documentation for scope input

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

.eslintignore

@@ -0,0 +1,3 @@
+/dist/**
+/coverage/**
+/node_modules/**

.eslintrc.json

@@ -0,0 +1,24 @@
+{
+  "env": {
+    "node": true,
+    "es6": true,
+    "jest": true
+  },
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/eslint-recommended",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:jest/recommended",
+    "plugin:prettier/recommended"
+  ],
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaVersion": "latest",
+    "sourceType": "module"
+  },
+  "plugins": [
+    "@typescript-eslint",
+    "jest",
+    "prettier"
+  ]
+}

.github/dependabot.yml

@@ -4,12 +4,6 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-    cooldown:
-      default-days: 2
-    groups:
-      crazy-max-dot-github:
-        patterns:
-          - "crazy-max/.github/*"
     labels:
       - "dependencies"
       - "bot"
@@ -17,10 +11,6 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-    cooldown:
-      default-days: 2
-      exclude:
-        - "@docker/actions-toolkit"
     versioning-strategy: "increase"
     groups:
       aws-sdk-dependencies:

.github/workflows/ci.yml

@@ -1,8 +1,5 @@
 name: ci
 
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -22,7 +19,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Stop docker
         run: |
@@ -46,7 +43,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -63,7 +60,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -73,7 +70,7 @@ jobs:
           password: ${{ secrets.GHCR_PAT }}
       -
         name: DinD
-        uses: docker://docker:29.3@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
+        uses: docker://docker
         with:
           entrypoint: docker
           args: pull ghcr.io/docker-ghactiontest/test
@@ -88,7 +85,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to ACR
         uses: ./
@@ -108,7 +105,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Docker Hub
         uses: ./
@@ -127,7 +124,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to ECR
         uses: ./
@@ -147,10 +144,10 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -172,7 +169,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Public ECR
         continue-on-error: ${{ matrix.os == 'windows-latest' }}
@@ -195,10 +192,10 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -221,7 +218,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -241,7 +238,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitLab
         uses: ./
@@ -261,7 +258,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Google Artifact Registry
         uses: ./
@@ -281,7 +278,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Google Container Registry
         uses: ./
@@ -295,7 +292,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to registries
         uses: ./
@@ -318,7 +315,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to registries
         uses: ./
@@ -339,7 +336,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to registries
         id: login
@@ -371,7 +368,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Docker Hub
         uses: ./
@@ -401,7 +398,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Docker Hub
         uses: ./
@@ -431,7 +428,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -462,7 +459,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitHub Container Registry
         uses: ./

.github/workflows/codeql.yml

@@ -1,46 +1,50 @@
 name: codeql
 
-permissions:
-  contents: read
-
 on:
   push:
     branches:
       - 'master'
       - 'releases/v*'
+    paths:
+      - '.github/workflows/codeql.yml'
+      - 'dist/**'
+      - 'src/**'
   pull_request:
+    paths:
+      - '.github/workflows/codeql.yml'
+      - 'dist/**'
+      - 'src/**'
 
-env:
-  NODE_VERSION: "24"
+permissions:
+  actions: read
+  contents: read
+  security-events: write
 
 jobs:
   analyze:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - javascript-typescript
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      -
-        name: Enable corepack
-        run: |
-          corepack enable
-          yarn --version
-      -
-        name: Set up Node
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
-        with:
-          node-version: ${{ env.NODE_VERSION }}
+        uses: actions/checkout@v6
       -
         name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
+        uses: github/codeql-action/init@v4
         with:
-          languages: javascript-typescript
-          build-mode: none
+          languages: ${{ matrix.language }}
+          config: |
+            paths:
+              - src
+      -
+        name: Autobuild
+        uses: github/codeql-action/autobuild@v4
       -
         name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
+        uses: github/codeql-action/analyze@v4
         with:
-          category: "/language:javascript-typescript"
+          category: "/language:${{matrix.language}}"

.github/workflows/pr-assign-author.yml

@@ -4,14 +4,14 @@ permissions:
   contents: read
 
 on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers] safe to use without checkout
+  pull_request_target:
     types:
       - opened
       - reopened
 
 jobs:
   run:
-    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@4a17dbaa9ce13920fc5bb8824eb89c16301e5ab2 # v1.7.0
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
     permissions:
       contents: read
       pull-requests: write

.github/workflows/publish.yml

@@ -1,12 +1,5 @@
 name: publish
 
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
 on:
   release:
     types:
@@ -22,7 +15,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Publish
-        uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4
+        uses: actions/publish-immutable-action@v0.0.4

.github/workflows/test.yml

@@ -1,8 +1,5 @@
 name: test
 
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -20,16 +17,16 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Test
-        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
+        uses: docker/bake-action@v6
         with:
           source: .
           targets: test
       -
         name: Upload coverage
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
+        uses: codecov/codecov-action@v5
         with:
           files: ./coverage/clover.xml
           token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/update-dist.yml

@@ -1,56 +0,0 @@
-name: update-dist
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-
-jobs:
-  update-dist:
-    if: github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: GitHub auth token from GitHub App
-        id: docker-read-app
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
-        with:
-          app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
-          private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
-          owner: docker
-      -
-        name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          ref: ${{ github.event.pull_request.head.ref }}
-          fetch-depth: 0
-          token: ${{ steps.docker-read-app.outputs.token }}
-      -
-        name: Build
-        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
-        with:
-          source: .
-          targets: build
-      -
-        name: Commit and push dist
-        run: |
-          if [ -n "$(git status --porcelain -- dist)" ]; then
-            (
-              set -x
-              git config user.name "github-actions[bot]"
-              git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-              git add dist
-              git commit -m "chore: update generated content"
-              git push
-            )
-          else
-            echo "No changes in dist"
-          fi

.github/workflows/validate.yml

@@ -1,8 +1,5 @@
 name: validate
 
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -18,15 +15,15 @@ jobs:
   prepare:
     runs-on: ubuntu-latest
     outputs:
-      matrix: ${{ steps.generate.outputs.matrix }}
+      targets: ${{ steps.generate.outputs.targets }}
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
-        name: Generate matrix
+        name: List targets
         id: generate
-        uses: docker/bake-action/subaction/matrix@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
+        uses: docker/bake-action/subaction/list-targets@v6
         with:
           target: validate
 
@@ -37,10 +34,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
+        target: ${{ fromJson(needs.prepare.outputs.targets) }}
     steps:
       -
         name: Validate
-        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
+        uses: docker/bake-action@v6
         with:
           targets: ${{ matrix.target }}

.github/workflows/zizmor.yml

@@ -1,29 +0,0 @@
-name: zizmor
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - 'releases/v*'
-    tags:
-      - 'v*'
-  pull_request:
-
-jobs:
-  zizmor:
-    uses: crazy-max/.github/.github/workflows/zizmor.yml@4a17dbaa9ce13920fc5bb8824eb89c16301e5ab2 # v1.7.0
-    permissions:
-      contents: read
-      security-events: write
-    with:
-      min-severity: medium
-      min-confidence: medium
-      persona: pedantic

.prettierrc.json

@@ -6,5 +6,6 @@
   "singleQuote": true,
   "trailingComma": "none",
   "bracketSpacing": false,
-  "arrowParens": "avoid"
+  "arrowParens": "avoid",
+  "parser": "typescript"
 }

README.md

@@ -51,7 +51,7 @@ jobs:
     steps:
       -
         name: Login to Docker Hub
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -76,7 +76,7 @@ jobs:
     steps:
       -
         name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -104,7 +104,7 @@ jobs:
     steps:
       -
         name: Login to GitLab
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: registry.gitlab.com
           username: ${{ vars.GITLAB_USERNAME }}
@@ -135,7 +135,7 @@ jobs:
     steps:
       -
         name: Login to ACR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: <registry-name>.azurecr.io
           username: ${{ vars.AZURE_CLIENT_ID }}
@@ -183,7 +183,7 @@ jobs:
         service_account: <service_account>
     -
       name: Login to GCR
-      uses: docker/login-action@v4
+      uses: docker/login-action@v3
       with:
         registry: gcr.io
         username: oauth2accesstoken
@@ -216,7 +216,7 @@ jobs:
     steps:
       -
         name: Login to GCR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: gcr.io
           username: _json_key
@@ -254,7 +254,7 @@ jobs:
           service_account: <service_account>
       -
         name: Login to GAR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: <location>-docker.pkg.dev
           username: oauth2accesstoken
@@ -291,7 +291,7 @@ jobs:
     steps:
       -
         name: Login to GAR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: <location>-docker.pkg.dev
           username: _json_key
@@ -320,7 +320,7 @@ jobs:
     steps:
       -
         name: Login to ECR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
           username: ${{ vars.AWS_ACCESS_KEY_ID }}
@@ -343,7 +343,7 @@ jobs:
     steps:
       -
         name: Login to ECR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
           username: ${{ vars.AWS_ACCESS_KEY_ID }}
@@ -377,7 +377,7 @@ jobs:
           aws-region: <region>
       -
         name: Login to ECR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
 ```
@@ -404,7 +404,7 @@ jobs:
     steps:
       -
         name: Login to Public ECR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: public.ecr.aws
           username: ${{ vars.AWS_ACCESS_KEY_ID }}
@@ -438,7 +438,7 @@ jobs:
     steps:
       -
         name: Login to OCIR
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: <region>.ocir.io
           username: ${{ vars.OCI_USERNAME }}
@@ -465,7 +465,7 @@ jobs:
     steps:
       -
         name: Login to Quay.io
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: quay.io
           username: ${{ vars.QUAY_USERNAME }}
@@ -489,7 +489,7 @@ jobs:
     steps:
       -
         name: Login to DigitalOcean Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: registry.digitalocean.com
           username: ${{ vars.DIGITALOCEAN_USERNAME }}
@@ -514,13 +514,13 @@ jobs:
     steps:
       -
         name: Login to Docker Hub
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -548,7 +548,7 @@ jobs:
     steps:
       -
         name: Login to registries
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           registry-auth: |
             - username: ${{ vars.DOCKERHUB_USERNAME }}
@@ -596,7 +596,7 @@ jobs:
     steps:
       -
         name: Login to Docker Hub (scoped)
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
         with:
           username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}

__tests__/aws.test.ts

@@ -1,7 +1,7 @@
-import {beforeEach, describe, expect, test, vi} from 'vitest';
+import {beforeEach, describe, expect, jest, test} from '@jest/globals';
 import {AuthorizationData} from '@aws-sdk/client-ecr';
 
-import * as aws from '../src/aws.js';
+import * as aws from '../src/aws';
 
 describe('isECR', () => {
   test.each([
@@ -11,7 +11,6 @@ describe('isECR', () => {
     ['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', true],
     ['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', true],
     ['012345678901.dkr-ecr.eu-north-1.on.aws', true],
-    ['012345678901.dkr.ecr.eusc-de-east-1.amazonaws.eu', true],
     ['public.ecr.aws', true],
     ['ecr-public.aws.com', true]
   ])('given registry %p', async (registry, expected) => {
@@ -27,7 +26,6 @@ describe('isPubECR', () => {
     ['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', false],
     ['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', false],
     ['012345678901.dkr-ecr.eu-north-1.on.aws', false],
-    ['012345678901.dkr.ecr.eusc-de-east-1.amazonaws.eu', false],
     ['public.ecr.aws', true],
     ['ecr-public.aws.com', true]
   ])('given registry %p', async (registry, expected) => {
@@ -41,7 +39,6 @@ describe('getRegion', () => {
     ['876820548815.dkr.ecr.cn-north-1.amazonaws.com.cn', 'cn-north-1'],
     ['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', 'cn-northwest-1'],
     ['012345678901.dkr-ecr.eu-north-1.on.aws', 'eu-north-1'],
-    ['012345678901.dkr.ecr.eusc-de-east-1.amazonaws.eu', 'eusc-de-east-1'],
     ['public.ecr.aws', 'us-east-1']
   ])('given registry %p', async (registry, expected) => {
     expect(aws.getRegion(registry)).toEqual(expected);
@@ -55,7 +52,6 @@ describe('getAccountIDs', () => {
     ['012345678901.dkr.ecr.eu-west-3.amazonaws.com', '012345678901,012345678910,023456789012', ['012345678901', '012345678910', '023456789012']],
     ['390948362332.dkr.ecr.cn-northwest-1.amazonaws.com.cn', '012345678910,023456789012', ['390948362332', '012345678910', '023456789012']],
     ['876820548815.dkr-ecr.eu-north-1.on.aws', '012345678910,023456789012', ['876820548815', '012345678910', '023456789012']],
-    ['012345678901.dkr.ecr.eusc-de-east-1.amazonaws.eu', '012345678910,023456789012', ['012345678901', '012345678910', '023456789012']],
     ['public.ecr.aws', undefined, []]
   ])('given registry %p', async (registry, accountIDsEnv, expected) => {
     if (accountIDsEnv) {
@@ -65,28 +61,26 @@ describe('getAccountIDs', () => {
   });
 });
 
-const mockEcrGetAuthToken = vi.fn();
-const mockEcrPublicGetAuthToken = vi.fn();
-vi.mock('@aws-sdk/client-ecr', () => {
-  class ECR {
-    getAuthorizationToken = mockEcrGetAuthToken;
-  }
+const mockEcrGetAuthToken = jest.fn();
+const mockEcrPublicGetAuthToken = jest.fn();
+jest.mock('@aws-sdk/client-ecr', () => {
   return {
-    ECR
+    ECR: jest.fn(() => ({
+      getAuthorizationToken: mockEcrGetAuthToken
+    }))
   };
 });
-vi.mock('@aws-sdk/client-ecr-public', () => {
-  class ECRPUBLIC {
-    getAuthorizationToken = mockEcrPublicGetAuthToken;
-  }
+jest.mock('@aws-sdk/client-ecr-public', () => {
   return {
-    ECRPUBLIC
+    ECRPUBLIC: jest.fn(() => ({
+      getAuthorizationToken: mockEcrPublicGetAuthToken
+    }))
   };
 });
 
 describe('getRegistriesData', () => {
   beforeEach(() => {
-    vi.clearAllMocks();
+    jest.clearAllMocks();
     delete process.env.AWS_ACCOUNT_IDS;
   });
   // prettier-ignore

__tests__/context.test.ts

@@ -1,17 +1,6 @@
-import {afterEach, expect, test} from 'vitest';
-import * as path from 'path';
+import {expect, test} from '@jest/globals';
 
-import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
-
-import {getAuthList, getInputs} from '../src/context.js';
-
-afterEach(() => {
-  for (const key of Object.keys(process.env)) {
-    if (key.startsWith('INPUT_')) {
-      delete process.env[key];
-    }
-  }
-});
+import {getInputs} from '../src/context';
 
 test('with password and username getInputs does not throw error', async () => {
   process.env['INPUT_USERNAME'] = 'dbowie';
@@ -21,15 +10,3 @@ test('with password and username getInputs does not throw error', async () => {
     getInputs();
   }).not.toThrow();
 });
-
-test('getAuthList uses the default Docker Hub registry when computing scoped config dir', async () => {
-  process.env['INPUT_USERNAME'] = 'dbowie';
-  process.env['INPUT_PASSWORD'] = 'groundcontrol';
-  process.env['INPUT_SCOPE'] = 'myscope';
-  process.env['INPUT_LOGOUT'] = 'false';
-  const [auth] = getAuthList(getInputs());
-  expect(auth).toMatchObject({
-    registry: 'docker.io',
-    configDir: path.join(Buildx.configDir, 'config', 'registry-1.docker.io', 'myscope')
-  });
-});

__tests__/docker.test.ts

@@ -1,11 +1,16 @@
-import {expect, test, vi} from 'vitest';
+import {expect, jest, test} from '@jest/globals';
+import * as path from 'path';
 
-import {Docker} from '@docker/actions-toolkit/lib/docker/docker.js';
+import {loginStandard, logout} from '../src/docker';
 
-import {loginStandard, logout} from '../src/docker.js';
+import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
+
+process.env['RUNNER_TEMP'] = path.join(__dirname, 'runner');
 
 test('loginStandard calls exec', async () => {
-  const execSpy = vi.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
+  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+  // @ts-ignore
+  const execSpy = jest.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
     return {
       exitCode: expect.any(Number),
       stdout: expect.any(Function),
@@ -33,7 +38,9 @@ test('loginStandard calls exec', async () => {
 });
 
 test('logout calls exec', async () => {
-  const execSpy = vi.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
+  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+  // @ts-ignore
+  const execSpy = jest.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
     return {
       exitCode: expect.any(Number),
       stdout: expect.any(Function),

__tests__/setup.unit.ts

@@ -1,12 +0,0 @@
-import fs from 'node:fs';
-import os from 'node:os';
-import path from 'node:path';
-
-const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-login-action-'));
-
-process.env = Object.assign({}, process.env, {
-  TEMP: tmpDir,
-  GITHUB_REPOSITORY: 'docker/login-action',
-  RUNNER_TEMP: path.join(tmpDir, 'runner-temp'),
-  RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache')
-});

action.yml

@@ -31,6 +31,6 @@ inputs:
     required: false
 
 runs:
-  using: 'node24'
-  main: 'dist/index.cjs'
-  post: 'dist/index.cjs'
+  using: 'node20'
+  main: 'dist/index.js'
+  post: 'dist/index.js'

dev.Dockerfile

@@ -1,13 +1,12 @@
 # syntax=docker/dockerfile:1
 
-ARG NODE_VERSION=24
+ARG NODE_VERSION=20
 
 FROM node:${NODE_VERSION}-alpine AS base
-RUN apk add --no-cache cpio findutils git rsync
+RUN apk add --no-cache cpio findutils git
 WORKDIR /src
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/.yarn/cache <<EOT
-  set -e
   corepack enable
   yarn --version
   yarn config set --home enableTelemetry 0
@@ -35,27 +34,18 @@ RUN --mount=type=bind,target=.,rw <<EOT
 EOT
 
 FROM deps AS build
-RUN --mount=target=/context \
+RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/.yarn/cache \
-  --mount=type=cache,target=/src/node_modules <<EOT
-  set -e
-  rsync -a /context/. .
-  rm -rf dist
-  yarn run build
-  mkdir /out
-  cp -r dist /out
-EOT
+  --mount=type=cache,target=/src/node_modules \
+  yarn run build && mkdir /out && cp -Rf dist /out/
 
 FROM scratch AS build-update
 COPY --from=build /out /
 
 FROM build AS build-validate
-RUN --mount=target=/context \
-  --mount=target=.,type=tmpfs <<EOT
+RUN --mount=type=bind,target=.,rw <<EOT
   set -e
-  rsync -a /context/. .
   git add -A
-  rm -rf dist
   cp -rf /out/* .
   if [ -n "$(git status --porcelain -- dist)" ]; then
     echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
@@ -68,7 +58,8 @@ FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
-  yarn run format && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
+  yarn run format \
+  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
 
 FROM scratch AS format-update
 COPY --from=format /out /
@@ -85,7 +76,7 @@ ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
-  yarn run test --coverage --coverage.reportsDirectory=/tmp/coverage
+  yarn run test --coverage --coverageDirectory=/tmp/coverage
 
 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /

eslint.config.mjs

@@ -1,52 +0,0 @@
-import {defineConfig} from 'eslint/config';
-import js from '@eslint/js';
-import tseslint from '@typescript-eslint/eslint-plugin';
-import vitest from '@vitest/eslint-plugin';
-import globals from 'globals';
-import eslintConfigPrettier from 'eslint-config-prettier/flat';
-import eslintPluginPrettier from 'eslint-plugin-prettier';
-
-export default defineConfig([
-  {
-    ignores: ['.yarn/**/*', 'coverage/**/*', 'dist/**/*']
-  },
-  js.configs.recommended,
-  ...tseslint.configs['flat/recommended'],
-  eslintConfigPrettier,
-  {
-    languageOptions: {
-      globals: {
-        ...globals.node
-      }
-    }
-  },
-  {
-    files: ['__tests__/**'],
-    ...vitest.configs.recommended,
-    languageOptions: {
-      globals: {
-        ...globals.node,
-        ...vitest.environments.env.globals
-      }
-    },
-    rules: {
-      ...vitest.configs.recommended.rules,
-      'vitest/no-conditional-expect': 'error',
-      'vitest/no-disabled-tests': 0
-    }
-  },
-  {
-    plugins: {
-      prettier: eslintPluginPrettier
-    },
-    rules: {
-      'prettier/prettier': 'error',
-      '@typescript-eslint/no-require-imports': [
-        'error',
-        {
-          allowAsImport: true
-        }
-      ]
-    }
-  }
-]);

jest.config.ts

@@ -0,0 +1,30 @@
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+
+const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-login-action-')).split(path.sep).join(path.posix.sep);
+
+process.env = Object.assign({}, process.env, {
+  TEMP: tmpDir,
+  GITHUB_REPOSITORY: 'docker/login-action',
+  RUNNER_TEMP: path.join(tmpDir, 'runner-temp').split(path.sep).join(path.posix.sep),
+  RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache').split(path.sep).join(path.posix.sep)
+}) as {
+  [key: string]: string;
+};
+
+module.exports = {
+  clearMocks: true,
+  testEnvironment: 'node',
+  moduleFileExtensions: ['js', 'ts'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.ts$': 'ts-jest'
+  },
+  moduleNameMapper: {
+    '^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
+  },
+  collectCoverageFrom: ['src/**/{!(main.ts),}.ts'],
+  coveragePathIgnorePatterns: ['lib/', 'node_modules/', '__tests__/'],
+  verbose: true
+};

package.json

@@ -1,14 +1,16 @@
 {
   "name": "docker-login",
   "description": "GitHub Action to login against a Docker registry",
-  "type": "module",
   "main": "src/main.ts",
   "scripts": {
-    "build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify && yarn run license",
-    "lint": "eslint --max-warnings=0 .",
-    "format": "eslint --fix .",
-    "test": "vitest run",
-    "license": "generate-license-file --input package.json --output dist/licenses.txt --overwrite --ci --no-spinner --eol lf"
+    "build": "ncc build --source-map --minify --license licenses.txt",
+    "lint": "yarn run prettier && yarn run eslint",
+    "format": "yarn run prettier:fix && yarn run eslint:fix",
+    "eslint": "eslint --max-warnings=0 .",
+    "eslint:fix": "eslint --fix .",
+    "prettier": "prettier --check \"./**/*.ts\"",
+    "prettier:fix": "prettier --write \"./**/*.ts\"",
+    "test": "jest"
   },
   "repository": {
     "type": "git",
@@ -23,30 +25,28 @@
   "license": "Apache-2.0",
   "packageManager": "yarn@4.9.2",
   "dependencies": {
-    "@actions/core": "^3.0.0",
-    "@aws-sdk/client-ecr": "^3.1020.0",
-    "@aws-sdk/client-ecr-public": "^3.1020.0",
-    "@docker/actions-toolkit": "^0.86.0",
-    "http-proxy-agent": "^9.0.0",
-    "https-proxy-agent": "^9.0.0",
-    "js-yaml": "^4.1.1"
+    "@actions/core": "^1.11.1",
+    "@aws-sdk/client-ecr": "^3.890.0",
+    "@aws-sdk/client-ecr-public": "^3.890.0",
+    "@docker/actions-toolkit": "^0.63.0",
+    "http-proxy-agent": "^7.0.2",
+    "https-proxy-agent": "^7.0.6",
+    "js-yaml": "^4.1.0"
   },
   "devDependencies": {
-    "@eslint/js": "^9.39.3",
     "@types/js-yaml": "^4.0.9",
-    "@types/node": "^24.11.0",
-    "@typescript-eslint/eslint-plugin": "^8.56.1",
-    "@typescript-eslint/parser": "^8.56.1",
-    "@vitest/coverage-v8": "^4.0.18",
-    "@vitest/eslint-plugin": "^1.6.9",
-    "esbuild": "^0.28.0",
-    "eslint": "^9.39.3",
-    "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-prettier": "^5.5.5",
-    "generate-license-file": "^4.1.1",
-    "globals": "^17.3.0",
-    "prettier": "^3.8.1",
-    "typescript": "^5.9.3",
-    "vitest": "^4.0.18"
+    "@types/node": "^20.19.9",
+    "@typescript-eslint/eslint-plugin": "^7.18.0",
+    "@typescript-eslint/parser": "^7.18.0",
+    "@vercel/ncc": "^0.38.3",
+    "eslint": "^8.57.1",
+    "eslint-config-prettier": "^9.1.2",
+    "eslint-plugin-jest": "^28.14.0",
+    "eslint-plugin-prettier": "^5.5.4",
+    "jest": "^29.7.0",
+    "prettier": "^3.6.2",
+    "ts-jest": "^29.4.1",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.2"
   }
 }

src/aws.ts

@@ -5,7 +5,7 @@ import {NodeHttpHandler} from '@smithy/node-http-handler';
 import {HttpProxyAgent} from 'http-proxy-agent';
 import {HttpsProxyAgent} from 'https-proxy-agent';
 
-const ecrRegistryRegex = /^(([0-9]{12})\.(dkr\.ecr|dkr-ecr)\.(.+)\.(on\.aws|amazonaws\.(com(.cn)?|eu)))(\/([^:]+)(:.+)?)?$/;
+const ecrRegistryRegex = /^(([0-9]{12})\.(dkr\.ecr|dkr-ecr)\.(.+)\.(on\.aws|amazonaws\.com(.cn)?))(\/([^:]+)(:.+)?)?$/;
 const ecrPublicRegistryRegex = /public\.ecr\.aws|ecr-public\.aws\.com/;
 
 export const isECR = (registry: string): boolean => {

src/context.ts

@@ -2,8 +2,8 @@ import path from 'path';
 import * as core from '@actions/core';
 import * as yaml from 'js-yaml';
 
-import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
-import {Util} from '@docker/actions-toolkit/lib/util.js';
+import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
+import {Util} from '@docker/actions-toolkit/lib/util';
 
 export interface Inputs {
   registry: string;
@@ -42,26 +42,24 @@ export function getAuthList(inputs: Inputs): Array<Auth> {
   }
   let auths: Array<Auth> = [];
   if (!inputs.registryAuth) {
-    const registry = inputs.registry || 'docker.io';
     auths.push({
-      registry,
+      registry: inputs.registry || 'docker.io',
       username: inputs.username,
       password: inputs.password,
       scope: inputs.scope,
       ecr: inputs.ecr || 'auto',
-      configDir: scopeToConfigDir(registry, inputs.scope)
+      configDir: scopeToConfigDir(inputs.registry, inputs.scope)
     });
   } else {
     auths = (yaml.load(inputs.registryAuth) as Array<Auth>).map(auth => {
       core.setSecret(auth.password); // redacted in workflow logs
-      const registry = auth.registry || 'docker.io';
       return {
-        registry,
+        registry: auth.registry || 'docker.io',
         username: auth.username,
         password: auth.password,
         scope: auth.scope,
         ecr: auth.ecr || 'auto',
-        configDir: scopeToConfigDir(registry, auth.scope)
+        configDir: scopeToConfigDir(auth.registry || 'docker.io', auth.scope)
       };
     });
   }

src/docker.ts

@@ -1,9 +1,9 @@
 import * as core from '@actions/core';
 
-import {Docker} from '@docker/actions-toolkit/lib/docker/docker.js';
+import * as aws from './aws';
+import * as context from './context';
 
-import * as aws from './aws.js';
-import * as context from './context.js';
+import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
 
 export async function login(auth: context.Auth): Promise<void> {
   if (/true/i.test(auth.ecr) || (auth.ecr == 'auto' && aws.isECR(auth.registry))) {

src/main.ts

@@ -1,9 +1,9 @@
 import * as core from '@actions/core';
 import * as actionsToolkit from '@docker/actions-toolkit';
 
-import * as context from './context.js';
-import * as docker from './docker.js';
-import * as stateHelper from './state-helper.js';
+import * as context from './context';
+import * as docker from './docker';
+import * as stateHelper from './state-helper';
 
 export async function main(): Promise<void> {
   const inputs: context.Inputs = context.getInputs();

tsconfig.json

@@ -1,8 +1,9 @@
 {
   "compilerOptions": {
-    "module": "nodenext",
-    "moduleResolution": "nodenext",
     "esModuleInterop": true,
+    "target": "es6",
+    "module": "commonjs",
+    "strict": true,
     "newLine": "lf",
     "outDir": "./lib",
     "rootDir": "./src",
@@ -11,7 +12,10 @@
     "resolveJsonModule": true,
     "useUnknownInCatchVariables": false,
   },
-  "include": [
-    "src/**/*.ts"
+  "exclude": [
+    "./__tests__/**/*",
+    "./lib/**/*",
+    "node_modules",
+    "jest.config.ts"
   ]
 }

vitest.config.ts

@@ -1,16 +0,0 @@
-import {defineConfig} from 'vitest/config';
-
-export default defineConfig({
-  test: {
-    clearMocks: true,
-    environment: 'node',
-    setupFiles: ['./__tests__/setup.unit.ts'],
-    include: ['**/*.test.ts'],
-    coverage: {
-      provider: 'v8',
-      reporter: ['clover'],
-      include: ['src/**/*.ts'],
-      exclude: ['src/**/main.ts']
-    }
-  }
-});