Migrate action to Typescript (#36)

* Make function for executing script * Migrate auth validation * Migrate load secret functionality We make use of the following in the migration: - `op-js` package (make direct calls to the CLI and nicely get the output of the commands) - `core.exportVariable` to nicely export a secret as an environment variable - `core.setOutput` to nicely export a secret a the step’s output. - `core.setSecret` to mask the value of the secret if logged on the action’s output. Note: `core.exportVariable` and `core.setOutput` work with multiline secrets without any additional work on our side. Also, we export the temporary path where the CLI is installed to make sure the `op-js` package can find it. * Fix CLI installation process * Fix conditional of appending protocol Fix conditional of appending `http://` to the Connect host. * Update CLI version and improve script * Use core.addPath This is a safer and nicer way to ensure the path to the CLI is included later in the pipeline (including this GitHub action). * Use version from package.json This eliminates the duplication of version in the code * Upgrade to Typescript 5 * Prettify test.yml * Move constants to constants.ts This shows better what constants we use and they will be later used in both code and tests. * Move 'validateAuth' to 'utils.ts' * Add validate auth tests * Extract functionality for extracting a secret This will enable us to easily test the functionality of the action regarding the extraction of secret and how it provides it to the rest of the pipeline based on user's input * Add tests for extracting secret * Move 'unsetPrevious' to 'utils.ts' * Add unit test pipeline * Add tests for 'unsetPrevious' * Improve disabling eslint rules Disable the ES Lint rules only for the next line and add a comment explaining why it’s disabled. * Improve code based on PR review feedback This contains code improvements that were easy to address based on PR review feedback. * Improve CLI installation functionality Two key elements are improved: - The action will now automatically fetch the latest stable version of the CLI. There’s no longer the need to hardcode the version and manually update it. - The action will now perform a check if the CLI exists in the pipeline and install it if it’s not available. * Simplify extractSecret functionality Eliminate the nested conditionals to have a cleaner and more readable code. * Fix CLI version The curl would return the version number, but we forgot to append the `v` in the version (i.e. from 2.18.0 to v2.18.0). Now it should be fixed. * Move loadSecrets function to utils.ts This is done to keep things modular and narrow down the scope and complexity of index.ts. `installCLI` will be kept in `index.ts` for the following reasons: - Moving it to utils brings complications (`import.meta.url` doesn’t work) - This code will be removed once the action will make use of the separate install CLI action * Simplify code related to mocking * Use semverToInt from op-js Version `0.1.9` of the `op-js` exports function `semverToInt`, therefore we no longer need to duplicate it in our code. * Improve CLI installation script - Add architectures for Linux runners. Fail if the architecture is not supported. - Fail if the runner’s operating system is not supported. * Change from debug messages to info In pre-TS GitHub Action, we’d print some messages to the output as info (e.g. authenticated as, populating variable, unsetting previous values). Therefore, we apply the same principle here since there’s useful info. * use toHaveBeenCalled consistently in tests `toBeCalled` is an alias for `toHaveBeenCalled` and `toBeCalledWith` is an alias for `toHaveBeenCalledWith`. For consistency, we will use `toHaveBeenCalled` and `toHaveBeenCalledWith` consistently across our tests. * Add warning if both configs are provided 1Password CLI will prioritize Connect config (with `OP_CONNECT_HOST` and `OP_CONNECT_TOKEN`) over service account one (with `OP_SERVICE_ACCOUNT_TOKEN`). This shouldn’t happen, therefore we print a warning to the user if both are provided. * Add comment about cli validation process The code itself seems a bit confusing, therefore we add a comment explaining how it works. * test: assertions for loadSecrets function * Improve loadSecrets function Return early if no env vars with valid secret references are found * Update dependencies * Upgrade action to use Node20 --------- Co-authored-by: Dustin Ruetz <dustin.ruetz@agilebits.com>
2024-02-21 17:38:38 +01:00
parent b575844081
commit 2792fede48
13 changed files with 4097 additions and 623 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -2,6 +2,16 @@ on: push
 name: Run acceptance tests

 jobs:
+  unit-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+      - run: npm ci
+      - run: npm test
+
  test-with-output-secrets:
    strategy:
      matrix:
--- a/action.yml
+++ b/action.yml
@@ -12,5 +12,5 @@ inputs:
    description: Export the secrets as environment variables
    default: "true"
 runs:
-  using: "node16"
+  using: "node20"
  main: "dist/index.js"
--- a/config/jest.config.js
+++ b/config/jest.config.js
@@ -11,7 +11,16 @@ const jestConfig = {
 	testEnvironment: "node",
 	testRegex: "(/__tests__/.*|(\\.|/)test)\\.ts",
 	transform: {
-		".ts": ["ts-jest"],
+		".ts": [
+			"ts-jest",
+			{
+				// Note: We shouldn't need to include `isolatedModules` here because it's a deprecated config option in TS 5,
+				// but setting it to `true` fixes the `ESM syntax is not allowed in a CommonJS module when
+				// 'verbatimModuleSyntax' is enabled` error that we're seeing when running our Jest tests.
+				isolatedModules: true,
+				useESM: true,
+			},
+		],
 	},
 	verbose: true,
 };
--- a/dist/index.js
+++ b/dist/index.js
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,172 +0,0 @@
-#!/bin/bash
-# shellcheck disable=SC2046,SC2001,SC2086
-set -e
-
-# Pass User-Agent Inforomation to the 1Password CLI
-export OP_INTEGRATION_NAME="1Password GitHub Action"
-export OP_INTEGRATION_ID="GHA"
-export OP_INTEGRATION_BUILDNUMBER="1010001"
-
-readonly CONNECT="CONNECT"
-readonly SERVICE_ACCOUNT="SERVICE_ACCOUNT"
-
-auth_type=$CONNECT
-managed_variables_var="OP_MANAGED_VARIABLES"
-IFS=','
-
-if [[ "$OP_CONNECT_HOST" != "http://"* ]] && [[ "$OP_CONNECT_HOST" != "https://"* ]]; then
-  export OP_CONNECT_HOST="http://"$OP_CONNECT_HOST
-fi
-
-# Unset all secrets managed by 1Password if `unset-previous` is set.
-unset_prev_secrets() {
-  if [ "$INPUT_UNSET_PREVIOUS" == "true" ]; then
-    echo "Unsetting previous values..."
-
-    # Find environment variables that are managed by 1Password.
-    for env_var in "${managed_variables[@]}"; do
-      echo "Unsetting $env_var"
-      unset $env_var
-
-      echo "$env_var=" >> $GITHUB_ENV
-
-      # Keep the masks, just in case.
-    done
-
-    managed_variables=()
-  fi
-}
-
-# Install op-cli
-install_op_cli() {
-  # Create a temporary directory where the CLI is installed
-  OP_INSTALL_DIR="$(mktemp -d)"
-  if [[ ! -d "$OP_INSTALL_DIR" ]]; then
-    echo "Install dir $OP_INSTALL_DIR not found"
-    exit 1
-  fi
-  export OP_INSTALL_DIR
-  echo "::debug::OP_INSTALL_DIR: ${OP_INSTALL_DIR}"
-
-  # Get the latest stable version of the CLI
-  OP_CLI_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"
-
-  if [[ "$OSTYPE" == "linux-gnu"* ]]; then
-    # Get runner's architecture
-    ARCH=$(uname -m)
-    if [[ "$(getconf LONG_BIT)" = 32 ]]; then
-      ARCH="386"
-    elif [[ "$ARCH" == "x86_64" ]]; then
-      ARCH="amd64"
-    elif [[ "$ARCH" == "aarch64" ]]; then
-      ARCH="arm64"
-    fi
-
-    if [[ "$ARCH" != "386" ]] && [[ "$ARCH" != "amd64" ]] && [[ "$ARCH" != "arm" ]] && [[ "$ARCH" != "arm64" ]]; then
-      echo "Unsupported architecture for the 1Password CLI: $ARCH."
-      exit 1
-    fi
-
-    curl -sSfLo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/${OP_CLI_VERSION}/op_linux_${ARCH}_${OP_CLI_VERSION}.zip"
-    unzip -od "$OP_INSTALL_DIR" op.zip && rm op.zip
-  elif [[ "$OSTYPE" == "darwin"* ]]; then
-    curl -sSfLo op.pkg "https://cache.agilebits.com/dist/1P/op2/pkg/${OP_CLI_VERSION}/op_apple_universal_${OP_CLI_VERSION}.pkg"
-    pkgutil --expand op.pkg temp-pkg
-    tar -xvf temp-pkg/op.pkg/Payload -C "$OP_INSTALL_DIR"
-    rm -rf temp-pkg && rm op.pkg
-  else
-    echo "Operating system not supported yet for this GitHub Action: $OSTYPE."
-    exit 1
-  fi
-}
-
-# Uninstall op-cli
-uninstall_op_cli() {
-  if [[ -d "$OP_INSTALL_DIR" ]]; then
-    rm -fr "$OP_INSTALL_DIR"
-  fi
-}
-
-populating_secret() {
-  ref=$(printenv $1)
-
-  echo "Populating variable: $1"
-  secret_value=$("${OP_INSTALL_DIR}/op" read "$ref")
-
-  if [ -z "$secret_value" ]; then
-    echo "Could not find or access secret $ref"
-    exit 1
-  fi
-
-  # Register a mask for the secret to prevent accidental log exposure.
-  # To support multiline secrets, escape percent signs and add a mask per line.
-  escaped_mask_value=$(echo "$secret_value" | sed -e 's/%/%25/g')
-  IFS=$'\n'
-  for line in $escaped_mask_value; do
-    if [ "${#line}" -lt 3 ]; then
-      # To avoid false positives and unreadable logs, omit mask for lines that are too short.
-      continue
-    fi
-    echo "::add-mask::$line"
-  done
-  unset IFS
-
-  # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
-  # As the heredoc identifier, we'll use a randomly generated 64-character string,
-  # so that collisions are practically impossible.
-  # Read more: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
-  delimiter="$(openssl rand -hex 32)"
-
-  if [ "$INPUT_EXPORT_ENV" == "true" ]; then
-    {
-      # Populate env var, using heredoc syntax with generated identifier
-      echo "$env_var<<${delimiter}"
-      echo "$secret_value"
-      echo "${delimiter}"
-    } >> $GITHUB_ENV
-    echo "GITHUB_ENV: $(cat $GITHUB_ENV)"
-
-  else
-    {
-      # Populate env var, using heredoc syntax with generated identifier
-      echo "$env_var<<${delimiter}"
-      echo "$secret_value"
-      echo "${delimiter}"
-    } >> $GITHUB_OUTPUT
-  fi
-
-  managed_variables+=("$env_var")
-}
-
-# Load environment variables using op cli. Iterate over them to find 1Password references, load the secret values,
-# and make them available as environment variables in the next steps.
-extract_secrets() {
-  IFS=$'\n'
-  for env_var in $("${OP_INSTALL_DIR}/op" env ls); do
-    populating_secret $env_var
-  done
-}
-
-read -r -a managed_variables <<< "$(printenv $managed_variables_var)"
-
-if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then
-  if [ -z "$OP_SERVICE_ACCOUNT_TOKEN" ]; then
-    echo "(\$OP_CONNECT_TOKEN and \$OP_CONNECT_HOST) or \$OP_SERVICE_ACCOUNT_TOKEN must be set"
-    exit 1
-  fi
-
-  auth_type=$SERVICE_ACCOUNT
-fi
-
-printf "Authenticated with %s \n" $auth_type
-
-unset_prev_secrets
-install_op_cli
-extract_secrets
-uninstall_op_cli
-
-unset IFS
-# Add extra env var that lists which secrets are managed by 1Password so that in a later step
-# these can be unset again.
-managed_variables_str=$(IFS=','; echo "${managed_variables[*]}")
-echo "$managed_variables_var=$managed_variables_str" >> $GITHUB_ENV
--- a/install_cli.sh
+++ b/install_cli.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+set -e
+
+# Install op-cli
+install_op_cli() {
+  # Create a temporary directory where the CLI is installed
+  OP_INSTALL_DIR="$(mktemp -d)"
+  if [[ ! -d "$OP_INSTALL_DIR" ]]; then
+    echo "Install dir $OP_INSTALL_DIR not found"
+    exit 1
+  fi
+  echo "::debug::OP_INSTALL_DIR: ${OP_INSTALL_DIR}"
+
+  # Get the latest stable version of the CLI
+  CLI_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"
+
+  if [[ "$OSTYPE" == "linux-gnu"* ]]; then
+    # Get runner's architecture
+    ARCH=$(uname -m)
+    if [[ "$(getconf LONG_BIT)" = 32 ]]; then
+      ARCH="386"
+    elif [[ "$ARCH" == "x86_64" ]]; then
+      ARCH="amd64"
+    elif [[ "$ARCH" == "aarch64" ]]; then
+      ARCH="arm64"
+    fi
+
+    if [[ "$ARCH" != "386" ]] && [[ "$ARCH" != "amd64" ]] && [[ "$ARCH" != "arm" ]] && [[ "$ARCH" != "arm64" ]]; then
+      echo "Unsupported architecture for the 1Password CLI: $ARCH."
+      exit 1
+    fi
+
+    curl -sSfLo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/${CLI_VERSION}/op_linux_${ARCH}_${CLI_VERSION}.zip"
+    unzip -od "$OP_INSTALL_DIR" op.zip && rm op.zip
+  elif [[ "$OSTYPE" == "darwin"* ]]; then
+    curl -sSfLo op.pkg "https://cache.agilebits.com/dist/1P/op2/pkg/${CLI_VERSION}/op_apple_universal_${CLI_VERSION}.pkg"
+    pkgutil --expand op.pkg temp-pkg
+    tar -xvf temp-pkg/op.pkg/Payload -C "$OP_INSTALL_DIR"
+    rm -rf temp-pkg && rm op.pkg
+  else
+    echo "Operating system not supported yet for this GitHub Action: $OSTYPE."
+    exit 1
+  fi
+}
+
+install_op_cli
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,19 +9,20 @@
 			"version": "1.2.0",
 			"license": "MIT",
 			"dependencies": {
+				"@1password/op-js": "^0.1.11",
 				"@actions/core": "^1.10.1",
 				"@actions/exec": "^1.1.1"
 			},
 			"devDependencies": {
 				"@1password/front-end-style": "^6.0.1",
-				"@types/jest": "^29.5.6",
-				"@types/node": "^18.18.6",
-				"@vercel/ncc": "^0.36.1",
-				"husky": "^8.0.3",
+				"@types/jest": "^29.5.12",
+				"@types/node": "^20.11.19",
+				"@vercel/ncc": "^0.38.1",
+				"husky": "^9.0.11",
 				"jest": "^29.7.0",
-				"lint-staged": "^13.3.0",
-				"ts-jest": "^29.1.1",
-				"typescript": "^4.9.5"
+				"lint-staged": "^15.2.2",
+				"ts-jest": "^29.1.2",
+				"typescript": "^5.3.3"
 			}
 		},
 		"node_modules/@1password/front-end-style": {
@@ -57,6 +58,15 @@
 				"typescript": ">=4.0.3"
 			}
 		},
+		"node_modules/@1password/op-js": {
+			"version": "0.1.11",
+			"resolved": "https://registry.npmjs.org/@1password/op-js/-/op-js-0.1.11.tgz",
+			"integrity": "sha512-ZT4B3zYfYz7tz3fol+qAhWYgheUzG9i9OoJq4UcXsKL/8bxtwyt+IrcRcRd3wsyo+MgnsMXQMPOzqYDUNW+S2Q==",
+			"dependencies": {
+				"lookpath": "^1.2.2",
+				"semver": "^7.3.6"
+			}
+		},
 		"node_modules/@aashutoshrathi/word-wrap": {
 			"version": "1.2.6",
 			"resolved": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz",
@@ -1581,9 +1591,9 @@
 			}
 		},
 		"node_modules/@types/jest": {
-			"version": "29.5.6",
-			"resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.6.tgz",
-			"integrity": "sha512-/t9NnzkOpXb4Nfvg17ieHE6EeSjDS2SGSpNYfoLbUAeL/EOueU/RSdOWFpfQTXBEM7BguYW1XQ0EbM+6RlIh6w==",
+			"version": "29.5.12",
+			"resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz",
+			"integrity": "sha512-eDC8bTvT/QhYdxJAulQikueigY5AsdBRH2yDKW3yveW7svY3+DzN84/2NUgkw10RTiJbWqZrTtoGVdYlvFJdLw==",
 			"dev": true,
 			"dependencies": {
 				"expect": "^29.0.0",
@@ -1609,10 +1619,13 @@
 			"dev": true
 		},
 		"node_modules/@types/node": {
-			"version": "18.18.6",
-			"resolved": "https://registry.npmjs.org/@types/node/-/node-18.18.6.tgz",
-			"integrity": "sha512-wf3Vz+jCmOQ2HV1YUJuCWdL64adYxumkrxtc+H1VUQlnQI04+5HtH+qZCOE21lBE7gIrt+CwX2Wv8Acrw5Ak6w==",
-			"dev": true
+			"version": "20.11.19",
+			"resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.19.tgz",
+			"integrity": "sha512-7xMnVEcZFu0DikYjWOlRq7NTPETrm7teqUT2WkQjrTIkEgUyyGdWsj/Zg8bEJt5TNklzbPD1X3fqfsHw3SpapQ==",
+			"dev": true,
+			"dependencies": {
+				"undici-types": "~5.26.4"
+			}
 		},
 		"node_modules/@types/normalize-package-data": {
 			"version": "2.4.3",
@@ -1939,9 +1952,9 @@
 			}
 		},
 		"node_modules/@vercel/ncc": {
-			"version": "0.36.1",
-			"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.36.1.tgz",
-			"integrity": "sha512-S4cL7Taa9yb5qbv+6wLgiKVZ03Qfkc4jGRuiUQMQ8HGBD5pcNRnHeYM33zBvJE4/zJGjJJ8GScB+WmTsn9mORw==",
+			"version": "0.38.1",
+			"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.1.tgz",
+			"integrity": "sha512-IBBb+iI2NLu4VQn3Vwldyi2QwaXt5+hTyh58ggAMoCGE6DJmPvwL3KPBWcJl1m9LYPChBLE980Jw+CS4Wokqxw==",
 			"dev": true,
 			"bin": {
 				"ncc": "dist/ncc/cli.js"
@@ -2581,16 +2594,16 @@
 			}
 		},
 		"node_modules/cli-truncate": {
-			"version": "3.1.0",
-			"resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-3.1.0.tgz",
-			"integrity": "sha512-wfOBkjXteqSnI59oPcJkcPl/ZmwvMMOj340qUIY1SKZCv0B9Cf4D4fAucRkIKQmsIuYK3x1rrgU7MeGRruiuiA==",
+			"version": "4.0.0",
+			"resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-4.0.0.tgz",
+			"integrity": "sha512-nPdaFdQ0h/GEigbPClz11D0v/ZJEwxmeVZGeMo3Z5StPtUTkA9o1lD6QwoirYiSDzbcwn2XcjwmCp68W1IS4TA==",
 			"dev": true,
 			"dependencies": {
 				"slice-ansi": "^5.0.0",
-				"string-width": "^5.0.0"
+				"string-width": "^7.0.0"
 			},
 			"engines": {
-				"node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+				"node": ">=18"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/sindresorhus"
@@ -2703,9 +2716,9 @@
 			"dev": true
 		},
 		"node_modules/commander": {
-			"version": "11.0.0",
-			"resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz",
-			"integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==",
+			"version": "11.1.0",
+			"resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz",
+			"integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==",
 			"dev": true,
 			"engines": {
 				"node": ">=16"
@@ -2966,12 +2979,6 @@
 				"node": ">=6.0.0"
 			}
 		},
-		"node_modules/eastasianwidth": {
-			"version": "0.2.0",
-			"resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
-			"integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==",
-			"dev": true
-		},
 		"node_modules/electron-to-chromium": {
 			"version": "1.4.565",
 			"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.565.tgz",
@@ -2991,9 +2998,9 @@
 			}
 		},
 		"node_modules/emoji-regex": {
-			"version": "9.2.2",
-			"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
-			"integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
+			"version": "10.3.0",
+			"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.3.0.tgz",
+			"integrity": "sha512-QpLs9D9v9kArv4lfDEgg1X/gN5XLnf/A6l9cs8SPZLRZR3ZkY9+kwIQTxm+fsSej5UMYGE8fdoaZVIBlqG0XTw==",
 			"dev": true
 		},
 		"node_modules/enquirer": {
@@ -3983,6 +3990,18 @@
 				"node": "6.* || 8.* || >= 10.*"
 			}
 		},
+		"node_modules/get-east-asian-width": {
+			"version": "1.2.0",
+			"resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.2.0.tgz",
+			"integrity": "sha512-2nk+7SIVb14QrgXFHcm84tD4bKQz0RxPuMT8Ag5KPOq7J5fEmAg0UbXdTOSHqNuHSU28k55qnceesxXRZGzKWA==",
+			"dev": true,
+			"engines": {
+				"node": ">=18"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/sindresorhus"
+			}
+		},
 		"node_modules/get-intrinsic": {
 			"version": "1.2.2",
 			"resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz",
@@ -4312,15 +4331,15 @@
 			}
 		},
 		"node_modules/husky": {
-			"version": "8.0.3",
-			"resolved": "https://registry.npmjs.org/husky/-/husky-8.0.3.tgz",
-			"integrity": "sha512-+dQSyqPh4x1hlO1swXBiNb2HzTDN1I2IGLQx1GrBuiqFJfoMrnZWwVmatvSiO+Iz8fBUnf+lekwNo4c2LlXItg==",
+			"version": "9.0.11",
+			"resolved": "https://registry.npmjs.org/husky/-/husky-9.0.11.tgz",
+			"integrity": "sha512-AB6lFlbwwyIqMdHYhwPe+kjOC3Oc5P3nThEoW/AaO2BX3vJDjWPFxYLxokUZOo6RNX20He3AaT8sESs9NJcmEw==",
 			"dev": true,
 			"bin": {
-				"husky": "lib/bin.js"
+				"husky": "bin.mjs"
 			},
 			"engines": {
-				"node": ">=14"
+				"node": ">=18"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/typicode"
@@ -5717,12 +5736,12 @@
 			}
 		},
 		"node_modules/lilconfig": {
-			"version": "2.1.0",
-			"resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz",
-			"integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==",
+			"version": "3.0.0",
+			"resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.0.0.tgz",
+			"integrity": "sha512-K2U4W2Ff5ibV7j7ydLr+zLAkIg5JJ4lPn1Ltsdt+Tz/IjQ8buJ55pZAxoP34lqIiwtF9iAvtLv3JGv7CAyAg+g==",
 			"dev": true,
 			"engines": {
-				"node": ">=10"
+				"node": ">=14"
 			}
 		},
 		"node_modules/lines-and-columns": {
@@ -5732,27 +5751,27 @@
 			"dev": true
 		},
 		"node_modules/lint-staged": {
-			"version": "13.3.0",
-			"resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-13.3.0.tgz",
-			"integrity": "sha512-mPRtrYnipYYv1FEE134ufbWpeggNTo+O/UPzngoaKzbzHAthvR55am+8GfHTnqNRQVRRrYQLGW9ZyUoD7DsBHQ==",
+			"version": "15.2.2",
+			"resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-15.2.2.tgz",
+			"integrity": "sha512-TiTt93OPh1OZOsb5B7k96A/ATl2AjIZo+vnzFZ6oHK5FuTk63ByDtxGQpHm+kFETjEWqgkF95M8FRXKR/LEBcw==",
 			"dev": true,
 			"dependencies": {
 				"chalk": "5.3.0",
-				"commander": "11.0.0",
+				"commander": "11.1.0",
 				"debug": "4.3.4",
-				"execa": "7.2.0",
-				"lilconfig": "2.1.0",
-				"listr2": "6.6.1",
+				"execa": "8.0.1",
+				"lilconfig": "3.0.0",
+				"listr2": "8.0.1",
 				"micromatch": "4.0.5",
 				"pidtree": "0.6.0",
 				"string-argv": "0.3.2",
-				"yaml": "2.3.1"
+				"yaml": "2.3.4"
 			},
 			"bin": {
 				"lint-staged": "bin/lint-staged.js"
 			},
 			"engines": {
-				"node": "^16.14.0 || >=18.0.0"
+				"node": ">=18.12.0"
 			},
 			"funding": {
 				"url": "https://opencollective.com/lint-staged"
@@ -5771,35 +5790,47 @@
 			}
 		},
 		"node_modules/lint-staged/node_modules/execa": {
-			"version": "7.2.0",
-			"resolved": "https://registry.npmjs.org/execa/-/execa-7.2.0.tgz",
-			"integrity": "sha512-UduyVP7TLB5IcAQl+OzLyLcS/l32W/GLg+AhHJ+ow40FOk2U3SAllPwR44v4vmdFwIWqpdwxxpQbF1n5ta9seA==",
+			"version": "8.0.1",
+			"resolved": "https://registry.npmjs.org/execa/-/execa-8.0.1.tgz",
+			"integrity": "sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==",
 			"dev": true,
 			"dependencies": {
 				"cross-spawn": "^7.0.3",
-				"get-stream": "^6.0.1",
-				"human-signals": "^4.3.0",
+				"get-stream": "^8.0.1",
+				"human-signals": "^5.0.0",
 				"is-stream": "^3.0.0",
 				"merge-stream": "^2.0.0",
 				"npm-run-path": "^5.1.0",
 				"onetime": "^6.0.0",
-				"signal-exit": "^3.0.7",
+				"signal-exit": "^4.1.0",
 				"strip-final-newline": "^3.0.0"
 			},
 			"engines": {
-				"node": "^14.18.0 || ^16.14.0 || >=18.0.0"
+				"node": ">=16.17"
 			},
 			"funding": {
 				"url": "https://github.com/sindresorhus/execa?sponsor=1"
 			}
 		},
-		"node_modules/lint-staged/node_modules/human-signals": {
-			"version": "4.3.1",
-			"resolved": "https://registry.npmjs.org/human-signals/-/human-signals-4.3.1.tgz",
-			"integrity": "sha512-nZXjEF2nbo7lIw3mgYjItAfgQXog3OjJogSbKa2CQIIvSGWcKgeJnQlNXip6NglNzYH45nSRiEVimMvYL8DDqQ==",
+		"node_modules/lint-staged/node_modules/get-stream": {
+			"version": "8.0.1",
+			"resolved": "https://registry.npmjs.org/get-stream/-/get-stream-8.0.1.tgz",
+			"integrity": "sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA==",
 			"dev": true,
 			"engines": {
-				"node": ">=14.18.0"
+				"node": ">=16"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/sindresorhus"
+			}
+		},
+		"node_modules/lint-staged/node_modules/human-signals": {
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/human-signals/-/human-signals-5.0.0.tgz",
+			"integrity": "sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==",
+			"dev": true,
+			"engines": {
+				"node": ">=16.17.0"
 			}
 		},
 		"node_modules/lint-staged/node_modules/is-stream": {
@@ -5827,9 +5858,9 @@
 			}
 		},
 		"node_modules/lint-staged/node_modules/npm-run-path": {
-			"version": "5.1.0",
-			"resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.1.0.tgz",
-			"integrity": "sha512-sJOdmRGrY2sjNTRMbSvluQqg+8X7ZK61yvzBEIDhz4f8z1TZFYABsqjjCBd/0PUNE9M6QDgHJXQkGUEm7Q+l9Q==",
+			"version": "5.2.0",
+			"resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.2.0.tgz",
+			"integrity": "sha512-W4/tgAXFqFA0iL7fk0+uQ3g7wkL8xJmx3XdK0VGb4cHW//eZTtKGvFBBoRKVTpY7n6ze4NL9ly7rgXcHufqXKg==",
 			"dev": true,
 			"dependencies": {
 				"path-key": "^4.0.0"
@@ -5868,6 +5899,18 @@
 				"url": "https://github.com/sponsors/sindresorhus"
 			}
 		},
+		"node_modules/lint-staged/node_modules/signal-exit": {
+			"version": "4.1.0",
+			"resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
+			"integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
+			"dev": true,
+			"engines": {
+				"node": ">=14"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/isaacs"
+			}
+		},
 		"node_modules/lint-staged/node_modules/strip-final-newline": {
 			"version": "3.0.0",
 			"resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-3.0.0.tgz",
@@ -5881,28 +5924,20 @@
 			}
 		},
 		"node_modules/listr2": {
-			"version": "6.6.1",
-			"resolved": "https://registry.npmjs.org/listr2/-/listr2-6.6.1.tgz",
-			"integrity": "sha512-+rAXGHh0fkEWdXBmX+L6mmfmXmXvDGEKzkjxO+8mP3+nI/r/CWznVBvsibXdxda9Zz0OW2e2ikphN3OwCT/jSg==",
+			"version": "8.0.1",
+			"resolved": "https://registry.npmjs.org/listr2/-/listr2-8.0.1.tgz",
+			"integrity": "sha512-ovJXBXkKGfq+CwmKTjluEqFi3p4h8xvkxGQQAQan22YCgef4KZ1mKGjzfGh6PL6AW5Csw0QiQPNuQyH+6Xk3hA==",
 			"dev": true,
 			"dependencies": {
-				"cli-truncate": "^3.1.0",
+				"cli-truncate": "^4.0.0",
 				"colorette": "^2.0.20",
 				"eventemitter3": "^5.0.1",
-				"log-update": "^5.0.1",
+				"log-update": "^6.0.0",
 				"rfdc": "^1.3.0",
-				"wrap-ansi": "^8.1.0"
+				"wrap-ansi": "^9.0.0"
 			},
 			"engines": {
-				"node": ">=16.0.0"
-			},
-			"peerDependencies": {
-				"enquirer": ">= 2.3.0 < 3"
-			},
-			"peerDependenciesMeta": {
-				"enquirer": {
-					"optional": true
-				}
+				"node": ">=18.0.0"
 			}
 		},
 		"node_modules/locate-path": {
@@ -5954,34 +5989,34 @@
 			"dev": true
 		},
 		"node_modules/log-update": {
-			"version": "5.0.1",
-			"resolved": "https://registry.npmjs.org/log-update/-/log-update-5.0.1.tgz",
-			"integrity": "sha512-5UtUDQ/6edw4ofyljDNcOVJQ4c7OjDro4h3y8e1GQL5iYElYclVHJ3zeWchylvMaKnDbDilC8irOVyexnA/Slw==",
+			"version": "6.0.0",
+			"resolved": "https://registry.npmjs.org/log-update/-/log-update-6.0.0.tgz",
+			"integrity": "sha512-niTvB4gqvtof056rRIrTZvjNYE4rCUzO6X/X+kYjd7WFxXeJ0NwEFnRxX6ehkvv3jTwrXnNdtAak5XYZuIyPFw==",
 			"dev": true,
 			"dependencies": {
-				"ansi-escapes": "^5.0.0",
+				"ansi-escapes": "^6.2.0",
 				"cli-cursor": "^4.0.0",
-				"slice-ansi": "^5.0.0",
-				"strip-ansi": "^7.0.1",
-				"wrap-ansi": "^8.0.1"
+				"slice-ansi": "^7.0.0",
+				"strip-ansi": "^7.1.0",
+				"wrap-ansi": "^9.0.0"
 			},
 			"engines": {
-				"node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+				"node": ">=18"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/sindresorhus"
 			}
 		},
 		"node_modules/log-update/node_modules/ansi-escapes": {
-			"version": "5.0.0",
-			"resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-5.0.0.tgz",
-			"integrity": "sha512-5GFMVX8HqE/TB+FuBJGuO5XG0WrsA6ptUqoODaT/n9mmUaZFkqnBueB4leqGBCmrUHnCnC4PCZTCd0E7QQ83bA==",
+			"version": "6.2.0",
+			"resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-6.2.0.tgz",
+			"integrity": "sha512-kzRaCqXnpzWs+3z5ABPQiVke+iq0KXkHo8xiWV4RPTi5Yli0l97BEQuhXV1s7+aSU/fu1kUuxgS4MsQ0fRuygw==",
 			"dev": true,
 			"dependencies": {
-				"type-fest": "^1.0.2"
+				"type-fest": "^3.0.0"
 			},
 			"engines": {
-				"node": ">=12"
+				"node": ">=14.16"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/sindresorhus"
@@ -5999,6 +6034,49 @@
 				"url": "https://github.com/chalk/ansi-regex?sponsor=1"
 			}
 		},
+		"node_modules/log-update/node_modules/ansi-styles": {
+			"version": "6.2.1",
+			"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
+			"integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==",
+			"dev": true,
+			"engines": {
+				"node": ">=12"
+			},
+			"funding": {
+				"url": "https://github.com/chalk/ansi-styles?sponsor=1"
+			}
+		},
+		"node_modules/log-update/node_modules/is-fullwidth-code-point": {
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-5.0.0.tgz",
+			"integrity": "sha512-OVa3u9kkBbw7b8Xw5F9P+D/T9X+Z4+JruYVNapTjPYZYUznQ5YfWeFkOj606XYYW8yugTfC8Pj0hYqvi4ryAhA==",
+			"dev": true,
+			"dependencies": {
+				"get-east-asian-width": "^1.0.0"
+			},
+			"engines": {
+				"node": ">=18"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/sindresorhus"
+			}
+		},
+		"node_modules/log-update/node_modules/slice-ansi": {
+			"version": "7.1.0",
+			"resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-7.1.0.tgz",
+			"integrity": "sha512-bSiSngZ/jWeX93BqeIAbImyTbEihizcwNjFoRUIY/T1wWQsfsm2Vw1agPKylXvQTU7iASGdHhyqRlqQzfz+Htg==",
+			"dev": true,
+			"dependencies": {
+				"ansi-styles": "^6.2.1",
+				"is-fullwidth-code-point": "^5.0.0"
+			},
+			"engines": {
+				"node": ">=18"
+			},
+			"funding": {
+				"url": "https://github.com/chalk/slice-ansi?sponsor=1"
+			}
+		},
 		"node_modules/log-update/node_modules/strip-ansi": {
 			"version": "7.1.0",
 			"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
@@ -6015,17 +6093,28 @@
 			}
 		},
 		"node_modules/log-update/node_modules/type-fest": {
-			"version": "1.4.0",
-			"resolved": "https://registry.npmjs.org/type-fest/-/type-fest-1.4.0.tgz",
-			"integrity": "sha512-yGSza74xk0UG8k+pLh5oeoYirvIiWo5t0/o3zHHAO2tRDiZcxWP7fywNlXhqb6/r6sWvwi+RsyQMWhVLe4BVuA==",
+			"version": "3.13.1",
+			"resolved": "https://registry.npmjs.org/type-fest/-/type-fest-3.13.1.tgz",
+			"integrity": "sha512-tLq3bSNx+xSpwvAJnzrK0Ep5CLNWjvFTOp71URMaAEWBfRb9nnJiBoUe0tF8bI4ZFO3omgBR6NvnbzVUT3Ly4g==",
 			"dev": true,
 			"engines": {
-				"node": ">=10"
+				"node": ">=14.16"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/sindresorhus"
 			}
 		},
+		"node_modules/lookpath": {
+			"version": "1.2.2",
+			"resolved": "https://registry.npmjs.org/lookpath/-/lookpath-1.2.2.tgz",
+			"integrity": "sha512-k2Gmn8iV6qdME3ztZC2spubmQISimFOPLuQKiPaLcVdRz0IpdxrNClVepMlyTJlhodm/zG/VfbkWERm3kUIh+Q==",
+			"bin": {
+				"lookpath": "bin/lookpath.js"
+			},
+			"engines": {
+				"npm": ">=6.13.4"
+			}
+		},
 		"node_modules/loose-envify": {
 			"version": "1.4.0",
 			"resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz",
@@ -7179,9 +7268,9 @@
 			}
 		},
 		"node_modules/rfdc": {
-			"version": "1.3.0",
-			"resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.0.tgz",
-			"integrity": "sha512-V2hovdzFbOi77/WajaSMXk2OLm+xNIeQdMMuB7icj7bk6zi2F8GGAxigcnDFpJHbNyNcgyJDiP+8nOrY5cZGrA==",
+			"version": "1.3.1",
+			"resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.1.tgz",
+			"integrity": "sha512-r5a3l5HzYlIC68TpmYKlxWjmOP6wiPJ1vWv2HeLhNsRZMrCkxeqxiHlQ21oXmQ4F3SiryXBHhAD7JZqvOJjFmg==",
 			"dev": true
 		},
 		"node_modules/rimraf": {
@@ -7267,7 +7356,6 @@
 			"version": "7.5.4",
 			"resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz",
 			"integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==",
-			"dev": true,
 			"dependencies": {
 				"lru-cache": "^6.0.0"
 			},
@@ -7282,7 +7370,6 @@
 			"version": "6.0.0",
 			"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
 			"integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
-			"dev": true,
 			"dependencies": {
 				"yallist": "^4.0.0"
 			},
@@ -7293,8 +7380,7 @@
 		"node_modules/semver/node_modules/yallist": {
 			"version": "4.0.0",
 			"resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-			"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
-			"dev": true
+			"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
 		},
 		"node_modules/set-function-length": {
 			"version": "1.1.1",
@@ -7519,17 +7605,17 @@
 			}
 		},
 		"node_modules/string-width": {
-			"version": "5.1.2",
-			"resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
-			"integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
+			"version": "7.1.0",
+			"resolved": "https://registry.npmjs.org/string-width/-/string-width-7.1.0.tgz",
+			"integrity": "sha512-SEIJCWiX7Kg4c129n48aDRwLbFb2LJmXXFrWBG4NGaRtMQ3myKPKbwrD1BKqQn74oCoNMBVrfDEr5M9YxCsrkw==",
 			"dev": true,
 			"dependencies": {
-				"eastasianwidth": "^0.2.0",
-				"emoji-regex": "^9.2.2",
-				"strip-ansi": "^7.0.1"
+				"emoji-regex": "^10.3.0",
+				"get-east-asian-width": "^1.0.0",
+				"strip-ansi": "^7.1.0"
 			},
 			"engines": {
-				"node": ">=12"
+				"node": ">=18"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/sindresorhus"
@@ -7986,9 +8072,9 @@
 			}
 		},
 		"node_modules/ts-jest": {
-			"version": "29.1.1",
-			"resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.1.tgz",
-			"integrity": "sha512-D6xjnnbP17cC85nliwGiL+tpoKN0StpgE0TeOjXQTU6MVCfsB4v7aW05CgQ/1OywGb0x/oy9hHFnN+sczTiRaA==",
+			"version": "29.1.2",
+			"resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.2.tgz",
+			"integrity": "sha512-br6GJoH/WUX4pu7FbZXuWGKGNDuU7b8Uj77g/Sp7puZV6EXzuByl6JrECvm0MzVzSTkSHWTihsXt+5XYER5b+g==",
 			"dev": true,
 			"dependencies": {
 				"bs-logger": "0.x",
@@ -8004,7 +8090,7 @@
 				"ts-jest": "cli.js"
 			},
 			"engines": {
-				"node": "^14.15.0 || ^16.10.0 || >=18.0.0"
+				"node": "^16.10.0 || ^18.0.0 || >=20.0.0"
 			},
 			"peerDependencies": {
 				"@babel/core": ">=7.0.0-beta.0 <8",
@@ -8204,16 +8290,16 @@
 			}
 		},
 		"node_modules/typescript": {
-			"version": "4.9.5",
-			"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz",
-			"integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==",
+			"version": "5.3.3",
+			"resolved": "https://registry.npmjs.org/typescript/-/typescript-5.3.3.tgz",
+			"integrity": "sha512-pXWcraxM0uxAS+tN0AG/BF2TyqmHO014Z070UsJ+pFvYuRSq8KH8DmWpnbXe0pEPDHXZV3FcAbJkijJ5oNEnWw==",
 			"dev": true,
 			"bin": {
 				"tsc": "bin/tsc",
 				"tsserver": "bin/tsserver"
 			},
 			"engines": {
-				"node": ">=4.2.0"
+				"node": ">=14.17"
 			}
 		},
 		"node_modules/unbox-primitive": {
@@ -8232,9 +8318,9 @@
 			}
 		},
 		"node_modules/undici": {
-			"version": "5.26.5",
-			"resolved": "https://registry.npmjs.org/undici/-/undici-5.26.5.tgz",
-			"integrity": "sha512-cSb4bPFd5qgR7qr2jYAi0hlX9n5YKK2ONKkLFkxl+v/9BvC0sOpZjBHDBSXc5lWAf5ty9oZdRXytBIHzgUcerw==",
+			"version": "5.28.3",
+			"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.3.tgz",
+			"integrity": "sha512-3ItfzbrhDlINjaP0duwnNsKpDQk3acHI3gVJ1z4fmwMK31k5G9OVIAMLSIaP6w4FaGkaAkN6zaQO9LUvZ1t7VA==",
 			"dependencies": {
 				"@fastify/busboy": "^2.0.0"
 			},
@@ -8242,6 +8328,12 @@
 				"node": ">=14.0"
 			}
 		},
+		"node_modules/undici-types": {
+			"version": "5.26.5",
+			"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz",
+			"integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==",
+			"dev": true
+		},
 		"node_modules/update-browserslist-db": {
 			"version": "1.0.13",
 			"resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz",
@@ -8426,17 +8518,17 @@
 			}
 		},
 		"node_modules/wrap-ansi": {
-			"version": "8.1.0",
-			"resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
-			"integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
+			"version": "9.0.0",
+			"resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.0.tgz",
+			"integrity": "sha512-G8ura3S+3Z2G+mkgNRq8dqaFZAuxfsxpBB8OCTGRTCtp+l/v9nbFNmCUP1BZMts3G1142MsZfn6eeUKrr4PD1Q==",
 			"dev": true,
 			"dependencies": {
-				"ansi-styles": "^6.1.0",
-				"string-width": "^5.0.1",
-				"strip-ansi": "^7.0.1"
+				"ansi-styles": "^6.2.1",
+				"string-width": "^7.0.0",
+				"strip-ansi": "^7.1.0"
 			},
 			"engines": {
-				"node": ">=12"
+				"node": ">=18"
 			},
 			"funding": {
 				"url": "https://github.com/chalk/wrap-ansi?sponsor=1"
@@ -8516,9 +8608,9 @@
 			"dev": true
 		},
 		"node_modules/yaml": {
-			"version": "2.3.1",
-			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.1.tgz",
-			"integrity": "sha512-2eHWfjaoXgTBC2jNM1LRef62VQa0umtvRiDSk6HSzW7RvS5YtkabJrwYLLEKWBc8a5U2PTSCs+dJjUTJdlHsWQ==",
+			"version": "2.3.4",
+			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.4.tgz",
+			"integrity": "sha512-8aAvwVUSHpfEqTQ4w/KMlf3HcRdt50E5ODIQJBw1fQ5RL34xabzxtUlzTXVqc4rkZsPbvrXKWnABCD7kWSmocA==",
 			"dev": true,
 			"engines": {
 				"node": ">= 14"
--- a/package.json
+++ b/package.json
@@ -39,19 +39,20 @@
 	},
 	"homepage": "https://github.com/1Password/load-secrets-action#readme",
 	"dependencies": {
+		"@1password/op-js": "^0.1.11",
 		"@actions/core": "^1.10.1",
 		"@actions/exec": "^1.1.1"
 	},
 	"devDependencies": {
 		"@1password/front-end-style": "^6.0.1",
-		"@types/jest": "^29.5.6",
-		"@types/node": "^18.18.6",
-		"@vercel/ncc": "^0.36.1",
-		"husky": "^8.0.3",
+		"@types/jest": "^29.5.12",
+		"@types/node": "^20.11.19",
+		"@vercel/ncc": "^0.38.1",
+		"husky": "^9.0.11",
 		"jest": "^29.7.0",
-		"lint-staged": "^13.3.0",
-		"ts-jest": "^29.1.1",
-		"typescript": "^4.9.5"
+		"lint-staged": "^15.2.2",
+		"ts-jest": "^29.1.2",
+		"typescript": "^5.3.3"
 	},
 	"eslintConfig": {
 		"extends": "./node_modules/@1password/front-end-style/eslintrc.yml",
--- a/src/constants.ts
+++ b/src/constants.ts
@@ -0,0 +1,6 @@
+export const envConnectHost = "OP_CONNECT_HOST";
+export const envConnectToken = "OP_CONNECT_TOKEN";
+export const envServiceAccountToken = "OP_SERVICE_ACCOUNT_TOKEN";
+export const envManagedVariables = "OP_MANAGED_VARIABLES";
+
+export const authErr = `Authentication error with environment variables: you must set either 1) ${envServiceAccountToken}, or 2) both ${envConnectHost} and ${envConnectToken}.`;
--- a/src/index.ts
+++ b/src/index.ts
@@ -2,19 +2,28 @@ import path from "path";
 import url from "url";
 import * as core from "@actions/core";
 import * as exec from "@actions/exec";
+import { validateCli } from "@1password/op-js";
+import { loadSecrets, unsetPrevious, validateAuth } from "./utils";

-const run = async () => {
+const loadSecretsAction = async () => {
 	try {
-		const currentFile = url.fileURLToPath(import.meta.url);
-		const currentDir = path.dirname(currentFile);
-		const parentDir = path.resolve(currentDir, "..");
-
 		// Get action inputs
-		process.env.INPUT_UNSET_PREVIOUS = core.getInput("unset-previous");
-		process.env.INPUT_EXPORT_ENV = core.getInput("export-env");
+		const shouldUnsetPrevious = core.getBooleanInput("unset-previous");
+		const shouldExportEnv = core.getBooleanInput("export-env");

-		// Execute bash script
-		await exec.exec(`sh -c "` + parentDir + `/entrypoint.sh"`);
+		// Unset all secrets managed by 1Password if `unset-previous` is set.
+		if (shouldUnsetPrevious) {
+			unsetPrevious();
+		}
+
+		// Validate that a proper authentication configuration is set for the CLI
+		validateAuth();
+
+		// Download and install the CLI
+		await installCLI();
+
+		// Load secrets
+		await loadSecrets(shouldExportEnv);
 	} catch (error) {
 		// It's possible for the Error constructor to be modified to be anything
 		// in JavaScript, so the following code accounts for this possibility.
@@ -29,4 +38,30 @@ const run = async () => {
 	}
 };

-void run();
+// This function's name is an exception from the naming convention
+// since we refer to the 1Password CLI here.
+// eslint-disable-next-line @typescript-eslint/naming-convention
+const installCLI = async (): Promise<void> => {
+	// validateCli checks if there's an existing 1Password CLI installed on the runner.
+	// If there's no CLI installed, then validateCli will throw an error, which we will use
+	// as an indicator that we need to execute the installation script.
+	await validateCli().catch(async () => {
+		const currentFile = url.fileURLToPath(import.meta.url);
+		const currentDir = path.dirname(currentFile);
+		const parentDir = path.resolve(currentDir, "..");
+
+		// Execute bash script
+		const cmdOut = await exec.getExecOutput(
+			`sh -c "` + parentDir + `/install_cli.sh"`,
+		);
+
+		// Add path to 1Password CLI to $PATH
+		const outArr = cmdOut.stdout.split("\n");
+		if (outArr[0] && process.env.PATH) {
+			const cliPath = outArr[0]?.replace(/^(::debug::OP_INSTALL_DIR: )/, "");
+			core.addPath(cliPath);
+		}
+	});
+};
+
+void loadSecretsAction();
--- a/src/utils.test.ts
+++ b/src/utils.test.ts
@@ -0,0 +1,181 @@
+import * as core from "@actions/core";
+import * as exec from "@actions/exec";
+import { read, setClientInfo } from "@1password/op-js";
+import {
+	extractSecret,
+	loadSecrets,
+	unsetPrevious,
+	validateAuth,
+} from "./utils";
+import {
+	authErr,
+	envConnectHost,
+	envConnectToken,
+	envManagedVariables,
+	envServiceAccountToken,
+} from "./constants";
+
+jest.mock("@actions/core");
+jest.mock("@actions/exec", () => ({
+	getExecOutput: jest.fn(() => ({
+		stdout: "MOCK_SECRET",
+	})),
+}));
+jest.mock("@1password/op-js");
+
+beforeEach(() => {
+	jest.clearAllMocks();
+});
+
+describe("validateAuth", () => {
+	const testConnectHost = "https://localhost:8000";
+	const testConnectToken = "token";
+	const testServiceAccountToken = "ops_token";
+
+	beforeEach(() => {
+		process.env[envConnectHost] = "";
+		process.env[envConnectToken] = "";
+		process.env[envServiceAccountToken] = "";
+	});
+
+	it("should throw an error when no config is provided", () => {
+		expect(validateAuth).toThrowError(authErr);
+	});
+
+	it("should throw an error when partial Connect config is provided", () => {
+		process.env[envConnectHost] = testConnectHost;
+		expect(validateAuth).toThrowError(authErr);
+	});
+
+	it("should append protocol if Connect host doesn't have it", () => {
+		process.env[envConnectHost] = "localhost:8080";
+		process.env[envConnectToken] = testConnectToken;
+		expect(validateAuth).not.toThrowError(authErr);
+		// The following lint error is not an issue because we are checking for the presence of the `http://` prefix;
+		// we are not using it as an insecure connection protocol to link out to another resource.
+		// eslint-disable-next-line no-restricted-syntax
+		expect(process.env[envConnectHost]).toBe("http://localhost:8080");
+	});
+
+	it("should not append protocol if Connect host has one", () => {
+		process.env[envConnectHost] = testConnectHost;
+		process.env[envConnectToken] = testConnectToken;
+		expect(validateAuth).not.toThrowError(authErr);
+		expect(process.env[envConnectHost]).toBe(testConnectHost);
+	});
+
+	it("should be authenticated as a Connect client", () => {
+		process.env[envConnectHost] = testConnectHost;
+		process.env[envConnectToken] = testConnectToken;
+		expect(validateAuth).not.toThrowError(authErr);
+		expect(core.info).toHaveBeenCalledWith("Authenticated with Connect.");
+	});
+
+	it("should be authenticated as a service account", () => {
+		process.env[envServiceAccountToken] = testServiceAccountToken;
+		expect(validateAuth).not.toThrowError(authErr);
+		expect(core.info).toHaveBeenCalledWith(
+			"Authenticated with Service account.",
+		);
+	});
+
+	it("should prioritize Connect over service account if both are configured", () => {
+		process.env[envServiceAccountToken] = testServiceAccountToken;
+		process.env[envConnectHost] = testConnectHost;
+		process.env[envConnectToken] = testConnectToken;
+		expect(validateAuth).not.toThrowError(authErr);
+		expect(core.warning).toHaveBeenCalled();
+		expect(core.info).toHaveBeenCalledWith("Authenticated with Connect.");
+	});
+});
+
+describe("extractSecret", () => {
+	const envTestSecretEnv = "TEST_SECRET";
+	const testSecretRef = "op://vault/item/secret";
+	const testSecretValue = "Secret1@3$";
+
+	read.parse = jest.fn().mockReturnValue(testSecretValue);
+
+	process.env[envTestSecretEnv] = testSecretRef;
+
+	it("should set secret as step output", () => {
+		extractSecret(envTestSecretEnv, false);
+		expect(core.exportVariable).not.toHaveBeenCalledWith(
+			envTestSecretEnv,
+			testSecretValue,
+		);
+		expect(core.setOutput).toHaveBeenCalledWith(
+			envTestSecretEnv,
+			testSecretValue,
+		);
+		expect(core.setSecret).toHaveBeenCalledWith(testSecretValue);
+	});
+
+	it("should set secret as environment variable", () => {
+		extractSecret(envTestSecretEnv, true);
+		expect(core.exportVariable).toHaveBeenCalledWith(
+			envTestSecretEnv,
+			testSecretValue,
+		);
+		expect(core.setOutput).not.toHaveBeenCalledWith(
+			envTestSecretEnv,
+			testSecretValue,
+		);
+		expect(core.setSecret).toHaveBeenCalledWith(testSecretValue);
+	});
+});
+
+describe("loadSecrets", () => {
+	it("sets the client info and gets the executed output", async () => {
+		await loadSecrets(true);
+
+		expect(setClientInfo).toHaveBeenCalledWith({
+			name: "1Password GitHub Action",
+			id: "GHA",
+		});
+		expect(exec.getExecOutput).toHaveBeenCalledWith('sh -c "op env ls"');
+		expect(core.exportVariable).toHaveBeenCalledWith(
+			"OP_MANAGED_VARIABLES",
+			"MOCK_SECRET",
+		);
+	});
+
+	it("return early if no env vars with secrets found", async () => {
+		(exec.getExecOutput as jest.Mock).mockReturnValueOnce({ stdout: "" });
+		await loadSecrets(true);
+
+		expect(exec.getExecOutput).toHaveBeenCalledWith('sh -c "op env ls"');
+		expect(core.exportVariable).not.toHaveBeenCalled();
+	});
+
+	describe("core.exportVariable", () => {
+		it("is called when shouldExportEnv is true", async () => {
+			await loadSecrets(true);
+
+			expect(core.exportVariable).toHaveBeenCalledTimes(1);
+		});
+
+		it("is not called when shouldExportEnv is false", async () => {
+			await loadSecrets(false);
+
+			expect(core.exportVariable).not.toHaveBeenCalled();
+		});
+	});
+});
+
+describe("unsetPrevious", () => {
+	const testManagedEnv = "TEST_SECRET";
+	const testSecretValue = "MyS3cr#T";
+
+	beforeEach(() => {
+		process.env[testManagedEnv] = testSecretValue;
+		process.env[envManagedVariables] = testManagedEnv;
+	});
+
+	it("should unset the environment variable if user wants it", () => {
+		unsetPrevious();
+		expect(core.info).toHaveBeenCalledWith("Unsetting previous values ...");
+		expect(core.info).toHaveBeenCalledWith("Unsetting TEST_SECRET");
+		expect(core.exportVariable).toHaveBeenCalledWith("TEST_SECRET", "");
+	});
+});
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -0,0 +1,103 @@
+import * as core from "@actions/core";
+import * as exec from "@actions/exec";
+import { read, setClientInfo, semverToInt } from "@1password/op-js";
+import { version } from "../package.json";
+import {
+	authErr,
+	envConnectHost,
+	envConnectToken,
+	envServiceAccountToken,
+	envManagedVariables,
+} from "./constants";
+
+export const validateAuth = (): void => {
+	const isConnect = process.env[envConnectHost] && process.env[envConnectToken];
+	const isServiceAccount = process.env[envServiceAccountToken];
+
+	if (isConnect && isServiceAccount) {
+		core.warning(
+			"WARNING: Both service account and Connect credentials are provided. Connect credentials will take priority.",
+		);
+	}
+
+	if (!isConnect && !isServiceAccount) {
+		throw new Error(authErr);
+	}
+
+	const authType = isConnect ? "Connect" : "Service account";
+
+	// Adjust Connect host to have a protocol
+	if (
+		process.env[envConnectHost] &&
+		// The following lint error is not an issue because we are checking for the presence of the `http://` prefix;
+		// we are not using it as an insecure connection protocol to link out to another resource.
+		// eslint-disable-next-line no-restricted-syntax
+		!process.env[envConnectHost].startsWith("http://") &&
+		!process.env[envConnectHost].startsWith("https://")
+	) {
+		process.env[envConnectHost] = `http://${process.env[envConnectHost]}`;
+	}
+
+	core.info(`Authenticated with ${authType}.`);
+};
+
+export const extractSecret = (
+	envName: string,
+	shouldExportEnv: boolean,
+): void => {
+	core.info(`Populating variable: ${envName}`);
+
+	const ref = process.env[envName];
+	if (!ref) {
+		return;
+	}
+
+	const secretValue = read.parse(ref);
+	if (!secretValue) {
+		return;
+	}
+
+	if (shouldExportEnv) {
+		core.exportVariable(envName, secretValue);
+	} else {
+		core.setOutput(envName, secretValue);
+	}
+	core.setSecret(secretValue);
+};
+
+export const loadSecrets = async (shouldExportEnv: boolean): Promise<void> => {
+	// Pass User-Agent Information to the 1Password CLI
+	setClientInfo({
+		name: "1Password GitHub Action",
+		id: "GHA",
+		build: semverToInt(version),
+	});
+
+	// Load secrets from environment variables using 1Password CLI.
+	// Iterate over them to find 1Password references, extract the secret values,
+	// and make them available in the next steps either as step outputs or as environment variables.
+	const res = await exec.getExecOutput(`sh -c "op env ls"`);
+
+	if (res.stdout === "") {
+		return;
+	}
+
+	const envs = res.stdout.replace(/\n+$/g, "").split(/\r?\n/);
+	for (const envName of envs) {
+		extractSecret(envName, shouldExportEnv);
+	}
+	if (shouldExportEnv) {
+		core.exportVariable(envManagedVariables, envs.join());
+	}
+};
+
+export const unsetPrevious = (): void => {
+	if (process.env[envManagedVariables]) {
+		core.info("Unsetting previous values ...");
+		const managedEnvs = process.env[envManagedVariables].split(",");
+		for (const envName of managedEnvs) {
+			core.info(`Unsetting ${envName}`);
+			core.exportVariable(envName, "");
+		}
+	}
+};
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -6,8 +6,6 @@
 		"esModuleInterop": true,
 		"exactOptionalPropertyTypes": true,
 		"forceConsistentCasingInFileNames": true,
-		"importsNotUsedAsValues": "error",
-		"isolatedModules": true,
 		"module": "esnext",
 		"moduleResolution": "node",
 		"noEmit": true,
@@ -17,9 +15,9 @@
 		"noUncheckedIndexedAccess": true,
 		"noUnusedLocals": true,
 		"noUnusedParameters": true,
-		"outDir": "./dist/",
-		"rootDir": "./src/",
+		"resolveJsonModule": true,
 		"strict": true,
-		"target": "es2022"
+		"target": "es2022",
+		"verbatimModuleSyntax": true
 	}
 }