Update CODEOWNERS

Bumps the actions group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.29.2 to 3.29.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](181d5eefc2...d6bbdef45e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/CODEOWNERS

@@ -1 +1 @@
-* @Azure/aks-atlanta
+* @Azure/cloud-native-github-action-owners

.github/workflows/codeql.yml

@@ -59,7 +59,7 @@ jobs:
 
          # Initializes the CodeQL tools for scanning.
          - name: Initialize CodeQL
-           uses: github/codeql-action/init@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6
+           uses: github/codeql-action/init@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
            with:
               languages: ${{ matrix.language }}
               build-mode: ${{ matrix.build-mode }}
@@ -86,6 +86,6 @@ jobs:
               echo '  make release'
               exit 1
          - name: Perform CodeQL Analysis
-           uses: github/codeql-action/analyze@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6
+           uses: github/codeql-action/analyze@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
            with:
               category: '/language:${{matrix.language}}'

.github/workflows/integration-tests.yml

@@ -27,9 +27,11 @@ jobs:
               if [[ $PR_BASE_REF != releases/* ]]; then
                 npm install
                 npm run build
+                # remove node_modules to match production environment where only index.js is present
+                rm -rf node_modules 
               fi
 
-         - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+         - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
            name: Install Python
            with:
               python-version: '3.x'

.github/workflows/prettify-code.yml

@@ -13,7 +13,7 @@ jobs:
            uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
          - name: Setup Node.js
-           uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+           uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
            with:
               node-version: 'lts/*'
               cache: 'npm'

.husky/pre-commit

@@ -0,0 +1,9 @@
+set +e
+npm test
+# Run format check
+npm run format-check || {
+  echo ""
+  echo "❌ Formatting check failed."
+  echo "💡 Run 'npm run format' or 'prettier --write .' to fix formatting issues."
+  exit 1
+}

CHANGELOG.md

@@ -1,6 +1,11 @@
 # Changelog
 
-## [v4.0.0] - 2024-01-30
+## [4.0.1] - 2025-06-17
+
+- Remove erronious 'v' prefix on previous changelog for v4.0.0 that led to "vv4.0.0" tag issue
+- Dependabot fixes
+
+## [4.0.0] - 2024-01-30
 
 ### Changed
 

package.json

@@ -8,7 +8,8 @@
       "test": "jest",
       "test-coverage": "jest --coverage",
       "format": "prettier --write .",
-      "format-check": "prettier --check ."
+      "format-check": "prettier --check .",
+      "prepare": "husky"
    },
    "keywords": [
       "actions",
@@ -23,12 +24,13 @@
       "@actions/tool-cache": "^2.0.2"
    },
    "devDependencies": {
-      "@types/jest": "^29.5.14",
-      "@types/node": "^22.10.10",
+      "@types/jest": "^30.0.0",
+      "@types/node": "^24.0.13",
       "@vercel/ncc": "^0.38.3",
-      "jest": "^29.7.0",
-      "prettier": "3.4.2",
-      "ts-jest": "^29.2.5",
-      "typescript": "5.7.3"
+      "husky": "^9.1.7",
+      "jest": "^30.0.4",
+      "prettier": "3.6.2",
+      "ts-jest": "^29.4.0",
+      "typescript": "5.8.3"
    }
 }

src/helpers.ts

@@ -1,6 +1,8 @@
 import * as os from 'os'
 import * as util from 'util'
-
+import * as fs from 'fs'
+import * as core from '@actions/core'
+import * as toolCache from '@actions/tool-cache'
 export function getKubectlArch(): string {
    const arch = os.arch()
    if (arch === 'x64') {
@@ -23,6 +25,29 @@ export function getkubectlDownloadURL(version: string, arch: string): string {
    }
 }
 
+export async function getLatestPatchVersion(
+   major: string,
+   minor: string
+): Promise<string> {
+   const version = `${major}.${minor}`
+   const sourceURL = `https://cdn.dl.k8s.io/release/stable-${version}.txt`
+   try {
+      const downloadPath = await toolCache.downloadTool(sourceURL)
+      const latestPatch = fs
+         .readFileSync(downloadPath, 'utf8')
+         .toString()
+         .trim()
+      if (!latestPatch) {
+         throw new Error(`No patch version found for ${version}`)
+      }
+      return latestPatch
+   } catch (error) {
+      core.debug(error)
+      core.warning('GetLatestPatchVersionFailed')
+      throw new Error(`Failed to get latest patch version for ${version}`)
+   }
+}
+
 export function getExecutableExtension(): string {
    if (os.type().match(/^Win/)) {
       return '.exe'

src/run.test.ts

@@ -2,7 +2,8 @@ import * as run from './run'
 import {
    getkubectlDownloadURL,
    getKubectlArch,
-   getExecutableExtension
+   getExecutableExtension,
+   getLatestPatchVersion
 } from './helpers'
 import * as os from 'os'
 import * as toolCache from '@actions/tool-cache'
@@ -12,15 +13,18 @@ import * as core from '@actions/core'
 import * as util from 'util'
 
 describe('Testing all functions in run file.', () => {
+   beforeEach(() => {
+      jest.clearAllMocks()
+   })
    test('getExecutableExtension() - return .exe when os is Windows', () => {
       jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
       expect(getExecutableExtension()).toBe('.exe')
-      expect(os.type).toBeCalled()
+      expect(os.type).toHaveBeenCalled()
    })
    test('getExecutableExtension() - return empty string for non-windows OS', () => {
       jest.spyOn(os, 'type').mockReturnValue('Darwin')
       expect(getExecutableExtension()).toBe('')
-      expect(os.type).toBeCalled()
+      expect(os.type).toHaveBeenCalled()
    })
    test.each([
       ['arm', 'arm'],
@@ -29,9 +33,9 @@ describe('Testing all functions in run file.', () => {
    ])(
       'getKubectlArch() - return on %s os arch %s kubectl arch',
       (osArch, kubectlArch) => {
-         jest.spyOn(os, 'arch').mockReturnValue(osArch)
+         jest.spyOn(os, 'arch').mockReturnValue(osArch as NodeJS.Architecture)
          expect(getKubectlArch()).toBe(kubectlArch)
-         expect(os.arch).toBeCalled()
+         expect(os.arch).toHaveBeenCalled()
       }
    )
    test.each([['arm'], ['arm64'], ['amd64']])(
@@ -43,7 +47,7 @@ describe('Testing all functions in run file.', () => {
             arch
          )
          expect(getkubectlDownloadURL('v1.15.0', arch)).toBe(kubectlLinuxUrl)
-         expect(os.type).toBeCalled()
+         expect(os.type).toHaveBeenCalled()
       }
    )
    test.each([['arm'], ['arm64'], ['amd64']])(
@@ -55,7 +59,7 @@ describe('Testing all functions in run file.', () => {
             arch
          )
          expect(getkubectlDownloadURL('v1.15.0', arch)).toBe(kubectlDarwinUrl)
-         expect(os.type).toBeCalled()
+         expect(os.type).toHaveBeenCalled()
       }
    )
    test.each([['arm'], ['arm64'], ['amd64']])(
@@ -67,7 +71,7 @@ describe('Testing all functions in run file.', () => {
             arch
          )
          expect(getkubectlDownloadURL('v1.15.0', arch)).toBe(kubectlWindowsUrl)
-         expect(os.type).toBeCalled()
+         expect(os.type).toHaveBeenCalled()
       }
    )
    test('getStableKubectlVersion() - download stable version file, read version and return it', async () => {
@@ -76,7 +80,7 @@ describe('Testing all functions in run file.', () => {
          .mockReturnValue(Promise.resolve('pathToTool'))
       jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.20.4')
       expect(await run.getStableKubectlVersion()).toBe('v1.20.4')
-      expect(toolCache.downloadTool).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
       expect(fs.readFileSync).toHaveBeenCalledWith('pathToTool', 'utf8')
    })
    test('getStableKubectlVersion() - return default v1.15.0 if version read is empty', async () => {
@@ -85,7 +89,7 @@ describe('Testing all functions in run file.', () => {
          .mockReturnValue(Promise.resolve('pathToTool'))
       jest.spyOn(fs, 'readFileSync').mockReturnValue('')
       expect(await run.getStableKubectlVersion()).toBe('v1.15.0')
-      expect(toolCache.downloadTool).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
       expect(fs.readFileSync).toHaveBeenCalledWith('pathToTool', 'utf8')
    })
    test('getStableKubectlVersion() - return default v1.15.0 if unable to download file', async () => {
@@ -93,7 +97,7 @@ describe('Testing all functions in run file.', () => {
          .spyOn(toolCache, 'downloadTool')
          .mockRejectedValue('Unable to download.')
       expect(await run.getStableKubectlVersion()).toBe('v1.15.0')
-      expect(toolCache.downloadTool).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
    })
    test('downloadKubectl() - download kubectl, add it to toolCache and return path to it', async () => {
       jest.spyOn(toolCache, 'find').mockReturnValue('')
@@ -109,9 +113,9 @@ describe('Testing all functions in run file.', () => {
          path.join('pathToCachedTool', 'kubectl.exe')
       )
       expect(toolCache.find).toHaveBeenCalledWith('kubectl', 'v1.15.0')
-      expect(toolCache.downloadTool).toBeCalled()
-      expect(toolCache.cacheFile).toBeCalled()
-      expect(os.type).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
+      expect(toolCache.cacheFile).toHaveBeenCalled()
+      expect(os.type).toHaveBeenCalled()
       expect(fs.chmodSync).toHaveBeenCalledWith(
          path.join('pathToCachedTool', 'kubectl.exe'),
          '775'
@@ -126,12 +130,12 @@ describe('Testing all functions in run file.', () => {
          'DownloadKubectlFailed'
       )
       expect(toolCache.find).toHaveBeenCalledWith('kubectl', 'v1.15.0')
-      expect(toolCache.downloadTool).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
    })
    test('downloadKubectl() - throw kubectl not found error when receive 404 response', async () => {
       const kubectlVersion = 'v1.15.0'
       const arch = 'arm128'
-      jest.spyOn(os, 'arch').mockReturnValue(arch)
+      jest.spyOn(os, 'arch').mockReturnValue(arch as any)
       jest.spyOn(toolCache, 'find').mockReturnValue('')
       jest.spyOn(toolCache, 'downloadTool').mockImplementation((_) => {
          throw new toolCache.HTTPError(404)
@@ -143,9 +147,9 @@ describe('Testing all functions in run file.', () => {
             arch
          )
       )
-      expect(os.arch).toBeCalled()
+      expect(os.arch).toHaveBeenCalled()
       expect(toolCache.find).toHaveBeenCalledWith('kubectl', kubectlVersion)
-      expect(toolCache.downloadTool).toBeCalled()
+      expect(toolCache.downloadTool).toHaveBeenCalled()
    })
    test('downloadKubectl() - return path to existing cache of kubectl', async () => {
       jest.spyOn(core, 'getInput').mockImplementation(() => 'v1.15.5')
@@ -157,12 +161,65 @@ describe('Testing all functions in run file.', () => {
          path.join('pathToCachedTool', 'kubectl.exe')
       )
       expect(toolCache.find).toHaveBeenCalledWith('kubectl', 'v1.15.0')
-      expect(os.type).toBeCalled()
+      expect(os.type).toHaveBeenCalled()
       expect(fs.chmodSync).toHaveBeenCalledWith(
          path.join('pathToCachedTool', 'kubectl.exe'),
          '775'
       )
-      expect(toolCache.downloadTool).not.toBeCalled()
+      expect(toolCache.downloadTool).not.toHaveBeenCalled()
+   })
+   test('getLatestPatchVersion() - download and return latest patch version', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.27.15')
+
+      const result = await getLatestPatchVersion('1', '27')
+
+      expect(result).toBe('v1.27.15')
+      expect(toolCache.downloadTool).toHaveBeenCalledWith(
+         'https://cdn.dl.k8s.io/release/stable-1.27.txt'
+      )
+   })
+
+   test('getLatestPatchVersion() - throw error when patch version is empty', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('')
+
+      await expect(getLatestPatchVersion('1', '27')).rejects.toThrow(
+         'Failed to get latest patch version for 1.27'
+      )
+   })
+
+   test('getLatestPatchVersion() - throw error when download fails', async () => {
+      jest
+         .spyOn(toolCache, 'downloadTool')
+         .mockRejectedValue(new Error('Network error'))
+
+      await expect(getLatestPatchVersion('1', '27')).rejects.toThrow(
+         'Failed to get latest patch version for 1.27'
+      )
+   })
+   test('resolveKubectlVersion() - expands major.minor to latest patch', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.27.15')
+
+      const result = await run.resolveKubectlVersion('1.27')
+      expect(result).toBe('v1.27.15')
+   })
+
+   test('resolveKubectlVersion() - returns full version unchanged', async () => {
+      const result = await run.resolveKubectlVersion('v1.27.15')
+      expect(result).toBe('v1.27.15')
+   })
+   test('resolveKubectlVersion() - adds v prefix to full version', async () => {
+      const result = await run.resolveKubectlVersion('1.27.15')
+      expect(result).toBe('v1.27.15')
+   })
+   test('resolveKubectlVersion() - expands v-prefixed major.minor to latest patch', async () => {
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(fs, 'readFileSync').mockReturnValue('v1.27.15')
+
+      const result = await run.resolveKubectlVersion('v1.27')
+      expect(result).toBe('v1.27.15')
    })
    test('run() - download specified version and set output', async () => {
       jest.spyOn(core, 'getInput').mockReturnValue('v1.15.5')

src/run.ts

@@ -1,14 +1,13 @@
 import * as path from 'path'
 import * as util from 'util'
 import * as fs from 'fs'
-
 import * as toolCache from '@actions/tool-cache'
 import * as core from '@actions/core'
-
 import {
    getkubectlDownloadURL,
    getKubectlArch,
-   getExecutableExtension
+   getExecutableExtension,
+   getLatestPatchVersion
 } from './helpers'
 
 const kubectlToolName = 'kubectl'
@@ -20,6 +19,8 @@ export async function run() {
    let version = core.getInput('version', {required: true})
    if (version.toLocaleLowerCase() === 'latest') {
       version = await getStableKubectlVersion()
+   } else {
+      version = await resolveKubectlVersion(version)
    }
    const cachedPath = await downloadKubectl(version)
 
@@ -89,3 +90,28 @@ export async function downloadKubectl(version: string): Promise<string> {
    fs.chmodSync(kubectlPath, '775')
    return kubectlPath
 }
+
+export async function resolveKubectlVersion(version: string): Promise<string> {
+   const cleanedVersion = version.trim()
+   const versionMatch = cleanedVersion.match(
+      /^v?(?<major>\d+)\.(?<minor>\d+)(?:\.(?<patch>\d+))?$/
+   )
+
+   if (!versionMatch?.groups) {
+      throw new Error(
+         `Invalid version format: "${version}". Version must be in "major.minor" or "major.minor.patch" format (e.g., "1.27" or "v1.27.15").`
+      )
+   }
+
+   const {major, minor, patch} = versionMatch.groups
+
+   if (patch) {
+      // Full version was provided, just ensure it has a 'v' prefix
+      return cleanedVersion.startsWith('v')
+         ? cleanedVersion
+         : `v${cleanedVersion}`
+   }
+
+   // Patch version is missing, fetch the latest
+   return await getLatestPatchVersion(major, minor)
+}

tsconfig.json

@@ -1,7 +1,8 @@
 {
    "compilerOptions": {
-      "target": "ES6",
-      "module": "commonjs"
+      "target": "ES2020",
+      "module": "commonjs",
+      "lib": ["ES2020", "DOM"]
    },
    "exclude": ["node_modules", "test"]
 }