Merge 7a1772df55 into e9a73d0538

docs: add multi-platform build example to README
Signed-off-by: Vedant Madane <vedantnm@gmail.com>
2026-05-10 12:32:07 +00:00 · 2026-05-02 16:23:30 +00:00 · 2026-05-02 16:23:04 +00:00 · 2026-04-24 10:40:24 -07:00 · 2026-04-24 11:26:37 +02:00 · 2026-04-15 14:26:22 -07:00
20 changed files with 6009 additions and 1048 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -4,6 +4,12 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
+    cooldown:
+      default-days: 2
+    groups:
+      crazy-max-dot-github:
+        patterns:
+          - "crazy-max/.github/*"
    labels:
      - "dependencies"
      - "bot"
@ -11,6 +17,10 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
+    cooldown:
+      default-days: 2
+      exclude:
+        - "@docker/actions-toolkit"
    versioning-strategy: "increase"
    allow:
      - dependency-type: "production"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1,5 +1,8 @@
 name: ci

+permissions:
+  contents: read
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
@ -22,7 +25,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Set up QEMU
        id: qemu
@ -45,7 +48,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Set up QEMU
        id: qemu
@ -62,7 +65,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Stop docker
        run: |
@ -92,7 +95,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Set up QEMU
        id: qemu
@ -116,7 +119,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Set up QEMU
        uses: ./
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -0,0 +1,46 @@
+name: codeql
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - 'master'
+      - 'releases/v*'
+  pull_request:
+
+env:
+  NODE_VERSION: "24"
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      -
+        name: Enable corepack
+        run: |
+          corepack enable
+          yarn --version
+      -
+        name: Set up Node
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+      -
+        name: Initialize CodeQL
+        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        with:
+          languages: javascript-typescript
+          build-mode: none
+      -
+        name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        with:
+          category: "/language:javascript-typescript"
--- a/.github/workflows/pr-assign-author.yml
+++ b/.github/workflows/pr-assign-author.yml
@ -4,14 +4,14 @@ permissions:
  contents: read

 on:
-  pull_request_target:
+  pull_request_target: # zizmor: ignore[dangerous-triggers] safe to use without checkout
    types:
      - opened
      - reopened

 jobs:
  run:
-    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@d89fe92d808a15e2b2ed5cdb62db7c172c31410d # v1.6.0
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -1,5 +1,12 @@
 name: publish

+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
  release:
    types:
@ -15,7 +22,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Publish
-        uses: actions/publish-immutable-action@v0.0.4
+        uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -1,5 +1,8 @@
 name: test

+permissions:
+  contents: read
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
@ -17,16 +20,16 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Test
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
        with:
          source: .
          targets: test
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
        with:
          files: ./coverage/clover.xml
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/update-dist.yml
+++ b/.github/workflows/update-dist.yml
@ -1,5 +1,12 @@
 name: update-dist

+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
  pull_request:
    types:
@ -8,27 +15,27 @@ on:

 jobs:
  update-dist:
-    if: github.actor == 'dependabot[bot]'
+    if: github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
    runs-on: ubuntu-latest
    steps:
      -
        name: GitHub auth token from GitHub App
        id: docker-read-app
-        uses: actions/create-github-app-token@v2
+        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
        with:
          app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
          private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
          owner: docker
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          fetch-depth: 0
-          token: ${{ steps.docker-read-app.outputs.token || github.token }}
+          token: ${{ steps.docker-read-app.outputs.token }}
      -
        name: Build
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
        with:
          source: .
          targets: build
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@ -1,5 +1,8 @@
 name: validate

+permissions:
+  contents: read
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
@ -15,15 +18,15 @@ jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
-      targets: ${{ steps.generate.outputs.targets }}
+      matrix: ${{ steps.generate.outputs.matrix }}
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
-        name: List targets
+        name: Generate matrix
        id: generate
-        uses: docker/bake-action/subaction/list-targets@v6
+        uses: docker/bake-action/subaction/matrix@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
        with:
          target: validate

@ -34,10 +37,10 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        target: ${{ fromJson(needs.prepare.outputs.targets) }}
+        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
    steps:
      -
        name: Validate
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
        with:
          targets: ${{ matrix.target }}
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@ -0,0 +1,29 @@
+name: zizmor
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+      - 'releases/v*'
+    tags:
+      - 'v*'
+  pull_request:
+
+jobs:
+  zizmor:
+    uses: crazy-max/.github/.github/workflows/zizmor.yml@d89fe92d808a15e2b2ed5cdb62db7c172c31410d # v1.6.0
+    permissions:
+      contents: read
+      security-events: write
+    with:
+      min-severity: medium
+      min-confidence: medium
+      persona: pedantic
--- a/README.md
+++ b/README.md
@ -48,7 +48,6 @@ jobs:
 >       name: Set up Docker Buildx
 >       uses: docker/setup-buildx-action@v4
 > ```
-
 ### Multi-platform build example

 The following example shows how to use this action to build and push a multi-platform image for `linux/amd64` and `linux/arm64` using [Buildx](https://github.com/docker/buildx):
@ -86,6 +85,7 @@ jobs:
          platforms: linux/amd64,linux/arm64
 ```

+
 ## Customizing

 ### inputs
--- a/action.yml
+++ b/action.yml
@ -26,5 +26,5 @@ outputs:

 runs:
  using: 'node24'
-  main: 'dist/index.js'
-  post: 'dist/index.js'
+  main: 'dist/index.cjs'
+  post: 'dist/index.cjs'
--- a/dist/index.cjs
+++ b/dist/index.cjs
--- a/dist/index.cjs.map
+++ b/dist/index.cjs.map
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/licenses.txt
+++ b/dist/licenses.txt
--- a/dist/package.json
+++ b/dist/package.json
@ -1,3 +0,0 @@
-{
-  "type": "module"
-}
--- a/dist/sourcemap-register.cjs
+++ b/dist/sourcemap-register.cjs
--- a/package.json
+++ b/package.json
@ -4,10 +4,11 @@
  "type": "module",
  "main": "src/main.ts",
  "scripts": {
-    "build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
+    "build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify && yarn run license",
    "lint": "eslint --max-warnings=0 .",
    "format": "eslint --fix .",
-    "test": "vitest run"
+    "test": "vitest run",
+    "license": "generate-license-file --input package.json --output dist/licenses.txt --overwrite --ci --no-spinner --eol lf"
  },
  "repository": {
    "type": "git",
@ -30,12 +31,13 @@
    "@types/node": "^24.11.0",
    "@typescript-eslint/eslint-plugin": "^8.56.1",
    "@typescript-eslint/parser": "^8.56.1",
-    "@vercel/ncc": "^0.38.4",
    "@vitest/coverage-v8": "^4.0.18",
    "@vitest/eslint-plugin": "^1.6.9",
+    "esbuild": "^0.28.0",
    "eslint": "^9.39.3",
    "eslint-config-prettier": "^10.1.8",
    "eslint-plugin-prettier": "^5.5.5",
+    "generate-license-file": "^4.1.1",
    "globals": "^17.3.0",
    "prettier": "^3.8.1",
    "typescript": "^5.9.3",
--- a/yarn.lock
+++ b/yarn.lock
Author	SHA1	Message	Date
Vedant Madane	01fef3f86d	Merge `7a1772df55` into `e9a73d0538`	2026-05-02 16:23:30 +00:00
Vedant Madane	7a1772df55	docs: add multi-platform build example to README Signed-off-by: Vedant Madane <vedantnm@gmail.com>	2026-05-02 16:23:04 +00:00
Tõnis Tiigi	e9a73d0538	Merge pull request #284 from crazy-max/esbuild replace ncc with esbuild for action bundling	2026-04-24 10:40:24 -07:00
CrazyMax	39f273e99b	replace ncc with esbuild for action bundling Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-04-24 11:26:37 +02:00
Tõnis Tiigi	f8607cc714	Merge pull request #278 from crazy-max/fix-zizmor ci(zizmor): update rules	2026-04-15 14:26:22 -07:00
CrazyMax	12ef543ef5	ci(zizmor): update rules Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-04-15 16:02:59 +02:00