Bump github/codeql-action in /.github/workflows in the actions group

Bumps the actions group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.31.0 to 4.31.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4e94bd11f7...0499de31b9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/CODEOWNERS

@@ -1 +1 @@
-* @Azure/aks-atlanta
+* @Azure/cloud-native-github-action-owners

.github/workflows/codeql.yml

@@ -55,11 +55,11 @@ jobs:
             # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
       steps:
          - name: Checkout repository
-           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+           uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
          # Initializes the CodeQL tools for scanning.
          - name: Initialize CodeQL
-           uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+           uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5
            with:
               languages: ${{ matrix.language }}
               build-mode: ${{ matrix.build-mode }}
@@ -86,6 +86,6 @@ jobs:
               echo '  make release'
               exit 1
          - name: Perform CodeQL Analysis
-           uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+           uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5
            with:
               category: '/language:${{matrix.language}}'

.github/workflows/defaultLabels.yml

@@ -8,7 +8,7 @@ jobs:
    label-issues:
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+         - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
            name: Setting issue as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -19,7 +19,7 @@ jobs:
               operations-per-run: 100
               exempt-issue-labels: 'backlog'
 
-         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+         - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
            name: Setting PR as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/integration-tests.yml

@@ -17,7 +17,7 @@ jobs:
          KUBECONFIG: /home/runner/.kube/config
          PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
       steps:
-         - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+         - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
            name: Checkout from PR branch
 
          - id: action-npm-build
@@ -27,9 +27,11 @@ jobs:
               if [[ $PR_BASE_REF != releases/* ]]; then
                 npm install
                 npm run build
+                # remove node_modules to match production environment where only index.js is present
+                rm -rf node_modules 
               fi
 
-         - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+         - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
            name: Install Python
            with:
               python-version: '3.x'

.github/workflows/prettify-code.yml

@@ -10,10 +10,10 @@ jobs:
       runs-on: ubuntu-latest
       steps:
          - name: Checkout Repository
-           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+           uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
          - name: Setup Node.js
-           uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+           uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
            with:
               node-version: 'lts/*'
               cache: 'npm'

.github/workflows/unit-tests.yml

@@ -13,7 +13,7 @@ jobs:
    build: # make sure build/ci works properly
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+         - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
          - name: Build and run L0 tests.
            run: |

.husky/pre-commit

@@ -0,0 +1,9 @@
+set +e
+npm test
+# Run format check
+npm run format-check || {
+  echo ""
+  echo "❌ Formatting check failed."
+  echo "💡 Run 'npm run format' or 'prettier --write .' to fix formatting issues."
+  exit 1
+}

CHANGELOG.md

@@ -1,6 +1,11 @@
 # Changelog
 
-## [v4.0.0] - 2024-01-30
+## [4.0.1] - 2025-06-17
+
+- Remove erronious 'v' prefix on previous changelog for v4.0.0 that led to "vv4.0.0" tag issue
+- Dependabot fixes
+
+## [4.0.0] - 2024-01-30
 
 ### Changed
 

action.yml

@@ -1,5 +1,5 @@
 name: 'Kubectl tool installer'
-description: 'Install a specific version of kubectl binary. Acceptable values are latest or any semantic version string like 1.15.0'
+description: 'Install a specific version of kubectl binary. Acceptable values are latest or any semantic version string like "v1.15.0"'
 inputs:
    version:
       description: 'Version of kubectl'

package.json

@@ -8,7 +8,8 @@
       "test": "jest",
       "test-coverage": "jest --coverage",
       "format": "prettier --write .",
-      "format-check": "prettier --check ."
+      "format-check": "prettier --check .",
+      "prepare": "husky"
    },
    "keywords": [
       "actions",
@@ -24,11 +25,12 @@
    },
    "devDependencies": {
       "@types/jest": "^30.0.0",
-      "@types/node": "^24.0.2",
-      "@vercel/ncc": "^0.38.3",
-      "jest": "^30.0.0",
-      "prettier": "3.5.3",
-      "ts-jest": "^29.4.0",
-      "typescript": "5.8.3"
+      "@types/node": "^24.9.1",
+      "@vercel/ncc": "^0.38.4",
+      "husky": "^9.1.7",
+      "jest": "^30.2.0",
+      "prettier": "3.6.2",
+      "ts-jest": "^29.4.5",
+      "typescript": "5.9.3"
    }
 }

src/helpers.ts

@@ -1,6 +1,8 @@
 import * as os from 'os'
 import * as util from 'util'
-
+import * as fs from 'fs'
+import * as core from '@actions/core'
+import * as toolCache from '@actions/tool-cache'
 export function getKubectlArch(): string {
    const arch = os.arch()
    if (arch === 'x64') {
@@ -23,6 +25,29 @@ export function getkubectlDownloadURL(version: string, arch: string): string {
    }
 }
 
+export async function getLatestPatchVersion(
+   major: string,
+   minor: string
+): Promise<string> {
+   const version = `${major}.${minor}`
+   const sourceURL = `https://cdn.dl.k8s.io/release/stable-${version}.txt`
+   try {
+      const downloadPath = await toolCache.downloadTool(sourceURL)
+      const latestPatch = fs
+         .readFileSync(downloadPath, 'utf8')
+         .toString()
+         .trim()
+      if (!latestPatch) {
+         throw new Error(`No patch version found for ${version}`)
+      }
+      return latestPatch
+   } catch (error) {
+      core.debug(error)
+      core.warning('GetLatestPatchVersionFailed')
+      throw new Error(`Failed to get latest patch version for ${version}`)
+   }
+}
+
 export function getExecutableExtension(): string {
    if (os.type().match(/^Win/)) {
       return '.exe'

src/run.test.ts

@@ -2,7 +2,8 @@ import * as run from './run'
 import {
    getkubectlDownloadURL,
    getKubectlArch,
-   getExecutableExtension
+   getExecutableExtension,
+   getLatestPatchVersion
 } from './helpers'
 import * as os from 'os'
 import * as toolCache from '@actions/tool-cache'
@@ -12,6 +13,9 @@ import * as core from '@actions/core'
 import * as util from 'util'
 
 describe('Testing all functions in run file.', () => {
+   beforeEach(() => {
+      jest.clearAllMocks()
+   })
    test('getExecutableExtension() - return .exe when os is Windows', () => {
       jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
       expect(getExecutableExtension()).toBe('.exe')
@@ -164,6 +168,59 @@ describe('Testing all functions in run file.', () => {
       )
       expect(toolCache.downloadTool).not.toHaveBeenCalled()
    })
+   test('getLatestPatchVersion() - download and return latest patch version', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.27.15')
+
+      const result = await getLatestPatchVersion('1', '27')
+
+      expect(result).toBe('v1.27.15')
+      expect(toolCache.downloadTool).toHaveBeenCalledWith(
+         'https://cdn.dl.k8s.io/release/stable-1.27.txt'
+      )
+   })
+
+   test('getLatestPatchVersion() - throw error when patch version is empty', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('')
+
+      await expect(getLatestPatchVersion('1', '27')).rejects.toThrow(
+         'Failed to get latest patch version for 1.27'
+      )
+   })
+
+   test('getLatestPatchVersion() - throw error when download fails', async () => {
+      jest
+         .spyOn(toolCache, 'downloadTool')
+         .mockRejectedValue(new Error('Network error'))
+
+      await expect(getLatestPatchVersion('1', '27')).rejects.toThrow(
+         'Failed to get latest patch version for 1.27'
+      )
+   })
+   test('resolveKubectlVersion() - expands major.minor to latest patch', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.27.15')
+
+      const result = await run.resolveKubectlVersion('1.27')
+      expect(result).toBe('v1.27.15')
+   })
+
+   test('resolveKubectlVersion() - returns full version unchanged', async () => {
+      const result = await run.resolveKubectlVersion('v1.27.15')
+      expect(result).toBe('v1.27.15')
+   })
+   test('resolveKubectlVersion() - adds v prefix to full version', async () => {
+      const result = await run.resolveKubectlVersion('1.27.15')
+      expect(result).toBe('v1.27.15')
+   })
+   test('resolveKubectlVersion() - expands v-prefixed major.minor to latest patch', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.27.15')
+
+      const result = await run.resolveKubectlVersion('v1.27')
+      expect(result).toBe('v1.27.15')
+   })
    test('run() - download specified version and set output', async () => {
       jest.spyOn(core, 'getInput').mockReturnValue('v1.15.5')
       jest.spyOn(toolCache, 'find').mockReturnValue('pathToCachedTool')
@@ -194,7 +251,7 @@ describe('Testing all functions in run file.', () => {
       jest.spyOn(core, 'setOutput').mockImplementation()
       expect(await run.run()).toBeUndefined()
       expect(toolCache.downloadTool).toHaveBeenCalledWith(
-         'https://storage.googleapis.com/kubernetes-release/release/stable.txt'
+         'https://dl.k8s.io/release/stable.txt'
       )
       expect(core.getInput).toHaveBeenCalledWith('version', {required: true})
       expect(core.addPath).toHaveBeenCalledWith('pathToCachedTool')

src/run.ts

@@ -1,25 +1,25 @@
 import * as path from 'path'
 import * as util from 'util'
 import * as fs from 'fs'
-
 import * as toolCache from '@actions/tool-cache'
 import * as core from '@actions/core'
-
 import {
    getkubectlDownloadURL,
    getKubectlArch,
-   getExecutableExtension
+   getExecutableExtension,
+   getLatestPatchVersion
 } from './helpers'
 
 const kubectlToolName = 'kubectl'
 const stableKubectlVersion = 'v1.15.0'
-const stableVersionUrl =
-   'https://storage.googleapis.com/kubernetes-release/release/stable.txt'
+const stableVersionUrl = 'https://dl.k8s.io/release/stable.txt'
 
 export async function run() {
    let version = core.getInput('version', {required: true})
    if (version.toLocaleLowerCase() === 'latest') {
       version = await getStableKubectlVersion()
+   } else {
+      version = await resolveKubectlVersion(version)
    }
    const cachedPath = await downloadKubectl(version)
 
@@ -89,3 +89,28 @@ export async function downloadKubectl(version: string): Promise<string> {
    fs.chmodSync(kubectlPath, '775')
    return kubectlPath
 }
+
+export async function resolveKubectlVersion(version: string): Promise<string> {
+   const cleanedVersion = version.trim()
+   const versionMatch = cleanedVersion.match(
+      /^v?(?<major>\d+)\.(?<minor>\d+)(?:\.(?<patch>\d+))?$/
+   )
+
+   if (!versionMatch?.groups) {
+      throw new Error(
+         `Invalid version format: "${version}". Version must be in "major.minor" or "major.minor.patch" format (e.g., "1.27" or "v1.27.15").`
+      )
+   }
+
+   const {major, minor, patch} = versionMatch.groups
+
+   if (patch) {
+      // Full version was provided, just ensure it has a 'v' prefix
+      return cleanedVersion.startsWith('v')
+         ? cleanedVersion
+         : `v${cleanedVersion}`
+   }
+
+   // Patch version is missing, fetch the latest
+   return await getLatestPatchVersion(major, minor)
+}

test/validate-kubectl.py

@@ -10,7 +10,7 @@ def get_latest_version():
     time_to_sleep = 2
     for _ in range(10):
         response = requests.get(
-            'https://storage.googleapis.com/kubernetes-release/release/stable.txt')
+            'https://dl.k8s.io/release/stable.txt')
         if response.status_code == 200:
             break
         print('Failed to obtain latest version info, retrying.')

tsconfig.json

@@ -1,7 +1,8 @@
 {
    "compilerOptions": {
-      "target": "ES6",
-      "module": "commonjs"
+      "target": "ES2020",
+      "module": "commonjs",
+      "lib": ["ES2020", "DOM"]
    },
    "exclude": ["node_modules", "test"]
 }