){return Object.assign(Object.assign({},t),e)}Rs.mergeBinaryOptions=tNe;var rNe;(function(t){t[t.Varint=0]="Varint",t[t.Bit64=1]="Bit64",t[t.LengthDelimited=2]="LengthDelimited",t[t.StartGroup=3]="StartGroup",t[t.EndGroup=4]="EndGroup",t[t.Bit32=5]="Bit32"})(rNe=Rs.WireType||(Rs.WireType={}))});var oI=h(wn=>{"use strict";Object.defineProperty(wn,"__esModule",{value:!0});wn.varint32read=wn.varint32write=wn.int64toString=wn.int64fromString=wn.varint64write=wn.varint64read=void 0;function nNe(){let t=0,e=0;for(let n=0;n<28;n+=7){let i=this.buf[this.pos++];if(t|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}let r=this.buf[this.pos++];if(t|=(r&15)<<28,e=(r&112)>>4,(r&128)==0)return this.assertBounds(),[t,e];for(let n=3;n<=31;n+=7){let i=this.buf[this.pos++];if(e|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}throw new Error("invalid varint")}wn.varint64read=nNe;function iNe(t,e,r){for(let s=0;s<28;s=s+7){let o=t>>>s,a=!(!(o>>>7)&&e==0),A=(a?o|128:o)&255;if(r.push(A),!a)return}let n=t>>>28&15|(e&7)<<4,i=e>>3!=0;if(r.push((i?n|128:n)&255),!!i){for(let s=3;s<31;s=s+7){let o=e>>>s,a=!!(o>>>7),A=(a?o|128:o)&255;if(r.push(A),!a)return}r.push(e>>>31&1)}}wn.varint64write=iNe;var sI=65536*65536;function sNe(t){let e=t[0]=="-";e&&(t=t.slice(1));let r=1e6,n=0,i=0;function s(o,a){let A=Number(t.slice(o,a));i*=r,n=n*r+A,n>=sI&&(i=i+(n/sI|0),n=n%sI)}return s(-24,-18),s(-18,-12),s(-12,-6),s(-6),[e,n,i]}wn.int64fromString=sNe;function oNe(t,e){if(e>>>0<=2097151)return""+(sI*e+(t>>>0));let r=t&16777215,n=(t>>>24|e<<8)>>>0&16777215,i=e>>16&65535,s=r+n*6777216+i*6710656,o=n+i*8147497,a=i*2,A=1e7;s>=A&&(o+=Math.floor(s/A),s%=A),o>=A&&(a+=Math.floor(o/A),o%=A);function c(l,u){let d=l?String(l):"";return u?"0000000".slice(d.length)+d:d}return c(a,0)+c(o,a)+c(s,1)}wn.int64toString=oNe;function aNe(t,e){if(t>=0){for(;t>127;)e.push(t&127|128),t=t>>>7;e.push(t)}else{for(let r=0;r<9;r++)e.push(t&127|128),t=t>>7;e.push(1)}}wn.varint32write=aNe;function ANe(){let t=this.buf[this.pos++],e=t&127;if((t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<7,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<14,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<21,(t&128)==0)return this.assertBounds(),e;t=this.buf
 								`)}};kI.RpcError=p_});var E_=h(TI=>{"use strict";Object.defineProperty(TI,"__esModule",{value:!0});TI.mergeRpcOptions=void 0;var g4=Xu();function vwe(t,e){if(!e)return t;let r={};PI(t,r),PI(e,r);for(let n of Object.keys(e)){let i=e[n];switch(n){case"jsonOptions":r.jsonOptions=g4.mergeJsonOptions(t.jsonOptions,r.jsonOptions);break;case"binaryOptions":r.binaryOptions=g4.mergeBinaryOptions(t.binaryOptions,r.binaryOptions);break;case"meta":r.meta={},PI(t.meta,r.meta),PI(e.meta,r.meta);break;case"interceptors":r.interceptors=t.interceptors?t.interceptors.concat(i):i.concat();break}}return r}TI.mergeRpcOptions=vwe;function PI(t,e){if(!t)return;let r=e;for(let[n,i]of Object.entries(t))i instanceof Date?r[n]=new Date(i.getTime()):Array.isArray(i)?r[n]=i.concat():r[n]=i}});var I_=h(OA=>{"use strict";Object.defineProperty(OA,"__esModule",{value:!0});OA.Deferred=OA.DeferredState=void 0;var Ds;(function(t){t[t.PENDING=0]="PENDING",t[t.REJECTED=1]="REJECTED",t[t.RESOLVED=2]="RESOLVED"})(Ds=OA.DeferredState||(OA.DeferredState={}));var C_=class{constructor(e=!0){this._state=Ds.PENDING,this._promise=new Promise((r,n)=>{this._resolve=r,this._reject=n}),e&&this._promise.catch(r=>{})}get state(){return this._state}get promise(){return this._promise}resolve(e){if(this.state!==Ds.PENDING)throw new Error(`cannot resolve ${Ds[this.state].toLowerCase()}`);this._resolve(e),this._state=Ds.RESOLVED}reject(e){if(this.state!==Ds.PENDING)throw new Error(`cannot reject ${Ds[this.state].toLowerCase()}`);this._reject(e),this._state=Ds.REJECTED}resolvePending(e){this._state===Ds.PENDING&&this.resolve(e)}rejectPending(e){this._state===Ds.PENDING&&this.reject(e)}};OA.Deferred=C_});var Q_=h(OI=>{"use strict";Object.defineProperty(OI,"__esModule",{value:!0});OI.RpcOutputStreamController=void 0;var m4=I_(),LA=Xu(),B_=class{constructor(){this._lis={nxt:[],msg:[],err:[],cmp:[]},this._closed=!1,this._itState={q:[]}}onNext(e){return this.addLis(e,this._lis.nxt)}onMessage(e){return this.addLis(e,this._lis.msg)}onError(e){return this.addLis(e,this._lis.err)}onComplete(e){return this.addLis(e,this._lis.cmp)}addLis(e,r){return r.push(e),()=>{let n=r.indexOf(e);n>=0&&r.splice(n,1)}}clearLis(){for(let e of Object.values(this._lis))e.splice(0,e.length)}get closed(){return this._closed!==!1}notifyNext(e,r,n){LA.assert((e?1:0)+(r?1:0)+(n?1:0)<=1,"only one emission at a time"),e&&this.notifyMessage(e),r&&this.notifyError(r),n&&this.notifyComplete()}notifyMessage(e){LA.assert(!this.closed,"stream is closed"),this.pushIt({value:e,done:!1}),this._lis.msg.forEach(r=>r(e)),this._lis.nxt.forEach(r=>r(e,void 0,!1))}notifyError(e){LA.assert(!this.closed,"stream is closed"),this._closed=e,this.pushIt(e),this._lis.err.forEach(r=>r(e)),this._lis.nxt.forEach(r=>r(void 0,e,!1)),this.clearLis()}notifyComplete(){LA.assert(!this.closed,"stream is closed"),this._closed=!0,this.pushIt({value:null,done:!0}),this._lis.cmp.forEach(e=>e()),this._lis.nxt.forEach(e=>e(void 0,void 0,!0)),this.clearLis()}[Symbol.asyncIterator](){return this._closed===!0?this.pushIt({value:null,done:!0}):this._closed!==!1&&this.pushIt(this._closed),{next:()=>{let e=this._itState;LA.assert(e,"bad state"),LA.assert(!e.p,"iterator contract broken");let r=e.q.shift();return r?"value"in r?Promise.resolve(r):Promise.reject(r):(e.p=new m4.Deferred,e.p.promise)}}}pushIt(e){let r=this._itState;if(r.p){let n=r.p;LA.assert(n.state==m4.DeferredState.PENDING,"iterator contract broken"),"value"in e?n.resolve(e):n.reject(e),delete r.p}else r.q.push(e)}};OI.RpcOutputStreamController=B_});var N_=h(Zu=>{"use strict";var _we=Zu&&Zu.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(Zu,"__esModule",{value:!0});Zu.UnaryCall=void 0;var b_=class{constructor(e,r,n,i,s,o,a){this.method=e,this.requestHeaders=r,this.request=n,this.headers=i,this.response=s,this.s
 								`:case"\r":case"	":case" ":continue;default:throw Error("invalid base64 string.")}switch(i){case 0:o=s,i=1;break;case 1:r[n++]=o<<2|(s&48)>>4,o=s,i=2;break;case 2:r[n++]=(o&15)<<4|(s&60)>>2,o=s,i=3;break;case 3:r[n++]=(o&3)<<6|s,i=0;break}}if(i==1)throw Error("invalid base64 string.");return r.subarray(0,n)}ad.base64decode=iSe;function sSe(t){let e="",r=0,n,i=0;for(let s=0;s<t.length;s++)switch(n=t[s],r){case 0:e+=Eo[n>>2],i=(n&3)<<4,r=1;break;case 1:e+=Eo[i|n>>4],i=(n&15)<<2,r=2;break;case 2:e+=Eo[i|n>>6],e+=Eo[n&63],r=0;break}return r&&(e+=Eo[i],e+="=",r==1&&(e+="=")),e}ad.base64encode=sSe});var Q4=h(HI=>{"use strict";Object.defineProperty(HI,"__esModule",{value:!0});HI.utf8read=void 0;var P_=t=>String.fromCharCode.apply(String,t);function oSe(t){if(t.length<1)return"";let e=0,r=[],n=[],i=0,s,o=t.length;for(;e<o;)s=t[e++],s<128?n[i++]=s:s>191&&s<224?n[i++]=(s&31)<<6|t[e++]&63:s>239&&s<365?(s=((s&7)<<18|(t[e++]&63)<<12|(t[e++]&63)<<6|t[e++]&63)-65536,n[i++]=55296+(s>>10),n[i++]=56320+(s&1023)):n[i++]=(s&15)<<12|(t[e++]&63)<<6|t[e++]&63,i>8191&&(r.push(P_(n)),i=0);return r.length?(i&&r.push(P_(n.slice(0,i))),r.join("")):P_(n.slice(0,i))}HI.utf8read=oSe});var Qg=h(ks=>{"use strict";Object.defineProperty(ks,"__esModule",{value:!0});ks.WireType=ks.mergeBinaryOptions=ks.UnknownFieldHandler=void 0;var aSe;(function(t){t.symbol=Symbol.for("protobuf-ts/unknown"),t.onRead=(r,n,i,s,o)=>{(e(n)?n[t.symbol]:n[t.symbol]=[]).push({no:i,wireType:s,data:o})},t.onWrite=(r,n,i)=>{for(let{no:s,wireType:o,data:a}of t.list(n))i.tag(s,o).raw(a)},t.list=(r,n)=>{if(e(r)){let i=r[t.symbol];return n?i.filter(s=>s.no==n):i}return[]},t.last=(r,n)=>t.list(r,n).slice(-1)[0];let e=r=>r&&Array.isArray(r[t.symbol])})(aSe=ks.UnknownFieldHandler||(ks.UnknownFieldHandler={}));function ASe(t,e){return Object.assign(Object.assign({},t),e)}ks.mergeBinaryOptions=ASe;var cSe;(function(t){t[t.Varint=0]="Varint",t[t.Bit64=1]="Bit64",t[t.LengthDelimited=2]="LengthDelimited",t[t.StartGroup=3]="StartGroup",t[t.EndGroup=4]="EndGroup",t[t.Bit32=5]="Bit32"})(cSe=ks.WireType||(ks.WireType={}))});var zI=h(xn=>{"use strict";Object.defineProperty(xn,"__esModule",{value:!0});xn.varint32read=xn.varint32write=xn.int64toString=xn.int64fromString=xn.varint64write=xn.varint64read=void 0;function lSe(){let t=0,e=0;for(let n=0;n<28;n+=7){let i=this.buf[this.pos++];if(t|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}let r=this.buf[this.pos++];if(t|=(r&15)<<28,e=(r&112)>>4,(r&128)==0)return this.assertBounds(),[t,e];for(let n=3;n<=31;n+=7){let i=this.buf[this.pos++];if(e|=(i&127)<<n,(i&128)==0)return this.assertBounds(),[t,e]}throw new Error("invalid varint")}xn.varint64read=lSe;function uSe(t,e,r){for(let s=0;s<28;s=s+7){let o=t>>>s,a=!(!(o>>>7)&&e==0),A=(a?o|128:o)&255;if(r.push(A),!a)return}let n=t>>>28&15|(e&7)<<4,i=e>>3!=0;if(r.push((i?n|128:n)&255),!!i){for(let s=3;s<31;s=s+7){let o=e>>>s,a=!!(o>>>7),A=(a?o|128:o)&255;if(r.push(A),!a)return}r.push(e>>>31&1)}}xn.varint64write=uSe;var jI=65536*65536;function dSe(t){let e=t[0]=="-";e&&(t=t.slice(1));let r=1e6,n=0,i=0;function s(o,a){let A=Number(t.slice(o,a));i*=r,n=n*r+A,n>=jI&&(i=i+(n/jI|0),n=n%jI)}return s(-24,-18),s(-18,-12),s(-12,-6),s(-6),[e,n,i]}xn.int64fromString=dSe;function fSe(t,e){if(e>>>0<=2097151)return""+(jI*e+(t>>>0));let r=t&16777215,n=(t>>>24|e<<8)>>>0&16777215,i=e>>16&65535,s=r+n*6777216+i*6710656,o=n+i*8147497,a=i*2,A=1e7;s>=A&&(o+=Math.floor(s/A),s%=A),o>=A&&(a+=Math.floor(o/A),o%=A);function c(l,u){let d=l?String(l):"";return u?"0000000".slice(d.length)+d:d}return c(a,0)+c(o,a)+c(s,1)}xn.int64toString=fSe;function hSe(t,e){if(t>=0){for(;t>127;)e.push(t&127|128),t=t>>>7;e.push(t)}else{for(let r=0;r<9;r++)e.push(t&127|128),t=t>>7;e.push(1)}}xn.varint32write=hSe;function gSe(){let t=this.buf[this.pos++],e=t&127;if((t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<7,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<14,(t&128)==0)return this.assertBounds(),e;if(t=this.buf[this.pos++],e|=(t&127)<<21,(t&128)==0)return this.assertBounds(),e;t=this.buf
 								`));let n=yield CD(r,"create");yield ID(n,t)})}Yr.createTar=tRe});var bB=h(Yt=>{"use strict";var rRe=Yt&&Yt.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),nRe=Yt&&Yt.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),Lg=Yt&&Yt.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&rRe(e,t,r);return nRe(e,t),e},Qd=Yt&&Yt.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(Yt,"__esModule",{value:!0});Yt.saveCache=Yt.restoreCache=Yt.isFeatureAvailable=Yt.FinalizeCacheError=Yt.ReserveCacheError=Yt.ValidationError=void 0;var he=Lg(at()),IB=Lg(require("path")),_t=Lg(gl()),Bd=Lg(T3()),h$=Lg(l$()),BB=XC(),ba=f$(),QB=AA(),Ri=class t extends Error{constructor(e){super(e),this.name="ValidationError",Object.setPrototypeOf(this,t.prototype)}};Yt.ValidationError=Ri;var UA=class t extends Error{constructor(e){super(e),this.name="ReserveCacheError",Object.setPrototypeOf(this,t.prototype)}};Yt.ReserveCacheError=UA;var Og=class t extends Error{constructor(e){super(e),this.name="FinalizeCacheError",Object.setPrototypeOf(this,t.prototype)}};Yt.FinalizeCacheError=Og;function g$(t){if(!t||t.length===0)throw new Ri("Path Validation Error: At least one directory or file path is required")}function BD(t){if(t.length>512)throw new Ri(`Key Validation Error: ${t} cannot be larger than 512 characters.`);if(!/^[^,]*$/.test(t))throw new Ri(`Key Validation Error: ${t} cannot contain commas.`)}function iRe(){return(0,BB.getCacheServiceVersion)()==="v2"?!!process.env.ACTIONS_RESULTS_URL:!!process.env.ACTIONS_CACHE_URL}Yt.isFeatureAvailable=iRe;function sRe(t,e,r,n,i=!1){return Qd(this,void 0,void 0,function*(){let s=(0,BB.getCacheServiceVersion)();return he.debug(`Cache service version: ${s}`),g$(t),s==="v2"?yield aRe(t,e,r,n,i):yield oRe(t,e,r,n,i)})}Yt.restoreCache=sRe;function oRe(t,e,r,n,i=!1){return Qd(this,void 0,void 0,function*(){r=r||[];let s=[e,...r];if(he.debug("Resolved Keys:"),he.debug(JSON.stringify(s)),s.length>10)throw new Ri("Key Validation Error: Keys are limited to a maximum of 10.");for(let A of s)BD(A);let o=yield _t.getCompressionMethod(),a="";try{let A=yield Bd.getCacheEntry(s,t,{compressionMethod:o,enableCrossOsArchive:i});if(!A?.archiveLocation)return;if(n?.lookupOnly)return he.info("Lookup only - skipping download"),A.cacheKey;a=IB.join(yield _t.createTempDirectory(),_t.getCacheFileName(o)),he.debug(`Archive Path: ${a}`),yield Bd.downloadCache(A.archiveLocation,a,n),he.isDebug()&&(yield(0,ba.listTar)(a,o));let c=_t.getArchiveFileSizeInBytes(a);return he.info(`Cache Size: ~${Math.round(c/(1024*1024))} MB (${c} B)`),yield(0,ba.extractTar)(a,o),he.info("Cache restored successfully"),A.cacheKey}catch(A){let c=A;if(c.name===Ri.name)throw A;c instanceof QB.HttpClientError&&typeof c.statusCode=="number"&&c.statusCode>=500?he.error(`Failed to restore: ${A.message}`):he.warning(`Failed to restore: ${A.message}`)}finally{try{yield _t.unlinkFile(a)}catch(A){he.debug(`Failed to delete archive: ${A}`)}}})}function aRe(t,e,r,n,i=!1){return Qd(this,void 0,void 0,function*(){n=Object.assign(Object.assign({},n),{useAzureSdk:!0}),r=r||[];let s=[e,...r];if(he.debug("Resolved Keys:"),he.debug(JSON.stringify(s)),s.length>10)throw new Ri("Key Validation Error: Keys are limited to a maximum of 10.");for(let a of s)BD(a);let o="";try{let a=h$.internalCacheTwirpClient(),A=yield _t.getCompressionMethod(),c={key:e,restoreKeys:r,version:_t.getCacheVers
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`),e=e.replace(/\r/g,`
 								`));let i=e.split(`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`).map(s=>s.trim());for(let s of i)!s||s.startsWith("#")||n.patterns.push(new x$.Pattern(s));return n.searchPaths.push(..._B.getSearchPaths(n.patterns)),n})}static stat(e,r,n){return vD(this,void 0,void 0,function*(){let i;if(r.followSymbolicLinks)try{i=yield jg.promises.stat(e.path)}catch(s){if(s.code==="ENOENT"){if(r.omitBrokenSymbolicLinks){_D.debug(`Broken symlink '${e.path}'`);return}throw new Error(`No information found for the path '${e.path}'. This may indicate a broken symbolic link.`)}throw s}else i=yield jg.promises.lstat(e.path);if(i.isDirectory()&&r.followSymbolicLinks){let s=yield jg.promises.realpath(e.path);for(;n.length>=e.level;)n.pop();if(n.some(o=>o===s)){_D.debug(`Symlink cycle detected for path '${e.path}' and realpath '${s}'`);return}n.push(s)}return i})}};Sr.DefaultGlobber=DD});var P$=h(Dn=>{"use strict";var jRe=Dn&&Dn.__createBinding||(Object.create?(function(t,e,r,n){n===void 0&&(n=r);var i=Object.getOwnPropertyDescriptor(e,r);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(t,n,i)}):(function(t,e,r,n){n===void 0&&(n=r),t[n]=e[r]})),zRe=Dn&&Dn.__setModuleDefault||(Object.create?(function(t,e){Object.defineProperty(t,"default",{enumerable:!0,value:e})}):function(t,e){t.default=e}),bd=Dn&&Dn.__importStar||function(t){if(t&&t.__esModule)return t;var e={};if(t!=null)for(var r in t)r!=="default"&&Object.prototype.hasOwnProperty.call(t,r)&&jRe(e,t,r);return zRe(e,t),e},GRe=Dn&&Dn.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})},YRe=Dn&&Dn.__asyncValues||function(t){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var e=t[Symbol.asyncIterator],r;return e?e.call(t):(t=typeof __values=="function"?__values(t):t[Symbol.iterator](),r={},n("next"),n("throw"),n("return"),r[Symbol.asyncIterator]=function(){return this},r);function n(s){r[s]=t[s]&&function(o){return new Promise(function(a,A){o=t[s](o),i(a,A,o.done,o.value)})}}function i(s,o,a,A){Promise.resolve(A).then(function(c){s({value:c,done:a})},o)}};Object.defineProperty(Dn,"__esModule",{value:!0});Dn.hashFiles=void 0;var _$=bd(require("crypto")),D$=bd(at()),k$=bd(require("fs")),JRe=bd(require("stream")),VRe=bd(require("util")),WRe=bd(require("path"));function $Re(t,e,r=!1){var n,i,s,o,a;return GRe(this,void 0,void 0,function*(){let A=r?D$.info:D$.debug,c=!1,l=e||((a=process.env.GITHUB_WORKSPACE)!==null&&a!==void 0?a:process.cwd()),u=_$.createHash("sha256"),d=0;try{for(var f=!0,g=YRe(t.globGenerator()),m;m=yield g.next(),n=m.done,!n;f=!0){o=m.value,f=!1;let E=o;if(A(E),!E.startsWith(`${l}${WRe.sep}`)){A(`Ignore '${E}' since it is not under GITHUB_WORKSPACE.`);continue}if(k$.statSync(E).isDirectory()){A(`Skip directory '${E}'.`);continue}let C=_$.createHash("sha256");yield VRe.promisify(JRe.pipeline)(k$.createReadStream(E),C),u.write(C.digest()),d++,c||(c=!0)}}catch(E){i={error:E}}finally{try{!f&&!n&&(s=g.return)&&(yield s.call(g))}finally{if(i)throw i.error}}return u.end(),c?(A(`Found ${d} files to hash.`),u.digest("hex")):(A("No matches found for glob"),"")})}Dn.hashFiles=$Re});var L$=h(xa=>{"use strict";var T$=xa&&xa.__awaiter||function(t,e,r,n){function i(s){return s instanceof r?s:new r(function(o){o(s)})}return new(r||(r=Promise))(function(s,o){function a(l){try{c(n.next(l))}catch(u){o(u)}}function A(l){try{c(n.throw(l))}catch(u){o(u)}}function c(l){l.done?s(l.value):i(l.value).then(a,A)}c((n=n.apply(t,e||[])).next())})};Object.defineProperty(xa,"__esModule",{value:!0});xa.hashFiles=xa.create=void 0;var KRe=v$(),XRe=P$();function O$(t,e){return T$(this,void 0,void 0,function*(){return yield KRe.DefaultGlobber.create(t,e)})}xa.create=O$;function ZRe(t,e="",r,n=!1){return T$(this,void 0,void 0,function*(){let i=!0;r&&typeof r.followSymbolicLinks=="boolean"&&(i=r.followSymbolic
 								`).map(nve).filter(Boolean)};function nve(t,e){if(!t||!t.length||t.charAt(0)==="#")return null;var r=t.split(":");return{username:r[0],password:r[1],uid:r[2],gid:r[3],gecos:r[4],homedir:r[5],shell:r[6]}}});var X$=h((F2e,K$)=>{"use strict";var ive=require("fs"),sve=$$();function ove(){if(process.platform==="win32")return process.env.USERPROFILE?process.env.USERPROFILE:process.env.HOMEDRIVE&&process.env.HOMEPATH?process.env.HOMEDRIVE+process.env.HOMEPATH:process.env.HOME?process.env.HOME:null;if(process.env.HOME)return process.env.HOME;var t=cve("/etc/passwd"),e=ave(sve(t),Ave());if(e)return e;var r=process.env.LOGNAME||process.env.USER||process.env.LNAME||process.env.USERNAME;return r?process.platform==="darwin"?"/Users/"+r:"/home/"+r:null}function ave(t,e){for(var r=t.length,n=0;n<r;n++)if(+t[n].uid===e)return t[n].homedir}function Ave(){return typeof process.geteuid=="function"?process.geteuid():process.getuid()}function cve(t){try{return ive.readFileSync(t,"utf8")}catch{return""}}K$.exports=ove});var eK=h((U2e,kD)=>{"use strict";var Z$=require("os");typeof Z$.homedir<"u"?kD.exports=Z$.homedir:kD.exports=X$()});var nK=h((q2e,rK)=>{var lve=eK(),tK=require("path");rK.exports=function(e){var r=lve();return e.charCodeAt(0)===126?e.charCodeAt(1)===43?tK.join(process.cwd(),e.slice(2)):r?tK.join(r,e.slice(1)):e:e}});var He=h(Tr=>{"use strict";var PD=Symbol.for("yaml.alias"),iK=Symbol.for("yaml.document"),DB=Symbol.for("yaml.map"),sK=Symbol.for("yaml.pair"),TD=Symbol.for("yaml.scalar"),kB=Symbol.for("yaml.seq"),Qo=Symbol.for("yaml.node.type"),uve=t=>!!t&&typeof t=="object"&&t[Qo]===PD,dve=t=>!!t&&typeof t=="object"&&t[Qo]===iK,fve=t=>!!t&&typeof t=="object"&&t[Qo]===DB,hve=t=>!!t&&typeof t=="object"&&t[Qo]===sK,oK=t=>!!t&&typeof t=="object"&&t[Qo]===TD,gve=t=>!!t&&typeof t=="object"&&t[Qo]===kB;function aK(t){if(t&&typeof t=="object")switch(t[Qo]){case DB:case kB:return!0}return!1}function mve(t){if(t&&typeof t=="object")switch(t[Qo]){case PD:case DB:case TD:case kB:return!0}return!1}var pve=t=>(oK(t)||aK(t))&&!!t.anchor;Tr.ALIAS=PD;Tr.DOC=iK;Tr.MAP=DB;Tr.NODE_TYPE=Qo;Tr.PAIR=sK;Tr.SCALAR=TD;Tr.SEQ=kB;Tr.hasAnchor=pve;Tr.isAlias=uve;Tr.isCollection=aK;Tr.isDocument=dve;Tr.isMap=fve;Tr.isNode=mve;Tr.isPair=hve;Tr.isScalar=oK;Tr.isSeq=gve});var Gg=h(OD=>{"use strict";var dr=He(),kn=Symbol("break visit"),AK=Symbol("skip children"),Os=Symbol("remove node");function PB(t,e){let r=cK(e);dr.isDocument(t)?wd(null,t.contents,r,Object.freeze([t]))===Os&&(t.contents=null):wd(null,t,r,Object.freeze([]))}PB.BREAK=kn;PB.SKIP=AK;PB.REMOVE=Os;function wd(t,e,r,n){let i=lK(t,e,r,n);if(dr.isNode(i)||dr.isPair(i))return uK(t,n,i),wd(t,i,r,n);if(typeof i!="symbol"){if(dr.isCollection(e)){n=Object.freeze(n.concat(e));for(let s=0;s<e.items.length;++s){let o=wd(s,e.items[s],r,n);if(typeof o=="number")s=o-1;else{if(o===kn)return kn;o===Os&&(e.items.splice(s,1),s-=1)}}}else if(dr.isPair(e)){n=Object.freeze(n.concat(e));let s=wd("key",e.key,r,n);if(s===kn)return kn;s===Os&&(e.key=null);let o=wd("value",e.value,r,n);if(o===kn)return kn;o===Os&&(e.value=null)}}return i}async function TB(t,e){let r=cK(e);dr.isDocument(t)?await Sd(null,t.contents,r,Object.freeze([t]))===Os&&(t.contents=null):await Sd(null,t,r,Object.freeze([]))}TB.BREAK=kn;TB.SKIP=AK;TB.REMOVE=Os;async function Sd(t,e,r,n){let i=await lK(t,e,r,n);if(dr.isNode(i)||dr.isPair(i))return uK(t,n,i),Sd(t,i,r,n);if(typeof i!="symbol"){if(dr.isCollection(e)){n=Object.freeze(n.concat(e));for(let s=0;s<e.items.length;++s){let o=await Sd(s,e.items[s],r,n);if(typeof o=="number")s=o-1;else{if(o===kn)return kn;o===Os&&(e.items.splice(s,1),s-=1)}}}else if(dr.isPair(e)){n=Object.freeze(n.concat(e));let s=await Sd("key",e.key,r,n);if(s===kn)return kn;s===Os&&(e.key=null);let o=await Sd("value",e.value,r,n);if(o===kn)return kn;o===Os&&(e.value=null)}}return i}function cK(t){return typeof t=="object"&&(t.Collection||t.Node||t.Value)?Object.assign({Alias:t.Node,Map:t.Node,Scalar:t.Node,Seq:t.Node},t.Value&&{Map:t.Value,Scalar:t.Value,Seq:t.Value},t.Collection&&{Map:t.Collection,Seq:t.Collection},t):t}function
 								`)}};Yg.defaultYaml={explicit:!1,version:"1.2"};Yg.defaultTags={"!!":"tag:yaml.org,2002:"};fK.Directives=Yg});var OB=h(Jg=>{"use strict";var hK=He(),Ive=Gg();function Bve(t){if(/[\x00-\x19\s,[\]{}]/.test(t)){let r=`Anchor must not contain whitespace or control characters: ${JSON.stringify(t)}`;throw new Error(r)}return!0}function gK(t){let e=new Set;return Ive.visit(t,{Value(r,n){n.anchor&&e.add(n.anchor)}}),e}function mK(t,e){for(let r=1;;++r){let n=`${t}${r}`;if(!e.has(n))return n}}function Qve(t,e){let r=[],n=new Map,i=null;return{onAnchor:s=>{r.push(s),i||(i=gK(t));let o=mK(e,i);return i.add(o),o},setAnchors:()=>{for(let s of r){let o=n.get(s);if(typeof o=="object"&&o.anchor&&(hK.isScalar(o.node)||hK.isCollection(o.node)))o.node.anchor=o.anchor;else{let a=new Error("Failed to resolve repeated object (this should not happen)");throw a.source=s,a}}},sourceObjects:n}}Jg.anchorIsValid=Bve;Jg.anchorNames=gK;Jg.createNodeAnchors=Qve;Jg.findNewAnchor=mK});var MD=h(pK=>{"use strict";function Vg(t,e,r,n){if(n&&typeof n=="object")if(Array.isArray(n))for(let i=0,s=n.length;i<s;++i){let o=n[i],a=Vg(t,n,String(i),o);a===void 0?delete n[i]:a!==o&&(n[i]=a)}else if(n instanceof Map)for(let i of Array.from(n.keys())){let s=n.get(i),o=Vg(t,n,i,s);o===void 0?n.delete(i):o!==s&&n.set(i,o)}else if(n instanceof Set)for(let i of Array.from(n)){let s=Vg(t,n,i,i);s===void 0?n.delete(i):s!==i&&(n.delete(i),n.add(s))}else for(let[i,s]of Object.entries(n)){let o=Vg(t,n,i,s);o===void 0?delete n[i]:o!==s&&(n[i]=o)}return t.call(e,r,n)}pK.applyReviver=Vg});var Ra=h(EK=>{"use strict";var bve=He();function yK(t,e,r){if(Array.isArray(t))return t.map((n,i)=>yK(n,String(i),r));if(t&&typeof t.toJSON=="function"){if(!r||!bve.hasAnchor(t))return t.toJSON(e,r);let n={aliasCount:0,count:1,res:void 0};r.anchors.set(t,n),r.onCreate=s=>{n.res=s,delete r.onCreate};let i=t.toJSON(e,r);return r.onCreate&&r.onCreate(i),i}return typeof t=="bigint"&&!r?.keep?Number(t):t}EK.toJS=yK});var LB=h(IK=>{"use strict";var Nve=MD(),CK=He(),wve=Ra(),FD=class{constructor(e){Object.defineProperty(this,CK.NODE_TYPE,{value:e})}clone(){let e=Object.create(Object.getPrototypeOf(this),Object.getOwnPropertyDescriptors(this));return this.range&&(e.range=this.range.slice()),e}toJS(e,{mapAsMap:r,maxAliasCount:n,onAnchor:i,reviver:s}={}){if(!CK.isDocument(e))throw new TypeError("A document argument is required");let o={anchors:new Map,doc:e,keep:!0,mapAsMap:r===!0,mapKeyWarned:!1,maxAliasCount:typeof n=="number"?n:100},a=wve.toJS(this,"",o);if(typeof i=="function")for(let{count:A,res:c}of o.anchors.values())i(c,A);return typeof s=="function"?Nve.applyReviver(s,{"":a},"",a):a}};IK.NodeBase=FD});var Wg=h(QK=>{"use strict";var Sve=OB(),BK=Gg(),MB=He(),xve=LB(),Rve=Ra(),UD=class extends xve.NodeBase{constructor(e){super(MB.ALIAS),this.source=e,Object.defineProperty(this,"tag",{set(){throw new Error("Alias nodes cannot have tags")}})}resolve(e){let r;return BK.visit(e,{Node:(n,i)=>{if(i===this)return BK.visit.BREAK;i.anchor===this.source&&(r=i)}}),r}toJSON(e,r){if(!r)return{source:this.source};let{anchors:n,doc:i,maxAliasCount:s}=r,o=this.resolve(i);if(!o){let A=`Unresolved alias (the anchor must be set before the alias): ${this.source}`;throw new ReferenceError(A)}let a=n.get(o);if(a||(Rve.toJS(o,null,r),a=n.get(o)),!a||a.res===void 0){let A="This should not happen: Alias anchor was not resolved?";throw new ReferenceError(A)}if(s>=0&&(a.count+=1,a.aliasCount===0&&(a.aliasCount=FB(i,o,n)),a.count*a.aliasCount>s)){let A="Excessive alias count indicates a resource exhaustion attack";throw new ReferenceError(A)}return a.res}toString(e,r,n){let i=`*${this.source}`;if(e){if(Sve.anchorIsValid(this.source),e.options.verifyAliasOrder&&!e.anchors.has(this.source)){let s=`Unresolved alias (the anchor must be set before the alias): ${this.source}`;throw new Error(s)}if(e.implicitKey)return`${i} `}return i}};function FB(t,e,r){if(MB.isAlias(e)){let n=e.resolve(t),i=r&&n&&r.get(n);return i?i.count*i.aliasCount:0}else if(MB.isCollection(e)){let n=0;for(let i of e.items){let s=FB(t,i,r);s>n&&(n=s)}return n}
-												fix: force-replace npm's broken bin shims for pn/pnx aliases

npm creates bin shims in .bin/ that point to an isolated copy in
.bin/.tools/. After self-update, setup.js fixes the main copy in
node_modules/@pnpm/exe/ but the .tools copy retains stale placeholder
files. Always replace the bin links so they point directly to the
fixed files instead of npm's broken .tools shims.

											
										
										
											2026-03-26 18:54:54 +01:00
+								`)?zD(r,e):r.includes(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)?`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`+zD(r,e):(t.endsWith(" ")?"":" ")+r;HB.indentComment=zD;HB.lineComment=qve;HB.stringifyComment=Uve});var xK=h(Xg=>{"use strict";var Hve="flow",GD="block",jB="quoted";function jve(t,e,r="flow",{indentAtStart:n,lineWidth:i=80,minContentWidth:s=20,onFold:o,onOverflow:a}={}){if(!i||i<0)return t;i<s&&(s=0);let A=Math.max(1+s,1+i-e.length);if(t.length<=A)return t;let c=[],l={},u=i-e.length;typeof n=="number"&&(n>i-Math.max(2,s)?c.push(0):u=i-n);let d,f,g=!1,m=-1,E=-1,C=-1;r===GD&&(m=SK(t,m,e.length),m!==-1&&(u=m+A));for(let N;N=t[m+=1];){if(r===jB&&N==="\\"){switch(E=m,t[m+1]){case"x":m+=3;break;case"u":m+=5;break;case"U":m+=9;break;default:m+=1}C=m}if(N===`
 								`)r===GD&&(m=SK(t,m,e.length)),u=m+e.length+A,d=void 0;else{if(N===" "&&f&&f!==" "&&f!==`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`&&f!=="	"){let w=t[m+1];w&&w!==" "&&w!==`
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`&&w!=="	"&&(d=m)}if(m>=u)if(d)c.push(d),u=d+A,d=void 0;else if(r===jB){for(;f===" "||f==="	";)f=N,N=t[m+=1],g=!0;let w=m>C+1?m-2:E-1;if(l[w])return t;c.push(w),l[w]=!0,u=w+A,d=void 0}else g=!0}f=N}if(g&&a&&a(),c.length===0)return t;o&&o();let I=t.slice(0,c[0]);for(let N=0;N<c.length;++N){let w=c[N],v=c[N+1]||t.length;w===0?I=`
 								${e}${t.slice(0,v)}`:(r===jB&&l[w]&&(I+=`${t[w]}\\`),I+=`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								${e}${t.slice(w+1,v)}`)}return I}function SK(t,e,r){let n=e,i=e+1,s=t[i];for(;s===" "||s==="	";)if(e<i+r)s=t[++e];else{do s=t[++e];while(s&&s!==`
 								`);n=e,i=e+1,s=t[i]}return n}Xg.FOLD_BLOCK=GD;Xg.FOLD_FLOW=Hve;Xg.FOLD_QUOTED=jB;Xg.foldFlowLines=jve});var em=h(RK=>{"use strict";var ts=sr(),_a=xK(),GB=(t,e)=>({indentAtStart:e?t.indent.length:t.indentAtStart,lineWidth:t.options.lineWidth,minContentWidth:t.options.minContentWidth}),YB=t=>/^(%|---|\.\.\.)/m.test(t);function zve(t,e,r){if(!e||e<0)return!1;let n=e-r,i=t.length;if(i<=n)return!1;for(let s=0,o=0;s<i;++s)if(t[s]===`
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`){if(s-o>n)return!0;if(o=s+1,i-o<=n)return!1}return!0}function Zg(t,e){let r=JSON.stringify(t);if(e.options.doubleQuotedAsJSON)return r;let{implicitKey:n}=e,i=e.options.doubleQuotedMinMultiLineLength,s=e.indent||(YB(t)?"  ":""),o="",a=0;for(let A=0,c=r[A];c;c=r[++A])if(c===" "&&r[A+1]==="\\"&&r[A+2]==="n"&&(o+=r.slice(a,A)+"\\ ",A+=1,a=A,c="\\"),c==="\\")switch(r[A+1]){case"u":{o+=r.slice(a,A);let l=r.substr(A+2,4);switch(l){case"0000":o+="\\0";break;case"0007":o+="\\a";break;case"000b":o+="\\v";break;case"001b":o+="\\e";break;case"0085":o+="\\N";break;case"00a0":o+="\\_";break;case"2028":o+="\\L";break;case"2029":o+="\\P";break;default:l.substr(0,2)==="00"?o+="\\x"+l.substr(2):o+=r.substr(A,6)}A+=5,a=A+1}break;case"n":if(n||r[A+2]==='"'||r.length<i)A+=1;else{for(o+=r.slice(a,A)+`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
 								`;r[A+2]==="\\"&&r[A+3]==="n"&&r[A+4]!=='"';)o+=`
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`,A+=2;o+=s,r[A+2]===" "&&(o+="\\"),A+=1,a=A+1}break;default:A+=1}return o=a?o+r.slice(a):r,n?o:_a.foldFlowLines(o,s,_a.FOLD_QUOTED,GB(e,!1))}function YD(t,e){if(e.options.singleQuote===!1||e.implicitKey&&t.includes(`
 								`)||/[ \t]\n|\n[ \t]/.test(t))return Zg(t,e);let r=e.indent||(YB(t)?"  ":""),n="'"+t.replace(/'/g,"''").replace(/\n+/g,`$&
 								${r}`)+"'";return e.implicitKey?n:_a.foldFlowLines(n,r,_a.FOLD_FLOW,GB(e,!1))}function xd(t,e){let{singleQuote:r}=e.options,n;if(r===!1)n=Zg;else{let i=t.includes('"'),s=t.includes("'");i&&!s?n=YD:s&&!i?n=Zg:n=r?YD:Zg}return n(t,e)}var JD;try{JD=new RegExp(`(^|(?<!
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								))
 								+(?!
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								|$)`,"g")}catch{JD=/\n+(?!\n|$)/g}function zB({comment:t,type:e,value:r},n,i,s){let{blockQuote:o,commentString:a,lineWidth:A}=n.options;if(!o||/\n[\t ]+$/.test(r)||/^\s*$/.test(r))return xd(r,n);let c=n.indent||(n.forceBlockIndent||YB(r)?"  ":""),l=o==="literal"?!0:o==="folded"||e===ts.Scalar.BLOCK_FOLDED?!1:e===ts.Scalar.BLOCK_LITERAL?!0:!zve(r,A,c.length);if(!r)return l?`|
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`:`>
 								`;let u,d;for(d=r.length;d>0;--d){let v=r[d-1];if(v!==`
 								`&&v!=="	"&&v!==" ")break}let f=r.substring(d),g=f.indexOf(`
 								`);g===-1?u="-":r===f||g!==f.length-1?(u="+",s&&s()):u="",f&&(r=r.slice(0,-f.length),f[f.length-1]===`
-												fix: force-replace npm's broken bin shims for pn/pnx aliases

npm creates bin shims in .bin/ that point to an isolated copy in
.bin/.tools/. After self-update, setup.js fixes the main copy in
node_modules/@pnpm/exe/ but the .tools copy retains stale placeholder
files. Always replace the bin links so they point directly to the
fixed files instead of npm's broken .tools shims.

											
										
										
											2026-03-26 18:54:54 +01:00
+								`&&(f=f.slice(0,-1)),f=f.replace(JD,`$&${c}`));let m=!1,E,C=-1;for(E=0;E<r.length;++E){let v=r[E];if(v===" ")m=!0;else if(v===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)C=E;else break}let I=r.substring(0,C<E?C+1:E);I&&(r=r.substring(I.length),I=I.replace(/\n+/g,`$&${c}`));let w=(m?c?"2":"1":"")+u;if(t&&(w+=" "+a(t.replace(/ ?[\r\n]+/g," ")),i&&i()),!l){let v=r.replace(/\n+/g,`
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								$&`).replace(/(?:^|\n)([\t ].*)(?:([\n\t ]*)\n(?![\n\t ]))?/g,"$1$2").replace(/\n+/g,`$&${c}`),T=!1,U=GB(n,!0);o!=="folded"&&e!==ts.Scalar.BLOCK_FOLDED&&(U.onOverflow=()=>{T=!0});let k=_a.foldFlowLines(`${I}${v}${f}`,c,_a.FOLD_BLOCK,U);if(!T)return`>${w}
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								${c}${k}`}return r=r.replace(/\n+/g,`$&${c}`),`|${w}
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								${c}${I}${r}${f}`}function Gve(t,e,r,n){let{type:i,value:s}=t,{actualString:o,implicitKey:a,indent:A,indentStep:c,inFlow:l}=e;if(a&&s.includes(`
-												fix: force-replace npm's broken bin shims for pn/pnx aliases

npm creates bin shims in .bin/ that point to an isolated copy in
.bin/.tools/. After self-update, setup.js fixes the main copy in
node_modules/@pnpm/exe/ but the .tools copy retains stale placeholder
files. Always replace the bin links so they point directly to the
fixed files instead of npm's broken .tools shims.

											
										
										
											2026-03-26 18:54:54 +01:00
+								`)||l&&/[[\]{},]/.test(s))return xd(s,e);if(!s||/^[\n\t ,[\]{}#&*!|>'"%@`]|^[?-]$|^[?-][ \t]|[\n:][ \t]|[ \t]\n|[\n\t ]#|[\n\t :]$/.test(s))return a||l||!s.includes(`
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`)?xd(s,e):zB(t,e,r,n);if(!a&&!l&&i!==ts.Scalar.PLAIN&&s.includes(`
 								`))return zB(t,e,r,n);if(YB(s)){if(A==="")return e.forceBlockIndent=!0,zB(t,e,r,n);if(a&&A===c)return xd(s,e)}let u=s.replace(/\n+/g,`$&
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								${A}`);if(o){let d=m=>m.default&&m.tag!=="tag:yaml.org,2002:str"&&m.test?.test(u),{compat:f,tags:g}=e.doc.schema;if(g.some(d)||f?.some(d))return xd(s,e)}return a?u:_a.foldFlowLines(u,A,_a.FOLD_FLOW,GB(e,!1))}function Yve(t,e,r,n){let{implicitKey:i,inFlow:s}=e,o=typeof t.value=="string"?t:Object.assign({},t,{value:String(t.value)}),{type:a}=t;a!==ts.Scalar.QUOTE_DOUBLE&&/[\x00-\x08\x0b-\x1f\x7f-\x9f\u{D800}-\u{DFFF}]/u.test(o.value)&&(a=ts.Scalar.QUOTE_DOUBLE);let A=l=>{switch(l){case ts.Scalar.BLOCK_FOLDED:case ts.Scalar.BLOCK_LITERAL:return i||s?xd(o.value,e):zB(o,e,r,n);case ts.Scalar.QUOTE_DOUBLE:return Zg(o.value,e);case ts.Scalar.QUOTE_SINGLE:return YD(o.value,e);case ts.Scalar.PLAIN:return Gve(o,e,r,n);default:return null}},c=A(a);if(c===null){let{defaultKeyType:l,defaultStringType:u}=e.options,d=i&&l||u;if(c=A(d),c===null)throw new Error(`Unsupported default string type ${d}`)}return c}RK.stringifyString=Yve});var tm=h(VD=>{"use strict";var Jve=OB(),Da=He(),Vve=Kg(),Wve=em();function $ve(t,e){let r=Object.assign({blockQuote:!0,commentString:Vve.stringifyComment,defaultKeyType:null,defaultStringType:"PLAIN",directives:null,doubleQuotedAsJSON:!1,doubleQuotedMinMultiLineLength:40,falseStr:"false",flowCollectionPadding:!0,indentSeq:!0,lineWidth:80,minContentWidth:20,nullStr:"null",simpleKeys:!1,singleQuote:null,trueStr:"true",verifyAliasOrder:!0},t.schema.toStringOptions,e),n;switch(r.collectionStyle){case"block":n=!1;break;case"flow":n=!0;break;default:n=null}return{anchors:new Set,doc:t,flowCollectionPadding:r.flowCollectionPadding?" ":"",indent:"",indentStep:typeof r.indent=="number"?" ".repeat(r.indent):"  ",inFlow:n,options:r}}function Kve(t,e){if(e.tag){let i=t.filter(s=>s.tag===e.tag);if(i.length>0)return i.find(s=>s.format===e.format)??i[0]}let r,n;if(Da.isScalar(e)){n=e.value;let i=t.filter(s=>s.identify?.(n));if(i.length>1){let s=i.filter(o=>o.test);s.length>0&&(i=s)}r=i.find(s=>s.format===e.format)??i.find(s=>!s.format)}else n=e,r=t.find(i=>i.nodeClass&&n instanceof i.nodeClass);if(!r){let i=n?.constructor?.name??typeof n;throw new Error(`Tag not resolved for ${i} value`)}return r}function Xve(t,e,{anchors:r,doc:n}){if(!n.directives)return"";let i=[],s=(Da.isScalar(t)||Da.isCollection(t))&&t.anchor;s&&Jve.anchorIsValid(s)&&(r.add(s),i.push(`&${s}`));let o=t.tag?t.tag:e.default?null:e.tag;return o&&i.push(n.directives.tagString(o)),i.join(" ")}function Zve(t,e,r,n){if(Da.isPair(t))return t.toString(e,r,n);if(Da.isAlias(t)){if(e.doc.directives)return t.toString(e);if(e.resolvedAliases?.has(t))throw new TypeError("Cannot stringify circular structure without alias nodes");e.resolvedAliases?e.resolvedAliases.add(t):e.resolvedAliases=new Set([t]),t=t.resolve(e.doc)}let i,s=Da.isNode(t)?t:e.doc.createNode(t,{onTagObj:A=>i=A});i||(i=Kve(e.doc.schema.tags,s));let o=Xve(s,i,e);o.length>0&&(e.indentAtStart=(e.indentAtStart??0)+o.length+1);let a=typeof i.stringify=="function"?i.stringify(s,e,r,n):Da.isScalar(s)?Wve.stringifyString(s,e,r,n):s.toString(e,r,n);return o?Da.isScalar(s)||a[0]==="{"||a[0]==="["?`${o} ${a}`:`${o}
 								${e.indent}${a}`:a}VD.createStringifyContext=$ve;VD.stringify=Zve});var kK=h(DK=>{"use strict";var bo=He(),vK=sr(),_K=tm(),rm=Kg();function e_e({key:t,value:e},r,n,i){let{allNullValues:s,doc:o,indent:a,indentStep:A,options:{commentString:c,indentSeq:l,simpleKeys:u}}=r,d=bo.isNode(t)&&t.comment||null;if(u){if(d)throw new Error("With simple keys, key nodes cannot have comments");if(bo.isCollection(t)||!bo.isNode(t)&&typeof t=="object"){let U="With simple keys, collection cannot be used as a key value";throw new Error(U)}}let f=!u&&(!t||d&&e==null&&!r.inFlow||bo.isCollection(t)||(bo.isScalar(t)?t.type===vK.Scalar.BLOCK_FOLDED||t.type===vK.Scalar.BLOCK_LITERAL:typeof t=="object"));r=Object.assign({},r,{allNullValues:!1,implicitKey:!f&&(u||!s),indent:a+A});let g=!1,m=!1,E=_K.stringify(t,r,()=>g=!0,()=>m=!0);if(!f&&!r.inFlow&&E.length>1024){if(u)throw new Error("With simple keys, single line scalar must not span more than 1024 characters");f=!0}if(r.inFlow){if(s||e==null)return g&&n&&n(),E===""?"?":f?`? ${E}`:E}else if(s&&!u||e==null&&f)return E=`? ${E}`,d&&!g?E+=rm.lineComment(E,r.indent,c(d)):m&&i&&i(),E;g&&(d=null),f?(d&&(E+=rm.lineComment(E,r.indent,c(d))),E=`? ${E}
 								${a}:`):(E=`${E}:`,d&&(E+=rm.lineComment(E,r.indent,c(d))));let C,I,N;bo.isNode(e)?(C=!!e.spaceBefore,I=e.commentBefore,N=e.comment):(C=!1,I=null,N=null,e&&typeof e=="object"&&(e=o.createNode(e))),r.implicitKey=!1,!f&&!d&&bo.isScalar(e)&&(r.indentAtStart=E.length+1),m=!1,!l&&A.length>=2&&!r.inFlow&&!f&&bo.isSeq(e)&&!e.flow&&!e.tag&&!e.anchor&&(r.indent=r.indent.substring(2));let w=!1,v=_K.stringify(e,r,()=>w=!0,()=>m=!0),T=" ";if(d||C||I){if(T=C?`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`:"",I){let U=c(I);T+=`
-												fix: force-replace npm's broken bin shims for pn/pnx aliases

npm creates bin shims in .bin/ that point to an isolated copy in
.bin/.tools/. After self-update, setup.js fixes the main copy in
node_modules/@pnpm/exe/ but the .tools copy retains stale placeholder
files. Always replace the bin links so they point directly to the
fixed files instead of npm's broken .tools shims.

											
										
										
											2026-03-26 18:54:54 +01:00
+								${rm.indentComment(U,r.indent)}`}v===""&&!r.inFlow?T===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`&&(T=`
 								`):T+=`
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								${r.indent}`}else if(!f&&bo.isCollection(e)){let U=v[0],k=v.indexOf(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`),J=k!==-1,be=r.inFlow??e.flow??e.items.length===0;if(J||!be){let Re=!1;if(J&&(U==="&"||U==="!")){let H=v.indexOf(" ");U==="&"&&H!==-1&&H<k&&v[H+1]==="!"&&(H=v.indexOf(" ",H+1)),(H===-1||k<H)&&(Re=!0)}Re||(T=`
 								${r.indent}`)}}else(v===""||v[0]===`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`)&&(T="");return E+=T+v,r.inFlow?w&&n&&n():N&&!w?E+=rm.lineComment(E,r.indent,c(N)):m&&i&&i(),E}DK.stringifyPair=e_e});var $D=h(WD=>{"use strict";var PK=require("node:process");function t_e(t,...e){t==="debug"&&console.log(...e)}function r_e(t,e){(t==="debug"||t==="warn")&&(typeof PK.emitWarning=="function"?PK.emitWarning(e):console.warn(e))}WD.debug=t_e;WD.warn=r_e});var $B=h(WB=>{"use strict";var nm=He(),TK=sr(),JB="<<",VB={identify:t=>t===JB||typeof t=="symbol"&&t.description===JB,default:"key",tag:"tag:yaml.org,2002:merge",test:/^<<$/,resolve:()=>Object.assign(new TK.Scalar(Symbol(JB)),{addToJSMap:OK}),stringify:()=>JB},n_e=(t,e)=>(VB.identify(e)||nm.isScalar(e)&&(!e.type||e.type===TK.Scalar.PLAIN)&&VB.identify(e.value))&&t?.doc.schema.tags.some(r=>r.tag===VB.tag&&r.default);function OK(t,e,r){if(r=t&&nm.isAlias(r)?r.resolve(t.doc):r,nm.isSeq(r))for(let n of r.items)KD(t,e,n);else if(Array.isArray(r))for(let n of r)KD(t,e,n);else KD(t,e,r)}function KD(t,e,r){let n=t&&nm.isAlias(r)?r.resolve(t.doc):r;if(!nm.isMap(n))throw new Error("Merge sources must be maps or map aliases");let i=n.toJSON(null,t,Map);for(let[s,o]of i)e instanceof Map?e.has(s)||e.set(s,o):e instanceof Set?e.add(s):Object.prototype.hasOwnProperty.call(e,s)||Object.defineProperty(e,s,{value:o,writable:!0,enumerable:!0,configurable:!0});return e}WB.addMergeToJSMap=OK;WB.isMergeKey=n_e;WB.merge=VB});var ZD=h(FK=>{"use strict";var i_e=$D(),LK=$B(),s_e=tm(),MK=He(),XD=Ra();function o_e(t,e,{key:r,value:n}){if(MK.isNode(r)&&r.addToJSMap)r.addToJSMap(t,e,n);else if(LK.isMergeKey(t,r))LK.addMergeToJSMap(t,e,n);else{let i=XD.toJS(r,"",t);if(e instanceof Map)e.set(i,XD.toJS(n,i,t));else if(e instanceof Set)e.add(i);else{let s=a_e(r,i,t),o=XD.toJS(n,s,t);s in e?Object.defineProperty(e,s,{value:o,writable:!0,enumerable:!0,configurable:!0}):e[s]=o}}return e}function a_e(t,e,r){if(e===null)return"";if(typeof e!="object")return String(e);if(MK.isNode(t)&&r?.doc){let n=s_e.createStringifyContext(r.doc,{});n.anchors=new Set;for(let s of r.anchors.keys())n.anchors.add(s.anchor);n.inFlow=!0,n.inStringifyKey=!0;let i=t.toString(n);if(!r.mapKeyWarned){let s=JSON.stringify(i);s.length>40&&(s=s.substring(0,36)+'..."'),i_e.warn(r.doc.options.logLevel,`Keys with collection values will be stringified due to JS Object restrictions: ${s}. Set mapAsMap: true to use object keys.`),r.mapKeyWarned=!0}return i}return JSON.stringify(e)}FK.addPairToJSMap=o_e});var ka=h(ek=>{"use strict";var UK=$g(),A_e=kK(),c_e=ZD(),KB=He();function l_e(t,e,r){let n=UK.createNode(t,void 0,r),i=UK.createNode(e,void 0,r);return new XB(n,i)}var XB=class t{constructor(e,r=null){Object.defineProperty(this,KB.NODE_TYPE,{value:KB.PAIR}),this.key=e,this.value=r}clone(e){let{key:r,value:n}=this;return KB.isNode(r)&&(r=r.clone(e)),KB.isNode(n)&&(n=n.clone(e)),new t(r,n)}toJSON(e,r){let n=r?.mapAsMap?new Map:{};return c_e.addPairToJSMap(r,n,this)}toString(e,r,n){return e?.doc?A_e.stringifyPair(this,e,r,n):JSON.stringify(this)}};ek.Pair=XB;ek.createPair=l_e});var tk=h(HK=>{"use strict";var GA=He(),qK=tm(),ZB=Kg();function u_e(t,e,r){return(e.inFlow??t.flow?f_e:d_e)(t,e,r)}function d_e({comment:t,items:e},r,{blockItemPrefix:n,flowChars:i,itemIndent:s,onChompKeep:o,onComment:a}){let{indent:A,options:{commentString:c}}=r,l=Object.assign({},r,{indent:s,type:null}),u=!1,d=[];for(let g=0;g<e.length;++g){let m=e[g],E=null;if(GA.isNode(m))!u&&m.spaceBefore&&d.push(""),eQ(r,d,m.commentBefore,u),m.comment&&(E=m.comment);else if(GA.isPair(m)){let I=GA.isNode(m.key)?m.key:null;I&&(!u&&I.spaceBefore&&d.push(""),eQ(r,d,I.commentBefore,u))}u=!1;let C=qK.stringify(m,l,()=>E=null,()=>u=!0);E&&(C+=ZB.lineComment(C,s,c(E))),u&&E&&(u=!1),d.push(n+C)}let f;if(d.length===0)f=i.start+i.end;else{f=d[0];for(let g=1;g<d.length;++g){let m=d[g];f+=m?`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								${A}${m}`:`
 								`}}return t?(f+=`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`+ZB.indentComment(c(t),A),a&&a()):u&&o&&o(),f}function f_e({items:t},e,{flowChars:r,itemIndent:n}){let{indent:i,indentStep:s,flowCollectionPadding:o,options:{commentString:a}}=e;n+=s;let A=Object.assign({},e,{indent:n,inFlow:!0,type:null}),c=!1,l=0,u=[];for(let g=0;g<t.length;++g){let m=t[g],E=null;if(GA.isNode(m))m.spaceBefore&&u.push(""),eQ(e,u,m.commentBefore,!1),m.comment&&(E=m.comment);else if(GA.isPair(m)){let I=GA.isNode(m.key)?m.key:null;I&&(I.spaceBefore&&u.push(""),eQ(e,u,I.commentBefore,!1),I.comment&&(c=!0));let N=GA.isNode(m.value)?m.value:null;N?(N.comment&&(E=N.comment),N.commentBefore&&(c=!0)):m.value==null&&I?.comment&&(E=I.comment)}E&&(c=!0);let C=qK.stringify(m,A,()=>E=null);g<t.length-1&&(C+=","),E&&(C+=ZB.lineComment(C,n,a(E))),!c&&(u.length>l||C.includes(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`))&&(c=!0),u.push(C),l=u.length}let{start:d,end:f}=r;if(u.length===0)return d+f;if(!c){let g=u.reduce((m,E)=>m+E.length+2,2);c=e.options.lineWidth>0&&g>e.options.lineWidth}if(c){let g=d;for(let m of u)g+=m?`
 								${s}${i}${m}`:`
 								`;return`${g}
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								${i}${f}`}else return`${d}${o}${u.join(" ")}${o}${f}`}function eQ({indent:t,options:{commentString:e}},r,n,i){if(n&&i&&(n=n.replace(/^\n+/,"")),n){let s=ZB.indentComment(e(n),t);r.push(s.trimStart())}}HK.stringifyCollection=u_e});var Ta=h(nk=>{"use strict";var h_e=tk(),g_e=ZD(),m_e=qB(),Pa=He(),tQ=ka(),p_e=sr();function im(t,e){let r=Pa.isScalar(e)?e.value:e;for(let n of t)if(Pa.isPair(n)&&(n.key===e||n.key===r||Pa.isScalar(n.key)&&n.key.value===r))return n}var rk=class extends m_e.Collection{static get tagName(){return"tag:yaml.org,2002:map"}constructor(e){super(Pa.MAP,e),this.items=[]}static from(e,r,n){let{keepUndefined:i,replacer:s}=n,o=new this(e),a=(A,c)=>{if(typeof s=="function")c=s.call(r,A,c);else if(Array.isArray(s)&&!s.includes(A))return;(c!==void 0||i)&&o.items.push(tQ.createPair(A,c,n))};if(r instanceof Map)for(let[A,c]of r)a(A,c);else if(r&&typeof r=="object")for(let A of Object.keys(r))a(A,r[A]);return typeof e.sortMapEntries=="function"&&o.items.sort(e.sortMapEntries),o}add(e,r){let n;Pa.isPair(e)?n=e:!e||typeof e!="object"||!("key"in e)?n=new tQ.Pair(e,e?.value):n=new tQ.Pair(e.key,e.value);let i=im(this.items,n.key),s=this.schema?.sortMapEntries;if(i){if(!r)throw new Error(`Key ${n.key} already set`);Pa.isScalar(i.value)&&p_e.isScalarValue(n.value)?i.value.value=n.value:i.value=n.value}else if(s){let o=this.items.findIndex(a=>s(n,a)<0);o===-1?this.items.push(n):this.items.splice(o,0,n)}else this.items.push(n)}delete(e){let r=im(this.items,e);return r?this.items.splice(this.items.indexOf(r),1).length>0:!1}get(e,r){let i=im(this.items,e)?.value;return(!r&&Pa.isScalar(i)?i.value:i)??void 0}has(e){return!!im(this.items,e)}set(e,r){this.add(new tQ.Pair(e,r),!0)}toJSON(e,r,n){let i=n?new n:r?.mapAsMap?new Map:{};r?.onCreate&&r.onCreate(i);for(let s of this.items)g_e.addPairToJSMap(r,i,s);return i}toString(e,r,n){if(!e)return JSON.stringify(this);for(let i of this.items)if(!Pa.isPair(i))throw new Error(`Map items must all be pairs; found ${JSON.stringify(i)} instead`);return!e.allNullValues&&this.hasAllNullValues(!1)&&(e=Object.assign({},e,{allNullValues:!0})),h_e.stringifyCollection(this,e,{blockItemPrefix:"",flowChars:{start:"{",end:"}"},itemIndent:e.indent||"",onChompKeep:n,onComment:r})}};nk.YAMLMap=rk;nk.findPair=im});var Rd=h(zK=>{"use strict";var y_e=He(),jK=Ta(),E_e={collection:"map",default:!0,nodeClass:jK.YAMLMap,tag:"tag:yaml.org,2002:map",resolve(t,e){return y_e.isMap(t)||e("Expected a mapping for this tag"),t},createNode:(t,e,r)=>jK.YAMLMap.from(t,e,r)};zK.map=E_e});var Oa=h(GK=>{"use strict";var C_e=$g(),I_e=tk(),B_e=qB(),nQ=He(),Q_e=sr(),b_e=Ra(),ik=class extends B_e.Collection{static get tagName(){return"tag:yaml.org,2002:seq"}constructor(e){super(nQ.SEQ,e),this.items=[]}add(e){this.items.push(e)}delete(e){let r=rQ(e);return typeof r!="number"?!1:this.items.splice(r,1).length>0}get(e,r){let n=rQ(e);if(typeof n!="number")return;let i=this.items[n];return!r&&nQ.isScalar(i)?i.value:i}has(e){let r=rQ(e);return typeof r=="number"&&r<this.items.length}set(e,r){let n=rQ(e);if(typeof n!="number")throw new Error(`Expected a valid index, not ${e}.`);let i=this.items[n];nQ.isScalar(i)&&Q_e.isScalarValue(r)?i.value=r:this.items[n]=r}toJSON(e,r){let n=[];r?.onCreate&&r.onCreate(n);let i=0;for(let s of this.items)n.push(b_e.toJS(s,String(i++),r));return n}toString(e,r,n){return e?I_e.stringifyCollection(this,e,{blockItemPrefix:"- ",flowChars:{start:"[",end:"]"},itemIndent:(e.indent||"")+"  ",onChompKeep:n,onComment:r}):JSON.stringify(this)}static from(e,r,n){let{replacer:i}=n,s=new this(e);if(r&&Symbol.iterator in Object(r)){let o=0;for(let a of r){if(typeof i=="function"){let A=r instanceof Set?a:String(o++);a=i.call(r,A,a)}s.items.push(C_e.createNode(a,void 0,n))}}return s}};function rQ(t){let e=nQ.isScalar(t)?t.value:t;return e&&typeof e=="string"&&(e=Number(e)),typeof e=="number"&&Number.isInteger(e)&&e>=0?e:null}GK.YAMLSeq=ik});var vd=h(JK=>{"use strict";var N_e=He(),YK=Oa(),w_e={collection:"seq",default:!0,nodeClass:YK.YAMLSeq,tag:"tag:yaml.org,2002:seq",resolve(t,e){return N_e.isSeq(t)||e("Expected a
 								`:" ")}return $_e.stringifyString({comment:t,type:e,value:a},n,i,s)}};A9.binary=K_e});var uQ=h(lQ=>{"use strict";var cQ=He(),hk=ka(),X_e=sr(),Z_e=Oa();function c9(t,e){if(cQ.isSeq(t))for(let r=0;r<t.items.length;++r){let n=t.items[r];if(!cQ.isPair(n)){if(cQ.isMap(n)){n.items.length>1&&e("Each pair must have its own sequence indicator");let i=n.items[0]||new hk.Pair(new X_e.Scalar(null));if(n.commentBefore&&(i.key.commentBefore=i.key.commentBefore?`${n.commentBefore}
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								${i.key.commentBefore}`:n.commentBefore),n.comment){let s=i.value??i.key;s.comment=s.comment?`${n.comment}
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								${s.comment}`:n.comment}n=i}t.items[r]=cQ.isPair(n)?n:new hk.Pair(n)}}else e("Expected a sequence for this tag");return t}function l9(t,e,r){let{replacer:n}=r,i=new Z_e.YAMLSeq(t);i.tag="tag:yaml.org,2002:pairs";let s=0;if(e&&Symbol.iterator in Object(e))for(let o of e){typeof n=="function"&&(o=n.call(e,String(s++),o));let a,A;if(Array.isArray(o))if(o.length===2)a=o[0],A=o[1];else throw new TypeError(`Expected [key, value] tuple: ${o}`);else if(o&&o instanceof Object){let c=Object.keys(o);if(c.length===1)a=c[0],A=o[a];else throw new TypeError(`Expected tuple with one key, not ${c.length} keys`)}else a=o;i.items.push(hk.createPair(a,A,r))}return i}var eDe={collection:"seq",default:!1,tag:"tag:yaml.org,2002:pairs",resolve:c9,createNode:l9};lQ.createPairs=l9;lQ.pairs=eDe;lQ.resolvePairs=c9});var pk=h(mk=>{"use strict";var u9=He(),gk=Ra(),am=Ta(),tDe=Oa(),d9=uQ(),YA=class t extends tDe.YAMLSeq{constructor(){super(),this.add=am.YAMLMap.prototype.add.bind(this),this.delete=am.YAMLMap.prototype.delete.bind(this),this.get=am.YAMLMap.prototype.get.bind(this),this.has=am.YAMLMap.prototype.has.bind(this),this.set=am.YAMLMap.prototype.set.bind(this),this.tag=t.tag}toJSON(e,r){if(!r)return super.toJSON(e);let n=new Map;r?.onCreate&&r.onCreate(n);for(let i of this.items){let s,o;if(u9.isPair(i)?(s=gk.toJS(i.key,"",r),o=gk.toJS(i.value,s,r)):s=gk.toJS(i,"",r),n.has(s))throw new Error("Ordered maps must not include duplicate keys");n.set(s,o)}return n}static from(e,r,n){let i=d9.createPairs(e,r,n),s=new this;return s.items=i.items,s}};YA.tag="tag:yaml.org,2002:omap";var rDe={collection:"seq",identify:t=>t instanceof Map,nodeClass:YA,default:!1,tag:"tag:yaml.org,2002:omap",resolve(t,e){let r=d9.resolvePairs(t,e),n=[];for(let{key:i}of r.items)u9.isScalar(i)&&(n.includes(i.value)?e(`Ordered maps must not include duplicate keys: ${i.value}`):n.push(i.value));return Object.assign(new YA,r)},createNode:(t,e,r)=>YA.from(t,e,r)};mk.YAMLOMap=YA;mk.omap=rDe});var p9=h(yk=>{"use strict";var f9=sr();function h9({value:t,source:e},r){return e&&(t?g9:m9).test.test(e)?e:t?r.options.trueStr:r.options.falseStr}var g9={identify:t=>t===!0,default:!0,tag:"tag:yaml.org,2002:bool",test:/^(?:Y|y|[Yy]es|YES|[Tt]rue|TRUE|[Oo]n|ON)$/,resolve:()=>new f9.Scalar(!0),stringify:h9},m9={identify:t=>t===!1,default:!0,tag:"tag:yaml.org,2002:bool",test:/^(?:N|n|[Nn]o|NO|[Ff]alse|FALSE|[Oo]ff|OFF)$/,resolve:()=>new f9.Scalar(!1),stringify:h9};yk.falseTag=m9;yk.trueTag=g9});var y9=h(dQ=>{"use strict";var nDe=sr(),Ek=_d(),iDe={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",test:/^(?:[-+]?\.(?:inf|Inf|INF)|\.nan|\.NaN|\.NAN)$/,resolve:t=>t.slice(-3).toLowerCase()==="nan"?NaN:t[0]==="-"?Number.NEGATIVE_INFINITY:Number.POSITIVE_INFINITY,stringify:Ek.stringifyNumber},sDe={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",format:"EXP",test:/^[-+]?(?:[0-9][0-9_]*)?(?:\.[0-9_]*)?[eE][-+]?[0-9]+$/,resolve:t=>parseFloat(t.replace(/_/g,"")),stringify(t){let e=Number(t.value);return isFinite(e)?e.toExponential():Ek.stringifyNumber(t)}},oDe={identify:t=>typeof t=="number",default:!0,tag:"tag:yaml.org,2002:float",test:/^[-+]?(?:[0-9][0-9_]*)?\.[0-9_]*$/,resolve(t){let e=new nDe.Scalar(parseFloat(t.replace(/_/g,""))),r=t.indexOf(".");if(r!==-1){let n=t.substring(r+1).replace(/_/g,"");n[n.length-1]==="0"&&(e.minFractionDigits=n.length)}return e},stringify:Ek.stringifyNumber};dQ.float=oDe;dQ.floatExp=sDe;dQ.floatNaN=iDe});var C9=h(cm=>{"use strict";var E9=_d(),Am=t=>typeof t=="bigint"||Number.isInteger(t);function fQ(t,e,r,{intAsBigInt:n}){let i=t[0];if((i==="-"||i==="+")&&(e+=1),t=t.substring(e).replace(/_/g,""),n){switch(r){case 2:t=`0b${t}`;break;case 8:t=`0o${t}`;break;case 16:t=`0x${t}`;break}let o=BigInt(t);return i==="-"?BigInt(-1)*o:o}let s=parseInt(t,r);return i==="-"?-1*s:s}function Ck(t,e,r){let{value:n}=t;if(Am(n)){let i=n.toString(e);return n<0?"-"+r+i.substr(1):r+i}return E9.stringifyNumber(t)}var aDe={identify:Am,default:!0,tag:"tag:yaml.org,2002:int",format:"BIN",test:/^[-+]?0b[0-1_]+$/,resolve:(t,e,r)=>fQ(t,2,2,r),stringify:t
-												fix: force-replace npm's broken bin shims for pn/pnx aliases

npm creates bin shims in .bin/ that point to an isolated copy in
.bin/.tools/. After self-update, setup.js fixes the main copy in
node_modules/@pnpm/exe/ but the .tools copy retains stale placeholder
files. Always replace the bin links so they point directly to the
fixed files instead of npm's broken .tools shims.

											
										
										
											2026-03-26 18:54:54 +01:00
+								`)?(r.push("..."),r.push(um.indentComment(A,""))):r.push(`... ${A}`)}else r.push("...");else{let A=t.comment;A&&o&&(A=A.replace(/^\n+/,"")),A&&((!o||a)&&r[r.length-1]!==""&&r.push(""),r.push(um.indentComment(s(A),"")))}return r.join(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)+`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`}L9.stringifyDocument=LDe});var dm=h(F9=>{"use strict";var MDe=Wg(),Dd=qB(),ki=He(),FDe=ka(),UDe=Ra(),qDe=Dk(),HDe=M9(),Pk=OB(),jDe=MD(),zDe=$g(),Tk=LD(),Ok=class t{constructor(e,r,n){this.commentBefore=null,this.comment=null,this.errors=[],this.warnings=[],Object.defineProperty(this,ki.NODE_TYPE,{value:ki.DOC});let i=null;typeof r=="function"||Array.isArray(r)?i=r:n===void 0&&r&&(n=r,r=void 0);let s=Object.assign({intAsBigInt:!1,keepSourceTokens:!1,logLevel:"warn",prettyErrors:!0,strict:!0,stringKeys:!1,uniqueKeys:!0,version:"1.2"},n);this.options=s;let{version:o}=s;n?._directives?(this.directives=n._directives.atDocument(),this.directives.yaml.explicit&&(o=this.directives.yaml.version)):this.directives=new Tk.Directives({version:o}),this.setSchema(o,n),this.contents=e===void 0?null:this.createNode(e,i,n)}clone(){let e=Object.create(t.prototype,{[ki.NODE_TYPE]:{value:ki.DOC}});return e.commentBefore=this.commentBefore,e.comment=this.comment,e.errors=this.errors.slice(),e.warnings=this.warnings.slice(),e.options=Object.assign({},this.options),this.directives&&(e.directives=this.directives.clone()),e.schema=this.schema.clone(),e.contents=ki.isNode(this.contents)?this.contents.clone(e.schema):this.contents,this.range&&(e.range=this.range.slice()),e}add(e){kd(this.contents)&&this.contents.add(e)}addIn(e,r){kd(this.contents)&&this.contents.addIn(e,r)}createAlias(e,r){if(!e.anchor){let n=Pk.anchorNames(this);e.anchor=!r||n.has(r)?Pk.findNewAnchor(r||"a",n):r}return new MDe.Alias(e.anchor)}createNode(e,r,n){let i;if(typeof r=="function")e=r.call({"":e},"",e),i=r;else if(Array.isArray(r)){let E=I=>typeof I=="number"||I instanceof String||I instanceof Number,C=r.filter(E).map(String);C.length>0&&(r=r.concat(C)),i=r}else n===void 0&&r&&(n=r,r=void 0);let{aliasDuplicateObjects:s,anchorPrefix:o,flow:a,keepUndefined:A,onTagObj:c,tag:l}=n??{},{onAnchor:u,setAnchors:d,sourceObjects:f}=Pk.createNodeAnchors(this,o||"a"),g={aliasDuplicateObjects:s??!0,keepUndefined:A??!1,onAnchor:u,onTagObj:c,replacer:i,schema:this.schema,sourceObjects:f},m=zDe.createNode(e,l,g);return a&&ki.isCollection(m)&&(m.flow=!0),d(),m}createPair(e,r,n={}){let i=this.createNode(e,null,n),s=this.createNode(r,null,n);return new FDe.Pair(i,s)}delete(e){return kd(this.contents)?this.contents.delete(e):!1}deleteIn(e){return Dd.isEmptyPath(e)?this.contents==null?!1:(this.contents=null,!0):kd(this.contents)?this.contents.deleteIn(e):!1}get(e,r){return ki.isCollection(this.contents)?this.contents.get(e,r):void 0}getIn(e,r){return Dd.isEmptyPath(e)?!r&&ki.isScalar(this.contents)?this.contents.value:this.contents:ki.isCollection(this.contents)?this.contents.getIn(e,r):void 0}has(e){return ki.isCollection(this.contents)?this.contents.has(e):!1}hasIn(e){return Dd.isEmptyPath(e)?this.contents!==void 0:ki.isCollection(this.contents)?this.contents.hasIn(e):!1}set(e,r){this.contents==null?this.contents=Dd.collectionFromPath(this.schema,[e],r):kd(this.contents)&&this.contents.set(e,r)}setIn(e,r){Dd.isEmptyPath(e)?this.contents=r:this.contents==null?this.contents=Dd.collectionFromPath(this.schema,Array.from(e),r):kd(this.contents)&&this.contents.setIn(e,r)}setSchema(e,r={}){typeof e=="number"&&(e=String(e));let n;switch(e){case"1.1":this.directives?this.directives.yaml.version="1.1":this.directives=new Tk.Directives({version:"1.1"}),n={resolveKnownTags:!1,schema:"yaml-1.1"};break;case"1.2":case"next":this.directives?this.directives.yaml.version=e:this.directives=new Tk.Directives({version:e}),n={resolveKnownTags:!0,schema:"core"};break;case null:this.directives&&delete this.directives,n=null;break;default:{let i=JSON.stringify(e);throw new Error(`Expected '1.1', '1.2' or null as first argument, but found: ${i}`)}}if(r.schema instanceof Object)this.schema=r.schema;else if(n)this.schema=new qDe.Schema(Object.assign(n,r));else throw new Error("With a null YAML version, the { schema: Schema } option is required")}toJS({json:e,jsonArg:r,mapAsMap:n,maxAliasCount:i,onAnchor:s,reviver:o}={}){let a={anchors:new Map,doc:this,keep:!e,mapAsMap:n===!0,mapKeyWarned:!1,maxAliasCount:typeof i=="
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`),o=a+o}if(/[^ ]/.test(o)){let a=1,A=r.linePos[1];A&&A.line===n&&A.col>i&&(a=Math.max(1,Math.min(A.col-i,80-s)));let c=" ".repeat(s)+"^".repeat(a);r.message+=`:
 								${o}
 								${c}
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`}};hm.YAMLError=fm;hm.YAMLParseError=Lk;hm.YAMLWarning=Mk;hm.prettifyError=GDe});var mm=h(U9=>{"use strict";function YDe(t,{flow:e,indicator:r,next:n,offset:i,onError:s,parentIndent:o,startOnNewline:a}){let A=!1,c=a,l=a,u="",d="",f=!1,g=!1,m=null,E=null,C=null,I=null,N=null,w=null,v=null;for(let k of t)switch(g&&(k.type!=="space"&&k.type!=="newline"&&k.type!=="comma"&&s(k.offset,"MISSING_CHAR","Tags and anchors must be separated from the next token by white space"),g=!1),m&&(c&&k.type!=="comment"&&k.type!=="newline"&&s(m,"TAB_AS_INDENT","Tabs are not allowed as indentation"),m=null),k.type){case"space":!e&&(r!=="doc-start"||n?.type!=="flow-collection")&&k.source.includes("	")&&(m=k),l=!0;break;case"comment":{l||s(k,"MISSING_CHAR","Comments must be separated from other tokens by white space characters");let J=k.source.substring(1)||" ";u?u+=d+J:u=J,d="",c=!1;break}case"newline":c?u?u+=k.source:(!w||r!=="seq-item-ind")&&(A=!0):d+=k.source,c=!0,f=!0,(E||C)&&(I=k),l=!0;break;case"anchor":E&&s(k,"MULTIPLE_ANCHORS","A node can have at most one anchor"),k.source.endsWith(":")&&s(k.offset+k.source.length-1,"BAD_ALIAS","Anchor ending in : is ambiguous",!0),E=k,v===null&&(v=k.offset),c=!1,l=!1,g=!0;break;case"tag":{C&&s(k,"MULTIPLE_TAGS","A node can have at most one tag"),C=k,v===null&&(v=k.offset),c=!1,l=!1,g=!0;break}case r:(E||C)&&s(k,"BAD_PROP_ORDER",`Anchors and tags must be after the ${k.source} indicator`),w&&s(k,"UNEXPECTED_TOKEN",`Unexpected ${k.source} in ${e??"collection"}`),w=k,c=r==="seq-item-ind"||r==="explicit-key-ind",l=!1;break;case"comma":if(e){N&&s(k,"UNEXPECTED_TOKEN",`Unexpected , in ${e}`),N=k,c=!1,l=!1;break}default:s(k,"UNEXPECTED_TOKEN",`Unexpected ${k.type} token`),c=!1,l=!1}let T=t[t.length-1],U=T?T.offset+T.source.length:i;return g&&n&&n.type!=="space"&&n.type!=="newline"&&n.type!=="comma"&&(n.type!=="scalar"||n.source!=="")&&s(n.offset,"MISSING_CHAR","Tags and anchors must be separated from the next token by white space"),m&&(c&&m.indent<=o||n?.type==="block-map"||n?.type==="block-seq")&&s(m,"TAB_AS_INDENT","Tabs are not allowed as indentation"),{comma:N,found:w,spaceBefore:A,comment:u,hasNewline:f,anchor:E,tag:C,newlineAfterProp:I,end:U,start:v??U}}U9.resolveProps=YDe});var IQ=h(q9=>{"use strict";function Fk(t){if(!t)return null;switch(t.type){case"alias":case"scalar":case"double-quoted-scalar":case"single-quoted-scalar":if(t.source.includes(`
 								`))return!0;if(t.end){for(let e of t.end)if(e.type==="newline")return!0}return!1;case"flow-collection":for(let e of t.items){for(let r of e.start)if(r.type==="newline")return!0;if(e.sep){for(let r of e.sep)if(r.type==="newline")return!0}if(Fk(e.key)||Fk(e.value))return!0}return!1;default:return!0}}q9.containsNewline=Fk});var Uk=h(H9=>{"use strict";var JDe=IQ();function VDe(t,e,r){if(e?.type==="flow-collection"){let n=e.end[0];n.indent===t&&(n.source==="]"||n.source==="}")&&JDe.containsNewline(e)&&r(n,"BAD_INDENT","Flow end indicator should be more indented than parent",!0)}}H9.flowIndentCheck=VDe});var qk=h(z9=>{"use strict";var j9=He();function WDe(t,e,r){let{uniqueKeys:n}=t.options;if(n===!1)return!1;let i=typeof n=="function"?n:(s,o)=>s===o||j9.isScalar(s)&&j9.isScalar(o)&&s.value===o.value;return e.some(s=>i(s.key,r))}z9.mapIncludes=WDe});var $9=h(W9=>{"use strict";var G9=ka(),$De=Ta(),Y9=mm(),KDe=IQ(),J9=Uk(),XDe=qk(),V9="All mapping items must start at the same column";function ZDe({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=s?.nodeClass??$De.YAMLMap,a=new o(r.schema);r.atRoot&&(r.atRoot=!1);let A=n.offset,c=null;for(let l of n.items){let{start:u,key:d,sep:f,value:g}=l,m=Y9.resolveProps(u,{indicator:"explicit-key-ind",next:d??f?.[0],offset:A,onError:i,parentIndent:n.indent,startOnNewline:!0}),E=!m.found;if(E){if(d&&(d.type==="block-seq"?i(A,"BLOCK_AS_IMPLICIT_KEY","A block sequence may not be used as an implicit map key"):"indent"in d&&d.indent!==n.indent&&i(A,"BAD_INDENT",V9)),!m.anchor&&!m.tag&&!f){c=m.end,m.comment&&(a.comment?a.comment+=`
 								`+m.comment:a.comment=m.comment);continue}(m.newlineAfterProp||KDe.containsNewline(d))&&i(d??u[u.length-1],"MULTILINE_IMPLICIT_KEY","Implicit keys need to be on a single line")}else m.found?.indent!==n.indent&&i(A,"BAD_INDENT",V9);r.atKey=!0;let C=m.end,I=d?t(r,d,m,i):e(r,C,u,null,m,i);r.schema.compat&&J9.flowIndentCheck(n.indent,d,i),r.atKey=!1,XDe.mapIncludes(r,a.items,I)&&i(C,"DUPLICATE_KEY","Map keys must be unique");let N=Y9.resolveProps(f??[],{indicator:"map-value-ind",next:g,offset:I.range[2],onError:i,parentIndent:n.indent,startOnNewline:!d||d.type==="block-scalar"});if(A=N.end,N.found){E&&(g?.type==="block-map"&&!N.hasNewline&&i(A,"BLOCK_AS_IMPLICIT_KEY","Nested mappings are not allowed in compact mappings"),r.options.strict&&m.start<N.found.offset-1024&&i(I.range,"KEY_OVER_1024_CHARS","The : indicator must be at most 1024 chars after the start of an implicit block mapping key"));let w=g?t(r,g,N,i):e(r,A,f,null,N,i);r.schema.compat&&J9.flowIndentCheck(n.indent,g,i),A=w.range[2];let v=new G9.Pair(I,w);r.options.keepSourceTokens&&(v.srcToken=l),a.items.push(v)}else{E&&i(I.range,"MISSING_CHAR","Implicit map keys need to be followed by map values"),N.comment&&(I.comment?I.comment+=`
 								`+N.comment:I.comment=N.comment);let w=new G9.Pair(I);r.options.keepSourceTokens&&(w.srcToken=l),a.items.push(w)}}return c&&c<A&&i(c,"IMPOSSIBLE","Map comment with trailing content"),a.range=[n.offset,A,c??A],a}W9.resolveBlockMap=ZDe});var X9=h(K9=>{"use strict";var eke=Oa(),tke=mm(),rke=Uk();function nke({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=s?.nodeClass??eke.YAMLSeq,a=new o(r.schema);r.atRoot&&(r.atRoot=!1),r.atKey&&(r.atKey=!1);let A=n.offset,c=null;for(let{start:l,value:u}of n.items){let d=tke.resolveProps(l,{indicator:"seq-item-ind",next:u,offset:A,onError:i,parentIndent:n.indent,startOnNewline:!0});if(!d.found)if(d.anchor||d.tag||u)u&&u.type==="block-seq"?i(d.end,"BAD_INDENT","All sequence items must start at the same column"):i(A,"MISSING_CHAR","Sequence item without - indicator");else{c=d.end,d.comment&&(a.comment=d.comment);continue}let f=u?t(r,u,d,i):e(r,d.end,l,null,d,i);r.schema.compat&&rke.flowIndentCheck(n.indent,u,i),A=f.range[2],a.items.push(f)}return a.range=[n.offset,A,c??A],a}K9.resolveBlockSeq=nke});var Pd=h(Z9=>{"use strict";function ike(t,e,r,n){let i="";if(t){let s=!1,o="";for(let a of t){let{source:A,type:c}=a;switch(c){case"space":s=!0;break;case"comment":{r&&!s&&n(a,"MISSING_CHAR","Comments must be separated from other tokens by white space characters");let l=A.substring(1)||" ";i?i+=o+l:i=l,o="";break}case"newline":i&&(o+=A),s=!0;break;default:n(a,"UNEXPECTED_TOKEN",`Unexpected ${c} at node end`)}e+=A.length}}return{comment:i,offset:e}}Z9.resolveEnd=ike});var n8=h(r8=>{"use strict";var ske=He(),oke=ka(),e8=Ta(),ake=Oa(),Ake=Pd(),t8=mm(),cke=IQ(),lke=qk(),Hk="Block collections are not allowed within flow collections",jk=t=>t&&(t.type==="block-map"||t.type==="block-seq");function uke({composeNode:t,composeEmptyNode:e},r,n,i,s){let o=n.start.source==="{",a=o?"flow map":"flow sequence",A=s?.nodeClass??(o?e8.YAMLMap:ake.YAMLSeq),c=new A(r.schema);c.flow=!0;let l=r.atRoot;l&&(r.atRoot=!1),r.atKey&&(r.atKey=!1);let u=n.offset+n.start.source.length;for(let E=0;E<n.items.length;++E){let C=n.items[E],{start:I,key:N,sep:w,value:v}=C,T=t8.resolveProps(I,{flow:a,indicator:"explicit-key-ind",next:N??w?.[0],offset:u,onError:i,parentIndent:n.indent,startOnNewline:!1});if(!T.found){if(!T.anchor&&!T.tag&&!w&&!v){E===0&&T.comma?i(T.comma,"UNEXPECTED_TOKEN",`Unexpected , in ${a}`):E<n.items.length-1&&i(T.start,"UNEXPECTED_TOKEN",`Unexpected empty item in ${a}`),T.comment&&(c.comment?c.comment+=`
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`+T.comment:c.comment=T.comment),u=T.end;continue}!o&&r.options.strict&&cke.containsNewline(N)&&i(N,"MULTILINE_IMPLICIT_KEY","Implicit keys of flow sequence pairs need to be on a single line")}if(E===0)T.comma&&i(T.comma,"UNEXPECTED_TOKEN",`Unexpected , in ${a}`);else if(T.comma||i(T.start,"MISSING_CHAR",`Missing , between ${a} items`),T.comment){let U="";e:for(let k of I)switch(k.type){case"comma":case"space":break;case"comment":U=k.source.substring(1);break e;default:break e}if(U){let k=c.items[c.items.length-1];ske.isPair(k)&&(k=k.value??k.key),k.comment?k.comment+=`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`+U:k.comment=U,T.comment=T.comment.substring(U.length+1)}}if(!o&&!w&&!T.found){let U=v?t(r,v,T,i):e(r,T.end,w,null,T,i);c.items.push(U),u=U.range[2],jk(v)&&i(U.range,"BLOCK_IN_FLOW",Hk)}else{r.atKey=!0;let U=T.end,k=N?t(r,N,T,i):e(r,U,I,null,T,i);jk(N)&&i(k.range,"BLOCK_IN_FLOW",Hk),r.atKey=!1;let J=t8.resolveProps(w??[],{flow:a,indicator:"map-value-ind",next:v,offset:k.range[2],onError:i,parentIndent:n.indent,startOnNewline:!1});if(J.found){if(!o&&!T.found&&r.options.strict){if(w)for(let H of w){if(H===J.found)break;if(H.type==="newline"){i(H,"MULTILINE_IMPLICIT_KEY","Implicit keys of flow sequence pairs need to be on a single line");break}}T.start<J.found.offset-1024&&i(J.found,"KEY_OVER_1024_CHARS","The : indicator must be at most 1024 chars after the start of an implicit flow sequence key")}}else v&&("source"in v&&v.source&&v.source[0]===":"?i(v,"MISSING_CHAR",`Missing space after : in ${a}`):i(J.start,"MISSING_CHAR",`Missing , or : between ${a} items`));let be=v?t(r,v,J,i):J.found?e(r,J.end,w,null,J,i):null;be?jk(v)&&i(be.range,"BLOCK_IN_FLOW",Hk):J.comment&&(k.comment?k.comment+=`
 								`+J.comment:k.comment=J.comment);let Re=new oke.Pair(k,be);if(r.options.keepSourceTokens&&(Re.srcToken=C),o){let H=c;lke.mapIncludes(r,H.items,k)&&i(U,"DUPLICATE_KEY","Map keys must be unique"),H.items.push(Re)}else{let H=new e8.YAMLMap(r.schema);H.flow=!0,H.items.push(Re);let _e=(be??k).range;H.range=[k.range[0],_e[1],_e[2]],c.items.push(H)}u=be?be.range[2]:J.end}}let d=o?"}":"]",[f,...g]=n.end,m=u;if(f&&f.source===d)m=f.offset+f.source.length;else{let E=a[0].toUpperCase()+a.substring(1),C=l?`${E} must end with a ${d}`:`${E} in block collection must be sufficiently indented and end with a ${d}`;i(u,l?"MISSING_CHAR":"BAD_INDENT",C),f&&f.source.length!==1&&g.unshift(f)}if(g.length>0){let E=Ake.resolveEnd(g,m,r.options.strict,i);E.comment&&(c.comment?c.comment+=`
 								`+E.comment:c.comment=E.comment),c.range=[n.offset,m,E.offset]}else c.range=[n.offset,m,m];return c}r8.resolveFlowCollection=uke});var s8=h(i8=>{"use strict";var dke=He(),fke=sr(),hke=Ta(),gke=Oa(),mke=$9(),pke=X9(),yke=n8();function zk(t,e,r,n,i,s){let o=r.type==="block-map"?mke.resolveBlockMap(t,e,r,n,s):r.type==="block-seq"?pke.resolveBlockSeq(t,e,r,n,s):yke.resolveFlowCollection(t,e,r,n,s),a=o.constructor;return i==="!"||i===a.tagName?(o.tag=a.tagName,o):(i&&(o.tag=i),o)}function Eke(t,e,r,n,i){let s=n.tag,o=s?e.directives.tagName(s.source,d=>i(s,"TAG_RESOLVE_FAILED",d)):null;if(r.type==="block-seq"){let{anchor:d,newlineAfterProp:f}=n,g=d&&s?d.offset>s.offset?d:s:d??s;g&&(!f||f.offset<g.offset)&&i(g,"MISSING_CHAR","Missing newline after block sequence props")}let a=r.type==="block-map"?"map":r.type==="block-seq"?"seq":r.start.source==="{"?"map":"seq";if(!s||!o||o==="!"||o===hke.YAMLMap.tagName&&a==="map"||o===gke.YAMLSeq.tagName&&a==="seq")return zk(t,e,r,i,o);let A=e.schema.tags.find(d=>d.tag===o&&d.collection===a);if(!A){let d=e.schema.knownTags[o];if(d&&d.collection===a)e.schema.tags.push(Object.assign({},d,{default:!1})),A=d;else return d?.collection?i(s,"BAD_COLLECTION_TYPE",`${d.tag} used for ${a} collection, but expects ${d.collection}`,!0):i(s,"TAG_RESOLVE_FAILED",`Unresolved tag: ${o}`,!0),zk(t,e,r,i,o)}let c=zk(t,e,r,i,o,A),l=A.resolve?.(c,d=>i(s,"TAG_RESOLVE_FAILED",d),e.options)??c,u=dke.isNode(l)?l:new fke.Scalar(l);return u.range=c.range,u.tag=o,A?.format&&(u.format=A.format),u}i8.composeCollection=Eke});var Yk=h(o8=>{"use strict";var Gk=sr();function Cke(t,e,r){let n=e.offset,i=Ike(e,t.options.strict,r);if(!i)return{value:"",type:null,comment:"",range:[n,n,n]};let s=i.mode===">"?Gk.Scalar.BLOCK_FOLDED:Gk.Scalar.BLOCK_LITERAL,o=e.source?Bke(e.source):[],a=o.length;for(let m=o.length-1;m>=0;--m){let E=o[m][1];if(E===""||E==="\r")a=m;else break}if(a===0){let m=i.chomp==="+"&&o.length>0?`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`.repeat(Math.max(1,o.length-1)):"",E=n+i.length;return e.source&&(E+=e.source.length),{value:m,type:s,comment:i.comment,range:[n,E,E]}}let A=e.indent+i.indent,c=e.offset+i.length,l=0;for(let m=0;m<a;++m){let[E,C]=o[m];if(C===""||C==="\r")i.indent===0&&E.length>A&&(A=E.length);else{E.length<A&&r(c+E.length,"MISSING_CHAR","Block scalars with more-indented leading empty lines must use an explicit indentation indicator"),i.indent===0&&(A=E.length),l=m,A===0&&!t.atRoot&&r(c,"BAD_INDENT","Block scalar values in collections must be indented");break}c+=E.length+C.length+1}for(let m=o.length-1;m>=a;--m)o[m][0].length>A&&(a=m+1);let u="",d="",f=!1;for(let m=0;m<l;++m)u+=o[m][0].slice(A)+`
-												fix: force-replace npm's broken bin shims for pn/pnx aliases

npm creates bin shims in .bin/ that point to an isolated copy in
.bin/.tools/. After self-update, setup.js fixes the main copy in
node_modules/@pnpm/exe/ but the .tools copy retains stale placeholder
files. Always replace the bin links so they point directly to the
fixed files instead of npm's broken .tools shims.

											
										
										
											2026-03-26 18:54:54 +01:00
+								`;for(let m=l;m<a;++m){let[E,C]=o[m];c+=E.length+C.length+1;let I=C[C.length-1]==="\r";if(I&&(C=C.slice(0,-1)),C&&E.length<A){let w=`Block scalar lines must not be less indented than their ${i.indent?"explicit indentation indicator":"first line"}`;r(c-C.length-(I?2:1),"BAD_INDENT",w),E=""}s===Gk.Scalar.BLOCK_LITERAL?(u+=d+E.slice(A)+C,d=`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`):E.length>A||C[0]==="	"?(d===" "?d=`
 								`:!f&&d===`
 								`&&(d=`
 								`),u+=d+E.slice(A)+C,d=`
 								`,f=!0):C===""?d===`
 								`?u+=`
 								`:d=`
 								`:(u+=d+C,d=" ",f=!1)}switch(i.chomp){case"-":break;case"+":for(let m=a;m<o.length;++m)u+=`
 								`+o[m][0].slice(A);u[u.length-1]!==`
 								`&&(u+=`
 								`);break;default:u+=`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`}let g=n+i.length+e.source.length;return{value:u,type:s,comment:i.comment,range:[n,g,g]}}function Ike({offset:t,props:e},r,n){if(e[0].type!=="block-scalar-header")return n(e[0],"IMPOSSIBLE","Block scalar header not found"),null;let{source:i}=e[0],s=i[0],o=0,a="",A=-1;for(let d=1;d<i.length;++d){let f=i[d];if(!a&&(f==="-"||f==="+"))a=f;else{let g=Number(f);!o&&g?o=g:A===-1&&(A=t+d)}}A!==-1&&n(A,"UNEXPECTED_TOKEN",`Block scalar header includes extra characters: ${i}`);let c=!1,l="",u=i.length;for(let d=1;d<e.length;++d){let f=e[d];switch(f.type){case"space":c=!0;case"newline":u+=f.source.length;break;case"comment":r&&!c&&n(f,"MISSING_CHAR","Comments must be separated from other tokens by white space characters"),u+=f.source.length,l=f.source.substring(1);break;case"error":n(f,"UNEXPECTED_TOKEN",f.message),u+=f.source.length;break;default:{let g=`Unexpected token in block scalar header: ${f.type}`;n(f,"UNEXPECTED_TOKEN",g);let m=f.source;m&&typeof m=="string"&&(u+=m.length)}}}return{mode:s,indent:o,chomp:a,comment:l,length:u}}function Bke(t){let e=t.split(/\n( *)/),r=e[0],n=r.match(/^( *)/),s=[n?.[1]?[n[1],r.slice(n[1].length)]:["",r]];for(let o=1;o<e.length;o+=2)s.push([e[o],e[o+1]]);return s}o8.resolveBlockScalar=Cke});var Vk=h(A8=>{"use strict";var Jk=sr(),Qke=Pd();function bke(t,e,r){let{offset:n,type:i,source:s,end:o}=t,a,A,c=(d,f,g)=>r(n+d,f,g);switch(i){case"scalar":a=Jk.Scalar.PLAIN,A=Nke(s,c);break;case"single-quoted-scalar":a=Jk.Scalar.QUOTE_SINGLE,A=wke(s,c);break;case"double-quoted-scalar":a=Jk.Scalar.QUOTE_DOUBLE,A=Ske(s,c);break;default:return r(t,"UNEXPECTED_TOKEN",`Expected a flow scalar value, but found: ${i}`),{value:"",type:null,comment:"",range:[n,n+s.length,n+s.length]}}let l=n+s.length,u=Qke.resolveEnd(o,l,e,r);return{value:A,type:a,comment:u.comment,range:[n,l,u.offset]}}function Nke(t,e){let r="";switch(t[0]){case"	":r="a tab character";break;case",":r="flow indicator character ,";break;case"%":r="directive indicator character %";break;case"|":case">":{r=`block scalar indicator ${t[0]}`;break}case"@":case"`":{r=`reserved character ${t[0]}`;break}}return r&&e(0,"BAD_SCALAR_START",`Plain value cannot start with ${r}`),a8(t)}function wke(t,e){return(t[t.length-1]!=="'"||t.length===1)&&e(t.length,"MISSING_CHAR","Missing closing 'quote"),a8(t.slice(1,-1)).replace(/''/g,"'")}function a8(t){let e,r;try{e=new RegExp(`(.*?)(?<![ 	])[ 	]*\r?
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`,"sy"),r=new RegExp(`[ 	]*(.*?)(?:(?<![ 	])[ 	]*)?\r?
 								`,"sy")}catch{e=/(.*?)[ \t]*\r?\n/sy,r=/[ \t]*(.*?)[ \t]*\r?\n/sy}let n=e.exec(t);if(!n)return t;let i=n[1],s=" ",o=e.lastIndex;for(r.lastIndex=o;n=r.exec(t);)n[1]===""?s===`
 								`?i+=s:s=`
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`:(i+=s+n[1],s=" "),o=r.lastIndex;let a=/[ \t]*(.*)/sy;return a.lastIndex=o,n=a.exec(t),i+s+(n?.[1]??"")}function Ske(t,e){let r="";for(let n=1;n<t.length-1;++n){let i=t[n];if(!(i==="\r"&&t[n+1]===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`))if(i===`
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`){let{fold:s,offset:o}=xke(t,n);r+=s,n=o}else if(i==="\\"){let s=t[++n],o=Rke[s];if(o)r+=o;else if(s===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)for(s=t[n+1];s===" "||s==="	";)s=t[++n+1];else if(s==="\r"&&t[n+1]===`
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`)for(s=t[++n+1];s===" "||s==="	";)s=t[++n+1];else if(s==="x"||s==="u"||s==="U"){let a={x:2,u:4,U:8}[s];r+=vke(t,n+1,a,e),n+=a}else{let a=t.substr(n-1,2);e(n-1,"BAD_DQ_ESCAPE",`Invalid escape sequence ${a}`),r+=a}}else if(i===" "||i==="	"){let s=n,o=t[n+1];for(;o===" "||o==="	";)o=t[++n+1];o!==`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`&&!(o==="\r"&&t[n+2]===`
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`)&&(r+=n>s?t.slice(s,n+1):i)}else r+=i}return(t[t.length-1]!=='"'||t.length===1)&&e(t.length,"MISSING_CHAR",'Missing closing "quote'),r}function xke(t,e){let r="",n=t[e+1];for(;(n===" "||n==="	"||n===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`||n==="\r")&&!(n==="\r"&&t[e+2]!==`
 								`);)n===`
 								`&&(r+=`
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								`),e+=1,n=t[e+1];return r||(r=" "),{fold:r,offset:e}}var Rke={0:"\0",a:"\x07",b:"\b",e:"\x1B",f:"\f",n:`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`,r:"\r",t:"	",v:"\v",N:"\x85",_:"\xA0",L:"\u2028",P:"\u2029"," ":" ",'"':'"',"/":"/","\\":"\\","	":"	"};function vke(t,e,r,n){let i=t.substr(e,r),o=i.length===r&&/^[0-9a-fA-F]+$/.test(i)?parseInt(i,16):NaN;if(isNaN(o)){let a=t.substr(e-2,r+2);return n(e-2,"BAD_DQ_ESCAPE",`Invalid escape sequence ${a}`),a}return String.fromCodePoint(o)}A8.resolveFlowScalar=bke});var u8=h(l8=>{"use strict";var VA=He(),c8=sr(),_ke=Yk(),Dke=Vk();function kke(t,e,r,n){let{value:i,type:s,comment:o,range:a}=e.type==="block-scalar"?_ke.resolveBlockScalar(t,e,n):Dke.resolveFlowScalar(e,t.options.strict,n),A=r?t.directives.tagName(r.source,u=>n(r,"TAG_RESOLVE_FAILED",u)):null,c;t.options.stringKeys&&t.atKey?c=t.schema[VA.SCALAR]:A?c=Pke(t.schema,i,A,r,n):e.type==="scalar"?c=Tke(t,i,e,n):c=t.schema[VA.SCALAR];let l;try{let u=c.resolve(i,d=>n(r??e,"TAG_RESOLVE_FAILED",d),t.options);l=VA.isScalar(u)?u:new c8.Scalar(u)}catch(u){let d=u instanceof Error?u.message:String(u);n(r??e,"TAG_RESOLVE_FAILED",d),l=new c8.Scalar(i)}return l.range=a,l.source=i,s&&(l.type=s),A&&(l.tag=A),c.format&&(l.format=c.format),o&&(l.comment=o),l}function Pke(t,e,r,n,i){if(r==="!")return t[VA.SCALAR];let s=[];for(let a of t.tags)if(!a.collection&&a.tag===r)if(a.default&&a.test)s.push(a);else return a;for(let a of s)if(a.test?.test(e))return a;let o=t.knownTags[r];return o&&!o.collection?(t.tags.push(Object.assign({},o,{default:!1,test:void 0})),o):(i(n,"TAG_RESOLVE_FAILED",`Unresolved tag: ${r}`,r!=="tag:yaml.org,2002:str"),t[VA.SCALAR])}function Tke({atKey:t,directives:e,schema:r},n,i,s){let o=r.tags.find(a=>(a.default===!0||t&&a.default==="key")&&a.test?.test(n))||r[VA.SCALAR];if(r.compat){let a=r.compat.find(A=>A.default&&A.test?.test(n))??r[VA.SCALAR];if(o.tag!==a.tag){let A=e.tagString(o.tag),c=e.tagString(a.tag),l=`Value may be parsed as either ${A} or ${c}`;s(i,"TAG_RESOLVE_FAILED",l,!0)}}return o}l8.composeScalar=kke});var f8=h(d8=>{"use strict";function Oke(t,e,r){if(e){r===null&&(r=e.length);for(let n=r-1;n>=0;--n){let i=e[n];switch(i.type){case"space":case"comment":case"newline":t-=i.source.length;continue}for(i=e[++n];i?.type==="space";)t+=i.source.length,i=e[++n];break}}return t}d8.emptyScalarPosition=Oke});var m8=h($k=>{"use strict";var Lke=Wg(),Mke=He(),Fke=s8(),h8=u8(),Uke=Pd(),qke=f8(),Hke={composeNode:g8,composeEmptyNode:Wk};function g8(t,e,r,n){let i=t.atKey,{spaceBefore:s,comment:o,anchor:a,tag:A}=r,c,l=!0;switch(e.type){case"alias":c=jke(t,e,n),(a||A)&&n(e,"ALIAS_PROPS","An alias node must not specify any properties");break;case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":case"block-scalar":c=h8.composeScalar(t,e,A,n),a&&(c.anchor=a.source.substring(1));break;case"block-map":case"block-seq":case"flow-collection":c=Fke.composeCollection(Hke,t,e,r,n),a&&(c.anchor=a.source.substring(1));break;default:{let u=e.type==="error"?e.message:`Unsupported token (type: ${e.type})`;n(e,"UNEXPECTED_TOKEN",u),c=Wk(t,e.offset,void 0,null,r,n),l=!1}}return a&&c.anchor===""&&n(a,"BAD_ALIAS","Anchor cannot be an empty string"),i&&t.options.stringKeys&&(!Mke.isScalar(c)||typeof c.value!="string"||c.tag&&c.tag!=="tag:yaml.org,2002:str")&&n(A??e,"NON_STRING_KEY","With stringKeys, all keys must be strings"),s&&(c.spaceBefore=!0),o&&(e.type==="scalar"&&e.source===""?c.comment=o:c.commentBefore=o),t.options.keepSourceTokens&&l&&(c.srcToken=e),c}function Wk(t,e,r,n,{spaceBefore:i,comment:s,anchor:o,tag:a,end:A},c){let l={type:"scalar",offset:qke.emptyScalarPosition(e,r,n),indent:-1,source:""},u=h8.composeScalar(t,l,a,c);return o&&(u.anchor=o.source.substring(1),u.anchor===""&&c(o,"BAD_ALIAS","Anchor cannot be an empty string")),i&&(u.spaceBefore=!0),s&&(u.comment=s,u.range[2]=A),u}function jke({options:t},{offset:e,source:r,end:n},i){let s=new Lke.Alias(r.substring(1));s.source===""&&i(e,"BAD_ALIAS","Alias cannot be an empty string"),s.source.endsWith(":")&&i(e+r.length-1,"BAD_ALIAS","Alias ending in : is ambiguous",!0);let o=e+r.length,a=Uke.resolveEnd(n,o,t.strict,i);return s.range=[e,o,a.offset],a.comment&&(s.comment=a.comment),s}$k.composeEmptyNode=Wk;$k.co
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
 								`:`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`)+(s.substring(1)||" "),r=!0,n=!1;break;case"%":t[i+1]?.[0]!=="#"&&(i+=1),r=!1;break;default:r||(n=!0),r=!1}}return{comment:e,afterEmptyLine:n}}var Kk=class{constructor(e={}){this.doc=null,this.atDirectives=!1,this.prelude=[],this.errors=[],this.warnings=[],this.onError=(r,n,i,s)=>{let o=ym(r);s?this.warnings.push(new pm.YAMLWarning(o,n,i)):this.errors.push(new pm.YAMLParseError(o,n,i))},this.directives=new Wke.Directives({version:e.version||"1.2"}),this.options=e}decorate(e,r){let{comment:n,afterEmptyLine:i}=I8(this.prelude);if(n){let s=e.contents;if(r)e.comment=e.comment?`${e.comment}
 								${n}`:n;else if(i||e.directives.docStart||!s)e.commentBefore=n;else if(C8.isCollection(s)&&!s.flow&&s.items.length>0){let o=s.items[0];C8.isPair(o)&&(o=o.key);let a=o.commentBefore;o.commentBefore=a?`${n}
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								${a}`:n}else{let o=s.commentBefore;s.commentBefore=o?`${n}
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								${o}`:n}}r?(Array.prototype.push.apply(e.errors,this.errors),Array.prototype.push.apply(e.warnings,this.warnings)):(e.errors=this.errors,e.warnings=this.warnings),this.prelude=[],this.errors=[],this.warnings=[]}streamInfo(){return{comment:I8(this.prelude).comment,directives:this.directives,errors:this.errors,warnings:this.warnings}}*compose(e,r=!1,n=-1){for(let i of e)yield*this.next(i);yield*this.end(r,n)}*next(e){switch(Vke.env.LOG_STREAM&&console.dir(e,{depth:null}),e.type){case"directive":this.directives.add(e.source,(r,n,i)=>{let s=ym(e);s[0]+=r,this.onError(s,"BAD_DIRECTIVE",n,i)}),this.prelude.push(e.source),this.atDirectives=!0;break;case"document":{let r=Kke.composeDoc(this.options,this.directives,e,this.onError);this.atDirectives&&!r.directives.docStart&&this.onError(e,"MISSING_CHAR","Missing directives-end/doc-start indicator line"),this.decorate(r,!1),this.doc&&(yield this.doc),this.doc=r,this.atDirectives=!1;break}case"byte-order-mark":case"space":break;case"comment":case"newline":this.prelude.push(e.source);break;case"error":{let r=e.source?`${e.message}: ${JSON.stringify(e.source)}`:e.message,n=new pm.YAMLParseError(ym(e),"UNEXPECTED_TOKEN",r);this.atDirectives||!this.doc?this.errors.push(n):this.doc.errors.push(n);break}case"doc-end":{if(!this.doc){let n="Unexpected doc-end without preceding document";this.errors.push(new pm.YAMLParseError(ym(e),"UNEXPECTED_TOKEN",n));break}this.doc.directives.docEnd=!0;let r=Xke.resolveEnd(e.end,e.offset+e.source.length,this.doc.options.strict,this.onError);if(this.decorate(this.doc,!0),r.comment){let n=this.doc.comment;this.doc.comment=n?`${n}
 								${r.comment}`:r.comment}this.doc.range[2]=r.offset;break}default:this.errors.push(new pm.YAMLParseError(ym(e),"UNEXPECTED_TOKEN",`Unsupported token ${e.type}`))}}*end(e=!1,r=-1){if(this.doc)this.decorate(this.doc,!0),yield this.doc,this.doc=null;else if(e){let n=Object.assign({_directives:this.directives},this.options),i=new $ke.Document(void 0,n);this.atDirectives&&this.onError(r,"MISSING_CHAR","Missing directives-end indicator line"),i.range=[0,r,r],this.decorate(i,!1),yield i}}};B8.Composer=Kk});var N8=h(BQ=>{"use strict";var Zke=Yk(),ePe=Vk(),tPe=gm(),Q8=em();function rPe(t,e=!0,r){if(t){let n=(i,s,o)=>{let a=typeof i=="number"?i:Array.isArray(i)?i[0]:i.offset;if(r)r(a,s,o);else throw new tPe.YAMLParseError([a,a+1],s,o)};switch(t.type){case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return ePe.resolveFlowScalar(t,e,n);case"block-scalar":return Zke.resolveBlockScalar({options:{strict:e}},t,n)}}return null}function nPe(t,e){let{implicitKey:r=!1,indent:n,inFlow:i=!1,offset:s=-1,type:o="PLAIN"}=e,a=Q8.stringifyString({type:o,value:t},{implicitKey:r,indent:n>0?" ".repeat(n):"",inFlow:i,options:{blockQuote:!0,lineWidth:-1}}),A=e.end??[{type:"newline",offset:-1,indent:n,source:`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`}];switch(a[0]){case"|":case">":{let c=a.indexOf(`
 								`),l=a.substring(0,c),u=a.substring(c+1)+`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`,d=[{type:"block-scalar-header",offset:s,indent:n,source:l}];return b8(d,A)||d.push({type:"newline",offset:-1,indent:n,source:`
 								`}),{type:"block-scalar",offset:s,indent:n,props:d,source:u}}case'"':return{type:"double-quoted-scalar",offset:s,indent:n,source:a,end:A};case"'":return{type:"single-quoted-scalar",offset:s,indent:n,source:a,end:A};default:return{type:"scalar",offset:s,indent:n,source:a,end:A}}}function iPe(t,e,r={}){let{afterKey:n=!1,implicitKey:i=!1,inFlow:s=!1,type:o}=r,a="indent"in t?t.indent:null;if(n&&typeof a=="number"&&(a+=2),!o)switch(t.type){case"single-quoted-scalar":o="QUOTE_SINGLE";break;case"double-quoted-scalar":o="QUOTE_DOUBLE";break;case"block-scalar":{let c=t.props[0];if(c.type!=="block-scalar-header")throw new Error("Invalid block scalar header");o=c.source[0]===">"?"BLOCK_FOLDED":"BLOCK_LITERAL";break}default:o="PLAIN"}let A=Q8.stringifyString({type:o,value:e},{implicitKey:i||a===null,indent:a!==null&&a>0?" ".repeat(a):"",inFlow:s,options:{blockQuote:!0,lineWidth:-1}});switch(A[0]){case"|":case">":sPe(t,A);break;case'"':Zk(t,A,"double-quoted-scalar");break;case"'":Zk(t,A,"single-quoted-scalar");break;default:Zk(t,A,"scalar")}}function sPe(t,e){let r=e.indexOf(`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`),n=e.substring(0,r),i=e.substring(r+1)+`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`;if(t.type==="block-scalar"){let s=t.props[0];if(s.type!=="block-scalar-header")throw new Error("Invalid block scalar header");s.source=n,t.source=i}else{let{offset:s}=t,o="indent"in t?t.indent:-1,a=[{type:"block-scalar-header",offset:s,indent:o,source:n}];b8(a,"end"in t?t.end:void 0)||a.push({type:"newline",offset:-1,indent:o,source:`
 								`});for(let A of Object.keys(t))A!=="type"&&A!=="offset"&&delete t[A];Object.assign(t,{type:"block-scalar",indent:o,props:a,source:i})}}function b8(t,e){if(e)for(let r of e)switch(r.type){case"space":case"comment":t.push(r);break;case"newline":return t.push(r),!0}return!1}function Zk(t,e,r){switch(t.type){case"scalar":case"double-quoted-scalar":case"single-quoted-scalar":t.type=r,t.source=e;break;case"block-scalar":{let n=t.props.slice(1),i=e.length;t.props[0].type==="block-scalar-header"&&(i-=t.props[0].source.length);for(let s of n)s.offset+=i;delete t.props,Object.assign(t,{type:r,source:e,end:n});break}case"block-map":case"block-seq":{let i={type:"newline",offset:t.offset+e.length,indent:t.indent,source:`
 								`};delete t.items,Object.assign(t,{type:r,source:e,end:[i]});break}default:{let n="indent"in t?t.indent:-1,i="end"in t&&Array.isArray(t.end)?t.end.filter(s=>s.type==="space"||s.type==="comment"||s.type==="newline"):[];for(let s of Object.keys(t))s!=="type"&&s!=="offset"&&delete t[s];Object.assign(t,{type:r,indent:n,source:e,end:i})}}}BQ.createScalarToken=nPe;BQ.resolveAsScalar=rPe;BQ.setScalarValue=iPe});var S8=h(w8=>{"use strict";var oPe=t=>"type"in t?bQ(t):QQ(t);function bQ(t){switch(t.type){case"block-scalar":{let e="";for(let r of t.props)e+=bQ(r);return e+t.source}case"block-map":case"block-seq":{let e="";for(let r of t.items)e+=QQ(r);return e}case"flow-collection":{let e=t.start.source;for(let r of t.items)e+=QQ(r);for(let r of t.end)e+=r.source;return e}case"document":{let e=QQ(t);if(t.end)for(let r of t.end)e+=r.source;return e}default:{let e=t.source;if("end"in t&&t.end)for(let r of t.end)e+=r.source;return e}}}function QQ({start:t,key:e,sep:r,value:n}){let i="";for(let s of t)i+=s.source;if(e&&(i+=bQ(e)),r)for(let s of r)i+=s.source;return n&&(i+=bQ(n)),i}w8.stringify=oPe});var _8=h(v8=>{"use strict";var eP=Symbol("break visit"),aPe=Symbol("skip children"),x8=Symbol("remove item");function WA(t,e){"type"in t&&t.type==="document"&&(t={start:t.start,value:t.value}),R8(Object.freeze([]),t,e)}WA.BREAK=eP;WA.SKIP=aPe;WA.REMOVE=x8;WA.itemAtPath=(t,e)=>{let r=t;for(let[n,i]of e){let s=r?.[n];if(s&&"items"in s)r=s.items[i];else return}return r};WA.parentCollection=(t,e)=>{let r=WA.itemAtPath(t,e.slice(0,-1)),n=e[e.length-1][0],i=r?.[n];if(i&&"items"in i)return i;throw new Error("Parent collection not found")};function R8(t,e,r){let n=r(e,t);if(typeof n=="symbol")return n;for(let i of["key","value"]){let s=e[i];if(s&&"items"in s){for(let o=0;o<s.items.length;++o){let a=R8(Object.freeze(t.concat([[i,o]])),s.items[o],r);if(typeof a=="number")o=a-1;else{if(a===eP)return eP;a===x8&&(s.items.splice(o,1),o-=1)}}typeof n=="function"&&i==="key"&&(n=n(e,t))}}return typeof n=="function"?n(e,t):n}v8.visit=WA});var NQ=h(Pn=>{"use strict";var tP=N8(),APe=S8(),cPe=_8(),rP="\uFEFF",nP="",iP="",sP="",lPe=t=>!!t&&"items"in t,uPe=t=>!!t&&(t.type==="scalar"||t.type==="single-quoted-scalar"||t.type==="double-quoted-scalar"||t.type==="block-scalar");function dPe(t){switch(t){case rP:return"<BOM>";case nP:return"<DOC>";case iP:return"<FLOW_END>";case sP:return"<SCALAR>";default:return JSON.stringify(t)}}function fPe(t){switch(t){case rP:return"byte-order-mark";case nP:return"doc-mode";case iP:return"flow-error-end";case sP:return"scalar";case"---":return"doc-start";case"...":return"doc-end";case"":case`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`:case`\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`:return"newline";case"-":return"seq-item-ind";case"?":return"explicit-key-ind";case":":return"map-value-ind";case"{":return"flow-map-start";case"}":return"flow-map-end";case"[":return"flow-seq-start";case"]":return"flow-seq-end";case",":return"comma"}switch(t[0]){case" ":case"	":return"space";case"#":return"comment";case"%":return"directive-line";case"*":return"alias";case"&":return"anchor";case"!":return"tag";case"'":return"single-quoted-scalar";case'"':return"double-quoted-scalar";case"|":case">":return"block-scalar-header"}return null}Pn.createScalarToken=tP.createScalarToken;Pn.resolveAsScalar=tP.resolveAsScalar;Pn.setScalarValue=tP.setScalarValue;Pn.stringify=APe.stringify;Pn.visit=cPe.visit;Pn.BOM=rP;Pn.DOCUMENT=nP;Pn.FLOW_END=iP;Pn.SCALAR=sP;Pn.isCollection=lPe;Pn.isScalar=uPe;Pn.prettyToken=dPe;Pn.tokenType=fPe});var AP=h(k8=>{"use strict";var Em=NQ();function rs(t){switch(t){case void 0:case" ":case`
 								`:case"\r":case"	":return!0;default:return!1}}var D8=new Set("0123456789ABCDEFabcdef"),hPe=new Set("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-#;/?:@&=+$_.!~*'()"),wQ=new Set(",[]{}"),gPe=new Set(` ,[]{}
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								\r	`),oP=t=>!t||gPe.has(t),aP=class{constructor(){this.atEnd=!1,this.blockScalarIndent=-1,this.blockScalarKeep=!1,this.buffer="",this.flowKey=!1,this.flowLevel=0,this.indentNext=0,this.indentValue=0,this.lineEndPos=null,this.next=null,this.pos=0}*lex(e,r=!1){if(e){if(typeof e!="string")throw TypeError("source is not a string");this.buffer=this.buffer?this.buffer+e:e,this.lineEndPos=null}this.atEnd=!r;let n=this.next??"stream";for(;n&&(r||this.hasChars(1));)n=yield*this.parseNext(n)}atLineEnd(){let e=this.pos,r=this.buffer[e];for(;r===" "||r==="	";)r=this.buffer[++e];return!r||r==="#"||r===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`?!0:r==="\r"?this.buffer[e+1]===`
 								`:!1}charAt(e){return this.buffer[this.pos+e]}continueScalar(e){let r=this.buffer[e];if(this.indentNext>0){let n=0;for(;r===" ";)r=this.buffer[++n+e];if(r==="\r"){let i=this.buffer[n+e+1];if(i===`
 								`||!i&&!this.atEnd)return e+n+1}return r===`
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`||n>=this.indentNext||!r&&!this.atEnd?e+n:-1}if(r==="-"||r==="."){let n=this.buffer.substr(e,3);if((n==="---"||n==="...")&&rs(this.buffer[e+3]))return-1}return e}getLine(){let e=this.lineEndPos;return(typeof e!="number"||e!==-1&&e<this.pos)&&(e=this.buffer.indexOf(`
 								`,this.pos),this.lineEndPos=e),e===-1?this.atEnd?this.buffer.substring(this.pos):null:(this.buffer[e-1]==="\r"&&(e-=1),this.buffer.substring(this.pos,e))}hasChars(e){return this.pos+e<=this.buffer.length}setNext(e){return this.buffer=this.buffer.substring(this.pos),this.pos=0,this.lineEndPos=null,this.next=e,null}peek(e){return this.buffer.substr(this.pos,e)}*parseNext(e){switch(e){case"stream":return yield*this.parseStream();case"line-start":return yield*this.parseLineStart();case"block-start":return yield*this.parseBlockStart();case"doc":return yield*this.parseDocument();case"flow":return yield*this.parseFlowCollection();case"quoted-scalar":return yield*this.parseQuotedScalar();case"block-scalar":return yield*this.parseBlockScalar();case"plain-scalar":return yield*this.parsePlainScalar()}}*parseStream(){let e=this.getLine();if(e===null)return this.setNext("stream");if(e[0]===Em.BOM&&(yield*this.pushCount(1),e=e.substring(1)),e[0]==="%"){let r=e.length,n=e.indexOf("#");for(;n!==-1;){let s=e[n-1];if(s===" "||s==="	"){r=n-1;break}else n=e.indexOf("#",n+1)}for(;;){let s=e[r-1];if(s===" "||s==="	")r-=1;else break}let i=(yield*this.pushCount(r))+(yield*this.pushSpaces(!0));return yield*this.pushCount(e.length-i),this.pushNewline(),"stream"}if(this.atLineEnd()){let r=yield*this.pushSpaces(!0);return yield*this.pushCount(e.length-r),yield*this.pushNewline(),"stream"}return yield Em.DOCUMENT,yield*this.parseLineStart()}*parseLineStart(){let e=this.charAt(0);if(!e&&!this.atEnd)return this.setNext("line-start");if(e==="-"||e==="."){if(!this.atEnd&&!this.hasChars(4))return this.setNext("line-start");let r=this.peek(3);if((r==="---"||r==="...")&&rs(this.charAt(3)))return yield*this.pushCount(3),this.indentValue=0,this.indentNext=0,r==="---"?"doc":"stream"}return this.indentValue=yield*this.pushSpaces(!1),this.indentNext>this.indentValue&&!rs(this.charAt(1))&&(this.indentNext=this.indentValue),yield*this.parseBlockStart()}*parseBlockStart(){let[e,r]=this.peek(2);if(!r&&!this.atEnd)return this.setNext("block-start");if((e==="-"||e==="?"||e===":")&&rs(r)){let n=(yield*this.pushCount(1))+(yield*this.pushSpaces(!0));return this.indentNext=this.indentValue+1,this.indentValue+=n,yield*this.parseBlockStart()}return"doc"}*parseDocument(){yield*this.pushSpaces(!0);let e=this.getLine();if(e===null)return this.setNext("doc");let r=yield*this.pushIndicators();switch(e[r]){case"#":yield*this.pushCount(e.length-r);case void 0:return yield*this.pushNewline(),yield*this.parseLineStart();case"{":case"[":return yield*this.pushCount(1),this.flowKey=!1,this.flowLevel=1,"flow";case"}":case"]":return yield*this.pushCount(1),"doc";case"*":return yield*this.pushUntil(oP),"doc";case'"':case"'":return yield*this.parseQuotedScalar();case"|":case">":return r+=yield*this.parseBlockScalarHeader(),r+=yield*this.pushSpaces(!0),yield*this.pushCount(e.length-r),yield*this.pushNewline(),yield*this.parseBlockScalar();default:return yield*this.parsePlainScalar()}}*parseFlowCollection(){let e,r,n=-1;do e=yield*this.pushNewline(),e>0?(r=yield*this.pushSpaces(!1),this.indentValue=n=r):r=0,r+=yield*this.pushSpaces(!0);while(e+r>0);let i=this.getLine();if(i===null)return this.setNext("flow");if((n!==-1&&n<this.indentNext&&i[0]!=="#"||n===0&&(i.startsWith("---")||i.startsWith("..."))&&rs(i[3]))&&!(n===this.indentNext-1&&this.flowLevel===1&&(i[0]==="]"||i[0]==="}")))return this.flowLevel=0,yield Em.FLOW_END,yield*this.parseLineStart();let s=0;for(;i[s]===",";)s+=yield*this.pushCount(1),s+=yield*this.pushSpaces(!0),this.flowKey=!1;switch(s+=yield*this.pushIndicators(),i[s]){case void 0:return"flow";case"#":return yield*this.pushCount(i.length-s),"flow";case"{":case"[":return yield*this.pushCount(1),this.flowKey=!1,this.flowLevel+=1,"flow";case"}":case"]":return yield*this.pushCount(1),this.flowKey=!0,this.flowLevel-=1,this.flowLevel?"flow":"doc";case"*":return yield*this.pushUntil(oP),"flow";case'"':case"'":return this.flowKey=!0,yield*this.parseQuotedScalar();case":":{let o=this.charAt(1);if(this.flowKey||rs(o)||o===",")return this.flowKey=!1,yield*this.pushCount(1),yield*th
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`,this.pos);if(i!==-1){for(;i!==-1;){let s=this.continueScalar(i+1);if(s===-1)break;i=n.indexOf(`
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`,s)}i!==-1&&(r=i-(n[i-1]==="\r"?2:1))}if(r===-1){if(!this.atEnd)return this.setNext("quoted-scalar");r=this.buffer.length}return yield*this.pushToIndex(r+1,!1),this.flowLevel?"flow":"doc"}*parseBlockScalarHeader(){this.blockScalarIndent=-1,this.blockScalarKeep=!1;let e=this.pos;for(;;){let r=this.buffer[++e];if(r==="+")this.blockScalarKeep=!0;else if(r>"0"&&r<="9")this.blockScalarIndent=Number(r)-1;else if(r!=="-")break}return yield*this.pushUntil(r=>rs(r)||r==="#")}*parseBlockScalar(){let e=this.pos-1,r=0,n;e:for(let s=this.pos;n=this.buffer[s];++s)switch(n){case" ":r+=1;break;case`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`:e=s,r=0;break;case"\r":{let o=this.buffer[s+1];if(!o&&!this.atEnd)return this.setNext("block-scalar");if(o===`
 								`)break}default:break e}if(!n&&!this.atEnd)return this.setNext("block-scalar");if(r>=this.indentNext){this.blockScalarIndent===-1?this.indentNext=r:this.indentNext=this.blockScalarIndent+(this.indentNext===0?1:this.indentNext);do{let s=this.continueScalar(e+1);if(s===-1)break;e=this.buffer.indexOf(`
 								`,s)}while(e!==-1);if(e===-1){if(!this.atEnd)return this.setNext("block-scalar");e=this.buffer.length}}let i=e+1;for(n=this.buffer[i];n===" ";)n=this.buffer[++i];if(n==="	"){for(;n==="	"||n===" "||n==="\r"||n===`
 								`;)n=this.buffer[++i];e=i-1}else if(!this.blockScalarKeep)do{let s=e-1,o=this.buffer[s];o==="\r"&&(o=this.buffer[--s]);let a=s;for(;o===" ";)o=this.buffer[--s];if(o===`
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`&&s>=this.pos&&s+1+r>a)e=s;else break}while(!0);return yield Em.SCALAR,yield*this.pushToIndex(e+1,!0),yield*this.parseLineStart()}*parsePlainScalar(){let e=this.flowLevel>0,r=this.pos-1,n=this.pos-1,i;for(;i=this.buffer[++n];)if(i===":"){let s=this.buffer[n+1];if(rs(s)||e&&wQ.has(s))break;r=n}else if(rs(i)){let s=this.buffer[n+1];if(i==="\r"&&(s===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`?(n+=1,i=`
-												fix: also create alias links in $PNPM_HOME/bin/

self-update links bins to $PNPM_HOME/bin/ which comes first in PATH.
Without alias links there, the broken pnx shim from self-update
(pointing to placeholder files) takes precedence over our .bin/pnx.

											
										
										
											2026-03-26 19:14:42 +01:00
+								`,s=this.buffer[n+1]):r=n),s==="#"||e&&wQ.has(s))break;if(i===`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`){let o=this.continueScalar(n+1);if(o===-1)break;n=Math.max(n,o-2)}}else{if(e&&wQ.has(i))break;r=n}return!i&&!this.atEnd?this.setNext("plain-scalar"):(yield Em.SCALAR,yield*this.pushToIndex(r+1,!0),e?"flow":"doc")}*pushCount(e){return e>0?(yield this.buffer.substr(this.pos,e),this.pos+=e,e):0}*pushToIndex(e,r){let n=this.buffer.slice(this.pos,e);return n?(yield n,this.pos+=n.length,n.length):(r&&(yield""),0)}*pushIndicators(){switch(this.charAt(0)){case"!":return(yield*this.pushTag())+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators());case"&":return(yield*this.pushUntil(oP))+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators());case"-":case"?":case":":{let e=this.flowLevel>0,r=this.charAt(1);if(rs(r)||e&&wQ.has(r))return e?this.flowKey&&(this.flowKey=!1):this.indentNext=this.indentValue+1,(yield*this.pushCount(1))+(yield*this.pushSpaces(!0))+(yield*this.pushIndicators())}}return 0}*pushTag(){if(this.charAt(1)==="<"){let e=this.pos+2,r=this.buffer[e];for(;!rs(r)&&r!==">";)r=this.buffer[++e];return yield*this.pushToIndex(r===">"?e+1:e,!1)}else{let e=this.pos+1,r=this.buffer[e];for(;r;)if(hPe.has(r))r=this.buffer[++e];else if(r==="%"&&D8.has(this.buffer[e+1])&&D8.has(this.buffer[e+2]))r=this.buffer[e+=3];else break;return yield*this.pushToIndex(e,!1)}}*pushNewline(){let e=this.buffer[this.pos];return e===`
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`?yield*this.pushCount(1):e==="\r"&&this.charAt(1)===`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`?yield*this.pushCount(2):0}*pushSpaces(e){let r=this.pos-1,n;do n=this.buffer[++r];while(n===" "||e&&n==="	");let i=r-this.pos;return i>0&&(yield this.buffer.substr(this.pos,i),this.pos=r),i}*pushUntil(e){let r=this.pos,n=this.buffer[r];for(;!e(n);)n=this.buffer[++r];return yield*this.pushToIndex(r,!1)}};k8.Lexer=aP});var lP=h(P8=>{"use strict";var cP=class{constructor(){this.lineStarts=[],this.addNewLine=e=>this.lineStarts.push(e),this.linePos=e=>{let r=0,n=this.lineStarts.length;for(;r<n;){let s=r+n>>1;this.lineStarts[s]<e?r=s+1:n=s}if(this.lineStarts[r]===e)return{line:r+1,col:1};if(r===0)return{line:0,col:e};let i=this.lineStarts[r-1];return{line:r,col:e-i+1}}}};P8.LineCounter=cP});var dP=h(F8=>{"use strict";var mPe=require("node:process"),T8=NQ(),pPe=AP();function $A(t,e){for(let r=0;r<t.length;++r)if(t[r].type===e)return!0;return!1}function O8(t){for(let e=0;e<t.length;++e)switch(t[e].type){case"space":case"comment":case"newline":break;default:return e}return-1}function M8(t){switch(t?.type){case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":case"flow-collection":return!0;default:return!1}}function SQ(t){switch(t.type){case"document":return t.start;case"block-map":{let e=t.items[t.items.length-1];return e.sep??e.start}case"block-seq":return t.items[t.items.length-1].start;default:return[]}}function Td(t){if(t.length===0)return[];let e=t.length;e:for(;--e>=0;)switch(t[e].type){case"doc-start":case"explicit-key-ind":case"map-value-ind":case"seq-item-ind":case"newline":break e}for(;t[++e]?.type==="space";);return t.splice(e,t.length)}function L8(t){if(t.start.type==="flow-seq-start")for(let e of t.items)e.sep&&!e.value&&!$A(e.start,"explicit-key-ind")&&!$A(e.sep,"map-value-ind")&&(e.key&&(e.value=e.key),delete e.key,M8(e.value)?e.value.end?Array.prototype.push.apply(e.value.end,e.sep):e.value.end=e.sep:Array.prototype.push.apply(e.start,e.sep),delete e.sep)}var uP=class{constructor(e){this.atNewLine=!0,this.atScalar=!1,this.indent=0,this.offset=0,this.onKeyLine=!1,this.stack=[],this.source="",this.type="",this.lexer=new pPe.Lexer,this.onNewLine=e}*parse(e,r=!1){this.onNewLine&&this.offset===0&&this.onNewLine(0);for(let n of this.lexer.lex(e,r))yield*this.next(n);r||(yield*this.end())}*next(e){if(this.source=e,mPe.env.LOG_TOKENS&&console.log("|",T8.prettyToken(e)),this.atScalar){this.atScalar=!1,yield*this.step(),this.offset+=e.length;return}let r=T8.tokenType(e);if(r)if(r==="scalar")this.atNewLine=!1,this.atScalar=!0,this.type="scalar";else{switch(this.type=r,yield*this.step(),r){case"newline":this.atNewLine=!0,this.indent=0,this.onNewLine&&this.onNewLine(this.offset+e.length);break;case"space":this.atNewLine&&e[0]===" "&&(this.indent+=e.length);break;case"explicit-key-ind":case"map-value-ind":case"seq-item-ind":this.atNewLine&&(this.indent+=e.length);break;case"doc-mode":case"flow-error-end":return;default:this.atNewLine=!1}this.offset+=e.length}else{let n=`Not a YAML token: ${e}`;yield*this.pop({type:"error",offset:this.offset,message:n,source:e}),this.offset+=e.length}}*end(){for(;this.stack.length>0;)yield*this.pop()}get sourceToken(){return{type:this.type,offset:this.offset,indent:this.indent,source:this.source}}*step(){let e=this.peek(1);if(this.type==="doc-end"&&(!e||e.type!=="doc-end")){for(;this.stack.length>0;)yield*this.pop();this.stack.push({type:"doc-end",offset:this.offset,source:this.source});return}if(!e)return yield*this.stream();switch(e.type){case"document":return yield*this.document(e);case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return yield*this.scalar(e);case"block-scalar":return yield*this.blockScalar(e);case"block-map":return yield*this.blockMap(e);case"block-seq":return yield*this.blockSequence(e);case"flow-collection":return yield*this.flowCollection(e);case"doc-end":return yield*this.documentEnd(e)}yield*this.pop()}peek(e){return this.stack[this.stack.length-e]}*pop(e){let r=e??this.stack.pop();if(!r)yield{type:"error",offset:this.offset,source:"",message:"Tried to pop an empty stack"};else if(this.stack.length===0)yield r;else
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)+1;for(;r!==0;)this.onNewLine(this.offset+r),r=this.source.indexOf(`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`,r)+1}yield*this.pop();break;default:yield*this.pop(),yield*this.step()}}*blockMap(e){let r=e.items[e.items.length-1];switch(this.type){case"newline":if(this.onKeyLine=!1,r.value){let n="end"in r.value?r.value.end:void 0;(Array.isArray(n)?n[n.length-1]:void 0)?.type==="comment"?n?.push(this.sourceToken):e.items.push({start:[this.sourceToken]})}else r.sep?r.sep.push(this.sourceToken):r.start.push(this.sourceToken);return;case"space":case"comment":if(r.value)e.items.push({start:[this.sourceToken]});else if(r.sep)r.sep.push(this.sourceToken);else{if(this.atIndentedComment(r.start,e.indent)){let i=e.items[e.items.length-2]?.value?.end;if(Array.isArray(i)){Array.prototype.push.apply(i,r.start),i.push(this.sourceToken),e.items.pop();return}}r.start.push(this.sourceToken)}return}if(this.indent>=e.indent){let n=!this.onKeyLine&&this.indent===e.indent,i=n&&(r.sep||r.explicitKey)&&this.type!=="seq-item-ind",s=[];if(i&&r.sep&&!r.value){let o=[];for(let a=0;a<r.sep.length;++a){let A=r.sep[a];switch(A.type){case"newline":o.push(a);break;case"space":break;case"comment":A.indent>e.indent&&(o.length=0);break;default:o.length=0}}o.length>=2&&(s=r.sep.splice(o[1]))}switch(this.type){case"anchor":case"tag":i||r.value?(s.push(this.sourceToken),e.items.push({start:s}),this.onKeyLine=!0):r.sep?r.sep.push(this.sourceToken):r.start.push(this.sourceToken);return;case"explicit-key-ind":!r.sep&&!r.explicitKey?(r.start.push(this.sourceToken),r.explicitKey=!0):i||r.value?(s.push(this.sourceToken),e.items.push({start:s,explicitKey:!0})):this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:[this.sourceToken],explicitKey:!0}]}),this.onKeyLine=!0;return;case"map-value-ind":if(r.explicitKey)if(r.sep)if(r.value)e.items.push({start:[],key:null,sep:[this.sourceToken]});else if($A(r.sep,"map-value-ind"))this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:s,key:null,sep:[this.sourceToken]}]});else if(M8(r.key)&&!$A(r.sep,"newline")){let o=Td(r.start),a=r.key,A=r.sep;A.push(this.sourceToken),delete r.key,delete r.sep,this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:o,key:a,sep:A}]})}else s.length>0?r.sep=r.sep.concat(s,this.sourceToken):r.sep.push(this.sourceToken);else if($A(r.start,"newline"))Object.assign(r,{key:null,sep:[this.sourceToken]});else{let o=Td(r.start);this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:o,key:null,sep:[this.sourceToken]}]})}else r.sep?r.value||i?e.items.push({start:s,key:null,sep:[this.sourceToken]}):$A(r.sep,"map-value-ind")?this.stack.push({type:"block-map",offset:this.offset,indent:this.indent,items:[{start:[],key:null,sep:[this.sourceToken]}]}):r.sep.push(this.sourceToken):Object.assign(r,{key:null,sep:[this.sourceToken]});this.onKeyLine=!0;return;case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":{let o=this.flowScalar(this.type);i||r.value?(e.items.push({start:s,key:o,sep:[]}),this.onKeyLine=!0):r.sep?this.stack.push(o):(Object.assign(r,{key:o,sep:[]}),this.onKeyLine=!0);return}default:{let o=this.startBlockValue(e);if(o){n&&o.type!=="block-seq"&&e.items.push({start:s}),this.stack.push(o);return}}}}yield*this.pop(),yield*this.step()}*blockSequence(e){let r=e.items[e.items.length-1];switch(this.type){case"newline":if(r.value){let n="end"in r.value?r.value.end:void 0;(Array.isArray(n)?n[n.length-1]:void 0)?.type==="comment"?n?.push(this.sourceToken):e.items.push({start:[this.sourceToken]})}else r.start.push(this.sourceToken);return;case"space":case"comment":if(r.value)e.items.push({start:[this.sourceToken]});else{if(this.atIndentedComment(r.start,e.indent)){let i=e.items[e.items.length-2]?.value?.end;if(Array.isArray(i)){Array.prototype.push.apply(i,r.start),i.push(this.sourceToken),e.items.pop();return}}r.start.push(this.sourceToken)}return;case"anchor":case"tag":if(r.value||this.indent<=e.indent)break;r.start.push(this.sourceToken);return;case"seq-item-ind":if(this.indent!==e.indent)break;r.value||$A(r.start,"seq-item-ind")?e.items.push({start:[this.sourceTo
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								`)+1;for(;r!==0;)this.onNewLine(this.offset+r),r=this.source.indexOf(`
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`,r)+1}return{type:e,offset:this.offset,indent:this.indent,source:this.source}}startBlockValue(e){switch(this.type){case"alias":case"scalar":case"single-quoted-scalar":case"double-quoted-scalar":return this.flowScalar(this.type);case"block-scalar-header":return{type:"block-scalar",offset:this.offset,indent:this.indent,props:[this.sourceToken],source:""};case"flow-map-start":case"flow-seq-start":return{type:"flow-collection",offset:this.offset,indent:this.indent,start:this.sourceToken,items:[],end:[]};case"seq-item-ind":return{type:"block-seq",offset:this.offset,indent:this.indent,items:[{start:[this.sourceToken]}]};case"explicit-key-ind":{this.onKeyLine=!0;let r=SQ(e),n=Td(r);return n.push(this.sourceToken),{type:"block-map",offset:this.offset,indent:this.indent,items:[{start:n,explicitKey:!0}]}}case"map-value-ind":{this.onKeyLine=!0;let r=SQ(e),n=Td(r);return{type:"block-map",offset:this.offset,indent:this.indent,items:[{start:n,key:null,sep:[this.sourceToken]}]}}}return null}atIndentedComment(e,r){return this.type!=="comment"||this.indent<=r?!1:e.every(n=>n.type==="newline"||n.type==="space")}*documentEnd(e){this.type!=="doc-mode"&&(e.end?e.end.push(this.sourceToken):e.end=[this.sourceToken],this.type==="newline"&&(yield*this.pop()))}*lineEnd(e){switch(this.type){case"comma":case"doc-start":case"doc-end":case"flow-seq-end":case"flow-map-end":case"map-value-ind":yield*this.pop(),yield*this.step();break;case"newline":this.onKeyLine=!1;default:e.end?e.end.push(this.sourceToken):e.end=[this.sourceToken],this.type==="newline"&&(yield*this.pop())}}};F8.Parser=uP});var z8=h(Im=>{"use strict";var U8=Xk(),yPe=dm(),Cm=gm(),EPe=$D(),CPe=He(),IPe=lP(),q8=dP();function H8(t){let e=t.prettyErrors!==!1;return{lineCounter:t.lineCounter||e&&new IPe.LineCounter||null,prettyErrors:e}}function BPe(t,e={}){let{lineCounter:r,prettyErrors:n}=H8(e),i=new q8.Parser(r?.addNewLine),s=new U8.Composer(e),o=Array.from(s.compose(i.parse(t)));if(n&&r)for(let a of o)a.errors.forEach(Cm.prettifyError(t,r)),a.warnings.forEach(Cm.prettifyError(t,r));return o.length>0?o:Object.assign([],{empty:!0},s.streamInfo())}function j8(t,e={}){let{lineCounter:r,prettyErrors:n}=H8(e),i=new q8.Parser(r?.addNewLine),s=new U8.Composer(e),o=null;for(let a of s.compose(i.parse(t),!0,t.length))if(!o)o=a;else if(o.options.logLevel!=="silent"){o.errors.push(new Cm.YAMLParseError(a.range.slice(0,2),"MULTIPLE_DOCS","Source contains multiple documents; please use YAML.parseAllDocuments()"));break}return n&&r&&(o.errors.forEach(Cm.prettifyError(t,r)),o.warnings.forEach(Cm.prettifyError(t,r))),o}function QPe(t,e,r){let n;typeof e=="function"?n=e:r===void 0&&e&&typeof e=="object"&&(r=e);let i=j8(t,r);if(!i)return null;if(i.warnings.forEach(s=>EPe.warn(i.options.logLevel,s)),i.errors.length>0){if(i.options.logLevel!=="silent")throw i.errors[0];i.errors=[]}return i.toJS(Object.assign({reviver:n},r))}function bPe(t,e,r){let n=null;if(typeof e=="function"||Array.isArray(e)?n=e:r===void 0&&e&&(r=e),typeof r=="string"&&(r=r.length),typeof r=="number"){let i=Math.round(r);r=i<1?void 0:i>8?{indent:8}:{indent:i}}if(t===void 0){let{keepUndefined:i}=r??e??{};if(!i)return}return CPe.isDocument(t)&&!n?t.toString(r):new yPe.Document(t,n,r).toString(r)}Im.parse=QPe;Im.parseAllDocuments=BPe;Im.parseDocument=j8;Im.stringify=bPe});var hP=h(tt=>{"use strict";var NPe=Xk(),wPe=dm(),SPe=Dk(),fP=gm(),xPe=Wg(),La=He(),RPe=ka(),vPe=sr(),_Pe=Ta(),DPe=Oa(),kPe=NQ(),PPe=AP(),TPe=lP(),OPe=dP(),xQ=z8(),G8=Gg();tt.Composer=NPe.Composer;tt.Document=wPe.Document;tt.Schema=SPe.Schema;tt.YAMLError=fP.YAMLError;tt.YAMLParseError=fP.YAMLParseError;tt.YAMLWarning=fP.YAMLWarning;tt.Alias=xPe.Alias;tt.isAlias=La.isAlias;tt.isCollection=La.isCollection;tt.isDocument=La.isDocument;tt.isMap=La.isMap;tt.isNode=La.isNode;tt.isPair=La.isPair;tt.isScalar=La.isScalar;tt.isSeq=La.isSeq;tt.Pair=RPe.Pair;tt.Scalar=vPe.Scalar;tt.YAMLMap=_Pe.YAMLMap;tt.YAMLSeq=DPe.YAMLSeq;tt.CST=kPe;tt.Lexer=PPe.Lexer;tt.LineCounter=TPe.LineCounter;tt.Parser=OPe.Parser;tt.parse=xQ.parse;tt.parseAllDocuments=xQ.parseAllDocuments;tt.parseDocument=xQ.
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								exec ${t} "$@"
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`}function cX(t){return`@ECHO off\r
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								${t} %*\r
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`}function lX(t){return`#!/usr/bin/env pwsh
-												fix: point pn to pnpm binary directly, not to @pnpm/exe/pn

pnpm self-update only replaces the pnpm binary — it does not update
other files in the @pnpm/exe package (setup.js, pn, pnpx, pnx all
remain from the v10 bootstrap). So @pnpm/exe/pn may not exist at all.

Instead of relying on @pnpm/exe/pn, create the aliases directly:
- pn → symlink to the pnpm binary
- pnpx/pnx → shell scripts that exec "pnpm dlx"

Also remove the setup.js call after self-update since it's no longer
needed and would run the v10 version which doesn't know about pn.

											
										
										
											2026-03-26 18:58:55 +01:00
+								${t} @args
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								`}async function KTe(t,e){try{await(0,ss.unlink)(e)}catch{}await(0,ss.symlink)(t,e)}async function XTe(t,e,r){try{await(0,ss.unlink)(t)}catch{}await(0,ss.writeFile)(t,e,{mode:r})}function ZTe(t,e){let r=e?is.default.join("..","@pnpm","exe","pnpm"):is.default.join("..","pnpm","bin","pnpm.cjs");if((0,QP.existsSync)(is.default.resolve(t,r)))return r;if((0,QP.existsSync)(is.default.join(t,"pnpm")))return"pnpm"}async function bP(t,e,r=process.platform){let n=r==="win32",i=ZTe(t,e);if(i)if(n){await(0,ss.writeFile)(is.default.join(t,"pn.cmd"),cX(`"%~dp0\\${i}"`)),await(0,ss.writeFile)(is.default.join(t,"pn.ps1"),lX(`& "$PSScriptRoot\\${i}"`));for(let s of["pnpx","pnx"])await(0,ss.writeFile)(is.default.join(t,`${s}.cmd`),cX(`"%~dp0\\${i}" dlx`)),await(0,ss.writeFile)(is.default.join(t,`${s}.ps1`),lX(`& "$PSScriptRoot\\${i}" dlx`))}else{await KTe(i,is.default.join(t,"pn"));for(let s of["pnpx","pnx"]){let o=`"$(dirname "$0")/${i}"`;await XTe(is.default.join(t,s),$Te(`${o} dlx`),493)}}}var eOe=JSON.stringify({private:!0,dependencies:{pnpm:IP.packages["node_modules/pnpm"].version}}),tOe=JSON.stringify({private:!0,dependencies:{"@pnpm/exe":BP.packages["node_modules/@pnpm/exe"].version}});async function rOe(t){let{version:e,dest:r,packageJsonFile:n,standalone:i}=t;await(0,qs.rm)(r,{recursive:!0,force:!0}),await(0,qs.mkdir)(r,{recursive:!0});let s=i?BP:IP,o=i?tOe:eOe;await(0,qs.writeFile)(Oi.default.join(r,"package.json"),o),await(0,qs.writeFile)(Oi.default.join(r,"package-lock.json"),JSON.stringify(s));let a=await uX("npm",["ci"],{cwd:r});if(a!==0)return a;let A=Oi.default.join(r,"node_modules",".bin");(0,Sm.addPath)(A),(0,Sm.addPath)(Oi.default.join(A,"bin")),(0,Sm.exportVariable)("PNPM_HOME",A);let c=Oi.default.join(A,"pnpm");if(!(0,xm.existsSync)(c)){await(0,qs.mkdir)(A,{recursive:!0});let f=i?Oi.default.join("..","@pnpm","exe","pnpm"):Oi.default.join("..","pnpm","bin","pnpm.cjs");await(0,qs.symlink)(f,c)}let l=i?Oi.default.join(r,"node_modules","@pnpm","exe","pnpm"):Oi.default.join(r,"node_modules","pnpm","bin","pnpm.cjs"),u=nOe({version:e,packageJsonFile:n});if(u){let f=i?l:process.execPath,m=await uX(f,i?["self-update",u]:[l,"self-update",u],{cwd:r});if(m!==0)return m}await bP(A,i);let d=Oi.default.join(A,"bin");return(0,xm.existsSync)(d)&&await bP(d,i),0}function nOe(t){let{version:e,packageJsonFile:r}=t,{GITHUB_WORKSPACE:n}=process.env,i;if(n)try{let s=(0,xm.readFileSync)(Oi.default.join(n,r),"utf8");({packageManager:i}=r.endsWith(".yaml")?(0,hX.parse)(s,{merge:!0}):JSON.parse(s))}catch(s){if(!fX.default.types.isNativeError(s)||!("code"in s)||s.code!=="ENOENT")throw s}if(e){if(typeof i=="string"&&i.startsWith("pnpm@")&&i.replace("pnpm@","")!==e)throw new Error(`Multiple versions of pnpm specified:
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								  - version ${e} in the GitHub Action config with the key "version"
 								  - version ${i} in the package.json with the key "packageManager"
-												fix: extract pnpm version from packageManager field instead of returning undefined (#216)

When packageManager is set to e.g. "pnpm@9.1.0+sha...", strip the
"pnpm@" prefix and any "+sha..." hash suffix so the action installs
the correct version. Previously returning undefined caused failures
on Windows.
											
										
										
											2026-03-25 13:59:54 +01:00
+								Remove one of these versions to avoid version mismatch errors like ERR_PNPM_BAD_PM_VERSION`);return e}if(typeof i=="string"&&i.startsWith("pnpm@"))return i.replace("pnpm@","").replace(/\+.*$/,"");throw n?new Error(`No pnpm version is specified.
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								Please specify it by one of the following ways:
 								  - in the GitHub Action config with the key "version"
 								  - in the package.json with the key "packageManager"`):new Error(`No workspace is found.
 								If you've intended to let pnpm/action-setup read preferred pnpm version from the "packageManager" field in the package.json file,
 								please run the actions/checkout before pnpm/action-setup.
-												fix: fall back to pnpm shim in same directory for self-update bin/

ensureAliasLinks had a hardcoded relative path to @pnpm/exe/pnpm which
only works from node_modules/.bin/. In self-update's bin/ directory
($PNPM_HOME/bin/), that path doesn't resolve. Now falls back to using
the pnpm shim in the same directory when the package path doesn't exist.

											
										
										
											2026-03-26 20:24:03 +01:00
+								Otherwise, please specify the pnpm version in the action configuration.`)}function uX(t,e,r){return new Promise((n,i)=>{let s=(0,dX.spawn)(t,e,{cwd:r.cwd,stdio:["pipe","inherit","inherit"],shell:process.platform==="win32"});s.on("error",i),s.on("close",n)})}var gX=rOe;async function iOe(t){(0,Yd.startGroup)("Running self-installer...");let e=await gX(t);if((0,Yd.endGroup)(),e)return(0,Yd.setFailed)(`Something went wrong, self-installer exits with code ${e}`)}var mX=iOe;var vm=gt(at());var Rm=gt(require("path")),NP=gt(require("process")),TQ=t=>Rm.default.join(t.dest,"node_modules",".bin"),OQ=t=>({...NP.default.env,PATH:Rm.default.join(TQ(t),"bin")+Rm.default.delimiter+TQ(t)+Rm.default.delimiter+NP.default.env.PATH});function sOe(t){let e=TQ(t);(0,vm.addPath)(e),(0,vm.setOutput)("dest",t.dest),(0,vm.setOutput)("bin_dest",e)}var pX=sOe;var fc=gt(at()),yX=require("child_process");function oOe(t){let e=OQ(t);for(let r of t.runInstall){let n=["install"];r.recursive&&n.unshift("recursive"),r.args&&n.push(...r.args);let i=["pnpm",...n].join(" ");(0,fc.startGroup)(`Running ${i}...`);let{error:s,status:o}=(0,yX.spawnSync)("pnpm",n,{stdio:"inherit",cwd:r.cwd,shell:!0,env:e});if((0,fc.endGroup)(),s){(0,fc.setFailed)(s);continue}if(o){(0,fc.setFailed)(`Command ${i} (cwd: ${r.cwd}) exits with status ${o}`);continue}}}var EX=oOe;var hc=gt(at()),CX=require("child_process");function aOe(t){if(t.runInstall.length===0){console.log("Pruning is unnecessary.");return}(0,hc.startGroup)("Running pnpm store prune...");let{error:e,status:r}=(0,CX.spawnSync)("pnpm",["store","prune"],{stdio:"inherit",shell:!0,env:OQ(t)});if((0,hc.endGroup)(),e){(0,hc.warning)(e);return}if(r){(0,hc.warning)(`command pnpm store prune exits with code ${r}`);return}}var IX=aOe;async function AOe(){let t=AX();(0,Jd.getState)("is_post")==="true"?await lOe(t):await cOe(t)}async function cOe(t){(0,Jd.saveState)("is_post","true"),await mX(t),console.log("Installation Completed!"),pX(t),await z$(t),EX(t)}async function lOe(t){IX(t),await V$(t)}AOe().catch(t=>{console.error(t),(0,Jd.setFailed)(t)});
-												feat!: replace bundled pnpm binary with npm + lockfile bootstrap (#212)

* feat!: replace bundled pnpm binary with npm + lockfile bootstrap

Remove the 9MB bundled pnpm.cjs/worker.js and instead use npm ci with
committed package-lock.json files (~5KB) to install a bootstrap pnpm,
which then installs the target version with integrity verification via
the project's pnpm-lock.yaml.

Also switch from ncc to esbuild and modernize to ESM.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bundle as CJS to support @actions/* packages

The @actions/* packages use CJS require() for Node.js builtins,
which fails with "Dynamic require of 'os' is not supported" when
bundled as ESM. Switch esbuild output to CJS format.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove "type": "module" from package.json

Node.js treats dist/index.js as ESM due to "type": "module",
but the bundle uses CJS require() calls. Remove the field so
Node.js defaults to CJS for .js files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove packageManager field and fix Windows npm spawn

- Remove packageManager from package.json to avoid version conflict
  when the action tests against itself (uses: ./)
- Use shell: true on Windows so spawn can find npm.cmd

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: always use pnpm (not @pnpm/exe) for bootstrap and update lockfile

The bootstrap only needs regular pnpm to install the target package.
@pnpm/exe requires install scripts which we skip with --ignore-scripts.
Also regenerate pnpm-lock.yaml to match current package.json.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use --no-lockfile for target install

--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: run bootstrap pnpm via node instead of bin shim

Use `node .../pnpm/bin/pnpm.cjs` to run the bootstrap pnpm, matching
the approach used by the old bundled pnpm.cjs. This avoids issues with
the .bin symlink on different platforms.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use pnpm self-update instead of installing target separately

- Bootstrap pnpm via npm ci (verified by lockfile)
- Use `pnpm self-update <version>` for explicit version
- Let pnpm handle packageManager field automatically
- Remove standalone/exe-specific install logic (pnpm handles this)
- Update tests to not run pnpm install against the action repo itself

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: support standalone mode with @pnpm/exe bootstrap

- When standalone=true, bootstrap with @pnpm/exe via npm ci
- When standalone=false, bootstrap with pnpm via npm ci
- Both use pnpm self-update to reach the target version
- Remove --ignore-scripts from npm ci so @pnpm/exe install scripts run
- Add standalone test back to CI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* debug: add logging to diagnose pnpm not found on PATH

Log .bin directory contents after npm ci to understand why
pnpm binary is not found in subsequent CI steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ensure pnpm bin link exists after npm ci

npm ci sometimes doesn't create the .bin/pnpm symlink for
@pnpm/exe (observed on Linux CI). Manually create the symlink
if it's missing after npm ci completes.

This fixes the case where standalone=true with no explicit version
(relying on packageManager field) — pnpm self-update wouldn't run,
leaving .bin empty and pnpm not found on PATH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add PNPM_HOME/bin to PATH for pnpm v11

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: add packages field to pnpm-workspace.yaml

pnpm v9 requires the packages field in pnpm-workspace.yaml.
Without it, `pnpm --version` fails with "packages field missing or empty".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix pnpm-workspace.yaml

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
											
										
										
											2026-03-21 14:02:31 +01:00
+								/*! Bundled license information:
 								undici/lib/fetch/body.js:
 								  (*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> *)
 								undici/lib/websocket/frame.js:
 								  (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
 								expand-tilde/index.js:
 								  (*!
 								   * expand-tilde <https://github.com/jonschlinkert/expand-tilde>
 								   *
 								   * Copyright (c) 2015 Jon Schlinkert.
 								   * Licensed under the MIT license.
 								   *)
 								*/