Bump the actions group with 3 updates (#534)

Bumps the actions group with 3 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [prettier](https://github.com/prettier/prettier) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `@types/node` from 25.9.2 to 25.9.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `prettier` from 3.8.3 to 3.8.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.8.3...3.8.4)

Updates `vitest` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/HEAD/packages/vitest)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.9.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: prettier
  dependency-version: 3.8.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/CODEOWNERS

@@ -1 +1 @@
-* @Azure/aks-atlanta
+* @Azure/cloud-native-github-action-owners

.github/actions/minikube-setup/action.yml

@@ -0,0 +1,53 @@
+name: 'Setup Minikube Test Environment'
+description: 'Common setup steps for minikube integration tests'
+inputs:
+   install-smi:
+      description: 'Install Linkerd SMI for service mesh tests'
+      required: false
+      default: 'false'
+
+runs:
+   using: 'composite'
+   steps:
+      - name: Install dependencies
+        shell: bash
+        run: |
+           rm -rf node_modules/
+           npm install
+
+      - name: Build
+        shell: bash
+        run: npm run build
+
+      - name: Install conntrack
+        shell: bash
+        run: sudo apt-get install -y conntrack
+
+      - uses: Azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1
+        name: Install Kubectl
+
+      - id: setup-minikube
+        name: Setup Minikube
+        uses: medyagh/setup-minikube@e9e035a86bbc3caea26a450bd4dbf9d0c453682e # v0.0.21
+        with:
+           minikube-version: 1.37.0
+           kubernetes-version: 1.31.0
+           driver: 'docker'
+
+      - name: Install Linkerd and SMI
+        if: inputs.install-smi == 'true'
+        shell: bash
+        run: |
+           curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install-edge | sh
+           export PATH=$PATH:/home/runner/.linkerd2/bin
+           curl -sL https://linkerd.github.io/linkerd-smi/install | sh
+           kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml
+
+           linkerd install --crds | kubectl apply -f -
+           linkerd install --set proxyInit.runAsRoot=true | kubectl apply -f -
+           linkerd smi install | kubectl apply -f -
+
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # 6.1.0
+        name: Install Python
+        with:
+           python-version: '3.x'

.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates:
+   - package-ecosystem: npm
+     directory: /
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'
+   - package-ecosystem: github-actions
+     directory: .github/workflows
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'

.github/workflows/codeql.yml

@@ -10,23 +10,21 @@ jobs:
    CodeQL-Build:
       # CodeQL runs on ubuntu-latest and windows-latest
       runs-on: ubuntu-latest
+      permissions:
+         contents: read
+         security-events: write
 
       steps:
          - name: Checkout repository
-           uses: actions/checkout@v2
+           uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 #v6.0.3
            with:
               # We must fetch at least the immediate parents so that if this is
               # a pull request then we can checkout the head.
               fetch-depth: 2
 
-         # If this run was triggered by a pull request event, then checkout
-         # the head of the pull request instead of the merge commit.
-         - run: git checkout HEAD^2
-           if: ${{ github.event_name == 'pull_request' }}
-
          # Initializes the CodeQL tools for scanning.
          - name: Initialize CodeQL
-           uses: github/codeql-action/init@v1
+           uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e #v3.29.5
            # Override language selection by uncommenting this and choosing your languages
            # with:
            #   languages: go, javascript, csharp, python, cpp, java
@@ -34,7 +32,7 @@ jobs:
          # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
          # If this step fails, then you should remove it and run the build manually (see below)
          - name: Autobuild
-           uses: github/codeql-action/autobuild@v1
+           uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e #v3.29.5
 
          # ℹ️ Command-line programs to run using the OS shell.
          # 📚 https://git.io/JvXDl
@@ -48,4 +46,4 @@ jobs:
          #   make release
 
          - name: Perform CodeQL Analysis
-           uses: github/codeql-action/analyze@v1
+           uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e #v3.29.5

.github/workflows/defaultLabels.yml

@@ -13,7 +13,7 @@ jobs:
 
       # Steps represent a sequence of tasks that will be executed as part of the job
       steps:
-         - uses: actions/stale@v3
+         - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
            name: Setting issue as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -24,7 +24,7 @@ jobs:
               operations-per-run: 100
               exempt-issue-labels: 'backlog'
 
-         - uses: actions/stale@v3
+         - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
            name: Setting PR as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/prettify-code.yml

@@ -10,9 +10,9 @@ jobs:
       runs-on: ubuntu-latest
       steps:
          - name: Checkout Repository
-           uses: actions/checkout@v2
+           uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+         - name: install deps
+           run: npm install
 
          - name: Enforce Prettier
-           uses: actionsx/prettier@v2
+           run: npm run format-check
-           with:
-              args: --check .

.github/workflows/release-pr.yml

@@ -1,14 +1,18 @@
-name: Create release PR
+name: Release Project
 
 on:
+   push:
+      branches:
+         - main
+      paths:
+         - CHANGELOG.md
    workflow_dispatch:
-      inputs:
-         release:
-            description: 'Define release version (ex: v1, v2, v3)'
-            required: true
 
 jobs:
-   release-pr:
+   release:
-      uses: OliverMKing/javascript-release-workflow/.github/workflows/release-pr.yml@main
+      permissions:
+         actions: read
+         contents: write
+      uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@3c677ba5ab58f5c5c1a6f0cfb176b333b1f27405 # v1
       with:
-         release: ${{ github.event.inputs.release }}
+         changelogPath: ./CHANGELOG.md

.github/workflows/run-integration-tests-basic.yml

@@ -0,0 +1,52 @@
+name: Minikube Integration Tests - basic
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Run Minikube Integration Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for pod
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+                 test/integration/manifests/manifest_test_dir/test.yml
+              action: deploy
+
+         - name: Checking if deployments and services were created
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_basic selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_basic selectorLabels=app:nginx
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment3 containerName=nginx:1.14.2 labels=app:nginx3,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_basic selectorLabels=app:nginx3
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service3 labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_basic selectorLabels=app:nginx3

.github/workflows/run-integration-tests-bluegreen-ingress.yml

@@ -0,0 +1,156 @@
+name: Minikube Integration Tests - blue-green ingress
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Blue-Green Ingress Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service-green' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment-green' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'nginx-ingress' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for ingress
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: deploy
+
+         - name: Checking if deployments, services and ingresses were created with green labels and original tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service-green,unrouted-service
+
+         - name: Executing promote action for ingress
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: promote
+
+         - name: Checking if deployments, services and ingresses were created with none labels after first promote
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service,unrouted-service
+
+         - name: Executing second deploy action for ingress with new tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: deploy
+
+         - name: Checking if deployments (with new tag), services and ingresses were created with green labels after deploy, and old deployment persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:latest labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service-green,unrouted-service
+
+         - name: Executing second promote action for ingress now using new image tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: promote
+
+         - name: Checking if deployments, services and ingresses were created with none labels after promote for new tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service,unrouted-service
+
+         - name: Executing deploy action for ingress to be rejected using old tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: deploy
+
+         - name: Checking if new deployments (with old tag), services and ingresses were created with green labels after deploy, and old deployment (with latest tag) persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service-green,unrouted-service
+
+         - name: Executing reject action for ingress to reject new deployment with 1.14.2 tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: reject
+
+         # MAY BE USEFUL TO ADD AN ANTI-CHECK - CHECK TO MAKE SURE CERTAIN OBJECTS DON'T EXIST
+         - name: Checking if deployments, services and ingresses were created with none labels and latest tag after reject
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service,unrouted-service
+
+         - name: Cleaning up current set up
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ env.NAMESPACE }}
+
+         - if: ${{ always() }}
+           name: Delete created namespace
+           run: kubectl delete ns ${{ env.NAMESPACE }}

.github/workflows/run-integration-tests-bluegreen-service.yml

@@ -0,0 +1,143 @@
+name: Minikube Integration Tests - blue-green service
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Blue-Green Service Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for service
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: deploy
+
+         - name: Checking if deployments and services were created with green labels and original tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+         - name: Executing promote action for service
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: promote
+
+         - name: Checking if deployments and services were created with none labels after first promote
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+
+         - name: Executing second deploy action for service with new tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: deploy
+
+         - name: Checking if deployments (with new tag) and services were created with green labels after deploy, and old deployment persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:latest labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+
+         - name: Executing second promote action for service now using new image tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: promote
+
+         - name: Checking if deployments and services were created with none labels after promote for new tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+
+         - name: Executing deploy action for service to be rejected using old tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: deploy
+
+         - name: Checking if new deployments (with old tag) and services were created with green labels after deploy, and old deployment (with latest tag) persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+
+         - name: Executing reject action for service to reject new deployment with 1.14.2 tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: reject
+
+         # MAY BE USEFUL TO ADD AN ANTI-CHECK - CHECK TO MAKE SURE CERTAIN OBJECTS DON'T EXIST
+         - name: Checking if deployments and services were created with none labels and latest tag after reject
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+
+         - name: Cleaning up current set up
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ env.NAMESPACE }}
+
+         - if: ${{ always() }}
+           name: Delete created namespace
+           run: kubectl delete ns ${{ env.NAMESPACE }}

.github/workflows/run-integration-tests-bluegreen-smi.yml

@@ -0,0 +1,173 @@
+name: Minikube Integration Tests - blue-green SMI
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Blue-Green SMI Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+           with:
+              install-smi: 'true'
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'TrafficSplit' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for smi
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: deploy
+
+         - name: Checking if deployments, services, and ts objects were created with green labels and original tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:green
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:green selectorLabels=app:nginx,k8s.deploy.color:green
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:0,nginx-service-green:100
+
+         - name: Executing promote action for smi
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: promote
+
+         # another good place for anti-test - ensure old deps are deleted after promote
+         - name: Checking if deployments, services, and ts objects were created with none labels after first promote
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:100,nginx-service-green:0
+
+         - name: Executing second deploy action for smi with new tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: deploy
+
+         - name: Checking if deployments (with new tag) and services were created with green labels after deploy, and old deployment persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:latest labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:green
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:green selectorLabels=app:nginx,k8s.deploy.color:green
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:0,nginx-service-green:100
+
+         - name: Executing second promote action for smi now using new image tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: promote
+
+         - name: Checking if deployments and services were created with none labels after promote for new tag, ts is stable
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:100,nginx-service-green:0
+
+         - name: Executing deploy action for smi to be rejected using old tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: deploy
+
+         - name: Checking if new deployments (with old tag) and services were created with green labels after deploy, and old deployment (with latest tag) persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:green selectorLabels=app:nginx,k8s.deploy.color:green
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:0,nginx-service-green:100
+
+         - name: Executing reject action for smi to reject new deployment with 1.14.2 tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: reject
+
+         # MAY BE USEFUL TO ADD AN ANTI-CHECK - CHECK TO MAKE SURE CERTAIN OBJECTS DON'T EXIST
+         - name: Checking if deployments and services were created with none labels and latest tag after reject
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:100,nginx-service-green:0
+
+         - name: Cleaning up current set up
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ env.NAMESPACE }}
+
+         - if: ${{ always() }}
+           name: Delete created namespace
+           run: kubectl delete ns ${{ env.NAMESPACE }}

.github/workflows/run-integration-tests-canary-pod.yml

@@ -0,0 +1,152 @@
+name: Minikube Integration Tests - canary pod
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Canary Pod Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for pod
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: deploy
+
+         - name: Checking if deployments and services were created with canary labels and original tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:1.14.2 labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx,workflow/version:canary
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Executing promote action for pod
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: promote
+
+         # another good place for anti-test - ensure old deps are deleted after promote
+         - name: Checking if deployments and services were created with stable labels after first promote
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Executing second deploy action for pod with new tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: deploy
+
+         - name: Checking if deployments (with new tag) and services were created with canary labels after deploy, and old deployment persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:latest labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx,workflow/version:canary
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Executing second promote action for pod now using new image tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: promote
+
+         - name: Checking if deployments and services were created with stable labels after promote for new tag, ts is stable
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Executing deploy action for pod to be rejected using old tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: deploy
+
+         - name: Checking if new deployments (with old tag) and services were created with canary and baseline labels after deploy, and stable deployment (with latest tag) persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:1.14.2 labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx,workflow/version:canary
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Executing reject action for pod to reject new deployment with 1.14.2 tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: reject
+
+         # MAY BE USEFUL TO ADD AN ANTI-CHECK - CHECK TO MAKE SURE CERTAIN OBJECTS DON'T EXIST
+         - name: Checking if deployments and services were created with stable labels and latest tag after reject
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Cleaning up current set up
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ env.NAMESPACE }}
+
+         - if: ${{ always() }}
+           name: Delete created namespace
+           run: kubectl delete ns ${{ env.NAMESPACE }}

.github/workflows/run-integration-tests-canary-smi.yml

@@ -0,0 +1,185 @@
+name: Minikube Integration Tests - canary SMI
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Canary SMI Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+           with:
+              install-smi: 'true'
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'TrafficSplit' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for smi
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: deploy
+
+         - name: Checking if deployments, services, and ts objects were created with canary labels and original tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:1.14.2 labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:canary
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-canary labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:canary selectorLabels=app:nginx,workflow/version:canary
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:0,nginx-service-canary:1000,nginx-service-baseline:0
+
+         - name: Executing promote action for smi
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: promote
+
+         # another good place for anti-test - ensure old deps are deleted after promote
+         - name: Checking if deployments, services, and ts objects were created with stable labels after first promote
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-stable containerName=nginx:1.14.2 labels=workflow/version:stable,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:stable selectorLabels=app:nginx,workflow/version:stable
+
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:1000,nginx-service-canary:0,nginx-service-baseline:0
+
+         - name: Executing second deploy action for smi with new tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: deploy
+
+         - name: Checking if deployments (with new tag) and services were created with canary labels after deploy, and old deployment persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-stable containerName=nginx:1.14.2 labels=workflow/version:stable,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:stable
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:latest labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:canary
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-baseline containerName=nginx:1.14.2 labels=workflow/version:baseline,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:baseline
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:stable selectorLabels=app:nginx,workflow/version:stable
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-canary labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:canary selectorLabels=app:nginx,workflow/version:canary
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-baseline labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:baseline selectorLabels=app:nginx,workflow/version:baseline
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:500,nginx-service-canary:250,nginx-service-baseline:250
+
+         - name: Executing second promote action for smi now using new image tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: promote
+
+         - name: Checking if deployments and services were created with stable labels after promote for new tag, ts is stable
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-stable containerName=nginx:latest labels=workflow/version:stable,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:stable selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:1000,nginx-service-canary:0,nginx-service-baseline:0
+
+         - name: Executing deploy action for smi to be rejected using old tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: deploy
+
+         - name: Checking if new deployments (with old tag) and services were created with canary and baseline labels after deploy, and stable deployment (with latest tag) persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:1.14.2 labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:canary
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-baseline containerName=nginx:latest labels=workflow/version:baseline,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:baseline
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-stable containerName=nginx:latest labels=workflow/version:stable,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:stable selectorLabels=app:nginx,workflow/version:stable
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-baseline labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:baseline selectorLabels=app:nginx,workflow/version:baseline
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-canary labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:canary selectorLabels=app:nginx,workflow/version:canary
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:500,nginx-service-canary:250,nginx-service-baseline:250
+
+         - name: Executing reject action for smi to reject new deployment with 1.14.2 tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: reject
+
+         # MAY BE USEFUL TO ADD AN ANTI-CHECK - CHECK TO MAKE SURE CERTAIN OBJECTS DON'T EXIST
+         - name: Checking if deployments and services were created with stable labels and latest tag after reject
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-stable containerName=nginx:latest labels=workflow/version:stable,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:stable selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:1000,nginx-service-canary:0,nginx-service-baseline:0
+
+         - name: Cleaning up current set up
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'TrafficSplit' 'all' ${{ env.NAMESPACE }}
+
+         - if: ${{ always() }}
+           name: Delete created namespace
+           run: kubectl delete ns ${{ env.NAMESPACE }}

.github/workflows/run-integration-tests-namespace-optional.yml

@@ -0,0 +1,113 @@
+# This workflow is inspired by `run-integration-tests-bluegreen-ingress.yml` and introduces namespace-specific testing for manifests.
+# It ensures deployments respect manifest-defined namespaces and tests deployments to multiple namespaces.
+name: Minikube Integration Tests - Namespace Optional
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Namespace Optional Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE1: integration-test-namespace1-${{ github.run_id }}
+         NAMESPACE2: integration-test-namespace2-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespaces for tests
+           run: |
+              kubectl create ns ${{ env.NAMESPACE1 }}
+              kubectl create ns ${{ env.NAMESPACE2 }}
+              kubectl create ns test-namespace
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE1 }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE2 }}
+
+         # This tests whether the deployment respects the namespace defined in the manifest instead of defaulting to "default" when namespace is not provided.
+         - name: Test - Handles namespace correctly based on manifest
+           uses: ./
+           with:
+              images: nginx
+              manifests: |
+                 test/integration/manifests/test_with_ns.yaml
+                 test/integration/manifests/test_no_ns.yaml
+              action: deploy # Deploys manifests to specified namespaces or uses the namespace defined in the manifest
+
+         - name: Verify Deployment - test_with_ns.yaml (test-namespace)
+           run: |
+              python test/integration/k8s-deploy-test.py \
+                namespace=test-namespace \
+                kind=Deployment \
+                name=test-deployment \
+                containerName=nginx \
+                labels=app:test-app,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_Namespace_Optional \
+                selectorLabels=app:test-app
+
+         - name: Verify Deployment - test_no_ns.yaml (default namespace)
+           run: |
+              python test/integration/k8s-deploy-test.py \
+                namespace=default \
+                kind=Deployment \
+                name=test-deployment-no-ns \
+                containerName=nginx \
+                labels=app:test-app,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_Namespace_Optional \
+                selectorLabels=app:test-app
+
+         # This tests whether the deployment works when a file is deployed to two different provided namespaces.
+         - name: Test - Deploys the resource to namespace1
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE1 }}
+              images: nginx
+              manifests: |
+                 test/integration/manifests/test_no_ns.yaml
+              action: deploy
+
+         - name: Test - Deploys the resource to namespace2
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE2 }}
+              images: nginx
+              manifests: |
+                 test/integration/manifests/test_no_ns.yaml
+              action: deploy
+
+         - name: Verify Deployments in NAMESPACE1 & NAMESPACE2
+           run: |
+              for ns in ${{ env.NAMESPACE1 }} ${{ env.NAMESPACE2 }}; do
+                python test/integration/k8s-deploy-test.py \
+                  namespace=$ns \
+                  kind=Deployment \
+                  name=test-deployment-no-ns \
+                  containerName=nginx \
+                  labels=app:test-app,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_Namespace_Optional \
+                  selectorLabels=app:test-app
+              done
+
+         - name: Cleanup
+           run: |
+              echo "Cleaning up resources..."
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'test-deployment' test-namespace
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'test-deployment-no-ns' ${{ env.NAMESPACE1 }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'test-deployment-no-ns' ${{ env.NAMESPACE2 }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'test-deployment-no-ns' default
+
+              kubectl delete ns ${{ env.NAMESPACE1 }}
+              kubectl delete ns ${{ env.NAMESPACE2 }}
+              kubectl delete ns test-namespace
+              rm -rf test_with_ns.yaml test_no_ns.yaml

.github/workflows/run-integration-tests-private.yml

@@ -0,0 +1,85 @@
+name: Cluster Integration Tests - private cluster
+on:
+   pull_request:
+      branches:
+         - 'releases/*'
+   push:
+      branches:
+         - main
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Run Minikube Integration Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      permissions:
+         contents: read
+         id-token: write
+      steps:
+         - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+         - name: Install dependencies
+           run: |
+              rm -rf node_modules/
+              npm install
+
+         - name: Build
+           run: npm run build
+
+         - name: Azure login
+           uses: azure/login@v3.0.0
+           with:
+              client-id: ${{ secrets.AZURE_CLIENT_ID }}
+              tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+              subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+         - uses: Azure/setup-kubectl@829323503d1be3d00ca8346e5391ca0b07a9ab0d # v5.1.0
+           name: Install Kubectl
+
+         - name: Create private AKS cluster and set context
+           run: |
+              set +x
+              # create cluster
+              az group create --location eastus2 --name ${{ env.NAMESPACE }}
+              az aks create --name ${{ env.NAMESPACE }} --resource-group ${{ env.NAMESPACE }} --enable-private-cluster --generate-ssh-keys
+              az aks get-credentials --resource-group ${{ env.NAMESPACE }} --name ${{ env.NAMESPACE }}
+
+         - name: Create namespace to run tests
+           run: |
+              az aks command invoke --resource-group ${{ env.NAMESPACE }} --name ${{ env.NAMESPACE }} --command "kubectl create ns ${{ env.NAMESPACE }}"
+
+         - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # 6.2.0
+           name: Install Python
+           with:
+              python-version: '3.x'
+
+         - name: Executing deploy action for pod
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+                 test/integration/manifests/test2.yml
+              action: deploy
+              private-cluster: true
+              resource-group: ${{ env.NAMESPACE }}
+              name: ${{ env.NAMESPACE }}
+
+         - name: Checking if deployments and services were created
+           run: |
+              python test/integration/k8s-deploy-test.py private=${{ env.NAMESPACE }} namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Cluster_Integration_Tests_-_private_cluster selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py private=${{ env.NAMESPACE }} namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Cluster_Integration_Tests_-_private_cluster selectorLabels=app:nginx
+
+              python test/integration/k8s-deploy-test.py private=${{ env.NAMESPACE }} namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment2 containerName=nginx:1.14.2 labels=app:nginx2,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Cluster_Integration_Tests_-_private_cluster selectorLabels=app:nginx2
+              python test/integration/k8s-deploy-test.py private=${{ env.NAMESPACE }} namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service2 labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Cluster_Integration_Tests_-_private_cluster selectorLabels=app:nginx2
+
+         - name: Clean up AKS cluster
+           if: ${{ always() }}
+           run: |
+              echo "deleting AKS cluster and resource group"
+              az aks delete --yes --resource-group ${{ env.NAMESPACE }} --name ${{ env.NAMESPACE }}
+              az group delete --resource-group ${{ env.NAMESPACE }} --yes

.github/workflows/run-integration-tests-resource-annotation.yml

@@ -0,0 +1,65 @@
+name: Minikube Integration Tests - resource annotation
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Resource Annotation Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for pod with resource annotation enabled by default
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              action: deploy
+
+         - name: Checking if deployments is created with additional resource annotation
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_resource_annotation selectorLabels=app:nginx annotations=actions.github.com/k8s-deploy,deployment.kubernetes.io/revision,kubectl.kubernetes.io/last-applied-configuration
+
+         - name: Cleaning previously created deployment
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for pod with resource annotation disabled
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              action: deploy
+              annotate-resources: false
+
+         - name: Checking if deployment is created without additional resource annotation
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 selectorLabels=app:nginx annotations=deployment.kubernetes.io/revision,kubectl.kubernetes.io/last-applied-configuration

.github/workflows/run-integration-tests.yml

@@ -1,215 +0,0 @@
-name: Minikube Integration Tests
-on:
-   pull_request:
-      branches:
-         - master
-         - main
-         - 'releases/*'
-   push:
-      branches:
-         - master
-         - main
-         - 'releases/*'
-   workflow_dispatch:
-
-jobs:
-   run-integration-test:
-      name: Run Minikube Integration Tests
-      runs-on: ubuntu-latest
-      env:
-         KUBECONFIG: /home/runner/.kube/config
-      steps:
-         - uses: actions/checkout@v2
-
-         - name: Install dependencies
-           run: |
-              rm -rf node_modules/
-              npm install
-
-         - name: Install ncc
-           run: npm i -g @vercel/ncc
-         - name: Build
-           run: ncc build src/run.ts -o lib
-
-         - name: Set name of ns
-           run: echo "::set-output name=name::$(echo `date +%Y%m%d%H%M%S`)"
-           shell: bash
-           id: ns
-
-         - uses: Azure/setup-kubectl@v1
-           name: Install Kubectl
-
-         - id: setup-minikube
-           name: Setup Minikube
-           uses: manusa/actions-setup-minikube@v2.4.2
-           with:
-              minikube version: 'v1.24.0'
-              kubernetes version: 'v1.17.8'
-              driver: 'none'
-           timeout-minutes: 3
-
-         - name: Create namespace to run tests
-           run: kubectl create ns test-${{ steps.ns.outputs.name }}
-
-         - uses: actions/setup-python@v2
-           name: Install Python
-           with:
-              python-version: '3.x'
-
-         - name: Cleaning any previously created items
-           run: |
-              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service-green' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment-green' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-delete.py 'Ingress' 'nginx-ingress' ${{ steps.ns.outputs.name }}
-
-         - name: Executing deploy action
-           uses: ./
-           with:
-              namespace: test-${{ steps.ns.outputs.name }}
-              images: nginx:1.14.2
-              manifests: |
-                 test/integration/manifests/test-service.yml
-              strategy: blue-green
-              route-method: service
-              action: deploy
-
-         - name: Checking if deploments and services were created with green labels
-           run: |
-              python test/integration/k8s-deploy-test.py 'Deployment' 'nginx-deployment-green' 'green' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Service' 'nginx-service' 'green' ${{ steps.ns.outputs.name }}
-
-         - name: Executing promote action
-           uses: ./
-           with:
-              namespace: test-${{ steps.ns.outputs.name }}
-              images: nginx:1.14.2
-              manifests: |
-                 test/integration/manifests/test-service.yml
-              strategy: blue-green
-              route-method: service
-              action: promote
-
-         - name: Checking if deploments and services were created with none labels after promote
-           run: |
-              python test/integration/k8s-deploy-test.py 'Deployment' 'nginx-deployment' 'None' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Service' 'nginx-service' 'None' ${{ steps.ns.outputs.name }}
-
-         - name: Executing deploy action on
-           uses: ./
-           with:
-              namespace: test-${{ steps.ns.outputs.name }}
-              images: nginx:1.19.1
-              manifests: |
-                 test/integration/manifests/test-service.yml
-              strategy: blue-green
-              route-method: service
-              action: deploy
-
-         - name: Checking if deploments and services were created with green labels, and old workloads persist on deploy
-           run: |
-              python test/integration/k8s-deploy-test.py 'Deployment' 'nginx-deployment-green' 'green' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Service' 'nginx-service' 'green' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Deployment' 'nginx-deployment' 'None' ${{ steps.ns.outputs.name }}
-
-         - name: Executing reject action
-           uses: ./
-           with:
-              namespace: test-${{ steps.ns.outputs.name }}
-              images: nginx:1.19.1
-              manifests: |
-                 test/integration/manifests/test-service.yml
-              strategy: blue-green
-              route-method: service
-              action: reject
-
-         - name: Checking if deploments and services were routed back to none labels after reject
-           run: |
-              python test/integration/k8s-deploy-test.py 'Deployment' 'nginx-deployment' 'None' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Service' 'nginx-service' 'None' ${{ steps.ns.outputs.name }}
-
-         - name: Cleaning up current set up
-           run: |
-              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ steps.ns.outputs.name }}
-
-         - name: Executing deploy action for ingress
-           uses: ./
-           with:
-              namespace: test-${{ steps.ns.outputs.name }}
-              images: nginx:1.14.2
-              manifests: |
-                 test/integration/manifests/test-ingress.yml
-              strategy: blue-green
-              route-method: ingress
-              action: deploy
-
-         - name: Checking if deploments, services and ingresses were created with green labels
-           run: |
-              python test/integration/k8s-deploy-test.py 'Deployment' 'nginx-deployment-green' 'green' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Service' 'nginx-service-green' 'green' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Ingress' 'nginx-ingress' 'green' ${{ steps.ns.outputs.name }}
-
-         - name: Executing promote action for ingress
-           uses: ./
-           with:
-              namespace: test-${{ steps.ns.outputs.name }}
-              images: nginx:1.14.2
-              manifests: |
-                 test/integration/manifests/test-ingress.yml
-              strategy: blue-green
-              route-method: ingress
-              action: promote
-
-         - name: Checking if deploments, services and ingresses were created with none labels after promote
-           run: |
-              python test/integration/k8s-deploy-test.py 'Deployment' 'nginx-deployment' 'None' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Service' 'nginx-service' 'None' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Ingress' 'nginx-ingress' 'None' ${{ steps.ns.outputs.name }}
-
-         - name: Executing deploy action for ingress
-           uses: ./
-           with:
-              namespace: test-${{ steps.ns.outputs.name }}
-              images: nginx:1.19.1
-              manifests: |
-                 test/integration/manifests/test-ingress.yml
-              strategy: blue-green
-              route-method: ingress
-              action: deploy
-
-         - name: Checking if deploments, services and ingresses were created with green labels after deploy, and old deployment persists
-           run: |
-              python test/integration/k8s-deploy-test.py 'Deployment' 'nginx-deployment-green' 'green' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Deployment' 'nginx-deployment' 'None' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Service' 'nginx-service' 'None' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Service' 'nginx-service-green' 'green' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Ingress' 'nginx-ingress' 'green' ${{ steps.ns.outputs.name }}
-
-         - name: Executing reject action for ingress
-           uses: ./
-           with:
-              namespace: test-${{ steps.ns.outputs.name }}
-              images: nginx:1.19.1
-              manifests: |
-                 test/integration/manifests/test-ingress.yml
-              strategy: blue-green
-              route-method: ingress
-              action: reject
-
-         - name: Checking if deploments, services and ingresses were created with none labels after reject
-           run: |
-              python test/integration/k8s-deploy-test.py 'Deployment' 'nginx-deployment' 'None' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Service' 'nginx-service' 'None' ${{ steps.ns.outputs.name }}
-              python test/integration/k8s-deploy-test.py 'Ingress' 'nginx-ingress' 'None' ${{ steps.ns.outputs.name }}
-
-         - if: ${{ always() }}
-           name: Delete created namespace
-           run: kubectl delete ns test-${{ steps.ns.outputs.name }}
-
-         - if: ${{ always() }}
-           name: Posting result back to PR
-           run: |
-              if [ '${{ steps.job-type.outputs.type }}' == 'pr' ]; then ruby postStatus.rb ${{github.event.client_payload.repository}} ${{github.event.client_payload.commit}} ${{secrets.L2_REPO_TOKEN}} ${{job.status}} ${{github.run_id}} ${{matrix.os}} false ${{ secrets.L2_REPO_USER }}; fi
-           shell: bash

.github/workflows/tag-and-release.yml

@@ -1,10 +0,0 @@
-name: Tag and create release draft
-
-on:
-   push:
-      branches:
-         - releases/*
-
-jobs:
-   tag-and-release:
-      uses: OliverMKing/javascript-release-workflow/.github/workflows/tag-and-release.yml@main

.github/workflows/unit-tests.yml

@@ -11,9 +11,10 @@ on: # rebuild any PRs and main branch changes
 
 jobs:
    build: # make sure build/ci works properly
+      name: Run Unit Tests
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/checkout@v1
+         - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
          - run: |
               npm install
               npm test

.husky/pre-commit

@@ -0,0 +1,13 @@
+npm run typecheck || {
+  echo ""
+  echo "❌ Type check failed."
+  echo "💡 Run 'npm run typecheck' to see errors."
+  exit 1
+}
+npm test
+npm run format-check || {
+  echo ""
+  echo "❌ Formatting check failed."
+  echo "💡 Run 'npm run format' or 'prettier --write .' to fix formatting issues."
+  exit 1
+}

CHANGELOG.md

@@ -0,0 +1,88 @@
+# Changelog
+
+## [6.0.0] - 2026-04-17
+
+### Changed
+
+- #504 [Update Node.js runtime from node20 to node24](https://github.com/Azure/k8s-deploy/pull/504)
+- #500 [Update action version references in README to latest majors](https://github.com/Azure/k8s-deploy/pull/500)
+
+### Security
+
+- #506 [Bump undici from 6.23.0 to 6.24.1](https://github.com/Azure/k8s-deploy/pull/506)
+- #513 [Bump vite from 8.0.3 to 8.0.5](https://github.com/Azure/k8s-deploy/pull/513)
+- #509 [Bump the actions group across 1 directory with 4 updates](https://github.com/Azure/k8s-deploy/pull/509)
+- #510 [Bump the actions group across 1 directory with 2 updates](https://github.com/Azure/k8s-deploy/pull/510)
+- #511 [Bump vitest from 4.1.1 to 4.1.2](https://github.com/Azure/k8s-deploy/pull/511)
+- #514 [Bump the actions group with 2 updates](https://github.com/Azure/k8s-deploy/pull/514)
+- #501 [Bump @types/node from 25.3.3 to 25.4.0](https://github.com/Azure/k8s-deploy/pull/501)
+
+## [5.1.0] - 2026-03-03
+
+### Added
+
+- #458 [Ensure error messages display the correct namespace](https://github.com/Azure/k8s-deploy/pull/458)
+- #482 [docker driver](https://github.com/Azure/k8s-deploy/pull/482)
+- #492 [Migrate to esbuild/Vitest and upgrade @actions/\* to ESM-only versions](https://github.com/Azure/k8s-deploy/pull/492)
+- #498 [Add typecheck to build script](https://github.com/Azure/k8s-deploy/pull/498)
+
+## [5.0.4] - 2025-08-05
+
+### Added
+
+- #408 [Add missing README.md and action.yml parameters](https://github.com/Azure/k8s-deploy/pull/408)
+- #414 [Fix the major update packages including Jest](https://github.com/Azure/k8s-deploy/pull/414)
+- #418 [Add husky pre-commit hook.](https://github.com/Azure/k8s-deploy/pull/418)
+- #420 [Make namespace input optional](https://github.com/Azure/k8s-deploy/pull/420)
+- #424 [add server-side option for kubectl apply commands](https://github.com/Azure/k8s-deploy/pull/424)
+- #425 [Add timeout to the rollout status](https://github.com/Azure/k8s-deploy/pull/425)
+- #428 [Added additional check in getTempdirectory function](https://github.com/Azure/k8s-deploy/pull/428)
+- #432 [Added error check for canary promote actions](https://github.com/Azure/k8s-deploy/pull/432)
+- #436 [Add support for ScaledJob](https://github.com/Azure/k8s-deploy/pull/436)
+- #440 [Add Enhanced Deployment Error Reporting and Logging](https://github.com/Azure/k8s-deploy/pull/440)
+- #441 [Added timeout input description to README](https://github.com/Azure/k8s-deploy/pull/441)
+
+## [5.0.3] - 2025-04-16
+
+### Added
+
+- #398 case-insensitive resource type
+
+## [5.0.2] - 2025-04-15
+
+### Added
+
+- #396 Update new resource-type input for action
+
+## [5.0.1] - 2024-03-12
+
+### Added
+
+- #356 Add fleet support
+
+## [5.0.0] - 2024-03-12
+
+### Changed
+
+- #309 Updated to Node20 and upgraded release workflows to @v1 tag
+- #306 update release workflow to use new prefix, remove deprecated release
+- #303 fix: ensure imageNames are not empty strings
+- #299 bump release workflow sha
+- #298 bump minikube to fix runner deps
+- #297 update release workflow
+
+### Added
+
+- #304 add v prefix for version tagging
+- #302 adding ncc to build
+- #301 adding release workflow artifact fix
+
+## [4.10.0] - 2023-10-30
+
+### Added
+
+- #287 Make annotating resources optional
+- #283 Fix “Service” route-method of the Blue-Green strategy with some manifest files
+- #281 bump codeql to node 16
+- #279 upgrade codeql
+- #276 Fixes multiple namespaces bug

CODE_OF_CONDUCT.md

@@ -4,6 +4,6 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope
 
 Resources:
 
--  [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
--  [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
--  Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
+- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns

README.md

@@ -1,6 +1,6 @@
 # Deploy manifests action for Kubernetes
 
-This action is used to deploy manifests to Kubernetes clusters. It requires that the cluster context be set earlier in the workflow by using either the [Azure/aks-set-context](https://github.com/Azure/aks-set-context/tree/releases/v1) action or the [Azure/k8s-set-context](https://github.com/Azure/k8s-set-context/tree/releases/v1) action. It also requires Kubectl to be installed (you can use the [Azure/setup-kubectl](https://github.com/Azure/setup-kubectl) action).
+This action is used to deploy manifests to Kubernetes clusters. It requires that the cluster context be set earlier in the workflow by using either the [Azure/aks-set-context](https://github.com/Azure/aks-set-context/tree/releases/v4) action or the [Azure/k8s-set-context](https://github.com/Azure/k8s-set-context/tree/releases/v4) action. It also requires Kubectl to be installed (you can use the [Azure/setup-kubectl](https://github.com/Azure/setup-kubectl) action).
 
 If you are looking to automate your workflows to deploy to [Azure Web Apps](https://azure.microsoft.com/en-us/services/app-service/web/) and [Azure Web App for Containers](https://azure.microsoft.com/en-us/services/app-service/containers/), consider using [`Azure/webapps-deploy`](https://github.com/Azure/webapps-deploy) action.
 
@@ -17,22 +17,20 @@ permissions:
 
 Following are the key capabilities of this action:
 
--  **Artifact substitution**: Takes a list of container images which can be specified along with their tags or digests. They are substituted into the non-templatized version of manifest files before applying to the cluster to ensure that the right version of the image is pulled by the cluster nodes.
+- **Artifact substitution**: Takes a list of container images which can be specified along with their tags or digests. They are substituted into the non-templatized version of manifest files before applying to the cluster to ensure that the right version of the image is pulled by the cluster nodes.
 
--  **Object stability checks**: Rollout status is checked for the Kubernetes objects deployed. This is done to incorporate stability checks while computing the action status as success/failure.
+- **Object stability checks**: Rollout status is checked for the Kubernetes objects deployed. This is done to incorporate stability checks while computing the action status as success/failure.
 
--  **Secret handling**: The secret names specified as inputs in the action are used to augment the input manifest files with imagePullSecrets values before deploying to the cluster. Also, checkout the [Azure/k8s-create-secret](https://github.com/Azure/k8s-create-secret) action for creation of generic or docker-registry secrets in the cluster.
+- **Secret handling**: The secret names specified as inputs in the action are used to augment the input manifest files with imagePullSecrets values before deploying to the cluster. Also, checkout the [Azure/k8s-create-secret](https://github.com/Azure/k8s-create-secret) action for creation of generic or docker-registry secrets in the cluster.
 
--  **Deployment strategy** Supports both canary and blue-green deployment strategies
+- **Deployment strategy** Supports both canary and blue-green deployment strategies
-
+   - **Canary strategy**: Workloads suffixed with '-baseline' and '-canary' are created. There are two methods of traffic splitting supported:
-   -  **Canary strategy**: Workloads suffixed with '-baseline' and '-canary' are created. There are two methods of traffic splitting supported:
+      - **Service Mesh Interface**: Service Mesh Interface abstraction allows for plug-and-play configuration with service mesh providers such as [Linkerd](https://linkerd.io/) and [Istio](https://istio.io/). Meanwhile, this action takes away the hard work of mapping SMI's TrafficSplit objects to the stable, baseline and canary services during the lifecycle of the deployment strategy. Service mesh based canary deployments using this action are more accurate as service mesh providers enable granular percentage traffic split (via service registry and sidecar containers injected into pods alongside application containers).
-      -  **Service Mesh Interface**: Service Mesh Interface abstraction allows for plug-and-play configuration with service mesh providers such as [Linkerd](https://linkerd.io/) and [Istio](https://istio.io/). Meanwhile, this action takes away the hard work of mapping SMI's TrafficSplit objects to the stable, baseline and canary services during the lifecycle of the deployment strategy. Service mesh based canary deployments using this action are more accurate as service mesh providers enable granular percentage traffic split (via service registry and sidecar containers injected into pods alongside application containers).
+      - **Only Kubernetes (no service mesh)**: In the absence of service mesh, while it may not be possible to achieve exact percentage split at the request level, it is still possible to perform canary deployments by deploying -baseline and -canary workload variants next to the stable variant. The service routes requests to pods of all three workload variants as the selector-label constraints are met (KubernetesManifest will honor these when creating -baseline and -canary variants). This achieves the intended effect of routing only a portion of total requests to the canary.
-      -  **Only Kubernetes (no service mesh)**: In the absence of service mesh, while it may not be possible to achieve exact percentage split at the request level, it is still possible to perform canary deployments by deploying -baseline and -canary workload variants next to the stable variant. The service routes requests to pods of all three workload variants as the selector-label constraints are met (KubernetesManifest will honor these when creating -baseline and -canary variants). This achieves the intended effect of routing only a portion of total requests to the canary.
+   - **Blue-Green strategy**: Choosing blue-green strategy with this action leads to creation of workloads suffixed with '-green'. An identified service is one that is supplied as part of the input manifest(s) and targets a workload in the supplied manifest(s). There are three route-methods supported in the action:
-   -  **Blue-Green strategy**: Choosing blue-green strategy with this action leads to creation of workloads suffixed with '-green'. An identified service is one that is supplied as part of the input manifest(s) and targets a workload in the supplied manifest(s). There are three route-methods supported in the action:
+      - **Service route-method**: Identified services are configured to target the green deployments.
-
+      - **Ingress route-method**: Along with deployments, new services are created with '-green' suffix (for identified services), and the ingresses are in turn updated to target the new services.
-      -  **Service route-method**: Identified services are configured to target the green deployments.
+      - **SMI route-method**: A new [TrafficSplit](https://github.com/servicemeshinterface/smi-spec/blob/master/apis/traffic-split/v1alpha3/traffic-split.md) object is created for each identified service. The TrafficSplit object is updated to target the new deployments. This works only if SMI is set up in the cluster.
-      -  **Ingress route-method**: Along with deployments, new services are created with '-green' suffix (for identified services), and the ingresses are in turn updated to target the new services.
-      -  **SMI route-method**: A new [TrafficSplit](https://github.com/servicemeshinterface/smi-spec/blob/master/apis/traffic-split/v1alpha3/traffic-split.md) object is created for each identified service. The TrafficSplit object is updated to target the new deployments. This works only if SMI is set up in the cluster.
 
       Traffic is routed to the new workloads only after the time provided as `version-switch-buffer` input has passed. The `promote` action creates workloads and services with new configurations but without any suffix. `reject` routes traffic back to the old workloads and deletes the '-green' workloads.
 
@@ -51,7 +49,7 @@ Following are the key capabilities of this action:
   </tr>
   <tr>
     <td>manifests </br></br>(Required)</td>
-    <td>Path to the manifest files to be used for deployment. These can also be directories containing manifest files, in which case, all manifest files in the referenced directory at every depth will be deployed. Files not ending in .yml or .yaml will be ignored.</td>
+    <td>Path to the manifest files to be used for deployment. These can also be directories containing manifest files, in which case, all manifest files in the referenced directory at every depth will be deployed, or URLs to manifest files (like https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/controllers/nginx-deployment.yaml). Files and URLs not ending in .yml or .yaml will be ignored.</td>
   </tr>
     <tr>
     <td>strategy </br></br>(Required)</td>
@@ -110,12 +108,40 @@ Following are the key capabilities of this action:
     <td>Acceptable values: true, false</br>Default value: false.</td>
   </tr>
   <tr>
-    <td>force </br></br>(Optional)</td>
+    <td>resource-group</br></br>(Optional)</td>
+    <td>Name of resource group - Only required if using private cluster</td>
+  </tr>
+  <tr>
+    <td>name</br></br>(Optional)</td>
+    <td>Name of the private cluster - Only required if using private cluster</td>
+  </tr>
+  <tr>
+    <td>force</br></br>(Optional)</td>
     <td>Deploy when a previous deployment already exists. If true then '--force' argument is added to the apply command. Using '--force' argument is not recommended in production.</td>
   </tr>
+  <tr>
+    <td>server-side </br></br>(Optional)</td>
+    <td>The apply command runs in the server instead of the client. If true then '--server-side' argument is added to the apply command.</td>
+  </tr>
+  <tr>
+    <td>timeout</br></br>(Optional)</td>
+    <td>Default value: 10m</br>Timeout for the rollout status. Accepts time units like '10m', '1h', '30s'. If only a number is provided (e.g., '30'), it is assumed to be minutes.</td>
+  </tr>
+  <tr>
+    <td>annotate-resources</br></br>(Optional)</td>
+    <td>Acceptable values: true/false</br>Default value: true</br>Switch whether to annotate the resources or not. If set to false all annotations are skipped completely.</td>
+  </tr>
   <tr>
     <td>annotate-namespace</br></br>(Optional)</td>
-    <td>Acceptable values: true/false</br>Default value: true</br>Switch whether to annotate the namespace resources object or not</td>
+    <td>Acceptable values: true/false</br>Default value: true</br>Switch whether to annotate the namespace resources object or not. Ignored when annotate-resources is set to false.</td>
+  </tr>
+  <tr>
+    <td>skip-tls-verify</br></br>(Optional)</td>
+    <td>Acceptable values: true/false</br>Default value: false</br>True if the insecure-skip-tls-verify option should be used</td>
+  </tr>
+  <tr>
+    <td>resource-type (Optional)</td>
+    <td>Acceptable values: `Microsoft.ContainerService/managedClusters` (default), 'Microsoft.ContainerService/fleets'</td>
   </tr>
 </table>
 
@@ -124,7 +150,7 @@ Following are the key capabilities of this action:
 ### Basic deployment (without any deployment strategy)
 
 ```yaml
-- uses: Azure/k8s-deploy@v3.1
+- uses: Azure/k8s-deploy@v5
   with:
      namespace: 'myapp'
      manifests: |
@@ -138,7 +164,7 @@ Following are the key capabilities of this action:
 ### Private cluster deployment
 
 ```yaml
-- uses: Azure/k8s-deploy@v4
+- uses: Azure/k8s-deploy@v5
   with:
      resource-group: yourResourceGroup
      name: yourClusterName
@@ -158,7 +184,7 @@ Following are the key capabilities of this action:
 ### Canary deployment without service mesh
 
 ```yaml
-- uses: Azure/k8s-deploy@v3.1
+- uses: Azure/k8s-deploy@v5
   with:
      namespace: 'myapp'
      images: 'contoso.azurecr.io/myapp:${{ event.run_id }}'
@@ -177,7 +203,7 @@ Following are the key capabilities of this action:
 To promote/reject the canary created by the above snippet, the following YAML snippet could be used:
 
 ```yaml
-- uses: Azure/k8s-deploy@v3.1
+- uses: Azure/k8s-deploy@v5
   with:
      namespace: 'myapp'
      images: 'contoso.azurecr.io/myapp:${{ event.run_id }}'
@@ -195,7 +221,7 @@ To promote/reject the canary created by the above snippet, the following YAML sn
 ### Canary deployment based on Service Mesh Interface
 
 ```yaml
-- uses: Azure/k8s-deploy@v3.1
+- uses: Azure/k8s-deploy@v5
   with:
      namespace: 'myapp'
      images: 'contoso.azurecr.io/myapp:${{ event.run_id }}'
@@ -216,7 +242,7 @@ To promote/reject the canary created by the above snippet, the following YAML sn
 To promote/reject the canary created by the above snippet, the following YAML snippet could be used:
 
 ```yaml
-- uses: Azure/k8s-deploy@v3.1
+- uses: Azure/k8s-deploy@v5
   with:
      namespace: 'myapp'
      images: 'contoso.azurecr.io/myapp:${{ event.run_id }} '
@@ -235,7 +261,7 @@ To promote/reject the canary created by the above snippet, the following YAML sn
 ### Blue-Green deployment with different route methods
 
 ```yaml
-- uses: Azure/k8s-deploy@v3.1
+- uses: Azure/k8s-deploy@v5
   with:
      namespace: 'myapp'
      images: 'contoso.azurecr.io/myapp:${{ event.run_id }}'
@@ -255,7 +281,7 @@ To promote/reject the canary created by the above snippet, the following YAML sn
 To promote/reject the green workload created by the above snippet, the following YAML snippet could be used:
 
 ```yaml
-- uses: Azure/k8s-deploy@v3.1
+- uses: Azure/k8s-deploy@v5
   with:
      namespace: 'myapp'
      images: 'contoso.azurecr.io/myapp:${{ event.run_id }}'
@@ -284,9 +310,9 @@ jobs:
    build:
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/checkout@master
+         - uses: actions/checkout@v6
 
-         - uses: Azure/docker-login@v1
+         - uses: Azure/docker-login@v2
            with:
               login-server: contoso.azurecr.io
               username: ${{ secrets.REGISTRY_USERNAME }}
@@ -296,23 +322,23 @@ jobs:
               docker build . -t contoso.azurecr.io/k8sdemo:${{ github.sha }}
               docker push contoso.azurecr.io/k8sdemo:${{ github.sha }}
 
-         - uses: azure/setup-kubectl@v2.0
+         - uses: azure/setup-kubectl@v4
 
          # Set the target AKS cluster.
-         - uses: Azure/aks-set-context@v1
+         - uses: Azure/aks-set-context@v4
            with:
               creds: '${{ secrets.AZURE_CREDENTIALS }}'
               cluster-name: contoso
               resource-group: contoso-rg
 
-         - uses: Azure/k8s-create-secret@v1.1
+         - uses: Azure/k8s-create-secret@v5
            with:
               container-registry-url: contoso.azurecr.io
               container-registry-username: ${{ secrets.REGISTRY_USERNAME }}
               container-registry-password: ${{ secrets.REGISTRY_PASSWORD }}
               secret-name: demo-k8s-secret
 
-         - uses: Azure/k8s-deploy@v3.1
+         - uses: Azure/k8s-deploy@v5
            with:
               action: deploy
               manifests: |
@@ -333,9 +359,9 @@ jobs:
    build:
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/checkout@master
+         - uses: actions/checkout@v6
 
-         - uses: Azure/docker-login@v1
+         - uses: Azure/docker-login@v2
            with:
               login-server: contoso.azurecr.io
               username: ${{ secrets.REGISTRY_USERNAME }}
@@ -345,20 +371,20 @@ jobs:
               docker build . -t contoso.azurecr.io/k8sdemo:${{ github.sha }}
               docker push contoso.azurecr.io/k8sdemo:${{ github.sha }}
 
-         - uses: azure/setup-kubectl@v2.0
+         - uses: azure/setup-kubectl@v4
 
-         - uses: Azure/k8s-set-context@v2
+         - uses: Azure/k8s-set-context@v4
            with:
               kubeconfig: ${{ secrets.KUBE_CONFIG }}
 
-         - uses: Azure/k8s-create-secret@v1.1
+         - uses: Azure/k8s-create-secret@v5
            with:
               container-registry-url: contoso.azurecr.io
               container-registry-username: ${{ secrets.REGISTRY_USERNAME }}
               container-registry-password: ${{ secrets.REGISTRY_PASSWORD }}
               secret-name: demo-k8s-secret
 
-         - uses: Azure/k8s-deploy@v3.1
+         - uses: Azure/k8s-deploy@v5
            with:
               action: deploy
               manifests: |
@@ -383,9 +409,9 @@ jobs:
    build:
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/checkout@master
+         - uses: actions/checkout@v6
 
-         - uses: Azure/docker-login@v1
+         - uses: Azure/docker-login@v2
            with:
               login-server: contoso.azurecr.io
               username: ${{ secrets.REGISTRY_USERNAME }}
@@ -407,24 +433,24 @@ jobs:
    deploy:
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/checkout@master
+         - uses: actions/checkout@v6
 
-         - uses: Azure/docker-login@v1
+         - uses: Azure/docker-login@v2
            with:
               login-server: contoso.azurecr.io
               username: ${{ secrets.REGISTRY_USERNAME }}
               password: ${{ secrets.REGISTRY_PASSWORD }}
 
-         - uses: azure/setup-kubectl@v2.0
+         - uses: azure/setup-kubectl@v4
 
          # Set the target AKS cluster.
-         - uses: Azure/aks-set-context@v1
+         - uses: Azure/aks-set-context@v4
            with:
               creds: '${{ secrets.AZURE_CREDENTIALS }}'
               cluster-name: contoso
               resource-group: contoso-rg
 
-         - uses: Azure/k8s-create-secret@v1.1
+         - uses: Azure/k8s-create-secret@v5
            with:
               namespace: ${{ env.NAMESPACE  }}
               container-registry-url: contoso.azurecr.io
@@ -432,7 +458,7 @@ jobs:
               container-registry-password: ${{ secrets.REGISTRY_PASSWORD }}
               secret-name: demo-k8s-secret
 
-         - uses: azure/k8s-bake@v2
+         - uses: azure/k8s-bake@v3
            with:
               renderEngine: 'helm'
               helmChart: './aks-helloworld/'
@@ -442,7 +468,7 @@ jobs:
               helm-version: 'latest'
            id: bake
 
-         - uses: Azure/k8s-deploy@v1.2
+         - uses: Azure/k8s-deploy@v5
            with:
               action: deploy
               manifests: ${{ steps.bake.outputs.manifestsBundle }}
@@ -454,9 +480,9 @@ jobs:
 
 ## Traceability Fields Support
 
--  Environment variable `HELM_CHART_PATHS` is a list of helmchart files expected by k8s-deploy - it will be populated automatically if you are using k8s-bake to generate the manifests.
+- Environment variable `HELM_CHART_PATHS` is a list of helmchart files expected by k8s-deploy - it will be populated automatically if you are using k8s-bake to generate the manifests.
--  Use script to build image and add dockerfile-path label to it. The value expected is the link to the dockerfile: https://github.com/${{github.repo}}/blob/${{github.sha}}/Dockerfile. If your dockerfile is in the same repo and branch where the workflow is run, it can be a relative path and it will be converted to a link for traceability.
+- Use script to build image and add dockerfile-path label to it. The value expected is the link to the dockerfile: https://github.com/${{github.repo}}/blob/${{github.sha}}/Dockerfile. If your dockerfile is in the same repo and branch where the workflow is run, it can be a relative path and it will be converted to a link for traceability.
--  Run docker login action for each image registry - in case image build and image deploy are two distinct jobs in the same or separate workflows.
+- Run docker login action for each image registry - in case image build and image deploy are two distinct jobs in the same or separate workflows.
 
 ## Contributing
 
@@ -471,3 +497,7 @@ provided by the bot. You will only need to do this once across all repos using o
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
 contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+
+## Support
+
+k8s-deploy is an open source project that is [**not** covered by the Microsoft Azure support policy](https://support.microsoft.com/en-us/help/2941892/support-for-linux-and-open-source-technology-in-azure). [Please search open issues here](https://github.com/Azure/k8s-deploy/issues), and if your issue isn't already represented please [open a new one](https://github.com/Azure/k8s-deploy/issues/new/choose). The project maintainers will respond to the best of their abilities.

SECURITY.md

@@ -14,13 +14,13 @@ You should receive a response within 24 hours. If for some reason you do not, pl
 
 Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
 
--  Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
--  Full paths of source file(s) related to the manifestation of the issue
+- Full paths of source file(s) related to the manifestation of the issue
--  The location of the affected source code (tag/branch/commit or direct URL)
+- The location of the affected source code (tag/branch/commit or direct URL)
--  Any special configuration required to reproduce the issue
+- Any special configuration required to reproduce the issue
--  Step-by-step instructions to reproduce the issue
+- Step-by-step instructions to reproduce the issue
--  Proof-of-concept or exploit code (if possible)
+- Proof-of-concept or exploit code (if possible)
--  Impact of the issue, including how an attacker might exploit the issue
+- Impact of the issue, including how an attacker might exploit the issue
 
 This information will help us triage your report more quickly.
 

action.yml

@@ -4,8 +4,9 @@ inputs:
    # Please ensure you have used either azure/k8s-actions/aks-set-context or azure/k8s-actions/k8s-set-context in the workflow before this action
    # You also need to have kubectl installed (azure/setup-kubectl)
    namespace:
-      description: 'Choose the target Kubernetes namespace. If the namespace is not provided, the commands will run in the default namespace.'
+      description: 'Choose the target Kubernetes namespace. If the namespace is not provided, the commands will automatically use the namespace defined in the manifest files first or otherwise run in the default namespace.'
       required: false
+      default: ''
    manifests:
       description: 'Path to the manifest files which will be used for deployment.'
       required: true
@@ -54,12 +55,24 @@ inputs:
       description: 'Deploy when a previous deployment already exists. If true then --force argument is added to the apply command'
       required: false
       default: false
+   server-side:
+      description: 'The apply command runs in the server instead of the client. If true then --server-side argument is added to the apply command.'
+      required: false
+      default: false
+   timeout:
+      description: 'Timeout for the rollout status'
+      required: false
+      default: 10m
    token:
       description: 'Github token'
       default: ${{ github.token }}
       required: true
+   annotate-resources:
+      description: 'Annotate the resources. If set to false all annotations are skipped completely.'
+      required: false
+      default: true
    annotate-namespace:
-      description: 'Annotate the target namespace'
+      description: 'Annotate the target namespace. Ignored when annotate-resources is set to false or no namespace is provided.'
       required: false
       default: true
    private-cluster:
@@ -70,11 +83,18 @@ inputs:
       description: 'Name of resource group - Only required if using private cluster'
       required: false
    name:
-      description: 'Resource group name - Only required if using private cluster'
+      description: 'Name of the private cluster - Only required if using private cluster'
       required: false
+   skip-tls-verify:
+      description: True if the insecure-skip-tls-verify option should be used. Input should be 'true' or 'false'.
+      default: false
+   resource-type:
+      description: Either Microsoft.ContainerService/managedClusters or Microsoft.ContainerService/fleets'.
+      required: false
+      default: 'Microsoft.ContainerService/managedClusters'
 
 branding:
    color: 'green'
 runs:
-   using: 'node16'
+   using: 'node24'
    main: 'lib/index.js'

babel.config.js

@@ -0,0 +1,6 @@
+module.exports = {
+   presets: [
+      ['@babel/preset-env', {targets: {node: 'current'}}],
+      '@babel/preset-typescript'
+   ]
+}

jest.config.js

@@ -1,10 +0,0 @@
-module.exports = {
-   clearMocks: true,
-   moduleFileExtensions: ['js', 'ts'],
-   testEnvironment: 'node',
-   testMatch: ['**/*.test.ts'],
-   transform: {
-      '^.+\\.ts$': 'ts-jest'
-   },
-   verbose: true
-}

package.json

@@ -1,32 +1,36 @@
 {
    "name": "k8s-deploy-action",
-   "version": "0.0.0",
+   "version": "6.0.0",
    "author": "Deepak Sattiraju",
    "license": "MIT",
+   "type": "module",
    "scripts": {
-      "build": "ncc build src/run.ts -o lib",
+      "build": "tsc --noEmit && esbuild src/run.ts --bundle --platform=node --target=node20 --format=esm --outfile=lib/index.js --banner:js=\"import { createRequire } from 'module';const require = createRequire(import.meta.url);\"",
-      "test": "jest",
+      "typecheck": "tsc --noEmit",
-      "coverage": "jest --coverage=true",
+      "test": "vitest run",
+      "coverage": "vitest run --coverage",
       "format": "prettier --write .",
-      "format-check": "prettier --check ."
+      "format-check": "prettier --check .",
+      "prepare": "husky"
    },
    "dependencies": {
-      "@actions/core": "^1.9.1",
+      "@actions/core": "^3.0.1",
-      "@actions/exec": "^1.0.0",
+      "@actions/exec": "^3.0.0",
-      "@actions/io": "^1.0.0",
+      "@actions/io": "^3.0.2",
-      "@actions/tool-cache": "1.1.2",
+      "@actions/tool-cache": "4.0.0",
-      "@octokit/core": "^3.5.1",
+      "@octokit/core": "^7.0.6",
-      "@octokit/plugin-retry": "^3.0.9",
+      "@octokit/plugin-retry": "^8.1.0",
-      "@types/minipass": "^3.1.2",
+      "js-yaml": "4.2.0",
-      "js-yaml": "3.13.1"
+      "minimist": "^1.2.8"
    },
    "devDependencies": {
-      "@types/jest": "^26.0.0",
+      "@types/js-yaml": "^4.0.9",
-      "@types/js-yaml": "^3.12.7",
+      "@types/minimist": "^1.2.5",
-      "@types/node": "^12.20.41",
+      "@types/node": "^25.9.3",
-      "jest": "^26.0.0",
+      "esbuild": "^0.28",
-      "prettier": "^2.7.1",
+      "husky": "^9.1.7",
-      "ts-jest": "^26.0.0",
+      "prettier": "^3.8.4",
-      "typescript": "3.9.5"
+      "typescript": "6.0.3",
+      "vitest": "^4"
    }
 }

src/actions/deploy.ts

@@ -1,23 +1,28 @@
 import * as core from '@actions/core'
-import * as models from '../types/kubernetesTypes'
+import * as models from '../types/kubernetesTypes.js'
-import * as KubernetesConstants from '../types/kubernetesTypes'
+import * as KubernetesConstants from '../types/kubernetesTypes.js'
-import {Kubectl, Resource} from '../types/kubectl'
+import {Kubectl, Resource} from '../types/kubectl.js'
 import {
    getResources,
    updateManifestFiles
-} from '../utilities/manifestUpdateUtils'
+} from '../utilities/manifestUpdateUtils.js'
 import {
    annotateAndLabelResources,
    checkManifestStability,
    deployManifests
-} from '../strategyHelpers/deploymentHelper'
+} from '../strategyHelpers/deploymentHelper.js'
-import {DeploymentStrategy} from '../types/deploymentStrategy'
+import {DeploymentStrategy} from '../types/deploymentStrategy.js'
-import {parseTrafficSplitMethod} from '../types/trafficSplitMethod'
+import {parseTrafficSplitMethod} from '../types/trafficSplitMethod.js'
-
+import {ClusterType} from '../inputUtils.js'
+export const ResourceTypeManagedCluster =
+   'Microsoft.ContainerService/managedClusters'
+export const ResourceTypeFleet = 'Microsoft.ContainerService/fleets'
 export async function deploy(
    kubectl: Kubectl,
    manifestFilePaths: string[],
-   deploymentStrategy: DeploymentStrategy
+   deploymentStrategy: DeploymentStrategy,
+   resourceType: ClusterType,
+   timeout?: string
 ) {
    // update manifests
    const inputManifestFiles: string[] = updateManifestFiles(manifestFilePaths)
@@ -32,7 +37,8 @@ export async function deploy(
       inputManifestFiles,
       deploymentStrategy,
       kubectl,
-      trafficSplitMethod
+      trafficSplitMethod,
+      timeout
    )
    core.debug(`Deployed manifest files: ${deployedManifestFiles}`)
    core.endGroup()
@@ -45,7 +51,8 @@ export async function deploy(
          KubernetesConstants.DiscoveryAndLoadBalancerResource.SERVICE
       ])
    )
-   await checkManifestStability(kubectl, resourceTypes)
+
+   await checkManifestStability(kubectl, resourceTypes, resourceType, timeout)
    core.endGroup()
 
    // print ingresses
@@ -56,24 +63,19 @@ export async function deploy(
    for (const ingressResource of ingressResources) {
       await kubectl.getResource(
          KubernetesConstants.DiscoveryAndLoadBalancerResource.INGRESS,
-         ingressResource.name
+         ingressResource.name,
+         false,
+         ingressResource.namespace
       )
    }
    core.endGroup()
 
    // annotate resources
    core.startGroup('Annotating resources')
-   let allPods
-   try {
-      allPods = JSON.parse((await kubectl.getAllPods()).stdout)
-   } catch (e) {
-      core.debug(`Unable to parse pods: ${e}`)
-   }
    await annotateAndLabelResources(
       deployedManifestFiles,
       kubectl,
-      resourceTypes,
+      resourceTypes
-      allPods
    )
    core.endGroup()
 }

src/actions/promote.ts

@@ -1,60 +1,69 @@
 import * as core from '@actions/core'
-import * as canaryDeploymentHelper from '../strategyHelpers/canary/canaryHelper'
+import * as canaryDeploymentHelper from '../strategyHelpers/canary/canaryHelper.js'
-import * as SMICanaryDeploymentHelper from '../strategyHelpers/canary/smiCanaryHelper'
+import * as SMICanaryDeploymentHelper from '../strategyHelpers/canary/smiCanaryHelper.js'
-import * as PodCanaryHelper from '../strategyHelpers/canary/podCanaryHelper'
+import * as PodCanaryHelper from '../strategyHelpers/canary/podCanaryHelper.js'
 import {
    getResources,
    updateManifestFiles
-} from '../utilities/manifestUpdateUtils'
+} from '../utilities/manifestUpdateUtils.js'
-import * as models from '../types/kubernetesTypes'
+import {annotateAndLabelResources} from '../strategyHelpers/deploymentHelper.js'
-import * as KubernetesManifestUtility from '../utilities/manifestStabilityUtils'
+import * as models from '../types/kubernetesTypes.js'
+import * as KubernetesManifestUtility from '../utilities/manifestStabilityUtils.js'
 import {
    deleteGreenObjects,
    getManifestObjects,
    NONE_LABEL_VALUE
-} from '../strategyHelpers/blueGreen/blueGreenHelper'
+} from '../strategyHelpers/blueGreen/blueGreenHelper.js'
 
-import {BlueGreenManifests} from '../types/blueGreenTypes'
+import {BlueGreenManifests} from '../types/blueGreenTypes.js'
+import {DeployResult} from '../types/deployResult.js'
 
 import {
    promoteBlueGreenIngress,
    promoteBlueGreenService,
    promoteBlueGreenSMI
-} from '../strategyHelpers/blueGreen/promote'
+} from '../strategyHelpers/blueGreen/promote.js'
 
 import {
    routeBlueGreenService,
    routeBlueGreenIngressUnchanged,
    routeBlueGreenSMI
-} from '../strategyHelpers/blueGreen/route'
+} from '../strategyHelpers/blueGreen/route.js'
 
-import {cleanupSMI} from '../strategyHelpers/blueGreen/smiBlueGreenHelper'
+import {cleanupSMI} from '../strategyHelpers/blueGreen/smiBlueGreenHelper.js'
-import {Kubectl, Resource} from '../types/kubectl'
+import {Kubectl, Resource} from '../types/kubectl.js'
-import {DeploymentStrategy} from '../types/deploymentStrategy'
+import {DeploymentStrategy} from '../types/deploymentStrategy.js'
 import {
    parseTrafficSplitMethod,
    TrafficSplitMethod
-} from '../types/trafficSplitMethod'
+} from '../types/trafficSplitMethod.js'
-import {parseRouteStrategy, RouteStrategy} from '../types/routeStrategy'
+import {parseRouteStrategy, RouteStrategy} from '../types/routeStrategy.js'
+import {ClusterType} from '../inputUtils.js'
 
 export async function promote(
    kubectl: Kubectl,
    manifests: string[],
-   deploymentStrategy: DeploymentStrategy
+   deploymentStrategy: DeploymentStrategy,
+   resourceType: ClusterType,
+   timeout?: string
 ) {
    switch (deploymentStrategy) {
       case DeploymentStrategy.CANARY:
-         await promoteCanary(kubectl, manifests)
+         await promoteCanary(kubectl, manifests, timeout)
          break
       case DeploymentStrategy.BLUE_GREEN:
-         await promoteBlueGreen(kubectl, manifests)
+         await promoteBlueGreen(kubectl, manifests, resourceType, timeout)
          break
       default:
          throw Error('Invalid promote deployment strategy')
    }
 }
 
-async function promoteCanary(kubectl: Kubectl, manifests: string[]) {
+async function promoteCanary(
+   kubectl: Kubectl,
+   manifests: string[],
+   timeout?: string
+) {
    let includeServices = false
 
    const manifestFilesForDeployment: string[] = updateManifestFiles(manifests)
@@ -62,6 +71,8 @@ async function promoteCanary(kubectl: Kubectl, manifests: string[]) {
    const trafficSplitMethod = parseTrafficSplitMethod(
       core.getInput('traffic-split-method', {required: true})
    )
+   let promoteResult: DeployResult
+   let filesToAnnotate: string[]
    if (trafficSplitMethod == TrafficSplitMethod.SMI) {
       includeServices = true
 
@@ -70,33 +81,46 @@ async function promoteCanary(kubectl: Kubectl, manifests: string[]) {
       core.startGroup('Redirecting traffic to canary deployment')
       await SMICanaryDeploymentHelper.redirectTrafficToCanaryDeployment(
          kubectl,
-         manifests
+         manifests,
+         timeout
       )
       core.endGroup()
 
       core.startGroup(
          'Deploying input manifests with SMI canary strategy from promote'
       )
-      await SMICanaryDeploymentHelper.deploySMICanary(
+
+      promoteResult = await SMICanaryDeploymentHelper.deploySMICanary(
          manifestFilesForDeployment,
          kubectl,
-         true
+         true,
+         timeout
       )
+
       core.endGroup()
 
       core.startGroup('Redirecting traffic to stable deployment')
-      await SMICanaryDeploymentHelper.redirectTrafficToStableDeployment(
+      const stableRedirectManifests =
-         kubectl,
+         await SMICanaryDeploymentHelper.redirectTrafficToStableDeployment(
-         manifests
+            kubectl,
+            manifests,
+            timeout
+         )
+
+      filesToAnnotate = promoteResult.manifestFiles.concat(
+         stableRedirectManifests
       )
+
       core.endGroup()
    } else {
       core.startGroup('Deploying input manifests from promote')
-      await PodCanaryHelper.deployPodCanary(
+      promoteResult = await PodCanaryHelper.deployPodCanary(
          manifestFilesForDeployment,
          kubectl,
-         true
+         true,
+         timeout
       )
+      filesToAnnotate = promoteResult.manifestFiles
       core.endGroup()
    }
 
@@ -113,9 +137,25 @@ async function promoteCanary(kubectl: Kubectl, manifests: string[]) {
       )
    }
    core.endGroup()
+
+   // annotate resources
+   core.startGroup('Annotating resources')
+   const resources: Resource[] = getResources(
+      filesToAnnotate,
+      models.DEPLOYMENT_TYPES.concat([
+         models.DiscoveryAndLoadBalancerResource.SERVICE
+      ])
+   )
+   await annotateAndLabelResources(filesToAnnotate, kubectl, resources)
+   core.endGroup()
 }
 
-async function promoteBlueGreen(kubectl: Kubectl, manifests: string[]) {
+async function promoteBlueGreen(
+   kubectl: Kubectl,
+   manifests: string[],
+   resourceType: ClusterType,
+   timeout?: string
+) {
    // update container images and pull secrets
    const inputManifestFiles: string[] = updateManifestFiles(manifests)
    const manifestObjects: BlueGreenManifests =
@@ -130,11 +170,19 @@ async function promoteBlueGreen(kubectl: Kubectl, manifests: string[]) {
    const {deployResult} = await (async () => {
       switch (routeStrategy) {
          case RouteStrategy.INGRESS:
-            return await promoteBlueGreenIngress(kubectl, manifestObjects)
+            return await promoteBlueGreenIngress(
+               kubectl,
+               manifestObjects,
+               timeout
+            )
          case RouteStrategy.SMI:
-            return await promoteBlueGreenSMI(kubectl, manifestObjects)
+            return await promoteBlueGreenSMI(kubectl, manifestObjects, timeout)
          default:
-            return await promoteBlueGreenService(kubectl, manifestObjects)
+            return await promoteBlueGreenService(
+               kubectl,
+               manifestObjects,
+               timeout
+            )
       }
    })()
 
@@ -149,7 +197,12 @@ async function promoteBlueGreen(kubectl: Kubectl, manifests: string[]) {
          models.DiscoveryAndLoadBalancerResource.SERVICE
       ])
    )
-   await KubernetesManifestUtility.checkManifestStability(kubectl, resources)
+   await KubernetesManifestUtility.checkManifestStability(
+      kubectl,
+      resources,
+      resourceType,
+      timeout
+   )
    core.endGroup()
 
    core.startGroup(
@@ -167,7 +220,8 @@ async function promoteBlueGreen(kubectl: Kubectl, manifests: string[]) {
          [].concat(
             manifestObjects.deploymentEntityList,
             manifestObjects.serviceEntityList
-         )
+         ),
+         timeout
       )
    } else if (routeStrategy == RouteStrategy.SMI) {
       await routeBlueGreenSMI(
@@ -175,15 +229,28 @@ async function promoteBlueGreen(kubectl: Kubectl, manifests: string[]) {
          NONE_LABEL_VALUE,
          manifestObjects.serviceEntityList
       )
-      await deleteGreenObjects(kubectl, manifestObjects.deploymentEntityList)
+      await deleteGreenObjects(
-      await cleanupSMI(kubectl, manifestObjects.serviceEntityList)
+         kubectl,
+         manifestObjects.deploymentEntityList,
+         timeout
+      )
+      await cleanupSMI(kubectl, manifestObjects.serviceEntityList, timeout)
    } else {
       await routeBlueGreenService(
          kubectl,
          NONE_LABEL_VALUE,
          manifestObjects.serviceEntityList
       )
-      await deleteGreenObjects(kubectl, manifestObjects.deploymentEntityList)
+      await deleteGreenObjects(
+         kubectl,
+         manifestObjects.deploymentEntityList,
+         timeout
+      )
    }
    core.endGroup()
+
+   // annotate resources
+   core.startGroup('Annotating resources')
+   await annotateAndLabelResources(deployedManifestFiles, kubectl, resources)
+   core.endGroup()
 }

src/actions/reject.ts

@@ -1,39 +1,44 @@
 import * as core from '@actions/core'
-import * as canaryDeploymentHelper from '../strategyHelpers/canary/canaryHelper'
+import * as canaryDeploymentHelper from '../strategyHelpers/canary/canaryHelper.js'
-import * as SMICanaryDeploymentHelper from '../strategyHelpers/canary/smiCanaryHelper'
+import * as SMICanaryDeploymentHelper from '../strategyHelpers/canary/smiCanaryHelper.js'
-import {Kubectl} from '../types/kubectl'
+import {Kubectl} from '../types/kubectl.js'
-import {BlueGreenManifests} from '../types/blueGreenTypes'
+import {BlueGreenManifests} from '../types/blueGreenTypes.js'
 import {
    rejectBlueGreenIngress,
    rejectBlueGreenService,
    rejectBlueGreenSMI
-} from '../strategyHelpers/blueGreen/reject'
+} from '../strategyHelpers/blueGreen/reject.js'
-import {getManifestObjects} from '../strategyHelpers/blueGreen/blueGreenHelper'
+import {getManifestObjects} from '../strategyHelpers/blueGreen/blueGreenHelper.js'
-import {DeploymentStrategy} from '../types/deploymentStrategy'
+import {DeploymentStrategy} from '../types/deploymentStrategy.js'
 import {
    parseTrafficSplitMethod,
    TrafficSplitMethod
-} from '../types/trafficSplitMethod'
+} from '../types/trafficSplitMethod.js'
-import {parseRouteStrategy, RouteStrategy} from '../types/routeStrategy'
+import {parseRouteStrategy, RouteStrategy} from '../types/routeStrategy.js'
 
 export async function reject(
    kubectl: Kubectl,
    manifests: string[],
-   deploymentStrategy: DeploymentStrategy
+   deploymentStrategy: DeploymentStrategy,
+   timeout?: string
 ) {
    switch (deploymentStrategy) {
       case DeploymentStrategy.CANARY:
-         await rejectCanary(kubectl, manifests)
+         await rejectCanary(kubectl, manifests, timeout)
          break
       case DeploymentStrategy.BLUE_GREEN:
-         await rejectBlueGreen(kubectl, manifests)
+         await rejectBlueGreen(kubectl, manifests, timeout)
          break
       default:
          throw 'Invalid delete deployment strategy'
    }
 }
 
-async function rejectCanary(kubectl: Kubectl, manifests: string[]) {
+async function rejectCanary(
+   kubectl: Kubectl,
+   manifests: string[],
+   timeout?: string
+) {
    let includeServices = false
 
    const trafficSplitMethod = parseTrafficSplitMethod(
@@ -44,7 +49,8 @@ async function rejectCanary(kubectl: Kubectl, manifests: string[]) {
       includeServices = true
       await SMICanaryDeploymentHelper.redirectTrafficToStableDeployment(
          kubectl,
-         manifests
+         manifests,
+         timeout
       )
       core.endGroup()
    }
@@ -53,12 +59,17 @@ async function rejectCanary(kubectl: Kubectl, manifests: string[]) {
    await canaryDeploymentHelper.deleteCanaryDeployment(
       kubectl,
       manifests,
-      includeServices
+      includeServices,
+      timeout
    )
    core.endGroup()
 }
 
-async function rejectBlueGreen(kubectl: Kubectl, manifests: string[]) {
+async function rejectBlueGreen(
+   kubectl: Kubectl,
+   manifests: string[],
+   timeout?: string
+) {
    const routeStrategy = parseRouteStrategy(
       core.getInput('route-method', {required: true})
    )
@@ -67,11 +78,11 @@ async function rejectBlueGreen(kubectl: Kubectl, manifests: string[]) {
    const manifestObjects: BlueGreenManifests = getManifestObjects(manifests)
 
    if (routeStrategy == RouteStrategy.INGRESS) {
-      await rejectBlueGreenIngress(kubectl, manifestObjects)
+      await rejectBlueGreenIngress(kubectl, manifestObjects, timeout)
    } else if (routeStrategy == RouteStrategy.SMI) {
-      await rejectBlueGreenSMI(kubectl, manifestObjects)
+      await rejectBlueGreenSMI(kubectl, manifestObjects, timeout)
    } else {
-      await rejectBlueGreenService(kubectl, manifestObjects)
+      await rejectBlueGreenService(kubectl, manifestObjects, timeout)
    }
    core.endGroup()
 }

src/inputUtils.test.ts

@@ -0,0 +1,33 @@
+import {parseResourceTypeInput} from './inputUtils.js'
+import {
+   ResourceTypeFleet,
+   ResourceTypeManagedCluster
+} from './actions/deploy.js'
+
+describe('InputUtils', () => {
+   describe('parseResourceTypeInput', () => {
+      it('should extract fleet exact match resource type', () => {
+         expect(
+            parseResourceTypeInput('Microsoft.ContainerService/fleets')
+         ).toEqual(ResourceTypeFleet)
+      })
+      it('should match fleet case-insensitively', () => {
+         expect(
+            parseResourceTypeInput('Microsoft.containerservice/fleets')
+         ).toEqual(ResourceTypeFleet)
+      })
+      it('should match managed cluster case-insensitively', () => {
+         expect(
+            parseResourceTypeInput('Microsoft.containerservice/MAnaGedClusterS')
+         ).toEqual(ResourceTypeManagedCluster)
+      })
+      it('should error on unexpected values', () => {
+         expect(() => {
+            parseResourceTypeInput('icrosoft.ContainerService/ManagedCluster')
+         }).toThrow()
+         expect(() => {
+            parseResourceTypeInput('wrong-value')
+         }).toThrow()
+      })
+   })
+})

src/inputUtils.ts

@@ -1,5 +1,9 @@
 import * as core from '@actions/core'
-import {parseAnnotations} from './types/annotations'
+import {parseAnnotations} from './types/annotations.js'
+import {
+   ResourceTypeFleet,
+   ResourceTypeManagedCluster
+} from './actions/deploy.js'
 
 export const inputAnnotations = parseAnnotations(
    core.getInput('annotations', {required: false})
@@ -14,3 +18,18 @@ export function getBufferTime(): number {
 
    return inputBufferTime
 }
+
+export function parseResourceTypeInput(rawInput: string): ClusterType {
+   switch (rawInput.toLowerCase()) {
+      case ResourceTypeFleet.toLowerCase():
+         return ResourceTypeFleet
+      case ResourceTypeManagedCluster.toLowerCase():
+         return ResourceTypeManagedCluster
+   }
+   throw new Error(
+      `Invalid resource type: ${rawInput}. Supported resource types are: ${ResourceTypeManagedCluster} (default), ${ResourceTypeFleet}`
+   )
+}
+export type ClusterType =
+   | typeof ResourceTypeManagedCluster
+   | typeof ResourceTypeFleet

src/run.ts

@@ -1,12 +1,19 @@
 import * as core from '@actions/core'
-import {getKubectlPath, Kubectl} from './types/kubectl'
+import {getKubectlPath, Kubectl} from './types/kubectl.js'
-import {deploy} from './actions/deploy'
+import {
-import {promote} from './actions/promote'
+   deploy,
-import {reject} from './actions/reject'
+   ResourceTypeFleet,
-import {Action, parseAction} from './types/action'
+   ResourceTypeManagedCluster
-import {parseDeploymentStrategy} from './types/deploymentStrategy'
+} from './actions/deploy.js'
-import {getFilesFromDirectories} from './utilities/fileUtils'
+import {ClusterType} from './inputUtils.js'
-import {PrivateKubectl} from './types/privatekubectl'
+import {promote} from './actions/promote.js'
+import {reject} from './actions/reject.js'
+import {Action, parseAction} from './types/action.js'
+import {parseDeploymentStrategy} from './types/deploymentStrategy.js'
+import {getFilesFromDirectoriesAndURLs} from './utilities/fileUtils.js'
+import {PrivateKubectl} from './types/privatekubectl.js'
+import {parseResourceTypeInput} from './inputUtils.js'
+import {parseDuration} from './utilities/durationUtils.js'
 
 export async function run() {
    // verify kubeconfig is set
@@ -26,36 +33,71 @@ export async function run() {
       .map((manifest) => manifest.trim()) // remove surrounding whitespace
       .filter((manifest) => manifest.length > 0) // remove any blanks
 
-   const fullManifestFilePaths = getFilesFromDirectories(manifestFilePaths)
+   const fullManifestFilePaths =
+      await getFilesFromDirectoriesAndURLs(manifestFilePaths)
    const kubectlPath = await getKubectlPath()
-   const namespace = core.getInput('namespace') || 'default'
+   const namespace = core.getInput('namespace') || '' // Sets namespace to an empty string if not provided, allowing the manifest-defined namespace to take precedence instead of "default".
    const isPrivateCluster =
       core.getInput('private-cluster').toLowerCase() === 'true'
    const resourceGroup = core.getInput('resource-group') || ''
    const resourceName = core.getInput('name') || ''
+   const skipTlsVerify = core.getBooleanInput('skip-tls-verify')
+
+   let resourceType: ClusterType
+   try {
+      // included in the trycatch to allow raw input to go out of scope after parsing
+      const resourceTypeInput = core.getInput('resource-type')
+      resourceType = parseResourceTypeInput(resourceTypeInput)
+   } catch (e) {
+      core.setFailed(e)
+      return
+   }
+
+   // Parse and validate timeout using extracted utility
+   let timeout: string
+   try {
+      const timeoutInput = core.getInput('timeout') || '10m'
+      timeout = parseDuration(timeoutInput)
+      core.debug(`Using timeout: ${timeout}`)
+   } catch (e) {
+      core.setFailed(`Invalid timeout parameter: ${e.message}`)
+      return
+   }
 
    const kubectl = isPrivateCluster
       ? new PrivateKubectl(
            kubectlPath,
            namespace,
-           true,
+           skipTlsVerify,
            resourceGroup,
            resourceName
         )
-      : new Kubectl(kubectlPath, namespace, true)
+      : new Kubectl(kubectlPath, namespace, skipTlsVerify)
 
    // run action
    switch (action) {
       case Action.DEPLOY: {
-         await deploy(kubectl, fullManifestFilePaths, strategy)
+         await deploy(
+            kubectl,
+            fullManifestFilePaths,
+            strategy,
+            resourceType,
+            timeout
+         )
          break
       }
       case Action.PROMOTE: {
-         await promote(kubectl, fullManifestFilePaths, strategy)
+         await promote(
+            kubectl,
+            fullManifestFilePaths,
+            strategy,
+            resourceType,
+            timeout
+         )
          break
       }
       case Action.REJECT: {
-         await reject(kubectl, fullManifestFilePaths, strategy)
+         await reject(kubectl, fullManifestFilePaths, strategy, timeout)
          break
       }
       default: {

src/strategyHelpers/blueGreen/blueGreenHelper.test.ts

@@ -1,67 +1,106 @@
+import {vi} from 'vitest'
+import type {MockInstance} from 'vitest'
 import {
    deployWithLabel,
    deleteGreenObjects,
+   deployObjects,
    fetchResource,
    getDeploymentMatchLabels,
    getManifestObjects,
    getNewBlueGreenObject,
    GREEN_LABEL_VALUE,
    isServiceRouted
-} from './blueGreenHelper'
+} from './blueGreenHelper.js'
-import {BlueGreenDeployment} from '../../types/blueGreenTypes'
+import {BlueGreenDeployment} from '../../types/blueGreenTypes.js'
-import * as bgHelper from './blueGreenHelper'
+import * as bgHelper from './blueGreenHelper.js'
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
-import * as fileHelper from '../../utilities/fileUtils'
+import * as fileHelper from '../../utilities/fileUtils.js'
-import {K8sObject} from '../../types/k8sObject'
+import {K8sObject} from '../../types/k8sObject.js'
-import * as manifestUpdateUtils from '../../utilities/manifestUpdateUtils'
+import * as manifestUpdateUtils from '../../utilities/manifestUpdateUtils.js'
 import {ExecOutput} from '@actions/exec'
 
-jest.mock('../../types/kubectl')
+vi.mock('../../types/kubectl')
 
 const kubectl = new Kubectl('')
+const TEST_TIMEOUT = '60s'
+
+// Test constants to follow DRY principle
+const EXPECTED_GREEN_OBJECTS = [
+   {name: 'nginx-service-green', kind: 'Service'},
+   {name: 'nginx-deployment-green', kind: 'Deployment'}
+]
+
+const MOCK_EXEC_OUTPUT = {
+   exitCode: 0,
+   stderr: '',
+   stdout: ''
+} as ExecOutput
 
 describe('bluegreenhelper functions', () => {
    let testObjects
    beforeEach(() => {
-      //@ts-ignore
+      vi.restoreAllMocks()
-      Kubectl.mockClear()
+      vi.mocked(Kubectl).mockClear()
       testObjects = getManifestObjects(['test/unit/manifests/test-ingress.yml'])
 
-      jest
+      vi.spyOn(fileHelper, 'writeObjectsToFile').mockImplementationOnce(() => [
-         .spyOn(fileHelper, 'writeObjectsToFile')
+         ''
-         .mockImplementationOnce(() => [''])
+      ])
    })
 
    test('correctly deletes services and workloads according to label', async () => {
-      jest.spyOn(bgHelper, 'deleteObjects').mockReturnValue({} as Promise<void>)
+      vi.spyOn(bgHelper, 'deleteObjects').mockReturnValue({} as Promise<void>)
 
       const value = await deleteGreenObjects(
          kubectl,
          [].concat(
             testObjects.deploymentEntityList,
             testObjects.serviceEntityList
-         )
+         ),
+         TEST_TIMEOUT
       )
 
-      expect(value).toHaveLength(2)
+      expect(value).toHaveLength(EXPECTED_GREEN_OBJECTS.length)
-      expect(value).toContainEqual({
+      EXPECTED_GREEN_OBJECTS.forEach((expectedObject) => {
-         name: 'nginx-service-green',
+         expect(value).toContainEqual(expectedObject)
-         kind: 'Service'
       })
-      expect(value).toContainEqual({
+   })
-         name: 'nginx-deployment-green',
+
-         kind: 'Deployment'
+   test('handles timeout when deleting objects', async () => {
+      const deleteMock = vi.fn().mockResolvedValue(MOCK_EXEC_OUTPUT)
+      kubectl.delete = deleteMock
+
+      const deleteList = EXPECTED_GREEN_OBJECTS
+
+      await bgHelper.deleteObjects(kubectl, deleteList, TEST_TIMEOUT)
+
+      expect(deleteMock).toHaveBeenCalledTimes(deleteList.length)
+      deleteList.forEach(({name, kind}) => {
+         expect(deleteMock).toHaveBeenCalledWith(
+            [kind, name],
+            undefined,
+            TEST_TIMEOUT
+         )
       })
    })
 
    test('parses objects correctly from one file (getManifestObjects)', () => {
-      expect(testObjects.deploymentEntityList[0].kind).toBe('Deployment')
+      const expectedTypes = [
-      expect(testObjects.serviceEntityList[0].kind).toBe('Service')
+         {
-      expect(testObjects.ingressEntityList[0].kind).toBe('Ingress')
+            list: testObjects.deploymentEntityList,
+            kind: 'Deployment',
+            selectorApp: 'nginx'
+         },
+         {list: testObjects.serviceEntityList, kind: 'Service'},
+         {list: testObjects.ingressEntityList, kind: 'Ingress'}
+      ]
 
-      expect(
+      expectedTypes.forEach(({list, kind, selectorApp}) => {
-         testObjects.deploymentEntityList[0].spec.selector.matchLabels.app
+         expect(list[0].kind).toBe(kind)
-      ).toBe('nginx')
+         if (selectorApp) {
+            expect(list[0].spec.selector.matchLabels.app).toBe(selectorApp)
+         }
+      })
    })
 
    test('parses other kinds of objects (getManifestObjects)', () => {
@@ -93,32 +132,41 @@ describe('bluegreenhelper functions', () => {
    })
 
    test('correctly makes labeled workloads', async () => {
+      const kubectlApplySpy = vi.spyOn(kubectl, 'apply').mockResolvedValue({
+         stdout: 'deployment.apps/nginx-deployment created',
+         stderr: '',
+         exitCode: 0
+      })
+
       const cwlResult: BlueGreenDeployment = await deployWithLabel(
          kubectl,
          testObjects.deploymentEntityList,
          GREEN_LABEL_VALUE
       )
       expect(cwlResult.deployResult.manifestFiles[0]).toBe('')
+
+      kubectlApplySpy.mockRestore()
    })
 
    test('correctly makes new blue green object (getNewBlueGreenObject and addBlueGreenLabelsAndAnnotations)', () => {
-      const modifiedDeployment = getNewBlueGreenObject(
+      const testCases = [
-         testObjects.deploymentEntityList[0],
+         {
-         GREEN_LABEL_VALUE
+            object: testObjects.deploymentEntityList[0],
-      )
+            expectedName: 'nginx-deployment-green'
+         },
+         {
+            object: testObjects.serviceEntityList[0],
+            expectedName: 'nginx-service-green'
+         }
+      ]
 
-      expect(modifiedDeployment.metadata.name).toBe('nginx-deployment-green')
+      testCases.forEach(({object, expectedName}) => {
-      expect(modifiedDeployment.metadata.labels['k8s.deploy.color']).toBe(
+         const modifiedObject = getNewBlueGreenObject(object, GREEN_LABEL_VALUE)
-         'green'
+         expect(modifiedObject.metadata.name).toBe(expectedName)
-      )
+         expect(modifiedObject.metadata.labels['k8s.deploy.color']).toBe(
-
+            'green'
-      const modifiedSvc = getNewBlueGreenObject(
+         )
-         testObjects.serviceEntityList[0],
+      })
-         GREEN_LABEL_VALUE
-      )
-
-      expect(modifiedSvc.metadata.name).toBe('nginx-service-green')
-      expect(modifiedSvc.metadata.labels['k8s.deploy.color']).toBe('green')
    })
 
    test('correctly fetches k8s objects', async () => {
@@ -128,9 +176,9 @@ describe('bluegreenhelper functions', () => {
          exitCode: 0
       }
 
-      jest
+      vi.spyOn(kubectl, 'getResource').mockImplementation(() =>
-         .spyOn(kubectl, 'getResource')
+         Promise.resolve(mockExecOutput)
-         .mockImplementation(() => Promise.resolve(mockExecOutput))
+      )
       const fetched = await fetchResource(
          kubectl,
          'nginx-deployment',
@@ -140,40 +188,61 @@ describe('bluegreenhelper functions', () => {
    })
 
    test('exits when fails to fetch k8s objects', async () => {
-      const mockExecOutput = {
+      const errorTestCases = [
-         stdout: 'this should not matter',
+         {
-         exitCode: 0,
+            description: 'with stderr error',
-         stderr: 'this is a fake error'
+            mockOutput: {
-      } as ExecOutput
+               stdout: 'this should not matter',
-      jest
+               exitCode: 0,
-         .spyOn(kubectl, 'getResource')
+               stderr: 'this is a fake error'
-         .mockImplementation(() => Promise.resolve(mockExecOutput))
+            } as ExecOutput,
-      let fetched = await fetchResource(
+            mockImplementation: () => Promise.resolve
-         kubectl,
+         },
-         'nginx-deployment',
+         {
-         'Deployment'
+            description: 'with undefined implementation',
-      )
+            mockOutput: null,
-      expect(fetched).toBe(null)
+            mockImplementation: () => undefined
+         }
+      ]
 
-      jest.spyOn(kubectl, 'getResource').mockImplementation()
+      for (const testCase of errorTestCases) {
-      fetched = await fetchResource(kubectl, 'nginx-deployment', 'Deployment')
+         const spy = vi.spyOn(kubectl, 'getResource')
-      expect(fetched).toBe(null)
+
+         if (testCase.mockOutput) {
+            spy.mockImplementation(() => Promise.resolve(testCase.mockOutput))
+         } else {
+            spy.mockResolvedValue(null)
+         }
+
+         const fetched = await fetchResource(
+            kubectl,
+            'nginx-deployment',
+            'Deployment'
+         )
+         expect(fetched).toBe(null)
+
+         spy.mockRestore()
+      }
    })
 
-   test('returns null when fetch fails to unset k8s objects', async () => {
+   test('returns undefined when fetch fails to unset k8s objects', async () => {
       const mockExecOutput = {
-         stdout: 'this should not matter',
+         stdout: JSON.stringify(testObjects.deploymentEntityList[0]),
          exitCode: 0,
-         stderr: 'this is a fake error'
+         stderr: ''
       } as ExecOutput
-      jest
+
-         .spyOn(manifestUpdateUtils, 'UnsetClusterSpecificDetails')
+      vi.spyOn(kubectl, 'getResource').mockResolvedValue(mockExecOutput)
-         .mockImplementation(() => {
+      vi.spyOn(
-            throw new Error('test error')
+         manifestUpdateUtils,
-         })
+         'UnsetClusterSpecificDetails'
+      ).mockImplementation(() => {
+         throw new Error('test error')
+      })
+
       expect(
          await fetchResource(kubectl, 'nginx-deployment', 'Deployment')
-      ).toBe(null)
+      ).toBeUndefined()
    })
 
    test('gets deployment labels', () => {
@@ -193,4 +262,72 @@ describe('bluegreenhelper functions', () => {
          getDeploymentMatchLabels(testObjects.deploymentEntityList[0])['app']
       ).toBe('nginx')
    })
+
+   describe('deployObjects', () => {
+      let mockObjects: any[]
+      let kubectlApplySpy: MockInstance
+
+      const mockSuccessResult: ExecOutput = {
+         stdout: 'deployment.apps/nginx-deployment created',
+         stderr: '',
+         exitCode: 0
+      }
+
+      const mockFailureResult: ExecOutput = {
+         stdout: '',
+         stderr: 'error: deployment failed',
+         exitCode: 1
+      }
+
+      beforeEach(() => {
+         // //@ts-ignore
+         // Kubectl.mockClear()
+         mockObjects = [testObjects.deploymentEntityList[0]]
+         kubectlApplySpy = vi.spyOn(kubectl, 'apply')
+      })
+
+      afterEach(() => {
+         vi.clearAllMocks()
+      })
+
+      it('should return execution result and manifest files when kubectl apply succeeds', async () => {
+         kubectlApplySpy.mockClear()
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployObjects(kubectl, mockObjects)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         const timeoutArg = kubectlApplySpy.mock.calls[0][3]
+         expect(
+            typeof timeoutArg === 'string' || timeoutArg === undefined
+         ).toBe(true)
+
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            expect.any(Boolean),
+            expect.any(Boolean),
+            timeoutArg
+         )
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+      })
+
+      it('should throw an error when kubectl apply fails with non-zero exit code', async () => {
+         kubectlApplySpy.mockClear()
+         kubectlApplySpy.mockResolvedValue(mockFailureResult)
+
+         await expect(deployObjects(kubectl, mockObjects)).rejects.toThrow()
+         const timeoutArg = kubectlApplySpy.mock.calls[0][3]
+         expect(
+            typeof timeoutArg === 'string' || timeoutArg === undefined
+         ).toBe(true)
+
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            expect.any(Boolean),
+            expect.any(Boolean),
+            timeoutArg
+         )
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+      })
+   })
 })

src/strategyHelpers/blueGreen/blueGreenHelper.ts

@@ -2,27 +2,27 @@ import * as core from '@actions/core'
 import * as fs from 'fs'
 import * as yaml from 'js-yaml'
 
-import {DeployResult} from '../../types/deployResult'
+import {DeployResult} from '../../types/deployResult.js'
-import {K8sObject, K8sDeleteObject} from '../../types/k8sObject'
+import {K8sObject, K8sDeleteObject} from '../../types/k8sObject.js'
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
 import {
    isDeploymentEntity,
    isIngressEntity,
    isServiceEntity,
    KubernetesWorkload
-} from '../../types/kubernetesTypes'
+} from '../../types/kubernetesTypes.js'
 import {
    BlueGreenDeployment,
    BlueGreenManifests
-} from '../../types/blueGreenTypes'
+} from '../../types/blueGreenTypes.js'
-import * as fileHelper from '../../utilities/fileUtils'
+import * as fileHelper from '../../utilities/fileUtils.js'
-import {updateSpecLabels} from '../../utilities/manifestSpecLabelUtils'
+import {updateSpecLabels} from '../../utilities/manifestSpecLabelUtils.js'
-import {checkForErrors} from '../../utilities/kubectlUtils'
+import {checkForErrors} from '../../utilities/kubectlUtils.js'
 import {
    UnsetClusterSpecificDetails,
    updateObjectLabels,
    updateSelectorLabels
-} from '../../utilities/manifestUpdateUtils'
+} from '../../utilities/manifestUpdateUtils.js'
 
 export const GREEN_LABEL_VALUE = 'green'
 export const NONE_LABEL_VALUE = 'None'
@@ -32,30 +32,37 @@ export const STABLE_SUFFIX = '-stable'
 
 export async function deleteGreenObjects(
    kubectl: Kubectl,
-   toDelete: K8sObject[]
+   toDelete: K8sObject[],
+   timeout?: string
 ): Promise<K8sDeleteObject[]> {
    // const resourcesToDelete: K8sDeleteObject[] = []
    const resourcesToDelete: K8sDeleteObject[] = toDelete.map((obj) => {
       return {
          name: getBlueGreenResourceName(obj.metadata.name, GREEN_SUFFIX),
-         kind: obj.kind
+         kind: obj.kind,
+         namespace: obj.metadata.namespace
       }
    })
 
    core.debug(`deleting green objects: ${JSON.stringify(resourcesToDelete)}`)
 
-   await deleteObjects(kubectl, resourcesToDelete)
+   await deleteObjects(kubectl, resourcesToDelete, timeout)
    return resourcesToDelete
 }
 
 export async function deleteObjects(
    kubectl: Kubectl,
-   deleteList: K8sDeleteObject[]
+   deleteList: K8sDeleteObject[],
+   timeout?: string
 ) {
    // delete services and deployments
    for (const delObject of deleteList) {
       try {
-         const result = await kubectl.delete([delObject.kind, delObject.name])
+         const result = await kubectl.delete(
+            [delObject.kind, delObject.name],
+            delObject.namespace,
+            timeout
+         )
          checkForErrors([result])
       } catch (ex) {
          core.debug(`failed to delete object ${delObject.name}: ${ex}`)
@@ -66,38 +73,46 @@ export async function deleteObjects(
 // other common functions
 export function getManifestObjects(filePaths: string[]): BlueGreenManifests {
    const deploymentEntityList: K8sObject[] = []
+   const serviceEntityList: K8sObject[] = []
    const routedServiceEntityList: K8sObject[] = []
    const unroutedServiceEntityList: K8sObject[] = []
    const ingressEntityList: K8sObject[] = []
    const otherEntitiesList: K8sObject[] = []
    const serviceNameMap = new Map<string, string>()
 
+   // Manifest objects per type. All resources should be parsed and
+   // organized before we can check if services are “routed” or not.
    filePaths.forEach((filePath: string) => {
-      const fileContents = fs.readFileSync(filePath).toString()
+      try {
-      yaml.safeLoadAll(fileContents, (inputObject) => {
+         const fileContents = fs.readFileSync(filePath).toString()
-         if (!!inputObject) {
+         yaml.loadAll(fileContents, (inputObject: any) => {
-            const kind = inputObject.kind
+            if (!!inputObject) {
-            const name = inputObject.metadata.name
+               const kind = inputObject.kind
-
+               if (isDeploymentEntity(kind)) {
-            if (isDeploymentEntity(kind)) {
+                  deploymentEntityList.push(inputObject)
-               deploymentEntityList.push(inputObject)
+               } else if (isServiceEntity(kind)) {
-            } else if (isServiceEntity(kind)) {
+                  serviceEntityList.push(inputObject)
-               if (isServiceRouted(inputObject, deploymentEntityList)) {
+               } else if (isIngressEntity(kind)) {
-                  routedServiceEntityList.push(inputObject)
+                  ingressEntityList.push(inputObject)
-                  serviceNameMap.set(
-                     name,
-                     getBlueGreenResourceName(name, GREEN_SUFFIX)
-                  )
                } else {
-                  unroutedServiceEntityList.push(inputObject)
+                  otherEntitiesList.push(inputObject)
                }
-            } else if (isIngressEntity(kind)) {
-               ingressEntityList.push(inputObject)
-            } else {
-               otherEntitiesList.push(inputObject)
             }
-         }
+         })
-      })
+      } catch (error) {
+         core.error(`Error processing file ${filePath}: ${error.message}`)
+         throw error
+      }
+   })
+
+   serviceEntityList.forEach((inputObject: any) => {
+      if (isServiceRouted(inputObject, deploymentEntityList)) {
+         const name = inputObject.metadata.name
+         routedServiceEntityList.push(inputObject)
+         serviceNameMap.set(name, getBlueGreenResourceName(name, GREEN_SUFFIX))
+      } else {
+         unroutedServiceEntityList.push(inputObject)
+      }
    })
 
    return {
@@ -132,7 +147,8 @@ export function isServiceRouted(
 export async function deployWithLabel(
    kubectl: Kubectl,
    deploymentObjectList: any[],
-   nextLabel: string
+   nextLabel: string,
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    const newObjectsList = deploymentObjectList.map((inputObject) =>
       getNewBlueGreenObject(inputObject, nextLabel)
@@ -141,7 +157,7 @@ export async function deployWithLabel(
    core.debug(
       `objects deployed with label are ${JSON.stringify(newObjectsList)}`
    )
-   const deployResult = await deployObjects(kubectl, newObjectsList)
+   const deployResult = await deployObjects(kubectl, newObjectsList, timeout)
    return {deployResult, objects: newObjectsList}
 }
 
@@ -234,9 +250,10 @@ export function isServiceSelectorSubsetOfMatchLabel(
 export async function fetchResource(
    kubectl: Kubectl,
    kind: string,
-   name: string
+   name: string,
+   namespace?: string
 ): Promise<K8sObject> {
-   const result = await kubectl.getResource(kind, name)
+   const result = await kubectl.getResource(kind, name, false, namespace)
    if (result == null || !!result.stderr) {
       return null
    }
@@ -257,10 +274,28 @@ export async function fetchResource(
 
 export async function deployObjects(
    kubectl: Kubectl,
-   objectsList: any[]
+   objectsList: any[],
+   timeout?: string
 ): Promise<DeployResult> {
-   const manifestFiles = fileHelper.writeObjectsToFile(objectsList)
+   // Handle empty objects list gracefully to prevent "Configuration paths must exist" error
-   const execResult = await kubectl.apply(manifestFiles)
+   if (!objectsList || objectsList.length === 0) {
+      core.debug('No objects to deploy, skipping kubectl apply')
+      return {
+         execResult: {exitCode: 0, stdout: '', stderr: ''},
+         manifestFiles: []
+      }
+   }
 
+   const manifestFiles = fileHelper.writeObjectsToFile(objectsList)
+   const forceDeployment = core.getInput('force').toLowerCase() === 'true'
+   const serverSideApply = core.getInput('server-side').toLowerCase() === 'true'
+   const execResult = await kubectl.apply(
+      manifestFiles,
+      forceDeployment,
+      serverSideApply,
+      timeout
+   )
+
+   checkForErrors([execResult])
    return {execResult, manifestFiles}
 }

src/strategyHelpers/blueGreen/deploy.test.ts

@@ -1,39 +1,66 @@
-import {getManifestObjects} from './blueGreenHelper'
+import {vi} from 'vitest'
-import {BlueGreenDeployment} from '../../types/blueGreenTypes'
+import type {MockInstance} from 'vitest'
-import {deployBlueGreen, deployBlueGreenIngress} from './deploy'
+import {BlueGreenDeployment} from '../../types/blueGreenTypes.js'
-import * as routeTester from './route'
+import {
-import {Kubectl} from '../../types/kubectl'
+   deployBlueGreen,
-import {RouteStrategy} from '../../types/routeStrategy'
+   deployBlueGreenIngress,
-import * as TSutils from '../../utilities/trafficSplitUtils'
+   deployBlueGreenService,
+   deployBlueGreenSMI
+} from './deploy.js'
+import * as routeTester from './route.js'
+import {Kubectl} from '../../types/kubectl.js'
+import {RouteStrategy} from '../../types/routeStrategy.js'
+import * as TSutils from '../../utilities/trafficSplitUtils.js'
+import * as bgHelper from './blueGreenHelper.js'
+import * as smiHelper from './smiBlueGreenHelper.js'
+import {ExecOutput} from '@actions/exec'
 
 const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
 
-jest.mock('../../types/kubectl')
+vi.mock('../../types/kubectl')
+
+// Shared variables and mock objects used across all test suites
+const mockDeployResult = {
+   execResult: {exitCode: 0, stderr: '', stdout: ''},
+   manifestFiles: []
+}
+
+const mockBgDeployment: BlueGreenDeployment = {
+   deployResult: mockDeployResult,
+   objects: []
+}
 
 describe('deploy tests', () => {
-   let testObjects
+   let kubectl: Kubectl
+   let kubectlApplySpy: MockInstance
+
+   const mockSuccessResult: ExecOutput = {
+      stdout: 'deployment.apps/nginx-deployment created',
+      stderr: '',
+      exitCode: 0
+   }
+
+   const mockFailureResult: ExecOutput = {
+      stdout: '',
+      stderr: 'error: deployment failed',
+      exitCode: 1
+   }
+
    beforeEach(() => {
-      //@ts-ignore
+      vi.mocked(Kubectl).mockClear()
-      Kubectl.mockClear()
+      kubectl = new Kubectl('')
-      testObjects = getManifestObjects(ingressFilepath)
+      kubectlApplySpy = vi.spyOn(kubectl, 'apply')
    })
 
    test('correctly determines deploy type and acts accordingly', async () => {
-      const kubectl = new Kubectl('')
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
-      const mockBgDeployment: BlueGreenDeployment = {
-         deployResult: {
-            execResult: {exitCode: 0, stderr: '', stdout: ''},
-            manifestFiles: []
-         },
-         objects: []
-      }
 
-      jest
+      vi.spyOn(routeTester, 'routeBlueGreenForDeploy').mockImplementation(() =>
-         .spyOn(routeTester, 'routeBlueGreenForDeploy')
+         Promise.resolve(mockBgDeployment)
-         .mockImplementation(() => Promise.resolve(mockBgDeployment))
+      )
-      jest
+      vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(() =>
-         .spyOn(TSutils, 'getTrafficSplitAPIVersion')
+         Promise.resolve('v1alpha3')
-         .mockImplementation(() => Promise.resolve('v1alpha3'))
+      )
 
       const ingressResult = await deployBlueGreen(
          kubectl,
@@ -57,12 +84,13 @@ describe('deploy tests', () => {
          RouteStrategy.SMI
       )
 
-      expect(smiResult.objects.length).toBe(3)
+      expect(smiResult.objects.length).toBe(6)
    })
 
    test('correctly deploys blue/green ingress', async () => {
-      const kc = new Kubectl('')
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
-      const value = await deployBlueGreenIngress(kc, ingressFilepath)
+
+      const value = await deployBlueGreenIngress(kubectl, ingressFilepath)
       const nol = value.objects.map((obj) => {
          if (obj.kind === 'Service') {
             expect(obj.metadata.name).toBe('nginx-service-green')
@@ -72,4 +100,278 @@ describe('deploy tests', () => {
          }
       })
    })
+
+   // Consolidated error tests
+   test.each([
+      {
+         name: 'should throw error when kubectl apply fails during blue/green ingress deployment',
+         fn: () => deployBlueGreenIngress(kubectl, ingressFilepath),
+         setup: () => {}
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green deployment with INGRESS strategy',
+         fn: () =>
+            deployBlueGreen(kubectl, ingressFilepath, RouteStrategy.INGRESS),
+         setup: () => {
+            vi.spyOn(routeTester, 'routeBlueGreenForDeploy').mockImplementation(
+               () => Promise.resolve(mockBgDeployment)
+            )
+            vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(
+               () => Promise.resolve('v1alpha3')
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green deployment with SERVICE strategy',
+         fn: () =>
+            deployBlueGreen(kubectl, ingressFilepath, RouteStrategy.SERVICE),
+         setup: () => {
+            vi.spyOn(routeTester, 'routeBlueGreenForDeploy').mockImplementation(
+               () => Promise.resolve(mockBgDeployment)
+            )
+            vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(
+               () => Promise.resolve('v1alpha3')
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green deployment with SMI strategy',
+         fn: () => deployBlueGreen(kubectl, ingressFilepath, RouteStrategy.SMI),
+         setup: () => {
+            vi.spyOn(routeTester, 'routeBlueGreenForDeploy').mockImplementation(
+               () => Promise.resolve(mockBgDeployment)
+            )
+            vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(
+               () => Promise.resolve('v1alpha3')
+            )
+         }
+      },
+      {
+         name: 'should throw error when deployBlueGreenService fails',
+         fn: () => deployBlueGreenService(kubectl, ingressFilepath),
+         setup: () => {}
+      },
+      {
+         name: 'should throw error when deployBlueGreenSMI fails',
+         fn: () => deployBlueGreenSMI(kubectl, ingressFilepath),
+         setup: () => {}
+      }
+   ])('$name', async ({fn, setup}) => {
+      kubectlApplySpy.mockResolvedValue(mockFailureResult)
+      setup()
+
+      await expect(fn()).rejects.toThrow()
+
+      const timeoutArg = kubectlApplySpy.mock.calls[0][3]
+      expect(typeof timeoutArg === 'string' || timeoutArg === undefined).toBe(
+         true
+      )
+
+      expect(kubectlApplySpy).toHaveBeenCalledWith(
+         expect.any(Array),
+         expect.any(Boolean),
+         expect.any(Boolean),
+         timeoutArg
+      )
+      expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+   })
+})
+
+// Timeout tests
+describe('deploy timeout tests', () => {
+   let kubectl: Kubectl
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      kubectl = new Kubectl('')
+   })
+
+   test('deployBlueGreen with timeout passes to strategy functions', async () => {
+      const timeout = '300s'
+
+      // Mock the helper functions that are actually called
+      const deployWithLabelSpy = vi
+         .spyOn(bgHelper, 'deployWithLabel')
+         .mockResolvedValue(mockBgDeployment)
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue(mockDeployResult)
+      const setupSMISpy = vi
+         .spyOn(smiHelper, 'setupSMI')
+         .mockResolvedValue(mockBgDeployment)
+      const routeSpy = vi
+         .spyOn(routeTester, 'routeBlueGreenForDeploy')
+         .mockResolvedValue(mockBgDeployment)
+
+      // Test INGRESS strategy
+      await deployBlueGreen(
+         kubectl,
+         ingressFilepath,
+         RouteStrategy.INGRESS,
+         timeout
+      )
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         expect.any(String),
+         timeout
+      )
+
+      // Test SERVICE strategy
+      deployWithLabelSpy.mockClear()
+      deployObjectsSpy.mockClear()
+      await deployBlueGreen(
+         kubectl,
+         ingressFilepath,
+         RouteStrategy.SERVICE,
+         timeout
+      )
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         expect.any(String),
+         timeout
+      )
+
+      // Test SMI strategy
+      deployWithLabelSpy.mockClear()
+      setupSMISpy.mockClear()
+      await deployBlueGreen(
+         kubectl,
+         ingressFilepath,
+         RouteStrategy.SMI,
+         timeout
+      )
+      expect(setupSMISpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         timeout
+      )
+
+      deployWithLabelSpy.mockRestore()
+      deployObjectsSpy.mockRestore()
+      setupSMISpy.mockRestore()
+      routeSpy.mockRestore()
+   })
+
+   test('deployBlueGreenIngress with timeout', async () => {
+      const timeout = '240s'
+
+      // Mock the dependencies
+      const deployWithLabelSpy = vi
+         .spyOn(bgHelper, 'deployWithLabel')
+         .mockResolvedValue(mockBgDeployment)
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue(mockDeployResult)
+
+      await deployBlueGreenIngress(kubectl, ingressFilepath, timeout)
+
+      // Verify deployWithLabel was called with timeout
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         expect.any(String),
+         timeout
+      )
+
+      // Verify deployObjects was called with timeout
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         timeout
+      )
+
+      deployWithLabelSpy.mockRestore()
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('deployBlueGreenService with timeout', async () => {
+      const timeout = '180s'
+
+      // Mock the dependencies
+      const deployWithLabelSpy = vi
+         .spyOn(bgHelper, 'deployWithLabel')
+         .mockResolvedValue(mockBgDeployment)
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue(mockDeployResult)
+
+      await deployBlueGreenService(kubectl, ingressFilepath, timeout)
+
+      // Verify deployWithLabel was called with timeout
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         expect.any(String),
+         timeout
+      )
+
+      // Verify deployObjects was called with timeout
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         timeout
+      )
+
+      deployWithLabelSpy.mockRestore()
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('deployBlueGreenSMI with timeout', async () => {
+      const timeout = '360s'
+
+      // Mock the dependencies
+      const setupSMISpy = vi
+         .spyOn(smiHelper, 'setupSMI')
+         .mockResolvedValue(mockBgDeployment)
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue(mockDeployResult)
+      const deployWithLabelSpy = vi
+         .spyOn(bgHelper, 'deployWithLabel')
+         .mockResolvedValue(mockBgDeployment)
+
+      await deployBlueGreenSMI(kubectl, ingressFilepath, timeout)
+
+      // Verify setupSMI was called with timeout
+      expect(setupSMISpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         timeout
+      )
+
+      // Verify deployObjects was called with timeout
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         timeout
+      )
+
+      setupSMISpy.mockRestore()
+      deployObjectsSpy.mockRestore()
+      deployWithLabelSpy.mockRestore()
+   })
+
+   test('deploy functions without timeout should pass undefined', async () => {
+      const deployWithLabelSpy = vi
+         .spyOn(bgHelper, 'deployWithLabel')
+         .mockResolvedValue(mockBgDeployment)
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue(mockDeployResult)
+
+      await deployBlueGreenIngress(kubectl, ingressFilepath)
+
+      // Verify deployWithLabel was called with undefined timeout
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         expect.any(String),
+         undefined
+      )
+
+      deployWithLabelSpy.mockRestore()
+      deployObjectsSpy.mockRestore()
+   })
 })

src/strategyHelpers/blueGreen/deploy.ts

@@ -1,49 +1,61 @@
 import * as core from '@actions/core'
 
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
 import {
    BlueGreenDeployment,
    BlueGreenManifests
-} from '../../types/blueGreenTypes'
+} from '../../types/blueGreenTypes.js'
 
-import {RouteStrategy} from '../../types/routeStrategy'
+import {RouteStrategy} from '../../types/routeStrategy.js'
 
 import {
    deployWithLabel,
    getManifestObjects,
    GREEN_LABEL_VALUE,
    deployObjects
-} from './blueGreenHelper'
+} from './blueGreenHelper.js'
-import {setupSMI} from './smiBlueGreenHelper'
+import {setupSMI} from './smiBlueGreenHelper.js'
 
-import {routeBlueGreenForDeploy} from './route'
+import {routeBlueGreenForDeploy} from './route.js'
+import {DeployResult} from '../../types/deployResult.js'
 
 export async function deployBlueGreen(
    kubectl: Kubectl,
    files: string[],
-   routeStrategy: RouteStrategy
+   routeStrategy: RouteStrategy,
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    const blueGreenDeployment = await (async () => {
       switch (routeStrategy) {
          case RouteStrategy.INGRESS:
-            return await deployBlueGreenIngress(kubectl, files)
+            return await deployBlueGreenIngress(kubectl, files, timeout)
          case RouteStrategy.SMI:
-            return await deployBlueGreenSMI(kubectl, files)
+            return await deployBlueGreenSMI(kubectl, files, timeout)
          default:
-            return await deployBlueGreenService(kubectl, files)
+            return await deployBlueGreenService(kubectl, files, timeout)
       }
    })()
 
    core.startGroup('Routing blue green')
-   await routeBlueGreenForDeploy(kubectl, files, routeStrategy)
+   const routeDeployment = await routeBlueGreenForDeploy(
+      kubectl,
+      files,
+      routeStrategy,
+      timeout
+   )
    core.endGroup()
 
+   blueGreenDeployment.objects.push(...routeDeployment.objects)
+   blueGreenDeployment.deployResult.manifestFiles.push(
+      ...routeDeployment.deployResult.manifestFiles
+   )
    return blueGreenDeployment
 }
 
 export async function deployBlueGreenSMI(
    kubectl: Kubectl,
-   filePaths: string[]
+   filePaths: string[],
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    // get all kubernetes objects defined in manifest files
    const manifestObjects: BlueGreenManifests = getManifestObjects(filePaths)
@@ -56,26 +68,44 @@ export async function deployBlueGreenSMI(
       manifestObjects.unroutedServiceEntityList
    )
 
-   await deployObjects(kubectl, newObjectsList)
+   const otherObjDeployment: DeployResult = await deployObjects(
+      kubectl,
+      newObjectsList,
+      timeout
+   )
 
    // make extraservices and trafficsplit
-   await setupSMI(kubectl, manifestObjects.serviceEntityList)
+   const smiAndSvcDeployment = await setupSMI(
+      kubectl,
+      manifestObjects.serviceEntityList,
+      timeout
+   )
 
    // create new deloyments
    const blueGreenDeployment: BlueGreenDeployment = await deployWithLabel(
       kubectl,
       manifestObjects.deploymentEntityList,
-      GREEN_LABEL_VALUE
+      GREEN_LABEL_VALUE,
+      timeout
    )
-   return {
+
-      deployResult: blueGreenDeployment.deployResult,
+   blueGreenDeployment.objects.push(...newObjectsList)
-      objects: [].concat(blueGreenDeployment.objects, newObjectsList)
+   blueGreenDeployment.objects.push(...smiAndSvcDeployment.objects)
-   }
+
+   blueGreenDeployment.deployResult.manifestFiles.push(
+      ...otherObjDeployment.manifestFiles
+   )
+   blueGreenDeployment.deployResult.manifestFiles.push(
+      ...smiAndSvcDeployment.deployResult.manifestFiles
+   )
+
+   return blueGreenDeployment
 }
 
 export async function deployBlueGreenIngress(
    kubectl: Kubectl,
-   filePaths: string[]
+   filePaths: string[],
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    // get all kubernetes objects defined in manifest files
    const manifestObjects: BlueGreenManifests = getManifestObjects(filePaths)
@@ -88,14 +118,15 @@ export async function deployBlueGreenIngress(
    const workloadDeployment: BlueGreenDeployment = await deployWithLabel(
       kubectl,
       servicesAndDeployments,
-      GREEN_LABEL_VALUE
+      GREEN_LABEL_VALUE,
+      timeout
    )
 
    const otherObjects = [].concat(
       manifestObjects.otherObjects,
       manifestObjects.unroutedServiceEntityList
    )
-   await deployObjects(kubectl, otherObjects)
+   await deployObjects(kubectl, otherObjects, timeout)
    core.debug(
       `new objects after processing services and other objects: \n
          ${JSON.stringify(servicesAndDeployments)}`
@@ -109,7 +140,8 @@ export async function deployBlueGreenIngress(
 
 export async function deployBlueGreenService(
    kubectl: Kubectl,
-   filePaths: string[]
+   filePaths: string[],
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    const manifestObjects: BlueGreenManifests = getManifestObjects(filePaths)
 
@@ -117,7 +149,8 @@ export async function deployBlueGreenService(
    const blueGreenDeployment: BlueGreenDeployment = await deployWithLabel(
       kubectl,
       manifestObjects.deploymentEntityList,
-      GREEN_LABEL_VALUE
+      GREEN_LABEL_VALUE,
+      timeout
    )
 
    // create other non deployment and non service entities
@@ -127,7 +160,7 @@ export async function deployBlueGreenService(
       manifestObjects.unroutedServiceEntityList
    )
 
-   await deployObjects(kubectl, newObjectsList)
+   await deployObjects(kubectl, newObjectsList, timeout)
    // returning deployment details to check for rollout stability
    return {
       deployResult: blueGreenDeployment.deployResult,

src/strategyHelpers/blueGreen/ingressBlueGreenHelper.test.ts

@@ -1,27 +1,27 @@
-import {getManifestObjects, GREEN_LABEL_VALUE} from './blueGreenHelper'
+import {vi} from 'vitest'
-import * as bgHelper from './blueGreenHelper'
+import {getManifestObjects, GREEN_LABEL_VALUE} from './blueGreenHelper.js'
+import * as bgHelper from './blueGreenHelper.js'
 import {
    getUpdatedBlueGreenIngress,
    isIngressRouted,
    validateIngresses
-} from './ingressBlueGreenHelper'
+} from './ingressBlueGreenHelper.js'
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
-import * as fileHelper from '../../utilities/fileUtils'
+import * as fileHelper from '../../utilities/fileUtils.js'
 
 const betaFilepath = ['test/unit/manifests/test-ingress.yml']
 const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
 const kubectl = new Kubectl('')
-jest.mock('../../types/kubectl')
+vi.mock('../../types/kubectl')
 
 describe('ingress blue green helpers', () => {
    let testObjects
    beforeEach(() => {
-      //@ts-ignore
+      vi.mocked(Kubectl).mockClear()
-      Kubectl.mockClear()
       testObjects = getManifestObjects(ingressFilepath)
-      jest
+      vi.spyOn(fileHelper, 'writeObjectsToFile').mockImplementationOnce(() => [
-         .spyOn(fileHelper, 'writeObjectsToFile')
+         ''
-         .mockImplementationOnce(() => [''])
+      ])
    })
 
    test('it should correctly classify ingresses', () => {
@@ -72,7 +72,7 @@ describe('ingress blue green helpers', () => {
 
    test('it should validate ingresses', async () => {
       // what if nothing gets returned from fetchResource?
-      jest.spyOn(bgHelper, 'fetchResource').mockImplementation()
+      vi.spyOn(bgHelper, 'fetchResource').mockResolvedValue(null)
       let validResponse = await validateIngresses(
          kubectl,
          testObjects.ingressEntityList,
@@ -89,9 +89,9 @@ describe('ingress blue green helpers', () => {
       const mockLabels = new Map<string, string>()
       mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = GREEN_LABEL_VALUE
       mockIngress.metadata.labels = mockLabels
-      jest
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
-         .spyOn(bgHelper, 'fetchResource')
+         Promise.resolve(mockIngress)
-         .mockImplementation(() => Promise.resolve(mockIngress))
+      )
       validResponse = await validateIngresses(
          kubectl,
          testObjects.ingressEntityList,

src/strategyHelpers/blueGreen/ingressBlueGreenHelper.ts

@@ -1,12 +1,12 @@
 import * as core from '@actions/core'
-import {K8sIngress} from '../../types/k8sObject'
+import {K8sIngress} from '../../types/k8sObject.js'
 import {
    addBlueGreenLabelsAndAnnotations,
    BLUE_GREEN_VERSION_LABEL,
    GREEN_LABEL_VALUE,
    fetchResource
-} from './blueGreenHelper'
+} from './blueGreenHelper.js'
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
 
 const BACKEND = 'backend'
 
@@ -97,7 +97,8 @@ export async function validateIngresses(
          const existingIngress = await fetchResource(
             kubectl,
             inputObject.kind,
-            inputObject.metadata.name
+            inputObject.metadata.name,
+            inputObject?.metadata?.namespace
          )
 
          const isValid =

src/strategyHelpers/blueGreen/promote.test.ts

@@ -1,34 +1,64 @@
-import * as core from '@actions/core'
+import {vi} from 'vitest'
-import {getManifestObjects} from './blueGreenHelper'
+import type {MockInstance} from 'vitest'
+import {getManifestObjects} from './blueGreenHelper.js'
 import {
    promoteBlueGreenIngress,
    promoteBlueGreenService,
    promoteBlueGreenSMI
-} from './promote'
+} from './promote.js'
-import {TrafficSplitObject} from '../../types/k8sObject'
+import {TrafficSplitObject} from '../../types/k8sObject.js'
-import * as servicesTester from './serviceBlueGreenHelper'
+import * as servicesTester from './serviceBlueGreenHelper.js'
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
-import {MAX_VAL, MIN_VAL, TRAFFIC_SPLIT_OBJECT} from './smiBlueGreenHelper'
+import {MAX_VAL, MIN_VAL, TRAFFIC_SPLIT_OBJECT} from './smiBlueGreenHelper.js'
-import * as smiTester from './smiBlueGreenHelper'
+import * as smiTester from './smiBlueGreenHelper.js'
-import * as bgHelper from './blueGreenHelper'
+import * as bgHelper from './blueGreenHelper.js'
+import {ExecOutput} from '@actions/exec'
 
-let testObjects
 const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
-jest.mock('../../types/kubectl')
+
+vi.mock('../../types/kubectl')
+
+// Shared variables used across all test suites
+let testObjects: any
 const kubectl = new Kubectl('')
 
+// Shared mock objects following DRY principle
+const mockSuccessResult: ExecOutput = {
+   stdout: 'deployment.apps/nginx-deployment created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult: ExecOutput = {
+   stdout: '',
+   stderr: 'error: deployment failed',
+   exitCode: 1
+}
+
+const mockBgDeployment = {
+   deployResult: {
+      execResult: {exitCode: 0, stderr: '', stdout: ''},
+      manifestFiles: []
+   },
+   objects: []
+}
+
 describe('promote tests', () => {
+   let kubectlApplySpy: MockInstance
+
    beforeEach(() => {
-      //@ts-ignore
+      vi.mocked(Kubectl).mockClear()
-      Kubectl.mockClear()
       testObjects = getManifestObjects(ingressFilepath)
+      kubectlApplySpy = vi.spyOn(kubectl, 'apply')
    })
 
    test('promote blue/green ingress', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
       const mockLabels = new Map<string, string>()
       mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.GREEN_LABEL_VALUE
 
-      jest.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
          Promise.resolve({
             kind: 'Ingress',
             spec: {},
@@ -53,7 +83,7 @@ describe('promote tests', () => {
    test('fail to promote invalid blue/green ingress', async () => {
       const mockLabels = new Map<string, string>()
       mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.NONE_LABEL_VALUE
-      jest.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
          Promise.resolve({
             kind: 'Ingress',
             spec: {},
@@ -63,13 +93,15 @@ describe('promote tests', () => {
 
       await expect(
          promoteBlueGreenIngress(kubectl, testObjects)
-      ).rejects.toThrowError()
+      ).rejects.toThrow()
    })
 
    test('promote blue/green service', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
       const mockLabels = new Map<string, string>()
       mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.GREEN_LABEL_VALUE
-      jest.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
          Promise.resolve({
             kind: 'Service',
             spec: {selector: mockLabels},
@@ -89,23 +121,25 @@ describe('promote tests', () => {
    test('fail to promote invalid blue/green service', async () => {
       const mockLabels = new Map<string, string>()
       mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.NONE_LABEL_VALUE
-      jest.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
          Promise.resolve({
             kind: 'Service',
             spec: {},
             metadata: {labels: mockLabels, name: 'nginx-ingress-green'}
          })
       )
-      jest
+      vi.spyOn(servicesTester, 'validateServicesState').mockImplementationOnce(
-         .spyOn(servicesTester, 'validateServicesState')
+         () => Promise.resolve(false)
-         .mockImplementationOnce(() => Promise.resolve(false))
+      )
 
       await expect(
          promoteBlueGreenService(kubectl, testObjects)
-      ).rejects.toThrowError()
+      ).rejects.toThrow()
    })
 
    test('promote blue/green SMI', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
       const mockLabels = new Map<string, string>()
       mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.NONE_LABEL_VALUE
 
@@ -131,9 +165,9 @@ describe('promote tests', () => {
             ]
          }
       }
-      jest
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
-         .spyOn(bgHelper, 'fetchResource')
+         Promise.resolve(mockTsObject)
-         .mockImplementation(() => Promise.resolve(mockTsObject))
+      )
 
       const deployResult = await promoteBlueGreenSMI(kubectl, testObjects)
 
@@ -149,10 +183,217 @@ describe('promote tests', () => {
    test('promote blue/green SMI with bad trafficsplit', async () => {
       const mockLabels = new Map<string, string>()
       mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.NONE_LABEL_VALUE
-      jest
+      vi.spyOn(smiTester, 'validateTrafficSplitsState').mockImplementation(() =>
-         .spyOn(smiTester, 'validateTrafficSplitsState')
+         Promise.resolve(false)
-         .mockImplementation(() => Promise.resolve(false))
+      )
 
-      expect(promoteBlueGreenSMI(kubectl, testObjects)).rejects.toThrowError()
+      await expect(promoteBlueGreenSMI(kubectl, testObjects)).rejects.toThrow()
+   })
+
+   // Consolidated error tests
+   test.each([
+      {
+         name: 'should throw error when kubectl apply fails during blue/green ingress promotion',
+         fn: () => promoteBlueGreenIngress(kubectl, testObjects),
+         setup: () => {
+            const mockLabels = new Map<string, string>()
+            mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] =
+               bgHelper.GREEN_LABEL_VALUE
+            vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+               Promise.resolve({
+                  kind: 'Ingress',
+                  spec: {},
+                  metadata: {labels: mockLabels, name: 'nginx-ingress-green'}
+               })
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green service promotion',
+         fn: () => promoteBlueGreenService(kubectl, testObjects),
+         setup: () => {
+            const mockLabels = new Map<string, string>()
+            mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] =
+               bgHelper.GREEN_LABEL_VALUE
+            vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+               Promise.resolve({
+                  kind: 'Service',
+                  spec: {selector: mockLabels},
+                  metadata: {labels: mockLabels, name: 'nginx-service-green'}
+               })
+            )
+            vi.spyOn(servicesTester, 'validateServicesState').mockResolvedValue(
+               true
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green SMI promotion',
+         fn: () => promoteBlueGreenSMI(kubectl, testObjects),
+         setup: () => {
+            const mockTsObject: TrafficSplitObject = {
+               apiVersion: 'v1alpha3',
+               kind: TRAFFIC_SPLIT_OBJECT,
+               metadata: {
+                  name: 'nginx-service-trafficsplit',
+                  labels: new Map<string, string>(),
+                  annotations: new Map<string, string>()
+               },
+               spec: {
+                  service: 'nginx-service',
+                  backends: [
+                     {service: 'nginx-service-stable', weight: MIN_VAL},
+                     {service: 'nginx-service-green', weight: MAX_VAL}
+                  ]
+               }
+            }
+            vi.spyOn(bgHelper, 'fetchResource').mockResolvedValue(mockTsObject)
+            vi.spyOn(smiTester, 'validateTrafficSplitsState').mockResolvedValue(
+               true
+            )
+         }
+      }
+   ])('$name', async ({fn, setup}) => {
+      kubectlApplySpy.mockClear()
+      kubectlApplySpy.mockResolvedValue(mockFailureResult)
+      setup()
+
+      await expect(fn()).rejects.toThrow()
+
+      const timeoutArg = kubectlApplySpy.mock.calls[0][3]
+      expect(typeof timeoutArg === 'string' || timeoutArg === undefined).toBe(
+         true
+      )
+
+      expect(kubectlApplySpy).toHaveBeenCalledWith(
+         expect.any(Array),
+         expect.any(Boolean),
+         expect.any(Boolean),
+         timeoutArg
+      )
+      expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+   })
+})
+
+// Timeout tests
+describe('promote timeout tests', () => {
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      testObjects = getManifestObjects(ingressFilepath)
+   })
+
+   const mockDeployWithLabel = () =>
+      vi.spyOn(bgHelper, 'deployWithLabel').mockResolvedValue(mockBgDeployment)
+
+   const setupFetchResource = (
+      kind: string,
+      name: string,
+      labelValue: string
+   ) => {
+      const mockLabels = new Map<string, string>()
+      mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = labelValue
+
+      vi.spyOn(bgHelper, 'fetchResource').mockResolvedValue({
+         kind,
+         spec: {},
+         metadata: {labels: mockLabels, name}
+      })
+   }
+
+   test.each([
+      {
+         name: 'promoteBlueGreenIngress with timeout',
+         fn: promoteBlueGreenIngress,
+         kind: 'Ingress',
+         resourceName: 'nginx-ingress-green',
+         timeout: '300s',
+         setup: () =>
+            setupFetchResource(
+               'Ingress',
+               'nginx-ingress-green',
+               bgHelper.GREEN_LABEL_VALUE
+            )
+      },
+      {
+         name: 'promoteBlueGreenService with timeout',
+         fn: promoteBlueGreenService,
+         kind: 'Service',
+         resourceName: 'nginx-service-green',
+         timeout: '240s',
+         setup: () => {
+            setupFetchResource(
+               'Service',
+               'nginx-service-green',
+               bgHelper.GREEN_LABEL_VALUE
+            )
+            vi.spyOn(servicesTester, 'validateServicesState').mockResolvedValue(
+               true
+            )
+         }
+      },
+      {
+         name: 'promoteBlueGreenSMI with timeout',
+         fn: promoteBlueGreenSMI,
+         kind: 'TrafficSplit',
+         resourceName: 'nginx-service-trafficsplit',
+         timeout: '180s',
+         setup: () => {
+            const mockTsObject: TrafficSplitObject = {
+               apiVersion: 'v1alpha3',
+               kind: TRAFFIC_SPLIT_OBJECT,
+               metadata: {
+                  name: 'nginx-service-trafficsplit',
+                  labels: new Map<string, string>(),
+                  annotations: new Map<string, string>()
+               },
+               spec: {
+                  service: 'nginx-service',
+                  backends: [
+                     {service: 'nginx-service-stable', weight: MIN_VAL},
+                     {service: 'nginx-service-green', weight: MAX_VAL}
+                  ]
+               }
+            }
+
+            vi.spyOn(bgHelper, 'fetchResource').mockResolvedValue(mockTsObject)
+            vi.spyOn(smiTester, 'validateTrafficSplitsState').mockResolvedValue(
+               true
+            )
+         }
+      }
+   ])('$name', async ({fn, timeout, setup}) => {
+      setup()
+      const deployWithLabelSpy = mockDeployWithLabel()
+
+      await fn(kubectl, testObjects, timeout)
+
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         bgHelper.NONE_LABEL_VALUE,
+         timeout
+      )
+
+      deployWithLabelSpy.mockRestore()
+   })
+
+   test('promote functions without timeout should pass undefined', async () => {
+      setupFetchResource(
+         'Ingress',
+         'nginx-ingress-green',
+         bgHelper.GREEN_LABEL_VALUE
+      )
+      const deployWithLabelSpy = mockDeployWithLabel()
+
+      await promoteBlueGreenIngress(kubectl, testObjects)
+
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         bgHelper.NONE_LABEL_VALUE,
+         undefined
+      )
+
+      deployWithLabelSpy.mockRestore()
    })
 })

src/strategyHelpers/blueGreen/promote.ts

@@ -1,17 +1,18 @@
 import * as core from '@actions/core'
 
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
 
-import {BlueGreenDeployment} from '../../types/blueGreenTypes'
+import {BlueGreenDeployment} from '../../types/blueGreenTypes.js'
-import {deployWithLabel, NONE_LABEL_VALUE} from './blueGreenHelper'
+import {deployWithLabel, NONE_LABEL_VALUE} from './blueGreenHelper.js'
 
-import {validateIngresses} from './ingressBlueGreenHelper'
+import {validateIngresses} from './ingressBlueGreenHelper.js'
-import {validateServicesState} from './serviceBlueGreenHelper'
+import {validateServicesState} from './serviceBlueGreenHelper.js'
-import {validateTrafficSplitsState} from './smiBlueGreenHelper'
+import {validateTrafficSplitsState} from './smiBlueGreenHelper.js'
 
 export async function promoteBlueGreenIngress(
    kubectl: Kubectl,
-   manifestObjects
+   manifestObjects,
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    //checking if anything to promote
    const {areValid, invalidIngresses} = await validateIngresses(
@@ -32,7 +33,8 @@ export async function promoteBlueGreenIngress(
          manifestObjects.deploymentEntityList,
          manifestObjects.serviceEntityList
       ),
-      NONE_LABEL_VALUE
+      NONE_LABEL_VALUE,
+      timeout
    )
 
    // create stable services with new configuration
@@ -41,7 +43,8 @@ export async function promoteBlueGreenIngress(
 
 export async function promoteBlueGreenService(
    kubectl: Kubectl,
-   manifestObjects
+   manifestObjects,
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    // checking if services are in the right state ie. targeting green deployments
    if (
@@ -54,13 +57,15 @@ export async function promoteBlueGreenService(
    return await deployWithLabel(
       kubectl,
       manifestObjects.deploymentEntityList,
-      NONE_LABEL_VALUE
+      NONE_LABEL_VALUE,
+      timeout
    )
 }
 
 export async function promoteBlueGreenSMI(
    kubectl: Kubectl,
-   manifestObjects
+   manifestObjects,
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    // checking if there is something to promote
    if (
@@ -76,6 +81,7 @@ export async function promoteBlueGreenSMI(
    return await deployWithLabel(
       kubectl,
       manifestObjects.deploymentEntityList,
-      NONE_LABEL_VALUE
+      NONE_LABEL_VALUE,
+      timeout
    )
 }

src/strategyHelpers/blueGreen/reject.test.ts

@@ -1,29 +1,74 @@
-import {getManifestObjects} from './blueGreenHelper'
+import {vi} from 'vitest'
-import {Kubectl} from '../../types/kubectl'
+import type {MockInstance} from 'vitest'
-import {BlueGreenRejectResult} from '../../types/blueGreenTypes'
+import {getManifestObjects} from './blueGreenHelper.js'
+import {Kubectl} from '../../types/kubectl.js'
 
-import * as TSutils from '../../utilities/trafficSplitUtils'
+import * as TSutils from '../../utilities/trafficSplitUtils.js'
 import {
    rejectBlueGreenIngress,
    rejectBlueGreenService,
    rejectBlueGreenSMI
-} from './reject'
+} from './reject.js'
+import * as bgHelper from './blueGreenHelper.js'
+import * as routeHelper from './route.js'
 
 const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
 const kubectl = new Kubectl('')
+const TEST_TIMEOUT_SHORT = '60s'
+const TEST_TIMEOUT_LONG = '120s'
 
-jest.mock('../../types/kubectl')
+vi.mock('../../types/kubectl')
+
+// Shared mock objects following DRY principle
+const mockSuccessResult = {
+   stdout: 'deployment.apps/nginx-deployment created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult = {
+   stdout: '',
+   stderr: 'error: deployment failed',
+   exitCode: 1
+}
+
+const mockBgDeployment = {
+   deployResult: {
+      execResult: {stdout: '', stderr: '', exitCode: 0},
+      manifestFiles: []
+   },
+   objects: [
+      {
+         kind: 'Ingress',
+         metadata: {
+            name: 'nginx-ingress',
+            labels: new Map<string, string>()
+         },
+         spec: {}
+      }
+   ]
+}
+
+const mockDeleteResult = [
+   {name: 'nginx-service-green', kind: 'Service'},
+   {name: 'nginx-deployment-green', kind: 'Deployment'}
+]
 
 describe('reject tests', () => {
-   let testObjects
+   let testObjects: any
+   let kubectlApplySpy: MockInstance
 
    beforeEach(() => {
-      //@ts-ignore
+      vi.mocked(Kubectl).mockClear()
-      Kubectl.mockClear()
+      vi.restoreAllMocks()
       testObjects = getManifestObjects(ingressFilepath)
+      kubectlApplySpy = vi.spyOn(kubectl, 'apply')
    })
 
    test('reject blue/green ingress', async () => {
+      // Mock kubectl.apply to return successful result
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
       const value = await rejectBlueGreenIngress(kubectl, testObjects)
 
       const bgDeployment = value.routeResult
@@ -43,24 +88,183 @@ describe('reject tests', () => {
       expect(bgDeployment.objects[0].metadata.name).toBe('nginx-ingress')
    })
 
-   test('reject blue/green service', async () => {
+   test('reject blue/green ingress with timeout', async () => {
-      const value = await rejectBlueGreenService(kubectl, testObjects)
+      // Mock routeBlueGreenIngressUnchanged and deleteGreenObjects
+      vi.spyOn(routeHelper, 'routeBlueGreenIngressUnchanged').mockResolvedValue(
+         mockBgDeployment
+      )
+
+      vi.spyOn(bgHelper, 'deleteGreenObjects').mockResolvedValue(
+         mockDeleteResult
+      )
+
+      const value = await rejectBlueGreenIngress(
+         kubectl,
+         testObjects,
+         TEST_TIMEOUT_LONG
+      )
 
       const bgDeployment = value.routeResult
       const deleteResult = value.deleteResult
 
+      expect(deleteResult).toHaveLength(2)
+      for (const obj of deleteResult) {
+         if (obj.kind === 'Service') {
+            expect(obj.name).toBe('nginx-service-green')
+         }
+         if (obj.kind === 'Deployment') {
+            expect(obj.name).toBe('nginx-deployment-green')
+         }
+      }
+
+      expect(bgDeployment.objects).toHaveLength(1)
+      expect(bgDeployment.objects[0].metadata.name).toBe('nginx-ingress')
+
+      // Verify deleteGreenObjects is called with timeout
+      expect(bgHelper.deleteGreenObjects).toHaveBeenCalledWith(
+         kubectl,
+         [].concat(
+            testObjects.deploymentEntityList,
+            testObjects.serviceEntityList
+         ),
+         TEST_TIMEOUT_LONG
+      )
+      expect(routeHelper.routeBlueGreenIngressUnchanged).toHaveBeenCalledWith(
+         kubectl,
+         testObjects.serviceNameMap,
+         testObjects.ingressEntityList,
+         TEST_TIMEOUT_LONG
+      )
+   })
+
+   test('reject blue/green service', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+      vi.spyOn(bgHelper, 'deleteGreenObjects').mockResolvedValue(
+         mockDeleteResult
+      )
+
+      const value = await rejectBlueGreenService(
+         kubectl,
+         testObjects,
+         TEST_TIMEOUT_SHORT
+      )
+
+      const deleteResult = value.deleteResult
+
+      expect(deleteResult).toHaveLength(2)
+      expect(deleteResult).toContainEqual({
+         name: 'nginx-service-green',
+         kind: 'Service'
+      })
+      expect(deleteResult).toContainEqual({
+         name: 'nginx-deployment-green',
+         kind: 'Deployment'
+      })
+   })
+
+   test('reject blue/green service with timeout', async () => {
+      // Mock routeBlueGreenService and deleteGreenObjects
+      vi.spyOn(routeHelper, 'routeBlueGreenService').mockResolvedValue({
+         deployResult: {
+            execResult: {stdout: '', stderr: '', exitCode: 0},
+            manifestFiles: []
+         },
+         objects: [
+            {
+               kind: 'Service',
+               metadata: {
+                  name: 'nginx-service',
+                  labels: new Map<string, string>()
+               },
+               spec: {}
+            }
+         ]
+      })
+
+      vi.spyOn(bgHelper, 'deleteGreenObjects').mockResolvedValue([
+         {name: 'nginx-deployment-green', kind: 'Deployment'}
+      ])
+
+      const value = await rejectBlueGreenService(
+         kubectl,
+         testObjects,
+         TEST_TIMEOUT_LONG
+      )
+
+      const bgDeployment = value.routeResult
+      const deleteResult = value.deleteResult
+
+      // Verify deleteGreenObjects is called with timeout
+      expect(bgHelper.deleteGreenObjects).toHaveBeenCalledWith(
+         kubectl,
+         testObjects.deploymentEntityList,
+         TEST_TIMEOUT_LONG
+      )
+
+      // Assertions for routeResult and deleteResult
       expect(deleteResult).toHaveLength(1)
       expect(deleteResult[0].name).toBe('nginx-deployment-green')
-
       expect(bgDeployment.objects).toHaveLength(1)
       expect(bgDeployment.objects[0].metadata.name).toBe('nginx-service')
    })
 
    test('reject blue/green SMI', async () => {
-      jest
+      // Mock kubectl.apply to return successful result
-         .spyOn(TSutils, 'getTrafficSplitAPIVersion')
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
-         .mockImplementation(() => Promise.resolve('v1alpha3'))
+
+      vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(() =>
+         Promise.resolve('v1alpha3')
+      )
       const rejectResult = await rejectBlueGreenSMI(kubectl, testObjects)
-      expect(rejectResult.deleteResult).toHaveLength(4)
+      expect(rejectResult.deleteResult).toHaveLength(2)
+   })
+
+   // Consolidated error tests
+   test.each([
+      {
+         name: 'should throw error when kubectl apply fails during blue/green ingress rejection',
+         fn: () => rejectBlueGreenIngress(kubectl, testObjects),
+         setup: () => {
+            vi.spyOn(bgHelper, 'deleteGreenObjects').mockResolvedValue(
+               mockDeleteResult
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green service rejection',
+         fn: () => rejectBlueGreenService(kubectl, testObjects),
+         setup: () => {
+            vi.spyOn(bgHelper, 'deleteGreenObjects').mockResolvedValue(
+               mockDeleteResult
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green SMI rejection',
+         fn: () => rejectBlueGreenSMI(kubectl, testObjects),
+         setup: () => {
+            vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(
+               () => Promise.resolve('v1alpha3')
+            )
+         }
+      }
+   ])('$name', async ({fn, setup}) => {
+      kubectlApplySpy.mockClear()
+      kubectlApplySpy.mockResolvedValue(mockFailureResult)
+      setup()
+
+      await expect(fn()).rejects.toThrow()
+      const timeoutArg = kubectlApplySpy.mock.calls[0][3]
+      expect(typeof timeoutArg === 'string' || timeoutArg === undefined).toBe(
+         true
+      )
+
+      expect(kubectlApplySpy).toHaveBeenCalledWith(
+         expect.any(Array),
+         expect.any(Boolean),
+         expect.any(Boolean),
+         timeoutArg
+      )
+      expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
    })
 })

src/strategyHelpers/blueGreen/reject.ts

@@ -1,25 +1,27 @@
-import {K8sDeleteObject} from '../../types/k8sObject'
+import {K8sDeleteObject} from '../../types/k8sObject.js'
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
 import {
    BlueGreenDeployment,
    BlueGreenManifests,
    BlueGreenRejectResult
-} from '../../types/blueGreenTypes'
+} from '../../types/blueGreenTypes.js'
-import {deleteGreenObjects, NONE_LABEL_VALUE} from './blueGreenHelper'
+import {deleteGreenObjects, NONE_LABEL_VALUE} from './blueGreenHelper.js'
-import {routeBlueGreenSMI} from './route'
+import {routeBlueGreenSMI} from './route.js'
-import {cleanupSMI} from './smiBlueGreenHelper'
+import {cleanupSMI} from './smiBlueGreenHelper.js'
-import {routeBlueGreenIngressUnchanged, routeBlueGreenService} from './route'
+import {routeBlueGreenIngressUnchanged, routeBlueGreenService} from './route.js'
 
 export async function rejectBlueGreenIngress(
    kubectl: Kubectl,
-   manifestObjects: BlueGreenManifests
+   manifestObjects: BlueGreenManifests,
+   timeout?: string
 ): Promise<BlueGreenRejectResult> {
    // get all kubernetes objects defined in manifest files
    // route ingress to stables services
    const routeResult = await routeBlueGreenIngressUnchanged(
       kubectl,
       manifestObjects.serviceNameMap,
-      manifestObjects.ingressEntityList
+      manifestObjects.ingressEntityList,
+      timeout
    )
 
    // delete green services and deployments
@@ -28,7 +30,8 @@ export async function rejectBlueGreenIngress(
       [].concat(
          manifestObjects.deploymentEntityList,
          manifestObjects.serviceEntityList
-      )
+      ),
+      timeout
    )
 
    return {routeResult, deleteResult}
@@ -36,19 +39,22 @@ export async function rejectBlueGreenIngress(
 
 export async function rejectBlueGreenService(
    kubectl: Kubectl,
-   manifestObjects: BlueGreenManifests
+   manifestObjects: BlueGreenManifests,
+   timeout?: string
 ): Promise<BlueGreenRejectResult> {
    // route to stable objects
    const routeResult = await routeBlueGreenService(
       kubectl,
       NONE_LABEL_VALUE,
-      manifestObjects.serviceEntityList
+      manifestObjects.serviceEntityList,
+      timeout
    )
 
    // delete new deployments with green suffix
    const deleteResult = await deleteGreenObjects(
       kubectl,
-      manifestObjects.deploymentEntityList
+      manifestObjects.deploymentEntityList,
+      timeout
    )
 
    return {routeResult, deleteResult}
@@ -56,25 +62,29 @@ export async function rejectBlueGreenService(
 
 export async function rejectBlueGreenSMI(
    kubectl: Kubectl,
-   manifestObjects: BlueGreenManifests
+   manifestObjects: BlueGreenManifests,
+   timeout?: string
 ): Promise<BlueGreenRejectResult> {
    // route trafficsplit to stable deployments
    const routeResult = await routeBlueGreenSMI(
       kubectl,
       NONE_LABEL_VALUE,
-      manifestObjects.serviceEntityList
+      manifestObjects.serviceEntityList,
+      timeout
    )
 
    // delete rejected new bluegreen deployments
    const deletedObjects = await deleteGreenObjects(
       kubectl,
-      manifestObjects.deploymentEntityList
+      manifestObjects.deploymentEntityList,
+      timeout
    )
 
    // delete trafficsplit and extra services
    const cleanupResult = await cleanupSMI(
       kubectl,
-      manifestObjects.serviceEntityList
+      manifestObjects.serviceEntityList,
+      timeout
    )
 
    return {routeResult, deleteResult: [].concat(deletedObjects, cleanupResult)}

src/strategyHelpers/blueGreen/route.test.ts

@@ -1,41 +1,60 @@
-import * as core from '@actions/core'
+import {vi} from 'vitest'
-import {K8sIngress, TrafficSplitObject} from '../../types/k8sObject'
+import type {MockInstance} from 'vitest'
-import {Kubectl} from '../../types/kubectl'
+import {K8sIngress, TrafficSplitObject} from '../../types/k8sObject.js'
-import * as fileHelper from '../../utilities/fileUtils'
+import {Kubectl} from '../../types/kubectl.js'
-import * as TSutils from '../../utilities/trafficSplitUtils'
+import * as fileHelper from '../../utilities/fileUtils.js'
-import {RouteStrategy} from '../../types/routeStrategy'
+import * as TSutils from '../../utilities/trafficSplitUtils.js'
-import {getBufferTime} from '../../inputUtils'
+import {RouteStrategy} from '../../types/routeStrategy.js'
-import * as inputUtils from '../../inputUtils'
+import {BlueGreenManifests} from '../../types/blueGreenTypes.js'
-import {BlueGreenManifests} from '../../types/blueGreenTypes'
 
 import {
    BLUE_GREEN_VERSION_LABEL,
    getManifestObjects,
    GREEN_LABEL_VALUE
-} from './blueGreenHelper'
+} from './blueGreenHelper.js'
+import * as bgHelper from './blueGreenHelper.js'
+import * as smiHelper from './smiBlueGreenHelper.js'
 import {
    routeBlueGreenIngress,
    routeBlueGreenService,
-   routeBlueGreenForDeploy
+   routeBlueGreenForDeploy,
-} from './route'
+   routeBlueGreenSMI,
+   routeBlueGreenIngressUnchanged
+} from './route.js'
 
-jest.mock('../../types/kubectl')
+vi.mock('../../types/kubectl')
 const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
 const kc = new Kubectl('')
 
+// Shared mock objects following DRY principle
+const mockSuccessResult = {
+   stdout: 'deployment.apps/nginx-deployment created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult = {
+   stdout: '',
+   stderr: 'error: deployment failed',
+   exitCode: 1
+}
+
 describe('route function tests', () => {
    let testObjects: BlueGreenManifests
-   beforeEach(() => {
+   let kubectlApplySpy: MockInstance
-      //@ts-ignore
-      Kubectl.mockClear()
 
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
       testObjects = getManifestObjects(ingressFilepath)
-      jest
+      kubectlApplySpy = vi.spyOn(kc, 'apply')
-         .spyOn(fileHelper, 'writeObjectsToFile')
+      vi.spyOn(fileHelper, 'writeObjectsToFile').mockImplementationOnce(() => [
-         .mockImplementationOnce(() => [''])
+         ''
+      ])
    })
 
    test('correctly prepares blue/green ingresses for deployment', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
       const unroutedIngCopy: K8sIngress = JSON.parse(
          JSON.stringify(testObjects.ingressEntityList[0])
       )
@@ -80,9 +99,9 @@ describe('route function tests', () => {
    })
 
    test('correctly identifies route pattern and acts accordingly', async () => {
-      jest
+      vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(() =>
-         .spyOn(TSutils, 'getTrafficSplitAPIVersion')
+         Promise.resolve('v1alpha3')
-         .mockImplementation(() => Promise.resolve('v1alpha3'))
+      )
 
       const ingressResult = await routeBlueGreenForDeploy(
          kc,
@@ -116,4 +135,208 @@ describe('route function tests', () => {
          (smiResult.objects as TrafficSplitObject[])[0].spec.backends
       ).toHaveLength(2)
    })
+
+   // Consolidated error tests
+   test.each([
+      {
+         name: 'should throw error when kubectl apply fails during blue/green ingress routing',
+         fn: () =>
+            routeBlueGreenIngress(
+               kc,
+               testObjects.serviceNameMap,
+               testObjects.ingressEntityList
+            ),
+         setup: () => {}
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green service routing',
+         fn: () =>
+            routeBlueGreenService(
+               kc,
+               GREEN_LABEL_VALUE,
+               testObjects.serviceEntityList
+            ),
+         setup: () => {}
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green SMI routing',
+         fn: () =>
+            routeBlueGreenSMI(
+               kc,
+               GREEN_LABEL_VALUE,
+               testObjects.serviceEntityList
+            ),
+         setup: () => {
+            vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(
+               () => Promise.resolve('v1alpha3')
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green ingress unchanged routing',
+         fn: () =>
+            routeBlueGreenIngressUnchanged(
+               kc,
+               testObjects.serviceNameMap,
+               testObjects.ingressEntityList
+            ),
+         setup: () => {}
+      }
+   ])('$name', async ({fn, setup}) => {
+      kubectlApplySpy.mockClear()
+      kubectlApplySpy.mockResolvedValue(mockFailureResult)
+      setup()
+
+      await expect(fn()).rejects.toThrow()
+      expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+   })
+})
+
+// Timeout tests
+describe('route timeout tests', () => {
+   let testObjects: BlueGreenManifests
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      testObjects = getManifestObjects(ingressFilepath)
+      vi.spyOn(fileHelper, 'writeObjectsToFile').mockImplementationOnce(() => [
+         ''
+      ])
+   })
+
+   afterEach(() => {
+      vi.restoreAllMocks()
+   })
+
+   test('routeBlueGreenService with timeout', async () => {
+      const timeout = '240s'
+
+      // Mock deployObjects to capture timeout parameter
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      const value = await routeBlueGreenService(
+         kc,
+         GREEN_LABEL_VALUE,
+         testObjects.serviceEntityList,
+         timeout
+      )
+
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         timeout
+      )
+      expect(value.objects).toHaveLength(1)
+
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('routeBlueGreenSMI with timeout', async () => {
+      const timeout = '300s'
+
+      vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(() =>
+         Promise.resolve('v1alpha3')
+      )
+
+      // Mock deployObjects and createTrafficSplitObject to capture timeout parameter
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      const createTrafficSplitSpy = vi
+         .spyOn(smiHelper, 'createTrafficSplitObject')
+         .mockResolvedValue({
+            apiVersion: 'split.smi-spec.io/v1alpha3',
+            kind: 'TrafficSplit',
+            metadata: {
+               name: 'nginx-service-trafficsplit',
+               labels: new Map(),
+               annotations: new Map()
+            },
+            spec: {service: 'nginx-service', backends: []}
+         })
+
+      const value = await routeBlueGreenSMI(
+         kc,
+         GREEN_LABEL_VALUE,
+         testObjects.serviceEntityList,
+         timeout
+      )
+
+      expect(createTrafficSplitSpy).toHaveBeenCalledWith(
+         kc,
+         'nginx-service',
+         GREEN_LABEL_VALUE,
+         timeout
+      )
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         timeout
+      )
+      expect(value.objects).toHaveLength(1)
+
+      deployObjectsSpy.mockRestore()
+      createTrafficSplitSpy.mockRestore()
+   })
+
+   test('routeBlueGreenIngressUnchanged with timeout', async () => {
+      const timeout = '180s'
+
+      // Mock deployObjects to capture timeout parameter
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      const value = await routeBlueGreenIngressUnchanged(
+         kc,
+         testObjects.serviceNameMap,
+         testObjects.ingressEntityList,
+         timeout
+      )
+
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         timeout
+      )
+      expect(value.objects).toHaveLength(1)
+
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('route functions without timeout should pass undefined', async () => {
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      // Test routeBlueGreenService without timeout
+      await routeBlueGreenService(
+         kc,
+         GREEN_LABEL_VALUE,
+         testObjects.serviceEntityList
+      )
+
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         undefined
+      )
+
+      deployObjectsSpy.mockRestore()
+   })
 })

src/strategyHelpers/blueGreen/route.ts

@@ -1,31 +1,32 @@
-import {sleep} from '../../utilities/timeUtils'
+import {sleep} from '../../utilities/timeUtils.js'
-import {RouteStrategy} from '../../types/routeStrategy'
+import {RouteStrategy} from '../../types/routeStrategy.js'
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
 import {
    BlueGreenDeployment,
    BlueGreenManifests
-} from '../../types/blueGreenTypes'
+} from '../../types/blueGreenTypes.js'
 import {
    getManifestObjects,
    GREEN_LABEL_VALUE,
    deployObjects
-} from './blueGreenHelper'
+} from './blueGreenHelper.js'
 
 import {
    getUpdatedBlueGreenIngress,
    isIngressRouted
-} from './ingressBlueGreenHelper'
+} from './ingressBlueGreenHelper.js'
-import {getUpdatedBlueGreenService} from './serviceBlueGreenHelper'
+import {getUpdatedBlueGreenService} from './serviceBlueGreenHelper.js'
-import {createTrafficSplitObject} from './smiBlueGreenHelper'
+import {createTrafficSplitObject} from './smiBlueGreenHelper.js'
 
 import * as core from '@actions/core'
-import {K8sObject, TrafficSplitObject} from '../../types/k8sObject'
+import {K8sObject, TrafficSplitObject} from '../../types/k8sObject.js'
-import {getBufferTime} from '../../inputUtils'
+import {getBufferTime} from '../../inputUtils.js'
 
 export async function routeBlueGreenForDeploy(
    kubectl: Kubectl,
    inputManifestFiles: string[],
-   routeStrategy: RouteStrategy
+   routeStrategy: RouteStrategy,
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    // sleep for buffer time
    const bufferTime: number = getBufferTime()
@@ -47,19 +48,22 @@ export async function routeBlueGreenForDeploy(
       return await routeBlueGreenIngress(
          kubectl,
          manifestObjects.serviceNameMap,
-         manifestObjects.ingressEntityList
+         manifestObjects.ingressEntityList,
+         timeout
       )
    } else if (routeStrategy == RouteStrategy.SMI) {
       return await routeBlueGreenSMI(
          kubectl,
          GREEN_LABEL_VALUE,
-         manifestObjects.serviceEntityList
+         manifestObjects.serviceEntityList,
+         timeout
       )
    } else {
       return await routeBlueGreenService(
          kubectl,
          GREEN_LABEL_VALUE,
-         manifestObjects.serviceEntityList
+         manifestObjects.serviceEntityList,
+         timeout
       )
    }
 }
@@ -67,7 +71,8 @@ export async function routeBlueGreenForDeploy(
 export async function routeBlueGreenIngress(
    kubectl: Kubectl,
    serviceNameMap: Map<string, string>,
-   ingressEntityList: any[]
+   ingressEntityList: any[],
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    // const newObjectsList = []
    const newObjectsList: K8sObject[] = ingressEntityList.map((obj) => {
@@ -84,7 +89,7 @@ export async function routeBlueGreenIngress(
       }
    })
 
-   const deployResult = await deployObjects(kubectl, newObjectsList)
+   const deployResult = await deployObjects(kubectl, newObjectsList, timeout)
 
    return {deployResult, objects: newObjectsList}
 }
@@ -92,26 +97,28 @@ export async function routeBlueGreenIngress(
 export async function routeBlueGreenIngressUnchanged(
    kubectl: Kubectl,
    serviceNameMap: Map<string, string>,
-   ingressEntityList: any[]
+   ingressEntityList: any[],
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    const objects = ingressEntityList.filter((ingress) =>
       isIngressRouted(ingress, serviceNameMap)
    )
 
-   const deployResult = await deployObjects(kubectl, objects)
+   const deployResult = await deployObjects(kubectl, objects, timeout)
    return {deployResult, objects}
 }
 
 export async function routeBlueGreenService(
    kubectl: Kubectl,
    nextLabel: string,
-   serviceEntityList: any[]
+   serviceEntityList: any[],
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    const objects = serviceEntityList.map((serviceObject) =>
       getUpdatedBlueGreenService(serviceObject, nextLabel)
    )
 
-   const deployResult = await deployObjects(kubectl, objects)
+   const deployResult = await deployObjects(kubectl, objects, timeout)
 
    return {deployResult, objects}
 }
@@ -119,7 +126,8 @@ export async function routeBlueGreenService(
 export async function routeBlueGreenSMI(
    kubectl: Kubectl,
    nextLabel: string,
-   serviceEntityList: any[]
+   serviceEntityList: any[],
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    // let tsObjects: TrafficSplitObject[] = []
 
@@ -128,14 +136,15 @@ export async function routeBlueGreenSMI(
          const tsObject: TrafficSplitObject = await createTrafficSplitObject(
             kubectl,
             serviceObject.metadata.name,
-            nextLabel
+            nextLabel,
+            timeout
          )
 
          return tsObject
       })
    )
 
-   const deployResult = await deployObjects(kubectl, tsObjects)
+   const deployResult = await deployObjects(kubectl, tsObjects, timeout)
 
    return {deployResult, objects: tsObjects}
 }

src/strategyHelpers/blueGreen/serviceBlueGreenHelper.test.ts

@@ -1,26 +1,26 @@
+import {vi} from 'vitest'
 import * as core from '@actions/core'
 import {
    BLUE_GREEN_VERSION_LABEL,
    getManifestObjects,
    GREEN_LABEL_VALUE
-} from './blueGreenHelper'
+} from './blueGreenHelper.js'
-import * as bgHelper from './blueGreenHelper'
+import * as bgHelper from './blueGreenHelper.js'
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
 import {
    getServiceSpecLabel,
    getUpdatedBlueGreenService,
    validateServicesState
-} from './serviceBlueGreenHelper'
+} from './serviceBlueGreenHelper.js'
 
 let testObjects
 const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
-jest.mock('../../types/kubectl')
+vi.mock('../../types/kubectl')
 const kubectl = new Kubectl('')
 
 describe('blue/green service helper tests', () => {
    beforeEach(() => {
-      //@ts-ignore
+      vi.mocked(Kubectl).mockClear()
-      Kubectl.mockClear()
       testObjects = getManifestObjects(ingressFilepath)
    })
 
@@ -42,7 +42,7 @@ describe('blue/green service helper tests', () => {
       mockLabels[BLUE_GREEN_VERSION_LABEL] = bgHelper.GREEN_LABEL_VALUE
       const mockSelectors = new Map<string, string>()
       mockSelectors[BLUE_GREEN_VERSION_LABEL] = GREEN_LABEL_VALUE
-      jest.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
          Promise.resolve({
             kind: 'Service',
             spec: {selector: mockSelectors},

src/strategyHelpers/blueGreen/serviceBlueGreenHelper.ts

@@ -1,12 +1,12 @@
 import * as core from '@actions/core'
-import {K8sServiceObject} from '../../types/k8sObject'
+import {K8sServiceObject} from '../../types/k8sObject.js'
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
 import {
    addBlueGreenLabelsAndAnnotations,
    BLUE_GREEN_VERSION_LABEL,
    fetchResource,
    GREEN_LABEL_VALUE
-} from './blueGreenHelper'
+} from './blueGreenHelper.js'
 
 // add green labels to configure existing service
 export function getUpdatedBlueGreenService(
@@ -31,7 +31,8 @@ export async function validateServicesState(
       const existingService = await fetchResource(
          kubectl,
          serviceObject.kind,
-         serviceObject.metadata.name
+         serviceObject.metadata.name,
+         serviceObject?.metadata?.namespace
       )
 
       let isServiceGreen =

src/strategyHelpers/blueGreen/smiBlueGreenHelper.test.ts

@@ -1,16 +1,16 @@
-import * as core from '@actions/core'
+import {vi} from 'vitest'
-import {TrafficSplitObject} from '../../types/k8sObject'
+import {TrafficSplitObject} from '../../types/k8sObject.js'
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
-import * as fileHelper from '../../utilities/fileUtils'
+import * as fileHelper from '../../utilities/fileUtils.js'
-import * as TSutils from '../../utilities/trafficSplitUtils'
+import * as TSutils from '../../utilities/trafficSplitUtils.js'
 
-import {BlueGreenManifests} from '../../types/blueGreenTypes'
+import {BlueGreenManifests} from '../../types/blueGreenTypes.js'
 import {
    BLUE_GREEN_VERSION_LABEL,
    getManifestObjects,
    GREEN_LABEL_VALUE,
    NONE_LABEL_VALUE
-} from './blueGreenHelper'
+} from './blueGreenHelper.js'
 
 import {
    cleanupSMI,
@@ -21,15 +21,28 @@ import {
    MIN_VAL,
    setupSMI,
    TRAFFIC_SPLIT_OBJECT,
-   TRAFFIC_SPLIT_OBJECT_NAME_SUFFIX,
    validateTrafficSplitsState
-} from './smiBlueGreenHelper'
+} from './smiBlueGreenHelper.js'
-import * as bgHelper from './blueGreenHelper'
+import * as bgHelper from './blueGreenHelper.js'
 
-jest.mock('../../types/kubectl')
+vi.mock('../../types/kubectl')
 
 const kc = new Kubectl('')
 const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
+
+// Shared mock objects following DRY principle
+const mockSuccessResult = {
+   stdout: 'service/nginx-service-stable created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult = {
+   stdout: '',
+   stderr: 'error: service creation failed',
+   exitCode: 1
+}
+
 const mockTsObject: TrafficSplitObject = {
    apiVersion: 'v1alpha3',
    kind: TRAFFIC_SPLIT_OBJECT,
@@ -56,20 +69,21 @@ const mockTsObject: TrafficSplitObject = {
 describe('SMI Helper tests', () => {
    let testObjects: BlueGreenManifests
    beforeEach(() => {
-      //@ts-ignore
+      vi.mocked(Kubectl).mockClear()
-      Kubectl.mockClear()
 
-      jest
+      vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(() =>
-         .spyOn(TSutils, 'getTrafficSplitAPIVersion')
+         Promise.resolve('')
-         .mockImplementation(() => Promise.resolve(''))
+      )
 
       testObjects = getManifestObjects(ingressFilepath)
-      jest
+      vi.spyOn(fileHelper, 'writeObjectsToFile').mockImplementationOnce(() => [
-         .spyOn(fileHelper, 'writeObjectsToFile')
+         ''
-         .mockImplementationOnce(() => [''])
+      ])
    })
 
    test('setupSMI tests', async () => {
+      vi.spyOn(kc, 'apply').mockResolvedValue(mockSuccessResult)
+
       const smiResults = await setupSMI(kc, testObjects.serviceEntityList)
 
       let found = 0
@@ -160,9 +174,9 @@ describe('SMI Helper tests', () => {
    })
 
    test('validateTrafficSplitsState', async () => {
-      jest
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
-         .spyOn(bgHelper, 'fetchResource')
+         Promise.resolve(mockTsObject)
-         .mockImplementation(() => Promise.resolve(mockTsObject))
+      )
 
       let valResult = await validateTrafficSplitsState(
          kc,
@@ -173,9 +187,9 @@ describe('SMI Helper tests', () => {
 
       const mockTsCopy = JSON.parse(JSON.stringify(mockTsObject))
       mockTsCopy.spec.backends[0].weight = MAX_VAL
-      jest
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
-         .spyOn(bgHelper, 'fetchResource')
+         Promise.resolve(mockTsCopy)
-         .mockImplementation(() => Promise.resolve(mockTsCopy))
+      )
 
       valResult = await validateTrafficSplitsState(
          kc,
@@ -183,7 +197,7 @@ describe('SMI Helper tests', () => {
       )
       expect(valResult).toBe(false)
 
-      jest.spyOn(bgHelper, 'fetchResource').mockImplementation()
+      vi.spyOn(bgHelper, 'fetchResource').mockResolvedValue(null)
       valResult = await validateTrafficSplitsState(
          kc,
          testObjects.serviceEntityList
@@ -193,11 +207,212 @@ describe('SMI Helper tests', () => {
 
    test('cleanupSMI test', async () => {
       const deleteObjects = await cleanupSMI(kc, testObjects.serviceEntityList)
-      expect(deleteObjects).toHaveLength(3)
+      expect(deleteObjects).toHaveLength(1)
-      expect(deleteObjects[0].name).toBe('nginx-service-trafficsplit')
+      expect(deleteObjects[0].name).toBe('nginx-service-green')
-      expect(deleteObjects[1].name).toBe('nginx-service-green')
+      expect(deleteObjects[0].kind).toBe('Service')
-      expect(deleteObjects[1].kind).toBe('Service')
+   })
-      expect(deleteObjects[2].name).toBe('nginx-service-stable')
+
-      expect(deleteObjects[2].kind).toBe('Service')
+   // Consolidated error tests using test.each for DRY principle
+   test.each([
+      {
+         name: 'should throw error when kubectl apply fails during SMI setup',
+         fn: () => setupSMI(kc, testObjects.serviceEntityList),
+         setup: () => {
+            vi.spyOn(kc, 'apply').mockResolvedValue(mockFailureResult)
+         }
+      }
+   ])('$name', async ({fn, setup}) => {
+      setup()
+
+      await expect(fn()).rejects.toThrow()
+   })
+
+   // Timeout-specific tests
+   test('setupSMI with timeout test', async () => {
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      const timeout = '300s'
+      const smiResults = await setupSMI(
+         kc,
+         testObjects.serviceEntityList,
+         timeout
+      )
+
+      // Verify deployObjects was called with timeout
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         timeout
+      )
+
+      expect(smiResults.objects).toBeDefined()
+      expect(smiResults.deployResult).toBeDefined()
+
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('createTrafficSplitObject with timeout test', async () => {
+      const deleteObjectsSpy = vi
+         .spyOn(bgHelper, 'deleteObjects')
+         .mockResolvedValue()
+
+      const timeout = '180s'
+      const tsObject = await createTrafficSplitObject(
+         kc,
+         testObjects.serviceEntityList[0].metadata.name,
+         NONE_LABEL_VALUE,
+         timeout
+      )
+
+      // Verify deleteObjects was called with timeout
+      expect(deleteObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.arrayContaining([
+            expect.objectContaining({
+               name: 'nginx-service-trafficsplit',
+               kind: TRAFFIC_SPLIT_OBJECT
+            })
+         ]),
+         timeout
+      )
+
+      expect(tsObject.metadata.name).toBe('nginx-service-trafficsplit')
+      expect(tsObject.spec.backends).toHaveLength(2)
+
+      deleteObjectsSpy.mockRestore()
+   })
+
+   test('createTrafficSplitObject with GREEN_LABEL_VALUE and timeout test', async () => {
+      const deleteObjectsSpy = vi
+         .spyOn(bgHelper, 'deleteObjects')
+         .mockResolvedValue()
+
+      const timeout = '240s'
+      const tsObject = await createTrafficSplitObject(
+         kc,
+         testObjects.serviceEntityList[0].metadata.name,
+         GREEN_LABEL_VALUE,
+         timeout
+      )
+
+      // Verify deleteObjects was called with timeout
+      expect(deleteObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         timeout
+      )
+
+      // Verify weights are correct for green deployment
+      for (const be of tsObject.spec.backends) {
+         if (be.service === 'nginx-service-stable') {
+            expect(be.weight).toBe(MIN_VAL)
+         }
+         if (be.service === 'nginx-service-green') {
+            expect(be.weight).toBe(MAX_VAL)
+         }
+      }
+
+      deleteObjectsSpy.mockRestore()
+   })
+
+   test('cleanupSMI with timeout test', async () => {
+      const deleteObjectsSpy = vi
+         .spyOn(bgHelper, 'deleteObjects')
+         .mockResolvedValue()
+
+      const timeout = '120s'
+      const deleteObjects = await cleanupSMI(
+         kc,
+         testObjects.serviceEntityList,
+         timeout
+      )
+
+      // Verify deleteObjects was called with timeout
+      expect(deleteObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.arrayContaining([
+            expect.objectContaining({
+               name: 'nginx-service-green',
+               kind: 'Service'
+            })
+         ]),
+         timeout
+      )
+
+      expect(deleteObjects).toHaveLength(1)
+      expect(deleteObjects[0].name).toBe('nginx-service-green')
+      expect(deleteObjects[0].kind).toBe('Service')
+
+      deleteObjectsSpy.mockRestore()
+   })
+
+   test('setupSMI without timeout test', async () => {
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      const smiResults = await setupSMI(kc, testObjects.serviceEntityList)
+
+      // Verify deployObjects was called without timeout (undefined)
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         undefined
+      )
+
+      expect(smiResults.objects).toBeDefined()
+      expect(smiResults.deployResult).toBeDefined()
+
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('createTrafficSplitObject without timeout test', async () => {
+      const deleteObjectsSpy = vi
+         .spyOn(bgHelper, 'deleteObjects')
+         .mockResolvedValue()
+
+      const tsObject = await createTrafficSplitObject(
+         kc,
+         testObjects.serviceEntityList[0].metadata.name,
+         NONE_LABEL_VALUE
+      )
+
+      // Verify deleteObjects was called without timeout (undefined)
+      expect(deleteObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         undefined
+      )
+
+      expect(tsObject.metadata.name).toBe('nginx-service-trafficsplit')
+
+      deleteObjectsSpy.mockRestore()
+   })
+
+   test('cleanupSMI without timeout test', async () => {
+      const deleteObjectsSpy = vi
+         .spyOn(bgHelper, 'deleteObjects')
+         .mockResolvedValue()
+
+      const deleteObjects = await cleanupSMI(kc, testObjects.serviceEntityList)
+
+      // Verify deleteObjects was called without timeout (undefined)
+      expect(deleteObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         undefined
+      )
+
+      expect(deleteObjects).toHaveLength(1)
+
+      deleteObjectsSpy.mockRestore()
    })
 })

src/strategyHelpers/blueGreen/smiBlueGreenHelper.ts

@@ -1,6 +1,6 @@
 import * as core from '@actions/core'
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
-import * as kubectlUtils from '../../utilities/trafficSplitUtils'
+import * as kubectlUtils from '../../utilities/trafficSplitUtils.js'
 import {
    deleteObjects,
    deployObjects,
@@ -11,15 +11,15 @@ import {
    GREEN_SUFFIX,
    NONE_LABEL_VALUE,
    STABLE_SUFFIX
-} from './blueGreenHelper'
+} from './blueGreenHelper.js'
-import {BlueGreenDeployment} from '../../types/blueGreenTypes'
+import {BlueGreenDeployment} from '../../types/blueGreenTypes.js'
 import {
    K8sDeleteObject,
    K8sObject,
    TrafficSplitObject
-} from '../../types/k8sObject'
+} from '../../types/k8sObject.js'
-import {DeployResult} from '../../types/deployResult'
+import {DeployResult} from '../../types/deployResult.js'
-import {inputAnnotations} from '../../inputUtils'
+import {inputAnnotations} from '../../inputUtils.js'
 
 export const TRAFFIC_SPLIT_OBJECT_NAME_SUFFIX = '-trafficsplit'
 export const TRAFFIC_SPLIT_OBJECT = 'TrafficSplit'
@@ -28,7 +28,8 @@ export const MAX_VAL = 100
 
 export async function setupSMI(
    kubectl: Kubectl,
-   serviceEntityList: any[]
+   serviceEntityList: any[],
+   timeout?: string
 ): Promise<BlueGreenDeployment> {
    const newObjectsList = []
    const trafficObjectList = []
@@ -49,7 +50,8 @@ export async function setupSMI(
       const tsObject = await createTrafficSplitObject(
          kubectl,
          svc.metadata.name,
-         NONE_LABEL_VALUE
+         NONE_LABEL_VALUE,
+         timeout
       )
       tsObjects.push(tsObject as TrafficSplitObject)
    }
@@ -59,7 +61,8 @@ export async function setupSMI(
    // create services
    const smiDeploymentResult: DeployResult = await deployObjects(
       kubectl,
-      objectsToDeploy
+      objectsToDeploy,
+      timeout
    )
 
    return {
@@ -73,13 +76,13 @@ let trafficSplitAPIVersion = ''
 export async function createTrafficSplitObject(
    kubectl: Kubectl,
    name: string,
-   nextLabel: string
+   nextLabel: string,
+   timeout?: string
 ): Promise<TrafficSplitObject> {
    // cache traffic split api version
    if (!trafficSplitAPIVersion)
-      trafficSplitAPIVersion = await kubectlUtils.getTrafficSplitAPIVersion(
+      trafficSplitAPIVersion =
-         kubectl
+         await kubectlUtils.getTrafficSplitAPIVersion(kubectl)
-      )
 
    // retrieve annotations for TS object
    const annotations = inputAnnotations
@@ -113,6 +116,13 @@ export async function createTrafficSplitObject(
       }
    }
 
+   const deleteList: K8sDeleteObject[] = [
+      {
+         name: trafficSplitObject.metadata.name,
+         kind: trafficSplitObject.kind
+      }
+   ]
+   await deleteObjects(kubectl, deleteList, timeout)
    return trafficSplitObject
 }
 
@@ -142,7 +152,8 @@ export async function validateTrafficSplitsState(
       let trafficSplitObject = await fetchResource(
          kubectl,
          TRAFFIC_SPLIT_OBJECT,
-         getBlueGreenResourceName(name, TRAFFIC_SPLIT_OBJECT_NAME_SUFFIX)
+         getBlueGreenResourceName(name, TRAFFIC_SPLIT_OBJECT_NAME_SUFFIX),
+         serviceObject?.metadata?.namespace
       )
       core.debug(
          `ts object extracted was ${JSON.stringify(trafficSplitObject)}`
@@ -173,38 +184,24 @@ export async function validateTrafficSplitsState(
 
 export async function cleanupSMI(
    kubectl: Kubectl,
-   serviceEntityList: any[]
+   serviceEntityList: any[],
+   timeout?: string
 ): Promise<K8sDeleteObject[]> {
    const deleteList: K8sDeleteObject[] = []
 
    serviceEntityList.forEach((serviceObject) => {
-      deleteList.push({
-         name: getBlueGreenResourceName(
-            serviceObject.metadata.name,
-            TRAFFIC_SPLIT_OBJECT_NAME_SUFFIX
-         ),
-         kind: TRAFFIC_SPLIT_OBJECT
-      })
-
       deleteList.push({
          name: getBlueGreenResourceName(
             serviceObject.metadata.name,
             GREEN_SUFFIX
          ),
-         kind: serviceObject.kind
+         kind: serviceObject.kind,
-      })
+         namespace: serviceObject?.metadata?.namespace
-
-      deleteList.push({
-         name: getBlueGreenResourceName(
-            serviceObject.metadata.name,
-            STABLE_SUFFIX
-         ),
-         kind: serviceObject.kind
       })
    })
 
    // delete all objects
-   await deleteObjects(kubectl, deleteList)
+   await deleteObjects(kubectl, deleteList, timeout)
 
    return deleteList
 }

src/strategyHelpers/canary/canaryHelper.ts

@@ -1,4 +1,4 @@
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
 import * as fs from 'fs'
 import * as yaml from 'js-yaml'
 import * as core from '@actions/core'
@@ -7,15 +7,15 @@ import {
    isDeploymentEntity,
    isServiceEntity,
    KubernetesWorkload
-} from '../../types/kubernetesTypes'
+} from '../../types/kubernetesTypes.js'
-import * as utils from '../../utilities/manifestUpdateUtils'
+import * as utils from '../../utilities/manifestUpdateUtils.js'
 import {
    updateObjectAnnotations,
    updateObjectLabels,
    updateSelectorLabels
-} from '../../utilities/manifestUpdateUtils'
+} from '../../utilities/manifestUpdateUtils.js'
-import {updateSpecLabels} from '../../utilities/manifestSpecLabelUtils'
+import {updateSpecLabels} from '../../utilities/manifestSpecLabelUtils.js'
-import {checkForErrors} from '../../utilities/kubectlUtils'
+import {checkForErrors} from '../../utilities/kubectlUtils.js'
 
 export const CANARY_VERSION_LABEL = 'workflow/version'
 const BASELINE_SUFFIX = '-baseline'
@@ -28,13 +28,20 @@ export const STABLE_LABEL_VALUE = 'stable'
 export async function deleteCanaryDeployment(
    kubectl: Kubectl,
    manifestFilePaths: string[],
-   includeServices: boolean
+   includeServices: boolean,
-) {
+   timeout?: string
+): Promise<string[]> {
    if (manifestFilePaths == null || manifestFilePaths.length == 0) {
       throw new Error('Manifest files for deleting canary deployment not found')
    }
 
-   await cleanUpCanary(kubectl, manifestFilePaths, includeServices)
+   const deletedFiles = await cleanUpCanary(
+      kubectl,
+      manifestFilePaths,
+      includeServices,
+      timeout
+   )
+   return deletedFiles
 }
 
 export function markResourceAsStable(inputObject: any): object {
@@ -188,35 +195,52 @@ function addCanaryLabelsAndAnnotations(inputObject: any, type: string) {
 async function cleanUpCanary(
    kubectl: Kubectl,
    files: string[],
-   includeServices: boolean
+   includeServices: boolean,
-) {
+   timeout?: string
-   const deleteObject = async function (kind, name) {
+): Promise<string[]> {
+   const deleteObject = async function (
+      kind: string,
+      name: string,
+      namespace: string | undefined
+   ) {
       try {
-         const result = await kubectl.delete([kind, name])
+         const result = await kubectl.delete([kind, name], namespace, timeout)
          checkForErrors([result])
       } catch (ex) {
          // Ignore failures of delete if it doesn't exist
       }
    }
 
+   const deletedFiles: string[] = []
+
    for (const filePath of files) {
-      const fileContents = fs.readFileSync(filePath).toString()
+      try {
+         const fileContents = fs.readFileSync(filePath).toString()
 
-      const parsedYaml = yaml.safeLoadAll(fileContents)
+         const parsedYaml: any[] = yaml.loadAll(fileContents)
-      for (const inputObject of parsedYaml) {
+         for (const inputObject of parsedYaml) {
-         const name = inputObject.metadata.name
+            const name = inputObject.metadata.name
-         const kind = inputObject.kind
+            const kind = inputObject.kind
+            const namespace: string | undefined =
+               inputObject?.metadata?.namespace
 
-         if (
+            if (
-            isDeploymentEntity(kind) ||
+               isDeploymentEntity(kind) ||
-            (includeServices && isServiceEntity(kind))
+               (includeServices && isServiceEntity(kind))
-         ) {
+            ) {
-            const canaryObjectName = getCanaryResourceName(name)
+               deletedFiles.push(filePath)
-            const baselineObjectName = getBaselineResourceName(name)
+               const canaryObjectName = getCanaryResourceName(name)
+               const baselineObjectName = getBaselineResourceName(name)
 
-            await deleteObject(kind, canaryObjectName)
+               await deleteObject(kind, canaryObjectName, namespace)
-            await deleteObject(kind, baselineObjectName)
+               await deleteObject(kind, baselineObjectName, namespace)
+            }
          }
+      } catch (error) {
+         core.error(`Failed to process file ${filePath}: ${error.message}`)
+         throw error
       }
    }
+
+   return deletedFiles
 }

src/strategyHelpers/canary/podCanaryHelper.test.ts

@@ -0,0 +1,288 @@
+import {vi} from 'vitest'
+import type {MockInstance} from 'vitest'
+vi.mock('@actions/core')
+
+import * as core from '@actions/core'
+import {Kubectl} from '../../types/kubectl.js'
+import {
+   deployPodCanary,
+   calculateReplicaCountForCanary
+} from './podCanaryHelper.js'
+
+vi.mock('../../types/kubectl')
+
+const kc = new Kubectl('')
+
+// Shared mock objects following DRY principle
+const mockSuccessResult = {
+   stdout: 'deployment.apps/nginx-deployment created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult = {
+   stdout: '',
+   stderr: 'error: deployment failed',
+   exitCode: 1
+}
+
+// Use existing test manifest files
+const testManifestFiles = ['test/unit/manifests/basic-test.yml']
+
+// Test constants
+const VALID_PERCENTAGE = 50
+const INVALID_LOW_PERCENTAGE = -10
+const INVALID_HIGH_PERCENTAGE = 150
+const MIN_PERCENTAGE = 0
+const MAX_PERCENTAGE = 100
+const TIMEOUT_300S = '300s'
+
+describe('Pod Canary Helper tests', () => {
+   let mockFilePaths: string[]
+   let kubectlApplySpy: MockInstance
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      vi.restoreAllMocks()
+
+      mockFilePaths = testManifestFiles
+      kubectlApplySpy = vi.spyOn(kc, 'apply')
+
+      // Mock core.getInput with default values
+      vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+         switch (name) {
+            case 'percentage':
+               return VALID_PERCENTAGE.toString()
+            case 'force':
+               return 'false'
+            case 'server-side':
+               return 'false'
+            default:
+               return ''
+         }
+      })
+   })
+
+   afterEach(() => {
+      vi.restoreAllMocks()
+      kubectlApplySpy.mockClear()
+   })
+
+   describe('deployPodCanary', () => {
+      test('should deploy canary successfully when kubectl apply succeeds', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployPodCanary(mockFilePaths, kc, false)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(result.manifestFiles).toBeDefined()
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should throw error when kubectl apply fails', async () => {
+         kubectlApplySpy.mockResolvedValue(mockFailureResult)
+
+         await expect(
+            deployPodCanary(mockFilePaths, kc, false)
+         ).rejects.toThrow()
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+      })
+
+      test('should deploy stable only when onlyDeployStable is true', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployPodCanary(mockFilePaths, kc, true)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should handle timeout parameter', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployPodCanary(
+            mockFilePaths,
+            kc,
+            false,
+            TIMEOUT_300S
+         )
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            false,
+            false,
+            TIMEOUT_300S
+         )
+      })
+
+      test('should throw error for invalid low percentage', async () => {
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'percentage') return INVALID_LOW_PERCENTAGE.toString()
+            return ''
+         })
+
+         await expect(
+            deployPodCanary(mockFilePaths, kc, false)
+         ).rejects.toThrow(
+            `Percentage must be between ${MIN_PERCENTAGE} and ${MAX_PERCENTAGE}`
+         )
+      })
+
+      test('should throw error for invalid high percentage', async () => {
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'percentage') return INVALID_HIGH_PERCENTAGE.toString()
+            return ''
+         })
+
+         await expect(
+            deployPodCanary(mockFilePaths, kc, false)
+         ).rejects.toThrow(
+            `Percentage must be between ${MIN_PERCENTAGE} and ${MAX_PERCENTAGE}`
+         )
+      })
+
+      test('should handle valid edge case percentages', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         // Test minimum valid percentage
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'percentage') return MIN_PERCENTAGE.toString()
+            return ''
+         })
+
+         const resultMin = await deployPodCanary(mockFilePaths, kc, false)
+         expect(resultMin.execResult).toEqual(mockSuccessResult)
+
+         // Test maximum valid percentage
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'percentage') return MAX_PERCENTAGE.toString()
+            return ''
+         })
+
+         const resultMax = await deployPodCanary(mockFilePaths, kc, false)
+         expect(resultMax.execResult).toEqual(mockSuccessResult)
+      })
+
+      test('should handle force deployment option', async () => {
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            switch (name) {
+               case 'percentage':
+                  return VALID_PERCENTAGE.toString()
+               case 'force':
+                  return 'true'
+               default:
+                  return ''
+            }
+         })
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployPodCanary(mockFilePaths, kc, false)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            true, // force should be true
+            false,
+            undefined
+         )
+      })
+
+      test('should handle server-side apply option', async () => {
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            switch (name) {
+               case 'percentage':
+                  return VALID_PERCENTAGE.toString()
+               case 'server-side':
+                  return 'true'
+               default:
+                  return ''
+            }
+         })
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployPodCanary(mockFilePaths, kc, false)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            false,
+            true, // server-side should be true
+            undefined
+         )
+      })
+   })
+
+   describe('calculateReplicaCountForCanary', () => {
+      test('should calculate correct replica count for given percentage', () => {
+         const mockObject = {
+            kind: 'Deployment',
+            metadata: {
+               name: 'test-deployment'
+            },
+            spec: {
+               replicas: 10
+            }
+         }
+
+         // 50% of 10 replicas = 5
+         const result50 = calculateReplicaCountForCanary(mockObject, 50)
+         expect(result50).toBe(5)
+
+         // 25% of 10 replicas = 2.5, rounded to 3
+         const result25 = calculateReplicaCountForCanary(mockObject, 25)
+         expect(result25).toBe(3)
+
+         // 10% of 10 replicas = 1
+         const result10 = calculateReplicaCountForCanary(mockObject, 10)
+         expect(result10).toBe(1)
+      })
+
+      test('should return minimum 1 replica even for very low percentages', () => {
+         const mockObject = {
+            kind: 'Deployment',
+            metadata: {
+               name: 'test-deployment'
+            },
+            spec: {
+               replicas: 2
+            }
+         }
+
+         // 1% of 2 replicas = 0.02, but should return minimum 1
+         const result = calculateReplicaCountForCanary(mockObject, 1)
+         expect(result).toBe(1)
+      })
+
+      test('should handle 100% percentage correctly', () => {
+         const mockObject = {
+            kind: 'Deployment',
+            metadata: {
+               name: 'test-deployment'
+            },
+            spec: {
+               replicas: 5
+            }
+         }
+
+         const result = calculateReplicaCountForCanary(mockObject, 100)
+         expect(result).toBe(5)
+      })
+
+      test('should handle 0% percentage correctly', () => {
+         const mockObject = {
+            kind: 'Deployment',
+            metadata: {
+               name: 'test-deployment'
+            },
+            spec: {
+               replicas: 10
+            }
+         }
+
+         // 0% should still return minimum 1 replica
+         const result = calculateReplicaCountForCanary(mockObject, 0)
+         expect(result).toBe(1)
+      })
+   })
+})

src/strategyHelpers/canary/podCanaryHelper.ts

@@ -1,18 +1,22 @@
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
 import * as core from '@actions/core'
 import * as fs from 'fs'
 import * as yaml from 'js-yaml'
 
-import * as fileHelper from '../../utilities/fileUtils'
+import * as fileHelper from '../../utilities/fileUtils.js'
-import * as canaryDeploymentHelper from './canaryHelper'
+import * as canaryDeploymentHelper from './canaryHelper.js'
-import {isDeploymentEntity} from '../../types/kubernetesTypes'
+import {isDeploymentEntity} from '../../types/kubernetesTypes.js'
-import {getReplicaCount} from '../../utilities/manifestUpdateUtils'
+import {getReplicaCount} from '../../utilities/manifestUpdateUtils.js'
+import {DeployResult} from '../../types/deployResult.js'
+import {K8sObject} from '../../types/k8sObject.js'
+import {checkForErrors} from '../../utilities/kubectlUtils.js'
 
 export async function deployPodCanary(
    filePaths: string[],
    kubectl: Kubectl,
-   onlyDeployStable: boolean = false
+   onlyDeployStable: boolean = false,
-) {
+   timeout?: string
+): Promise<DeployResult> {
    const newObjectsList = []
    const percentage = parseInt(core.getInput('percentage', {required: true}))
 
@@ -20,59 +24,89 @@ export async function deployPodCanary(
       throw Error('Percentage must be between 0 and 100')
 
    for (const filePath of filePaths) {
-      const fileContents = fs.readFileSync(filePath).toString()
+      try {
-      const parsedYaml = yaml.safeLoadAll(fileContents)
+         const fileContents = fs.readFileSync(filePath, 'utf8')
-      for (const inputObject of parsedYaml) {
+         const parsedYaml = yaml.loadAll(fileContents)
-         const name = inputObject.metadata.name
+         for (const inputObject of parsedYaml) {
-         const kind = inputObject.kind
+            if (
+               inputObject &&
+               typeof inputObject === 'object' &&
+               'metadata' in inputObject &&
+               'kind' in inputObject &&
+               'spec' in inputObject &&
+               typeof inputObject.metadata === 'object' &&
+               'name' in inputObject.metadata &&
+               typeof inputObject.metadata.name === 'string' &&
+               typeof inputObject.kind === 'string'
+            ) {
+               const obj = inputObject as K8sObject
+               const name = obj.metadata.name
+               const kind = obj.kind
 
-         if (!onlyDeployStable && isDeploymentEntity(kind)) {
+               if (!onlyDeployStable && isDeploymentEntity(kind)) {
-            core.debug('Calculating replica count for canary')
+                  core.debug('Calculating replica count for canary')
-            const canaryReplicaCount = calculateReplicaCountForCanary(
+                  const canaryReplicaCount = calculateReplicaCountForCanary(
-               inputObject,
+                     obj,
-               percentage
+                     percentage
-            )
-            core.debug('Replica count is ' + canaryReplicaCount)
-
-            const newCanaryObject = canaryDeploymentHelper.getNewCanaryResource(
-               inputObject,
-               canaryReplicaCount
-            )
-            newObjectsList.push(newCanaryObject)
-
-            // if there's already a stable object, deploy baseline as well
-            const stableObject = await canaryDeploymentHelper.fetchResource(
-               kubectl,
-               kind,
-               name
-            )
-            if (stableObject) {
-               core.debug(
-                  `Stable object found for ${kind} ${name}. Creating baseline objects`
-               )
-               const newBaselineObject =
-                  canaryDeploymentHelper.getNewBaselineResource(
-                     stableObject,
-                     canaryReplicaCount
                   )
-               core.debug(
+                  core.debug('Replica count is ' + canaryReplicaCount)
-                  'New baseline object: ' + JSON.stringify(newBaselineObject)
+
-               )
+                  const newCanaryObject =
-               newObjectsList.push(newBaselineObject)
+                     canaryDeploymentHelper.getNewCanaryResource(
+                        obj,
+                        canaryReplicaCount
+                     )
+                  newObjectsList.push(newCanaryObject)
+
+                  // if there's already a stable object, deploy baseline as well
+                  const stableObject =
+                     await canaryDeploymentHelper.fetchResource(
+                        kubectl,
+                        kind,
+                        name
+                     )
+                  if (stableObject) {
+                     core.debug(
+                        `Stable object found for ${kind} ${name}. Creating baseline objects`
+                     )
+                     const newBaselineObject =
+                        canaryDeploymentHelper.getNewBaselineResource(
+                           stableObject,
+                           canaryReplicaCount
+                        )
+                     core.debug(
+                        'New baseline object: ' +
+                           JSON.stringify(newBaselineObject)
+                     )
+                     newObjectsList.push(newBaselineObject)
+                  }
+               } else {
+                  // deploy non deployment entity or regular deployments for promote as they are
+                  newObjectsList.push(obj)
+               }
             }
-         } else {
-            // deploy non deployment entity or regular deployments for promote as they are
-            newObjectsList.push(inputObject)
          }
+      } catch (error) {
+         core.error(
+            `Failed to parse YAML file at ${filePath}: ${error.message}`
+         )
+         throw error
       }
    }
 
    core.debug('New objects list: ' + JSON.stringify(newObjectsList))
    const manifestFiles = fileHelper.writeObjectsToFile(newObjectsList)
    const forceDeployment = core.getInput('force').toLowerCase() === 'true'
+   const serverSideApply = core.getInput('server-side').toLowerCase() === 'true'
 
-   const result = await kubectl.apply(manifestFiles, forceDeployment)
+   const execResult = await kubectl.apply(
-   return {result, newFilePaths: manifestFiles}
+      manifestFiles,
+      forceDeployment,
+      serverSideApply,
+      timeout
+   )
+   checkForErrors([execResult])
+   return {execResult, manifestFiles}
 }
 
 export function calculateReplicaCountForCanary(

src/strategyHelpers/canary/smiCanaryHelper.test.ts

@@ -0,0 +1,223 @@
+import {vi} from 'vitest'
+import type {MockInstance} from 'vitest'
+vi.mock('@actions/core', async (importOriginal) => {
+   const actual: any = await importOriginal()
+   return {
+      ...actual,
+      getInput: vi.fn().mockReturnValue(''),
+      debug: vi.fn(),
+      info: vi.fn(),
+      warning: vi.fn(),
+      error: vi.fn(),
+      setFailed: vi.fn(),
+      setOutput: vi.fn(),
+      group: vi
+         .fn()
+         .mockImplementation(
+            async (_name: string, fn: () => Promise<void>) => await fn()
+         )
+   }
+})
+
+import * as core from '@actions/core'
+import * as fs from 'fs'
+import {Kubectl} from '../../types/kubectl.js'
+import {
+   deploySMICanary,
+   redirectTrafficToCanaryDeployment,
+   redirectTrafficToStableDeployment
+} from './smiCanaryHelper.js'
+
+vi.mock('../../types/kubectl')
+
+const kc = new Kubectl('')
+
+// Shared mock objects following DRY principle
+const mockSuccessResult = {
+   stdout: 'deployment.apps/nginx-deployment created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult = {
+   stdout: '',
+   stderr: 'error: deployment failed',
+   exitCode: 1
+}
+
+const mockExecuteCommandResult = {
+   stdout: 'split.smi-spec.io/v1alpha1\nsplit.smi-spec.io/v1alpha2',
+   stderr: '',
+   exitCode: 0
+}
+
+// Use existing test manifest files
+const testManifestFiles = ['test/unit/manifests/basic-test.yml']
+
+// Test constants
+const VALID_REPLICA_COUNT = 5
+const TIMEOUT_300S = '300s'
+const TIMEOUT_240S = '240s'
+
+describe('SMI Canary Helper tests', () => {
+   let mockFilePaths: string[]
+   let kubectlApplySpy: MockInstance
+   let kubectlExecuteCommandSpy: MockInstance
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      vi.restoreAllMocks()
+
+      mockFilePaths = testManifestFiles
+      kubectlApplySpy = vi.spyOn(kc, 'apply')
+      kubectlExecuteCommandSpy = vi
+         .spyOn(kc, 'executeCommand')
+         .mockResolvedValue(mockExecuteCommandResult)
+
+      // Mock core.getInput with default values
+      vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+         switch (name) {
+            case 'percentage':
+               return '50'
+            case 'baseline-and-canary-replicas':
+               return ''
+            case 'force':
+               return 'false'
+            case 'server-side':
+               return 'false'
+            default:
+               return ''
+         }
+      })
+   })
+
+   afterEach(() => {
+      vi.restoreAllMocks()
+      kubectlApplySpy.mockClear()
+   })
+
+   describe('deploySMICanary', () => {
+      test('should deploy canary successfully when kubectl apply succeeds', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deploySMICanary(mockFilePaths, kc, false)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(result.manifestFiles).toBeDefined()
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should throw error when kubectl apply fails', async () => {
+         kubectlApplySpy.mockResolvedValue(mockFailureResult)
+
+         await expect(
+            deploySMICanary(mockFilePaths, kc, false)
+         ).rejects.toThrow()
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(2)
+      })
+
+      test('should deploy stable only when onlyDeployStable is true', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deploySMICanary(mockFilePaths, kc, true)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should handle custom replica count from input', async () => {
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            switch (name) {
+               case 'baseline-and-canary-replicas':
+                  return VALID_REPLICA_COUNT.toString()
+               case 'percentage':
+                  return '50'
+               default:
+                  return ''
+            }
+         })
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deploySMICanary(mockFilePaths, kc, false)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+      })
+   })
+
+   describe('redirectTrafficToCanaryDeployment', () => {
+      test('should redirect traffic to canary deployment successfully', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         await redirectTrafficToCanaryDeployment(kc, mockFilePaths)
+
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should handle timeout parameter', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         await redirectTrafficToCanaryDeployment(
+            kc,
+            mockFilePaths,
+            TIMEOUT_300S
+         )
+
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            false,
+            false,
+            TIMEOUT_300S
+         )
+      })
+
+      test('should throw error when kubectl apply fails', async () => {
+         kubectlApplySpy.mockResolvedValue(mockFailureResult)
+
+         await expect(
+            redirectTrafficToCanaryDeployment(kc, mockFilePaths)
+         ).rejects.toThrow()
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+      })
+   })
+
+   describe('redirectTrafficToStableDeployment', () => {
+      test('should redirect traffic to stable deployment successfully', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await redirectTrafficToStableDeployment(
+            kc,
+            mockFilePaths
+         )
+
+         expect(result).toBeDefined()
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should handle timeout parameter', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await redirectTrafficToStableDeployment(
+            kc,
+            mockFilePaths,
+            TIMEOUT_240S
+         )
+
+         expect(result).toBeDefined()
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            false,
+            false,
+            TIMEOUT_240S
+         )
+      })
+
+      test('should throw error when kubectl apply fails during traffic redirect to stable', async () => {
+         kubectlApplySpy.mockResolvedValue(mockFailureResult)
+
+         await expect(
+            redirectTrafficToStableDeployment(kc, mockFilePaths)
+         ).rejects.toThrow()
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+      })
+   })
+})

src/strategyHelpers/canary/smiCanaryHelper.ts

@@ -1,15 +1,20 @@
-import {Kubectl} from '../../types/kubectl'
+import {Kubectl} from '../../types/kubectl.js'
 import * as core from '@actions/core'
 import * as fs from 'fs'
 import * as yaml from 'js-yaml'
 
-import * as fileHelper from '../../utilities/fileUtils'
+import * as fileHelper from '../../utilities/fileUtils.js'
-import * as kubectlUtils from '../../utilities/trafficSplitUtils'
+import * as kubectlUtils from '../../utilities/trafficSplitUtils.js'
-import * as canaryDeploymentHelper from './canaryHelper'
+import * as canaryDeploymentHelper from './canaryHelper.js'
-import * as podCanaryHelper from './podCanaryHelper'
+import * as podCanaryHelper from './podCanaryHelper.js'
-import {isDeploymentEntity, isServiceEntity} from '../../types/kubernetesTypes'
+import {
-import {checkForErrors} from '../../utilities/kubectlUtils'
+   isDeploymentEntity,
-import {inputAnnotations} from '../../inputUtils'
+   isServiceEntity
+} from '../../types/kubernetesTypes.js'
+import {checkForErrors} from '../../utilities/kubectlUtils.js'
+import {inputAnnotations} from '../../inputUtils.js'
+import {DeployResult} from '../../types/deployResult.js'
+import {K8sObject} from '../../types/k8sObject.js'
 
 const TRAFFIC_SPLIT_OBJECT_NAME_SUFFIX = '-workflow-rollout'
 const TRAFFIC_SPLIT_OBJECT = 'TrafficSplit'
@@ -17,8 +22,9 @@ const TRAFFIC_SPLIT_OBJECT = 'TrafficSplit'
 export async function deploySMICanary(
    filePaths: string[],
    kubectl: Kubectl,
-   onlyDeployStable: boolean = false
+   onlyDeployStable: boolean = false,
-) {
+   timeout?: string
+): Promise<DeployResult> {
    const canaryReplicasInput = core.getInput('baseline-and-canary-replicas')
    let canaryReplicaCount
    let calculateReplicas = true
@@ -35,60 +41,68 @@ export async function deploySMICanary(
 
    const newObjectsList = []
    for await (const filePath of filePaths) {
-      const fileContents = fs.readFileSync(filePath).toString()
+      try {
-      const inputObjects = yaml.safeLoadAll(fileContents)
+         const fileContents = fs.readFileSync(filePath).toString()
-      for (const inputObject of inputObjects) {
+         const inputObjects: K8sObject[] = yaml.loadAll(
-         const name = inputObject.metadata.name
+            fileContents
-         const kind = inputObject.kind
+         ) as K8sObject[]
+         for (const inputObject of inputObjects) {
+            const name = inputObject.metadata.name
+            const kind = inputObject.kind
 
-         if (!onlyDeployStable && isDeploymentEntity(kind)) {
+            if (!onlyDeployStable && isDeploymentEntity(kind)) {
-            if (calculateReplicas) {
+               if (calculateReplicas) {
-               // calculate for each object
+                  // calculate for each object
-               const percentage = parseInt(
+                  const percentage = parseInt(
-                  core.getInput('percentage', {required: true})
+                     core.getInput('percentage', {required: true})
-               )
-               canaryReplicaCount =
-                  podCanaryHelper.calculateReplicaCountForCanary(
-                     inputObject,
-                     percentage
                   )
-               core.debug(`calculated replica count ${canaryReplicaCount}`)
+                  canaryReplicaCount =
-            }
+                     podCanaryHelper.calculateReplicaCountForCanary(
+                        inputObject,
+                        percentage
+                     )
+                  core.debug(`calculated replica count ${canaryReplicaCount}`)
+               }
 
-            core.debug('Creating canary object')
+               core.debug('Creating canary object')
-            const newCanaryObject = canaryDeploymentHelper.getNewCanaryResource(
+               const newCanaryObject =
-               inputObject,
+                  canaryDeploymentHelper.getNewCanaryResource(
-               canaryReplicaCount
+                     inputObject,
-            )
-            newObjectsList.push(newCanaryObject)
-
-            const stableObject = await canaryDeploymentHelper.fetchResource(
-               kubectl,
-               kind,
-               canaryDeploymentHelper.getStableResourceName(name)
-            )
-            if (stableObject) {
-               core.debug(
-                  `Stable object found for ${kind} ${name}. Creating baseline objects`
-               )
-               const newBaselineObject =
-                  canaryDeploymentHelper.getBaselineDeploymentFromStableDeployment(
-                     stableObject,
                      canaryReplicaCount
                   )
-               newObjectsList.push(newBaselineObject)
+               newObjectsList.push(newCanaryObject)
+
+               const stableObject = await canaryDeploymentHelper.fetchResource(
+                  kubectl,
+                  kind,
+                  canaryDeploymentHelper.getStableResourceName(name)
+               )
+               if (stableObject) {
+                  core.debug(
+                     `Stable object found for ${kind} ${name}. Creating baseline objects`
+                  )
+                  const newBaselineObject =
+                     canaryDeploymentHelper.getBaselineDeploymentFromStableDeployment(
+                        stableObject,
+                        canaryReplicaCount
+                     )
+                  newObjectsList.push(newBaselineObject)
+               }
+            } else if (isDeploymentEntity(kind)) {
+               core.debug(
+                  `creating stable deployment with ${inputObject.spec.replicas} replicas`
+               )
+               const stableDeployment =
+                  canaryDeploymentHelper.getStableResource(inputObject)
+               newObjectsList.push(stableDeployment)
+            } else {
+               // Update non deployment entity or stable deployment as it is
+               newObjectsList.push(inputObject)
             }
-         } else if (isDeploymentEntity(kind)) {
-            core.debug(
-               `creating stable deployment with ${inputObject.spec.replicas} replicas`
-            )
-            const stableDeployment =
-               canaryDeploymentHelper.getStableResource(inputObject)
-            newObjectsList.push(stableDeployment)
-         } else {
-            // Update non deployment entity or stable deployment as it is
-            newObjectsList.push(inputObject)
          }
+      } catch (error) {
+         core.error(`Failed to process file at ${filePath}: ${error.message}`)
+         throw error
       }
    }
    core.debug(
@@ -96,121 +110,158 @@ export async function deploySMICanary(
    )
    const newFilePaths = fileHelper.writeObjectsToFile(newObjectsList)
    const forceDeployment = core.getInput('force').toLowerCase() === 'true'
-   const result = await kubectl.apply(newFilePaths, forceDeployment)
+   const serverSideApply = core.getInput('server-side').toLowerCase() === 'true'
-   await createCanaryService(kubectl, filePaths)
+
-   return {result, newFilePaths}
+   const result = await kubectl.apply(
+      newFilePaths,
+      forceDeployment,
+      serverSideApply,
+      timeout
+   )
+   const svcDeploymentFiles = await createCanaryService(
+      kubectl,
+      filePaths,
+      timeout
+   )
+   checkForErrors([result])
+   newFilePaths.push(...svcDeploymentFiles)
+   return {execResult: result, manifestFiles: newFilePaths}
 }
 
-async function createCanaryService(kubectl: Kubectl, filePaths: string[]) {
+async function createCanaryService(
+   kubectl: Kubectl,
+   filePaths: string[],
+   timeout?: string
+): Promise<string[]> {
    const newObjectsList = []
    const trafficObjectsList: string[] = []
 
    for (const filePath of filePaths) {
-      const fileContents = fs.readFileSync(filePath).toString()
+      try {
-      const parsedYaml = yaml.safeLoadAll(fileContents)
+         const fileContents = fs.readFileSync(filePath).toString()
-      for (const inputObject of parsedYaml) {
+         const parsedYaml: K8sObject[] = yaml.loadAll(
-         const name = inputObject.metadata.name
+            fileContents
-         const kind = inputObject.kind
+         ) as K8sObject[]
 
-         if (isServiceEntity(kind)) {
+         for (const inputObject of parsedYaml) {
-            core.debug(`Creating services for ${kind} ${name}`)
+            const name = inputObject.metadata.name
-            const newCanaryServiceObject =
+            const kind = inputObject.kind
-               canaryDeploymentHelper.getNewCanaryResource(inputObject)
-            newObjectsList.push(newCanaryServiceObject)
 
-            const newBaselineServiceObject =
+            if (isServiceEntity(kind)) {
-               canaryDeploymentHelper.getNewBaselineResource(inputObject)
+               core.debug(`Creating services for ${kind} ${name}`)
-            newObjectsList.push(newBaselineServiceObject)
+               const newCanaryServiceObject =
+                  canaryDeploymentHelper.getNewCanaryResource(inputObject)
+               newObjectsList.push(newCanaryServiceObject)
 
-            const stableObject = await canaryDeploymentHelper.fetchResource(
+               const newBaselineServiceObject =
-               kubectl,
+                  canaryDeploymentHelper.getNewBaselineResource(inputObject)
-               kind,
+               newObjectsList.push(newBaselineServiceObject)
-               canaryDeploymentHelper.getStableResourceName(name)
-            )
-            if (!stableObject) {
-               const newStableServiceObject =
-                  canaryDeploymentHelper.getStableResource(inputObject)
-               newObjectsList.push(newStableServiceObject)
 
-               core.debug('Creating the traffic object for service: ' + name)
+               const stableObject = await canaryDeploymentHelper.fetchResource(
-               const trafficObject = await createTrafficSplitManifestFile(
                   kubectl,
-                  name,
+                  kind,
-                  0,
+                  canaryDeploymentHelper.getStableResourceName(name)
-                  0,
-                  1000
                )
+               if (!stableObject) {
+                  const newStableServiceObject =
+                     canaryDeploymentHelper.getStableResource(inputObject)
+                  newObjectsList.push(newStableServiceObject)
 
-               trafficObjectsList.push(trafficObject)
+                  core.debug('Creating the traffic object for service: ' + name)
-            } else {
+                  const trafficObject = await createTrafficSplitManifestFile(
-               let updateTrafficObject = true
+                     kubectl,
-               const trafficObject = await canaryDeploymentHelper.fetchResource(
+                     name,
-                  kubectl,
+                     0,
-                  TRAFFIC_SPLIT_OBJECT,
+                     0,
-                  getTrafficSplitResourceName(name)
+                     1000,
-               )
+                     timeout
-
-               if (trafficObject) {
-                  const trafficJObject = JSON.parse(
-                     JSON.stringify(trafficObject)
                   )
-                  if (trafficJObject?.spec?.backends) {
+
-                     trafficJObject.spec.backends.forEach((s) => {
+                  trafficObjectsList.push(trafficObject)
-                        if (
+               } else {
-                           s.service ===
+                  let updateTrafficObject = true
-                              canaryDeploymentHelper.getCanaryResourceName(
+                  const trafficObject =
-                                 name
+                     await canaryDeploymentHelper.fetchResource(
-                              ) &&
+                        kubectl,
-                           s.weight === '1000m'
+                        TRAFFIC_SPLIT_OBJECT,
-                        ) {
+                        getTrafficSplitResourceName(name)
-                           core.debug('Update traffic objcet not required')
+                     )
-                           updateTrafficObject = false
+
-                        }
+                  if (trafficObject) {
-                     })
+                     const trafficJObject = JSON.parse(
+                        JSON.stringify(trafficObject)
+                     )
+                     if (trafficJObject?.spec?.backends) {
+                        trafficJObject.spec.backends.forEach((s) => {
+                           if (
+                              s.service ===
+                                 canaryDeploymentHelper.getCanaryResourceName(
+                                    name
+                                 ) &&
+                              s.weight === '1000m'
+                           ) {
+                              core.debug('Update traffic objcet not required')
+                              updateTrafficObject = false
+                           }
+                        })
+                     }
                   }
-               }
 
-               if (updateTrafficObject) {
+                  if (updateTrafficObject) {
-                  core.debug(
+                     core.debug(
-                     'Stable service object present so updating the traffic object for service: ' +
+                        'Stable service object present so updating the traffic object for service: ' +
-                        name
+                           name
-                  )
+                     )
-                  trafficObjectsList.push(
+                     trafficObjectsList.push(
-                     await updateTrafficSplitObject(kubectl, name)
+                        await updateTrafficSplitObject(kubectl, name)
-                  )
+                     )
+                  }
                }
             }
          }
+      } catch (error) {
+         core.error(`Failed to process file at ${filePath}: ${error.message}`)
+         throw error
       }
    }
 
    const manifestFiles = fileHelper.writeObjectsToFile(newObjectsList)
    manifestFiles.push(...trafficObjectsList)
    const forceDeployment = core.getInput('force').toLowerCase() === 'true'
+   const serverSideApply = core.getInput('server-side').toLowerCase() === 'true'
 
-   const result = await kubectl.apply(manifestFiles, forceDeployment)
+   const result = await kubectl.apply(
+      manifestFiles,
+      forceDeployment,
+      serverSideApply,
+      timeout
+   )
    checkForErrors([result])
+   return manifestFiles
 }
 
 export async function redirectTrafficToCanaryDeployment(
    kubectl: Kubectl,
-   manifestFilePaths: string[]
+   manifestFilePaths: string[],
+   timeout?: string
 ) {
-   await adjustTraffic(kubectl, manifestFilePaths, 0, 1000)
+   await adjustTraffic(kubectl, manifestFilePaths, 0, 1000, timeout)
 }
 
 export async function redirectTrafficToStableDeployment(
    kubectl: Kubectl,
-   manifestFilePaths: string[]
+   manifestFilePaths: string[],
-) {
+   timeout?: string
-   await adjustTraffic(kubectl, manifestFilePaths, 1000, 0)
+): Promise<string[]> {
+   return await adjustTraffic(kubectl, manifestFilePaths, 1000, 0, timeout)
 }
 
 async function adjustTraffic(
    kubectl: Kubectl,
    manifestFilePaths: string[],
    stableWeight: number,
-   canaryWeight: number
+   canaryWeight: number,
+   timeout?: string
 ) {
    if (!manifestFilePaths || manifestFilePaths?.length == 0) {
       return
@@ -218,23 +269,32 @@ async function adjustTraffic(
 
    const trafficSplitManifests = []
    for (const filePath of manifestFilePaths) {
-      const fileContents = fs.readFileSync(filePath).toString()
+      try {
-      const parsedYaml = yaml.safeLoadAll(fileContents)
+         const fileContents = fs.readFileSync(filePath).toString()
-      for (const inputObject of parsedYaml) {
+         const parsedYaml: K8sObject[] = yaml.loadAll(
-         const name = inputObject.metadata.name
+            fileContents
-         const kind = inputObject.kind
+         ) as K8sObject[]
 
-         if (isServiceEntity(kind)) {
+         for (const inputObject of parsedYaml) {
-            trafficSplitManifests.push(
+            const name = inputObject.metadata.name
-               await createTrafficSplitManifestFile(
+            const kind = inputObject.kind
-                  kubectl,
+
-                  name,
+            if (isServiceEntity(kind)) {
-                  stableWeight,
+               trafficSplitManifests.push(
-                  0,
+                  await createTrafficSplitManifestFile(
-                  canaryWeight
+                     kubectl,
+                     name,
+                     stableWeight,
+                     0,
+                     canaryWeight,
+                     timeout
+                  )
                )
-            )
+            }
          }
+      } catch (error) {
+         core.error(`Failed to process file at ${filePath}: ${error.message}`)
+         throw error
       }
    }
 
@@ -243,8 +303,15 @@ async function adjustTraffic(
    }
 
    const forceDeployment = core.getInput('force').toLowerCase() === 'true'
-   const result = await kubectl.apply(trafficSplitManifests, forceDeployment)
+   const serverSideApply = core.getInput('server-side').toLowerCase() === 'true'
+   const result = await kubectl.apply(
+      trafficSplitManifests,
+      forceDeployment,
+      serverSideApply,
+      timeout
+   )
    checkForErrors([result])
+   return trafficSplitManifests
 }
 
 async function updateTrafficSplitObject(
@@ -281,14 +348,16 @@ async function createTrafficSplitManifestFile(
    serviceName: string,
    stableWeight: number,
    baselineWeight: number,
-   canaryWeight: number
+   canaryWeight: number,
+   timeout?: string
 ): Promise<string> {
    const smiObjectString = await getTrafficSplitObject(
       kubectl,
       serviceName,
       stableWeight,
       baselineWeight,
-      canaryWeight
+      canaryWeight,
+      timeout
    )
    const manifestFile = fileHelper.writeManifestToFile(
       smiObjectString,
@@ -310,13 +379,13 @@ async function getTrafficSplitObject(
    name: string,
    stableWeight: number,
    baselineWeight: number,
-   canaryWeight: number
+   canaryWeight: number,
+   timeout?: string
 ): Promise<string> {
    // cached version
    if (!trafficSplitAPIVersion) {
-      trafficSplitAPIVersion = await kubectlUtils.getTrafficSplitAPIVersion(
+      trafficSplitAPIVersion =
-         kubectl
+         await kubectlUtils.getTrafficSplitAPIVersion(kubectl)
-      )
    }
 
    return JSON.stringify({

src/strategyHelpers/deploymentHelper.ts

@@ -1,60 +1,58 @@
 import * as fs from 'fs'
 import * as yaml from 'js-yaml'
-import * as canaryDeploymentHelper from './canary/canaryHelper'
+import * as canaryDeploymentHelper from './canary/canaryHelper.js'
-import * as models from '../types/kubernetesTypes'
+import * as models from '../types/kubernetesTypes.js'
-import {isDeploymentEntity} from '../types/kubernetesTypes'
+import {isDeploymentEntity} from '../types/kubernetesTypes.js'
-import * as fileHelper from '../utilities/fileUtils'
+import * as fileHelper from '../utilities/fileUtils.js'
-import * as KubernetesManifestUtility from '../utilities/manifestStabilityUtils'
+import * as KubernetesManifestUtility from '../utilities/manifestStabilityUtils.js'
-import {Kubectl, Resource} from '../types/kubectl'
+import {Kubectl, Resource} from '../types/kubectl.js'
 
-import {deployPodCanary} from './canary/podCanaryHelper'
+import {deployPodCanary} from './canary/podCanaryHelper.js'
-import {deploySMICanary} from './canary/smiCanaryHelper'
+import {deploySMICanary} from './canary/smiCanaryHelper.js'
-import {DeploymentConfig} from '../types/deploymentConfig'
+import {DeploymentConfig} from '../types/deploymentConfig.js'
-import {
+import {deployBlueGreen} from './blueGreen/deploy.js'
-   deployBlueGreen,
+import {DeploymentStrategy} from '../types/deploymentStrategy.js'
-   deployBlueGreenIngress,
-   deployBlueGreenService
-} from './blueGreen/deploy'
-import {deployBlueGreenSMI} from './blueGreen/deploy'
-import {DeploymentStrategy} from '../types/deploymentStrategy'
 import * as core from '@actions/core'
 import {
    parseTrafficSplitMethod,
    TrafficSplitMethod
-} from '../types/trafficSplitMethod'
+} from '../types/trafficSplitMethod.js'
-import {parseRouteStrategy} from '../types/routeStrategy'
+import {parseRouteStrategy} from '../types/routeStrategy.js'
 import {ExecOutput} from '@actions/exec'
 import {
    getWorkflowAnnotationKeyLabel,
    getWorkflowAnnotations,
    cleanLabel
-} from '../utilities/workflowAnnotationUtils'
+} from '../utilities/workflowAnnotationUtils.js'
 import {
    annotateChildPods,
    checkForErrors,
    getLastSuccessfulRunSha
-} from '../utilities/kubectlUtils'
+} from '../utilities/kubectlUtils.js'
 import {
    getWorkflowFilePath,
    normalizeWorkflowStrLabel
-} from '../utilities/githubUtils'
+} from '../utilities/githubUtils.js'
-import {getDeploymentConfig} from '../utilities/dockerUtils'
+import {getDeploymentConfig} from '../utilities/dockerUtils.js'
+import {DeployResult} from '../types/deployResult.js'
+import {ClusterType} from '../inputUtils.js'
 
 export async function deployManifests(
    files: string[],
    deploymentStrategy: DeploymentStrategy,
    kubectl: Kubectl,
-   trafficSplitMethod: TrafficSplitMethod
+   trafficSplitMethod: TrafficSplitMethod,
+   timeout?: string
 ): Promise<string[]> {
    switch (deploymentStrategy) {
       case DeploymentStrategy.CANARY: {
-         const {result, newFilePaths} =
+         const canaryDeployResult: DeployResult =
             trafficSplitMethod == TrafficSplitMethod.SMI
-               ? await deploySMICanary(files, kubectl)
+               ? await deploySMICanary(files, kubectl, false, timeout)
-               : await deployPodCanary(files, kubectl)
+               : await deployPodCanary(files, kubectl, false, timeout)
 
-         checkForErrors([result])
+         checkForErrors([canaryDeployResult.execResult])
-         return newFilePaths
+         return canaryDeployResult.manifestFiles
       }
 
       case DeploymentStrategy.BLUE_GREEN: {
@@ -64,7 +62,8 @@ export async function deployManifests(
          const blueGreenDeployment = await deployBlueGreen(
             kubectl,
             files,
-            routeStrategy
+            routeStrategy,
+            timeout
          )
          core.debug(
             `objects deployed for ${routeStrategy}: ${JSON.stringify(
@@ -73,7 +72,12 @@ export async function deployManifests(
          )
 
          checkForErrors([blueGreenDeployment.deployResult.execResult])
-         return blueGreenDeployment.deployResult.manifestFiles
+         const deployedManifestFiles =
+            blueGreenDeployment.deployResult.manifestFiles
+         core.debug(
+            `from blue-green service, deployed manifest files are ${deployedManifestFiles}`
+         )
+         return deployedManifestFiles
       }
 
       case DeploymentStrategy.BASIC: {
@@ -82,16 +86,25 @@ export async function deployManifests(
          )
 
          const forceDeployment = core.getInput('force').toLowerCase() === 'true'
+         const serverSideApply =
+            core.getInput('server-side').toLowerCase() === 'true'
          if (trafficSplitMethod === TrafficSplitMethod.SMI) {
             const updatedManifests = appendStableVersionLabelToResource(files)
 
             const result = await kubectl.apply(
                updatedManifests,
-               forceDeployment
+               forceDeployment,
+               serverSideApply,
+               timeout
             )
             checkForErrors([result])
          } else {
-            const result = await kubectl.apply(files, forceDeployment)
+            const result = await kubectl.apply(
+               files,
+               forceDeployment,
+               serverSideApply,
+               timeout
+            )
             checkForErrors([result])
          }
 
@@ -109,19 +122,24 @@ function appendStableVersionLabelToResource(files: string[]): string[] {
    const newObjectsList = []
 
    files.forEach((filePath: string) => {
-      const fileContents = fs.readFileSync(filePath).toString()
+      try {
+         const fileContents = fs.readFileSync(filePath).toString()
 
-      yaml.safeLoadAll(fileContents, function (inputObject) {
+         yaml.loadAll(fileContents, function (inputObject) {
-         const {kind} = inputObject
+            const kind = (inputObject as {kind: string}).kind
 
-         if (isDeploymentEntity(kind)) {
+            if (isDeploymentEntity(kind)) {
-            const updatedObject =
+               const updatedObject =
-               canaryDeploymentHelper.markResourceAsStable(inputObject)
+                  canaryDeploymentHelper.markResourceAsStable(inputObject)
-            newObjectsList.push(updatedObject)
+               newObjectsList.push(updatedObject)
-         } else {
+            } else {
-            manifestFiles.push(filePath)
+               manifestFiles.push(filePath)
-         }
+            }
-      })
+         })
+      } catch (error) {
+         core.error(`Failed to parse file at ${filePath}: ${error.message}`)
+         throw error
+      }
    })
 
    const updatedManifestFiles = fileHelper.writeObjectsToFile(newObjectsList)
@@ -132,52 +150,89 @@ function appendStableVersionLabelToResource(files: string[]): string[] {
 
 export async function checkManifestStability(
    kubectl: Kubectl,
-   resources: Resource[]
+   resources: Resource[],
+   resourceType: ClusterType,
+   timeout?: string
 ): Promise<void> {
-   await KubernetesManifestUtility.checkManifestStability(kubectl, resources)
+   await KubernetesManifestUtility.checkManifestStability(
+      kubectl,
+      resources,
+      resourceType,
+      timeout
+   )
 }
 
 export async function annotateAndLabelResources(
    files: string[],
    kubectl: Kubectl,
-   resourceTypes: Resource[],
+   resourceTypes: Resource[]
-   allPods: any
 ) {
+   const defaultWorkflowFileName = 'k8s-deploy-failed-workflow-annotation'
    const githubToken = core.getInput('token')
-   const workflowFilePath = await getWorkflowFilePath(githubToken)
+   let workflowFilePath
+   try {
+      workflowFilePath = await getWorkflowFilePath(githubToken)
+   } catch (ex) {
+      core.warning(`Failed to extract workflow file name: ${ex}`)
+      workflowFilePath = defaultWorkflowFileName
+   }
 
    const deploymentConfig = await getDeploymentConfig()
    const annotationKeyLabel = getWorkflowAnnotationKeyLabel()
 
-   await annotateResources(
+   const shouldAnnotateResources = !(
-      files,
+      core.getInput('annotate-resources').toLowerCase() === 'false'
-      kubectl,
+   )
-      resourceTypes,
+
-      allPods,
+   if (shouldAnnotateResources) {
-      annotationKeyLabel,
+      await annotateResources(
-      workflowFilePath,
+         files,
-      deploymentConfig
+         kubectl,
+         resourceTypes,
+         annotationKeyLabel,
+         workflowFilePath,
+         deploymentConfig
+      ).catch((err) => core.warning(`Failed to annotate resources: ${err} `))
+   }
+
+   await labelResources(files, kubectl, annotationKeyLabel).catch((err) =>
+      core.warning(`Failed to label resources: ${err}`)
    )
-   await labelResources(files, kubectl, annotationKeyLabel)
 }
 
 async function annotateResources(
    files: string[],
    kubectl: Kubectl,
    resourceTypes: Resource[],
-   allPods: any,
    annotationKey: string,
    workflowFilePath: string,
    deploymentConfig: DeploymentConfig
 ) {
    const annotateResults: ExecOutput[] = []
-   const namespace = core.getInput('namespace') || 'default'
+   const namespace = core.getInput('namespace') || '' // Sets namespace to an empty string if not provided, allowing the manifest-defined namespace to take precedence instead of "default".
    const lastSuccessSha = await getLastSuccessfulRunSha(
       kubectl,
       namespace,
       annotationKey
    )
 
+   if (core.isDebug()) {
+      try {
+         core.debug(`files getting annotated are ${JSON.stringify(files)}`)
+         for (const filePath of files) {
+            core.debug('printing objects getting annotated...')
+            const fileContents = fs.readFileSync(filePath).toString()
+            const inputObjects = yaml.loadAll(fileContents)
+            for (const inputObject of inputObjects) {
+               core.debug(`object: ${JSON.stringify(inputObject)}`)
+            }
+         }
+      } catch (error) {
+         core.error(`Failed to load and parse files: ${error.message}`)
+         throw error
+      }
+   }
+
    const annotationKeyValStr = `${annotationKey}=${getWorkflowAnnotations(
       lastSuccessSha,
       workflowFilePath,
@@ -185,14 +240,33 @@ async function annotateResources(
    )}`
 
    const annotateNamespace = !(
+      namespace === '' ||
       core.getInput('annotate-namespace').toLowerCase() === 'false'
-   )
+   ) // If namespace is empty, we don't annotate it. If the input is false, we also don't annotate it.
+
    if (annotateNamespace) {
       annotateResults.push(
-         await kubectl.annotate('namespace', namespace, annotationKeyValStr)
+         await kubectl.annotate(
+            'namespace',
+            namespace,
+            annotationKeyValStr,
+            namespace
+         )
       )
    }
-   annotateResults.push(await kubectl.annotateFiles(files, annotationKeyValStr))
+
+   for (const file of files) {
+      try {
+         const annotateResult = await kubectl.annotateFiles(
+            file,
+            annotationKeyValStr,
+            namespace
+         )
+         annotateResults.push(annotateResult)
+      } catch (e) {
+         core.warning(`failed to annotate resource: ${e}`)
+      }
+   }
 
    for (const resource of resourceTypes) {
       if (
@@ -204,8 +278,8 @@ async function annotateResources(
                kubectl,
                resource.type,
                resource.name,
-               annotationKeyValStr,
+               resource.namespace,
-               allPods
+               annotationKeyValStr
             )
          ).forEach((execResult) => annotateResults.push(execResult))
       }
@@ -226,5 +300,14 @@ async function labelResources(
       `workflow=${cleanLabel(label)}`
    ]
 
-   checkForErrors([await kubectl.labelFiles(files, labels)], true)
+   const labelResults = []
+   for (const file of files) {
+      try {
+         const labelResult = await kubectl.labelFiles(file, labels)
+         labelResults.push(labelResult)
+      } catch (e) {
+         core.warning(`failed to annotate resource: ${e}`)
+      }
+   }
+   checkForErrors(labelResults, true)
 }

src/types/action.test.ts

@@ -1,4 +1,4 @@
-import {Action, parseAction} from './action'
+import {Action, parseAction} from './action.js'
 
 describe('Action type', () => {
    test('it has required values', () => {

src/types/blueGreenTypes.ts

@@ -1,5 +1,5 @@
-import {DeployResult} from './deployResult'
+import {DeployResult} from './deployResult.js'
-import {K8sObject, K8sDeleteObject} from './k8sObject'
+import {K8sObject, K8sDeleteObject} from './k8sObject.js'
 
 export interface BlueGreenDeployment {
    deployResult: DeployResult

src/types/deploymentStrategy.test.ts

@@ -1,4 +1,7 @@
-import {DeploymentStrategy, parseDeploymentStrategy} from './deploymentStrategy'
+import {
+   DeploymentStrategy,
+   parseDeploymentStrategy
+} from './deploymentStrategy.js'
 
 describe('Deployment strategy type', () => {
    test('it has required values', () => {

src/types/docker.test.ts

@@ -1,4 +1,7 @@
-import {DockerExec} from './docker'
+import {vi} from 'vitest'
+vi.mock('@actions/exec')
+
+import {DockerExec} from './docker.js'
 import * as actions from '@actions/exec'
 
 const dockerPath = 'dockerPath'
@@ -12,14 +15,14 @@ describe('Docker class', () => {
       const execReturn = {exitCode: 0, stdout: 'Output', stderr: ''}
 
       beforeEach(() => {
-         jest.spyOn(actions, 'getExecOutput').mockImplementation(async () => {
+         vi.spyOn(actions, 'getExecOutput').mockImplementation(async () => {
             return execReturn
          })
       })
 
       test('pulls an image', async () => {
          await docker.pull(image, args)
-         expect(actions.getExecOutput).toBeCalledWith(
+         expect(actions.getExecOutput).toHaveBeenCalledWith(
             dockerPath,
             ['pull', image, ...args],
             {silent: false}
@@ -28,7 +31,7 @@ describe('Docker class', () => {
 
       test('pulls an image silently', async () => {
          await docker.pull(image, args, true)
-         expect(actions.getExecOutput).toBeCalledWith(
+         expect(actions.getExecOutput).toHaveBeenCalledWith(
             dockerPath,
             ['pull', image, ...args],
             {silent: true}
@@ -38,7 +41,7 @@ describe('Docker class', () => {
       test('inspects a docker image', async () => {
          const result = await docker.inspect(image, args)
          expect(result).toBe(execReturn.stdout)
-         expect(actions.getExecOutput).toBeCalledWith(
+         expect(actions.getExecOutput).toHaveBeenCalledWith(
             dockerPath,
             ['inspect', image, ...args],
             {silent: false}
@@ -48,7 +51,7 @@ describe('Docker class', () => {
       test('inspects a docker image silently', async () => {
          const result = await docker.inspect(image, args, true)
          expect(result).toBe(execReturn.stdout)
-         expect(actions.getExecOutput).toBeCalledWith(
+         expect(actions.getExecOutput).toHaveBeenCalledWith(
             dockerPath,
             ['inspect', image, ...args],
             {silent: true}
@@ -60,7 +63,7 @@ describe('Docker class', () => {
       const execReturn = {exitCode: 3, stdout: '', stderr: ''}
 
       beforeEach(() => {
-         jest.spyOn(actions, 'getExecOutput').mockImplementation(async () => {
+         vi.spyOn(actions, 'getExecOutput').mockImplementation(async () => {
             return execReturn
          })
       })
@@ -80,7 +83,7 @@ describe('Docker class', () => {
       const execReturn = {exitCode: 0, stdout: '', stderr: 'Output'}
 
       beforeEach(() => {
-         jest.spyOn(actions, 'getExecOutput').mockImplementation(async () => {
+         vi.spyOn(actions, 'getExecOutput').mockImplementation(async () => {
             return execReturn
          })
       })

src/types/errorable.ts

@@ -0,0 +1,48 @@
+export interface Succeeded<T> {
+   readonly succeeded: true
+   readonly result: T
+}
+
+export interface Failed {
+   readonly succeeded: false
+   readonly error: string
+}
+
+export type Errorable<T> = Succeeded<T> | Failed
+
+export function succeeded<T>(e: Errorable<T>): e is Succeeded<T> {
+   return e.succeeded
+}
+
+export function failed<T>(e: Errorable<T>): e is Failed {
+   return !e.succeeded
+}
+
+export function map<T, U>(e: Errorable<T>, fn: (t: T) => U): Errorable<U> {
+   if (failed(e)) {
+      return {succeeded: false, error: e.error}
+   }
+   return {succeeded: true, result: fn(e.result)}
+}
+
+export function combine<T>(es: Errorable<T>[]): Errorable<T[]> {
+   const failures = es.filter(failed)
+   if (failures.length > 0) {
+      return {
+         succeeded: false,
+         error: failures.map((f) => f.error).join('\n')
+      }
+   }
+
+   return {
+      succeeded: true,
+      result: es.map((e) => (e as Succeeded<T>).result)
+   }
+}
+
+export function getErrorMessage(error: unknown) {
+   if (error instanceof Error) {
+      return error.message
+   }
+   return String(error)
+}

src/types/k8sObject.ts

@@ -2,6 +2,7 @@ export interface K8sObject {
    metadata: {
       name: string
       labels: Map<string, string>
+      namespace?: string
    }
    kind: string
    spec: any
@@ -16,6 +17,7 @@ export interface K8sServiceObject extends K8sObject {
 export interface K8sDeleteObject {
    name: string
    kind: string
+   namespace?: string
 }
 
 export interface K8sIngress extends K8sObject {

src/types/kubectl.test.ts

@@ -1,36 +1,41 @@
-import {getKubectlPath, Kubectl} from './kubectl'
+import {vi} from 'vitest'
+vi.mock('@actions/exec')
+vi.mock('@actions/io')
+vi.mock('@actions/core')
+vi.mock('@actions/tool-cache')
+
+import {getKubectlPath, Kubectl} from './kubectl.js'
 import * as exec from '@actions/exec'
 import * as io from '@actions/io'
 import * as core from '@actions/core'
 import * as toolCache from '@actions/tool-cache'
-import {config} from 'process'
 
 describe('Kubectl path', () => {
    const version = '1.1'
    const path = 'path'
 
    it('gets the kubectl path', async () => {
-      jest.spyOn(core, 'getInput').mockImplementationOnce(() => undefined)
+      vi.spyOn(core, 'getInput').mockImplementationOnce(() => '')
-      jest.spyOn(io, 'which').mockImplementationOnce(async () => path)
+      vi.spyOn(io, 'which').mockImplementationOnce(async () => path)
 
       expect(await getKubectlPath()).toBe(path)
    })
 
    it('gets the kubectl path with version', async () => {
-      jest.spyOn(core, 'getInput').mockImplementationOnce(() => version)
+      vi.spyOn(core, 'getInput').mockImplementationOnce(() => version)
-      jest.spyOn(toolCache, 'find').mockImplementationOnce(() => path)
+      vi.spyOn(toolCache, 'find').mockImplementationOnce(() => path)
 
       expect(await getKubectlPath()).toBe(path)
    })
 
    it('throws if kubectl not found', async () => {
       // without version
-      jest.spyOn(io, 'which').mockImplementationOnce(async () => undefined)
+      vi.spyOn(io, 'which').mockImplementationOnce(async () => '')
       await expect(() => getKubectlPath()).rejects.toThrow()
 
       // with verision
-      jest.spyOn(core, 'getInput').mockImplementationOnce(() => undefined)
+      vi.spyOn(core, 'getInput').mockImplementationOnce(() => '')
-      jest.spyOn(io, 'which').mockImplementationOnce(async () => undefined)
+      vi.spyOn(io, 'which').mockImplementationOnce(async () => '')
       await expect(() => getKubectlPath()).rejects.toThrow()
    })
 })
@@ -38,44 +43,25 @@ describe('Kubectl path', () => {
 const kubectlPath = 'kubectlPath'
 const testNamespace = 'testNamespace'
 const defaultNamespace = 'default'
+const otherNamespace = 'otherns'
+const TEST_TIMEOUT = '120s'
+
 describe('Kubectl class', () => {
-   describe('default namespace behavior', () => {
-      const kubectl = new Kubectl(kubectlPath, defaultNamespace)
-      const execReturn = {exitCode: 0, stdout: 'Output', stderr: ''}
-
-      beforeEach(() => {
-         jest.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
-            return execReturn
-         })
-      })
-
-      describe('omits default namespace from commands', () => {
-         it('executes a command without appending --namespace arg', async () => {
-            // no args
-            const command = 'command'
-            expect(await kubectl.executeCommand(command)).toBe(execReturn)
-            expect(exec.getExecOutput).toBeCalledWith(kubectlPath, [command], {
-               silent: false
-            })
-         })
-      })
-   })
-
    describe('with a success exec return in testNamespace', () => {
       const kubectl = new Kubectl(kubectlPath, testNamespace)
-      const execReturn = {exitCode: 0, stdout: 'Output', stderr: ''}
+      const mockExecReturn = {exitCode: 0, stdout: 'Output', stderr: ''}
 
       beforeEach(() => {
-         jest.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
+         vi.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
-            return execReturn
+            return mockExecReturn
          })
       })
 
       it('applies a configuration with a single config path', async () => {
          const configPaths = 'configPaths'
          const result = await kubectl.apply(configPaths)
-         expect(result).toBe(execReturn)
+         expect(result).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             ['apply', '-f', configPaths, '--namespace', testNamespace],
             {silent: false}
@@ -85,8 +71,8 @@ describe('Kubectl class', () => {
       it('applies a configuration with multiple config paths', async () => {
          const configPaths = ['configPath1', 'configPath2', 'configPath3']
          const result = await kubectl.apply(configPaths)
-         expect(result).toBe(execReturn)
+         expect(result).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [
                'apply',
@@ -102,8 +88,8 @@ describe('Kubectl class', () => {
       it('applies a configuration with force when specified', async () => {
          const configPaths = ['configPath1', 'configPath2', 'configPath3']
          const result = await kubectl.apply(configPaths, true)
-         expect(result).toBe(execReturn)
+         expect(result).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [
                'apply',
@@ -117,12 +103,120 @@ describe('Kubectl class', () => {
          )
       })
 
+      it('applies a configuration with server-side when specified', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(configPaths, false, true)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               '--server-side',
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('applies a configuration with both force and server-side when specified', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(configPaths, true, true)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               '--force',
+               '--server-side',
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('applies a configuration with timeout when specified', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(
+            configPaths,
+            false,
+            false,
+            TEST_TIMEOUT
+         )
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               `--timeout=${TEST_TIMEOUT}`,
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('applies a configuration with force and timeout when specified', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(
+            configPaths,
+            true,
+            false,
+            TEST_TIMEOUT
+         )
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               '--force',
+               `--timeout=${TEST_TIMEOUT}`,
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('applies a configuration with server-side and timeout when specified', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(
+            configPaths,
+            false,
+            true,
+            TEST_TIMEOUT
+         )
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               '--server-side',
+               `--timeout=${TEST_TIMEOUT}`,
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
       it('describes a resource', async () => {
          const resourceType = 'type'
          const resourceName = 'name'
          const result = await kubectl.describe(resourceType, resourceName)
-         expect(result).toBe(execReturn)
+         expect(result).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [
                'describe',
@@ -133,14 +227,34 @@ describe('Kubectl class', () => {
             ],
             {silent: false}
          )
+
+         // overrided ns
+         const silent = false
+         await kubectl.describe(
+            resourceType,
+            resourceName,
+            silent,
+            otherNamespace
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'describe',
+               resourceType,
+               resourceName,
+               '--namespace',
+               otherNamespace
+            ],
+            {silent}
+         )
       })
 
       it('describes a resource silently', async () => {
          const resourceType = 'type'
          const resourceName = 'name'
          const result = await kubectl.describe(resourceType, resourceName, true)
-         expect(result).toBe(execReturn)
+         expect(result).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [
                'describe',
@@ -151,6 +265,26 @@ describe('Kubectl class', () => {
             ],
             {silent: true}
          )
+
+         // overrided ns
+         const silent = false
+         await kubectl.describe(
+            resourceType,
+            resourceName,
+            silent,
+            otherNamespace
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'describe',
+               resourceType,
+               resourceName,
+               '--namespace',
+               otherNamespace
+            ],
+            {silent}
+         )
       })
 
       it('annotates resource', async () => {
@@ -162,8 +296,8 @@ describe('Kubectl class', () => {
             resourceName,
             annotation
          )
-         expect(result).toBe(execReturn)
+         expect(result).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [
                'annotate',
@@ -176,14 +310,35 @@ describe('Kubectl class', () => {
             ],
             {silent: false}
          )
+
+         // override ns
+         await kubectl.annotate(
+            resourceType,
+            resourceName,
+            annotation,
+            otherNamespace
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'annotate',
+               resourceType,
+               resourceName,
+               annotation,
+               '--overwrite',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
       })
 
       it('annotates files with single file', async () => {
          const file = 'file'
          const annotation = 'annotation'
          const result = await kubectl.annotateFiles(file, annotation)
-         expect(result).toBe(execReturn)
+         expect(result).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [
                'annotate',
@@ -196,14 +351,30 @@ describe('Kubectl class', () => {
             ],
             {silent: false}
          )
+
+         // override ns
+         await kubectl.annotateFiles(file, annotation, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'annotate',
+               '-f',
+               file,
+               annotation,
+               '--overwrite',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
       })
 
       it('annotates files with mulitple files', async () => {
          const files = ['file1', 'file2', 'file3']
          const annotation = 'annotation'
          const result = await kubectl.annotateFiles(files, annotation)
-         expect(result).toBe(execReturn)
+         expect(result).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [
                'annotate',
@@ -216,14 +387,30 @@ describe('Kubectl class', () => {
             ],
             {silent: false}
          )
+
+         // override ns
+         await kubectl.annotateFiles(files, annotation, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'annotate',
+               '-f',
+               files.join(','),
+               annotation,
+               '--overwrite',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
       })
 
       it('labels files with single file', async () => {
          const file = 'file'
          const labels = ['label1', 'label2']
          const result = await kubectl.labelFiles(file, labels)
-         expect(result).toBe(execReturn)
+         expect(result).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [
                'label',
@@ -236,14 +423,29 @@ describe('Kubectl class', () => {
             ],
             {silent: false}
          )
+
+         await kubectl.labelFiles(file, labels, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'label',
+               '-f',
+               file,
+               ...labels,
+               '--overwrite',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
       })
 
       it('labels files with multiple files', async () => {
          const files = ['file1', 'file2', 'file3']
          const labels = ['label1', 'label2']
          const result = await kubectl.labelFiles(files, labels)
-         expect(result).toBe(execReturn)
+         expect(result).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [
                'label',
@@ -256,11 +458,26 @@ describe('Kubectl class', () => {
             ],
             {silent: false}
          )
+
+         await kubectl.labelFiles(files, labels, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'label',
+               '-f',
+               files.join(','),
+               ...labels,
+               '--overwrite',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
       })
 
       it('gets all pods', async () => {
-         expect(await kubectl.getAllPods()).toBe(execReturn)
+         expect(await kubectl.getAllPods()).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             ['get', 'pods', '-o', 'json', '--namespace', testNamespace],
             {silent: true}
@@ -271,9 +488,9 @@ describe('Kubectl class', () => {
          const resourceType = 'type'
          const name = 'name'
          expect(await kubectl.checkRolloutStatus(resourceType, name)).toBe(
-            execReturn
+            mockExecReturn
          )
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [
                'rollout',
@@ -284,13 +501,49 @@ describe('Kubectl class', () => {
             ],
             {silent: false}
          )
+
+         // override ns
+         await kubectl.checkRolloutStatus(resourceType, name, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'rollout',
+               'status',
+               `${resourceType}/${name}`,
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
+
+         // with timeout
+         await kubectl.checkRolloutStatus(
+            resourceType,
+            name,
+            testNamespace,
+            '5m'
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'rollout',
+               'status',
+               `${resourceType}/${name}`,
+               '--namespace',
+               testNamespace,
+               '--timeout=5m'
+            ],
+            {silent: false}
+         )
       })
 
       it('gets resource', async () => {
          const resourceType = 'type'
          const name = 'name'
-         expect(await kubectl.getResource(resourceType, name)).toBe(execReturn)
+         expect(await kubectl.getResource(resourceType, name)).toBe(
-         expect(exec.getExecOutput).toBeCalledWith(
+            mockExecReturn
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [
                'get',
@@ -302,13 +555,29 @@ describe('Kubectl class', () => {
             ],
             {silent: false}
          )
+
+         // override ns
+         const silent = true
+         await kubectl.getResource(resourceType, name, silent, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'get',
+               `${resourceType}/${name}`,
+               '-o',
+               'json',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent}
+         )
       })
 
       it('executes a command', async () => {
          // no args
          const command = 'command'
-         expect(await kubectl.executeCommand(command)).toBe(execReturn)
+         expect(await kubectl.executeCommand(command)).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [command, '--namespace', testNamespace],
             {silent: false}
@@ -316,8 +585,10 @@ describe('Kubectl class', () => {
 
          // with args
          const args = 'args'
-         expect(await kubectl.executeCommand(command, args)).toBe(execReturn)
+         expect(await kubectl.executeCommand(command, args)).toBe(
-         expect(exec.getExecOutput).toBeCalledWith(
+            mockExecReturn
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             [command, args, '--namespace', testNamespace],
             {silent: false}
@@ -326,22 +597,38 @@ describe('Kubectl class', () => {
 
       it('deletes with single argument', async () => {
          const arg = 'argument'
-         expect(await kubectl.delete(arg)).toBe(execReturn)
+         expect(await kubectl.delete(arg)).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             ['delete', arg, '--namespace', testNamespace],
             {silent: false}
          )
+
+         // override ns
+         await kubectl.delete(arg, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            ['delete', arg, '--namespace', otherNamespace],
+            {silent: false}
+         )
       })
 
       it('deletes with multiple arguments', async () => {
          const args = ['argument1', 'argument2', 'argument3']
-         expect(await kubectl.delete(args)).toBe(execReturn)
+         expect(await kubectl.delete(args)).toBe(mockExecReturn)
-         expect(exec.getExecOutput).toBeCalledWith(
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
             kubectlPath,
             ['delete', ...args, '--namespace', testNamespace],
             {silent: false}
          )
+
+         // override ns
+         await kubectl.delete(args, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            ['delete', ...args, '--namespace', otherNamespace],
+            {silent: false}
+         )
       })
    })
 
@@ -356,7 +643,7 @@ describe('Kubectl class', () => {
          stderr: ''
       }
 
-      jest.spyOn(exec, 'getExecOutput').mockImplementationOnce(async () => {
+      vi.spyOn(exec, 'getExecOutput').mockImplementationOnce(async () => {
          return describeReturn
       })
 
@@ -364,4 +651,78 @@ describe('Kubectl class', () => {
       const result = await kubectl.getNewReplicaSet(deployment)
       expect(result).toBe(name)
    })
+
+   it('executes with constructor flags', async () => {
+      const skipTls = true
+      const kubectl = new Kubectl(kubectlPath, testNamespace, skipTls)
+
+      vi.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
+         return {exitCode: 0, stderr: '', stdout: ''}
+      })
+
+      const command = 'command'
+      kubectl.executeCommand(command)
+      expect(exec.getExecOutput).toHaveBeenCalledWith(
+         kubectlPath,
+         [command, '--insecure-skip-tls-verify', '--namespace', testNamespace],
+         {silent: false}
+      )
+
+      const kubectlNoFlags = new Kubectl(kubectlPath)
+      kubectlNoFlags.executeCommand(command)
+      expect(exec.getExecOutput).toHaveBeenCalledWith(kubectlPath, [command], {
+         silent: false
+      })
+   })
+})
+
+describe('Kubectl namespace handling', () => {
+   const kubectlPath = 'kubectlPath'
+   const testNamespace = 'testNamespace'
+   const configPaths = 'configPaths'
+   const execReturn = {exitCode: 0, stdout: 'Output', stderr: ''}
+
+   beforeEach(() => {
+      vi.spyOn(exec, 'getExecOutput').mockResolvedValue(execReturn)
+   })
+
+   const runApply = async (namespace?: string) => {
+      const kubectl = new Kubectl(kubectlPath, namespace)
+      return kubectl.apply(configPaths)
+   }
+
+   it.each([
+      {
+         namespace: undefined,
+         expectedArgs: ['apply', '-f', configPaths],
+         description: 'namespace omitted'
+      },
+      {
+         namespace: '',
+         expectedArgs: ['apply', '-f', configPaths],
+         description: 'namespace is an empty string (default namespace)'
+      },
+      {
+         namespace: testNamespace,
+         expectedArgs: [
+            'apply',
+            '-f',
+            configPaths,
+            '--namespace',
+            testNamespace
+         ],
+         description: 'namespace provided'
+      }
+   ])(
+      'handles namespace when $description',
+      async ({namespace, expectedArgs}) => {
+         const result = await runApply(namespace)
+         expect(result).toBe(execReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            expectedArgs,
+            {silent: false}
+         )
+      }
+   )
 })

src/types/kubectl.ts

@@ -1,13 +1,13 @@
 import {ExecOutput, getExecOutput} from '@actions/exec'
-import {createInlineArray} from '../utilities/arrayUtils'
+import {createInlineArray} from '../utilities/arrayUtils.js'
 import * as core from '@actions/core'
 import * as toolCache from '@actions/tool-cache'
 import * as io from '@actions/io'
-import {exec} from 'child_process'
 
 export interface Resource {
    name: string
    type: string
+   namespace?: string
 }
 
 export class Kubectl {
@@ -20,7 +20,7 @@ export class Kubectl {
 
    constructor(
       kubectlPath: string,
-      namespace: string = 'default',
+      namespace: string = '',
       ignoreSSLErrors: boolean = false,
       resourceGroup: string = '',
       name: string = ''
@@ -34,7 +34,9 @@ export class Kubectl {
 
    public async apply(
       configurationPaths: string | string[],
-      force: boolean = false
+      force: boolean = false,
+      serverSide: boolean = false,
+      timeout?: string
    ): Promise<ExecOutput> {
       try {
          if (!configurationPaths || configurationPaths?.length === 0)
@@ -46,37 +48,56 @@ export class Kubectl {
             createInlineArray(configurationPaths)
          ]
          if (force) applyArgs.push('--force')
+         if (serverSide) applyArgs.push('--server-side')
+         if (timeout) applyArgs.push(`--timeout=${timeout}`)
 
-         return await this.execute(applyArgs)
+         return await this.execute(applyArgs.concat(this.getFlags()))
       } catch (err) {
          core.debug('Kubectl apply failed:' + err)
+         throw err
       }
    }
 
    public async describe(
       resourceType: string,
       resourceName: string,
-      silent: boolean = false
+      silent: boolean = false,
+      namespace?: string
    ): Promise<ExecOutput> {
       return await this.execute(
-         ['describe', resourceType, resourceName],
+         ['describe', resourceType, resourceName].concat(
+            this.getFlags(namespace)
+         ),
          silent
       )
    }
 
-   public async getNewReplicaSet(deployment: string) {
+   public async getNewReplicaSet(deployment: string, namespace?: string) {
-      const result = await this.describe('deployment', deployment, true)
+      const result = await this.describe(
+         'deployment',
+         deployment,
+         true,
+         namespace
+      )
 
       let newReplicaSet = ''
       if (result?.stdout) {
          const stdout = result.stdout.split('\n')
+         core.debug('stdout from getNewReplicaSet is ' + JSON.stringify(stdout))
          stdout.forEach((line: string) => {
             const newreplicaset = 'newreplicaset'
-            if (line && line.toLowerCase().indexOf(newreplicaset) > -1)
+            if (line && line.toLowerCase().indexOf(newreplicaset) > -1) {
+               core.debug(
+                  `found string of interest for replicaset, line is ${line}`
+               )
+               core.debug(
+                  `substring is ${line.substring(newreplicaset.length).trim()}`
+               )
                newReplicaSet = line
                   .substring(newreplicaset.length)
                   .trim()
                   .split(' ')[0]
+            }
          })
       }
 
@@ -86,7 +107,8 @@ export class Kubectl {
    public async annotate(
       resourceType: string,
       resourceName: string,
-      annotation: string
+      annotation: string,
+      namespace?: string
    ): Promise<ExecOutput> {
       const args = [
          'annotate',
@@ -94,27 +116,31 @@ export class Kubectl {
          resourceName,
          annotation,
          '--overwrite'
-      ]
+      ].concat(this.getFlags(namespace))
       return await this.execute(args)
    }
 
    public async annotateFiles(
       files: string | string[],
-      annotation: string
+      annotation: string,
+      namespace?: string
    ): Promise<ExecOutput> {
+      const filesToAnnotate = createInlineArray(files)
+      core.debug(`annotating ${filesToAnnotate} with annotation ${annotation}`)
       const args = [
          'annotate',
          '-f',
-         createInlineArray(files),
+         filesToAnnotate,
          annotation,
          '--overwrite'
-      ]
+      ].concat(this.getFlags(namespace))
       return await this.execute(args)
    }
 
    public async labelFiles(
       files: string | string[],
-      labels: string[]
+      labels: string[],
+      namespace?: string
    ): Promise<ExecOutput> {
       const args = [
          'label',
@@ -122,62 +148,113 @@ export class Kubectl {
          createInlineArray(files),
          ...labels,
          '--overwrite'
-      ]
+      ].concat(this.getFlags(namespace))
       return await this.execute(args)
    }
 
    public async getAllPods(): Promise<ExecOutput> {
-      return await this.execute(['get', 'pods', '-o', 'json'], true)
+      return await this.execute(
+         ['get', 'pods', '-o', 'json'].concat(this.getFlags()),
+         true
+      )
    }
 
    public async checkRolloutStatus(
       resourceType: string,
-      name: string
+      name: string,
+      namespace?: string,
+      timeout?: string
    ): Promise<ExecOutput> {
-      return await this.execute([
+      const command = ['rollout', 'status', `${resourceType}/${name}`].concat(
-         'rollout',
+         this.getFlags(namespace)
-         'status',
+      )
-         `${resourceType}/${name}`
+      if (timeout) {
-      ])
+         command.push(`--timeout=${timeout}`)
+      }
+      return await this.execute(command)
    }
 
    public async getResource(
       resourceType: string,
       name: string,
-      silentFailure: boolean = false
+      silentFailure: boolean = false,
+      namespace?: string
    ): Promise<ExecOutput> {
       core.debug(
          'fetching resource of type ' + resourceType + ' and name ' + name
       )
       return await this.execute(
-         ['get', `${resourceType}/${name}`, '-o', 'json'],
+         ['get', `${resourceType}/${name}`, '-o', 'json'].concat(
+            this.getFlags(namespace)
+         ),
          silentFailure
       )
    }
 
-   public executeCommand(command: string, args?: string) {
+   public executeCommand(command: string, args?: string, timeout?: string) {
       if (!command) throw new Error('Command must be defined')
-      return args ? this.execute([command, args]) : this.execute([command])
+      const a = args ? [args] : []
+      return this.execute(
+         [command, ...a.concat(this.getFlags())],
+         false,
+         timeout
+      )
    }
 
-   public delete(args: string | string[]) {
+   public delete(
-      if (typeof args === 'string') return this.execute(['delete', args])
+      args: string | string[],
-      return this.execute(['delete', ...args])
+      namespace?: string,
+      timeout?: string
+   ) {
+      if (typeof args === 'string')
+         return this.execute(
+            ['delete', args].concat(this.getFlags(namespace)),
+            false,
+            timeout
+         )
+      return this.execute(
+         ['delete', ...args.concat(this.getFlags(namespace))],
+         false,
+         timeout
+      )
    }
 
-   protected async execute(args: string[], silent: boolean = false) {
+   protected async execute(
-      if (this.ignoreSSLErrors) {
+      args: string[],
-         args.push('--insecure-skip-tls-verify')
+      silent: boolean = false,
+      timeout?: string
+   ) {
+      if (timeout) {
+         args.push(`--timeout=${timeout}`)
       }
-      if (this.namespace && this.namespace != 'default') {
+
-         args = args.concat(['--namespace', this.namespace])
+      // core.debug(`Kubectl run with command: ${this.kubectlPath} ${args}`)
-      }
+      core.debug(
-      core.debug(`Kubectl run with command: ${this.kubectlPath} ${args}`)
+         `Kubectl run with command: ${this.kubectlPath} ${args.join(' ')}`
+      )
 
       return await getExecOutput(this.kubectlPath, args, {
          silent
       })
    }
+
+   public getNamespace(namespaceOverride?: string): string {
+      return namespaceOverride || this.namespace
+   }
+
+   protected getFlags(namespaceOverride?: string): string[] {
+      const flags = []
+      if (this.ignoreSSLErrors) {
+         flags.push('--insecure-skip-tls-verify')
+      }
+
+      const ns = this.getNamespace(namespaceOverride)
+      if (ns) {
+         flags.push('--namespace', ns)
+      }
+
+      return flags
+   }
 }
 
 export async function getKubectlPath() {

src/types/kubernetesTypes.test.ts

@@ -10,7 +10,7 @@ import {
    ServiceTypes,
    WORKLOAD_TYPES,
    WORKLOAD_TYPES_WITH_ROLLOUT_STATUS
-} from './kubernetesTypes'
+} from './kubernetesTypes.js'
 
 describe('Kubernetes types', () => {
    it('contains kubernetes workloads', () => {
@@ -21,6 +21,7 @@ describe('Kubernetes types', () => {
       expect(KubernetesWorkload.DAEMON_SET).toBe('DaemonSet')
       expect(KubernetesWorkload.JOB).toBe('job')
       expect(KubernetesWorkload.CRON_JOB).toBe('cronjob')
+      expect(KubernetesWorkload.SCALED_JOB).toBe('scaledjob')
    })
 
    it('contains discovery and load balancer resources', () => {
@@ -53,7 +54,8 @@ describe('Kubernetes types', () => {
          'pod',
          'statefulset',
          'job',
-         'cronjob'
+         'cronjob',
+         'scaledjob'
       ]
       expect(expected.every((val) => WORKLOAD_TYPES.includes(val))).toBe(true)
    })

src/types/kubernetesTypes.ts

@@ -6,6 +6,7 @@ export class KubernetesWorkload {
    public static DAEMON_SET: string = 'DaemonSet'
    public static JOB: string = 'job'
    public static CRON_JOB: string = 'cronjob'
+   public static SCALED_JOB: string = 'scaledjob'
 }
 
 export class DiscoveryAndLoadBalancerResource {
@@ -34,7 +35,8 @@ export const WORKLOAD_TYPES: string[] = [
    'pod',
    'statefulset',
    'job',
-   'cronjob'
+   'cronjob',
+   'scaledjob'
 ]
 
 export const WORKLOAD_TYPES_WITH_ROLLOUT_STATUS: string[] = [

src/types/privatekubectl.test.ts

@@ -0,0 +1,64 @@
+import {vi} from 'vitest'
+vi.mock('@actions/exec')
+
+import * as fileUtils from '../utilities/fileUtils.js'
+import fs from 'node:fs'
+import {
+   PrivateKubectl,
+   extractFileNames,
+   replaceFileNamesWithShallowNamesRelativeToTemp
+} from './privatekubectl.js'
+import * as exec from '@actions/exec'
+
+describe('Private kubectl', () => {
+   const testString = `kubectl annotate -f /tmp/testdir/test.yml,/tmp/test2.yml,/tmp/testdir/subdir/test3.yml -f /tmp/test4.yml --filename /tmp/test5.yml actions.github.com/k8s-deploy={"run":"3498366832","repository":"jaiveerk/k8s-deploy","workflow":"Minikube Integration Tests - private cluster","workflowFileName":"run-integration-tests-private.yml","jobName":"run-integration-test","createdBy":"jaiveerk","runUri":"https://github.com/jaiveerk/k8s-deploy/actions/runs/3498366832","commit":"c63b323186ea1320a31290de6dcc094c06385e75","lastSuccessRunCommit":"NA","branch":"refs/heads/main","deployTimestamp":1668787848577,"dockerfilePaths":{"nginx:1.14.2":""},"manifestsPaths":["https://github.com/jaiveerk/k8s-deploy/blob/c63b323186ea1320a31290de6dcc094c06385e75/test/integration/test.yml"],"helmChartPaths":[],"provider":"GitHub"} --overwrite --namespace test-3498366832`
+   const mockKube = new PrivateKubectl(
+      'kubectlPath',
+      'namespace',
+      true,
+      'resourceGroup',
+      'resourceName'
+   )
+
+   const spy = vi
+      .spyOn(fileUtils, 'getTempDirectory')
+      .mockImplementation(() => {
+         return '/tmp'
+      })
+
+   vi.spyOn(fs, 'writeFileSync').mockImplementation(() => {})
+   vi.spyOn(fs, 'readFileSync').mockImplementation((filename) => {
+      return 'test contents'
+   })
+
+   it('should extract filenames correctly', () => {
+      expect(extractFileNames(testString)).toEqual([
+         '/tmp/testdir/test.yml',
+         '/tmp/test2.yml',
+         '/tmp/testdir/subdir/test3.yml',
+         '/tmp/test4.yml',
+         '/tmp/test5.yml'
+      ])
+   })
+
+   it('should replace filenames with shallow names for relative locations in tmp correctly', () => {
+      expect(
+         replaceFileNamesWithShallowNamesRelativeToTemp(testString)
+      ).toEqual(
+         `kubectl annotate -f testdir-test.yml,test2.yml,testdir-subdir-test3.yml -f test4.yml --filename test5.yml actions.github.com/k8s-deploy={"run":"3498366832","repository":"jaiveerk/k8s-deploy","workflow":"Minikube Integration Tests - private cluster","workflowFileName":"run-integration-tests-private.yml","jobName":"run-integration-test","createdBy":"jaiveerk","runUri":"https://github.com/jaiveerk/k8s-deploy/actions/runs/3498366832","commit":"c63b323186ea1320a31290de6dcc094c06385e75","lastSuccessRunCommit":"NA","branch":"refs/heads/main","deployTimestamp":1668787848577,"dockerfilePaths":{"nginx:1.14.2":""},"manifestsPaths":["https://github.com/jaiveerk/k8s-deploy/blob/c63b323186ea1320a31290de6dcc094c06385e75/test/integration/test.yml"],"helmChartPaths":[],"provider":"GitHub"} --overwrite --namespace test-3498366832`
+      )
+   })
+
+   test('Should throw well defined Error on error from Azure', async () => {
+      const errorMsg = 'An error message'
+      vi.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
+         return {exitCode: 1, stdout: '', stderr: errorMsg}
+      })
+
+      await expect(mockKube.executeCommand('az', 'test')).rejects.toThrow(
+         Error(
+            `Call to private cluster failed. Command: 'kubectl az test --insecure-skip-tls-verify --namespace namespace', errormessage: ${errorMsg}`
+         )
+      )
+   })
+})

src/types/privatekubectl.ts

@@ -1,23 +1,34 @@
-import {Kubectl} from './kubectl'
+import {Kubectl} from './kubectl.js'
+import minimist from 'minimist'
 import {ExecOptions, ExecOutput, getExecOutput} from '@actions/exec'
 import * as core from '@actions/core'
-import * as os from 'os'
+import fs from 'node:fs'
-import * as fs from 'fs'
 import * as path from 'path'
+import {getTempDirectory} from '../utilities/fileUtils.js'
 
 export class PrivateKubectl extends Kubectl {
    protected async execute(args: string[], silent: boolean = false) {
       args.unshift('kubectl')
       let kubectlCmd = args.join(' ')
       let addFileFlag = false
-      let eo = <ExecOptions>{silent}
+      let eo = <ExecOptions>{
+         silent: true,
+         failOnStdErr: false,
+         ignoreReturnCode: true
+      }
 
       if (this.containsFilenames(kubectlCmd)) {
-         // For private clusters, files will referenced solely by their basename
+         kubectlCmd = replaceFileNamesWithShallowNamesRelativeToTemp(kubectlCmd)
-         kubectlCmd = this.replaceFilnamesWithBasenames(kubectlCmd)
          addFileFlag = true
       }
 
+      if (this.resourceGroup === '') {
+         throw Error('Resource group must be specified for private cluster')
+      }
+      if (this.name === '') {
+         throw Error('Cluster name must be specified for private cluster')
+      }
+
       const privateClusterArgs = [
          'aks',
          'command',
@@ -27,109 +38,132 @@ export class PrivateKubectl extends Kubectl {
          '--name',
          this.name,
          '--command',
-         kubectlCmd
+         `${kubectlCmd}`
       ]
 
       if (addFileFlag) {
-         const filenames = this.extractFilesnames(kubectlCmd).split(' ')
+         const tempDirectory = getTempDirectory()
-
+         eo.cwd = path.join(tempDirectory, 'manifests')
-         const tempDirectory =
-            process.env['runner.tempDirectory'] || os.tmpdir() + '/manifests'
-         eo.cwd = tempDirectory
          privateClusterArgs.push(...['--file', '.'])
-
-         let filenamesArr = filenames[0].split(',')
-         for (let index = 0; index < filenamesArr.length; index++) {
-            const file = filenamesArr[index]
-
-            if (!file) {
-               continue
-            }
-            this.moveFileToTempManifestDir(file)
-         }
       }
 
       core.debug(
          `private cluster Kubectl run with invoke command: ${kubectlCmd}`
       )
-      return await getExecOutput('az', privateClusterArgs, eo)
-   }
 
-   private replaceFilnamesWithBasenames(kubectlCmd: string) {
+      const allArgs = [...privateClusterArgs, '-o', 'json']
-      let exFilenames = this.extractFilesnames(kubectlCmd)
+      core.debug(`full form of az command: az ${allArgs.join(' ')}`)
-      let filenames = exFilenames.split(' ')
+      const runOutput = await getExecOutput('az', allArgs, eo)
-      let filenamesArr = filenames[0].split(',')
+      core.debug(
+         `from kubectl private cluster command got run output ${JSON.stringify(
+            runOutput
+         )}`
+      )
 
-      for (let index = 0; index < filenamesArr.length; index++) {
+      if (runOutput.exitCode !== 0) {
-         filenamesArr[index] = path.basename(filenamesArr[index])
+         throw Error(
+            `Call to private cluster failed. Command: '${kubectlCmd}', errormessage: ${runOutput.stderr}`
+         )
       }
 
-      let baseFilenames = filenamesArr.join()
+      const runObj: {logs: string; exitCode: number} = JSON.parse(
-
+         runOutput.stdout
-      let result = kubectlCmd.replace(exFilenames, baseFilenames)
+      )
-      return result
+      if (!silent) core.info(runObj.logs)
-   }
+      if (runObj.exitCode !== 0) {
-
+         throw Error(`failed private cluster Kubectl command: ${kubectlCmd}`)
-   public extractFilesnames(strToParse: string) {
-      let start = strToParse.indexOf('-filename')
-      let offset = 7
-
-      if (start == -1) {
-         start = strToParse.indexOf('-f')
-
-         if (start == -1) {
-            return ''
-         }
-         offset = 0
       }
 
-      let temp = strToParse.substring(start + offset)
+      return {
-      let end = temp.indexOf(' -')
+         exitCode: runObj.exitCode,
-
+         stdout: runObj.logs,
-      //End could be case where the -f flag was last, or -f is followed by some additonal flag and it's arguments
+         stderr: ''
-      return temp.substring(3, end == -1 ? temp.length : end).trim()
+      } as ExecOutput
    }
 
    private containsFilenames(str: string) {
       return str.includes('-f ') || str.includes('filename ')
    }
-
+}
-   private createTempManifestsDirectory() {
+
-      const manifestsDir = '/tmp/manifests'
+function createTempManifestsDirectory(): string {
-      if (!fs.existsSync('/tmp/manifests')) {
+   const manifestsDirPath = path.join(getTempDirectory(), 'manifests')
-         fs.mkdirSync('/tmp/manifests', {recursive: true})
+   if (!fs.existsSync(manifestsDirPath)) {
-      }
+      fs.mkdirSync(manifestsDirPath, {recursive: true})
-   }
+   }
-
+
-   private moveFileToTempManifestDir(file: string) {
+   return manifestsDirPath
-      this.createTempManifestsDirectory()
+}
-      if (!fs.existsSync('/tmp/' + file)) {
+
-         core.debug(
+export function replaceFileNamesWithShallowNamesRelativeToTemp(
-            '/tmp/' +
+   kubectlCmd: string
-               file +
+) {
-               ' does not exist, and therefore cannot be moved to the manifest directory'
+   let filenames = extractFileNames(kubectlCmd)
-         )
+   core.debug(`filenames originally provided in kubectl command: ${filenames}`)
-      }
+   let relativeShallowNames = filenames.map((filename) => {
-
+      const relativeName = path.relative(getTempDirectory(), filename)
-      fs.copyFile('/tmp/' + file, '/tmp/manifests/' + file, function (err) {
+
-         if (err) {
+      const relativePathElements = relativeName.split(path.sep)
-            core.debug(
+
-               'Could not rename ' +
+      const shallowName = relativePathElements.join('-')
-                  '/tmp/' +
+
-                  file +
+      // make manifests dir in temp if it doesn't already exist
-                  ' to  ' +
+      const manifestsTempDir = createTempManifestsDirectory()
-                  '/tmp/manifests/' +
+
-                  file +
+      const shallowPath = path.join(manifestsTempDir, shallowName)
-                  ' ERROR: ' +
+      core.debug(
-                  err
+         `moving contents from ${filename} to shallow location at ${shallowPath}`
-            )
+      )
-            return
+
-         }
+      core.debug(`reading contents from ${filename}`)
-         core.debug(
+      const contents = fs.readFileSync(filename).toString()
-            "Successfully moved file '" +
+
-               file +
+      core.debug(`writing contents to new path ${shallowPath}`)
-               "' from /tmp to /tmp/manifest directory"
+      fs.writeFileSync(shallowPath, contents)
-         )
+
-      })
+      return shallowName
-   }
+   })
+
+   let result = kubectlCmd
+   if (filenames.length != relativeShallowNames.length) {
+      throw Error(
+         'replacing filenames with relative path from temp dir, ' +
+            filenames.length +
+            ' filenames != ' +
+            relativeShallowNames.length +
+            'basenames'
+      )
+   }
+   for (let index = 0; index < filenames.length; index++) {
+      result = result.replace(filenames[index], relativeShallowNames[index])
+   }
+   return result
+}
+
+export function extractFileNames(strToParse: string) {
+   const fileNames: string[] = []
+   const argv = minimist(strToParse.split(' '))
+   const fArg = 'f'
+   const filenameArg = 'filename'
+
+   fileNames.push(...extractFilesFromMinimist(argv, fArg))
+   fileNames.push(...extractFilesFromMinimist(argv, filenameArg))
+
+   return fileNames
+}
+
+export function extractFilesFromMinimist(argv, arg: string): string[] {
+   if (!argv[arg]) {
+      return []
+   }
+   const toReturn: string[] = []
+   if (typeof argv[arg] === 'string') {
+      toReturn.push(...argv[arg].split(','))
+   } else {
+      for (const value of argv[arg] as string[]) {
+         toReturn.push(...value.split(','))
+      }
+   }
+
+   return toReturn
 }

src/types/routeStrategy.test.ts

@@ -1,4 +1,4 @@
-import {parseRouteStrategy, RouteStrategy} from './routeStrategy'
+import {parseRouteStrategy, RouteStrategy} from './routeStrategy.js'
 
 describe('Route strategy type', () => {
    test('it has required values', () => {

src/types/trafficSplitMethod.test.ts

@@ -1,4 +1,7 @@
-import {parseTrafficSplitMethod, TrafficSplitMethod} from './trafficSplitMethod'
+import {
+   parseTrafficSplitMethod,
+   TrafficSplitMethod
+} from './trafficSplitMethod.js'
 
 describe('Traffic split method type', () => {
    test('it has required values', () => {

src/utilities/arrayUtils.test.ts

@@ -1,4 +1,4 @@
-import {createInlineArray} from './arrayUtils'
+import {createInlineArray} from './arrayUtils.js'
 
 describe('array utilities', () => {
    it('creates an inline array', () => {

src/utilities/dockerUtils.test.ts

@@ -1,15 +1,20 @@
+import {vi} from 'vitest'
+vi.mock('@actions/io')
+
 import * as io from '@actions/io'
-import {checkDockerPath} from './dockerUtils'
+import {checkDockerPath} from './dockerUtils.js'
 
 describe('docker utilities', () => {
    it('checks if docker is installed', async () => {
       // docker installed
       const path = 'path'
-      jest.spyOn(io, 'which').mockImplementationOnce(async () => path)
+      vi.spyOn(io, 'which').mockImplementationOnce(async () => path)
       expect(() => checkDockerPath()).not.toThrow()
 
       // docker not installed
-      jest.spyOn(io, 'which').mockImplementationOnce(async () => undefined)
+      vi.spyOn(io, 'which').mockImplementationOnce(async () => {
+         throw new Error('not found')
+      })
       await expect(() => checkDockerPath()).rejects.toThrow()
    })
 })

src/utilities/dockerUtils.ts

@@ -1,8 +1,8 @@
 import * as io from '@actions/io'
-import {DeploymentConfig} from '../types/deploymentConfig'
+import {DeploymentConfig} from '../types/deploymentConfig.js'
 import * as core from '@actions/core'
-import {DockerExec} from '../types/docker'
+import {DockerExec} from '../types/docker.js'
-import {getNormalizedPath} from './githubUtils'
+import {getNormalizedPath} from './githubUtils.js'
 
 export async function getDeploymentConfig(): Promise<DeploymentConfig> {
    let helmChartPaths: string[] =
@@ -23,7 +23,11 @@ export async function getDeploymentConfig(): Promise<DeploymentConfig> {
       )
    }
 
-   const imageNames = core.getInput('images').split('\n') || []
+   const imageNames =
+      core
+         .getInput('images')
+         .split('\n')
+         .filter((image) => image.length > 0) || []
    const imageDockerfilePathMap: {[id: string]: string} = {}
 
    const pullImages = !(core.getInput('pull-images').toLowerCase() === 'false')

src/utilities/durationUtils.test.ts

@@ -0,0 +1,167 @@
+import {vi, type Mocked} from 'vitest'
+import {parseDuration} from './durationUtils.js'
+import * as core from '@actions/core'
+
+// Mock core.debug
+vi.mock('@actions/core')
+const mockCore = core as Mocked<typeof core>
+
+// Test data constants
+const VALID_TIMEOUTS = {
+   withUnits: ['5s', '10m', '1h', '500ms'],
+   decimals: ['0.5s', '1.25m', '2.5h'],
+   caseInsensitive: ['5S', '10M', '1H'],
+   expectedLowercase: ['5s', '10m', '1h'],
+   bareNumbers: ['5', '15', '120'],
+   expectedWithMinutes: ['5m', '15m', '120m'],
+   whitespace: ['  10s', '1m  ', '\t2h\n'],
+   expectedTrimmed: ['10s', '1m', '2h'],
+   rangeValid: ['1ms', '999ms', '0.5s', '1439m', '23.999h'],
+   edgeCases: ['0.001s', '0.0167m', '24h']
+}
+
+const INVALID_TIMEOUTS = {
+   badFormats: ['', 'abc', '30x', '30 s', '30sm'],
+   negative: ['-5m', '-1s', '-0.5h'],
+   zero: ['0s', '0m', '0h', '0ms'],
+   belowMin: ['0.0001s', '0.00001ms'],
+   aboveMax: ['25h', '1441m', '86401s']
+}
+
+const ERROR_MESSAGES = {
+   invalidFormat: (input: string) =>
+      `Invalid duration format: "${input}". Use: number + unit (30s, 5m, 1h) or just number (assumes minutes)`,
+   notPositive: (input: string) => `Duration must be positive: "${input}"`,
+   outOfRange: (input: string) =>
+      `Duration out of range (1ms to 24h): "${input}"`
+}
+
+// Helper functions
+const expectValidTimeout = (input: string, expected: string) => {
+   expect(parseDuration(input)).toBe(expected)
+}
+
+const expectInvalidTimeout = (input: string, expectedError: string) => {
+   expect(() => parseDuration(input)).toThrow(expectedError)
+}
+
+describe('validateTimeoutDuration', () => {
+   beforeEach(() => {
+      vi.clearAllMocks()
+   })
+
+   describe('valid timeout formats', () => {
+      const validCases: Array<[string, string, string]> = [
+         ...VALID_TIMEOUTS.withUnits.map((v): [string, string, string] => [
+            v,
+            v,
+            'accepts number with valid units'
+         ]),
+         ...VALID_TIMEOUTS.decimals.map((v): [string, string, string] => [
+            v,
+            v,
+            'accepts decimal number with units'
+         ]),
+         ...VALID_TIMEOUTS.caseInsensitive.map(
+            (v, i): [string, string, string] => [
+               v,
+               VALID_TIMEOUTS.expectedLowercase[i],
+               'handles case-insensitive units'
+            ]
+         ),
+         ...VALID_TIMEOUTS.bareNumbers.map((v, i): [string, string, string] => [
+            v,
+            VALID_TIMEOUTS.expectedWithMinutes[i],
+            'assumes minutes for bare numbers'
+         ]),
+         ...VALID_TIMEOUTS.whitespace.map((v, i): [string, string, string] => [
+            v,
+            VALID_TIMEOUTS.expectedTrimmed[i],
+            'trims whitespace'
+         ])
+      ]
+
+      test.each(validCases)('%s → %s (%s)', (input, expected, description) => {
+         expectValidTimeout(input, expected)
+      })
+
+      test('logs assumption for bare numbers only', () => {
+         parseDuration('5')
+         expect(mockCore.debug).toHaveBeenCalledWith(
+            'No unit specified for timeout "5", assuming minutes'
+         )
+
+         vi.clearAllMocks()
+
+         parseDuration('30s')
+         expect(mockCore.debug).not.toHaveBeenCalled()
+      })
+   })
+
+   describe('invalid timeout formats', () => {
+      const invalidCases: Array<[string, string]> = [
+         ...INVALID_TIMEOUTS.badFormats.map((t): [string, string] => [
+            t,
+            ERROR_MESSAGES.invalidFormat(t)
+         ]),
+         ...INVALID_TIMEOUTS.negative.map((t): [string, string] => [
+            t,
+            ERROR_MESSAGES.invalidFormat(t)
+         ]),
+         ...INVALID_TIMEOUTS.zero.map((t): [string, string] => [
+            t,
+            ERROR_MESSAGES.notPositive(t)
+         ])
+      ]
+
+      test.each(invalidCases)('rejects %s', (input, expectedError) => {
+         expectInvalidTimeout(input, expectedError)
+      })
+   })
+
+   describe('range validation', () => {
+      const rangeCases: Array<[string, string, boolean]> = [
+         ...VALID_TIMEOUTS.rangeValid.map((v): [string, string, boolean] => [
+            v,
+            v,
+            true
+         ]),
+         ...INVALID_TIMEOUTS.belowMin.map((v): [string, string, boolean] => [
+            v,
+            ERROR_MESSAGES.outOfRange(v),
+            false
+         ]),
+         ...INVALID_TIMEOUTS.aboveMax.map((v): [string, string, boolean] => [
+            v,
+            ERROR_MESSAGES.outOfRange(v),
+            false
+         ]),
+         ...VALID_TIMEOUTS.edgeCases.map((v): [string, string, boolean] => [
+            v,
+            v,
+            true
+         ])
+      ]
+
+      test.each(rangeCases)('%s is %s', (input, expected, isValid) => {
+         if (isValid) {
+            expectValidTimeout(input, expected)
+         } else {
+            expectInvalidTimeout(input, expected)
+         }
+      })
+   })
+
+   describe('edge cases', () => {
+      test.each([
+         ['0.001s', '0.001s'],
+         ['0.0167m', '0.0167m'],
+         ['23.999h', '23.999h'],
+         ['1439m', '1439m'],
+         ['5.0m', '5m'],
+         ['005s', '5s']
+      ])('parses and normalizes: %s → %s', (input, expected) => {
+         expectValidTimeout(input, expected)
+      })
+   })
+})

src/utilities/durationUtils.ts

@@ -0,0 +1,38 @@
+import * as core from '@actions/core'
+
+export function parseDuration(duration: string): string {
+   const trimmed = duration.trim()
+
+   // Parse number and optional unit using regex
+   const match = /^(\d+(?:\.\d+)?)(ms|s|m|h)?$/i.exec(trimmed)
+   if (!match) {
+      throw new Error(
+         `Invalid duration format: "${duration}". Use: number + unit (30s, 5m, 1h) or just number (assumes minutes)`
+      )
+   }
+
+   const value = parseFloat(match[1])
+   const unit = match[2]?.toLowerCase() || 'm'
+
+   if (value <= 0) {
+      throw new Error(`Duration must be positive: "${duration}"`)
+   }
+
+   // Calculate total seconds for validation
+   const multipliers = {ms: 0.001, s: 1, m: 60, h: 3600}
+   const totalSeconds = value * multipliers[unit as keyof typeof multipliers]
+
+   // Validate bounds (1ms to 24h)
+   if (totalSeconds < 0.001 || totalSeconds > 86400) {
+      throw new Error(`Duration out of range (1ms to 24h): "${duration}"`)
+   }
+
+   // Log assumption for bare numbers (when no unit was provided)
+   if (!duration.trim().match(/\d+(ms|s|m|h)$/i)) {
+      core.debug(
+         `No unit specified for timeout "${duration}", assuming minutes`
+      )
+   }
+
+   return `${value}${unit}`
+}

src/utilities/fileUtils.test.ts

@@ -1,29 +1,71 @@
-import {getFilesFromDirectories} from './fileUtils'
+import {vi} from 'vitest'
+import * as fileUtils from './fileUtils.js'
 
+import * as yaml from 'js-yaml'
+import fs from 'node:fs'
+import os from 'node:os'
 import * as path from 'path'
+import {K8sObject} from '../types/k8sObject.js'
 
+const sampleYamlUrl =
+   'https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/controllers/nginx-deployment.yaml'
 describe('File utils', () => {
-   it('detects files in nested directories and ignores non-manifest files and empty dirs', () => {
+   beforeAll(() => {
+      process.env.GITHUB_WORKSPACE ??= process.cwd()
+   })
+   test('correctly parses a yaml file from a URL', async () => {
+      const tempFile = await fileUtils.writeYamlFromURLToFile(sampleYamlUrl, 0)
+      const fileContents = fs.readFileSync(tempFile).toString()
+      const inputObjects: K8sObject[] = yaml.loadAll(
+         fileContents
+      ) as K8sObject[]
+      expect(inputObjects).toHaveLength(1)
+
+      for (const obj of inputObjects) {
+         expect(obj.metadata.name).toBe('nginx-deployment')
+         expect(obj.kind).toBe('Deployment')
+      }
+   })
+
+   it('fails when a bad URL is given among other files', async () => {
+      const badUrl = 'https://www.github.com'
+
       const testPath = path.join('test', 'unit', 'manifests')
-      const testSearch: string[] = getFilesFromDirectories([testPath])
+      await expect(
+         fileUtils.getFilesFromDirectoriesAndURLs([testPath, badUrl])
+      ).rejects.toThrow()
+   })
+
+   it('detects files in nested directories with the same name and ignores non-manifest files and empty dirs', async () => {
+      const testPath = path.join('test', 'unit', 'manifests')
+      const testSearch: string[] =
+         await fileUtils.getFilesFromDirectoriesAndURLs([
+            testPath,
+            sampleYamlUrl
+         ])
 
       const expectedManifests = [
-         'test/unit/manifests/manifest_test_dir/another_layer/deep-ingress.yaml',
+         'test/unit/manifests/manifest_test_dir/another_layer/test-ingress.yaml',
-         'test/unit/manifests/manifest_test_dir/another_layer/deep-service.yaml',
+         'test/unit/manifests/manifest_test_dir/another_layer/nested-test-service.yaml',
          'test/unit/manifests/manifest_test_dir/nested-test-service.yaml',
          'test/unit/manifests/test-ingress.yml',
          'test/unit/manifests/test-ingress-new.yml',
-         'test/unit/manifests/test-service.yml'
+         'test/unit/manifests/test-service.yml',
+         'test/unit/manifests/basic-test.yml'
       ]
 
-      // is there a more efficient way to test equality w random order?
+      expect(testSearch).toHaveLength(10)
-      expect(testSearch).toHaveLength(7)
       expectedManifests.forEach((fileName) => {
-         expect(testSearch).toContain(fileName)
+         if (fileName.startsWith('test/unit')) {
+            expect(testSearch).toContain(path.resolve(fileName))
+         } else {
+            expect(fileName.includes(fileUtils.urlFileKind)).toBe(true)
+            expect(fileName.startsWith(fileUtils.getTempDirectory()))
+         }
       })
    })
 
-   it('crashes when an invalid file is provided', () => {
+   it('crashes when an invalid file is provided', async () => {
       const badPath = path.join('test', 'unit', 'manifests', 'nonexistent.yaml')
       const goodPath = path.join(
          'test',
@@ -32,12 +74,12 @@ describe('File utils', () => {
          'manifest_test_dir'
       )
 
-      expect(() => {
+      await expect(
-         getFilesFromDirectories([badPath, goodPath])
+         fileUtils.getFilesFromDirectoriesAndURLs([badPath, goodPath])
-      }).toThrowError()
+      ).rejects.toThrow()
    })
 
-   it("doesn't duplicate files when nested dir included", () => {
+   it("doesn't duplicate files when nested dir included", async () => {
       const outerPath = path.join('test', 'unit', 'manifests')
       const fileAtOuter = path.join(
          'test',
@@ -53,11 +95,380 @@ describe('File utils', () => {
       )
 
       expect(
-         getFilesFromDirectories([outerPath, fileAtOuter, innerPath])
+         await fileUtils.getFilesFromDirectoriesAndURLs([
-      ).toHaveLength(7)
+            outerPath,
+            fileAtOuter,
+            innerPath
+         ])
+      ).toHaveLength(9)
+   })
+
+   it('throws an error for an invalid URL', async () => {
+      const badUrl = 'https://www.github.com'
+      await expect(
+         fileUtils.writeYamlFromURLToFile(badUrl, 0)
+      ).rejects.toBeTruthy()
+   })
+
+   it('rejects manifest inputs that resolve outside the workspace', async () => {
+      const originalWs = process.env.GITHUB_WORKSPACE
+      const ws = fs.mkdtempSync(path.join(os.tmpdir(), 'ws-'))
+      const outside = fs.mkdtempSync(path.join(os.tmpdir(), 'outside-'))
+      fs.writeFileSync(path.join(outside, 'secrets.yaml'), 'api_key: x')
+      process.env.GITHUB_WORKSPACE = ws
+      try {
+         await expect(
+            fileUtils.getFilesFromDirectoriesAndURLs([outside])
+         ).rejects.toThrow(/outside the workspace/)
+         await expect(
+            fileUtils.getFilesFromDirectoriesAndURLs([
+               path.join(outside, 'secrets.yaml')
+            ])
+         ).rejects.toThrow(/outside the workspace/)
+      } finally {
+         if (originalWs === undefined) delete process.env.GITHUB_WORKSPACE
+         else process.env.GITHUB_WORKSPACE = originalWs
+         fs.rmSync(ws, {recursive: true, force: true})
+         fs.rmSync(outside, {recursive: true, force: true})
+      }
+   })
+
+   it('rejects symlinks inside a directory that escape the workspace', async () => {
+      const originalWs = process.env.GITHUB_WORKSPACE
+      const ws = fs.mkdtempSync(path.join(os.tmpdir(), 'ws-'))
+      const outside = fs.mkdtempSync(path.join(os.tmpdir(), 'outside-'))
+      const escapeTarget = path.join(outside, 'passwd.yaml')
+      fs.writeFileSync(escapeTarget, 'root:x:0:0')
+      const dir = path.join(ws, 'manifests')
+      fs.mkdirSync(dir)
+      fs.symlinkSync(escapeTarget, path.join(dir, 'escape.yaml'))
+      process.env.GITHUB_WORKSPACE = ws
+      try {
+         await expect(
+            fileUtils.getFilesFromDirectoriesAndURLs([dir])
+         ).rejects.toThrow(/outside the workspace/)
+      } finally {
+         if (originalWs === undefined) delete process.env.GITHUB_WORKSPACE
+         else process.env.GITHUB_WORKSPACE = originalWs
+         fs.rmSync(ws, {recursive: true, force: true})
+         fs.rmSync(outside, {recursive: true, force: true})
+      }
    })
 })
 
-// files that don't exist / nested files that don't exist / something else with non-manifest
+describe('moveFileToTmpDir', () => {
-// lots of combinations of pointing to a directory and non yaml/yaml file
+   let workspace: string
-// similarly named files in different folders
+   let originalWorkspace: string | undefined
+   let originalTemp: string | undefined
+   let originalCwd: string
+   let tmpDir: string
+
+   beforeEach(() => {
+      originalWorkspace = process.env.GITHUB_WORKSPACE
+      originalTemp = process.env.RUNNER_TEMP
+      originalCwd = process.cwd()
+      workspace = fs.mkdtempSync(path.join(os.tmpdir(), 'ws-'))
+      tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'rt-'))
+      process.env.GITHUB_WORKSPACE = workspace
+      process.env.RUNNER_TEMP = tmpDir
+   })
+
+   afterEach(() => {
+      process.chdir(originalCwd)
+      if (originalWorkspace === undefined) delete process.env.GITHUB_WORKSPACE
+      else process.env.GITHUB_WORKSPACE = originalWorkspace
+      if (originalTemp === undefined) delete process.env.RUNNER_TEMP
+      else process.env.RUNNER_TEMP = originalTemp
+      fs.rmSync(workspace, {recursive: true, force: true})
+      fs.rmSync(tmpDir, {recursive: true, force: true})
+   })
+
+   it('copies a workspace file to RUNNER_TEMP using a basename-only destination', () => {
+      const src = path.join(workspace, 'svc.yaml')
+      fs.writeFileSync(src, 'kind: Service')
+
+      const out = fileUtils.moveFileToTmpDir(src)
+
+      expect(fs.realpathSync(path.dirname(out))).toBe(fs.realpathSync(tmpDir))
+      expect(path.basename(out)).toMatch(/^svc_\d+_\d+\.yaml$/)
+      expect(fs.readFileSync(out).toString()).toBe('kind: Service')
+   })
+
+   it('rejects relative traversal that escapes the workspace', () => {
+      const outside = fs.mkdtempSync(path.join(os.tmpdir(), 'outside-'))
+      fs.writeFileSync(path.join(outside, 'secrets.yaml'), 'api_key: x')
+      process.chdir(workspace)
+      const rel = path.relative(workspace, path.join(outside, 'secrets.yaml'))
+      expect(() => fileUtils.moveFileToTmpDir(rel)).toThrow(
+         /outside the workspace/
+      )
+      fs.rmSync(outside, {recursive: true, force: true})
+   })
+
+   it('does not collide when two inputs share a basename', () => {
+      const a = path.join(workspace, 'a')
+      const b = path.join(workspace, 'b')
+      fs.mkdirSync(a)
+      fs.mkdirSync(b)
+      fs.writeFileSync(path.join(a, 'svc.yaml'), 'A')
+      fs.writeFileSync(path.join(b, 'svc.yaml'), 'B')
+
+      const outA = fileUtils.moveFileToTmpDir(path.join(a, 'svc.yaml'))
+      const outB = fileUtils.moveFileToTmpDir(path.join(b, 'svc.yaml'))
+
+      expect(outA).not.toBe(outB)
+      expect(fs.readFileSync(outA).toString()).toBe('A')
+      expect(fs.readFileSync(outB).toString()).toBe('B')
+   })
+})
+
+describe('assertPathWithinWorkspace', () => {
+   let workspace: string
+   let outside: string
+   let originalWorkspace: string | undefined
+   let originalCwd: string
+
+   beforeEach(() => {
+      originalWorkspace = process.env.GITHUB_WORKSPACE
+      originalCwd = process.cwd()
+      workspace = fs.mkdtempSync(path.join(os.tmpdir(), 'ws-'))
+      outside = fs.mkdtempSync(path.join(os.tmpdir(), 'outside-'))
+      process.env.GITHUB_WORKSPACE = workspace
+   })
+
+   afterEach(() => {
+      process.chdir(originalCwd)
+      if (originalWorkspace === undefined) {
+         delete process.env.GITHUB_WORKSPACE
+      } else {
+         process.env.GITHUB_WORKSPACE = originalWorkspace
+      }
+      fs.rmSync(workspace, {recursive: true, force: true})
+      fs.rmSync(outside, {recursive: true, force: true})
+   })
+
+   it('returns the resolved path for files inside the workspace', () => {
+      const inside = path.join(workspace, 'a.yaml')
+      fs.writeFileSync(inside, 'kind: X')
+      const result = fileUtils.assertPathWithinWorkspace(inside)
+      expect(result).toBe(fs.realpathSync(inside))
+   })
+
+   it('accepts workspace files whose basename starts with ..', () => {
+      const inside = path.join(workspace, '..bar.yaml')
+      fs.writeFileSync(inside, 'kind: X')
+      expect(fileUtils.assertPathWithinWorkspace(inside)).toBe(
+         fs.realpathSync(inside)
+      )
+   })
+
+   it('throws for relative traversal paths that escape the workspace', () => {
+      const target = path.join(outside, 'secrets.yaml')
+      fs.writeFileSync(target, 'api_key: secret')
+      const rel = path.relative(workspace, target)
+      process.chdir(workspace)
+      expect(() => fileUtils.assertPathWithinWorkspace(rel)).toThrow(
+         /outside the workspace/
+      )
+   })
+
+   it('resolves relative paths against GITHUB_WORKSPACE even when CWD differs', () => {
+      const inside = path.join(workspace, 'manifest.yaml')
+      fs.writeFileSync(inside, 'kind: X')
+      // Deliberately chdir somewhere unrelated so a process.cwd()-based
+      // resolver would either reject or resolve to the wrong place.
+      process.chdir(os.tmpdir())
+      const result = fileUtils.assertPathWithinWorkspace('manifest.yaml')
+      expect(result).toBe(fs.realpathSync(inside))
+   })
+
+   it('throws for absolute paths outside the workspace', () => {
+      const target = path.join(outside, 'secrets.yaml')
+      fs.writeFileSync(target, 'api_key: secret')
+      expect(() => fileUtils.assertPathWithinWorkspace(target)).toThrow(
+         /outside the workspace/
+      )
+   })
+
+   it('throws when a symlink inside the workspace points outside', () => {
+      const target = path.join(outside, 'secrets.yaml')
+      fs.writeFileSync(target, 'api_key: secret')
+      const link = path.join(workspace, 'evil.yaml')
+      fs.symlinkSync(target, link)
+      expect(() => fileUtils.assertPathWithinWorkspace(link)).toThrow(
+         /outside the workspace/
+      )
+   })
+
+   it('throws a clear error for missing files', () => {
+      const missing = path.join(workspace, 'nope.yaml')
+      expect(() => fileUtils.assertPathWithinWorkspace(missing)).toThrow(
+         /does not exist or is not readable/
+      )
+   })
+
+   it('skips containment when GITHUB_WORKSPACE is unset', () => {
+      delete process.env.GITHUB_WORKSPACE
+      const target = path.join(outside, 'whatever.yaml')
+      fs.writeFileSync(target, 'kind: X')
+      expect(fileUtils.assertPathWithinWorkspace(target)).toBe(target)
+   })
+})
+
+import {EventEmitter} from 'node:events'
+import {PassThrough} from 'node:stream'
+import * as https from 'node:https'
+
+const httpsState = vi.hoisted(() => ({impl: null as any}))
+
+vi.mock('https', async (importOriginal) => {
+   const actual = await importOriginal<typeof import('https')>()
+   const get = (...args: any[]) =>
+      httpsState.impl ? httpsState.impl(...args) : (actual.get as any)(...args)
+   return {
+      ...actual,
+      default: {...actual, get},
+      get
+   }
+})
+
+describe('writeYamlFromURLToFile error handling', () => {
+   let tempDir: string
+   let originalRunnerTemp: string | undefined
+
+   beforeEach(() => {
+      originalRunnerTemp = process.env.RUNNER_TEMP
+      tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'url-fetch-'))
+      process.env.RUNNER_TEMP = tempDir
+   })
+
+   afterEach(() => {
+      httpsState.impl = null
+      vi.restoreAllMocks()
+      if (originalRunnerTemp === undefined) {
+         delete process.env.RUNNER_TEMP
+      } else {
+         process.env.RUNNER_TEMP = originalRunnerTemp
+      }
+      fs.rmSync(tempDir, {recursive: true, force: true})
+   })
+
+   // Wait one tick so cleanupAndReject's async fs.rm callback can fire
+   // before the test inspects the temp directory.
+   const waitForCleanup = () =>
+      new Promise<void>((r) => setImmediate(() => setImmediate(r)))
+
+   function mockHttpsGet(
+      makeResponse: () => {
+         response: EventEmitter & {
+            statusCode?: number
+            statusMessage?: string
+            pipe: PassThrough['pipe']
+            resume: () => void
+         }
+         requestEmitter: EventEmitter
+      }
+   ) {
+      httpsState.impl = ((url: string, cb?: any) => {
+         const {response, requestEmitter} = makeResponse()
+         if (cb) setImmediate(() => cb(response))
+         return requestEmitter as any
+      }) as any
+   }
+
+   it('rejects on HTTP 500 without writing a file', async () => {
+      const requestEmitter = new EventEmitter()
+      const response = Object.assign(new PassThrough(), {
+         statusCode: 500,
+         statusMessage: 'Server Error',
+         resume() {
+            /* drain */
+         }
+      })
+      mockHttpsGet(() => ({response: response as any, requestEmitter}))
+
+      await expect(
+         fileUtils.writeYamlFromURLToFile('https://example.com/x.yaml', 99)
+      ).rejects.toThrow(/Server Error/)
+   })
+
+   it('rejects when the response stream errors mid-download', async () => {
+      const requestEmitter = new EventEmitter()
+      const response = Object.assign(new PassThrough(), {
+         statusCode: 200,
+         statusMessage: 'OK',
+         resume() {}
+      })
+      mockHttpsGet(() => ({response: response as any, requestEmitter}))
+
+      const p = fileUtils.writeYamlFromURLToFile(
+         'https://example.com/y.yaml',
+         100
+      )
+      setImmediate(() => response.emit('error', new Error('socket reset')))
+      await expect(p).rejects.toThrow(/socket reset/)
+   })
+
+   it('rejects on request-level errors', async () => {
+      const requestEmitter = new EventEmitter()
+      const response = Object.assign(new PassThrough(), {
+         statusCode: 200,
+         resume() {}
+      })
+      mockHttpsGet(() => ({response: response as any, requestEmitter}))
+
+      const p = fileUtils.writeYamlFromURLToFile(
+         'https://example.com/z.yaml',
+         101
+      )
+      setImmediate(() => requestEmitter.emit('error', new Error('DNS failure')))
+      await expect(p).rejects.toThrow(/DNS failure/)
+   })
+
+   it('removes temp file when verification fails', async () => {
+      const requestEmitter = new EventEmitter()
+      const response = Object.assign(new PassThrough(), {
+         statusCode: 200,
+         statusMessage: 'OK'
+      })
+      mockHttpsGet(() => ({response: response as any, requestEmitter}))
+
+      const before = new Set(fs.readdirSync(tempDir))
+      const p = fileUtils.writeYamlFromURLToFile(
+         'https://example.com/bad.yaml',
+         200
+      )
+      // Stream a YAML document missing required k8s fields so verifyYaml fails.
+      setImmediate(() => {
+         response.end('not: a-real-manifest\n')
+      })
+      await expect(p).rejects.toThrow(/missing fields|failed to parse/)
+      await waitForCleanup()
+      const after = fs.readdirSync(tempDir).filter((f) => !before.has(f))
+      expect(after).toEqual([])
+   })
+
+   it('removes temp file on mid-stream response error', async () => {
+      const requestEmitter = new EventEmitter()
+      const response = Object.assign(new PassThrough(), {
+         statusCode: 200,
+         statusMessage: 'OK',
+         resume() {}
+      })
+      mockHttpsGet(() => ({response: response as any, requestEmitter}))
+
+      const before = new Set(fs.readdirSync(tempDir))
+      const p = fileUtils.writeYamlFromURLToFile(
+         'https://example.com/midstream.yaml',
+         201
+      )
+      setImmediate(() => {
+         response.write('kind: Foo\n')
+         response.emit('error', new Error('socket reset'))
+      })
+      await expect(p).rejects.toThrow(/socket reset/)
+      await waitForCleanup()
+      const after = fs.readdirSync(tempDir).filter((f) => !before.has(f))
+      expect(after).toEqual([])
+   })
+})

src/utilities/fileUtils.ts

@@ -1,11 +1,64 @@
-import * as fs from 'fs'
+import fs from 'node:fs'
+import * as https from 'https'
 import * as path from 'path'
 import * as core from '@actions/core'
 import * as os from 'os'
-import {getCurrentTime} from './timeUtils'
+import * as yaml from 'js-yaml'
+import {Errorable, succeeded, failed, Failed} from '../types/errorable.js'
+import {getCurrentTime} from './timeUtils.js'
+import {isHttpUrl} from './githubUtils.js'
+import {K8sObject} from '../types/k8sObject.js'
+
+export const urlFileKind = 'urlfile'
+
+let moveCounter = 0
 
 export function getTempDirectory(): string {
-   return process.env['runner.tempDirectory'] || os.tmpdir()
+   return process.env['RUNNER_TEMP'] || os.tmpdir()
+}
+
+// Exported for tests. Validates that `inputPath` resolves (after symlink
+// resolution) to a location inside GITHUB_WORKSPACE. When GITHUB_WORKSPACE
+// is not set (e.g. local dev / unit tests), the check is skipped — callers
+// that write to RUNNER_TEMP still get protection from basename-only
+// destinations.
+export function assertPathWithinWorkspace(inputPath: string): string {
+   const workspace = process.env.GITHUB_WORKSPACE
+   if (!workspace) {
+      core.warning(
+         'GITHUB_WORKSPACE is not set; skipping manifest path containment check'
+      )
+      return inputPath
+   }
+   const resolvedWorkspace = fs.realpathSync(path.resolve(workspace))
+   // Resolve relative inputs against the workspace (not process.cwd()), so
+   // a relative `manifests:` input is interpreted consistently regardless of
+   // whether a prior step changed the working directory. Absolute paths are
+   // passed through unchanged and still validated below.
+   const absoluteInput = path.isAbsolute(inputPath)
+      ? inputPath
+      : path.resolve(resolvedWorkspace, inputPath)
+   let resolvedInput: string
+   try {
+      resolvedInput = fs.realpathSync(absoluteInput)
+   } catch (e) {
+      throw new Error(
+         `manifest path ${inputPath} does not exist or is not readable: ${e}`
+      )
+   }
+   const rel = path.relative(resolvedWorkspace, resolvedInput)
+   if (
+      rel === '' ||
+      (rel !== '..' &&
+         !rel.startsWith('..' + path.sep) &&
+         !path.isAbsolute(rel))
+   ) {
+      return resolvedInput
+   }
+   throw new Error(
+      `manifest path ${inputPath} resolves to ${resolvedInput}, ` +
+         `which is outside the workspace ${resolvedWorkspace}`
+   )
 }
 
 export function writeObjectsToFile(inputObjects: any[]): string[] {
@@ -16,7 +69,7 @@ export function writeObjectsToFile(inputObjects: any[]): string[] {
          const inputObjectString = JSON.stringify(inputObject)
 
          if (inputObject?.metadata?.name) {
-            const fileName = getManifestFileName(
+            const fileName = getNewTempManifestFileName(
                inputObject.kind,
                inputObject.metadata.name
             )
@@ -45,7 +98,7 @@ export function writeManifestToFile(
 ): string {
    if (inputObjectString) {
       try {
-         const fileName = getManifestFileName(kind, name)
+         const fileName = getNewTempManifestFileName(kind, name)
          fs.writeFileSync(path.join(fileName), inputObjectString)
          return fileName
       } catch (ex) {
@@ -56,26 +109,64 @@ export function writeManifestToFile(
    }
 }
 
-function getManifestFileName(kind: string, name: string) {
+export function moveFileToTmpDir(originalFilepath: string) {
+   const safeSource = assertPathWithinWorkspace(originalFilepath)
+   const tempDirectory = getTempDirectory()
+   const ext = path.extname(safeSource)
+   const base = path.basename(safeSource, ext)
+   const uniqueName = `${base}_${getCurrentTime()}_${moveCounter++}${ext}`
+   const newPath = path.join(tempDirectory, uniqueName)
+
+   core.debug(`reading original contents from path: ${originalFilepath}`)
+   const contents = fs.readFileSync(safeSource)
+
+   core.debug(`writing contents to new path ${newPath}`)
+   fs.writeFileSync(newPath, contents)
+
+   core.debug(`moved contents from ${originalFilepath} to ${newPath}`)
+   return newPath
+}
+
+function getNewTempManifestFileName(kind: string, name: string) {
    const filePath = `${kind}_${name}_${getCurrentTime().toString()}`
    const tempDirectory = getTempDirectory()
    return path.join(tempDirectory, path.basename(filePath))
 }
 
-export function getFilesFromDirectories(filePaths: string[]): string[] {
+export async function getFilesFromDirectoriesAndURLs(
+   filePaths: string[]
+): Promise<string[]> {
    const fullPathSet: Set<string> = new Set<string>()
 
-   filePaths.forEach((fileName) => {
+   let fileCounter = 0
+   for (const fileName of filePaths) {
       try {
-         if (fs.lstatSync(fileName).isDirectory()) {
+         if (isHttpUrl(fileName)) {
-            recurisveManifestGetter(fileName).forEach((file) => {
+            try {
+               const tempFilePath: string = await writeYamlFromURLToFile(
+                  fileName,
+                  fileCounter++
+               )
+               fullPathSet.add(tempFilePath)
+            } catch (e) {
+               throw Error(
+                  `encountered error trying to pull YAML from URL ${fileName}: ${e}`
+               )
+            }
+            continue
+         }
+
+         const safePath = assertPathWithinWorkspace(fileName)
+
+         if (fs.lstatSync(safePath).isDirectory()) {
+            recurisveManifestGetter(safePath).forEach((file) => {
                fullPathSet.add(file)
             })
          } else if (
-            getFileExtension(fileName) === 'yml' ||
+            getFileExtension(safePath) === 'yml' ||
-            getFileExtension(fileName) === 'yaml'
+            getFileExtension(safePath) === 'yaml'
          ) {
-            fullPathSet.add(fileName)
+            fullPathSet.add(safePath)
          } else {
             core.debug(
                `Detected non-manifest file, ${fileName}, continuing... `
@@ -86,9 +177,96 @@ export function getFilesFromDirectories(filePaths: string[]): string[] {
             `Exception occurred while reading the file ${fileName}: ${ex}`
          )
       }
-   })
+   }
 
-   return Array.from(fullPathSet)
+   const arr = Array.from(fullPathSet)
+   return arr
+}
+
+export async function writeYamlFromURLToFile(
+   url: string,
+   fileNumber: number
+): Promise<string> {
+   return new Promise((resolve, reject) => {
+      https
+         .get(url, (response) => {
+            const code = response.statusCode ?? 0
+            if (code >= 400) {
+               response.resume()
+               reject(
+                  new Error(
+                     `received response status ${response.statusMessage} from url ${url}`
+                  )
+               )
+               return
+            }
+
+            const targetPath = getNewTempManifestFileName(
+               urlFileKind,
+               fileNumber.toString()
+            )
+            // Once the write stream is created the file exists on disk;
+            // route all post-stream rejections through this helper so we
+            // don't leave truncated YAML in RUNNER_TEMP for later tooling
+            // to pick up. Do NOT unlink on the success path.
+            const cleanupAndReject = (err: unknown) => {
+               fs.rm(targetPath, {force: true}, () => reject(err))
+            }
+            const fileWriter = fs.createWriteStream(targetPath)
+            fileWriter.on('error', cleanupAndReject)
+            fileWriter.on('finish', () => {
+               try {
+                  const verification = verifyYaml(targetPath, url)
+                  if (succeeded(verification)) {
+                     core.debug(
+                        `outputting YAML contents from ${url} to ${targetPath}: ${JSON.stringify(
+                           verification.result
+                        )}`
+                     )
+                     resolve(targetPath)
+                  } else {
+                     cleanupAndReject(new Error(verification.error))
+                  }
+               } catch (e) {
+                  cleanupAndReject(e)
+               }
+            })
+            response.on('error', cleanupAndReject)
+            response.pipe(fileWriter)
+         })
+         .on('error', reject)
+   })
+}
+
+function verifyYaml(filepath: string, url: string): Errorable<K8sObject[]> {
+   const fileContents = fs.readFileSync(filepath).toString()
+   let inputObjects
+   try {
+      inputObjects = yaml.loadAll(fileContents)
+   } catch (e) {
+      return {
+         succeeded: false,
+         error: `failed to parse manifest from url ${url}: ${e}`
+      }
+   }
+
+   if (!inputObjects || inputObjects.length == 0) {
+      return {
+         succeeded: false,
+         error: `failed to parse manifest from url ${url}: no objects detected in manifest`
+      }
+   }
+
+   for (const obj of inputObjects) {
+      if (obj == null || !obj.kind || !obj.apiVersion || !obj.metadata) {
+         return {
+            succeeded: false,
+            error: `failed to parse manifest from ${url}: missing fields`
+         }
+      }
+   }
+
+   return {succeeded: true, result: inputObjects}
 }
 
 function recurisveManifestGetter(dirName: string): string[] {
@@ -102,7 +280,7 @@ function recurisveManifestGetter(dirName: string): string[] {
          getFileExtension(fileName) === 'yml' ||
          getFileExtension(fileName) === 'yaml'
       ) {
-         toRet.push(path.join(dirName, fileName))
+         toRet.push(assertPathWithinWorkspace(fnwd))
       } else {
          core.debug(`Detected non-manifest file, ${fileName}, continuing... `)
       }

src/utilities/githubUtils.test.ts

@@ -2,7 +2,7 @@ import {
    getNormalizedPath,
    isHttpUrl,
    normalizeWorkflowStrLabel
-} from './githubUtils'
+} from './githubUtils.js'
 
 describe('Github utils', () => {
    it('normalizes workflow string labels', () => {

src/utilities/githubUtils.ts

@@ -1,4 +1,4 @@
-import {GitHubClient, OkStatusCode} from '../types/githubClient'
+import {GitHubClient, OkStatusCode} from '../types/githubClient.js'
 import * as core from '@actions/core'
 
 export async function getWorkflowFilePath(

src/utilities/kubectlUtils.test.ts

@@ -1,6 +1,9 @@
+import {vi} from 'vitest'
+vi.mock('@actions/core')
+
 import * as core from '@actions/core'
 import {ExecOutput} from '@actions/exec'
-import {checkForErrors} from './kubectlUtils'
+import {checkForErrors} from './kubectlUtils.js'
 
 describe('Kubectl utils', () => {
    it('checks for errors', () => {
@@ -39,23 +42,24 @@ describe('Kubectl utils', () => {
       ).toThrow()
 
       // with warn behavior
-      jest.spyOn(core, 'warning').mockImplementation(() => {})
+      const warnSpy = vi.spyOn(core, 'warning').mockImplementation(() => {})
+      warnSpy.mockClear()
       let warningCalls = 0
       expect(() => checkForErrors([success], true)).not.toThrow()
-      expect(core.warning).toBeCalledTimes(warningCalls)
+      expect(core.warning).toHaveBeenCalledTimes(warningCalls)
 
       expect(() => checkForErrors([successWithStderr], true)).not.toThrow()
-      expect(core.warning).toBeCalledTimes(++warningCalls)
+      expect(core.warning).toHaveBeenCalledTimes(++warningCalls)
 
       expect(() =>
          checkForErrors([success, successWithStderr], true)
       ).not.toThrow()
-      expect(core.warning).toBeCalledTimes(++warningCalls)
+      expect(core.warning).toHaveBeenCalledTimes(++warningCalls)
 
       expect(() => checkForErrors([failWithExitCode], true)).not.toThrow()
-      expect(core.warning).toBeCalledTimes(++warningCalls)
+      expect(core.warning).toHaveBeenCalledTimes(++warningCalls)
 
       expect(() => checkForErrors([failWithExitWithStderr], true)).not.toThrow()
-      expect(core.warning).toBeCalledTimes(++warningCalls)
+      expect(core.warning).toHaveBeenCalledTimes(++warningCalls)
    })
 })

src/utilities/kubectlUtils.ts

@@ -1,6 +1,8 @@
 import * as core from '@actions/core'
 import {ExecOutput} from '@actions/exec'
-import {Kubectl} from '../types/kubectl'
+import {Kubectl} from '../types/kubectl.js'
+
+const NAMESPACE = 'namespace'
 
 export function checkForErrors(
    execResults: ExecOutput[],
@@ -30,7 +32,12 @@ export async function getLastSuccessfulRunSha(
    annotationKey: string
 ): Promise<string> {
    try {
-      const result = await kubectl.getResource('namespace', namespaceName)
+      const result = await kubectl.getResource(
+         NAMESPACE,
+         namespaceName,
+         false,
+         namespaceName
+      )
       if (result?.stderr) {
          core.warning(result.stderr)
          return process.env.GITHUB_SHA
@@ -53,15 +60,23 @@ export async function annotateChildPods(
    kubectl: Kubectl,
    resourceType: string,
    resourceName: string,
-   annotationKeyValStr: string,
+   namespace: string | undefined,
-   allPods
+   annotationKeyValStr: string
 ): Promise<ExecOutput[]> {
    let owner = resourceName
    if (resourceType.toLowerCase().indexOf('deployment') > -1) {
-      owner = await kubectl.getNewReplicaSet(resourceName)
+      owner = await kubectl.getNewReplicaSet(resourceName, namespace)
    }
 
    const commandExecutionResults = []
+
+   let allPods
+   try {
+      allPods = JSON.parse((await kubectl.getAllPods()).stdout)
+   } catch (e) {
+      core.debug(`Unable to parse pods: ${e}`)
+   }
+
    if (allPods?.items && allPods.items?.length > 0) {
       allPods.items.forEach((pod) => {
          const owners = pod?.metadata?.ownerReferences
@@ -72,7 +87,8 @@ export async function annotateChildPods(
                      kubectl.annotate(
                         'pod',
                         pod.metadata.name,
-                        annotationKeyValStr
+                        annotationKeyValStr,
+                        namespace
                      )
                   )
                   break

src/utilities/manifestPullSecretUtils.ts

@@ -1,20 +1,23 @@
-import {KubernetesWorkload} from '../types/kubernetesTypes'
+import {KubernetesWorkload} from '../types/kubernetesTypes.js'
 
 export function getImagePullSecrets(inputObject: any) {
-   if (!inputObject?.spec) return null
+   const kind = inputObject?.kind?.toLowerCase()
+   const spec = inputObject?.spec
 
-   if (
+   if (!spec || !kind) return null
-      inputObject.kind.toLowerCase() ===
-      KubernetesWorkload.CRON_JOB.toLowerCase()
-   )
-      return inputObject?.spec?.jobTemplate?.spec?.template?.spec
-         ?.imagePullSecrets
 
-   if (inputObject.kind.toLowerCase() === KubernetesWorkload.POD.toLowerCase())
+   switch (kind) {
-      return inputObject.spec.imagePullSecrets
+      case KubernetesWorkload.CRON_JOB.toLowerCase():
+         return spec.jobTemplate?.spec?.template?.spec?.imagePullSecrets
 
-   if (inputObject?.spec?.template?.spec) {
+      case KubernetesWorkload.SCALED_JOB.toLowerCase():
-      return inputObject.spec.template.spec.imagePullSecrets
+         return spec.jobTargetRef?.template?.spec?.imagePullSecrets
+
+      case KubernetesWorkload.POD.toLowerCase():
+         return spec.imagePullSecrets
+
+      default:
+         return spec.template?.spec?.imagePullSecrets || null
    }
 }
 
@@ -22,27 +25,34 @@ export function setImagePullSecrets(
    inputObject: any,
    newImagePullSecrets: any
 ) {
-   if (!inputObject || !inputObject.spec || !newImagePullSecrets) return
+   const kind = inputObject?.kind?.toLowerCase()
+   const spec = inputObject?.spec
 
-   if (
+   if (!inputObject || !spec || !newImagePullSecrets || !kind) return
-      inputObject.kind.toLowerCase() === KubernetesWorkload.POD.toLowerCase()
-   ) {
-      inputObject.spec.imagePullSecrets = newImagePullSecrets
-      return
-   }
 
-   if (
+   switch (kind) {
-      inputObject.kind.toLowerCase() ===
+      case KubernetesWorkload.POD.toLowerCase():
-      KubernetesWorkload.CRON_JOB.toLowerCase()
+         spec.imagePullSecrets = newImagePullSecrets
-   ) {
+         break
-      if (inputObject?.spec?.jobTemplate?.spec?.template?.spec)
-         inputObject.spec.jobTemplate.spec.template.spec.imagePullSecrets =
-            newImagePullSecrets
-      return
-   }
 
-   if (inputObject?.spec?.template?.spec) {
+      case KubernetesWorkload.CRON_JOB.toLowerCase():
-      inputObject.spec.template.spec.imagePullSecrets = newImagePullSecrets
+         if (spec.jobTemplate?.spec?.template?.spec) {
-      return
+            spec.jobTemplate.spec.template.spec.imagePullSecrets =
+               newImagePullSecrets
+         }
+         break
+
+      case KubernetesWorkload.SCALED_JOB.toLowerCase():
+         if (spec.jobTargetRef?.template?.spec) {
+            spec.jobTargetRef.template.spec.imagePullSecrets =
+               newImagePullSecrets
+         }
+         break
+
+      default:
+         if (spec.template?.spec) {
+            spec.template.spec.imagePullSecrets = newImagePullSecrets
+         }
+         break
    }
 }

src/utilities/manifestSpecLabelUtils.ts

@@ -3,7 +3,7 @@ import {
    isServiceEntity,
    KubernetesWorkload,
    NullInputObjectError
-} from '../types/kubernetesTypes'
+} from '../types/kubernetesTypes.js'
 
 export function updateSpecLabels(
    inputObject: any,
@@ -30,30 +30,54 @@ export function updateSpecLabels(
 }
 
 function getSpecLabels(inputObject: any) {
-   if (!inputObject) return null
+   const kind = inputObject?.kind?.toLowerCase()
+   const spec = inputObject?.spec
 
-   if (inputObject.kind.toLowerCase() === KubernetesWorkload.POD.toLowerCase())
+   if (!inputObject || !kind) return null
-      return inputObject.metadata.labels
 
-   if (inputObject?.spec?.template?.metadata)
+   switch (kind) {
-      return inputObject.spec.template.metadata.labels
+      case KubernetesWorkload.POD.toLowerCase():
+         return inputObject.metadata.labels
 
-   return null
+      case KubernetesWorkload.CRON_JOB.toLowerCase():
+         return spec?.jobTemplate?.spec?.template?.metadata?.labels
+
+      case KubernetesWorkload.SCALED_JOB.toLowerCase():
+         return spec?.jobTargetRef?.template?.metadata?.labels
+
+      default:
+         return spec?.template?.metadata?.labels || null
+   }
 }
 
 function setSpecLabels(inputObject: any, newLabels: any) {
-   if (!inputObject || !newLabels) return null
+   const kind = inputObject?.kind?.toLowerCase()
+   const spec = inputObject?.spec
 
-   if (
+   if (!inputObject || !newLabels || !kind) return null
-      inputObject.kind.toLowerCase() === KubernetesWorkload.POD.toLowerCase()
-   ) {
-      inputObject.metadata.labels = newLabels
-      return
-   }
 
-   if (inputObject?.spec?.template?.metatada) {
+   switch (kind) {
-      inputObject.spec.template.metatada.labels = newLabels
+      case KubernetesWorkload.POD.toLowerCase():
-      return
+         inputObject.metadata.labels = newLabels
+         break
+
+      case KubernetesWorkload.CRON_JOB.toLowerCase():
+         if (spec?.jobTemplate?.spec?.template?.metadata) {
+            spec.jobTemplate.spec.template.metadata.labels = newLabels
+         }
+         break
+
+      case KubernetesWorkload.SCALED_JOB.toLowerCase():
+         if (spec?.jobTargetRef?.template?.metadata) {
+            spec.jobTargetRef.template.metadata.labels = newLabels
+         }
+         break
+
+      default:
+         if (spec?.template?.metadata) {
+            spec.template.metadata.labels = newLabels
+         }
+         break
    }
 }
 

src/utilities/manifestStabilityUtils.test.ts

@@ -0,0 +1,622 @@
+import {vi} from 'vitest'
+import type {MockInstance} from 'vitest'
+vi.mock('@actions/core', async (importOriginal) => {
+   const actual: any = await importOriginal()
+   return {
+      ...actual,
+      getInput: vi.fn().mockReturnValue(''),
+      debug: vi.fn(),
+      info: vi.fn(),
+      warning: vi.fn(),
+      error: vi.fn(),
+      setFailed: vi.fn(),
+      setOutput: vi.fn()
+   }
+})
+
+import * as manifestStabilityUtils from './manifestStabilityUtils.js'
+import {Kubectl} from '../types/kubectl.js'
+import {
+   ResourceTypeFleet,
+   ResourceTypeManagedCluster
+} from '../actions/deploy.js'
+import {ExecOutput} from '@actions/exec'
+import {exitCode, stdout} from 'process'
+import * as core from '@actions/core'
+import * as timeUtils from './timeUtils.js'
+
+describe('manifestStabilityUtils', () => {
+   const kc = new Kubectl('')
+   const resources = [
+      {
+         type: 'deployment',
+         name: 'test',
+         namespace: 'default'
+      }
+   ]
+
+   it('should return immediately if the resource type is fleet', async () => {
+      const spy = vi.spyOn(manifestStabilityUtils, 'checkManifestStability')
+      const checkRolloutStatusSpy = vi.spyOn(kc, 'checkRolloutStatus')
+      await manifestStabilityUtils.checkManifestStability(
+         kc,
+         resources,
+         ResourceTypeFleet
+      )
+
+      expect(checkRolloutStatusSpy).not.toHaveBeenCalled()
+      expect(spy).toHaveReturned()
+   })
+
+   it('should run fully if the resource type is managedCluster', async () => {
+      const spy = vi.spyOn(manifestStabilityUtils, 'checkManifestStability')
+      const checkRolloutStatusSpy = vi
+         .spyOn(kc, 'checkRolloutStatus')
+         .mockImplementation(() => {
+            return new Promise<ExecOutput>((resolve, reject) => {
+               resolve({
+                  exitCode: 0,
+                  stderr: '',
+                  stdout: ''
+               })
+            })
+         })
+      await manifestStabilityUtils.checkManifestStability(
+         kc,
+         resources,
+         ResourceTypeManagedCluster
+      )
+
+      expect(checkRolloutStatusSpy).toHaveBeenCalled()
+      expect(spy).toHaveReturned()
+   })
+
+   it('should pass timeout to checkRolloutStatus when provided', async () => {
+      const timeout = '300s'
+      const checkRolloutStatusSpy = vi
+         .spyOn(kc, 'checkRolloutStatus')
+         .mockImplementation(() => {
+            return new Promise<ExecOutput>((resolve, reject) => {
+               resolve({
+                  exitCode: 0,
+                  stderr: '',
+                  stdout: ''
+               })
+            })
+         })
+
+      await manifestStabilityUtils.checkManifestStability(
+         kc,
+         resources,
+         ResourceTypeManagedCluster,
+         timeout
+      )
+
+      expect(checkRolloutStatusSpy).toHaveBeenCalledWith(
+         'deployment',
+         'test',
+         'default',
+         timeout
+      )
+   })
+
+   it('should call checkRolloutStatus without timeout when not provided', async () => {
+      const checkRolloutStatusSpy = vi
+         .spyOn(kc, 'checkRolloutStatus')
+         .mockImplementation(() => {
+            return new Promise<ExecOutput>((resolve, reject) => {
+               resolve({
+                  exitCode: 0,
+                  stderr: '',
+                  stdout: ''
+               })
+            })
+         })
+
+      await manifestStabilityUtils.checkManifestStability(
+         kc,
+         resources,
+         ResourceTypeManagedCluster
+      )
+
+      expect(checkRolloutStatusSpy).toHaveBeenCalledWith(
+         'deployment',
+         'test',
+         'default',
+         undefined
+      )
+   })
+})
+
+describe('checkManifestStability failure and resource-specific scenarios', () => {
+   let kc: Kubectl
+   let coreErrorSpy: MockInstance
+   let coreInfoSpy: MockInstance
+   let coreWarningSpy: MockInstance
+
+   beforeEach(() => {
+      kc = new Kubectl('', 'default')
+      coreErrorSpy = vi.spyOn(core, 'error').mockImplementation(() => {})
+      coreInfoSpy = vi.spyOn(core, 'info').mockImplementation(() => {})
+      coreWarningSpy = vi.spyOn(core, 'warning').mockImplementation(() => {})
+   })
+
+   afterEach(() => {
+      vi.restoreAllMocks()
+   })
+
+   it('should call describe and collect errors when a rollout fails', async () => {
+      const resources = [
+         {type: 'deployment', name: 'failing-app', namespace: 'app-ns-123'}
+      ]
+      const rolloutError = new Error('Progress deadline exceeded')
+      const describeOutput =
+         'Events:\n  Type\tReason\tMessage\n  Normal\tScalingReplicaSet\tScaled up replica set failing-app-123 to 1'
+
+      // Arrange: Mock rollout to fail and describe to succeed
+      const checkRolloutStatusSpy = vi
+         .spyOn(kc, 'checkRolloutStatus')
+         .mockRejectedValue(rolloutError)
+      const describeSpy = vi.spyOn(kc, 'describe').mockResolvedValue({
+         stdout: describeOutput,
+         stderr: '',
+         exitCode: 0
+      })
+
+      // Act & Assert: Expect the function to throw the final aggregated error
+      const expectedErrorMessage = `Rollout failed for deployment/failing-app in namespace app-ns-123: ${rolloutError.message}`
+      await expect(
+         manifestStabilityUtils.checkManifestStability(
+            kc,
+            resources,
+            ResourceTypeManagedCluster
+         )
+      ).rejects.toThrow(
+         `Rollout status failed for the following resources:\n${expectedErrorMessage}`
+      )
+
+      // Assert that the correct functions were called
+      expect(checkRolloutStatusSpy).toHaveBeenCalledTimes(1)
+      expect(coreErrorSpy).toHaveBeenCalledWith(expectedErrorMessage)
+      expect(describeSpy).toHaveBeenCalledWith(
+         'deployment',
+         'failing-app',
+         false,
+         'app-ns-123'
+      )
+      expect(coreInfoSpy).toHaveBeenCalledWith(
+         `Describe output for deployment/failing-app:\n${describeOutput}`
+      )
+   })
+
+   it('should use the default kubectl namespace when none is provided', async () => {
+      const resources = [{type: 'deployment', name: 'failing-app'}]
+      const rolloutError = new Error('Progress deadline exceeded')
+      const describeOutput =
+         'Events:\n  Type\tReason\tMessage\n  Normal\tScalingReplicaSet\tScaled up replica set failing-app-123 to 1'
+
+      // Arrange: Mock rollout to fail and describe to succeed
+      const checkRolloutStatusSpy = vi
+         .spyOn(kc, 'checkRolloutStatus')
+         .mockRejectedValue(rolloutError)
+      const describeSpy = vi.spyOn(kc, 'describe').mockResolvedValue({
+         stdout: describeOutput,
+         stderr: '',
+         exitCode: 0
+      })
+
+      // Act & Assert: Expect the function to throw the final aggregated error
+      const expectedErrorMessage = `Rollout failed for deployment/failing-app in namespace default: ${rolloutError.message}`
+      await expect(
+         manifestStabilityUtils.checkManifestStability(
+            kc,
+            resources,
+            ResourceTypeManagedCluster
+         )
+      ).rejects.toThrow(
+         `Rollout status failed for the following resources:\n${expectedErrorMessage}`
+      )
+
+      // Assert that the correct functions were called
+      expect(checkRolloutStatusSpy).toHaveBeenCalledTimes(1)
+      expect(coreErrorSpy).toHaveBeenCalledWith(expectedErrorMessage)
+      expect(describeSpy).toHaveBeenCalledWith(
+         'deployment',
+         'failing-app',
+         false,
+         undefined
+      )
+      expect(coreInfoSpy).toHaveBeenCalledWith(
+         `Describe output for deployment/failing-app:\n${describeOutput}`
+      )
+   })
+
+   it('should call checkPodStatus for pod resources', async () => {
+      const resources = [{type: 'Pod', name: 'test-pod', namespace: 'default'}]
+
+      // Arrange: Spy on checkPodStatus and checkRolloutStatus
+      const checkPodStatusSpy = vi
+         .spyOn(manifestStabilityUtils, 'checkPodStatus')
+         .mockResolvedValue() // Assume pod becomes ready
+      const checkRolloutStatusSpy = vi.spyOn(kc, 'checkRolloutStatus')
+
+      // Act
+      await manifestStabilityUtils.checkManifestStability(
+         kc,
+         resources,
+         ResourceTypeManagedCluster
+      )
+
+      // Assert
+      expect(checkPodStatusSpy).toHaveBeenCalledWith(kc, resources[0])
+      expect(checkRolloutStatusSpy).not.toHaveBeenCalled()
+   })
+
+   it('should warn and describe when a pod check fails', async () => {
+      const resources = [
+         {type: 'Pod', name: 'failing-pod', namespace: 'default'}
+      ]
+      const podError = new Error('Pod rollout failed')
+
+      // Arrange: Mock checkPodStatus to fail
+      const checkPodStatusSpy = vi
+         .spyOn(manifestStabilityUtils, 'checkPodStatus')
+         .mockRejectedValue(podError)
+      const describeSpy = vi.spyOn(kc, 'describe').mockResolvedValue({
+         stdout: 'describe output',
+         stderr: '',
+         exitCode: 0
+      })
+
+      // Act: This should not throw, only warn.
+      await manifestStabilityUtils.checkManifestStability(
+         kc,
+         resources,
+         ResourceTypeManagedCluster
+      )
+
+      // Assert
+      expect(checkPodStatusSpy).toHaveBeenCalled()
+      expect(coreWarningSpy).toHaveBeenCalledWith(
+         expect.stringContaining(`Could not determine pod status`)
+      )
+      expect(describeSpy).toHaveBeenCalledWith(
+         'Pod',
+         'failing-pod',
+         false,
+         'default'
+      )
+   })
+
+   it('should wait for external IP for a LoadBalancer service', async () => {
+      //Spying on sleep to avoid actual delays in tests
+      vi.spyOn(timeUtils, 'sleep').mockResolvedValue(undefined)
+      const resources = [
+         {type: 'service', name: 'test-svc', namespace: 'default'}
+      ]
+      const serviceWithoutIp = {
+         spec: {type: 'LoadBalancer'},
+         status: {loadBalancer: {}}
+      }
+      const serviceWithIp = {
+         spec: {type: 'LoadBalancer'},
+         status: {loadBalancer: {ingress: [{ip: '8.8.8.8'}]}}
+      }
+
+      // Arrange: Mock getResource to simulate the IP being assigned on the second poll
+      const getResourceSpy = vi
+         .spyOn(kc, 'getResource')
+         // First call: Initial service check
+         .mockResolvedValueOnce({
+            stdout: JSON.stringify(serviceWithoutIp),
+            stderr: '',
+            exitCode: 0
+         })
+         // Second call: First polling iteration (no IP yet)
+         .mockResolvedValueOnce({
+            stdout: JSON.stringify(serviceWithoutIp),
+            stderr: '',
+            exitCode: 0
+         })
+         // Third call: Second polling iteration (IP assigned)
+         .mockResolvedValueOnce({
+            stdout: JSON.stringify(serviceWithIp),
+            stderr: '',
+            exitCode: 0
+         })
+
+      // Act
+      await manifestStabilityUtils.checkManifestStability(
+         kc,
+         resources,
+         ResourceTypeManagedCluster
+      )
+
+      // Assert
+      expect(getResourceSpy).toHaveBeenCalledTimes(3)
+      expect(coreInfoSpy).toHaveBeenCalledWith(
+         'ServiceExternalIP test-svc 8.8.8.8'
+      )
+   })
+
+   it('should warn and describe when a service check fails', async () => {
+      const resources = [
+         {type: 'service', name: 'broken-svc', namespace: 'default'}
+      ]
+      const getServiceError = new Error('Service not found')
+
+      // Arrange: Mock getService to fail, and describe to succeed
+      // Note: We mock getResource because getService is a private helper
+      const getResourceSpy = vi
+         .spyOn(kc, 'getResource')
+         .mockRejectedValue(getServiceError)
+      const describeSpy = vi.spyOn(kc, 'describe').mockResolvedValue({
+         stdout: 'describe output',
+         stderr: '',
+         exitCode: 0
+      })
+
+      // Act: Run the stability check. It should NOT throw an error, only warn.
+      await manifestStabilityUtils.checkManifestStability(
+         kc,
+         resources,
+         ResourceTypeManagedCluster
+      )
+
+      // Assert
+      expect(getResourceSpy).toHaveBeenCalled()
+      expect(coreWarningSpy).toHaveBeenCalledWith(
+         expect.stringContaining(
+            `Could not determine service status of: broken-svc`
+         )
+      )
+      expect(describeSpy).toHaveBeenCalledWith(
+         'service',
+         'broken-svc',
+         false,
+         'default'
+      )
+   })
+
+   it('should not wait for an IP for a ClusterIP service', async () => {
+      const resources = [
+         {type: 'service', name: 'cluster-ip-svc', namespace: 'default'}
+      ]
+      const clusterIpService = {
+         spec: {type: 'ClusterIP'}, // Not a LoadBalancer
+         status: {}
+      }
+
+      // Arrange
+      const getResourceSpy = vi.spyOn(kc, 'getResource').mockResolvedValue({
+         stdout: JSON.stringify(clusterIpService),
+         stderr: '',
+         exitCode: 0
+      })
+
+      // Act
+      await manifestStabilityUtils.checkManifestStability(
+         kc,
+         resources,
+         ResourceTypeManagedCluster
+      )
+
+      // Assert: getResource is called once to get the spec, but not again for polling.
+      expect(getResourceSpy).toHaveBeenCalledTimes(1)
+      expect(coreInfoSpy).not.toHaveBeenCalledWith(
+         expect.stringContaining('ServiceExternalIP')
+      )
+   })
+})
+
+describe('checkManifestStability additional scenarios', () => {
+   let kc: Kubectl
+   let coreErrorSpy: MockInstance
+   let coreInfoSpy: MockInstance
+   let coreWarningSpy: MockInstance
+
+   beforeEach(() => {
+      kc = new Kubectl('')
+      coreErrorSpy = vi.spyOn(core, 'error').mockImplementation(() => {})
+      coreInfoSpy = vi.spyOn(core, 'info').mockImplementation(() => {})
+      coreWarningSpy = vi.spyOn(core, 'warning').mockImplementation(() => {})
+   })
+
+   afterEach(() => {
+      vi.restoreAllMocks()
+   })
+
+   it('should aggregate errors from deployment and pod failures', async () => {
+      const resources = [
+         {type: 'deployment', name: 'deploy-failure', namespace: 'default'},
+         {type: 'pod', name: 'pod-failure', namespace: 'default'}
+      ]
+      const deploymentError = new Error('Deployment rollout failed')
+      const podError = new Error('Pod not ready in time')
+
+      // Arrange: Mock failures
+      const checkRolloutStatusSpy = vi
+         .spyOn(kc, 'checkRolloutStatus')
+         .mockRejectedValue(deploymentError)
+      // For pod: simulate a pod check failure
+      const checkPodStatusSpy = vi
+         .spyOn(manifestStabilityUtils, 'checkPodStatus')
+         .mockRejectedValue(podError)
+      // For both, simulate a successful describe call to provide additional details
+      const describeSpy = vi.spyOn(kc, 'describe').mockResolvedValue({
+         stdout: 'describe aggregated output',
+         stderr: '',
+         exitCode: 0
+      })
+
+      // Act & Assert:
+      const expectedDeploymentError = `Rollout failed for deployment/deploy-failure in namespace default: ${deploymentError.message}`
+      const expectedFullError = `Rollout status failed for the following resources:\n${expectedDeploymentError}`
+
+      await expect(
+         manifestStabilityUtils.checkManifestStability(
+            kc,
+            resources,
+            ResourceTypeManagedCluster
+         )
+      ).rejects.toThrow(expectedFullError)
+
+      // Assert that each failure was caught and processed
+      expect(checkRolloutStatusSpy).toHaveBeenCalledWith(
+         'deployment',
+         'deploy-failure',
+         'default',
+         undefined
+      )
+      expect(checkPodStatusSpy).toHaveBeenCalledWith(kc, resources[1])
+      expect(describeSpy).toHaveBeenCalled()
+      expect(coreErrorSpy).toHaveBeenCalledWith(expectedDeploymentError)
+   })
+
+   it('should complete without errors when all resources are stable', async () => {
+      const resources = [
+         {type: 'deployment', name: 'stable-deploy', namespace: 'default'},
+         {type: 'pod', name: 'stable-pod', namespace: 'default'},
+         {type: 'service', name: 'stable-svc', namespace: 'default'}
+      ]
+
+      // Arrange:
+      // Deployment rollout succeeds
+      vi.spyOn(kc, 'checkRolloutStatus').mockResolvedValue({
+         exitCode: 0,
+         stderr: '',
+         stdout: ''
+      })
+      // Pod becomes ready
+      vi.spyOn(manifestStabilityUtils, 'checkPodStatus').mockResolvedValue()
+      // Simulate a LoadBalancer service that already has an external IP
+      const stableService = {
+         spec: {type: 'LoadBalancer'},
+         status: {loadBalancer: {ingress: [{ip: '1.2.3.4'}]}}
+      }
+      vi.spyOn(kc, 'getResource').mockResolvedValue({
+         stdout: JSON.stringify(stableService),
+         stderr: '',
+         exitCode: 0
+      })
+      // Provide a describe result to avoid warnings
+      vi.spyOn(kc, 'describe').mockResolvedValue({
+         stdout: 'describe output stable',
+         stderr: '',
+         exitCode: 0
+      })
+
+      // Act & Assert:
+      await expect(
+         manifestStabilityUtils.checkManifestStability(
+            kc,
+            resources,
+            ResourceTypeManagedCluster
+         )
+      ).resolves.not.toThrow()
+   })
+})
+
+describe('getContainerErrors', () => {
+   it('should return an empty string if all containers are ready', () => {
+      const podStatus = {
+         containerStatuses: [
+            {
+               name: 'app',
+               ready: true,
+               state: {running: {startedAt: '2025-07-18T10:00:00Z'}}
+            }
+         ]
+      }
+      expect(manifestStabilityUtils.getContainerErrors(podStatus)).toBe('')
+   })
+
+   it('should report an error for a waiting container', () => {
+      const podStatus = {
+         containerStatuses: [
+            {
+               name: 'app',
+               ready: false,
+               state: {
+                  waiting: {
+                     reason: 'ImagePullBackOff',
+                     message: 'Back-off pulling image "my-image:latest"'
+                  }
+               }
+            }
+         ]
+      }
+      const expectedError =
+         'Container issues: Container \'app\' is waiting: ImagePullBackOff - Back-off pulling image "my-image:latest"'
+      expect(manifestStabilityUtils.getContainerErrors(podStatus)).toBe(
+         expectedError
+      )
+   })
+
+   it('should report an error for a terminated container', () => {
+      const podStatus = {
+         containerStatuses: [
+            {
+               name: 'job-runner',
+               ready: false,
+               state: {
+                  terminated: {
+                     reason: 'Error',
+                     message: 'The job failed with exit code 1'
+                  }
+               }
+            }
+         ]
+      }
+      const expectedError =
+         "Container issues: Container 'job-runner' terminated: Error - The job failed with exit code 1"
+      expect(manifestStabilityUtils.getContainerErrors(podStatus)).toBe(
+         expectedError
+      )
+   })
+
+   it('should report an error for a waiting init container', () => {
+      const podStatus = {
+         initContainerStatuses: [
+            {
+               name: 'init-db',
+               ready: false,
+               state: {
+                  waiting: {
+                     reason: 'PodInitializing'
+                  }
+               }
+            }
+         ]
+      }
+      const expectedError =
+         "Container issues: Init container 'init-db' is waiting: PodInitializing - No message"
+      expect(manifestStabilityUtils.getContainerErrors(podStatus)).toBe(
+         expectedError
+      )
+   })
+
+   it('should combine errors from multiple containers', () => {
+      const podStatus = {
+         containerStatuses: [
+            {
+               name: 'main-app',
+               ready: false,
+               state: {waiting: {reason: 'CrashLoopBackOff'}}
+            }
+         ],
+         initContainerStatuses: [
+            {
+               name: 'init-migrations',
+               ready: false,
+               state: {terminated: {reason: 'Error'}}
+            }
+         ]
+      }
+      const expectedError =
+         "Container issues: Container 'main-app' is waiting: CrashLoopBackOff - No message; Init container 'init-migrations' terminated: Error - No message"
+      expect(manifestStabilityUtils.getContainerErrors(podStatus)).toBe(
+         expectedError
+      )
+   })
+})

src/utilities/manifestStabilityUtils.ts

@@ -1,14 +1,34 @@
 import * as core from '@actions/core'
-import * as KubernetesConstants from '../types/kubernetesTypes'
+import * as KubernetesConstants from '../types/kubernetesTypes.js'
-import {Kubectl, Resource} from '../types/kubectl'
+import {Kubectl, Resource} from '../types/kubectl.js'
-import {checkForErrors} from './kubectlUtils'
+import {checkForErrors} from './kubectlUtils.js'
-import {sleep} from './timeUtils'
+import {sleep} from './timeUtils.js'
+import {ResourceTypeFleet} from '../actions/deploy.js'
+import {ClusterType} from '../inputUtils.js'
+
+const IS_SILENT = false
+const POD = 'pod'
 
 export async function checkManifestStability(
    kubectl: Kubectl,
-   resources: Resource[]
+   resources: Resource[],
+   resourceType: ClusterType,
+   timeout?: string
 ): Promise<void> {
+   // Skip if resource type is microsoft.containerservice/fleets
+   if (resourceType === ResourceTypeFleet) {
+      core.info(`Skipping checkManifestStability for ${ResourceTypeFleet}`)
+      return
+   }
    let rolloutStatusHasErrors = false
+   // Collect errors for reporting
+   // This will be used to throw a detailed error at the end if any rollout fails
+   // This is useful for debugging and understanding which resources failed
+   // their rollout status check
+   // It will also include the describe output for the resource that failed
+   // to provide more context on the failure
+   const rolloutErrors: string[] = []
+
    for (let i = 0; i < resources.length; i++) {
       const resource = resources[i]
 
@@ -20,24 +40,53 @@ export async function checkManifestStability(
          try {
             const result = await kubectl.checkRolloutStatus(
                resource.type,
-               resource.name
+               resource.name,
+               resource.namespace,
+               timeout
             )
             checkForErrors([result])
          } catch (ex) {
-            core.error(ex)
+            const errorMessage = `Rollout failed for ${resource.type}/${resource.name} in namespace ${kubectl.getNamespace(resource.namespace)}: ${ex.message || ex}`
-            await kubectl.describe(resource.type, resource.name)
+            core.error(errorMessage)
+            rolloutErrors.push(errorMessage)
+
+            // Get more detailed information
+            try {
+               const describeResult = await kubectl.describe(
+                  resource.type,
+                  resource.name,
+                  IS_SILENT,
+                  resource.namespace
+               )
+               core.info(
+                  `Describe output for ${resource.type}/${resource.name}:\n${describeResult.stdout}`
+               )
+            } catch (describeEx) {
+               core.warning(
+                  `Could not describe ${resource.type}/${resource.name}: ${describeEx}`
+               )
+            }
+
             rolloutStatusHasErrors = true
          }
       }
 
-      if (resource.type == KubernetesConstants.KubernetesWorkload.POD) {
+      if (
+         resource.type.toLowerCase() ===
+         KubernetesConstants.KubernetesWorkload.POD.toLowerCase()
+      ) {
          try {
-            await checkPodStatus(kubectl, resource.name)
+            await exports.checkPodStatus(kubectl, resource)
          } catch (ex) {
             core.warning(
                `Could not determine pod status: ${JSON.stringify(ex)}`
             )
-            await kubectl.describe(resource.type, resource.name)
+            await kubectl.describe(
+               resource.type,
+               resource.name,
+               IS_SILENT,
+               resource.namespace
+            )
          }
       }
       if (
@@ -45,14 +94,11 @@ export async function checkManifestStability(
          KubernetesConstants.DiscoveryAndLoadBalancerResource.SERVICE
       ) {
          try {
-            const service = await getService(kubectl, resource.name)
+            const service = await getService(kubectl, resource)
             const {spec, status} = service
             if (spec.type === KubernetesConstants.ServiceTypes.LOAD_BALANCER) {
                if (!isLoadBalancerIPAssigned(status)) {
-                  await waitForServiceExternalIPAssignment(
+                  await waitForServiceExternalIPAssignment(kubectl, resource)
-                     kubectl,
-                     resource.name
-                  )
                } else {
                   core.info(
                      `ServiceExternalIP ${resource.name} ${status.loadBalancer.ingress[0].ip}`
@@ -60,33 +106,50 @@ export async function checkManifestStability(
                }
             }
          } catch (ex) {
-            core.warning(
+            const errorMessage = `Could not determine service status of: ${resource.name} in namespace ${kubectl.getNamespace(resource.namespace)}. Error: ${ex.message || ex}`
-               `Could not determine service status of: ${resource.name} Error: ${ex}`
+            core.warning(errorMessage)
-            )
+
-            await kubectl.describe(resource.type, resource.name)
+            try {
+               const describeResult = await kubectl.describe(
+                  resource.type,
+                  resource.name,
+                  IS_SILENT,
+                  resource.namespace
+               )
+               core.info(
+                  `Describe output for service/${resource.name}:\n${describeResult.stdout}`
+               )
+            } catch (describeEx) {
+               core.warning(
+                  `Could not describe service/${resource.name}: ${describeEx}`
+               )
+            }
          }
       }
    }
 
    if (rolloutStatusHasErrors) {
-      throw new Error('Rollout status error')
+      const detailedError = `Rollout status failed for the following resources:\n${rolloutErrors.join('\n')}`
+      throw new Error(detailedError)
    }
 }
 
 export async function checkPodStatus(
    kubectl: Kubectl,
-   podName: string
+   pod: Resource
 ): Promise<void> {
    const sleepTimeout = 10 * 1000 // 10 seconds
    const iterations = 60 // 60 * 10 seconds timeout = 10 minutes max timeout
 
    let podStatus
    let kubectlDescribeNeeded = false
+   let errorDetails = ''
+
    for (let i = 0; i < iterations; i++) {
       await sleep(sleepTimeout)
 
-      core.debug(`Polling for pod status: ${podName}`)
+      core.debug(`Polling for pod status: ${pod.name}`)
-      podStatus = await getPodStatus(kubectl, podName)
+      podStatus = await getPodStatus(kubectl, pod)
 
       if (
          podStatus &&
@@ -97,37 +160,67 @@ export async function checkPodStatus(
       }
    }
 
-   podStatus = await getPodStatus(kubectl, podName)
+   podStatus = await getPodStatus(kubectl, pod)
+   // Get container statuses for detailed error information
+   const containerErrors = getContainerErrors(podStatus)
    switch (podStatus.phase) {
       case 'Succeeded':
       case 'Running':
          if (isPodReady(podStatus)) {
-            console.log(`pod/${podName} is successfully rolled out`)
+            console.log(`pod/${pod.name} is successfully rolled out`)
          } else {
+            errorDetails = `Pod ${pod.name} is ${podStatus.phase} but not ready. ${containerErrors}`
+            core.error(errorDetails)
             kubectlDescribeNeeded = true
          }
          break
       case 'Pending':
          if (!isPodReady(podStatus)) {
-            core.warning(`pod/${podName} rollout status check timed out`)
+            errorDetails = `Pod ${pod.name} rollout status check timed out (still Pending after ${(iterations * sleepTimeout) / 1000} seconds). ${containerErrors}`
+            core.warning(errorDetails)
             kubectlDescribeNeeded = true
          }
          break
       case 'Failed':
-         core.error(`pod/${podName} rollout failed`)
+         errorDetails = `Pod ${pod.name} rollout failed. ${containerErrors}`
+         core.error(errorDetails)
          kubectlDescribeNeeded = true
          break
       default:
-         core.warning(`pod/${podName} rollout status: ${podStatus.phase}`)
+         errorDetails = `Pod ${pod.name} has unexpected status: ${podStatus.phase}. ${containerErrors}`
+         core.warning(errorDetails)
+         kubectlDescribeNeeded = true
    }
 
    if (kubectlDescribeNeeded) {
-      await kubectl.describe('pod', podName)
+      try {
+         const describeResult = await kubectl.describe(
+            POD,
+            pod.name,
+            IS_SILENT,
+            pod.namespace
+         )
+         core.info(
+            `Describe output for pod/${pod.name}:\n${describeResult.stdout}`
+         )
+      } catch (describeEx) {
+         core.warning(`Could not describe pod/${pod.name}: ${describeEx}`)
+      }
+
+      // Throw error with detailed information
+      if (errorDetails) {
+         throw new Error(errorDetails)
+      }
    }
 }
 
-async function getPodStatus(kubectl: Kubectl, podName: string) {
+async function getPodStatus(kubectl: Kubectl, pod: Resource) {
-   const podResult = await kubectl.getResource('pod', podName)
+   const podResult = await kubectl.getResource(
+      POD,
+      pod.name,
+      IS_SILENT,
+      pod.namespace
+   )
    checkForErrors([podResult])
 
    return JSON.parse(podResult.stdout).status
@@ -151,10 +244,38 @@ function isPodReady(podStatus: any): boolean {
    return allContainersAreReady
 }
 
-async function getService(kubectl: Kubectl, serviceName) {
+export function getContainerErrors(podStatus: any): string {
+   const errors: string[] = []
+   const collectErrors = (containers: any[], label: string) => {
+      containers?.forEach(({name, ready, state}) => {
+         if (ready) return
+         if (state?.waiting) {
+            errors.push(
+               `${label} '${name}' is waiting: ${state.waiting.reason} - ${state.waiting.message || 'No message'}`
+            )
+         } else if (state?.terminated) {
+            errors.push(
+               `${label} '${name}' terminated: ${state.terminated.reason} - ${state.terminated.message || 'No message'}`
+            )
+         } else {
+            errors.push(
+               `${label} '${name}' is not ready: ${JSON.stringify(state)}`
+            )
+         }
+      })
+   }
+   collectErrors(podStatus.containerStatuses, 'Container')
+   collectErrors(podStatus.initContainerStatuses, 'Init container')
+
+   return errors.length ? `Container issues: ${errors.join('; ')}` : ''
+}
+
+async function getService(kubectl: Kubectl, service: Resource) {
    const serviceResult = await kubectl.getResource(
       KubernetesConstants.DiscoveryAndLoadBalancerResource.SERVICE,
-      serviceName
+      service.name,
+      IS_SILENT,
+      service.namespace
    )
 
    checkForErrors([serviceResult])
@@ -163,25 +284,25 @@ async function getService(kubectl: Kubectl, serviceName) {
 
 async function waitForServiceExternalIPAssignment(
    kubectl: Kubectl,
-   serviceName: string
+   service: Resource
 ): Promise<void> {
    const sleepTimeout = 10 * 1000 // 10 seconds
    const iterations = 18 // 18 * 10 seconds timeout = 3 minutes max timeout
 
    for (let i = 0; i < iterations; i++) {
-      core.info(`Wait for service ip assignment : ${serviceName}`)
+      core.info(`Wait for service ip assignment : ${service.name}`)
       await sleep(sleepTimeout)
 
-      const status = (await getService(kubectl, serviceName)).status
+      const status = (await getService(kubectl, service)).status
       if (isLoadBalancerIPAssigned(status)) {
          core.info(
-            `ServiceExternalIP ${serviceName} ${status.loadBalancer.ingress[0].ip}`
+            `ServiceExternalIP ${service.name} ${status.loadBalancer.ingress[0].ip}`
          )
          return
       }
    }
 
-   core.warning(`Wait for service ip assignment timed out${serviceName}`)
+   core.warning(`Wait for service ip assignment timed out ${service.name}`)
 }
 
 function isLoadBalancerIPAssigned(status: any) {

src/utilities/manifestUpdateUtils.test.ts

@@ -0,0 +1,31 @@
+import {vi} from 'vitest'
+vi.mock('fs')
+
+import * as fileUtils from './fileUtils.js'
+import * as manifestUpdateUtils from './manifestUpdateUtils.js'
+import * as path from 'path'
+import * as fs from 'fs'
+
+describe('manifestUpdateUtils', () => {
+   vi.spyOn(fileUtils, 'moveFileToTmpDir').mockImplementation((filename) => {
+      return path.join('/tmp', filename)
+   })
+   vi.spyOn(fs, 'writeFileSync').mockImplementation(() => {})
+   vi.spyOn(fs, 'readFileSync').mockImplementation((filename) => {
+      return 'test contents'
+   })
+
+   it('should place all files within the temp dir with the same path that they have in the repo', () => {
+      const originalFilePaths: string[] = [
+         'path/in/repo/test.txt',
+         'path/deeper/in/repo/test.txt'
+      ]
+      const expected: string[] = [
+         '/tmp/path/in/repo/test.txt',
+         '/tmp/path/deeper/in/repo/test.txt'
+      ]
+      const newFilePaths =
+         manifestUpdateUtils.moveFilesToTmpDir(originalFilePaths)
+      expect(newFilePaths).toEqual(expected)
+   })
+})

src/utilities/manifestUpdateUtils.ts

@@ -2,34 +2,39 @@ import * as core from '@actions/core'
 import * as fs from 'fs'
 import * as yaml from 'js-yaml'
 import * as path from 'path'
-import * as fileHelper from './fileUtils'
+import * as fileHelper from './fileUtils.js'
-import {getTempDirectory} from './fileUtils'
+import {moveFileToTmpDir} from './fileUtils.js'
 import {
    InputObjectKindNotDefinedError,
    InputObjectMetadataNotDefinedError,
    isWorkloadEntity,
    KubernetesWorkload,
    NullInputObjectError
-} from '../types/kubernetesTypes'
+} from '../types/kubernetesTypes.js'
 import {
    getSpecSelectorLabels,
    setSpecSelectorLabels
-} from './manifestSpecLabelUtils'
+} from './manifestSpecLabelUtils.js'
 import {
    getImagePullSecrets,
    setImagePullSecrets
-} from './manifestPullSecretUtils'
+} from './manifestPullSecretUtils.js'
-import {Resource} from '../types/kubectl'
+import {Resource} from '../types/kubectl.js'
+import {K8sObject} from '../types/k8sObject.js'
 
 export function updateManifestFiles(manifestFilePaths: string[]) {
    if (manifestFilePaths?.length === 0) {
       throw new Error('Manifest files not provided')
    }
 
+   // move original set of input files to tmp dir
+   const manifestFilesInTempDir = moveFilesToTmpDir(manifestFilePaths)
+
    // update container images
    const containers: string[] = core.getInput('images').split('\n')
+
    const manifestFiles = updateContainerImagesInManifestFiles(
-      manifestFilePaths,
+      manifestFilesInTempDir,
       containers
    )
 
@@ -41,6 +46,12 @@ export function updateManifestFiles(manifestFilePaths: string[]) {
    return updateImagePullSecretsInManifestFiles(manifestFiles, imagePullSecrets)
 }
 
+export function moveFilesToTmpDir(filepaths: string[]): string[] {
+   return filepaths.map((filename) => {
+      return moveFileToTmpDir(filename)
+   })
+}
+
 export function UnsetClusterSpecificDetails(resource: any) {
    if (!resource) {
       return
@@ -68,76 +79,81 @@ function updateContainerImagesInManifestFiles(
    filePaths: string[],
    containers: string[]
 ): string[] {
-   if (filePaths?.length <= 0) return filePaths
+   if (!filePaths?.length) return filePaths
 
-   const newFilePaths = []
-
-   // update container images
    filePaths.forEach((filePath: string) => {
-      let contents = fs.readFileSync(filePath).toString()
+      const fileContents = fs.readFileSync(filePath, 'utf8')
+      const inputObjects = yaml.loadAll(fileContents) as K8sObject[]
 
-      containers.forEach((container: string) => {
+      const updatedObjects = inputObjects.map((obj) => {
-         let [imageName] = container.split(':')
+         if (!isWorkloadEntity(obj.kind)) return obj
-         if (imageName.indexOf('@') > 0) {
-            imageName = imageName.split('@')[0]
-         }
 
-         if (contents.indexOf(imageName) > 0)
+         containers.forEach((container: string) => {
-            contents = substituteImageNameInSpecFile(
+            let [imageName] = container.split(':')
-               contents,
+            if (imageName.includes('@')) {
-               imageName,
+               imageName = imageName.split('@')[0]
-               container
+            }
-            )
+            updateImagesInK8sObject(obj, imageName, container)
+         })
+
+         return obj
       })
-
+      const newYaml = updatedObjects.map((o) => yaml.dump(o)).join('---\n')
-      // write updated files
+      fs.writeFileSync(path.join(filePath), newYaml)
-      const tempDirectory = getTempDirectory()
-      const fileName = path.join(tempDirectory, path.basename(filePath))
-      fs.writeFileSync(path.join(fileName), contents)
-      newFilePaths.push(fileName)
    })
-
+   return filePaths
-   return newFilePaths
 }
 
-/*
+const SPECIAL_CONTAINER_SPEC_PATHS: Record<string, string> = {
-  Example:
+   [KubernetesWorkload.POD.toLowerCase()]: 'spec',
+   [KubernetesWorkload.CRON_JOB.toLowerCase()]:
+      'spec.jobTemplate.spec.template.spec',
+   [KubernetesWorkload.SCALED_JOB.toLowerCase()]:
+      'spec.jobTargetRef.template.spec'
+}
 
-  Input of
+const DEFAULT_CONTAINER_SPEC_PATH = 'spec.template.spec'
-    currentString: `image: "example/example-image"`
-    imageName: `example/example-image`
-    imageNameWithNewTag: `example/example-image:identifiertag`
 
-  would return
+export function updateImagesInK8sObject(
-    `image: "example/example-image:identifiertag"`
+   obj: any,
-*/
-export function substituteImageNameInSpecFile(
-   spec: string,
    imageName: string,
-   imageNameWithNewTag: string
+   newImage: string
 ) {
-   if (spec.indexOf(imageName) < 0) return spec
+   const kind = obj?.kind?.toLowerCase()
+   const specPath =
+      SPECIAL_CONTAINER_SPEC_PATHS[kind] || DEFAULT_CONTAINER_SPEC_PATH
 
-   return spec.split('\n').reduce((acc, line) => {
+   // Convert dot-separated path string into nested object traversal with full optional chaining
-      const imageKeyword = line.match(/^ *-? *image:/)
+   // Example: 'spec.jobTargetRef.template.spec' becomes obj?.spec?.jobTargetRef?.template?.spec
-      if (imageKeyword) {
+   // The reduce function walks through each key safely with optional chaining at every step
-         let [currentImageName] = line
+   const path = specPath
-            .substring(imageKeyword[0].length) // consume the line from keyword onwards
+      .split('.')
-            .trim()
+      .reduce((current, key) => current?.[key], obj)
-            .replace(/[',"]/g, '') // replace allowed quotes with nothing
-            .split(':')
 
-         if (currentImageName?.indexOf(' ') > 0) {
+   if (path?.containers) {
-            currentImageName = currentImageName.split(' ')[0] // remove comments
+      updateImageInContainerArray(path.containers, imageName, newImage)
-         }
+   }
+   if (path?.initContainers) {
+      updateImageInContainerArray(path.initContainers, imageName, newImage)
+   }
+}
 
-         if (currentImageName === imageName) {
+function updateImageInContainerArray(
-            return acc + `${imageKeyword[0]} ${imageNameWithNewTag}\n`
+   containers: any[],
-         }
+   imageName: string,
+   newImage: string
+) {
+   if (!Array.isArray(containers)) return
+   containers.forEach((container) => {
+      if (
+         container.image &&
+         (container.image === imageName ||
+            container.image.startsWith(imageName + ':') ||
+            container.image.startsWith(imageName + '@'))
+      ) {
+         container.image = newImage
       }
-
+   })
-      return acc + line + '\n'
-   }, '')
 }
 
 export function getReplicaCount(inputObject: any): any {
@@ -147,12 +163,17 @@ export function getReplicaCount(inputObject: any): any {
       throw InputObjectKindNotDefinedError
    }
 
-   const {kind} = inputObject
+   const kind = inputObject.kind.toLowerCase()
-   if (
+
-      kind.toLowerCase() !== KubernetesWorkload.POD.toLowerCase() &&
+   const workloadsWithReplicas = new Set([
-      kind.toLowerCase() !== KubernetesWorkload.DAEMON_SET.toLowerCase()
+      KubernetesWorkload.DEPLOYMENT.toLowerCase(),
-   )
+      KubernetesWorkload.REPLICASET.toLowerCase(),
-      return inputObject.spec.replicas
+      KubernetesWorkload.STATEFUL_SET.toLowerCase()
+   ])
+
+   if (workloadsWithReplicas.has(kind)) {
+      return inputObject.spec?.replicas
+   }
 
    return 0
 }
@@ -270,20 +291,29 @@ export function getResources(
 
    const resources: Resource[] = []
    filePaths.forEach((filePath: string) => {
-      const fileContents = fs.readFileSync(filePath).toString()
+      try {
-      yaml.safeLoadAll(fileContents, (inputObject) => {
+         const fileContents = fs.readFileSync(filePath).toString()
-         const inputObjectKind = inputObject?.kind || ''
+         const inputObjects: K8sObject[] = yaml.loadAll(
-         if (
+            fileContents
-            filterResourceTypes.filter(
+         ) as K8sObject[]
-               (type) => inputObjectKind.toLowerCase() === type.toLowerCase()
+         inputObjects.forEach((inputObject) => {
-            ).length > 0
+            const inputObjectKind = inputObject?.kind || ''
-         ) {
+            if (
-            resources.push({
+               filterResourceTypes.filter(
-               type: inputObject.kind,
+                  (type) => inputObjectKind.toLowerCase() === type.toLowerCase()
-               name: inputObject.metadata.name
+               ).length > 0
-            })
+            ) {
-         }
+               resources.push({
-      })
+                  type: inputObject.kind,
+                  name: inputObject.metadata.name,
+                  namespace: inputObject?.metadata?.namespace
+               })
+            }
+         })
+      } catch (error) {
+         core.error(`Failed to process file at ${filePath}: ${error.message}`)
+         throw error
+      }
    })
 
    return resources
@@ -297,16 +327,21 @@ function updateImagePullSecretsInManifestFiles(
 
    const newObjectsList = []
    filePaths.forEach((filePath: string) => {
-      const fileContents = fs.readFileSync(filePath).toString()
+      try {
-      yaml.safeLoadAll(fileContents, (inputObject: any) => {
+         const fileContents = fs.readFileSync(filePath).toString()
-         if (inputObject?.kind) {
+         yaml.loadAll(fileContents, (inputObject: any) => {
-            const {kind} = inputObject
+            if (inputObject?.kind) {
-            if (isWorkloadEntity(kind)) {
+               const {kind} = inputObject
-               updateImagePullSecrets(inputObject, imagePullSecrets)
+               if (isWorkloadEntity(kind)) {
+                  updateImagePullSecrets(inputObject, imagePullSecrets)
+               }
+               newObjectsList.push(inputObject)
             }
-            newObjectsList.push(inputObject)
+         })
-         }
+      } catch (error) {
-      })
+         core.error(`Failed to process file at ${filePath}: ${error.message}`)
+         throw error
+      }
    })
 
    return fileHelper.writeObjectsToFile(newObjectsList)

src/utilities/scaledjob.test.ts

@@ -0,0 +1,70 @@
+import {
+   getImagePullSecrets,
+   setImagePullSecrets
+} from './manifestPullSecretUtils.js'
+import {updateSpecLabels} from './manifestSpecLabelUtils.js'
+import {getReplicaCount} from './manifestUpdateUtils.js'
+import * as yaml from 'js-yaml'
+import * as fs from 'fs'
+import {isWorkloadEntity, isDeploymentEntity} from '../types/kubernetesTypes.js'
+
+describe('ScaledJob Support', () => {
+   let scaledJobObject: any
+
+   beforeEach(() => {
+      const fileContents = fs.readFileSync(
+         'test/unit/manifests/test-scaledjob.yml'
+      )
+      scaledJobObject = yaml.load(fileContents.toString()) as any
+   })
+
+   describe('Image Pull Secrets', () => {
+      it('should get image pull secrets from ScaledJob', () => {
+         const secrets = getImagePullSecrets(scaledJobObject)
+         expect(secrets).toEqual([{name: 'test-secret'}])
+      })
+
+      it('should set image pull secrets in ScaledJob', () => {
+         const newSecrets = [{name: 'new-secret'}, {name: 'another-secret'}]
+         setImagePullSecrets(scaledJobObject, newSecrets)
+
+         const updatedSecrets = getImagePullSecrets(scaledJobObject)
+         expect(updatedSecrets).toEqual(newSecrets)
+      })
+   })
+
+   describe('Spec Labels', () => {
+      it('should update spec labels in ScaledJob', () => {
+         const newLabels = new Map<string, string>()
+         newLabels['environment'] = 'test'
+         newLabels['version'] = '1.0.0'
+
+         updateSpecLabels(scaledJobObject, newLabels, false)
+
+         const updatedLabels =
+            scaledJobObject.spec.jobTargetRef.template.metadata.labels
+         expect(updatedLabels['app']).toBe('test-scaledjob') // original label
+         expect(updatedLabels['environment']).toBe('test') // new label
+         expect(updatedLabels['version']).toBe('1.0.0') // new label
+      })
+   })
+
+   describe('Replica Count', () => {
+      it('should return 0 for ScaledJob replica count', () => {
+         const replicaCount = getReplicaCount(scaledJobObject)
+         expect(replicaCount).toBe(0)
+      })
+   })
+
+   describe('Workload Classification', () => {
+      it('should classify ScaledJob as workload entity', () => {
+         expect(isWorkloadEntity('ScaledJob')).toBe(true)
+         expect(isWorkloadEntity('scaledjob')).toBe(true)
+      })
+
+      it('should not classify ScaledJob as deployment entity', () => {
+         expect(isDeploymentEntity('scaledjob')).toBe(false)
+         expect(isDeploymentEntity('ScaledJob')).toBe(false)
+      })
+   })
+})

src/utilities/trafficSplitUtils.ts

@@ -1,4 +1,4 @@
-import {Kubectl} from '../types/kubectl'
+import {Kubectl} from '../types/kubectl.js'
 
 const trafficSplitAPIVersionPrefix = 'split.smi-spec.io'
 

src/utilities/workflowAnnotationUtils.test.ts

@@ -1,4 +1,8 @@
-import {cleanLabel} from '../utilities/workflowAnnotationUtils'
+import {
+   cleanLabel,
+   removeInvalidLabelCharacters,
+   VALID_LABEL_REGEX
+} from '../utilities/workflowAnnotationUtils.js'
 
 describe('WorkflowAnnotationUtils', () => {
    describe('cleanLabel', () => {
@@ -16,5 +20,14 @@ describe('WorkflowAnnotationUtils', () => {
             cleanLabel('Workflow Name / With Slashes / And Spaces')
          ).toEqual('Workflow_Name_-_With_Slashes_-_And_Spaces')
       })
+      it('should return a blank string when regex fails (https://github.com/Azure/k8s-deploy/issues/266)', () => {
+         const label = '持续部署'
+         expect(cleanLabel(label)).toEqual('github-workflow-file')
+
+         let removedInvalidChars = removeInvalidLabelCharacters(label)
+
+         const regexResult = VALID_LABEL_REGEX.exec(removedInvalidChars)
+         expect(regexResult).toBe(null)
+      })
    })
 })

src/utilities/workflowAnnotationUtils.ts

@@ -1,7 +1,9 @@
-import {DeploymentConfig} from '../types/deploymentConfig'
+import {DeploymentConfig} from '../types/deploymentConfig.js'
 
 const ANNOTATION_PREFIX = 'actions.github.com'
 
+export const VALID_LABEL_REGEX = /([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]/
+
 export function getWorkflowAnnotations(
    lastSuccessRunSha: string,
    workflowFilePath: string,
@@ -37,11 +39,17 @@ export function getWorkflowAnnotationKeyLabel(): string {
  * @returns cleaned label
  */
 export function cleanLabel(label: string): string {
-   let removedInvalidChars = label
+   let removedInvalidChars = removeInvalidLabelCharacters(label)
+
+   const regexResult = VALID_LABEL_REGEX.exec(removedInvalidChars) || [
+      'github-workflow-file'
+   ]
+   return regexResult[0]
+}
+
+export function removeInvalidLabelCharacters(label: string): string {
+   return label
       .replace(/\s/gi, '_')
       .replace(/[\/\\\|]/gi, '-')
       .replace(/[^-A-Za-z0-9_.]/gi, '')
-
-   const regex = /([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]/
-   return regex.exec(removedInvalidChars)[0] || ''
 }

test/integration/k8s-deploy-delete.py

@@ -1,12 +1,29 @@
-import subprocess, sys
+import subprocess
+import sys
 
-kind = sys.argv[1]
-name = sys.argv[2]
-namespace = 'test-' + sys.argv[3]
 
-try:
+def delete(kind, name, namespace):
-  print('kubectl delete ' + kind + ' ' + name + ' -n ' + namespace)
+    try:
-  deletion = subprocess.Popen(['kubectl', 'delete', kind, name, '--namespace', namespace])
+        if (name == "all"):
-  result, err = deletion.communicate()
+            print('kubectl delete --all' + kind + ' -n ' + namespace)
-except Exception as ex:
+            deletion = subprocess.Popen(
-  print('Error occured during deletion', ex)
+                ['kubectl', 'delete', kind, '--all', '--namespace', namespace])
+            result, err = deletion.communicate()
+        else:
+            print('kubectl delete ' + kind + ' ' + name + ' -n ' + namespace)
+            deletion = subprocess.Popen(
+                ['kubectl', 'delete', kind, name, '--namespace', namespace])
+            result, err = deletion.communicate()
+    except Exception as ex:
+        print('Error occured during deletion', ex)
+
+
+def main():
+    kind = sys.argv[1]
+    name = sys.argv[2]
+    namespace = sys.argv[3]
+    delete(kind, name, namespace)
+
+
+if __name__ == "__main__":
+    sys.exit(main())

test/integration/k8s-deploy-test.py

@@ -1,33 +1,257 @@
-import os, sys, json 
+from operator import truediv
+import os
+import sys
+import json
+from unicodedata import name
 
-RESULT = 'false'
+# This integration test is used to confirm that k8s resources of a specified name, type, and configuration have been deployed.
-k8_object = None
+# Expected configurations are fed into the python script as command-line arguments and are compared to the configuration of resources that have been deployed.
-kind = sys.argv[1]
-name = sys.argv[2]
-color = sys.argv[3]
-namespace = 'test-' + sys.argv[4]
 
-print('kubectl get '+kind+' '+name+' -n '+namespace+' -o json')
+# args will be formatted like labels=testkey:testValue,otherKey=otherValue
+# or for singular ones, just with containerName=container
 
-try:
-  k8_object = json.load(os.popen('kubectl get '+kind+' '+name+' -n '+namespace+' -o json'))
-except:
-  sys.exit(kind+' '+name+' not created')
 
-try:
+kindKey = "kind"
-  if kind == 'Deployment' and k8_object['spec']['selector']['matchLabels']['k8s.deploy.color'] == str(color):
+nameKey = "name"
-    RESULT = 'true'
+containerKey = "containerName"
-  if kind == 'Service' and k8_object['spec']['selector']['k8s.deploy.color'] == str(color):
+labelsKey = "labels"
-    RESULT = 'true'
+annotationsKey = "annotations"
-  if kind == 'Ingress':
+selectorLabelsKey = "selectorLabels"
-    suffix = ''
+namespaceKey = "namespace"
-    if str(color) == 'green':
+ingressServicesKey = "ingressServices"
-      suffix = '-green'
+tsServicesKey = "tsServices"
-    if k8_object['spec']['rules'][0]['http']['paths'][0]['backend']['serviceName']=='nginx-service'+suffix and k8_object['spec']['rules'][0]['http']['paths'][1]['backend']['serviceName']=='unrouted-service':
+privateKey = "private"
-      RESULT = 'true'
-except:
-  pass    
 
-if RESULT=='false':
+
-  sys.exit(kind+' '+name+' not labelled properly')
+def parseArgs(sysArgs):
-print('Test passed')
+    argsDict = stringListToDict(sysArgs, "=")
+
+    # mandatory parameters
+    if not kindKey in argsDict:
+        raise ValueError(f"missing key: {kindKey}")
+
+    if not nameKey in argsDict:
+        raise ValueError(f"missing key: {nameKey}")
+
+    if not namespaceKey in argsDict:
+        raise ValueError(f"missing key: {namespaceKey}")
+
+    # reformat map-like parameters (eg, paramName=key1:value1,key2:value2)
+    if labelsKey in argsDict:
+        argsDict[labelsKey] = stringListToDict(
+            argsDict[labelsKey].split(","), ":")
+
+    if selectorLabelsKey in argsDict:
+        argsDict[selectorLabelsKey] = stringListToDict(
+            argsDict[selectorLabelsKey].split(","), ":")
+
+    if tsServicesKey in argsDict:
+        argsDict[tsServicesKey] = stringListToDict(
+            argsDict[tsServicesKey].split(","), ":")
+
+        for key in argsDict[tsServicesKey]:
+            argsDict[tsServicesKey][key] = int(argsDict[tsServicesKey][key])
+
+    # reformat list-like parameters (eg, paramName=value1,value2,value3)
+    if ingressServicesKey in argsDict:
+        argsDict[ingressServicesKey] = argsDict[ingressServicesKey].split(",")
+
+    if annotationsKey in argsDict:
+        argsDict[annotationsKey] = argsDict[annotationsKey].split(",")
+
+    return argsDict
+
+
+def stringListToDict(args: list[str], separator: str):
+    parsedArgs = {}
+    for arg in args:
+        print(f"parsing arg {arg}")
+        argSplit = arg.split(separator)
+        parsedArgs[argSplit[0]] = argSplit[1]
+
+    return parsedArgs
+
+
+def verifyDeployment(deployment, parsedArgs):
+    # test container image, labels, annotations, selector labels
+    if not containerKey in parsedArgs:
+        raise ValueError(
+            f"expected container image name not provided to inspect deployment {parsedArgs[nameKey]}")
+
+    actualImageName = deployment['spec']['template']['spec']['containers'][0]['image']
+    if not actualImageName == parsedArgs[containerKey]:
+        return False, f"expected container image name {parsedArgs[containerKey]} but got {actualImageName} instead"
+
+    if not selectorLabelsKey in parsedArgs:
+        raise ValueError(
+            f"expected selector labels not provided to inspect deployment {parsedArgs[nameKey]}")
+    dictMatch, msg = compareDicts(
+        deployment['spec']['selector']['matchLabels'], parsedArgs[selectorLabelsKey], selectorLabelsKey)
+    if not dictMatch:
+        return dictMatch, msg
+
+    if labelsKey in parsedArgs:
+        dictMatch, msg = compareDicts(
+            deployment['metadata']['labels'], parsedArgs[labelsKey], labelsKey)
+        if not dictMatch:
+            return dictMatch, msg
+
+    if annotationsKey in parsedArgs:
+        if len(parsedArgs[annotationsKey]) != len(deployment['metadata']['annotations']):
+            return False, f"expected {len(parsedArgs[annotationsKey])} annotations but found {len(deployment['metadata']['annotations'])}"
+        keysPresent, msg = validateKeyPresence(
+            deployment['metadata']['annotations'], parsedArgs[annotationsKey])
+        if not keysPresent:
+            return keysPresent, msg
+    return True, ""
+
+def verifyService(service, parsedArgs):
+    # test selector labels, labels, annotations
+    if not selectorLabelsKey in parsedArgs:
+        raise ValueError(
+            f"expected selector labels not provided to inspect service {parsedArgs[nameKey]}")
+    dictMatch, msg = compareDicts(
+        service['spec']['selector'], parsedArgs[selectorLabelsKey], selectorLabelsKey)
+    if not dictMatch:
+        return dictMatch, msg
+
+    if labelsKey in parsedArgs:
+        print(f" service is {service}")
+        dictMatch, msg = compareDicts(
+            service['metadata']['labels'], parsedArgs[labelsKey], labelsKey)
+        if not dictMatch:
+            return dictMatch, msg
+
+    if annotationsKey in parsedArgs:
+        keysPresent, msg = validateKeyPresence(
+            service['metadata']['annotations'], parsedArgs[annotationsKey])
+        if not keysPresent:
+            return keysPresent, msg
+
+    return True, ""
+
+
+def verifyIngress(ingress, parsedArgs):
+    # test services in paths
+    if not ingressServicesKey in parsedArgs:
+        raise ValueError(
+            f"expected services not provided to inspect ingress {parsedArgs[nameKey]}")
+
+    expectedIngresses = parsedArgs[ingressServicesKey]
+    for i in range(len(ingress['spec']['rules'][0]['http']['paths'])):
+        print(
+            f"service obj is {ingress['spec']['rules'][0]['http']['paths'][i]}")
+        svcName = ingress['spec']['rules'][0]['http']['paths'][i]['backend']['service']['name']
+        if svcName != expectedIngresses[i]:
+            return False, f"for ingress {parsedArgs[nameKey]} expected svc name {expectedIngresses[i]} at position {i} but got {svcName}"
+
+    return True, ""
+
+
+def verifyTSObject(tsObj, parsedArgs):
+    if not tsServicesKey in parsedArgs:
+        raise ValueError(
+            f"expected services not provided to inspect ts object {parsedArgs[nameKey]}")
+
+    expectedServices = parsedArgs[tsServicesKey]
+    actualServices = {}
+    backends = tsObj['spec']['backends']
+    for i in range(len(backends)):
+        svcName = backends[i]['service']
+        svcWeight = int(backends[i]['weight'])
+        actualServices[svcName] = svcWeight
+
+    dictResult, msg = compareDicts(
+        actualServices, expectedServices, tsServicesKey)
+    if not dictResult:
+        return False, msg
+
+    return True, ""
+
+
+def compareDicts(actual: dict, expected: dict, paramName=""):
+    actualKeys = actual.keys()
+    expectedKeys = expected.keys()
+
+    if not actualKeys == expectedKeys:
+        msg = f'dicts had different keys.\n actual: {actual}\n expected: {expected}'
+        if not paramName == "":
+            msg = f"for param {paramName}, " + msg
+        return False, msg
+    for key in actualKeys:
+        if not actual[key] == expected[key]:
+            msg = f'dicts differed at key {key}.\n actual[{key}] is {actual[key]} and expected[{key}] is {expected[key]}'
+            if not paramName == "":
+                msg = f"for param {paramName}, " + msg
+            return False, msg
+
+    return True, ""
+
+def validateKeyPresence(actualDict: dict, expectedKeys: list):
+    actualKeys = actualDict.keys()
+    for key in expectedKeys:
+        if key not in actualKeys:
+            return False, f"expected key {key} not found in actual dict. \n actual dict keys {','.join(actualKeys)}"
+
+    return True, ""
+
+def main():
+    parsedArgs: dict = parseArgs(sys.argv[1:])
+    RESULT = False
+    msg = "unknown type (no verification method currently exists)"
+    k8_object = None
+
+    kind = parsedArgs[kindKey]
+    name = parsedArgs[nameKey]
+    namespace = parsedArgs[namespaceKey]
+    cmd = 'kubectl get '+kind + ' '+name+' -n '+namespace+' -o json'
+
+    k8s_object = None
+    azPrefix = ""
+    try:
+        if privateKey in parsedArgs:
+            uniqueName = parsedArgs[privateKey]
+            azPrefix = f"az aks command invoke --resource-group {uniqueName} --name {uniqueName} --command "
+            cmd = azPrefix + "'" + cmd + "'"
+            outputString = os.popen(cmd).read()
+            successExit = "exitcode=0"
+            if successExit not in outputString:
+                raise ValueError(f"private cluster get failed for {kind} {name}")
+
+            objString = outputString.split(successExit)[1]
+            k8_object = json.loads(objString)
+
+        else:
+            k8_object = json.load(os.popen(cmd))
+
+        if k8_object == None:
+            raise ValueError(f"{kind} {name} was not found")
+
+    except:
+        msg = kind+' '+name+' not created or not found'
+        getAllObjectsCmd = azPrefix + 'kubectl get '+kind+' -n '+namespace
+        if not azPrefix == "":
+            getAllObjectsCmd = azPrefix + "'{getAllObjectsCmd}'" # add extra set of quotes
+        foundObjects = os.popen(getAllObjectsCmd).read()
+        suffix = f"resources of type {kind}: {foundObjects}"
+        sys.exit(msg + " " + suffix)
+
+    if kind == 'Deployment':
+        RESULT, msg = verifyDeployment(
+            k8_object, parsedArgs)
+    if kind == 'Service':
+        RESULT, msg = verifyService(
+            k8_object, parsedArgs)
+    if kind == 'Ingress':
+        RESULT, msg = verifyIngress(k8_object, parsedArgs)
+    if kind == "TrafficSplit":
+        RESULT, msg = verifyTSObject(k8_object, parsedArgs)
+
+    if not RESULT:
+        sys.exit(f"{kind} {name} failed check: {msg}")
+
+    print('Test passed')
+
+
+if __name__ == "__main__":
+    sys.exit(main())

test/integration/manifests/blue-green/test-ingress.yml

@@ -16,7 +16,7 @@ spec:
       spec:
          containers:
             - name: nginx
-              image: nginx:1.14.2
+              image: nginx
               ports:
                  - containerPort: 80
 ---
@@ -32,7 +32,7 @@ spec:
         port: 80
         targetPort: 80
 ---
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
    name: nginx-ingress
@@ -43,10 +43,16 @@ spec:
       - http:
            paths:
               - path: /testpath
+                pathType: Prefix
                 backend:
-                   serviceName: nginx-service
+                   service:
-                   servicePort: 80
+                      name: nginx-service
+                      port:
+                         number: 80
               - path: /testpath2
+                pathType: Prefix
                 backend:
-                   serviceName: unrouted-service
+                   service:
-                   servicePort: 80
+                      name: unrouted-service
+                      port:
+                         number: 80

test/integration/manifests/blue-green/test-service.yml

@@ -16,7 +16,7 @@ spec:
       spec:
          containers:
             - name: nginx
-              image: nginx:1.14.2
+              image: nginx
               ports:
                  - containerPort: 80
 ---

test/integration/manifests/manifest_test_dir/test.yml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+   name: nginx-deployment3
+   labels:
+      app: nginx3
+spec:
+   replicas: 1
+   selector:
+      matchLabels:
+         app: nginx3
+   template:
+      metadata:
+         labels:
+            app: nginx3
+      spec:
+         containers:
+            - name: nginx
+              image: nginx
+              ports:
+                 - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+   name: nginx-service3
+spec:
+   selector:
+      app: nginx3
+   ports:
+      - protocol: TCP
+        port: 80
+        targetPort: 80

test/integration/manifests/test.yml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+   name: nginx-deployment
+   labels:
+      app: nginx
+spec:
+   replicas: 1
+   selector:
+      matchLabels:
+         app: nginx
+   template:
+      metadata:
+         labels:
+            app: nginx
+      spec:
+         containers:
+            - name: nginx
+              image: nginx
+              ports:
+                 - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+   name: nginx-service
+spec:
+   selector:
+      app: nginx
+   ports:
+      - protocol: TCP
+        port: 80
+        targetPort: 80

test/integration/manifests/test2.yml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+   name: nginx-deployment2
+   labels:
+      app: nginx2
+spec:
+   replicas: 1
+   selector:
+      matchLabels:
+         app: nginx2
+   template:
+      metadata:
+         labels:
+            app: nginx2
+      spec:
+         containers:
+            - name: nginx
+              image: nginx
+              ports:
+                 - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+   name: nginx-service2
+spec:
+   selector:
+      app: nginx2
+   ports:
+      - protocol: TCP
+        port: 80
+        targetPort: 80

test/integration/manifests/test_no_ns.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+   name: test-deployment-no-ns
+   labels:
+      app: test-app
+spec:
+   replicas: 1
+   selector:
+      matchLabels:
+         app: test-app
+   template:
+      metadata:
+         labels:
+            app: test-app
+      spec:
+         containers:
+            - name: test-container
+              image: nginx
+              ports:
+                 - containerPort: 80