build

release: prepare v6.0.0 (#516 )
Bump the actions group with 2 updates (#514 )
2026-06-21 10:39:26 +08:00 · 2026-04-17 22:02:33 +00:00 · 2026-04-17 18:01:18 -04:00 · 2026-04-07 21:15:20 +12:00 · 2026-04-07 06:44:09 +12:00 · 2026-04-06 07:56:39 +00:00
148 changed files with 46029 additions and 1445 deletions
@@ -0,0 +1 @@
+* @Azure/cloud-native-github-action-owners
@@ -0,0 +1,36 @@
+name: Bug Report
+description: File a bug report specifying all inputs you provided for the action, we will respond to this thread with any questions.
+title: 'Bug: '
+labels: ['bug', 'triage']
+assignees: '@Azure/aks-atlanta'
+body:
+   - type: textarea
+     id: What-happened
+     attributes:
+        label: What happened?
+        description: Tell us what happened and how is it different from the expected?
+        placeholder: Tell us what you see!
+     validations:
+        required: true
+   - type: checkboxes
+     id: Version
+     attributes:
+        label: Version
+        options:
+           - label: I am using the latest version
+             required: true
+   - type: input
+     id: Runner
+     attributes:
+        label: Runner
+        description: What runner are you using?
+        placeholder: Mention the runner info (self-hosted, operating system)
+     validations:
+        required: true
+   - type: textarea
+     id: Logs
+     attributes:
+        label: Relevant log output
+        description: Run in debug mode for the most verbose logs. Please feel free to attach a screenshot of the logs
+     validations:
+        required: true
@@ -0,0 +1,6 @@
+blank_issues_enabled: false
+contact_links:
+   - name: GitHub Action "k8s-deploy" Support
+     url: https://github.com/Azure/k8s-deploy
+     security: https://github.com/Azure/k8s-deploy/blob/main/SECURITY.md
+     about: Please ask and answer questions here.
@@ -0,0 +1,13 @@
+name: Feature Request
+description: File a Feature Request form, we will respond to this thread with any questions.
+title: 'Feature Request: '
+labels: ['Feature']
+assignees: '@Azure/aks-atlanta'
+body:
+   - type: textarea
+     id: Feature_request
+     attributes:
+        label: Feature request
+        description: Provide example functionality and links to relevant docs
+     validations:
+        required: true
@@ -0,0 +1,53 @@
+name: 'Setup Minikube Test Environment'
+description: 'Common setup steps for minikube integration tests'
+inputs:
+   install-smi:
+      description: 'Install Linkerd SMI for service mesh tests'
+      required: false
+      default: 'false'
+
+runs:
+   using: 'composite'
+   steps:
+      - name: Install dependencies
+        shell: bash
+        run: |
+           rm -rf node_modules/
+           npm install
+
+      - name: Build
+        shell: bash
+        run: npm run build
+
+      - name: Install conntrack
+        shell: bash
+        run: sudo apt-get install -y conntrack
+
+      - uses: Azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1
+        name: Install Kubectl
+
+      - id: setup-minikube
+        name: Setup Minikube
+        uses: medyagh/setup-minikube@e9e035a86bbc3caea26a450bd4dbf9d0c453682e # v0.0.21
+        with:
+           minikube-version: 1.37.0
+           kubernetes-version: 1.31.0
+           driver: 'docker'
+
+      - name: Install Linkerd and SMI
+        if: inputs.install-smi == 'true'
+        shell: bash
+        run: |
+           curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install-edge | sh
+           export PATH=$PATH:/home/runner/.linkerd2/bin
+           curl -sL https://linkerd.github.io/linkerd-smi/install | sh
+           kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml
+
+           linkerd install --crds | kubectl apply -f -
+           linkerd install --set proxyInit.runAsRoot=true | kubectl apply -f -
+           linkerd smi install | kubectl apply -f -
+
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # 6.1.0
+        name: Install Python
+        with:
+           python-version: '3.x'
@@ -0,0 +1,18 @@
+version: 2
+updates:
+   - package-ecosystem: npm
+     directory: /
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'
+   - package-ecosystem: github-actions
+     directory: .github/workflows
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'
@@ -0,0 +1,49 @@
+name: 'Code scanning - action'
+
+on:
+   push:
+   pull_request:
+   schedule:
+      - cron: '0 19 * * 0'
+
+jobs:
+   CodeQL-Build:
+      # CodeQL runs on ubuntu-latest and windows-latest
+      runs-on: ubuntu-latest
+      permissions:
+         contents: read
+         security-events: write
+
+      steps:
+         - name: Checkout repository
+           uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
+           with:
+              # We must fetch at least the immediate parents so that if this is
+              # a pull request then we can checkout the head.
+              fetch-depth: 2
+
+         # Initializes the CodeQL tools for scanning.
+         - name: Initialize CodeQL
+           uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 #v3.29.5
+           # Override language selection by uncommenting this and choosing your languages
+           # with:
+           #   languages: go, javascript, csharp, python, cpp, java
+
+         # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+         # If this step fails, then you should remove it and run the build manually (see below)
+         - name: Autobuild
+           uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 #v3.29.5
+
+         # ℹ️ Command-line programs to run using the OS shell.
+         # 📚 https://git.io/JvXDl
+
+         # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+         #    and modify them (or add more) to build your code if your project
+         #    uses a compiled language
+
+         #- run: |
+         #   make bootstrap
+         #   make release
+
+         - name: Perform CodeQL Analysis
+           uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 #v3.29.5
@@ -0,0 +1,35 @@
+name: setting-default-labels
+
+# Controls when the action will run.
+on:
+   schedule:
+      - cron: '0 0/3 * * *'
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+   build:
+      # The type of runner that the job will run on
+      runs-on: ubuntu-latest
+
+      # Steps represent a sequence of tasks that will be executed as part of the job
+      steps:
+         - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
+           name: Setting issue as idle
+           with:
+              repo-token: ${{ secrets.GITHUB_TOKEN }}
+              stale-issue-message: 'This issue is idle because it has been open for 14 days with no activity.'
+              stale-issue-label: 'idle'
+              days-before-stale: 14
+              days-before-close: -1
+              operations-per-run: 100
+              exempt-issue-labels: 'backlog'
+
+         - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
+           name: Setting PR as idle
+           with:
+              repo-token: ${{ secrets.GITHUB_TOKEN }}
+              stale-pr-message: 'This PR is idle because it has been open for 14 days with no activity.'
+              stale-pr-label: 'idle'
+              days-before-stale: 14
+              days-before-close: -1
+              operations-per-run: 100
@@ -0,0 +1,18 @@
+name: 'Run prettify'
+on:
+   pull_request:
+   push:
+      branches: [main]
+
+jobs:
+   prettier:
+      name: Prettier Check
+      runs-on: ubuntu-latest
+      steps:
+         - name: Checkout Repository
+           uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+         - name: install deps
+           run: npm install
+
+         - name: Enforce Prettier
+           run: npm run format-check
@@ -0,0 +1,18 @@
+name: Release Project
+
+on:
+   push:
+      branches:
+         - main
+      paths:
+         - CHANGELOG.md
+   workflow_dispatch:
+
+jobs:
+   release:
+      permissions:
+         actions: read
+         contents: write
+      uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@v1
+      with:
+         changelogPath: ./CHANGELOG.md
@@ -0,0 +1,52 @@
+name: Minikube Integration Tests - basic
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Run Minikube Integration Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for pod
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+                 test/integration/manifests/manifest_test_dir/test.yml
+              action: deploy
+
+         - name: Checking if deployments and services were created
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_basic selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_basic selectorLabels=app:nginx
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment3 containerName=nginx:1.14.2 labels=app:nginx3,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_basic selectorLabels=app:nginx3
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service3 labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_basic selectorLabels=app:nginx3
@@ -0,0 +1,156 @@
+name: Minikube Integration Tests - blue-green ingress
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Blue-Green Ingress Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service-green' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment-green' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'nginx-ingress' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for ingress
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: deploy
+
+         - name: Checking if deployments, services and ingresses were created with green labels and original tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service-green,unrouted-service
+
+         - name: Executing promote action for ingress
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: promote
+
+         - name: Checking if deployments, services and ingresses were created with none labels after first promote
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service,unrouted-service
+
+         - name: Executing second deploy action for ingress with new tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: deploy
+
+         - name: Checking if deployments (with new tag), services and ingresses were created with green labels after deploy, and old deployment persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:latest labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service-green,unrouted-service
+
+         - name: Executing second promote action for ingress now using new image tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: promote
+
+         - name: Checking if deployments, services and ingresses were created with none labels after promote for new tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service,unrouted-service
+
+         - name: Executing deploy action for ingress to be rejected using old tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: deploy
+
+         - name: Checking if new deployments (with old tag), services and ingresses were created with green labels after deploy, and old deployment (with latest tag) persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service-green,unrouted-service
+
+         - name: Executing reject action for ingress to reject new deployment with 1.14.2 tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-ingress.yml
+              strategy: blue-green
+              route-method: ingress
+              action: reject
+
+         # MAY BE USEFUL TO ADD AN ANTI-CHECK - CHECK TO MAKE SURE CERTAIN OBJECTS DON'T EXIST
+         - name: Checking if deployments, services and ingresses were created with none labels and latest tag after reject
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_ingress selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Ingress name=nginx-ingress ingressServices=nginx-service,unrouted-service
+
+         - name: Cleaning up current set up
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ env.NAMESPACE }}
+
+         - if: ${{ always() }}
+           name: Delete created namespace
+           run: kubectl delete ns ${{ env.NAMESPACE }}
@@ -0,0 +1,143 @@
+name: Minikube Integration Tests - blue-green service
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Blue-Green Service Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for service
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: deploy
+
+         - name: Checking if deployments and services were created with green labels and original tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+         - name: Executing promote action for service
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: promote
+
+         - name: Checking if deployments and services were created with none labels after first promote
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+
+         - name: Executing second deploy action for service with new tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: deploy
+
+         - name: Checking if deployments (with new tag) and services were created with green labels after deploy, and old deployment persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:latest labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+
+         - name: Executing second promote action for service now using new image tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: promote
+
+         - name: Checking if deployments and services were created with none labels after promote for new tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+
+         - name: Executing deploy action for service to be rejected using old tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: deploy
+
+         - name: Checking if new deployments (with old tag) and services were created with green labels after deploy, and old deployment (with latest tag) persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:green,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:green
+
+         - name: Executing reject action for service to reject new deployment with 1.14.2 tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: service
+              action: reject
+
+         # MAY BE USEFUL TO ADD AN ANTI-CHECK - CHECK TO MAKE SURE CERTAIN OBJECTS DON'T EXIST
+         - name: Checking if deployments and services were created with none labels and latest tag after reject
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=k8s.deploy.color:None,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_service selectorLabels=app:nginx,k8s.deploy.color:None
+
+         - name: Cleaning up current set up
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ env.NAMESPACE }}
+
+         - if: ${{ always() }}
+           name: Delete created namespace
+           run: kubectl delete ns ${{ env.NAMESPACE }}
@@ -0,0 +1,173 @@
+name: Minikube Integration Tests - blue-green SMI
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Blue-Green SMI Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+           with:
+              install-smi: 'true'
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'TrafficSplit' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for smi
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: deploy
+
+         - name: Checking if deployments, services, and ts objects were created with green labels and original tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:green
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:green selectorLabels=app:nginx,k8s.deploy.color:green
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:0,nginx-service-green:100
+
+         - name: Executing promote action for smi
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: promote
+
+         # another good place for anti-test - ensure old deps are deleted after promote
+         - name: Checking if deployments, services, and ts objects were created with none labels after first promote
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:100,nginx-service-green:0
+
+         - name: Executing second deploy action for smi with new tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: deploy
+
+         - name: Checking if deployments (with new tag) and services were created with green labels after deploy, and old deployment persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:latest labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:green
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:green selectorLabels=app:nginx,k8s.deploy.color:green
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:0,nginx-service-green:100
+
+         - name: Executing second promote action for smi now using new image tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: promote
+
+         - name: Checking if deployments and services were created with none labels after promote for new tag, ts is stable
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:100,nginx-service-green:0
+
+         - name: Executing deploy action for smi to be rejected using old tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: deploy
+
+         - name: Checking if new deployments (with old tag) and services were created with green labels after deploy, and old deployment (with latest tag) persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-green containerName=nginx:1.14.2 labels=k8s.deploy.color:green,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:green
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-green labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:green selectorLabels=app:nginx,k8s.deploy.color:green
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:0,nginx-service-green:100
+
+         - name: Executing reject action for smi to reject new deployment with 1.14.2 tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/blue-green/test-service.yml
+              strategy: blue-green
+              route-method: smi
+              action: reject
+
+         # MAY BE USEFUL TO ADD AN ANTI-CHECK - CHECK TO MAKE SURE CERTAIN OBJECTS DON'T EXIST
+         - name: Checking if deployments and services were created with none labels and latest tag after reject
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=k8s.deploy.color:None,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_blue-green_SMI,k8s.deploy.color:None selectorLabels=app:nginx,k8s.deploy.color:None
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-trafficsplit tsServices=nginx-service-stable:100,nginx-service-green:0
+
+         - name: Cleaning up current set up
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ env.NAMESPACE }}
+
+         - if: ${{ always() }}
+           name: Delete created namespace
+           run: kubectl delete ns ${{ env.NAMESPACE }}
@@ -0,0 +1,152 @@
+name: Minikube Integration Tests - canary pod
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Canary Pod Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for pod
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: deploy
+
+         - name: Checking if deployments and services were created with canary labels and original tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:1.14.2 labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx,workflow/version:canary
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Executing promote action for pod
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: promote
+
+         # another good place for anti-test - ensure old deps are deleted after promote
+         - name: Checking if deployments and services were created with stable labels after first promote
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Executing second deploy action for pod with new tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: deploy
+
+         - name: Checking if deployments (with new tag) and services were created with canary labels after deploy, and old deployment persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:latest labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx,workflow/version:canary
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Executing second promote action for pod now using new image tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: promote
+
+         - name: Checking if deployments and services were created with stable labels after promote for new tag, ts is stable
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Executing deploy action for pod to be rejected using old tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: deploy
+
+         - name: Checking if new deployments (with old tag) and services were created with canary and baseline labels after deploy, and stable deployment (with latest tag) persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:1.14.2 labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx,workflow/version:canary
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Executing reject action for pod to reject new deployment with 1.14.2 tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: pod
+              action: reject
+
+         # MAY BE USEFUL TO ADD AN ANTI-CHECK - CHECK TO MAKE SURE CERTAIN OBJECTS DON'T EXIST
+         - name: Checking if deployments and services were created with stable labels and latest tag after reject
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:latest labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_pod selectorLabels=app:nginx
+
+         - name: Cleaning up current set up
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'nginx-service' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'nginx-deployment' ${{ env.NAMESPACE }}
+
+         - if: ${{ always() }}
+           name: Delete created namespace
+           run: kubectl delete ns ${{ env.NAMESPACE }}
@@ -0,0 +1,185 @@
+name: Minikube Integration Tests - canary SMI
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Canary SMI Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+           with:
+              install-smi: 'true'
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'TrafficSplit' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for smi
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: deploy
+
+         - name: Checking if deployments, services, and ts objects were created with canary labels and original tag
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:1.14.2 labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:canary
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-canary labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:canary selectorLabels=app:nginx,workflow/version:canary
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:0,nginx-service-canary:1000,nginx-service-baseline:0
+
+         - name: Executing promote action for smi
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: promote
+
+         # another good place for anti-test - ensure old deps are deleted after promote
+         - name: Checking if deployments, services, and ts objects were created with stable labels after first promote
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-stable containerName=nginx:1.14.2 labels=workflow/version:stable,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:stable selectorLabels=app:nginx,workflow/version:stable
+
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:1000,nginx-service-canary:0,nginx-service-baseline:0
+
+         - name: Executing second deploy action for smi with new tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: deploy
+
+         - name: Checking if deployments (with new tag) and services were created with canary labels after deploy, and old deployment persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-stable containerName=nginx:1.14.2 labels=workflow/version:stable,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:stable
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:latest labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:canary
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-baseline containerName=nginx:1.14.2 labels=workflow/version:baseline,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:baseline
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:stable selectorLabels=app:nginx,workflow/version:stable
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-canary labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:canary selectorLabels=app:nginx,workflow/version:canary
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-baseline labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:baseline selectorLabels=app:nginx,workflow/version:baseline
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:500,nginx-service-canary:250,nginx-service-baseline:250
+
+         - name: Executing second promote action for smi now using new image tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:latest
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: promote
+
+         - name: Checking if deployments and services were created with stable labels after promote for new tag, ts is stable
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-stable containerName=nginx:latest labels=workflow/version:stable,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:stable selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:1000,nginx-service-canary:0,nginx-service-baseline:0
+
+         - name: Executing deploy action for smi to be rejected using old tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: deploy
+
+         - name: Checking if new deployments (with old tag) and services were created with canary and baseline labels after deploy, and stable deployment (with latest tag) persists
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-canary containerName=nginx:1.14.2 labels=workflow/version:canary,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:canary
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-baseline containerName=nginx:latest labels=workflow/version:baseline,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:baseline
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-stable containerName=nginx:latest labels=workflow/version:stable,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:stable selectorLabels=app:nginx,workflow/version:stable
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-baseline labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:baseline selectorLabels=app:nginx,workflow/version:baseline
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-canary labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:canary selectorLabels=app:nginx,workflow/version:canary
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:500,nginx-service-canary:250,nginx-service-baseline:250
+
+         - name: Executing reject action for smi to reject new deployment with 1.14.2 tag
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              strategy: canary
+              percentage: 50
+              traffic-split-method: smi
+              action: reject
+
+         # MAY BE USEFUL TO ADD AN ANTI-CHECK - CHECK TO MAKE SURE CERTAIN OBJECTS DON'T EXIST
+         - name: Checking if deployments and services were created with stable labels and latest tag after reject
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment-stable containerName=nginx:latest labels=workflow/version:stable,app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service-stable labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_canary_SMI,workflow/version:stable selectorLabels=app:nginx,workflow/version:stable
+
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=TrafficSplit name=nginx-service-workflow-rollout tsServices=nginx-service-stable:1000,nginx-service-canary:0,nginx-service-baseline:0
+
+         - name: Cleaning up current set up
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'TrafficSplit' 'all' ${{ env.NAMESPACE }}
+
+         - if: ${{ always() }}
+           name: Delete created namespace
+           run: kubectl delete ns ${{ env.NAMESPACE }}
@@ -0,0 +1,113 @@
+# This workflow is inspired by `run-integration-tests-bluegreen-ingress.yml` and introduces namespace-specific testing for manifests.
+# It ensures deployments respect manifest-defined namespaces and tests deployments to multiple namespaces.
+name: Minikube Integration Tests - Namespace Optional
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Namespace Optional Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE1: integration-test-namespace1-${{ github.run_id }}
+         NAMESPACE2: integration-test-namespace2-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespaces for tests
+           run: |
+              kubectl create ns ${{ env.NAMESPACE1 }}
+              kubectl create ns ${{ env.NAMESPACE2 }}
+              kubectl create ns test-namespace
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE1 }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE2 }}
+
+         # This tests whether the deployment respects the namespace defined in the manifest instead of defaulting to "default" when namespace is not provided.
+         - name: Test - Handles namespace correctly based on manifest
+           uses: ./
+           with:
+              images: nginx
+              manifests: |
+                 test/integration/manifests/test_with_ns.yaml
+                 test/integration/manifests/test_no_ns.yaml
+              action: deploy # Deploys manifests to specified namespaces or uses the namespace defined in the manifest
+
+         - name: Verify Deployment - test_with_ns.yaml (test-namespace)
+           run: |
+              python test/integration/k8s-deploy-test.py \
+                namespace=test-namespace \
+                kind=Deployment \
+                name=test-deployment \
+                containerName=nginx \
+                labels=app:test-app,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_Namespace_Optional \
+                selectorLabels=app:test-app
+
+         - name: Verify Deployment - test_no_ns.yaml (default namespace)
+           run: |
+              python test/integration/k8s-deploy-test.py \
+                namespace=default \
+                kind=Deployment \
+                name=test-deployment-no-ns \
+                containerName=nginx \
+                labels=app:test-app,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_Namespace_Optional \
+                selectorLabels=app:test-app
+
+         # This tests whether the deployment works when a file is deployed to two different provided namespaces.
+         - name: Test - Deploys the resource to namespace1
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE1 }}
+              images: nginx
+              manifests: |
+                 test/integration/manifests/test_no_ns.yaml
+              action: deploy
+
+         - name: Test - Deploys the resource to namespace2
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE2 }}
+              images: nginx
+              manifests: |
+                 test/integration/manifests/test_no_ns.yaml
+              action: deploy
+
+         - name: Verify Deployments in NAMESPACE1 & NAMESPACE2
+           run: |
+              for ns in ${{ env.NAMESPACE1 }} ${{ env.NAMESPACE2 }}; do
+                python test/integration/k8s-deploy-test.py \
+                  namespace=$ns \
+                  kind=Deployment \
+                  name=test-deployment-no-ns \
+                  containerName=nginx \
+                  labels=app:test-app,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_Namespace_Optional \
+                  selectorLabels=app:test-app
+              done
+
+         - name: Cleanup
+           run: |
+              echo "Cleaning up resources..."
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'test-deployment' test-namespace
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'test-deployment-no-ns' ${{ env.NAMESPACE1 }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'test-deployment-no-ns' ${{ env.NAMESPACE2 }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'test-deployment-no-ns' default
+
+              kubectl delete ns ${{ env.NAMESPACE1 }}
+              kubectl delete ns ${{ env.NAMESPACE2 }}
+              kubectl delete ns test-namespace
+              rm -rf test_with_ns.yaml test_no_ns.yaml
@@ -0,0 +1,85 @@
+name: Cluster Integration Tests - private cluster
+on:
+   pull_request:
+      branches:
+         - 'releases/*'
+   push:
+      branches:
+         - main
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Run Minikube Integration Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      permissions:
+         contents: read
+         id-token: write
+      steps:
+         - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+         - name: Install dependencies
+           run: |
+              rm -rf node_modules/
+              npm install
+
+         - name: Build
+           run: npm run build
+
+         - name: Azure login
+           uses: azure/login@v3.0.0
+           with:
+              client-id: ${{ secrets.AZURE_CLIENT_ID }}
+              tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+              subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+         - uses: Azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0
+           name: Install Kubectl
+
+         - name: Create private AKS cluster and set context
+           run: |
+              set +x
+              # create cluster
+              az group create --location eastus2 --name ${{ env.NAMESPACE }}
+              az aks create --name ${{ env.NAMESPACE }} --resource-group ${{ env.NAMESPACE }} --enable-private-cluster --generate-ssh-keys
+              az aks get-credentials --resource-group ${{ env.NAMESPACE }} --name ${{ env.NAMESPACE }}
+
+         - name: Create namespace to run tests
+           run: |
+              az aks command invoke --resource-group ${{ env.NAMESPACE }} --name ${{ env.NAMESPACE }} --command "kubectl create ns ${{ env.NAMESPACE }}"
+
+         - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # 6.2.0
+           name: Install Python
+           with:
+              python-version: '3.x'
+
+         - name: Executing deploy action for pod
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+                 test/integration/manifests/test2.yml
+              action: deploy
+              private-cluster: true
+              resource-group: ${{ env.NAMESPACE }}
+              name: ${{ env.NAMESPACE }}
+
+         - name: Checking if deployments and services were created
+           run: |
+              python test/integration/k8s-deploy-test.py private=${{ env.NAMESPACE }} namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Cluster_Integration_Tests_-_private_cluster selectorLabels=app:nginx
+              python test/integration/k8s-deploy-test.py private=${{ env.NAMESPACE }} namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Cluster_Integration_Tests_-_private_cluster selectorLabels=app:nginx
+
+              python test/integration/k8s-deploy-test.py private=${{ env.NAMESPACE }} namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment2 containerName=nginx:1.14.2 labels=app:nginx2,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Cluster_Integration_Tests_-_private_cluster selectorLabels=app:nginx2
+              python test/integration/k8s-deploy-test.py private=${{ env.NAMESPACE }} namespace=${{ env.NAMESPACE }} kind=Service name=nginx-service2 labels=workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Cluster_Integration_Tests_-_private_cluster selectorLabels=app:nginx2
+
+         - name: Clean up AKS cluster
+           if: ${{ always() }}
+           run: |
+              echo "deleting AKS cluster and resource group"
+              az aks delete --yes --resource-group ${{ env.NAMESPACE }} --name ${{ env.NAMESPACE }}
+              az group delete --resource-group ${{ env.NAMESPACE }} --yes
@@ -0,0 +1,65 @@
+name: Minikube Integration Tests - resource annotation
+on:
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+   workflow_dispatch:
+
+jobs:
+   run-integration-test:
+      name: Resource Annotation Tests
+      runs-on: ubuntu-22.04
+      env:
+         KUBECONFIG: /home/runner/.kube/config
+         NAMESPACE: test-${{ github.run_id }}
+      steps:
+         - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+         - uses: ./.github/actions/minikube-setup
+           name: Setup Minikube Environment
+           timeout-minutes: 5
+
+         - name: Create namespace to run tests
+           run: kubectl create ns ${{ env.NAMESPACE }}
+
+         - name: Cleaning any previously created items
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Service' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+              python test/integration/k8s-deploy-delete.py 'Ingress' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for pod with resource annotation enabled by default
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              action: deploy
+
+         - name: Checking if deployments is created with additional resource annotation
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 labels=app:nginx,workflow:actions.github.com-k8s-deploy,workflowFriendlyName:Minikube_Integration_Tests_-_resource_annotation selectorLabels=app:nginx annotations=actions.github.com/k8s-deploy,deployment.kubernetes.io/revision,kubectl.kubernetes.io/last-applied-configuration
+
+         - name: Cleaning previously created deployment
+           run: |
+              python test/integration/k8s-deploy-delete.py 'Deployment' 'all' ${{ env.NAMESPACE }}
+
+         - name: Executing deploy action for pod with resource annotation disabled
+           uses: ./
+           with:
+              namespace: ${{ env.NAMESPACE }}
+              images: nginx:1.14.2
+              manifests: |
+                 test/integration/manifests/test.yml
+              action: deploy
+              annotate-resources: false
+
+         - name: Checking if deployment is created without additional resource annotation
+           run: |
+              python test/integration/k8s-deploy-test.py namespace=${{ env.NAMESPACE }} kind=Deployment name=nginx-deployment containerName=nginx:1.14.2 selectorLabels=app:nginx annotations=deployment.kubernetes.io/revision,kubectl.kubernetes.io/last-applied-configuration
@@ -0,0 +1,20 @@
+name: 'Run unit tests.'
+on: # rebuild any PRs and main branch changes
+   pull_request:
+      branches:
+         - main
+         - 'releases/*'
+   push:
+      branches:
+         - main
+         - 'releases/*'
+
+jobs:
+   build: # make sure build/ci works properly
+      name: Run Unit Tests
+      runs-on: ubuntu-latest
+      steps:
+         - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+         - run: |
+              npm install
+              npm test
@@ -1,329 +1,6 @@
-## Ignore Visual Studio temporary files, build results, and
-## files generated by popular Visual Studio add-ons.
-##
-## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
+node_modules

-# User-specific files
-*.suo
-*.user
-*.userosscache
-*.sln.docstates
+.DS_Store
+.idea

-# User-specific files (MonoDevelop/Xamarin Studio)
-*.userprefs
-
-# Build results
-[Dd]ebug/
-[Dd]ebugPublic/
-[Rr]elease/
-[Rr]eleases/
-x64/
-x86/
-bld/
-[Bb]in/
-[Oo]bj/
-[Ll]og/
-
-# Visual Studio 2015/2017 cache/options directory
-.vs/
-# Uncomment if you have tasks that create the project's static files in wwwroot
-#wwwroot/
-
-# Visual Studio 2017 auto generated files
-Generated\ Files/
-
-# MSTest test Results
-[Tt]est[Rr]esult*/
-[Bb]uild[Ll]og.*
-
-# NUNIT
-*.VisualState.xml
-TestResult.xml
-
-# Build Results of an ATL Project
-[Dd]ebugPS/
-[Rr]eleasePS/
-dlldata.c
-
-# Benchmark Results
-BenchmarkDotNet.Artifacts/
-
-# .NET Core
-project.lock.json
-project.fragment.lock.json
-artifacts/
-**/Properties/launchSettings.json
-
-# StyleCop
-StyleCopReport.xml
-
-# Files built by Visual Studio
-*_i.c
-*_p.c
-*_i.h
-*.ilk
-*.meta
-*.obj
-*.iobj
-*.pch
-*.pdb
-*.ipdb
-*.pgc
-*.pgd
-*.rsp
-*.sbr
-*.tlb
-*.tli
-*.tlh
-*.tmp
-*.tmp_proj
-*.log
-*.vspscc
-*.vssscc
-.builds
-*.pidb
-*.svclog
-*.scc
-
-# Chutzpah Test files
-_Chutzpah*
-
-# Visual C++ cache files
-ipch/
-*.aps
-*.ncb
-*.opendb
-*.opensdf
-*.sdf
-*.cachefile
-*.VC.db
-*.VC.VC.opendb
-
-# Visual Studio profiler
-*.psess
-*.vsp
-*.vspx
-*.sap
-
-# Visual Studio Trace Files
-*.e2e
-
-# TFS 2012 Local Workspace
-$tf/
-
-# Guidance Automation Toolkit
-*.gpState
-
-# ReSharper is a .NET coding add-in
-_ReSharper*/
-*.[Rr]e[Ss]harper
-*.DotSettings.user
-
-# JustCode is a .NET coding add-in
-.JustCode
-
-# TeamCity is a build add-in
-_TeamCity*
-
-# DotCover is a Code Coverage Tool
-*.dotCover
-
-# AxoCover is a Code Coverage Tool
-.axoCover/*
-!.axoCover/settings.json
-
-# Visual Studio code coverage results
-*.coverage
-*.coveragexml
-
-# NCrunch
-_NCrunch_*
-.*crunch*.local.xml
-nCrunchTemp_*
-
-# MightyMoose
-*.mm.*
-AutoTest.Net/
-
-# Web workbench (sass)
-.sass-cache/
-
-# Installshield output folder
-[Ee]xpress/
-
-# DocProject is a documentation generator add-in
-DocProject/buildhelp/
-DocProject/Help/*.HxT
-DocProject/Help/*.HxC
-DocProject/Help/*.hhc
-DocProject/Help/*.hhk
-DocProject/Help/*.hhp
-DocProject/Help/Html2
-DocProject/Help/html
-
-# Click-Once directory
-publish/
-
-# Publish Web Output
-*.[Pp]ublish.xml
-*.azurePubxml
-# Note: Comment the next line if you want to checkin your web deploy settings,
-# but database connection strings (with potential passwords) will be unencrypted
-*.pubxml
-*.publishproj
-
-# Microsoft Azure Web App publish settings. Comment the next line if you want to
-# checkin your Azure Web App publish settings, but sensitive information contained
-# in these scripts will be unencrypted
-PublishScripts/
-
-# NuGet Packages
-*.nupkg
-# The packages folder can be ignored because of Package Restore
-**/[Pp]ackages/*
-# except build/, which is used as an MSBuild target.
-!**/[Pp]ackages/build/
-# Uncomment if necessary however generally it will be regenerated when needed
-#!**/[Pp]ackages/repositories.config
-# NuGet v3's project.json files produces more ignorable files
-*.nuget.props
-*.nuget.targets
-
-# Microsoft Azure Build Output
-csx/
-*.build.csdef
-
-# Microsoft Azure Emulator
-ecf/
-rcf/
-
-# Windows Store app package directories and files
-AppPackages/
-BundleArtifacts/
-Package.StoreAssociation.xml
-_pkginfo.txt
-*.appx
-
-# Visual Studio cache files
-# files ending in .cache can be ignored
-*.[Cc]ache
-# but keep track of directories ending in .cache
-!*.[Cc]ache/
-
-# Others
-ClientBin/
-~$*
-*~
-*.dbmdl
-*.dbproj.schemaview
-*.jfm
-*.pfx
-*.publishsettings
-orleans.codegen.cs
-
-# Including strong name files can present a security risk 
-# (https://github.com/github/gitignore/pull/2483#issue-259490424)
-#*.snk
-
-# Since there are multiple workflows, uncomment next line to ignore bower_components
-# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
-#bower_components/
-
-# RIA/Silverlight projects
-Generated_Code/
-
-# Backup & report files from converting an old project file
-# to a newer Visual Studio version. Backup files are not needed,
-# because we have git ;-)
-_UpgradeReport_Files/
-Backup*/
-UpgradeLog*.XML
-UpgradeLog*.htm
-ServiceFabricBackup/
-*.rptproj.bak
-
-# SQL Server files
-*.mdf
-*.ldf
-*.ndf
-
-# Business Intelligence projects
-*.rdl.data
-*.bim.layout
-*.bim_*.settings
-*.rptproj.rsuser
-
-# Microsoft Fakes
-FakesAssemblies/
-
-# GhostDoc plugin setting file
-*.GhostDoc.xml
-
-# Node.js Tools for Visual Studio
-.ntvs_analysis.dat
-
-# Visual Studio 6 build log
-*.plg
-
-# Visual Studio 6 workspace options file
-*.opt
-
-# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
-*.vbw
-
-# Visual Studio LightSwitch build output
-**/*.HTMLClient/GeneratedArtifacts
-**/*.DesktopClient/GeneratedArtifacts
-**/*.DesktopClient/ModelManifest.xml
-**/*.Server/GeneratedArtifacts
-**/*.Server/ModelManifest.xml
-_Pvt_Extensions
-
-# Paket dependency manager
-.paket/paket.exe
-paket-files/
-
-# FAKE - F# Make
-.fake/
-
-# JetBrains Rider
-.idea/
-*.sln.iml
-
-# CodeRush
-.cr/
-
-# Python Tools for Visual Studio (PTVS)
-__pycache__/
-*.pyc
-
-# Cake - Uncomment if you are using it
-# tools/**
-# !tools/packages.config
-
-# Tabs Studio
-*.tss
-
-# Telerik's JustMock configuration file
-*.jmconfig
-
-# BizTalk build output
-*.btp.cs
-*.btm.cs
-*.odx.cs
-*.xsd.cs
-
-# OpenCover UI analysis results
-OpenCover/
-
-# Azure Stream Analytics local run output 
-ASALocalRun/
-
-# MSBuild Binary and Structured Log
-*.binlog
-
-# NVidia Nsight GPU debugger configuration file
-*.nvuser
-
-# MFractors (Xamarin productivity tool) working folder 
-.mfractor/
+coverage/
@@ -0,0 +1,13 @@
+npm run typecheck || {
+  echo ""
+  echo "❌ Type check failed."
+  echo "💡 Run 'npm run typecheck' to see errors."
+  exit 1
+}
+npm test
+npm run format-check || {
+  echo ""
+  echo "❌ Formatting check failed."
+  echo "💡 Run 'npm run format' or 'prettier --write .' to fix formatting issues."
+  exit 1
+}
@@ -0,0 +1,4 @@
+# dependencies
+/node_modules
+coverage
+/lib
@@ -0,0 +1,8 @@
+{
+   "trailingComma": "none",
+   "bracketSpacing": false,
+   "semi": false,
+   "tabWidth": 3,
+   "singleQuote": true,
+   "printWidth": 80
+}
@@ -0,0 +1,88 @@
+# Changelog
+
+## [6.0.0] - 2026-04-17
+
+### Changed
+
+- #504 [Update Node.js runtime from node20 to node24](https://github.com/Azure/k8s-deploy/pull/504)
+- #500 [Update action version references in README to latest majors](https://github.com/Azure/k8s-deploy/pull/500)
+
+### Security
+
+- #506 [Bump undici from 6.23.0 to 6.24.1](https://github.com/Azure/k8s-deploy/pull/506)
+- #513 [Bump vite from 8.0.3 to 8.0.5](https://github.com/Azure/k8s-deploy/pull/513)
+- #509 [Bump the actions group across 1 directory with 4 updates](https://github.com/Azure/k8s-deploy/pull/509)
+- #510 [Bump the actions group across 1 directory with 2 updates](https://github.com/Azure/k8s-deploy/pull/510)
+- #511 [Bump vitest from 4.1.1 to 4.1.2](https://github.com/Azure/k8s-deploy/pull/511)
+- #514 [Bump the actions group with 2 updates](https://github.com/Azure/k8s-deploy/pull/514)
+- #501 [Bump @types/node from 25.3.3 to 25.4.0](https://github.com/Azure/k8s-deploy/pull/501)
+
+## [5.1.0] - 2026-03-03
+
+### Added
+
+- #458 [Ensure error messages display the correct namespace](https://github.com/Azure/k8s-deploy/pull/458)
+- #482 [docker driver](https://github.com/Azure/k8s-deploy/pull/482)
+- #492 [Migrate to esbuild/Vitest and upgrade @actions/\* to ESM-only versions](https://github.com/Azure/k8s-deploy/pull/492)
+- #498 [Add typecheck to build script](https://github.com/Azure/k8s-deploy/pull/498)
+
+## [5.0.4] - 2025-08-05
+
+### Added
+
+- #408 [Add missing README.md and action.yml parameters](https://github.com/Azure/k8s-deploy/pull/408)
+- #414 [Fix the major update packages including Jest](https://github.com/Azure/k8s-deploy/pull/414)
+- #418 [Add husky pre-commit hook.](https://github.com/Azure/k8s-deploy/pull/418)
+- #420 [Make namespace input optional](https://github.com/Azure/k8s-deploy/pull/420)
+- #424 [add server-side option for kubectl apply commands](https://github.com/Azure/k8s-deploy/pull/424)
+- #425 [Add timeout to the rollout status](https://github.com/Azure/k8s-deploy/pull/425)
+- #428 [Added additional check in getTempdirectory function](https://github.com/Azure/k8s-deploy/pull/428)
+- #432 [Added error check for canary promote actions](https://github.com/Azure/k8s-deploy/pull/432)
+- #436 [Add support for ScaledJob](https://github.com/Azure/k8s-deploy/pull/436)
+- #440 [Add Enhanced Deployment Error Reporting and Logging](https://github.com/Azure/k8s-deploy/pull/440)
+- #441 [Added timeout input description to README](https://github.com/Azure/k8s-deploy/pull/441)
+
+## [5.0.3] - 2025-04-16
+
+### Added
+
+- #398 case-insensitive resource type
+
+## [5.0.2] - 2025-04-15
+
+### Added
+
+- #396 Update new resource-type input for action
+
+## [5.0.1] - 2024-03-12
+
+### Added
+
+- #356 Add fleet support
+
+## [5.0.0] - 2024-03-12
+
+### Changed
+
+- #309 Updated to Node20 and upgraded release workflows to @v1 tag
+- #306 update release workflow to use new prefix, remove deprecated release
+- #303 fix: ensure imageNames are not empty strings
+- #299 bump release workflow sha
+- #298 bump minikube to fix runner deps
+- #297 update release workflow
+
+### Added
+
+- #304 add v prefix for version tagging
+- #302 adding ncc to build
+- #301 adding release workflow artifact fix
+
+## [4.10.0] - 2023-10-30
+
+### Added
+
+- #287 Make annotating resources optional
+- #283 Fix “Service” route-method of the Blue-Green strategy with some manifest files
+- #281 bump codeql to node 16
+- #279 upgrade codeql
+- #276 Fixes multiple namespaces bug
@@ -1,9 +1,9 @@
-# Microsoft Open Source Code of Conduct
-
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-
-Resources:
-
- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
+# Microsoft Open Source Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+
+Resources:
+
+- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
@@ -1,131 +1,503 @@
-# Deploy manifest action for Kubernetes
-Use this action to bake and deploy manifests to Kubernetes clusters.
-
-Assumes that the deployment target K8s cluster context was set earlier in the workflow by using either [`Azure/aks-set-context`](https://github.com/Azure/aks-set-context/tree/releases/v1) or [`Azure/k8s-set-context`](https://github.com/Azure/k8s-set-context/tree/releases/v1)
-
-#### Artifact substitution
-The deploy action takes as input a list of container images which can be specified along with their tags or digests. The same is substituted into the non-templatized version of manifest files before applying to the cluster to ensure that the right version of the image is pulled by the cluster nodes.
-
-#### Manifest stability
-Rollout status is checked for the Kubernetes objects deployed. This is done to incorporate stability checks while computing the task status as success/failure.
-
-#### Secret handling 
- The manifest files specfied as inputs are augmented with appropriate imagePullSecrets before deploying to the cluster.
-
-
-
-```yaml
- uses: Azure/k8s-deploy@v1
-  with:
-    namespace: 'myapp' # optional
-    images: 'contoso.azurecr.io/myapp:${{ event.run_id }} '
-    imagepullsecrets: |
-      image-pull-secret1
-      image-pull-secret2
-    manifests: '/manifests/*.*'
-    kubectl-version: 'latest' # optional
-```
-Refer to the action metadata file for details about all the inputs https://github.com/Azure/k8s-deploy/blob/master/action.yml
-
-## End to end workflow for building container images and deploying to an Azure Kubernetes Service cluster
-
-```yaml
-on: [push]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@master
-    
-    - uses: Azure/docker-login@v1
-      with:
-        login-server: contoso.azurecr.io
-        username: ${{ secrets.REGISTRY_USERNAME }}
-        password: ${{ secrets.REGISTRY_PASSWORD }}
-    
-    - run: |
-        docker build . -t contoso.azurecr.io/k8sdemo:${{ github.sha }}
-        docker push contoso.azurecr.io/k8sdemo:${{ github.sha }}
-      
-    # Set the target AKS cluster.
-    - uses: Azure/aks-set-context@v1
-      with:
-        creds: '${{ secrets.AZURE_CREDENTIALS }}'
-        cluster-name: contoso
-        resource-group: contoso-rg
-        
-    - uses: Azure/k8s-create-secret@v1
-      with:
-        container-registry-url: contoso.azurecr.io
-        container-registry-username: ${{ secrets.REGISTRY_USERNAME }}
-        container-registry-password: ${{ secrets.REGISTRY_PASSWORD }}
-        secret-name: demo-k8s-secret
-
-    - uses: Azure/k8s-deploy@v1
-      with:
-        manifests: |
-          manifests/deployment.yml
-          manifests/service.yml
-        images: |
-          demo.azurecr.io/k8sdemo:${{ github.sha }}
-        imagepullsecrets: |
-          demo-k8s-secret
-```
-
-## End to end workflow for building container images and deploying to a Kubernetes cluster
-
-```yaml
-on: [push]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@master
-    
-    - uses: Azure/docker-login@v1
-      with:
-        login-server: contoso.azurecr.io
-        username: ${{ secrets.REGISTRY_USERNAME }}
-        password: ${{ secrets.REGISTRY_PASSWORD }}
-    
-    - run: |
-        docker build . -t contoso.azurecr.io/k8sdemo:${{ github.sha }}
-        docker push contoso.azurecr.io/k8sdemo:${{ github.sha }}
-      
-    - uses: Azure/k8s-set-context@v1
-      with:
-        kubeconfig: ${{ secrets.KUBE_CONFIG }}
-        
-    - uses: Azure/k8s-create-secret@v1
-      with:
-        container-registry-url: contoso.azurecr.io
-        container-registry-username: ${{ secrets.REGISTRY_USERNAME }}
-        container-registry-password: ${{ secrets.REGISTRY_PASSWORD }}
-        secret-name: demo-k8s-secret
-
-    - uses: Azure/k8s-deploy@v1
-      with:
-        manifests: |
-          manifests/deployment.yml
-          manifests/service.yml
-        images: |
-          demo.azurecr.io/k8sdemo:${{ github.sha }}
-        imagepullsecrets: |
-          demo-k8s-secret
-```
-
-# Contributing
-
-This project welcomes contributions and suggestions.  Most contributions require you to agree to a
-Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
-
-When you submit a pull request, a CLA bot will automatically determine whether you need to provide
-a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
-provided by the bot. You will only need to do this once across all repos using our CLA.
-
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
-contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+# Deploy manifests action for Kubernetes
+
+This action is used to deploy manifests to Kubernetes clusters. It requires that the cluster context be set earlier in the workflow by using either the [Azure/aks-set-context](https://github.com/Azure/aks-set-context/tree/releases/v4) action or the [Azure/k8s-set-context](https://github.com/Azure/k8s-set-context/tree/releases/v4) action. It also requires Kubectl to be installed (you can use the [Azure/setup-kubectl](https://github.com/Azure/setup-kubectl) action).
+
+If you are looking to automate your workflows to deploy to [Azure Web Apps](https://azure.microsoft.com/en-us/services/app-service/web/) and [Azure Web App for Containers](https://azure.microsoft.com/en-us/services/app-service/containers/), consider using [`Azure/webapps-deploy`](https://github.com/Azure/webapps-deploy) action.
+
+This action requires the following permissions from your workflow:
+
+```yaml
+permissions:
+   id-token: write
+   contents: read
+   actions: read
+```
+
+## Action capabilities
+
+Following are the key capabilities of this action:
+
+- **Artifact substitution**: Takes a list of container images which can be specified along with their tags or digests. They are substituted into the non-templatized version of manifest files before applying to the cluster to ensure that the right version of the image is pulled by the cluster nodes.
+
+- **Object stability checks**: Rollout status is checked for the Kubernetes objects deployed. This is done to incorporate stability checks while computing the action status as success/failure.
+
+- **Secret handling**: The secret names specified as inputs in the action are used to augment the input manifest files with imagePullSecrets values before deploying to the cluster. Also, checkout the [Azure/k8s-create-secret](https://github.com/Azure/k8s-create-secret) action for creation of generic or docker-registry secrets in the cluster.
+
+- **Deployment strategy** Supports both canary and blue-green deployment strategies
+   - **Canary strategy**: Workloads suffixed with '-baseline' and '-canary' are created. There are two methods of traffic splitting supported:
+      - **Service Mesh Interface**: Service Mesh Interface abstraction allows for plug-and-play configuration with service mesh providers such as [Linkerd](https://linkerd.io/) and [Istio](https://istio.io/). Meanwhile, this action takes away the hard work of mapping SMI's TrafficSplit objects to the stable, baseline and canary services during the lifecycle of the deployment strategy. Service mesh based canary deployments using this action are more accurate as service mesh providers enable granular percentage traffic split (via service registry and sidecar containers injected into pods alongside application containers).
+      - **Only Kubernetes (no service mesh)**: In the absence of service mesh, while it may not be possible to achieve exact percentage split at the request level, it is still possible to perform canary deployments by deploying -baseline and -canary workload variants next to the stable variant. The service routes requests to pods of all three workload variants as the selector-label constraints are met (KubernetesManifest will honor these when creating -baseline and -canary variants). This achieves the intended effect of routing only a portion of total requests to the canary.
+   - **Blue-Green strategy**: Choosing blue-green strategy with this action leads to creation of workloads suffixed with '-green'. An identified service is one that is supplied as part of the input manifest(s) and targets a workload in the supplied manifest(s). There are three route-methods supported in the action:
+      - **Service route-method**: Identified services are configured to target the green deployments.
+      - **Ingress route-method**: Along with deployments, new services are created with '-green' suffix (for identified services), and the ingresses are in turn updated to target the new services.
+      - **SMI route-method**: A new [TrafficSplit](https://github.com/servicemeshinterface/smi-spec/blob/master/apis/traffic-split/v1alpha3/traffic-split.md) object is created for each identified service. The TrafficSplit object is updated to target the new deployments. This works only if SMI is set up in the cluster.
+
+      Traffic is routed to the new workloads only after the time provided as `version-switch-buffer` input has passed. The `promote` action creates workloads and services with new configurations but without any suffix. `reject` routes traffic back to the old workloads and deletes the '-green' workloads.
+
+## Action inputs
+
+<table>
+  <thead>
+    <tr>
+      <th>Action inputs</th>
+      <th>Description</th>
+    </tr>
+  </thead>
+  <tr>
+    <td>action </br></br>(Required)</td>
+    <td>Acceptable values: deploy/promote/reject.</br>Promote or reject actions are used to promote or reject canary/blue-green deployments. Sample YAML snippets are provided below for guidance.</td>
+  </tr>
+  <tr>
+    <td>manifests </br></br>(Required)</td>
+    <td>Path to the manifest files to be used for deployment. These can also be directories containing manifest files, in which case, all manifest files in the referenced directory at every depth will be deployed, or URLs to manifest files (like https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/controllers/nginx-deployment.yaml). Files and URLs not ending in .yml or .yaml will be ignored.</td>
+  </tr>
+    <tr>
+    <td>strategy </br></br>(Required)</td>
+    <td>Acceptable values: basic/canary/blue-green. <br>
+    Default value: basic
+    <br>Deployment strategy to be used while applying manifest files on the cluster.
+    <br>basic - Template is force applied to all pods when deploying to cluster. NOTE: Can only be used with action == deploy
+    <br>canary - Canary deployment strategy is used when deploying to the cluster.<br>blue-green - Blue-Green deployment strategy is used when deploying to cluster.</td>
+  </tr>
+  <tr>
+    <td>namespace </br></br>(Optional)
+    <td>Namespace within the cluster to deploy to.</td>
+  </tr>
+  <tr>
+    <td>images </br></br>(Optional)</td>
+    <td>Fully qualified resource URL of the image(s) to be used for substitutions on the manifest files. This multiline input accepts specifying multiple artifact substitutions in newline separated form. For example:<br> 
+    <code><br>images: |<br>&nbsp&nbspcontosodemo.azurecr.io/foo:test1<br>&nbsp&nbspcontosodemo.azurecr.io/bar:test2<br></code><br>
+    In this example, all references to contosodemo.azurecr.io/foo and contosodemo.azurecr.io/bar are searched for in the image field of the input manifest files. For the matches found, the tags test1 and test2 are substituted.</td>
+  </tr>
+  <tr>
+    <td>imagepullsecrets </br></br>(Optional)</td>
+    <td>Multiline input where each line contains the name of a docker-registry secret that has already been setup within the cluster. Each of these secret names are added under imagePullSecrets field for the workloads found in the input manifest files</td>
+  </tr>  
+  <tr>
+    <td>pull-images</br></br>(Optional)</td>
+    <td>Acceptable values: true/false</br>Default value: true</br>Switch whether to pull the images from the registry before deployment to find out Dockerfile's path in order to add it to the annotations</td>
+  </tr>
+  <tr>
+    <td>traffic-split-method </br></br>(Optional)</td>
+    <td>Acceptable values: pod/smi.<br> Default value: pod <br>SMI: Percentage traffic split is done at request level using service mesh. Service mesh has to be setup by cluster admin. Orchestration of <a href="https://github.com/servicemeshinterface/smi-spec/blob/master/apis/traffic-split/v1alpha3/traffic-split.md" data-raw-source="TrafficSplit](https://github.com/deislabs/smi-spec/blob/master/traffic-split.md)">TrafficSplit</a> objects of SMI is handled by this action. <br>Pod: Percentage split not possible at request level in the absence of service mesh. Percentage input is used to calculate the replicas for baseline and canary as a percentage of replicas specified in the input manifests for the stable variant.</td>
+  </tr>
+  <tr>
+   <td>traffic-split-annotations </br></br>(Optional)</td>
+   <td>Annotations in the form of key/value pair to be added to TrafficSplit.</td>
+  <tr>
+    <td>percentage </br></br>(Optional but required if strategy is canary)</td>
+    <td>Used to compute the number of replicas of &#39;-baseline&#39; and &#39;-canary&#39; variants of the workloads found in manifest files. For the specified percentage input, if (percentage * numberOfDesirerdReplicas)/100 is not a round number, the floor of this number is used while creating &#39;-baseline&#39; and &#39;-canary&#39;.<br/><br/>For example, if Deployment hello-world was found in the input manifest file with &#39;replicas: 4&#39; and if &#39;strategy: canary&#39; and &#39;percentage: 25&#39; are given as inputs to the action, then the Deployments hello-world-baseline and hello-world-canary are created with 1 replica each. The &#39;-baseline&#39; variant is created with the same image and tag as the stable version (4 replica variant prior to deployment) while the &#39;-canary&#39; variant is created with the image and tag corresponding to the new changes being deployed</td>
+  </tr>
+  <tr>
+    <td>baseline-and-canary-replicas </br></br> (Optional and relevant only if strategy is canary and traffic-split-method is smi)</td>
+    <td>The number of baseline and canary replicas. Percentage traffic split is controlled in the service mesh plane, the actual number of replicas for canary and baseline variants could be controlled independently of the traffic split. For example, assume that the input Deployment manifest desired 30 replicas to be used for stable and that the following inputs were specified for the action </br></br><code>&nbsp;&nbsp;&nbsp;&nbsp;strategy: canary<br>&nbsp;&nbsp;&nbsp;&nbsp;trafficSplitMethod: smi<br>&nbsp;&nbsp;&nbsp;&nbsp;percentage: 20<br>&nbsp;&nbsp;&nbsp;&nbsp;baselineAndCanaryReplicas: 1</code></br></br> In this case, stable variant will receive 80% traffic while baseline and canary variants will receive 10% each (20% split equally between baseline and canary). However, instead of creating baseline and canary with 3 replicas each, the explicit count of baseline and canary replicas is honored. That is, only 1 replica each is created for baseline and canary variants.</td>
+  </tr>
+   <tr>
+    <td>route-method </br></br>(Optional and relevant only if strategy is blue-green)</td>
+    <td>Acceptable values: service/ingress/smi.</br>Default value: service.</br>Traffic is routed based on this input.
+    <br>Service: Service selector labels are updated to target '-green' workloads.
+    <br>Ingress: Ingress backends are updated to target the new '-green' services which in turn target '-green' deployments.
+    <br>SMI: A <a href="https://github.com/servicemeshinterface/smi-spec/blob/master/apis/traffic-split/v1alpha3/traffic-split.md" data-raw-source="TrafficSplit](https://github.com/deislabs/smi-spec/blob/master/traffic-split.md)">TrafficSplit</a>  object is created for each required service to route traffic to new workloads.</td>
+  </tr>
+  <tr>
+    <td>version-switch-buffer </br></br>(Optional and relevant only if strategy is blue-green)</td>
+    <td>Acceptable values: 1-300.</br>Default value: 0.</br>Waits for the given input in minutes before routing traffic to '-green' workloads.</td>
+  </tr>
+  <tr>
+    <td>private-cluster </br></br>(Optional and relevant only using K8's deploy for a cluster with private cluster enabled)</td>
+    <td>Acceptable values: true, false</br>Default value: false.</td>
+  </tr>
+  <tr>
+    <td>resource-group</br></br>(Optional)</td>
+    <td>Name of resource group - Only required if using private cluster</td>
+  </tr>
+  <tr>
+    <td>name</br></br>(Optional)</td>
+    <td>Name of the private cluster - Only required if using private cluster</td>
+  </tr>
+  <tr>
+    <td>force</br></br>(Optional)</td>
+    <td>Deploy when a previous deployment already exists. If true then '--force' argument is added to the apply command. Using '--force' argument is not recommended in production.</td>
+  </tr>
+  <tr>
+    <td>server-side </br></br>(Optional)</td>
+    <td>The apply command runs in the server instead of the client. If true then '--server-side' argument is added to the apply command.</td>
+  </tr>
+  <tr>
+    <td>timeout</br></br>(Optional)</td>
+    <td>Default value: 10m</br>Timeout for the rollout status. Accepts time units like '10m', '1h', '30s'. If only a number is provided (e.g., '30'), it is assumed to be minutes.</td>
+  </tr>
+  <tr>
+    <td>annotate-resources</br></br>(Optional)</td>
+    <td>Acceptable values: true/false</br>Default value: true</br>Switch whether to annotate the resources or not. If set to false all annotations are skipped completely.</td>
+  </tr>
+  <tr>
+    <td>annotate-namespace</br></br>(Optional)</td>
+    <td>Acceptable values: true/false</br>Default value: true</br>Switch whether to annotate the namespace resources object or not. Ignored when annotate-resources is set to false.</td>
+  </tr>
+  <tr>
+    <td>skip-tls-verify</br></br>(Optional)</td>
+    <td>Acceptable values: true/false</br>Default value: false</br>True if the insecure-skip-tls-verify option should be used</td>
+  </tr>
+  <tr>
+    <td>resource-type (Optional)</td>
+    <td>Acceptable values: `Microsoft.ContainerService/managedClusters` (default), 'Microsoft.ContainerService/fleets'</td>
+  </tr>
+</table>
+
+## Usage Examples
+
+### Basic deployment (without any deployment strategy)
+
+```yaml
+- uses: Azure/k8s-deploy@v5
+  with:
+     namespace: 'myapp'
+     manifests: |
+        dir/manifestsDirectory
+     images: 'contoso.azurecr.io/myapp:${{ event.run_id }}'
+     imagepullsecrets: |
+        image-pull-secret1
+        image-pull-secret2
+```
+
+### Private cluster deployment
+
+```yaml
+- uses: Azure/k8s-deploy@v5
+  with:
+     resource-group: yourResourceGroup
+     name: yourClusterName
+     action: deploy
+     strategy: basic
+
+     private-cluster: true
+     manifests: |
+        manifests/azure-vote-backend-deployment.yaml
+        manifests/azure-vote-backend-service.yaml
+        manifests/azure-vote-frontend-deployment.yaml
+        manifests/azure-vote-frontend-service.yaml
+     images: |
+        registry.azurecr.io/containername
+```
+
+### Canary deployment without service mesh
+
+```yaml
+- uses: Azure/k8s-deploy@v5
+  with:
+     namespace: 'myapp'
+     images: 'contoso.azurecr.io/myapp:${{ event.run_id }}'
+     imagepullsecrets: |
+        image-pull-secret1
+        image-pull-secret2
+     manifests: |
+        deployment.yaml
+        service.yaml
+        dir/manifestsDirectory
+     strategy: canary
+     action: deploy
+     percentage: 20
+```
+
+To promote/reject the canary created by the above snippet, the following YAML snippet could be used:
+
+```yaml
+- uses: Azure/k8s-deploy@v5
+  with:
+     namespace: 'myapp'
+     images: 'contoso.azurecr.io/myapp:${{ event.run_id }}'
+     imagepullsecrets: |
+        image-pull-secret1
+        image-pull-secret2
+     manifests: |
+        deployment.yaml
+        service.yaml
+        dir/manifestsDirectory
+     strategy: canary
+     action: promote # substitute reject if you want to reject
+```
+
+### Canary deployment based on Service Mesh Interface
+
+```yaml
+- uses: Azure/k8s-deploy@v5
+  with:
+     namespace: 'myapp'
+     images: 'contoso.azurecr.io/myapp:${{ event.run_id }}'
+     imagepullsecrets: |
+        image-pull-secret1
+        image-pull-secret2
+     manifests: |
+        deployment.yaml
+        service.yaml
+        dir/manifestsDirectory
+     strategy: canary
+     action: deploy
+     traffic-split-method: smi
+     percentage: 20
+     baseline-and-canary-replicas: 1
+```
+
+To promote/reject the canary created by the above snippet, the following YAML snippet could be used:
+
+```yaml
+- uses: Azure/k8s-deploy@v5
+  with:
+     namespace: 'myapp'
+     images: 'contoso.azurecr.io/myapp:${{ event.run_id }} '
+     imagepullsecrets: |
+        image-pull-secret1
+        image-pull-secret2
+     manifests: |
+        deployment.yaml
+        service.yaml
+        dir/manifestsDirectory
+     strategy: canary
+     traffic-split-method: smi
+     action: reject # substitute promote if you want to promote
+```
+
+### Blue-Green deployment with different route methods
+
+```yaml
+- uses: Azure/k8s-deploy@v5
+  with:
+     namespace: 'myapp'
+     images: 'contoso.azurecr.io/myapp:${{ event.run_id }}'
+     imagepullsecrets: |
+        image-pull-secret1
+        image-pull-secret2
+     manifests: |
+        deployment.yaml
+        service.yaml
+        ingress.yml
+     strategy: blue-green
+     action: deploy
+     route-method: ingress # substitute with service/smi as per need
+     version-switch-buffer: 15
+```
+
+To promote/reject the green workload created by the above snippet, the following YAML snippet could be used:
+
+```yaml
+- uses: Azure/k8s-deploy@v5
+  with:
+     namespace: 'myapp'
+     images: 'contoso.azurecr.io/myapp:${{ event.run_id }}'
+     imagepullsecrets: |
+        image-pull-secret1
+        image-pull-secret2
+     manifests: |
+        deployment.yaml
+        service.yaml
+        ingress.yml
+     strategy: blue-green
+     route-method: ingress # should be the same as the value when action was deploy
+     action: promote # substitute reject if you want to reject
+```
+
+## End to end workflows
+
+Following are a few examples of not just this action, but how this action could be used along with other container and k8s related actions for building images and deploying objects onto k8s clusters:
+
+### Build container image and deploy to Azure Kubernetes Service cluster
+
+```yaml
+on: [push]
+
+jobs:
+   build:
+      runs-on: ubuntu-latest
+      steps:
+         - uses: actions/checkout@v6
+
+         - uses: Azure/docker-login@v2
+           with:
+              login-server: contoso.azurecr.io
+              username: ${{ secrets.REGISTRY_USERNAME }}
+              password: ${{ secrets.REGISTRY_PASSWORD }}
+
+         - run: |
+              docker build . -t contoso.azurecr.io/k8sdemo:${{ github.sha }}
+              docker push contoso.azurecr.io/k8sdemo:${{ github.sha }}
+
+         - uses: azure/setup-kubectl@v4
+
+         # Set the target AKS cluster.
+         - uses: Azure/aks-set-context@v4
+           with:
+              creds: '${{ secrets.AZURE_CREDENTIALS }}'
+              cluster-name: contoso
+              resource-group: contoso-rg
+
+         - uses: Azure/k8s-create-secret@v5
+           with:
+              container-registry-url: contoso.azurecr.io
+              container-registry-username: ${{ secrets.REGISTRY_USERNAME }}
+              container-registry-password: ${{ secrets.REGISTRY_PASSWORD }}
+              secret-name: demo-k8s-secret
+
+         - uses: Azure/k8s-deploy@v5
+           with:
+              action: deploy
+              manifests: |
+                 manifests/deployment.yml
+                 manifests/service.yml
+              images: |
+                 demo.azurecr.io/k8sdemo:${{ github.sha }}
+              imagepullsecrets: |
+                 demo-k8s-secret
+```
+
+### Build container image and deploy to any Azure Kubernetes Service cluster
+
+```yaml
+on: [push]
+
+jobs:
+   build:
+      runs-on: ubuntu-latest
+      steps:
+         - uses: actions/checkout@v6
+
+         - uses: Azure/docker-login@v2
+           with:
+              login-server: contoso.azurecr.io
+              username: ${{ secrets.REGISTRY_USERNAME }}
+              password: ${{ secrets.REGISTRY_PASSWORD }}
+
+         - run: |
+              docker build . -t contoso.azurecr.io/k8sdemo:${{ github.sha }}
+              docker push contoso.azurecr.io/k8sdemo:${{ github.sha }}
+
+         - uses: azure/setup-kubectl@v4
+
+         - uses: Azure/k8s-set-context@v4
+           with:
+              kubeconfig: ${{ secrets.KUBE_CONFIG }}
+
+         - uses: Azure/k8s-create-secret@v5
+           with:
+              container-registry-url: contoso.azurecr.io
+              container-registry-username: ${{ secrets.REGISTRY_USERNAME }}
+              container-registry-password: ${{ secrets.REGISTRY_PASSWORD }}
+              secret-name: demo-k8s-secret
+
+         - uses: Azure/k8s-deploy@v5
+           with:
+              action: deploy
+              manifests: |
+                 manifests/deployment.yml
+                 manifests/service.yml
+              images: |
+                 demo.azurecr.io/k8sdemo:${{ github.sha }}
+              imagepullsecrets: |
+                 demo-k8s-secret
+```
+
+### Build image and add `dockerfile-path` label to it
+
+We can use this image in other workflows once built.
+
+```yaml
+on: [push]
+env:
+   NAMESPACE: demo-ns2
+
+jobs:
+   build:
+      runs-on: ubuntu-latest
+      steps:
+         - uses: actions/checkout@v6
+
+         - uses: Azure/docker-login@v2
+           with:
+              login-server: contoso.azurecr.io
+              username: ${{ secrets.REGISTRY_USERNAME }}
+              password: ${{ secrets.REGISTRY_PASSWORD }}
+
+         - run: |
+              docker build . -t contoso.azurecr.io/k8sdemo:${{ github.sha }} --label dockerfile-path=https://github.com/${{github.repo}}/blob/${{github.sha}}/Dockerfile
+              docker push contoso.azurecr.io/k8sdemo:${{ github.sha }}
+```
+
+### Use bake action to get manifests deploying to a Kubernetes cluster
+
+```yaml
+on: [push]
+env:
+   NAMESPACE: demo-ns2
+
+jobs:
+   deploy:
+      runs-on: ubuntu-latest
+      steps:
+         - uses: actions/checkout@v6
+
+         - uses: Azure/docker-login@v2
+           with:
+              login-server: contoso.azurecr.io
+              username: ${{ secrets.REGISTRY_USERNAME }}
+              password: ${{ secrets.REGISTRY_PASSWORD }}
+
+         - uses: azure/setup-kubectl@v4
+
+         # Set the target AKS cluster.
+         - uses: Azure/aks-set-context@v4
+           with:
+              creds: '${{ secrets.AZURE_CREDENTIALS }}'
+              cluster-name: contoso
+              resource-group: contoso-rg
+
+         - uses: Azure/k8s-create-secret@v5
+           with:
+              namespace: ${{ env.NAMESPACE  }}
+              container-registry-url: contoso.azurecr.io
+              container-registry-username: ${{ secrets.REGISTRY_USERNAME }}
+              container-registry-password: ${{ secrets.REGISTRY_PASSWORD }}
+              secret-name: demo-k8s-secret
+
+         - uses: azure/k8s-bake@v3
+           with:
+              renderEngine: 'helm'
+              helmChart: './aks-helloworld/'
+              overrideFiles: './aks-helloworld/values-override.yaml'
+              overrides: |
+                 replicas:2
+              helm-version: 'latest'
+           id: bake
+
+         - uses: Azure/k8s-deploy@v5
+           with:
+              action: deploy
+              manifests: ${{ steps.bake.outputs.manifestsBundle }}
+              images: |
+                 contoso.azurecr.io/k8sdemo:${{ github.sha }}
+              imagepullsecrets: |
+                 demo-k8s-secret
+```
+
+## Traceability Fields Support
+
+- Environment variable `HELM_CHART_PATHS` is a list of helmchart files expected by k8s-deploy - it will be populated automatically if you are using k8s-bake to generate the manifests.
+- Use script to build image and add dockerfile-path label to it. The value expected is the link to the dockerfile: https://github.com/${{github.repo}}/blob/${{github.sha}}/Dockerfile. If your dockerfile is in the same repo and branch where the workflow is run, it can be a relative path and it will be converted to a link for traceability.
+- Run docker login action for each image registry - in case image build and image deploy are two distinct jobs in the same or separate workflows.
+
+## Contributing
+
+This project welcomes contributions and suggestions. Most contributions require you to agree to a
+Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
+the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+
+When you submit a pull request, a CLA bot will automatically determine whether you need to provide
+a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
+provided by the bot. You will only need to do this once across all repos using our CLA.
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+
+## Support
+
+k8s-deploy is an open source project that is [**not** covered by the Microsoft Azure support policy](https://support.microsoft.com/en-us/help/2941892/support-for-linux-and-open-source-technology-in-azure). [Please search open issues here](https://github.com/Azure/k8s-deploy/issues), and if your issue isn't already represented please [open a new one](https://github.com/Azure/k8s-deploy/issues/new/choose). The project maintainers will respond to the best of their abilities.
@@ -1,35 +1,35 @@
-<!-- BEGIN MICROSOFT SECURITY.MD V0.0.1 BLOCK -->
-
-## Security
-
-Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [many more](https://opensource.microsoft.com/).
-
-If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [definition](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)) of a security vulnerability, please report it to us as described below.
-
-## Reporting Security Issues
-
-**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to the Microsoft Security Response Center at [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://technet.microsoft.com/en-us/security/dn606155).
-
-You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
-
-Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
-
-  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
-  * Full paths of source file(s) related to the manifestation of the issue
-  * The location of the affected source code (tag/branch/commit or direct URL)
-  * Any special configuration required to reproduce the issue
-  * Step-by-step instructions to reproduce the issue
-  * Proof-of-concept or exploit code (if possible)
-  * Impact of the issue, including how an attacker might exploit the issue
-
-This information will help us triage your report more quickly.
-
-## Preferred Languages
-
-We prefer all communications to be in English.
-
-## Policy
-
-Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
-
-<!-- END MICROSOFT SECURITY.MD BLOCK -->
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.1 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [many more](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [definition](<https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)>) of a security vulnerability, please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to the Microsoft Security Response Center at [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://technet.microsoft.com/en-us/security/dn606155).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->
@@ -1,26 +1,100 @@
-name: 'Deploy to Kubernetes cluster'
-description: 'Deploy to Kubernetes cluster'
-inputs: 
-# Please ensure you have used either azure/k8s-actions/aks-set-context or azure/k8s-actions/k8s-set-context in the workflow before this action
-  namespace:
-    description: 'Choose the target Kubernetes namespace. If the namespace is not provided, the commands will run in the default namespace.'
-    required: false
-  manifests:
-    description: 'Path to the manifest files which will be used for deployment.'
-    required: true
-    default: ''
-  images: 
-    description: 'Fully qualified resource URL of the image(s) to be used for substitutions on the manifest files
-Example: contosodemo.azurecr.io/helloworld:test'
-    required: false
-  imagepullsecrets:
-    description: 'Name of a docker-registry secret that has already been set up within the cluster. Each of these secret names are added under imagePullSecrets field for the workloads found in the input manifest files'
-    required: false
-  kubectl-version:
-      description: 'Version of kubectl. Installs a specific version of kubectl binary'
-      required: false
-branding:
-  color: 'green' # optional, decorates the entry in the GitHub Marketplace
-runs:
-  using: 'node12'
-  main: 'lib/run.js'
+name: 'Deploy to Kubernetes cluster'
+description: 'Deploy to a Kubernetes cluster including, but not limited to Azure Kubernetes Service (AKS) clusters'
+inputs:
+   # Please ensure you have used either azure/k8s-actions/aks-set-context or azure/k8s-actions/k8s-set-context in the workflow before this action
+   # You also need to have kubectl installed (azure/setup-kubectl)
+   namespace:
+      description: 'Choose the target Kubernetes namespace. If the namespace is not provided, the commands will automatically use the namespace defined in the manifest files first or otherwise run in the default namespace.'
+      required: false
+      default: ''
+   manifests:
+      description: 'Path to the manifest files which will be used for deployment.'
+      required: true
+   images:
+      description: 'Fully qualified resource URL of the image(s) to be used for substitutions on the manifest files Example: contosodemo.azurecr.io/helloworld:test'
+      required: false
+   imagepullsecrets:
+      description: 'Name of a docker-registry secret that has already been set up within the cluster. Each of these secret names are added under imagePullSecrets field for the workloads found in the input manifest files'
+      required: false
+   pull-images:
+      description: "Switch whether to pull the images from the registry before deployment to find out Dockerfile's path in order to add it to the annotations"
+      required: false
+      default: true
+   strategy:
+      description: 'Deployment strategy to be used. Allowed values are basic, canary and blue-green'
+      required: true
+      default: 'basic'
+   route-method:
+      description: 'Route based on service, ingress or SMI for blue-green strategy'
+      required: false
+      default: 'service'
+   version-switch-buffer:
+      description: 'Indicates the buffer time in minutes before the switch is made to the green version (max is 300 min ie. 5hrs)'
+      required: false
+      default: 0
+   traffic-split-method:
+      description: 'Traffic split method to be used. Allowed values are pod and smi'
+      required: false
+      default: 'pod'
+   traffic-split-annotations:
+      description: 'Annotations in the form of key/value pair to be added to TrafficSplit. Relevant only if deployement strategy is blue-green or canary'
+      required: false
+   baseline-and-canary-replicas:
+      description: 'Baseline and canary replicas count. Valid value between 0 to 100 (inclusive)'
+      required: false
+      default: ''
+   percentage:
+      description: 'Percentage of traffic redirect to canary deployment'
+      required: false
+      default: 0
+   action:
+      description: 'deploy, promote, or reject'
+      required: true
+      default: 'deploy'
+   force:
+      description: 'Deploy when a previous deployment already exists. If true then --force argument is added to the apply command'
+      required: false
+      default: false
+   server-side:
+      description: 'The apply command runs in the server instead of the client. If true then --server-side argument is added to the apply command.'
+      required: false
+      default: false
+   timeout:
+      description: 'Timeout for the rollout status'
+      required: false
+      default: 10m
+   token:
+      description: 'Github token'
+      default: ${{ github.token }}
+      required: true
+   annotate-resources:
+      description: 'Annotate the resources. If set to false all annotations are skipped completely.'
+      required: false
+      default: true
+   annotate-namespace:
+      description: 'Annotate the target namespace. Ignored when annotate-resources is set to false or no namespace is provided.'
+      required: false
+      default: true
+   private-cluster:
+      description: 'True if cluster is AKS private cluster'
+      required: false
+      default: false
+   resource-group:
+      description: 'Name of resource group - Only required if using private cluster'
+      required: false
+   name:
+      description: 'Name of the private cluster - Only required if using private cluster'
+      required: false
+   skip-tls-verify:
+      description: True if the insecure-skip-tls-verify option should be used. Input should be 'true' or 'false'.
+      default: false
+   resource-type:
+      description: Either Microsoft.ContainerService/managedClusters or Microsoft.ContainerService/fleets'.
+      required: false
+      default: 'Microsoft.ContainerService/managedClusters'
+
+branding:
+   color: 'green'
+runs:
+   using: 'node24'
+   main: 'lib/index.js'
@@ -0,0 +1,6 @@
+module.exports = {
+   presets: [
+      ['@babel/preset-env', {targets: {node: 'current'}}],
+      '@babel/preset-typescript'
+   ]
+}
@@ -1,71 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const os = require("os");
-const path = require("path");
-const util = require("util");
-const fs = require("fs");
-const toolCache = require("@actions/tool-cache");
-const core = require("@actions/core");
-const kubectlToolName = 'kubectl';
-const stableKubectlVersion = 'v1.15.0';
-const stableVersionUrl = 'https://storage.googleapis.com/kubernetes-release/release/stable.txt';
-function getExecutableExtension() {
-    if (os.type().match(/^Win/)) {
-        return '.exe';
-    }
-    return '';
-}
-function getkubectlDownloadURL(version) {
-    switch (os.type()) {
-        case 'Linux':
-            return util.format('https://storage.googleapis.com/kubernetes-release/release/%s/bin/linux/amd64/kubectl', version);
-        case 'Darwin':
-            return util.format('https://storage.googleapis.com/kubernetes-release/release/%s/bin/darwin/amd64/kubectl', version);
-        case 'Windows_NT':
-        default:
-            return util.format('https://storage.googleapis.com/kubernetes-release/release/%s/bin/windows/amd64/kubectl.exe', version);
-    }
-}
-function getStableKubectlVersion() {
-    return __awaiter(this, void 0, void 0, function* () {
-        return toolCache.downloadTool(stableVersionUrl).then((downloadPath) => {
-            let version = fs.readFileSync(downloadPath, 'utf8').toString().trim();
-            if (!version) {
-                version = stableKubectlVersion;
-            }
-            return version;
-        }, (error) => {
-            core.debug(error);
-            core.warning('GetStableVersionFailed');
-            return stableKubectlVersion;
-        });
-    });
-}
-exports.getStableKubectlVersion = getStableKubectlVersion;
-function downloadKubectl(version) {
-    return __awaiter(this, void 0, void 0, function* () {
-        let cachedToolpath = toolCache.find(kubectlToolName, version);
-        let kubectlDownloadPath = '';
-        if (!cachedToolpath) {
-            try {
-                kubectlDownloadPath = yield toolCache.downloadTool(getkubectlDownloadURL(version));
-            }
-            catch (exception) {
-                throw new Error('DownloadKubectlFailed');
-            }
-            cachedToolpath = yield toolCache.cacheFile(kubectlDownloadPath, kubectlToolName + getExecutableExtension(), kubectlToolName, version);
-        }
-        const kubectlPath = path.join(cachedToolpath, kubectlToolName + getExecutableExtension());
-        fs.chmodSync(kubectlPath, '777');
-        return kubectlPath;
-    });
-}
-exports.downloadKubectl = downloadKubectl;
@@ -1,141 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = require("@actions/core");
-const utils_1 = require("./utils");
-function getImagePullSecrets(inputObject) {
-    if (!inputObject || !inputObject.spec) {
-        return;
-    }
-    if (utils_1.isEqual(inputObject.kind, 'pod')
-        && inputObject
-        && inputObject.spec
-        && inputObject.spec.imagePullSecrets) {
-        return inputObject.spec.imagePullSecrets;
-    }
-    else if (utils_1.isEqual(inputObject.kind, 'cronjob')
-        && inputObject
-        && inputObject.spec
-        && inputObject.spec.jobTemplate
-        && inputObject.spec.jobTemplate.spec
-        && inputObject.spec.jobTemplate.spec.template
-        && inputObject.spec.jobTemplate.spec.template.spec
-        && inputObject.spec.jobTemplate.spec.template.spec.imagePullSecrets) {
-        return inputObject.spec.jobTemplate.spec.template.spec.imagePullSecrets;
-    }
-    else if (inputObject
-        && inputObject.spec
-        && inputObject.spec.template
-        && inputObject.spec.template.spec
-        && inputObject.spec.template.spec.imagePullSecrets) {
-        return inputObject.spec.template.spec.imagePullSecrets;
-    }
-}
-function setImagePullSecrets(inputObject, newImagePullSecrets) {
-    if (!inputObject || !inputObject.spec || !newImagePullSecrets) {
-        return;
-    }
-    if (utils_1.isEqual(inputObject.kind, 'pod')) {
-        if (inputObject
-            && inputObject.spec) {
-            if (newImagePullSecrets.length > 0) {
-                inputObject.spec.imagePullSecrets = newImagePullSecrets;
-            }
-            else {
-                delete inputObject.spec.imagePullSecrets;
-            }
-        }
-    }
-    else if (utils_1.isEqual(inputObject.kind, 'cronjob')) {
-        if (inputObject
-            && inputObject.spec
-            && inputObject.spec.jobTemplate
-            && inputObject.spec.jobTemplate.spec
-            && inputObject.spec.jobTemplate.spec.template
-            && inputObject.spec.jobTemplate.spec.template.spec) {
-            if (newImagePullSecrets.length > 0) {
-                inputObject.spec.jobTemplate.spec.template.spec.imagePullSecrets = newImagePullSecrets;
-            }
-            else {
-                delete inputObject.spec.jobTemplate.spec.template.spec.imagePullSecrets;
-            }
-        }
-    }
-    else if (!!inputObject.spec.template && !!inputObject.spec.template.spec) {
-        if (inputObject
-            && inputObject.spec
-            && inputObject.spec.template
-            && inputObject.spec.template.spec) {
-            if (newImagePullSecrets.length > 0) {
-                inputObject.spec.template.spec.imagePullSecrets = newImagePullSecrets;
-            }
-            else {
-                delete inputObject.spec.template.spec.imagePullSecrets;
-            }
-        }
-    }
-}
-function substituteImageNameInSpecContent(currentString, imageName, imageNameWithNewTag) {
-    if (currentString.indexOf(imageName) < 0) {
-        core.debug(`No occurence of replacement token: ${imageName} found`);
-        return currentString;
-    }
-    return currentString.split('\n').reduce((acc, line) => {
-        const imageKeyword = line.match(/^ *image:/);
-        if (imageKeyword) {
-            const [currentImageName, currentImageTag] = line
-                .substring(imageKeyword[0].length) // consume the line from keyword onwards
-                .trim()
-                .replace(/[',"]/g, '') // replace allowed quotes with nothing
-                .split(':');
-            if (currentImageName === imageName) {
-                return acc + `${imageKeyword[0]} ${imageNameWithNewTag}\n`;
-            }
-        }
-        return acc + line + '\n';
-    }, '');
-}
-function updateContainerImagesInManifestFiles(contents, containers) {
-    if (!!containers && containers.length > 0) {
-        containers.forEach((container) => {
-            let imageName = container.split(':')[0];
-            if (imageName.indexOf('@') > 0) {
-                imageName = imageName.split('@')[0];
-            }
-            if (contents.indexOf(imageName) > 0) {
-                contents = substituteImageNameInSpecContent(contents, imageName, container);
-            }
-        });
-    }
-    return contents;
-}
-exports.updateContainerImagesInManifestFiles = updateContainerImagesInManifestFiles;
-function updateImagePullSecrets(inputObject, newImagePullSecrets) {
-    if (!inputObject || !inputObject.spec || !newImagePullSecrets) {
-        return;
-    }
-    let newImagePullSecretsObjects;
-    if (newImagePullSecrets.length > 0) {
-        newImagePullSecretsObjects = Array.from(newImagePullSecrets, x => { return !!x ? { 'name': x } : null; });
-    }
-    else {
-        newImagePullSecretsObjects = [];
-    }
-    let existingImagePullSecretObjects = getImagePullSecrets(inputObject);
-    if (!existingImagePullSecretObjects) {
-        existingImagePullSecretObjects = new Array();
-    }
-    existingImagePullSecretObjects = existingImagePullSecretObjects.concat(newImagePullSecretsObjects);
-    setImagePullSecrets(inputObject, existingImagePullSecretObjects);
-}
-exports.updateImagePullSecrets = updateImagePullSecrets;
-const workloadTypes = ['deployment', 'replicaset', 'daemonset', 'pod', 'statefulset', 'job', 'cronjob'];
-function isWorkloadEntity(kind) {
-    if (!kind) {
-        core.debug('ResourceKindNotDefined');
-        return false;
-    }
-    return workloadTypes.some((type) => {
-        return utils_1.isEqual(type, kind);
-    });
-}
-exports.isWorkloadEntity = isWorkloadEntity;
@@ -1,163 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const toolCache = require("@actions/tool-cache");
-const core = require("@actions/core");
-const io = require("@actions/io");
-const toolrunner_1 = require("@actions/exec/lib/toolrunner");
-const path = require("path");
-const fs = require("fs");
-const yaml = require("js-yaml");
-const utils_1 = require("./utils");
-const kubernetes_utils_1 = require("./kubernetes-utils");
-const kubectl_util_1 = require("./kubectl-util");
-let kubectlPath = "";
-function setKubectlPath() {
-    return __awaiter(this, void 0, void 0, function* () {
-        if (core.getInput('kubectl-version')) {
-            const version = core.getInput('kubect-version');
-            kubectlPath = toolCache.find('kubectl', version);
-            if (!kubectlPath) {
-                kubectlPath = yield installKubectl(version);
-            }
-        }
-        else {
-            kubectlPath = yield io.which('kubectl', false);
-            if (!kubectlPath) {
-                const allVersions = toolCache.findAllVersions('kubectl');
-                kubectlPath = allVersions.length > 0 ? toolCache.find('kubectl', allVersions[0]) : '';
-                if (!kubectlPath) {
-                    throw new Error('Kubectl is not installed, either add install-kubectl action or provide "kubectl-version" input to download kubectl');
-                }
-                kubectlPath = path.join(kubectlPath, `kubectl${utils_1.getExecutableExtension()}`);
-            }
-        }
-    });
-}
-function deploy(manifests, namespace) {
-    return __awaiter(this, void 0, void 0, function* () {
-        if (manifests) {
-            for (var i = 0; i < manifests.length; i++) {
-                let manifest = manifests[i];
-                let toolRunner = new toolrunner_1.ToolRunner(kubectlPath, ['apply', '-f', manifest, '--namespace', namespace]);
-                yield toolRunner.exec();
-            }
-        }
-    });
-}
-function checkRolloutStatus(name, kind, namespace) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const toolrunner = new toolrunner_1.ToolRunner(kubectlPath, ['rollout', 'status', `${kind.trim()}/${name.trim()}`, `--namespace`, namespace]);
-        return toolrunner.exec();
-    });
-}
-function checkManifestsStability(manifests, namespace) {
-    return __awaiter(this, void 0, void 0, function* () {
-        manifests.forEach((manifest) => {
-            let content = fs.readFileSync(manifest).toString();
-            yaml.safeLoadAll(content, function (inputObject) {
-                return __awaiter(this, void 0, void 0, function* () {
-                    if (!!inputObject.kind && !!inputObject.metadata && !!inputObject.metadata.name) {
-                        let kind = inputObject.kind;
-                        switch (kind.toLowerCase()) {
-                            case 'deployment':
-                            case 'daemonset':
-                            case 'statefulset':
-                                yield checkRolloutStatus(inputObject.metadata.name, kind, namespace);
-                                break;
-                            default:
-                                core.debug(`No rollout check for kind: ${inputObject.kind}`);
-                        }
-                    }
-                });
-            });
-        });
-    });
-}
-function getManifestFileName(kind, name) {
-    const filePath = kind + '_' + name + '_' + utils_1.getCurrentTime().toString();
-    const tempDirectory = process.env['RUNNER_TEMP'];
-    const fileName = path.join(tempDirectory, path.basename(filePath));
-    return fileName;
-}
-function writeObjectsToFile(inputObjects) {
-    const newFilePaths = [];
-    if (!!inputObjects) {
-        inputObjects.forEach((inputObject) => {
-            try {
-                const inputObjectString = JSON.stringify(inputObject);
-                if (!!inputObject.kind && !!inputObject.metadata && !!inputObject.metadata.name) {
-                    const fileName = getManifestFileName(inputObject.kind, inputObject.metadata.name);
-                    fs.writeFileSync(path.join(fileName), inputObjectString);
-                    newFilePaths.push(fileName);
-                }
-                else {
-                    core.debug('Input object is not proper K8s resource object. Object: ' + inputObjectString);
-                }
-            }
-            catch (ex) {
-                core.debug('Exception occurred while wrting object to file : ' + inputObject + ' . Exception: ' + ex);
-            }
-        });
-    }
-    return newFilePaths;
-}
-function updateManifests(manifests, imagesToOverride, imagepullsecrets) {
-    const newObjectsList = [];
-    manifests.forEach((filePath) => {
-        let fileContents = fs.readFileSync(filePath).toString();
-        fileContents = kubernetes_utils_1.updateContainerImagesInManifestFiles(fileContents, imagesToOverride.split('\n'));
-        yaml.safeLoadAll(fileContents, function (inputObject) {
-            if (!!imagepullsecrets && !!inputObject && !!inputObject.kind) {
-                if (kubernetes_utils_1.isWorkloadEntity(inputObject.kind)) {
-                    kubernetes_utils_1.updateImagePullSecrets(inputObject, imagepullsecrets.split('\n'));
-                }
-            }
-            newObjectsList.push(inputObject);
-        });
-    });
-    return writeObjectsToFile(newObjectsList);
-}
-function installKubectl(version) {
-    return __awaiter(this, void 0, void 0, function* () {
-        if (utils_1.isEqual(version, 'latest')) {
-            version = yield kubectl_util_1.getStableKubectlVersion();
-        }
-        return yield kubectl_util_1.downloadKubectl(version);
-    });
-}
-function checkClusterContext() {
-    if (!process.env["KUBECONFIG"]) {
-        throw new Error('Cluster context not set. Use k8ssetcontext action to set cluster context');
-    }
-}
-function run() {
-    return __awaiter(this, void 0, void 0, function* () {
-        checkClusterContext();
-        yield setKubectlPath();
-        let manifestsInput = core.getInput('manifests');
-        if (!manifestsInput) {
-            core.setFailed('No manifests supplied to deploy');
-        }
-        let namespace = core.getInput('namespace');
-        if (!namespace) {
-            namespace = 'default';
-        }
-        let manifests = manifestsInput.split('\n');
-        const imagesToOverride = core.getInput('images');
-        const imagePullSecretsToAdd = core.getInput('imagepullsecrets');
-        if (!!imagePullSecretsToAdd || !!imagesToOverride) {
-            manifests = updateManifests(manifests, imagesToOverride, imagePullSecretsToAdd);
-        }
-        yield deploy(manifests, namespace);
-        yield checkManifestsStability(manifests, namespace);
-    });
-}
-run().catch(core.setFailed);
@@ -1,26 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const os = require("os");
-function isEqual(str1, str2) {
-    if (!str1)
-        str1 = "";
-    if (!str2)
-        str2 = "";
-    return str1.toLowerCase() === str2.toLowerCase();
-}
-exports.isEqual = isEqual;
-function getRandomInt(max) {
-    return Math.floor(Math.random() * Math.floor(max));
-}
-exports.getRandomInt = getRandomInt;
-function getExecutableExtension() {
-    if (os.type().match(/^Win/)) {
-        return '.exe';
-    }
-    return '';
-}
-exports.getExecutableExtension = getExecutableExtension;
-function getCurrentTime() {
-    return new Date().getTime();
-}
-exports.getCurrentTime = getCurrentTime;
@@ -1,19 +1,36 @@
-{
-    "name": "k8s-deploy-action",
-    "version": "0.0.0",
-    "author": "Deepak Sattiraju",
-    "license": "MIT",
-    "scripts": {
-        "build": "tsc --outDir ./lib --rootDir ./src"
-    },
-    "dependencies": {
-        "@actions/tool-cache": "^1.0.0",
-        "@actions/io": "^1.0.0",
-        "@actions/core": "^1.0.0",
-        "@actions/exec": "^1.0.0",
-        "js-yaml": "3.13.1"
-    },
-    "devDependencies": {
-        "@types/node": "^12.0.10"
-    }
-}
+{
+   "name": "k8s-deploy-action",
+   "version": "6.0.0",
+   "author": "Deepak Sattiraju",
+   "license": "MIT",
+   "type": "module",
+   "scripts": {
+      "build": "tsc --noEmit && esbuild src/run.ts --bundle --platform=node --target=node20 --format=esm --outfile=lib/index.js --banner:js=\"import { createRequire } from 'module';const require = createRequire(import.meta.url);\"",
+      "typecheck": "tsc --noEmit",
+      "test": "vitest run",
+      "coverage": "vitest run --coverage",
+      "format": "prettier --write .",
+      "format-check": "prettier --check .",
+      "prepare": "husky"
+   },
+   "dependencies": {
+      "@actions/core": "^3.0.0",
+      "@actions/exec": "^3.0.0",
+      "@actions/io": "^3.0.2",
+      "@actions/tool-cache": "4.0.0",
+      "@octokit/core": "^7.0.6",
+      "@octokit/plugin-retry": "^8.1.0",
+      "js-yaml": "4.1.1",
+      "minimist": "^1.2.8"
+   },
+   "devDependencies": {
+      "@types/js-yaml": "^4.0.9",
+      "@types/minimist": "^1.2.5",
+      "@types/node": "^25.5.2",
+      "esbuild": "^0.28",
+      "husky": "^9.1.7",
+      "prettier": "^3.8.1",
+      "typescript": "6.0.2",
+      "vitest": "^4"
+   }
+}
@@ -0,0 +1,81 @@
+import * as core from '@actions/core'
+import * as models from '../types/kubernetesTypes.js'
+import * as KubernetesConstants from '../types/kubernetesTypes.js'
+import {Kubectl, Resource} from '../types/kubectl.js'
+import {
+   getResources,
+   updateManifestFiles
+} from '../utilities/manifestUpdateUtils.js'
+import {
+   annotateAndLabelResources,
+   checkManifestStability,
+   deployManifests
+} from '../strategyHelpers/deploymentHelper.js'
+import {DeploymentStrategy} from '../types/deploymentStrategy.js'
+import {parseTrafficSplitMethod} from '../types/trafficSplitMethod.js'
+import {ClusterType} from '../inputUtils.js'
+export const ResourceTypeManagedCluster =
+   'Microsoft.ContainerService/managedClusters'
+export const ResourceTypeFleet = 'Microsoft.ContainerService/fleets'
+export async function deploy(
+   kubectl: Kubectl,
+   manifestFilePaths: string[],
+   deploymentStrategy: DeploymentStrategy,
+   resourceType: ClusterType,
+   timeout?: string
+) {
+   // update manifests
+   const inputManifestFiles: string[] = updateManifestFiles(manifestFilePaths)
+   core.debug(`Input manifest files: ${inputManifestFiles}`)
+
+   // deploy manifests
+   core.startGroup('Deploying manifests')
+   const trafficSplitMethod = parseTrafficSplitMethod(
+      core.getInput('traffic-split-method', {required: true})
+   )
+   const deployedManifestFiles = await deployManifests(
+      inputManifestFiles,
+      deploymentStrategy,
+      kubectl,
+      trafficSplitMethod,
+      timeout
+   )
+   core.debug(`Deployed manifest files: ${deployedManifestFiles}`)
+   core.endGroup()
+
+   // check manifest stability
+   core.startGroup('Checking manifest stability')
+   const resourceTypes: Resource[] = getResources(
+      deployedManifestFiles,
+      models.DEPLOYMENT_TYPES.concat([
+         KubernetesConstants.DiscoveryAndLoadBalancerResource.SERVICE
+      ])
+   )
+
+   await checkManifestStability(kubectl, resourceTypes, resourceType, timeout)
+   core.endGroup()
+
+   // print ingresses
+   core.startGroup('Printing ingresses')
+   const ingressResources: Resource[] = getResources(deployedManifestFiles, [
+      KubernetesConstants.DiscoveryAndLoadBalancerResource.INGRESS
+   ])
+   for (const ingressResource of ingressResources) {
+      await kubectl.getResource(
+         KubernetesConstants.DiscoveryAndLoadBalancerResource.INGRESS,
+         ingressResource.name,
+         false,
+         ingressResource.namespace
+      )
+   }
+   core.endGroup()
+
+   // annotate resources
+   core.startGroup('Annotating resources')
+   await annotateAndLabelResources(
+      deployedManifestFiles,
+      kubectl,
+      resourceTypes
+   )
+   core.endGroup()
+}
@@ -0,0 +1,256 @@
+import * as core from '@actions/core'
+import * as canaryDeploymentHelper from '../strategyHelpers/canary/canaryHelper.js'
+import * as SMICanaryDeploymentHelper from '../strategyHelpers/canary/smiCanaryHelper.js'
+import * as PodCanaryHelper from '../strategyHelpers/canary/podCanaryHelper.js'
+import {
+   getResources,
+   updateManifestFiles
+} from '../utilities/manifestUpdateUtils.js'
+import {annotateAndLabelResources} from '../strategyHelpers/deploymentHelper.js'
+import * as models from '../types/kubernetesTypes.js'
+import * as KubernetesManifestUtility from '../utilities/manifestStabilityUtils.js'
+import {
+   deleteGreenObjects,
+   getManifestObjects,
+   NONE_LABEL_VALUE
+} from '../strategyHelpers/blueGreen/blueGreenHelper.js'
+
+import {BlueGreenManifests} from '../types/blueGreenTypes.js'
+import {DeployResult} from '../types/deployResult.js'
+
+import {
+   promoteBlueGreenIngress,
+   promoteBlueGreenService,
+   promoteBlueGreenSMI
+} from '../strategyHelpers/blueGreen/promote.js'
+
+import {
+   routeBlueGreenService,
+   routeBlueGreenIngressUnchanged,
+   routeBlueGreenSMI
+} from '../strategyHelpers/blueGreen/route.js'
+
+import {cleanupSMI} from '../strategyHelpers/blueGreen/smiBlueGreenHelper.js'
+import {Kubectl, Resource} from '../types/kubectl.js'
+import {DeploymentStrategy} from '../types/deploymentStrategy.js'
+import {
+   parseTrafficSplitMethod,
+   TrafficSplitMethod
+} from '../types/trafficSplitMethod.js'
+import {parseRouteStrategy, RouteStrategy} from '../types/routeStrategy.js'
+import {ClusterType} from '../inputUtils.js'
+
+export async function promote(
+   kubectl: Kubectl,
+   manifests: string[],
+   deploymentStrategy: DeploymentStrategy,
+   resourceType: ClusterType,
+   timeout?: string
+) {
+   switch (deploymentStrategy) {
+      case DeploymentStrategy.CANARY:
+         await promoteCanary(kubectl, manifests, timeout)
+         break
+      case DeploymentStrategy.BLUE_GREEN:
+         await promoteBlueGreen(kubectl, manifests, resourceType, timeout)
+         break
+      default:
+         throw Error('Invalid promote deployment strategy')
+   }
+}
+
+async function promoteCanary(
+   kubectl: Kubectl,
+   manifests: string[],
+   timeout?: string
+) {
+   let includeServices = false
+
+   const manifestFilesForDeployment: string[] = updateManifestFiles(manifests)
+
+   const trafficSplitMethod = parseTrafficSplitMethod(
+      core.getInput('traffic-split-method', {required: true})
+   )
+   let promoteResult: DeployResult
+   let filesToAnnotate: string[]
+   if (trafficSplitMethod == TrafficSplitMethod.SMI) {
+      includeServices = true
+
+      // In case of SMI traffic split strategy when deployment is promoted, first we will redirect traffic to
+      // canary deployment, then update stable deployment and then redirect traffic to stable deployment
+      core.startGroup('Redirecting traffic to canary deployment')
+      await SMICanaryDeploymentHelper.redirectTrafficToCanaryDeployment(
+         kubectl,
+         manifests,
+         timeout
+      )
+      core.endGroup()
+
+      core.startGroup(
+         'Deploying input manifests with SMI canary strategy from promote'
+      )
+
+      promoteResult = await SMICanaryDeploymentHelper.deploySMICanary(
+         manifestFilesForDeployment,
+         kubectl,
+         true,
+         timeout
+      )
+
+      core.endGroup()
+
+      core.startGroup('Redirecting traffic to stable deployment')
+      const stableRedirectManifests =
+         await SMICanaryDeploymentHelper.redirectTrafficToStableDeployment(
+            kubectl,
+            manifests,
+            timeout
+         )
+
+      filesToAnnotate = promoteResult.manifestFiles.concat(
+         stableRedirectManifests
+      )
+
+      core.endGroup()
+   } else {
+      core.startGroup('Deploying input manifests from promote')
+      promoteResult = await PodCanaryHelper.deployPodCanary(
+         manifestFilesForDeployment,
+         kubectl,
+         true,
+         timeout
+      )
+      filesToAnnotate = promoteResult.manifestFiles
+      core.endGroup()
+   }
+
+   core.startGroup('Deleting canary and baseline workloads')
+   try {
+      await canaryDeploymentHelper.deleteCanaryDeployment(
+         kubectl,
+         manifests,
+         includeServices
+      )
+   } catch (ex) {
+      core.warning(
+         `Exception occurred while deleting canary and baseline workloads: ${ex}`
+      )
+   }
+   core.endGroup()
+
+   // annotate resources
+   core.startGroup('Annotating resources')
+   const resources: Resource[] = getResources(
+      filesToAnnotate,
+      models.DEPLOYMENT_TYPES.concat([
+         models.DiscoveryAndLoadBalancerResource.SERVICE
+      ])
+   )
+   await annotateAndLabelResources(filesToAnnotate, kubectl, resources)
+   core.endGroup()
+}
+
+async function promoteBlueGreen(
+   kubectl: Kubectl,
+   manifests: string[],
+   resourceType: ClusterType,
+   timeout?: string
+) {
+   // update container images and pull secrets
+   const inputManifestFiles: string[] = updateManifestFiles(manifests)
+   const manifestObjects: BlueGreenManifests =
+      getManifestObjects(inputManifestFiles)
+
+   const routeStrategy = parseRouteStrategy(
+      core.getInput('route-method', {required: true})
+   )
+
+   core.startGroup('Deleting old deployment and making new stable deployment')
+
+   const {deployResult} = await (async () => {
+      switch (routeStrategy) {
+         case RouteStrategy.INGRESS:
+            return await promoteBlueGreenIngress(
+               kubectl,
+               manifestObjects,
+               timeout
+            )
+         case RouteStrategy.SMI:
+            return await promoteBlueGreenSMI(kubectl, manifestObjects, timeout)
+         default:
+            return await promoteBlueGreenService(
+               kubectl,
+               manifestObjects,
+               timeout
+            )
+      }
+   })()
+
+   core.endGroup()
+
+   // checking stability of newly created deployments
+   core.startGroup('Checking manifest stability')
+   const deployedManifestFiles = deployResult.manifestFiles
+   const resources: Resource[] = getResources(
+      deployedManifestFiles,
+      models.DEPLOYMENT_TYPES.concat([
+         models.DiscoveryAndLoadBalancerResource.SERVICE
+      ])
+   )
+   await KubernetesManifestUtility.checkManifestStability(
+      kubectl,
+      resources,
+      resourceType,
+      timeout
+   )
+   core.endGroup()
+
+   core.startGroup(
+      'Routing to new deployments and deleting old workloads and services'
+   )
+   if (routeStrategy == RouteStrategy.INGRESS) {
+      await routeBlueGreenIngressUnchanged(
+         kubectl,
+         manifestObjects.serviceNameMap,
+         manifestObjects.ingressEntityList
+      )
+
+      await deleteGreenObjects(
+         kubectl,
+         [].concat(
+            manifestObjects.deploymentEntityList,
+            manifestObjects.serviceEntityList
+         ),
+         timeout
+      )
+   } else if (routeStrategy == RouteStrategy.SMI) {
+      await routeBlueGreenSMI(
+         kubectl,
+         NONE_LABEL_VALUE,
+         manifestObjects.serviceEntityList
+      )
+      await deleteGreenObjects(
+         kubectl,
+         manifestObjects.deploymentEntityList,
+         timeout
+      )
+      await cleanupSMI(kubectl, manifestObjects.serviceEntityList, timeout)
+   } else {
+      await routeBlueGreenService(
+         kubectl,
+         NONE_LABEL_VALUE,
+         manifestObjects.serviceEntityList
+      )
+      await deleteGreenObjects(
+         kubectl,
+         manifestObjects.deploymentEntityList,
+         timeout
+      )
+   }
+   core.endGroup()
+
+   // annotate resources
+   core.startGroup('Annotating resources')
+   await annotateAndLabelResources(deployedManifestFiles, kubectl, resources)
+   core.endGroup()
+}
@@ -0,0 +1,88 @@
+import * as core from '@actions/core'
+import * as canaryDeploymentHelper from '../strategyHelpers/canary/canaryHelper.js'
+import * as SMICanaryDeploymentHelper from '../strategyHelpers/canary/smiCanaryHelper.js'
+import {Kubectl} from '../types/kubectl.js'
+import {BlueGreenManifests} from '../types/blueGreenTypes.js'
+import {
+   rejectBlueGreenIngress,
+   rejectBlueGreenService,
+   rejectBlueGreenSMI
+} from '../strategyHelpers/blueGreen/reject.js'
+import {getManifestObjects} from '../strategyHelpers/blueGreen/blueGreenHelper.js'
+import {DeploymentStrategy} from '../types/deploymentStrategy.js'
+import {
+   parseTrafficSplitMethod,
+   TrafficSplitMethod
+} from '../types/trafficSplitMethod.js'
+import {parseRouteStrategy, RouteStrategy} from '../types/routeStrategy.js'
+
+export async function reject(
+   kubectl: Kubectl,
+   manifests: string[],
+   deploymentStrategy: DeploymentStrategy,
+   timeout?: string
+) {
+   switch (deploymentStrategy) {
+      case DeploymentStrategy.CANARY:
+         await rejectCanary(kubectl, manifests, timeout)
+         break
+      case DeploymentStrategy.BLUE_GREEN:
+         await rejectBlueGreen(kubectl, manifests, timeout)
+         break
+      default:
+         throw 'Invalid delete deployment strategy'
+   }
+}
+
+async function rejectCanary(
+   kubectl: Kubectl,
+   manifests: string[],
+   timeout?: string
+) {
+   let includeServices = false
+
+   const trafficSplitMethod = parseTrafficSplitMethod(
+      core.getInput('traffic-split-method', {required: true})
+   )
+   if (trafficSplitMethod == TrafficSplitMethod.SMI) {
+      core.startGroup('Rejecting deployment with SMI canary strategy')
+      includeServices = true
+      await SMICanaryDeploymentHelper.redirectTrafficToStableDeployment(
+         kubectl,
+         manifests,
+         timeout
+      )
+      core.endGroup()
+   }
+
+   core.startGroup('Deleting baseline and canary workloads')
+   await canaryDeploymentHelper.deleteCanaryDeployment(
+      kubectl,
+      manifests,
+      includeServices,
+      timeout
+   )
+   core.endGroup()
+}
+
+async function rejectBlueGreen(
+   kubectl: Kubectl,
+   manifests: string[],
+   timeout?: string
+) {
+   const routeStrategy = parseRouteStrategy(
+      core.getInput('route-method', {required: true})
+   )
+   core.startGroup('Rejecting deployment with blue green strategy')
+   core.info(`using routeMethod ${routeStrategy}`)
+   const manifestObjects: BlueGreenManifests = getManifestObjects(manifests)
+
+   if (routeStrategy == RouteStrategy.INGRESS) {
+      await rejectBlueGreenIngress(kubectl, manifestObjects, timeout)
+   } else if (routeStrategy == RouteStrategy.SMI) {
+      await rejectBlueGreenSMI(kubectl, manifestObjects, timeout)
+   } else {
+      await rejectBlueGreenService(kubectl, manifestObjects, timeout)
+   }
+   core.endGroup()
+}
@@ -0,0 +1,33 @@
+import {parseResourceTypeInput} from './inputUtils.js'
+import {
+   ResourceTypeFleet,
+   ResourceTypeManagedCluster
+} from './actions/deploy.js'
+
+describe('InputUtils', () => {
+   describe('parseResourceTypeInput', () => {
+      it('should extract fleet exact match resource type', () => {
+         expect(
+            parseResourceTypeInput('Microsoft.ContainerService/fleets')
+         ).toEqual(ResourceTypeFleet)
+      })
+      it('should match fleet case-insensitively', () => {
+         expect(
+            parseResourceTypeInput('Microsoft.containerservice/fleets')
+         ).toEqual(ResourceTypeFleet)
+      })
+      it('should match managed cluster case-insensitively', () => {
+         expect(
+            parseResourceTypeInput('Microsoft.containerservice/MAnaGedClusterS')
+         ).toEqual(ResourceTypeManagedCluster)
+      })
+      it('should error on unexpected values', () => {
+         expect(() => {
+            parseResourceTypeInput('icrosoft.ContainerService/ManagedCluster')
+         }).toThrow()
+         expect(() => {
+            parseResourceTypeInput('wrong-value')
+         }).toThrow()
+      })
+   })
+})
@@ -0,0 +1,35 @@
+import * as core from '@actions/core'
+import {parseAnnotations} from './types/annotations.js'
+import {
+   ResourceTypeFleet,
+   ResourceTypeManagedCluster
+} from './actions/deploy.js'
+
+export const inputAnnotations = parseAnnotations(
+   core.getInput('annotations', {required: false})
+)
+
+export function getBufferTime(): number {
+   const inputBufferTime = parseInt(
+      core.getInput('version-switch-buffer') || '0'
+   )
+   if (inputBufferTime < 0 || inputBufferTime > 300)
+      throw Error('Version switch buffer must be between 0 and 300 (inclusive)')
+
+   return inputBufferTime
+}
+
+export function parseResourceTypeInput(rawInput: string): ClusterType {
+   switch (rawInput.toLowerCase()) {
+      case ResourceTypeFleet.toLowerCase():
+         return ResourceTypeFleet
+      case ResourceTypeManagedCluster.toLowerCase():
+         return ResourceTypeManagedCluster
+   }
+   throw new Error(
+      `Invalid resource type: ${rawInput}. Supported resource types are: ${ResourceTypeManagedCluster} (default), ${ResourceTypeFleet}`
+   )
+}
+export type ClusterType =
+   | typeof ResourceTypeManagedCluster
+   | typeof ResourceTypeFleet
@@ -1,65 +0,0 @@
-import * as os from 'os';
-import * as path from 'path';
-import * as util from 'util';
-import * as fs from 'fs';
-
-import * as toolCache from '@actions/tool-cache';
-import * as core from '@actions/core';
-
-const kubectlToolName = 'kubectl';
-const stableKubectlVersion = 'v1.15.0';
-const stableVersionUrl = 'https://storage.googleapis.com/kubernetes-release/release/stable.txt';
-
-function getExecutableExtension(): string {
-    if (os.type().match(/^Win/)) {
-        return '.exe';
-    }
-    return '';
-}
-
-function getkubectlDownloadURL(version: string): string {
-    switch (os.type()) {
-        case 'Linux':
-            return util.format('https://storage.googleapis.com/kubernetes-release/release/%s/bin/linux/amd64/kubectl', version);
-
-        case 'Darwin':
-            return util.format('https://storage.googleapis.com/kubernetes-release/release/%s/bin/darwin/amd64/kubectl', version);
-
-        case 'Windows_NT':
-        default:
-            return util.format('https://storage.googleapis.com/kubernetes-release/release/%s/bin/windows/amd64/kubectl.exe', version);
-
-    }
-}
-
-export async function getStableKubectlVersion(): Promise<string> {
-    return toolCache.downloadTool(stableVersionUrl).then((downloadPath) => {
-        let version = fs.readFileSync(downloadPath, 'utf8').toString().trim();
-        if (!version) {
-            version = stableKubectlVersion;
-        }
-        return version;
-    }, (error) => {
-        core.debug(error);
-        core.warning('GetStableVersionFailed');
-        return stableKubectlVersion;
-    });
-}
-
-export async function downloadKubectl(version: string): Promise<string> {
-    let cachedToolpath = toolCache.find(kubectlToolName, version);
-    let kubectlDownloadPath = '';
-    if (!cachedToolpath) {
-        try {
-            kubectlDownloadPath = await toolCache.downloadTool(getkubectlDownloadURL(version));
-        } catch (exception) {
-            throw new Error('DownloadKubectlFailed');
-        }
-
-        cachedToolpath = await toolCache.cacheFile(kubectlDownloadPath, kubectlToolName + getExecutableExtension(), kubectlToolName, version);
-    }
-
-    const kubectlPath = path.join(cachedToolpath, kubectlToolName + getExecutableExtension());
-    fs.chmodSync(kubectlPath, '777');
-    return kubectlPath;
-}
@@ -1,148 +0,0 @@
-import * as core from '@actions/core';
-import { isEqual } from "./utils";
-
-function getImagePullSecrets(inputObject: any) {
-    if (!inputObject || !inputObject.spec) {
-        return;
-    }
-
-    if (isEqual(inputObject.kind, 'pod')
-        && inputObject
-        && inputObject.spec
-        && inputObject.spec.imagePullSecrets) {
-
-        return inputObject.spec.imagePullSecrets;
-    } else if (isEqual(inputObject.kind, 'cronjob')
-        && inputObject
-        && inputObject.spec
-        && inputObject.spec.jobTemplate
-        && inputObject.spec.jobTemplate.spec
-        && inputObject.spec.jobTemplate.spec.template
-        && inputObject.spec.jobTemplate.spec.template.spec
-        && inputObject.spec.jobTemplate.spec.template.spec.imagePullSecrets) {
-
-        return inputObject.spec.jobTemplate.spec.template.spec.imagePullSecrets;
-    } else if (inputObject
-        && inputObject.spec
-        && inputObject.spec.template
-        && inputObject.spec.template.spec
-        && inputObject.spec.template.spec.imagePullSecrets) {
-
-        return inputObject.spec.template.spec.imagePullSecrets;
-    }
-}
-
-function setImagePullSecrets(inputObject: any, newImagePullSecrets: any) {
-    if (!inputObject || !inputObject.spec || !newImagePullSecrets) {
-        return;
-    }
-
-    if (isEqual(inputObject.kind, 'pod')) {
-        if (inputObject
-            && inputObject.spec) {
-            if (newImagePullSecrets.length > 0) {
-                inputObject.spec.imagePullSecrets = newImagePullSecrets;
-            } else {
-                delete inputObject.spec.imagePullSecrets;
-            }
-        }
-    } else if (isEqual(inputObject.kind, 'cronjob')) {
-        if (inputObject
-            && inputObject.spec
-            && inputObject.spec.jobTemplate
-            && inputObject.spec.jobTemplate.spec
-            && inputObject.spec.jobTemplate.spec.template
-            && inputObject.spec.jobTemplate.spec.template.spec) {
-            if (newImagePullSecrets.length > 0) {
-                inputObject.spec.jobTemplate.spec.template.spec.imagePullSecrets = newImagePullSecrets;
-            } else {
-                delete inputObject.spec.jobTemplate.spec.template.spec.imagePullSecrets;
-            }
-        }
-    } else if (!!inputObject.spec.template && !!inputObject.spec.template.spec) {
-        if (inputObject
-            && inputObject.spec
-            && inputObject.spec.template
-            && inputObject.spec.template.spec) {
-            if (newImagePullSecrets.length > 0) {
-                inputObject.spec.template.spec.imagePullSecrets = newImagePullSecrets;
-            } else {
-                delete inputObject.spec.template.spec.imagePullSecrets;
-            }
-        }
-    }
-}
-
-function substituteImageNameInSpecContent(currentString: string, imageName: string, imageNameWithNewTag: string) {
-    if (currentString.indexOf(imageName) < 0) {
-        core.debug(`No occurence of replacement token: ${imageName} found`);
-        return currentString;
-    }
-
-    return currentString.split('\n').reduce((acc, line) => {
-        const imageKeyword = line.match(/^ *image:/);
-        if (imageKeyword) {
-            const [currentImageName, currentImageTag] = line
-                .substring(imageKeyword[0].length) // consume the line from keyword onwards
-                .trim()
-                .replace(/[',"]/g, '') // replace allowed quotes with nothing
-                .split(':');
-
-            if (currentImageName === imageName) {
-                return acc + `${imageKeyword[0]} ${imageNameWithNewTag}\n`;
-            }
-        }
-
-        return acc + line + '\n';
-    }, '');
-}
-
-export function updateContainerImagesInManifestFiles(contents, containers: string[]): string {
-    if (!!containers && containers.length > 0) {
-        containers.forEach((container: string) => {
-            let imageName = container.split(':')[0];
-            if (imageName.indexOf('@') > 0) {
-                imageName = imageName.split('@')[0];
-            }
-            if (contents.indexOf(imageName) > 0) {
-                contents = substituteImageNameInSpecContent(contents, imageName, container);
-            }
-        });
-
-    }
-
-    return contents;
-}
-
-export function updateImagePullSecrets(inputObject: any, newImagePullSecrets: string[]) {
-    if (!inputObject || !inputObject.spec || !newImagePullSecrets) {
-        return;
-    }
-
-    let newImagePullSecretsObjects;
-    if (newImagePullSecrets.length > 0) {
-        newImagePullSecretsObjects = Array.from(newImagePullSecrets, x => { return !!x ? { 'name': x } : null; });
-    } else {
-        newImagePullSecretsObjects = [];
-    }
-    let existingImagePullSecretObjects: any = getImagePullSecrets(inputObject);
-    if (!existingImagePullSecretObjects) {
-        existingImagePullSecretObjects = new Array();
-    }
-
-    existingImagePullSecretObjects = existingImagePullSecretObjects.concat(newImagePullSecretsObjects);
-    setImagePullSecrets(inputObject, existingImagePullSecretObjects);
-}
-
-const workloadTypes: string[] = ['deployment', 'replicaset', 'daemonset', 'pod', 'statefulset', 'job', 'cronjob'];
-
-export function isWorkloadEntity(kind: string): boolean {
-    if (!kind) {
-        core.debug('ResourceKindNotDefined');
-        return false;
-    }
-
-    return workloadTypes.some((type: string) => {
-        return isEqual(type, kind);
-    });
-}
@@ -1,155 +1,111 @@
-import * as toolCache from '@actions/tool-cache';
-import * as core from '@actions/core';
-import * as io from '@actions/io';
-import { ToolRunner } from "@actions/exec/lib/toolrunner";
-
-import * as path from 'path';
-import * as fs from 'fs';
-import * as yaml from 'js-yaml';
-
-import { getExecutableExtension, isEqual, getCurrentTime } from "./utils";
-import { isWorkloadEntity, updateContainerImagesInManifestFiles, updateImagePullSecrets } from "./kubernetes-utils";
-import { downloadKubectl, getStableKubectlVersion } from "./kubectl-util";
-
-let kubectlPath = "";
-
-async function setKubectlPath() {
-    if (core.getInput('kubectl-version')) {
-        const version = core.getInput('kubect-version');
-        kubectlPath = toolCache.find('kubectl', version);
-        if (!kubectlPath) {
-            kubectlPath = await installKubectl(version);
-        }
-    } else {
-        kubectlPath = await io.which('kubectl', false);
-        if (!kubectlPath) {
-            const allVersions = toolCache.findAllVersions('kubectl');
-            kubectlPath = allVersions.length > 0 ? toolCache.find('kubectl', allVersions[0]) : '';
-            if (!kubectlPath) {
-                throw new Error('Kubectl is not installed, either add install-kubectl action or provide "kubectl-version" input to download kubectl');
-            }
-            kubectlPath = path.join(kubectlPath, `kubectl${getExecutableExtension()}`);
-        }
-    }
-}
-
-async function deploy(manifests: string[], namespace: string) {
-    if (manifests) {
-        for (var i = 0; i < manifests.length; i++) {
-            let manifest = manifests[i];
-            let toolRunner = new ToolRunner(kubectlPath, ['apply', '-f', manifest, '--namespace', namespace]);
-            await toolRunner.exec();
-        }
-    }
-}
-
-async function checkRolloutStatus(name: string, kind: string, namespace: string) {
-    const toolrunner = new ToolRunner(kubectlPath, ['rollout', 'status', `${kind.trim()}/${name.trim()}`, `--namespace`, namespace]);
-    return toolrunner.exec();
-}
-
-async function checkManifestsStability(manifests: string[], namespace: string) {
-    manifests.forEach((manifest) => {
-        let content = fs.readFileSync(manifest).toString();
-        yaml.safeLoadAll(content, async function (inputObject: any) {
-            if (!!inputObject.kind && !!inputObject.metadata && !!inputObject.metadata.name) {
-                let kind: string = inputObject.kind;
-                switch (kind.toLowerCase()) {
-                    case 'deployment':
-                    case 'daemonset':
-                    case 'statefulset':
-                        await checkRolloutStatus(inputObject.metadata.name, kind, namespace);
-                        break;
-                    default:
-                        core.debug(`No rollout check for kind: ${inputObject.kind}`)
-                }
-            }
-        });
-    });
-}
-
-function getManifestFileName(kind: string, name: string) {
-    const filePath = kind + '_' + name + '_' + getCurrentTime().toString();
-    const tempDirectory = process.env['RUNNER_TEMP'];
-    const fileName = path.join(tempDirectory, path.basename(filePath));
-    return fileName;
-}
-
-function writeObjectsToFile(inputObjects: any[]): string[] {
-    const newFilePaths = [];
-
-    if (!!inputObjects) {
-        inputObjects.forEach((inputObject: any) => {
-            try {
-                const inputObjectString = JSON.stringify(inputObject);
-                if (!!inputObject.kind && !!inputObject.metadata && !!inputObject.metadata.name) {
-                    const fileName = getManifestFileName(inputObject.kind, inputObject.metadata.name);
-                    fs.writeFileSync(path.join(fileName), inputObjectString);
-                    newFilePaths.push(fileName);
-                } else {
-                    core.debug('Input object is not proper K8s resource object. Object: ' + inputObjectString);
-                }
-            } catch (ex) {
-                core.debug('Exception occurred while wrting object to file : ' + inputObject + ' . Exception: ' + ex);
-            }
-        });
-    }
-
-    return newFilePaths;
-}
-
-function updateManifests(manifests: string[], imagesToOverride: string, imagepullsecrets: string): string[] {
-    const newObjectsList = [];
-    manifests.forEach((filePath: string) => {
-        let fileContents = fs.readFileSync(filePath).toString();
-        fileContents = updateContainerImagesInManifestFiles(fileContents, imagesToOverride.split('\n'));
-        yaml.safeLoadAll(fileContents, function (inputObject: any) {
-            if (!!imagepullsecrets && !!inputObject && !!inputObject.kind) {
-                if (isWorkloadEntity(inputObject.kind)) {
-                    updateImagePullSecrets(inputObject, imagepullsecrets.split('\n'));
-                }
-            }
-            newObjectsList.push(inputObject);
-        });
-
-    });
-
-    return writeObjectsToFile(newObjectsList);
-}
-
-async function installKubectl(version: string) {
-    if (isEqual(version, 'latest')) {
-        version = await getStableKubectlVersion();
-    }
-    return await downloadKubectl(version);
-}
-
-function checkClusterContext() {
-    if (!process.env["KUBECONFIG"]) {
-        throw new Error('Cluster context not set. Use k8ssetcontext action to set cluster context');
-    }
-}
-
-async function run() {
-    checkClusterContext();
-    await setKubectlPath();
-    let manifestsInput = core.getInput('manifests');
-    if (!manifestsInput) {
-        core.setFailed('No manifests supplied to deploy');
-    }
-    let namespace = core.getInput('namespace');
-    if (!namespace) {
-        namespace = 'default';
-    }
-
-    let manifests = manifestsInput.split('\n');
-    const imagesToOverride = core.getInput('images');
-    const imagePullSecretsToAdd = core.getInput('imagepullsecrets');
-    if (!!imagePullSecretsToAdd || !!imagesToOverride) {
-        manifests = updateManifests(manifests, imagesToOverride, imagePullSecretsToAdd)
-    }
-    await deploy(manifests, namespace);
-    await checkManifestsStability(manifests, namespace);
-}
-
-run().catch(core.setFailed);
+import * as core from '@actions/core'
+import {getKubectlPath, Kubectl} from './types/kubectl.js'
+import {
+   deploy,
+   ResourceTypeFleet,
+   ResourceTypeManagedCluster
+} from './actions/deploy.js'
+import {ClusterType} from './inputUtils.js'
+import {promote} from './actions/promote.js'
+import {reject} from './actions/reject.js'
+import {Action, parseAction} from './types/action.js'
+import {parseDeploymentStrategy} from './types/deploymentStrategy.js'
+import {getFilesFromDirectoriesAndURLs} from './utilities/fileUtils.js'
+import {PrivateKubectl} from './types/privatekubectl.js'
+import {parseResourceTypeInput} from './inputUtils.js'
+import {parseDuration} from './utilities/durationUtils.js'
+
+export async function run() {
+   // verify kubeconfig is set
+   if (!process.env['KUBECONFIG'])
+      core.warning(
+         'KUBECONFIG env is not explicitly set. Ensure cluster context is set by using k8s-set-context action.'
+      )
+
+   // get inputs
+   const action: Action | undefined = parseAction(
+      core.getInput('action', {required: true})
+   )
+   const strategy = parseDeploymentStrategy(core.getInput('strategy'))
+   const manifestsInput = core.getInput('manifests', {required: true})
+   const manifestFilePaths = manifestsInput
+      .split(/[\n,;]+/) // split into each individual manifest
+      .map((manifest) => manifest.trim()) // remove surrounding whitespace
+      .filter((manifest) => manifest.length > 0) // remove any blanks
+
+   const fullManifestFilePaths =
+      await getFilesFromDirectoriesAndURLs(manifestFilePaths)
+   const kubectlPath = await getKubectlPath()
+   const namespace = core.getInput('namespace') || '' // Sets namespace to an empty string if not provided, allowing the manifest-defined namespace to take precedence instead of "default".
+   const isPrivateCluster =
+      core.getInput('private-cluster').toLowerCase() === 'true'
+   const resourceGroup = core.getInput('resource-group') || ''
+   const resourceName = core.getInput('name') || ''
+   const skipTlsVerify = core.getBooleanInput('skip-tls-verify')
+
+   let resourceType: ClusterType
+   try {
+      // included in the trycatch to allow raw input to go out of scope after parsing
+      const resourceTypeInput = core.getInput('resource-type')
+      resourceType = parseResourceTypeInput(resourceTypeInput)
+   } catch (e) {
+      core.setFailed(e)
+      return
+   }
+
+   // Parse and validate timeout using extracted utility
+   let timeout: string
+   try {
+      const timeoutInput = core.getInput('timeout') || '10m'
+      timeout = parseDuration(timeoutInput)
+      core.debug(`Using timeout: ${timeout}`)
+   } catch (e) {
+      core.setFailed(`Invalid timeout parameter: ${e.message}`)
+      return
+   }
+
+   const kubectl = isPrivateCluster
+      ? new PrivateKubectl(
+           kubectlPath,
+           namespace,
+           skipTlsVerify,
+           resourceGroup,
+           resourceName
+        )
+      : new Kubectl(kubectlPath, namespace, skipTlsVerify)
+
+   // run action
+   switch (action) {
+      case Action.DEPLOY: {
+         await deploy(
+            kubectl,
+            fullManifestFilePaths,
+            strategy,
+            resourceType,
+            timeout
+         )
+         break
+      }
+      case Action.PROMOTE: {
+         await promote(
+            kubectl,
+            fullManifestFilePaths,
+            strategy,
+            resourceType,
+            timeout
+         )
+         break
+      }
+      case Action.REJECT: {
+         await reject(kubectl, fullManifestFilePaths, strategy, timeout)
+         break
+      }
+      default: {
+         throw Error(
+            'Not a valid action. The allowed actions are "deploy", "promote", and "reject".'
+         )
+      }
+   }
+}
+
+run().catch(core.setFailed)
@@ -0,0 +1,333 @@
+import {vi} from 'vitest'
+import type {MockInstance} from 'vitest'
+import {
+   deployWithLabel,
+   deleteGreenObjects,
+   deployObjects,
+   fetchResource,
+   getDeploymentMatchLabels,
+   getManifestObjects,
+   getNewBlueGreenObject,
+   GREEN_LABEL_VALUE,
+   isServiceRouted
+} from './blueGreenHelper.js'
+import {BlueGreenDeployment} from '../../types/blueGreenTypes.js'
+import * as bgHelper from './blueGreenHelper.js'
+import {Kubectl} from '../../types/kubectl.js'
+import * as fileHelper from '../../utilities/fileUtils.js'
+import {K8sObject} from '../../types/k8sObject.js'
+import * as manifestUpdateUtils from '../../utilities/manifestUpdateUtils.js'
+import {ExecOutput} from '@actions/exec'
+
+vi.mock('../../types/kubectl')
+
+const kubectl = new Kubectl('')
+const TEST_TIMEOUT = '60s'
+
+// Test constants to follow DRY principle
+const EXPECTED_GREEN_OBJECTS = [
+   {name: 'nginx-service-green', kind: 'Service'},
+   {name: 'nginx-deployment-green', kind: 'Deployment'}
+]
+
+const MOCK_EXEC_OUTPUT = {
+   exitCode: 0,
+   stderr: '',
+   stdout: ''
+} as ExecOutput
+
+describe('bluegreenhelper functions', () => {
+   let testObjects
+   beforeEach(() => {
+      vi.restoreAllMocks()
+      vi.mocked(Kubectl).mockClear()
+      testObjects = getManifestObjects(['test/unit/manifests/test-ingress.yml'])
+
+      vi.spyOn(fileHelper, 'writeObjectsToFile').mockImplementationOnce(() => [
+         ''
+      ])
+   })
+
+   test('correctly deletes services and workloads according to label', async () => {
+      vi.spyOn(bgHelper, 'deleteObjects').mockReturnValue({} as Promise<void>)
+
+      const value = await deleteGreenObjects(
+         kubectl,
+         [].concat(
+            testObjects.deploymentEntityList,
+            testObjects.serviceEntityList
+         ),
+         TEST_TIMEOUT
+      )
+
+      expect(value).toHaveLength(EXPECTED_GREEN_OBJECTS.length)
+      EXPECTED_GREEN_OBJECTS.forEach((expectedObject) => {
+         expect(value).toContainEqual(expectedObject)
+      })
+   })
+
+   test('handles timeout when deleting objects', async () => {
+      const deleteMock = vi.fn().mockResolvedValue(MOCK_EXEC_OUTPUT)
+      kubectl.delete = deleteMock
+
+      const deleteList = EXPECTED_GREEN_OBJECTS
+
+      await bgHelper.deleteObjects(kubectl, deleteList, TEST_TIMEOUT)
+
+      expect(deleteMock).toHaveBeenCalledTimes(deleteList.length)
+      deleteList.forEach(({name, kind}) => {
+         expect(deleteMock).toHaveBeenCalledWith(
+            [kind, name],
+            undefined,
+            TEST_TIMEOUT
+         )
+      })
+   })
+
+   test('parses objects correctly from one file (getManifestObjects)', () => {
+      const expectedTypes = [
+         {
+            list: testObjects.deploymentEntityList,
+            kind: 'Deployment',
+            selectorApp: 'nginx'
+         },
+         {list: testObjects.serviceEntityList, kind: 'Service'},
+         {list: testObjects.ingressEntityList, kind: 'Ingress'}
+      ]
+
+      expectedTypes.forEach(({list, kind, selectorApp}) => {
+         expect(list[0].kind).toBe(kind)
+         if (selectorApp) {
+            expect(list[0].spec.selector.matchLabels.app).toBe(selectorApp)
+         }
+      })
+   })
+
+   test('parses other kinds of objects (getManifestObjects)', () => {
+      const otherObjectsCollection = getManifestObjects([
+         'test/unit/manifests/anomaly-objects-test.yml'
+      ])
+      expect(
+         otherObjectsCollection.unroutedServiceEntityList[0].metadata.name
+      ).toBe('unrouted-service')
+      expect(otherObjectsCollection.otherObjects[0].metadata.name).toBe(
+         'foobar-rollout'
+      )
+   })
+
+   test('correctly classifies routed services', () => {
+      expect(
+         isServiceRouted(
+            testObjects.serviceEntityList[0],
+            testObjects.deploymentEntityList
+         )
+      ).toBe(true)
+      testObjects.serviceEntityList[0].spec.selector.app = 'fakeapp'
+      expect(
+         isServiceRouted(
+            testObjects.serviceEntityList[0],
+            testObjects.deploymentEntityList
+         )
+      ).toBe(false)
+   })
+
+   test('correctly makes labeled workloads', async () => {
+      const kubectlApplySpy = vi.spyOn(kubectl, 'apply').mockResolvedValue({
+         stdout: 'deployment.apps/nginx-deployment created',
+         stderr: '',
+         exitCode: 0
+      })
+
+      const cwlResult: BlueGreenDeployment = await deployWithLabel(
+         kubectl,
+         testObjects.deploymentEntityList,
+         GREEN_LABEL_VALUE
+      )
+      expect(cwlResult.deployResult.manifestFiles[0]).toBe('')
+
+      kubectlApplySpy.mockRestore()
+   })
+
+   test('correctly makes new blue green object (getNewBlueGreenObject and addBlueGreenLabelsAndAnnotations)', () => {
+      const testCases = [
+         {
+            object: testObjects.deploymentEntityList[0],
+            expectedName: 'nginx-deployment-green'
+         },
+         {
+            object: testObjects.serviceEntityList[0],
+            expectedName: 'nginx-service-green'
+         }
+      ]
+
+      testCases.forEach(({object, expectedName}) => {
+         const modifiedObject = getNewBlueGreenObject(object, GREEN_LABEL_VALUE)
+         expect(modifiedObject.metadata.name).toBe(expectedName)
+         expect(modifiedObject.metadata.labels['k8s.deploy.color']).toBe(
+            'green'
+         )
+      })
+   })
+
+   test('correctly fetches k8s objects', async () => {
+      const mockExecOutput = {
+         stderr: '',
+         stdout: JSON.stringify(testObjects.deploymentEntityList[0]),
+         exitCode: 0
+      }
+
+      vi.spyOn(kubectl, 'getResource').mockImplementation(() =>
+         Promise.resolve(mockExecOutput)
+      )
+      const fetched = await fetchResource(
+         kubectl,
+         'nginx-deployment',
+         'Deployment'
+      )
+      expect(fetched.metadata.name).toBe('nginx-deployment')
+   })
+
+   test('exits when fails to fetch k8s objects', async () => {
+      const errorTestCases = [
+         {
+            description: 'with stderr error',
+            mockOutput: {
+               stdout: 'this should not matter',
+               exitCode: 0,
+               stderr: 'this is a fake error'
+            } as ExecOutput,
+            mockImplementation: () => Promise.resolve
+         },
+         {
+            description: 'with undefined implementation',
+            mockOutput: null,
+            mockImplementation: () => undefined
+         }
+      ]
+
+      for (const testCase of errorTestCases) {
+         const spy = vi.spyOn(kubectl, 'getResource')
+
+         if (testCase.mockOutput) {
+            spy.mockImplementation(() => Promise.resolve(testCase.mockOutput))
+         } else {
+            spy.mockResolvedValue(null)
+         }
+
+         const fetched = await fetchResource(
+            kubectl,
+            'nginx-deployment',
+            'Deployment'
+         )
+         expect(fetched).toBe(null)
+
+         spy.mockRestore()
+      }
+   })
+
+   test('returns undefined when fetch fails to unset k8s objects', async () => {
+      const mockExecOutput = {
+         stdout: JSON.stringify(testObjects.deploymentEntityList[0]),
+         exitCode: 0,
+         stderr: ''
+      } as ExecOutput
+
+      vi.spyOn(kubectl, 'getResource').mockResolvedValue(mockExecOutput)
+      vi.spyOn(
+         manifestUpdateUtils,
+         'UnsetClusterSpecificDetails'
+      ).mockImplementation(() => {
+         throw new Error('test error')
+      })
+
+      expect(
+         await fetchResource(kubectl, 'nginx-deployment', 'Deployment')
+      ).toBeUndefined()
+   })
+
+   test('gets deployment labels', () => {
+      const mockLabels = new Map<string, string>()
+      mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = GREEN_LABEL_VALUE
+      const mockPodObject: K8sObject = {
+         kind: 'Pod',
+         metadata: {name: 'testPod', labels: mockLabels},
+         spec: {}
+      }
+      expect(
+         getDeploymentMatchLabels(mockPodObject)[
+            bgHelper.BLUE_GREEN_VERSION_LABEL
+         ]
+      ).toBe(GREEN_LABEL_VALUE)
+      expect(
+         getDeploymentMatchLabels(testObjects.deploymentEntityList[0])['app']
+      ).toBe('nginx')
+   })
+
+   describe('deployObjects', () => {
+      let mockObjects: any[]
+      let kubectlApplySpy: MockInstance
+
+      const mockSuccessResult: ExecOutput = {
+         stdout: 'deployment.apps/nginx-deployment created',
+         stderr: '',
+         exitCode: 0
+      }
+
+      const mockFailureResult: ExecOutput = {
+         stdout: '',
+         stderr: 'error: deployment failed',
+         exitCode: 1
+      }
+
+      beforeEach(() => {
+         // //@ts-ignore
+         // Kubectl.mockClear()
+         mockObjects = [testObjects.deploymentEntityList[0]]
+         kubectlApplySpy = vi.spyOn(kubectl, 'apply')
+      })
+
+      afterEach(() => {
+         vi.clearAllMocks()
+      })
+
+      it('should return execution result and manifest files when kubectl apply succeeds', async () => {
+         kubectlApplySpy.mockClear()
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployObjects(kubectl, mockObjects)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         const timeoutArg = kubectlApplySpy.mock.calls[0][3]
+         expect(
+            typeof timeoutArg === 'string' || timeoutArg === undefined
+         ).toBe(true)
+
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            expect.any(Boolean),
+            expect.any(Boolean),
+            timeoutArg
+         )
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+      })
+
+      it('should throw an error when kubectl apply fails with non-zero exit code', async () => {
+         kubectlApplySpy.mockClear()
+         kubectlApplySpy.mockResolvedValue(mockFailureResult)
+
+         await expect(deployObjects(kubectl, mockObjects)).rejects.toThrow()
+         const timeoutArg = kubectlApplySpy.mock.calls[0][3]
+         expect(
+            typeof timeoutArg === 'string' || timeoutArg === undefined
+         ).toBe(true)
+
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            expect.any(Boolean),
+            expect.any(Boolean),
+            timeoutArg
+         )
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+      })
+   })
+})
@@ -0,0 +1,301 @@
+import * as core from '@actions/core'
+import * as fs from 'fs'
+import * as yaml from 'js-yaml'
+
+import {DeployResult} from '../../types/deployResult.js'
+import {K8sObject, K8sDeleteObject} from '../../types/k8sObject.js'
+import {Kubectl} from '../../types/kubectl.js'
+import {
+   isDeploymentEntity,
+   isIngressEntity,
+   isServiceEntity,
+   KubernetesWorkload
+} from '../../types/kubernetesTypes.js'
+import {
+   BlueGreenDeployment,
+   BlueGreenManifests
+} from '../../types/blueGreenTypes.js'
+import * as fileHelper from '../../utilities/fileUtils.js'
+import {updateSpecLabels} from '../../utilities/manifestSpecLabelUtils.js'
+import {checkForErrors} from '../../utilities/kubectlUtils.js'
+import {
+   UnsetClusterSpecificDetails,
+   updateObjectLabels,
+   updateSelectorLabels
+} from '../../utilities/manifestUpdateUtils.js'
+
+export const GREEN_LABEL_VALUE = 'green'
+export const NONE_LABEL_VALUE = 'None'
+export const BLUE_GREEN_VERSION_LABEL = 'k8s.deploy.color'
+export const GREEN_SUFFIX = '-green'
+export const STABLE_SUFFIX = '-stable'
+
+export async function deleteGreenObjects(
+   kubectl: Kubectl,
+   toDelete: K8sObject[],
+   timeout?: string
+): Promise<K8sDeleteObject[]> {
+   // const resourcesToDelete: K8sDeleteObject[] = []
+   const resourcesToDelete: K8sDeleteObject[] = toDelete.map((obj) => {
+      return {
+         name: getBlueGreenResourceName(obj.metadata.name, GREEN_SUFFIX),
+         kind: obj.kind,
+         namespace: obj.metadata.namespace
+      }
+   })
+
+   core.debug(`deleting green objects: ${JSON.stringify(resourcesToDelete)}`)
+
+   await deleteObjects(kubectl, resourcesToDelete, timeout)
+   return resourcesToDelete
+}
+
+export async function deleteObjects(
+   kubectl: Kubectl,
+   deleteList: K8sDeleteObject[],
+   timeout?: string
+) {
+   // delete services and deployments
+   for (const delObject of deleteList) {
+      try {
+         const result = await kubectl.delete(
+            [delObject.kind, delObject.name],
+            delObject.namespace,
+            timeout
+         )
+         checkForErrors([result])
+      } catch (ex) {
+         core.debug(`failed to delete object ${delObject.name}: ${ex}`)
+      }
+   }
+}
+
+// other common functions
+export function getManifestObjects(filePaths: string[]): BlueGreenManifests {
+   const deploymentEntityList: K8sObject[] = []
+   const serviceEntityList: K8sObject[] = []
+   const routedServiceEntityList: K8sObject[] = []
+   const unroutedServiceEntityList: K8sObject[] = []
+   const ingressEntityList: K8sObject[] = []
+   const otherEntitiesList: K8sObject[] = []
+   const serviceNameMap = new Map<string, string>()
+
+   // Manifest objects per type. All resources should be parsed and
+   // organized before we can check if services are “routed” or not.
+   filePaths.forEach((filePath: string) => {
+      try {
+         const fileContents = fs.readFileSync(filePath).toString()
+         yaml.loadAll(fileContents, (inputObject: any) => {
+            if (!!inputObject) {
+               const kind = inputObject.kind
+               if (isDeploymentEntity(kind)) {
+                  deploymentEntityList.push(inputObject)
+               } else if (isServiceEntity(kind)) {
+                  serviceEntityList.push(inputObject)
+               } else if (isIngressEntity(kind)) {
+                  ingressEntityList.push(inputObject)
+               } else {
+                  otherEntitiesList.push(inputObject)
+               }
+            }
+         })
+      } catch (error) {
+         core.error(`Error processing file ${filePath}: ${error.message}`)
+         throw error
+      }
+   })
+
+   serviceEntityList.forEach((inputObject: any) => {
+      if (isServiceRouted(inputObject, deploymentEntityList)) {
+         const name = inputObject.metadata.name
+         routedServiceEntityList.push(inputObject)
+         serviceNameMap.set(name, getBlueGreenResourceName(name, GREEN_SUFFIX))
+      } else {
+         unroutedServiceEntityList.push(inputObject)
+      }
+   })
+
+   return {
+      serviceEntityList: routedServiceEntityList,
+      serviceNameMap: serviceNameMap,
+      unroutedServiceEntityList: unroutedServiceEntityList,
+      deploymentEntityList: deploymentEntityList,
+      ingressEntityList: ingressEntityList,
+      otherObjects: otherEntitiesList
+   }
+}
+
+export function isServiceRouted(
+   serviceObject: any[],
+   deploymentEntityList: any[]
+): boolean {
+   const serviceSelector: any = getServiceSelector(serviceObject)
+
+   return (
+      serviceSelector &&
+      deploymentEntityList.some((depObject) => {
+         // finding if there is a deployment in the given manifests the service targets
+         const matchLabels: any = getDeploymentMatchLabels(depObject)
+         return (
+            matchLabels &&
+            isServiceSelectorSubsetOfMatchLabel(serviceSelector, matchLabels)
+         )
+      })
+   )
+}
+
+export async function deployWithLabel(
+   kubectl: Kubectl,
+   deploymentObjectList: any[],
+   nextLabel: string,
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   const newObjectsList = deploymentObjectList.map((inputObject) =>
+      getNewBlueGreenObject(inputObject, nextLabel)
+   )
+
+   core.debug(
+      `objects deployed with label are ${JSON.stringify(newObjectsList)}`
+   )
+   const deployResult = await deployObjects(kubectl, newObjectsList, timeout)
+   return {deployResult, objects: newObjectsList}
+}
+
+export function getNewBlueGreenObject(
+   inputObject: any,
+   labelValue: string
+): K8sObject {
+   const newObject = JSON.parse(JSON.stringify(inputObject))
+
+   // Updating name only if label is green label is given
+   if (labelValue === GREEN_LABEL_VALUE) {
+      newObject.metadata.name = getBlueGreenResourceName(
+         inputObject.metadata.name,
+         GREEN_SUFFIX
+      )
+   }
+
+   // Adding labels and annotations
+   addBlueGreenLabelsAndAnnotations(newObject, labelValue)
+   return newObject
+}
+
+export function addBlueGreenLabelsAndAnnotations(
+   inputObject: any,
+   labelValue: string
+) {
+   //creating the k8s.deploy.color label
+   const newLabels = new Map<string, string>()
+   newLabels[BLUE_GREEN_VERSION_LABEL] = labelValue
+
+   // updating object labels and selector labels
+   updateObjectLabels(inputObject, newLabels, false)
+   updateSelectorLabels(inputObject, newLabels, false)
+
+   // updating spec labels if it is not a service
+   if (!isServiceEntity(inputObject.kind)) {
+      updateSpecLabels(inputObject, newLabels, false)
+   }
+}
+
+export function getBlueGreenResourceName(name: string, suffix: string) {
+   return `${name}${suffix}`
+}
+
+export function getDeploymentMatchLabels(deploymentObject: any): any {
+   if (
+      deploymentObject?.kind?.toUpperCase() ==
+         KubernetesWorkload.POD.toUpperCase() &&
+      deploymentObject?.metadata?.labels
+   ) {
+      return deploymentObject.metadata.labels
+   } else if (deploymentObject?.spec?.selector?.matchLabels) {
+      return deploymentObject.spec.selector.matchLabels
+   }
+}
+
+export function getServiceSelector(serviceObject: any): any {
+   if (serviceObject?.spec?.selector) {
+      return serviceObject.spec.selector
+   }
+}
+
+export function isServiceSelectorSubsetOfMatchLabel(
+   serviceSelector: any,
+   matchLabels: any
+): boolean {
+   const serviceSelectorMap = new Map()
+   const matchLabelsMap = new Map()
+
+   JSON.parse(JSON.stringify(serviceSelector), (key, value) => {
+      serviceSelectorMap.set(key, value)
+   })
+
+   JSON.parse(JSON.stringify(matchLabels), (key, value) => {
+      matchLabelsMap.set(key, value)
+   })
+
+   let isMatch = true
+   serviceSelectorMap.forEach((value, key) => {
+      if (
+         !!key &&
+         (!matchLabelsMap.has(key) || matchLabelsMap.get(key)) != value
+      )
+         isMatch = false
+   })
+
+   return isMatch
+}
+
+export async function fetchResource(
+   kubectl: Kubectl,
+   kind: string,
+   name: string,
+   namespace?: string
+): Promise<K8sObject> {
+   const result = await kubectl.getResource(kind, name, false, namespace)
+   if (result == null || !!result.stderr) {
+      return null
+   }
+
+   if (!!result.stdout) {
+      const resource = JSON.parse(result.stdout) as K8sObject
+
+      try {
+         UnsetClusterSpecificDetails(resource)
+         return resource
+      } catch (ex) {
+         core.debug(
+            `Exception occurred while Parsing ${resource} in Json object: ${ex}`
+         )
+      }
+   }
+}
+
+export async function deployObjects(
+   kubectl: Kubectl,
+   objectsList: any[],
+   timeout?: string
+): Promise<DeployResult> {
+   // Handle empty objects list gracefully to prevent "Configuration paths must exist" error
+   if (!objectsList || objectsList.length === 0) {
+      core.debug('No objects to deploy, skipping kubectl apply')
+      return {
+         execResult: {exitCode: 0, stdout: '', stderr: ''},
+         manifestFiles: []
+      }
+   }
+
+   const manifestFiles = fileHelper.writeObjectsToFile(objectsList)
+   const forceDeployment = core.getInput('force').toLowerCase() === 'true'
+   const serverSideApply = core.getInput('server-side').toLowerCase() === 'true'
+   const execResult = await kubectl.apply(
+      manifestFiles,
+      forceDeployment,
+      serverSideApply,
+      timeout
+   )
+
+   checkForErrors([execResult])
+   return {execResult, manifestFiles}
+}
@@ -0,0 +1,377 @@
+import {vi} from 'vitest'
+import type {MockInstance} from 'vitest'
+import {BlueGreenDeployment} from '../../types/blueGreenTypes.js'
+import {
+   deployBlueGreen,
+   deployBlueGreenIngress,
+   deployBlueGreenService,
+   deployBlueGreenSMI
+} from './deploy.js'
+import * as routeTester from './route.js'
+import {Kubectl} from '../../types/kubectl.js'
+import {RouteStrategy} from '../../types/routeStrategy.js'
+import * as TSutils from '../../utilities/trafficSplitUtils.js'
+import * as bgHelper from './blueGreenHelper.js'
+import * as smiHelper from './smiBlueGreenHelper.js'
+import {ExecOutput} from '@actions/exec'
+
+const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
+
+vi.mock('../../types/kubectl')
+
+// Shared variables and mock objects used across all test suites
+const mockDeployResult = {
+   execResult: {exitCode: 0, stderr: '', stdout: ''},
+   manifestFiles: []
+}
+
+const mockBgDeployment: BlueGreenDeployment = {
+   deployResult: mockDeployResult,
+   objects: []
+}
+
+describe('deploy tests', () => {
+   let kubectl: Kubectl
+   let kubectlApplySpy: MockInstance
+
+   const mockSuccessResult: ExecOutput = {
+      stdout: 'deployment.apps/nginx-deployment created',
+      stderr: '',
+      exitCode: 0
+   }
+
+   const mockFailureResult: ExecOutput = {
+      stdout: '',
+      stderr: 'error: deployment failed',
+      exitCode: 1
+   }
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      kubectl = new Kubectl('')
+      kubectlApplySpy = vi.spyOn(kubectl, 'apply')
+   })
+
+   test('correctly determines deploy type and acts accordingly', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+      vi.spyOn(routeTester, 'routeBlueGreenForDeploy').mockImplementation(() =>
+         Promise.resolve(mockBgDeployment)
+      )
+      vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(() =>
+         Promise.resolve('v1alpha3')
+      )
+
+      const ingressResult = await deployBlueGreen(
+         kubectl,
+         ingressFilepath,
+         RouteStrategy.INGRESS
+      )
+
+      expect(ingressResult.objects.length).toBe(2)
+
+      const result = await deployBlueGreen(
+         kubectl,
+         ingressFilepath,
+         RouteStrategy.SERVICE
+      )
+
+      expect(result.objects.length).toBe(2)
+
+      const smiResult = await deployBlueGreen(
+         kubectl,
+         ingressFilepath,
+         RouteStrategy.SMI
+      )
+
+      expect(smiResult.objects.length).toBe(6)
+   })
+
+   test('correctly deploys blue/green ingress', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+      const value = await deployBlueGreenIngress(kubectl, ingressFilepath)
+      const nol = value.objects.map((obj) => {
+         if (obj.kind === 'Service') {
+            expect(obj.metadata.name).toBe('nginx-service-green')
+         }
+         if (obj.kind === 'Deployment') {
+            expect(obj.metadata.name).toBe('nginx-deployment-green')
+         }
+      })
+   })
+
+   // Consolidated error tests
+   test.each([
+      {
+         name: 'should throw error when kubectl apply fails during blue/green ingress deployment',
+         fn: () => deployBlueGreenIngress(kubectl, ingressFilepath),
+         setup: () => {}
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green deployment with INGRESS strategy',
+         fn: () =>
+            deployBlueGreen(kubectl, ingressFilepath, RouteStrategy.INGRESS),
+         setup: () => {
+            vi.spyOn(routeTester, 'routeBlueGreenForDeploy').mockImplementation(
+               () => Promise.resolve(mockBgDeployment)
+            )
+            vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(
+               () => Promise.resolve('v1alpha3')
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green deployment with SERVICE strategy',
+         fn: () =>
+            deployBlueGreen(kubectl, ingressFilepath, RouteStrategy.SERVICE),
+         setup: () => {
+            vi.spyOn(routeTester, 'routeBlueGreenForDeploy').mockImplementation(
+               () => Promise.resolve(mockBgDeployment)
+            )
+            vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(
+               () => Promise.resolve('v1alpha3')
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green deployment with SMI strategy',
+         fn: () => deployBlueGreen(kubectl, ingressFilepath, RouteStrategy.SMI),
+         setup: () => {
+            vi.spyOn(routeTester, 'routeBlueGreenForDeploy').mockImplementation(
+               () => Promise.resolve(mockBgDeployment)
+            )
+            vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(
+               () => Promise.resolve('v1alpha3')
+            )
+         }
+      },
+      {
+         name: 'should throw error when deployBlueGreenService fails',
+         fn: () => deployBlueGreenService(kubectl, ingressFilepath),
+         setup: () => {}
+      },
+      {
+         name: 'should throw error when deployBlueGreenSMI fails',
+         fn: () => deployBlueGreenSMI(kubectl, ingressFilepath),
+         setup: () => {}
+      }
+   ])('$name', async ({fn, setup}) => {
+      kubectlApplySpy.mockResolvedValue(mockFailureResult)
+      setup()
+
+      await expect(fn()).rejects.toThrow()
+
+      const timeoutArg = kubectlApplySpy.mock.calls[0][3]
+      expect(typeof timeoutArg === 'string' || timeoutArg === undefined).toBe(
+         true
+      )
+
+      expect(kubectlApplySpy).toHaveBeenCalledWith(
+         expect.any(Array),
+         expect.any(Boolean),
+         expect.any(Boolean),
+         timeoutArg
+      )
+      expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+   })
+})
+
+// Timeout tests
+describe('deploy timeout tests', () => {
+   let kubectl: Kubectl
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      kubectl = new Kubectl('')
+   })
+
+   test('deployBlueGreen with timeout passes to strategy functions', async () => {
+      const timeout = '300s'
+
+      // Mock the helper functions that are actually called
+      const deployWithLabelSpy = vi
+         .spyOn(bgHelper, 'deployWithLabel')
+         .mockResolvedValue(mockBgDeployment)
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue(mockDeployResult)
+      const setupSMISpy = vi
+         .spyOn(smiHelper, 'setupSMI')
+         .mockResolvedValue(mockBgDeployment)
+      const routeSpy = vi
+         .spyOn(routeTester, 'routeBlueGreenForDeploy')
+         .mockResolvedValue(mockBgDeployment)
+
+      // Test INGRESS strategy
+      await deployBlueGreen(
+         kubectl,
+         ingressFilepath,
+         RouteStrategy.INGRESS,
+         timeout
+      )
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         expect.any(String),
+         timeout
+      )
+
+      // Test SERVICE strategy
+      deployWithLabelSpy.mockClear()
+      deployObjectsSpy.mockClear()
+      await deployBlueGreen(
+         kubectl,
+         ingressFilepath,
+         RouteStrategy.SERVICE,
+         timeout
+      )
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         expect.any(String),
+         timeout
+      )
+
+      // Test SMI strategy
+      deployWithLabelSpy.mockClear()
+      setupSMISpy.mockClear()
+      await deployBlueGreen(
+         kubectl,
+         ingressFilepath,
+         RouteStrategy.SMI,
+         timeout
+      )
+      expect(setupSMISpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         timeout
+      )
+
+      deployWithLabelSpy.mockRestore()
+      deployObjectsSpy.mockRestore()
+      setupSMISpy.mockRestore()
+      routeSpy.mockRestore()
+   })
+
+   test('deployBlueGreenIngress with timeout', async () => {
+      const timeout = '240s'
+
+      // Mock the dependencies
+      const deployWithLabelSpy = vi
+         .spyOn(bgHelper, 'deployWithLabel')
+         .mockResolvedValue(mockBgDeployment)
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue(mockDeployResult)
+
+      await deployBlueGreenIngress(kubectl, ingressFilepath, timeout)
+
+      // Verify deployWithLabel was called with timeout
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         expect.any(String),
+         timeout
+      )
+
+      // Verify deployObjects was called with timeout
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         timeout
+      )
+
+      deployWithLabelSpy.mockRestore()
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('deployBlueGreenService with timeout', async () => {
+      const timeout = '180s'
+
+      // Mock the dependencies
+      const deployWithLabelSpy = vi
+         .spyOn(bgHelper, 'deployWithLabel')
+         .mockResolvedValue(mockBgDeployment)
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue(mockDeployResult)
+
+      await deployBlueGreenService(kubectl, ingressFilepath, timeout)
+
+      // Verify deployWithLabel was called with timeout
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         expect.any(String),
+         timeout
+      )
+
+      // Verify deployObjects was called with timeout
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         timeout
+      )
+
+      deployWithLabelSpy.mockRestore()
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('deployBlueGreenSMI with timeout', async () => {
+      const timeout = '360s'
+
+      // Mock the dependencies
+      const setupSMISpy = vi
+         .spyOn(smiHelper, 'setupSMI')
+         .mockResolvedValue(mockBgDeployment)
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue(mockDeployResult)
+      const deployWithLabelSpy = vi
+         .spyOn(bgHelper, 'deployWithLabel')
+         .mockResolvedValue(mockBgDeployment)
+
+      await deployBlueGreenSMI(kubectl, ingressFilepath, timeout)
+
+      // Verify setupSMI was called with timeout
+      expect(setupSMISpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         timeout
+      )
+
+      // Verify deployObjects was called with timeout
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         timeout
+      )
+
+      setupSMISpy.mockRestore()
+      deployObjectsSpy.mockRestore()
+      deployWithLabelSpy.mockRestore()
+   })
+
+   test('deploy functions without timeout should pass undefined', async () => {
+      const deployWithLabelSpy = vi
+         .spyOn(bgHelper, 'deployWithLabel')
+         .mockResolvedValue(mockBgDeployment)
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue(mockDeployResult)
+
+      await deployBlueGreenIngress(kubectl, ingressFilepath)
+
+      // Verify deployWithLabel was called with undefined timeout
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         expect.any(String),
+         undefined
+      )
+
+      deployWithLabelSpy.mockRestore()
+      deployObjectsSpy.mockRestore()
+   })
+})
@@ -0,0 +1,169 @@
+import * as core from '@actions/core'
+
+import {Kubectl} from '../../types/kubectl.js'
+import {
+   BlueGreenDeployment,
+   BlueGreenManifests
+} from '../../types/blueGreenTypes.js'
+
+import {RouteStrategy} from '../../types/routeStrategy.js'
+
+import {
+   deployWithLabel,
+   getManifestObjects,
+   GREEN_LABEL_VALUE,
+   deployObjects
+} from './blueGreenHelper.js'
+import {setupSMI} from './smiBlueGreenHelper.js'
+
+import {routeBlueGreenForDeploy} from './route.js'
+import {DeployResult} from '../../types/deployResult.js'
+
+export async function deployBlueGreen(
+   kubectl: Kubectl,
+   files: string[],
+   routeStrategy: RouteStrategy,
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   const blueGreenDeployment = await (async () => {
+      switch (routeStrategy) {
+         case RouteStrategy.INGRESS:
+            return await deployBlueGreenIngress(kubectl, files, timeout)
+         case RouteStrategy.SMI:
+            return await deployBlueGreenSMI(kubectl, files, timeout)
+         default:
+            return await deployBlueGreenService(kubectl, files, timeout)
+      }
+   })()
+
+   core.startGroup('Routing blue green')
+   const routeDeployment = await routeBlueGreenForDeploy(
+      kubectl,
+      files,
+      routeStrategy,
+      timeout
+   )
+   core.endGroup()
+
+   blueGreenDeployment.objects.push(...routeDeployment.objects)
+   blueGreenDeployment.deployResult.manifestFiles.push(
+      ...routeDeployment.deployResult.manifestFiles
+   )
+   return blueGreenDeployment
+}
+
+export async function deployBlueGreenSMI(
+   kubectl: Kubectl,
+   filePaths: string[],
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   // get all kubernetes objects defined in manifest files
+   const manifestObjects: BlueGreenManifests = getManifestObjects(filePaths)
+
+   // create services and other objects
+   const newObjectsList = [].concat(
+      manifestObjects.otherObjects,
+      manifestObjects.serviceEntityList,
+      manifestObjects.ingressEntityList,
+      manifestObjects.unroutedServiceEntityList
+   )
+
+   const otherObjDeployment: DeployResult = await deployObjects(
+      kubectl,
+      newObjectsList,
+      timeout
+   )
+
+   // make extraservices and trafficsplit
+   const smiAndSvcDeployment = await setupSMI(
+      kubectl,
+      manifestObjects.serviceEntityList,
+      timeout
+   )
+
+   // create new deloyments
+   const blueGreenDeployment: BlueGreenDeployment = await deployWithLabel(
+      kubectl,
+      manifestObjects.deploymentEntityList,
+      GREEN_LABEL_VALUE,
+      timeout
+   )
+
+   blueGreenDeployment.objects.push(...newObjectsList)
+   blueGreenDeployment.objects.push(...smiAndSvcDeployment.objects)
+
+   blueGreenDeployment.deployResult.manifestFiles.push(
+      ...otherObjDeployment.manifestFiles
+   )
+   blueGreenDeployment.deployResult.manifestFiles.push(
+      ...smiAndSvcDeployment.deployResult.manifestFiles
+   )
+
+   return blueGreenDeployment
+}
+
+export async function deployBlueGreenIngress(
+   kubectl: Kubectl,
+   filePaths: string[],
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   // get all kubernetes objects defined in manifest files
+   const manifestObjects: BlueGreenManifests = getManifestObjects(filePaths)
+
+   // create deployments with green label value
+   const servicesAndDeployments = [].concat(
+      manifestObjects.deploymentEntityList,
+      manifestObjects.serviceEntityList
+   )
+   const workloadDeployment: BlueGreenDeployment = await deployWithLabel(
+      kubectl,
+      servicesAndDeployments,
+      GREEN_LABEL_VALUE,
+      timeout
+   )
+
+   const otherObjects = [].concat(
+      manifestObjects.otherObjects,
+      manifestObjects.unroutedServiceEntityList
+   )
+   await deployObjects(kubectl, otherObjects, timeout)
+   core.debug(
+      `new objects after processing services and other objects: \n
+         ${JSON.stringify(servicesAndDeployments)}`
+   )
+
+   return {
+      deployResult: workloadDeployment.deployResult,
+      objects: [].concat(workloadDeployment.objects, otherObjects)
+   }
+}
+
+export async function deployBlueGreenService(
+   kubectl: Kubectl,
+   filePaths: string[],
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   const manifestObjects: BlueGreenManifests = getManifestObjects(filePaths)
+
+   // create deployments with green label value
+   const blueGreenDeployment: BlueGreenDeployment = await deployWithLabel(
+      kubectl,
+      manifestObjects.deploymentEntityList,
+      GREEN_LABEL_VALUE,
+      timeout
+   )
+
+   // create other non deployment and non service entities
+   const newObjectsList = [].concat(
+      manifestObjects.otherObjects,
+      manifestObjects.ingressEntityList,
+      manifestObjects.unroutedServiceEntityList
+   )
+
+   await deployObjects(kubectl, newObjectsList, timeout)
+   // returning deployment details to check for rollout stability
+   return {
+      deployResult: blueGreenDeployment.deployResult,
+      objects: [].concat(blueGreenDeployment.objects, newObjectsList)
+   }
+}
@@ -0,0 +1,123 @@
+import {vi} from 'vitest'
+import {getManifestObjects, GREEN_LABEL_VALUE} from './blueGreenHelper.js'
+import * as bgHelper from './blueGreenHelper.js'
+import {
+   getUpdatedBlueGreenIngress,
+   isIngressRouted,
+   validateIngresses
+} from './ingressBlueGreenHelper.js'
+import {Kubectl} from '../../types/kubectl.js'
+import * as fileHelper from '../../utilities/fileUtils.js'
+
+const betaFilepath = ['test/unit/manifests/test-ingress.yml']
+const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
+const kubectl = new Kubectl('')
+vi.mock('../../types/kubectl')
+
+describe('ingress blue green helpers', () => {
+   let testObjects
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      testObjects = getManifestObjects(ingressFilepath)
+      vi.spyOn(fileHelper, 'writeObjectsToFile').mockImplementationOnce(() => [
+         ''
+      ])
+   })
+
+   test('it should correctly classify ingresses', () => {
+      expect(
+         isIngressRouted(
+            testObjects.ingressEntityList[0],
+            testObjects.serviceNameMap
+         )
+      ).toBe(true)
+      testObjects.ingressEntityList[0].spec.rules[0].http.paths = {}
+      expect(
+         isIngressRouted(
+            testObjects.ingressEntityList[0],
+            testObjects.serviceNameMap
+         )
+      ).toBe(false)
+      expect(
+         isIngressRouted(
+            getManifestObjects(betaFilepath).ingressEntityList[0],
+            testObjects.serviceNameMap
+         )
+      ).toBe(true)
+   })
+
+   test('it should correctly update ingresses', () => {
+      const updatedIng = getUpdatedBlueGreenIngress(
+         testObjects.ingressEntityList[0],
+         testObjects.serviceNameMap,
+         GREEN_LABEL_VALUE
+      )
+      expect(updatedIng.metadata.name).toBe('nginx-ingress')
+      expect(updatedIng.metadata.labels['k8s.deploy.color']).toBe('green')
+      expect(updatedIng.spec.rules[0].http.paths[0].backend.service.name).toBe(
+         'nginx-service-green'
+      )
+
+      const oldIngObjects = getManifestObjects(betaFilepath)
+      const oldIng = getUpdatedBlueGreenIngress(
+         oldIngObjects.ingressEntityList[0],
+         oldIngObjects.serviceNameMap,
+         GREEN_LABEL_VALUE
+      )
+      expect(updatedIng.metadata.labels['k8s.deploy.color']).toBe('green')
+      expect(updatedIng.spec.rules[0].http.paths[0].backend.service.name).toBe(
+         'nginx-service-green'
+      )
+   })
+
+   test('it should validate ingresses', async () => {
+      // what if nothing gets returned from fetchResource?
+      vi.spyOn(bgHelper, 'fetchResource').mockResolvedValue(null)
+      let validResponse = await validateIngresses(
+         kubectl,
+         testObjects.ingressEntityList,
+         testObjects.serviceNameMap
+      )
+      expect(validResponse.areValid).toBe(false)
+
+      // test valid ingress
+      let mockIngress = JSON.parse(
+         JSON.stringify(testObjects.ingressEntityList[0])
+      )
+      mockIngress.spec.rules[0].http.paths[0].backend.service.name =
+         'nginx-service-green'
+      const mockLabels = new Map<string, string>()
+      mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = GREEN_LABEL_VALUE
+      mockIngress.metadata.labels = mockLabels
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+         Promise.resolve(mockIngress)
+      )
+      validResponse = await validateIngresses(
+         kubectl,
+         testObjects.ingressEntityList,
+         testObjects.serviceNameMap
+      )
+      expect(validResponse.areValid).toBe(true)
+
+      // test invalid labels
+      mockIngress.metadata.labels[bgHelper.BLUE_GREEN_VERSION_LABEL] =
+         bgHelper.NONE_LABEL_VALUE
+      mockIngress.spec.rules[0].http.paths[0].backend.service.name =
+         'nginx-service'
+      validResponse = await validateIngresses(
+         kubectl,
+         testObjects.ingressEntityList,
+         testObjects.serviceNameMap
+      )
+      expect(validResponse.areValid).toBe(false)
+
+      // test missing fields
+      mockIngress = {}
+      validResponse = await validateIngresses(
+         kubectl,
+         testObjects.ingressEntityList,
+         testObjects.serviceNameMap
+      )
+      expect(validResponse.areValid).toBe(false)
+   })
+})
@@ -0,0 +1,121 @@
+import * as core from '@actions/core'
+import {K8sIngress} from '../../types/k8sObject.js'
+import {
+   addBlueGreenLabelsAndAnnotations,
+   BLUE_GREEN_VERSION_LABEL,
+   GREEN_LABEL_VALUE,
+   fetchResource
+} from './blueGreenHelper.js'
+import {Kubectl} from '../../types/kubectl.js'
+
+const BACKEND = 'backend'
+
+export function getUpdatedBlueGreenIngress(
+   inputObject: any,
+   serviceNameMap: Map<string, string>,
+   type: string
+): K8sIngress {
+   const newObject = JSON.parse(JSON.stringify(inputObject))
+   // add green labels and values
+   addBlueGreenLabelsAndAnnotations(newObject, type)
+
+   // update ingress labels
+   if (inputObject.apiVersion === 'networking.k8s.io/v1beta1') {
+      return updateIngressBackendBetaV1(newObject, serviceNameMap)
+   }
+   return updateIngressBackend(newObject, serviceNameMap)
+}
+
+export function updateIngressBackendBetaV1(
+   inputObject: any,
+   serviceNameMap: Map<string, string>
+): any {
+   inputObject = JSON.parse(JSON.stringify(inputObject), (key, value) => {
+      if (key.toLowerCase() === BACKEND) {
+         const {serviceName} = value
+         if (serviceNameMap.has(serviceName)) {
+            // update service name with corresponding bluegreen name only if service is provied in given manifests
+            value.serviceName = serviceNameMap.get(serviceName)
+         }
+      }
+
+      return value
+   })
+
+   return inputObject
+}
+
+export function updateIngressBackend(
+   inputObject: any,
+   serviceNameMap: Map<string, string>
+): any {
+   inputObject = JSON.parse(JSON.stringify(inputObject), (key, value) => {
+      if (
+         key.toLowerCase() === BACKEND &&
+         serviceNameMap.has(value.service.name)
+      ) {
+         value.service.name = serviceNameMap.get(value.service.name)
+      }
+      return value
+   })
+
+   return inputObject
+}
+
+export function isIngressRouted(
+   ingressObject: any,
+   serviceNameMap: Map<string, string>
+): boolean {
+   let isIngressRouted: boolean = false
+   // check if ingress targets a service in the given manifests
+   JSON.parse(JSON.stringify(ingressObject), (key, value) => {
+      isIngressRouted =
+         isIngressRouted ||
+         (key === 'service' &&
+            value.hasOwnProperty('name') &&
+            serviceNameMap.has(value.name))
+      isIngressRouted =
+         isIngressRouted || (key === 'serviceName' && serviceNameMap.has(value))
+
+      return value
+   })
+
+   return isIngressRouted
+}
+
+export async function validateIngresses(
+   kubectl: Kubectl,
+   ingressEntityList: any[],
+   serviceNameMap: Map<string, string>
+): Promise<{areValid: boolean; invalidIngresses: string[]}> {
+   let areValid: boolean = true
+   const invalidIngresses = []
+
+   for (const inputObject of ingressEntityList) {
+      if (isIngressRouted(inputObject, serviceNameMap)) {
+         //querying existing ingress
+         const existingIngress = await fetchResource(
+            kubectl,
+            inputObject.kind,
+            inputObject.metadata.name,
+            inputObject?.metadata?.namespace
+         )
+
+         const isValid =
+            !!existingIngress &&
+            existingIngress?.metadata?.labels[BLUE_GREEN_VERSION_LABEL] ===
+               GREEN_LABEL_VALUE
+         if (!isValid) {
+            core.debug(
+               `Invalid ingress detected (must be in green state): ${JSON.stringify(
+                  inputObject
+               )}`
+            )
+            invalidIngresses.push(inputObject.metadata.name)
+         }
+         // to be valid, ingress should exist and should be green
+         areValid = areValid && isValid
+      }
+   }
+   return {areValid, invalidIngresses}
+}
@@ -0,0 +1,399 @@
+import {vi} from 'vitest'
+import type {MockInstance} from 'vitest'
+import {getManifestObjects} from './blueGreenHelper.js'
+import {
+   promoteBlueGreenIngress,
+   promoteBlueGreenService,
+   promoteBlueGreenSMI
+} from './promote.js'
+import {TrafficSplitObject} from '../../types/k8sObject.js'
+import * as servicesTester from './serviceBlueGreenHelper.js'
+import {Kubectl} from '../../types/kubectl.js'
+import {MAX_VAL, MIN_VAL, TRAFFIC_SPLIT_OBJECT} from './smiBlueGreenHelper.js'
+import * as smiTester from './smiBlueGreenHelper.js'
+import * as bgHelper from './blueGreenHelper.js'
+import {ExecOutput} from '@actions/exec'
+
+const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
+
+vi.mock('../../types/kubectl')
+
+// Shared variables used across all test suites
+let testObjects: any
+const kubectl = new Kubectl('')
+
+// Shared mock objects following DRY principle
+const mockSuccessResult: ExecOutput = {
+   stdout: 'deployment.apps/nginx-deployment created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult: ExecOutput = {
+   stdout: '',
+   stderr: 'error: deployment failed',
+   exitCode: 1
+}
+
+const mockBgDeployment = {
+   deployResult: {
+      execResult: {exitCode: 0, stderr: '', stdout: ''},
+      manifestFiles: []
+   },
+   objects: []
+}
+
+describe('promote tests', () => {
+   let kubectlApplySpy: MockInstance
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      testObjects = getManifestObjects(ingressFilepath)
+      kubectlApplySpy = vi.spyOn(kubectl, 'apply')
+   })
+
+   test('promote blue/green ingress', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+      const mockLabels = new Map<string, string>()
+      mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.GREEN_LABEL_VALUE
+
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+         Promise.resolve({
+            kind: 'Ingress',
+            spec: {},
+            metadata: {labels: mockLabels, name: 'nginx-ingress-green'}
+         })
+      )
+      const value = await promoteBlueGreenIngress(kubectl, testObjects)
+
+      const objects = value.objects
+      expect(objects).toHaveLength(2)
+
+      for (const obj of objects) {
+         if (obj.kind === 'Service') {
+            expect(obj.metadata.name).toBe('nginx-service')
+         } else if (obj.kind == 'Deployment') {
+            expect(obj.metadata.name).toBe('nginx-deployment')
+         }
+         expect(obj.metadata.labels['k8s.deploy.color']).toBe('None')
+      }
+   })
+
+   test('fail to promote invalid blue/green ingress', async () => {
+      const mockLabels = new Map<string, string>()
+      mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.NONE_LABEL_VALUE
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+         Promise.resolve({
+            kind: 'Ingress',
+            spec: {},
+            metadata: {labels: mockLabels, name: 'nginx-ingress-green'}
+         })
+      )
+
+      await expect(
+         promoteBlueGreenIngress(kubectl, testObjects)
+      ).rejects.toThrow()
+   })
+
+   test('promote blue/green service', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+      const mockLabels = new Map<string, string>()
+      mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.GREEN_LABEL_VALUE
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+         Promise.resolve({
+            kind: 'Service',
+            spec: {selector: mockLabels},
+            metadata: {labels: mockLabels, name: 'nginx-service-green'}
+         })
+      )
+
+      let value = await promoteBlueGreenService(kubectl, testObjects)
+
+      expect(value.objects).toHaveLength(1)
+      expect(
+         value.objects[0].metadata.labels[bgHelper.BLUE_GREEN_VERSION_LABEL]
+      ).toBe(bgHelper.NONE_LABEL_VALUE)
+      expect(value.objects[0].metadata.name).toBe('nginx-deployment')
+   })
+
+   test('fail to promote invalid blue/green service', async () => {
+      const mockLabels = new Map<string, string>()
+      mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.NONE_LABEL_VALUE
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+         Promise.resolve({
+            kind: 'Service',
+            spec: {},
+            metadata: {labels: mockLabels, name: 'nginx-ingress-green'}
+         })
+      )
+      vi.spyOn(servicesTester, 'validateServicesState').mockImplementationOnce(
+         () => Promise.resolve(false)
+      )
+
+      await expect(
+         promoteBlueGreenService(kubectl, testObjects)
+      ).rejects.toThrow()
+   })
+
+   test('promote blue/green SMI', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+      const mockLabels = new Map<string, string>()
+      mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.NONE_LABEL_VALUE
+
+      const mockTsObject: TrafficSplitObject = {
+         apiVersion: 'v1alpha3',
+         kind: TRAFFIC_SPLIT_OBJECT,
+         metadata: {
+            name: 'nginx-service-trafficsplit',
+            labels: new Map<string, string>(),
+            annotations: new Map<string, string>()
+         },
+         spec: {
+            service: 'nginx-service',
+            backends: [
+               {
+                  service: 'nginx-service-stable',
+                  weight: MIN_VAL
+               },
+               {
+                  service: 'nginx-service-green',
+                  weight: MAX_VAL
+               }
+            ]
+         }
+      }
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+         Promise.resolve(mockTsObject)
+      )
+
+      const deployResult = await promoteBlueGreenSMI(kubectl, testObjects)
+
+      expect(deployResult.objects).toHaveLength(1)
+      expect(deployResult.objects[0].metadata.name).toBe('nginx-deployment')
+      expect(
+         deployResult.objects[0].metadata.labels[
+            bgHelper.BLUE_GREEN_VERSION_LABEL
+         ]
+      ).toBe(bgHelper.NONE_LABEL_VALUE)
+   })
+
+   test('promote blue/green SMI with bad trafficsplit', async () => {
+      const mockLabels = new Map<string, string>()
+      mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = bgHelper.NONE_LABEL_VALUE
+      vi.spyOn(smiTester, 'validateTrafficSplitsState').mockImplementation(() =>
+         Promise.resolve(false)
+      )
+
+      await expect(promoteBlueGreenSMI(kubectl, testObjects)).rejects.toThrow()
+   })
+
+   // Consolidated error tests
+   test.each([
+      {
+         name: 'should throw error when kubectl apply fails during blue/green ingress promotion',
+         fn: () => promoteBlueGreenIngress(kubectl, testObjects),
+         setup: () => {
+            const mockLabels = new Map<string, string>()
+            mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] =
+               bgHelper.GREEN_LABEL_VALUE
+            vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+               Promise.resolve({
+                  kind: 'Ingress',
+                  spec: {},
+                  metadata: {labels: mockLabels, name: 'nginx-ingress-green'}
+               })
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green service promotion',
+         fn: () => promoteBlueGreenService(kubectl, testObjects),
+         setup: () => {
+            const mockLabels = new Map<string, string>()
+            mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] =
+               bgHelper.GREEN_LABEL_VALUE
+            vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+               Promise.resolve({
+                  kind: 'Service',
+                  spec: {selector: mockLabels},
+                  metadata: {labels: mockLabels, name: 'nginx-service-green'}
+               })
+            )
+            vi.spyOn(servicesTester, 'validateServicesState').mockResolvedValue(
+               true
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green SMI promotion',
+         fn: () => promoteBlueGreenSMI(kubectl, testObjects),
+         setup: () => {
+            const mockTsObject: TrafficSplitObject = {
+               apiVersion: 'v1alpha3',
+               kind: TRAFFIC_SPLIT_OBJECT,
+               metadata: {
+                  name: 'nginx-service-trafficsplit',
+                  labels: new Map<string, string>(),
+                  annotations: new Map<string, string>()
+               },
+               spec: {
+                  service: 'nginx-service',
+                  backends: [
+                     {service: 'nginx-service-stable', weight: MIN_VAL},
+                     {service: 'nginx-service-green', weight: MAX_VAL}
+                  ]
+               }
+            }
+            vi.spyOn(bgHelper, 'fetchResource').mockResolvedValue(mockTsObject)
+            vi.spyOn(smiTester, 'validateTrafficSplitsState').mockResolvedValue(
+               true
+            )
+         }
+      }
+   ])('$name', async ({fn, setup}) => {
+      kubectlApplySpy.mockClear()
+      kubectlApplySpy.mockResolvedValue(mockFailureResult)
+      setup()
+
+      await expect(fn()).rejects.toThrow()
+
+      const timeoutArg = kubectlApplySpy.mock.calls[0][3]
+      expect(typeof timeoutArg === 'string' || timeoutArg === undefined).toBe(
+         true
+      )
+
+      expect(kubectlApplySpy).toHaveBeenCalledWith(
+         expect.any(Array),
+         expect.any(Boolean),
+         expect.any(Boolean),
+         timeoutArg
+      )
+      expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+   })
+})
+
+// Timeout tests
+describe('promote timeout tests', () => {
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      testObjects = getManifestObjects(ingressFilepath)
+   })
+
+   const mockDeployWithLabel = () =>
+      vi.spyOn(bgHelper, 'deployWithLabel').mockResolvedValue(mockBgDeployment)
+
+   const setupFetchResource = (
+      kind: string,
+      name: string,
+      labelValue: string
+   ) => {
+      const mockLabels = new Map<string, string>()
+      mockLabels[bgHelper.BLUE_GREEN_VERSION_LABEL] = labelValue
+
+      vi.spyOn(bgHelper, 'fetchResource').mockResolvedValue({
+         kind,
+         spec: {},
+         metadata: {labels: mockLabels, name}
+      })
+   }
+
+   test.each([
+      {
+         name: 'promoteBlueGreenIngress with timeout',
+         fn: promoteBlueGreenIngress,
+         kind: 'Ingress',
+         resourceName: 'nginx-ingress-green',
+         timeout: '300s',
+         setup: () =>
+            setupFetchResource(
+               'Ingress',
+               'nginx-ingress-green',
+               bgHelper.GREEN_LABEL_VALUE
+            )
+      },
+      {
+         name: 'promoteBlueGreenService with timeout',
+         fn: promoteBlueGreenService,
+         kind: 'Service',
+         resourceName: 'nginx-service-green',
+         timeout: '240s',
+         setup: () => {
+            setupFetchResource(
+               'Service',
+               'nginx-service-green',
+               bgHelper.GREEN_LABEL_VALUE
+            )
+            vi.spyOn(servicesTester, 'validateServicesState').mockResolvedValue(
+               true
+            )
+         }
+      },
+      {
+         name: 'promoteBlueGreenSMI with timeout',
+         fn: promoteBlueGreenSMI,
+         kind: 'TrafficSplit',
+         resourceName: 'nginx-service-trafficsplit',
+         timeout: '180s',
+         setup: () => {
+            const mockTsObject: TrafficSplitObject = {
+               apiVersion: 'v1alpha3',
+               kind: TRAFFIC_SPLIT_OBJECT,
+               metadata: {
+                  name: 'nginx-service-trafficsplit',
+                  labels: new Map<string, string>(),
+                  annotations: new Map<string, string>()
+               },
+               spec: {
+                  service: 'nginx-service',
+                  backends: [
+                     {service: 'nginx-service-stable', weight: MIN_VAL},
+                     {service: 'nginx-service-green', weight: MAX_VAL}
+                  ]
+               }
+            }
+
+            vi.spyOn(bgHelper, 'fetchResource').mockResolvedValue(mockTsObject)
+            vi.spyOn(smiTester, 'validateTrafficSplitsState').mockResolvedValue(
+               true
+            )
+         }
+      }
+   ])('$name', async ({fn, timeout, setup}) => {
+      setup()
+      const deployWithLabelSpy = mockDeployWithLabel()
+
+      await fn(kubectl, testObjects, timeout)
+
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         bgHelper.NONE_LABEL_VALUE,
+         timeout
+      )
+
+      deployWithLabelSpy.mockRestore()
+   })
+
+   test('promote functions without timeout should pass undefined', async () => {
+      setupFetchResource(
+         'Ingress',
+         'nginx-ingress-green',
+         bgHelper.GREEN_LABEL_VALUE
+      )
+      const deployWithLabelSpy = mockDeployWithLabel()
+
+      await promoteBlueGreenIngress(kubectl, testObjects)
+
+      expect(deployWithLabelSpy).toHaveBeenCalledWith(
+         kubectl,
+         expect.any(Array),
+         bgHelper.NONE_LABEL_VALUE,
+         undefined
+      )
+
+      deployWithLabelSpy.mockRestore()
+   })
+})
@@ -0,0 +1,87 @@
+import * as core from '@actions/core'
+
+import {Kubectl} from '../../types/kubectl.js'
+
+import {BlueGreenDeployment} from '../../types/blueGreenTypes.js'
+import {deployWithLabel, NONE_LABEL_VALUE} from './blueGreenHelper.js'
+
+import {validateIngresses} from './ingressBlueGreenHelper.js'
+import {validateServicesState} from './serviceBlueGreenHelper.js'
+import {validateTrafficSplitsState} from './smiBlueGreenHelper.js'
+
+export async function promoteBlueGreenIngress(
+   kubectl: Kubectl,
+   manifestObjects,
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   //checking if anything to promote
+   const {areValid, invalidIngresses} = await validateIngresses(
+      kubectl,
+      manifestObjects.ingressEntityList,
+      manifestObjects.serviceNameMap
+   )
+   if (!areValid) {
+      throw new Error(
+         `Ingresses are not in promote state: ${invalidIngresses.toString()}`
+      )
+   }
+
+   // create stable deployments with new configuration
+   const result: BlueGreenDeployment = await deployWithLabel(
+      kubectl,
+      [].concat(
+         manifestObjects.deploymentEntityList,
+         manifestObjects.serviceEntityList
+      ),
+      NONE_LABEL_VALUE,
+      timeout
+   )
+
+   // create stable services with new configuration
+   return result
+}
+
+export async function promoteBlueGreenService(
+   kubectl: Kubectl,
+   manifestObjects,
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   // checking if services are in the right state ie. targeting green deployments
+   if (
+      !(await validateServicesState(kubectl, manifestObjects.serviceEntityList))
+   ) {
+      throw new Error('Found services not in promote state')
+   }
+
+   // creating stable deployments with new configurations
+   return await deployWithLabel(
+      kubectl,
+      manifestObjects.deploymentEntityList,
+      NONE_LABEL_VALUE,
+      timeout
+   )
+}
+
+export async function promoteBlueGreenSMI(
+   kubectl: Kubectl,
+   manifestObjects,
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   // checking if there is something to promote
+   if (
+      !(await validateTrafficSplitsState(
+         kubectl,
+         manifestObjects.serviceEntityList
+      ))
+   ) {
+      throw Error('Not in promote state SMI')
+   }
+
+   // create stable deployments with new configuration
+   return await deployWithLabel(
+      kubectl,
+      manifestObjects.deploymentEntityList,
+      NONE_LABEL_VALUE,
+      timeout
+   )
+}
@@ -0,0 +1,270 @@
+import {vi} from 'vitest'
+import type {MockInstance} from 'vitest'
+import {getManifestObjects} from './blueGreenHelper.js'
+import {Kubectl} from '../../types/kubectl.js'
+
+import * as TSutils from '../../utilities/trafficSplitUtils.js'
+import {
+   rejectBlueGreenIngress,
+   rejectBlueGreenService,
+   rejectBlueGreenSMI
+} from './reject.js'
+import * as bgHelper from './blueGreenHelper.js'
+import * as routeHelper from './route.js'
+
+const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
+const kubectl = new Kubectl('')
+const TEST_TIMEOUT_SHORT = '60s'
+const TEST_TIMEOUT_LONG = '120s'
+
+vi.mock('../../types/kubectl')
+
+// Shared mock objects following DRY principle
+const mockSuccessResult = {
+   stdout: 'deployment.apps/nginx-deployment created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult = {
+   stdout: '',
+   stderr: 'error: deployment failed',
+   exitCode: 1
+}
+
+const mockBgDeployment = {
+   deployResult: {
+      execResult: {stdout: '', stderr: '', exitCode: 0},
+      manifestFiles: []
+   },
+   objects: [
+      {
+         kind: 'Ingress',
+         metadata: {
+            name: 'nginx-ingress',
+            labels: new Map<string, string>()
+         },
+         spec: {}
+      }
+   ]
+}
+
+const mockDeleteResult = [
+   {name: 'nginx-service-green', kind: 'Service'},
+   {name: 'nginx-deployment-green', kind: 'Deployment'}
+]
+
+describe('reject tests', () => {
+   let testObjects: any
+   let kubectlApplySpy: MockInstance
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      vi.restoreAllMocks()
+      testObjects = getManifestObjects(ingressFilepath)
+      kubectlApplySpy = vi.spyOn(kubectl, 'apply')
+   })
+
+   test('reject blue/green ingress', async () => {
+      // Mock kubectl.apply to return successful result
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+      const value = await rejectBlueGreenIngress(kubectl, testObjects)
+
+      const bgDeployment = value.routeResult
+      const deleteResult = value.deleteResult
+
+      expect(deleteResult).toHaveLength(2)
+      for (const obj of deleteResult) {
+         if (obj.kind == 'Service') {
+            expect(obj.name).toBe('nginx-service-green')
+         }
+         if (obj.kind == 'Deployment') {
+            expect(obj.name).toBe('nginx-deployment-green')
+         }
+      }
+
+      expect(bgDeployment.objects).toHaveLength(1)
+      expect(bgDeployment.objects[0].metadata.name).toBe('nginx-ingress')
+   })
+
+   test('reject blue/green ingress with timeout', async () => {
+      // Mock routeBlueGreenIngressUnchanged and deleteGreenObjects
+      vi.spyOn(routeHelper, 'routeBlueGreenIngressUnchanged').mockResolvedValue(
+         mockBgDeployment
+      )
+
+      vi.spyOn(bgHelper, 'deleteGreenObjects').mockResolvedValue(
+         mockDeleteResult
+      )
+
+      const value = await rejectBlueGreenIngress(
+         kubectl,
+         testObjects,
+         TEST_TIMEOUT_LONG
+      )
+
+      const bgDeployment = value.routeResult
+      const deleteResult = value.deleteResult
+
+      expect(deleteResult).toHaveLength(2)
+      for (const obj of deleteResult) {
+         if (obj.kind === 'Service') {
+            expect(obj.name).toBe('nginx-service-green')
+         }
+         if (obj.kind === 'Deployment') {
+            expect(obj.name).toBe('nginx-deployment-green')
+         }
+      }
+
+      expect(bgDeployment.objects).toHaveLength(1)
+      expect(bgDeployment.objects[0].metadata.name).toBe('nginx-ingress')
+
+      // Verify deleteGreenObjects is called with timeout
+      expect(bgHelper.deleteGreenObjects).toHaveBeenCalledWith(
+         kubectl,
+         [].concat(
+            testObjects.deploymentEntityList,
+            testObjects.serviceEntityList
+         ),
+         TEST_TIMEOUT_LONG
+      )
+      expect(routeHelper.routeBlueGreenIngressUnchanged).toHaveBeenCalledWith(
+         kubectl,
+         testObjects.serviceNameMap,
+         testObjects.ingressEntityList,
+         TEST_TIMEOUT_LONG
+      )
+   })
+
+   test('reject blue/green service', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+      vi.spyOn(bgHelper, 'deleteGreenObjects').mockResolvedValue(
+         mockDeleteResult
+      )
+
+      const value = await rejectBlueGreenService(
+         kubectl,
+         testObjects,
+         TEST_TIMEOUT_SHORT
+      )
+
+      const deleteResult = value.deleteResult
+
+      expect(deleteResult).toHaveLength(2)
+      expect(deleteResult).toContainEqual({
+         name: 'nginx-service-green',
+         kind: 'Service'
+      })
+      expect(deleteResult).toContainEqual({
+         name: 'nginx-deployment-green',
+         kind: 'Deployment'
+      })
+   })
+
+   test('reject blue/green service with timeout', async () => {
+      // Mock routeBlueGreenService and deleteGreenObjects
+      vi.spyOn(routeHelper, 'routeBlueGreenService').mockResolvedValue({
+         deployResult: {
+            execResult: {stdout: '', stderr: '', exitCode: 0},
+            manifestFiles: []
+         },
+         objects: [
+            {
+               kind: 'Service',
+               metadata: {
+                  name: 'nginx-service',
+                  labels: new Map<string, string>()
+               },
+               spec: {}
+            }
+         ]
+      })
+
+      vi.spyOn(bgHelper, 'deleteGreenObjects').mockResolvedValue([
+         {name: 'nginx-deployment-green', kind: 'Deployment'}
+      ])
+
+      const value = await rejectBlueGreenService(
+         kubectl,
+         testObjects,
+         TEST_TIMEOUT_LONG
+      )
+
+      const bgDeployment = value.routeResult
+      const deleteResult = value.deleteResult
+
+      // Verify deleteGreenObjects is called with timeout
+      expect(bgHelper.deleteGreenObjects).toHaveBeenCalledWith(
+         kubectl,
+         testObjects.deploymentEntityList,
+         TEST_TIMEOUT_LONG
+      )
+
+      // Assertions for routeResult and deleteResult
+      expect(deleteResult).toHaveLength(1)
+      expect(deleteResult[0].name).toBe('nginx-deployment-green')
+      expect(bgDeployment.objects).toHaveLength(1)
+      expect(bgDeployment.objects[0].metadata.name).toBe('nginx-service')
+   })
+
+   test('reject blue/green SMI', async () => {
+      // Mock kubectl.apply to return successful result
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+      vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(() =>
+         Promise.resolve('v1alpha3')
+      )
+      const rejectResult = await rejectBlueGreenSMI(kubectl, testObjects)
+      expect(rejectResult.deleteResult).toHaveLength(2)
+   })
+
+   // Consolidated error tests
+   test.each([
+      {
+         name: 'should throw error when kubectl apply fails during blue/green ingress rejection',
+         fn: () => rejectBlueGreenIngress(kubectl, testObjects),
+         setup: () => {
+            vi.spyOn(bgHelper, 'deleteGreenObjects').mockResolvedValue(
+               mockDeleteResult
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green service rejection',
+         fn: () => rejectBlueGreenService(kubectl, testObjects),
+         setup: () => {
+            vi.spyOn(bgHelper, 'deleteGreenObjects').mockResolvedValue(
+               mockDeleteResult
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green SMI rejection',
+         fn: () => rejectBlueGreenSMI(kubectl, testObjects),
+         setup: () => {
+            vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(
+               () => Promise.resolve('v1alpha3')
+            )
+         }
+      }
+   ])('$name', async ({fn, setup}) => {
+      kubectlApplySpy.mockClear()
+      kubectlApplySpy.mockResolvedValue(mockFailureResult)
+      setup()
+
+      await expect(fn()).rejects.toThrow()
+      const timeoutArg = kubectlApplySpy.mock.calls[0][3]
+      expect(typeof timeoutArg === 'string' || timeoutArg === undefined).toBe(
+         true
+      )
+
+      expect(kubectlApplySpy).toHaveBeenCalledWith(
+         expect.any(Array),
+         expect.any(Boolean),
+         expect.any(Boolean),
+         timeoutArg
+      )
+      expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+   })
+})
@@ -0,0 +1,91 @@
+import {K8sDeleteObject} from '../../types/k8sObject.js'
+import {Kubectl} from '../../types/kubectl.js'
+import {
+   BlueGreenDeployment,
+   BlueGreenManifests,
+   BlueGreenRejectResult
+} from '../../types/blueGreenTypes.js'
+import {deleteGreenObjects, NONE_LABEL_VALUE} from './blueGreenHelper.js'
+import {routeBlueGreenSMI} from './route.js'
+import {cleanupSMI} from './smiBlueGreenHelper.js'
+import {routeBlueGreenIngressUnchanged, routeBlueGreenService} from './route.js'
+
+export async function rejectBlueGreenIngress(
+   kubectl: Kubectl,
+   manifestObjects: BlueGreenManifests,
+   timeout?: string
+): Promise<BlueGreenRejectResult> {
+   // get all kubernetes objects defined in manifest files
+   // route ingress to stables services
+   const routeResult = await routeBlueGreenIngressUnchanged(
+      kubectl,
+      manifestObjects.serviceNameMap,
+      manifestObjects.ingressEntityList,
+      timeout
+   )
+
+   // delete green services and deployments
+   const deleteResult = await deleteGreenObjects(
+      kubectl,
+      [].concat(
+         manifestObjects.deploymentEntityList,
+         manifestObjects.serviceEntityList
+      ),
+      timeout
+   )
+
+   return {routeResult, deleteResult}
+}
+
+export async function rejectBlueGreenService(
+   kubectl: Kubectl,
+   manifestObjects: BlueGreenManifests,
+   timeout?: string
+): Promise<BlueGreenRejectResult> {
+   // route to stable objects
+   const routeResult = await routeBlueGreenService(
+      kubectl,
+      NONE_LABEL_VALUE,
+      manifestObjects.serviceEntityList,
+      timeout
+   )
+
+   // delete new deployments with green suffix
+   const deleteResult = await deleteGreenObjects(
+      kubectl,
+      manifestObjects.deploymentEntityList,
+      timeout
+   )
+
+   return {routeResult, deleteResult}
+}
+
+export async function rejectBlueGreenSMI(
+   kubectl: Kubectl,
+   manifestObjects: BlueGreenManifests,
+   timeout?: string
+): Promise<BlueGreenRejectResult> {
+   // route trafficsplit to stable deployments
+   const routeResult = await routeBlueGreenSMI(
+      kubectl,
+      NONE_LABEL_VALUE,
+      manifestObjects.serviceEntityList,
+      timeout
+   )
+
+   // delete rejected new bluegreen deployments
+   const deletedObjects = await deleteGreenObjects(
+      kubectl,
+      manifestObjects.deploymentEntityList,
+      timeout
+   )
+
+   // delete trafficsplit and extra services
+   const cleanupResult = await cleanupSMI(
+      kubectl,
+      manifestObjects.serviceEntityList,
+      timeout
+   )
+
+   return {routeResult, deleteResult: [].concat(deletedObjects, cleanupResult)}
+}
@@ -0,0 +1,342 @@
+import {vi} from 'vitest'
+import type {MockInstance} from 'vitest'
+import {K8sIngress, TrafficSplitObject} from '../../types/k8sObject.js'
+import {Kubectl} from '../../types/kubectl.js'
+import * as fileHelper from '../../utilities/fileUtils.js'
+import * as TSutils from '../../utilities/trafficSplitUtils.js'
+import {RouteStrategy} from '../../types/routeStrategy.js'
+import {BlueGreenManifests} from '../../types/blueGreenTypes.js'
+
+import {
+   BLUE_GREEN_VERSION_LABEL,
+   getManifestObjects,
+   GREEN_LABEL_VALUE
+} from './blueGreenHelper.js'
+import * as bgHelper from './blueGreenHelper.js'
+import * as smiHelper from './smiBlueGreenHelper.js'
+import {
+   routeBlueGreenIngress,
+   routeBlueGreenService,
+   routeBlueGreenForDeploy,
+   routeBlueGreenSMI,
+   routeBlueGreenIngressUnchanged
+} from './route.js'
+
+vi.mock('../../types/kubectl')
+const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
+const kc = new Kubectl('')
+
+// Shared mock objects following DRY principle
+const mockSuccessResult = {
+   stdout: 'deployment.apps/nginx-deployment created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult = {
+   stdout: '',
+   stderr: 'error: deployment failed',
+   exitCode: 1
+}
+
+describe('route function tests', () => {
+   let testObjects: BlueGreenManifests
+   let kubectlApplySpy: MockInstance
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      testObjects = getManifestObjects(ingressFilepath)
+      kubectlApplySpy = vi.spyOn(kc, 'apply')
+      vi.spyOn(fileHelper, 'writeObjectsToFile').mockImplementationOnce(() => [
+         ''
+      ])
+   })
+
+   test('correctly prepares blue/green ingresses for deployment', async () => {
+      kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+      const unroutedIngCopy: K8sIngress = JSON.parse(
+         JSON.stringify(testObjects.ingressEntityList[0])
+      )
+      unroutedIngCopy.metadata.name = 'nginx-ingress-unrouted'
+      unroutedIngCopy.spec.rules[0].http.paths[0].backend.service.name =
+         'fake-service'
+      testObjects.ingressEntityList.push(unroutedIngCopy)
+      const value = await routeBlueGreenIngress(
+         kc,
+         testObjects.serviceNameMap,
+         testObjects.ingressEntityList
+      )
+
+      expect(value.objects).toHaveLength(2)
+      expect(value.objects[0].metadata.name).toBe('nginx-ingress')
+      expect(
+         (value.objects[0] as K8sIngress).spec.rules[0].http.paths[0].backend
+            .service.name
+      ).toBe('nginx-service-green')
+
+      expect(value.objects[1].metadata.name).toBe('nginx-ingress-unrouted')
+      // unrouted services shouldn't get their service name changed
+      expect(
+         (value.objects[1] as K8sIngress).spec.rules[0].http.paths[0].backend
+            .service.name
+      ).toBe('fake-service')
+   })
+
+   test('correctly prepares blue/green services for deployment', async () => {
+      const value = await routeBlueGreenService(
+         kc,
+         GREEN_LABEL_VALUE,
+         testObjects.serviceEntityList
+      )
+
+      expect(value.objects).toHaveLength(1)
+      expect(value.objects[0].metadata.name).toBe('nginx-service')
+
+      expect(value.objects[0].metadata.labels[BLUE_GREEN_VERSION_LABEL]).toBe(
+         GREEN_LABEL_VALUE
+      )
+   })
+
+   test('correctly identifies route pattern and acts accordingly', async () => {
+      vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(() =>
+         Promise.resolve('v1alpha3')
+      )
+
+      const ingressResult = await routeBlueGreenForDeploy(
+         kc,
+         ingressFilepath,
+         RouteStrategy.INGRESS
+      )
+
+      expect(ingressResult.objects.length).toBe(1)
+      expect(ingressResult.objects[0].metadata.name).toBe('nginx-ingress')
+
+      const serviceResult = await routeBlueGreenForDeploy(
+         kc,
+         ingressFilepath,
+         RouteStrategy.SERVICE
+      )
+
+      expect(serviceResult.objects.length).toBe(1)
+      expect(serviceResult.objects[0].metadata.name).toBe('nginx-service')
+
+      const smiResult = await routeBlueGreenForDeploy(
+         kc,
+         ingressFilepath,
+         RouteStrategy.SMI
+      )
+
+      expect(smiResult.objects).toHaveLength(1)
+      expect(smiResult.objects[0].metadata.name).toBe(
+         'nginx-service-trafficsplit'
+      )
+      expect(
+         (smiResult.objects as TrafficSplitObject[])[0].spec.backends
+      ).toHaveLength(2)
+   })
+
+   // Consolidated error tests
+   test.each([
+      {
+         name: 'should throw error when kubectl apply fails during blue/green ingress routing',
+         fn: () =>
+            routeBlueGreenIngress(
+               kc,
+               testObjects.serviceNameMap,
+               testObjects.ingressEntityList
+            ),
+         setup: () => {}
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green service routing',
+         fn: () =>
+            routeBlueGreenService(
+               kc,
+               GREEN_LABEL_VALUE,
+               testObjects.serviceEntityList
+            ),
+         setup: () => {}
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green SMI routing',
+         fn: () =>
+            routeBlueGreenSMI(
+               kc,
+               GREEN_LABEL_VALUE,
+               testObjects.serviceEntityList
+            ),
+         setup: () => {
+            vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(
+               () => Promise.resolve('v1alpha3')
+            )
+         }
+      },
+      {
+         name: 'should throw error when kubectl apply fails during blue/green ingress unchanged routing',
+         fn: () =>
+            routeBlueGreenIngressUnchanged(
+               kc,
+               testObjects.serviceNameMap,
+               testObjects.ingressEntityList
+            ),
+         setup: () => {}
+      }
+   ])('$name', async ({fn, setup}) => {
+      kubectlApplySpy.mockClear()
+      kubectlApplySpy.mockResolvedValue(mockFailureResult)
+      setup()
+
+      await expect(fn()).rejects.toThrow()
+      expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+   })
+})
+
+// Timeout tests
+describe('route timeout tests', () => {
+   let testObjects: BlueGreenManifests
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      testObjects = getManifestObjects(ingressFilepath)
+      vi.spyOn(fileHelper, 'writeObjectsToFile').mockImplementationOnce(() => [
+         ''
+      ])
+   })
+
+   afterEach(() => {
+      vi.restoreAllMocks()
+   })
+
+   test('routeBlueGreenService with timeout', async () => {
+      const timeout = '240s'
+
+      // Mock deployObjects to capture timeout parameter
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      const value = await routeBlueGreenService(
+         kc,
+         GREEN_LABEL_VALUE,
+         testObjects.serviceEntityList,
+         timeout
+      )
+
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         timeout
+      )
+      expect(value.objects).toHaveLength(1)
+
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('routeBlueGreenSMI with timeout', async () => {
+      const timeout = '300s'
+
+      vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(() =>
+         Promise.resolve('v1alpha3')
+      )
+
+      // Mock deployObjects and createTrafficSplitObject to capture timeout parameter
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      const createTrafficSplitSpy = vi
+         .spyOn(smiHelper, 'createTrafficSplitObject')
+         .mockResolvedValue({
+            apiVersion: 'split.smi-spec.io/v1alpha3',
+            kind: 'TrafficSplit',
+            metadata: {
+               name: 'nginx-service-trafficsplit',
+               labels: new Map(),
+               annotations: new Map()
+            },
+            spec: {service: 'nginx-service', backends: []}
+         })
+
+      const value = await routeBlueGreenSMI(
+         kc,
+         GREEN_LABEL_VALUE,
+         testObjects.serviceEntityList,
+         timeout
+      )
+
+      expect(createTrafficSplitSpy).toHaveBeenCalledWith(
+         kc,
+         'nginx-service',
+         GREEN_LABEL_VALUE,
+         timeout
+      )
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         timeout
+      )
+      expect(value.objects).toHaveLength(1)
+
+      deployObjectsSpy.mockRestore()
+      createTrafficSplitSpy.mockRestore()
+   })
+
+   test('routeBlueGreenIngressUnchanged with timeout', async () => {
+      const timeout = '180s'
+
+      // Mock deployObjects to capture timeout parameter
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      const value = await routeBlueGreenIngressUnchanged(
+         kc,
+         testObjects.serviceNameMap,
+         testObjects.ingressEntityList,
+         timeout
+      )
+
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         timeout
+      )
+      expect(value.objects).toHaveLength(1)
+
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('route functions without timeout should pass undefined', async () => {
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      // Test routeBlueGreenService without timeout
+      await routeBlueGreenService(
+         kc,
+         GREEN_LABEL_VALUE,
+         testObjects.serviceEntityList
+      )
+
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         undefined
+      )
+
+      deployObjectsSpy.mockRestore()
+   })
+})
@@ -0,0 +1,150 @@
+import {sleep} from '../../utilities/timeUtils.js'
+import {RouteStrategy} from '../../types/routeStrategy.js'
+import {Kubectl} from '../../types/kubectl.js'
+import {
+   BlueGreenDeployment,
+   BlueGreenManifests
+} from '../../types/blueGreenTypes.js'
+import {
+   getManifestObjects,
+   GREEN_LABEL_VALUE,
+   deployObjects
+} from './blueGreenHelper.js'
+
+import {
+   getUpdatedBlueGreenIngress,
+   isIngressRouted
+} from './ingressBlueGreenHelper.js'
+import {getUpdatedBlueGreenService} from './serviceBlueGreenHelper.js'
+import {createTrafficSplitObject} from './smiBlueGreenHelper.js'
+
+import * as core from '@actions/core'
+import {K8sObject, TrafficSplitObject} from '../../types/k8sObject.js'
+import {getBufferTime} from '../../inputUtils.js'
+
+export async function routeBlueGreenForDeploy(
+   kubectl: Kubectl,
+   inputManifestFiles: string[],
+   routeStrategy: RouteStrategy,
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   // sleep for buffer time
+   const bufferTime: number = getBufferTime()
+   const startSleepDate = new Date()
+   core.info(
+      `Starting buffer time of ${bufferTime} minute(s) at ${startSleepDate.toISOString()}`
+   )
+   await sleep(bufferTime * 1000 * 60)
+   const endSleepDate = new Date()
+   core.info(
+      `Stopping buffer time of ${bufferTime} minute(s) at ${endSleepDate.toISOString()}`
+   )
+
+   const manifestObjects: BlueGreenManifests =
+      getManifestObjects(inputManifestFiles)
+
+   // route to new deployments
+   if (routeStrategy == RouteStrategy.INGRESS) {
+      return await routeBlueGreenIngress(
+         kubectl,
+         manifestObjects.serviceNameMap,
+         manifestObjects.ingressEntityList,
+         timeout
+      )
+   } else if (routeStrategy == RouteStrategy.SMI) {
+      return await routeBlueGreenSMI(
+         kubectl,
+         GREEN_LABEL_VALUE,
+         manifestObjects.serviceEntityList,
+         timeout
+      )
+   } else {
+      return await routeBlueGreenService(
+         kubectl,
+         GREEN_LABEL_VALUE,
+         manifestObjects.serviceEntityList,
+         timeout
+      )
+   }
+}
+
+export async function routeBlueGreenIngress(
+   kubectl: Kubectl,
+   serviceNameMap: Map<string, string>,
+   ingressEntityList: any[],
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   // const newObjectsList = []
+   const newObjectsList: K8sObject[] = ingressEntityList.map((obj) => {
+      if (isIngressRouted(obj, serviceNameMap)) {
+         const newBlueGreenIngressObject = getUpdatedBlueGreenIngress(
+            obj,
+            serviceNameMap,
+            GREEN_LABEL_VALUE
+         )
+         return newBlueGreenIngressObject
+      } else {
+         core.debug(`unrouted ingress detected ${obj.metadata.name}`)
+         return obj
+      }
+   })
+
+   const deployResult = await deployObjects(kubectl, newObjectsList, timeout)
+
+   return {deployResult, objects: newObjectsList}
+}
+
+export async function routeBlueGreenIngressUnchanged(
+   kubectl: Kubectl,
+   serviceNameMap: Map<string, string>,
+   ingressEntityList: any[],
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   const objects = ingressEntityList.filter((ingress) =>
+      isIngressRouted(ingress, serviceNameMap)
+   )
+
+   const deployResult = await deployObjects(kubectl, objects, timeout)
+   return {deployResult, objects}
+}
+
+export async function routeBlueGreenService(
+   kubectl: Kubectl,
+   nextLabel: string,
+   serviceEntityList: any[],
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   const objects = serviceEntityList.map((serviceObject) =>
+      getUpdatedBlueGreenService(serviceObject, nextLabel)
+   )
+
+   const deployResult = await deployObjects(kubectl, objects, timeout)
+
+   return {deployResult, objects}
+}
+
+export async function routeBlueGreenSMI(
+   kubectl: Kubectl,
+   nextLabel: string,
+   serviceEntityList: any[],
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   // let tsObjects: TrafficSplitObject[] = []
+
+   const tsObjects: TrafficSplitObject[] = await Promise.all(
+      serviceEntityList.map(async (serviceObject) => {
+         const tsObject: TrafficSplitObject = await createTrafficSplitObject(
+            kubectl,
+            serviceObject.metadata.name,
+            nextLabel,
+            timeout
+         )
+
+         return tsObject
+      })
+   )
+
+   const deployResult = await deployObjects(kubectl, tsObjects, timeout)
+
+   return {deployResult, objects: tsObjects}
+}
@@ -0,0 +1,65 @@
+import {vi} from 'vitest'
+import * as core from '@actions/core'
+import {
+   BLUE_GREEN_VERSION_LABEL,
+   getManifestObjects,
+   GREEN_LABEL_VALUE
+} from './blueGreenHelper.js'
+import * as bgHelper from './blueGreenHelper.js'
+import {Kubectl} from '../../types/kubectl.js'
+import {
+   getServiceSpecLabel,
+   getUpdatedBlueGreenService,
+   validateServicesState
+} from './serviceBlueGreenHelper.js'
+
+let testObjects
+const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
+vi.mock('../../types/kubectl')
+const kubectl = new Kubectl('')
+
+describe('blue/green service helper tests', () => {
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      testObjects = getManifestObjects(ingressFilepath)
+   })
+
+   test('getUpdatedBlueGreenService', () => {
+      const newService = getUpdatedBlueGreenService(
+         testObjects.serviceEntityList[0],
+         GREEN_LABEL_VALUE
+      )
+      expect(newService.metadata.labels[BLUE_GREEN_VERSION_LABEL]).toBe(
+         GREEN_LABEL_VALUE
+      )
+      expect(newService.spec.selector[BLUE_GREEN_VERSION_LABEL]).toBe(
+         GREEN_LABEL_VALUE
+      )
+   })
+
+   test('validateServicesState', async () => {
+      const mockLabels = new Map<string, string>()
+      mockLabels[BLUE_GREEN_VERSION_LABEL] = bgHelper.GREEN_LABEL_VALUE
+      const mockSelectors = new Map<string, string>()
+      mockSelectors[BLUE_GREEN_VERSION_LABEL] = GREEN_LABEL_VALUE
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+         Promise.resolve({
+            kind: 'Service',
+            spec: {selector: mockSelectors},
+            metadata: {labels: mockLabels, name: 'nginx-service-green'}
+         })
+      )
+      expect(
+         await validateServicesState(kubectl, testObjects.serviceEntityList)
+      ).toBe(true)
+   })
+
+   test('getServiceSpecLabel', () => {
+      testObjects.serviceEntityList[0].spec.selector[BLUE_GREEN_VERSION_LABEL] =
+         GREEN_LABEL_VALUE
+
+      expect(getServiceSpecLabel(testObjects.serviceEntityList[0])).toBe(
+         GREEN_LABEL_VALUE
+      )
+   })
+})
@@ -0,0 +1,50 @@
+import * as core from '@actions/core'
+import {K8sServiceObject} from '../../types/k8sObject.js'
+import {Kubectl} from '../../types/kubectl.js'
+import {
+   addBlueGreenLabelsAndAnnotations,
+   BLUE_GREEN_VERSION_LABEL,
+   fetchResource,
+   GREEN_LABEL_VALUE
+} from './blueGreenHelper.js'
+
+// add green labels to configure existing service
+export function getUpdatedBlueGreenService(
+   inputObject: any,
+   labelValue: string
+): K8sServiceObject {
+   const newObject = JSON.parse(JSON.stringify(inputObject))
+
+   // Adding labels and annotations.
+   addBlueGreenLabelsAndAnnotations(newObject, labelValue)
+   return newObject
+}
+
+export async function validateServicesState(
+   kubectl: Kubectl,
+   serviceEntityList: any[]
+): Promise<boolean> {
+   let areServicesGreen: boolean = true
+
+   for (const serviceObject of serviceEntityList) {
+      // finding the existing routed service
+      const existingService = await fetchResource(
+         kubectl,
+         serviceObject.kind,
+         serviceObject.metadata.name,
+         serviceObject?.metadata?.namespace
+      )
+
+      let isServiceGreen =
+         !!existingService &&
+         getServiceSpecLabel(existingService as K8sServiceObject) ==
+            GREEN_LABEL_VALUE
+      areServicesGreen = areServicesGreen && isServiceGreen
+   }
+
+   return areServicesGreen
+}
+
+export function getServiceSpecLabel(inputObject: K8sServiceObject): string {
+   return inputObject.spec.selector[BLUE_GREEN_VERSION_LABEL]
+}
@@ -0,0 +1,418 @@
+import {vi} from 'vitest'
+import {TrafficSplitObject} from '../../types/k8sObject.js'
+import {Kubectl} from '../../types/kubectl.js'
+import * as fileHelper from '../../utilities/fileUtils.js'
+import * as TSutils from '../../utilities/trafficSplitUtils.js'
+
+import {BlueGreenManifests} from '../../types/blueGreenTypes.js'
+import {
+   BLUE_GREEN_VERSION_LABEL,
+   getManifestObjects,
+   GREEN_LABEL_VALUE,
+   NONE_LABEL_VALUE
+} from './blueGreenHelper.js'
+
+import {
+   cleanupSMI,
+   createTrafficSplitObject,
+   getGreenSMIServiceResource,
+   getStableSMIServiceResource,
+   MAX_VAL,
+   MIN_VAL,
+   setupSMI,
+   TRAFFIC_SPLIT_OBJECT,
+   validateTrafficSplitsState
+} from './smiBlueGreenHelper.js'
+import * as bgHelper from './blueGreenHelper.js'
+
+vi.mock('../../types/kubectl')
+
+const kc = new Kubectl('')
+const ingressFilepath = ['test/unit/manifests/test-ingress-new.yml']
+
+// Shared mock objects following DRY principle
+const mockSuccessResult = {
+   stdout: 'service/nginx-service-stable created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult = {
+   stdout: '',
+   stderr: 'error: service creation failed',
+   exitCode: 1
+}
+
+const mockTsObject: TrafficSplitObject = {
+   apiVersion: 'v1alpha3',
+   kind: TRAFFIC_SPLIT_OBJECT,
+   metadata: {
+      name: 'nginx-service-trafficsplit',
+      labels: new Map<string, string>(),
+      annotations: new Map<string, string>()
+   },
+   spec: {
+      service: 'nginx-service',
+      backends: [
+         {
+            service: 'nginx-service-stable',
+            weight: MIN_VAL
+         },
+         {
+            service: 'nginx-service-green',
+            weight: MAX_VAL
+         }
+      ]
+   }
+}
+
+describe('SMI Helper tests', () => {
+   let testObjects: BlueGreenManifests
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+
+      vi.spyOn(TSutils, 'getTrafficSplitAPIVersion').mockImplementation(() =>
+         Promise.resolve('')
+      )
+
+      testObjects = getManifestObjects(ingressFilepath)
+      vi.spyOn(fileHelper, 'writeObjectsToFile').mockImplementationOnce(() => [
+         ''
+      ])
+   })
+
+   test('setupSMI tests', async () => {
+      vi.spyOn(kc, 'apply').mockResolvedValue(mockSuccessResult)
+
+      const smiResults = await setupSMI(kc, testObjects.serviceEntityList)
+
+      let found = 0
+      for (const obj of smiResults.objects) {
+         if (obj.metadata.name === 'nginx-service-stable') {
+            expect(obj.metadata.labels[BLUE_GREEN_VERSION_LABEL]).toBe(
+               NONE_LABEL_VALUE
+            )
+            expect(obj.spec.selector.app).toBe('nginx')
+            found++
+         }
+
+         if (obj.metadata.name === 'nginx-service-green') {
+            expect(obj.metadata.labels[BLUE_GREEN_VERSION_LABEL]).toBe(
+               GREEN_LABEL_VALUE
+            )
+            found++
+         }
+
+         if (obj.metadata.name === 'nginx-service-trafficsplit') {
+            found++
+            // expect stable weight to be max val
+            const casted = obj as TrafficSplitObject
+            expect(casted.spec.backends).toHaveLength(2)
+            for (const be of casted.spec.backends) {
+               if (be.service === 'nginx-service-stable') {
+                  expect(be.weight).toBe(MAX_VAL)
+               }
+               if (be.service === 'nginx-service-green') {
+                  expect(be.weight).toBe(MIN_VAL)
+               }
+            }
+         }
+      }
+
+      expect(found).toBe(3)
+   })
+
+   test('createTrafficSplitObject tests', async () => {
+      const noneTsObject: TrafficSplitObject = await createTrafficSplitObject(
+         kc,
+         testObjects.serviceEntityList[0].metadata.name,
+         NONE_LABEL_VALUE
+      )
+      expect(noneTsObject.metadata.name).toBe('nginx-service-trafficsplit')
+      for (let be of noneTsObject.spec.backends) {
+         if (be.service === 'nginx-service-stable') {
+            expect(be.weight).toBe(MAX_VAL)
+         }
+         if (be.service === 'nginx-service-green') {
+            expect(be.weight).toBe(MIN_VAL)
+         }
+      }
+
+      const greenTsObject: TrafficSplitObject = await createTrafficSplitObject(
+         kc,
+         testObjects.serviceEntityList[0].metadata.name,
+         GREEN_LABEL_VALUE
+      )
+      expect(greenTsObject.metadata.name).toBe('nginx-service-trafficsplit')
+      for (const be of greenTsObject.spec.backends) {
+         if (be.service === 'nginx-service-stable') {
+            expect(be.weight).toBe(MIN_VAL)
+         }
+         if (be.service === 'nginx-service-green') {
+            expect(be.weight).toBe(MAX_VAL)
+         }
+      }
+   })
+
+   test('getSMIServiceResource test', () => {
+      const stableResult = getStableSMIServiceResource(
+         testObjects.serviceEntityList[0]
+      )
+      const greenResult = getGreenSMIServiceResource(
+         testObjects.serviceEntityList[0]
+      )
+
+      expect(stableResult.metadata.name).toBe('nginx-service-stable')
+      expect(stableResult.metadata.labels[BLUE_GREEN_VERSION_LABEL]).toBe(
+         NONE_LABEL_VALUE
+      )
+
+      expect(greenResult.metadata.name).toBe('nginx-service-green')
+      expect(greenResult.metadata.labels[BLUE_GREEN_VERSION_LABEL]).toBe(
+         GREEN_LABEL_VALUE
+      )
+   })
+
+   test('validateTrafficSplitsState', async () => {
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+         Promise.resolve(mockTsObject)
+      )
+
+      let valResult = await validateTrafficSplitsState(
+         kc,
+         testObjects.serviceEntityList
+      )
+
+      expect(valResult).toBe(true)
+
+      const mockTsCopy = JSON.parse(JSON.stringify(mockTsObject))
+      mockTsCopy.spec.backends[0].weight = MAX_VAL
+      vi.spyOn(bgHelper, 'fetchResource').mockImplementation(() =>
+         Promise.resolve(mockTsCopy)
+      )
+
+      valResult = await validateTrafficSplitsState(
+         kc,
+         testObjects.serviceEntityList
+      )
+      expect(valResult).toBe(false)
+
+      vi.spyOn(bgHelper, 'fetchResource').mockResolvedValue(null)
+      valResult = await validateTrafficSplitsState(
+         kc,
+         testObjects.serviceEntityList
+      )
+      expect(valResult).toBe(false)
+   })
+
+   test('cleanupSMI test', async () => {
+      const deleteObjects = await cleanupSMI(kc, testObjects.serviceEntityList)
+      expect(deleteObjects).toHaveLength(1)
+      expect(deleteObjects[0].name).toBe('nginx-service-green')
+      expect(deleteObjects[0].kind).toBe('Service')
+   })
+
+   // Consolidated error tests using test.each for DRY principle
+   test.each([
+      {
+         name: 'should throw error when kubectl apply fails during SMI setup',
+         fn: () => setupSMI(kc, testObjects.serviceEntityList),
+         setup: () => {
+            vi.spyOn(kc, 'apply').mockResolvedValue(mockFailureResult)
+         }
+      }
+   ])('$name', async ({fn, setup}) => {
+      setup()
+
+      await expect(fn()).rejects.toThrow()
+   })
+
+   // Timeout-specific tests
+   test('setupSMI with timeout test', async () => {
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      const timeout = '300s'
+      const smiResults = await setupSMI(
+         kc,
+         testObjects.serviceEntityList,
+         timeout
+      )
+
+      // Verify deployObjects was called with timeout
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         timeout
+      )
+
+      expect(smiResults.objects).toBeDefined()
+      expect(smiResults.deployResult).toBeDefined()
+
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('createTrafficSplitObject with timeout test', async () => {
+      const deleteObjectsSpy = vi
+         .spyOn(bgHelper, 'deleteObjects')
+         .mockResolvedValue()
+
+      const timeout = '180s'
+      const tsObject = await createTrafficSplitObject(
+         kc,
+         testObjects.serviceEntityList[0].metadata.name,
+         NONE_LABEL_VALUE,
+         timeout
+      )
+
+      // Verify deleteObjects was called with timeout
+      expect(deleteObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.arrayContaining([
+            expect.objectContaining({
+               name: 'nginx-service-trafficsplit',
+               kind: TRAFFIC_SPLIT_OBJECT
+            })
+         ]),
+         timeout
+      )
+
+      expect(tsObject.metadata.name).toBe('nginx-service-trafficsplit')
+      expect(tsObject.spec.backends).toHaveLength(2)
+
+      deleteObjectsSpy.mockRestore()
+   })
+
+   test('createTrafficSplitObject with GREEN_LABEL_VALUE and timeout test', async () => {
+      const deleteObjectsSpy = vi
+         .spyOn(bgHelper, 'deleteObjects')
+         .mockResolvedValue()
+
+      const timeout = '240s'
+      const tsObject = await createTrafficSplitObject(
+         kc,
+         testObjects.serviceEntityList[0].metadata.name,
+         GREEN_LABEL_VALUE,
+         timeout
+      )
+
+      // Verify deleteObjects was called with timeout
+      expect(deleteObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         timeout
+      )
+
+      // Verify weights are correct for green deployment
+      for (const be of tsObject.spec.backends) {
+         if (be.service === 'nginx-service-stable') {
+            expect(be.weight).toBe(MIN_VAL)
+         }
+         if (be.service === 'nginx-service-green') {
+            expect(be.weight).toBe(MAX_VAL)
+         }
+      }
+
+      deleteObjectsSpy.mockRestore()
+   })
+
+   test('cleanupSMI with timeout test', async () => {
+      const deleteObjectsSpy = vi
+         .spyOn(bgHelper, 'deleteObjects')
+         .mockResolvedValue()
+
+      const timeout = '120s'
+      const deleteObjects = await cleanupSMI(
+         kc,
+         testObjects.serviceEntityList,
+         timeout
+      )
+
+      // Verify deleteObjects was called with timeout
+      expect(deleteObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.arrayContaining([
+            expect.objectContaining({
+               name: 'nginx-service-green',
+               kind: 'Service'
+            })
+         ]),
+         timeout
+      )
+
+      expect(deleteObjects).toHaveLength(1)
+      expect(deleteObjects[0].name).toBe('nginx-service-green')
+      expect(deleteObjects[0].kind).toBe('Service')
+
+      deleteObjectsSpy.mockRestore()
+   })
+
+   test('setupSMI without timeout test', async () => {
+      const deployObjectsSpy = vi
+         .spyOn(bgHelper, 'deployObjects')
+         .mockResolvedValue({
+            execResult: mockSuccessResult,
+            manifestFiles: []
+         })
+
+      const smiResults = await setupSMI(kc, testObjects.serviceEntityList)
+
+      // Verify deployObjects was called without timeout (undefined)
+      expect(deployObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         undefined
+      )
+
+      expect(smiResults.objects).toBeDefined()
+      expect(smiResults.deployResult).toBeDefined()
+
+      deployObjectsSpy.mockRestore()
+   })
+
+   test('createTrafficSplitObject without timeout test', async () => {
+      const deleteObjectsSpy = vi
+         .spyOn(bgHelper, 'deleteObjects')
+         .mockResolvedValue()
+
+      const tsObject = await createTrafficSplitObject(
+         kc,
+         testObjects.serviceEntityList[0].metadata.name,
+         NONE_LABEL_VALUE
+      )
+
+      // Verify deleteObjects was called without timeout (undefined)
+      expect(deleteObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         undefined
+      )
+
+      expect(tsObject.metadata.name).toBe('nginx-service-trafficsplit')
+
+      deleteObjectsSpy.mockRestore()
+   })
+
+   test('cleanupSMI without timeout test', async () => {
+      const deleteObjectsSpy = vi
+         .spyOn(bgHelper, 'deleteObjects')
+         .mockResolvedValue()
+
+      const deleteObjects = await cleanupSMI(kc, testObjects.serviceEntityList)
+
+      // Verify deleteObjects was called without timeout (undefined)
+      expect(deleteObjectsSpy).toHaveBeenCalledWith(
+         kc,
+         expect.any(Array),
+         undefined
+      )
+
+      expect(deleteObjects).toHaveLength(1)
+
+      deleteObjectsSpy.mockRestore()
+   })
+})
@@ -0,0 +1,207 @@
+import * as core from '@actions/core'
+import {Kubectl} from '../../types/kubectl.js'
+import * as kubectlUtils from '../../utilities/trafficSplitUtils.js'
+import {
+   deleteObjects,
+   deployObjects,
+   fetchResource,
+   getBlueGreenResourceName,
+   getNewBlueGreenObject,
+   GREEN_LABEL_VALUE,
+   GREEN_SUFFIX,
+   NONE_LABEL_VALUE,
+   STABLE_SUFFIX
+} from './blueGreenHelper.js'
+import {BlueGreenDeployment} from '../../types/blueGreenTypes.js'
+import {
+   K8sDeleteObject,
+   K8sObject,
+   TrafficSplitObject
+} from '../../types/k8sObject.js'
+import {DeployResult} from '../../types/deployResult.js'
+import {inputAnnotations} from '../../inputUtils.js'
+
+export const TRAFFIC_SPLIT_OBJECT_NAME_SUFFIX = '-trafficsplit'
+export const TRAFFIC_SPLIT_OBJECT = 'TrafficSplit'
+export const MIN_VAL = 0
+export const MAX_VAL = 100
+
+export async function setupSMI(
+   kubectl: Kubectl,
+   serviceEntityList: any[],
+   timeout?: string
+): Promise<BlueGreenDeployment> {
+   const newObjectsList = []
+   const trafficObjectList = []
+
+   serviceEntityList.forEach((serviceObject) => {
+      // create a trafficsplit for service
+      trafficObjectList.push(serviceObject)
+      // set up the services for trafficsplit
+      const newStableService = getStableSMIServiceResource(serviceObject)
+      const newGreenService = getGreenSMIServiceResource(serviceObject)
+      newObjectsList.push(newStableService)
+      newObjectsList.push(newGreenService)
+   })
+
+   const tsObjects: TrafficSplitObject[] = []
+   // route to stable service
+   for (const svc of trafficObjectList) {
+      const tsObject = await createTrafficSplitObject(
+         kubectl,
+         svc.metadata.name,
+         NONE_LABEL_VALUE,
+         timeout
+      )
+      tsObjects.push(tsObject as TrafficSplitObject)
+   }
+
+   const objectsToDeploy = [].concat(newObjectsList, tsObjects)
+
+   // create services
+   const smiDeploymentResult: DeployResult = await deployObjects(
+      kubectl,
+      objectsToDeploy,
+      timeout
+   )
+
+   return {
+      objects: objectsToDeploy,
+      deployResult: smiDeploymentResult
+   }
+}
+
+let trafficSplitAPIVersion = ''
+
+export async function createTrafficSplitObject(
+   kubectl: Kubectl,
+   name: string,
+   nextLabel: string,
+   timeout?: string
+): Promise<TrafficSplitObject> {
+   // cache traffic split api version
+   if (!trafficSplitAPIVersion)
+      trafficSplitAPIVersion =
+         await kubectlUtils.getTrafficSplitAPIVersion(kubectl)
+
+   // retrieve annotations for TS object
+   const annotations = inputAnnotations
+
+   // decide weights based on nextlabel
+   const stableWeight: number =
+      nextLabel === GREEN_LABEL_VALUE ? MIN_VAL : MAX_VAL
+   const greenWeight: number =
+      nextLabel === GREEN_LABEL_VALUE ? MAX_VAL : MIN_VAL
+
+   const trafficSplitObject: TrafficSplitObject = {
+      apiVersion: trafficSplitAPIVersion,
+      kind: TRAFFIC_SPLIT_OBJECT,
+      metadata: {
+         name: getBlueGreenResourceName(name, TRAFFIC_SPLIT_OBJECT_NAME_SUFFIX),
+         annotations: annotations,
+         labels: new Map<string, string>()
+      },
+      spec: {
+         service: name,
+         backends: [
+            {
+               service: getBlueGreenResourceName(name, STABLE_SUFFIX),
+               weight: stableWeight
+            },
+            {
+               service: getBlueGreenResourceName(name, GREEN_SUFFIX),
+               weight: greenWeight
+            }
+         ]
+      }
+   }
+
+   const deleteList: K8sDeleteObject[] = [
+      {
+         name: trafficSplitObject.metadata.name,
+         kind: trafficSplitObject.kind
+      }
+   ]
+   await deleteObjects(kubectl, deleteList, timeout)
+   return trafficSplitObject
+}
+
+export function getStableSMIServiceResource(inputObject: K8sObject): K8sObject {
+   const newObject = JSON.parse(JSON.stringify(inputObject))
+   // adding stable suffix to service name
+   newObject.metadata.name = getBlueGreenResourceName(
+      inputObject.metadata.name,
+      STABLE_SUFFIX
+   )
+   return getNewBlueGreenObject(newObject, NONE_LABEL_VALUE)
+}
+
+export function getGreenSMIServiceResource(inputObject: K8sObject): K8sObject {
+   const newObject = JSON.parse(JSON.stringify(inputObject))
+   return getNewBlueGreenObject(newObject, GREEN_LABEL_VALUE)
+}
+
+export async function validateTrafficSplitsState(
+   kubectl: Kubectl,
+   serviceEntityList: any[]
+): Promise<boolean> {
+   let trafficSplitsInRightState: boolean = true
+
+   for (const serviceObject of serviceEntityList) {
+      const name = serviceObject.metadata.name
+      let trafficSplitObject = await fetchResource(
+         kubectl,
+         TRAFFIC_SPLIT_OBJECT,
+         getBlueGreenResourceName(name, TRAFFIC_SPLIT_OBJECT_NAME_SUFFIX),
+         serviceObject?.metadata?.namespace
+      )
+      core.debug(
+         `ts object extracted was ${JSON.stringify(trafficSplitObject)}`
+      )
+      if (!trafficSplitObject) {
+         core.debug(`no traffic split exits for ${name}`)
+         trafficSplitsInRightState = false
+         continue
+      }
+
+      trafficSplitObject.spec.backends.forEach((element) => {
+         // checking if trafficsplit in right state to deploy
+         if (element.service === getBlueGreenResourceName(name, GREEN_SUFFIX)) {
+            trafficSplitsInRightState =
+               trafficSplitsInRightState && element.weight == MAX_VAL
+         }
+
+         if (
+            element.service === getBlueGreenResourceName(name, STABLE_SUFFIX)
+         ) {
+            trafficSplitsInRightState =
+               trafficSplitsInRightState && element.weight == MIN_VAL
+         }
+      })
+   }
+   return trafficSplitsInRightState
+}
+
+export async function cleanupSMI(
+   kubectl: Kubectl,
+   serviceEntityList: any[],
+   timeout?: string
+): Promise<K8sDeleteObject[]> {
+   const deleteList: K8sDeleteObject[] = []
+
+   serviceEntityList.forEach((serviceObject) => {
+      deleteList.push({
+         name: getBlueGreenResourceName(
+            serviceObject.metadata.name,
+            GREEN_SUFFIX
+         ),
+         kind: serviceObject.kind,
+         namespace: serviceObject?.metadata?.namespace
+      })
+   })
+
+   // delete all objects
+   await deleteObjects(kubectl, deleteList, timeout)
+
+   return deleteList
+}
@@ -0,0 +1,246 @@
+import {Kubectl} from '../../types/kubectl.js'
+import * as fs from 'fs'
+import * as yaml from 'js-yaml'
+import * as core from '@actions/core'
+import {ExecOutput} from '@actions/exec'
+import {
+   isDeploymentEntity,
+   isServiceEntity,
+   KubernetesWorkload
+} from '../../types/kubernetesTypes.js'
+import * as utils from '../../utilities/manifestUpdateUtils.js'
+import {
+   updateObjectAnnotations,
+   updateObjectLabels,
+   updateSelectorLabels
+} from '../../utilities/manifestUpdateUtils.js'
+import {updateSpecLabels} from '../../utilities/manifestSpecLabelUtils.js'
+import {checkForErrors} from '../../utilities/kubectlUtils.js'
+
+export const CANARY_VERSION_LABEL = 'workflow/version'
+const BASELINE_SUFFIX = '-baseline'
+export const BASELINE_LABEL_VALUE = 'baseline'
+const CANARY_SUFFIX = '-canary'
+export const CANARY_LABEL_VALUE = 'canary'
+export const STABLE_SUFFIX = '-stable'
+export const STABLE_LABEL_VALUE = 'stable'
+
+export async function deleteCanaryDeployment(
+   kubectl: Kubectl,
+   manifestFilePaths: string[],
+   includeServices: boolean,
+   timeout?: string
+): Promise<string[]> {
+   if (manifestFilePaths == null || manifestFilePaths.length == 0) {
+      throw new Error('Manifest files for deleting canary deployment not found')
+   }
+
+   const deletedFiles = await cleanUpCanary(
+      kubectl,
+      manifestFilePaths,
+      includeServices,
+      timeout
+   )
+   return deletedFiles
+}
+
+export function markResourceAsStable(inputObject: any): object {
+   if (isResourceMarkedAsStable(inputObject)) {
+      return inputObject
+   }
+
+   const newObject = JSON.parse(JSON.stringify(inputObject))
+   addCanaryLabelsAndAnnotations(newObject, STABLE_LABEL_VALUE)
+   return newObject
+}
+
+export function isResourceMarkedAsStable(inputObject: any): boolean {
+   return (
+      inputObject?.metadata?.labels[CANARY_VERSION_LABEL] === STABLE_LABEL_VALUE
+   )
+}
+
+export function getStableResource(inputObject: any): object {
+   const replicaCount = specContainsReplicas(inputObject.kind)
+      ? inputObject.spec.replicas
+      : 0
+
+   return getNewCanaryObject(inputObject, replicaCount, STABLE_LABEL_VALUE)
+}
+
+export function getNewBaselineResource(
+   stableObject: any,
+   replicas?: number
+): object {
+   return getNewCanaryObject(stableObject, replicas, BASELINE_LABEL_VALUE)
+}
+
+export function getNewCanaryResource(
+   inputObject: any,
+   replicas?: number
+): object {
+   return getNewCanaryObject(inputObject, replicas, CANARY_LABEL_VALUE)
+}
+
+export async function fetchResource(
+   kubectl: Kubectl,
+   kind: string,
+   name: string
+) {
+   let result: ExecOutput
+   try {
+      result = await kubectl.getResource(kind, name)
+   } catch (e) {
+      core.debug(`detected error while fetching resources: ${e}`)
+   }
+
+   if (!result || result?.stderr) {
+      return null
+   }
+
+   if (result.stdout) {
+      const resource = JSON.parse(result.stdout)
+
+      try {
+         utils.UnsetClusterSpecificDetails(resource)
+         return resource
+      } catch (ex) {
+         core.debug(
+            `Exception occurred while parsing ${resource} in JSON object: ${ex}`
+         )
+      }
+   }
+}
+
+export function getCanaryResourceName(name: string) {
+   return name + CANARY_SUFFIX
+}
+
+export function getBaselineResourceName(name: string) {
+   return name + BASELINE_SUFFIX
+}
+
+export function getStableResourceName(name: string) {
+   return name + STABLE_SUFFIX
+}
+
+export function getBaselineDeploymentFromStableDeployment(
+   inputObject: any,
+   replicaCount: number
+): object {
+   // TODO: REFACTOR TO MAKE EVERYTHING TYPE SAFE
+   const oldName = inputObject.metadata.name
+   const newName =
+      oldName.substring(0, oldName.length - STABLE_SUFFIX.length) +
+      BASELINE_SUFFIX
+
+   const newObject = getNewCanaryObject(
+      inputObject,
+      replicaCount,
+      BASELINE_LABEL_VALUE
+   ) as any
+   newObject.metadata.name = newName
+
+   return newObject
+}
+
+function getNewCanaryObject(
+   inputObject: any,
+   replicas: number,
+   type: string
+): object {
+   const newObject = JSON.parse(JSON.stringify(inputObject))
+
+   // Updating name
+   if (type === CANARY_LABEL_VALUE) {
+      newObject.metadata.name = getCanaryResourceName(inputObject.metadata.name)
+   } else if (type === STABLE_LABEL_VALUE) {
+      newObject.metadata.name = getStableResourceName(inputObject.metadata.name)
+   } else {
+      newObject.metadata.name = getBaselineResourceName(
+         inputObject.metadata.name
+      )
+   }
+
+   addCanaryLabelsAndAnnotations(newObject, type)
+
+   if (specContainsReplicas(newObject.kind)) {
+      newObject.spec.replicas = replicas
+   }
+
+   return newObject
+}
+
+function specContainsReplicas(kind: string) {
+   return (
+      kind.toLowerCase() !== KubernetesWorkload.POD.toLowerCase() &&
+      kind.toLowerCase() !== KubernetesWorkload.DAEMON_SET.toLowerCase() &&
+      !isServiceEntity(kind)
+   )
+}
+
+function addCanaryLabelsAndAnnotations(inputObject: any, type: string) {
+   const newLabels = new Map<string, string>()
+   newLabels[CANARY_VERSION_LABEL] = type
+
+   updateObjectLabels(inputObject, newLabels, false)
+   updateObjectAnnotations(inputObject, newLabels, false)
+   updateSelectorLabels(inputObject, newLabels, false)
+
+   if (!isServiceEntity(inputObject.kind)) {
+      updateSpecLabels(inputObject, newLabels, false)
+   }
+}
+
+async function cleanUpCanary(
+   kubectl: Kubectl,
+   files: string[],
+   includeServices: boolean,
+   timeout?: string
+): Promise<string[]> {
+   const deleteObject = async function (
+      kind: string,
+      name: string,
+      namespace: string | undefined
+   ) {
+      try {
+         const result = await kubectl.delete([kind, name], namespace, timeout)
+         checkForErrors([result])
+      } catch (ex) {
+         // Ignore failures of delete if it doesn't exist
+      }
+   }
+
+   const deletedFiles: string[] = []
+
+   for (const filePath of files) {
+      try {
+         const fileContents = fs.readFileSync(filePath).toString()
+
+         const parsedYaml: any[] = yaml.loadAll(fileContents)
+         for (const inputObject of parsedYaml) {
+            const name = inputObject.metadata.name
+            const kind = inputObject.kind
+            const namespace: string | undefined =
+               inputObject?.metadata?.namespace
+
+            if (
+               isDeploymentEntity(kind) ||
+               (includeServices && isServiceEntity(kind))
+            ) {
+               deletedFiles.push(filePath)
+               const canaryObjectName = getCanaryResourceName(name)
+               const baselineObjectName = getBaselineResourceName(name)
+
+               await deleteObject(kind, canaryObjectName, namespace)
+               await deleteObject(kind, baselineObjectName, namespace)
+            }
+         }
+      } catch (error) {
+         core.error(`Failed to process file ${filePath}: ${error.message}`)
+         throw error
+      }
+   }
+
+   return deletedFiles
+}
@@ -0,0 +1,288 @@
+import {vi} from 'vitest'
+import type {MockInstance} from 'vitest'
+vi.mock('@actions/core')
+
+import * as core from '@actions/core'
+import {Kubectl} from '../../types/kubectl.js'
+import {
+   deployPodCanary,
+   calculateReplicaCountForCanary
+} from './podCanaryHelper.js'
+
+vi.mock('../../types/kubectl')
+
+const kc = new Kubectl('')
+
+// Shared mock objects following DRY principle
+const mockSuccessResult = {
+   stdout: 'deployment.apps/nginx-deployment created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult = {
+   stdout: '',
+   stderr: 'error: deployment failed',
+   exitCode: 1
+}
+
+// Use existing test manifest files
+const testManifestFiles = ['test/unit/manifests/basic-test.yml']
+
+// Test constants
+const VALID_PERCENTAGE = 50
+const INVALID_LOW_PERCENTAGE = -10
+const INVALID_HIGH_PERCENTAGE = 150
+const MIN_PERCENTAGE = 0
+const MAX_PERCENTAGE = 100
+const TIMEOUT_300S = '300s'
+
+describe('Pod Canary Helper tests', () => {
+   let mockFilePaths: string[]
+   let kubectlApplySpy: MockInstance
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      vi.restoreAllMocks()
+
+      mockFilePaths = testManifestFiles
+      kubectlApplySpy = vi.spyOn(kc, 'apply')
+
+      // Mock core.getInput with default values
+      vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+         switch (name) {
+            case 'percentage':
+               return VALID_PERCENTAGE.toString()
+            case 'force':
+               return 'false'
+            case 'server-side':
+               return 'false'
+            default:
+               return ''
+         }
+      })
+   })
+
+   afterEach(() => {
+      vi.restoreAllMocks()
+      kubectlApplySpy.mockClear()
+   })
+
+   describe('deployPodCanary', () => {
+      test('should deploy canary successfully when kubectl apply succeeds', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployPodCanary(mockFilePaths, kc, false)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(result.manifestFiles).toBeDefined()
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should throw error when kubectl apply fails', async () => {
+         kubectlApplySpy.mockResolvedValue(mockFailureResult)
+
+         await expect(
+            deployPodCanary(mockFilePaths, kc, false)
+         ).rejects.toThrow()
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+      })
+
+      test('should deploy stable only when onlyDeployStable is true', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployPodCanary(mockFilePaths, kc, true)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should handle timeout parameter', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployPodCanary(
+            mockFilePaths,
+            kc,
+            false,
+            TIMEOUT_300S
+         )
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            false,
+            false,
+            TIMEOUT_300S
+         )
+      })
+
+      test('should throw error for invalid low percentage', async () => {
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'percentage') return INVALID_LOW_PERCENTAGE.toString()
+            return ''
+         })
+
+         await expect(
+            deployPodCanary(mockFilePaths, kc, false)
+         ).rejects.toThrow(
+            `Percentage must be between ${MIN_PERCENTAGE} and ${MAX_PERCENTAGE}`
+         )
+      })
+
+      test('should throw error for invalid high percentage', async () => {
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'percentage') return INVALID_HIGH_PERCENTAGE.toString()
+            return ''
+         })
+
+         await expect(
+            deployPodCanary(mockFilePaths, kc, false)
+         ).rejects.toThrow(
+            `Percentage must be between ${MIN_PERCENTAGE} and ${MAX_PERCENTAGE}`
+         )
+      })
+
+      test('should handle valid edge case percentages', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         // Test minimum valid percentage
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'percentage') return MIN_PERCENTAGE.toString()
+            return ''
+         })
+
+         const resultMin = await deployPodCanary(mockFilePaths, kc, false)
+         expect(resultMin.execResult).toEqual(mockSuccessResult)
+
+         // Test maximum valid percentage
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'percentage') return MAX_PERCENTAGE.toString()
+            return ''
+         })
+
+         const resultMax = await deployPodCanary(mockFilePaths, kc, false)
+         expect(resultMax.execResult).toEqual(mockSuccessResult)
+      })
+
+      test('should handle force deployment option', async () => {
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            switch (name) {
+               case 'percentage':
+                  return VALID_PERCENTAGE.toString()
+               case 'force':
+                  return 'true'
+               default:
+                  return ''
+            }
+         })
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployPodCanary(mockFilePaths, kc, false)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            true, // force should be true
+            false,
+            undefined
+         )
+      })
+
+      test('should handle server-side apply option', async () => {
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            switch (name) {
+               case 'percentage':
+                  return VALID_PERCENTAGE.toString()
+               case 'server-side':
+                  return 'true'
+               default:
+                  return ''
+            }
+         })
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deployPodCanary(mockFilePaths, kc, false)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            false,
+            true, // server-side should be true
+            undefined
+         )
+      })
+   })
+
+   describe('calculateReplicaCountForCanary', () => {
+      test('should calculate correct replica count for given percentage', () => {
+         const mockObject = {
+            kind: 'Deployment',
+            metadata: {
+               name: 'test-deployment'
+            },
+            spec: {
+               replicas: 10
+            }
+         }
+
+         // 50% of 10 replicas = 5
+         const result50 = calculateReplicaCountForCanary(mockObject, 50)
+         expect(result50).toBe(5)
+
+         // 25% of 10 replicas = 2.5, rounded to 3
+         const result25 = calculateReplicaCountForCanary(mockObject, 25)
+         expect(result25).toBe(3)
+
+         // 10% of 10 replicas = 1
+         const result10 = calculateReplicaCountForCanary(mockObject, 10)
+         expect(result10).toBe(1)
+      })
+
+      test('should return minimum 1 replica even for very low percentages', () => {
+         const mockObject = {
+            kind: 'Deployment',
+            metadata: {
+               name: 'test-deployment'
+            },
+            spec: {
+               replicas: 2
+            }
+         }
+
+         // 1% of 2 replicas = 0.02, but should return minimum 1
+         const result = calculateReplicaCountForCanary(mockObject, 1)
+         expect(result).toBe(1)
+      })
+
+      test('should handle 100% percentage correctly', () => {
+         const mockObject = {
+            kind: 'Deployment',
+            metadata: {
+               name: 'test-deployment'
+            },
+            spec: {
+               replicas: 5
+            }
+         }
+
+         const result = calculateReplicaCountForCanary(mockObject, 100)
+         expect(result).toBe(5)
+      })
+
+      test('should handle 0% percentage correctly', () => {
+         const mockObject = {
+            kind: 'Deployment',
+            metadata: {
+               name: 'test-deployment'
+            },
+            spec: {
+               replicas: 10
+            }
+         }
+
+         // 0% should still return minimum 1 replica
+         const result = calculateReplicaCountForCanary(mockObject, 0)
+         expect(result).toBe(1)
+      })
+   })
+})
@@ -0,0 +1,118 @@
+import {Kubectl} from '../../types/kubectl.js'
+import * as core from '@actions/core'
+import * as fs from 'fs'
+import * as yaml from 'js-yaml'
+
+import * as fileHelper from '../../utilities/fileUtils.js'
+import * as canaryDeploymentHelper from './canaryHelper.js'
+import {isDeploymentEntity} from '../../types/kubernetesTypes.js'
+import {getReplicaCount} from '../../utilities/manifestUpdateUtils.js'
+import {DeployResult} from '../../types/deployResult.js'
+import {K8sObject} from '../../types/k8sObject.js'
+import {checkForErrors} from '../../utilities/kubectlUtils.js'
+
+export async function deployPodCanary(
+   filePaths: string[],
+   kubectl: Kubectl,
+   onlyDeployStable: boolean = false,
+   timeout?: string
+): Promise<DeployResult> {
+   const newObjectsList = []
+   const percentage = parseInt(core.getInput('percentage', {required: true}))
+
+   if (percentage < 0 || percentage > 100)
+      throw Error('Percentage must be between 0 and 100')
+
+   for (const filePath of filePaths) {
+      try {
+         const fileContents = fs.readFileSync(filePath, 'utf8')
+         const parsedYaml = yaml.loadAll(fileContents)
+         for (const inputObject of parsedYaml) {
+            if (
+               inputObject &&
+               typeof inputObject === 'object' &&
+               'metadata' in inputObject &&
+               'kind' in inputObject &&
+               'spec' in inputObject &&
+               typeof inputObject.metadata === 'object' &&
+               'name' in inputObject.metadata &&
+               typeof inputObject.metadata.name === 'string' &&
+               typeof inputObject.kind === 'string'
+            ) {
+               const obj = inputObject as K8sObject
+               const name = obj.metadata.name
+               const kind = obj.kind
+
+               if (!onlyDeployStable && isDeploymentEntity(kind)) {
+                  core.debug('Calculating replica count for canary')
+                  const canaryReplicaCount = calculateReplicaCountForCanary(
+                     obj,
+                     percentage
+                  )
+                  core.debug('Replica count is ' + canaryReplicaCount)
+
+                  const newCanaryObject =
+                     canaryDeploymentHelper.getNewCanaryResource(
+                        obj,
+                        canaryReplicaCount
+                     )
+                  newObjectsList.push(newCanaryObject)
+
+                  // if there's already a stable object, deploy baseline as well
+                  const stableObject =
+                     await canaryDeploymentHelper.fetchResource(
+                        kubectl,
+                        kind,
+                        name
+                     )
+                  if (stableObject) {
+                     core.debug(
+                        `Stable object found for ${kind} ${name}. Creating baseline objects`
+                     )
+                     const newBaselineObject =
+                        canaryDeploymentHelper.getNewBaselineResource(
+                           stableObject,
+                           canaryReplicaCount
+                        )
+                     core.debug(
+                        'New baseline object: ' +
+                           JSON.stringify(newBaselineObject)
+                     )
+                     newObjectsList.push(newBaselineObject)
+                  }
+               } else {
+                  // deploy non deployment entity or regular deployments for promote as they are
+                  newObjectsList.push(obj)
+               }
+            }
+         }
+      } catch (error) {
+         core.error(
+            `Failed to parse YAML file at ${filePath}: ${error.message}`
+         )
+         throw error
+      }
+   }
+
+   core.debug('New objects list: ' + JSON.stringify(newObjectsList))
+   const manifestFiles = fileHelper.writeObjectsToFile(newObjectsList)
+   const forceDeployment = core.getInput('force').toLowerCase() === 'true'
+   const serverSideApply = core.getInput('server-side').toLowerCase() === 'true'
+
+   const execResult = await kubectl.apply(
+      manifestFiles,
+      forceDeployment,
+      serverSideApply,
+      timeout
+   )
+   checkForErrors([execResult])
+   return {execResult, manifestFiles}
+}
+
+export function calculateReplicaCountForCanary(
+   inputObject: any,
+   percentage: number
+) {
+   const inputReplicaCount = getReplicaCount(inputObject)
+   return Math.max(1, Math.round((inputReplicaCount * percentage) / 100))
+}
@@ -0,0 +1,223 @@
+import {vi} from 'vitest'
+import type {MockInstance} from 'vitest'
+vi.mock('@actions/core', async (importOriginal) => {
+   const actual: any = await importOriginal()
+   return {
+      ...actual,
+      getInput: vi.fn().mockReturnValue(''),
+      debug: vi.fn(),
+      info: vi.fn(),
+      warning: vi.fn(),
+      error: vi.fn(),
+      setFailed: vi.fn(),
+      setOutput: vi.fn(),
+      group: vi
+         .fn()
+         .mockImplementation(
+            async (_name: string, fn: () => Promise<void>) => await fn()
+         )
+   }
+})
+
+import * as core from '@actions/core'
+import * as fs from 'fs'
+import {Kubectl} from '../../types/kubectl.js'
+import {
+   deploySMICanary,
+   redirectTrafficToCanaryDeployment,
+   redirectTrafficToStableDeployment
+} from './smiCanaryHelper.js'
+
+vi.mock('../../types/kubectl')
+
+const kc = new Kubectl('')
+
+// Shared mock objects following DRY principle
+const mockSuccessResult = {
+   stdout: 'deployment.apps/nginx-deployment created',
+   stderr: '',
+   exitCode: 0
+}
+
+const mockFailureResult = {
+   stdout: '',
+   stderr: 'error: deployment failed',
+   exitCode: 1
+}
+
+const mockExecuteCommandResult = {
+   stdout: 'split.smi-spec.io/v1alpha1\nsplit.smi-spec.io/v1alpha2',
+   stderr: '',
+   exitCode: 0
+}
+
+// Use existing test manifest files
+const testManifestFiles = ['test/unit/manifests/basic-test.yml']
+
+// Test constants
+const VALID_REPLICA_COUNT = 5
+const TIMEOUT_300S = '300s'
+const TIMEOUT_240S = '240s'
+
+describe('SMI Canary Helper tests', () => {
+   let mockFilePaths: string[]
+   let kubectlApplySpy: MockInstance
+   let kubectlExecuteCommandSpy: MockInstance
+
+   beforeEach(() => {
+      vi.mocked(Kubectl).mockClear()
+      vi.restoreAllMocks()
+
+      mockFilePaths = testManifestFiles
+      kubectlApplySpy = vi.spyOn(kc, 'apply')
+      kubectlExecuteCommandSpy = vi
+         .spyOn(kc, 'executeCommand')
+         .mockResolvedValue(mockExecuteCommandResult)
+
+      // Mock core.getInput with default values
+      vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+         switch (name) {
+            case 'percentage':
+               return '50'
+            case 'baseline-and-canary-replicas':
+               return ''
+            case 'force':
+               return 'false'
+            case 'server-side':
+               return 'false'
+            default:
+               return ''
+         }
+      })
+   })
+
+   afterEach(() => {
+      vi.restoreAllMocks()
+      kubectlApplySpy.mockClear()
+   })
+
+   describe('deploySMICanary', () => {
+      test('should deploy canary successfully when kubectl apply succeeds', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deploySMICanary(mockFilePaths, kc, false)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(result.manifestFiles).toBeDefined()
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should throw error when kubectl apply fails', async () => {
+         kubectlApplySpy.mockResolvedValue(mockFailureResult)
+
+         await expect(
+            deploySMICanary(mockFilePaths, kc, false)
+         ).rejects.toThrow()
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(2)
+      })
+
+      test('should deploy stable only when onlyDeployStable is true', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deploySMICanary(mockFilePaths, kc, true)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should handle custom replica count from input', async () => {
+         vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            switch (name) {
+               case 'baseline-and-canary-replicas':
+                  return VALID_REPLICA_COUNT.toString()
+               case 'percentage':
+                  return '50'
+               default:
+                  return ''
+            }
+         })
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await deploySMICanary(mockFilePaths, kc, false)
+
+         expect(result.execResult).toEqual(mockSuccessResult)
+      })
+   })
+
+   describe('redirectTrafficToCanaryDeployment', () => {
+      test('should redirect traffic to canary deployment successfully', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         await redirectTrafficToCanaryDeployment(kc, mockFilePaths)
+
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should handle timeout parameter', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         await redirectTrafficToCanaryDeployment(
+            kc,
+            mockFilePaths,
+            TIMEOUT_300S
+         )
+
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            false,
+            false,
+            TIMEOUT_300S
+         )
+      })
+
+      test('should throw error when kubectl apply fails', async () => {
+         kubectlApplySpy.mockResolvedValue(mockFailureResult)
+
+         await expect(
+            redirectTrafficToCanaryDeployment(kc, mockFilePaths)
+         ).rejects.toThrow()
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+      })
+   })
+
+   describe('redirectTrafficToStableDeployment', () => {
+      test('should redirect traffic to stable deployment successfully', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await redirectTrafficToStableDeployment(
+            kc,
+            mockFilePaths
+         )
+
+         expect(result).toBeDefined()
+         expect(kubectlApplySpy).toHaveBeenCalled()
+      })
+
+      test('should handle timeout parameter', async () => {
+         kubectlApplySpy.mockResolvedValue(mockSuccessResult)
+
+         const result = await redirectTrafficToStableDeployment(
+            kc,
+            mockFilePaths,
+            TIMEOUT_240S
+         )
+
+         expect(result).toBeDefined()
+         expect(kubectlApplySpy).toHaveBeenCalledWith(
+            expect.any(Array),
+            false,
+            false,
+            TIMEOUT_240S
+         )
+      })
+
+      test('should throw error when kubectl apply fails during traffic redirect to stable', async () => {
+         kubectlApplySpy.mockResolvedValue(mockFailureResult)
+
+         await expect(
+            redirectTrafficToStableDeployment(kc, mockFilePaths)
+         ).rejects.toThrow()
+         expect(kubectlApplySpy).toHaveBeenCalledTimes(1)
+      })
+   })
+})
@@ -0,0 +1,420 @@
+import {Kubectl} from '../../types/kubectl.js'
+import * as core from '@actions/core'
+import * as fs from 'fs'
+import * as yaml from 'js-yaml'
+
+import * as fileHelper from '../../utilities/fileUtils.js'
+import * as kubectlUtils from '../../utilities/trafficSplitUtils.js'
+import * as canaryDeploymentHelper from './canaryHelper.js'
+import * as podCanaryHelper from './podCanaryHelper.js'
+import {
+   isDeploymentEntity,
+   isServiceEntity
+} from '../../types/kubernetesTypes.js'
+import {checkForErrors} from '../../utilities/kubectlUtils.js'
+import {inputAnnotations} from '../../inputUtils.js'
+import {DeployResult} from '../../types/deployResult.js'
+import {K8sObject} from '../../types/k8sObject.js'
+
+const TRAFFIC_SPLIT_OBJECT_NAME_SUFFIX = '-workflow-rollout'
+const TRAFFIC_SPLIT_OBJECT = 'TrafficSplit'
+
+export async function deploySMICanary(
+   filePaths: string[],
+   kubectl: Kubectl,
+   onlyDeployStable: boolean = false,
+   timeout?: string
+): Promise<DeployResult> {
+   const canaryReplicasInput = core.getInput('baseline-and-canary-replicas')
+   let canaryReplicaCount
+   let calculateReplicas = true
+   if (canaryReplicasInput !== '') {
+      canaryReplicaCount = parseInt(canaryReplicasInput)
+      calculateReplicas = false
+      core.debug(
+         `read replica count ${canaryReplicaCount} from input: ${canaryReplicasInput}`
+      )
+   }
+
+   if (canaryReplicaCount < 0 && canaryReplicaCount > 100)
+      throw Error('Baseline-and-canary-replicas must be between 0 and 100')
+
+   const newObjectsList = []
+   for await (const filePath of filePaths) {
+      try {
+         const fileContents = fs.readFileSync(filePath).toString()
+         const inputObjects: K8sObject[] = yaml.loadAll(
+            fileContents
+         ) as K8sObject[]
+         for (const inputObject of inputObjects) {
+            const name = inputObject.metadata.name
+            const kind = inputObject.kind
+
+            if (!onlyDeployStable && isDeploymentEntity(kind)) {
+               if (calculateReplicas) {
+                  // calculate for each object
+                  const percentage = parseInt(
+                     core.getInput('percentage', {required: true})
+                  )
+                  canaryReplicaCount =
+                     podCanaryHelper.calculateReplicaCountForCanary(
+                        inputObject,
+                        percentage
+                     )
+                  core.debug(`calculated replica count ${canaryReplicaCount}`)
+               }
+
+               core.debug('Creating canary object')
+               const newCanaryObject =
+                  canaryDeploymentHelper.getNewCanaryResource(
+                     inputObject,
+                     canaryReplicaCount
+                  )
+               newObjectsList.push(newCanaryObject)
+
+               const stableObject = await canaryDeploymentHelper.fetchResource(
+                  kubectl,
+                  kind,
+                  canaryDeploymentHelper.getStableResourceName(name)
+               )
+               if (stableObject) {
+                  core.debug(
+                     `Stable object found for ${kind} ${name}. Creating baseline objects`
+                  )
+                  const newBaselineObject =
+                     canaryDeploymentHelper.getBaselineDeploymentFromStableDeployment(
+                        stableObject,
+                        canaryReplicaCount
+                     )
+                  newObjectsList.push(newBaselineObject)
+               }
+            } else if (isDeploymentEntity(kind)) {
+               core.debug(
+                  `creating stable deployment with ${inputObject.spec.replicas} replicas`
+               )
+               const stableDeployment =
+                  canaryDeploymentHelper.getStableResource(inputObject)
+               newObjectsList.push(stableDeployment)
+            } else {
+               // Update non deployment entity or stable deployment as it is
+               newObjectsList.push(inputObject)
+            }
+         }
+      } catch (error) {
+         core.error(`Failed to process file at ${filePath}: ${error.message}`)
+         throw error
+      }
+   }
+   core.debug(
+      `deploying canary objects with SMI: \n ${JSON.stringify(newObjectsList)}`
+   )
+   const newFilePaths = fileHelper.writeObjectsToFile(newObjectsList)
+   const forceDeployment = core.getInput('force').toLowerCase() === 'true'
+   const serverSideApply = core.getInput('server-side').toLowerCase() === 'true'
+
+   const result = await kubectl.apply(
+      newFilePaths,
+      forceDeployment,
+      serverSideApply,
+      timeout
+   )
+   const svcDeploymentFiles = await createCanaryService(
+      kubectl,
+      filePaths,
+      timeout
+   )
+   checkForErrors([result])
+   newFilePaths.push(...svcDeploymentFiles)
+   return {execResult: result, manifestFiles: newFilePaths}
+}
+
+async function createCanaryService(
+   kubectl: Kubectl,
+   filePaths: string[],
+   timeout?: string
+): Promise<string[]> {
+   const newObjectsList = []
+   const trafficObjectsList: string[] = []
+
+   for (const filePath of filePaths) {
+      try {
+         const fileContents = fs.readFileSync(filePath).toString()
+         const parsedYaml: K8sObject[] = yaml.loadAll(
+            fileContents
+         ) as K8sObject[]
+
+         for (const inputObject of parsedYaml) {
+            const name = inputObject.metadata.name
+            const kind = inputObject.kind
+
+            if (isServiceEntity(kind)) {
+               core.debug(`Creating services for ${kind} ${name}`)
+               const newCanaryServiceObject =
+                  canaryDeploymentHelper.getNewCanaryResource(inputObject)
+               newObjectsList.push(newCanaryServiceObject)
+
+               const newBaselineServiceObject =
+                  canaryDeploymentHelper.getNewBaselineResource(inputObject)
+               newObjectsList.push(newBaselineServiceObject)
+
+               const stableObject = await canaryDeploymentHelper.fetchResource(
+                  kubectl,
+                  kind,
+                  canaryDeploymentHelper.getStableResourceName(name)
+               )
+               if (!stableObject) {
+                  const newStableServiceObject =
+                     canaryDeploymentHelper.getStableResource(inputObject)
+                  newObjectsList.push(newStableServiceObject)
+
+                  core.debug('Creating the traffic object for service: ' + name)
+                  const trafficObject = await createTrafficSplitManifestFile(
+                     kubectl,
+                     name,
+                     0,
+                     0,
+                     1000,
+                     timeout
+                  )
+
+                  trafficObjectsList.push(trafficObject)
+               } else {
+                  let updateTrafficObject = true
+                  const trafficObject =
+                     await canaryDeploymentHelper.fetchResource(
+                        kubectl,
+                        TRAFFIC_SPLIT_OBJECT,
+                        getTrafficSplitResourceName(name)
+                     )
+
+                  if (trafficObject) {
+                     const trafficJObject = JSON.parse(
+                        JSON.stringify(trafficObject)
+                     )
+                     if (trafficJObject?.spec?.backends) {
+                        trafficJObject.spec.backends.forEach((s) => {
+                           if (
+                              s.service ===
+                                 canaryDeploymentHelper.getCanaryResourceName(
+                                    name
+                                 ) &&
+                              s.weight === '1000m'
+                           ) {
+                              core.debug('Update traffic objcet not required')
+                              updateTrafficObject = false
+                           }
+                        })
+                     }
+                  }
+
+                  if (updateTrafficObject) {
+                     core.debug(
+                        'Stable service object present so updating the traffic object for service: ' +
+                           name
+                     )
+                     trafficObjectsList.push(
+                        await updateTrafficSplitObject(kubectl, name)
+                     )
+                  }
+               }
+            }
+         }
+      } catch (error) {
+         core.error(`Failed to process file at ${filePath}: ${error.message}`)
+         throw error
+      }
+   }
+
+   const manifestFiles = fileHelper.writeObjectsToFile(newObjectsList)
+   manifestFiles.push(...trafficObjectsList)
+   const forceDeployment = core.getInput('force').toLowerCase() === 'true'
+   const serverSideApply = core.getInput('server-side').toLowerCase() === 'true'
+
+   const result = await kubectl.apply(
+      manifestFiles,
+      forceDeployment,
+      serverSideApply,
+      timeout
+   )
+   checkForErrors([result])
+   return manifestFiles
+}
+
+export async function redirectTrafficToCanaryDeployment(
+   kubectl: Kubectl,
+   manifestFilePaths: string[],
+   timeout?: string
+) {
+   await adjustTraffic(kubectl, manifestFilePaths, 0, 1000, timeout)
+}
+
+export async function redirectTrafficToStableDeployment(
+   kubectl: Kubectl,
+   manifestFilePaths: string[],
+   timeout?: string
+): Promise<string[]> {
+   return await adjustTraffic(kubectl, manifestFilePaths, 1000, 0, timeout)
+}
+
+async function adjustTraffic(
+   kubectl: Kubectl,
+   manifestFilePaths: string[],
+   stableWeight: number,
+   canaryWeight: number,
+   timeout?: string
+) {
+   if (!manifestFilePaths || manifestFilePaths?.length == 0) {
+      return
+   }
+
+   const trafficSplitManifests = []
+   for (const filePath of manifestFilePaths) {
+      try {
+         const fileContents = fs.readFileSync(filePath).toString()
+         const parsedYaml: K8sObject[] = yaml.loadAll(
+            fileContents
+         ) as K8sObject[]
+
+         for (const inputObject of parsedYaml) {
+            const name = inputObject.metadata.name
+            const kind = inputObject.kind
+
+            if (isServiceEntity(kind)) {
+               trafficSplitManifests.push(
+                  await createTrafficSplitManifestFile(
+                     kubectl,
+                     name,
+                     stableWeight,
+                     0,
+                     canaryWeight,
+                     timeout
+                  )
+               )
+            }
+         }
+      } catch (error) {
+         core.error(`Failed to process file at ${filePath}: ${error.message}`)
+         throw error
+      }
+   }
+
+   if (trafficSplitManifests.length <= 0) {
+      return
+   }
+
+   const forceDeployment = core.getInput('force').toLowerCase() === 'true'
+   const serverSideApply = core.getInput('server-side').toLowerCase() === 'true'
+   const result = await kubectl.apply(
+      trafficSplitManifests,
+      forceDeployment,
+      serverSideApply,
+      timeout
+   )
+   checkForErrors([result])
+   return trafficSplitManifests
+}
+
+async function updateTrafficSplitObject(
+   kubectl: Kubectl,
+   serviceName: string
+): Promise<string> {
+   const percentage = parseInt(core.getInput('percentage', {required: true}))
+   if (percentage < 0 || percentage > 100)
+      throw Error('Percentage must be between 0 and 100')
+
+   const percentageWithMuliplier = percentage * 10
+   const baselineAndCanaryWeight = percentageWithMuliplier / 2
+   const stableDeploymentWeight = 1000 - percentageWithMuliplier
+
+   core.debug(
+      'Creating the traffic object with canary weight: ' +
+         baselineAndCanaryWeight +
+         ', baseline weight: ' +
+         baselineAndCanaryWeight +
+         ', stable weight: ' +
+         stableDeploymentWeight
+   )
+   return await createTrafficSplitManifestFile(
+      kubectl,
+      serviceName,
+      stableDeploymentWeight,
+      baselineAndCanaryWeight,
+      baselineAndCanaryWeight
+   )
+}
+
+async function createTrafficSplitManifestFile(
+   kubectl: Kubectl,
+   serviceName: string,
+   stableWeight: number,
+   baselineWeight: number,
+   canaryWeight: number,
+   timeout?: string
+): Promise<string> {
+   const smiObjectString = await getTrafficSplitObject(
+      kubectl,
+      serviceName,
+      stableWeight,
+      baselineWeight,
+      canaryWeight,
+      timeout
+   )
+   const manifestFile = fileHelper.writeManifestToFile(
+      smiObjectString,
+      TRAFFIC_SPLIT_OBJECT,
+      serviceName
+   )
+
+   if (!manifestFile) {
+      throw new Error('Unable to create traffic split manifest file')
+   }
+
+   return manifestFile
+}
+
+let trafficSplitAPIVersion = ''
+
+async function getTrafficSplitObject(
+   kubectl: Kubectl,
+   name: string,
+   stableWeight: number,
+   baselineWeight: number,
+   canaryWeight: number,
+   timeout?: string
+): Promise<string> {
+   // cached version
+   if (!trafficSplitAPIVersion) {
+      trafficSplitAPIVersion =
+         await kubectlUtils.getTrafficSplitAPIVersion(kubectl)
+   }
+
+   return JSON.stringify({
+      apiVersion: trafficSplitAPIVersion,
+      kind: 'TrafficSplit',
+      metadata: {
+         name: getTrafficSplitResourceName(name),
+         annotations: inputAnnotations
+      },
+      spec: {
+         backends: [
+            {
+               service: canaryDeploymentHelper.getStableResourceName(name),
+               weight: stableWeight
+            },
+            {
+               service: canaryDeploymentHelper.getBaselineResourceName(name),
+               weight: baselineWeight
+            },
+            {
+               service: canaryDeploymentHelper.getCanaryResourceName(name),
+               weight: canaryWeight
+            }
+         ],
+         service: name
+      }
+   })
+}
+
+function getTrafficSplitResourceName(name: string) {
+   return name + TRAFFIC_SPLIT_OBJECT_NAME_SUFFIX
+}
@@ -0,0 +1,313 @@
+import * as fs from 'fs'
+import * as yaml from 'js-yaml'
+import * as canaryDeploymentHelper from './canary/canaryHelper.js'
+import * as models from '../types/kubernetesTypes.js'
+import {isDeploymentEntity} from '../types/kubernetesTypes.js'
+import * as fileHelper from '../utilities/fileUtils.js'
+import * as KubernetesManifestUtility from '../utilities/manifestStabilityUtils.js'
+import {Kubectl, Resource} from '../types/kubectl.js'
+
+import {deployPodCanary} from './canary/podCanaryHelper.js'
+import {deploySMICanary} from './canary/smiCanaryHelper.js'
+import {DeploymentConfig} from '../types/deploymentConfig.js'
+import {deployBlueGreen} from './blueGreen/deploy.js'
+import {DeploymentStrategy} from '../types/deploymentStrategy.js'
+import * as core from '@actions/core'
+import {
+   parseTrafficSplitMethod,
+   TrafficSplitMethod
+} from '../types/trafficSplitMethod.js'
+import {parseRouteStrategy} from '../types/routeStrategy.js'
+import {ExecOutput} from '@actions/exec'
+import {
+   getWorkflowAnnotationKeyLabel,
+   getWorkflowAnnotations,
+   cleanLabel
+} from '../utilities/workflowAnnotationUtils.js'
+import {
+   annotateChildPods,
+   checkForErrors,
+   getLastSuccessfulRunSha
+} from '../utilities/kubectlUtils.js'
+import {
+   getWorkflowFilePath,
+   normalizeWorkflowStrLabel
+} from '../utilities/githubUtils.js'
+import {getDeploymentConfig} from '../utilities/dockerUtils.js'
+import {DeployResult} from '../types/deployResult.js'
+import {ClusterType} from '../inputUtils.js'
+
+export async function deployManifests(
+   files: string[],
+   deploymentStrategy: DeploymentStrategy,
+   kubectl: Kubectl,
+   trafficSplitMethod: TrafficSplitMethod,
+   timeout?: string
+): Promise<string[]> {
+   switch (deploymentStrategy) {
+      case DeploymentStrategy.CANARY: {
+         const canaryDeployResult: DeployResult =
+            trafficSplitMethod == TrafficSplitMethod.SMI
+               ? await deploySMICanary(files, kubectl, false, timeout)
+               : await deployPodCanary(files, kubectl, false, timeout)
+
+         checkForErrors([canaryDeployResult.execResult])
+         return canaryDeployResult.manifestFiles
+      }
+
+      case DeploymentStrategy.BLUE_GREEN: {
+         const routeStrategy = parseRouteStrategy(
+            core.getInput('route-method', {required: true})
+         )
+         const blueGreenDeployment = await deployBlueGreen(
+            kubectl,
+            files,
+            routeStrategy,
+            timeout
+         )
+         core.debug(
+            `objects deployed for ${routeStrategy}: ${JSON.stringify(
+               blueGreenDeployment.objects
+            )} `
+         )
+
+         checkForErrors([blueGreenDeployment.deployResult.execResult])
+         const deployedManifestFiles =
+            blueGreenDeployment.deployResult.manifestFiles
+         core.debug(
+            `from blue-green service, deployed manifest files are ${deployedManifestFiles}`
+         )
+         return deployedManifestFiles
+      }
+
+      case DeploymentStrategy.BASIC: {
+         const trafficSplitMethod = parseTrafficSplitMethod(
+            core.getInput('traffic-split-method', {required: true})
+         )
+
+         const forceDeployment = core.getInput('force').toLowerCase() === 'true'
+         const serverSideApply =
+            core.getInput('server-side').toLowerCase() === 'true'
+         if (trafficSplitMethod === TrafficSplitMethod.SMI) {
+            const updatedManifests = appendStableVersionLabelToResource(files)
+
+            const result = await kubectl.apply(
+               updatedManifests,
+               forceDeployment,
+               serverSideApply,
+               timeout
+            )
+            checkForErrors([result])
+         } else {
+            const result = await kubectl.apply(
+               files,
+               forceDeployment,
+               serverSideApply,
+               timeout
+            )
+            checkForErrors([result])
+         }
+
+         return files
+      }
+
+      default: {
+         throw new Error('Deployment strategy is not recognized.')
+      }
+   }
+}
+
+function appendStableVersionLabelToResource(files: string[]): string[] {
+   const manifestFiles = []
+   const newObjectsList = []
+
+   files.forEach((filePath: string) => {
+      try {
+         const fileContents = fs.readFileSync(filePath).toString()
+
+         yaml.loadAll(fileContents, function (inputObject) {
+            const kind = (inputObject as {kind: string}).kind
+
+            if (isDeploymentEntity(kind)) {
+               const updatedObject =
+                  canaryDeploymentHelper.markResourceAsStable(inputObject)
+               newObjectsList.push(updatedObject)
+            } else {
+               manifestFiles.push(filePath)
+            }
+         })
+      } catch (error) {
+         core.error(`Failed to parse file at ${filePath}: ${error.message}`)
+         throw error
+      }
+   })
+
+   const updatedManifestFiles = fileHelper.writeObjectsToFile(newObjectsList)
+   manifestFiles.push(...updatedManifestFiles)
+
+   return manifestFiles
+}
+
+export async function checkManifestStability(
+   kubectl: Kubectl,
+   resources: Resource[],
+   resourceType: ClusterType,
+   timeout?: string
+): Promise<void> {
+   await KubernetesManifestUtility.checkManifestStability(
+      kubectl,
+      resources,
+      resourceType,
+      timeout
+   )
+}
+
+export async function annotateAndLabelResources(
+   files: string[],
+   kubectl: Kubectl,
+   resourceTypes: Resource[]
+) {
+   const defaultWorkflowFileName = 'k8s-deploy-failed-workflow-annotation'
+   const githubToken = core.getInput('token')
+   let workflowFilePath
+   try {
+      workflowFilePath = await getWorkflowFilePath(githubToken)
+   } catch (ex) {
+      core.warning(`Failed to extract workflow file name: ${ex}`)
+      workflowFilePath = defaultWorkflowFileName
+   }
+
+   const deploymentConfig = await getDeploymentConfig()
+   const annotationKeyLabel = getWorkflowAnnotationKeyLabel()
+
+   const shouldAnnotateResources = !(
+      core.getInput('annotate-resources').toLowerCase() === 'false'
+   )
+
+   if (shouldAnnotateResources) {
+      await annotateResources(
+         files,
+         kubectl,
+         resourceTypes,
+         annotationKeyLabel,
+         workflowFilePath,
+         deploymentConfig
+      ).catch((err) => core.warning(`Failed to annotate resources: ${err} `))
+   }
+
+   await labelResources(files, kubectl, annotationKeyLabel).catch((err) =>
+      core.warning(`Failed to label resources: ${err}`)
+   )
+}
+
+async function annotateResources(
+   files: string[],
+   kubectl: Kubectl,
+   resourceTypes: Resource[],
+   annotationKey: string,
+   workflowFilePath: string,
+   deploymentConfig: DeploymentConfig
+) {
+   const annotateResults: ExecOutput[] = []
+   const namespace = core.getInput('namespace') || '' // Sets namespace to an empty string if not provided, allowing the manifest-defined namespace to take precedence instead of "default".
+   const lastSuccessSha = await getLastSuccessfulRunSha(
+      kubectl,
+      namespace,
+      annotationKey
+   )
+
+   if (core.isDebug()) {
+      try {
+         core.debug(`files getting annotated are ${JSON.stringify(files)}`)
+         for (const filePath of files) {
+            core.debug('printing objects getting annotated...')
+            const fileContents = fs.readFileSync(filePath).toString()
+            const inputObjects = yaml.loadAll(fileContents)
+            for (const inputObject of inputObjects) {
+               core.debug(`object: ${JSON.stringify(inputObject)}`)
+            }
+         }
+      } catch (error) {
+         core.error(`Failed to load and parse files: ${error.message}`)
+         throw error
+      }
+   }
+
+   const annotationKeyValStr = `${annotationKey}=${getWorkflowAnnotations(
+      lastSuccessSha,
+      workflowFilePath,
+      deploymentConfig
+   )}`
+
+   const annotateNamespace = !(
+      namespace === '' ||
+      core.getInput('annotate-namespace').toLowerCase() === 'false'
+   ) // If namespace is empty, we don't annotate it. If the input is false, we also don't annotate it.
+
+   if (annotateNamespace) {
+      annotateResults.push(
+         await kubectl.annotate(
+            'namespace',
+            namespace,
+            annotationKeyValStr,
+            namespace
+         )
+      )
+   }
+
+   for (const file of files) {
+      try {
+         const annotateResult = await kubectl.annotateFiles(
+            file,
+            annotationKeyValStr,
+            namespace
+         )
+         annotateResults.push(annotateResult)
+      } catch (e) {
+         core.warning(`failed to annotate resource: ${e}`)
+      }
+   }
+
+   for (const resource of resourceTypes) {
+      if (
+         resource.type.toLowerCase() !==
+         models.KubernetesWorkload.POD.toLowerCase()
+      ) {
+         ;(
+            await annotateChildPods(
+               kubectl,
+               resource.type,
+               resource.name,
+               resource.namespace,
+               annotationKeyValStr
+            )
+         ).forEach((execResult) => annotateResults.push(execResult))
+      }
+   }
+
+   checkForErrors(annotateResults, true)
+}
+
+async function labelResources(
+   files: string[],
+   kubectl: Kubectl,
+   label: string
+) {
+   const labels = [
+      `workflowFriendlyName=${cleanLabel(
+         normalizeWorkflowStrLabel(process.env.GITHUB_WORKFLOW)
+      )}`,
+      `workflow=${cleanLabel(label)}`
+   ]
+
+   const labelResults = []
+   for (const file of files) {
+      try {
+         const labelResult = await kubectl.labelFiles(file, labels)
+         labelResults.push(labelResult)
+      } catch (e) {
+         core.warning(`failed to annotate resource: ${e}`)
+      }
+   }
+   checkForErrors(labelResults, true)
+}
@@ -0,0 +1,22 @@
+import {Action, parseAction} from './action.js'
+
+describe('Action type', () => {
+   test('it has required values', () => {
+      const vals = <any>Object.values(Action)
+      expect(vals.includes('deploy')).toBe(true)
+      expect(vals.includes('promote')).toBe(true)
+      expect(vals.includes('reject')).toBe(true)
+   })
+
+   test('it can parse valid values from a string', () => {
+      expect(parseAction('deploy')).toBe(Action.DEPLOY)
+      expect(parseAction('Deploy')).toBe(Action.DEPLOY)
+      expect(parseAction('DEPLOY')).toBe(Action.DEPLOY)
+      expect(parseAction('deploY')).toBe(Action.DEPLOY)
+   })
+
+   test("it will return undefined if it can't parse values from a string", () => {
+      expect(parseAction('invalid')).toBe(undefined)
+      expect(parseAction('unsupportedType')).toBe(undefined)
+   })
+})
@@ -0,0 +1,17 @@
+export enum Action {
+   DEPLOY = 'deploy',
+   PROMOTE = 'promote',
+   REJECT = 'reject'
+}
+
+/**
+ * Converts a string to the Action enum
+ * @param str The action type (case insensitive)
+ * @returns The Action enum or undefined if it can't be parsed
+ */
+export const parseAction = (str: string): Action | undefined =>
+   Action[
+      Object.keys(Action).filter(
+         (k) => Action[k].toString().toLowerCase() === str.toLowerCase()
+      )[0] as keyof typeof Action
+   ]
@@ -0,0 +1,8 @@
+export function parseAnnotations(str: string) {
+   if (str == '') {
+      return new Map<string, string>()
+   } else {
+      const annotation = JSON.parse(str)
+      return new Map<string, string>(annotation)
+   }
+}
@@ -0,0 +1,21 @@
+import {DeployResult} from './deployResult.js'
+import {K8sObject, K8sDeleteObject} from './k8sObject.js'
+
+export interface BlueGreenDeployment {
+   deployResult: DeployResult
+   objects: K8sObject[]
+}
+
+export interface BlueGreenManifests {
+   serviceEntityList: K8sObject[]
+   serviceNameMap: Map<string, string>
+   unroutedServiceEntityList: K8sObject[]
+   deploymentEntityList: K8sObject[]
+   ingressEntityList: K8sObject[]
+   otherObjects: K8sObject[]
+}
+
+export interface BlueGreenRejectResult {
+   deleteResult: K8sDeleteObject[]
+   routeResult: BlueGreenDeployment
+}
@@ -0,0 +1,6 @@
+import {ExecOutput} from '@actions/exec'
+
+export interface DeployResult {
+   execResult: ExecOutput
+   manifestFiles: string[]
+}
@@ -0,0 +1,5 @@
+export interface DeploymentConfig {
+   manifestFilePaths: string[]
+   helmChartFilePaths: string[]
+   dockerfilePaths: any
+}
@@ -0,0 +1,28 @@
+import {
+   DeploymentStrategy,
+   parseDeploymentStrategy
+} from './deploymentStrategy.js'
+
+describe('Deployment strategy type', () => {
+   test('it has required values', () => {
+      const vals = <any>Object.values(DeploymentStrategy)
+      expect(vals.includes('canary')).toBe(true)
+      expect(vals.includes('blue-green')).toBe(true)
+      expect(vals.includes('basic')).toBe(true)
+   })
+
+   test('it can parse valid values from a string', () => {
+      expect(parseDeploymentStrategy('blue-green')).toBe(
+         DeploymentStrategy.BLUE_GREEN
+      )
+      expect(parseDeploymentStrategy('Blue-green')).toBe(
+         DeploymentStrategy.BLUE_GREEN
+      )
+      expect(parseDeploymentStrategy('BLUE-GREEN')).toBe(
+         DeploymentStrategy.BLUE_GREEN
+      )
+      expect(parseDeploymentStrategy('blue-greeN')).toBe(
+         DeploymentStrategy.BLUE_GREEN
+      )
+   })
+})
@@ -0,0 +1,20 @@
+export enum DeploymentStrategy {
+   BASIC = 'basic',
+   CANARY = 'canary',
+   BLUE_GREEN = 'blue-green'
+}
+
+/**
+ * Converts a string to the DeploymentStrategy enum
+ * @param str The deployment strategy (case insensitive)
+ * @returns The DeploymentStrategy enum or undefined if it can't be parsed
+ */
+export const parseDeploymentStrategy = (
+   str: string
+): DeploymentStrategy | undefined =>
+   DeploymentStrategy[
+      Object.keys(DeploymentStrategy).filter(
+         (k) =>
+            DeploymentStrategy[k].toString().toLowerCase() === str.toLowerCase()
+      )[0] as keyof typeof DeploymentStrategy
+   ]
@@ -0,0 +1,101 @@
+import {vi} from 'vitest'
+vi.mock('@actions/exec')
+
+import {DockerExec} from './docker.js'
+import * as actions from '@actions/exec'
+
+const dockerPath = 'dockerPath'
+const image = 'image'
+const args = ['arg1', 'arg2', 'arg3']
+
+describe('Docker class', () => {
+   const docker = new DockerExec(dockerPath)
+
+   describe('with a success exec return', () => {
+      const execReturn = {exitCode: 0, stdout: 'Output', stderr: ''}
+
+      beforeEach(() => {
+         vi.spyOn(actions, 'getExecOutput').mockImplementation(async () => {
+            return execReturn
+         })
+      })
+
+      test('pulls an image', async () => {
+         await docker.pull(image, args)
+         expect(actions.getExecOutput).toHaveBeenCalledWith(
+            dockerPath,
+            ['pull', image, ...args],
+            {silent: false}
+         )
+      })
+
+      test('pulls an image silently', async () => {
+         await docker.pull(image, args, true)
+         expect(actions.getExecOutput).toHaveBeenCalledWith(
+            dockerPath,
+            ['pull', image, ...args],
+            {silent: true}
+         )
+      })
+
+      test('inspects a docker image', async () => {
+         const result = await docker.inspect(image, args)
+         expect(result).toBe(execReturn.stdout)
+         expect(actions.getExecOutput).toHaveBeenCalledWith(
+            dockerPath,
+            ['inspect', image, ...args],
+            {silent: false}
+         )
+      })
+
+      test('inspects a docker image silently', async () => {
+         const result = await docker.inspect(image, args, true)
+         expect(result).toBe(execReturn.stdout)
+         expect(actions.getExecOutput).toHaveBeenCalledWith(
+            dockerPath,
+            ['inspect', image, ...args],
+            {silent: true}
+         )
+      })
+   })
+
+   describe('with an unsuccessful exec return code', () => {
+      const execReturn = {exitCode: 3, stdout: '', stderr: ''}
+
+      beforeEach(() => {
+         vi.spyOn(actions, 'getExecOutput').mockImplementation(async () => {
+            return execReturn
+         })
+      })
+
+      test('pulls an image', async () => {
+         await expect(docker.pull(image, args)).rejects.toThrow()
+      })
+
+      test('inspects a docker image', async () => {
+         const result = await expect(
+            docker.inspect(image, args)
+         ).rejects.toThrow()
+      })
+   })
+
+   describe('with an unsuccessful exec return code', () => {
+      const execReturn = {exitCode: 0, stdout: '', stderr: 'Output'}
+
+      beforeEach(() => {
+         vi.spyOn(actions, 'getExecOutput').mockImplementation(async () => {
+            return execReturn
+         })
+      })
+
+      test('pulls an image', async () => {
+         await expect(docker.pull(image, args)).rejects.toThrow()
+      })
+
+      test('inspects a docker image', async () => {
+         const result = await expect(
+            docker.inspect(image, args)
+         ).rejects.toThrow()
+      })
+   })
+})
@@ -0,0 +1,32 @@
+import {getExecOutput} from '@actions/exec'
+
+export class DockerExec {
+   private readonly dockerPath: string
+
+   constructor(dockerPath: string) {
+      this.dockerPath = dockerPath
+   }
+
+   public async pull(image: string, args: string[], silent?: boolean) {
+      const result = await this.execute(['pull', image, ...args], silent)
+      if (result.stderr != '' || result.exitCode != 0) {
+         throw new Error(`docker images pull failed: ${result.stderr}`)
+      }
+   }
+
+   public async inspect(
+      image: string,
+      args: string[],
+      silent: boolean = false
+   ): Promise<string> {
+      const result = await this.execute(['inspect', image, ...args], silent)
+      if (result.stderr != '' || result.exitCode != 0)
+         throw new Error(`docker inspect failed: ${result.stderr}`)
+
+      return result.stdout
+   }
+
+   private async execute(args: string[], silent: boolean = false) {
+      return await getExecOutput(this.dockerPath, args, {silent})
+   }
+}
@@ -0,0 +1,48 @@
+export interface Succeeded<T> {
+   readonly succeeded: true
+   readonly result: T
+}
+
+export interface Failed {
+   readonly succeeded: false
+   readonly error: string
+}
+
+export type Errorable<T> = Succeeded<T> | Failed
+
+export function succeeded<T>(e: Errorable<T>): e is Succeeded<T> {
+   return e.succeeded
+}
+
+export function failed<T>(e: Errorable<T>): e is Failed {
+   return !e.succeeded
+}
+
+export function map<T, U>(e: Errorable<T>, fn: (t: T) => U): Errorable<U> {
+   if (failed(e)) {
+      return {succeeded: false, error: e.error}
+   }
+   return {succeeded: true, result: fn(e.result)}
+}
+
+export function combine<T>(es: Errorable<T>[]): Errorable<T[]> {
+   const failures = es.filter(failed)
+   if (failures.length > 0) {
+      return {
+         succeeded: false,
+         error: failures.map((f) => f.error).join('\n')
+      }
+   }
+
+   return {
+      succeeded: true,
+      result: es.map((e) => (e as Succeeded<T>).result)
+   }
+}
+
+export function getErrorMessage(error: unknown) {
+   if (error instanceof Error) {
+      return error.message
+   }
+   return String(error)
+}
@@ -0,0 +1,40 @@
+import * as core from '@actions/core'
+import {Octokit} from '@octokit/core'
+import {Endpoints} from '@octokit/types'
+import {retry} from '@octokit/plugin-retry'
+
+export const OkStatusCode = 200
+
+const RetryOctokit = Octokit.plugin(retry)
+const RETRY_COUNT = 5
+const requestUrl = 'GET /repos/{owner}/{repo}/actions/workflows'
+type responseType =
+   Endpoints['GET /repos/{owner}/{repo}/actions/workflows']['response']
+
+export class GitHubClient {
+   private readonly repository: string
+   private readonly token: string
+
+   constructor(repository: string, token: string) {
+      this.repository = repository
+      this.token = token
+   }
+
+   // prettier-ignore
+   public async getWorkflows(): Promise<responseType> {
+      const octokit = new RetryOctokit({
+         auth: this.token,
+         request: {retries: RETRY_COUNT},
+         baseUrl: process.env["GITHUB_API_URL"] || "https://api.github.com",
+      })
+      const [owner, repo] = this.repository.split('/')
+
+      core.debug(`Getting workflows for repo: ${this.repository}`)
+      return Promise.resolve(
+         await octokit.request(requestUrl, {
+            owner,
+            repo
+         })
+      )
+   }
+}
@@ -0,0 +1,59 @@
+export interface K8sObject {
+   metadata: {
+      name: string
+      labels: Map<string, string>
+      namespace?: string
+   }
+   kind: string
+   spec: any
+}
+
+export interface K8sServiceObject extends K8sObject {
+   spec: {
+      selector: Map<string, string>
+   }
+}
+
+export interface K8sDeleteObject {
+   name: string
+   kind: string
+   namespace?: string
+}
+
+export interface K8sIngress extends K8sObject {
+   spec: {
+      rules: [
+         {
+            http: {
+               paths: [
+                  {
+                     backend: {
+                        service: {
+                           name: string
+                        }
+                     }
+                  }
+               ]
+            }
+         }
+      ]
+   }
+}
+
+export interface TrafficSplitObject extends K8sObject {
+   apiVersion: string
+   metadata: {
+      name: string
+      labels: Map<string, string>
+      annotations: Map<string, string>
+   }
+   spec: {
+      service: string
+      backends: TrafficSplitBackend[]
+   }
+}
+
+export interface TrafficSplitBackend {
+   service: string
+   weight: number
+}
@@ -0,0 +1,728 @@
+import {vi} from 'vitest'
+vi.mock('@actions/exec')
+vi.mock('@actions/io')
+vi.mock('@actions/core')
+vi.mock('@actions/tool-cache')
+
+import {getKubectlPath, Kubectl} from './kubectl.js'
+import * as exec from '@actions/exec'
+import * as io from '@actions/io'
+import * as core from '@actions/core'
+import * as toolCache from '@actions/tool-cache'
+
+describe('Kubectl path', () => {
+   const version = '1.1'
+   const path = 'path'
+
+   it('gets the kubectl path', async () => {
+      vi.spyOn(core, 'getInput').mockImplementationOnce(() => '')
+      vi.spyOn(io, 'which').mockImplementationOnce(async () => path)
+
+      expect(await getKubectlPath()).toBe(path)
+   })
+
+   it('gets the kubectl path with version', async () => {
+      vi.spyOn(core, 'getInput').mockImplementationOnce(() => version)
+      vi.spyOn(toolCache, 'find').mockImplementationOnce(() => path)
+
+      expect(await getKubectlPath()).toBe(path)
+   })
+
+   it('throws if kubectl not found', async () => {
+      // without version
+      vi.spyOn(io, 'which').mockImplementationOnce(async () => '')
+      await expect(() => getKubectlPath()).rejects.toThrow()
+
+      // with verision
+      vi.spyOn(core, 'getInput').mockImplementationOnce(() => '')
+      vi.spyOn(io, 'which').mockImplementationOnce(async () => '')
+      await expect(() => getKubectlPath()).rejects.toThrow()
+   })
+})
+
+const kubectlPath = 'kubectlPath'
+const testNamespace = 'testNamespace'
+const defaultNamespace = 'default'
+const otherNamespace = 'otherns'
+const TEST_TIMEOUT = '120s'
+
+describe('Kubectl class', () => {
+   describe('with a success exec return in testNamespace', () => {
+      const kubectl = new Kubectl(kubectlPath, testNamespace)
+      const mockExecReturn = {exitCode: 0, stdout: 'Output', stderr: ''}
+
+      beforeEach(() => {
+         vi.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
+            return mockExecReturn
+         })
+      })
+
+      it('applies a configuration with a single config path', async () => {
+         const configPaths = 'configPaths'
+         const result = await kubectl.apply(configPaths)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            ['apply', '-f', configPaths, '--namespace', testNamespace],
+            {silent: false}
+         )
+      })
+
+      it('applies a configuration with multiple config paths', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(configPaths)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('applies a configuration with force when specified', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(configPaths, true)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               '--force',
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('applies a configuration with server-side when specified', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(configPaths, false, true)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               '--server-side',
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('applies a configuration with both force and server-side when specified', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(configPaths, true, true)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               '--force',
+               '--server-side',
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('applies a configuration with timeout when specified', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(
+            configPaths,
+            false,
+            false,
+            TEST_TIMEOUT
+         )
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               `--timeout=${TEST_TIMEOUT}`,
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('applies a configuration with force and timeout when specified', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(
+            configPaths,
+            true,
+            false,
+            TEST_TIMEOUT
+         )
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               '--force',
+               `--timeout=${TEST_TIMEOUT}`,
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('applies a configuration with server-side and timeout when specified', async () => {
+         const configPaths = ['configPath1', 'configPath2', 'configPath3']
+         const result = await kubectl.apply(
+            configPaths,
+            false,
+            true,
+            TEST_TIMEOUT
+         )
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'apply',
+               '-f',
+               configPaths[0] + ',' + configPaths[1] + ',' + configPaths[2],
+               '--server-side',
+               `--timeout=${TEST_TIMEOUT}`,
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('describes a resource', async () => {
+         const resourceType = 'type'
+         const resourceName = 'name'
+         const result = await kubectl.describe(resourceType, resourceName)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'describe',
+               resourceType,
+               resourceName,
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+
+         // overrided ns
+         const silent = false
+         await kubectl.describe(
+            resourceType,
+            resourceName,
+            silent,
+            otherNamespace
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'describe',
+               resourceType,
+               resourceName,
+               '--namespace',
+               otherNamespace
+            ],
+            {silent}
+         )
+      })
+
+      it('describes a resource silently', async () => {
+         const resourceType = 'type'
+         const resourceName = 'name'
+         const result = await kubectl.describe(resourceType, resourceName, true)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'describe',
+               resourceType,
+               resourceName,
+               '--namespace',
+               testNamespace
+            ],
+            {silent: true}
+         )
+
+         // overrided ns
+         const silent = false
+         await kubectl.describe(
+            resourceType,
+            resourceName,
+            silent,
+            otherNamespace
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'describe',
+               resourceType,
+               resourceName,
+               '--namespace',
+               otherNamespace
+            ],
+            {silent}
+         )
+      })
+
+      it('annotates resource', async () => {
+         const resourceType = 'type'
+         const resourceName = 'name'
+         const annotation = 'annotation'
+         const result = await kubectl.annotate(
+            resourceType,
+            resourceName,
+            annotation
+         )
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'annotate',
+               resourceType,
+               resourceName,
+               annotation,
+               '--overwrite',
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+
+         // override ns
+         await kubectl.annotate(
+            resourceType,
+            resourceName,
+            annotation,
+            otherNamespace
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'annotate',
+               resourceType,
+               resourceName,
+               annotation,
+               '--overwrite',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('annotates files with single file', async () => {
+         const file = 'file'
+         const annotation = 'annotation'
+         const result = await kubectl.annotateFiles(file, annotation)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'annotate',
+               '-f',
+               file,
+               annotation,
+               '--overwrite',
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+
+         // override ns
+         await kubectl.annotateFiles(file, annotation, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'annotate',
+               '-f',
+               file,
+               annotation,
+               '--overwrite',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('annotates files with mulitple files', async () => {
+         const files = ['file1', 'file2', 'file3']
+         const annotation = 'annotation'
+         const result = await kubectl.annotateFiles(files, annotation)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'annotate',
+               '-f',
+               files.join(','),
+               annotation,
+               '--overwrite',
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+
+         // override ns
+         await kubectl.annotateFiles(files, annotation, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'annotate',
+               '-f',
+               files.join(','),
+               annotation,
+               '--overwrite',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('labels files with single file', async () => {
+         const file = 'file'
+         const labels = ['label1', 'label2']
+         const result = await kubectl.labelFiles(file, labels)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'label',
+               '-f',
+               file,
+               ...labels,
+               '--overwrite',
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+
+         await kubectl.labelFiles(file, labels, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'label',
+               '-f',
+               file,
+               ...labels,
+               '--overwrite',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('labels files with multiple files', async () => {
+         const files = ['file1', 'file2', 'file3']
+         const labels = ['label1', 'label2']
+         const result = await kubectl.labelFiles(files, labels)
+         expect(result).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'label',
+               '-f',
+               files.join(','),
+               ...labels,
+               '--overwrite',
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+
+         await kubectl.labelFiles(files, labels, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'label',
+               '-f',
+               files.join(','),
+               ...labels,
+               '--overwrite',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
+      })
+
+      it('gets all pods', async () => {
+         expect(await kubectl.getAllPods()).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            ['get', 'pods', '-o', 'json', '--namespace', testNamespace],
+            {silent: true}
+         )
+      })
+
+      it('checks rollout status', async () => {
+         const resourceType = 'type'
+         const name = 'name'
+         expect(await kubectl.checkRolloutStatus(resourceType, name)).toBe(
+            mockExecReturn
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'rollout',
+               'status',
+               `${resourceType}/${name}`,
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+
+         // override ns
+         await kubectl.checkRolloutStatus(resourceType, name, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'rollout',
+               'status',
+               `${resourceType}/${name}`,
+               '--namespace',
+               otherNamespace
+            ],
+            {silent: false}
+         )
+
+         // with timeout
+         await kubectl.checkRolloutStatus(
+            resourceType,
+            name,
+            testNamespace,
+            '5m'
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'rollout',
+               'status',
+               `${resourceType}/${name}`,
+               '--namespace',
+               testNamespace,
+               '--timeout=5m'
+            ],
+            {silent: false}
+         )
+      })
+
+      it('gets resource', async () => {
+         const resourceType = 'type'
+         const name = 'name'
+         expect(await kubectl.getResource(resourceType, name)).toBe(
+            mockExecReturn
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'get',
+               `${resourceType}/${name}`,
+               '-o',
+               'json',
+               '--namespace',
+               testNamespace
+            ],
+            {silent: false}
+         )
+
+         // override ns
+         const silent = true
+         await kubectl.getResource(resourceType, name, silent, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [
+               'get',
+               `${resourceType}/${name}`,
+               '-o',
+               'json',
+               '--namespace',
+               otherNamespace
+            ],
+            {silent}
+         )
+      })
+
+      it('executes a command', async () => {
+         // no args
+         const command = 'command'
+         expect(await kubectl.executeCommand(command)).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [command, '--namespace', testNamespace],
+            {silent: false}
+         )
+
+         // with args
+         const args = 'args'
+         expect(await kubectl.executeCommand(command, args)).toBe(
+            mockExecReturn
+         )
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            [command, args, '--namespace', testNamespace],
+            {silent: false}
+         )
+      })
+
+      it('deletes with single argument', async () => {
+         const arg = 'argument'
+         expect(await kubectl.delete(arg)).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            ['delete', arg, '--namespace', testNamespace],
+            {silent: false}
+         )
+
+         // override ns
+         await kubectl.delete(arg, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            ['delete', arg, '--namespace', otherNamespace],
+            {silent: false}
+         )
+      })
+
+      it('deletes with multiple arguments', async () => {
+         const args = ['argument1', 'argument2', 'argument3']
+         expect(await kubectl.delete(args)).toBe(mockExecReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            ['delete', ...args, '--namespace', testNamespace],
+            {silent: false}
+         )
+
+         // override ns
+         await kubectl.delete(args, otherNamespace)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            ['delete', ...args, '--namespace', otherNamespace],
+            {silent: false}
+         )
+      })
+   })
+
+   it('gets new replica sets', async () => {
+      const kubectl = new Kubectl(kubectlPath, testNamespace)
+
+      const newReplicaSetName = 'newreplicaset'
+      const name = 'name'
+      const describeReturn = {
+         exitCode: 0,
+         stdout: newReplicaSetName + name + ' ' + 'extra',
+         stderr: ''
+      }
+
+      vi.spyOn(exec, 'getExecOutput').mockImplementationOnce(async () => {
+         return describeReturn
+      })
+
+      const deployment = 'deployment'
+      const result = await kubectl.getNewReplicaSet(deployment)
+      expect(result).toBe(name)
+   })
+
+   it('executes with constructor flags', async () => {
+      const skipTls = true
+      const kubectl = new Kubectl(kubectlPath, testNamespace, skipTls)
+
+      vi.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
+         return {exitCode: 0, stderr: '', stdout: ''}
+      })
+
+      const command = 'command'
+      kubectl.executeCommand(command)
+      expect(exec.getExecOutput).toHaveBeenCalledWith(
+         kubectlPath,
+         [command, '--insecure-skip-tls-verify', '--namespace', testNamespace],
+         {silent: false}
+      )
+
+      const kubectlNoFlags = new Kubectl(kubectlPath)
+      kubectlNoFlags.executeCommand(command)
+      expect(exec.getExecOutput).toHaveBeenCalledWith(kubectlPath, [command], {
+         silent: false
+      })
+   })
+})
+
+describe('Kubectl namespace handling', () => {
+   const kubectlPath = 'kubectlPath'
+   const testNamespace = 'testNamespace'
+   const configPaths = 'configPaths'
+   const execReturn = {exitCode: 0, stdout: 'Output', stderr: ''}
+
+   beforeEach(() => {
+      vi.spyOn(exec, 'getExecOutput').mockResolvedValue(execReturn)
+   })
+
+   const runApply = async (namespace?: string) => {
+      const kubectl = new Kubectl(kubectlPath, namespace)
+      return kubectl.apply(configPaths)
+   }
+
+   it.each([
+      {
+         namespace: undefined,
+         expectedArgs: ['apply', '-f', configPaths],
+         description: 'namespace omitted'
+      },
+      {
+         namespace: '',
+         expectedArgs: ['apply', '-f', configPaths],
+         description: 'namespace is an empty string (default namespace)'
+      },
+      {
+         namespace: testNamespace,
+         expectedArgs: [
+            'apply',
+            '-f',
+            configPaths,
+            '--namespace',
+            testNamespace
+         ],
+         description: 'namespace provided'
+      }
+   ])(
+      'handles namespace when $description',
+      async ({namespace, expectedArgs}) => {
+         const result = await runApply(namespace)
+         expect(result).toBe(execReturn)
+         expect(exec.getExecOutput).toHaveBeenCalledWith(
+            kubectlPath,
+            expectedArgs,
+            {silent: false}
+         )
+      }
+   )
+})
@@ -0,0 +1,271 @@
+import {ExecOutput, getExecOutput} from '@actions/exec'
+import {createInlineArray} from '../utilities/arrayUtils.js'
+import * as core from '@actions/core'
+import * as toolCache from '@actions/tool-cache'
+import * as io from '@actions/io'
+
+export interface Resource {
+   name: string
+   type: string
+   namespace?: string
+}
+
+export class Kubectl {
+   protected readonly kubectlPath: string
+   protected readonly namespace: string
+   protected readonly ignoreSSLErrors: boolean
+   protected readonly resourceGroup: string
+   protected readonly name: string
+   protected isPrivateCluster: boolean
+
+   constructor(
+      kubectlPath: string,
+      namespace: string = '',
+      ignoreSSLErrors: boolean = false,
+      resourceGroup: string = '',
+      name: string = ''
+   ) {
+      this.kubectlPath = kubectlPath
+      this.ignoreSSLErrors = !!ignoreSSLErrors
+      this.namespace = namespace
+      this.resourceGroup = resourceGroup
+      this.name = name
+   }
+
+   public async apply(
+      configurationPaths: string | string[],
+      force: boolean = false,
+      serverSide: boolean = false,
+      timeout?: string
+   ): Promise<ExecOutput> {
+      try {
+         if (!configurationPaths || configurationPaths?.length === 0)
+            throw Error('Configuration paths must exist')
+
+         const applyArgs: string[] = [
+            'apply',
+            '-f',
+            createInlineArray(configurationPaths)
+         ]
+         if (force) applyArgs.push('--force')
+         if (serverSide) applyArgs.push('--server-side')
+         if (timeout) applyArgs.push(`--timeout=${timeout}`)
+
+         return await this.execute(applyArgs.concat(this.getFlags()))
+      } catch (err) {
+         core.debug('Kubectl apply failed:' + err)
+         throw err
+      }
+   }
+
+   public async describe(
+      resourceType: string,
+      resourceName: string,
+      silent: boolean = false,
+      namespace?: string
+   ): Promise<ExecOutput> {
+      return await this.execute(
+         ['describe', resourceType, resourceName].concat(
+            this.getFlags(namespace)
+         ),
+         silent
+      )
+   }
+
+   public async getNewReplicaSet(deployment: string, namespace?: string) {
+      const result = await this.describe(
+         'deployment',
+         deployment,
+         true,
+         namespace
+      )
+
+      let newReplicaSet = ''
+      if (result?.stdout) {
+         const stdout = result.stdout.split('\n')
+         core.debug('stdout from getNewReplicaSet is ' + JSON.stringify(stdout))
+         stdout.forEach((line: string) => {
+            const newreplicaset = 'newreplicaset'
+            if (line && line.toLowerCase().indexOf(newreplicaset) > -1) {
+               core.debug(
+                  `found string of interest for replicaset, line is ${line}`
+               )
+               core.debug(
+                  `substring is ${line.substring(newreplicaset.length).trim()}`
+               )
+               newReplicaSet = line
+                  .substring(newreplicaset.length)
+                  .trim()
+                  .split(' ')[0]
+            }
+         })
+      }
+
+      return newReplicaSet
+   }
+
+   public async annotate(
+      resourceType: string,
+      resourceName: string,
+      annotation: string,
+      namespace?: string
+   ): Promise<ExecOutput> {
+      const args = [
+         'annotate',
+         resourceType,
+         resourceName,
+         annotation,
+         '--overwrite'
+      ].concat(this.getFlags(namespace))
+      return await this.execute(args)
+   }
+
+   public async annotateFiles(
+      files: string | string[],
+      annotation: string,
+      namespace?: string
+   ): Promise<ExecOutput> {
+      const filesToAnnotate = createInlineArray(files)
+      core.debug(`annotating ${filesToAnnotate} with annotation ${annotation}`)
+      const args = [
+         'annotate',
+         '-f',
+         filesToAnnotate,
+         annotation,
+         '--overwrite'
+      ].concat(this.getFlags(namespace))
+      return await this.execute(args)
+   }
+
+   public async labelFiles(
+      files: string | string[],
+      labels: string[],
+      namespace?: string
+   ): Promise<ExecOutput> {
+      const args = [
+         'label',
+         '-f',
+         createInlineArray(files),
+         ...labels,
+         '--overwrite'
+      ].concat(this.getFlags(namespace))
+      return await this.execute(args)
+   }
+
+   public async getAllPods(): Promise<ExecOutput> {
+      return await this.execute(
+         ['get', 'pods', '-o', 'json'].concat(this.getFlags()),
+         true
+      )
+   }
+
+   public async checkRolloutStatus(
+      resourceType: string,
+      name: string,
+      namespace?: string,
+      timeout?: string
+   ): Promise<ExecOutput> {
+      const command = ['rollout', 'status', `${resourceType}/${name}`].concat(
+         this.getFlags(namespace)
+      )
+      if (timeout) {
+         command.push(`--timeout=${timeout}`)
+      }
+      return await this.execute(command)
+   }
+
+   public async getResource(
+      resourceType: string,
+      name: string,
+      silentFailure: boolean = false,
+      namespace?: string
+   ): Promise<ExecOutput> {
+      core.debug(
+         'fetching resource of type ' + resourceType + ' and name ' + name
+      )
+      return await this.execute(
+         ['get', `${resourceType}/${name}`, '-o', 'json'].concat(
+            this.getFlags(namespace)
+         ),
+         silentFailure
+      )
+   }
+
+   public executeCommand(command: string, args?: string, timeout?: string) {
+      if (!command) throw new Error('Command must be defined')
+      const a = args ? [args] : []
+      return this.execute(
+         [command, ...a.concat(this.getFlags())],
+         false,
+         timeout
+      )
+   }
+
+   public delete(
+      args: string | string[],
+      namespace?: string,
+      timeout?: string
+   ) {
+      if (typeof args === 'string')
+         return this.execute(
+            ['delete', args].concat(this.getFlags(namespace)),
+            false,
+            timeout
+         )
+      return this.execute(
+         ['delete', ...args.concat(this.getFlags(namespace))],
+         false,
+         timeout
+      )
+   }
+
+   protected async execute(
+      args: string[],
+      silent: boolean = false,
+      timeout?: string
+   ) {
+      if (timeout) {
+         args.push(`--timeout=${timeout}`)
+      }
+
+      // core.debug(`Kubectl run with command: ${this.kubectlPath} ${args}`)
+      core.debug(
+         `Kubectl run with command: ${this.kubectlPath} ${args.join(' ')}`
+      )
+
+      return await getExecOutput(this.kubectlPath, args, {
+         silent
+      })
+   }
+
+   public getNamespace(namespaceOverride?: string): string {
+      return namespaceOverride || this.namespace
+   }
+
+   protected getFlags(namespaceOverride?: string): string[] {
+      const flags = []
+      if (this.ignoreSSLErrors) {
+         flags.push('--insecure-skip-tls-verify')
+      }
+
+      const ns = this.getNamespace(namespaceOverride)
+      if (ns) {
+         flags.push('--namespace', ns)
+      }
+
+      return flags
+   }
+}
+
+export async function getKubectlPath() {
+   const version = core.getInput('kubectl-version')
+   const kubectlPath = version
+      ? toolCache.find('kubectl', version)
+      : await io.which('kubectl', true)
+   if (!kubectlPath)
+      throw Error(
+         'kubectl not found. You must install it before running this action'
+      )
+
+   return kubectlPath
+}
@@ -0,0 +1,119 @@
+import {
+   DEPLOYMENT_TYPES,
+   DiscoveryAndLoadBalancerResource,
+   isDeploymentEntity,
+   isIngressEntity,
+   isServiceEntity,
+   isWorkloadEntity,
+   KubernetesWorkload,
+   ResourceKindNotDefinedError,
+   ServiceTypes,
+   WORKLOAD_TYPES,
+   WORKLOAD_TYPES_WITH_ROLLOUT_STATUS
+} from './kubernetesTypes.js'
+
+describe('Kubernetes types', () => {
+   it('contains kubernetes workloads', () => {
+      expect(KubernetesWorkload.POD).toBe('Pod')
+      expect(KubernetesWorkload.REPLICASET).toBe('Replicaset')
+      expect(KubernetesWorkload.DEPLOYMENT).toBe('Deployment')
+      expect(KubernetesWorkload.STATEFUL_SET).toBe('StatefulSet')
+      expect(KubernetesWorkload.DAEMON_SET).toBe('DaemonSet')
+      expect(KubernetesWorkload.JOB).toBe('job')
+      expect(KubernetesWorkload.CRON_JOB).toBe('cronjob')
+      expect(KubernetesWorkload.SCALED_JOB).toBe('scaledjob')
+   })
+
+   it('contains discovery and load balancer resources', () => {
+      expect(DiscoveryAndLoadBalancerResource.SERVICE).toBe('service')
+      expect(DiscoveryAndLoadBalancerResource.INGRESS).toBe('ingress')
+   })
+
+   it('contains service types', () => {
+      expect(ServiceTypes.LOAD_BALANCER).toBe('LoadBalancer')
+      expect(ServiceTypes.NODE_PORT).toBe('NodePort')
+      expect(ServiceTypes.CLUSTER_IP).toBe('ClusterIP')
+   })
+
+   it('contains deployment types', () => {
+      const expected = [
+         'deployment',
+         'replicaset',
+         'daemonset',
+         'pod',
+         'statefulset'
+      ]
+      expect(expected.every((val) => DEPLOYMENT_TYPES.includes(val))).toBe(true)
+   })
+
+   it('contains workload types', () => {
+      const expected = [
+         'deployment',
+         'replicaset',
+         'daemonset',
+         'pod',
+         'statefulset',
+         'job',
+         'cronjob',
+         'scaledjob'
+      ]
+      expect(expected.every((val) => WORKLOAD_TYPES.includes(val))).toBe(true)
+   })
+
+   it('contains workload types with rollout status', () => {
+      const expected = ['deployment', 'daemonset', 'statefulset']
+      expect(
+         expected.every((val) =>
+            WORKLOAD_TYPES_WITH_ROLLOUT_STATUS.includes(val)
+         )
+      ).toBe(true)
+   })
+
+   it('checks if kind is deployment entity', () => {
+      // throws on no kind
+      expect(() => isDeploymentEntity(undefined)).toThrow(
+         ResourceKindNotDefinedError
+      )
+
+      expect(isDeploymentEntity('deployment')).toBe(true)
+      expect(isDeploymentEntity('Deployment')).toBe(true)
+      expect(isDeploymentEntity('deploymenT')).toBe(true)
+      expect(isDeploymentEntity('DEPLOYMENT')).toBe(true)
+   })
+
+   it('checks if kind is workload entity', () => {
+      // throws on no kind
+      expect(() => isWorkloadEntity(undefined)).toThrow(
+         ResourceKindNotDefinedError
+      )
+
+      expect(isWorkloadEntity('deployment')).toBe(true)
+      expect(isWorkloadEntity('Deployment')).toBe(true)
+      expect(isWorkloadEntity('deploymenT')).toBe(true)
+      expect(isWorkloadEntity('DEPLOYMENT')).toBe(true)
+   })
+
+   it('checks if kind is service entity', () => {
+      // throws on no kind
+      expect(() => isServiceEntity(undefined)).toThrow(
+         ResourceKindNotDefinedError
+      )
+
+      expect(isServiceEntity('service')).toBe(true)
+      expect(isServiceEntity('Service')).toBe(true)
+      expect(isServiceEntity('servicE')).toBe(true)
+      expect(isServiceEntity('SERVICE')).toBe(true)
+   })
+
+   it('checks if kind is ingress entity', () => {
+      // throws on no kind
+      expect(() => isIngressEntity(undefined)).toThrow(
+         ResourceKindNotDefinedError
+      )
+
+      expect(isIngressEntity('ingress')).toBe(true)
+      expect(isIngressEntity('Ingress')).toBe(true)
+      expect(isIngressEntity('ingresS')).toBe(true)
+      expect(isIngressEntity('INGRESS')).toBe(true)
+   })
+})
@@ -0,0 +1,83 @@
+export class KubernetesWorkload {
+   public static POD: string = 'Pod'
+   public static REPLICASET: string = 'Replicaset'
+   public static DEPLOYMENT: string = 'Deployment'
+   public static STATEFUL_SET: string = 'StatefulSet'
+   public static DAEMON_SET: string = 'DaemonSet'
+   public static JOB: string = 'job'
+   public static CRON_JOB: string = 'cronjob'
+   public static SCALED_JOB: string = 'scaledjob'
+}
+
+export class DiscoveryAndLoadBalancerResource {
+   public static SERVICE: string = 'service'
+   public static INGRESS: string = 'ingress'
+}
+
+export class ServiceTypes {
+   public static LOAD_BALANCER: string = 'LoadBalancer'
+   public static NODE_PORT: string = 'NodePort'
+   public static CLUSTER_IP: string = 'ClusterIP'
+}
+
+export const DEPLOYMENT_TYPES: string[] = [
+   'deployment',
+   'replicaset',
+   'daemonset',
+   'pod',
+   'statefulset'
+]
+
+export const WORKLOAD_TYPES: string[] = [
+   'deployment',
+   'replicaset',
+   'daemonset',
+   'pod',
+   'statefulset',
+   'job',
+   'cronjob',
+   'scaledjob'
+]
+
+export const WORKLOAD_TYPES_WITH_ROLLOUT_STATUS: string[] = [
+   'deployment',
+   'daemonset',
+   'statefulset'
+]
+
+export function isDeploymentEntity(kind: string): boolean {
+   if (!kind) throw ResourceKindNotDefinedError
+
+   return DEPLOYMENT_TYPES.some((type: string) => {
+      return type.toLowerCase() === kind.toLowerCase()
+   })
+}
+
+export function isWorkloadEntity(kind: string): boolean {
+   if (!kind) throw ResourceKindNotDefinedError
+
+   return WORKLOAD_TYPES.some(
+      (type: string) => type.toLowerCase() === kind.toLowerCase()
+   )
+}
+
+export function isServiceEntity(kind: string): boolean {
+   if (!kind) throw ResourceKindNotDefinedError
+
+   return 'service' === kind.toLowerCase()
+}
+
+export function isIngressEntity(kind: string): boolean {
+   if (!kind) throw ResourceKindNotDefinedError
+
+   return 'ingress' === kind.toLowerCase()
+}
+
+export const ResourceKindNotDefinedError = Error('Resource kind not defined')
+export const NullInputObjectError = Error('Null inputObject')
+export const InputObjectKindNotDefinedError = Error(
+   'Input object kind not defined'
+)
+export const InputObjectMetadataNotDefinedError = Error(
+   'Input object metatada not defined'
+)
@@ -0,0 +1,64 @@
+import {vi} from 'vitest'
+vi.mock('@actions/exec')
+
+import * as fileUtils from '../utilities/fileUtils.js'
+import fs from 'node:fs'
+import {
+   PrivateKubectl,
+   extractFileNames,
+   replaceFileNamesWithShallowNamesRelativeToTemp
+} from './privatekubectl.js'
+import * as exec from '@actions/exec'
+
+describe('Private kubectl', () => {
+   const testString = `kubectl annotate -f /tmp/testdir/test.yml,/tmp/test2.yml,/tmp/testdir/subdir/test3.yml -f /tmp/test4.yml --filename /tmp/test5.yml actions.github.com/k8s-deploy={"run":"3498366832","repository":"jaiveerk/k8s-deploy","workflow":"Minikube Integration Tests - private cluster","workflowFileName":"run-integration-tests-private.yml","jobName":"run-integration-test","createdBy":"jaiveerk","runUri":"https://github.com/jaiveerk/k8s-deploy/actions/runs/3498366832","commit":"c63b323186ea1320a31290de6dcc094c06385e75","lastSuccessRunCommit":"NA","branch":"refs/heads/main","deployTimestamp":1668787848577,"dockerfilePaths":{"nginx:1.14.2":""},"manifestsPaths":["https://github.com/jaiveerk/k8s-deploy/blob/c63b323186ea1320a31290de6dcc094c06385e75/test/integration/test.yml"],"helmChartPaths":[],"provider":"GitHub"} --overwrite --namespace test-3498366832`
+   const mockKube = new PrivateKubectl(
+      'kubectlPath',
+      'namespace',
+      true,
+      'resourceGroup',
+      'resourceName'
+   )
+
+   const spy = vi
+      .spyOn(fileUtils, 'getTempDirectory')
+      .mockImplementation(() => {
+         return '/tmp'
+      })
+
+   vi.spyOn(fs, 'writeFileSync').mockImplementation(() => {})
+   vi.spyOn(fs, 'readFileSync').mockImplementation((filename) => {
+      return 'test contents'
+   })
+
+   it('should extract filenames correctly', () => {
+      expect(extractFileNames(testString)).toEqual([
+         '/tmp/testdir/test.yml',
+         '/tmp/test2.yml',
+         '/tmp/testdir/subdir/test3.yml',
+         '/tmp/test4.yml',
+         '/tmp/test5.yml'
+      ])
+   })
+
+   it('should replace filenames with shallow names for relative locations in tmp correctly', () => {
+      expect(
+         replaceFileNamesWithShallowNamesRelativeToTemp(testString)
+      ).toEqual(
+         `kubectl annotate -f testdir-test.yml,test2.yml,testdir-subdir-test3.yml -f test4.yml --filename test5.yml actions.github.com/k8s-deploy={"run":"3498366832","repository":"jaiveerk/k8s-deploy","workflow":"Minikube Integration Tests - private cluster","workflowFileName":"run-integration-tests-private.yml","jobName":"run-integration-test","createdBy":"jaiveerk","runUri":"https://github.com/jaiveerk/k8s-deploy/actions/runs/3498366832","commit":"c63b323186ea1320a31290de6dcc094c06385e75","lastSuccessRunCommit":"NA","branch":"refs/heads/main","deployTimestamp":1668787848577,"dockerfilePaths":{"nginx:1.14.2":""},"manifestsPaths":["https://github.com/jaiveerk/k8s-deploy/blob/c63b323186ea1320a31290de6dcc094c06385e75/test/integration/test.yml"],"helmChartPaths":[],"provider":"GitHub"} --overwrite --namespace test-3498366832`
+      )
+   })
+
+   test('Should throw well defined Error on error from Azure', async () => {
+      const errorMsg = 'An error message'
+      vi.spyOn(exec, 'getExecOutput').mockImplementation(async () => {
+         return {exitCode: 1, stdout: '', stderr: errorMsg}
+      })
+
+      await expect(mockKube.executeCommand('az', 'test')).rejects.toThrow(
+         Error(
+            `Call to private cluster failed. Command: 'kubectl az test --insecure-skip-tls-verify --namespace namespace', errormessage: ${errorMsg}`
+         )
+      )
+   })
+})
@@ -0,0 +1,169 @@
+import {Kubectl} from './kubectl.js'
+import minimist from 'minimist'
+import {ExecOptions, ExecOutput, getExecOutput} from '@actions/exec'
+import * as core from '@actions/core'
+import fs from 'node:fs'
+import * as path from 'path'
+import {getTempDirectory} from '../utilities/fileUtils.js'
+
+export class PrivateKubectl extends Kubectl {
+   protected async execute(args: string[], silent: boolean = false) {
+      args.unshift('kubectl')
+      let kubectlCmd = args.join(' ')
+      let addFileFlag = false
+      let eo = <ExecOptions>{
+         silent: true,
+         failOnStdErr: false,
+         ignoreReturnCode: true
+      }
+
+      if (this.containsFilenames(kubectlCmd)) {
+         kubectlCmd = replaceFileNamesWithShallowNamesRelativeToTemp(kubectlCmd)
+         addFileFlag = true
+      }
+
+      if (this.resourceGroup === '') {
+         throw Error('Resource group must be specified for private cluster')
+      }
+      if (this.name === '') {
+         throw Error('Cluster name must be specified for private cluster')
+      }
+
+      const privateClusterArgs = [
+         'aks',
+         'command',
+         'invoke',
+         '--resource-group',
+         this.resourceGroup,
+         '--name',
+         this.name,
+         '--command',
+         `${kubectlCmd}`
+      ]
+
+      if (addFileFlag) {
+         const tempDirectory = getTempDirectory()
+         eo.cwd = path.join(tempDirectory, 'manifests')
+         privateClusterArgs.push(...['--file', '.'])
+      }
+
+      core.debug(
+         `private cluster Kubectl run with invoke command: ${kubectlCmd}`
+      )
+
+      const allArgs = [...privateClusterArgs, '-o', 'json']
+      core.debug(`full form of az command: az ${allArgs.join(' ')}`)
+      const runOutput = await getExecOutput('az', allArgs, eo)
+      core.debug(
+         `from kubectl private cluster command got run output ${JSON.stringify(
+            runOutput
+         )}`
+      )
+
+      if (runOutput.exitCode !== 0) {
+         throw Error(
+            `Call to private cluster failed. Command: '${kubectlCmd}', errormessage: ${runOutput.stderr}`
+         )
+      }
+
+      const runObj: {logs: string; exitCode: number} = JSON.parse(
+         runOutput.stdout
+      )
+      if (!silent) core.info(runObj.logs)
+      if (runObj.exitCode !== 0) {
+         throw Error(`failed private cluster Kubectl command: ${kubectlCmd}`)
+      }
+
+      return {
+         exitCode: runObj.exitCode,
+         stdout: runObj.logs,
+         stderr: ''
+      } as ExecOutput
+   }
+
+   private containsFilenames(str: string) {
+      return str.includes('-f ') || str.includes('filename ')
+   }
+}
+
+function createTempManifestsDirectory(): string {
+   const manifestsDirPath = path.join(getTempDirectory(), 'manifests')
+   if (!fs.existsSync(manifestsDirPath)) {
+      fs.mkdirSync(manifestsDirPath, {recursive: true})
+   }
+
+   return manifestsDirPath
+}
+
+export function replaceFileNamesWithShallowNamesRelativeToTemp(
+   kubectlCmd: string
+) {
+   let filenames = extractFileNames(kubectlCmd)
+   core.debug(`filenames originally provided in kubectl command: ${filenames}`)
+   let relativeShallowNames = filenames.map((filename) => {
+      const relativeName = path.relative(getTempDirectory(), filename)
+
+      const relativePathElements = relativeName.split(path.sep)
+
+      const shallowName = relativePathElements.join('-')
+
+      // make manifests dir in temp if it doesn't already exist
+      const manifestsTempDir = createTempManifestsDirectory()
+
+      const shallowPath = path.join(manifestsTempDir, shallowName)
+      core.debug(
+         `moving contents from ${filename} to shallow location at ${shallowPath}`
+      )
+
+      core.debug(`reading contents from ${filename}`)
+      const contents = fs.readFileSync(filename).toString()
+
+      core.debug(`writing contents to new path ${shallowPath}`)
+      fs.writeFileSync(shallowPath, contents)
+
+      return shallowName
+   })
+
+   let result = kubectlCmd
+   if (filenames.length != relativeShallowNames.length) {
+      throw Error(
+         'replacing filenames with relative path from temp dir, ' +
+            filenames.length +
+            ' filenames != ' +
+            relativeShallowNames.length +
+            'basenames'
+      )
+   }
+   for (let index = 0; index < filenames.length; index++) {
+      result = result.replace(filenames[index], relativeShallowNames[index])
+   }
+   return result
+}
+
+export function extractFileNames(strToParse: string) {
+   const fileNames: string[] = []
+   const argv = minimist(strToParse.split(' '))
+   const fArg = 'f'
+   const filenameArg = 'filename'
+
+   fileNames.push(...extractFilesFromMinimist(argv, fArg))
+   fileNames.push(...extractFilesFromMinimist(argv, filenameArg))
+
+   return fileNames
+}
+
+export function extractFilesFromMinimist(argv, arg: string): string[] {
+   if (!argv[arg]) {
+      return []
+   }
+   const toReturn: string[] = []
+   if (typeof argv[arg] === 'string') {
+      toReturn.push(...argv[arg].split(','))
+   } else {
+      for (const value of argv[arg] as string[]) {
+         toReturn.push(...value.split(','))
+      }
+   }
+
+   return toReturn
+}
@@ -0,0 +1,22 @@
+import {parseRouteStrategy, RouteStrategy} from './routeStrategy.js'
+
+describe('Route strategy type', () => {
+   test('it has required values', () => {
+      const vals = <any>Object.values(RouteStrategy)
+      expect(vals.includes('ingress')).toBe(true)
+      expect(vals.includes('smi')).toBe(true)
+      expect(vals.includes('service')).toBe(true)
+   })
+
+   test('it can parse valid values from a string', () => {
+      expect(parseRouteStrategy('ingress')).toBe(RouteStrategy.INGRESS)
+      expect(parseRouteStrategy('Ingress')).toBe(RouteStrategy.INGRESS)
+      expect(parseRouteStrategy('ingresS')).toBe(RouteStrategy.INGRESS)
+      expect(parseRouteStrategy('INGRESS')).toBe(RouteStrategy.INGRESS)
+   })
+
+   test("it will return undefined if it can't parse values from a string", () => {
+      expect(parseRouteStrategy('invalid')).toBe(undefined)
+      expect(parseRouteStrategy('unsupportedType')).toBe(undefined)
+   })
+})
@@ -0,0 +1,12 @@
+export enum RouteStrategy {
+   INGRESS = 'ingress',
+   SMI = 'smi',
+   SERVICE = 'service'
+}
+
+export const parseRouteStrategy = (str: string): RouteStrategy | undefined =>
+   RouteStrategy[
+      Object.keys(RouteStrategy).filter(
+         (k) => RouteStrategy[k].toString().toLowerCase() === str.toLowerCase()
+      )[0] as keyof typeof RouteStrategy
+   ]
@@ -0,0 +1,24 @@
+import {
+   parseTrafficSplitMethod,
+   TrafficSplitMethod
+} from './trafficSplitMethod.js'
+
+describe('Traffic split method type', () => {
+   test('it has required values', () => {
+      const vals = <any>Object.values(TrafficSplitMethod)
+      expect(vals.includes('pod')).toBe(true)
+      expect(vals.includes('smi')).toBe(true)
+   })
+
+   test('it can parse valid values from a string', () => {
+      expect(parseTrafficSplitMethod('pod')).toBe(TrafficSplitMethod.POD)
+      expect(parseTrafficSplitMethod('Pod')).toBe(TrafficSplitMethod.POD)
+      expect(parseTrafficSplitMethod('poD')).toBe(TrafficSplitMethod.POD)
+      expect(parseTrafficSplitMethod('POD')).toBe(TrafficSplitMethod.POD)
+   })
+
+   test("it will return undefined if it can't parse values from a string", () => {
+      expect(parseTrafficSplitMethod('invalid')).toBe(undefined)
+      expect(parseTrafficSplitMethod('unsupportedType')).toBe(undefined)
+   })
+})
@@ -0,0 +1,19 @@
+export enum TrafficSplitMethod {
+   POD = 'pod',
+   SMI = 'smi'
+}
+
+/**
+ * Converts a string to the TrafficSplitMethod enum
+ * @param str The traffic split method (case insensitive)
+ * @returns The TrafficSplitMethod enum or undefined if it can't be parsed
+ */
+export const parseTrafficSplitMethod = (
+   str: string
+): TrafficSplitMethod | undefined =>
+   TrafficSplitMethod[
+      Object.keys(TrafficSplitMethod).filter(
+         (k) =>
+            TrafficSplitMethod[k].toString().toLowerCase() === str.toLowerCase()
+      )[0] as keyof typeof TrafficSplitMethod
+   ]
@@ -0,0 +1,12 @@
+import {createInlineArray} from './arrayUtils.js'
+
+describe('array utilities', () => {
+   it('creates an inline array', () => {
+      const strings = ['str1', 'str2', 'str3']
+      expect(createInlineArray(strings)).toBe(strings.join(','))
+
+      const string = 'str1'
+      expect(createInlineArray([string])).toBe(string)
+      expect(createInlineArray(string)).toBe(string)
+   })
+})
@@ -0,0 +1,6 @@
+export function createInlineArray(str: string | string[]): string {
+   if (typeof str === 'string') {
+      return str
+   }
+   return str.join(',')
+}
@@ -0,0 +1,20 @@
+import {vi} from 'vitest'
+vi.mock('@actions/io')
+
+import * as io from '@actions/io'
+import {checkDockerPath} from './dockerUtils.js'
+
+describe('docker utilities', () => {
+   it('checks if docker is installed', async () => {
+      // docker installed
+      const path = 'path'
+      vi.spyOn(io, 'which').mockImplementationOnce(async () => path)
+      expect(() => checkDockerPath()).not.toThrow()
+
+      // docker not installed
+      vi.spyOn(io, 'which').mockImplementationOnce(async () => {
+         throw new Error('not found')
+      })
+      await expect(() => checkDockerPath()).rejects.toThrow()
+   })
+})
@@ -0,0 +1,79 @@
+import * as io from '@actions/io'
+import {DeploymentConfig} from '../types/deploymentConfig.js'
+import * as core from '@actions/core'
+import {DockerExec} from '../types/docker.js'
+import {getNormalizedPath} from './githubUtils.js'
+
+export async function getDeploymentConfig(): Promise<DeploymentConfig> {
+   let helmChartPaths: string[] =
+      process.env?.HELM_CHART_PATHS?.split(';').filter((path) => path != '') ||
+      []
+   helmChartPaths = helmChartPaths.map((helmchart) =>
+      getNormalizedPath(helmchart.trim())
+   )
+
+   let inputManifestFiles: string[] =
+      core
+         .getInput('manifests')
+         .split(/[\n,;]+/)
+         .filter((manifest) => manifest.trim().length > 0) || []
+   if (helmChartPaths?.length == 0) {
+      inputManifestFiles = inputManifestFiles.map((manifestFile) =>
+         getNormalizedPath(manifestFile)
+      )
+   }
+
+   const imageNames =
+      core
+         .getInput('images')
+         .split('\n')
+         .filter((image) => image.length > 0) || []
+   const imageDockerfilePathMap: {[id: string]: string} = {}
+
+   const pullImages = !(core.getInput('pull-images').toLowerCase() === 'false')
+   if (pullImages) {
+      //Fetching from image label if available
+      for (const image of imageNames) {
+         try {
+            imageDockerfilePathMap[image] = await getDockerfilePath(image)
+         } catch (ex) {
+            core.warning(
+               `Failed to get dockerfile path for image ${image.toString()}: ${ex} `
+            )
+         }
+      }
+   }
+
+   return Promise.resolve(<DeploymentConfig>{
+      manifestFilePaths: inputManifestFiles,
+      helmChartFilePaths: helmChartPaths,
+      dockerfilePaths: imageDockerfilePathMap
+   })
+}
+
+async function getDockerfilePath(image: any): Promise<string> {
+   await checkDockerPath()
+   const dockerExec: DockerExec = new DockerExec('docker')
+   await dockerExec.pull(image, [], false)
+
+   const imageInspectResult: string = await dockerExec.inspect(image, [], false)
+   const imageConfig = JSON.parse(imageInspectResult)[0]
+   const DOCKERFILE_PATH_LABEL_KEY = 'dockerfile-path'
+
+   let pathValue: string = ''
+   if (
+      imageConfig?.Config?.Labels &&
+      imageConfig?.Config?.Labels[DOCKERFILE_PATH_LABEL_KEY]
+   ) {
+      const pathLabel = imageConfig.Config.Labels[DOCKERFILE_PATH_LABEL_KEY]
+      pathValue = getNormalizedPath(pathLabel)
+   }
+   return Promise.resolve(pathValue)
+}
+
+export async function checkDockerPath() {
+   const dockerPath = await io.which('docker', false)
+   if (!dockerPath) {
+      throw new Error('Docker is not installed.')
+   }
+}
@@ -0,0 +1,167 @@
+import {vi, type Mocked} from 'vitest'
+import {parseDuration} from './durationUtils.js'
+import * as core from '@actions/core'
+
+// Mock core.debug
+vi.mock('@actions/core')
+const mockCore = core as Mocked<typeof core>
+
+// Test data constants
+const VALID_TIMEOUTS = {
+   withUnits: ['5s', '10m', '1h', '500ms'],
+   decimals: ['0.5s', '1.25m', '2.5h'],
+   caseInsensitive: ['5S', '10M', '1H'],
+   expectedLowercase: ['5s', '10m', '1h'],
+   bareNumbers: ['5', '15', '120'],
+   expectedWithMinutes: ['5m', '15m', '120m'],
+   whitespace: ['  10s', '1m  ', '\t2h\n'],
+   expectedTrimmed: ['10s', '1m', '2h'],
+   rangeValid: ['1ms', '999ms', '0.5s', '1439m', '23.999h'],
+   edgeCases: ['0.001s', '0.0167m', '24h']
+}
+
+const INVALID_TIMEOUTS = {
+   badFormats: ['', 'abc', '30x', '30 s', '30sm'],
+   negative: ['-5m', '-1s', '-0.5h'],
+   zero: ['0s', '0m', '0h', '0ms'],
+   belowMin: ['0.0001s', '0.00001ms'],
+   aboveMax: ['25h', '1441m', '86401s']
+}
+
+const ERROR_MESSAGES = {
+   invalidFormat: (input: string) =>
+      `Invalid duration format: "${input}". Use: number + unit (30s, 5m, 1h) or just number (assumes minutes)`,
+   notPositive: (input: string) => `Duration must be positive: "${input}"`,
+   outOfRange: (input: string) =>
+      `Duration out of range (1ms to 24h): "${input}"`
+}
+
+// Helper functions
+const expectValidTimeout = (input: string, expected: string) => {
+   expect(parseDuration(input)).toBe(expected)
+}
+
+const expectInvalidTimeout = (input: string, expectedError: string) => {
+   expect(() => parseDuration(input)).toThrow(expectedError)
+}
+
+describe('validateTimeoutDuration', () => {
+   beforeEach(() => {
+      vi.clearAllMocks()
+   })
+
+   describe('valid timeout formats', () => {
+      const validCases: Array<[string, string, string]> = [
+         ...VALID_TIMEOUTS.withUnits.map((v): [string, string, string] => [
+            v,
+            v,
+            'accepts number with valid units'
+         ]),
+         ...VALID_TIMEOUTS.decimals.map((v): [string, string, string] => [
+            v,
+            v,
+            'accepts decimal number with units'
+         ]),
+         ...VALID_TIMEOUTS.caseInsensitive.map(
+            (v, i): [string, string, string] => [
+               v,
+               VALID_TIMEOUTS.expectedLowercase[i],
+               'handles case-insensitive units'
+            ]
+         ),
+         ...VALID_TIMEOUTS.bareNumbers.map((v, i): [string, string, string] => [
+            v,
+            VALID_TIMEOUTS.expectedWithMinutes[i],
+            'assumes minutes for bare numbers'
+         ]),
+         ...VALID_TIMEOUTS.whitespace.map((v, i): [string, string, string] => [
+            v,
+            VALID_TIMEOUTS.expectedTrimmed[i],
+            'trims whitespace'
+         ])
+      ]
+
+      test.each(validCases)('%s → %s (%s)', (input, expected, description) => {
+         expectValidTimeout(input, expected)
+      })
+
+      test('logs assumption for bare numbers only', () => {
+         parseDuration('5')
+         expect(mockCore.debug).toHaveBeenCalledWith(
+            'No unit specified for timeout "5", assuming minutes'
+         )
+
+         vi.clearAllMocks()
+
+         parseDuration('30s')
+         expect(mockCore.debug).not.toHaveBeenCalled()
+      })
+   })
+
+   describe('invalid timeout formats', () => {
+      const invalidCases: Array<[string, string]> = [
+         ...INVALID_TIMEOUTS.badFormats.map((t): [string, string] => [
+            t,
+            ERROR_MESSAGES.invalidFormat(t)
+         ]),
+         ...INVALID_TIMEOUTS.negative.map((t): [string, string] => [
+            t,
+            ERROR_MESSAGES.invalidFormat(t)
+         ]),
+         ...INVALID_TIMEOUTS.zero.map((t): [string, string] => [
+            t,
+            ERROR_MESSAGES.notPositive(t)
+         ])
+      ]
+
+      test.each(invalidCases)('rejects %s', (input, expectedError) => {
+         expectInvalidTimeout(input, expectedError)
+      })
+   })
+
+   describe('range validation', () => {
+      const rangeCases: Array<[string, string, boolean]> = [
+         ...VALID_TIMEOUTS.rangeValid.map((v): [string, string, boolean] => [
+            v,
+            v,
+            true
+         ]),
+         ...INVALID_TIMEOUTS.belowMin.map((v): [string, string, boolean] => [
+            v,
+            ERROR_MESSAGES.outOfRange(v),
+            false
+         ]),
+         ...INVALID_TIMEOUTS.aboveMax.map((v): [string, string, boolean] => [
+            v,
+            ERROR_MESSAGES.outOfRange(v),
+            false
+         ]),
+         ...VALID_TIMEOUTS.edgeCases.map((v): [string, string, boolean] => [
+            v,
+            v,
+            true
+         ])
+      ]
+
+      test.each(rangeCases)('%s is %s', (input, expected, isValid) => {
+         if (isValid) {
+            expectValidTimeout(input, expected)
+         } else {
+            expectInvalidTimeout(input, expected)
+         }
+      })
+   })
+
+   describe('edge cases', () => {
+      test.each([
+         ['0.001s', '0.001s'],
+         ['0.0167m', '0.0167m'],
+         ['23.999h', '23.999h'],
+         ['1439m', '1439m'],
+         ['5.0m', '5m'],
+         ['005s', '5s']
+      ])('parses and normalizes: %s → %s', (input, expected) => {
+         expectValidTimeout(input, expected)
+      })
+   })
+})
@@ -0,0 +1,38 @@
+import * as core from '@actions/core'
+
+export function parseDuration(duration: string): string {
+   const trimmed = duration.trim()
+
+   // Parse number and optional unit using regex
+   const match = /^(\d+(?:\.\d+)?)(ms|s|m|h)?$/i.exec(trimmed)
+   if (!match) {
+      throw new Error(
+         `Invalid duration format: "${duration}". Use: number + unit (30s, 5m, 1h) or just number (assumes minutes)`
+      )
+   }
+
+   const value = parseFloat(match[1])
+   const unit = match[2]?.toLowerCase() || 'm'
+
+   if (value <= 0) {
+      throw new Error(`Duration must be positive: "${duration}"`)
+   }
+
+   // Calculate total seconds for validation
+   const multipliers = {ms: 0.001, s: 1, m: 60, h: 3600}
+   const totalSeconds = value * multipliers[unit as keyof typeof multipliers]
+
+   // Validate bounds (1ms to 24h)
+   if (totalSeconds < 0.001 || totalSeconds > 86400) {
+      throw new Error(`Duration out of range (1ms to 24h): "${duration}"`)
+   }
+
+   // Log assumption for bare numbers (when no unit was provided)
+   if (!duration.trim().match(/\d+(ms|s|m|h)$/i)) {
+      core.debug(
+         `No unit specified for timeout "${duration}", assuming minutes`
+      )
+   }
+
+   return `${value}${unit}`
+}
@@ -0,0 +1,124 @@
+import {vi} from 'vitest'
+import * as fileUtils from './fileUtils.js'
+
+import * as yaml from 'js-yaml'
+import fs from 'node:fs'
+import * as path from 'path'
+import {K8sObject} from '../types/k8sObject.js'
+
+const sampleYamlUrl =
+   'https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/controllers/nginx-deployment.yaml'
+describe('File utils', () => {
+   test('correctly parses a yaml file from a URL', async () => {
+      const tempFile = await fileUtils.writeYamlFromURLToFile(sampleYamlUrl, 0)
+      const fileContents = fs.readFileSync(tempFile).toString()
+      const inputObjects: K8sObject[] = yaml.loadAll(
+         fileContents
+      ) as K8sObject[]
+      expect(inputObjects).toHaveLength(1)
+
+      for (const obj of inputObjects) {
+         expect(obj.metadata.name).toBe('nginx-deployment')
+         expect(obj.kind).toBe('Deployment')
+      }
+   })
+
+   it('fails when a bad URL is given among other files', async () => {
+      const badUrl = 'https://www.github.com'
+
+      const testPath = path.join('test', 'unit', 'manifests')
+      await expect(
+         fileUtils.getFilesFromDirectoriesAndURLs([testPath, badUrl])
+      ).rejects.toThrow()
+   })
+
+   it('detects files in nested directories with the same name and ignores non-manifest files and empty dirs', async () => {
+      const testPath = path.join('test', 'unit', 'manifests')
+      const testSearch: string[] =
+         await fileUtils.getFilesFromDirectoriesAndURLs([
+            testPath,
+            sampleYamlUrl
+         ])
+
+      const expectedManifests = [
+         'test/unit/manifests/manifest_test_dir/another_layer/test-ingress.yaml',
+         'test/unit/manifests/manifest_test_dir/another_layer/nested-test-service.yaml',
+         'test/unit/manifests/manifest_test_dir/nested-test-service.yaml',
+         'test/unit/manifests/test-ingress.yml',
+         'test/unit/manifests/test-ingress-new.yml',
+         'test/unit/manifests/test-service.yml',
+         'test/unit/manifests/basic-test.yml'
+      ]
+
+      expect(testSearch).toHaveLength(10)
+      expectedManifests.forEach((fileName) => {
+         if (fileName.startsWith('test/unit')) {
+            expect(testSearch).toContain(fileName)
+         } else {
+            expect(fileName.includes(fileUtils.urlFileKind)).toBe(true)
+            expect(fileName.startsWith(fileUtils.getTempDirectory()))
+         }
+      })
+   })
+
+   it('crashes when an invalid file is provided', async () => {
+      const badPath = path.join('test', 'unit', 'manifests', 'nonexistent.yaml')
+      const goodPath = path.join(
+         'test',
+         'unit',
+         'manifests',
+         'manifest_test_dir'
+      )
+
+      await expect(
+         fileUtils.getFilesFromDirectoriesAndURLs([badPath, goodPath])
+      ).rejects.toThrow()
+   })
+
+   it("doesn't duplicate files when nested dir included", async () => {
+      const outerPath = path.join('test', 'unit', 'manifests')
+      const fileAtOuter = path.join(
+         'test',
+         'unit',
+         'manifests',
+         'test-service.yml'
+      )
+      const innerPath = path.join(
+         'test',
+         'unit',
+         'manifests',
+         'manifest_test_dir'
+      )
+
+      expect(
+         await fileUtils.getFilesFromDirectoriesAndURLs([
+            outerPath,
+            fileAtOuter,
+            innerPath
+         ])
+      ).toHaveLength(9)
+   })
+
+   it('throws an error for an invalid URL', async () => {
+      const badUrl = 'https://www.github.com'
+      await expect(
+         fileUtils.writeYamlFromURLToFile(badUrl, 0)
+      ).rejects.toBeTruthy()
+   })
+})
+
+describe('moving files to temp', () => {
+   it('correctly moves the contents of a file to the temporary directory', () => {
+      vi.spyOn(fs, 'writeFileSync').mockImplementation(() => {})
+      vi.spyOn(fs, 'readFileSync').mockImplementation((filename) => {
+         return 'test contents'
+      })
+      const originalFilePath = path.join('path', 'in', 'repo')
+
+      const output = fileUtils.moveFileToTmpDir(originalFilePath)
+
+      expect(output).toEqual(
+         path.join(fileUtils.getTempDirectory(), '/path/in/repo')
+      )
+   })
+})
@@ -0,0 +1,235 @@
+import fs from 'node:fs'
+import * as https from 'https'
+import * as path from 'path'
+import * as core from '@actions/core'
+import * as os from 'os'
+import * as yaml from 'js-yaml'
+import {Errorable, succeeded, failed, Failed} from '../types/errorable.js'
+import {getCurrentTime} from './timeUtils.js'
+import {isHttpUrl} from './githubUtils.js'
+import {K8sObject} from '../types/k8sObject.js'
+
+export const urlFileKind = 'urlfile'
+
+export function getTempDirectory(): string {
+   return process.env['RUNNER_TEMP'] || os.tmpdir()
+}
+
+export function writeObjectsToFile(inputObjects: any[]): string[] {
+   const newFilePaths = []
+
+   inputObjects.forEach((inputObject: any) => {
+      try {
+         const inputObjectString = JSON.stringify(inputObject)
+
+         if (inputObject?.metadata?.name) {
+            const fileName = getNewTempManifestFileName(
+               inputObject.kind,
+               inputObject.metadata.name
+            )
+            fs.writeFileSync(path.join(fileName), inputObjectString)
+            newFilePaths.push(fileName)
+         } else {
+            core.debug(
+               'Input object is not proper K8s resource object. Object: ' +
+                  inputObjectString
+            )
+         }
+      } catch (ex) {
+         core.debug(
+            `Exception occurred while writing object to file ${inputObject}: ${ex}`
+         )
+      }
+   })
+
+   return newFilePaths
+}
+
+export function writeManifestToFile(
+   inputObjectString: string,
+   kind: string,
+   name: string
+): string {
+   if (inputObjectString) {
+      try {
+         const fileName = getNewTempManifestFileName(kind, name)
+         fs.writeFileSync(path.join(fileName), inputObjectString)
+         return fileName
+      } catch (ex) {
+         throw Error(
+            `Exception occurred while writing object to file: ${inputObjectString}. Exception: ${ex}`
+         )
+      }
+   }
+}
+
+export function moveFileToTmpDir(originalFilepath: string) {
+   const tempDirectory = getTempDirectory()
+   const newPath = path.join(tempDirectory, originalFilepath)
+
+   core.debug(`reading original contents from path: ${originalFilepath}`)
+   const contents = fs.readFileSync(originalFilepath).toString()
+
+   const dirName = path.dirname(newPath)
+   if (!fs.existsSync(dirName)) {
+      core.debug(`path ${dirName} doesn't exist yet, making new dir...`)
+      fs.mkdirSync(dirName, {recursive: true})
+   }
+   core.debug(`writing contents to new path ${newPath}`)
+   fs.writeFileSync(path.join(newPath), contents)
+
+   core.debug(`moved contents from ${originalFilepath} to ${newPath}`)
+
+   return newPath
+}
+
+function getNewTempManifestFileName(kind: string, name: string) {
+   const filePath = `${kind}_${name}_${getCurrentTime().toString()}`
+   const tempDirectory = getTempDirectory()
+   return path.join(tempDirectory, path.basename(filePath))
+}
+
+export async function getFilesFromDirectoriesAndURLs(
+   filePaths: string[]
+): Promise<string[]> {
+   const fullPathSet: Set<string> = new Set<string>()
+
+   let fileCounter = 0
+   for (const fileName of filePaths) {
+      try {
+         if (isHttpUrl(fileName)) {
+            try {
+               const tempFilePath: string = await writeYamlFromURLToFile(
+                  fileName,
+                  fileCounter++
+               )
+               fullPathSet.add(tempFilePath)
+            } catch (e) {
+               throw Error(
+                  `encountered error trying to pull YAML from URL ${fileName}: ${e}`
+               )
+            }
+         } else if (fs.lstatSync(fileName).isDirectory()) {
+            recurisveManifestGetter(fileName).forEach((file) => {
+               fullPathSet.add(file)
+            })
+         } else if (
+            getFileExtension(fileName) === 'yml' ||
+            getFileExtension(fileName) === 'yaml'
+         ) {
+            fullPathSet.add(fileName)
+         } else {
+            core.debug(
+               `Detected non-manifest file, ${fileName}, continuing... `
+            )
+         }
+      } catch (ex) {
+         throw Error(
+            `Exception occurred while reading the file ${fileName}: ${ex}`
+         )
+      }
+   }
+
+   const arr = Array.from(fullPathSet)
+   return arr
+}
+
+export async function writeYamlFromURLToFile(
+   url: string,
+   fileNumber: number
+): Promise<string> {
+   return new Promise((resolve, reject) => {
+      https
+         .get(url, async (response) => {
+            const code = response.statusCode ?? 0
+            if (code >= 400) {
+               reject(
+                  Error(
+                     `received response status ${response.statusMessage} from url ${url}`
+                  )
+               )
+            }
+
+            const targetPath = getNewTempManifestFileName(
+               urlFileKind,
+               fileNumber.toString()
+            )
+            // save the file to disk
+            const fileWriter = fs
+               .createWriteStream(targetPath)
+               .on('finish', () => {
+                  const verification = verifyYaml(targetPath, url)
+                  if (succeeded(verification)) {
+                     core.debug(
+                        `outputting YAML contents from ${url} to ${targetPath}: ${JSON.stringify(
+                           verification.result
+                        )}`
+                     )
+                     resolve(targetPath)
+                  } else {
+                     reject(verification.error)
+                  }
+               })
+
+            response.pipe(fileWriter)
+         })
+         .on('error', (error) => {
+            reject(error)
+         })
+   })
+}
+
+function verifyYaml(filepath: string, url: string): Errorable<K8sObject[]> {
+   const fileContents = fs.readFileSync(filepath).toString()
+   let inputObjects
+   try {
+      inputObjects = yaml.loadAll(fileContents)
+   } catch (e) {
+      return {
+         succeeded: false,
+         error: `failed to parse manifest from url ${url}: ${e}`
+      }
+   }
+
+   if (!inputObjects || inputObjects.length == 0) {
+      return {
+         succeeded: false,
+         error: `failed to parse manifest from url ${url}: no objects detected in manifest`
+      }
+   }
+
+   for (const obj of inputObjects) {
+      if (!obj.kind || !obj.apiVersion || !obj.metadata) {
+         return {
+            succeeded: false,
+            error: `failed to parse manifest from ${url}: missing fields`
+         }
+      }
+   }
+
+   return {succeeded: true, result: inputObjects}
+}
+
+function recurisveManifestGetter(dirName: string): string[] {
+   const toRet: string[] = []
+
+   fs.readdirSync(dirName).forEach((fileName) => {
+      const fnwd: string = path.join(dirName, fileName)
+      if (fs.lstatSync(fnwd).isDirectory()) {
+         toRet.push(...recurisveManifestGetter(fnwd))
+      } else if (
+         getFileExtension(fileName) === 'yml' ||
+         getFileExtension(fileName) === 'yaml'
+      ) {
+         toRet.push(path.join(dirName, fileName))
+      } else {
+         core.debug(`Detected non-manifest file, ${fileName}, continuing... `)
+      }
+   })
+
+   return toRet
+}
+
+function getFileExtension(fileName: string) {
+   return fileName.slice(((fileName.lastIndexOf('.') - 1) >>> 0) + 2)
+}
@@ -0,0 +1,48 @@
+import {
+   getNormalizedPath,
+   isHttpUrl,
+   normalizeWorkflowStrLabel
+} from './githubUtils.js'
+
+describe('Github utils', () => {
+   it('normalizes workflow string labels', () => {
+      const workflowsPath = '.github/workflows/'
+
+      const path = 'test/path/test'
+      expect(normalizeWorkflowStrLabel(workflowsPath + path)).toBe(path)
+      expect(normalizeWorkflowStrLabel(path)).toBe(path)
+      expect(normalizeWorkflowStrLabel(path + workflowsPath)).toBe(
+         path + workflowsPath
+      )
+      expect(normalizeWorkflowStrLabel(path + ' ' + path)).toBe(
+         path + '_' + path
+      )
+   })
+
+   it('normalizes path', () => {
+      const httpUrl = 'http://www.test.com'
+      expect(getNormalizedPath(httpUrl)).toBe(httpUrl)
+
+      const httpsUrl = 'https://www.test.com'
+      expect(getNormalizedPath(httpsUrl)).toBe(httpsUrl)
+
+      const repo = 'gh_repo'
+      const sha = 'gh_sha'
+      const path = 'path'
+      process.env.GITHUB_REPOSITORY = repo
+      process.env.GITHUB_SHA = sha
+      expect(getNormalizedPath(path)).toBe(
+         `https://github.com/${repo}/blob/${sha}/${path}`
+      )
+   })
+
+   it('checks if url is http', () => {
+      expect(isHttpUrl('www.test.com')).toBe(false)
+      expect(isHttpUrl('http.test.com')).toBe(false)
+      expect(isHttpUrl('http:.test.com')).toBe(false)
+      expect(isHttpUrl('http:/.test.com')).toBe(false)
+
+      expect(isHttpUrl('https://www.test.com')).toBe(true)
+      expect(isHttpUrl('http://wwww.test.com')).toBe(true)
+   })
+})
@@ -0,0 +1,54 @@
+import {GitHubClient, OkStatusCode} from '../types/githubClient.js'
+import * as core from '@actions/core'
+
+export async function getWorkflowFilePath(
+   githubToken: string
+): Promise<string> {
+   let workflowFilePath = process.env.GITHUB_WORKFLOW
+   if (!workflowFilePath.startsWith('.github/workflows/')) {
+      const githubClient = new GitHubClient(
+         process.env.GITHUB_REPOSITORY,
+         githubToken
+      )
+      const response = await githubClient.getWorkflows()
+      if (response) {
+         if (response.status === OkStatusCode && response.data.total_count) {
+            if (response.data.total_count > 0) {
+               for (const workflow of response.data.workflows) {
+                  if (process.env.GITHUB_WORKFLOW === workflow.name) {
+                     workflowFilePath = workflow.path
+                     break
+                  }
+               }
+            }
+         } else if (response.status != OkStatusCode) {
+            core.error(
+               `An error occurred while getting list of workflows on the repo. Status code: ${response.status}`
+            )
+         }
+      } else {
+         core.error(`Failed to get response from workflow list API`)
+      }
+   }
+   return Promise.resolve(workflowFilePath)
+}
+
+export function normalizeWorkflowStrLabel(workflowName: string): string {
+   const workflowsPath = '.github/workflows/'
+   workflowName = workflowName.startsWith(workflowsPath)
+      ? workflowName.replace(workflowsPath, '')
+      : workflowName
+   return workflowName.replace(/ /g, '_')
+}
+
+export function getNormalizedPath(pathValue: string) {
+   if (!isHttpUrl(pathValue)) {
+      //if it is not an http url then convert to link from current repo and commit
+      return `https://github.com/${process.env.GITHUB_REPOSITORY}/blob/${process.env.GITHUB_SHA}/${pathValue}`
+   }
+   return pathValue
+}
+
+export function isHttpUrl(url: string) {
+   return /^https?:\/\/.*$/.test(url)
+}
--- a/Show More
+++ b/Show More