Release 1.3.2

.github/workflows/release.yml

@@ -1,44 +0,0 @@
-name: Release
-
-on:
-  push:
-    branches:
-      # TODO: This branch is for PR testing purposes; update branch to "main" if we proceed with this PR.
-      - ruetz-automate-releases
-  # Specify that this "Release" workflow depends on the other workflows below completing successfully.
-  workflow_run:
-    workflows: ["Lint", "Run acceptance tests"]
-    types:
-      - completed
-
-permissions:
-  contents: read # for checkout
-
-jobs:
-  release:
-    name: Release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write # to be able to publish a GitHub release
-      issues: write # to be able to comment on released issues
-      pull-requests: write # to be able to comment on released pull requests
-      id-token: write # to enable use of OIDC for npm provenance
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "lts/*"
-      - name: Install dependencies
-        run: npm clean-install
-      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
-        run: npm audit signatures
-      - name: Build codebase
-        run: npm run build
-      - name: Release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: npx semantic-release

.github/workflows/test.yml

@@ -2,16 +2,6 @@ on: push
 name: Run acceptance tests
 
 jobs:
-  unit-tests:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: npm ci
-      - run: npm test
-
   test-with-output-secrets:
     strategy:
       matrix:
@@ -39,7 +29,7 @@ jobs:
         if: ${{ matrix.auth == 'connect' }}
         uses: ./configure # 1password/load-secrets-action/configure@<version>
         with:
-          connect-host: http://localhost:8080
+          connect-host: localhost:8080
           connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
       - name: Load secrets
         id: load_secrets

CONTRIBUTING.md

@@ -1,51 +0,0 @@
-# Contributing
-
-Thank you for your interest in contributing to the 1Password load-secrets-action project 👋! Before you start, please take a moment to read through this guide to understand our contribution process.
-
-## Testing
-Unit tests can be run with `npm run test`.
-
-After following the steps below for signing commits, you can test against your PR with these steps:
-
-1. Create or use an existing repo to run the `load-secrets` GitHub Action.
-2. In a workflow yaml file that uses the GitHub Action, modify the `uses: 1Password/load-secrets-action` line to be
-
-    ```yaml
-    uses: 1Password/load-secrets-action@<branch-name>
-    ```
-    OR
-    ```yaml
-    uses: 1Password/load-secrets-action@<commit-hash>
-    ```
-
-3. Trigger the action, which now includes your changes.
-
-## Documentation Updates
-
-If applicable, update the [README.md](./README.md) to reflect any changes introduced by the new code.
-
-## Sign your commits
-
-To get your PR merged, we require you to sign your commits.
-
-### Sign commits with 1Password
-
-You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.
-
-Learn how to use [1Password to sign your commits](https://developer.1password.com/docs/ssh/git-commit-signing/).
-
-### Sign commits with ssh-agent
-
-Follow the steps below to set up commit signing with `ssh-agent`:
-
-1. [Generate an SSH key and add it to ssh-agent](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)
-2. [Add the SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account)
-3. [Configure git to use your SSH key for commits signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-ssh-key)
-
-### Sign commits with gpg
-
-Follow the steps below to set up commit signing with `gpg`:
-
-1. [Generate a GPG key](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key)
-2. [Add the GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account)
-3. [Configure git to use your GPG key for commits signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-gpg-key)

README.md

@@ -32,7 +32,7 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Load secret
-        uses: 1password/load-secrets-action@v2
+        uses: 1password/load-secrets-action@v1
         with:
           # Export loaded secrets as environment variables
           export-env: true

action.yml

@@ -12,5 +12,5 @@ inputs:
     description: Export the secrets as environment variables
     default: "true"
 runs:
-  using: "node20"
+  using: "node16"
   main: "dist/index.js"

config/jest.config.js

@@ -11,16 +11,7 @@ const jestConfig = {
 	testEnvironment: "node",
 	testRegex: "(/__tests__/.*|(\\.|/)test)\\.ts",
 	transform: {
-		".ts": [
-			"ts-jest",
-			{
-				// Note: We shouldn't need to include `isolatedModules` here because it's a deprecated config option in TS 5,
-				// but setting it to `true` fixes the `ESM syntax is not allowed in a CommonJS module when
-				// 'verbatimModuleSyntax' is enabled` error that we're seeing when running our Jest tests.
-				isolatedModules: true,
-				useESM: true,
-			},
-		],
+		".ts": ["ts-jest"],
 	},
 	verbose: true,
 };

entrypoint.sh

@@ -0,0 +1,172 @@
+#!/bin/bash
+# shellcheck disable=SC2046,SC2001,SC2086
+set -e
+
+# Pass User-Agent Inforomation to the 1Password CLI
+export OP_INTEGRATION_NAME="1Password GitHub Action"
+export OP_INTEGRATION_ID="GHA"
+export OP_INTEGRATION_BUILDNUMBER="1010001"
+
+readonly CONNECT="CONNECT"
+readonly SERVICE_ACCOUNT="SERVICE_ACCOUNT"
+
+auth_type=$CONNECT
+managed_variables_var="OP_MANAGED_VARIABLES"
+IFS=','
+
+if [[ "$OP_CONNECT_HOST" != "http://"* ]] && [[ "$OP_CONNECT_HOST" != "https://"* ]]; then
+  export OP_CONNECT_HOST="http://"$OP_CONNECT_HOST
+fi
+
+# Unset all secrets managed by 1Password if `unset-previous` is set.
+unset_prev_secrets() {
+  if [ "$INPUT_UNSET_PREVIOUS" == "true" ]; then
+    echo "Unsetting previous values..."
+
+    # Find environment variables that are managed by 1Password.
+    for env_var in "${managed_variables[@]}"; do
+      echo "Unsetting $env_var"
+      unset $env_var
+
+      echo "$env_var=" >> $GITHUB_ENV
+
+      # Keep the masks, just in case.
+    done
+
+    managed_variables=()
+  fi
+}
+
+# Install op-cli
+install_op_cli() {
+  # Create a temporary directory where the CLI is installed
+  OP_INSTALL_DIR="$(mktemp -d)"
+  if [[ ! -d "$OP_INSTALL_DIR" ]]; then
+    echo "Install dir $OP_INSTALL_DIR not found"
+    exit 1
+  fi
+  export OP_INSTALL_DIR
+  echo "::debug::OP_INSTALL_DIR: ${OP_INSTALL_DIR}"
+
+  # Get the latest stable version of the CLI
+  OP_CLI_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"
+
+  if [[ "$OSTYPE" == "linux-gnu"* ]]; then
+    # Get runner's architecture
+    ARCH=$(uname -m)
+    if [[ "$(getconf LONG_BIT)" = 32 ]]; then
+      ARCH="386"
+    elif [[ "$ARCH" == "x86_64" ]]; then
+      ARCH="amd64"
+    elif [[ "$ARCH" == "aarch64" ]]; then
+      ARCH="arm64"
+    fi
+
+    if [[ "$ARCH" != "386" ]] && [[ "$ARCH" != "amd64" ]] && [[ "$ARCH" != "arm" ]] && [[ "$ARCH" != "arm64" ]]; then
+      echo "Unsupported architecture for the 1Password CLI: $ARCH."
+      exit 1
+    fi
+
+    curl -sSfLo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/${OP_CLI_VERSION}/op_linux_${ARCH}_${OP_CLI_VERSION}.zip"
+    unzip -od "$OP_INSTALL_DIR" op.zip && rm op.zip
+  elif [[ "$OSTYPE" == "darwin"* ]]; then
+    curl -sSfLo op.pkg "https://cache.agilebits.com/dist/1P/op2/pkg/${OP_CLI_VERSION}/op_apple_universal_${OP_CLI_VERSION}.pkg"
+    pkgutil --expand op.pkg temp-pkg
+    tar -xvf temp-pkg/op.pkg/Payload -C "$OP_INSTALL_DIR"
+    rm -rf temp-pkg && rm op.pkg
+  else
+    echo "Operating system not supported yet for this GitHub Action: $OSTYPE."
+    exit 1
+  fi
+}
+
+# Uninstall op-cli
+uninstall_op_cli() {
+  if [[ -d "$OP_INSTALL_DIR" ]]; then
+    rm -fr "$OP_INSTALL_DIR"
+  fi
+}
+
+populating_secret() {
+  ref=$(printenv $1)
+
+  echo "Populating variable: $1"
+  secret_value=$("${OP_INSTALL_DIR}/op" read "$ref")
+
+  if [ -z "$secret_value" ]; then
+    echo "Could not find or access secret $ref"
+    exit 1
+  fi
+
+  # Register a mask for the secret to prevent accidental log exposure.
+  # To support multiline secrets, escape percent signs and add a mask per line.
+  escaped_mask_value=$(echo "$secret_value" | sed -e 's/%/%25/g')
+  IFS=$'\n'
+  for line in $escaped_mask_value; do
+    if [ "${#line}" -lt 3 ]; then
+      # To avoid false positives and unreadable logs, omit mask for lines that are too short.
+      continue
+    fi
+    echo "::add-mask::$line"
+  done
+  unset IFS
+
+  # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
+  # As the heredoc identifier, we'll use a randomly generated 64-character string,
+  # so that collisions are practically impossible.
+  # Read more: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
+  delimiter="$(openssl rand -hex 32)"
+
+  if [ "$INPUT_EXPORT_ENV" == "true" ]; then
+    {
+      # Populate env var, using heredoc syntax with generated identifier
+      echo "$env_var<<${delimiter}"
+      echo "$secret_value"
+      echo "${delimiter}"
+    } >> $GITHUB_ENV
+    echo "GITHUB_ENV: $(cat $GITHUB_ENV)"
+
+  else
+    {
+      # Populate env var, using heredoc syntax with generated identifier
+      echo "$env_var<<${delimiter}"
+      echo "$secret_value"
+      echo "${delimiter}"
+    } >> $GITHUB_OUTPUT
+  fi
+
+  managed_variables+=("$env_var")
+}
+
+# Load environment variables using op cli. Iterate over them to find 1Password references, load the secret values,
+# and make them available as environment variables in the next steps.
+extract_secrets() {
+  IFS=$'\n'
+  for env_var in $("${OP_INSTALL_DIR}/op" env ls); do
+    populating_secret $env_var
+  done
+}
+
+read -r -a managed_variables <<< "$(printenv $managed_variables_var)"
+
+if [ -z "$OP_CONNECT_TOKEN" ] || [ -z "$OP_CONNECT_HOST" ]; then
+  if [ -z "$OP_SERVICE_ACCOUNT_TOKEN" ]; then
+    echo "(\$OP_CONNECT_TOKEN and \$OP_CONNECT_HOST) or \$OP_SERVICE_ACCOUNT_TOKEN must be set"
+    exit 1
+  fi
+
+  auth_type=$SERVICE_ACCOUNT
+fi
+
+printf "Authenticated with %s \n" $auth_type
+
+unset_prev_secrets
+install_op_cli
+extract_secrets
+uninstall_op_cli
+
+unset IFS
+# Add extra env var that lists which secrets are managed by 1Password so that in a later step
+# these can be unset again.
+managed_variables_str=$(IFS=','; echo "${managed_variables[*]}")
+echo "$managed_variables_var=$managed_variables_str" >> $GITHUB_ENV

install_cli.sh

@@ -1,46 +0,0 @@
-#!/bin/bash
-set -e
-
-# Install op-cli
-install_op_cli() {
-  # Create a temporary directory where the CLI is installed
-  OP_INSTALL_DIR="$(mktemp -d)"
-  if [[ ! -d "$OP_INSTALL_DIR" ]]; then
-    echo "Install dir $OP_INSTALL_DIR not found"
-    exit 1
-  fi
-  echo "::debug::OP_INSTALL_DIR: ${OP_INSTALL_DIR}"
-
-  # Get the latest stable version of the CLI
-  CLI_VERSION="v$(curl https://app-updates.agilebits.com/check/1/0/CLI2/en/2.0.0/N -s | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')"
-
-  if [[ "$OSTYPE" == "linux-gnu"* ]]; then
-    # Get runner's architecture
-    ARCH=$(uname -m)
-    if [[ "$(getconf LONG_BIT)" = 32 ]]; then
-      ARCH="386"
-    elif [[ "$ARCH" == "x86_64" ]]; then
-      ARCH="amd64"
-    elif [[ "$ARCH" == "aarch64" ]]; then
-      ARCH="arm64"
-    fi
-
-    if [[ "$ARCH" != "386" ]] && [[ "$ARCH" != "amd64" ]] && [[ "$ARCH" != "arm" ]] && [[ "$ARCH" != "arm64" ]]; then
-      echo "Unsupported architecture for the 1Password CLI: $ARCH."
-      exit 1
-    fi
-
-    curl -sSfLo op.zip "https://cache.agilebits.com/dist/1P/op2/pkg/${CLI_VERSION}/op_linux_${ARCH}_${CLI_VERSION}.zip"
-    unzip -od "$OP_INSTALL_DIR" op.zip && rm op.zip
-  elif [[ "$OSTYPE" == "darwin"* ]]; then
-    curl -sSfLo op.pkg "https://cache.agilebits.com/dist/1P/op2/pkg/${CLI_VERSION}/op_apple_universal_${CLI_VERSION}.pkg"
-    pkgutil --expand op.pkg temp-pkg
-    tar -xvf temp-pkg/op.pkg/Payload -C "$OP_INSTALL_DIR"
-    rm -rf temp-pkg && rm op.pkg
-  else
-    echo "Operating system not supported yet for this GitHub Action: $OSTYPE."
-    exit 1
-  fi
-}
-
-install_op_cli

package-lock.json

@@ -1,28 +1,27 @@
 {
 	"name": "load-secrets-action",
-	"version": "2.0.0",
+	"version": "1.3.2",
 	"lockfileVersion": 3,
 	"requires": true,
 	"packages": {
 		"": {
 			"name": "load-secrets-action",
-			"version": "2.0.0",
+			"version": "1.3.2",
 			"license": "MIT",
 			"dependencies": {
-				"@1password/op-js": "^0.1.11",
 				"@actions/core": "^1.10.1",
 				"@actions/exec": "^1.1.1"
 			},
 			"devDependencies": {
 				"@1password/front-end-style": "^6.0.1",
-				"@types/jest": "^29.5.12",
-				"@types/node": "^20.11.30",
-				"@vercel/ncc": "^0.38.1",
-				"husky": "^9.0.11",
+				"@types/jest": "^29.5.6",
+				"@types/node": "^18.18.6",
+				"@vercel/ncc": "^0.36.1",
+				"husky": "^8.0.3",
 				"jest": "^29.7.0",
-				"lint-staged": "^15.2.2",
-				"ts-jest": "^29.1.2",
-				"typescript": "^5.4.2"
+				"lint-staged": "^13.3.0",
+				"ts-jest": "^29.1.1",
+				"typescript": "^4.9.5"
 			}
 		},
 		"node_modules/@1password/front-end-style": {
@@ -58,15 +57,6 @@
 				"typescript": ">=4.0.3"
 			}
 		},
-		"node_modules/@1password/op-js": {
-			"version": "0.1.11",
-			"resolved": "https://registry.npmjs.org/@1password/op-js/-/op-js-0.1.11.tgz",
-			"integrity": "sha512-ZT4B3zYfYz7tz3fol+qAhWYgheUzG9i9OoJq4UcXsKL/8bxtwyt+IrcRcRd3wsyo+MgnsMXQMPOzqYDUNW+S2Q==",
-			"dependencies": {
-				"lookpath": "^1.2.2",
-				"semver": "^7.3.6"
-			}
-		},
 		"node_modules/@aashutoshrathi/word-wrap": {
 			"version": "1.2.6",
 			"resolved": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz",
@@ -1591,9 +1581,9 @@
 			}
 		},
 		"node_modules/@types/jest": {
-			"version": "29.5.12",
-			"resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz",
-			"integrity": "sha512-eDC8bTvT/QhYdxJAulQikueigY5AsdBRH2yDKW3yveW7svY3+DzN84/2NUgkw10RTiJbWqZrTtoGVdYlvFJdLw==",
+			"version": "29.5.6",
+			"resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.6.tgz",
+			"integrity": "sha512-/t9NnzkOpXb4Nfvg17ieHE6EeSjDS2SGSpNYfoLbUAeL/EOueU/RSdOWFpfQTXBEM7BguYW1XQ0EbM+6RlIh6w==",
 			"dev": true,
 			"dependencies": {
 				"expect": "^29.0.0",
@@ -1619,13 +1609,10 @@
 			"dev": true
 		},
 		"node_modules/@types/node": {
-			"version": "20.11.30",
-			"resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.30.tgz",
-			"integrity": "sha512-dHM6ZxwlmuZaRmUPfv1p+KrdD1Dci04FbdEm/9wEMouFqxYoFl5aMkt0VMAUtYRQDyYvD41WJLukhq/ha3YuTw==",
-			"dev": true,
-			"dependencies": {
-				"undici-types": "~5.26.4"
-			}
+			"version": "18.18.6",
+			"resolved": "https://registry.npmjs.org/@types/node/-/node-18.18.6.tgz",
+			"integrity": "sha512-wf3Vz+jCmOQ2HV1YUJuCWdL64adYxumkrxtc+H1VUQlnQI04+5HtH+qZCOE21lBE7gIrt+CwX2Wv8Acrw5Ak6w==",
+			"dev": true
 		},
 		"node_modules/@types/normalize-package-data": {
 			"version": "2.4.3",
@@ -1952,9 +1939,9 @@
 			}
 		},
 		"node_modules/@vercel/ncc": {
-			"version": "0.38.1",
-			"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.1.tgz",
-			"integrity": "sha512-IBBb+iI2NLu4VQn3Vwldyi2QwaXt5+hTyh58ggAMoCGE6DJmPvwL3KPBWcJl1m9LYPChBLE980Jw+CS4Wokqxw==",
+			"version": "0.36.1",
+			"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.36.1.tgz",
+			"integrity": "sha512-S4cL7Taa9yb5qbv+6wLgiKVZ03Qfkc4jGRuiUQMQ8HGBD5pcNRnHeYM33zBvJE4/zJGjJJ8GScB+WmTsn9mORw==",
 			"dev": true,
 			"bin": {
 				"ncc": "dist/ncc/cli.js"
@@ -2594,16 +2581,16 @@
 			}
 		},
 		"node_modules/cli-truncate": {
-			"version": "4.0.0",
-			"resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-4.0.0.tgz",
-			"integrity": "sha512-nPdaFdQ0h/GEigbPClz11D0v/ZJEwxmeVZGeMo3Z5StPtUTkA9o1lD6QwoirYiSDzbcwn2XcjwmCp68W1IS4TA==",
+			"version": "3.1.0",
+			"resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-3.1.0.tgz",
+			"integrity": "sha512-wfOBkjXteqSnI59oPcJkcPl/ZmwvMMOj340qUIY1SKZCv0B9Cf4D4fAucRkIKQmsIuYK3x1rrgU7MeGRruiuiA==",
 			"dev": true,
 			"dependencies": {
 				"slice-ansi": "^5.0.0",
-				"string-width": "^7.0.0"
+				"string-width": "^5.0.0"
 			},
 			"engines": {
-				"node": ">=18"
+				"node": "^12.20.0 || ^14.13.1 || >=16.0.0"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/sindresorhus"
@@ -2716,9 +2703,9 @@
 			"dev": true
 		},
 		"node_modules/commander": {
-			"version": "11.1.0",
-			"resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz",
-			"integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==",
+			"version": "11.0.0",
+			"resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz",
+			"integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==",
 			"dev": true,
 			"engines": {
 				"node": ">=16"
@@ -2979,6 +2966,12 @@
 				"node": ">=6.0.0"
 			}
 		},
+		"node_modules/eastasianwidth": {
+			"version": "0.2.0",
+			"resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
+			"integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==",
+			"dev": true
+		},
 		"node_modules/electron-to-chromium": {
 			"version": "1.4.565",
 			"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.565.tgz",
@@ -2998,9 +2991,9 @@
 			}
 		},
 		"node_modules/emoji-regex": {
-			"version": "10.3.0",
-			"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.3.0.tgz",
-			"integrity": "sha512-QpLs9D9v9kArv4lfDEgg1X/gN5XLnf/A6l9cs8SPZLRZR3ZkY9+kwIQTxm+fsSej5UMYGE8fdoaZVIBlqG0XTw==",
+			"version": "9.2.2",
+			"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
+			"integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
 			"dev": true
 		},
 		"node_modules/enquirer": {
@@ -3990,18 +3983,6 @@
 				"node": "6.* || 8.* || >= 10.*"
 			}
 		},
-		"node_modules/get-east-asian-width": {
-			"version": "1.2.0",
-			"resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.2.0.tgz",
-			"integrity": "sha512-2nk+7SIVb14QrgXFHcm84tD4bKQz0RxPuMT8Ag5KPOq7J5fEmAg0UbXdTOSHqNuHSU28k55qnceesxXRZGzKWA==",
-			"dev": true,
-			"engines": {
-				"node": ">=18"
-			},
-			"funding": {
-				"url": "https://github.com/sponsors/sindresorhus"
-			}
-		},
 		"node_modules/get-intrinsic": {
 			"version": "1.2.2",
 			"resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz",
@@ -4331,15 +4312,15 @@
 			}
 		},
 		"node_modules/husky": {
-			"version": "9.0.11",
-			"resolved": "https://registry.npmjs.org/husky/-/husky-9.0.11.tgz",
-			"integrity": "sha512-AB6lFlbwwyIqMdHYhwPe+kjOC3Oc5P3nThEoW/AaO2BX3vJDjWPFxYLxokUZOo6RNX20He3AaT8sESs9NJcmEw==",
+			"version": "8.0.3",
+			"resolved": "https://registry.npmjs.org/husky/-/husky-8.0.3.tgz",
+			"integrity": "sha512-+dQSyqPh4x1hlO1swXBiNb2HzTDN1I2IGLQx1GrBuiqFJfoMrnZWwVmatvSiO+Iz8fBUnf+lekwNo4c2LlXItg==",
 			"dev": true,
 			"bin": {
-				"husky": "bin.mjs"
+				"husky": "lib/bin.js"
 			},
 			"engines": {
-				"node": ">=18"
+				"node": ">=14"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/typicode"
@@ -5736,12 +5717,12 @@
 			}
 		},
 		"node_modules/lilconfig": {
-			"version": "3.0.0",
-			"resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.0.0.tgz",
-			"integrity": "sha512-K2U4W2Ff5ibV7j7ydLr+zLAkIg5JJ4lPn1Ltsdt+Tz/IjQ8buJ55pZAxoP34lqIiwtF9iAvtLv3JGv7CAyAg+g==",
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz",
+			"integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==",
 			"dev": true,
 			"engines": {
-				"node": ">=14"
+				"node": ">=10"
 			}
 		},
 		"node_modules/lines-and-columns": {
@@ -5751,27 +5732,27 @@
 			"dev": true
 		},
 		"node_modules/lint-staged": {
-			"version": "15.2.2",
-			"resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-15.2.2.tgz",
-			"integrity": "sha512-TiTt93OPh1OZOsb5B7k96A/ATl2AjIZo+vnzFZ6oHK5FuTk63ByDtxGQpHm+kFETjEWqgkF95M8FRXKR/LEBcw==",
+			"version": "13.3.0",
+			"resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-13.3.0.tgz",
+			"integrity": "sha512-mPRtrYnipYYv1FEE134ufbWpeggNTo+O/UPzngoaKzbzHAthvR55am+8GfHTnqNRQVRRrYQLGW9ZyUoD7DsBHQ==",
 			"dev": true,
 			"dependencies": {
 				"chalk": "5.3.0",
-				"commander": "11.1.0",
+				"commander": "11.0.0",
 				"debug": "4.3.4",
-				"execa": "8.0.1",
-				"lilconfig": "3.0.0",
-				"listr2": "8.0.1",
+				"execa": "7.2.0",
+				"lilconfig": "2.1.0",
+				"listr2": "6.6.1",
 				"micromatch": "4.0.5",
 				"pidtree": "0.6.0",
 				"string-argv": "0.3.2",
-				"yaml": "2.3.4"
+				"yaml": "2.3.1"
 			},
 			"bin": {
 				"lint-staged": "bin/lint-staged.js"
 			},
 			"engines": {
-				"node": ">=18.12.0"
+				"node": "^16.14.0 || >=18.0.0"
 			},
 			"funding": {
 				"url": "https://opencollective.com/lint-staged"
@@ -5790,47 +5771,35 @@
 			}
 		},
 		"node_modules/lint-staged/node_modules/execa": {
-			"version": "8.0.1",
-			"resolved": "https://registry.npmjs.org/execa/-/execa-8.0.1.tgz",
-			"integrity": "sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==",
+			"version": "7.2.0",
+			"resolved": "https://registry.npmjs.org/execa/-/execa-7.2.0.tgz",
+			"integrity": "sha512-UduyVP7TLB5IcAQl+OzLyLcS/l32W/GLg+AhHJ+ow40FOk2U3SAllPwR44v4vmdFwIWqpdwxxpQbF1n5ta9seA==",
 			"dev": true,
 			"dependencies": {
 				"cross-spawn": "^7.0.3",
-				"get-stream": "^8.0.1",
-				"human-signals": "^5.0.0",
+				"get-stream": "^6.0.1",
+				"human-signals": "^4.3.0",
 				"is-stream": "^3.0.0",
 				"merge-stream": "^2.0.0",
 				"npm-run-path": "^5.1.0",
 				"onetime": "^6.0.0",
-				"signal-exit": "^4.1.0",
+				"signal-exit": "^3.0.7",
 				"strip-final-newline": "^3.0.0"
 			},
 			"engines": {
-				"node": ">=16.17"
+				"node": "^14.18.0 || ^16.14.0 || >=18.0.0"
 			},
 			"funding": {
 				"url": "https://github.com/sindresorhus/execa?sponsor=1"
 			}
 		},
-		"node_modules/lint-staged/node_modules/get-stream": {
-			"version": "8.0.1",
-			"resolved": "https://registry.npmjs.org/get-stream/-/get-stream-8.0.1.tgz",
-			"integrity": "sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA==",
-			"dev": true,
-			"engines": {
-				"node": ">=16"
-			},
-			"funding": {
-				"url": "https://github.com/sponsors/sindresorhus"
-			}
-		},
 		"node_modules/lint-staged/node_modules/human-signals": {
-			"version": "5.0.0",
-			"resolved": "https://registry.npmjs.org/human-signals/-/human-signals-5.0.0.tgz",
-			"integrity": "sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==",
+			"version": "4.3.1",
+			"resolved": "https://registry.npmjs.org/human-signals/-/human-signals-4.3.1.tgz",
+			"integrity": "sha512-nZXjEF2nbo7lIw3mgYjItAfgQXog3OjJogSbKa2CQIIvSGWcKgeJnQlNXip6NglNzYH45nSRiEVimMvYL8DDqQ==",
 			"dev": true,
 			"engines": {
-				"node": ">=16.17.0"
+				"node": ">=14.18.0"
 			}
 		},
 		"node_modules/lint-staged/node_modules/is-stream": {
@@ -5858,9 +5827,9 @@
 			}
 		},
 		"node_modules/lint-staged/node_modules/npm-run-path": {
-			"version": "5.2.0",
-			"resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.2.0.tgz",
-			"integrity": "sha512-W4/tgAXFqFA0iL7fk0+uQ3g7wkL8xJmx3XdK0VGb4cHW//eZTtKGvFBBoRKVTpY7n6ze4NL9ly7rgXcHufqXKg==",
+			"version": "5.1.0",
+			"resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.1.0.tgz",
+			"integrity": "sha512-sJOdmRGrY2sjNTRMbSvluQqg+8X7ZK61yvzBEIDhz4f8z1TZFYABsqjjCBd/0PUNE9M6QDgHJXQkGUEm7Q+l9Q==",
 			"dev": true,
 			"dependencies": {
 				"path-key": "^4.0.0"
@@ -5899,18 +5868,6 @@
 				"url": "https://github.com/sponsors/sindresorhus"
 			}
 		},
-		"node_modules/lint-staged/node_modules/signal-exit": {
-			"version": "4.1.0",
-			"resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
-			"integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
-			"dev": true,
-			"engines": {
-				"node": ">=14"
-			},
-			"funding": {
-				"url": "https://github.com/sponsors/isaacs"
-			}
-		},
 		"node_modules/lint-staged/node_modules/strip-final-newline": {
 			"version": "3.0.0",
 			"resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-3.0.0.tgz",
@@ -5924,20 +5881,28 @@
 			}
 		},
 		"node_modules/listr2": {
-			"version": "8.0.1",
-			"resolved": "https://registry.npmjs.org/listr2/-/listr2-8.0.1.tgz",
-			"integrity": "sha512-ovJXBXkKGfq+CwmKTjluEqFi3p4h8xvkxGQQAQan22YCgef4KZ1mKGjzfGh6PL6AW5Csw0QiQPNuQyH+6Xk3hA==",
+			"version": "6.6.1",
+			"resolved": "https://registry.npmjs.org/listr2/-/listr2-6.6.1.tgz",
+			"integrity": "sha512-+rAXGHh0fkEWdXBmX+L6mmfmXmXvDGEKzkjxO+8mP3+nI/r/CWznVBvsibXdxda9Zz0OW2e2ikphN3OwCT/jSg==",
 			"dev": true,
 			"dependencies": {
-				"cli-truncate": "^4.0.0",
+				"cli-truncate": "^3.1.0",
 				"colorette": "^2.0.20",
 				"eventemitter3": "^5.0.1",
-				"log-update": "^6.0.0",
+				"log-update": "^5.0.1",
 				"rfdc": "^1.3.0",
-				"wrap-ansi": "^9.0.0"
+				"wrap-ansi": "^8.1.0"
 			},
 			"engines": {
-				"node": ">=18.0.0"
+				"node": ">=16.0.0"
+			},
+			"peerDependencies": {
+				"enquirer": ">= 2.3.0 < 3"
+			},
+			"peerDependenciesMeta": {
+				"enquirer": {
+					"optional": true
+				}
 			}
 		},
 		"node_modules/locate-path": {
@@ -5989,34 +5954,34 @@
 			"dev": true
 		},
 		"node_modules/log-update": {
-			"version": "6.0.0",
-			"resolved": "https://registry.npmjs.org/log-update/-/log-update-6.0.0.tgz",
-			"integrity": "sha512-niTvB4gqvtof056rRIrTZvjNYE4rCUzO6X/X+kYjd7WFxXeJ0NwEFnRxX6ehkvv3jTwrXnNdtAak5XYZuIyPFw==",
+			"version": "5.0.1",
+			"resolved": "https://registry.npmjs.org/log-update/-/log-update-5.0.1.tgz",
+			"integrity": "sha512-5UtUDQ/6edw4ofyljDNcOVJQ4c7OjDro4h3y8e1GQL5iYElYclVHJ3zeWchylvMaKnDbDilC8irOVyexnA/Slw==",
 			"dev": true,
 			"dependencies": {
-				"ansi-escapes": "^6.2.0",
+				"ansi-escapes": "^5.0.0",
 				"cli-cursor": "^4.0.0",
-				"slice-ansi": "^7.0.0",
-				"strip-ansi": "^7.1.0",
-				"wrap-ansi": "^9.0.0"
+				"slice-ansi": "^5.0.0",
+				"strip-ansi": "^7.0.1",
+				"wrap-ansi": "^8.0.1"
 			},
 			"engines": {
-				"node": ">=18"
+				"node": "^12.20.0 || ^14.13.1 || >=16.0.0"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/sindresorhus"
 			}
 		},
 		"node_modules/log-update/node_modules/ansi-escapes": {
-			"version": "6.2.0",
-			"resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-6.2.0.tgz",
-			"integrity": "sha512-kzRaCqXnpzWs+3z5ABPQiVke+iq0KXkHo8xiWV4RPTi5Yli0l97BEQuhXV1s7+aSU/fu1kUuxgS4MsQ0fRuygw==",
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-5.0.0.tgz",
+			"integrity": "sha512-5GFMVX8HqE/TB+FuBJGuO5XG0WrsA6ptUqoODaT/n9mmUaZFkqnBueB4leqGBCmrUHnCnC4PCZTCd0E7QQ83bA==",
 			"dev": true,
 			"dependencies": {
-				"type-fest": "^3.0.0"
+				"type-fest": "^1.0.2"
 			},
 			"engines": {
-				"node": ">=14.16"
+				"node": ">=12"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/sindresorhus"
@@ -6034,49 +5999,6 @@
 				"url": "https://github.com/chalk/ansi-regex?sponsor=1"
 			}
 		},
-		"node_modules/log-update/node_modules/ansi-styles": {
-			"version": "6.2.1",
-			"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
-			"integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==",
-			"dev": true,
-			"engines": {
-				"node": ">=12"
-			},
-			"funding": {
-				"url": "https://github.com/chalk/ansi-styles?sponsor=1"
-			}
-		},
-		"node_modules/log-update/node_modules/is-fullwidth-code-point": {
-			"version": "5.0.0",
-			"resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-5.0.0.tgz",
-			"integrity": "sha512-OVa3u9kkBbw7b8Xw5F9P+D/T9X+Z4+JruYVNapTjPYZYUznQ5YfWeFkOj606XYYW8yugTfC8Pj0hYqvi4ryAhA==",
-			"dev": true,
-			"dependencies": {
-				"get-east-asian-width": "^1.0.0"
-			},
-			"engines": {
-				"node": ">=18"
-			},
-			"funding": {
-				"url": "https://github.com/sponsors/sindresorhus"
-			}
-		},
-		"node_modules/log-update/node_modules/slice-ansi": {
-			"version": "7.1.0",
-			"resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-7.1.0.tgz",
-			"integrity": "sha512-bSiSngZ/jWeX93BqeIAbImyTbEihizcwNjFoRUIY/T1wWQsfsm2Vw1agPKylXvQTU7iASGdHhyqRlqQzfz+Htg==",
-			"dev": true,
-			"dependencies": {
-				"ansi-styles": "^6.2.1",
-				"is-fullwidth-code-point": "^5.0.0"
-			},
-			"engines": {
-				"node": ">=18"
-			},
-			"funding": {
-				"url": "https://github.com/chalk/slice-ansi?sponsor=1"
-			}
-		},
 		"node_modules/log-update/node_modules/strip-ansi": {
 			"version": "7.1.0",
 			"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
@@ -6093,28 +6015,17 @@
 			}
 		},
 		"node_modules/log-update/node_modules/type-fest": {
-			"version": "3.13.1",
-			"resolved": "https://registry.npmjs.org/type-fest/-/type-fest-3.13.1.tgz",
-			"integrity": "sha512-tLq3bSNx+xSpwvAJnzrK0Ep5CLNWjvFTOp71URMaAEWBfRb9nnJiBoUe0tF8bI4ZFO3omgBR6NvnbzVUT3Ly4g==",
+			"version": "1.4.0",
+			"resolved": "https://registry.npmjs.org/type-fest/-/type-fest-1.4.0.tgz",
+			"integrity": "sha512-yGSza74xk0UG8k+pLh5oeoYirvIiWo5t0/o3zHHAO2tRDiZcxWP7fywNlXhqb6/r6sWvwi+RsyQMWhVLe4BVuA==",
 			"dev": true,
 			"engines": {
-				"node": ">=14.16"
+				"node": ">=10"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/sindresorhus"
 			}
 		},
-		"node_modules/lookpath": {
-			"version": "1.2.2",
-			"resolved": "https://registry.npmjs.org/lookpath/-/lookpath-1.2.2.tgz",
-			"integrity": "sha512-k2Gmn8iV6qdME3ztZC2spubmQISimFOPLuQKiPaLcVdRz0IpdxrNClVepMlyTJlhodm/zG/VfbkWERm3kUIh+Q==",
-			"bin": {
-				"lookpath": "bin/lookpath.js"
-			},
-			"engines": {
-				"npm": ">=6.13.4"
-			}
-		},
 		"node_modules/loose-envify": {
 			"version": "1.4.0",
 			"resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz",
@@ -7268,9 +7179,9 @@
 			}
 		},
 		"node_modules/rfdc": {
-			"version": "1.3.1",
-			"resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.1.tgz",
-			"integrity": "sha512-r5a3l5HzYlIC68TpmYKlxWjmOP6wiPJ1vWv2HeLhNsRZMrCkxeqxiHlQ21oXmQ4F3SiryXBHhAD7JZqvOJjFmg==",
+			"version": "1.3.0",
+			"resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.0.tgz",
+			"integrity": "sha512-V2hovdzFbOi77/WajaSMXk2OLm+xNIeQdMMuB7icj7bk6zi2F8GGAxigcnDFpJHbNyNcgyJDiP+8nOrY5cZGrA==",
 			"dev": true
 		},
 		"node_modules/rimraf": {
@@ -7356,6 +7267,7 @@
 			"version": "7.5.4",
 			"resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz",
 			"integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==",
+			"dev": true,
 			"dependencies": {
 				"lru-cache": "^6.0.0"
 			},
@@ -7370,6 +7282,7 @@
 			"version": "6.0.0",
 			"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
 			"integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+			"dev": true,
 			"dependencies": {
 				"yallist": "^4.0.0"
 			},
@@ -7380,7 +7293,8 @@
 		"node_modules/semver/node_modules/yallist": {
 			"version": "4.0.0",
 			"resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-			"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
+			"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
+			"dev": true
 		},
 		"node_modules/set-function-length": {
 			"version": "1.1.1",
@@ -7605,17 +7519,17 @@
 			}
 		},
 		"node_modules/string-width": {
-			"version": "7.1.0",
-			"resolved": "https://registry.npmjs.org/string-width/-/string-width-7.1.0.tgz",
-			"integrity": "sha512-SEIJCWiX7Kg4c129n48aDRwLbFb2LJmXXFrWBG4NGaRtMQ3myKPKbwrD1BKqQn74oCoNMBVrfDEr5M9YxCsrkw==",
+			"version": "5.1.2",
+			"resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
+			"integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
 			"dev": true,
 			"dependencies": {
-				"emoji-regex": "^10.3.0",
-				"get-east-asian-width": "^1.0.0",
-				"strip-ansi": "^7.1.0"
+				"eastasianwidth": "^0.2.0",
+				"emoji-regex": "^9.2.2",
+				"strip-ansi": "^7.0.1"
 			},
 			"engines": {
-				"node": ">=18"
+				"node": ">=12"
 			},
 			"funding": {
 				"url": "https://github.com/sponsors/sindresorhus"
@@ -8072,9 +7986,9 @@
 			}
 		},
 		"node_modules/ts-jest": {
-			"version": "29.1.2",
-			"resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.2.tgz",
-			"integrity": "sha512-br6GJoH/WUX4pu7FbZXuWGKGNDuU7b8Uj77g/Sp7puZV6EXzuByl6JrECvm0MzVzSTkSHWTihsXt+5XYER5b+g==",
+			"version": "29.1.1",
+			"resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.1.tgz",
+			"integrity": "sha512-D6xjnnbP17cC85nliwGiL+tpoKN0StpgE0TeOjXQTU6MVCfsB4v7aW05CgQ/1OywGb0x/oy9hHFnN+sczTiRaA==",
 			"dev": true,
 			"dependencies": {
 				"bs-logger": "0.x",
@@ -8090,7 +8004,7 @@
 				"ts-jest": "cli.js"
 			},
 			"engines": {
-				"node": "^16.10.0 || ^18.0.0 || >=20.0.0"
+				"node": "^14.15.0 || ^16.10.0 || >=18.0.0"
 			},
 			"peerDependencies": {
 				"@babel/core": ">=7.0.0-beta.0 <8",
@@ -8290,16 +8204,16 @@
 			}
 		},
 		"node_modules/typescript": {
-			"version": "5.4.2",
-			"resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.2.tgz",
-			"integrity": "sha512-+2/g0Fds1ERlP6JsakQQDXjZdZMM+rqpamFZJEKh4kwTIn3iDkgKtby0CeNd5ATNZ4Ry1ax15TMx0W2V+miizQ==",
+			"version": "4.9.5",
+			"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz",
+			"integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==",
 			"dev": true,
 			"bin": {
 				"tsc": "bin/tsc",
 				"tsserver": "bin/tsserver"
 			},
 			"engines": {
-				"node": ">=14.17"
+				"node": ">=4.2.0"
 			}
 		},
 		"node_modules/unbox-primitive": {
@@ -8318,9 +8232,9 @@
 			}
 		},
 		"node_modules/undici": {
-			"version": "5.28.3",
-			"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.3.tgz",
-			"integrity": "sha512-3ItfzbrhDlINjaP0duwnNsKpDQk3acHI3gVJ1z4fmwMK31k5G9OVIAMLSIaP6w4FaGkaAkN6zaQO9LUvZ1t7VA==",
+			"version": "5.26.5",
+			"resolved": "https://registry.npmjs.org/undici/-/undici-5.26.5.tgz",
+			"integrity": "sha512-cSb4bPFd5qgR7qr2jYAi0hlX9n5YKK2ONKkLFkxl+v/9BvC0sOpZjBHDBSXc5lWAf5ty9oZdRXytBIHzgUcerw==",
 			"dependencies": {
 				"@fastify/busboy": "^2.0.0"
 			},
@@ -8328,12 +8242,6 @@
 				"node": ">=14.0"
 			}
 		},
-		"node_modules/undici-types": {
-			"version": "5.26.5",
-			"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz",
-			"integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==",
-			"dev": true
-		},
 		"node_modules/update-browserslist-db": {
 			"version": "1.0.13",
 			"resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz",
@@ -8518,17 +8426,17 @@
 			}
 		},
 		"node_modules/wrap-ansi": {
-			"version": "9.0.0",
-			"resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.0.tgz",
-			"integrity": "sha512-G8ura3S+3Z2G+mkgNRq8dqaFZAuxfsxpBB8OCTGRTCtp+l/v9nbFNmCUP1BZMts3G1142MsZfn6eeUKrr4PD1Q==",
+			"version": "8.1.0",
+			"resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
+			"integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
 			"dev": true,
 			"dependencies": {
-				"ansi-styles": "^6.2.1",
-				"string-width": "^7.0.0",
-				"strip-ansi": "^7.1.0"
+				"ansi-styles": "^6.1.0",
+				"string-width": "^5.0.1",
+				"strip-ansi": "^7.0.1"
 			},
 			"engines": {
-				"node": ">=18"
+				"node": ">=12"
 			},
 			"funding": {
 				"url": "https://github.com/chalk/wrap-ansi?sponsor=1"
@@ -8608,9 +8516,9 @@
 			"dev": true
 		},
 		"node_modules/yaml": {
-			"version": "2.3.4",
-			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.4.tgz",
-			"integrity": "sha512-8aAvwVUSHpfEqTQ4w/KMlf3HcRdt50E5ODIQJBw1fQ5RL34xabzxtUlzTXVqc4rkZsPbvrXKWnABCD7kWSmocA==",
+			"version": "2.3.1",
+			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.1.tgz",
+			"integrity": "sha512-2eHWfjaoXgTBC2jNM1LRef62VQa0umtvRiDSk6HSzW7RvS5YtkabJrwYLLEKWBc8a5U2PTSCs+dJjUTJdlHsWQ==",
 			"dev": true,
 			"engines": {
 				"node": ">= 14"

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "load-secrets-action",
-	"version": "2.0.0",
+	"version": "1.3.2",
 	"description": "Load Secrets from 1Password",
 	"type": "module",
 	"main": "dist/index.js",
@@ -24,7 +24,7 @@
 	},
 	"repository": {
 		"type": "git",
-		"url": "git@github.com:1Password/load-secrets-action.git"
+		"url": "git+https://github.com/1Password/load-secrets-action.git"
 	},
 	"keywords": [
 		"actions",
@@ -39,20 +39,19 @@
 	},
 	"homepage": "https://github.com/1Password/load-secrets-action#readme",
 	"dependencies": {
-		"@1password/op-js": "^0.1.11",
 		"@actions/core": "^1.10.1",
 		"@actions/exec": "^1.1.1"
 	},
 	"devDependencies": {
 		"@1password/front-end-style": "^6.0.1",
-		"@types/jest": "^29.5.12",
-		"@types/node": "^20.11.30",
-		"@vercel/ncc": "^0.38.1",
-		"husky": "^9.0.11",
+		"@types/jest": "^29.5.6",
+		"@types/node": "^18.18.6",
+		"@vercel/ncc": "^0.36.1",
+		"husky": "^8.0.3",
 		"jest": "^29.7.0",
-		"lint-staged": "^15.2.2",
-		"ts-jest": "^29.1.2",
-		"typescript": "^5.4.2"
+		"lint-staged": "^13.3.0",
+		"ts-jest": "^29.1.1",
+		"typescript": "^4.9.5"
 	},
 	"eslintConfig": {
 		"extends": "./node_modules/@1password/front-end-style/eslintrc.yml",

release.config.cjs

@@ -1,15 +0,0 @@
-/** @type {import('semantic-release').GlobalConfig} */
-module.exports = {
-	// TODO: This branch is for PR testing purposes; update branch to "main" if we proceed with this PR.
-	branches: ["ruetz-automate-releases"],
-	// TODO: Remove `dryRun` configuration if we proceed with this PR.
-	dryRun: true,
-	plugins: [
-		"@semantic-release/commit-analyzer",
-		"@semantic-release/release-notes-generator",
-		"@semantic-release/github",
-	],
-	// Use the `https` Git protocol here to prevent semantic-release from erroring
-	// on the SSH protocol used in `repository.url` in the package.json file.
-	repositoryUrl: "https://github.com/1Password/load-secrets-action.git",
-};

src/constants.ts

@@ -1,6 +0,0 @@
-export const envConnectHost = "OP_CONNECT_HOST";
-export const envConnectToken = "OP_CONNECT_TOKEN";
-export const envServiceAccountToken = "OP_SERVICE_ACCOUNT_TOKEN";
-export const envManagedVariables = "OP_MANAGED_VARIABLES";
-
-export const authErr = `Authentication error with environment variables: you must set either 1) ${envServiceAccountToken}, or 2) both ${envConnectHost} and ${envConnectToken}.`;

src/index.ts

@@ -2,28 +2,19 @@ import path from "path";
 import url from "url";
 import * as core from "@actions/core";
 import * as exec from "@actions/exec";
-import { validateCli } from "@1password/op-js";
-import { loadSecrets, unsetPrevious, validateAuth } from "./utils";
 
-const loadSecretsAction = async () => {
+const run = async () => {
 	try {
+		const currentFile = url.fileURLToPath(import.meta.url);
+		const currentDir = path.dirname(currentFile);
+		const parentDir = path.resolve(currentDir, "..");
+
 		// Get action inputs
-		const shouldUnsetPrevious = core.getBooleanInput("unset-previous");
-		const shouldExportEnv = core.getBooleanInput("export-env");
+		process.env.INPUT_UNSET_PREVIOUS = core.getInput("unset-previous");
+		process.env.INPUT_EXPORT_ENV = core.getInput("export-env");
 
-		// Unset all secrets managed by 1Password if `unset-previous` is set.
-		if (shouldUnsetPrevious) {
-			unsetPrevious();
-		}
-
-		// Validate that a proper authentication configuration is set for the CLI
-		validateAuth();
-
-		// Download and install the CLI
-		await installCLI();
-
-		// Load secrets
-		await loadSecrets(shouldExportEnv);
+		// Execute bash script
+		await exec.exec(`sh -c "` + parentDir + `/entrypoint.sh"`);
 	} catch (error) {
 		// It's possible for the Error constructor to be modified to be anything
 		// in JavaScript, so the following code accounts for this possibility.
@@ -38,30 +29,4 @@ const loadSecretsAction = async () => {
 	}
 };
 
-// This function's name is an exception from the naming convention
-// since we refer to the 1Password CLI here.
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const installCLI = async (): Promise<void> => {
-	// validateCli checks if there's an existing 1Password CLI installed on the runner.
-	// If there's no CLI installed, then validateCli will throw an error, which we will use
-	// as an indicator that we need to execute the installation script.
-	await validateCli().catch(async () => {
-		const currentFile = url.fileURLToPath(import.meta.url);
-		const currentDir = path.dirname(currentFile);
-		const parentDir = path.resolve(currentDir, "..");
-
-		// Execute bash script
-		const cmdOut = await exec.getExecOutput(
-			`sh -c "` + parentDir + `/install_cli.sh"`,
-		);
-
-		// Add path to 1Password CLI to $PATH
-		const outArr = cmdOut.stdout.split("\n");
-		if (outArr[0] && process.env.PATH) {
-			const cliPath = outArr[0]?.replace(/^(::debug::OP_INSTALL_DIR: )/, "");
-			core.addPath(cliPath);
-		}
-	});
-};
-
-void loadSecretsAction();
+void run();

src/utils.test.ts

@@ -1,164 +0,0 @@
-import * as core from "@actions/core";
-import * as exec from "@actions/exec";
-import { read, setClientInfo } from "@1password/op-js";
-import {
-	extractSecret,
-	loadSecrets,
-	unsetPrevious,
-	validateAuth,
-} from "./utils";
-import {
-	authErr,
-	envConnectHost,
-	envConnectToken,
-	envManagedVariables,
-	envServiceAccountToken,
-} from "./constants";
-
-jest.mock("@actions/core");
-jest.mock("@actions/exec", () => ({
-	getExecOutput: jest.fn(() => ({
-		stdout: "MOCK_SECRET",
-	})),
-}));
-jest.mock("@1password/op-js");
-
-beforeEach(() => {
-	jest.clearAllMocks();
-});
-
-describe("validateAuth", () => {
-	const testConnectHost = "https://localhost:8000";
-	const testConnectToken = "token";
-	const testServiceAccountToken = "ops_token";
-
-	beforeEach(() => {
-		process.env[envConnectHost] = "";
-		process.env[envConnectToken] = "";
-		process.env[envServiceAccountToken] = "";
-	});
-
-	it("should throw an error when no config is provided", () => {
-		expect(validateAuth).toThrowError(authErr);
-	});
-
-	it("should throw an error when partial Connect config is provided", () => {
-		process.env[envConnectHost] = testConnectHost;
-		expect(validateAuth).toThrowError(authErr);
-	});
-
-	it("should be authenticated as a Connect client", () => {
-		process.env[envConnectHost] = testConnectHost;
-		process.env[envConnectToken] = testConnectToken;
-		expect(validateAuth).not.toThrowError(authErr);
-		expect(core.info).toHaveBeenCalledWith("Authenticated with Connect.");
-	});
-
-	it("should be authenticated as a service account", () => {
-		process.env[envServiceAccountToken] = testServiceAccountToken;
-		expect(validateAuth).not.toThrowError(authErr);
-		expect(core.info).toHaveBeenCalledWith(
-			"Authenticated with Service account.",
-		);
-	});
-
-	it("should prioritize Connect over service account if both are configured", () => {
-		process.env[envServiceAccountToken] = testServiceAccountToken;
-		process.env[envConnectHost] = testConnectHost;
-		process.env[envConnectToken] = testConnectToken;
-		expect(validateAuth).not.toThrowError(authErr);
-		expect(core.warning).toHaveBeenCalled();
-		expect(core.info).toHaveBeenCalledWith("Authenticated with Connect.");
-	});
-});
-
-describe("extractSecret", () => {
-	const envTestSecretEnv = "TEST_SECRET";
-	const testSecretRef = "op://vault/item/secret";
-	const testSecretValue = "Secret1@3$";
-
-	read.parse = jest.fn().mockReturnValue(testSecretValue);
-
-	process.env[envTestSecretEnv] = testSecretRef;
-
-	it("should set secret as step output", () => {
-		extractSecret(envTestSecretEnv, false);
-		expect(core.exportVariable).not.toHaveBeenCalledWith(
-			envTestSecretEnv,
-			testSecretValue,
-		);
-		expect(core.setOutput).toHaveBeenCalledWith(
-			envTestSecretEnv,
-			testSecretValue,
-		);
-		expect(core.setSecret).toHaveBeenCalledWith(testSecretValue);
-	});
-
-	it("should set secret as environment variable", () => {
-		extractSecret(envTestSecretEnv, true);
-		expect(core.exportVariable).toHaveBeenCalledWith(
-			envTestSecretEnv,
-			testSecretValue,
-		);
-		expect(core.setOutput).not.toHaveBeenCalledWith(
-			envTestSecretEnv,
-			testSecretValue,
-		);
-		expect(core.setSecret).toHaveBeenCalledWith(testSecretValue);
-	});
-});
-
-describe("loadSecrets", () => {
-	it("sets the client info and gets the executed output", async () => {
-		await loadSecrets(true);
-
-		expect(setClientInfo).toHaveBeenCalledWith({
-			name: "1Password GitHub Action",
-			id: "GHA",
-		});
-		expect(exec.getExecOutput).toHaveBeenCalledWith('sh -c "op env ls"');
-		expect(core.exportVariable).toHaveBeenCalledWith(
-			"OP_MANAGED_VARIABLES",
-			"MOCK_SECRET",
-		);
-	});
-
-	it("return early if no env vars with secrets found", async () => {
-		(exec.getExecOutput as jest.Mock).mockReturnValueOnce({ stdout: "" });
-		await loadSecrets(true);
-
-		expect(exec.getExecOutput).toHaveBeenCalledWith('sh -c "op env ls"');
-		expect(core.exportVariable).not.toHaveBeenCalled();
-	});
-
-	describe("core.exportVariable", () => {
-		it("is called when shouldExportEnv is true", async () => {
-			await loadSecrets(true);
-
-			expect(core.exportVariable).toHaveBeenCalledTimes(1);
-		});
-
-		it("is not called when shouldExportEnv is false", async () => {
-			await loadSecrets(false);
-
-			expect(core.exportVariable).not.toHaveBeenCalled();
-		});
-	});
-});
-
-describe("unsetPrevious", () => {
-	const testManagedEnv = "TEST_SECRET";
-	const testSecretValue = "MyS3cr#T";
-
-	beforeEach(() => {
-		process.env[testManagedEnv] = testSecretValue;
-		process.env[envManagedVariables] = testManagedEnv;
-	});
-
-	it("should unset the environment variable if user wants it", () => {
-		unsetPrevious();
-		expect(core.info).toHaveBeenCalledWith("Unsetting previous values ...");
-		expect(core.info).toHaveBeenCalledWith("Unsetting TEST_SECRET");
-		expect(core.exportVariable).toHaveBeenCalledWith("TEST_SECRET", "");
-	});
-});

src/utils.ts

@@ -1,91 +0,0 @@
-import * as core from "@actions/core";
-import * as exec from "@actions/exec";
-import { read, setClientInfo, semverToInt } from "@1password/op-js";
-import { version } from "../package.json";
-import {
-	authErr,
-	envConnectHost,
-	envConnectToken,
-	envServiceAccountToken,
-	envManagedVariables,
-} from "./constants";
-
-export const validateAuth = (): void => {
-	const isConnect = process.env[envConnectHost] && process.env[envConnectToken];
-	const isServiceAccount = process.env[envServiceAccountToken];
-
-	if (isConnect && isServiceAccount) {
-		core.warning(
-			"WARNING: Both service account and Connect credentials are provided. Connect credentials will take priority.",
-		);
-	}
-
-	if (!isConnect && !isServiceAccount) {
-		throw new Error(authErr);
-	}
-
-	const authType = isConnect ? "Connect" : "Service account";
-
-	core.info(`Authenticated with ${authType}.`);
-};
-
-export const extractSecret = (
-	envName: string,
-	shouldExportEnv: boolean,
-): void => {
-	core.info(`Populating variable: ${envName}`);
-
-	const ref = process.env[envName];
-	if (!ref) {
-		return;
-	}
-
-	const secretValue = read.parse(ref);
-	if (!secretValue) {
-		return;
-	}
-
-	if (shouldExportEnv) {
-		core.exportVariable(envName, secretValue);
-	} else {
-		core.setOutput(envName, secretValue);
-	}
-	core.setSecret(secretValue);
-};
-
-export const loadSecrets = async (shouldExportEnv: boolean): Promise<void> => {
-	// Pass User-Agent Information to the 1Password CLI
-	setClientInfo({
-		name: "1Password GitHub Action",
-		id: "GHA",
-		build: semverToInt(version),
-	});
-
-	// Load secrets from environment variables using 1Password CLI.
-	// Iterate over them to find 1Password references, extract the secret values,
-	// and make them available in the next steps either as step outputs or as environment variables.
-	const res = await exec.getExecOutput(`sh -c "op env ls"`);
-
-	if (res.stdout === "") {
-		return;
-	}
-
-	const envs = res.stdout.replace(/\n+$/g, "").split(/\r?\n/);
-	for (const envName of envs) {
-		extractSecret(envName, shouldExportEnv);
-	}
-	if (shouldExportEnv) {
-		core.exportVariable(envManagedVariables, envs.join());
-	}
-};
-
-export const unsetPrevious = (): void => {
-	if (process.env[envManagedVariables]) {
-		core.info("Unsetting previous values ...");
-		const managedEnvs = process.env[envManagedVariables].split(",");
-		for (const envName of managedEnvs) {
-			core.info(`Unsetting ${envName}`);
-			core.exportVariable(envName, "");
-		}
-	}
-};

tsconfig.json

@@ -6,6 +6,8 @@
 		"esModuleInterop": true,
 		"exactOptionalPropertyTypes": true,
 		"forceConsistentCasingInFileNames": true,
+		"importsNotUsedAsValues": "error",
+		"isolatedModules": true,
 		"module": "esnext",
 		"moduleResolution": "node",
 		"noEmit": true,
@@ -15,9 +17,9 @@
 		"noUncheckedIndexedAccess": true,
 		"noUnusedLocals": true,
 		"noUnusedParameters": true,
-		"resolveJsonModule": true,
+		"outDir": "./dist/",
+		"rootDir": "./src/",
 		"strict": true,
-		"target": "es2022",
-		"verbatimModuleSyntax": true
+		"target": "es2022"
 	}
 }