Bump @types/node from 24.9.1 to 24.10.0 in the actions group

Bumps the actions group with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `@types/node` from 24.9.1 to 24.10.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.10.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/CODEOWNERS

@@ -1 +1 @@
-* @Azure/aks-atlanta
+* @Azure/cloud-native-github-action-owners

.github/workflows/codeql.yml

@@ -55,11 +55,11 @@ jobs:
             # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
       steps:
          - name: Checkout repository
-           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+           uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
          # Initializes the CodeQL tools for scanning.
          - name: Initialize CodeQL
-           uses: github/codeql-action/init@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6
+           uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5
            with:
               languages: ${{ matrix.language }}
               build-mode: ${{ matrix.build-mode }}
@@ -86,6 +86,6 @@ jobs:
               echo '  make release'
               exit 1
          - name: Perform CodeQL Analysis
-           uses: github/codeql-action/analyze@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6
+           uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5
            with:
               category: '/language:${{matrix.language}}'

.github/workflows/defaultLabels.yml

@@ -8,7 +8,7 @@ jobs:
    label-issues:
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+         - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
            name: Setting issue as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -19,7 +19,7 @@ jobs:
               operations-per-run: 100
               exempt-issue-labels: 'backlog'
 
-         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+         - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
            name: Setting PR as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/integration-tests.yml

@@ -17,7 +17,7 @@ jobs:
          KUBECONFIG: /home/runner/.kube/config
          PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
       steps:
-         - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+         - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
            name: Checkout from PR branch
 
          - id: action-npm-build
@@ -27,9 +27,11 @@ jobs:
               if [[ $PR_BASE_REF != releases/* ]]; then
                 npm install
                 npm run build
+                # remove node_modules to match production environment where only index.js is present
+                rm -rf node_modules 
               fi
 
-         - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+         - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
            name: Install Python
            with:
               python-version: '3.x'

.github/workflows/prettify-code.yml

@@ -10,10 +10,10 @@ jobs:
       runs-on: ubuntu-latest
       steps:
          - name: Checkout Repository
-           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+           uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
          - name: Setup Node.js
-           uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+           uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
            with:
               node-version: 'lts/*'
               cache: 'npm'

.github/workflows/unit-tests.yml

@@ -13,7 +13,7 @@ jobs:
    build: # make sure build/ci works properly
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+         - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
          - name: Build and run L0 tests.
            run: |

.husky/pre-commit

@@ -0,0 +1,9 @@
+set +e
+npm test
+# Run format check
+npm run format-check || {
+  echo ""
+  echo "❌ Formatting check failed."
+  echo "💡 Run 'npm run format' or 'prettier --write .' to fix formatting issues."
+  exit 1
+}

CHANGELOG.md

@@ -1,6 +1,11 @@
 # Changelog
 
-## [v4.0.0] - 2024-01-30
+## [4.0.1] - 2025-06-17
+
+- Remove erronious 'v' prefix on previous changelog for v4.0.0 that led to "vv4.0.0" tag issue
+- Dependabot fixes
+
+## [4.0.0] - 2024-01-30
 
 ### Changed
 

action.yml

@@ -1,5 +1,5 @@
 name: 'Kubectl tool installer'
-description: 'Install a specific version of kubectl binary. Acceptable values are latest or any semantic version string like 1.15.0'
+description: 'Install a specific version of kubectl binary. Acceptable values are latest or any semantic version string like "v1.15.0"'
 inputs:
    version:
       description: 'Version of kubectl'

package.json

@@ -8,7 +8,8 @@
       "test": "jest",
       "test-coverage": "jest --coverage",
       "format": "prettier --write .",
-      "format-check": "prettier --check ."
+      "format-check": "prettier --check .",
+      "prepare": "husky"
    },
    "keywords": [
       "actions",
@@ -23,12 +24,13 @@
       "@actions/tool-cache": "^2.0.2"
    },
    "devDependencies": {
-      "@types/jest": "^29.5.14",
-      "@types/node": "^22.10.10",
-      "@vercel/ncc": "^0.38.3",
-      "jest": "^29.7.0",
-      "prettier": "3.4.2",
-      "ts-jest": "^29.2.5",
-      "typescript": "5.7.3"
+      "@types/jest": "^30.0.0",
+      "@types/node": "^24.10.0",
+      "@vercel/ncc": "^0.38.4",
+      "husky": "^9.1.7",
+      "jest": "^30.2.0",
+      "prettier": "3.6.2",
+      "ts-jest": "^29.4.5",
+      "typescript": "5.9.3"
    }
 }

src/helpers.ts

@@ -1,6 +1,8 @@
 import * as os from 'os'
 import * as util from 'util'
-
+import * as fs from 'fs'
+import * as core from '@actions/core'
+import * as toolCache from '@actions/tool-cache'
 export function getKubectlArch(): string {
    const arch = os.arch()
    if (arch === 'x64') {
@@ -23,6 +25,29 @@ export function getkubectlDownloadURL(version: string, arch: string): string {
    }
 }
 
+export async function getLatestPatchVersion(
+   major: string,
+   minor: string
+): Promise<string> {
+   const version = `${major}.${minor}`
+   const sourceURL = `https://cdn.dl.k8s.io/release/stable-${version}.txt`
+   try {
+      const downloadPath = await toolCache.downloadTool(sourceURL)
+      const latestPatch = fs
+         .readFileSync(downloadPath, 'utf8')
+         .toString()
+         .trim()
+      if (!latestPatch) {
+         throw new Error(`No patch version found for ${version}`)
+      }
+      return latestPatch
+   } catch (error) {
+      core.debug(error)
+      core.warning('GetLatestPatchVersionFailed')
+      throw new Error(`Failed to get latest patch version for ${version}`)
+   }
+}
+
 export function getExecutableExtension(): string {
    if (os.type().match(/^Win/)) {
       return '.exe'

src/run.test.ts

@@ -2,7 +2,8 @@ import * as run from './run'
 import {
    getkubectlDownloadURL,
    getKubectlArch,
-   getExecutableExtension
+   getExecutableExtension,
+   getLatestPatchVersion
 } from './helpers'
 import * as os from 'os'
 import * as toolCache from '@actions/tool-cache'
@@ -12,15 +13,18 @@ import * as core from '@actions/core'
 import * as util from 'util'
 
 describe('Testing all functions in run file.', () => {
+   beforeEach(() => {
+      jest.clearAllMocks()
+   })
    test('getExecutableExtension() - return .exe when os is Windows', () => {
       jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
       expect(getExecutableExtension()).toBe('.exe')
-      expect(os.type).toBeCalled()
+      expect(os.type).toHaveBeenCalled()
    })
    test('getExecutableExtension() - return empty string for non-windows OS', () => {
       jest.spyOn(os, 'type').mockReturnValue('Darwin')
       expect(getExecutableExtension()).toBe('')
-      expect(os.type).toBeCalled()
+      expect(os.type).toHaveBeenCalled()
    })
    test.each([
       ['arm', 'arm'],
@@ -29,9 +33,9 @@ describe('Testing all functions in run file.', () => {
    ])(
       'getKubectlArch() - return on %s os arch %s kubectl arch',
       (osArch, kubectlArch) => {
-         jest.spyOn(os, 'arch').mockReturnValue(osArch)
+         jest.spyOn(os, 'arch').mockReturnValue(osArch as NodeJS.Architecture)
          expect(getKubectlArch()).toBe(kubectlArch)
-         expect(os.arch).toBeCalled()
+         expect(os.arch).toHaveBeenCalled()
       }
    )
    test.each([['arm'], ['arm64'], ['amd64']])(
@@ -43,7 +47,7 @@ describe('Testing all functions in run file.', () => {
             arch
          )
          expect(getkubectlDownloadURL('v1.15.0', arch)).toBe(kubectlLinuxUrl)
-         expect(os.type).toBeCalled()
+         expect(os.type).toHaveBeenCalled()
       }
    )
    test.each([['arm'], ['arm64'], ['amd64']])(
@@ -55,7 +59,7 @@ describe('Testing all functions in run file.', () => {
             arch
          )
          expect(getkubectlDownloadURL('v1.15.0', arch)).toBe(kubectlDarwinUrl)
-         expect(os.type).toBeCalled()
+         expect(os.type).toHaveBeenCalled()
       }
    )
    test.each([['arm'], ['arm64'], ['amd64']])(
@@ -67,7 +71,7 @@ describe('Testing all functions in run file.', () => {
             arch
          )
          expect(getkubectlDownloadURL('v1.15.0', arch)).toBe(kubectlWindowsUrl)
-         expect(os.type).toBeCalled()
+         expect(os.type).toHaveBeenCalled()
       }
    )
    test('getStableKubectlVersion() - download stable version file, read version and return it', async () => {
@@ -76,7 +80,7 @@ describe('Testing all functions in run file.', () => {
          .mockReturnValue(Promise.resolve('pathToTool'))
       jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.20.4')
       expect(await run.getStableKubectlVersion()).toBe('v1.20.4')
-      expect(toolCache.downloadTool).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
       expect(fs.readFileSync).toHaveBeenCalledWith('pathToTool', 'utf8')
    })
    test('getStableKubectlVersion() - return default v1.15.0 if version read is empty', async () => {
@@ -85,7 +89,7 @@ describe('Testing all functions in run file.', () => {
          .mockReturnValue(Promise.resolve('pathToTool'))
       jest.spyOn(fs, 'readFileSync').mockReturnValue('')
       expect(await run.getStableKubectlVersion()).toBe('v1.15.0')
-      expect(toolCache.downloadTool).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
       expect(fs.readFileSync).toHaveBeenCalledWith('pathToTool', 'utf8')
    })
    test('getStableKubectlVersion() - return default v1.15.0 if unable to download file', async () => {
@@ -93,7 +97,7 @@ describe('Testing all functions in run file.', () => {
          .spyOn(toolCache, 'downloadTool')
          .mockRejectedValue('Unable to download.')
       expect(await run.getStableKubectlVersion()).toBe('v1.15.0')
-      expect(toolCache.downloadTool).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
    })
    test('downloadKubectl() - download kubectl, add it to toolCache and return path to it', async () => {
       jest.spyOn(toolCache, 'find').mockReturnValue('')
@@ -109,9 +113,9 @@ describe('Testing all functions in run file.', () => {
          path.join('pathToCachedTool', 'kubectl.exe')
       )
       expect(toolCache.find).toHaveBeenCalledWith('kubectl', 'v1.15.0')
-      expect(toolCache.downloadTool).toBeCalled()
-      expect(toolCache.cacheFile).toBeCalled()
-      expect(os.type).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
+      expect(toolCache.cacheFile).toHaveBeenCalled()
+      expect(os.type).toHaveBeenCalled()
       expect(fs.chmodSync).toHaveBeenCalledWith(
          path.join('pathToCachedTool', 'kubectl.exe'),
          '775'
@@ -126,12 +130,12 @@ describe('Testing all functions in run file.', () => {
          'DownloadKubectlFailed'
       )
       expect(toolCache.find).toHaveBeenCalledWith('kubectl', 'v1.15.0')
-      expect(toolCache.downloadTool).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
    })
    test('downloadKubectl() - throw kubectl not found error when receive 404 response', async () => {
       const kubectlVersion = 'v1.15.0'
       const arch = 'arm128'
-      jest.spyOn(os, 'arch').mockReturnValue(arch)
+      jest.spyOn(os, 'arch').mockReturnValue(arch as any)
       jest.spyOn(toolCache, 'find').mockReturnValue('')
       jest.spyOn(toolCache, 'downloadTool').mockImplementation((_) => {
          throw new toolCache.HTTPError(404)
@@ -143,9 +147,9 @@ describe('Testing all functions in run file.', () => {
             arch
          )
       )
-      expect(os.arch).toBeCalled()
+      expect(os.arch).toHaveBeenCalled()
       expect(toolCache.find).toHaveBeenCalledWith('kubectl', kubectlVersion)
-      expect(toolCache.downloadTool).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
    })
    test('downloadKubectl() - return path to existing cache of kubectl', async () => {
       jest.spyOn(core, 'getInput').mockImplementation(() => 'v1.15.5')
@@ -157,12 +161,65 @@ describe('Testing all functions in run file.', () => {
          path.join('pathToCachedTool', 'kubectl.exe')
       )
       expect(toolCache.find).toHaveBeenCalledWith('kubectl', 'v1.15.0')
-      expect(os.type).toBeCalled()
+      expect(os.type).toHaveBeenCalled()
       expect(fs.chmodSync).toHaveBeenCalledWith(
          path.join('pathToCachedTool', 'kubectl.exe'),
          '775'
       )
-      expect(toolCache.downloadTool).not.toBeCalled()
+      expect(toolCache.downloadTool).not.toHaveBeenCalled()
+   })
+   test('getLatestPatchVersion() - download and return latest patch version', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.27.15')
+
+      const result = await getLatestPatchVersion('1', '27')
+
+      expect(result).toBe('v1.27.15')
+      expect(toolCache.downloadTool).toHaveBeenCalledWith(
+         'https://cdn.dl.k8s.io/release/stable-1.27.txt'
+      )
+   })
+
+   test('getLatestPatchVersion() - throw error when patch version is empty', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('')
+
+      await expect(getLatestPatchVersion('1', '27')).rejects.toThrow(
+         'Failed to get latest patch version for 1.27'
+      )
+   })
+
+   test('getLatestPatchVersion() - throw error when download fails', async () => {
+      jest
+         .spyOn(toolCache, 'downloadTool')
+         .mockRejectedValue(new Error('Network error'))
+
+      await expect(getLatestPatchVersion('1', '27')).rejects.toThrow(
+         'Failed to get latest patch version for 1.27'
+      )
+   })
+   test('resolveKubectlVersion() - expands major.minor to latest patch', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.27.15')
+
+      const result = await run.resolveKubectlVersion('1.27')
+      expect(result).toBe('v1.27.15')
+   })
+
+   test('resolveKubectlVersion() - returns full version unchanged', async () => {
+      const result = await run.resolveKubectlVersion('v1.27.15')
+      expect(result).toBe('v1.27.15')
+   })
+   test('resolveKubectlVersion() - adds v prefix to full version', async () => {
+      const result = await run.resolveKubectlVersion('1.27.15')
+      expect(result).toBe('v1.27.15')
+   })
+   test('resolveKubectlVersion() - expands v-prefixed major.minor to latest patch', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.27.15')
+
+      const result = await run.resolveKubectlVersion('v1.27')
+      expect(result).toBe('v1.27.15')
    })
    test('run() - download specified version and set output', async () => {
       jest.spyOn(core, 'getInput').mockReturnValue('v1.15.5')
@@ -194,7 +251,7 @@ describe('Testing all functions in run file.', () => {
       jest.spyOn(core, 'setOutput').mockImplementation()
       expect(await run.run()).toBeUndefined()
       expect(toolCache.downloadTool).toHaveBeenCalledWith(
-         'https://storage.googleapis.com/kubernetes-release/release/stable.txt'
+         'https://dl.k8s.io/release/stable.txt'
       )
       expect(core.getInput).toHaveBeenCalledWith('version', {required: true})
       expect(core.addPath).toHaveBeenCalledWith('pathToCachedTool')

src/run.ts

@@ -1,25 +1,25 @@
 import * as path from 'path'
 import * as util from 'util'
 import * as fs from 'fs'
-
 import * as toolCache from '@actions/tool-cache'
 import * as core from '@actions/core'
-
 import {
    getkubectlDownloadURL,
    getKubectlArch,
-   getExecutableExtension
+   getExecutableExtension,
+   getLatestPatchVersion
 } from './helpers'
 
 const kubectlToolName = 'kubectl'
 const stableKubectlVersion = 'v1.15.0'
-const stableVersionUrl =
-   'https://storage.googleapis.com/kubernetes-release/release/stable.txt'
+const stableVersionUrl = 'https://dl.k8s.io/release/stable.txt'
 
 export async function run() {
    let version = core.getInput('version', {required: true})
    if (version.toLocaleLowerCase() === 'latest') {
       version = await getStableKubectlVersion()
+   } else {
+      version = await resolveKubectlVersion(version)
    }
    const cachedPath = await downloadKubectl(version)
 
@@ -89,3 +89,28 @@ export async function downloadKubectl(version: string): Promise<string> {
    fs.chmodSync(kubectlPath, '775')
    return kubectlPath
 }
+
+export async function resolveKubectlVersion(version: string): Promise<string> {
+   const cleanedVersion = version.trim()
+   const versionMatch = cleanedVersion.match(
+      /^v?(?<major>\d+)\.(?<minor>\d+)(?:\.(?<patch>\d+))?$/
+   )
+
+   if (!versionMatch?.groups) {
+      throw new Error(
+         `Invalid version format: "${version}". Version must be in "major.minor" or "major.minor.patch" format (e.g., "1.27" or "v1.27.15").`
+      )
+   }
+
+   const {major, minor, patch} = versionMatch.groups
+
+   if (patch) {
+      // Full version was provided, just ensure it has a 'v' prefix
+      return cleanedVersion.startsWith('v')
+         ? cleanedVersion
+         : `v${cleanedVersion}`
+   }
+
+   // Patch version is missing, fetch the latest
+   return await getLatestPatchVersion(major, minor)
+}

test/validate-kubectl.py

@@ -10,7 +10,7 @@ def get_latest_version():
     time_to_sleep = 2
     for _ in range(10):
         response = requests.get(
-            'https://storage.googleapis.com/kubernetes-release/release/stable.txt')
+            'https://dl.k8s.io/release/stable.txt')
         if response.status_code == 200:
             break
         print('Failed to obtain latest version info, retrying.')

tsconfig.json

@@ -1,7 +1,8 @@
 {
    "compilerOptions": {
-      "target": "ES6",
-      "module": "commonjs"
+      "target": "ES2020",
+      "module": "commonjs",
+      "lib": ["ES2020", "DOM"]
    },
    "exclude": ["node_modules", "test"]
 }