Bump the actions group in /.github/workflows with 2 updates (#218 )

Bumps the actions group in /.github/workflows with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [actions/stale](https://github.com/actions/stale). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](9e907b5e64...89a39a4e59) Updates `actions/stale` from 10.1.1 to 10.2.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](997185467f...b5d41d4e1d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/stale dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bump minimatch (#219 )
2026-03-03 12:23:46 +08:00 · 2026-03-02 14:01:22 -05:00 · 2026-03-02 13:03:01 -05:00 · 2026-02-17 19:43:54 -05:00 · 2026-02-17 15:20:02 -05:00 · 2026-02-10 12:48:31 -08:00
28 changed files with 7503 additions and 4047 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1 +1 @@
-* @Azure/aks-atlanta
+* @Azure/cloud-native-github-action-owners
--- a/.github/ISSUE_TEMPLATE/bugReportForm.yml
+++ b/.github/ISSUE_TEMPLATE/bugReportForm.yml
@ -0,0 +1,36 @@
+name: Bug Report
+description: File a bug report specifying all inputs you provided for the action, we will respond to this thread with any questions.
+title: 'Bug: '
+labels: ['bug', 'triage']
+assignees: '@Azure/aks-atlanta'
+body:
+   - type: textarea
+     id: What-happened
+     attributes:
+        label: What happened?
+        description: Tell us what happened and how is it different from the expected?
+        placeholder: Tell us what you see!
+     validations:
+        required: true
+   - type: checkboxes
+     id: Version
+     attributes:
+        label: Version
+        options:
+           - label: I am using the latest version
+             required: true
+   - type: input
+     id: Runner
+     attributes:
+        label: Runner
+        description: What runner are you using?
+        placeholder: Mention the runner info (self-hosted, operating system)
+     validations:
+        required: true
+   - type: textarea
+     id: Logs
+     attributes:
+        label: Relevant log output
+        description: Run in debug mode for the most verbose logs. Please feel free to attach a screenshot of the logs
+     validations:
+        required: true
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -0,0 +1,6 @@
+blank_issues_enabled: false
+contact_links:
+   - name: GitHub Action "k8s-set-context" Support
+     url: https://github.com/Azure/k8s-set-context
+     security: https://github.com/Azure/k8s-set-context/blob/main/SECURITY.md
+     about: Please ask and answer questions here.
--- a/.github/ISSUE_TEMPLATE/featureRequestForm.yml
+++ b/.github/ISSUE_TEMPLATE/featureRequestForm.yml
@ -0,0 +1,13 @@
+name: Feature Request
+description: File a Feature Request form, we will respond to this thread with any questions.
+title: 'Feature Request: '
+labels: ['Feature']
+assignees: '@Azure/aks-atlanta'
+body:
+   - type: textarea
+     id: Feature_request
+     attributes:
+        label: Feature request
+        description: Provide example functionality and links to relevant docs
+     validations:
+        required: true
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,18 @@
+version: 2
+updates:
+   - package-ecosystem: npm
+     directory: /
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'
+   - package-ecosystem: github-actions
+     directory: .github/workflows
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -0,0 +1,91 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: 'CodeQL Advanced'
+
+on:
+   push:
+      branches: ['main']
+   pull_request:
+      branches: ['main']
+   schedule:
+      - cron: '15 9 * * 0'
+
+jobs:
+   analyze:
+      name: Analyze (${{ matrix.language }})
+      # Runner size impacts CodeQL analysis time. To learn more, please see:
+      #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+      #   - https://gh.io/supported-runners-and-hardware-resources
+      #   - https://gh.io/using-larger-runners (GitHub.com only)
+      # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+      runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+      permissions:
+         # required for all workflows
+         security-events: write
+
+         # required to fetch internal or private CodeQL packs
+         packages: read
+
+         # only required for workflows in private repositories
+         actions: read
+         contents: read
+
+      strategy:
+         fail-fast: false
+         matrix:
+            include:
+               - language: javascript-typescript
+                 build-mode: none
+            # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+            # Use `c-cpp` to analyze code written in C, C++ or both
+            # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+            # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+            # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+            # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+            # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+            # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+      steps:
+         - name: Checkout repository
+           uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+         # Initializes the CodeQL tools for scanning.
+         - name: Initialize CodeQL
+           uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5
+           with:
+              languages: ${{ matrix.language }}
+              build-mode: ${{ matrix.build-mode }}
+              # If you wish to specify custom queries, you can do so here or in a config file.
+              # By default, queries listed here will override any specified in a config file.
+              # Prefix the list here with "+" to use these queries and those in the config file.
+
+              # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+              # queries: security-extended,security-and-quality
+
+         # If the analyze step fails for one of the languages you are analyzing with
+         # "We were unable to automatically build your code", modify the matrix above
+         # to set the build mode to "manual" for that language. Then modify this step
+         # to build your code.
+         # ℹ️ Command-line programs to run using the OS shell.
+         # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+         - if: matrix.build-mode == 'manual'
+           shell: bash
+           run: |
+              echo 'If you are using a "manual" build mode for one or more of the' \
+                'languages you are analyzing, replace this with the commands to build' \
+                'your code, for example:'
+              echo '  make bootstrap'
+              echo '  make release'
+              exit 1
+         - name: Perform CodeQL Analysis
+           uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5
+           with:
+              category: '/language:${{matrix.language}}'
--- a/.github/workflows/default-labels.yml
+++ b/.github/workflows/default-labels.yml
@ -13,7 +13,7 @@ jobs:

      # Steps represent a sequence of tasks that will be executed as part of the job
      steps:
-         - uses: actions/stale@v3
+         - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
           name: Setting Issue as Idle
           with:
              repo-token: ${{ secrets.GITHUB_TOKEN }}
@ -24,7 +24,7 @@ jobs:
              operations-per-run: 100
              exempt-issue-labels: 'backlog'

-         - uses: actions/stale@v3
+         - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
           name: Setting PR as Idle
           with:
              repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@ -15,12 +15,13 @@ jobs:
      steps:
         - name: Checkout Source Code
           id: checkout-code
-           uses: actions/checkout@v2
+           uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         - name: Npm Install and Build
           id: npm-build
           run: |
              npm install
-              npm run build
+         - name: Build
+           run: npm run build
         - name: Set Context
           uses: ./
           with:
--- a/.github/workflows/prettify-code.yml
+++ b/.github/workflows/prettify-code.yml
@ -1,4 +1,4 @@
-name: 'Run prettify'
+name: 'Run Prettify'
 on:
   pull_request:
   push:
@ -10,9 +10,16 @@ jobs:
      runs-on: ubuntu-latest
      steps:
         - name: Checkout Repository
-           uses: actions/checkout@v2
+           uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

-         - name: Enforce Prettier
-           uses: actionsx/prettier@v2
+         - name: Setup Node.js
+           uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
           with:
-              args: --check .
+              node-version: 'lts/*'
+              cache: 'npm'
+
+         - name: Install Dependencies
+           run: npm ci
+
+         - name: Run Prettier Check
+           run: npx prettier --check .
--- a/.github/workflows/release-pr.yml
+++ b/.github/workflows/release-pr.yml
@ -1,14 +1,18 @@
-name: Create release PR
+name: Release Project

 on:
+   push:
+      branches:
+         - main
+      paths:
+         - CHANGELOG.md
   workflow_dispatch:
-      inputs:
-         release:
-            description: 'Define release version (ex: v1, v2, v3)'
-            required: true

 jobs:
-   release-pr:
-      uses: OliverMKing/javascript-release-workflow/.github/workflows/release-pr.yml@main
+   release:
+      permissions:
+         actions: read
+         contents: write
+      uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@v1
      with:
-         release: ${{ github.event.inputs.release }}
+         changelogPath: ./CHANGELOG.md
--- a/.github/workflows/unit-tests.yml
+++ b/.github/workflows/unit-tests.yml
@ -13,7 +13,7 @@ jobs:
   unit-test:
      runs-on: ubuntu-latest
      steps:
-         - uses: actions/checkout@v1
+         - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         - name: Run Unit Tests
           run: |
              npm install
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@ -0,0 +1,7 @@
+npm test
+npm run format-check || {
+  echo ""
+  echo "❌ Formatting check failed."
+  echo "💡 Run 'npm run format' or 'prettier --write .' to fix formatting issues."
+  exit 1
+}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,15 @@
+# Change Log
+
+## [4.0.2] - 2025-11-13
+
+- #[164](https://github.com/Azure/k8s-set-context/pull/164) Adding optional kubeconfig encoding variable
+- Dependabot updates
+
+## [4.0.1] - 2024-09-06
+
+- #90 update dev dependencies with Typescript to 5
+- #89 Adding dependabot
+
+## [4.0.0] - 2024-02-13
+
+- #83 update to node20 as node16 is deprecated
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -4,6 +4,6 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope

 Resources:

-  [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
-  [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
-  Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
+- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
--- a/README.md
+++ b/README.md
@ -6,9 +6,9 @@ It is a requirement to use [`azure/login`](https://github.com/Azure/login/tree/m

 There are three approaches for specifying the deployment target:

-  Kubeconfig file provided as input to the action
-  Service account approach where the secret associated with the service account is provided as input to the action
-  Service principal approach (only applicable for arc cluster) where service principal provided with 'creds' is used as input to action
+- Kubeconfig file provided as input to the action
+- Service account approach where the secret associated with the service account is provided as input to the action
+- Service principal approach (only applicable for arc cluster) where service principal provided with 'creds' is used as input to action

 In all these approaches it is recommended to store these contents (kubeconfig file content or secret content) in a [secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets/).

@ -19,7 +19,7 @@ Refer to the [action metadata file](./action.yml) for details about inputs. Note
 ### Kubeconfig approach

 ```yaml
- uses: azure/k8s-set-context@v2
+- uses: azure/k8s-set-context@v4
  with:
     method: kubeconfig
     kubeconfig: <your kubeconfig>
@ -50,7 +50,7 @@ Please refer to documentation on fetching [kubeconfig for any generic K8s cluste
 ### Service account approach

 ```yaml
- uses: azure/k8s-set-context@v2
+- uses: azure/k8s-set-context@v4
  with:
     method: service-account
     k8s-url: <URL of the cluster's API server>
@ -74,7 +74,7 @@ kubectl get secret <service-account-secret-name> -n <namespace> -o yaml
 ### Service account approach for arc cluster

 ```yaml
- uses: azure/k8s-set-context@v2
+- uses: azure/k8s-set-context@v4
  with:
     method: service-account
     cluster-type: arc
@ -86,7 +86,7 @@ kubectl get secret <service-account-secret-name> -n <namespace> -o yaml
 ### Service principal approach for arc cluster

 ```yaml
- uses: azure/k8s-set-context@v2
+- uses: azure/k8s-set-context@v4
  with:
     method: service-principal
     cluster-type: arc
--- a/SECURITY.md
+++ b/SECURITY.md
@ -14,13 +14,13 @@ You should receive a response within 24 hours. If for some reason you do not, pl

 Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:

-  Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
-  Full paths of source file(s) related to the manifestation of the issue
-  The location of the affected source code (tag/branch/commit or direct URL)
-  Any special configuration required to reproduce the issue
-  Step-by-step instructions to reproduce the issue
-  Proof-of-concept or exploit code (if possible)
-  Impact of the issue, including how an attacker might exploit the issue
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue

 This information will help us triage your report more quickly.

--- a/action.yml
+++ b/action.yml
@ -13,6 +13,10 @@ inputs:
   kubeconfig:
      description: 'Contents of kubeconfig file'
      required: false
+   kubeconfig-encoding:
+      description: 'Encoding of the kubeconfig input. Accepts "plaintext" (default) or "base64".'
+      required: false
+      default: 'plaintext'
   context:
      description: 'If your kubeconfig has multiple contexts, use this field to use a specific context, otherwise the default one would be chosen'
      required: false
@ -35,5 +39,5 @@ inputs:
 branding:
   color: 'blue'
 runs:
-   using: 'node16'
-   main: 'lib/run.js'
+   using: 'node20'
+   main: 'lib/index.js'
--- a/babel.config.js
+++ b/babel.config.js
@ -0,0 +1,7 @@
+// babel.config.js
+export default {
+   presets: [
+      '@babel/preset-env', // For handling ES modules
+      '@babel/preset-typescript' // For handling TypeScript
+   ]
+}
--- a/jest.config.js
+++ b/jest.config.js
@ -1,4 +1,4 @@
-module.exports = {
+export default {
   restoreMocks: true,
   clearMocks: true,
   resetMocks: true,
@ -6,8 +6,16 @@ module.exports = {
   testEnvironment: 'node',
   testMatch: ['**/*.test.ts'],
   transform: {
-      '^.+\\.ts$': 'ts-jest'
+      '^.+\\.ts$': 'ts-jest', // Use ts-jest for TypeScript files
+      '^.+\\.js$': 'babel-jest' // Transform TypeScript files
   },
+   transformIgnorePatterns: [
+      '/node_modules/(?!@kubernetes/client-node)/' // Make sure to transform the Kubernetes client module
+   ],
+   moduleNameMapper: {
+      '^.+\\.css$': 'jest-transform-stub' // Handle CSS imports (if any)
+   },
+   extensionsToTreatAsEsm: ['.ts', '.tsx'], // Treat TypeScript files as ESM
   verbose: true,
   coverageThreshold: {
      global: {
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -1,14 +1,17 @@
 {
   "name": "k8s-set-context-action",
-   "version": "1.0.0",
+   "version": "4.0.2",
   "private": true,
-   "main": "lib/run.js",
+   "main": "lib/index.js",
+   "type": "module",
   "scripts": {
-      "build": "tsc --outDir ./lib --rootDir ./src",
+      "prebuild": "npm i @vercel/ncc",
+      "build": "ncc build src/run.ts -o lib",
      "test": "jest",
      "test-coverage": "jest --coverage",
      "format": "prettier --write .",
-      "format-check": "prettier --check ."
+      "format-check": "prettier --check .",
+      "prepare": "husky"
   },
   "keywords": [
      "actions",
@ -18,19 +21,24 @@
   "author": "GitHub",
   "license": "MIT",
   "dependencies": {
-      "@actions/core": "^1.2.6",
-      "@actions/exec": "^1.0.0",
-      "@actions/io": "^1.1.2",
-      "@kubernetes/client-node": "^0.16.0",
-      "js-yaml": "^4.1.0"
+      "@actions/core": "^2.0.2",
+      "@actions/exec": "^2.0.0",
+      "@actions/io": "^2.0.0",
+      "@kubernetes/client-node": "^1.4.0",
+      "husky": "^9.1.7",
+      "js-yaml": "^4.1.1"
   },
   "devDependencies": {
-      "@types/jest": "^28.1.2",
-      "@types/js-yaml": "^4.0.4",
-      "@types/node": "^16.0.0",
-      "jest": "^28.1.1",
-      "prettier": "2.7.1",
-      "ts-jest": "^28.0.5",
-      "typescript": "4.7.4"
+      "@babel/preset-env": "^7.28.6",
+      "@babel/preset-typescript": "^7.28.5",
+      "@types/jest": "^30.0.0",
+      "@types/js-yaml": "^4.0.9",
+      "@types/node": "^25.0.9",
+      "@vercel/ncc": "^0.38.4",
+      "babel-jest": "^30.2.0",
+      "jest": "^30.2.0",
+      "prettier": "^3.8.0",
+      "ts-jest": "^29.4.6",
+      "typescript": "^5.9.3"
   }
 }
--- a/src/action.test.ts
+++ b/src/action.test.ts
@ -1,5 +1,5 @@
 import {getRequiredInputError} from '../tests/util'
-import {run} from './run'
+import {run} from './action'
 import fs from 'fs'
 import * as utils from './utils'

--- a/src/action.ts
+++ b/src/action.ts
@ -0,0 +1,33 @@
+import * as core from '@actions/core'
+import * as path from 'path'
+import * as fs from 'fs'
+import {Cluster, parseCluster} from './types/cluster'
+import {setContext, getKubeconfig} from './utils'
+
+/**
+ * Sets the Kubernetes context based on supplied action inputs
+ */
+export async function run() {
+   // get inputs
+   const clusterType: Cluster | undefined = parseCluster(
+      core.getInput('cluster-type', {
+         required: true
+      })
+   )
+   const runnerTempDirectory: string = process.env['RUNNER_TEMP']
+   const kubeconfigPath: string = path.join(
+      runnerTempDirectory,
+      `kubeconfig_${Date.now()}`
+   )
+
+   // get kubeconfig and update context
+   const kubeconfig: string = await getKubeconfig(clusterType)
+   const kubeconfigWithContext: string = setContext(kubeconfig)
+
+   // output kubeconfig
+   core.debug(`Writing kubeconfig contents to ${kubeconfigPath}`)
+   fs.writeFileSync(kubeconfigPath, kubeconfigWithContext)
+   fs.chmodSync(kubeconfigPath, '600')
+   core.debug('Setting KUBECONFIG environment variable')
+   core.exportVariable('KUBECONFIG', kubeconfigPath)
+}
--- a/src/kubeconfigs/azCommands.test.ts
+++ b/src/kubeconfigs/azCommands.test.ts
@ -9,6 +9,6 @@ describe('Az commands', () => {
      jest.spyOn(actions, 'exec').mockImplementation(async () => 0)

      expect(await runAzCliCommand(path, args))
-      expect(actions.exec).toBeCalledWith(path, args, {})
+      expect(actions.exec).toHaveBeenCalledWith(path, args, {})
   })
 })
--- a/src/kubeconfigs/default.test.ts
+++ b/src/kubeconfigs/default.test.ts
@ -1,4 +1,5 @@
 import * as fs from 'fs'
+import * as core from '@actions/core'
 import {getRequiredInputError} from '../../tests/util'
 import {createKubeconfig, getDefaultKubeconfig} from './default'

@ -62,6 +63,47 @@ describe('Default kubeconfig', () => {

         expect(getDefaultKubeconfig()).toBe(kc)
      })
+
+      test('returns kubeconfig as plaintext when encoding is plaintext', () => {
+         const kc = 'example kc'
+         jest.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'method') return 'default'
+            if (name === 'kubeconfig-encoding') return 'plaintext'
+            if (name === 'kubeconfig') return kc
+            return ''
+         })
+         expect(getDefaultKubeconfig()).toBe(kc)
+      })
+
+      test('it gets default config through base64 kubeconfig input', () => {
+         const kc = 'example kc'
+         const base64Kc = Buffer.from(kc, 'utf-8').toString('base64')
+
+         jest.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'method') return 'default'
+            if (name === 'kubeconfig-encoding') return 'base64'
+            if (name === 'kubeconfig') return base64Kc
+            return ''
+         })
+
+         expect(getDefaultKubeconfig()).toBe(kc)
+      })
+
+      test('it throws error for unknown kubeconfig-encoding', () => {
+         const kc = 'example kc'
+         const unknownEncoding = 'foobar'
+
+         jest.spyOn(core, 'getInput').mockImplementation((name: string) => {
+            if (name === 'method') return 'default'
+            if (name === 'kubeconfig-encoding') return unknownEncoding
+            if (name === 'kubeconfig') return kc
+            return ''
+         })
+
+         expect(() => getDefaultKubeconfig()).toThrow(
+            "Invalid kubeconfig-encoding: 'foobar'. Must be 'plaintext' or 'base64'."
+         )
+      })
   })

   test('it defaults to default method', () => {
--- a/src/kubeconfigs/default.ts
+++ b/src/kubeconfigs/default.ts
@ -44,7 +44,27 @@ export function getDefaultKubeconfig(): string {
      }
      default: {
         core.debug('Setting context using kubeconfig')
-         return core.getInput('kubeconfig', {required: true})
+         enum Encoding {
+            Base64 = 'base64',
+            Plaintext = 'plaintext'
+         }
+
+         const rawKubeconfig = core.getInput('kubeconfig', {required: true})
+         const encoding =
+            core.getInput('kubeconfig-encoding')?.toLowerCase() ||
+            Encoding.Plaintext
+
+         if (encoding !== Encoding.Base64 && encoding !== Encoding.Plaintext) {
+            throw new Error(
+               `Invalid kubeconfig-encoding: '${encoding}'. Must be 'plaintext' or 'base64'.`
+            )
+         }
+         const kubeconfig =
+            encoding === Encoding.Base64
+               ? Buffer.from(rawKubeconfig, 'base64').toString('utf-8')
+               : rawKubeconfig
+
+         return kubeconfig
      }
   }
 }
--- a/src/run.ts
+++ b/src/run.ts
@ -1,36 +1,5 @@
+import {run} from './action'
 import * as core from '@actions/core'
-import * as path from 'path'
-import * as fs from 'fs'
-import {Cluster, parseCluster} from './types/cluster'
-import {setContext, getKubeconfig} from './utils'
-
-/**
- * Sets the Kubernetes context based on supplied action inputs
- */
-export async function run() {
-   // get inputs
-   const clusterType: Cluster | undefined = parseCluster(
-      core.getInput('cluster-type', {
-         required: true
-      })
-   )
-   const runnerTempDirectory: string = process.env['RUNNER_TEMP']
-   const kubeconfigPath: string = path.join(
-      runnerTempDirectory,
-      `kubeconfig_${Date.now()}`
-   )
-
-   // get kubeconfig and update context
-   const kubeconfig: string = await getKubeconfig(clusterType)
-   const kubeconfigWithContext: string = setContext(kubeconfig)
-
-   // output kubeconfig
-   core.debug(`Writing kubeconfig contents to ${kubeconfigPath}`)
-   fs.writeFileSync(kubeconfigPath, kubeconfigWithContext)
-   fs.chmodSync(kubeconfigPath, '600')
-   core.debug('Setting KUBECONFIG environment variable')
-   core.exportVariable('KUBECONFIG', kubeconfigPath)
-}

 // Run the application
 run().catch(core.setFailed)
--- a/tsconfig.json
+++ b/tsconfig.json
@ -1,8 +1,15 @@
 {
   "compilerOptions": {
-      "target": "ES6",
-      "module": "commonjs",
-      "esModuleInterop": true
+      "baseUrl": ".",
+      "module": "ESNext", // or "NodeNext" depending on your setup
+      "moduleResolution": "node",
+      "esModuleInterop": true,
+      "allowSyntheticDefaultImports": true,
+      "skipLibCheck": true,
+      "paths": {
+         "@actions/core": ["node_modules/@actions/core"],
+         "@kubernetes/client-node": ["node_modules/@kubernetes/client-node"]
+      }
   },
   "exclude": ["node_modules", "tests", "src/**/*.test.ts"]
 }