Update CODEOWNERS

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/CODEOWNERS

@@ -1 +1 @@
-* @Azure/aks-atlanta
+* @Azure/cloud-native-github-action-owners

.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates:
+   - package-ecosystem: npm
+     directory: /
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'
+   - package-ecosystem: github-actions
+     directory: .github/workflows
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'

.github/workflows/codeql.yml

@@ -0,0 +1,91 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: 'CodeQL Advanced'
+
+on:
+   push:
+      branches: ['main']
+   pull_request:
+      branches: ['main']
+   schedule:
+      - cron: '15 9 * * 0'
+
+jobs:
+   analyze:
+      name: Analyze (${{ matrix.language }})
+      # Runner size impacts CodeQL analysis time. To learn more, please see:
+      #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+      #   - https://gh.io/supported-runners-and-hardware-resources
+      #   - https://gh.io/using-larger-runners (GitHub.com only)
+      # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+      runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+      permissions:
+         # required for all workflows
+         security-events: write
+
+         # required to fetch internal or private CodeQL packs
+         packages: read
+
+         # only required for workflows in private repositories
+         actions: read
+         contents: read
+
+      strategy:
+         fail-fast: false
+         matrix:
+            include:
+               - language: javascript-typescript
+                 build-mode: none
+            # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+            # Use `c-cpp` to analyze code written in C, C++ or both
+            # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+            # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+            # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+            # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+            # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+            # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+      steps:
+         - name: Checkout repository
+           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+         # Initializes the CodeQL tools for scanning.
+         - name: Initialize CodeQL
+           uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
+           with:
+              languages: ${{ matrix.language }}
+              build-mode: ${{ matrix.build-mode }}
+              # If you wish to specify custom queries, you can do so here or in a config file.
+              # By default, queries listed here will override any specified in a config file.
+              # Prefix the list here with "+" to use these queries and those in the config file.
+
+              # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+              # queries: security-extended,security-and-quality
+
+         # If the analyze step fails for one of the languages you are analyzing with
+         # "We were unable to automatically build your code", modify the matrix above
+         # to set the build mode to "manual" for that language. Then modify this step
+         # to build your code.
+         # ℹ️ Command-line programs to run using the OS shell.
+         # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+         - if: matrix.build-mode == 'manual'
+           shell: bash
+           run: |
+              echo 'If you are using a "manual" build mode for one or more of the' \
+                'languages you are analyzing, replace this with the commands to build' \
+                'your code, for example:'
+              echo '  make bootstrap'
+              echo '  make release'
+              exit 1
+         - name: Perform CodeQL Analysis
+           uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
+           with:
+              category: '/language:${{matrix.language}}'

.github/workflows/default-labels.yml

@@ -13,7 +13,7 @@ jobs:
 
       # Steps represent a sequence of tasks that will be executed as part of the job
       steps:
-         - uses: actions/stale@v3
+         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
            name: Setting Issue as Idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -24,7 +24,7 @@ jobs:
               operations-per-run: 100
               exempt-issue-labels: 'backlog'
 
-         - uses: actions/stale@v3
+         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
            name: Setting PR as Idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/integration-tests.yml

@@ -15,7 +15,7 @@ jobs:
       steps:
          - name: Checkout Source Code
            id: checkout-code
-           uses: actions/checkout@v2
+           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
          - name: Npm Install and Build
            id: npm-build
            run: |

.github/workflows/prettify-code.yml

@@ -1,4 +1,4 @@
-name: 'Run prettify'
+name: 'Run Prettify'
 on:
    pull_request:
    push:
@@ -10,9 +10,16 @@ jobs:
       runs-on: ubuntu-latest
       steps:
          - name: Checkout Repository
-           uses: actions/checkout@v2
+           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-         - name: Enforce Prettier
-           uses: actionsx/prettier@v2
+         - name: Setup Node.js
+           uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
            with:
-              args: --check .
+              node-version: 'lts/*'
+              cache: 'npm'
+
+         - name: Install Dependencies
+           run: npm ci
+
+         - name: Run Prettier Check
+           run: npx prettier --check .

.github/workflows/release-pr.yml

@@ -1,14 +1,18 @@
-name: Create release PR
+name: Release Project
 
 on:
+   push:
+      branches:
+         - main
+      paths:
+         - CHANGELOG.md
    workflow_dispatch:
-      inputs:
-         release:
-            description: 'Define release version (ex: v1, v2, v3)'
-            required: true
 
 jobs:
-   release-pr:
-      uses: OliverMKing/javascript-release-workflow/.github/workflows/release-pr.yml@main
+   release:
+      permissions:
+         actions: read
+         contents: write
+      uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@v1
       with:
-         release: ${{ github.event.inputs.release }}
+         changelogPath: ./CHANGELOG.md

.github/workflows/unit-tests.yml

@@ -13,7 +13,7 @@ jobs:
    unit-test:
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/checkout@v1
+         - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
          - name: Run Unit Tests
            run: |
               npm install

.husky/pre-commit

@@ -0,0 +1,7 @@
+npm test
+npm run format-check || {
+  echo ""
+  echo "❌ Formatting check failed."
+  echo "💡 Run 'npm run format' or 'prettier --write .' to fix formatting issues."
+  exit 1
+}

CHANGELOG.md

@@ -0,0 +1,10 @@
+# Change Log
+
+## [4.0.1] - 2024-09-06
+
+- #90 update dev dependencies with Typescript to 5
+- #89 Adding dependabot
+
+## [4.0.0] - 2024-02-13
+
+- #83 update to node20 as node16 is deprecated

README.md

@@ -19,7 +19,7 @@ Refer to the [action metadata file](./action.yml) for details about inputs. Note
 ### Kubeconfig approach
 
 ```yaml
-- uses: azure/k8s-set-context@v3
+- uses: azure/k8s-set-context@v4
   with:
      method: kubeconfig
      kubeconfig: <your kubeconfig>
@@ -50,7 +50,7 @@ Please refer to documentation on fetching [kubeconfig for any generic K8s cluste
 ### Service account approach
 
 ```yaml
-- uses: azure/k8s-set-context@v3
+- uses: azure/k8s-set-context@v4
   with:
      method: service-account
      k8s-url: <URL of the cluster's API server>
@@ -74,7 +74,7 @@ kubectl get secret <service-account-secret-name> -n <namespace> -o yaml
 ### Service account approach for arc cluster
 
 ```yaml
-- uses: azure/k8s-set-context@v3
+- uses: azure/k8s-set-context@v4
   with:
      method: service-account
      cluster-type: arc
@@ -86,7 +86,7 @@ kubectl get secret <service-account-secret-name> -n <namespace> -o yaml
 ### Service principal approach for arc cluster
 
 ```yaml
-- uses: azure/k8s-set-context@v3
+- uses: azure/k8s-set-context@v4
   with:
      method: service-principal
      cluster-type: arc

action.yml

@@ -13,6 +13,10 @@ inputs:
    kubeconfig:
       description: 'Contents of kubeconfig file'
       required: false
+   kubeconfig-encoding:
+      description: 'Encoding of the kubeconfig input. Accepts "plaintext" (default) or "base64".'
+      required: false
+      default: 'plaintext'
    context:
       description: 'If your kubeconfig has multiple contexts, use this field to use a specific context, otherwise the default one would be chosen'
       required: false
@@ -35,5 +39,5 @@ inputs:
 branding:
    color: 'blue'
 runs:
-   using: 'node16'
+   using: 'node20'
    main: 'lib/index.js'

babel.config.js

@@ -0,0 +1,7 @@
+// babel.config.js
+export default {
+   presets: [
+      '@babel/preset-env', // For handling ES modules
+      '@babel/preset-typescript' // For handling TypeScript
+   ]
+}

jest.config.js

@@ -1,4 +1,4 @@
-module.exports = {
+export default {
    restoreMocks: true,
    clearMocks: true,
    resetMocks: true,
@@ -6,8 +6,16 @@ module.exports = {
    testEnvironment: 'node',
    testMatch: ['**/*.test.ts'],
    transform: {
-      '^.+\\.ts$': 'ts-jest'
+      '^.+\\.ts$': 'ts-jest', // Use ts-jest for TypeScript files
+      '^.+\\.js$': 'babel-jest' // Transform TypeScript files
    },
+   transformIgnorePatterns: [
+      '/node_modules/(?!@kubernetes/client-node)/' // Make sure to transform the Kubernetes client module
+   ],
+   moduleNameMapper: {
+      '^.+\\.css$': 'jest-transform-stub' // Handle CSS imports (if any)
+   },
+   extensionsToTreatAsEsm: ['.ts', '.tsx'], // Treat TypeScript files as ESM
    verbose: true,
    coverageThreshold: {
       global: {

package.json

@@ -1,14 +1,17 @@
 {
    "name": "k8s-set-context-action",
-   "version": "1.0.0",
+   "version": "4.0.0",
    "private": true,
    "main": "lib/index.js",
+   "type": "module",
    "scripts": {
+      "prebuild": "npm i @vercel/ncc",
       "build": "ncc build src/run.ts -o lib",
       "test": "jest",
       "test-coverage": "jest --coverage",
       "format": "prettier --write .",
-      "format-check": "prettier --check ."
+      "format-check": "prettier --check .",
+      "prepare": "husky"
    },
    "keywords": [
       "actions",
@@ -18,20 +21,24 @@
    "author": "GitHub",
    "license": "MIT",
    "dependencies": {
-      "@actions/core": "^1.10.0",
-      "@actions/exec": "^1.0.0",
-      "@actions/io": "^1.1.2",
-      "@kubernetes/client-node": "^0.16.0",
+      "@actions/core": "^1.11.1",
+      "@actions/exec": "^1.1.1",
+      "@actions/io": "^1.1.3",
+      "@kubernetes/client-node": "^1.3.0",
+      "husky": "^9.1.7",
       "js-yaml": "^4.1.0"
    },
    "devDependencies": {
-      "@types/jest": "^28.1.2",
-      "@types/js-yaml": "^4.0.4",
-      "@types/node": "^16.0.0",
-      "@vercel/ncc": "^0.34.0",
-      "jest": "^28.1.1",
-      "prettier": "2.7.1",
-      "ts-jest": "^28.0.5",
-      "typescript": "4.7.4"
+      "@babel/preset-env": "^7.28.0",
+      "@babel/preset-typescript": "^7.27.1",
+      "@types/jest": "^30.0.0",
+      "@types/js-yaml": "^4.0.9",
+      "@types/node": "^24.0.15",
+      "@vercel/ncc": "^0.38.3",
+      "babel-jest": "^30.0.4",
+      "jest": "^30.0.4",
+      "prettier": "^3.6.2",
+      "ts-jest": "^29.4.0",
+      "typescript": "^5.8.3"
    }
 }

src/kubeconfigs/azCommands.test.ts

@@ -9,6 +9,6 @@ describe('Az commands', () => {
       jest.spyOn(actions, 'exec').mockImplementation(async () => 0)
 
       expect(await runAzCliCommand(path, args))
-      expect(actions.exec).toBeCalledWith(path, args, {})
+      expect(actions.exec).toHaveBeenCalledWith(path, args, {})
    })
 })

src/kubeconfigs/default.test.ts

@@ -1,4 +1,5 @@
 import * as fs from 'fs'
+import * as core from '@actions/core'
 import {getRequiredInputError} from '../../tests/util'
 import {createKubeconfig, getDefaultKubeconfig} from './default'
 
@@ -62,6 +63,47 @@ describe('Default kubeconfig', () => {
 
          expect(getDefaultKubeconfig()).toBe(kc)
       })
+
+      test('returns kubeconfig as plaintext when encoding is plaintext', () => {
+         const kc = 'example kc'
+         jest.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'method') return 'default'
+            if (name === 'kubeconfig-encoding') return 'plaintext'
+            if (name === 'kubeconfig') return kc
+            return ''
+         })
+         expect(getDefaultKubeconfig()).toBe(kc)
+      })
+
+      test('it gets default config through base64 kubeconfig input', () => {
+         const kc = 'example kc'
+         const base64Kc = Buffer.from(kc, 'utf-8').toString('base64')
+
+         jest.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'method') return 'default'
+            if (name === 'kubeconfig-encoding') return 'base64'
+            if (name === 'kubeconfig') return base64Kc
+            return ''
+         })
+
+         expect(getDefaultKubeconfig()).toBe(kc)
+      })
+
+      test('it throws error for unknown kubeconfig-encoding', () => {
+         const kc = 'example kc'
+         const unknownEncoding = 'foobar'
+
+         jest.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'method') return 'default'
+            if (name === 'kubeconfig-encoding') return unknownEncoding
+            if (name === 'kubeconfig') return kc
+            return ''
+         })
+
+         expect(() => getDefaultKubeconfig()).toThrow(
+            "Invalid kubeconfig-encoding: 'foobar'. Must be 'plaintext' or 'base64'."
+         )
+      })
    })
 
    test('it defaults to default method', () => {

src/kubeconfigs/default.ts

@@ -44,7 +44,27 @@ export function getDefaultKubeconfig(): string {
       }
       default: {
          core.debug('Setting context using kubeconfig')
-         return core.getInput('kubeconfig', {required: true})
+         enum Encoding {
+            Base64 = 'base64',
+            Plaintext = 'plaintext'
+         }
+
+         const rawKubeconfig = core.getInput('kubeconfig', {required: true})
+         const encoding =
+            core.getInput('kubeconfig-encoding')?.toLowerCase() ||
+            Encoding.Plaintext
+
+         if (encoding !== Encoding.Base64 && encoding !== Encoding.Plaintext) {
+            throw new Error(
+               `Invalid kubeconfig-encoding: '${encoding}'. Must be 'plaintext' or 'base64'.`
+            )
+         }
+         const kubeconfig =
+            encoding === Encoding.Base64
+               ? Buffer.from(rawKubeconfig, 'base64').toString('utf-8')
+               : rawKubeconfig
+
+         return kubeconfig
       }
    }
 }

tsconfig.json

@@ -1,8 +1,15 @@
 {
    "compilerOptions": {
-      "target": "ES6",
-      "module": "commonjs",
-      "esModuleInterop": true
+      "baseUrl": ".",
+      "module": "ESNext", // or "NodeNext" depending on your setup
+      "moduleResolution": "node",
+      "esModuleInterop": true,
+      "allowSyntheticDefaultImports": true,
+      "skipLibCheck": true,
+      "paths": {
+         "@actions/core": ["node_modules/@actions/core"],
+         "@kubernetes/client-node": ["node_modules/@kubernetes/client-node"]
+      }
    },
    "exclude": ["node_modules", "tests", "src/**/*.test.ts"]
 }