Point to the feature branch to run tests

Make latest build
Fix tests
2025-08-14 11:43:38 -05:00 · 2025-08-14 11:40:05 -05:00 · 2025-08-14 11:39:57 -05:00 · 2025-08-14 10:58:58 -05:00
40 changed files with 3361 additions and 2862 deletions
--- a/.github/workflows/acceptance-test.yml
+++ b/.github/workflows/acceptance-test.yml
@@ -15,7 +15,7 @@ on:
      export-env:
        required: true
        type: boolean
-      version:
+      cli-version:
        required: false
        type: string
        default: "latest"
@@ -36,9 +36,9 @@ jobs:
        if: |
          github.event_name != 'repository_dispatch' &&
          (
-            github.ref == 'refs/heads/main' ||
+            github.ref == 'refs/heads/main' || 
            (
-              github.event_name == 'pull_request' &&
+              github.event_name == 'pull_request' && 
              github.event.pull_request.head.repo.full_name == github.repository
            )
          )
@@ -90,20 +90,18 @@ jobs:
        id: load_secrets
        uses: ./ # 1password/load-secrets-action@<version>
        with:
-          version: ${{ inputs.version }}
+          cli-version: ${{ inputs.cli-version }}
          export-env: ${{ inputs.export-env }}
        env:
          SECRET: ${{ inputs.secret }}
          SECRET_IN_SECTION: ${{ inputs.secret-in-section }}
          MULTILINE_SECRET: ${{ inputs.multiline-secret }}
-          OP_ENV_FILE: ./tests/.env.tpl
      - name: Assert test secret values [step output]
        if: ${{ !inputs.export-env }}
        env:
          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
-          OP_ENV_FILE: ./tests/.env.tpl
        run: ./tests/assert-env-set.sh
      - name: Assert test secret values [exported env]
        if: ${{ inputs.export-env }}
--- a/.github/workflows/e2e-tests.yml
+++ b/.github/workflows/e2e-tests.yml
@@ -1,160 +0,0 @@
-name: E2E Tests
-
-on:
-  # For local testing with: act push -W .github/workflows/e2e-tests.yml
-  push:
-    branches-ignore:
-      - "**" # Never runs on GitHub, only locally with act
-
-  # For test.yml to call this workflow
-  workflow_call:
-    secrets:
-      OP_CONNECT_CREDENTIALS:
-        required: true
-      OP_CONNECT_TOKEN:
-        required: true
-      OP_SERVICE_ACCOUNT_TOKEN:
-        required: true
-      VAULT:
-        description: "1Password vault name or UUID"
-        required: true
-
-jobs:
-  test-service-account:
-    name: Service Account (${{ matrix.os }}, ${{ matrix.version }}, export-env=${{ matrix.export-env }})
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: true
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-        version: [latest, 2.30.0]
-        export-env: [true, false]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-
-      - name: Generate .env.tpl
-        shell: bash
-        run: |
-          echo "FILE_SECRET=op://${{ secrets.VAULT }}/test-secret/password" > tests/.env.tpl
-          echo "FILE_SECRET_IN_SECTION=op://${{ secrets.VAULT }}/test-secret/test-section/password" >> tests/.env.tpl
-          echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT }}/multiline-secret/notesPlain" >> tests/.env.tpl
-
-      - name: Configure Service account
-        uses: ./configure
-        with:
-          service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-
-      - name: Load secrets
-        id: load_secrets
-        uses: ./
-        with:
-          version: ${{ matrix.version }}
-          export-env: ${{ matrix.export-env }}
-        env:
-          SECRET: op://${{ secrets.VAULT }}/test-secret/password
-          SECRET_IN_SECTION: op://${{ secrets.VAULT }}/test-secret/test-section/password
-          MULTILINE_SECRET: op://${{ secrets.VAULT }}/multiline-secret/notesPlain
-          OP_ENV_FILE: ./tests/.env.tpl
-
-      - name: Assert test secret values [step output]
-        if: ${{ !matrix.export-env }}
-        shell: bash
-        env:
-          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
-          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
-          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
-          FILE_SECRET: ${{ steps.load_secrets.outputs.FILE_SECRET }}
-          FILE_SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.FILE_SECRET_IN_SECTION }}
-          FILE_MULTILINE_SECRET: ${{ steps.load_secrets.outputs.FILE_MULTILINE_SECRET }}
-        run: ./tests/assert-env-set.sh
-
-      - name: Assert test secret values [exported env]
-        if: ${{ matrix.export-env }}
-        shell: bash
-        run: ./tests/assert-env-set.sh
-
-      - name: Remove secrets [exported env]
-        if: ${{ matrix.export-env }}
-        uses: ./
-        with:
-          unset-previous: true
-
-      - name: Assert removed secrets [exported env]
-        if: ${{ matrix.export-env }}
-        shell: bash
-        run: ./tests/assert-env-unset.sh
-
-  test-connect:
-    name: Connect (ubuntu-latest, ${{ matrix.version }}, export-env=${{ matrix.export-env }})
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: true
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-        version: [latest, 2.30.0]
-        export-env: [true, false]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-
-      - name: Generate .env.tpl
-        run: |
-          mkdir -p tests
-          echo "FILE_SECRET=op://${{ secrets.VAULT }}/test-secret/password" > tests/.env.tpl
-          echo "FILE_SECRET_IN_SECTION=op://${{ secrets.VAULT }}/test-secret/test-section/password" >> tests/.env.tpl
-          echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT }}/multiline-secret/notesPlain" >> tests/.env.tpl
-
-      - name: Launch 1Password Connect instance
-        env:
-          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
-        run: |
-          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
-          docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
-
-      - name: Configure 1Password Connect
-        uses: ./configure
-        with:
-          connect-host: http://localhost:8080
-          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
-
-      - name: Load secrets
-        id: load_secrets
-        uses: ./
-        with:
-          version: ${{ matrix.version }}
-          export-env: ${{ matrix.export-env }}
-        env:
-          SECRET: op://${{ secrets.VAULT }}/test-secret/password
-          SECRET_IN_SECTION: op://${{ secrets.VAULT }}/test-secret/test-section/password
-          MULTILINE_SECRET: op://${{ secrets.VAULT }}/multiline-secret/notesPlain
-          OP_ENV_FILE: ./tests/.env.tpl
-
-      - name: Assert test secret values [step output]
-        if: ${{ !matrix.export-env }}
-        env:
-          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
-          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
-          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
-          FILE_SECRET: ${{ steps.load_secrets.outputs.FILE_SECRET }}
-          FILE_SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.FILE_SECRET_IN_SECTION }}
-          FILE_MULTILINE_SECRET: ${{ steps.load_secrets.outputs.FILE_MULTILINE_SECRET }}
-        run: ./tests/assert-env-set.sh
-
-      - name: Assert test secret values [exported env]
-        if: ${{ matrix.export-env }}
-        run: ./tests/assert-env-set.sh
-
-      - name: Remove secrets [exported env]
-        if: ${{ matrix.export-env }}
-        uses: ./
-        with:
-          unset-previous: true
-
-      - name: Assert removed secrets [exported env]
-        if: ${{ matrix.export-env }}
-        run: ./tests/assert-env-unset.sh
--- a/.github/workflows/lint-and-test.yml
+++ b/.github/workflows/lint-and-test.yml
@@ -1,36 +0,0 @@
-name: Lint and Test
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-
-jobs:
-  lint-and-test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v5
-
-      - name: Run ShellCheck
-        uses: ludeeus/action-shellcheck@2.0.0
-        with:
-          ignore_paths: >-
-            .husky
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          cache: npm
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Check formatting
-        run: npm run format:check
-
-      - name: Check lint
-        run: npm run lint
-
-      - name: Run unit tests
-        run: npm test
--- a/.github/workflows/ok-to-test.yml
+++ b/.github/workflows/ok-to-test.yml
@@ -1,4 +1,4 @@
-# Write comments "/ok-to-test sha=<hash>" on a pull request. This will emit a repository_dispatch event.
+# If someone with write access comments "/ok-to-test" on a pull request, emit a repository_dispatch event
 name: Ok To Test

 on:
@@ -15,7 +15,7 @@ jobs:
    if: ${{ github.event.issue.pull_request }}
    steps:
      - name: Slash Command Dispatch
-        uses: peter-evans/slash-command-dispatch@v5
+        uses: peter-evans/slash-command-dispatch@v3
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          reaction-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/test-e2e.yml
+++ b/.github/workflows/test-e2e.yml
@@ -1,114 +0,0 @@
-name: E2E Tests
-
-on:
-  push:
-    branches: [main]
-    paths-ignore: &ignore_paths
-      - "docs/**"
-      - "config/**"
-      - "*.md"
-      - ".gitignore"
-      - "LICENSE"
-  pull_request:
-    paths-ignore: *ignore_paths
-  repository_dispatch:
-    types: [ok-to-test-command]
-
-concurrency:
-  group: >-
-    ${{ github.event_name == 'pull_request' &&
-          format('e2e-{0}', github.event.pull_request.head.ref) ||
-          format('e2e-{0}', github.ref) }}
-  cancel-in-progress: true
-
-jobs:
-  check-external-pr:
-    runs-on: ubuntu-latest
-    outputs:
-      condition: ${{ steps.check.outputs.condition }}
-    steps:
-      - name: Check if PR is from external contributor
-        id: check
-        run: |
-          echo "Event name: ${{ github.event_name }}"
-          echo "Repository: ${{ github.repository }}"
-
-          if [ "${{ github.event_name }}" == "pull_request" ]; then
-            # For pull_request events, check if PR is from external fork
-            echo "PR head repo: ${{ github.event.pull_request.head.repo.full_name }}"
-            if [ "${{ github.actor }}" == "dependabot[bot]" ]; then
-              echo "condition=skip" >> $GITHUB_OUTPUT
-              echo "Setting condition=skip (Dependabot PR)"
-            elif [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]; then
-              echo "condition=skip" >> $GITHUB_OUTPUT
-              echo "Setting condition=skip (external fork PR creation)"
-            else
-              echo "condition=pr-creation-maintainer" >> $GITHUB_OUTPUT
-              echo "Setting condition=pr-creation-maintainer (internal PR creation)"
-            fi
-          elif [ "${{ github.event_name }}" == "repository_dispatch" ]; then
-            # For repository_dispatch events (ok-to-test), check if sha matches
-            SHA_PARAM="${{ github.event.client_payload.slash_command.args.named.sha }}"
-            PR_HEAD_SHA="${{ github.event.client_payload.pull_request.head.sha }}"
-
-            echo "Checking dispatch event conditions..."
-            echo "SHA from command: $SHA_PARAM"
-            echo "PR head SHA: $PR_HEAD_SHA"
-
-            if [ -n "$SHA_PARAM" ] && [[ "$PR_HEAD_SHA" == *"$SHA_PARAM"* ]]; then
-              echo "condition=dispatch-event" >> $GITHUB_OUTPUT
-              echo "Setting condition=dispatch-event (sha matches)"
-            else
-              echo "condition=skip" >> $GITHUB_OUTPUT
-              echo "Setting condition=skip (sha does not match or empty)"
-            fi
-          elif [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref_name }}" == "main" ]; then
-            echo "condition=push-to-main" >> $GITHUB_OUTPUT
-            echo "Setting condition=push-to-main (push to main)"
-          else
-            # Unknown event type
-            echo "condition=skip" >> $GITHUB_OUTPUT
-            echo "Setting condition=skip (unknown event type: ${{ github.event_name }})"
-          fi
-
-  e2e:
-    needs: check-external-pr
-    if: |
-      (needs.check-external-pr.outputs.condition == 'pr-creation-maintainer')
-      ||
-      (needs.check-external-pr.outputs.condition == 'dispatch-event')
-      ||
-      needs.check-external-pr.outputs.condition == 'push-to-main'
-    uses: ./.github/workflows/e2e-tests.yml
-    secrets:
-      OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
-      OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
-      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-      VAULT: ${{ secrets.VAULT }}
-
-  # Post comment on fork PRs after /ok-to-test
-  comment-pr:
-    needs: [check-external-pr, e2e]
-    runs-on: ubuntu-latest
-    if: always() && needs.check-external-pr.outputs.condition == 'dispatch-event'
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Create URL to the run output
-        id: vars
-        run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_OUTPUT
-
-      - name: Create comment on PR
-        uses: peter-evans/create-or-update-comment@v5
-        with:
-          issue-number: ${{ github.event.client_payload.pull_request.number }}
-          body: |
-            ${{
-                needs.e2e.result == 'success' && '✅ E2E tests passed.' ||
-                needs.e2e.result == 'failure' && '❌ E2E tests failed.' ||
-                '⚠️ E2E tests completed.'
-            }}
-
-            [View test run output][1]
-
-            [1]: ${{ steps.vars.outputs.run-url }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -22,12 +22,12 @@ jobs:
        github.event_name == 'pull_request' && 
        github.event.pull_request.head.repo.full_name == github.repository
      )
-    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main
+    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@vzt/rename-version-input # TODO: temporary point to this branch so tests can run with update input
    secrets: inherit
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
-        version: [latest, latest-beta, 2.30.0, 2.30.0-beta.03]
+        cli-version: [latest, latest-beta, 2.30.0, 2.30.0-beta.03]
        auth: [connect, service-account]
        exclude:
          - os: macos-latest
@@ -36,7 +36,7 @@ jobs:
            auth: connect
    with:
      os: ${{ matrix.os }}
-      version: ${{ matrix.version }}
+      cli-version: ${{ matrix.cli-version }}
      auth: ${{ matrix.auth }}
      secret: op://acceptance-tests/test-secret/password
      secret-in-section: op://acceptance-tests/test-secret/test-section/password
@@ -50,12 +50,12 @@ jobs:
        github.event_name == 'pull_request' && 
        github.event.pull_request.head.repo.full_name == github.repository
      )
-    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main
+    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@vzt/rename-version-input # TODO: temporary point to this branch so tests can run with update input
    secrets: inherit
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
-        version: [latest, latest-beta, 2.30.0, 2.30.0-beta.03]
+        cli-version: [latest, latest-beta, 2.30.0, 2.30.0-beta.03]
        auth: [connect, service-account]
        exclude:
          - os: macos-latest
@@ -64,7 +64,7 @@ jobs:
            auth: connect
    with:
      os: ${{ matrix.os }}
-      version: ${{ matrix.version }}
+      cli-version: ${{ matrix.cli-version }}
      auth: ${{ matrix.auth }}
      secret: op://acceptance-tests/test-secret/password
      secret-in-section: op://acceptance-tests/test-secret/test-section/password
@@ -78,12 +78,12 @@ jobs:
        github.event_name == 'pull_request' && 
        github.event.pull_request.head.repo.full_name == github.repository
      )
-    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@main
+    uses: 1password/load-secrets-action/.github/workflows/acceptance-test.yml@vzt/rename-version-input # TODO: temporary point to this branch so tests can run with update input
    secrets: inherit
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
-        version: [latest, latest-beta, 2.30.0, 2.30.0-beta.03]
+        cli-version: [latest, latest-beta, 2.30.0, 2.30.0-beta.03]
        auth: [connect, service-account]
        exclude:
          - os: macos-latest
@@ -92,7 +92,7 @@ jobs:
            auth: connect
    with:
      os: ${{ matrix.os }}
-      version: ${{ matrix.version }}
+      cli-version: ${{ matrix.cli-version }}
      auth: ${{ matrix.auth }}
      secret: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
      secret-in-section: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,2 @@
 coverage/
 node_modules/
-.idea/
-1password-credentials.json
--- a/README.md
+++ b/README.md
@@ -34,12 +34,11 @@ jobs:
      - uses: actions/checkout@v4

      - name: Load secret
-        id: load_secrets
+        id: load_secret
        uses: 1password/load-secrets-action@v3
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
          SECRET: op://app-cicd/hello-world/secret
-          OP_ENV_FILE: "./path/to/.env.tpl" # see tests/.env.tpl for example

      - name: Print masked secret
        run: 'echo "Secret: ${{ steps.load_secrets.outputs.SECRET }}"'
@@ -64,7 +63,6 @@ jobs:
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
          SECRET: op://app-cicd/hello-world/secret
-          OP_ENV_FILE: "./path/to/.env.tpl" # see tests/.env.tpl for example

      - name: Print masked secret
        run: 'echo "Secret: $SECRET"'
--- a/action.yml
+++ b/action.yml
@@ -11,7 +11,7 @@ inputs:
  export-env:
    description: Export the secrets as environment variables
    default: "false"
-  version:
+  cli-version:
    description: Specify which 1Password CLI version to install. Defaults to "latest".
    default: "latest"
 runs:
--- a/dist/index.js
+++ b/dist/index.js
--- a/docs/fork-pr-testing.md
+++ b/docs/fork-pr-testing.md
@@ -1,32 +0,0 @@
-# Fork PR Testing Guide
-
-This document explains how testing works for external pull requests from forks.
-
-## Overview
-
-The testing system consists of two main workflows:
-
-1. **E2E Tests** (`test-e2e.yml`) - Runs automatically for internal PRs, need manual trigger on external PRs.
-2. **Ok To Test** (`ok-to-test.yml`) - Dispatches `repository_dispatch` event when maintainer puts the `/ok-to-test sha=<commit hash>` comment in the forked PR thread.
-
-## How It Works
-
-### 1. PR is created by maintainer:
-
-For the PR created by maintainer `E2E Test` workflow starts automatically. The PR check will reflect the status of the job.
-
-### 2. PR is created by external contributor:
-
-For the PR created by external contributor `E2E Test` workflow **won't** start automatically.
-Maintainer should make a sanity check of the changes and run it manually by:
-
-1. Putting a comment `/ok-to-test sha=<latest commit hash>` in the PR thread.
-2. `E2E Test` workflow starts.
-3. After `E2E Test` workflow finishes, a comment with a link to the workflow, along with its status will be posted in the PR.
-4. Maintainer can merge PR or request the changes based on the `E2E Test` results.
-
-## Notes
-
- Only users with **write** permissions can trigger the `/ok-to-test` command.
- External PRs are automatically detected and prevented from running e2e tests automatically.
- Running e2e test on the external PR is optional. Maintainer can merge PR without running it. Maintainer decides whether it's needed to run an E2E test.
--- a/docs/local-testing.md
+++ b/docs/local-testing.md
@@ -1,46 +0,0 @@
-# Local Testing Guide
-
-This document explains how to run e2e tests locally using `act`.
-
-## Prerequisites
-
-1. **Docker** installed and running
-2. **act** installed ([install guide](https://github.com/nektos/act#installation))
-   ```bash
-   brew install act  # macOS
-   ```
-3. **1Password credentials** (see [Required Secrets](#required-secrets))
-4. Build action
-
-## Required env variables
-
-| Secret                     | Description           |
-| -------------------------- | --------------------- |
-| `OP_SERVICE_ACCOUNT_TOKEN` | Service Account token |
-| `VAULT`                    | Vault name or UUID    |
-
-## Building Before Testing
-
-If you've modified TypeScript code, rebuild before running E2E tests:
-
-```bash
-npm run build
-```
-
-## Testing
-
-### Run E2E tests using Service Account
-
-```bash
-act push -W .github/workflows/e2e-tests.yml \
-  -s OP_SERVICE_ACCOUNT_TOKEN="$OP_SERVICE_ACCOUNT_TOKEN" \
-  -s VAULT="$VAULT" \
-  -j test-service-account \
-  --matrix os:ubuntu-latest
-```
-
-## Run unit tests
-
-```bash
-npm test
-```
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,19 +1,18 @@
 {
 	"name": "load-secrets-action",
-	"version": "3.0.0",
+	"version": "2.0.0",
 	"lockfileVersion": 3,
 	"requires": true,
 	"packages": {
 		"": {
 			"name": "load-secrets-action",
-			"version": "3.0.0",
+			"version": "2.0.0",
 			"license": "MIT",
 			"dependencies": {
 				"@1password/op-js": "^0.1.11",
 				"@actions/core": "^1.10.1",
 				"@actions/exec": "^1.1.1",
-				"@actions/tool-cache": "^2.0.2",
-				"dotenv": "^17.2.2"
+				"op-cli-installer": "github:1Password/op-cli-installer#e6c1c758bc3339e5fe9b06255728039f688f73fa"
 			},
 			"devDependencies": {
 				"@1password/eslint-config": "^4.3.1",
@@ -172,7 +171,6 @@
 			"integrity": "sha512-i1SLeK+DzNnQ3LL/CswPCa/E5u4lh1k6IAEphON8F+cXt0t9euTshDru0q7/IqMa1PMPz5RnHuHscF8/ZJsStg==",
 			"dev": true,
 			"license": "MIT",
-			"peer": true,
 			"dependencies": {
 				"@ampproject/remapping": "^2.2.0",
 				"@babel/code-frame": "^7.26.0",
@@ -708,6 +706,7 @@
 			"integrity": "sha512-269Z39MS6wVJtsoUl10L60WdkhJVdPG24Q4eZTH3nnF6lpvSShEK3wQjDX9JRWAUPvPh7COouPpU9IrqaZFvtQ==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"ajv": "^6.12.4",
 				"debug": "^4.3.2",
@@ -731,14 +730,16 @@
 			"resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
 			"integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
 			"dev": true,
-			"license": "Python-2.0"
+			"license": "Python-2.0",
+			"peer": true
 		},
 		"node_modules/@eslint/eslintrc/node_modules/js-yaml": {
-			"version": "4.1.1",
-			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
-			"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+			"version": "4.1.0",
+			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
+			"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"argparse": "^2.0.1"
 			},
@@ -752,6 +753,7 @@
 			"integrity": "sha512-d9zaMRSTIKDLhctzH12MtXvJKSSUhaHcjV+2Z+GK+EEY7XKpP5yR4x+N3TAcHTcu963nIr+TMcCb4DBCYX1z6Q==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"engines": {
 				"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
 			}
@@ -772,6 +774,7 @@
 			"deprecated": "Use @eslint/config-array instead",
 			"dev": true,
 			"license": "Apache-2.0",
+			"peer": true,
 			"dependencies": {
 				"@humanwhocodes/object-schema": "^2.0.3",
 				"debug": "^4.3.1",
@@ -787,6 +790,7 @@
 			"integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==",
 			"dev": true,
 			"license": "Apache-2.0",
+			"peer": true,
 			"engines": {
 				"node": ">=12.22"
 			},
@@ -801,7 +805,8 @@
 			"integrity": "sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==",
 			"deprecated": "Use @eslint/object-schema instead",
 			"dev": true,
-			"license": "BSD-3-Clause"
+			"license": "BSD-3-Clause",
+			"peer": true
 		},
 		"node_modules/@istanbuljs/load-nyc-config": {
 			"version": "1.1.0",
@@ -1456,7 +1461,6 @@
 			"integrity": "sha512-tbsV1jPne5CkFQCgPBcDOt30ItF7aJoZL997JSF7MhGQqOeT3svWRYxiqlfA5RUdlHN6Fi+EI9bxqbdyAUZjYQ==",
 			"dev": true,
 			"license": "BSD-2-Clause",
-			"peer": true,
 			"dependencies": {
 				"@typescript-eslint/scope-manager": "6.21.0",
 				"@typescript-eslint/types": "6.21.0",
@@ -1644,7 +1648,8 @@
 			"resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.1.tgz",
 			"integrity": "sha512-fEzPV3hSkSMltkw152tJKNARhOupqbH96MZWyRjNaYZOMIzbrTeQDG+MTc6Mr2pgzFQzFxAfmhGDNP5QK++2ZA==",
 			"dev": true,
-			"license": "ISC"
+			"license": "ISC",
+			"peer": true
 		},
 		"node_modules/@vercel/ncc": {
 			"version": "0.38.3",
@@ -1676,6 +1681,7 @@
 			"integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"peerDependencies": {
 				"acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
 			}
@@ -1686,6 +1692,7 @@
 			"integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"fast-deep-equal": "^3.1.1",
 				"fast-json-stable-stringify": "^2.0.0",
@@ -2169,7 +2176,6 @@
 				}
 			],
 			"license": "MIT",
-			"peer": true,
 			"dependencies": {
 				"caniuse-lite": "^1.0.30001688",
 				"electron-to-chromium": "^1.5.73",
@@ -2664,7 +2670,8 @@
 			"resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz",
 			"integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==",
 			"dev": true,
-			"license": "MIT"
+			"license": "MIT",
+			"peer": true
 		},
 		"node_modules/deepmerge": {
 			"version": "4.3.1",
@@ -2751,6 +2758,7 @@
 			"integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==",
 			"dev": true,
 			"license": "Apache-2.0",
+			"peer": true,
 			"dependencies": {
 				"esutils": "^2.0.2"
 			},
@@ -2758,18 +2766,6 @@
 				"node": ">=6.0.0"
 			}
 		},
-		"node_modules/dotenv": {
-			"version": "17.2.2",
-			"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.2.2.tgz",
-			"integrity": "sha512-Sf2LSQP+bOlhKWWyhFsn0UsfdK/kCWRv1iuA2gXAwt3dyNabr6QSj00I2V10pidqz69soatm9ZwZvpQMTIOd5Q==",
-			"license": "BSD-2-Clause",
-			"engines": {
-				"node": ">=12"
-			},
-			"funding": {
-				"url": "https://dotenvx.com"
-			}
-		},
 		"node_modules/dunder-proto": {
 			"version": "1.0.1",
 			"resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
@@ -3409,6 +3405,7 @@
 			"integrity": "sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg==",
 			"dev": true,
 			"license": "BSD-2-Clause",
+			"peer": true,
 			"dependencies": {
 				"esrecurse": "^4.3.0",
 				"estraverse": "^5.2.0"
@@ -3438,7 +3435,8 @@
 			"resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
 			"integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
 			"dev": true,
-			"license": "Python-2.0"
+			"license": "Python-2.0",
+			"peer": true
 		},
 		"node_modules/eslint/node_modules/find-up": {
 			"version": "5.0.0",
@@ -3446,6 +3444,7 @@
 			"integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"locate-path": "^6.0.0",
 				"path-exists": "^4.0.0"
@@ -3458,11 +3457,12 @@
 			}
 		},
 		"node_modules/eslint/node_modules/js-yaml": {
-			"version": "4.1.1",
-			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
-			"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+			"version": "4.1.0",
+			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
+			"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"argparse": "^2.0.1"
 			},
@@ -3476,6 +3476,7 @@
 			"integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"p-locate": "^5.0.0"
 			},
@@ -3492,6 +3493,7 @@
 			"integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"p-limit": "^3.0.2"
 			},
@@ -3508,6 +3510,7 @@
 			"integrity": "sha512-oruZaFkjorTpF32kDSI5/75ViwGeZginGGy2NoOSg3Q9bnwlnmDm4HLnkl0RE3n+njDXR037aY1+x58Z/zFdwQ==",
 			"dev": true,
 			"license": "BSD-2-Clause",
+			"peer": true,
 			"dependencies": {
 				"acorn": "^8.9.0",
 				"acorn-jsx": "^5.3.2",
@@ -3553,6 +3556,7 @@
 			"integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==",
 			"dev": true,
 			"license": "BSD-2-Clause",
+			"peer": true,
 			"dependencies": {
 				"estraverse": "^5.2.0"
 			},
@@ -3642,7 +3646,8 @@
 			"resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
 			"integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==",
 			"dev": true,
-			"license": "MIT"
+			"license": "MIT",
+			"peer": true
 		},
 		"node_modules/fast-glob": {
 			"version": "3.3.2",
@@ -3686,7 +3691,8 @@
 			"resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
 			"integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==",
 			"dev": true,
-			"license": "MIT"
+			"license": "MIT",
+			"peer": true
 		},
 		"node_modules/fastq": {
 			"version": "1.17.1",
@@ -3714,6 +3720,7 @@
 			"integrity": "sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"flat-cache": "^3.0.4"
 			},
@@ -3787,6 +3794,7 @@
 			"integrity": "sha512-CYcENa+FtcUKLmhhqyctpclsq7QF38pKjZHsGNiSQF5r4FtoKDWabFDl3hzaEQMvT1LHEysw5twgLvpYYb4vbw==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"flatted": "^3.2.9",
 				"keyv": "^4.5.3",
@@ -3801,7 +3809,8 @@
 			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.2.tgz",
 			"integrity": "sha512-AiwGJM8YcNOaobumgtng+6NHuOqC3A7MixFeDafM3X9cIUM+xUXoS5Vfgf+OihAYe20fxqNM9yPBXJzRtZ/4eA==",
 			"dev": true,
-			"license": "ISC"
+			"license": "ISC",
+			"peer": true
 		},
 		"node_modules/for-each": {
 			"version": "0.3.3",
@@ -4002,6 +4011,7 @@
 			"integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==",
 			"dev": true,
 			"license": "ISC",
+			"peer": true,
 			"dependencies": {
 				"is-glob": "^4.0.3"
 			},
@@ -4015,6 +4025,7 @@
 			"integrity": "sha512-AhO5QUcj8llrbG09iWhPU2B204J1xnPeL8kQmVorSsy+Sjj1sk8gIyh6cUocGmH4L0UuhAJy+hJMRA4mgA4mFQ==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"type-fest": "^0.20.2"
 			},
@@ -4240,6 +4251,7 @@
 			"integrity": "sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"parent-module": "^1.0.0",
 				"resolve-from": "^4.0.0"
@@ -4606,6 +4618,7 @@
 			"integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"engines": {
 				"node": ">=8"
 			}
@@ -4896,7 +4909,6 @@
 			"integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==",
 			"dev": true,
 			"license": "MIT",
-			"peer": true,
 			"dependencies": {
 				"@jest/core": "^29.7.0",
 				"@jest/types": "^29.6.3",
@@ -5514,9 +5526,9 @@
 			"license": "MIT"
 		},
 		"node_modules/js-yaml": {
-			"version": "3.14.2",
-			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
-			"integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
+			"version": "3.14.1",
+			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
+			"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
 			"dev": true,
 			"license": "MIT",
 			"dependencies": {
@@ -5555,7 +5567,8 @@
 			"resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz",
 			"integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==",
 			"dev": true,
-			"license": "MIT"
+			"license": "MIT",
+			"peer": true
 		},
 		"node_modules/json-parse-even-better-errors": {
 			"version": "2.3.1",
@@ -5569,14 +5582,16 @@
 			"resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
 			"integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
 			"dev": true,
-			"license": "MIT"
+			"license": "MIT",
+			"peer": true
 		},
 		"node_modules/json-stable-stringify-without-jsonify": {
 			"version": "1.0.1",
 			"resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz",
 			"integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==",
 			"dev": true,
-			"license": "MIT"
+			"license": "MIT",
+			"peer": true
 		},
 		"node_modules/json5": {
 			"version": "2.2.3",
@@ -5613,6 +5628,7 @@
 			"integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"json-buffer": "3.0.1"
 			}
@@ -5663,6 +5679,7 @@
 			"integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"prelude-ls": "^1.2.1",
 				"type-check": "~0.4.0"
@@ -5919,7 +5936,8 @@
 			"resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz",
 			"integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==",
 			"dev": true,
-			"license": "MIT"
+			"license": "MIT",
+			"peer": true
 		},
 		"node_modules/log-update": {
 			"version": "6.1.0",
@@ -6368,12 +6386,35 @@
 				"url": "https://github.com/sponsors/sindresorhus"
 			}
 		},
+		"node_modules/op-cli-installer": {
+			"version": "1.0.0",
+			"resolved": "git+ssh://git@github.com/1Password/op-cli-installer.git#e6c1c758bc3339e5fe9b06255728039f688f73fa",
+			"integrity": "sha512-ueyYQAgtbIHP2QWx9iCiztoPov01GdxPZNZ4+Qg3IaAyC4khMIk4/vYPagRhRKta+HI6fWV6jO3/ajBj27KBZA==",
+			"license": "MIT",
+			"dependencies": {
+				"@actions/core": "^1.11.1",
+				"@actions/tool-cache": "^2.0.2",
+				"semver": "^7.7.2"
+			}
+		},
+		"node_modules/op-cli-installer/node_modules/semver": {
+			"version": "7.7.2",
+			"resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
+			"integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==",
+			"bin": {
+				"semver": "bin/semver.js"
+			},
+			"engines": {
+				"node": ">=10"
+			}
+		},
 		"node_modules/optionator": {
 			"version": "0.9.4",
 			"resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz",
 			"integrity": "sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"deep-is": "^0.1.3",
 				"fast-levenshtein": "^2.0.6",
@@ -6447,6 +6488,7 @@
 			"integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"callsites": "^3.0.0"
 			},
@@ -6592,6 +6634,7 @@
 			"integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"engines": {
 				"node": ">= 0.8.0"
 			}
@@ -6680,6 +6723,7 @@
 			"integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"engines": {
 				"node": ">=6"
 			}
@@ -6828,6 +6872,7 @@
 			"integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"engines": {
 				"node": ">=4"
 			}
@@ -6913,6 +6958,7 @@
 			"deprecated": "Rimraf versions prior to v4 are no longer supported",
 			"dev": true,
 			"license": "ISC",
+			"peer": true,
 			"dependencies": {
 				"glob": "^7.1.3"
 			},
@@ -7535,7 +7581,8 @@
 			"resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
 			"integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==",
 			"dev": true,
-			"license": "MIT"
+			"license": "MIT",
+			"peer": true
 		},
 		"node_modules/tmpl": {
 			"version": "1.0.5",
@@ -7710,6 +7757,7 @@
 			"integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"dependencies": {
 				"prelude-ls": "^1.2.1"
 			},
@@ -7733,6 +7781,7 @@
 			"integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==",
 			"dev": true,
 			"license": "(MIT OR CC0-1.0)",
+			"peer": true,
 			"engines": {
 				"node": ">=10"
 			},
@@ -7824,7 +7873,6 @@
 			"integrity": "sha512-i5t66RHxDvVN40HfDd1PsEThGNnlMCMT3jMUuoh9/0TaqWevNontacunWyN02LA9/fIbEWlcHZcgTKb9QoaLfg==",
 			"dev": true,
 			"license": "Apache-2.0",
-			"peer": true,
 			"bin": {
 				"tsc": "bin/tsc",
 				"tsserver": "bin/tsserver"
@@ -7908,6 +7956,7 @@
 			"integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
 			"dev": true,
 			"license": "BSD-2-Clause",
+			"peer": true,
 			"dependencies": {
 				"punycode": "^2.1.0"
 			}
@@ -8046,6 +8095,7 @@
 			"integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==",
 			"dev": true,
 			"license": "MIT",
+			"peer": true,
 			"engines": {
 				"node": ">=0.10.0"
 			}
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "load-secrets-action",
-	"version": "3.0.0",
+	"version": "2.0.0",
 	"description": "Load Secrets from 1Password",
 	"main": "dist/index.js",
 	"directories": {
@@ -43,8 +43,7 @@
 		"@1password/op-js": "^0.1.11",
 		"@actions/core": "^1.10.1",
 		"@actions/exec": "^1.1.1",
-		"@actions/tool-cache": "^2.0.2",
-		"dotenv": "^17.2.2"
+		"op-cli-installer": "github:1Password/op-cli-installer#e6c1c758bc3339e5fe9b06255728039f688f73fa"
 	},
 	"devDependencies": {
 		"@1password/eslint-config": "^4.3.1",
--- a/src/constants.ts
+++ b/src/constants.ts
@@ -2,6 +2,5 @@ export const envConnectHost = "OP_CONNECT_HOST";
 export const envConnectToken = "OP_CONNECT_TOKEN";
 export const envServiceAccountToken = "OP_SERVICE_ACCOUNT_TOKEN";
 export const envManagedVariables = "OP_MANAGED_VARIABLES";
-export const envFilePath = "OP_ENV_FILE";

 export const authErr = `Authentication error with environment variables: you must set either 1) ${envServiceAccountToken}, or 2) both ${envConnectHost} and ${envConnectToken}.`;
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,9 +1,7 @@
-import dotenv from "dotenv";
 import * as core from "@actions/core";
 import { validateCli } from "@1password/op-js";
-import { installCliOnGithubActionRunner } from "./op-cli-installer";
+import { installCliOnGithubActionRunner } from "op-cli-installer";
 import { loadSecrets, unsetPrevious, validateAuth } from "./utils";
-import { envFilePath } from "./constants";

 const loadSecretsAction = async () => {
 	try {
@@ -19,13 +17,6 @@ const loadSecretsAction = async () => {
 		// Validate that a proper authentication configuration is set for the CLI
 		validateAuth();

-		// Set environment variables from OP_ENV_FILE
-		const file = process.env[envFilePath];
-		if (file) {
-			core.info(`Loading environment variables from file: ${file}`);
-			dotenv.config({ path: file });
-		}
-
 		// Download and install the CLI
 		await installCLI();

@@ -53,7 +44,9 @@ const installCLI = async (): Promise<void> => {
 	// If there's no CLI installed, then validateCli will throw an error, which we will use
 	// as an indicator that we need to execute the installation script.
 	await validateCli().catch(async () => {
-		await installCliOnGithubActionRunner();
+		// defaults to `latest` if not provided
+		const cliVersion = core.getInput("cli-version");
+		await installCliOnGithubActionRunner(cliVersion);
 	});
 };

--- a/src/op-cli-installer/github-action/cli-installer/cli-installer.ts
+++ b/src/op-cli-installer/github-action/cli-installer/cli-installer.ts
@@ -1,58 +0,0 @@
-import os from "os";
-
-import * as core from "@actions/core";
-import * as tc from "@actions/tool-cache";
-
-export type SupportedPlatform = Extract<
-	NodeJS.Platform,
-	"linux" | "darwin" | "win32"
->;
-
-// maps OS architecture names to 1Password CLI installer architecture names
-export const archMap: Record<string, string> = {
-	ia32: "386",
-	x64: "amd64",
-	arm: "arm",
-	arm64: "arm64",
-};
-
-// Builds the download URL for the 1Password CLI based on the platform and version.
-export const cliUrlBuilder: Record<
-	SupportedPlatform,
-	(version: string, arch?: string) => string
-> = {
-	linux: (version, arch) =>
-		`https://cache.agilebits.com/dist/1P/op2/pkg/${version}/op_linux_${arch}_${version}.zip`,
-	darwin: (version) =>
-		`https://cache.agilebits.com/dist/1P/op2/pkg/${version}/op_apple_universal_${version}.pkg`,
-	win32: (version, arch) =>
-		`https://cache.agilebits.com/dist/1P/op2/pkg/${version}/op_windows_${arch}_${version}.zip`,
-};
-
-export class CliInstaller {
-	public readonly version: string;
-	public readonly arch: string;
-
-	public constructor(version: string) {
-		this.version = version;
-		this.arch = this.getArch();
-	}
-
-	public async install(url: string): Promise<void> {
-		console.info(`Downloading 1Password CLI from: ${url}`);
-		const downloadPath = await tc.downloadTool(url);
-		console.info("Installing 1Password CLI");
-		const extractedPath = await tc.extractZip(downloadPath);
-		core.addPath(extractedPath);
-		core.info("1Password CLI installed");
-	}
-
-	private getArch(): string {
-		const arch = archMap[os.arch()];
-		if (!arch) {
-			throw new Error("Unsupported architecture");
-		}
-
-		return arch;
-	}
-}
--- a/src/op-cli-installer/github-action/cli-installer/index.ts
+++ b/src/op-cli-installer/github-action/cli-installer/index.ts
@@ -1 +0,0 @@
-export { type Installer, newCliInstaller } from "./installer";
--- a/src/op-cli-installer/github-action/cli-installer/installer.test.ts
+++ b/src/op-cli-installer/github-action/cli-installer/installer.test.ts
@@ -1,43 +0,0 @@
-import os from "os";
-
-import { newCliInstaller } from "./installer";
-import { LinuxInstaller } from "./linux";
-import { MacOsInstaller } from "./macos";
-import { WindowsInstaller } from "./windows";
-
-afterEach(() => {
-	jest.restoreAllMocks();
-});
-
-describe("newCliInstaller", () => {
-	const version = "1.0.0";
-
-	afterEach(() => {
-		jest.resetAllMocks();
-	});
-
-	it("should return LinuxInstaller for linux platform", () => {
-		jest.spyOn(os, "platform").mockReturnValue("linux");
-		const installer = newCliInstaller(version);
-		expect(installer).toBeInstanceOf(LinuxInstaller);
-	});
-
-	it("should return MacOsInstaller for darwin platform", () => {
-		jest.spyOn(os, "platform").mockReturnValue("darwin");
-		const installer = newCliInstaller(version);
-		expect(installer).toBeInstanceOf(MacOsInstaller);
-	});
-
-	it("should return WindowsInstaller for win32 platform", () => {
-		jest.spyOn(os, "platform").mockReturnValue("win32");
-		const installer = newCliInstaller(version);
-		expect(installer).toBeInstanceOf(WindowsInstaller);
-	});
-
-	it("should throw error for unsupported platform", () => {
-		jest.spyOn(os, "platform").mockReturnValue("sunos");
-		expect(() => newCliInstaller(version)).toThrow(
-			"Unsupported platform: sunos",
-		);
-	});
-});
--- a/src/op-cli-installer/github-action/cli-installer/installer.ts
+++ b/src/op-cli-installer/github-action/cli-installer/installer.ts
@@ -1,23 +0,0 @@
-import os from "os";
-
-import { LinuxInstaller } from "./linux";
-import { MacOsInstaller } from "./macos";
-import { WindowsInstaller } from "./windows";
-
-export interface Installer {
-	installCli(): Promise<void>;
-}
-
-export const newCliInstaller = (version: string): Installer => {
-	const platform = os.platform();
-	switch (platform) {
-		case "linux":
-			return new LinuxInstaller(version);
-		case "darwin":
-			return new MacOsInstaller(version);
-		case "win32":
-			return new WindowsInstaller(version);
-		default:
-			throw new Error(`Unsupported platform: ${platform}`);
-	}
-};
--- a/src/op-cli-installer/github-action/cli-installer/linux.test.ts
+++ b/src/op-cli-installer/github-action/cli-installer/linux.test.ts
@@ -1,38 +0,0 @@
-import os from "os";
-
-import {
-	archMap,
-	CliInstaller,
-	cliUrlBuilder,
-	type SupportedPlatform,
-} from "./cli-installer";
-import { LinuxInstaller } from "./linux";
-
-afterEach(() => {
-	jest.restoreAllMocks();
-});
-
-describe("LinuxInstaller", () => {
-	const version = "1.2.3";
-	const arch: NodeJS.Architecture = "arm64";
-
-	it("should construct with given version and architecture", () => {
-		jest.spyOn(os, "arch").mockReturnValue(arch);
-		const installer = new LinuxInstaller(version);
-		expect(installer.version).toEqual(version);
-		expect(installer.arch).toEqual(archMap[arch]);
-	});
-
-	it("should call install with correct URL", async () => {
-		const installer = new LinuxInstaller(version);
-		const installMock = jest
-			.spyOn(CliInstaller.prototype, "install")
-			.mockResolvedValue();
-
-		await installer.installCli();
-
-		const builder = cliUrlBuilder["linux" as SupportedPlatform];
-		const url = builder(version, installer.arch);
-		expect(installMock).toHaveBeenCalledWith(url);
-	});
-});
--- a/src/op-cli-installer/github-action/cli-installer/linux.ts
+++ b/src/op-cli-installer/github-action/cli-installer/linux.ts
@@ -1,19 +0,0 @@
-import {
-	CliInstaller,
-	cliUrlBuilder,
-	type SupportedPlatform,
-} from "./cli-installer";
-import type { Installer } from "./installer";
-
-export class LinuxInstaller extends CliInstaller implements Installer {
-	private readonly platform: SupportedPlatform = "linux"; // Node.js platform identifier for Linux
-
-	public constructor(version: string) {
-		super(version);
-	}
-
-	public async installCli(): Promise<void> {
-		const urlBuilder = cliUrlBuilder[this.platform];
-		await super.install(urlBuilder(this.version, this.arch));
-	}
-}
--- a/src/op-cli-installer/github-action/cli-installer/macos.test.ts
+++ b/src/op-cli-installer/github-action/cli-installer/macos.test.ts
@@ -1,35 +0,0 @@
-import os from "os";
-
-import {
-	archMap,
-	cliUrlBuilder,
-	type SupportedPlatform,
-} from "./cli-installer";
-import { MacOsInstaller } from "./macos";
-
-afterEach(() => {
-	jest.restoreAllMocks();
-});
-
-describe("MacOsInstaller", () => {
-	const version = "1.2.3";
-	const arch: NodeJS.Architecture = "x64";
-
-	it("should construct with given version and architecture", () => {
-		jest.spyOn(os, "arch").mockReturnValue(arch);
-		const installer = new MacOsInstaller(version);
-		expect(installer.version).toEqual(version);
-		expect(installer.arch).toEqual(archMap[arch]);
-	});
-
-	it("should call install with correct URL", async () => {
-		const installer = new MacOsInstaller(version);
-		const installMock = jest.spyOn(installer, "install").mockResolvedValue();
-
-		await installer.installCli();
-
-		const builder = cliUrlBuilder["darwin" as SupportedPlatform];
-		const url = builder(version, installer.arch);
-		expect(installMock).toHaveBeenCalledWith(url);
-	});
-});
--- a/src/op-cli-installer/github-action/cli-installer/macos.ts
+++ b/src/op-cli-installer/github-action/cli-installer/macos.ts
@@ -1,49 +0,0 @@
-import { execFile } from "child_process";
-import * as fs from "fs";
-import * as path from "path";
-import { promisify } from "util";
-
-import * as core from "@actions/core";
-import * as tc from "@actions/tool-cache";
-
-import {
-	CliInstaller,
-	cliUrlBuilder,
-	type SupportedPlatform,
-} from "./cli-installer";
-import { type Installer } from "./installer";
-
-const execFileAsync = promisify(execFile);
-
-export class MacOsInstaller extends CliInstaller implements Installer {
-	private readonly platform: SupportedPlatform = "darwin"; // Node.js platform identifier for macOS
-
-	public constructor(version: string) {
-		super(version);
-	}
-
-	public async installCli(): Promise<void> {
-		const urlBuilder = cliUrlBuilder[this.platform];
-		await this.install(urlBuilder(this.version));
-	}
-
-	// @actions/tool-cache package does not support .pkg files, so we need to handle the installation manually
-	public override async install(downloadUrl: string): Promise<void> {
-		console.info(`Downloading 1Password CLI from: ${downloadUrl}`);
-		const pkgPath = await tc.downloadTool(downloadUrl);
-		const pkgWithExtension = `${pkgPath}.pkg`;
-		fs.renameSync(pkgPath, pkgWithExtension);
-
-		const expandDir = "temp-pkg";
-		await execFileAsync("pkgutil", ["--expand", pkgWithExtension, expandDir]);
-		const payloadPath = path.join(expandDir, "op.pkg", "Payload");
-		console.info("Installing 1Password CLI");
-		const cliPath = await tc.extractTar(payloadPath);
-		core.addPath(cliPath);
-
-		fs.rmSync(expandDir, { recursive: true, force: true });
-		fs.rmSync(pkgPath, { force: true });
-
-		core.info("1Password CLI installed");
-	}
-}
--- a/src/op-cli-installer/github-action/cli-installer/windows.test.ts
+++ b/src/op-cli-installer/github-action/cli-installer/windows.test.ts
@@ -1,38 +0,0 @@
-import os from "os";
-
-import {
-	archMap,
-	CliInstaller,
-	cliUrlBuilder,
-	type SupportedPlatform,
-} from "./cli-installer";
-import { WindowsInstaller } from "./windows";
-
-afterEach(() => {
-	jest.restoreAllMocks();
-});
-
-describe("WindowsInstaller", () => {
-	const version = "1.2.3";
-	const arch: NodeJS.Architecture = "x64";
-
-	it("should construct with given version and architecture", () => {
-		jest.spyOn(os, "arch").mockReturnValue(arch);
-		const installer = new WindowsInstaller(version);
-		expect(installer.version).toEqual(version);
-		expect(installer.arch).toEqual(archMap[arch]);
-	});
-
-	it("should call install with correct URL", async () => {
-		const installer = new WindowsInstaller(version);
-		const installMock = jest
-			.spyOn(CliInstaller.prototype, "install")
-			.mockResolvedValue();
-
-		await installer.installCli();
-
-		const builder = cliUrlBuilder["win32" as SupportedPlatform];
-		const url = builder(version, installer.arch);
-		expect(installMock).toHaveBeenCalledWith(url);
-	});
-});
--- a/src/op-cli-installer/github-action/cli-installer/windows.ts
+++ b/src/op-cli-installer/github-action/cli-installer/windows.ts
@@ -1,19 +0,0 @@
-import {
-	CliInstaller,
-	cliUrlBuilder,
-	type SupportedPlatform,
-} from "./cli-installer";
-import type { Installer } from "./installer";
-
-export class WindowsInstaller extends CliInstaller implements Installer {
-	private readonly platform: SupportedPlatform = "win32"; // Node.js platform identifier for Windows
-
-	public constructor(version: string) {
-		super(version);
-	}
-
-	public async installCli(): Promise<void> {
-		const urlBuilder = cliUrlBuilder[this.platform];
-		await super.install(urlBuilder(this.version, this.arch));
-	}
-}
--- a/src/op-cli-installer/github-action/index.ts
+++ b/src/op-cli-installer/github-action/index.ts
@@ -1,18 +0,0 @@
-import * as core from "@actions/core";
-
-import { ReleaseChannel, VersionResolver } from "../version";
-
-import { newCliInstaller } from "./cli-installer";
-
-// Installs the 1Password CLI on a GitHub Action runner.
-export const installCliOnGithubActionRunner = async (
-	version?: string,
-): Promise<void> => {
-	// Get the version from parameter, if not passed - from the job input. Defaults to latest if no version is provided
-	const providedVersion =
-		version || core.getInput("version") || ReleaseChannel.latest;
-	const versionResolver = new VersionResolver(providedVersion);
-	await versionResolver.resolve();
-	const installer = newCliInstaller(versionResolver.get());
-	await installer.installCli();
-};
--- a/src/op-cli-installer/index.test.ts
+++ b/src/op-cli-installer/index.test.ts
@@ -1,81 +0,0 @@
-import * as core from "@actions/core";
-
-import { newCliInstaller } from "./github-action/cli-installer";
-import {
-	installCliOnGithubActionRunner,
-	ReleaseChannel,
-	VersionResolver,
-} from "./index";
-
-jest.mock("./github-action/cli-installer", () => ({
-	newCliInstaller: jest.fn().mockImplementation((_resolved: string) => ({
-		installCli: jest.fn(),
-	})),
-}));
-
-beforeEach(() => {
-	jest.restoreAllMocks();
-});
-
-describe("installCliOnGithubActionRunner", () => {
-	it("should defaults to `latest` when nothing is passed", async () => {
-		jest.spyOn(core, "getInput").mockReturnValue("");
-		jest.spyOn(VersionResolver.prototype, "resolve").mockResolvedValue();
-		jest
-			.spyOn(VersionResolver.prototype, "get")
-			.mockReturnValue(ReleaseChannel.latest);
-
-		await installCliOnGithubActionRunner();
-
-		expect(newCliInstaller).toHaveBeenCalledWith(ReleaseChannel.latest);
-	});
-
-	it("should defaults to `latest` when undefined is passed", async () => {
-		jest.spyOn(core, "getInput").mockReturnValue("");
-		jest.spyOn(VersionResolver.prototype, "resolve").mockResolvedValue();
-		jest
-			.spyOn(VersionResolver.prototype, "get")
-			.mockReturnValue(ReleaseChannel.latest);
-
-		await installCliOnGithubActionRunner(undefined);
-
-		expect(newCliInstaller).toHaveBeenCalledWith(ReleaseChannel.latest);
-	});
-
-	it("should set provided explicit version", async () => {
-		const providedVersion = "1.2.3";
-		jest.spyOn(core, "getInput").mockReturnValue("");
-		jest.spyOn(VersionResolver.prototype, "resolve").mockResolvedValue();
-		jest
-			.spyOn(VersionResolver.prototype, "get")
-			.mockReturnValue(providedVersion);
-
-		await installCliOnGithubActionRunner(providedVersion);
-
-		expect(newCliInstaller).toHaveBeenCalledWith(providedVersion);
-	});
-
-	it("should set version provided as job input", async () => {
-		const providedVersion = "3.0.0";
-		jest.spyOn(core, "getInput").mockReturnValue(providedVersion);
-		jest.spyOn(VersionResolver.prototype, "resolve").mockResolvedValue();
-		jest
-			.spyOn(VersionResolver.prototype, "get")
-			.mockReturnValue(providedVersion);
-
-		await installCliOnGithubActionRunner();
-
-		expect(newCliInstaller).toHaveBeenCalledWith(providedVersion);
-	});
-
-	it("should throw error for invalid version", async () => {
-		const providedVersion = "invalid";
-		jest.spyOn(core, "getInput").mockReturnValue(providedVersion);
-		jest.spyOn(VersionResolver.prototype, "resolve").mockResolvedValue();
-		jest
-			.spyOn(VersionResolver.prototype, "get")
-			.mockReturnValue(providedVersion);
-
-		await expect(installCliOnGithubActionRunner()).rejects.toThrow();
-	});
-});
--- a/src/op-cli-installer/index.ts
+++ b/src/op-cli-installer/index.ts
@@ -1,2 +0,0 @@
-export { installCliOnGithubActionRunner } from "./github-action";
-export { ReleaseChannel, VersionResolver } from "./version";
--- a/src/op-cli-installer/version/constants.ts
+++ b/src/op-cli-installer/version/constants.ts
@@ -1,13 +0,0 @@
-export enum ReleaseChannel {
-	latest = "latest",
-	latestBeta = "latest-beta",
-}
-
-export interface VersionResponse {
-	// eslint disabled next line as CLI2 is expected in getting CLI versions response
-	/* eslint-disable-next-line @typescript-eslint/naming-convention */
-	CLI2: {
-		release: { version: string };
-		beta: { version: string };
-	};
-}
--- a/src/op-cli-installer/version/helper.test.ts
+++ b/src/op-cli-installer/version/helper.test.ts
@@ -1,91 +0,0 @@
-import { ReleaseChannel } from "./constants";
-import { getLatestVersion } from "./helper";
-
-describe("getLatestVersion", () => {
-	beforeEach(() => {
-		jest.restoreAllMocks();
-	});
-
-	it("should return latest stable version", async () => {
-		const mockResponse = {
-			// eslint-disable-next-line @typescript-eslint/naming-convention
-			CLI2: {
-				release: { version: "2.31.0" },
-				beta: { version: "2.32.0-beta.01" },
-			},
-		};
-
-		jest.spyOn(global, "fetch").mockResolvedValueOnce({
-			// eslint-disable-next-line @typescript-eslint/require-await
-			json: async () => mockResponse,
-		} as Response);
-
-		const version = await getLatestVersion(ReleaseChannel.latest);
-		expect(version).toBe("2.31.0");
-	});
-
-	it("should return latest beta version", async () => {
-		const mockResponse = {
-			// eslint-disable-next-line @typescript-eslint/naming-convention
-			CLI2: {
-				release: { version: "2.31.0" },
-				beta: { version: "2.32.0-beta.01" },
-			},
-		};
-
-		jest.spyOn(global, "fetch").mockResolvedValueOnce({
-			// eslint-disable-next-line @typescript-eslint/require-await
-			json: async () => mockResponse,
-		} as Response);
-
-		const version = await getLatestVersion(ReleaseChannel.latestBeta);
-		expect(version).toBe("2.32.0-beta.01");
-	});
-
-	it("should throw if no CLI2 field", async () => {
-		jest.spyOn(global, "fetch").mockResolvedValueOnce({
-			// eslint-disable-next-line @typescript-eslint/require-await
-			json: async () => ({}),
-		} as Response);
-
-		await expect(getLatestVersion(ReleaseChannel.latest)).rejects.toThrow(
-			`No ${ReleaseChannel.latest} versions found`,
-		);
-	});
-
-	it("should throw if no stable version found", async () => {
-		const mockResponse = {
-			// eslint-disable-next-line @typescript-eslint/naming-convention
-			CLI2: {
-				beta: { version: "2.32.0-beta.01" },
-			},
-		};
-
-		jest.spyOn(global, "fetch").mockResolvedValueOnce({
-			// eslint-disable-next-line @typescript-eslint/require-await
-			json: async () => mockResponse,
-		} as Response);
-
-		await expect(getLatestVersion(ReleaseChannel.latest)).rejects.toThrow(
-			`No ${ReleaseChannel.latest} versions found`,
-		);
-	});
-
-	it("should throw if no beta version found", async () => {
-		const mockResponse = {
-			// eslint-disable-next-line @typescript-eslint/naming-convention
-			CLI2: {
-				release: { version: "2.32.0" },
-			},
-		};
-
-		jest.spyOn(global, "fetch").mockResolvedValueOnce({
-			// eslint-disable-next-line @typescript-eslint/require-await
-			json: async () => mockResponse,
-		} as Response);
-
-		await expect(getLatestVersion(ReleaseChannel.latestBeta)).rejects.toThrow(
-			`No ${ReleaseChannel.latestBeta} versions found`,
-		);
-	});
-});
--- a/src/op-cli-installer/version/helper.ts
+++ b/src/op-cli-installer/version/helper.ts
@@ -1,23 +0,0 @@
-import * as core from "@actions/core";
-
-import { ReleaseChannel, type VersionResponse } from "./constants";
-
-// Returns the latest version of the 1Password CLI based on the specified channel.
-export const getLatestVersion = async (
-	channel: ReleaseChannel,
-): Promise<string> => {
-	core.info(`Getting ${channel} version number`);
-	const res = await fetch("https://app-updates.agilebits.com/latest");
-	const json = (await res.json()) as VersionResponse;
-	const latestStable = json?.CLI2?.release?.version;
-	const latestBeta = json?.CLI2?.beta?.version;
-	const version =
-		channel === ReleaseChannel.latestBeta ? latestBeta : latestStable;
-
-	if (!version) {
-		core.error(`No ${channel} versions found`);
-		throw new Error(`No ${channel} versions found`);
-	}
-
-	return version;
-};
--- a/src/op-cli-installer/version/index.ts
+++ b/src/op-cli-installer/version/index.ts
@@ -1,2 +0,0 @@
-export { VersionResolver } from "./version-resolver";
-export { ReleaseChannel } from "./constants";
--- a/src/op-cli-installer/version/validate.test.ts
+++ b/src/op-cli-installer/version/validate.test.ts
@@ -1,45 +0,0 @@
-import { describe, expect, it } from "@jest/globals";
-
-import { validateVersion } from "./validate";
-
-describe("validateVersion", () => {
-	it('should not throw for "latest"', () => {
-		expect(() => validateVersion("latest")).not.toThrow();
-	});
-
-	it('should not throw for "latest-beta"', () => {
-		expect(() => validateVersion("latest-beta")).not.toThrow();
-	});
-
-	it('should not throw for valid semver version "2.18.0"', () => {
-		expect(() => validateVersion("2.18.0")).not.toThrow();
-	});
-
-	it('should throw for partial version "2"', () => {
-		expect(() => validateVersion("2")).toThrow();
-	});
-
-	it('should throw for partial version "2.1"', () => {
-		expect(() => validateVersion("2.1")).toThrow();
-	});
-
-	it('should not throw for valid beta "2.19.0-beta.01"', () => {
-		expect(() => validateVersion("2.19.0-beta.01")).not.toThrow();
-	});
-
-	it('should not throw for valid beta "2.19.3-beta.12"', () => {
-		expect(() => validateVersion("2.19.3-beta.12")).not.toThrow();
-	});
-
-	it('should not throw for coerced version "v2.19.0"', () => {
-		expect(() => validateVersion("v2.19.0")).not.toThrow();
-	});
-
-	it('should throw for invalid version "latest-abc"', () => {
-		expect(() => validateVersion("latest-abc")).toThrow();
-	});
-
-	it("should throw for empty string", () => {
-		expect(() => validateVersion("")).toThrow();
-	});
-});
--- a/src/op-cli-installer/version/validate.ts
+++ b/src/op-cli-installer/version/validate.ts
@@ -1,23 +0,0 @@
-import semver from "semver";
-
-import { ReleaseChannel } from "./constants";
-
-// Validates if the provided version type is a valid enum value or a valid semver version.
-export const validateVersion = (input: string): void => {
-	if (Object.values(ReleaseChannel).includes(input as ReleaseChannel)) {
-		return;
-	}
-
-	// 1Password beta releases (aka 2.19.0-beta.01) are not semver compliant.
-	// According to semver, it should be "2.19.0-beta.1".
-	// That's why we need to normalize them before validating.
-	// Accepts valid semver versions like "2.18.0" or beta-releases like "2.19.0-beta.01"
-	// or versions with 'v' prefix like "v2.19.0"
-	const normalized = input.replace(/-beta\.0*(\d+)/, "-beta.$1");
-	const normInput = new semver.SemVer(normalized);
-	if (semver.valid(normInput)) {
-		return;
-	}
-
-	throw new Error(`Invalid version input: ${input}`);
-};
--- a/src/op-cli-installer/version/version-resolver.test.ts
+++ b/src/op-cli-installer/version/version-resolver.test.ts
@@ -1,58 +0,0 @@
-import { expect } from "@jest/globals";
-
-import { ReleaseChannel } from "./constants";
-import { VersionResolver } from "./version-resolver";
-
-describe("VersionResolver", () => {
-	test("should throw error when invalid version provided", () => {
-		expect(() => new VersionResolver("vv")).toThrow();
-	});
-
-	test("should throw error when version is empty", () => {
-		expect(() => new VersionResolver("")).toThrow();
-	});
-
-	test("should throw error for major version only", () => {
-		expect(() => new VersionResolver("1")).toThrow();
-	});
-
-	test("should throw error for major and minor version only", () => {
-		expect(() => new VersionResolver("1.0")).toThrow();
-	});
-
-	test("should resolve latest stable version", async () => {
-		const versionResolver = new VersionResolver(ReleaseChannel.latest);
-		await versionResolver.resolve();
-		expect(versionResolver.get()).toBeDefined();
-	});
-
-	test("should resolve latest beta version", async () => {
-		const versionResolver = new VersionResolver(ReleaseChannel.latestBeta);
-		await versionResolver.resolve();
-		expect(versionResolver.get()).toBeDefined();
-	});
-
-	test("should resolve version without 'v' prefix", async () => {
-		const versionResolver = new VersionResolver("1.0.0");
-		await versionResolver.resolve();
-		expect(versionResolver.get()).toBe("v1.0.0");
-	});
-
-	test("should resolve version with 'v' prefix", async () => {
-		const versionResolver = new VersionResolver("v1.0.0");
-		await versionResolver.resolve();
-		expect(versionResolver.get()).toBe("v1.0.0");
-	});
-
-	test("should resolve beta version without 'v' prefix", async () => {
-		const versionResolver = new VersionResolver("2.19.0-beta.01");
-		await versionResolver.resolve();
-		expect(versionResolver.get()).toBe("v2.19.0-beta.01");
-	});
-
-	test("should resolve beta version with 'v' prefix", async () => {
-		const versionResolver = new VersionResolver("v2.19.0-beta.01");
-		await versionResolver.resolve();
-		expect(versionResolver.get()).toBe("v2.19.0-beta.01");
-	});
-});
--- a/src/op-cli-installer/version/version-resolver.ts
+++ b/src/op-cli-installer/version/version-resolver.ts
@@ -1,45 +0,0 @@
-import * as core from "@actions/core";
-
-import { ReleaseChannel } from "./constants";
-import { getLatestVersion } from "./helper";
-import { validateVersion } from "./validate";
-
-export class VersionResolver {
-	private version: string;
-
-	public constructor(version: string) {
-		this.validate(version);
-		this.version = version;
-	}
-
-	public get(): string {
-		return this.version;
-	}
-
-	public async resolve(): Promise<void> {
-		core.info(`Resolving version: ${this.version}`);
-		if (!this.version) {
-			core.error("Version is not provided");
-			throw new Error("Version is not provided");
-		}
-
-		if (this.isReleaseChannel(this.version)) {
-			this.version = await getLatestVersion(this.version);
-		}
-
-		// add `v` prefix if not already present
-		this.version = this.version.startsWith("v")
-			? this.version
-			: `v${this.version}`;
-	}
-
-	private validate(version: string) {
-		core.info(`Validating version number: '${version}'`);
-		validateVersion(version);
-		core.info(`Version number '${version}' is valid`);
-	}
-
-	private isReleaseChannel(value: string): value is ReleaseChannel {
-		return Object.values(ReleaseChannel).includes(value as ReleaseChannel);
-	}
-}
--- a/tests/.env.tpl
+++ b/tests/.env.tpl
@@ -1,3 +0,0 @@
-FILE_SECRET=op://acceptance-tests/test-secret/password
-FILE_SECRET_IN_SECTION=op://acceptance-tests/test-secret/test-section/password
-FILE_MULTILINE_SECRET=op://acceptance-tests/multiline-secret/notesPlain
--- a/tests/assert-env-set.sh
+++ b/tests/assert-env-set.sh
@@ -9,8 +9,11 @@ assert_env_equals() {
  fi
 }

-readonly SECRET="RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu"
-MULTILINE_SECRET="$(cat << EOF
+assert_env_equals "SECRET" "RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu"
+
+assert_env_equals "SECRET_IN_SECTION" "RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu"
+
+assert_env_equals "MULTILINE_SECRET" "$(cat << EOF
 -----BEGIN PRIVATE KEY-----
 RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLApXaGls
 ZSB3ZSBkZWVwbHkgYXBwcmVjaWF0ZSB5b3VyIHZp
@@ -25,13 +28,3 @@ IApTbyBwbGVhc2UgZG9uJ3QgcmVwb3J0IGl0IQo=
 -----END PRIVATE KEY-----
 EOF
 )"
-readonly MULTILINE_SECRET
-
-assert_env_equals "SECRET" "${SECRET}"
-assert_env_equals "FILE_SECRET" "${SECRET}"
-
-assert_env_equals "SECRET_IN_SECTION" "${SECRET}"
-assert_env_equals "FILE_SECRET_IN_SECTION" "${SECRET}"
-
-assert_env_equals "MULTILINE_SECRET" "${MULTILINE_SECRET}"
-assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}"
--- a/tests/assert-env-unset.sh
+++ b/tests/assert-env-unset.sh
@@ -10,10 +10,5 @@ assert_env_unset() {
 }

 assert_env_unset "SECRET"
-assert_env_unset "FILE_SECRET"
-
 assert_env_unset "SECRET_IN_SECTION"
-assert_env_unset "FILE_SECRET_IN_SECTION"
-
 assert_env_unset "MULTILINE_SECRET"
-assert_env_unset "FILE_MULTILINE_SECRET"
Author	SHA1	Message	Date
Volodymyr Zotov	9fd72bcae7	Point to the feature branch to run tests	2025-08-14 11:43:38 -05:00
Volodymyr Zotov	4c8b833188	Make latest build	2025-08-14 11:40:05 -05:00
Volodymyr Zotov	b10aa9ed81	Fix tests	2025-08-14 11:39:57 -05:00
Volodymyr Zotov	b9110a4b5b	Rename `version` input to `cli-version`	2025-08-14 10:58:58 -05:00
				`@@ -1 +0,0 @@`
				`export { type Installer, newCliInstaller } from "./installer";`