more lint errors

update go mod

.codespellrc

@@ -0,0 +1,6 @@
+[codespell]
+# Ref: https://github.com/codespell-project/codespell#using-a-config-file
+skip = .git*,go.sum,package-lock.json,*.min.*,.codespellrc,testdata,./pkg/runner/hashfiles/index.js
+check-hidden = true
+ignore-regex = .*Te\{0\}st.*
+# ignore-words-list =

.dockerignore

@@ -1,52 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# IntelliJ
-.idea
-# Goland's output filename can not be set manually
-/go_build_*
-
-# MS VSCode
-.vscode
-__debug_bin*
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.test
-*.prof
-
-*coverage.out
-coverage.all
-coverage.txt
-cpu.out
-
-*.db
-*.log
-
-/gitea-runner
-/debug
-
-/bin
-/dist
-/.env
-/.runner
-/config.yaml
-/Dockerfile
-.DS_Store

.editorconfig

@@ -12,8 +12,5 @@ insert_final_newline = true
 [*.{go}]
 indent_style = tab
 
-[go.*]
-indent_style = tab
-
 [Makefile]
 indent_style = tab

.gitea/workflows/checks.yml

@@ -0,0 +1,156 @@
+name: checks
+on: [pull_request, workflow_dispatch]
+
+concurrency:
+  cancel-in-progress: true
+  group: ${{ github.workflow }}-${{ github.ref }}
+
+env:
+  ACT_OWNER: ${{ github.repository_owner }}
+  ACT_REPOSITORY: ${{ github.repository }}
+  CGO_ENABLED: 0
+  NO_QEMU: 1
+  NO_EXTERNAL_IP: 1
+  DOOD: 1
+
+jobs:
+  lint:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - uses: golangci/golangci-lint-action@v8.0.0
+        with:
+          version: v2.1.6
+      - uses: megalinter/megalinter/flavors/go@v9.1.0
+        env:
+          DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VALIDATE_ALL_CODEBASE: false
+          GITHUB_STATUS_REPORTER: ${{ !env.ACT }}
+          GITHUB_COMMENT_REPORTER: ${{ !env.ACT }}
+
+  test-linux:
+    name: test-linux
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 2
+      - name: Cleanup Docker Engine
+        run: |
+          docker ps -a --format '{{ if eq (truncate .Names 4) "act-" }}
+          {{ .ID }}
+          {{end}}' | xargs -r docker rm -f || :
+          docker volume ls --format '{{ if eq (truncate .Name 4) "act-" }}
+          {{ .Name }}
+          {{ end }}' | xargs -r docker volume rm -f || :
+          docker images --format '{{ if eq (truncate .Repository 4) "act-" }}
+          {{ .ID }}
+          {{ end }}' | xargs -r docker rmi -f || :
+          docker images -q | xargs -r docker rmi || :
+      - name: Set up QEMU
+        if: '!env.NO_QEMU'
+        uses: docker/setup-qemu-action@v3
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - uses: actions/cache@v4
+        if: ${{ !env.ACT }}
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: Install gotestfmt
+        run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@v2.5.0
+      # Regressions by Gitea Actions CI Migration
+      # GITHUB_REPOSITORY contains the server url
+      # ACTIONS_RUNTIME_URL provided to every step, act does not override
+      - name: Run Tests
+        run: |
+          unset ACTIONS_RUNTIME_URL
+          unset ACTIONS_RESULTS_URL
+          unset ACTIONS_RUNTIME_TOKEN
+          export GITHUB_REPOSITORY="${GITHUB_REPOSITORY#${SERVER_URL%/}/}"
+          export ACT_REPOSITORY="${GITHUB_REPOSITORY#${SERVER_URL%/}/}"
+          export ACT_OWNER="${ACT_OWNER#${SERVER_URL%/}/}"
+          env
+          go test -json -v -cover -coverpkg=./... -coverprofile=coverage.txt -covermode=atomic -timeout 20m ./... | gotestfmt -hide successful-packages,empty-packages 2>&1
+        env:
+          SERVER_URL: ${{ github.server_url }}
+      - name: Run act from cli
+        run: go run main.go -P ubuntu-latest=node:16-buster-slim -C ./pkg/runner/testdata/ -W ./basic/push.yml
+      - name: Run act from cli without docker support
+        run: go run -tags WITHOUT_DOCKER main.go -P ubuntu-latest=-self-hosted -C ./pkg/runner/testdata/ -W ./local-action-js/push.yml
+
+  snapshot:
+    name: snapshot
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - uses: actions/cache@v4
+        if: ${{ !env.ACT }}
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: GoReleaser
+        id: goreleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          version: v2
+          args: release --snapshot --clean
+      - name: Setup Node
+        continue-on-error: true
+        uses: actions/setup-node@v6
+        with:
+          node-version: 20
+      - name: Install @actions/artifact@2.1.0
+        continue-on-error: true
+        run: npm install @actions/artifact@2.1.0
+      - name: Upload All
+        uses: actions/github-script@v8
+        continue-on-error: true
+        with:
+          script: |
+            // We do not use features depending on GITHUB_API_URL so we can hardcode it to avoid the GHES no support error
+            process.env["GITHUB_SERVER_URL"] = "https://github.com";
+            const {DefaultArtifactClient} = require('@actions/artifact');
+            const aartifact = new DefaultArtifactClient();
+            var artifacts = JSON.parse(process.env.ARTIFACTS);
+            for(var artifact of artifacts) {
+              if(artifact.type === "Binary") {
+                const {id, size} = await aartifact.uploadArtifact(
+                  // name of the artifact
+                  `${artifact.name}-${artifact.target}`,
+                  // files to include (supports absolute and relative paths)
+                  [artifact.path],
+                  process.cwd(),
+                  {
+                    // optional: how long to retain the artifact
+                    // if unspecified, defaults to repository/org retention settings (the limit of this value)
+                    retentionDays: 10
+                  }
+                );
+                console.log(`Created artifact with id: ${id} (bytes: ${size}`);
+              }
+            }
+        env:
+          ARTIFACTS: ${{ steps.goreleaser.outputs.artifacts }}
+      - name: Chocolatey
+        uses: ./.github/actions/choco
+        with:
+          version: v0.0.0-pr

.gitea/workflows/release-nightly.yml

@@ -69,7 +69,7 @@ jobs:
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Echo the tag
-        run: echo "${{ env.DOCKER_ORG }}/runner:nightly${{ matrix.variant.tag_suffix }}"
+        run: echo "${{ env.DOCKER_ORG }}/act_runner:nightly${{ matrix.variant.tag_suffix }}"
 
       - name: Build and push
         uses: docker/build-push-action@v6
@@ -82,4 +82,4 @@ jobs:
             linux/arm64
           push: true
           tags: |
-            ${{ env.DOCKER_ORG }}/runner:nightly${{ matrix.variant.tag_suffix }}
+            ${{ env.DOCKER_ORG }}/act_runner:nightly${{ matrix.variant.tag_suffix }}

.gitea/workflows/release-tag.yml

@@ -17,7 +17,7 @@ jobs:
           go-version-file: "go.mod"
       - name: Import GPG key
         id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v7
+        uses: crazy-max/ghaction-import-gpg@v6
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
@@ -39,15 +39,6 @@ jobs:
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
   release-image:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        variant:
-          - target: basic
-            tag_suffix: ""
-          - target: dind
-            tag_suffix: "-dind"
-          - target: dind-rootless
-            tag_suffix: "-dind-rootless"
     container:
       image: catthehacker/ubuntu:act-latest
     env:
@@ -71,28 +62,50 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
-      - name: "Docker meta"
-        id: docker_meta
-        uses: https://github.com/docker/metadata-action@v5
-        with:
-          images: |
-            ${{ env.DOCKER_ORG }}/runner
-          tags: |
-            type=semver,pattern={{major}}.{{minor}}.{{patch}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-          flavor: |
-            latest=true
-            suffix=${{ matrix.variant.tag_suffix }},onlatest=true
+      - name: Get Meta
+        id: meta
+        run: |
+          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}') >> $GITHUB_OUTPUT
+          echo REPO_VERSION=${GITHUB_REF_NAME#v} >> $GITHUB_OUTPUT
 
       - name: Build and push
         uses: docker/build-push-action@v6
         with:
           context: .
           file: ./Dockerfile
-          target: ${{ matrix.variant.target }}
+          target: basic
           platforms: |
             linux/amd64
             linux/arm64
           push: true
-          tags: ${{ steps.docker_meta.outputs.tags }}
+          tags: |
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
+
+      - name: Build and push dind
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          target: dind
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-dind
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind
+
+      - name: Build and push dind-rootless
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          target: dind-rootless
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-dind-rootless
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind-rootless

.gitea/workflows/release.yml

@@ -0,0 +1,72 @@
+name: release
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  release:
+    # TODO use environment to scope secrets
+    name: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - uses: actions/cache@v4
+        if: ${{ !env.ACT }}
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          version: latest
+          args: release --clean -f ./.goreleaser.yml -f ./.goreleaser.gitea.yml
+        env:
+          GITEA_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN || github.token }}
+      - name: Winget
+        uses: vedantmgoyal2009/winget-releaser@v2
+        with:
+          identifier: nektos.act
+          installers-regex: '_Windows_\w+\.zip$'
+          token: ${{ secrets.WINGET_TOKEN }}
+        if: env.ENABLED
+        env:
+          ENABLED: ${{ secrets.WINGET_TOKEN && '1' || '' }}
+      - name: Chocolatey
+        uses: ./.github/actions/choco
+        with:
+          version: ${{ github.ref }}
+          apiKey: ${{ secrets.CHOCO_APIKEY }}
+          push: true
+        if: env.ENABLED
+        env:
+          ENABLED: ${{ secrets.CHOCO_APIKEY && '1' || ''  }}
+      # TODO use ssh deployment key
+      - name: GitHub CLI extension
+        uses: actions/github-script@v8
+        with:
+          github-token: ${{ secrets.CLI_GITHUB_TOKEN || secrets.GORELEASER_GITHUB_TOKEN }}
+          script: |
+            const mainRef = (await github.rest.git.getRef({
+              owner: context.repo.owner,
+              repo: 'gh-act',
+              ref: 'heads/main',
+            })).data;
+            console.log(mainRef);
+            github.rest.git.createRef({
+              owner: 'nektos',
+              repo: 'gh-act',
+              ref: context.ref,
+              sha: mainRef.object.sha,
+            });
+        if: env.ENABLED
+        env:
+          ENABLED: ${{ (secrets.CLI_GITHUB_TOKEN || secrets.GORELEASER_GITHUB_TOKEN) && '1' || ''  }}

.gitea/workflows/test.yml

@@ -1,9 +1,7 @@
 name: checks
 on:
-  push:
-    branches:
-      - main
-  pull_request:
+  - push
+  - pull_request
 
 jobs:
   lint:
@@ -19,4 +17,4 @@ jobs:
       - name: build
         run: make build
       - name: test
-        run: make test
+        run: make test

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,88 @@
+name: Bug report
+description: Use this template for reporting bugs/issues.
+labels:
+  - 'kind/bug'
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: textarea
+    id: act-debug
+    attributes:
+      label: Bug report info
+      render: plain text
+      description: |
+        Output of `act --bug-report`
+      placeholder: |
+        act --bug-report
+    validations:
+      required: true
+  - type: textarea
+    id: act-command
+    attributes:
+      label: Command used with act
+      description: |
+        Please paste your whole command
+      placeholder: |
+        act -P ubuntu-latest=node:12 -v -d ...
+      render: sh
+    validations:
+      required: true
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: Describe issue
+      description: |
+        Also tell us what did you expect to happen?
+      placeholder: |
+        Describe issue
+    validations:
+      required: true
+  - type: input
+    id: repo
+    attributes:
+      label: Link to GitHub repository
+      description: |
+        Provide link to GitHub repository, you can skip it if the repository is private or you don't have it on GitHub, otherwise please provide it as it might help us troubleshoot problem
+      placeholder: |
+        https://github.com/nektos/act
+    validations:
+      required: false
+  - type: textarea
+    id: workflow
+    attributes:
+      label: Workflow content
+      description: |
+        Please paste your **whole** workflow here
+      placeholder: |
+        name: My workflow
+        on: ['push', 'schedule']
+        jobs:
+          test:
+            runs-on: ubuntu-latest
+          env:
+            KEY: VAL
+        [...]
+      render: yml
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: |
+        Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks. Please verify that the log output doesn't contain any sensitive data.
+      render: sh
+      placeholder: |
+        Use `act -v` for verbose output
+    validations:
+      required: true
+  - type: textarea
+    id: additional-info
+    attributes:
+      label: Additional information
+      placeholder: |
+        Additional information that doesn't fit elsewhere
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Start a discussion
+    url: https://github.com/actions-oss/act-cli/discussions/new
+    about: You can ask for help here!
+  - name: Want to contribute to act?
+    url: https://github.com/actions-oss/act-cli/blob/main/CONTRIBUTING.md
+    about: Be sure to read contributing guidelines!

.github/ISSUE_TEMPLATE/feature_template.yml

@@ -0,0 +1,28 @@
+name: Feature request
+description: Use this template for requesting a feature/enhancement.
+labels:
+  - 'kind/feature-request'
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Please note that incompatibility with GitHub Actions should be opened as a bug report, not a new feature.
+  - type: input
+    id: act-version
+    attributes:
+      label: Act version
+      description: |
+        What version of `act` are you using? Version can be obtained via `act --version`
+        If you've built it from source, please provide commit hash
+      placeholder: |
+        act --version
+    validations:
+      required: true
+  - type: textarea
+    id: feature
+    attributes:
+      label: Feature description
+      description: Describe feature that you would like to see
+      placeholder: ...
+    validations:
+      required: true

.github/actions/choco/Dockerfile

@@ -0,0 +1,20 @@
+FROM alpine:3.21
+
+ARG CHOCOVERSION=1.1.0
+
+RUN apk add --no-cache bash ca-certificates git \
+  && apk --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community add mono mono-dev \
+  && cert-sync /etc/ssl/certs/ca-certificates.crt \
+  && wget "https://github.com/chocolatey/choco/archive/${CHOCOVERSION}.tar.gz" -O- | tar -xzf - \
+  && cd choco-"${CHOCOVERSION}" \
+  && chmod +x build.sh zip.sh \
+  && ./build.sh -v \
+  && mv ./code_drop/chocolatey/console /opt/chocolatey \
+  && mkdir -p /opt/chocolatey/lib \
+  && rm -rf /choco-"${CHOCOVERSION}" \
+  && apk del mono-dev \
+  && rm -rf /var/cache/apk/*
+
+ENV ChocolateyInstall=/opt/chocolatey
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

.github/actions/choco/action.yml

@@ -0,0 +1,16 @@
+name: 'Chocolatey Packager'
+description: 'Create the choco package and push it'
+inputs:
+  version:
+    description: 'Version of package'
+    required: false
+  apiKey:
+    description: 'API Key for chocolately'
+    required: false
+  push:
+    description: 'Option for if package is going to be pushed'
+    required: false
+    default: 'false'
+runs:
+  using: 'docker'
+  image: 'Dockerfile'

.github/actions/choco/entrypoint.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+function choco {
+  mono /opt/chocolatey/choco.exe "$@" --allow-unofficial --nocolor
+}
+
+function get_version {
+  local version=${INPUT_VERSION:-$(git describe --tags)}
+  version=(${version//[!0-9.-]/})
+  local version_parts=(${version//-/ })
+  version=${version_parts[0]}
+  if [ ${#version_parts[@]} -gt 1 ]; then
+    version=${version_parts}.${version_parts[1]}
+  fi
+  echo "$version"
+}
+
+## Determine the version to pack
+VERSION=$(get_version)
+echo "Packing version ${VERSION} of act"
+rm -f act-cli.*.nupkg
+mkdir -p tools
+cp LICENSE tools/LICENSE.txt
+cp VERIFICATION tools/VERIFICATION.txt
+cp dist/act-cli_windows_amd64*/act.exe tools/
+choco pack act-cli.nuspec --version ${VERSION}
+if [[ "$INPUT_PUSH" == "true" ]]; then
+  choco push act-cli.${VERSION}.nupkg --api-key ${INPUT_APIKEY} -s https://push.chocolatey.org/ --timeout 180
+fi

.github/dependabot.yml

@@ -0,0 +1,23 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'monthly'
+    groups:
+      dependencies:
+        patterns:
+        - '*'
+  - package-ecosystem: 'gomod'
+    directory: '/'
+    schedule:
+      interval: 'monthly'
+    groups:
+      dependencies:
+        patterns:
+        - '*'

.github/workflows/.gitignore

@@ -0,0 +1 @@
+test-*.yml

.github/workflows/checks.yml

@@ -0,0 +1,151 @@
+name: checks
+on: [pull_request, workflow_dispatch]
+
+concurrency:
+  cancel-in-progress: true
+  group: ${{ github.workflow }}-${{ github.ref }}
+
+env:
+  ACT_OWNER: ${{ github.repository_owner }}
+  ACT_REPOSITORY: ${{ github.repository }}
+  CGO_ENABLED: 0
+
+jobs:
+  lint:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - uses: golangci/golangci-lint-action@v8.0.0
+        with:
+          version: v2.1.6
+      - uses: megalinter/megalinter/flavors/go@v9.1.0
+        env:
+          DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VALIDATE_ALL_CODEBASE: false
+          GITHUB_STATUS_REPORTER: ${{ !env.ACT }}
+          GITHUB_COMMENT_REPORTER: ${{ !env.ACT }}
+
+  test-linux:
+    name: test-linux
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 2
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - uses: actions/cache@v4
+        if: ${{ !env.ACT }}
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: Install gotestfmt
+        run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@v2.5.0
+      - name: Run Tests
+        run: go test -json -v -cover -coverpkg=./... -coverprofile=coverage.txt -covermode=atomic -timeout 20m ./... | gotestfmt -hide successful-packages,empty-packages 2>&1
+      - name: Run act from cli
+        run: go run main.go -P ubuntu-latest=node:16-buster-slim -C ./pkg/runner/testdata/ -W ./basic/push.yml
+      - name: Run act from cli without docker support
+        run: go run -tags WITHOUT_DOCKER main.go -P ubuntu-latest=-self-hosted -C ./pkg/runner/testdata/ -W ./local-action-js/push.yml
+      - name: Upload Codecov report
+        uses: codecov/codecov-action@v5
+        with:
+          files: coverage.txt
+          fail_ci_if_error: true # optional (default = false)
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  test-host:
+    strategy:
+      matrix:
+        os:
+          - windows-latest
+          - macos-latest
+    name: test-host-${{matrix.os}}
+    runs-on: ${{matrix.os}}
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 2
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - name: Install gotestfmt
+        run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@v2.5.0
+      - name: Run Tests
+        run: go test -v -cover -coverpkg=./... -coverprofile=coverage.txt -covermode=atomic -timeout 20m -run ^TestRunEventHostEnvironment$ ./...
+        shell: bash
+
+
+  snapshot:
+    name: snapshot
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - uses: actions/cache@v4
+        if: ${{ !env.ACT }}
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: GoReleaser
+        id: goreleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          version: v2
+          args: release --snapshot --clean
+      - name: Setup Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: 20
+      - name: Install @actions/artifact
+        run: npm install @actions/artifact
+      - name: Upload All
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const {DefaultArtifactClient} = require('@actions/artifact');
+            const aartifact = new DefaultArtifactClient();
+            var artifacts = JSON.parse(process.env.ARTIFACTS);
+            for(var artifact of artifacts) {
+              if(artifact.type === "Binary") {
+                const {id, size} = await aartifact.uploadArtifact(
+                  // name of the artifact
+                  `${artifact.name}-${artifact.target}`,
+                  // files to include (supports absolute and relative paths)
+                  [artifact.path],
+                  process.cwd(),
+                  {
+                    // optional: how long to retain the artifact
+                    // if unspecified, defaults to repository/org retention settings (the limit of this value)
+                    retentionDays: 10
+                  }
+                );
+                console.log(`Created artifact with id: ${id} (bytes: ${size}`);
+              }
+            }
+        env:
+          ARTIFACTS: ${{ steps.goreleaser.outputs.artifacts }}
+      - name: Chocolatey
+        uses: ./.github/actions/choco
+        with:
+          version: v0.0.0-pr

.github/workflows/codespell.yml

@@ -0,0 +1,23 @@
+# Codespell configuration is within .codespellrc
+---
+name: Codespell
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+permissions:
+  contents: read
+
+jobs:
+  codespell:
+    name: Check for spelling errors
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+      - name: Codespell
+        uses: codespell-project/actions-codespell@v2

.github/workflows/promote.yml

@@ -0,0 +1,30 @@
+name: promote
+on:
+  schedule:
+    - cron: '0 2 1 * *'
+  workflow_dispatch: {}
+
+jobs:
+  release:
+    if: vars.ENABLE_PROMOTE || github.event_name != 'schedule'
+    name: promote
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+          ref: master
+          token: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
+      - uses: fregante/setup-git-user@v2
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - uses: actions/cache@v4
+        if: ${{ !env.ACT }}
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - run: make promote

.github/workflows/release.yml

@@ -0,0 +1,72 @@
+name: release
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  release:
+    # TODO use environment to scope secrets
+    name: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - uses: actions/cache@v4
+        if: ${{ !env.ACT }}
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN || github.token }}
+      - name: Winget
+        uses: vedantmgoyal2009/winget-releaser@v2
+        with:
+          identifier: nektos.act
+          installers-regex: '_Windows_\w+\.zip$'
+          token: ${{ secrets.WINGET_TOKEN }}
+        if: env.ENABLED
+        env:
+          ENABLED: ${{ secrets.WINGET_TOKEN && '1' || '' }}
+      - name: Chocolatey
+        uses: ./.github/actions/choco
+        with:
+          version: ${{ github.ref }}
+          apiKey: ${{ secrets.CHOCO_APIKEY }}
+          push: true
+        if: env.ENABLED
+        env:
+          ENABLED: ${{ secrets.CHOCO_APIKEY && '1' || ''  }}
+      # TODO use ssh deployment key
+      - name: GitHub CLI extension
+        uses: actions/github-script@v8
+        with:
+          github-token: ${{ secrets.CLI_GITHUB_TOKEN || secrets.GORELEASER_GITHUB_TOKEN }}
+          script: |
+            const mainRef = (await github.rest.git.getRef({
+              owner: context.repo.owner,
+              repo: 'gh-act',
+              ref: 'heads/main',
+            })).data;
+            console.log(mainRef);
+            github.rest.git.createRef({
+              owner: 'nektos',
+              repo: 'gh-act',
+              ref: context.ref,
+              sha: mainRef.object.sha,
+            });
+        if: env.ENABLED
+        env:
+          ENABLED: ${{ (secrets.CLI_GITHUB_TOKEN || secrets.GORELEASER_GITHUB_TOKEN) && '1' || ''  }}

.github/workflows/stale.yml

@@ -0,0 +1,23 @@
+name: 'Close stale issues'
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  stale:
+    name: Stale
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v10
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-message: 'Issue is stale and will be closed in 14 days unless there is new activity'
+          stale-pr-message: 'PR is stale and will be closed in 14 days unless there is new activity'
+          stale-issue-label: 'stale'
+          exempt-issue-labels: 'stale-exempt,kind/feature-request'
+          stale-pr-label: 'stale'
+          exempt-pr-labels: 'stale-exempt'
+          remove-stale-when-updated: 'True'
+          operations-per-run: 500
+          days-before-stale: 180
+          days-before-close: 14

.gitignore

@@ -1,7 +1,8 @@
-/gitea-runner
+/act_runner
 .env
 .runner
 coverage.txt
+/gitea-vet
 /config.yaml
 
 # Jetbrains

.gitleaksignore

@@ -0,0 +1,2 @@
+b910a42edfab7a02b08a52ecef203fd419725642:pkg/container/testdata/docker-pull-options/config.json:generic-api-key:4
+710a3ac94c3dc0eaf680d417c87f37f92b4887f4:pkg/container/docker_pull_test.go:generic-api-key:45

.golangci.yml

@@ -13,7 +13,6 @@ linters:
     - forbidigo
     - gocheckcompilerdirectives
     - gocritic
-    - goheader
     - govet
     - ineffassign
     - mirror
@@ -36,61 +35,23 @@ linters:
       rules:
         main:
           deny:
-            - pkg: io/ioutil
-              desc: use os or io instead
-            - pkg: golang.org/x/exp
-              desc: it's experimental and unreliable
             - pkg: github.com/pkg/errors
-              desc: use builtin errors package instead
-    nolintlint:
-      allow-unused: false
-      require-explanation: true
-      require-specific: true
+              desc: Please use "errors" package from standard library
+            - pkg: gotest.tools/v3
+              desc: Please keep tests unified using only github.com/stretchr/testify
+            - pkg: log
+              desc: Please keep logging unified using only github.com/sirupsen/logrus
     gocritic:
-      enabled-checks:
-        - equalFold
       disabled-checks:
         - ifElseChain
-    revive:
-      severity: error
-      rules:
-        - name: blank-imports
-        - name: constant-logical-expr
-        - name: context-as-argument
-        - name: context-keys-type
-        - name: dot-imports
-        - name: empty-lines
-        - name: error-return
-        - name: error-strings
-        - name: exported
-        - name: identical-branches
-        - name: if-return
-        - name: increment-decrement
-        - name: modifies-value-receiver
-        - name: package-comments
-        - name: redefines-builtin-id
-        - name: superfluous-else
-        - name: time-naming
-        - name: unexported-return
-        - name: var-declaration
-        - name: var-naming
-    staticcheck:
-      checks:
-        - all
-        - -ST1005
-    usetesting:
-      os-temp-dir: true
-    perfsprint:
-      concat-loop: false
-    govet:
-      enable:
-        - nilness
-        - unusedwrite
-    goheader:
-      values:
-        regexp:
-          HEADER: 'Copyright \d{4} The Gitea Authors\. All rights reserved\.(\nCopyright [^\n]+)*\nSPDX-License-Identifier: MIT'
-      template: '{{ HEADER }}'
+    gocyclo:
+      min-complexity: 20
+    importas:
+      alias:
+        - pkg: github.com/sirupsen/logrus
+          alias: log
+        - pkg: github.com/stretchr/testify/assert
+          alias: assert
   exclusions:
     generated: lax
     presets:
@@ -98,28 +59,21 @@ linters:
       - common-false-positives
       - legacy
       - std-error-handling
-    rules:
-      - linters:
-          - forbidigo
-        path: cmd
+    paths:
+      - report
+      - third_party$
+      - builtin$
+      - examples$
 issues:
   max-issues-per-linter: 0
   max-same-issues: 0
 formatters:
   enable:
-    - gci
-    - gofumpt
-  settings:
-    gci:
-      custom-order: true
-      sections:
-        - standard
-        - prefix(gitea.com/gitea/runner)
-        - blank
-        - default
-    gofumpt:
-      extra-rules: true
+    - goimports
   exclusions:
     generated: lax
-run:
-  timeout: 10m
+    paths:
+      - report
+      - third_party$
+      - builtin$
+      - examples$

.goreleaser.gitea.yml

@@ -0,0 +1,3 @@
+gitea_urls:
+  api: https://gitea.com/api/v1/
+  download: https://gitea.com/

.goreleaser.yaml

@@ -1,7 +1,5 @@
 version: 2
 
-project_name: gitea-runner
-
 before:
   hooks:
     - go mod tidy
@@ -65,7 +63,7 @@ builds:
   flags:
   - -trimpath
   ldflags:
-  - -s -w -X gitea.com/gitea/runner/internal/pkg/ver.version={{ .Summary }}
+  - -s -w -X gitea.com/gitea/act_runner/internal/pkg/ver.version={{ .Summary }}
   binary: >-
     {{ .ProjectName }}-
     {{- .Version }}-
@@ -88,7 +86,7 @@ blobs:
     provider: s3
     bucket: "{{ .Env.S3_BUCKET }}"
     region: "{{ .Env.S3_REGION }}"
-    directory: "gitea-runner/{{.Version}}"
+    directory: "act_runner/{{.Version}}"
     extra_files:
       - glob: ./**.xz
       - glob: ./**.sha256

.goreleaser.yml

@@ -0,0 +1,54 @@
+version: 2
+before:
+  hooks:
+    - go mod tidy
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - darwin
+      - linux
+      - windows
+    goarch:
+      - amd64
+      - '386'
+      - arm64
+      - arm
+      - riscv64
+    goarm:
+      - '6'
+      - '7'
+    ignore:
+      - goos: windows
+        goarm: '6'
+    binary: act
+checksum:
+  name_template: 'checksums.txt'
+archives:
+  - name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    format_overrides:
+      - goos: windows
+        formats:
+        - zip
+changelog:
+  groups:
+    - title: 'New Features'
+      regexp: "^.*feat[(\\w)]*:+.*$"
+      order: 0
+    - title: 'Bug fixes'
+      regexp: "^.*fix[(\\w)]*:+.*$"
+      order: 1
+    - title: 'Documentation updates'
+      regexp: "^.*docs[(\\w)]*:+.*$"
+      order: 2
+    - title: 'Other'
+      order: 999
+release:
+  prerelease: auto
+  mode: append

.markdownlint.yml

@@ -0,0 +1,12 @@
+# Default state for all rules
+default: true
+
+# MD013/line-length - Line length
+MD013:
+  line_length: 1024
+
+# MD033/no-inline-html - Inline HTML
+MD033: false
+
+# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading
+MD041: false

.mega-linter.yml

@@ -0,0 +1,20 @@
+---
+APPLY_FIXES: none
+DISABLE:
+  - ACTION
+  - BASH
+  - COPYPASTE
+  - DOCKERFILE
+  - GO
+  - JAVASCRIPT
+  - SPELL
+DISABLE_LINTERS:
+  - YAML_YAMLLINT
+  - MARKDOWN_MARKDOWN_TABLE_FORMATTER
+  - MARKDOWN_MARKDOWN_LINK_CHECK
+  - REPOSITORY_CHECKOV
+  - REPOSITORY_TRIVY
+FILTER_REGEX_EXCLUDE: (.*testdata/*|install.sh|pkg/container/docker_cli.go|pkg/container/DOCKER_LICENSE|VERSION)
+MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdownlint.yml
+PARALLEL: false
+PRINT_ALPACA: false

.mergify.yml

@@ -0,0 +1,98 @@
+
+pull_request_rules:
+  - name: warn on conflicts
+    conditions:
+      - -draft
+      - -closed
+      - -merged
+      - conflict
+    actions:
+      comment:
+        message: '@{{author}} this pull request is now in conflict 😩'
+      label:
+        add:
+          - conflict
+  - name: remove conflict label if not needed
+    conditions:
+      - -conflict
+    actions:
+      label:
+        remove:
+          - conflict
+  - name: warn on needs-work
+    conditions:
+      - -draft
+      - -closed
+      - -merged
+      - or:
+          - check-failure=lint
+          - check-failure=test-linux
+          - check-failure=codecov/patch
+          - check-failure=codecov/project
+          - check-failure=snapshot
+    actions:
+      comment:
+        message: '@{{author}} this pull request has failed checks 🛠'
+      label:
+        add:
+          - needs-work
+  - name: remove needs-work label if not needed
+    conditions:
+      - check-success=lint
+      - check-success=test-linux
+      - check-success=codecov/patch
+      - check-success=codecov/project
+      - check-success=snapshot
+    actions:
+      label:
+        remove:
+          - needs-work
+  - name: Automatic maintainer assignment
+    conditions:
+      - '-approved-reviews-by=@nektos/act-maintainers'
+      - -draft
+      - -merged
+      - -closed
+      - -conflict
+      - check-success=lint
+      - check-success=test-linux
+      - check-success=codecov/patch
+      - check-success=codecov/project
+      - check-success=snapshot
+    actions:
+      request_reviews:
+        teams:
+          - '@nektos/act-maintainers'
+  - name: Automatic merge on approval
+    conditions: []
+    actions:
+      queue:
+queue_rules:
+  - name: default
+    queue_conditions:
+      - '#changes-requested-reviews-by=0'
+      - or:
+          - 'approved-reviews-by=@nektos/act-committers'
+          - 'author~=^dependabot(|-preview)\[bot\]$'
+          - and:
+              - 'approved-reviews-by=@nektos/act-maintainers'
+              - '#approved-reviews-by>=2'
+          - and:
+              - 'author=@nektos/act-maintainers'
+              - 'approved-reviews-by=@nektos/act-maintainers'
+              - '#approved-reviews-by>=1'
+      - -draft
+      - -merged
+      - -closed
+      - check-success=lint
+      - check-success=test-linux
+      - check-success=codecov/patch
+      - check-success=codecov/project
+      - check-success=snapshot
+    merge_conditions:
+      - check-success=lint
+      - check-success=test-linux
+      - check-success=codecov/patch
+      - check-success=codecov/project
+      - check-success=snapshot
+    merge_method: squash

.prettierignore

@@ -0,0 +1,2 @@
+**/testdata
+pkg/runner/res

.prettierrc.yml

@@ -0,0 +1,7 @@
+overrides:
+  - files: '*.yml'
+    options:
+      singleQuote: true
+  - files: '*.json'
+    options:
+      singleQuote: false

.vscode/extensions.json

@@ -0,0 +1,9 @@
+{
+  "recommendations": [
+    "editorconfig.editorconfig",
+    "golang.go",
+    "davidanson.vscode-markdownlint",
+    "esbenp.prettier-vscode",
+    "redhat.vscode-yaml"
+  ]
+}

.vscode/settings.json

@@ -0,0 +1,14 @@
+{
+  "go.lintTool": "golangci-lint",
+  "go.lintFlags": ["--fix"],
+  "go.testTimeout": "300s",
+  "[json]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  },
+  "[markdown]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  },
+  "[yaml]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  }
+}

AGENTS.md

@@ -1,10 +0,0 @@
-- Use `make help` to find available development targets
-- Run `make fmt` to format `.go` files, and run `make lint-go` to lint them
-- Run `make tidy` after any `go.mod` changes
-- Run single go unit tests with `go test -run '^TestName$' ./modulepath/`
-- Add the current year into the copyright header of new `.go` files
-- Ensure no trailing whitespace in edited files
-- Never force-push, amend, or squash unless asked. Use new commits and normal push for pull request updates
-- Preserve existing code comments, do not remove or rewrite comments that are still relevant
-- Include authorship attribution in issue and pull request comments
-- Add `Co-Authored-By` lines to all commits, indicating name and model used

CLAUDE.md

@@ -1 +0,0 @@
-@AGENTS.md

CODEOWNERS

@@ -0,0 +1 @@
+*       @nektos/act-maintainers

CONTRIBUTING.md

@@ -0,0 +1,69 @@
+# Contributing to Act
+
+Help wanted! We'd love your contributions to Act. Please review the following guidelines before contributing. Also, feel free to propose changes to these guidelines by updating this file and submitting a pull request.
+
+- [I have a question...](#questions)
+- [I found a bug...](#bugs)
+- [I have a feature request...](#features)
+- [I have a contribution to share...](#process)
+
+## <a id="questions"></a> Have a Question?
+
+Please don't open a GitHub issue for questions about how to use `act`, as the goal is to use issues for managing bugs and feature requests. Issues that are related to general support will be closed and redirected to our gitter room.
+
+For all support related questions, please ask the question in discussions: [actions-oss/act-cli](https://github.com/actions-oss/act-cli/discussions).
+
+## <a id="bugs"></a> Found a Bug?
+
+If you've identified a bug in `act`, please [submit an issue](#issue) to our GitHub repo: [actions-oss/act-cli](https://github.com/actions-oss/act-cli/issues/new). Please also feel free to submit a [Pull Request](#pr) with a fix for the bug!
+
+## <a id="features"></a> Have a Feature Request?
+
+All feature requests should start with [submitting an issue](#issue) documenting the user story and acceptance criteria. Again, feel free to submit a [Pull Request](#pr) with a proposed implementation of the feature.
+
+## <a id="process"></a> Ready to Contribute
+
+### <a id="issue"></a> Create an issue
+
+Before submitting a new issue, please search the issues to make sure there isn't a similar issue doesn't already exist.
+
+Assuming no existing issues exist, please ensure you include required information when submitting the issue to ensure we can quickly reproduce your issue.
+
+We may have additional questions and will communicate through the GitHub issue, so please respond back to our questions to help reproduce and resolve the issue as quickly as possible.
+
+New issues can be created with in our [GitHub repo](https://github.com/actions-oss/act-cli/issues/new).
+
+### <a id="pr"></a>Pull Requests
+
+Pull requests should target the `master` branch. Please also reference the issue from the description of the pull request using [special keyword syntax](https://help.github.com/articles/closing-issues-via-commit-messages/) to auto close the issue when the PR is merged. For example, include the phrase `fixes #14` in the PR description to have issue #14 auto close. Please send documentation updates for the [act user guide](https://actions-oss.github.io/act-docs/) to [actions-oss/act-docs](https://github.com/actions-oss/act-docs).
+
+### <a id="style"></a> Styleguide
+
+When submitting code, please make every effort to follow existing conventions and style in order to keep the code as readable as possible. Here are a few points to keep in mind:
+
+- Please run `go fmt ./...` before committing to ensure code aligns with go standards.
+- We use [`golangci-lint`](https://golangci-lint.run/) for linting Go code, run `golangci-lint run --fix` before submitting PR. Editors such as Visual Studio Code or JetBrains IntelliJ; with Go support plugin will offer `golangci-lint` automatically.
+- There are additional linters and formatters for files such as Markdown documents or YAML/JSON:
+  - Please refer to the [Makefile](Makefile) or [`lint` job in our workflow](.github/workflows/checks.yml) to see how to those linters/formatters work.
+  - You can lint codebase by running `go run main.go -j lint --env RUN_LOCAL=true` or `act -j lint --env RUN_LOCAL=true`
+  - In `Makefile`, there are tools that require `npx` which is shipped with `nodejs`.
+  - Our `Makefile` exports `GITHUB_TOKEN` from `~/.config/github/token`, you have been warned.
+  - You can run `make pr` to cleanup dependencies, format/lint code and run tests.
+- All dependencies must be defined in the `go.mod` file.
+  - Advanced IDEs and code editors (like VSCode) will take care of that, but to be sure, run `go mod tidy` to validate dependencies.
+- For details on the approved style, check out [Effective Go](https://golang.org/doc/effective_go.html).
+- Before running tests, please be aware that they are multi-architecture so for them to not fail, you need to run `docker run --privileged --rm tonistiigi/binfmt --install amd64,arm64` before ([more info available in #765](https://github.com/nektos/act/issues/765)).
+
+Also, consider the original design principles:
+
+- **Polyglot** - There will be no prescribed language or framework for developing the microservices. The only requirement will be that the service will be run inside a container and exposed via an HTTP endpoint.
+- **Cloud Provider** - At this point, the tool will assume AWS for the cloud provider and will not be written in a cloud agnostic manner. However, this does not preclude refactoring to add support for other providers at a later time.
+- **Declarative** - All resource administration will be handled in a declarative vs. imperative manner. A file will be used to declared the desired state of the resources and the tool will simply assert the actual state matches the desired state. The tool will accomplish this by generating CloudFormation templates.
+- **Stateless** - The tool will not maintain its own state. Rather, it will rely on the CloudFormation stacks to determine the state of the platform.
+- **Secure** - All security will be managed by AWS IAM credentials. No additional authentication or authorization mechanisms will be introduced.
+
+### License
+
+By contributing your code, you agree to license your contribution under the terms of the [MIT License](LICENSE).
+
+All files are released with the MIT license.

Dockerfile

@@ -9,19 +9,19 @@ RUN apk add --no-cache make git
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-}
 
-COPY . /opt/src/runner
-WORKDIR /opt/src/runner
+COPY . /opt/src/act_runner
+WORKDIR /opt/src/act_runner
 
 RUN make clean && make build
 
 ### DIND VARIANT
 #
 #
-FROM docker:29-dind AS dind
+FROM docker:28-dind AS dind
 
 RUN apk add --no-cache s6 bash git tzdata
 
-COPY --from=builder /opt/src/runner/gitea-runner /usr/local/bin/gitea-runner
+COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
 COPY scripts/run.sh /usr/local/bin/run.sh
 COPY scripts/s6 /etc/s6
 
@@ -32,12 +32,12 @@ ENTRYPOINT ["s6-svscan","/etc/s6"]
 ### DIND-ROOTLESS VARIANT
 #
 #
-FROM docker:29-dind-rootless AS dind-rootless
+FROM docker:28-dind-rootless AS dind-rootless
 
 USER root
 RUN apk add --no-cache s6 bash git tzdata
 
-COPY --from=builder /opt/src/runner/gitea-runner /usr/local/bin/gitea-runner
+COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
 COPY scripts/run.sh /usr/local/bin/run.sh
 COPY scripts/s6 /etc/s6
 
@@ -56,7 +56,7 @@ ENTRYPOINT ["s6-svscan","/etc/s6"]
 FROM alpine AS basic
 RUN apk add --no-cache tini bash git tzdata
 
-COPY --from=builder /opt/src/runner/gitea-runner /usr/local/bin/gitea-runner
+COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
 COPY scripts/run.sh /usr/local/bin/run.sh
 
 VOLUME /data

Makefile

@@ -1,30 +1,32 @@
 DIST := dist
-EXECUTABLE := gitea-runner
+EXECUTABLE := act_runner
+GOFMT ?= gofumpt -l
 DIST_DIRS := $(DIST)/binaries $(DIST)/release
 GO ?= go
 SHASUM ?= shasum -a 256
 HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 XGO_VERSION := go-1.26.x
-GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
+GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
 
 LINUX_ARCHS ?= linux/amd64,linux/arm64
 DARWIN_ARCHS ?= darwin-12/amd64,darwin-12/arm64
 WINDOWS_ARCHS ?= windows/amd64
+GO_FMT_FILES := $(shell find . -type f -name "*.go" ! -name "generated.*")
 GOFILES := $(shell find . -type f -name "*.go" -o -name "go.mod" ! -name "generated.*")
 
-DOCKER_IMAGE ?= gitea/runner
+DOCKER_IMAGE ?= gitea/act_runner
 DOCKER_TAG ?= nightly
 DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)
 DOCKER_ROOTLESS_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)-dind-rootless
 
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.11.4
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.10.1
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1
 
-STATIC ?=
-EXTLDFLAGS ?=
-ifneq ($(STATIC),)
-	EXTLDFLAGS = -extldflags "-static"
+ifneq ($(shell uname), Darwin)
+	EXTLDFLAGS = -extldflags "-static" $(null)
+else
+	EXTLDFLAGS =
 endif
 
 ifeq ($(HAS_GO), GO)
@@ -66,19 +68,19 @@ else
 	endif
 endif
 
-TAGS ?=
-LDFLAGS ?= -X "gitea.com/gitea/runner/internal/pkg/ver.version=v$(RELASE_VERSION)"
+GO_PACKAGES_TO_VET ?= $(filter-out gitea.com/gitea/act_runner/internal/pkg/client/mocks,$(shell $(GO) list ./...))
+
+
+TAGS ?=
+LDFLAGS ?= -X "gitea.com/gitea/act_runner/internal/pkg/ver.version=v$(RELASE_VERSION)"
 
-.PHONY: all
 all: build
 
-.PHONY: help
-help: Makefile ## print Makefile help information.
-	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m[TARGETS] default target: build\033[0m\n\n\033[35mTargets:\033[0m\n"} /^[0-9A-Za-z._-]+:.*?##/ { printf "  \033[36m%-45s\033[0m %s\n", $$1, $$2 }' Makefile
-
-.PHONY: fmt
-fmt: ## format the Go code
-	$(GO) run $(GOLANGCI_LINT_PACKAGE) fmt
+fmt:
+	@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) install mvdan.cc/gofumpt@latest; \
+	fi
+	$(GOFMT) -w $(GO_FMT_FILES)
 
 .PHONY: go-check
 go-check:
@@ -86,29 +88,28 @@ go-check:
 	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
 	$(eval GO_VERSION := $(shell printf "%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9]+' | tr '.' ' ');))
 	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
-		echo "Gitea Runner requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
+		echo "Act Runner requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
 		exit 1; \
 	fi
 
 .PHONY: fmt-check
-fmt-check: fmt
-	@diff=$$(git diff --color=always); \
+fmt-check:
+	@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) install mvdan.cc/gofumpt@latest; \
+	fi
+	@diff=$$($(GOFMT) -d $(GO_FMT_FILES)); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make fmt' and commit the result:"; \
-		printf "%s" "$${diff}"; \
+		echo "$${diff}"; \
 		exit 1; \
-	fi
+	fi;
 
 .PHONY: deps-tools
 deps-tools: ## install tool dependencies
-	$(GO) install $(GOLANGCI_LINT_PACKAGE) & \
-	$(GO) install $(GXZ_PACKAGE) & \
-	$(GO) install $(XGO_PACKAGE) & \
-	$(GO) install $(GOVULNCHECK_PACKAGE) & \
-	wait
+	$(GO) install $(GOVULNCHECK_PACKAGE)
 
 .PHONY: lint
-lint: lint-go ## lint everything
+lint: lint-go vet
 
 .PHONY: lint-go
 lint-go: ## lint go files
@@ -123,59 +124,64 @@ security-check: deps-tools
 	GOEXPERIMENT= $(GO) run $(GOVULNCHECK_PACKAGE) -show color ./... || true
 
 .PHONY: tidy
-tidy: ## run go mod tidy
+tidy:
 	$(GO) mod tidy
 
 .PHONY: tidy-check
 tidy-check: tidy
-	@diff=$$(git diff --color=always -- go.mod go.sum); \
+	@diff=$$(git diff -- go.mod go.sum); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make tidy' and commit the result:"; \
-		printf "%s" "$${diff}"; \
+		echo "$${diff}"; \
 		exit 1; \
 	fi
 
-.PHONY: test
-test: fmt-check security-check ## test everything
-	@$(GO) test -race -short -v -cover -coverprofile coverage.txt ./... && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+test: fmt-check security-check
+	@$(GO) test -race -v -cover -coverprofile coverage.txt ./... && echo "\n==>\033[32m Ok\033[m\n" || exit 1
 
-.PHONY: install
-install: $(GOFILES) ## install the runner binary via `go install`
-	$(GO) install -v -tags '$(TAGS)' -ldflags '-s -w $(EXTLDFLAGS) $(LDFLAGS)'
+.PHONY: vet
+vet:
+	@echo "Running go vet..."
+	@$(GO) build code.gitea.io/gitea-vet
+	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES_TO_VET)
 
-.PHONY: build
-build: go-check $(EXECUTABLE) ## build the runner binary
+install: $(GOFILES)
+	$(GO) install -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)'
+
+build: go-check $(EXECUTABLE)
 
 $(EXECUTABLE): $(GOFILES)
-	$(GO) build -v -tags '$(TAGS)' -ldflags '-s -w $(EXTLDFLAGS) $(LDFLAGS)' -o $@
+	$(GO) build -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $@
 
 .PHONY: deps-backend
-deps-backend: ## install backend dependencies
+deps-backend:
 	$(GO) mod download
+	$(GO) install $(GXZ_PAGAGE)
+	$(GO) install $(XGO_PACKAGE)
 
 .PHONY: release
-release: release-windows release-linux release-darwin release-copy release-compress release-check ## build release artifacts
+release: release-windows release-linux release-darwin release-copy release-compress release-check
 
 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)
 
 .PHONY: release-windows
 release-windows: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-s -w -linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(WINDOWS_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(WINDOWS_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
 ifeq ($(CI),true)
 	cp -r /build/* $(DIST)/binaries/
 endif
 
 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-s -w -linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
 ifeq ($(CI),true)
 	cp -r /build/* $(DIST)/binaries/
 endif
 
 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-s -w $(LDFLAGS)' -targets '$(DARWIN_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets '$(DARWIN_ARCHS)' -out $(EXECUTABLE)-$(VERSION) .
 ifeq ($(CI),true)
 	cp -r /build/* $(DIST)/binaries/
 endif
@@ -190,20 +196,18 @@ release-check: | $(DIST_DIRS)
 
 .PHONY: release-compress
 release-compress: | $(DIST_DIRS)
-	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PACKAGE) -k -9 $${file}; done;
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PAGAGE) -k -9 $${file}; done;
 
 .PHONY: docker
-docker: ## build the docker image
+docker:
 	if ! docker buildx version >/dev/null 2>&1; then \
 		ARG_DISABLE_CONTENT_TRUST=--disable-content-trust=false; \
 	fi; \
 	docker build $${ARG_DISABLE_CONTENT_TRUST} -t $(DOCKER_REF) .
 
-.PHONY: clean
-clean: ## delete binary and coverage files
+clean:
 	$(GO) clean -x -i ./...
 	rm -rf coverage.txt $(EXECUTABLE) $(DIST)
 
-.PHONY: version
-version: ## print the version
+version:
 	@echo $(VERSION)

README.md

@@ -1,4 +1,6 @@
-# Gitea Runner
+# act runner
+
+Act runner is a runner for Gitea based on [Gitea fork](https://gitea.com/gitea/act) of [act](https://github.com/nektos/act).
 
 ## Installation
 
@@ -8,7 +10,7 @@ Docker Engine Community version is required for docker mode. To install Docker C
 
 ### Download pre-built binary
 
-Visit [here](https://dl.gitea.com/gitea-runner/) and download the right version for your platform.
+Visit [here](https://dl.gitea.com/act_runner/) and download the right version for your platform.
 
 ### Build from source
 
@@ -24,8 +26,8 @@ make docker
 
 ## Quickstart
 
-Actions are disabled by default, so you need to add the following to the configuration file of your Gitea instance to enable it:
-
+Actions are disabled by default, so you need to add the following to the configuration file of your Gitea instance to enable it: 
+  
 ```ini
 [actions]
 ENABLED=true
@@ -34,7 +36,7 @@ ENABLED=true
 ### Register
 
 ```bash
-./gitea-runner register
+./act_runner register
 ```
 
 And you will be asked to input:
@@ -66,7 +68,7 @@ INFO Runner registered successfully.
 You can also register with command line arguments.
 
 ```bash
-./gitea-runner register --instance http://192.168.8.8:3000 --token <my_runner_token> --no-interactive
+./act_runner register --instance http://192.168.8.8:3000 --token <my_runner_token> --no-interactive
 ```
 
 If the registry succeed, it will run immediately. Next time, you could run the runner directly.
@@ -74,69 +76,32 @@ If the registry succeed, it will run immediately. Next time, you could run the r
 ### Run
 
 ```bash
-./gitea-runner daemon
+./act_runner daemon
 ```
 
 ### Run with docker
 
 ```bash
-docker run -e GITEA_INSTANCE_URL=https://your_gitea.com -e GITEA_RUNNER_REGISTRATION_TOKEN=<your_token> -v /var/run/docker.sock:/var/run/docker.sock --name my_runner gitea/runner:nightly
+docker run -e GITEA_INSTANCE_URL=https://your_gitea.com -e GITEA_RUNNER_REGISTRATION_TOKEN=<your_token> -v /var/run/docker.sock:/var/run/docker.sock --name my_runner gitea/act_runner:nightly
 ```
 
-Mount a volume on `/data` if you want the registration file and optional config to survive container recreation (see [scripts/run.sh](scripts/run.sh)).
-
 ### Configuration
 
-The runner is configured with a YAML file. Generate a starting point (this matches what ships in the tree):
+You can also configure the runner with a configuration file.
+The configuration file is a YAML file, you can generate a sample configuration file with `./act_runner generate-config`.
 
 ```bash
-./gitea-runner generate-config > config.yaml
+./act_runner generate-config > config.yaml
 ```
 
-Pass it with `-c` / `--config` on any command that loads configuration (`register`, `daemon`, `cache-server`):
+You can specify the configuration file path with `-c`/`--config` argument.
 
 ```bash
-./gitea-runner -c config.yaml register
-./gitea-runner -c config.yaml daemon
-./gitea-runner -c config.yaml cache-server
+./act_runner -c config.yaml register # register with config file
+./act_runner -c config.yaml daemon # run with config file
 ```
 
-Every option is described in [config.example.yaml](internal/pkg/config/config.example.yaml) (the same content `generate-config` prints).
-
-#### Without a config file
-
-If you omit `-c`, built-in defaults apply (same as an empty YAML document). A small set of **deprecated** environment variables can still override parts of that default config, but **only when no `-c` path was given**; they are ignored if you use a config file:
-
-| Variable | Effect |
-| --- | --- |
-| `GITEA_DEBUG` | If true, sets log level to `debug` |
-| `GITEA_TRACE` | If true, sets log level to `trace` |
-| `GITEA_RUNNER_CAPACITY` | Concurrent jobs (integer) |
-| `GITEA_RUNNER_FILE` | Registration state file path (default `.runner`) |
-| `GITEA_RUNNER_ENVIRON` | Extra job env vars as comma-separated `KEY:VALUE` pairs |
-| `GITEA_RUNNER_ENV_FILE` | Path to an env file merged into job env (same idea as `runner.env_file` in YAML) |
-
-Prefer a YAML file for all settings.
-
-#### Registration vs config labels
-
-If `runner.labels` is set in the YAML file, those labels are used during `register` and the `--labels` CLI flag is ignored.
-
-#### External cache (`actions/cache`)
-
-If `cache.external_server` is set, you must set `cache.external_secret` to the same value on this runner and on the standalone cache server. Run the server with `gitea-runner cache-server` using a config that defines `cache.external_secret` (and matching `cache.dir` / host / port as needed). Flags `--dir`, `--host`, and `--port` on `cache-server` override the file.
-
-#### Official Docker image
-
-Besides `GITEA_INSTANCE_URL` and `GITEA_RUNNER_REGISTRATION_TOKEN`, the image entrypoint supports optional variables such as `CONFIG_FILE` (passed through as `-c`), `GITEA_RUNNER_LABELS`, `GITEA_RUNNER_EPHEMERAL`, `GITEA_RUNNER_ONCE`, `GITEA_RUNNER_NAME`, `GITEA_MAX_REG_ATTEMPTS`, `RUNNER_STATE_FILE`, and `GITEA_RUNNER_REGISTRATION_TOKEN_FILE`. See [scripts/run.sh](scripts/run.sh) for exact behavior.
-
-For a fuller container-oriented walkthrough, see [examples/docker](examples/docker/README.md).
-
-When `container.bind_workdir` is enabled, stale task workspace directories can be cleaned while the runner is idle:
-- directories older than `runner.workdir_cleanup_age` are removed (default: `24h`; set `0` to disable)
-- cleanup runs every `runner.idle_cleanup_interval` (default: `10m`; set `0` to disable)
-- only purely numeric subdirectories under `container.workdir_parent` are treated as task workspaces and may be removed
-- cleanup assumes `container.workdir_parent` is not shared across multiple runners
+You can read the latest version of the configuration file online at [config.example.yaml](internal/pkg/config/config.example.yaml).
 
 ### Example Deployments
 

VERIFICATION

@@ -0,0 +1,5 @@
+VERIFICATION
+Verification is intended to assist the Chocolatey moderators and community
+in verifying that this package's contents are trustworthy.
+
+Checksums: https://github.com/nektos/act/releases, in the checksums.txt file

VERSION

@@ -0,0 +1 @@
+0.4.0

act-cli.nuspec

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Do not remove this test for UTF-8: if “Ω” doesn’t appear as greek uppercase omega letter enclosed in quotation marks, you should use an editor that supports UTF-8, not this one. -->
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>act-cli</id>
+    <version>0.0.0</version>
+    <packageSourceUrl>https://github.com/nektos/act</packageSourceUrl>
+    <owners>nektos</owners>
+    <title>act (GitHub Actions CLI)</title>
+    <authors>nektos</authors>
+    <projectUrl>https://github.com/nektos/act</projectUrl>
+    <iconUrl>https://raw.githubusercontent.com/wiki/nektos/act/img/logo-150.png</iconUrl>
+    <copyright>Nektos</copyright>
+    <licenseUrl>https://raw.githubusercontent.com/nektos/act/master/LICENSE</licenseUrl>
+    <requireLicenseAcceptance>true</requireLicenseAcceptance>
+    <projectSourceUrl>https://github.com/nektos/act</projectSourceUrl>
+    <docsUrl>https://raw.githubusercontent.com/nektos/act/master/README.md</docsUrl>
+    <bugTrackerUrl>https://github.com/nektos/act/issues</bugTrackerUrl>
+    <tags>act github-actions actions golang ci devops</tags>
+    <summary>Run your GitHub Actions locally 🚀</summary>
+    <description>Run your GitHub Actions locally 🚀</description>
+  </metadata>
+  <files>
+    <file src="tools/**" target="tools" />
+  </files>
+</package>

act/LICENSE

@@ -1,22 +0,0 @@
-MIT License
-
-Copyright (c) 2022 The Gitea Authors
-Copyright (c) 2019
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

act/artifactcache/handler.go

@@ -1,884 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// Copyright 2023 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package artifactcache
-
-import (
-	"context"
-	"crypto/hmac"
-	"crypto/rand"
-	"crypto/sha256"
-	"encoding/hex"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"regexp"
-	"strconv"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	"gitea.com/gitea/runner/act/common"
-
-	"github.com/julienschmidt/httprouter"
-	"github.com/sirupsen/logrus"
-	"github.com/timshannon/bolthold"
-	"go.etcd.io/bbolt"
-)
-
-const (
-	apiPath      = "/_apis/artifactcache"
-	internalPath = "/_internal"
-
-	// artifactURLTTL bounds how long a signed artifactLocation URL stays valid.
-	// Short enough that a leaked URL is near-worthless; long enough to let the
-	// @actions/cache client download a big blob that was returned from /cache.
-	artifactURLTTL = 10 * time.Minute
-)
-
-type credKey struct{}
-
-// JobCredential ties a per-job bearer token (ACTIONS_RUNTIME_TOKEN) to the
-// repository that owns it. Every cache entry is stamped with Repo on
-// reserve/commit and checked on read/write so one repo can never observe or
-// poison another repo's cache, even from inside a container that reaches the
-// cache server over the docker bridge network.
-type JobCredential struct {
-	Repo string
-}
-
-// credEntry holds a registered job's credential along with an active
-// registration count. RegisterJob is reference-counted so that if two tasks
-// briefly share an ACTIONS_RUNTIME_TOKEN — e.g. a runner that retries a task
-// after a crash before the old registration is revoked — the first task's
-// revoker does not cut the second task's auth out from under it.
-type credEntry struct {
-	cred JobCredential
-	refs int
-}
-
-type Handler struct {
-	dir      string
-	storage  *Storage
-	router   *httprouter.Router
-	listener net.Listener
-	server   *http.Server
-	logger   logrus.FieldLogger
-
-	gcing atomic.Bool
-	gcAt  time.Time
-
-	outboundIP string
-
-	// internalSecret guards /_internal/{register,revoke}. When set, a remote
-	// runner can use these endpoints to pre-register per-job
-	// ACTIONS_RUNTIME_TOKENs against this server, enabling the same
-	// per-job auth and repo scoping as the embedded handler over the
-	// network. Empty disables the control-plane entirely.
-	internalSecret string
-
-	// secret signs short-lived artifact download URLs. The @actions/cache
-	// toolkit does not send Authorization on the download request, so blob
-	// GETs authenticate via a per-URL HMAC signature with expiry rather than
-	// via the bearer token used for management endpoints.
-	secret []byte
-
-	credMu sync.RWMutex
-	creds  map[string]*credEntry
-}
-
-// StartHandler opens the on-disk cache store and starts the HTTP server.
-//
-// internalSecret, when non-empty, enables a control-plane API at
-// /_internal/{register,revoke} that lets a remote runner pre-register the
-// per-job ACTIONS_RUNTIME_TOKENs it expects this server to honor. The
-// embedded in-process handler leaves it empty and registers tokens via the
-// in-process RegisterJob method directly.
-func StartHandler(dir, outboundIP string, port uint16, internalSecret string, logger logrus.FieldLogger) (*Handler, error) {
-	h := &Handler{
-		creds:          make(map[string]*credEntry),
-		internalSecret: internalSecret,
-	}
-
-	if logger == nil {
-		discard := logrus.New()
-		discard.Out = io.Discard
-		logger = discard
-	}
-	logger = logger.WithField("module", "artifactcache")
-	h.logger = logger
-
-	if dir == "" {
-		home, err := os.UserHomeDir()
-		if err != nil {
-			return nil, err
-		}
-		dir = filepath.Join(home, ".cache", "actcache")
-	}
-	if err := os.MkdirAll(dir, 0o755); err != nil {
-		return nil, err
-	}
-
-	h.dir = dir
-
-	storage, err := NewStorage(filepath.Join(dir, "cache"))
-	if err != nil {
-		return nil, err
-	}
-	h.storage = storage
-
-	if outboundIP != "" {
-		h.outboundIP = outboundIP
-	} else if ip := common.GetOutboundIP(); ip == nil {
-		return nil, errors.New("unable to determine outbound IP address")
-	} else {
-		h.outboundIP = ip.String()
-	}
-
-	secret, err := loadOrCreateSecret(dir)
-	if err != nil {
-		return nil, err
-	}
-	h.secret = secret
-
-	router := httprouter.New()
-	router.GET(apiPath+"/cache", h.bearerAuth(h.find))
-	router.POST(apiPath+"/caches", h.bearerAuth(h.reserve))
-	router.PATCH(apiPath+"/caches/:id", h.bearerAuth(h.upload))
-	router.POST(apiPath+"/caches/:id", h.bearerAuth(h.commit))
-	router.POST(apiPath+"/clean", h.bearerAuth(h.clean))
-	// Artifact GET is signed via query-string HMAC because @actions/cache
-	// does not attach Authorization when downloading archiveLocation.
-	router.GET(apiPath+"/artifacts/:id", h.signedURLAuth(h.get))
-	// Control-plane: a remote runner registers/revokes per-job tokens so the
-	// cache API can authenticate them. Always wired so the routes exist; the
-	// handlers themselves 401 when internalSecret is unset.
-	router.POST(internalPath+"/register", h.internalAuth(h.internalRegister))
-	router.POST(internalPath+"/revoke", h.internalAuth(h.internalRevoke))
-
-	h.router = router
-
-	h.gcCache()
-
-	// Listen on all interfaces. Binding to outboundIP only would give no real
-	// security benefit (it is the LAN/internet-facing address either way) and
-	// can break Docker Desktop variants where the host's outbound IP is not
-	// routable from inside the container network. Authentication is enforced
-	// by the bearer middleware and per-repo scoping, not by reachability.
-	listener, err := net.Listen("tcp", fmt.Sprintf(":%d", port))
-	if err != nil {
-		return nil, err
-	}
-	server := &http.Server{
-		ReadHeaderTimeout: 2 * time.Second,
-		Handler:           router,
-	}
-	go func() {
-		if err := server.Serve(listener); err != nil && errors.Is(err, net.ErrClosed) {
-			logger.Errorf("http serve: %v", err)
-		}
-	}()
-	h.listener = listener
-	h.server = server
-
-	return h, nil
-}
-
-func (h *Handler) ExternalURL() string {
-	// TODO: make the external url configurable if necessary
-	return fmt.Sprintf("http://%s:%d",
-		h.outboundIP,
-		h.listener.Addr().(*net.TCPAddr).Port)
-}
-
-// RegisterJob makes token a valid bearer credential for cache requests from
-// the given repository and returns a function that removes it. The runner
-// calls this at job start and defers the returned func so that the credential
-// is only accepted while the job is running.
-//
-// Registrations are reference-counted: if a token is already registered, the
-// existing repo is kept and the refcount is incremented. The entry is
-// removed only when every revoker returned by RegisterJob has been called.
-// This keeps a stray re-registration from silently revoking a live job.
-func (h *Handler) RegisterJob(token, repo string) func() {
-	if h == nil || token == "" {
-		return func() {}
-	}
-	h.credMu.Lock()
-	if existing, ok := h.creds[token]; ok {
-		existing.refs++
-	} else {
-		h.creds[token] = &credEntry{
-			cred: JobCredential{Repo: repo},
-			refs: 1,
-		}
-	}
-	h.credMu.Unlock()
-	return func() {
-		h.credMu.Lock()
-		if entry, ok := h.creds[token]; ok {
-			entry.refs--
-			if entry.refs <= 0 {
-				delete(h.creds, token)
-			}
-		}
-		h.credMu.Unlock()
-	}
-}
-
-// RevokeJob explicitly revokes one registration of token, mirroring one call
-// of the closure returned by RegisterJob. Used by the control-plane endpoint
-// so a remote runner can revoke without holding the closure.
-func (h *Handler) RevokeJob(token string) {
-	if h == nil || token == "" {
-		return
-	}
-	h.credMu.Lock()
-	if entry, ok := h.creds[token]; ok {
-		entry.refs--
-		if entry.refs <= 0 {
-			delete(h.creds, token)
-		}
-	}
-	h.credMu.Unlock()
-}
-
-func (h *Handler) lookupCredential(token string) (JobCredential, bool) {
-	h.credMu.RLock()
-	entry, ok := h.creds[token]
-	h.credMu.RUnlock()
-	if !ok {
-		return JobCredential{}, false
-	}
-	return entry.cred, true
-}
-
-// loadOrCreateSecret returns the 32-byte HMAC signing key for artifact URLs,
-// persisted in dir/.secret so signed URLs handed out before a restart stay
-// valid across the restart and so the standalone cache-server can be pointed
-// at by config.Cache.ExternalServer without the URL rotating.
-func loadOrCreateSecret(dir string) ([]byte, error) {
-	path := filepath.Join(dir, ".secret")
-	if data, err := os.ReadFile(path); err == nil {
-		if secret, err := hex.DecodeString(strings.TrimSpace(string(data))); err == nil && len(secret) >= 32 {
-			return secret, nil
-		}
-	} else if !os.IsNotExist(err) {
-		return nil, fmt.Errorf("read cache secret: %w", err)
-	}
-	secret := make([]byte, 32)
-	if _, err := rand.Read(secret); err != nil {
-		return nil, fmt.Errorf("generate cache secret: %w", err)
-	}
-	if err := os.WriteFile(path, []byte(hex.EncodeToString(secret)), 0o600); err != nil {
-		return nil, fmt.Errorf("write cache secret: %w", err)
-	}
-	return secret, nil
-}
-
-func (h *Handler) Close() error {
-	if h == nil {
-		return nil
-	}
-	var retErr error
-	if h.server != nil {
-		err := h.server.Close()
-		if err != nil {
-			retErr = err
-		}
-		h.server = nil
-	}
-	if h.listener != nil {
-		err := h.listener.Close()
-		if errors.Is(err, net.ErrClosed) {
-			err = nil
-		}
-		if err != nil {
-			retErr = err
-		}
-		h.listener = nil
-	}
-	return retErr
-}
-
-func (h *Handler) openDB() (*bolthold.Store, error) {
-	return bolthold.Open(filepath.Join(h.dir, "bolt.db"), 0o644, &bolthold.Options{
-		Encoder: json.Marshal,
-		Decoder: json.Unmarshal,
-		Options: &bbolt.Options{
-			Timeout:      5 * time.Second,
-			NoGrowSync:   bbolt.DefaultOptions.NoGrowSync,
-			FreelistType: bbolt.DefaultOptions.FreelistType,
-		},
-	})
-}
-
-// GET /_apis/artifactcache/cache
-func (h *Handler) find(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	cred := credFromContext(r.Context())
-	keys := strings.Split(r.URL.Query().Get("keys"), ",")
-	// cache keys are case insensitive
-	for i, key := range keys {
-		keys[i] = strings.ToLower(key)
-	}
-	version := r.URL.Query().Get("version")
-
-	db, err := h.openDB()
-	if err != nil {
-		h.responseJSON(w, r, 500, err)
-		return
-	}
-	defer db.Close()
-
-	cache, err := findCache(db, cred.Repo, keys, version)
-	if err != nil {
-		h.responseJSON(w, r, 500, err)
-		return
-	}
-	if cache == nil {
-		h.responseJSON(w, r, 204)
-		return
-	}
-
-	if ok, err := h.storage.Exist(cache.ID); err != nil {
-		h.responseJSON(w, r, 500, err)
-		return
-	} else if !ok {
-		_ = db.Delete(cache.ID, cache)
-		h.responseJSON(w, r, 204)
-		return
-	}
-	h.responseJSON(w, r, 200, map[string]any{
-		"result":          "hit",
-		"archiveLocation": h.signedArtifactURL(cache.ID, time.Now().Add(artifactURLTTL)),
-		"cacheKey":        cache.Key,
-	})
-}
-
-// POST /_apis/artifactcache/caches
-func (h *Handler) reserve(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	cred := credFromContext(r.Context())
-	api := &Request{}
-	if err := json.NewDecoder(r.Body).Decode(api); err != nil {
-		h.responseJSON(w, r, 400, err)
-		return
-	}
-	// cache keys are case insensitive
-	api.Key = strings.ToLower(api.Key)
-
-	cache := api.ToCache()
-	cache.Repo = cred.Repo
-	db, err := h.openDB()
-	if err != nil {
-		h.responseJSON(w, r, 500, err)
-		return
-	}
-	defer db.Close()
-
-	now := time.Now().Unix()
-	cache.CreatedAt = now
-	cache.UsedAt = now
-	if err := insertCache(db, cache); err != nil {
-		h.responseJSON(w, r, 500, err)
-		return
-	}
-	h.responseJSON(w, r, 200, map[string]any{
-		"cacheId": cache.ID,
-	})
-}
-
-// PATCH /_apis/artifactcache/caches/:id
-func (h *Handler) upload(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
-	cred := credFromContext(r.Context())
-	id, err := strconv.ParseInt(params.ByName("id"), 10, 64)
-	if err != nil {
-		h.responseJSON(w, r, 400, err)
-		return
-	}
-
-	cache := &Cache{}
-	db, err := h.openDB()
-	if err != nil {
-		h.responseJSON(w, r, 500, err)
-		return
-	}
-	defer db.Close()
-	if err := db.Get(id, cache); err != nil {
-		if errors.Is(err, bolthold.ErrNotFound) {
-			h.responseJSON(w, r, 400, fmt.Errorf("cache %d: not reserved", id))
-			return
-		}
-		h.responseJSON(w, r, 500, err)
-		return
-	}
-
-	if cache.Repo != cred.Repo {
-		h.responseJSON(w, r, 403, fmt.Errorf("cache %d: forbidden", id))
-		return
-	}
-
-	if cache.Complete {
-		h.responseJSON(w, r, 400, fmt.Errorf("cache %v %q: already complete", cache.ID, cache.Key))
-		return
-	}
-	db.Close()
-	start, _, err := parseContentRange(r.Header.Get("Content-Range"))
-	if err != nil {
-		h.responseJSON(w, r, 400, err)
-		return
-	}
-	if err := h.storage.Write(cache.ID, start, r.Body); err != nil {
-		h.responseJSON(w, r, 500, err)
-	}
-	h.useCache(id)
-	h.responseJSON(w, r, 200)
-}
-
-// POST /_apis/artifactcache/caches/:id
-func (h *Handler) commit(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
-	cred := credFromContext(r.Context())
-	id, err := strconv.ParseInt(params.ByName("id"), 10, 64)
-	if err != nil {
-		h.responseJSON(w, r, 400, err)
-		return
-	}
-
-	cache := &Cache{}
-	db, err := h.openDB()
-	if err != nil {
-		h.responseJSON(w, r, 500, err)
-		return
-	}
-	defer db.Close()
-	if err := db.Get(id, cache); err != nil {
-		if errors.Is(err, bolthold.ErrNotFound) {
-			h.responseJSON(w, r, 400, fmt.Errorf("cache %d: not reserved", id))
-			return
-		}
-		h.responseJSON(w, r, 500, err)
-		return
-	}
-
-	if cache.Repo != cred.Repo {
-		h.responseJSON(w, r, 403, fmt.Errorf("cache %d: forbidden", id))
-		return
-	}
-
-	if cache.Complete {
-		h.responseJSON(w, r, 400, fmt.Errorf("cache %v %q: already complete", cache.ID, cache.Key))
-		return
-	}
-
-	db.Close()
-
-	size, err := h.storage.Commit(cache.ID, cache.Size)
-	if err != nil {
-		h.responseJSON(w, r, 500, err)
-		return
-	}
-	// write real size back to cache, it may be different from the current value when the request doesn't specify it.
-	cache.Size = size
-
-	db, err = h.openDB()
-	if err != nil {
-		h.responseJSON(w, r, 500, err)
-		return
-	}
-	defer db.Close()
-
-	cache.Complete = true
-	if err := db.Update(cache.ID, cache); err != nil {
-		h.responseJSON(w, r, 500, err)
-		return
-	}
-
-	h.responseJSON(w, r, 200)
-}
-
-// GET /_apis/artifactcache/artifacts/:id
-// Authenticated via signed URL (see signedURLAuth), not bearer, because the
-// @actions/cache toolkit downloads archiveLocation without Authorization.
-// Repository scoping is already enforced at find() time; the signature binds
-// the URL to the specific cache ID and an expiry.
-func (h *Handler) get(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
-	id, err := strconv.ParseInt(params.ByName("id"), 10, 64)
-	if err != nil {
-		h.responseJSON(w, r, 400, err)
-		return
-	}
-	h.useCache(id)
-	h.storage.Serve(w, r, uint64(id))
-}
-
-// POST /_apis/artifactcache/clean
-func (h *Handler) clean(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	// TODO: don't support force deleting cache entries
-	// see: https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#force-deleting-cache-entries
-
-	h.responseJSON(w, r, 200)
-}
-
-// bearerAuth resolves ACTIONS_RUNTIME_TOKEN against the set of currently
-// registered jobs. A match attaches the job's JobCredential to the request
-// context; a miss returns 401 before the handler body runs.
-func (h *Handler) bearerAuth(handler httprouter.Handle) httprouter.Handle {
-	return func(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
-		h.logger.Debugf("%s %s", r.Method, r.URL.Path)
-		token := bearerToken(r)
-		if token == "" {
-			h.responseJSON(w, r, http.StatusUnauthorized, errors.New("missing bearer token"))
-			return
-		}
-		cred, ok := h.lookupCredential(token)
-		if !ok {
-			h.responseJSON(w, r, http.StatusUnauthorized, errors.New("unknown bearer token"))
-			return
-		}
-		ctx := context.WithValue(r.Context(), credKey{}, cred)
-		handler(w, r.WithContext(ctx), params)
-		go h.gcCache()
-	}
-}
-
-func (h *Handler) signedURLAuth(handler httprouter.Handle) httprouter.Handle {
-	return func(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
-		h.logger.Debugf("%s %s", r.Method, r.URL.Path)
-		id, err := strconv.ParseInt(params.ByName("id"), 10, 64)
-		if err != nil {
-			h.responseJSON(w, r, 400, err)
-			return
-		}
-		expStr := r.URL.Query().Get("exp")
-		sig := r.URL.Query().Get("sig")
-		if expStr == "" || sig == "" {
-			h.responseJSON(w, r, http.StatusUnauthorized, errors.New("missing signature"))
-			return
-		}
-		exp, err := strconv.ParseInt(expStr, 10, 64)
-		if err != nil {
-			h.responseJSON(w, r, http.StatusUnauthorized, errors.New("invalid expiry"))
-			return
-		}
-		if time.Now().Unix() > exp {
-			h.responseJSON(w, r, http.StatusUnauthorized, errors.New("signature expired"))
-			return
-		}
-		expected := h.computeSignature(id, exp)
-		if !hmac.Equal([]byte(sig), []byte(expected)) {
-			h.responseJSON(w, r, http.StatusUnauthorized, errors.New("bad signature"))
-			return
-		}
-		handler(w, r, params)
-		go h.gcCache()
-	}
-}
-
-// internalAuth gates the control-plane endpoints. The bearer must
-// constant-time-equal the configured internalSecret. If the secret is empty,
-// the control-plane is disabled and every request gets 404 — which matches
-// the upstream nektos/act behavior of "the route does not exist".
-func (h *Handler) internalAuth(handler httprouter.Handle) httprouter.Handle {
-	return func(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
-		if h.internalSecret == "" {
-			http.NotFound(w, r)
-			return
-		}
-		token := bearerToken(r)
-		if token == "" || !hmac.Equal([]byte(token), []byte(h.internalSecret)) {
-			h.responseJSON(w, r, http.StatusUnauthorized, errors.New("internal: bad secret"))
-			return
-		}
-		handler(w, r, params)
-	}
-}
-
-type internalRegisterBody struct {
-	Token string `json:"token"`
-	Repo  string `json:"repo"`
-}
-
-type internalRevokeBody struct {
-	Token string `json:"token"`
-}
-
-// POST /_internal/register
-func (h *Handler) internalRegister(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	var body internalRegisterBody
-	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
-		h.responseJSON(w, r, http.StatusBadRequest, err)
-		return
-	}
-	if body.Token == "" {
-		h.responseJSON(w, r, http.StatusBadRequest, errors.New("token is required"))
-		return
-	}
-	h.RegisterJob(body.Token, body.Repo)
-	h.responseJSON(w, r, http.StatusOK)
-}
-
-// POST /_internal/revoke
-func (h *Handler) internalRevoke(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	var body internalRevokeBody
-	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
-		h.responseJSON(w, r, http.StatusBadRequest, err)
-		return
-	}
-	if body.Token == "" {
-		h.responseJSON(w, r, http.StatusBadRequest, errors.New("token is required"))
-		return
-	}
-	h.RevokeJob(body.Token)
-	h.responseJSON(w, r, http.StatusOK)
-}
-
-func bearerToken(r *http.Request) string {
-	auth := r.Header.Get("Authorization")
-	const prefix = "Bearer "
-	if len(auth) > len(prefix) && strings.EqualFold(auth[:len(prefix)], prefix) {
-		return auth[len(prefix):]
-	}
-	return ""
-}
-
-func credFromContext(ctx context.Context) JobCredential {
-	if cred, ok := ctx.Value(credKey{}).(JobCredential); ok {
-		return cred
-	}
-	return JobCredential{}
-}
-
-func (h *Handler) computeSignature(cacheID, exp int64) string {
-	mac := hmac.New(sha256.New, h.secret)
-	fmt.Fprintf(mac, "%d:%d", cacheID, exp)
-	return hex.EncodeToString(mac.Sum(nil))
-}
-
-func (h *Handler) signedArtifactURL(cacheID uint64, exp time.Time) string {
-	expUnix := exp.Unix()
-	sig := h.computeSignature(int64(cacheID), expUnix)
-	q := url.Values{}
-	q.Set("exp", strconv.FormatInt(expUnix, 10))
-	q.Set("sig", sig)
-	return fmt.Sprintf("%s%s/artifacts/%d?%s", h.ExternalURL(), apiPath, cacheID, q.Encode())
-}
-
-// if not found, return (nil, nil) instead of an error.
-func findCache(db *bolthold.Store, repo string, keys []string, version string) (*Cache, error) {
-	cache := &Cache{}
-	for _, prefix := range keys {
-		// if a key in the list matches exactly, don't return partial matches
-		if err := db.FindOne(cache,
-			bolthold.Where("Repo").Eq(repo).
-				And("Key").Eq(prefix).
-				And("Version").Eq(version).
-				And("Complete").Eq(true).
-				SortBy("CreatedAt").Reverse()); err == nil || !errors.Is(err, bolthold.ErrNotFound) {
-			if err != nil {
-				return nil, fmt.Errorf("find cache: %w", err)
-			}
-			return cache, nil
-		}
-		prefixPattern := "^" + regexp.QuoteMeta(prefix)
-		re, err := regexp.Compile(prefixPattern)
-		if err != nil {
-			continue
-		}
-		if err := db.FindOne(cache,
-			bolthold.Where("Repo").Eq(repo).
-				And("Key").RegExp(re).
-				And("Version").Eq(version).
-				And("Complete").Eq(true).
-				SortBy("CreatedAt").Reverse()); err != nil {
-			if errors.Is(err, bolthold.ErrNotFound) {
-				continue
-			}
-			return nil, fmt.Errorf("find cache: %w", err)
-		}
-		return cache, nil
-	}
-	return nil, nil //nolint:nilnil // pre-existing issue from nektos/act
-}
-
-func insertCache(db *bolthold.Store, cache *Cache) error {
-	if err := db.Insert(bolthold.NextSequence(), cache); err != nil {
-		return fmt.Errorf("insert cache: %w", err)
-	}
-	// write back id to db
-	if err := db.Update(cache.ID, cache); err != nil {
-		return fmt.Errorf("write back id to db: %w", err)
-	}
-	return nil
-}
-
-func (h *Handler) useCache(id int64) {
-	db, err := h.openDB()
-	if err != nil {
-		return
-	}
-	defer db.Close()
-	cache := &Cache{}
-	if err := db.Get(id, cache); err != nil {
-		return
-	}
-	cache.UsedAt = time.Now().Unix()
-	_ = db.Update(cache.ID, cache)
-}
-
-const (
-	keepUsed   = 30 * 24 * time.Hour
-	keepUnused = 7 * 24 * time.Hour
-	keepTemp   = 5 * time.Minute
-	keepOld    = 5 * time.Minute
-)
-
-func (h *Handler) gcCache() {
-	if h.gcing.Load() {
-		return
-	}
-	if !h.gcing.CompareAndSwap(false, true) {
-		return
-	}
-	defer h.gcing.Store(false)
-
-	if time.Since(h.gcAt) < time.Hour {
-		h.logger.Debugf("skip gc: %v", h.gcAt.String())
-		return
-	}
-	h.gcAt = time.Now()
-	h.logger.Debugf("gc: %v", h.gcAt.String())
-
-	db, err := h.openDB()
-	if err != nil {
-		return
-	}
-	defer db.Close()
-
-	// Remove the caches which are not completed for a while, they are most likely to be broken.
-	var caches []*Cache
-	if err := db.Find(&caches, bolthold.
-		Where("UsedAt").Lt(time.Now().Add(-keepTemp).Unix()).
-		And("Complete").Eq(false),
-	); err != nil {
-		h.logger.Warnf("find caches: %v", err)
-	} else {
-		for _, cache := range caches {
-			h.storage.Remove(cache.ID)
-			if err := db.Delete(cache.ID, cache); err != nil {
-				h.logger.Warnf("delete cache: %v", err)
-				continue
-			}
-			h.logger.Infof("deleted cache: %+v", cache)
-		}
-	}
-
-	// Remove the old caches which have not been used recently.
-	caches = caches[:0]
-	if err := db.Find(&caches, bolthold.
-		Where("UsedAt").Lt(time.Now().Add(-keepUnused).Unix()),
-	); err != nil {
-		h.logger.Warnf("find caches: %v", err)
-	} else {
-		for _, cache := range caches {
-			h.storage.Remove(cache.ID)
-			if err := db.Delete(cache.ID, cache); err != nil {
-				h.logger.Warnf("delete cache: %v", err)
-				continue
-			}
-			h.logger.Infof("deleted cache: %+v", cache)
-		}
-	}
-
-	// Remove the old caches which are too old.
-	caches = caches[:0]
-	if err := db.Find(&caches, bolthold.
-		Where("CreatedAt").Lt(time.Now().Add(-keepUsed).Unix()),
-	); err != nil {
-		h.logger.Warnf("find caches: %v", err)
-	} else {
-		for _, cache := range caches {
-			h.storage.Remove(cache.ID)
-			if err := db.Delete(cache.ID, cache); err != nil {
-				h.logger.Warnf("delete cache: %v", err)
-				continue
-			}
-			h.logger.Infof("deleted cache: %+v", cache)
-		}
-	}
-
-	// Remove the old caches with the same key and version within the same
-	// repository, keep the latest one. Aggregation must include Repo so two
-	// repos that happen to share a (key, version) do not evict each other —
-	// otherwise per-repo scoping holds for reads but one repo can age
-	// another out after keepOld.
-	// Also keep the olds which have been used recently for a while in case of the cache is still in use.
-	if results, err := db.FindAggregate(
-		&Cache{},
-		bolthold.Where("Complete").Eq(true),
-		"Repo", "Key", "Version",
-	); err != nil {
-		h.logger.Warnf("find aggregate caches: %v", err)
-	} else {
-		for _, result := range results {
-			if result.Count() <= 1 {
-				continue
-			}
-			result.Sort("CreatedAt")
-			caches = caches[:0]
-			result.Reduction(&caches)
-			for _, cache := range caches[:len(caches)-1] {
-				if time.Since(time.Unix(cache.UsedAt, 0)) < keepOld {
-					// Keep it since it has been used recently, even if it's old.
-					// Or it could break downloading in process.
-					continue
-				}
-				h.storage.Remove(cache.ID)
-				if err := db.Delete(cache.ID, cache); err != nil {
-					h.logger.Warnf("delete cache: %v", err)
-					continue
-				}
-				h.logger.Infof("deleted cache: %+v", cache)
-			}
-		}
-	}
-}
-
-func (h *Handler) responseJSON(w http.ResponseWriter, r *http.Request, code int, v ...any) {
-	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-	var data []byte
-	if len(v) == 0 || v[0] == nil {
-		data, _ = json.Marshal(struct{}{})
-	} else if err, ok := v[0].(error); ok {
-		h.logger.Errorf("%v %v: %v", r.Method, r.URL.Path, err)
-		data, _ = json.Marshal(map[string]any{
-			"error": err.Error(),
-		})
-	} else {
-		data, _ = json.Marshal(v[0])
-	}
-	w.WriteHeader(code)
-	_, _ = w.Write(data)
-}
-
-func parseContentRange(s string) (int64, int64, error) {
-	// support the format like "bytes 11-22/*" only
-	s, _, _ = strings.Cut(strings.TrimPrefix(s, "bytes "), "/")
-	s1, s2, _ := strings.Cut(s, "-")
-
-	start, err := strconv.ParseInt(s1, 10, 64)
-	if err != nil {
-		return 0, 0, fmt.Errorf("parse %q: %w", s, err)
-	}
-	stop, err := strconv.ParseInt(s2, 10, 64)
-	if err != nil {
-		return 0, 0, fmt.Errorf("parse %q: %w", s, err)
-	}
-	return start, stop, nil
-}

act/common/executor_max_parallel_test.go

@@ -1,89 +0,0 @@
-// Copyright 2026 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package common
-
-import (
-	"context"
-	"sync"
-	"sync/atomic"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-// Simple fast test that verifies max-parallel: 2 limits concurrency
-func TestMaxParallel2Quick(t *testing.T) {
-	ctx := context.Background()
-
-	var currentRunning atomic.Int32
-	var maxSimultaneous atomic.Int32
-
-	executors := make([]Executor, 4)
-	for i := range 4 {
-		executors[i] = func(ctx context.Context) error {
-			current := currentRunning.Add(1)
-
-			// Update max if needed
-			for {
-				maxValue := maxSimultaneous.Load()
-				if current <= maxValue || maxSimultaneous.CompareAndSwap(maxValue, current) {
-					break
-				}
-			}
-
-			time.Sleep(10 * time.Millisecond)
-			currentRunning.Add(-1)
-			return nil
-		}
-	}
-
-	err := NewParallelExecutor(2, executors...)(ctx)
-
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.LessOrEqual(t, maxSimultaneous.Load(), int32(2),
-		"Should not exceed max-parallel: 2")
-}
-
-// Test that verifies max-parallel: 1 enforces sequential execution
-func TestMaxParallel1Sequential(t *testing.T) {
-	ctx := context.Background()
-
-	var currentRunning atomic.Int32
-	var maxSimultaneous atomic.Int32
-	var executionOrder []int
-	var orderMutex sync.Mutex
-
-	executors := make([]Executor, 5)
-	for i := range 5 {
-		taskID := i
-		executors[i] = func(ctx context.Context) error {
-			current := currentRunning.Add(1)
-
-			// Track execution order
-			orderMutex.Lock()
-			executionOrder = append(executionOrder, taskID)
-			orderMutex.Unlock()
-
-			// Update max if needed
-			for {
-				maxValue := maxSimultaneous.Load()
-				if current <= maxValue || maxSimultaneous.CompareAndSwap(maxValue, current) {
-					break
-				}
-			}
-
-			time.Sleep(20 * time.Millisecond)
-			currentRunning.Add(-1)
-			return nil
-		}
-	}
-
-	err := NewParallelExecutor(1, executors...)(ctx)
-
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, int32(1), maxSimultaneous.Load(),
-		"max-parallel: 1 should only run 1 task at a time")
-	assert.Len(t, executionOrder, 5, "All 5 tasks should have executed")
-}

act/common/executor_parallel_advanced_test.go

@@ -1,283 +0,0 @@
-// Copyright 2026 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package common
-
-import (
-	"context"
-	"sync"
-	"sync/atomic"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-// TestMaxParallelJobExecution tests actual job execution with max-parallel
-func TestMaxParallelJobExecution(t *testing.T) {
-	t.Run("MaxParallel=1 Sequential", func(t *testing.T) {
-		var currentRunning atomic.Int32
-		var maxConcurrent int32
-		var executionOrder []int
-		var mu sync.Mutex
-
-		executors := make([]Executor, 5)
-		for i := range 5 {
-			taskID := i
-			executors[i] = func(ctx context.Context) error {
-				current := currentRunning.Add(1)
-
-				// Track max concurrent
-				for {
-					maxValue := atomic.LoadInt32(&maxConcurrent)
-					if current <= maxValue || atomic.CompareAndSwapInt32(&maxConcurrent, maxValue, current) {
-						break
-					}
-				}
-
-				mu.Lock()
-				executionOrder = append(executionOrder, taskID)
-				mu.Unlock()
-
-				time.Sleep(10 * time.Millisecond)
-				currentRunning.Add(-1)
-				return nil
-			}
-		}
-
-		ctx := context.Background()
-		err := NewParallelExecutor(1, executors...)(ctx)
-		assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-		assert.Equal(t, int32(1), maxConcurrent, "Should never exceed 1 concurrent execution")
-		assert.Len(t, executionOrder, 5, "All tasks should execute")
-	})
-
-	t.Run("MaxParallel=3 Limited", func(t *testing.T) {
-		var currentRunning atomic.Int32
-		var maxConcurrent int32
-
-		executors := make([]Executor, 10)
-		for i := range 10 {
-			executors[i] = func(ctx context.Context) error {
-				current := currentRunning.Add(1)
-
-				for {
-					maxValue := atomic.LoadInt32(&maxConcurrent)
-					if current <= maxValue || atomic.CompareAndSwapInt32(&maxConcurrent, maxValue, current) {
-						break
-					}
-				}
-
-				time.Sleep(20 * time.Millisecond)
-				currentRunning.Add(-1)
-				return nil
-			}
-		}
-
-		ctx := context.Background()
-		err := NewParallelExecutor(3, executors...)(ctx)
-		assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-		assert.LessOrEqual(t, int(maxConcurrent), 3, "Should never exceed 3 concurrent executions")
-		assert.GreaterOrEqual(t, int(maxConcurrent), 1, "Should have at least 1 concurrent execution")
-	})
-
-	t.Run("MaxParallel=0 Uses1Worker", func(t *testing.T) {
-		var maxConcurrent int32
-		var currentRunning atomic.Int32
-
-		executors := make([]Executor, 5)
-		for i := range 5 {
-			executors[i] = func(ctx context.Context) error {
-				current := currentRunning.Add(1)
-
-				for {
-					maxValue := atomic.LoadInt32(&maxConcurrent)
-					if current <= maxValue || atomic.CompareAndSwapInt32(&maxConcurrent, maxValue, current) {
-						break
-					}
-				}
-
-				time.Sleep(10 * time.Millisecond)
-				currentRunning.Add(-1)
-				return nil
-			}
-		}
-
-		ctx := context.Background()
-		// When maxParallel is 0 or negative, it defaults to 1
-		err := NewParallelExecutor(0, executors...)(ctx)
-		assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-		assert.Equal(t, int32(1), maxConcurrent, "Should use 1 worker when max-parallel is 0")
-	})
-}
-
-// TestMaxParallelWithErrors tests error handling with max-parallel
-func TestMaxParallelWithErrors(t *testing.T) {
-	t.Run("OneTaskFailsOthersContinue", func(t *testing.T) {
-		var successCount int32
-
-		executors := make([]Executor, 5)
-		for i := range 5 {
-			taskID := i
-			executors[i] = func(ctx context.Context) error {
-				if taskID == 2 {
-					return assert.AnError
-				}
-				atomic.AddInt32(&successCount, 1)
-				return nil
-			}
-		}
-
-		ctx := context.Background()
-		err := NewParallelExecutor(2, executors...)(ctx)
-
-		// Should return the error from task 2
-		assert.Error(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-		// Other tasks should still execute
-		assert.Equal(t, int32(4), successCount, "4 tasks should succeed")
-	})
-
-	t.Run("ContextCancellation", func(t *testing.T) {
-		ctx, cancel := context.WithCancel(context.Background())
-
-		var startedCount int32
-		executors := make([]Executor, 10)
-		for i := range 10 {
-			executors[i] = func(ctx context.Context) error {
-				atomic.AddInt32(&startedCount, 1)
-				time.Sleep(100 * time.Millisecond)
-				return nil
-			}
-		}
-
-		// Cancel after a short delay
-		go func() {
-			time.Sleep(30 * time.Millisecond)
-			cancel()
-		}()
-
-		err := NewParallelExecutor(3, executors...)(ctx)
-		assert.Error(t, err)                     //nolint:testifylint // pre-existing issue from nektos/act
-		assert.ErrorIs(t, err, context.Canceled) //nolint:testifylint // pre-existing issue from nektos/act
-
-		// Not all tasks should start due to cancellation (but timing may vary)
-		// Just verify cancellation occurred
-		t.Logf("Started %d tasks before cancellation", startedCount)
-	})
-}
-
-// TestMaxParallelPerformance tests performance characteristics
-func TestMaxParallelPerformance(t *testing.T) {
-	if testing.Short() {
-		t.Skip("Skipping performance test in short mode")
-	}
-
-	t.Run("ParallelFasterThanSequential", func(t *testing.T) {
-		executors := make([]Executor, 10)
-		for i := range 10 {
-			executors[i] = func(ctx context.Context) error {
-				time.Sleep(50 * time.Millisecond)
-				return nil
-			}
-		}
-
-		ctx := context.Background()
-
-		// Sequential (max-parallel=1)
-		start := time.Now()
-		err := NewParallelExecutor(1, executors...)(ctx)
-		sequentialDuration := time.Since(start)
-		assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-		// Parallel (max-parallel=5)
-		start = time.Now()
-		err = NewParallelExecutor(5, executors...)(ctx)
-		parallelDuration := time.Since(start)
-		assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-		// Parallel should be significantly faster
-		assert.Less(t, parallelDuration, sequentialDuration/2,
-			"Parallel execution should be at least 2x faster")
-	})
-
-	t.Run("OptimalWorkerCount", func(t *testing.T) {
-		executors := make([]Executor, 20)
-		for i := range 20 {
-			executors[i] = func(ctx context.Context) error {
-				time.Sleep(10 * time.Millisecond)
-				return nil
-			}
-		}
-
-		ctx := context.Background()
-
-		// Test with different worker counts
-		workerCounts := []int{1, 2, 5, 10, 20}
-		durations := make(map[int]time.Duration)
-
-		for _, count := range workerCounts {
-			start := time.Now()
-			err := NewParallelExecutor(count, executors...)(ctx)
-			durations[count] = time.Since(start)
-			assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-		}
-
-		// More workers should generally be faster (up to a point)
-		assert.Less(t, durations[5], durations[1], "5 workers should be faster than 1")
-		assert.Less(t, durations[10], durations[2], "10 workers should be faster than 2")
-	})
-}
-
-// TestMaxParallelResourceSharing tests resource sharing scenarios
-func TestMaxParallelResourceSharing(t *testing.T) {
-	t.Run("SharedResourceWithMutex", func(t *testing.T) {
-		var sharedCounter int
-		var mu sync.Mutex
-
-		executors := make([]Executor, 100)
-		for i := range 100 {
-			executors[i] = func(ctx context.Context) error {
-				mu.Lock()
-				sharedCounter++
-				mu.Unlock()
-				return nil
-			}
-		}
-
-		ctx := context.Background()
-		err := NewParallelExecutor(10, executors...)(ctx)
-		assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-		assert.Equal(t, 100, sharedCounter, "All tasks should increment counter")
-	})
-
-	t.Run("ChannelCommunication", func(t *testing.T) {
-		resultChan := make(chan int, 50)
-
-		executors := make([]Executor, 50)
-		for i := range 50 {
-			taskID := i
-			executors[i] = func(ctx context.Context) error {
-				resultChan <- taskID
-				return nil
-			}
-		}
-
-		ctx := context.Background()
-		err := NewParallelExecutor(5, executors...)(ctx)
-		assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-		close(resultChan)
-
-		results := make(map[int]bool)
-		for result := range resultChan {
-			results[result] = true
-		}
-
-		assert.Len(t, results, 50, "All task IDs should be received")
-	})
-}

act/common/executor_test.go

@@ -1,158 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// Copyright 2020 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package common
-
-import (
-	"context"
-	"errors"
-	"sync/atomic"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestNewWorkflow(t *testing.T) {
-	assert := assert.New(t)
-
-	ctx := context.Background()
-
-	// empty
-	emptyWorkflow := NewPipelineExecutor()
-	assert.NoError(emptyWorkflow(ctx)) //nolint:testifylint // pre-existing issue from nektos/act
-
-	// error case
-	errorWorkflow := NewErrorExecutor(errors.New("test error"))
-	assert.Error(errorWorkflow(ctx)) //nolint:testifylint // pre-existing issue from nektos/act
-
-	// multiple success case
-	runcount := 0
-	successWorkflow := NewPipelineExecutor(
-		func(ctx context.Context) error {
-			runcount++
-			return nil
-		},
-		func(ctx context.Context) error {
-			runcount++
-			return nil
-		})
-	assert.NoError(successWorkflow(ctx)) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(2, runcount)
-}
-
-func TestNewConditionalExecutor(t *testing.T) {
-	assert := assert.New(t)
-
-	ctx := context.Background()
-
-	trueCount := 0
-	falseCount := 0
-
-	err := NewConditionalExecutor(func(ctx context.Context) bool {
-		return false
-	}, func(ctx context.Context) error {
-		trueCount++
-		return nil
-	}, func(ctx context.Context) error {
-		falseCount++
-		return nil
-	})(ctx)
-
-	assert.NoError(err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(0, trueCount)
-	assert.Equal(1, falseCount)
-
-	err = NewConditionalExecutor(func(ctx context.Context) bool {
-		return true
-	}, func(ctx context.Context) error {
-		trueCount++
-		return nil
-	}, func(ctx context.Context) error {
-		falseCount++
-		return nil
-	})(ctx)
-
-	assert.NoError(err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(1, trueCount)
-	assert.Equal(1, falseCount)
-}
-
-func TestNewParallelExecutor(t *testing.T) {
-	assert := assert.New(t)
-
-	ctx := context.Background()
-
-	var count, activeCount, maxCount atomic.Int32
-	emptyWorkflow := NewPipelineExecutor(func(ctx context.Context) error {
-		count.Add(1)
-
-		active := activeCount.Add(1)
-		for {
-			m := maxCount.Load()
-			if active <= m || maxCount.CompareAndSwap(m, active) {
-				break
-			}
-		}
-		time.Sleep(2 * time.Second)
-		activeCount.Add(-1)
-
-		return nil
-	})
-
-	err := NewParallelExecutor(2, emptyWorkflow, emptyWorkflow, emptyWorkflow)(ctx)
-
-	assert.Equal(int32(3), count.Load(), "should run all 3 executors")
-	assert.Equal(int32(2), maxCount.Load(), "should run at most 2 executors in parallel")
-	assert.NoError(err) //nolint:testifylint // pre-existing issue from nektos/act
-
-	// Reset to test running the executor with 0 parallelism
-	count.Store(0)
-	activeCount.Store(0)
-	maxCount.Store(0)
-
-	errSingle := NewParallelExecutor(0, emptyWorkflow, emptyWorkflow, emptyWorkflow)(ctx)
-
-	assert.Equal(int32(3), count.Load(), "should run all 3 executors")
-	assert.Equal(int32(1), maxCount.Load(), "should run at most 1 executors in parallel")
-	assert.NoError(errSingle)
-}
-
-func TestNewParallelExecutorFailed(t *testing.T) {
-	assert := assert.New(t)
-
-	ctx, cancel := context.WithCancel(context.Background())
-	cancel()
-
-	count := 0
-	errorWorkflow := NewPipelineExecutor(func(ctx context.Context) error {
-		count++
-		return errors.New("fake error")
-	})
-	err := NewParallelExecutor(1, errorWorkflow)(ctx)
-	assert.Equal(1, count)
-	assert.ErrorIs(context.Canceled, err)
-}
-
-func TestNewParallelExecutorCanceled(t *testing.T) {
-	assert := assert.New(t)
-
-	ctx, cancel := context.WithCancel(context.Background())
-	cancel()
-
-	errExpected := errors.New("fake error")
-
-	var count atomic.Int32
-	successWorkflow := NewPipelineExecutor(func(ctx context.Context) error {
-		count.Add(1)
-		return nil
-	})
-	errorWorkflow := NewPipelineExecutor(func(ctx context.Context) error {
-		count.Add(1)
-		return errExpected
-	})
-	err := NewParallelExecutor(3, errorWorkflow, successWorkflow, successWorkflow)(ctx)
-	assert.Equal(int32(3), count.Load())
-	assert.Error(errExpected, err) //nolint:testifylint // pre-existing issue from nektos/act
-}

act/common/job_error.go

@@ -1,34 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Copyright 2021 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package common
-
-import (
-	"context"
-)
-
-type jobErrorContextKey string
-
-const jobErrorContextKeyVal = jobErrorContextKey("job.error")
-
-// JobError returns the job error for current context if any
-func JobError(ctx context.Context) error {
-	val := ctx.Value(jobErrorContextKeyVal)
-	if val != nil {
-		if container, ok := val.(map[string]error); ok {
-			return container["error"]
-		}
-	}
-	return nil
-}
-
-func SetJobError(ctx context.Context, err error) {
-	ctx.Value(jobErrorContextKeyVal).(map[string]error)["error"] = err
-}
-
-// WithJobErrorContainer adds a value to the context as a container for an error
-func WithJobErrorContainer(ctx context.Context) context.Context {
-	container := map[string]error{}
-	return context.WithValue(ctx, jobErrorContextKeyVal, container)
-}

act/common/logger.go

@@ -1,52 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Copyright 2020 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package common
-
-import (
-	"context"
-
-	"github.com/sirupsen/logrus"
-)
-
-type loggerContextKey string
-
-const loggerContextKeyVal = loggerContextKey("logrus.FieldLogger")
-
-// Logger returns the appropriate logger for current context
-func Logger(ctx context.Context) logrus.FieldLogger {
-	val := ctx.Value(loggerContextKeyVal)
-	if val != nil {
-		if logger, ok := val.(logrus.FieldLogger); ok {
-			return logger
-		}
-	}
-	return logrus.StandardLogger()
-}
-
-// WithLogger adds a value to the context for the logger
-func WithLogger(ctx context.Context, logger logrus.FieldLogger) context.Context {
-	return context.WithValue(ctx, loggerContextKeyVal, logger)
-}
-
-type loggerHookKey string
-
-const loggerHookKeyVal = loggerHookKey("logrus.Hook")
-
-// LoggerHook returns the appropriate logger hook for current context
-// the hook affects job logger, not global logger
-func LoggerHook(ctx context.Context) logrus.Hook {
-	val := ctx.Value(loggerHookKeyVal)
-	if val != nil {
-		if hook, ok := val.(logrus.Hook); ok {
-			return hook
-		}
-	}
-	return nil
-}
-
-// WithLoggerHook adds a value to the context for the logger hook
-func WithLoggerHook(ctx context.Context, hook logrus.Hook) context.Context {
-	return context.WithValue(ctx, loggerHookKeyVal, hook)
-}

act/container/docker_run_test.go

@@ -1,366 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Copyright 2020 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package container
-
-import (
-	"bufio"
-	"bytes"
-	"context"
-	"errors"
-	"io"
-	"net"
-	"strings"
-	"testing"
-	"time"
-
-	"gitea.com/gitea/runner/act/common"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
-	"github.com/sirupsen/logrus/hooks/test"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
-	"github.com/stretchr/testify/require"
-)
-
-func TestDocker(t *testing.T) {
-	ctx := context.Background()
-	client, err := GetDockerClient(ctx)
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-	defer client.Close()
-
-	dockerBuild := NewDockerBuildExecutor(NewDockerBuildExecutorInput{
-		ContextDir: "testdata",
-		ImageTag:   "envmergetest",
-	})
-
-	err = dockerBuild(ctx)
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-	cr := &containerReference{
-		cli: client,
-		input: &NewContainerInput{
-			Image: "envmergetest",
-		},
-	}
-	env := map[string]string{
-		"PATH":         "/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin",
-		"RANDOM_VAR":   "WITH_VALUE",
-		"ANOTHER_VAR":  "",
-		"CONFLICT_VAR": "I_EXIST_IN_MULTIPLE_PLACES",
-	}
-
-	envExecutor := cr.extractFromImageEnv(&env)
-	err = envExecutor(ctx)
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, map[string]string{
-		"PATH":            "/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin:/this/path/does/not/exists/anywhere:/this/either",
-		"RANDOM_VAR":      "WITH_VALUE",
-		"ANOTHER_VAR":     "",
-		"SOME_RANDOM_VAR": "",
-		"ANOTHER_ONE":     "BUT_I_HAVE_VALUE",
-		"CONFLICT_VAR":    "I_EXIST_IN_MULTIPLE_PLACES",
-	}, env)
-}
-
-type mockDockerClient struct {
-	client.APIClient
-	mock.Mock
-}
-
-func (m *mockDockerClient) ContainerExecCreate(ctx context.Context, id string, opts types.ExecConfig) (types.IDResponse, error) {
-	args := m.Called(ctx, id, opts)
-	return args.Get(0).(types.IDResponse), args.Error(1)
-}
-
-func (m *mockDockerClient) ContainerExecAttach(ctx context.Context, id string, opts types.ExecStartCheck) (types.HijackedResponse, error) {
-	args := m.Called(ctx, id, opts)
-	return args.Get(0).(types.HijackedResponse), args.Error(1)
-}
-
-func (m *mockDockerClient) ContainerExecInspect(ctx context.Context, execID string) (types.ContainerExecInspect, error) {
-	args := m.Called(ctx, execID)
-	return args.Get(0).(types.ContainerExecInspect), args.Error(1)
-}
-
-func (m *mockDockerClient) ContainerWait(ctx context.Context, containerID string, condition container.WaitCondition) (<-chan container.WaitResponse, <-chan error) {
-	args := m.Called(ctx, containerID, condition)
-	return args.Get(0).(<-chan container.WaitResponse), args.Get(1).(<-chan error)
-}
-
-func (m *mockDockerClient) CopyToContainer(ctx context.Context, id, path string, content io.Reader, options types.CopyToContainerOptions) error {
-	args := m.Called(ctx, id, path, content, options)
-	return args.Error(0)
-}
-
-type endlessReader struct {
-	io.Reader
-}
-
-func (r endlessReader) Read(_ []byte) (n int, err error) {
-	return 1, nil
-}
-
-type mockConn struct {
-	net.Conn
-	mock.Mock
-}
-
-func (m *mockConn) Write(b []byte) (n int, err error) {
-	args := m.Called(b)
-	return args.Int(0), args.Error(1)
-}
-
-func (m *mockConn) Close() (err error) {
-	return nil
-}
-
-func TestDockerExecAbort(t *testing.T) {
-	ctx, cancel := context.WithCancel(context.Background())
-
-	conn := &mockConn{}
-	conn.On("Write", mock.AnythingOfType("[]uint8")).Return(1, nil)
-
-	client := &mockDockerClient{}
-	client.On("ContainerExecCreate", ctx, "123", mock.AnythingOfType("types.ExecConfig")).Return(types.IDResponse{ID: "id"}, nil)
-	client.On("ContainerExecAttach", ctx, "id", mock.AnythingOfType("types.ExecStartCheck")).Return(types.HijackedResponse{
-		Conn:   conn,
-		Reader: bufio.NewReader(endlessReader{}),
-	}, nil)
-
-	cr := &containerReference{
-		id:  "123",
-		cli: client,
-		input: &NewContainerInput{
-			Image: "image",
-		},
-	}
-
-	channel := make(chan error)
-
-	go func() {
-		channel <- cr.exec([]string{""}, map[string]string{}, "user", "workdir")(ctx)
-	}()
-
-	time.Sleep(500 * time.Millisecond)
-
-	cancel()
-
-	err := <-channel
-	assert.ErrorIs(t, err, context.Canceled) //nolint:testifylint // pre-existing issue from nektos/act
-
-	conn.AssertExpectations(t)
-	client.AssertExpectations(t)
-}
-
-func TestDockerExecFailure(t *testing.T) {
-	ctx := context.Background()
-
-	conn := &mockConn{}
-
-	client := &mockDockerClient{}
-	client.On("ContainerExecCreate", ctx, "123", mock.AnythingOfType("types.ExecConfig")).Return(types.IDResponse{ID: "id"}, nil)
-	client.On("ContainerExecAttach", ctx, "id", mock.AnythingOfType("types.ExecStartCheck")).Return(types.HijackedResponse{
-		Conn:   conn,
-		Reader: bufio.NewReader(strings.NewReader("output")),
-	}, nil)
-	client.On("ContainerExecInspect", ctx, "id").Return(types.ContainerExecInspect{
-		ExitCode: 1,
-	}, nil)
-
-	cr := &containerReference{
-		id:  "123",
-		cli: client,
-		input: &NewContainerInput{
-			Image: "image",
-		},
-	}
-
-	err := cr.exec([]string{""}, map[string]string{}, "user", "workdir")(ctx)
-	var exitErr ExitCodeError
-	require.ErrorAs(t, err, &exitErr)
-	assert.Equal(t, ExitCodeError(1), exitErr)
-	assert.Equal(t, "Process completed with exit code 1.", err.Error())
-
-	conn.AssertExpectations(t)
-	client.AssertExpectations(t)
-}
-
-func TestDockerWaitFailure(t *testing.T) {
-	ctx := context.Background()
-
-	statusCh := make(chan container.WaitResponse, 1)
-	statusCh <- container.WaitResponse{StatusCode: 2}
-	errCh := make(chan error, 1)
-
-	client := &mockDockerClient{}
-	client.On("ContainerWait", ctx, "123", container.WaitConditionNotRunning).
-		Return((<-chan container.WaitResponse)(statusCh), (<-chan error)(errCh))
-
-	cr := &containerReference{
-		id:  "123",
-		cli: client,
-		input: &NewContainerInput{
-			Image: "image",
-		},
-	}
-
-	err := cr.wait()(ctx)
-	var exitErr ExitCodeError
-	require.ErrorAs(t, err, &exitErr)
-	assert.Equal(t, ExitCodeError(2), exitErr)
-	assert.Equal(t, "Process completed with exit code 2.", err.Error())
-
-	client.AssertExpectations(t)
-}
-
-func TestDockerCopyTarStream(t *testing.T) {
-	ctx := context.Background()
-
-	conn := &mockConn{}
-
-	client := &mockDockerClient{}
-	client.On("CopyToContainer", ctx, "123", "/", mock.Anything, mock.AnythingOfType("types.CopyToContainerOptions")).Return(nil)
-	client.On("CopyToContainer", ctx, "123", "/var/run/act", mock.Anything, mock.AnythingOfType("types.CopyToContainerOptions")).Return(nil)
-	cr := &containerReference{
-		id:  "123",
-		cli: client,
-		input: &NewContainerInput{
-			Image: "image",
-		},
-	}
-
-	_ = cr.CopyTarStream(ctx, "/var/run/act", &bytes.Buffer{})
-
-	conn.AssertExpectations(t)
-	client.AssertExpectations(t)
-}
-
-func TestDockerCopyTarStreamErrorInCopyFiles(t *testing.T) {
-	ctx := context.Background()
-
-	conn := &mockConn{}
-
-	merr := errors.New("Failure")
-
-	client := &mockDockerClient{}
-	client.On("CopyToContainer", ctx, "123", "/", mock.Anything, mock.AnythingOfType("types.CopyToContainerOptions")).Return(merr)
-	client.On("CopyToContainer", ctx, "123", "/", mock.Anything, mock.AnythingOfType("types.CopyToContainerOptions")).Return(merr)
-	cr := &containerReference{
-		id:  "123",
-		cli: client,
-		input: &NewContainerInput{
-			Image: "image",
-		},
-	}
-
-	err := cr.CopyTarStream(ctx, "/var/run/act", &bytes.Buffer{})
-	assert.ErrorIs(t, err, merr) //nolint:testifylint // pre-existing issue from nektos/act
-
-	conn.AssertExpectations(t)
-	client.AssertExpectations(t)
-}
-
-func TestDockerCopyTarStreamErrorInMkdir(t *testing.T) {
-	ctx := context.Background()
-
-	conn := &mockConn{}
-
-	merr := errors.New("Failure")
-
-	client := &mockDockerClient{}
-	client.On("CopyToContainer", ctx, "123", "/", mock.Anything, mock.AnythingOfType("types.CopyToContainerOptions")).Return(nil)
-	client.On("CopyToContainer", ctx, "123", "/var/run/act", mock.Anything, mock.AnythingOfType("types.CopyToContainerOptions")).Return(merr)
-	cr := &containerReference{
-		id:  "123",
-		cli: client,
-		input: &NewContainerInput{
-			Image: "image",
-		},
-	}
-
-	err := cr.CopyTarStream(ctx, "/var/run/act", &bytes.Buffer{})
-	assert.ErrorIs(t, err, merr) //nolint:testifylint // pre-existing issue from nektos/act
-
-	conn.AssertExpectations(t)
-	client.AssertExpectations(t)
-}
-
-// Type assert containerReference implements ExecutionsEnvironment
-var _ ExecutionsEnvironment = &containerReference{}
-
-func TestCheckVolumes(t *testing.T) {
-	testCases := []struct {
-		desc          string
-		validVolumes  []string
-		binds         []string
-		expectedBinds []string
-	}{
-		{
-			desc:         "match all volumes",
-			validVolumes: []string{"**"},
-			binds: []string{
-				"shared_volume:/shared_volume",
-				"/home/test/data:/test_data",
-				"/etc/conf.d/base.json:/config/base.json",
-				"sql_data:/sql_data",
-				"/secrets/keys:/keys",
-			},
-			expectedBinds: []string{
-				"shared_volume:/shared_volume",
-				"/home/test/data:/test_data",
-				"/etc/conf.d/base.json:/config/base.json",
-				"sql_data:/sql_data",
-				"/secrets/keys:/keys",
-			},
-		},
-		{
-			desc:         "no volumes can be matched",
-			validVolumes: []string{},
-			binds: []string{
-				"shared_volume:/shared_volume",
-				"/home/test/data:/test_data",
-				"/etc/conf.d/base.json:/config/base.json",
-				"sql_data:/sql_data",
-				"/secrets/keys:/keys",
-			},
-			expectedBinds: []string{},
-		},
-		{
-			desc: "only allowed volumes can be matched",
-			validVolumes: []string{
-				"shared_volume",
-				"/home/test/data",
-				"/etc/conf.d/*.json",
-			},
-			binds: []string{
-				"shared_volume:/shared_volume",
-				"/home/test/data:/test_data",
-				"/etc/conf.d/base.json:/config/base.json",
-				"sql_data:/sql_data",
-				"/secrets/keys:/keys",
-			},
-			expectedBinds: []string{
-				"shared_volume:/shared_volume",
-				"/home/test/data:/test_data",
-				"/etc/conf.d/base.json:/config/base.json",
-			},
-		},
-	}
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			logger, _ := test.NewNullLogger()
-			ctx := common.WithLogger(context.Background(), logger)
-			cr := &containerReference{
-				input: &NewContainerInput{
-					ValidVolumes: tc.validVolumes,
-				},
-			}
-			_, hostConf := cr.sanitizeConfig(ctx, &container.Config{}, &container.HostConfig{Binds: tc.binds})
-			assert.Equal(t, tc.expectedBinds, hostConf.Binds)
-		})
-	}
-}

act/container/host_environment_test.go

@@ -1,149 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Copyright 2022 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package container
-
-import (
-	"archive/tar"
-	"context"
-	"io"
-	"os"
-	"path"
-	"path/filepath"
-	"runtime"
-	"testing"
-
-	"gitea.com/gitea/runner/act/common"
-
-	"github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-// Type assert HostEnvironment implements ExecutionsEnvironment
-var _ ExecutionsEnvironment = &HostEnvironment{}
-
-func TestCopyDir(t *testing.T) {
-	dir := t.TempDir()
-	ctx := context.Background()
-	e := &HostEnvironment{
-		Path:      filepath.Join(dir, "path"),
-		TmpDir:    filepath.Join(dir, "tmp"),
-		ToolCache: filepath.Join(dir, "tool_cache"),
-		ActPath:   filepath.Join(dir, "act_path"),
-		StdOut:    os.Stdout,
-		Workdir:   path.Join("testdata", "scratch"),
-	}
-	_ = os.MkdirAll(e.Path, 0o700)
-	_ = os.MkdirAll(e.TmpDir, 0o700)
-	_ = os.MkdirAll(e.ToolCache, 0o700)
-	_ = os.MkdirAll(e.ActPath, 0o700)
-	err := e.CopyDir(e.Workdir, e.Path, true)(ctx)
-	assert.NoError(t, err)
-}
-
-func TestGetContainerArchive(t *testing.T) {
-	dir := t.TempDir()
-	ctx := context.Background()
-	e := &HostEnvironment{
-		Path:      filepath.Join(dir, "path"),
-		TmpDir:    filepath.Join(dir, "tmp"),
-		ToolCache: filepath.Join(dir, "tool_cache"),
-		ActPath:   filepath.Join(dir, "act_path"),
-		StdOut:    os.Stdout,
-		Workdir:   path.Join("testdata", "scratch"),
-	}
-	_ = os.MkdirAll(e.Path, 0o700)
-	_ = os.MkdirAll(e.TmpDir, 0o700)
-	_ = os.MkdirAll(e.ToolCache, 0o700)
-	_ = os.MkdirAll(e.ActPath, 0o700)
-	expectedContent := []byte("sdde/7sh")
-	err := os.WriteFile(filepath.Join(e.Path, "action.yml"), expectedContent, 0o600)
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-	archive, err := e.GetContainerArchive(ctx, e.Path)
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-	defer archive.Close()
-	reader := tar.NewReader(archive)
-	h, err := reader.Next()
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, "action.yml", h.Name)
-	content, err := io.ReadAll(reader)
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, expectedContent, content)
-	_, err = reader.Next()
-	assert.ErrorIs(t, err, io.EOF)
-}
-
-func TestHostEnvironmentExecExitCode(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		t.Skip("uses POSIX shell")
-	}
-	dir := t.TempDir()
-	ctx := context.Background()
-	e := &HostEnvironment{
-		Path:      filepath.Join(dir, "path"),
-		TmpDir:    filepath.Join(dir, "tmp"),
-		ToolCache: filepath.Join(dir, "tool_cache"),
-		ActPath:   filepath.Join(dir, "act_path"),
-		StdOut:    io.Discard,
-		Workdir:   filepath.Join(dir, "path"),
-	}
-	for _, p := range []string{e.Path, e.TmpDir, e.ToolCache, e.ActPath} {
-		assert.NoError(t, os.MkdirAll(p, 0o700)) //nolint:testifylint // test setup
-	}
-
-	err := e.Exec([]string{"sh", "-c", "exit 3"}, map[string]string{"PATH": os.Getenv("PATH")}, "", "")(ctx)
-	var exitErr ExitCodeError
-	require.ErrorAs(t, err, &exitErr)
-	assert.Equal(t, ExitCodeError(3), exitErr)
-	assert.Equal(t, "Process completed with exit code 3.", err.Error())
-}
-
-func TestHostEnvironmentRemoveCleansWorkdir(t *testing.T) {
-	logger := logrus.New()
-	ctx := common.WithLogger(context.Background(), logrus.NewEntry(logger))
-	base := t.TempDir()
-	miscRoot := filepath.Join(base, "misc")
-	path := filepath.Join(miscRoot, "hostexecutor")
-	require.NoError(t, os.MkdirAll(path, 0o700))
-	workdir := filepath.Join(base, "workspace", "owner", "repo")
-	require.NoError(t, os.MkdirAll(workdir, 0o700))
-
-	e := &HostEnvironment{
-		Path:        path,
-		Workdir:     workdir,
-		BindWorkdir: false,
-		CleanUp: func() {
-			_ = os.RemoveAll(miscRoot)
-		},
-		StdOut: os.Stdout,
-	}
-	require.NoError(t, e.Remove()(ctx))
-	_, err := os.Stat(workdir)
-	assert.ErrorIs(t, err, os.ErrNotExist)
-}
-
-func TestHostEnvironmentRemoveSkipsWorkdirWhenBindWorkdir(t *testing.T) {
-	logger := logrus.New()
-	ctx := common.WithLogger(context.Background(), logrus.NewEntry(logger))
-	base := t.TempDir()
-	miscRoot := filepath.Join(base, "misc")
-	path := filepath.Join(miscRoot, "hostexecutor")
-	require.NoError(t, os.MkdirAll(path, 0o700))
-	workdir := filepath.Join(base, "workspace", "123", "owner", "repo")
-	require.NoError(t, os.MkdirAll(workdir, 0o700))
-
-	e := &HostEnvironment{
-		Path:        path,
-		Workdir:     workdir,
-		BindWorkdir: true,
-		CleanUp: func() {
-			_ = os.RemoveAll(miscRoot)
-		},
-		StdOut: os.Stdout,
-	}
-	require.NoError(t, e.Remove()(ctx))
-	_, err := os.Stat(workdir)
-	require.NoError(t, err)
-}

act/exprparser/functions.go

@@ -1,300 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Copyright 2022 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package exprparser
-
-import (
-	"crypto/sha256"
-	"encoding/hex"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"io/fs"
-	"os"
-	"path/filepath"
-	"reflect"
-	"strconv"
-	"strings"
-
-	"gitea.com/gitea/runner/act/model"
-
-	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
-	"github.com/rhysd/actionlint"
-)
-
-func (impl *interperterImpl) contains(search, item reflect.Value) (bool, error) {
-	switch search.Kind() {
-	case reflect.String, reflect.Int, reflect.Float64, reflect.Bool, reflect.Invalid:
-		return strings.Contains(
-			strings.ToLower(impl.coerceToString(search).String()),
-			strings.ToLower(impl.coerceToString(item).String()),
-		), nil
-
-	case reflect.Slice:
-		for i := 0; i < search.Len(); i++ {
-			arrayItem := search.Index(i).Elem()
-			result, err := impl.compareValues(arrayItem, item, actionlint.CompareOpNodeKindEq)
-			if err != nil {
-				return false, err
-			}
-
-			if isEqual, ok := result.(bool); ok && isEqual {
-				return true, nil
-			}
-		}
-	}
-
-	return false, nil
-}
-
-func (impl *interperterImpl) startsWith(searchString, searchValue reflect.Value) (bool, error) { //nolint:unparam // pre-existing issue from nektos/act
-	return strings.HasPrefix(
-		strings.ToLower(impl.coerceToString(searchString).String()),
-		strings.ToLower(impl.coerceToString(searchValue).String()),
-	), nil
-}
-
-func (impl *interperterImpl) endsWith(searchString, searchValue reflect.Value) (bool, error) { //nolint:unparam // pre-existing issue from nektos/act
-	return strings.HasSuffix(
-		strings.ToLower(impl.coerceToString(searchString).String()),
-		strings.ToLower(impl.coerceToString(searchValue).String()),
-	), nil
-}
-
-const (
-	passThrough = iota
-	bracketOpen
-	bracketClose
-)
-
-func (impl *interperterImpl) format(str reflect.Value, replaceValue ...reflect.Value) (string, error) {
-	input := impl.coerceToString(str).String()
-	var output strings.Builder
-	replacementIndex := ""
-
-	state := passThrough
-	for _, character := range input {
-		switch state {
-		case passThrough: // normal buffer output
-			switch character {
-			case '{':
-				state = bracketOpen
-
-			case '}':
-				state = bracketClose
-
-			default:
-				output.WriteRune(character)
-			}
-
-		case bracketOpen: // found {
-			switch character {
-			case '{':
-				output.WriteString("{")
-				replacementIndex = ""
-				state = passThrough
-
-			case '}':
-				index, err := strconv.ParseInt(replacementIndex, 10, 32)
-				if err != nil {
-					return "", fmt.Errorf("The following format string is invalid: '%s'", input)
-				}
-
-				replacementIndex = ""
-
-				if len(replaceValue) <= int(index) {
-					return "", fmt.Errorf("The following format string references more arguments than were supplied: '%s'", input)
-				}
-
-				output.WriteString(impl.coerceToString(replaceValue[index]).String())
-
-				state = passThrough
-
-			default:
-				replacementIndex += string(character)
-			}
-
-		case bracketClose: // found }
-			switch character {
-			case '}':
-				output.WriteString("}")
-				replacementIndex = ""
-				state = passThrough
-
-			default:
-				panic("Invalid format parser state")
-			}
-		}
-	}
-
-	if state != passThrough {
-		switch state {
-		case bracketOpen:
-			return "", fmt.Errorf("Unclosed brackets. The following format string is invalid: '%s'", input)
-
-		case bracketClose:
-			return "", fmt.Errorf("Closing bracket without opening one. The following format string is invalid: '%s'", input)
-		}
-	}
-
-	return output.String(), nil
-}
-
-func (impl *interperterImpl) join(array, sep reflect.Value) (string, error) { //nolint:unparam // pre-existing issue from nektos/act
-	separator := impl.coerceToString(sep).String()
-	switch array.Kind() {
-	case reflect.Slice:
-		var items []string
-		for i := 0; i < array.Len(); i++ {
-			items = append(items, impl.coerceToString(array.Index(i).Elem()).String())
-		}
-
-		return strings.Join(items, separator), nil
-	default:
-		return strings.Join([]string{impl.coerceToString(array).String()}, separator), nil
-	}
-}
-
-func (impl *interperterImpl) toJSON(value reflect.Value) (string, error) {
-	if value.Kind() == reflect.Invalid {
-		return "null", nil
-	}
-
-	json, err := json.MarshalIndent(value.Interface(), "", "  ")
-	if err != nil {
-		return "", fmt.Errorf("Cannot convert value to JSON. Cause: %v", err)
-	}
-
-	return string(json), nil
-}
-
-func (impl *interperterImpl) fromJSON(value reflect.Value) (any, error) {
-	if value.Kind() != reflect.String {
-		return nil, fmt.Errorf("Cannot parse non-string type %v as JSON", value.Kind())
-	}
-
-	var data any
-
-	err := json.Unmarshal([]byte(value.String()), &data)
-	if err != nil {
-		return nil, fmt.Errorf("Invalid JSON: %v", err)
-	}
-
-	return data, nil
-}
-
-func (impl *interperterImpl) hashFiles(paths ...reflect.Value) (string, error) {
-	var ps []gitignore.Pattern
-
-	const cwdPrefix = "." + string(filepath.Separator)
-	const excludeCwdPrefix = "!" + cwdPrefix
-	for _, path := range paths {
-		if path.Kind() == reflect.String {
-			cleanPath := path.String()
-			if strings.HasPrefix(cleanPath, cwdPrefix) {
-				cleanPath = cleanPath[len(cwdPrefix):]
-			} else if strings.HasPrefix(cleanPath, excludeCwdPrefix) {
-				cleanPath = "!" + cleanPath[len(excludeCwdPrefix):]
-			}
-			ps = append(ps, gitignore.ParsePattern(cleanPath, nil))
-		} else {
-			return "", errors.New("Non-string path passed to hashFiles")
-		}
-	}
-
-	matcher := gitignore.NewMatcher(ps)
-
-	var files []string
-	if err := filepath.Walk(impl.config.WorkingDir, func(path string, fi fs.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		sansPrefix := strings.TrimPrefix(path, impl.config.WorkingDir+string(filepath.Separator))
-		parts := strings.Split(sansPrefix, string(filepath.Separator))
-		if fi.IsDir() || !matcher.Match(parts, fi.IsDir()) {
-			return nil
-		}
-		files = append(files, path)
-		return nil
-	}); err != nil {
-		return "", fmt.Errorf("Unable to filepath.Walk: %v", err)
-	}
-
-	if len(files) == 0 {
-		return "", nil
-	}
-
-	hasher := sha256.New()
-
-	for _, file := range files {
-		f, err := os.Open(file)
-		if err != nil {
-			return "", fmt.Errorf("Unable to os.Open: %v", err)
-		}
-
-		if _, err := io.Copy(hasher, f); err != nil {
-			return "", fmt.Errorf("Unable to io.Copy: %v", err)
-		}
-
-		if err := f.Close(); err != nil {
-			return "", fmt.Errorf("Unable to Close file: %v", err)
-		}
-	}
-
-	return hex.EncodeToString(hasher.Sum(nil)), nil
-}
-
-func (impl *interperterImpl) getNeedsTransitive(job *model.Job) []string {
-	needs := job.Needs()
-
-	for _, need := range needs {
-		parentNeeds := impl.getNeedsTransitive(impl.config.Run.Workflow.GetJob(need))
-		needs = append(needs, parentNeeds...)
-	}
-
-	return needs
-}
-
-func (impl *interperterImpl) always() (bool, error) {
-	return true, nil
-}
-
-func (impl *interperterImpl) jobSuccess() (bool, error) { //nolint:unparam // pre-existing issue from nektos/act
-	jobs := impl.config.Run.Workflow.Jobs
-	jobNeeds := impl.getNeedsTransitive(impl.config.Run.Job())
-
-	for _, needs := range jobNeeds {
-		if jobs[needs].Result != "success" {
-			return false, nil
-		}
-	}
-
-	return true, nil
-}
-
-func (impl *interperterImpl) stepSuccess() (bool, error) { //nolint:unparam // pre-existing issue from nektos/act
-	return impl.env.Job.Status == "success", nil
-}
-
-func (impl *interperterImpl) jobFailure() (bool, error) { //nolint:unparam // pre-existing issue from nektos/act
-	jobs := impl.config.Run.Workflow.Jobs
-	jobNeeds := impl.getNeedsTransitive(impl.config.Run.Job())
-
-	for _, needs := range jobNeeds {
-		if jobs[needs].Result == "failure" {
-			return true, nil
-		}
-	}
-
-	return false, nil
-}
-
-func (impl *interperterImpl) stepFailure() (bool, error) { //nolint:unparam // pre-existing issue from nektos/act
-	return impl.env.Job.Status == "failure", nil
-}
-
-func (impl *interperterImpl) cancelled() (bool, error) { //nolint:unparam // pre-existing issue from nektos/act
-	return impl.env.Job.Status == "cancelled", nil
-}

act/exprparser/functions_test.go

@@ -1,256 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Copyright 2022 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package exprparser
-
-import (
-	"path/filepath"
-	"testing"
-
-	"gitea.com/gitea/runner/act/model"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestFunctionContains(t *testing.T) {
-	table := []struct {
-		input    string
-		expected any
-		name     string
-	}{
-		{"contains('search', 'item') }}", false, "contains-str-str"},
-		{`cOnTaInS('Hello', 'll') }}`, true, "contains-str-casing"},
-		{`contains('HELLO', 'll') }}`, true, "contains-str-casing"},
-		{`contains('3.141592', 3.14) }}`, true, "contains-str-number"},
-		{`contains(3.141592, '3.14') }}`, true, "contains-number-str"},
-		{`contains(3.141592, 3.14) }}`, true, "contains-number-number"},
-		{`contains(true, 'u') }}`, true, "contains-bool-str"},
-		{`contains(null, '') }}`, true, "contains-null-str"},
-		{`contains(fromJSON('["first","second"]'), 'first') }}`, true, "contains-item"},
-		{`contains(fromJSON('[null,"second"]'), '') }}`, true, "contains-item-null-empty-str"},
-		{`contains(fromJSON('["","second"]'), null) }}`, true, "contains-item-empty-str-null"},
-		{`contains(fromJSON('[true,"second"]'), 'true') }}`, false, "contains-item-bool-arr"},
-		{`contains(fromJSON('["true","second"]'), true) }}`, false, "contains-item-str-bool"},
-		{`contains(fromJSON('[3.14,"second"]'), '3.14') }}`, true, "contains-item-number-str"},
-		{`contains(fromJSON('[3.14,"second"]'), 3.14) }}`, true, "contains-item-number-number"},
-		{`contains(fromJSON('["","second"]'), fromJSON('[]')) }}`, false, "contains-item-str-arr"},
-		{`contains(fromJSON('["","second"]'), fromJSON('{}')) }}`, false, "contains-item-str-obj"},
-	}
-
-	env := &EvaluationEnvironment{}
-
-	for _, tt := range table {
-		t.Run(tt.name, func(t *testing.T) {
-			output, err := NewInterpeter(env, Config{}).Evaluate(tt.input, DefaultStatusCheckNone)
-			assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-			assert.Equal(t, tt.expected, output)
-		})
-	}
-}
-
-func TestFunctionStartsWith(t *testing.T) {
-	table := []struct {
-		input    string
-		expected any
-		name     string
-	}{
-		{"startsWith('search', 'se') }}", true, "startswith-string"},
-		{"startsWith('search', 'sa') }}", false, "startswith-string"},
-		{"startsWith('123search', '123s') }}", true, "startswith-string"},
-		{"startsWith(123, 's') }}", false, "startswith-string"},
-		{"startsWith(123, '12') }}", true, "startswith-string"},
-		{"startsWith('123', 12) }}", true, "startswith-string"},
-		{"startsWith(null, '42') }}", false, "startswith-string"},
-		{"startsWith('null', null) }}", true, "startswith-string"},
-		{"startsWith('null', '') }}", true, "startswith-string"},
-	}
-
-	env := &EvaluationEnvironment{}
-
-	for _, tt := range table {
-		t.Run(tt.name, func(t *testing.T) {
-			output, err := NewInterpeter(env, Config{}).Evaluate(tt.input, DefaultStatusCheckNone)
-			assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-			assert.Equal(t, tt.expected, output)
-		})
-	}
-}
-
-func TestFunctionEndsWith(t *testing.T) {
-	table := []struct {
-		input    string
-		expected any
-		name     string
-	}{
-		{"endsWith('search', 'ch') }}", true, "endsWith-string"},
-		{"endsWith('search', 'sa') }}", false, "endsWith-string"},
-		{"endsWith('search123s', '123s') }}", true, "endsWith-string"},
-		{"endsWith(123, 's') }}", false, "endsWith-string"},
-		{"endsWith(123, '23') }}", true, "endsWith-string"},
-		{"endsWith('123', 23) }}", true, "endsWith-string"},
-		{"endsWith(null, '42') }}", false, "endsWith-string"},
-		{"endsWith('null', null) }}", true, "endsWith-string"},
-		{"endsWith('null', '') }}", true, "endsWith-string"},
-	}
-
-	env := &EvaluationEnvironment{}
-
-	for _, tt := range table {
-		t.Run(tt.name, func(t *testing.T) {
-			output, err := NewInterpeter(env, Config{}).Evaluate(tt.input, DefaultStatusCheckNone)
-			assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-			assert.Equal(t, tt.expected, output)
-		})
-	}
-}
-
-func TestFunctionJoin(t *testing.T) {
-	table := []struct {
-		input    string
-		expected any
-		name     string
-	}{
-		{"join(fromJSON('[\"a\", \"b\"]'), ',')", "a,b", "join-arr"},
-		{"join('string', ',')", "string", "join-str"},
-		{"join(1, ',')", "1", "join-number"},
-		{"join(null, ',')", "", "join-number"},
-		{"join(fromJSON('[\"a\", \"b\", null]'), null)", "ab", "join-number"},
-		{"join(fromJSON('[\"a\", \"b\"]'))", "a,b", "join-number"},
-		{"join(fromJSON('[\"a\", \"b\", null]'), 1)", "a1b1", "join-number"},
-	}
-
-	env := &EvaluationEnvironment{}
-
-	for _, tt := range table {
-		t.Run(tt.name, func(t *testing.T) {
-			output, err := NewInterpeter(env, Config{}).Evaluate(tt.input, DefaultStatusCheckNone)
-			assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-			assert.Equal(t, tt.expected, output)
-		})
-	}
-}
-
-func TestFunctionToJSON(t *testing.T) {
-	table := []struct {
-		input    string
-		expected any
-		name     string
-	}{
-		{"toJSON(env) }}", "{\n  \"key\": \"value\"\n}", "toJSON"},
-		{"toJSON(null)", "null", "toJSON-null"},
-	}
-
-	env := &EvaluationEnvironment{
-		Env: map[string]string{
-			"key": "value",
-		},
-	}
-
-	for _, tt := range table {
-		t.Run(tt.name, func(t *testing.T) {
-			output, err := NewInterpeter(env, Config{}).Evaluate(tt.input, DefaultStatusCheckNone)
-			assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-			assert.Equal(t, tt.expected, output)
-		})
-	}
-}
-
-func TestFunctionFromJSON(t *testing.T) {
-	table := []struct {
-		input    string
-		expected any
-		name     string
-	}{
-		{"fromJSON('{\"foo\":\"bar\"}') }}", map[string]any{
-			"foo": "bar",
-		}, "fromJSON"},
-	}
-
-	env := &EvaluationEnvironment{}
-
-	for _, tt := range table {
-		t.Run(tt.name, func(t *testing.T) {
-			output, err := NewInterpeter(env, Config{}).Evaluate(tt.input, DefaultStatusCheckNone)
-			assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-			assert.Equal(t, tt.expected, output)
-		})
-	}
-}
-
-func TestFunctionHashFiles(t *testing.T) {
-	table := []struct {
-		input    string
-		expected any
-		name     string
-	}{
-		{"hashFiles('**/non-extant-files') }}", "", "hash-non-existing-file"},
-		{"hashFiles('**/non-extant-files', '**/more-non-extant-files') }}", "", "hash-multiple-non-existing-files"},
-		{"hashFiles('./for-hashing-1.txt') }}", "66a045b452102c59d840ec097d59d9467e13a3f34f6494e539ffd32c1bb35f18", "hash-single-file"},
-		{"hashFiles('./for-hashing-*.txt') }}", "8e5935e7e13368cd9688fe8f48a0955293676a021562582c7e848dafe13fb046", "hash-multiple-files"},
-		{"hashFiles('./for-hashing-*.txt', '!./for-hashing-2.txt') }}", "66a045b452102c59d840ec097d59d9467e13a3f34f6494e539ffd32c1bb35f18", "hash-negative-pattern"},
-		{"hashFiles('./for-hashing-**') }}", "c418ba693753c84115ced0da77f876cddc662b9054f4b129b90f822597ee2f94", "hash-multiple-files-and-directories"},
-		{"hashFiles('./for-hashing-3/**') }}", "6f5696b546a7a9d6d42a449dc9a56bef244aaa826601ef27466168846139d2c2", "hash-nested-directories"},
-		{"hashFiles('./for-hashing-3/**/nested-data.txt') }}", "8ecadfb49f7f978d0a9f3a957e9c8da6cc9ab871f5203b5d9f9d1dc87d8af18c", "hash-nested-directories-2"},
-	}
-
-	env := &EvaluationEnvironment{}
-
-	for _, tt := range table {
-		t.Run(tt.name, func(t *testing.T) {
-			workdir, err := filepath.Abs("testdata")
-			assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-			output, err := NewInterpeter(env, Config{WorkingDir: workdir}).Evaluate(tt.input, DefaultStatusCheckNone)
-			assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-			assert.Equal(t, tt.expected, output)
-		})
-	}
-}
-
-func TestFunctionFormat(t *testing.T) {
-	table := []struct {
-		input    string
-		expected any
-		error    any
-		name     string
-	}{
-		{"format('text')", "text", nil, "format-plain-string"},
-		{"format('Hello {0} {1} {2}!', 'Mona', 'the', 'Octocat')", "Hello Mona the Octocat!", nil, "format-with-placeholders"},
-		{"format('{{Hello {0} {1} {2}!}}', 'Mona', 'the', 'Octocat')", "{Hello Mona the Octocat!}", nil, "format-with-escaped-braces"},
-		{"format('{{0}}', 'test')", "{0}", nil, "format-with-escaped-braces"},
-		{"format('{{{0}}}', 'test')", "{test}", nil, "format-with-escaped-braces-and-value"},
-		{"format('}}')", "}", nil, "format-output-closing-brace"},
-		{`format('Hello "{0}" {1} {2} {3} {4}', null, true, -3.14, NaN, Infinity)`, `Hello "" true -3.14 NaN Infinity`, nil, "format-with-primitives"},
-		{`format('Hello "{0}" {1} {2}', fromJSON('[0, true, "abc"]'), fromJSON('[{"a":1}]'), fromJSON('{"a":{"b":1}}'))`, `Hello "Array" Array Object`, nil, "format-with-complex-types"},
-		{"format(true)", "true", nil, "format-with-primitive-args"},
-		{"format('echo Hello {0} ${{Test}}', github.undefined_property)", "echo Hello  ${Test}", nil, "format-with-undefined-value"},
-		{"format('{0}}', '{1}', 'World')", nil, "Closing bracket without opening one. The following format string is invalid: '{0}}'", "format-invalid-format-string"},
-		{"format('{0', '{1}', 'World')", nil, "Unclosed brackets. The following format string is invalid: '{0'", "format-invalid-format-string"},
-		{"format('{2}', '{1}', 'World')", "", "The following format string references more arguments than were supplied: '{2}'", "format-invalid-replacement-reference"},
-		{"format('{2147483648}')", "", "The following format string is invalid: '{2147483648}'", "format-invalid-replacement-reference"},
-		{"format('{0} {1} {2} {3}', 1.0, 1.1, 1234567890.0, 12345678901234567890.0)", "1 1.1 1234567890 1.23456789012346E+19", nil, "format-floats"},
-	}
-
-	env := &EvaluationEnvironment{
-		Github: &model.GithubContext{},
-	}
-
-	for _, tt := range table {
-		t.Run(tt.name, func(t *testing.T) {
-			output, err := NewInterpeter(env, Config{}).Evaluate(tt.input, DefaultStatusCheckNone)
-			if tt.error != nil {
-				assert.Equal(t, tt.error, err.Error())
-			} else {
-				assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-				assert.Equal(t, tt.expected, output)
-			}
-		})
-	}
-}

act/exprparser/interpreter.go

@@ -1,644 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Copyright 2022 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package exprparser
-
-import (
-	"encoding"
-	"errors"
-	"fmt"
-	"math"
-	"reflect"
-	"strings"
-
-	"gitea.com/gitea/runner/act/model"
-
-	"github.com/rhysd/actionlint"
-)
-
-type EvaluationEnvironment struct {
-	Github    *model.GithubContext
-	Env       map[string]string
-	Job       *model.JobContext
-	Jobs      *map[string]*model.WorkflowCallResult
-	Steps     map[string]*model.StepResult
-	Runner    map[string]any
-	Secrets   map[string]string
-	Vars      map[string]string
-	Strategy  map[string]any
-	Matrix    map[string]any
-	Needs     map[string]Needs
-	Inputs    map[string]any
-	HashFiles func([]reflect.Value) (any, error)
-}
-
-type Needs struct {
-	Outputs map[string]string `json:"outputs"`
-	Result  string            `json:"result"`
-}
-
-type Config struct {
-	Run        *model.Run
-	WorkingDir string
-	Context    string
-}
-
-type DefaultStatusCheck int
-
-const (
-	DefaultStatusCheckNone DefaultStatusCheck = iota
-	DefaultStatusCheckSuccess
-	DefaultStatusCheckAlways
-	DefaultStatusCheckCanceled
-	DefaultStatusCheckFailure
-)
-
-func (dsc DefaultStatusCheck) String() string {
-	switch dsc {
-	case DefaultStatusCheckSuccess:
-		return "success"
-	case DefaultStatusCheckAlways:
-		return "always"
-	case DefaultStatusCheckCanceled:
-		return "cancelled"
-	case DefaultStatusCheckFailure:
-		return "failure"
-	}
-	return ""
-}
-
-type Interpreter interface {
-	Evaluate(input string, defaultStatusCheck DefaultStatusCheck) (any, error)
-}
-
-type interperterImpl struct {
-	env    *EvaluationEnvironment
-	config Config
-}
-
-func NewInterpeter(env *EvaluationEnvironment, config Config) Interpreter {
-	return &interperterImpl{
-		env:    env,
-		config: config,
-	}
-}
-
-func (impl *interperterImpl) Evaluate(input string, defaultStatusCheck DefaultStatusCheck) (any, error) {
-	input = strings.TrimPrefix(input, "${{")
-	if defaultStatusCheck != DefaultStatusCheckNone && input == "" {
-		input = "success()"
-	}
-	parser := actionlint.NewExprParser()
-	exprNode, err := parser.Parse(actionlint.NewExprLexer(input + "}}"))
-	if err != nil {
-		return nil, fmt.Errorf("Failed to parse: %s", err.Message)
-	}
-
-	if defaultStatusCheck != DefaultStatusCheckNone {
-		hasStatusCheckFunction := false
-		actionlint.VisitExprNode(exprNode, func(node, _ actionlint.ExprNode, entering bool) {
-			if funcCallNode, ok := node.(*actionlint.FuncCallNode); entering && ok {
-				switch strings.ToLower(funcCallNode.Callee) {
-				case "success", "always", "cancelled", "failure":
-					hasStatusCheckFunction = true
-				}
-			}
-		})
-
-		if !hasStatusCheckFunction {
-			exprNode = &actionlint.LogicalOpNode{
-				Kind: actionlint.LogicalOpNodeKindAnd,
-				Left: &actionlint.FuncCallNode{
-					Callee: defaultStatusCheck.String(),
-					Args:   []actionlint.ExprNode{},
-				},
-				Right: exprNode,
-			}
-		}
-	}
-
-	result, err2 := impl.evaluateNode(exprNode)
-
-	return result, err2
-}
-
-func (impl *interperterImpl) evaluateNode(exprNode actionlint.ExprNode) (any, error) {
-	switch node := exprNode.(type) {
-	case *actionlint.VariableNode:
-		return impl.evaluateVariable(node)
-	case *actionlint.BoolNode:
-		return node.Value, nil
-	case *actionlint.NullNode:
-		return nil, nil //nolint:nilnil // pre-existing issue from nektos/act
-	case *actionlint.IntNode:
-		return node.Value, nil
-	case *actionlint.FloatNode:
-		return node.Value, nil
-	case *actionlint.StringNode:
-		return node.Value, nil
-	case *actionlint.IndexAccessNode:
-		return impl.evaluateIndexAccess(node)
-	case *actionlint.ObjectDerefNode:
-		return impl.evaluateObjectDeref(node)
-	case *actionlint.ArrayDerefNode:
-		return impl.evaluateArrayDeref(node)
-	case *actionlint.NotOpNode:
-		return impl.evaluateNot(node)
-	case *actionlint.CompareOpNode:
-		return impl.evaluateCompare(node)
-	case *actionlint.LogicalOpNode:
-		return impl.evaluateLogicalCompare(node)
-	case *actionlint.FuncCallNode:
-		return impl.evaluateFuncCall(node)
-	default:
-		return nil, fmt.Errorf("Fatal error! Unknown node type: %s node: %+v", reflect.TypeOf(exprNode), exprNode)
-	}
-}
-
-func (impl *interperterImpl) evaluateVariable(variableNode *actionlint.VariableNode) (any, error) {
-	switch strings.ToLower(variableNode.Name) {
-	case "github":
-		return impl.env.Github, nil
-	case "gitea": // compatible with Gitea
-		return impl.env.Github, nil
-	case "env":
-		return impl.env.Env, nil
-	case "job":
-		return impl.env.Job, nil
-	case "jobs":
-		if impl.env.Jobs == nil {
-			return nil, errors.New("Unavailable context: jobs")
-		}
-		return impl.env.Jobs, nil
-	case "steps":
-		return impl.env.Steps, nil
-	case "runner":
-		return impl.env.Runner, nil
-	case "secrets":
-		return impl.env.Secrets, nil
-	case "vars":
-		return impl.env.Vars, nil
-	case "strategy":
-		return impl.env.Strategy, nil
-	case "matrix":
-		return impl.env.Matrix, nil
-	case "needs":
-		return impl.env.Needs, nil
-	case "inputs":
-		return impl.env.Inputs, nil
-	case "infinity":
-		return math.Inf(1), nil
-	case "nan":
-		return math.NaN(), nil
-	default:
-		return nil, fmt.Errorf("Unavailable context: %s", variableNode.Name)
-	}
-}
-
-func (impl *interperterImpl) evaluateIndexAccess(indexAccessNode *actionlint.IndexAccessNode) (any, error) {
-	left, err := impl.evaluateNode(indexAccessNode.Operand)
-	if err != nil {
-		return nil, err
-	}
-
-	leftValue := reflect.ValueOf(left)
-
-	right, err := impl.evaluateNode(indexAccessNode.Index)
-	if err != nil {
-		return nil, err
-	}
-
-	rightValue := reflect.ValueOf(right)
-
-	switch rightValue.Kind() {
-	case reflect.String:
-		return impl.getPropertyValue(leftValue, rightValue.String())
-
-	case reflect.Int:
-		switch leftValue.Kind() {
-		case reflect.Slice:
-			if rightValue.Int() < 0 || rightValue.Int() >= int64(leftValue.Len()) {
-				return nil, nil //nolint:nilnil // pre-existing issue from nektos/act
-			}
-			return leftValue.Index(int(rightValue.Int())).Interface(), nil
-		default:
-			return nil, nil //nolint:nilnil // pre-existing issue from nektos/act
-		}
-
-	default:
-		return nil, nil //nolint:nilnil // pre-existing issue from nektos/act
-	}
-}
-
-func (impl *interperterImpl) evaluateObjectDeref(objectDerefNode *actionlint.ObjectDerefNode) (any, error) {
-	left, err := impl.evaluateNode(objectDerefNode.Receiver)
-	if err != nil {
-		return nil, err
-	}
-
-	return impl.getPropertyValue(reflect.ValueOf(left), objectDerefNode.Property)
-}
-
-func (impl *interperterImpl) evaluateArrayDeref(arrayDerefNode *actionlint.ArrayDerefNode) (any, error) {
-	left, err := impl.evaluateNode(arrayDerefNode.Receiver)
-	if err != nil {
-		return nil, err
-	}
-
-	return impl.getSafeValue(reflect.ValueOf(left)), nil
-}
-
-func (impl *interperterImpl) getPropertyValue(left reflect.Value, property string) (value any, err error) {
-	switch left.Kind() {
-	case reflect.Ptr:
-		return impl.getPropertyValue(left.Elem(), property)
-
-	case reflect.Struct:
-		leftType := left.Type()
-		for field := range leftType.Fields() {
-			jsonName := field.Tag.Get("json")
-			if jsonName == property {
-				property = field.Name
-				break
-			}
-		}
-
-		fieldValue := left.FieldByNameFunc(func(name string) bool {
-			return strings.EqualFold(name, property)
-		})
-
-		if fieldValue.Kind() == reflect.Invalid {
-			return "", nil
-		}
-
-		i := fieldValue.Interface()
-		// The type stepStatus int is an integer, but should be treated as string
-		if m, ok := i.(encoding.TextMarshaler); ok {
-			text, err := m.MarshalText()
-			if err != nil {
-				return nil, err
-			}
-			return string(text), nil
-		}
-		return i, nil
-
-	case reflect.Map:
-		iter := left.MapRange()
-
-		for iter.Next() {
-			key := iter.Key()
-
-			switch key.Kind() {
-			case reflect.String:
-				if strings.EqualFold(key.String(), property) {
-					return impl.getMapValue(iter.Value())
-				}
-
-			default:
-				return nil, fmt.Errorf("'%s' in map key not implemented", key.Kind())
-			}
-		}
-
-		return nil, nil //nolint:nilnil // pre-existing issue from nektos/act
-
-	case reflect.Slice:
-		var values []any
-
-		for i := 0; i < left.Len(); i++ {
-			value, err := impl.getPropertyValue(left.Index(i).Elem(), property)
-			if err != nil {
-				return nil, err
-			}
-
-			values = append(values, value)
-		}
-
-		return values, nil
-	}
-
-	return nil, nil //nolint:nilnil // pre-existing issue from nektos/act
-}
-
-func (impl *interperterImpl) getMapValue(value reflect.Value) (any, error) {
-	if value.Kind() == reflect.Ptr {
-		return impl.getMapValue(value.Elem())
-	}
-
-	return value.Interface(), nil
-}
-
-func (impl *interperterImpl) evaluateNot(notNode *actionlint.NotOpNode) (any, error) {
-	operand, err := impl.evaluateNode(notNode.Operand)
-	if err != nil {
-		return nil, err
-	}
-
-	return !IsTruthy(operand), nil
-}
-
-func (impl *interperterImpl) evaluateCompare(compareNode *actionlint.CompareOpNode) (any, error) {
-	left, err := impl.evaluateNode(compareNode.Left)
-	if err != nil {
-		return nil, err
-	}
-
-	right, err := impl.evaluateNode(compareNode.Right)
-	if err != nil {
-		return nil, err
-	}
-
-	leftValue := reflect.ValueOf(left)
-	rightValue := reflect.ValueOf(right)
-
-	return impl.compareValues(leftValue, rightValue, compareNode.Kind)
-}
-
-func (impl *interperterImpl) compareValues(leftValue, rightValue reflect.Value, kind actionlint.CompareOpNodeKind) (any, error) {
-	if leftValue.Kind() != rightValue.Kind() {
-		if !impl.isNumber(leftValue) {
-			leftValue = impl.coerceToNumber(leftValue)
-		}
-		if !impl.isNumber(rightValue) {
-			rightValue = impl.coerceToNumber(rightValue)
-		}
-	}
-
-	switch leftValue.Kind() {
-	case reflect.Bool:
-		return impl.compareNumber(float64(impl.coerceToNumber(leftValue).Int()), float64(impl.coerceToNumber(rightValue).Int()), kind)
-	case reflect.String:
-		return impl.compareString(strings.ToLower(leftValue.String()), strings.ToLower(rightValue.String()), kind)
-
-	case reflect.Int:
-		if rightValue.Kind() == reflect.Float64 {
-			return impl.compareNumber(float64(leftValue.Int()), rightValue.Float(), kind)
-		}
-
-		return impl.compareNumber(float64(leftValue.Int()), float64(rightValue.Int()), kind)
-
-	case reflect.Float64:
-		if rightValue.Kind() == reflect.Int {
-			return impl.compareNumber(leftValue.Float(), float64(rightValue.Int()), kind)
-		}
-
-		return impl.compareNumber(leftValue.Float(), rightValue.Float(), kind)
-
-	case reflect.Invalid:
-		if rightValue.Kind() == reflect.Invalid {
-			return true, nil
-		}
-
-		// not possible situation - params are converted to the same type in code above
-		return nil, fmt.Errorf("Compare params of Invalid type: left: %+v, right: %+v", leftValue.Kind(), rightValue.Kind())
-
-	default:
-		return nil, fmt.Errorf("Compare not implemented for types: left: %+v, right: %+v", leftValue.Kind(), rightValue.Kind())
-	}
-}
-
-func (impl *interperterImpl) coerceToNumber(value reflect.Value) reflect.Value {
-	switch value.Kind() {
-	case reflect.Invalid:
-		return reflect.ValueOf(0)
-
-	case reflect.Bool:
-		switch value.Bool() {
-		case true:
-			return reflect.ValueOf(1)
-		case false:
-			return reflect.ValueOf(0)
-		}
-
-	case reflect.String:
-		if value.String() == "" {
-			return reflect.ValueOf(0)
-		}
-
-		// try to parse the string as a number
-		evaluated, err := impl.Evaluate(value.String(), DefaultStatusCheckNone)
-		if err != nil {
-			return reflect.ValueOf(math.NaN())
-		}
-
-		if value := reflect.ValueOf(evaluated); impl.isNumber(value) {
-			return value
-		}
-	}
-
-	return reflect.ValueOf(math.NaN())
-}
-
-func (impl *interperterImpl) coerceToString(value reflect.Value) reflect.Value {
-	switch value.Kind() {
-	case reflect.Invalid:
-		return reflect.ValueOf("")
-
-	case reflect.Bool:
-		switch value.Bool() {
-		case true:
-			return reflect.ValueOf("true")
-		case false:
-			return reflect.ValueOf("false")
-		}
-
-	case reflect.String:
-		return value
-
-	case reflect.Int:
-		return reflect.ValueOf(fmt.Sprint(value))
-
-	case reflect.Float64:
-		if math.IsInf(value.Float(), 1) {
-			return reflect.ValueOf("Infinity")
-		} else if math.IsInf(value.Float(), -1) {
-			return reflect.ValueOf("-Infinity")
-		}
-		return reflect.ValueOf(fmt.Sprintf("%.15G", value.Float()))
-
-	case reflect.Slice:
-		return reflect.ValueOf("Array")
-
-	case reflect.Map:
-		return reflect.ValueOf("Object")
-	}
-
-	return value
-}
-
-func (impl *interperterImpl) compareString(left, right string, kind actionlint.CompareOpNodeKind) (bool, error) {
-	switch kind {
-	case actionlint.CompareOpNodeKindLess:
-		return left < right, nil
-	case actionlint.CompareOpNodeKindLessEq:
-		return left <= right, nil
-	case actionlint.CompareOpNodeKindGreater:
-		return left > right, nil
-	case actionlint.CompareOpNodeKindGreaterEq:
-		return left >= right, nil
-	case actionlint.CompareOpNodeKindEq:
-		return left == right, nil
-	case actionlint.CompareOpNodeKindNotEq:
-		return left != right, nil
-	default:
-		return false, fmt.Errorf("TODO: not implemented to compare '%+v'", kind)
-	}
-}
-
-func (impl *interperterImpl) compareNumber(left, right float64, kind actionlint.CompareOpNodeKind) (bool, error) {
-	switch kind {
-	case actionlint.CompareOpNodeKindLess:
-		return left < right, nil
-	case actionlint.CompareOpNodeKindLessEq:
-		return left <= right, nil
-	case actionlint.CompareOpNodeKindGreater:
-		return left > right, nil
-	case actionlint.CompareOpNodeKindGreaterEq:
-		return left >= right, nil
-	case actionlint.CompareOpNodeKindEq:
-		return left == right, nil
-	case actionlint.CompareOpNodeKindNotEq:
-		return left != right, nil
-	default:
-		return false, fmt.Errorf("TODO: not implemented to compare '%+v'", kind)
-	}
-}
-
-func IsTruthy(input any) bool {
-	value := reflect.ValueOf(input)
-	switch value.Kind() {
-	case reflect.Bool:
-		return value.Bool()
-
-	case reflect.String:
-		return value.String() != ""
-
-	case reflect.Int:
-		return value.Int() != 0
-
-	case reflect.Float64:
-		if math.IsNaN(value.Float()) {
-			return false
-		}
-
-		return value.Float() != 0
-
-	case reflect.Map, reflect.Slice:
-		return true
-
-	default:
-		return false
-	}
-}
-
-func (impl *interperterImpl) isNumber(value reflect.Value) bool {
-	switch value.Kind() {
-	case reflect.Int, reflect.Float64:
-		return true
-	default:
-		return false
-	}
-}
-
-func (impl *interperterImpl) getSafeValue(value reflect.Value) any {
-	switch value.Kind() {
-	case reflect.Invalid:
-		return nil
-
-	case reflect.Float64:
-		if value.Float() == 0 {
-			return 0
-		}
-	}
-
-	return value.Interface()
-}
-
-func (impl *interperterImpl) evaluateLogicalCompare(compareNode *actionlint.LogicalOpNode) (any, error) {
-	left, err := impl.evaluateNode(compareNode.Left)
-	if err != nil {
-		return nil, err
-	}
-
-	leftValue := reflect.ValueOf(left)
-
-	if IsTruthy(left) == (compareNode.Kind == actionlint.LogicalOpNodeKindOr) {
-		return impl.getSafeValue(leftValue), nil
-	}
-
-	right, err := impl.evaluateNode(compareNode.Right)
-	if err != nil {
-		return nil, err
-	}
-
-	rightValue := reflect.ValueOf(right)
-
-	switch compareNode.Kind {
-	case actionlint.LogicalOpNodeKindAnd:
-		return impl.getSafeValue(rightValue), nil
-	case actionlint.LogicalOpNodeKindOr:
-		return impl.getSafeValue(rightValue), nil
-	}
-
-	return nil, fmt.Errorf("Unable to compare incompatibles types '%s' and '%s'", leftValue.Kind(), rightValue.Kind())
-}
-
-func (impl *interperterImpl) evaluateFuncCall(funcCallNode *actionlint.FuncCallNode) (any, error) {
-	args := make([]reflect.Value, 0)
-
-	for _, arg := range funcCallNode.Args {
-		value, err := impl.evaluateNode(arg)
-		if err != nil {
-			return nil, err
-		}
-
-		args = append(args, reflect.ValueOf(value))
-	}
-
-	switch strings.ToLower(funcCallNode.Callee) {
-	case "contains":
-		return impl.contains(args[0], args[1])
-	case "startswith":
-		return impl.startsWith(args[0], args[1])
-	case "endswith":
-		return impl.endsWith(args[0], args[1])
-	case "format":
-		return impl.format(args[0], args[1:]...)
-	case "join":
-		if len(args) == 1 {
-			return impl.join(args[0], reflect.ValueOf(","))
-		}
-		return impl.join(args[0], args[1])
-	case "tojson":
-		return impl.toJSON(args[0])
-	case "fromjson":
-		return impl.fromJSON(args[0])
-	case "hashfiles":
-		if impl.env.HashFiles != nil {
-			return impl.env.HashFiles(args)
-		}
-		return impl.hashFiles(args...)
-	case "always":
-		return impl.always()
-	case "success":
-		if impl.config.Context == "job" {
-			return impl.jobSuccess()
-		}
-		if impl.config.Context == "step" {
-			return impl.stepSuccess()
-		}
-		return nil, fmt.Errorf("Context '%s' must be one of 'job' or 'step'", impl.config.Context)
-	case "failure":
-		if impl.config.Context == "job" {
-			return impl.jobFailure()
-		}
-		if impl.config.Context == "step" {
-			return impl.stepFailure()
-		}
-		return nil, fmt.Errorf("Context '%s' must be one of 'job' or 'step'", impl.config.Context)
-	case "cancelled":
-		return impl.cancelled()
-	default:
-		return nil, fmt.Errorf("TODO: '%s' not implemented", funcCallNode.Callee)
-	}
-}

act/exprparser/testdata/for-hashing-1.txt

@@ -1 +0,0 @@
-Hello

act/exprparser/testdata/for-hashing-2.txt

@@ -1 +0,0 @@
-World!

act/exprparser/testdata/for-hashing-3/data.txt

@@ -1 +0,0 @@
-Knock knock!

act/exprparser/testdata/for-hashing-3/nested/nested-data.txt

@@ -1 +0,0 @@
-Anybody home?

act/lookpath/error.go

@@ -1,14 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Copyright 2022 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package lookpath
-
-type Error struct {
-	Name string
-	Err  error
-}
-
-func (e *Error) Error() string {
-	return e.Err.Error()
-}

act/model/workflow_test.go

@@ -1,908 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Copyright 2020 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package model
-
-import (
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"go.yaml.in/yaml/v4"
-)
-
-func TestReadWorkflow_ScheduleEvent(t *testing.T) {
-	yaml := `
-name: local-action-docker-url
-on:
-  schedule:
-    - cron: '30 5 * * 1,3'
-    - cron: '30 5 * * 2,4'
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: ./actions/docker-url
-`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-
-	schedules := workflow.OnEvent("schedule")
-	assert.Len(t, schedules, 2)
-
-	newSchedules := workflow.OnSchedule()
-	assert.Len(t, newSchedules, 2)
-
-	assert.Equal(t, "30 5 * * 1,3", newSchedules[0])
-	assert.Equal(t, "30 5 * * 2,4", newSchedules[1])
-
-	yaml = `
-name: local-action-docker-url
-on:
-  schedule:
-    test: '30 5 * * 1,3'
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: ./actions/docker-url
-`
-
-	workflow, err = ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-
-	newSchedules = workflow.OnSchedule()
-	assert.Empty(t, newSchedules)
-
-	yaml = `
-name: local-action-docker-url
-on:
-  schedule:
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: ./actions/docker-url
-`
-
-	workflow, err = ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-
-	newSchedules = workflow.OnSchedule()
-	assert.Empty(t, newSchedules)
-
-	yaml = `
-name: local-action-docker-url
-on: [push, tag]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: ./actions/docker-url
-`
-
-	workflow, err = ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-
-	newSchedules = workflow.OnSchedule()
-	assert.Empty(t, newSchedules)
-}
-
-func TestReadWorkflow_StringEvent(t *testing.T) {
-	yaml := `
-name: local-action-docker-url
-on: push
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: ./actions/docker-url
-`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-
-	assert.Len(t, workflow.On(), 1)
-	assert.Contains(t, workflow.On(), "push")
-}
-
-func TestReadWorkflow_ListEvent(t *testing.T) {
-	yaml := `
-name: local-action-docker-url
-on: [push, pull_request]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: ./actions/docker-url
-`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-
-	assert.Len(t, workflow.On(), 2)
-	assert.Contains(t, workflow.On(), "push")
-	assert.Contains(t, workflow.On(), "pull_request")
-}
-
-func TestReadWorkflow_MapEvent(t *testing.T) {
-	yaml := `
-name: local-action-docker-url
-on:
-  push:
-    branches:
-    - master
-  pull_request:
-    branches:
-    - master
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: ./actions/docker-url
-`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Len(t, workflow.On(), 2)
-	assert.Contains(t, workflow.On(), "push")
-	assert.Contains(t, workflow.On(), "pull_request")
-}
-
-func TestReadWorkflow_RunsOnLabels(t *testing.T) {
-	yaml := `
-name: local-action-docker-url
-
-jobs:
-  test:
-    container: nginx:latest
-    runs-on:
-      labels: ubuntu-latest
-    steps:
-    - uses: ./actions/docker-url`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed")                     //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, workflow.Jobs["test"].RunsOn(), []string{"ubuntu-latest"}) //nolint:testifylint // pre-existing issue from nektos/act
-}
-
-func TestReadWorkflow_RunsOnLabelsWithGroup(t *testing.T) {
-	yaml := `
-name: local-action-docker-url
-
-jobs:
-  test:
-    container: nginx:latest
-    runs-on:
-      labels: [ubuntu-latest]
-      group: linux
-    steps:
-    - uses: ./actions/docker-url`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed")                              //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, workflow.Jobs["test"].RunsOn(), []string{"ubuntu-latest", "linux"}) //nolint:testifylint // pre-existing issue from nektos/act
-}
-
-func TestReadWorkflow_StringContainer(t *testing.T) {
-	yaml := `
-name: local-action-docker-url
-
-jobs:
-  test:
-    container: nginx:latest
-    runs-on: ubuntu-latest
-    steps:
-    - uses: ./actions/docker-url
-  test2:
-    container:
-      image: nginx:latest
-      env:
-        foo: bar
-    runs-on: ubuntu-latest
-    steps:
-    - uses: ./actions/docker-url
-`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Len(t, workflow.Jobs, 2)
-	assert.Contains(t, workflow.Jobs["test"].Container().Image, "nginx:latest")
-	assert.Contains(t, workflow.Jobs["test2"].Container().Image, "nginx:latest")
-	assert.Contains(t, workflow.Jobs["test2"].Container().Env["foo"], "bar")
-}
-
-func TestReadWorkflow_ObjectContainer(t *testing.T) {
-	yaml := `
-name: local-action-docker-url
-
-jobs:
-  test:
-    container:
-      image: r.example.org/something:latest
-      credentials:
-        username: registry-username
-        password: registry-password
-      env:
-        HOME: /home/user
-      volumes:
-        - my_docker_volume:/volume_mount
-        - /data/my_data
-        - /source/directory:/destination/directory
-    runs-on: ubuntu-latest
-    steps:
-    - uses: ./actions/docker-url
-`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Len(t, workflow.Jobs, 1)
-
-	container := workflow.GetJob("test").Container()
-
-	assert.Contains(t, container.Image, "r.example.org/something:latest")
-	assert.Contains(t, container.Env["HOME"], "/home/user")
-	assert.Contains(t, container.Credentials["username"], "registry-username")
-	assert.Contains(t, container.Credentials["password"], "registry-password")
-	assert.ElementsMatch(t, container.Volumes, []string{
-		"my_docker_volume:/volume_mount",
-		"/data/my_data",
-		"/source/directory:/destination/directory",
-	})
-}
-
-func TestReadWorkflow_JobTypes(t *testing.T) {
-	yaml := `
-name: invalid job definition
-
-jobs:
-  default-job:
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo
-  remote-reusable-workflow-yml:
-    uses: remote/repo/some/path/to/workflow.yml@main
-  remote-reusable-workflow-yaml:
-    uses: remote/repo/some/path/to/workflow.yaml@main
-  remote-reusable-workflow-custom-path:
-    uses: remote/repo/path/to/workflow.yml@main
-  local-reusable-workflow-yml:
-    uses: ./some/path/to/workflow.yml
-  local-reusable-workflow-yaml:
-    uses: ./some/path/to/workflow.yaml
-`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Len(t, workflow.Jobs, 6)
-
-	jobType, err := workflow.Jobs["default-job"].Type()
-	assert.Equal(t, nil, err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, JobTypeDefault, jobType)
-
-	jobType, err = workflow.Jobs["remote-reusable-workflow-yml"].Type()
-	assert.Equal(t, nil, err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, JobTypeReusableWorkflowRemote, jobType)
-
-	jobType, err = workflow.Jobs["remote-reusable-workflow-yaml"].Type()
-	assert.Equal(t, nil, err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, JobTypeReusableWorkflowRemote, jobType)
-
-	jobType, err = workflow.Jobs["remote-reusable-workflow-custom-path"].Type()
-	assert.Equal(t, nil, err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, JobTypeReusableWorkflowRemote, jobType)
-
-	jobType, err = workflow.Jobs["local-reusable-workflow-yml"].Type()
-	assert.Equal(t, nil, err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, JobTypeReusableWorkflowLocal, jobType)
-
-	jobType, err = workflow.Jobs["local-reusable-workflow-yaml"].Type()
-	assert.Equal(t, nil, err) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, JobTypeReusableWorkflowLocal, jobType)
-}
-
-func TestReadWorkflow_JobTypes_InvalidPath(t *testing.T) {
-	yaml := `
-name: invalid job definition
-
-jobs:
-  remote-reusable-workflow-missing-version:
-    uses: remote/repo/some/path/to/workflow.yml
-  remote-reusable-workflow-bad-extension:
-    uses: remote/repo/some/path/to/workflow.json
-  local-reusable-workflow-bad-extension:
-    uses: ./some/path/to/workflow.json
-  local-reusable-workflow-bad-path:
-    uses: some/path/to/workflow.yaml
-`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Len(t, workflow.Jobs, 4)
-
-	jobType, err := workflow.Jobs["remote-reusable-workflow-missing-version"].Type()
-	assert.Equal(t, JobTypeInvalid, jobType)
-	assert.NotEqual(t, nil, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-	jobType, err = workflow.Jobs["remote-reusable-workflow-bad-extension"].Type()
-	assert.Equal(t, JobTypeInvalid, jobType)
-	assert.NotEqual(t, nil, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-	jobType, err = workflow.Jobs["local-reusable-workflow-bad-extension"].Type()
-	assert.Equal(t, JobTypeInvalid, jobType)
-	assert.NotEqual(t, nil, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-	jobType, err = workflow.Jobs["local-reusable-workflow-bad-path"].Type()
-	assert.Equal(t, JobTypeInvalid, jobType)
-	assert.NotEqual(t, nil, err) //nolint:testifylint // pre-existing issue from nektos/act
-}
-
-func TestReadWorkflow_StepsTypes(t *testing.T) {
-	yaml := `
-name: invalid step definition
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - name: test1
-        uses: actions/checkout@v2
-        run: echo
-      - name: test2
-        run: echo
-      - name: test3
-        uses: actions/checkout@v2
-      - name: test4
-        uses: docker://nginx:latest
-      - name: test5
-        uses: ./local-action
-`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Len(t, workflow.Jobs, 1)
-	assert.Len(t, workflow.Jobs["test"].Steps, 5)
-	assert.Equal(t, workflow.Jobs["test"].Steps[0].Type(), StepTypeInvalid)          //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, workflow.Jobs["test"].Steps[1].Type(), StepTypeRun)              //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, workflow.Jobs["test"].Steps[2].Type(), StepTypeUsesActionRemote) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, workflow.Jobs["test"].Steps[3].Type(), StepTypeUsesDockerURL)    //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, workflow.Jobs["test"].Steps[4].Type(), StepTypeUsesActionLocal)  //nolint:testifylint // pre-existing issue from nektos/act
-}
-
-// See: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idoutputs
-func TestReadWorkflow_JobOutputs(t *testing.T) {
-	yaml := `
-name: job outputs definition
-
-jobs:
-  test1:
-    runs-on: ubuntu-latest
-    steps:
-      - id: test1_1
-        run: |
-          echo "::set-output name=a_key::some-a_value"
-          echo "::set-output name=b-key::some-b-value"
-    outputs:
-      some_a_key: ${{ steps.test1_1.outputs.a_key }}
-      some-b-key: ${{ steps.test1_1.outputs.b-key }}
-
-  test2:
-    runs-on: ubuntu-latest
-    needs:
-      - test1
-    steps:
-      - name: test2_1
-        run: |
-          echo "${{ needs.test1.outputs.some_a_key }}"
-          echo "${{ needs.test1.outputs.some-b-key }}"
-`
-
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Len(t, workflow.Jobs, 2)
-
-	assert.Len(t, workflow.Jobs["test1"].Steps, 1)
-	assert.Equal(t, StepTypeRun, workflow.Jobs["test1"].Steps[0].Type())
-	assert.Equal(t, "test1_1", workflow.Jobs["test1"].Steps[0].ID)
-	assert.Len(t, workflow.Jobs["test1"].Outputs, 2)
-	assert.Contains(t, workflow.Jobs["test1"].Outputs, "some_a_key")
-	assert.Contains(t, workflow.Jobs["test1"].Outputs, "some-b-key")
-	assert.Equal(t, "${{ steps.test1_1.outputs.a_key }}", workflow.Jobs["test1"].Outputs["some_a_key"])
-	assert.Equal(t, "${{ steps.test1_1.outputs.b-key }}", workflow.Jobs["test1"].Outputs["some-b-key"])
-}
-
-func TestReadWorkflow_Strategy(t *testing.T) {
-	w, err := NewWorkflowPlanner("testdata/strategy/push.yml", true)
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-	p, err := w.PlanJob("strategy-only-max-parallel")
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-	assert.Equal(t, len(p.Stages), 1)         //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, len(p.Stages[0].Runs), 1) //nolint:testifylint // pre-existing issue from nektos/act
-
-	wf := p.Stages[0].Runs[0].Workflow
-
-	job := wf.Jobs["strategy-only-max-parallel"]
-	matrixes, err := job.GetMatrixes()
-	assert.NoError(t, err)                          //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, matrixes, []map[string]any{{}}) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, job.Matrix(), map[string][]any(nil))
-	assert.Equal(t, job.Strategy.MaxParallel, 2) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, job.Strategy.FailFast, true) //nolint:testifylint // pre-existing issue from nektos/act
-
-	job = wf.Jobs["strategy-only-fail-fast"]
-	matrixes, err = job.GetMatrixes()
-	assert.NoError(t, err)                          //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, matrixes, []map[string]any{{}}) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, job.Matrix(), map[string][]any(nil))
-	assert.Equal(t, job.Strategy.MaxParallel, 4)  //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, job.Strategy.FailFast, false) //nolint:testifylint // pre-existing issue from nektos/act
-
-	job = wf.Jobs["strategy-no-matrix"]
-	matrixes, err = job.GetMatrixes()
-	assert.NoError(t, err)                          //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, matrixes, []map[string]any{{}}) //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, job.Matrix(), map[string][]any(nil))
-	assert.Equal(t, job.Strategy.MaxParallel, 2)  //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, job.Strategy.FailFast, false) //nolint:testifylint // pre-existing issue from nektos/act
-
-	job = wf.Jobs["strategy-all"]
-	matrixes, err = job.GetMatrixes()
-	assert.NoError(t, err)    //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, matrixes, //nolint:testifylint // pre-existing issue from nektos/act
-		[]map[string]any{
-			{"datacenter": "site-c", "node-version": "14.x", "site": "staging"},
-			{"datacenter": "site-c", "node-version": "16.x", "site": "staging"},
-			{"datacenter": "site-d", "node-version": "16.x", "site": "staging"},
-			{"php-version": 5.4},
-			{"datacenter": "site-a", "node-version": "10.x", "site": "prod"},
-			{"datacenter": "site-b", "node-version": "12.x", "site": "dev"},
-		},
-	)
-	assert.Equal(t, job.Matrix(), //nolint:testifylint // pre-existing issue from nektos/act
-		map[string][]any{
-			"datacenter": {"site-c", "site-d"},
-			"exclude": {
-				map[string]any{"datacenter": "site-d", "node-version": "14.x", "site": "staging"},
-			},
-			"include": {
-				map[string]any{"php-version": 5.4},
-				map[string]any{"datacenter": "site-a", "node-version": "10.x", "site": "prod"},
-				map[string]any{"datacenter": "site-b", "node-version": "12.x", "site": "dev"},
-			},
-			"node-version": {"14.x", "16.x"},
-			"site":         {"staging"},
-		},
-	)
-	assert.Equal(t, job.Strategy.MaxParallel, 2)  //nolint:testifylint // pre-existing issue from nektos/act
-	assert.Equal(t, job.Strategy.FailFast, false) //nolint:testifylint // pre-existing issue from nektos/act
-}
-
-func TestStep_ShellCommand(t *testing.T) {
-	tests := []struct {
-		shell string
-		want  string
-	}{
-		{"pwsh -v '. {0}'", "pwsh -v '. {0}'"},
-		{"pwsh", "pwsh -command . '{0}'"},
-		{"powershell", "powershell -command . '{0}'"},
-	}
-	for _, tt := range tests {
-		t.Run(tt.shell, func(t *testing.T) {
-			got := (&Step{Shell: tt.shell}).ShellCommand()
-			assert.Equal(t, got, tt.want) //nolint:testifylint // pre-existing issue from nektos/act
-		})
-	}
-}
-
-func TestReadWorkflow_WorkflowDispatchConfig(t *testing.T) {
-	yaml := `
-    name: local-action-docker-url
-    `
-	workflow, err := ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	workflowDispatch := workflow.WorkflowDispatchConfig()
-	assert.Nil(t, workflowDispatch)
-
-	yaml = `
-    name: local-action-docker-url
-    on: push
-    `
-	workflow, err = ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	workflowDispatch = workflow.WorkflowDispatchConfig()
-	assert.Nil(t, workflowDispatch)
-
-	yaml = `
-    name: local-action-docker-url
-    on: workflow_dispatch
-    `
-	workflow, err = ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	workflowDispatch = workflow.WorkflowDispatchConfig()
-	assert.NotNil(t, workflowDispatch)
-	assert.Nil(t, workflowDispatch.Inputs)
-
-	yaml = `
-    name: local-action-docker-url
-    on: [push, pull_request]
-    `
-	workflow, err = ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	workflowDispatch = workflow.WorkflowDispatchConfig()
-	assert.Nil(t, workflowDispatch)
-
-	yaml = `
-    name: local-action-docker-url
-    on: [push, workflow_dispatch]
-    `
-	workflow, err = ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	workflowDispatch = workflow.WorkflowDispatchConfig()
-	assert.NotNil(t, workflowDispatch)
-	assert.Nil(t, workflowDispatch.Inputs)
-
-	yaml = `
-    name: local-action-docker-url
-    on:
-        - push
-        - workflow_dispatch
-    `
-	workflow, err = ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	workflowDispatch = workflow.WorkflowDispatchConfig()
-	assert.NotNil(t, workflowDispatch)
-	assert.Nil(t, workflowDispatch.Inputs)
-
-	yaml = `
-    name: local-action-docker-url
-    on:
-        push:
-        pull_request:
-    `
-	workflow, err = ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	workflowDispatch = workflow.WorkflowDispatchConfig()
-	assert.Nil(t, workflowDispatch)
-
-	yaml = `
-    name: local-action-docker-url
-    on:
-        push:
-        pull_request:
-        workflow_dispatch:
-            inputs:
-                logLevel:
-                    description: 'Log level'
-                    required: true
-                    default: 'warning'
-                    type: choice
-                    options:
-                    - info
-                    - warning
-                    - debug
-    `
-	workflow, err = ReadWorkflow(strings.NewReader(yaml))
-	assert.NoError(t, err, "read workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-	workflowDispatch = workflow.WorkflowDispatchConfig()
-	assert.NotNil(t, workflowDispatch)
-	assert.Equal(t, WorkflowDispatchInput{
-		Default:     "warning",
-		Description: "Log level",
-		Options: []string{
-			"info",
-			"warning",
-			"debug",
-		},
-		Required: true,
-		Type:     "choice",
-	}, workflowDispatch.Inputs["logLevel"])
-}
-
-func TestStep_UsesHash(t *testing.T) {
-	type fields struct {
-		Uses string
-	}
-	tests := []struct {
-		name   string
-		fields fields
-		want   string
-	}{
-		{
-			name: "regular",
-			fields: fields{
-				Uses: "https://gitea.com/testa/testb@v3",
-			},
-			want: "ae437878e9f285bd7518c58664f9fabbb12d05feddd7169c01702a2a14322aa8",
-		},
-		{
-			name: "empty",
-			fields: fields{
-				Uses: "",
-			},
-			want: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := &Step{
-				Uses: tt.fields.Uses,
-			}
-			assert.Equalf(t, tt.want, s.UsesHash(), "UsesHash()")
-		})
-	}
-}
-
-func TestNormalizeMatrixValue(t *testing.T) {
-	tests := []struct {
-		name       string
-		key        string
-		value      any
-		wantResult []any
-		wantErr    bool
-		errMsg     string
-	}{
-		{
-			name:       "array_values_pass_through",
-			key:        "version",
-			value:      []any{"1.0", "2.0", "3.0"},
-			wantResult: []any{"1.0", "2.0", "3.0"},
-			wantErr:    false,
-		},
-		{
-			name:       "string_scalar_wrapped",
-			key:        "os",
-			value:      "ubuntu-latest",
-			wantResult: []any{"ubuntu-latest"},
-			wantErr:    false,
-		},
-		{
-			name:       "template_expression_wrapped",
-			key:        "version",
-			value:      "${{ fromJson(needs.setup.outputs.versions) }}",
-			wantResult: []any{"${{ fromJson(needs.setup.outputs.versions) }}"},
-			wantErr:    false,
-		},
-		{
-			name:       "integer_scalar_wrapped",
-			key:        "count",
-			value:      42,
-			wantResult: []any{42},
-			wantErr:    false,
-		},
-		{
-			name:       "float_scalar_wrapped",
-			key:        "factor",
-			value:      3.14,
-			wantResult: []any{3.14},
-			wantErr:    false,
-		},
-		{
-			name:       "bool_scalar_wrapped",
-			key:        "enabled",
-			value:      true,
-			wantResult: []any{true},
-			wantErr:    false,
-		},
-		{
-			name:       "nil_scalar_wrapped",
-			key:        "optional",
-			value:      nil,
-			wantResult: []any{nil},
-			wantErr:    false,
-		},
-		{
-			name:    "nested_map_returns_error",
-			key:     "config",
-			value:   map[string]any{"nested": "value"},
-			wantErr: true,
-			errMsg:  "has invalid nested object value",
-		},
-		{
-			name:       "empty_array_passes_through",
-			key:        "empty",
-			value:      []any{},
-			wantResult: []any{},
-			wantErr:    false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			result, err := normalizeMatrixValue(tt.key, tt.value)
-
-			if tt.wantErr {
-				assert.Error(t, err, "should return error") //nolint:testifylint // pre-existing issue from nektos/act
-				if tt.errMsg != "" {
-					assert.Contains(t, err.Error(), tt.errMsg)
-				}
-			} else {
-				assert.NoError(t, err, "should not return error") //nolint:testifylint // pre-existing issue from nektos/act
-				assert.Equal(t, tt.wantResult, result, "result should match expected")
-			}
-		})
-	}
-}
-
-func TestJobMatrix(t *testing.T) {
-	tests := []struct {
-		name    string
-		yaml    string
-		wantErr bool
-		wantLen int
-		checkFn func(*testing.T, map[string][]any)
-	}{
-		{
-			name: "matrix_with_arrays",
-			yaml: `
-name: test
-on: push
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        os: [ubuntu-latest, windows-latest]
-        version: [1.18, 1.19]
-    steps:
-      - run: echo test
-`,
-			wantErr: false,
-			wantLen: 2,
-			checkFn: func(t *testing.T, m map[string][]any) {
-				assert.Equal(t, []any{"ubuntu-latest", "windows-latest"}, m["os"])
-				assert.Equal(t, []any{1.18, 1.19}, m["version"])
-			},
-		},
-		{
-			name: "matrix_with_scalar_values",
-			yaml: `
-name: test
-on: push
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        os: ubuntu-latest
-        version: 1.19
-    steps:
-      - run: echo test
-`,
-			wantErr: false,
-			wantLen: 2,
-			checkFn: func(t *testing.T, m map[string][]any) {
-				assert.Equal(t, []any{"ubuntu-latest"}, m["os"])
-				assert.Equal(t, []any{1.19}, m["version"])
-			},
-		},
-		{
-			name: "matrix_with_template_expression",
-			yaml: `
-name: test
-on: push
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        versions: ${{ fromJson(needs.setup.outputs.versions) }}
-    steps:
-      - run: echo test
-`,
-			wantErr: false,
-			wantLen: 1,
-			checkFn: func(t *testing.T, m map[string][]any) {
-				assert.Equal(t, []any{"${{ fromJson(needs.setup.outputs.versions) }}"}, m["versions"])
-			},
-		},
-		{
-			name: "matrix_mixed_arrays_and_scalars",
-			yaml: `
-name: test
-on: push
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        os: [ubuntu-latest, windows-latest]
-        version: 1.19
-        node: [14, 16]
-    steps:
-      - run: echo test
-`,
-			wantErr: false,
-			wantLen: 3,
-			checkFn: func(t *testing.T, m map[string][]any) {
-				assert.Equal(t, []any{"ubuntu-latest", "windows-latest"}, m["os"])
-				assert.Equal(t, []any{1.19}, m["version"])
-				assert.Equal(t, []any{14, 16}, m["node"])
-			},
-		},
-		{
-			name: "empty_matrix",
-			yaml: `
-name: test
-on: push
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo test
-`,
-			wantErr: false,
-			wantLen: 0,
-			checkFn: nil,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			workflow, err := ReadWorkflow(strings.NewReader(tt.yaml))
-			assert.NoError(t, err, "reading workflow should succeed") //nolint:testifylint // pre-existing issue from nektos/act
-
-			job := workflow.GetJob("build")
-			if job == nil {
-				// For empty matrix test
-				if tt.wantLen == 0 {
-					return
-				}
-				t.Fatal("job not found")
-			}
-
-			matrix := job.Matrix()
-
-			if tt.wantErr {
-				assert.Nil(t, matrix, "matrix should be nil on error")
-			} else {
-				if tt.wantLen == 0 {
-					assert.Nil(t, matrix, "matrix should be nil for jobs without strategy")
-				} else {
-					assert.NotNil(t, matrix, "matrix should not be nil")
-					assert.Len(t, matrix, tt.wantLen, "matrix should have expected number of keys")
-					if tt.checkFn != nil {
-						tt.checkFn(t, matrix)
-					}
-				}
-			}
-		})
-	}
-}
-
-func TestJobMatrixValidation(t *testing.T) {
-	// This test verifies that invalid nested map values are caught
-	t.Run("matrix_with_nested_map_fails", func(t *testing.T) {
-		// Manually construct a job with a problematic matrix containing a nested map
-		job := &Job{
-			Strategy: &Strategy{
-				RawMatrix: yaml.Node{
-					Kind: yaml.MappingNode,
-					Content: []*yaml.Node{
-						{Kind: yaml.ScalarNode, Tag: "!!str", Value: "config"},
-						{Kind: yaml.MappingNode, Tag: "!!map", Content: []*yaml.Node{
-							{Kind: yaml.ScalarNode, Tag: "!!str", Value: "nested"},
-							{Kind: yaml.ScalarNode, Tag: "!!str", Value: "value"},
-						}},
-					},
-				},
-			},
-		}
-
-		// Attempt to get matrix
-		matrix := job.Matrix()
-
-		// Should return nil due to validation error
-		assert.Nil(t, matrix, "matrix with nested map should return nil")
-	})
-}

act/runner/action.go

@@ -1,726 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Copyright 2022 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package runner
-
-import (
-	"context"
-	"embed"
-	"errors"
-	"fmt"
-	"io"
-	"io/fs"
-	"os"
-	"path"
-	"path/filepath"
-	"regexp"
-	"runtime"
-	"strings"
-
-	"gitea.com/gitea/runner/act/common"
-	"gitea.com/gitea/runner/act/container"
-	"gitea.com/gitea/runner/act/model"
-
-	"github.com/kballard/go-shellquote"
-)
-
-type actionStep interface {
-	step
-
-	getActionModel() *model.Action
-	getCompositeRunContext(context.Context) *RunContext
-	getCompositeSteps() *compositeSteps
-}
-
-type readAction func(ctx context.Context, step *model.Step, actionDir, actionPath string, readFile actionYamlReader, writeFile fileWriter) (*model.Action, error)
-
-type actionYamlReader func(filename string) (io.Reader, io.Closer, error)
-
-type fileWriter func(filename string, data []byte, perm fs.FileMode) error
-
-type runAction func(step actionStep, actionDir string, remoteAction *remoteAction) common.Executor
-
-//go:embed res/trampoline.js
-var trampoline embed.FS
-
-func readActionImpl(ctx context.Context, step *model.Step, actionDir, actionPath string, readFile actionYamlReader, writeFile fileWriter) (*model.Action, error) {
-	logger := common.Logger(ctx)
-	allErrors := []error{}
-	addError := func(fileName string, err error) {
-		if err != nil {
-			allErrors = append(allErrors, fmt.Errorf("failed to read '%s' from action '%s' with path '%s' of step %w", fileName, step.String(), actionPath, err))
-		} else {
-			// One successful read, clear error state
-			allErrors = nil
-		}
-	}
-	reader, closer, err := readFile("action.yml")
-	addError("action.yml", err)
-	if os.IsNotExist(err) {
-		reader, closer, err = readFile("action.yaml")
-		addError("action.yaml", err)
-		if os.IsNotExist(err) {
-			_, closer, err := readFile("Dockerfile")
-			addError("Dockerfile", err)
-			if err == nil {
-				closer.Close()
-				action := &model.Action{
-					Name: "(Synthetic)",
-					Runs: model.ActionRuns{
-						Using: "docker",
-						Image: "Dockerfile",
-					},
-				}
-				logger.Debugf("Using synthetic action %v for Dockerfile", action)
-				return action, nil
-			}
-			if step.With != nil {
-				if val, ok := step.With["args"]; ok {
-					var b []byte
-					if b, err = trampoline.ReadFile("res/trampoline.js"); err != nil {
-						return nil, err
-					}
-					err2 := writeFile(filepath.Join(actionDir, actionPath, "trampoline.js"), b, 0o400)
-					if err2 != nil {
-						return nil, err2
-					}
-					action := &model.Action{
-						Name: "(Synthetic)",
-						Inputs: map[string]model.Input{
-							"cwd": {
-								Description: "(Actual working directory)",
-								Required:    false,
-								Default:     filepath.Join(actionDir, actionPath),
-							},
-							"command": {
-								Description: "(Actual program)",
-								Required:    false,
-								Default:     val,
-							},
-						},
-						Runs: model.ActionRuns{
-							Using: "node12",
-							Main:  "trampoline.js",
-						},
-					}
-					logger.Debugf("Using synthetic action %v", action)
-					return action, nil
-				}
-			}
-		}
-	}
-	if allErrors != nil {
-		return nil, errors.Join(allErrors...)
-	}
-	defer closer.Close()
-
-	action, err := model.ReadAction(reader)
-	// For Gitea, reduce log noise
-	// logger.Debugf("Read action %v from '%s'", action, "Unknown")
-	return action, err
-}
-
-func maybeCopyToActionDir(ctx context.Context, step actionStep, actionDir, actionPath, containerActionDir string) error {
-	logger := common.Logger(ctx)
-	rc := step.getRunContext()
-	stepModel := step.getStepModel()
-
-	if stepModel.Type() != model.StepTypeUsesActionRemote {
-		return nil
-	}
-
-	var containerActionDirCopy string
-	containerActionDirCopy = strings.TrimSuffix(containerActionDir, actionPath)
-	logger.Debug(containerActionDirCopy)
-
-	if !strings.HasSuffix(containerActionDirCopy, `/`) {
-		containerActionDirCopy += `/`
-	}
-
-	if rc.Config != nil && rc.Config.ActionCache != nil {
-		raction := step.(*stepActionRemote)
-		ta, err := rc.Config.ActionCache.GetTarArchive(ctx, raction.cacheDir, raction.resolvedSha, "")
-		if err != nil {
-			return err
-		}
-		defer ta.Close()
-		return rc.JobContainer.CopyTarStream(ctx, containerActionDirCopy, ta)
-	}
-
-	if err := removeGitIgnore(ctx, actionDir); err != nil {
-		return err
-	}
-
-	return rc.JobContainer.CopyDir(containerActionDirCopy, actionDir+"/", rc.Config.UseGitIgnore)(ctx)
-}
-
-func runActionImpl(step actionStep, actionDir string, remoteAction *remoteAction) common.Executor {
-	rc := step.getRunContext()
-	stepModel := step.getStepModel()
-
-	return func(ctx context.Context) error {
-		logger := common.Logger(ctx)
-		actionPath := ""
-		if remoteAction != nil && remoteAction.Path != "" {
-			actionPath = remoteAction.Path
-		}
-
-		action := step.getActionModel()
-		// For Gitea, reduce log noise
-		// logger.Debugf("About to run action %v", action)
-
-		err := setupActionEnv(ctx, step, remoteAction)
-		if err != nil {
-			return err
-		}
-
-		actionLocation := path.Join(actionDir, actionPath)
-		actionName, containerActionDir := getContainerActionPaths(stepModel, actionLocation, rc)
-
-		logger.Debugf("type=%v actionDir=%s actionPath=%s workdir=%s actionCacheDir=%s actionName=%s containerActionDir=%s", stepModel.Type(), actionDir, actionPath, rc.Config.Workdir, rc.ActionCacheDir(), actionName, containerActionDir)
-
-		x := action.Runs.Using
-		switch {
-		case x.IsNode():
-			if err := maybeCopyToActionDir(ctx, step, actionDir, actionPath, containerActionDir); err != nil {
-				return err
-			}
-			containerArgs := []string{"node", path.Join(containerActionDir, action.Runs.Main)}
-			logger.Debugf("executing remote job container: %s", containerArgs)
-
-			rc.ApplyExtraPath(ctx, step.getEnv())
-
-			return rc.execJobContainer(containerArgs, *step.getEnv(), "", "")(ctx)
-		case x.IsDocker():
-			location := actionLocation
-			if remoteAction == nil {
-				location = containerActionDir
-			}
-			return execAsDocker(ctx, step, actionName, location, remoteAction == nil)
-		case x.IsComposite():
-			if err := maybeCopyToActionDir(ctx, step, actionDir, actionPath, containerActionDir); err != nil {
-				return err
-			}
-
-			return execAsComposite(step)(ctx)
-		case x == model.ActionRunsUsingGo:
-			if err := maybeCopyToActionDir(ctx, step, actionDir, actionPath, containerActionDir); err != nil {
-				return err
-			}
-
-			rc.ApplyExtraPath(ctx, step.getEnv())
-
-			execFileName := action.Runs.Main + ".out"
-			buildArgs := []string{"go", "build", "-o", execFileName, action.Runs.Main}
-			execArgs := []string{filepath.Join(containerActionDir, execFileName)}
-
-			return common.NewPipelineExecutor(
-				rc.execJobContainer(buildArgs, *step.getEnv(), "", containerActionDir),
-				rc.execJobContainer(execArgs, *step.getEnv(), "", ""),
-			)(ctx)
-		default:
-			return fmt.Errorf("The runs.using key must be one of: %v, got %s", []string{
-				model.ActionRunsUsingDocker,
-				model.ActionRunsUsingNode12,
-				model.ActionRunsUsingNode16,
-				model.ActionRunsUsingNode20,
-				model.ActionRunsUsingNode24,
-				model.ActionRunsUsingComposite,
-				model.ActionRunsUsingGo,
-			}, action.Runs.Using)
-		}
-	}
-}
-
-func setupActionEnv(ctx context.Context, step actionStep, _ *remoteAction) error {
-	rc := step.getRunContext()
-
-	// A few fields in the environment (e.g. GITHUB_ACTION_REPOSITORY)
-	// are dependent on the action. That means we can complete the
-	// setup only after resolving the whole action model and cloning
-	// the action
-	rc.withGithubEnv(ctx, step.getGithubContext(ctx), *step.getEnv())
-	populateEnvsFromSavedState(step.getEnv(), step, rc)
-	populateEnvsFromInput(ctx, step.getEnv(), step.getActionModel(), rc)
-
-	return nil
-}
-
-// https://github.com/nektos/act/issues/228#issuecomment-629709055
-// files in .gitignore are not copied in a Docker container
-// this causes issues with actions that ignore other important resources
-// such as `node_modules` for example
-func removeGitIgnore(ctx context.Context, directory string) error {
-	gitIgnorePath := path.Join(directory, ".gitignore")
-	if _, err := os.Stat(gitIgnorePath); err == nil {
-		// .gitignore exists
-		common.Logger(ctx).Debugf("Removing %s before docker cp", gitIgnorePath)
-		err := os.Remove(gitIgnorePath)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// TODO: break out parts of function to reduce complexicity
-func execAsDocker(ctx context.Context, step actionStep, actionName, basedir string, localAction bool) error {
-	logger := common.Logger(ctx)
-	rc := step.getRunContext()
-	action := step.getActionModel()
-
-	var prepImage common.Executor
-	var image string
-	forcePull := false
-	if after, ok := strings.CutPrefix(action.Runs.Image, "docker://"); ok {
-		image = after
-		// Apply forcePull only for prebuild docker images
-		forcePull = rc.Config.ForcePull
-	} else {
-		// "-dockeraction" enshures that "./", "./test " won't get converted to "act-:latest", "act-test-:latest" which are invalid docker image names
-		image = fmt.Sprintf("%s-dockeraction:%s", regexp.MustCompile("[^a-zA-Z0-9]").ReplaceAllString(actionName, "-"), "latest")
-		image = "act-" + strings.TrimLeft(image, "-")
-		image = strings.ToLower(image)
-		contextDir, fileName := filepath.Split(filepath.Join(basedir, action.Runs.Image))
-
-		anyArchExists, err := container.ImageExistsLocally(ctx, image, "any")
-		if err != nil {
-			return err
-		}
-
-		correctArchExists, err := container.ImageExistsLocally(ctx, image, rc.Config.ContainerArchitecture)
-		if err != nil {
-			return err
-		}
-
-		if anyArchExists && !correctArchExists {
-			wasRemoved, err := container.RemoveImage(ctx, image, true, true)
-			if err != nil {
-				return err
-			}
-			if !wasRemoved {
-				return fmt.Errorf("failed to remove image '%s'", image)
-			}
-		}
-
-		if !correctArchExists || rc.Config.ForceRebuild {
-			logger.Debugf("image '%s' for architecture '%s' will be built from context '%s", image, rc.Config.ContainerArchitecture, contextDir)
-			var buildContext io.ReadCloser
-			if localAction {
-				buildContext, err = rc.JobContainer.GetContainerArchive(ctx, contextDir+"/.")
-				if err != nil {
-					return err
-				}
-				defer buildContext.Close()
-			} else if rc.Config.ActionCache != nil {
-				rstep := step.(*stepActionRemote)
-				buildContext, err = rc.Config.ActionCache.GetTarArchive(ctx, rstep.cacheDir, rstep.resolvedSha, contextDir)
-				if err != nil {
-					return err
-				}
-				defer buildContext.Close()
-			}
-			prepImage = container.NewDockerBuildExecutor(container.NewDockerBuildExecutorInput{
-				ContextDir:   contextDir,
-				Dockerfile:   fileName,
-				ImageTag:     image,
-				BuildContext: buildContext,
-				Platform:     rc.Config.ContainerArchitecture,
-			})
-		} else {
-			logger.Debugf("image '%s' for architecture '%s' already exists", image, rc.Config.ContainerArchitecture)
-		}
-	}
-	eval := rc.NewStepExpressionEvaluator(ctx, step)
-	cmd, err := shellquote.Split(eval.Interpolate(ctx, step.getStepModel().With["args"]))
-	if err != nil {
-		return err
-	}
-	if len(cmd) == 0 {
-		cmd = action.Runs.Args
-		evalDockerArgs(ctx, step, action, &cmd)
-	}
-	entrypoint := strings.Fields(eval.Interpolate(ctx, step.getStepModel().With["entrypoint"]))
-	if len(entrypoint) == 0 {
-		if action.Runs.Entrypoint != "" {
-			entrypoint, err = shellquote.Split(action.Runs.Entrypoint)
-			if err != nil {
-				return err
-			}
-		} else {
-			entrypoint = nil
-		}
-	}
-	stepContainer := newStepContainer(ctx, step, image, cmd, entrypoint)
-	return common.NewPipelineExecutor(
-		prepImage,
-		stepContainer.Pull(forcePull),
-		stepContainer.Remove().IfBool(!rc.Config.ReuseContainers),
-		stepContainer.Create(rc.Config.ContainerCapAdd, rc.Config.ContainerCapDrop),
-		stepContainer.Start(true),
-	).Finally(
-		stepContainer.Remove().IfBool(!rc.Config.ReuseContainers),
-	).Finally(stepContainer.Close())(ctx)
-}
-
-func evalDockerArgs(ctx context.Context, step step, action *model.Action, cmd *[]string) {
-	rc := step.getRunContext()
-	stepModel := step.getStepModel()
-
-	inputs := make(map[string]string)
-	eval := rc.NewExpressionEvaluator(ctx)
-	// Set Defaults
-	for k, input := range action.Inputs {
-		inputs[k] = eval.Interpolate(ctx, input.Default)
-	}
-	if stepModel.With != nil {
-		for k, v := range stepModel.With {
-			inputs[k] = eval.Interpolate(ctx, v)
-		}
-	}
-	mergeIntoMap(step, step.getEnv(), inputs)
-
-	stepEE := rc.NewStepExpressionEvaluator(ctx, step)
-	for i, v := range *cmd {
-		(*cmd)[i] = stepEE.Interpolate(ctx, v)
-	}
-	mergeIntoMap(step, step.getEnv(), action.Runs.Env)
-
-	ee := rc.NewStepExpressionEvaluator(ctx, step)
-	for k, v := range *step.getEnv() {
-		(*step.getEnv())[k] = ee.Interpolate(ctx, v)
-	}
-}
-
-func newStepContainer(ctx context.Context, step step, image string, cmd, entrypoint []string) container.Container {
-	rc := step.getRunContext()
-	stepModel := step.getStepModel()
-	rawLogger := common.Logger(ctx).WithField("raw_output", true)
-	logWriter := common.NewLineWriter(rc.commandHandler(ctx), func(s string) bool {
-		if rc.Config.LogOutput {
-			rawLogger.Infof("%s", s)
-		} else {
-			rawLogger.Debugf("%s", s)
-		}
-		return true
-	})
-	envList := make([]string, 0)
-	for k, v := range *step.getEnv() {
-		envList = append(envList, fmt.Sprintf("%s=%s", k, v))
-	}
-
-	envList = append(envList, fmt.Sprintf("%s=%s", "RUNNER_TOOL_CACHE", "/opt/hostedtoolcache"))
-	envList = append(envList, fmt.Sprintf("%s=%s", "RUNNER_OS", "Linux"))
-	envList = append(envList, fmt.Sprintf("%s=%s", "RUNNER_ARCH", container.RunnerArch(ctx)))
-	envList = append(envList, fmt.Sprintf("%s=%s", "RUNNER_TEMP", "/tmp"))
-
-	binds, mounts := rc.GetBindsAndMounts()
-	networkMode := "container:" + rc.jobContainerName()
-	if rc.IsHostEnv(ctx) {
-		networkMode = "default"
-	}
-	stepContainer := container.NewContainer(&container.NewContainerInput{
-		Cmd:          cmd,
-		Entrypoint:   entrypoint,
-		WorkingDir:   rc.JobContainer.ToContainerPath(rc.Config.Workdir),
-		Image:        image,
-		Username:     rc.Config.Secrets["DOCKER_USERNAME"],
-		Password:     rc.Config.Secrets["DOCKER_PASSWORD"],
-		Name:         createContainerName(rc.jobContainerName(), "STEP-"+stepModel.ID),
-		Env:          envList,
-		Mounts:       mounts,
-		NetworkMode:  networkMode,
-		Binds:        binds,
-		Stdout:       logWriter,
-		Stderr:       logWriter,
-		Privileged:   rc.Config.Privileged,
-		UsernsMode:   rc.Config.UsernsMode,
-		Platform:     rc.Config.ContainerArchitecture,
-		Options:      rc.Config.ContainerOptions,
-		AutoRemove:   rc.Config.AutoRemove,
-		ValidVolumes: rc.Config.ValidVolumes,
-	})
-	return stepContainer
-}
-
-func populateEnvsFromSavedState(env *map[string]string, step actionStep, rc *RunContext) {
-	state, ok := rc.IntraActionState[step.getStepModel().ID]
-	if ok {
-		for name, value := range state {
-			envName := "STATE_" + name
-			(*env)[envName] = value
-		}
-	}
-}
-
-func populateEnvsFromInput(ctx context.Context, env *map[string]string, action *model.Action, rc *RunContext) {
-	eval := rc.NewExpressionEvaluator(ctx)
-	for inputID, input := range action.Inputs {
-		envKey := regexp.MustCompile("[^A-Z0-9-]").ReplaceAllString(strings.ToUpper(inputID), "_")
-		envKey = "INPUT_" + envKey
-		if _, ok := (*env)[envKey]; !ok {
-			(*env)[envKey] = eval.Interpolate(ctx, input.Default)
-		}
-	}
-}
-
-func getContainerActionPaths(step *model.Step, actionDir string, rc *RunContext) (string, string) {
-	actionName := ""
-	containerActionDir := "."
-	if step.Type() != model.StepTypeUsesActionRemote {
-		actionName = getOsSafeRelativePath(actionDir, rc.Config.Workdir)
-		containerActionDir = rc.JobContainer.ToContainerPath(rc.Config.Workdir) + "/" + actionName
-		actionName = "./" + actionName
-	} else if step.Type() == model.StepTypeUsesActionRemote {
-		actionName = getOsSafeRelativePath(actionDir, rc.ActionCacheDir())
-		containerActionDir = rc.JobContainer.GetActPath() + "/actions/" + actionName
-	}
-
-	if actionName == "" {
-		actionName = filepath.Base(actionDir)
-		if runtime.GOOS == "windows" {
-			actionName = strings.ReplaceAll(actionName, "\\", "/")
-		}
-	}
-	return actionName, containerActionDir
-}
-
-func getOsSafeRelativePath(s, prefix string) string {
-	actionName := strings.TrimPrefix(s, prefix)
-	if runtime.GOOS == "windows" {
-		actionName = strings.ReplaceAll(actionName, "\\", "/")
-	}
-	actionName = strings.TrimPrefix(actionName, "/")
-
-	return actionName
-}
-
-func shouldRunPreStep(step actionStep) common.Conditional {
-	return func(ctx context.Context) bool {
-		log := common.Logger(ctx)
-
-		if step.getActionModel() == nil {
-			log.Debugf("skip pre step for '%s': no action model available", step.getStepModel())
-			return false
-		}
-
-		return true
-	}
-}
-
-func hasPreStep(step actionStep) common.Conditional {
-	return func(ctx context.Context) bool {
-		action := step.getActionModel()
-		return action.Runs.Using.IsComposite() ||
-			(action.Runs.Using.IsNode() &&
-				action.Runs.Pre != "") ||
-			(action.Runs.Using == model.ActionRunsUsingGo &&
-				action.Runs.Pre != "")
-	}
-}
-
-func runPreStep(step actionStep) common.Executor {
-	return func(ctx context.Context) error {
-		logger := common.Logger(ctx)
-		logger.Debugf("run pre step for '%s'", step.getStepModel())
-
-		rc := step.getRunContext()
-		stepModel := step.getStepModel()
-		action := step.getActionModel()
-
-		x := action.Runs.Using
-		switch {
-		case x.IsNode():
-			// defaults in pre steps were missing, however provided inputs are available
-			populateEnvsFromInput(ctx, step.getEnv(), action, rc)
-			// todo: refactor into step
-			var actionDir string
-			var actionPath string
-			if _, ok := step.(*stepActionRemote); ok {
-				actionPath = newRemoteAction(stepModel.Uses).Path
-				actionDir = fmt.Sprintf("%s/%s", rc.ActionCacheDir(), stepModel.UsesHash())
-			} else {
-				actionDir = filepath.Join(rc.Config.Workdir, stepModel.Uses)
-				actionPath = ""
-			}
-
-			var actionLocation string
-			if actionPath != "" {
-				actionLocation = path.Join(actionDir, actionPath)
-			} else {
-				actionLocation = actionDir
-			}
-
-			_, containerActionDir := getContainerActionPaths(stepModel, actionLocation, rc)
-
-			if err := maybeCopyToActionDir(ctx, step, actionDir, actionPath, containerActionDir); err != nil {
-				return err
-			}
-
-			containerArgs := []string{"node", path.Join(containerActionDir, action.Runs.Pre)}
-			logger.Debugf("executing remote job container: %s", containerArgs)
-
-			rc.ApplyExtraPath(ctx, step.getEnv())
-
-			return rc.execJobContainer(containerArgs, *step.getEnv(), "", "")(ctx)
-
-		case x.IsComposite():
-			if step.getCompositeSteps() == nil {
-				step.getCompositeRunContext(ctx)
-			}
-
-			if steps := step.getCompositeSteps(); steps != nil && steps.pre != nil {
-				return steps.pre(ctx)
-			}
-			return errors.New("missing steps in composite action")
-
-		case x == model.ActionRunsUsingGo:
-			// defaults in pre steps were missing, however provided inputs are available
-			populateEnvsFromInput(ctx, step.getEnv(), action, rc)
-			// todo: refactor into step
-			var actionDir string
-			var actionPath string
-			if _, ok := step.(*stepActionRemote); ok {
-				actionPath = newRemoteAction(stepModel.Uses).Path
-				actionDir = fmt.Sprintf("%s/%s", rc.ActionCacheDir(), stepModel.UsesHash())
-			} else {
-				actionDir = filepath.Join(rc.Config.Workdir, stepModel.Uses)
-				actionPath = ""
-			}
-
-			var actionLocation string
-			if actionPath != "" {
-				actionLocation = path.Join(actionDir, actionPath)
-			} else {
-				actionLocation = actionDir
-			}
-
-			_, containerActionDir := getContainerActionPaths(stepModel, actionLocation, rc)
-
-			if err := maybeCopyToActionDir(ctx, step, actionDir, actionPath, containerActionDir); err != nil {
-				return err
-			}
-
-			rc.ApplyExtraPath(ctx, step.getEnv())
-
-			execFileName := action.Runs.Pre + ".out"
-			buildArgs := []string{"go", "build", "-o", execFileName, action.Runs.Pre}
-			execArgs := []string{filepath.Join(containerActionDir, execFileName)}
-
-			return common.NewPipelineExecutor(
-				rc.execJobContainer(buildArgs, *step.getEnv(), "", containerActionDir),
-				rc.execJobContainer(execArgs, *step.getEnv(), "", ""),
-			)(ctx)
-		default:
-			return nil
-		}
-	}
-}
-
-func shouldRunPostStep(step actionStep) common.Conditional {
-	return func(ctx context.Context) bool {
-		log := common.Logger(ctx)
-		stepResults := step.getRunContext().getStepsContext()
-		stepResult := stepResults[step.getStepModel().ID]
-
-		if stepResult == nil {
-			log.WithField("stepResult", model.StepStatusSkipped).Debugf("skipping post step for '%s'; step was not executed", step.getStepModel())
-			return false
-		}
-
-		if stepResult.Conclusion == model.StepStatusSkipped {
-			log.WithField("stepResult", model.StepStatusSkipped).Debugf("skipping post step for '%s'; main step was skipped", step.getStepModel())
-			return false
-		}
-
-		if step.getActionModel() == nil {
-			log.WithField("stepResult", model.StepStatusSkipped).Debugf("skipping post step for '%s': no action model available", step.getStepModel())
-			return false
-		}
-
-		return true
-	}
-}
-
-func hasPostStep(step actionStep) common.Conditional {
-	return func(ctx context.Context) bool {
-		action := step.getActionModel()
-		return action.Runs.Using.IsComposite() ||
-			(action.Runs.Using.IsNode() &&
-				action.Runs.Post != "") ||
-			(action.Runs.Using == model.ActionRunsUsingGo &&
-				action.Runs.Post != "")
-	}
-}
-
-func runPostStep(step actionStep) common.Executor {
-	return func(ctx context.Context) error {
-		logger := common.Logger(ctx)
-		logger.Debugf("run post step for '%s'", step.getStepModel())
-
-		rc := step.getRunContext()
-		stepModel := step.getStepModel()
-		action := step.getActionModel()
-
-		// todo: refactor into step
-		var actionDir string
-		var actionPath string
-		if _, ok := step.(*stepActionRemote); ok {
-			actionPath = newRemoteAction(stepModel.Uses).Path
-			actionDir = fmt.Sprintf("%s/%s", rc.ActionCacheDir(), stepModel.UsesHash())
-		} else {
-			actionDir = filepath.Join(rc.Config.Workdir, stepModel.Uses)
-			actionPath = ""
-		}
-
-		var actionLocation string
-		if actionPath != "" {
-			actionLocation = path.Join(actionDir, actionPath)
-		} else {
-			actionLocation = actionDir
-		}
-
-		_, containerActionDir := getContainerActionPaths(stepModel, actionLocation, rc)
-
-		x := action.Runs.Using
-		switch {
-		case x.IsNode():
-
-			populateEnvsFromSavedState(step.getEnv(), step, rc)
-
-			containerArgs := []string{"node", path.Join(containerActionDir, action.Runs.Post)}
-			logger.Debugf("executing remote job container: %s", containerArgs)
-
-			rc.ApplyExtraPath(ctx, step.getEnv())
-
-			return rc.execJobContainer(containerArgs, *step.getEnv(), "", "")(ctx)
-
-		case x.IsComposite():
-			if err := maybeCopyToActionDir(ctx, step, actionDir, actionPath, containerActionDir); err != nil {
-				return err
-			}
-
-			if steps := step.getCompositeSteps(); steps != nil && steps.post != nil {
-				return steps.post(ctx)
-			}
-			return errors.New("missing steps in composite action")
-
-		case x == model.ActionRunsUsingGo:
-			populateEnvsFromSavedState(step.getEnv(), step, rc)
-			rc.ApplyExtraPath(ctx, step.getEnv())
-
-			execFileName := action.Runs.Post + ".out"
-			buildArgs := []string{"go", "build", "-o", execFileName, action.Runs.Post}
-			execArgs := []string{filepath.Join(containerActionDir, execFileName)}
-
-			return common.NewPipelineExecutor(
-				rc.execJobContainer(buildArgs, *step.getEnv(), "", containerActionDir),
-				rc.execJobContainer(execArgs, *step.getEnv(), "", ""),
-			)(ctx)
-
-		default:
-			return nil
-		}
-	}
-}

act/runner/action_cache.go

@@ -1,156 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// Copyright 2023 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package runner
-
-import (
-	"archive/tar"
-	"context"
-	"crypto/rand"
-	"encoding/hex"
-	"errors"
-	"io"
-	"io/fs"
-	"path"
-	"strings"
-
-	git "github.com/go-git/go-git/v5"
-	config "github.com/go-git/go-git/v5/config"
-	"github.com/go-git/go-git/v5/plumbing"
-	"github.com/go-git/go-git/v5/plumbing/object"
-	"github.com/go-git/go-git/v5/plumbing/transport"
-	"github.com/go-git/go-git/v5/plumbing/transport/http"
-)
-
-type ActionCache interface {
-	Fetch(ctx context.Context, cacheDir, url, ref, token string) (string, error)
-	GetTarArchive(ctx context.Context, cacheDir, sha, includePrefix string) (io.ReadCloser, error)
-}
-
-type GoGitActionCache struct {
-	Path string
-}
-
-func (c GoGitActionCache) Fetch(ctx context.Context, cacheDir, url, ref, token string) (string, error) {
-	gitPath := path.Join(c.Path, safeFilename(cacheDir)+".git")
-	gogitrepo, err := git.PlainInit(gitPath, true)
-	if errors.Is(err, git.ErrRepositoryAlreadyExists) {
-		gogitrepo, err = git.PlainOpen(gitPath)
-	}
-	if err != nil {
-		return "", err
-	}
-	tmpBranch := make([]byte, 12)
-	if _, err := rand.Read(tmpBranch); err != nil {
-		return "", err
-	}
-	branchName := hex.EncodeToString(tmpBranch)
-
-	var auth transport.AuthMethod
-	if token != "" {
-		auth = &http.BasicAuth{
-			Username: "token",
-			Password: token,
-		}
-	}
-	remote, err := gogitrepo.CreateRemoteAnonymous(&config.RemoteConfig{
-		Name: "anonymous",
-		URLs: []string{
-			url,
-		},
-	})
-	if err != nil {
-		return "", err
-	}
-	defer func() {
-		_ = gogitrepo.DeleteBranch(branchName)
-	}()
-	if err := remote.FetchContext(ctx, &git.FetchOptions{
-		RefSpecs: []config.RefSpec{
-			config.RefSpec(ref + ":" + branchName),
-		},
-		Auth:  auth,
-		Force: true,
-	}); err != nil {
-		return "", err
-	}
-	hash, err := gogitrepo.ResolveRevision(plumbing.Revision(branchName))
-	if err != nil {
-		return "", err
-	}
-	return hash.String(), nil
-}
-
-func (c GoGitActionCache) GetTarArchive(ctx context.Context, cacheDir, sha, includePrefix string) (io.ReadCloser, error) {
-	gitPath := path.Join(c.Path, safeFilename(cacheDir)+".git")
-	gogitrepo, err := git.PlainOpen(gitPath)
-	if err != nil {
-		return nil, err
-	}
-	commit, err := gogitrepo.CommitObject(plumbing.NewHash(sha))
-	if err != nil {
-		return nil, err
-	}
-	files, err := commit.Files()
-	if err != nil {
-		return nil, err
-	}
-	rpipe, wpipe := io.Pipe()
-	// Interrupt io.Copy using ctx
-	ch := make(chan int, 1)
-	go func() {
-		select {
-		case <-ctx.Done():
-			wpipe.CloseWithError(ctx.Err())
-		case <-ch:
-		}
-	}()
-	go func() {
-		defer wpipe.Close()
-		defer close(ch)
-		tw := tar.NewWriter(wpipe)
-		cleanIncludePrefix := path.Clean(includePrefix)
-		wpipe.CloseWithError(files.ForEach(func(f *object.File) error {
-			if err := ctx.Err(); err != nil {
-				return err
-			}
-			name := f.Name
-			if strings.HasPrefix(name, cleanIncludePrefix+"/") {
-				name = name[len(cleanIncludePrefix)+1:]
-			} else if cleanIncludePrefix != "." && name != cleanIncludePrefix {
-				return nil
-			}
-			fmode, err := f.Mode.ToOSFileMode()
-			if err != nil {
-				return err
-			}
-			if fmode&fs.ModeSymlink == fs.ModeSymlink {
-				content, err := f.Contents()
-				if err != nil {
-					return err
-				}
-				return tw.WriteHeader(&tar.Header{
-					Name:     name,
-					Mode:     int64(fmode),
-					Linkname: content,
-				})
-			}
-			err = tw.WriteHeader(&tar.Header{
-				Name: name,
-				Mode: int64(fmode),
-				Size: f.Size,
-			})
-			if err != nil {
-				return err
-			}
-			reader, err := f.Reader()
-			if err != nil {
-				return err
-			}
-			_, err = io.Copy(tw, reader)
-			return err
-		}))
-	}()
-	return rpipe, err
-}

act/runner/action_cache_test.go

@@ -1,82 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// Copyright 2023 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package runner
-
-import (
-	"archive/tar"
-	"bytes"
-	"context"
-	"io"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestActionCache(t *testing.T) {
-	if testing.Short() {
-		t.Skip("skipping integration test")
-	}
-	a := assert.New(t)
-	cache := &GoGitActionCache{
-		Path: t.TempDir(),
-	}
-	ctx := context.Background()
-	cacheDir := "nektos/act-test-actions"
-	repo := "https://github.com/nektos/act-test-actions"
-	refs := []struct {
-		Name     string
-		CacheDir string
-		Repo     string
-		Ref      string
-	}{
-		{
-			Name:     "Fetch Branch Name",
-			CacheDir: cacheDir,
-			Repo:     repo,
-			Ref:      "main",
-		},
-		{
-			Name:     "Fetch Branch Name Absolutely",
-			CacheDir: cacheDir,
-			Repo:     repo,
-			Ref:      "refs/heads/main",
-		},
-		{
-			Name:     "Fetch HEAD",
-			CacheDir: cacheDir,
-			Repo:     repo,
-			Ref:      "HEAD",
-		},
-		{
-			Name:     "Fetch Sha",
-			CacheDir: cacheDir,
-			Repo:     repo,
-			Ref:      "de984ca37e4df4cb9fd9256435a3b82c4a2662b1",
-		},
-	}
-	for _, c := range refs {
-		t.Run(c.Name, func(t *testing.T) {
-			sha, err := cache.Fetch(ctx, c.CacheDir, c.Repo, c.Ref, "")
-			if !a.NoError(err) || !a.NotEmpty(sha) { //nolint:testifylint // pre-existing issue from nektos/act
-				return
-			}
-			atar, err := cache.GetTarArchive(ctx, c.CacheDir, sha, "js")
-			if !a.NoError(err) || !a.NotEmpty(atar) { //nolint:testifylint // pre-existing issue from nektos/act
-				return
-			}
-			mytar := tar.NewReader(atar)
-			th, err := mytar.Next()
-			if !a.NoError(err) || !a.NotEqual(0, th.Size) { //nolint:testifylint // pre-existing issue from nektos/act
-				return
-			}
-			buf := &bytes.Buffer{}
-			// G110: Potential DoS vulnerability via decompression bomb (gosec)
-			_, err = io.Copy(buf, mytar)
-			a.NoError(err) //nolint:testifylint // pre-existing issue from nektos/act
-			str := buf.String()
-			a.NotEmpty(str)
-		})
-	}
-}

act/runner/max_parallel_test.go

@@ -1,67 +0,0 @@
-// Copyright 2026 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package runner
-
-import (
-	"testing"
-
-	"gitea.com/gitea/runner/act/model"
-
-	"github.com/stretchr/testify/assert"
-	"go.yaml.in/yaml/v4"
-)
-
-func TestMaxParallelStrategy(t *testing.T) {
-	tests := []struct {
-		name                string
-		maxParallelString   string
-		expectedMaxParallel int
-	}{
-		{
-			name:                "max-parallel-1",
-			maxParallelString:   "1",
-			expectedMaxParallel: 1,
-		},
-		{
-			name:                "max-parallel-2",
-			maxParallelString:   "2",
-			expectedMaxParallel: 2,
-		},
-		{
-			name:                "max-parallel-default",
-			maxParallelString:   "",
-			expectedMaxParallel: 4,
-		},
-		{
-			name:                "max-parallel-10",
-			maxParallelString:   "10",
-			expectedMaxParallel: 10,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			matrix := map[string][]any{
-				"version": {1, 2, 3, 4, 5},
-			}
-
-			var rawMatrix yaml.Node
-			err := rawMatrix.Encode(matrix)
-			assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-			job := &model.Job{
-				Strategy: &model.Strategy{
-					MaxParallelString: tt.maxParallelString,
-					RawMatrix:         rawMatrix,
-				},
-			}
-
-			matrixes, err := job.GetMatrixes()
-			assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-			assert.NotNil(t, matrixes)
-			assert.Len(t, matrixes, 5)
-			assert.Equal(t, tt.expectedMaxParallel, job.Strategy.MaxParallel)
-		})
-	}
-}

act/runner/res/trampoline.js

@@ -1,14 +0,0 @@
-const { spawnSync } = require('child_process')
-const spawnArguments = {
-  cwd: process.env.INPUT_CWD,
-  stdio: [
-    process.stdin,
-    process.stdout,
-    process.stderr
-  ]
-}
-const child = spawnSync(
-  '/bin/sh',
-  ['-c'].concat(process.env.INPUT_COMMAND),
-  spawnArguments)
-process.exit(child.status)

act/runner/reusable_workflow.go

@@ -1,334 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Copyright 2022 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package runner
-
-import (
-	"archive/tar"
-	"context"
-	"errors"
-	"fmt"
-	"io/fs"
-	"net/url"
-	"os"
-	"path"
-	"regexp"
-	"strings"
-	"sync"
-
-	"gitea.com/gitea/runner/act/common"
-	"gitea.com/gitea/runner/act/common/git"
-	"gitea.com/gitea/runner/act/model"
-)
-
-func newLocalReusableWorkflowExecutor(rc *RunContext) common.Executor {
-	if !rc.Config.NoSkipCheckout {
-		fullPath := rc.Run.Job().Uses
-
-		fileName := path.Base(fullPath)
-		workflowDir := strings.TrimSuffix(fullPath, path.Join("/", fileName))
-		workflowDir = strings.TrimPrefix(workflowDir, "./")
-
-		return common.NewPipelineExecutor(
-			newReusableWorkflowExecutor(rc, workflowDir, fileName),
-		)
-	}
-
-	// ./.gitea/workflows/wf.yml -> .gitea/workflows/wf.yml
-	trimmedUses := strings.TrimPrefix(rc.Run.Job().Uses, "./")
-	// uses string format is {owner}/{repo}/.{git_platform}/workflows/{filename}@{ref}
-	uses := fmt.Sprintf("%s/%s@%s", rc.Config.PresetGitHubContext.Repository, trimmedUses, rc.Config.PresetGitHubContext.Sha)
-
-	remoteReusableWorkflow := newRemoteReusableWorkflowWithPlat(rc.Config.GitHubInstance, uses)
-	if remoteReusableWorkflow == nil {
-		return common.NewErrorExecutor(fmt.Errorf("expected format {owner}/{repo}/.{git_platform}/workflows/{filename}@{ref}. Actual '%s' Input string was not in a correct format", uses))
-	}
-
-	workflowDir := fmt.Sprintf("%s/%s", rc.ActionCacheDir(), safeFilename(uses))
-
-	// If the repository is private, we need a token to clone it
-	token := rc.Config.GetToken()
-
-	return common.NewPipelineExecutor(
-		newMutexExecutor(cloneIfRequired(rc, *remoteReusableWorkflow, workflowDir, token)),
-		newReusableWorkflowExecutor(rc, workflowDir, remoteReusableWorkflow.FilePath()),
-	)
-}
-
-func newRemoteReusableWorkflowExecutor(rc *RunContext) common.Executor {
-	uses := rc.Run.Job().Uses
-
-	var remoteReusableWorkflow *remoteReusableWorkflow
-	if strings.HasPrefix(uses, "http://") || strings.HasPrefix(uses, "https://") {
-		remoteReusableWorkflow = newRemoteReusableWorkflowFromAbsoluteURL(uses)
-		if remoteReusableWorkflow == nil {
-			return common.NewErrorExecutor(fmt.Errorf("expected format http(s)://{domain}/{owner}/{repo}/.{git_platform}/workflows/{filename}@{ref}. Actual '%s' Input string was not in a correct format", uses))
-		}
-	} else {
-		remoteReusableWorkflow = newRemoteReusableWorkflowWithPlat(rc.Config.GitHubInstance, uses)
-		if remoteReusableWorkflow == nil {
-			return common.NewErrorExecutor(fmt.Errorf("expected format {owner}/{repo}/.{git_platform}/workflows/{filename}@{ref}. Actual '%s' Input string was not in a correct format", uses))
-		}
-	}
-
-	// uses with safe filename makes the target directory look something like this {owner}-{repo}-.github-workflows-{filename}@{ref}
-	// instead we will just use {owner}-{repo}@{ref} as our target directory. This should also improve performance when we are using
-	// multiple reusable workflows from the same repository and ref since for each workflow we won't have to clone it again
-	filename := fmt.Sprintf("%s/%s@%s", remoteReusableWorkflow.Org, remoteReusableWorkflow.Repo, remoteReusableWorkflow.Ref)
-	workflowDir := fmt.Sprintf("%s/%s", rc.ActionCacheDir(), safeFilename(filename))
-
-	if rc.Config.ActionCache != nil {
-		return newActionCacheReusableWorkflowExecutor(rc, filename, remoteReusableWorkflow)
-	}
-
-	token := getGitCloneToken(rc.Config, remoteReusableWorkflow.CloneURL())
-
-	return common.NewPipelineExecutor(
-		newMutexExecutor(cloneIfRequired(rc, *remoteReusableWorkflow, workflowDir, token)),
-		newReusableWorkflowExecutor(rc, workflowDir, remoteReusableWorkflow.FilePath()),
-	)
-}
-
-func newActionCacheReusableWorkflowExecutor(rc *RunContext, filename string, remoteReusableWorkflow *remoteReusableWorkflow) common.Executor {
-	return func(ctx context.Context) error {
-		ghctx := rc.getGithubContext(ctx)
-		remoteReusableWorkflow.URL = ghctx.ServerURL
-		sha, err := rc.Config.ActionCache.Fetch(ctx, filename, remoteReusableWorkflow.CloneURL(), remoteReusableWorkflow.Ref, ghctx.Token)
-		if err != nil {
-			return err
-		}
-		archive, err := rc.Config.ActionCache.GetTarArchive(ctx, filename, sha, ".github/workflows/"+remoteReusableWorkflow.Filename)
-		if err != nil {
-			return err
-		}
-		defer archive.Close()
-		treader := tar.NewReader(archive)
-		if _, err = treader.Next(); err != nil {
-			return err
-		}
-		planner, err := model.NewSingleWorkflowPlanner(remoteReusableWorkflow.Filename, treader)
-		if err != nil {
-			return err
-		}
-		plan, err := planner.PlanEvent("workflow_call")
-		if err != nil {
-			return err
-		}
-
-		runner, err := NewReusableWorkflowRunner(rc)
-		if err != nil {
-			return err
-		}
-
-		return runner.NewPlanExecutor(plan)(ctx)
-	}
-}
-
-var executorLock sync.Mutex
-
-func newMutexExecutor(executor common.Executor) common.Executor {
-	return func(ctx context.Context) error {
-		executorLock.Lock()
-		defer executorLock.Unlock()
-
-		return executor(ctx)
-	}
-}
-
-func cloneIfRequired(rc *RunContext, remoteReusableWorkflow remoteReusableWorkflow, targetDirectory, token string) common.Executor {
-	return common.NewConditionalExecutor(
-		func(ctx context.Context) bool {
-			_, err := os.Stat(targetDirectory)
-			notExists := errors.Is(err, fs.ErrNotExist)
-			return notExists
-		},
-		func(ctx context.Context) error {
-			// interpolate the cloneURL
-			cloneURL := rc.NewExpressionEvaluator(ctx).Interpolate(ctx, remoteReusableWorkflow.CloneURL())
-			// Do not change the remoteReusableWorkflow.URL, because:
-			// 	1. Gitea doesn't support specifying GithubContext.ServerURL by the GITHUB_SERVER_URL env
-			//	2. Gitea has already full URL with rc.Config.GitHubInstance when calling newRemoteReusableWorkflowWithPlat
-			// remoteReusableWorkflow.URL = rc.getGithubContext(ctx).ServerURL
-			return git.NewGitCloneExecutor(git.NewGitCloneExecutorInput{
-				URL:         cloneURL,
-				Ref:         remoteReusableWorkflow.Ref,
-				Dir:         targetDirectory,
-				Token:       token,
-				OfflineMode: rc.Config.ActionOfflineMode,
-			})(ctx)
-		},
-		nil,
-	)
-}
-
-func newReusableWorkflowExecutor(rc *RunContext, directory, workflow string) common.Executor {
-	return func(ctx context.Context) error {
-		planner, err := model.NewWorkflowPlanner(path.Join(directory, workflow), true)
-		if err != nil {
-			return err
-		}
-
-		plan, err := planner.PlanEvent("workflow_call")
-		if err != nil {
-			return err
-		}
-
-		runner, err := NewReusableWorkflowRunner(rc)
-		if err != nil {
-			return err
-		}
-
-		// return runner.NewPlanExecutor(plan)(ctx)
-		return common.NewPipelineExecutor( // For Gitea
-			runner.NewPlanExecutor(plan),
-			setReusedWorkflowCallerResult(rc, runner),
-		)(ctx)
-	}
-}
-
-func NewReusableWorkflowRunner(rc *RunContext) (Runner, error) {
-	runner := &runnerImpl{
-		config:    rc.Config,
-		eventJSON: rc.EventJSON,
-		caller: &caller{
-			runContext: rc,
-
-			reusedWorkflowJobResults: map[string]string{}, // For Gitea
-		},
-	}
-
-	return runner.configure()
-}
-
-type remoteReusableWorkflow struct {
-	URL      string
-	Org      string
-	Repo     string
-	Filename string
-	Ref      string
-
-	GitPlatform string
-}
-
-func (r *remoteReusableWorkflow) CloneURL() string {
-	// In Gitea, r.URL always has the protocol prefix, we don't need to add extra prefix in this case.
-	if strings.HasPrefix(r.URL, "http://") || strings.HasPrefix(r.URL, "https://") {
-		return fmt.Sprintf("%s/%s/%s", r.URL, r.Org, r.Repo)
-	}
-	return fmt.Sprintf("https://%s/%s/%s", r.URL, r.Org, r.Repo)
-}
-
-func (r *remoteReusableWorkflow) FilePath() string {
-	return fmt.Sprintf("./.%s/workflows/%s", r.GitPlatform, r.Filename)
-}
-
-// For Gitea
-// newRemoteReusableWorkflowWithPlat create a `remoteReusableWorkflow`
-// workflows from `.gitea/workflows` and `.github/workflows` are supported
-func newRemoteReusableWorkflowWithPlat(url, uses string) *remoteReusableWorkflow {
-	// GitHub docs:
-	// https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_iduses
-	r := regexp.MustCompile(`^([^/]+)/([^/]+)/\.([^/]+)/workflows/([^@]+)@(.*)$`)
-	matches := r.FindStringSubmatch(uses)
-	if len(matches) != 6 {
-		return nil
-	}
-	return &remoteReusableWorkflow{
-		Org:         matches[1],
-		Repo:        matches[2],
-		GitPlatform: matches[3],
-		Filename:    matches[4],
-		Ref:         matches[5],
-		URL:         url,
-	}
-}
-
-// For Gitea
-// newRemoteReusableWorkflowWithPlat create a `remoteReusableWorkflow` from an absolute url
-func newRemoteReusableWorkflowFromAbsoluteURL(uses string) *remoteReusableWorkflow {
-	r := regexp.MustCompile(`^(https?://.*)/([^/]+)/([^/]+)/\.([^/]+)/workflows/([^@]+)@(.*)$`)
-	matches := r.FindStringSubmatch(uses)
-	if len(matches) != 7 {
-		return nil
-	}
-	return &remoteReusableWorkflow{
-		URL:         matches[1],
-		Org:         matches[2],
-		Repo:        matches[3],
-		GitPlatform: matches[4],
-		Filename:    matches[5],
-		Ref:         matches[6],
-	}
-}
-
-// For Gitea
-func setReusedWorkflowCallerResult(rc *RunContext, runner Runner) common.Executor {
-	return func(ctx context.Context) error {
-		logger := common.Logger(ctx)
-
-		runnerImpl, ok := runner.(*runnerImpl)
-		if !ok {
-			logger.Warn("Failed to get caller from runner")
-			return nil
-		}
-		caller := runnerImpl.caller
-
-		allJobDone := true
-		hasFailure := false
-		for _, result := range caller.reusedWorkflowJobResults {
-			if result == "pending" {
-				allJobDone = false
-				break
-			}
-			if result == "failure" {
-				hasFailure = true
-			}
-		}
-
-		if allJobDone {
-			reusedWorkflowJobResult := "success"
-			reusedWorkflowJobResultMessage := "succeeded"
-			if hasFailure {
-				reusedWorkflowJobResult = "failure"
-				reusedWorkflowJobResultMessage = "failed"
-			}
-
-			if rc.caller != nil {
-				rc.caller.setReusedWorkflowJobResult(rc.JobName, reusedWorkflowJobResult)
-			} else {
-				rc.result(reusedWorkflowJobResult)
-				logger.WithField("jobResult", reusedWorkflowJobResult).Infof("\U0001F3C1  Job %s", reusedWorkflowJobResultMessage)
-			}
-		}
-
-		return nil
-	}
-}
-
-// For Gitea
-// getGitCloneToken returns GITEA_TOKEN when shouldCloneURLUseToken returns true,
-// otherwise returns an empty string
-func getGitCloneToken(conf *Config, cloneURL string) string {
-	if !shouldCloneURLUseToken(conf.GitHubInstance, cloneURL) {
-		return ""
-	}
-	return conf.GetToken()
-}
-
-// For Gitea
-// shouldCloneURLUseToken returns true when the following conditions are met:
-// 1. cloneURL is from the same Gitea instance that the runner is registered to
-// 2. the cloneURL does not have basic auth embedded
-func shouldCloneURLUseToken(instanceURL, cloneURL string) bool {
-	u1, err1 := url.Parse(instanceURL)
-	u2, err2 := url.Parse(cloneURL)
-	if err1 != nil || err2 != nil {
-		return false
-	}
-	if u2.User != nil {
-		return false
-	}
-
-	return u1.Host == u2.Host
-}

act/runner/runner_max_parallel_test.go

@@ -1,109 +0,0 @@
-// Copyright 2026 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package runner
-
-import (
-	"sync"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-// TestMaxParallelConfig tests that MaxParallel config is properly set
-func TestMaxParallelConfig(t *testing.T) {
-	t.Run("MaxParallel set to 2", func(t *testing.T) {
-		config := &Config{
-			Workdir:     "testdata",
-			MaxParallel: 2,
-		}
-
-		runner, err := New(config)
-		assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-		assert.NotNil(t, runner)
-
-		// Verify config is properly stored
-		runnerImpl, ok := runner.(*runnerImpl)
-		assert.True(t, ok)
-		assert.Equal(t, 2, runnerImpl.config.MaxParallel)
-	})
-
-	t.Run("MaxParallel set to 0 (no limit)", func(t *testing.T) {
-		config := &Config{
-			Workdir:     "testdata",
-			MaxParallel: 0,
-		}
-
-		runner, err := New(config)
-		assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-		assert.NotNil(t, runner)
-
-		runnerImpl, ok := runner.(*runnerImpl)
-		assert.True(t, ok)
-		assert.Equal(t, 0, runnerImpl.config.MaxParallel)
-	})
-
-	t.Run("MaxParallel not set (defaults to 0)", func(t *testing.T) {
-		config := &Config{
-			Workdir: "testdata",
-		}
-
-		runner, err := New(config)
-		assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-		assert.NotNil(t, runner)
-
-		runnerImpl, ok := runner.(*runnerImpl)
-		assert.True(t, ok)
-		assert.Equal(t, 0, runnerImpl.config.MaxParallel)
-	})
-}
-
-// TestMaxParallelConcurrencyTracking tests that max-parallel actually limits concurrent execution
-func TestMaxParallelConcurrencyTracking(t *testing.T) {
-	// This is a unit test for the parallel executor logic
-	// We test that when MaxParallel is set, it limits the number of workers
-
-	var mu sync.Mutex
-	var maxConcurrent int
-	var currentConcurrent int
-
-	// Create a function that tracks concurrent execution
-	trackingFunc := func() {
-		mu.Lock()
-		currentConcurrent++
-		if currentConcurrent > maxConcurrent {
-			maxConcurrent = currentConcurrent
-		}
-		mu.Unlock()
-
-		// Simulate work
-		time.Sleep(50 * time.Millisecond)
-
-		mu.Lock()
-		currentConcurrent--
-		mu.Unlock()
-	}
-
-	// Run multiple tasks with limited parallelism
-	maxConcurrent = 0
-	currentConcurrent = 0
-
-	// This simulates what NewParallelExecutor does with a semaphore
-	var wg sync.WaitGroup
-	semaphore := make(chan struct{}, 2) // Limit to 2 concurrent
-
-	for range 6 {
-		wg.Go(func() {
-			semaphore <- struct{}{}        // Acquire
-			defer func() { <-semaphore }() // Release
-			trackingFunc()
-		})
-	}
-
-	wg.Wait()
-
-	// With a semaphore of 2, max concurrent should be <= 2
-	assert.LessOrEqual(t, maxConcurrent, 2, "Maximum concurrent executions should not exceed limit")
-	assert.GreaterOrEqual(t, maxConcurrent, 1, "Should have at least 1 concurrent execution")
-}

act/runner/step_docker_test.go

@@ -1,199 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Copyright 2022 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package runner
-
-import (
-	"bytes"
-	"context"
-	"io"
-	"strings"
-	"testing"
-
-	"gitea.com/gitea/runner/act/container"
-	"gitea.com/gitea/runner/act/model"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
-)
-
-func TestStepDockerMain(t *testing.T) {
-	cm := &containerMock{}
-
-	var input *container.NewContainerInput
-
-	// mock the new container call
-	origContainerNewContainer := ContainerNewContainer
-	ContainerNewContainer = func(containerInput *container.NewContainerInput) container.ExecutionsEnvironment {
-		input = containerInput
-		return cm
-	}
-	defer (func() {
-		ContainerNewContainer = origContainerNewContainer
-	})()
-
-	ctx := context.Background()
-
-	sd := &stepDocker{
-		RunContext: &RunContext{
-			StepResults: map[string]*model.StepResult{},
-			Config:      &Config{},
-			Run: &model.Run{
-				JobID: "1",
-				Workflow: &model.Workflow{
-					Jobs: map[string]*model.Job{
-						"1": {
-							Defaults: model.Defaults{
-								Run: model.RunDefaults{
-									Shell: "bash",
-								},
-							},
-						},
-					},
-				},
-			},
-			JobContainer: cm,
-		},
-		Step: &model.Step{
-			ID:               "1",
-			Uses:             "docker://node:14",
-			WorkingDirectory: "workdir",
-		},
-	}
-	sd.RunContext.ExprEval = sd.RunContext.NewExpressionEvaluator(ctx)
-
-	cm.On("Pull", false).Return(func(ctx context.Context) error {
-		return nil
-	})
-
-	cm.On("Remove").Return(func(ctx context.Context) error {
-		return nil
-	})
-
-	cm.On("Create", []string(nil), []string(nil)).Return(func(ctx context.Context) error {
-		return nil
-	})
-
-	cm.On("Start", true).Return(func(ctx context.Context) error {
-		return nil
-	})
-
-	cm.On("Close").Return(func(ctx context.Context) error {
-		return nil
-	})
-
-	cm.On("Copy", "/var/run/act", mock.AnythingOfType("[]*container.FileEntry")).Return(func(ctx context.Context) error {
-		return nil
-	})
-
-	cm.On("UpdateFromEnv", "/var/run/act/workflow/envs.txt", mock.AnythingOfType("*map[string]string")).Return(func(ctx context.Context) error {
-		return nil
-	})
-
-	cm.On("UpdateFromEnv", "/var/run/act/workflow/statecmd.txt", mock.AnythingOfType("*map[string]string")).Return(func(ctx context.Context) error {
-		return nil
-	})
-
-	cm.On("UpdateFromEnv", "/var/run/act/workflow/outputcmd.txt", mock.AnythingOfType("*map[string]string")).Return(func(ctx context.Context) error {
-		return nil
-	})
-
-	cm.On("GetContainerArchive", ctx, "/var/run/act/workflow/pathcmd.txt").Return(io.NopCloser(&bytes.Buffer{}), nil)
-
-	err := sd.main()(ctx)
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-	assert.Equal(t, "node:14", input.Image)
-
-	cm.AssertExpectations(t)
-}
-
-func TestStepDockerPrePost(t *testing.T) {
-	ctx := context.Background()
-	sd := &stepDocker{}
-
-	err := sd.pre()(ctx)
-	assert.NoError(t, err) //nolint:testifylint // pre-existing issue from nektos/act
-
-	err = sd.post()(ctx)
-	assert.NoError(t, err)
-}
-
-func TestStepDockerNewStepContainerNetworkMode(t *testing.T) {
-	cases := []struct {
-		name          string
-		platform      string
-		expectDefault bool
-	}{
-		{
-			name:          "docker mode attaches to job container network",
-			platform:      "node:14",
-			expectDefault: false,
-		},
-		{
-			name:          "host mode uses default network",
-			platform:      "-self-hosted",
-			expectDefault: true,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.name, func(t *testing.T) {
-			cm := &containerMock{}
-
-			var captured *container.NewContainerInput
-			origContainerNewContainer := ContainerNewContainer
-			ContainerNewContainer = func(input *container.NewContainerInput) container.ExecutionsEnvironment {
-				captured = input
-				return cm
-			}
-			defer func() {
-				ContainerNewContainer = origContainerNewContainer
-			}()
-
-			ctx := context.Background()
-
-			platform := tc.platform
-			sd := &stepDocker{
-				RunContext: &RunContext{
-					StepResults: map[string]*model.StepResult{},
-					Config: &Config{
-						PlatformPicker: func(_ []string) string {
-							return platform
-						},
-					},
-					Run: &model.Run{
-						JobID: "1",
-						Workflow: &model.Workflow{
-							Jobs: map[string]*model.Job{
-								"1": {},
-							},
-						},
-					},
-					JobContainer: cm,
-				},
-				Step: &model.Step{
-					ID:   "1",
-					Uses: "docker://alpine:3.20",
-				},
-			}
-			sd.RunContext.ExprEval = sd.RunContext.NewExpressionEvaluator(ctx)
-
-			assert.Equal(t, tc.expectDefault, sd.RunContext.IsHostEnv(ctx),
-				"IsHostEnv mismatch for platform %q", tc.platform)
-
-			_ = sd.newStepContainer(ctx, "alpine:3.20", []string{"echo", "hello"}, nil)
-
-			if tc.expectDefault {
-				assert.Equal(t, "default", captured.NetworkMode,
-					"host-mode step container must use 'default' network, got %q",
-					captured.NetworkMode)
-			} else {
-				assert.True(t, strings.HasPrefix(captured.NetworkMode, "container:"),
-					"docker-mode step container must attach to job container network, got %q",
-					captured.NetworkMode)
-			}
-		})
-	}
-}

act/runner/step_run_print_test.go

@@ -1,182 +0,0 @@
-// Copyright 2026 The Gitea Authors. All rights reserved.
-// Copyright 2026 The nektos/act Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package runner
-
-import (
-	"bytes"
-	"context"
-	"strings"
-	"testing"
-
-	"gitea.com/gitea/runner/act/common"
-	"gitea.com/gitea/runner/act/model"
-
-	"github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	yaml "go.yaml.in/yaml/v4"
-)
-
-func TestRunScriptGroupTitle(t *testing.T) {
-	sr := &stepRun{Step: &model.Step{Name: "Build"}}
-	assert.Equal(t, "make build", sr.runScriptGroupTitle("make build"))
-	assert.Equal(t, "echo one", sr.runScriptGroupTitle("  \techo one\necho two"))
-	assert.Equal(t, "Build", sr.runScriptGroupTitle(""))
-
-	sr = &stepRun{Step: &model.Step{ID: "s1"}}
-	assert.Equal(t, "s1", sr.runScriptGroupTitle("\n  \n"))
-}
-
-func TestStepDeclaredEnvOrderPreservesYAML(t *testing.T) {
-	raw := `id: s1
-run: "echo 1"
-env:
-  GITHUB_TOKEN: tok
-  PATH: /custom/bin
-  MY_VAR: hello
-`
-	var step model.Step
-	require.NoError(t, yaml.Unmarshal([]byte(raw), &step))
-	assert.Equal(t, []string{"GITHUB_TOKEN", "PATH", "MY_VAR"}, stepDeclaredEnvKeysInOrder(&step))
-}
-
-func TestStepDeclaredEnvKeysInOrderEmpty(t *testing.T) {
-	assert.Nil(t, stepDeclaredEnvKeysInOrder(nil))
-	assert.Empty(t, stepDeclaredEnvKeysInOrder(&model.Step{}))
-}
-
-func TestStepDeclaredEnvKeysIgnoreYAMLMergeKey(t *testing.T) {
-	doc := `
-common: &common
-  COMMON_A: a
-  COMMON_B: b
-step:
-  env:
-    LOCAL_BEFORE: before
-    <<: *common
-    COMMON_B: overridden
-    LOCAL_AFTER: after
-`
-	var root struct {
-		Step model.Step `yaml:"step"`
-	}
-	require.NoError(t, yaml.Unmarshal([]byte(doc), &root))
-
-	keys := stepDeclaredEnvKeysInOrder(&root.Step)
-	assert.Equal(t, []string{"LOCAL_BEFORE", "COMMON_B", "LOCAL_AFTER"}, keys)
-}
-
-func TestPrintRunScriptActionDetailsGolden(t *testing.T) {
-	raw := `id: s1
-name: Build
-run: |
-  echo one
-  echo two
-shell: pwsh
-env:
-  PATH_PREFIX: /custom/bin
-  GITHUB_TOKEN: tok
-  GREETING: hello
-`
-	var step model.Step
-	require.NoError(t, yaml.Unmarshal([]byte(raw), &step))
-
-	buf := &bytes.Buffer{}
-	logger := logrus.New()
-	logger.SetOutput(buf)
-	logger.SetLevel(logrus.InfoLevel)
-	logger.SetFormatter(&jobLogFormatter{color: cyan})
-	entry := logger.WithFields(logrus.Fields{"job": "j1"})
-	ctx := common.WithLogger(context.Background(), entry)
-
-	sr := &stepRun{
-		Step:               &step,
-		RunContext:         &RunContext{},
-		shellCommand:       "pwsh -command . '{0}'",
-		interpolatedScript: "echo one\necho two\n",
-		env: map[string]string{
-			"PATH_PREFIX":  "/custom/bin",
-			"GITHUB_TOKEN": "tok",
-			"GREETING":     "hello",
-		},
-	}
-
-	sr.printRunScriptActionDetails(ctx)
-
-	want := strings.Join([]string{
-		"[j1]   | ::group::Run echo one",
-		"[j1]   | echo one",
-		"[j1]   | echo two",
-		"[j1]   | shell: pwsh -command . '{0}'",
-		"[j1]   | env:",
-		"[j1]   |   PATH_PREFIX: /custom/bin",
-		"[j1]   |   GREETING: hello",
-		"[j1]   | ::endgroup::",
-		"",
-	}, "\n")
-	assert.Equal(t, want, buf.String())
-}
-
-func TestPrintRunActionHeaderGolden(t *testing.T) {
-	raw := `id: s1
-uses: actions/checkout@v4
-with:
-  fetch-depth: "0"
-  token: secret
-env:
-  CUSTOM: value
-  GITHUB_TOKEN: tok
-`
-	var step model.Step
-	require.NoError(t, yaml.Unmarshal([]byte(raw), &step))
-
-	buf := &bytes.Buffer{}
-	logger := logrus.New()
-	logger.SetOutput(buf)
-	logger.SetLevel(logrus.InfoLevel)
-	logger.SetFormatter(&jobLogFormatter{color: cyan})
-	entry := logger.WithFields(logrus.Fields{"job": "j1"})
-	ctx := common.WithLogger(context.Background(), entry)
-
-	printRunActionHeader(ctx, &step, map[string]string{"CUSTOM": "value", "GITHUB_TOKEN": "tok"}, &RunContext{})
-
-	want := strings.Join([]string{
-		"[j1]   | ::group::Run actions/checkout@v4",
-		"[j1]   | with:",
-		"[j1]   |   fetch-depth: 0",
-		"[j1]   |   token: secret",
-		"[j1]   | env:",
-		"[j1]   |   CUSTOM: value",
-		"",
-	}, "\n")
-	assert.Equal(t, want, buf.String())
-}
-
-func TestIsInternalEnvKey(t *testing.T) {
-	for _, k := range []string{"PATH", "HOME", "CI", "GITHUB_TOKEN", "GITEA_ACTIONS", "RUNNER_OS", "INPUT_FOO"} {
-		assert.True(t, isInternalEnvKey(k, false), k)
-	}
-	for _, k := range []string{"PATH_PREFIX", "MY_VAR", "GREETING", "HOMEPAGE"} {
-		assert.False(t, isInternalEnvKey(k, false), k)
-	}
-	assert.True(t, isInternalEnvKey("path", true))
-	assert.False(t, isInternalEnvKey("path", false))
-}
-
-func TestPrintColoredScriptLineCyan(t *testing.T) {
-	f := &jobLogFormatter{color: cyan}
-	entry := &logrus.Entry{
-		Level:   logrus.InfoLevel,
-		Message: "echo one",
-		Data: logrus.Fields{
-			"job":               "j1",
-			rawOutputField:      true,
-			scriptLineCyanField: true,
-		},
-	}
-	buf := &bytes.Buffer{}
-	f.printColored(buf, entry)
-	assert.Equal(t, "\x1b[36m|\x1b[0m \x1b[36;1mecho one\x1b[0m", buf.String())
-}

act/runner/testdata/cache/nektos-test-override.git/HEAD

@@ -1 +0,0 @@
-ref: refs/heads/master

act/runner/testdata/cache/nektos-test-override.git/config

@@ -1,2 +0,0 @@
-[core]
-	bare = true

act/runner/testdata/workflow_dispatch/event.json

@@ -1,6 +0,0 @@
-{
-  "inputs": {
-    "required": "required input",
-    "boolean": "true"
-  }
-}

build.go

@@ -0,0 +1,11 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+//go:build vendor
+
+package main
+
+import (
+	// for vet
+	_ "code.gitea.io/gitea-vet"
+)

cmd/dir.go

@@ -0,0 +1,27 @@
+package cmd
+
+import (
+	"os"
+	"path/filepath"
+
+	log "github.com/sirupsen/logrus"
+)
+
+var (
+	UserHomeDir  string
+	CacheHomeDir string
+)
+
+func init() {
+	home, err := os.UserHomeDir()
+	if err != nil {
+		log.Fatal(err)
+	}
+	UserHomeDir = home
+
+	if v := os.Getenv("XDG_CACHE_HOME"); v != "" {
+		CacheHomeDir = v
+	} else {
+		CacheHomeDir = filepath.Join(UserHomeDir, ".cache")
+	}
+}

cmd/execute_test.go

@@ -0,0 +1,45 @@
+package cmd
+
+import (
+	"context"
+	"os"
+	"testing"
+)
+
+// Helper function to test main with different os.Args
+func testMain(args []string) (exitCode int) {
+	// Save original os.Args and defer restoring it
+	origArgs := os.Args
+	defer func() { os.Args = origArgs }()
+
+	// Save original os.Exit and defer restoring it
+	defer func() { exitFunc = os.Exit }()
+
+	// Mock os.Exit
+	fakeExit := func(code int) {
+		exitCode = code
+	}
+	exitFunc = fakeExit
+
+	// Mock os.Args
+	os.Args = args
+
+	// Run the main function
+	Execute(context.Background(), "")
+
+	return exitCode
+}
+
+func TestMainHelp(t *testing.T) {
+	exitCode := testMain([]string{"cmd", "--help"})
+	if exitCode != 0 {
+		t.Errorf("expected exit code 0, got %d", exitCode)
+	}
+}
+
+func TestMainNoArgsError(t *testing.T) {
+	exitCode := testMain([]string{"cmd"})
+	if exitCode != 1 {
+		t.Errorf("expected exit code 1, got %d", exitCode)
+	}
+}

cmd/graph.go

@@ -0,0 +1,38 @@
+package cmd
+
+import (
+	"os"
+
+	"gitea.com/gitea/act_runner/pkg/common"
+	"gitea.com/gitea/act_runner/pkg/model"
+)
+
+func drawGraph(plan *model.Plan) error {
+	drawings := make([]*common.Drawing, 0)
+
+	jobPen := common.NewPen(common.StyleSingleLine, 96)
+	arrowPen := common.NewPen(common.StyleNoLine, 97)
+	for i, stage := range plan.Stages {
+		if i > 0 {
+			drawings = append(drawings, arrowPen.DrawArrow())
+		}
+
+		ids := make([]string, 0)
+		for _, r := range stage.Runs {
+			ids = append(ids, r.String())
+		}
+		drawings = append(drawings, jobPen.DrawBoxes(ids...))
+	}
+
+	maxWidth := 0
+	for _, d := range drawings {
+		if d.GetWidth() > maxWidth {
+			maxWidth = d.GetWidth()
+		}
+	}
+
+	for _, d := range drawings {
+		d.Draw(os.Stdout, maxWidth)
+	}
+	return nil
+}

cmd/input.go

@@ -0,0 +1,118 @@
+package cmd
+
+import (
+	"path/filepath"
+
+	log "github.com/sirupsen/logrus"
+)
+
+// Input contains the input for the root command
+type Input struct {
+	actor                              string
+	workdir                            string
+	workflowsPath                      string
+	autodetectEvent                    bool
+	eventPath                          string
+	reuseContainers                    bool
+	bindWorkdir                        bool
+	secrets                            []string
+	vars                               []string
+	envs                               []string
+	inputs                             []string
+	platforms                          []string
+	dryrun                             bool
+	pullIfNeeded                       bool
+	noRebuild                          bool
+	noOutput                           bool
+	envfile                            string
+	inputfile                          string
+	secretfile                         string
+	varfile                            string
+	insecureSecrets                    bool
+	defaultBranch                      string
+	privileged                         bool
+	usernsMode                         string
+	containerArchitecture              string
+	containerDaemonSocket              string
+	containerOptions                   string
+	workflowRecurse                    bool
+	useGitIgnore                       bool
+	githubInstance                     string
+	gitHubServerURL                    string
+	gitHubAPIServerURL                 string
+	gitHubGraphQlAPIServerURL          string
+	containerCapAdd                    []string
+	containerCapDrop                   []string
+	autoRemove                         bool
+	artifactServerPath                 string
+	artifactServerAddr                 string
+	artifactServerPort                 string
+	noCacheServer                      bool
+	cacheServerPath                    string
+	cacheServerAddr                    string
+	cacheServerPort                    uint16
+	jsonLogger                         bool
+	noSkipCheckout                     bool
+	remoteName                         string
+	replaceGheActionWithGithubCom      []string
+	replaceGheActionTokenWithGithubCom string
+	matrix                             []string
+	actionCachePath                    string
+	actionOfflineMode                  bool
+	logPrefixJobID                     bool
+	networkName                        string
+	localRepository                    []string
+	listOptions                        bool
+	validate                           bool
+	strict                             bool
+	parallel                           int
+	gitea                              bool
+}
+
+func (i *Input) resolve(path string) string {
+	basedir, err := filepath.Abs(i.workdir)
+	if err != nil {
+		log.Fatal(err)
+	}
+	if path == "" {
+		return path
+	}
+	if !filepath.IsAbs(path) {
+		path = filepath.Join(basedir, path)
+	}
+	return path
+}
+
+// Envfile returns path to .env
+func (i *Input) Envfile() string {
+	return i.resolve(i.envfile)
+}
+
+// Secretfile returns path to secrets
+func (i *Input) Secretfile() string {
+	return i.resolve(i.secretfile)
+}
+
+func (i *Input) Varfile() string {
+	return i.resolve(i.varfile)
+}
+
+// Workdir returns path to workdir
+func (i *Input) Workdir() string {
+	return i.resolve(".")
+}
+
+// WorkflowsPath returns path to workflow file(s)
+func (i *Input) WorkflowsPath() string {
+	return i.resolve(i.workflowsPath)
+}
+
+// EventPath returns the path to events file
+func (i *Input) EventPath() string {
+	return i.resolve(i.eventPath)
+}
+
+// Inputfile returns the path to the input file
+func (i *Input) Inputfile() string {
+	return i.resolve(i.inputfile)
+}

cmd/list.go

@@ -0,0 +1,107 @@
+package cmd
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"gitea.com/gitea/act_runner/pkg/model"
+)
+
+func printList(plan *model.Plan) error {
+	type lineInfoDef struct {
+		jobID   string
+		jobName string
+		stage   string
+		wfName  string
+		wfFile  string
+		events  string
+	}
+	lineInfos := []lineInfoDef{}
+
+	header := lineInfoDef{
+		jobID:   "Job ID",
+		jobName: "Job name",
+		stage:   "Stage",
+		wfName:  "Workflow name",
+		wfFile:  "Workflow file",
+		events:  "Events",
+	}
+
+	jobs := map[string]bool{}
+	duplicateJobIDs := false
+
+	jobIDMaxWidth := len(header.jobID)
+	jobNameMaxWidth := len(header.jobName)
+	stageMaxWidth := len(header.stage)
+	wfNameMaxWidth := len(header.wfName)
+	wfFileMaxWidth := len(header.wfFile)
+	eventsMaxWidth := len(header.events)
+
+	for i, stage := range plan.Stages {
+		for _, r := range stage.Runs {
+			jobID := r.JobID
+			line := lineInfoDef{
+				jobID:   jobID,
+				jobName: r.String(),
+				stage:   strconv.Itoa(i),
+				wfName:  r.Workflow.Name,
+				wfFile:  r.Workflow.File,
+				events:  strings.Join(r.Workflow.On(), `,`),
+			}
+			if _, ok := jobs[jobID]; ok {
+				duplicateJobIDs = true
+			} else {
+				jobs[jobID] = true
+			}
+			lineInfos = append(lineInfos, line)
+			if jobIDMaxWidth < len(line.jobID) {
+				jobIDMaxWidth = len(line.jobID)
+			}
+			if jobNameMaxWidth < len(line.jobName) {
+				jobNameMaxWidth = len(line.jobName)
+			}
+			if stageMaxWidth < len(line.stage) {
+				stageMaxWidth = len(line.stage)
+			}
+			if wfNameMaxWidth < len(line.wfName) {
+				wfNameMaxWidth = len(line.wfName)
+			}
+			if wfFileMaxWidth < len(line.wfFile) {
+				wfFileMaxWidth = len(line.wfFile)
+			}
+			if eventsMaxWidth < len(line.events) {
+				eventsMaxWidth = len(line.events)
+			}
+		}
+	}
+
+	jobIDMaxWidth += 2
+	jobNameMaxWidth += 2
+	stageMaxWidth += 2
+	wfNameMaxWidth += 2
+	wfFileMaxWidth += 2
+
+	fmt.Printf("%*s%*s%*s%*s%*s%*s\n",
+		-stageMaxWidth, header.stage,
+		-jobIDMaxWidth, header.jobID,
+		-jobNameMaxWidth, header.jobName,
+		-wfNameMaxWidth, header.wfName,
+		-wfFileMaxWidth, header.wfFile,
+		-eventsMaxWidth, header.events,
+	)
+	for _, line := range lineInfos {
+		fmt.Printf("%*s%*s%*s%*s%*s%*s\n",
+			-stageMaxWidth, line.stage,
+			-jobIDMaxWidth, line.jobID,
+			-jobNameMaxWidth, line.jobName,
+			-wfNameMaxWidth, line.wfName,
+			-wfFileMaxWidth, line.wfFile,
+			-eventsMaxWidth, line.events,
+		)
+	}
+	if duplicateJobIDs {
+		fmt.Print("\nDetected multiple jobs with the same job name, use `-W` to specify the path to the specific workflow.\n")
+	}
+	return nil
+}

cmd/platforms.go

@@ -0,0 +1,22 @@
+package cmd
+
+import (
+	"strings"
+)
+
+func (i *Input) newPlatforms() map[string]string {
+	platforms := map[string]string{
+		"ubuntu-latest": "node:16-buster-slim",
+		"ubuntu-22.04":  "node:16-bullseye-slim",
+		"ubuntu-20.04":  "node:16-buster-slim",
+		"ubuntu-18.04":  "node:16-buster-slim",
+	}
+
+	for _, p := range i.platforms {
+		pParts := strings.SplitN(p, "=", 2)
+		if len(pParts) == 2 {
+			platforms[strings.ToLower(pParts[0])] = pParts[1]
+		}
+	}
+	return platforms
+}

cmd/root.go

@@ -0,0 +1,872 @@
+package cmd
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"regexp"
+	"runtime"
+	"runtime/debug"
+	"strconv"
+	"strings"
+
+	"github.com/AlecAivazis/survey/v2"
+	"github.com/adrg/xdg"
+	"github.com/andreaskoch/go-fswatch"
+	docker_container "github.com/docker/docker/api/types/container"
+	"github.com/joho/godotenv"
+	gitignore "github.com/sabhiram/go-gitignore"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/spf13/cobra/doc"
+	"github.com/spf13/pflag"
+	"gopkg.in/yaml.v3"
+
+	"gitea.com/gitea/act_runner/pkg/artifactcache"
+	"gitea.com/gitea/act_runner/pkg/artifacts"
+	"gitea.com/gitea/act_runner/pkg/common"
+	"gitea.com/gitea/act_runner/pkg/container"
+	"gitea.com/gitea/act_runner/pkg/gh"
+	"gitea.com/gitea/act_runner/pkg/model"
+	"gitea.com/gitea/act_runner/pkg/runner"
+	"gitea.com/gitea/act_runner/pkg/schema"
+)
+
+type Flag struct {
+	Name        string `json:"name"`
+	Default     string `json:"default"`
+	Type        string `json:"type"`
+	Description string `json:"description"`
+}
+
+var exitFunc = os.Exit
+
+// Execute is the entry point to running the CLI
+func Execute(ctx context.Context, version string) {
+	input := new(Input)
+	rootCmd := createRootCommand(ctx, input, version)
+
+	if err := rootCmd.Execute(); err != nil {
+		exitFunc(1)
+	}
+}
+
+func createRootCommand(ctx context.Context, input *Input, version string) *cobra.Command {
+	rootCmd := &cobra.Command{
+		Use:              "act [event name to run] [flags]\n\nIf no event name passed, will default to \"on: push\"\nIf actions handles only one event it will be used as default instead of \"on: push\"\nSee documentation at: https://gitea.com/actions-oss/act-cli or https://github.com/actions-oss/act-cli",
+		Short:            "Run GitHub actions locally by specifying the event name (e.g. `push`) or an action name directly.",
+		Args:             cobra.MaximumNArgs(1),
+		RunE:             newRunCommand(ctx, input),
+		PersistentPreRun: setup(input),
+		Version:          version,
+		SilenceUsage:     true,
+	}
+
+	rootCmd.Flags().BoolP("watch", "w", false, "watch the contents of the local repo and run when files change")
+	rootCmd.Flags().BoolVar(&input.validate, "validate", false, "validate workflows")
+	rootCmd.Flags().BoolVar(&input.strict, "strict", false, "use strict workflow schema")
+	rootCmd.Flags().BoolP("list", "l", false, "list workflows")
+	rootCmd.Flags().BoolP("graph", "g", false, "draw workflows")
+	rootCmd.Flags().StringP("job", "j", "", "run a specific job ID")
+	rootCmd.Flags().BoolP("bug-report", "", false, "Display system information for bug report")
+	rootCmd.Flags().BoolP("man-page", "", false, "Print a generated manual page to stdout")
+
+	rootCmd.Flags().StringVar(&input.remoteName, "remote-name", "origin", "git remote name that will be used to retrieve url of git repo")
+	rootCmd.Flags().StringArrayVarP(&input.secrets, "secret", "s", []string{}, "secret to make available to actions with optional value (e.g. -s mysecret=foo or -s mysecret)")
+	rootCmd.Flags().StringArrayVar(&input.vars, "var", []string{}, "variable to make available to actions with optional value (e.g. --var myvar=foo or --var myvar)")
+	rootCmd.Flags().StringArrayVarP(&input.envs, "env", "", []string{}, "env to make available to actions with optional value (e.g. --env myenv=foo or --env myenv)")
+	rootCmd.Flags().StringArrayVarP(&input.inputs, "input", "", []string{}, "action input to make available to actions (e.g. --input myinput=foo)")
+	rootCmd.Flags().StringArrayVarP(&input.platforms, "platform", "P", []string{}, "custom image to use per platform (e.g. -P ubuntu-18.04=nektos/act-environments-ubuntu:18.04)")
+	rootCmd.Flags().BoolVarP(&input.reuseContainers, "reuse", "r", false, "don't remove container(s) on successfully completed workflow(s) to maintain state between runs")
+	rootCmd.Flags().BoolVarP(&input.bindWorkdir, "bind", "b", false, "bind working directory to container, rather than copy")
+	rootCmd.Flags().BoolVarP(&input.pullIfNeeded, "pull-if-needed", "", false, "only pull docker image(s) if not present")
+	rootCmd.Flags().BoolVarP(&input.noRebuild, "no-rebuild", "", false, "don't rebuild local action docker action image(s) if already present for correct platform")
+	rootCmd.Flags().BoolVarP(&input.autodetectEvent, "detect-event", "", false, "Use first event type from workflow as event that triggered the workflow")
+	rootCmd.Flags().StringVarP(&input.eventPath, "eventpath", "e", "", "path to event JSON file")
+	rootCmd.Flags().StringVar(&input.defaultBranch, "defaultbranch", "", "the name of the main branch")
+	rootCmd.Flags().BoolVar(&input.privileged, "privileged", false, "use privileged mode")
+	rootCmd.Flags().StringVar(&input.usernsMode, "userns", "", "user namespace to use")
+	rootCmd.Flags().BoolVar(&input.useGitIgnore, "use-gitignore", true, "Controls whether paths specified in .gitignore should be copied into container")
+	rootCmd.Flags().StringArrayVarP(&input.containerCapAdd, "container-cap-add", "", []string{}, "kernel capabilities to add to the workflow containers (e.g. --container-cap-add SYS_PTRACE)")
+	rootCmd.Flags().StringArrayVarP(&input.containerCapDrop, "container-cap-drop", "", []string{}, "kernel capabilities to remove from the workflow containers (e.g. --container-cap-drop SYS_PTRACE)")
+	rootCmd.Flags().BoolVar(&input.autoRemove, "rm", false, "automatically remove container(s)/volume(s) after a workflow(s) failure")
+	rootCmd.Flags().StringArrayVarP(&input.replaceGheActionWithGithubCom, "replace-ghe-action-with-github-com", "", []string{}, "If you are using GitHub Enterprise Server and allow specified actions from GitHub (github.com), you can set actions on this. (e.g. --replace-ghe-action-with-github-com =github/super-linter)")
+	rootCmd.Flags().StringVar(&input.replaceGheActionTokenWithGithubCom, "replace-ghe-action-token-with-github-com", "", "If you are using replace-ghe-action-with-github-com  and you want to use private actions on GitHub, you have to set personal access token")
+	rootCmd.Flags().StringArrayVarP(&input.matrix, "matrix", "", []string{}, "specify which matrix configuration to include (e.g. --matrix java:13")
+	rootCmd.Flags().IntVarP(&input.parallel, "parallel", "", 0, "number of jobs to run in parallel")
+	rootCmd.Flags().IntVarP(&input.parallel, "concurrent-jobs", "", 0, "number of jobs to run in parallel")
+	rootCmd.PersistentFlags().StringVarP(&input.actor, "actor", "a", "nektos/act", "user that triggered the event")
+	rootCmd.PersistentFlags().StringVarP(&input.workflowsPath, "workflows", "W", "./.github/workflows/", "path to workflow file(s)")
+	rootCmd.PersistentFlags().BoolVarP(&input.workflowRecurse, "recurse", "", false, "Flag to enable running workflows from subdirectories of specified path in '--workflows'/'-W' flag, this feature doesn't exist on GitHub Actions as of 2024/11")
+	rootCmd.PersistentFlags().StringVarP(&input.workdir, "directory", "C", ".", "working directory")
+	rootCmd.PersistentFlags().BoolP("verbose", "v", false, "verbose output")
+	rootCmd.PersistentFlags().BoolVar(&input.jsonLogger, "json", false, "Output logs in json format")
+	rootCmd.PersistentFlags().BoolVar(&input.logPrefixJobID, "log-prefix-job-id", false, "Output the job id within non-json logs instead of the entire name")
+	rootCmd.PersistentFlags().BoolVarP(&input.noOutput, "quiet", "q", false, "disable logging of output from steps")
+	rootCmd.PersistentFlags().BoolVarP(&input.dryrun, "dryrun", "n", false, "disable container creation, validates only workflow correctness")
+	rootCmd.PersistentFlags().StringVarP(&input.secretfile, "secret-file", "", ".secrets", "file with list of secrets to read from (e.g. --secret-file .secrets)")
+	rootCmd.PersistentFlags().StringVarP(&input.varfile, "var-file", "", ".vars", "file with list of vars to read from (e.g. --var-file .vars)")
+	rootCmd.PersistentFlags().BoolVarP(&input.insecureSecrets, "insecure-secrets", "", false, "NOT RECOMMENDED! Doesn't hide secrets while printing logs.")
+	rootCmd.PersistentFlags().StringVarP(&input.envfile, "env-file", "", ".env", "environment file to read and use as env in the containers")
+	rootCmd.PersistentFlags().StringVarP(&input.inputfile, "input-file", "", ".input", "input file to read and use as action input")
+	rootCmd.PersistentFlags().StringVarP(&input.containerArchitecture, "container-architecture", "", "", "Architecture which should be used to run containers, e.g.: linux/amd64. If not specified, will use host default architecture. Requires Docker server API Version 1.41+. Ignored on earlier Docker server platforms.")
+	rootCmd.PersistentFlags().StringVarP(&input.containerDaemonSocket, "container-daemon-socket", "", "", "URI to Docker Engine socket (e.g.: unix://~/.docker/run/docker.sock or - to disable bind mounting the socket)")
+	rootCmd.PersistentFlags().StringVarP(&input.containerOptions, "container-options", "", "", "Custom docker container options for the job container without an options property in the job definition")
+	rootCmd.PersistentFlags().StringVarP(&input.githubInstance, "github-instance", "", "github.com", "GitHub instance to use. Only use this when using GitHub Enterprise Server.")
+	rootCmd.PersistentFlags().StringVarP(&input.gitHubServerURL, "github-server-url", "", "", "Fully qualified URL to the GitHub instance to use with http/https protocol. Only use this when using GitHub Enterprise Server or Gitea.")
+	rootCmd.PersistentFlags().StringVarP(&input.gitHubAPIServerURL, "github-api-server-url", "", "", "Fully qualified URL to the GitHub instance api url to use with http/https protocol. Only use this when using GitHub Enterprise Server or Gitea.")
+	rootCmd.PersistentFlags().StringVarP(&input.gitHubGraphQlAPIServerURL, "github-graph-ql-api-server-url", "", "", "Fully qualified URL to the GitHub instance graphql api to use with http/https protocol. Only use this when using GitHub Enterprise Server or Gitea.")
+	rootCmd.PersistentFlags().StringVarP(&input.artifactServerPath, "artifact-server-path", "", "", "Defines the path where the artifact server stores uploads and retrieves downloads from. If not specified the artifact server will not start.")
+	rootCmd.PersistentFlags().StringVarP(&input.artifactServerAddr, "artifact-server-addr", "", common.GetOutboundIP().String(), "Defines the address to which the artifact server binds.")
+	rootCmd.PersistentFlags().StringVarP(&input.artifactServerPort, "artifact-server-port", "", "34567", "Defines the port where the artifact server listens.")
+	rootCmd.PersistentFlags().BoolVarP(&input.noSkipCheckout, "no-skip-checkout", "", false, "Do not skip actions/checkout")
+	rootCmd.PersistentFlags().BoolVarP(&input.noCacheServer, "no-cache-server", "", false, "Disable cache server")
+	rootCmd.PersistentFlags().StringVarP(&input.cacheServerPath, "cache-server-path", "", filepath.Join(CacheHomeDir, "actcache"), "Defines the path where the cache server stores caches.")
+	rootCmd.PersistentFlags().StringVarP(&input.cacheServerAddr, "cache-server-addr", "", common.GetOutboundIP().String(), "Defines the address to which the cache server binds.")
+	rootCmd.PersistentFlags().Uint16VarP(&input.cacheServerPort, "cache-server-port", "", 0, "Defines the port where the artifact server listens. 0 means a randomly available port.")
+	rootCmd.PersistentFlags().StringVarP(&input.actionCachePath, "action-cache-path", "", filepath.Join(CacheHomeDir, "act"), "Defines the path where the actions get cached and host workspaces created.")
+	rootCmd.PersistentFlags().BoolVarP(&input.actionOfflineMode, "action-offline-mode", "", false, "If action contents exists, it will not be fetch and pull again. If turn on this, will turn off force pull")
+	rootCmd.PersistentFlags().StringVarP(&input.networkName, "network", "", "host", "Sets a docker network name. Defaults to host.")
+	rootCmd.PersistentFlags().StringArrayVarP(&input.localRepository, "local-repository", "", []string{}, "Replaces the specified repository and ref with a local folder (e.g. https://github.com/test/test@v0=/home/act/test or test/test@v0=/home/act/test, the latter matches any hosts or protocols)")
+	rootCmd.PersistentFlags().BoolVar(&input.listOptions, "list-options", false, "Print a json structure of compatible options")
+	rootCmd.PersistentFlags().BoolVar(&input.gitea, "gitea", false, "Use Gitea instead of GitHub")
+	rootCmd.SetArgs(args())
+	return rootCmd
+}
+
+// Return locations where Act's config can be found in order: XDG spec, .actrc in HOME directory, .actrc in invocation directory
+func configLocations() []string {
+	configFileName := ".actrc"
+
+	homePath := filepath.Join(UserHomeDir, configFileName)
+	invocationPath := filepath.Join(".", configFileName)
+
+	// Though named xdg, adrg's lib support macOS and Windows config paths as well
+	// It also takes cares of creating the parent folder so we don't need to bother later
+	specPath, err := xdg.ConfigFile("act/actrc")
+	if err != nil {
+		specPath = homePath
+	}
+
+	// This order should be enforced since the survey part relies on it
+	return []string{specPath, homePath, invocationPath}
+}
+
+func args() []string {
+	actrc := configLocations()
+
+	args := make([]string, 0)
+	for _, f := range actrc {
+		args = append(args, readArgsFile(f, true)...)
+	}
+
+	args = append(args, os.Args[1:]...)
+	return args
+}
+
+func bugReport(ctx context.Context, version string) error {
+	sprintf := func(key, val string) string {
+		return fmt.Sprintf("%-24s%s\n", key, val)
+	}
+
+	report := sprintf("act version:", version)
+	report += sprintf("Variant:", "https://gitea.com/actions-oss/act-cli / https://github.com/actions-oss/act-cli")
+	report += sprintf("GOOS:", runtime.GOOS)
+	report += sprintf("GOARCH:", runtime.GOARCH)
+	report += sprintf("NumCPU:", strconv.Itoa(runtime.NumCPU()))
+
+	var dockerHost string
+	var exists bool
+	if dockerHost, exists = os.LookupEnv("DOCKER_HOST"); !exists {
+		dockerHost = "DOCKER_HOST environment variable is not set"
+	} else if dockerHost == "" {
+		dockerHost = "DOCKER_HOST environment variable is empty."
+	}
+
+	report += sprintf("Docker host:", dockerHost)
+	report += fmt.Sprintln("Sockets found:")
+	for _, p := range container.CommonSocketLocations {
+		if _, err := os.Lstat(os.ExpandEnv(p)); err != nil {
+			continue
+		} else if _, err := os.Stat(os.ExpandEnv(p)); err != nil {
+			report += fmt.Sprintf("\t%s(broken)\n", p)
+		} else {
+			report += fmt.Sprintf("\t%s\n", p)
+		}
+	}
+
+	report += sprintf("Config files:", "")
+	var reportSb202 strings.Builder
+	var reportSb205 strings.Builder
+	for _, c := range configLocations() {
+		args := readArgsFile(c, false)
+		if len(args) > 0 {
+			fmt.Fprintf(&reportSb202, "\t%s:\n", c)
+			var reportSb206 strings.Builder
+			for _, l := range args {
+				fmt.Fprintf(&reportSb206, "\t\t%s\n", l)
+			}
+			reportSb205.WriteString(reportSb206.String())
+		}
+	}
+	report += reportSb205.String()
+	report += reportSb202.String()
+
+	vcs, ok := debug.ReadBuildInfo()
+	if ok && vcs != nil {
+		report += fmt.Sprintln("Build info:")
+		vcs := *vcs
+		report += sprintf("\tGo version:", vcs.GoVersion)
+		report += sprintf("\tModule path:", vcs.Path)
+		report += sprintf("\tMain version:", vcs.Main.Version)
+		report += sprintf("\tMain path:", vcs.Main.Path)
+		report += sprintf("\tMain checksum:", vcs.Main.Sum)
+
+		report += fmt.Sprintln("\tBuild settings:")
+		var reportSb223 strings.Builder
+		for _, set := range vcs.Settings {
+			reportSb223.WriteString(sprintf(fmt.Sprintf("\t\t%s:", set.Key), set.Value))
+		}
+		report += reportSb223.String()
+	}
+
+	info, err := container.GetHostInfo(ctx)
+	if err != nil {
+		fmt.Println(report)
+		return err
+	}
+
+	report += fmt.Sprintln("Docker Engine:")
+
+	report += sprintf("\tEngine version:", info.ServerVersion)
+	report += sprintf("\tEngine runtime:", info.DefaultRuntime)
+	report += sprintf("\tCgroup version:", info.CgroupVersion)
+	report += sprintf("\tCgroup driver:", info.CgroupDriver)
+	report += sprintf("\tStorage driver:", info.Driver)
+	report += sprintf("\tRegistry URI:", info.IndexServerAddress)
+
+	report += sprintf("\tOS:", info.OperatingSystem)
+	report += sprintf("\tOS type:", info.OSType)
+	report += sprintf("\tOS version:", info.OSVersion)
+	report += sprintf("\tOS arch:", info.Architecture)
+	report += sprintf("\tOS kernel:", info.KernelVersion)
+	report += sprintf("\tOS CPU:", strconv.Itoa(info.NCPU))
+	report += sprintf("\tOS memory:", fmt.Sprintf("%d MB", info.MemTotal/1024/1024))
+
+	report += fmt.Sprintln("\tSecurity options:")
+	var reportSb252 strings.Builder
+	for _, secopt := range info.SecurityOptions {
+		fmt.Fprintf(&reportSb252, "\t\t%s\n", secopt)
+	}
+	report += reportSb252.String()
+
+	fmt.Println(report)
+	return nil
+}
+
+func generateManPage(cmd *cobra.Command) error {
+	header := &doc.GenManHeader{
+		Title:   "act",
+		Section: "1",
+		Source:  "act " + cmd.Version,
+	}
+	buf := new(bytes.Buffer)
+	cobra.CheckErr(doc.GenMan(cmd, header, buf))
+	fmt.Print(buf.String())
+	return nil
+}
+
+func listOptions(cmd *cobra.Command) error {
+	flags := []Flag{}
+	cmd.LocalFlags().VisitAll(func(f *pflag.Flag) {
+		flags = append(flags, Flag{Name: f.Name, Default: f.DefValue, Description: f.Usage, Type: f.Value.Type()})
+	})
+	a, err := json.Marshal(flags)
+	fmt.Println(string(a))
+	return err
+}
+
+func readArgsFile(file string, split bool) []string {
+	args := make([]string, 0)
+	f, err := os.Open(file)
+	if err != nil {
+		return args
+	}
+	defer func() {
+		err := f.Close()
+		if err != nil {
+			log.Errorf("failed to close args file: %v", err)
+		}
+	}()
+	scanner := bufio.NewScanner(f)
+	scanner.Buffer(nil, 1024*1024*1024) // increase buffer to 1GB to avoid scanner buffer overflow
+	for scanner.Scan() {
+		arg := os.ExpandEnv(strings.TrimSpace(scanner.Text()))
+
+		if strings.HasPrefix(arg, "-") && split {
+			args = append(args, regexp.MustCompile(`\s`).Split(arg, 2)...)
+		} else if !split {
+			args = append(args, arg)
+		}
+	}
+	return args
+}
+
+func setup(_ *Input) func(*cobra.Command, []string) {
+	return func(cmd *cobra.Command, _ []string) {
+		verbose, _ := cmd.Flags().GetBool("verbose")
+		if verbose {
+			log.SetLevel(log.DebugLevel)
+		}
+	}
+}
+
+func parseEnvs(env []string) map[string]string {
+	envs := make(map[string]string, len(env))
+	for _, envVar := range env {
+		e := strings.SplitN(envVar, `=`, 2)
+		if len(e) == 2 {
+			envs[e[0]] = e[1]
+		} else {
+			envs[e[0]] = ""
+		}
+	}
+	return envs
+}
+
+func readYamlFile(file string) (map[string]string, error) {
+	content, err := os.ReadFile(file)
+	if err != nil {
+		return nil, err
+	}
+	ret := map[string]string{}
+	if err = yaml.Unmarshal(content, &ret); err != nil {
+		return nil, err
+	}
+	return ret, nil
+}
+
+func readEnvs(path string, envs map[string]string) bool {
+	return readEnvsEx(path, envs, false)
+}
+
+func readEnvsEx(path string, envs map[string]string, caseInsensitive bool) bool {
+	if _, err := os.Stat(path); err == nil {
+		var env map[string]string
+		if ext := filepath.Ext(path); ext == ".yml" || ext == ".yaml" {
+			env, err = readYamlFile(path)
+		} else {
+			env, err = godotenv.Read(path)
+		}
+		if err != nil {
+			log.Fatalf("Error loading from %s: %v", path, err)
+		}
+		for k, v := range env {
+			if caseInsensitive {
+				k = strings.ToUpper(k)
+			}
+			if _, ok := envs[k]; !ok {
+				envs[k] = v
+			}
+		}
+		return true
+	}
+	return false
+}
+
+func parseMatrix(matrix []string) map[string]map[string]bool {
+	// each matrix entry should be of the form - string:string
+	r := regexp.MustCompile(":")
+	matrixes := make(map[string]map[string]bool)
+	for _, m := range matrix {
+		matrix := r.Split(m, 2)
+		if len(matrix) < 2 {
+			log.Fatalf("Invalid matrix format. Failed to parse %s", m)
+		}
+		if _, ok := matrixes[matrix[0]]; !ok {
+			matrixes[matrix[0]] = make(map[string]bool)
+		}
+		matrixes[matrix[0]][matrix[1]] = true
+	}
+	return matrixes
+}
+
+//nolint:gocyclo
+func newRunCommand(ctx context.Context, input *Input) func(*cobra.Command, []string) error {
+	return func(cmd *cobra.Command, args []string) error {
+		if input.jsonLogger {
+			log.SetFormatter(&log.JSONFormatter{})
+		}
+
+		if ok, _ := cmd.Flags().GetBool("bug-report"); ok {
+			ctx, cancel := common.EarlyCancelContext(ctx)
+			defer cancel()
+			return bugReport(ctx, cmd.Version)
+		}
+		if ok, _ := cmd.Flags().GetBool("man-page"); ok {
+			return generateManPage(cmd)
+		}
+		if input.listOptions {
+			return listOptions(cmd)
+		}
+
+		if ret, err := container.GetSocketAndHost(input.containerDaemonSocket); err != nil {
+			log.Warnf("Couldn't get a valid docker connection: %+v", err)
+		} else {
+			os.Setenv("DOCKER_HOST", ret.Host)
+			input.containerDaemonSocket = ret.Socket
+			log.Infof("Using docker host '%s', and daemon socket '%s'", ret.Host, ret.Socket)
+		}
+
+		if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" && input.containerArchitecture == "" {
+			l := log.New()
+			l.SetFormatter(&log.TextFormatter{
+				DisableQuote:     true,
+				DisableTimestamp: true,
+			})
+			l.Warnf(" \U000026A0 You are using Apple M-series chip and you have not specified container architecture, you might encounter issues while running act. If so, try running it with '--container-architecture linux/amd64'. \U000026A0 \n")
+		}
+
+		log.Debugf("Loading environment from %s", input.Envfile())
+		envs := parseEnvs(input.envs)
+		_ = readEnvs(input.Envfile(), envs)
+
+		log.Debugf("Loading action inputs from %s", input.Inputfile())
+		inputs := parseEnvs(input.inputs)
+		_ = readEnvs(input.Inputfile(), inputs)
+
+		log.Debugf("Loading secrets from %s", input.Secretfile())
+		secrets := newSecrets(input.secrets)
+		_ = readEnvsEx(input.Secretfile(), secrets, true)
+
+		if _, hasGitHubToken := secrets["GITHUB_TOKEN"]; !hasGitHubToken {
+			ctx, cancel := common.EarlyCancelContext(ctx)
+			defer cancel()
+			secrets["GITHUB_TOKEN"], _ = gh.GetToken(ctx, "")
+		}
+
+		log.Debugf("Loading vars from %s", input.Varfile())
+		vars := newSecrets(input.vars)
+		_ = readEnvs(input.Varfile(), vars)
+
+		log.Debugf("Cleaning up %s old action cache format", input.actionCachePath)
+		entries, _ := os.ReadDir(input.actionCachePath)
+		for _, entry := range entries {
+			if strings.Contains(entry.Name(), "@") {
+				fullPath := filepath.Join(input.actionCachePath, entry.Name())
+				log.Debugf("Removing %s", fullPath)
+				_ = os.RemoveAll(fullPath)
+			}
+		}
+
+		matrixes := parseMatrix(input.matrix)
+		log.Debugf("Evaluated matrix inclusions: %v", matrixes)
+
+		// TODO switch to Gitea Schema when supported
+		plannerConfig := model.PlannerConfig{
+			Recursive: input.workflowRecurse,
+			Workflow: model.WorkflowConfig{
+				Strict: input.strict,
+			},
+		}
+		if input.gitea {
+			plannerConfig.Workflow.Schema = schema.GetGiteaWorkflowSchema()
+		}
+
+		planner, err := model.NewWorkflowPlanner(input.WorkflowsPath(), plannerConfig)
+		if err != nil {
+			return err
+		}
+
+		jobID, err := cmd.Flags().GetString("job")
+		if err != nil {
+			return err
+		}
+
+		// check if we should just list the workflows
+		list, err := cmd.Flags().GetBool("list")
+		if err != nil {
+			return err
+		}
+
+		// check if we should just validate the workflows
+		if input.validate {
+			return err
+		}
+
+		// check if we should just draw the graph
+		graph, err := cmd.Flags().GetBool("graph")
+		if err != nil {
+			return err
+		}
+
+		// collect all events from loaded workflows
+		events := planner.GetEvents()
+
+		// plan with filtered jobs - to be used for filtering only
+		var filterPlan *model.Plan
+
+		// Determine the event name to be filtered
+		var filterEventName string
+
+		if len(args) > 0 {
+			log.Debugf("Using first passed in arguments event for filtering: %s", args[0])
+			filterEventName = args[0]
+		} else if input.autodetectEvent && len(events) > 0 && len(events[0]) > 0 {
+			// set default event type to first event from many available
+			// this way user dont have to specify the event.
+			log.Debugf("Using first detected workflow event for filtering: %s", events[0])
+			filterEventName = events[0]
+		}
+
+		var plannerErr error
+		if jobID != "" {
+			log.Debugf("Preparing plan with a job: %s", jobID)
+			filterPlan, plannerErr = planner.PlanJob(jobID)
+		} else if filterEventName != "" {
+			log.Debugf("Preparing plan for a event: %s", filterEventName)
+			filterPlan, plannerErr = planner.PlanEvent(filterEventName)
+		} else {
+			log.Debugf("Preparing plan with all jobs")
+			filterPlan, plannerErr = planner.PlanAll()
+		}
+		if filterPlan == nil && plannerErr != nil {
+			return plannerErr
+		}
+
+		if list {
+			err = printList(filterPlan)
+			if err != nil {
+				return err
+			}
+			return plannerErr
+		}
+
+		if graph {
+			err = drawGraph(filterPlan)
+			if err != nil {
+				return err
+			}
+			return plannerErr
+		}
+
+		// plan with triggered jobs
+		var plan *model.Plan
+
+		// Determine the event name to be triggered
+		var eventName string
+
+		if len(args) > 0 {
+			log.Debugf("Using first passed in arguments event: %s", args[0])
+			eventName = args[0]
+		} else if len(events) == 1 && len(events[0]) > 0 {
+			log.Debugf("Using the only detected workflow event: %s", events[0])
+			eventName = events[0]
+		} else if input.autodetectEvent && len(events) > 0 && len(events[0]) > 0 {
+			// set default event type to first event from many available
+			// this way user dont have to specify the event.
+			log.Debugf("Using first detected workflow event: %s", events[0])
+			eventName = events[0]
+		} else {
+			log.Debugf("Using default workflow event: push")
+			eventName = "push"
+		}
+
+		// build the plan for this run
+		if jobID != "" {
+			log.Debugf("Planning job: %s", jobID)
+			plan, plannerErr = planner.PlanJob(jobID)
+		} else {
+			log.Debugf("Planning jobs for event: %s", eventName)
+			plan, plannerErr = planner.PlanEvent(eventName)
+		}
+		if plan != nil {
+			if len(plan.Stages) == 0 {
+				plannerErr = errors.New("could not find any stages to run. View the valid jobs with `act --list`. Use `act --help` to find how to filter by Job ID/Workflow/Event Name")
+			}
+		}
+		if plan == nil && plannerErr != nil {
+			return plannerErr
+		}
+
+		// check to see if the main branch was defined
+		defaultbranch, err := cmd.Flags().GetString("defaultbranch")
+		if err != nil {
+			return err
+		}
+
+		// Check if platforms flag is set, if not, run default image survey
+		if len(input.platforms) == 0 {
+			cfgFound := false
+			cfgLocations := configLocations()
+			for _, v := range cfgLocations {
+				_, err := os.Stat(v)
+				if os.IsExist(err) {
+					cfgFound = true
+				}
+			}
+			if !cfgFound && len(cfgLocations) > 0 {
+				// The first config location refers to the global config folder one
+				if err := defaultImageSurvey(cfgLocations[0]); err != nil {
+					log.Fatal(err)
+				}
+				input.platforms = readArgsFile(cfgLocations[0], true)
+			}
+		}
+		deprecationWarning := "--%s is deprecated and will be removed soon, please switch to cli: `--container-options \"%[2]s\"` or `.actrc`: `--container-options %[2]s`."
+		if input.privileged {
+			log.Warnf(deprecationWarning, "privileged", "--privileged")
+		}
+		if len(input.usernsMode) > 0 {
+			log.Warnf(deprecationWarning, "userns", "--userns="+input.usernsMode)
+		}
+		if len(input.containerCapAdd) > 0 {
+			log.Warnf(deprecationWarning, "container-cap-add", fmt.Sprintf("--cap-add=%s", input.containerCapAdd))
+		}
+		if len(input.containerCapDrop) > 0 {
+			log.Warnf(deprecationWarning, "container-cap-drop", fmt.Sprintf("--cap-drop=%s", input.containerCapDrop))
+		}
+
+		// run the plan
+		config := &runner.Config{
+			Actor:                              input.actor,
+			EventName:                          eventName,
+			EventPath:                          input.EventPath(),
+			DefaultBranch:                      defaultbranch,
+			ForcePull:                          !input.actionOfflineMode && !input.pullIfNeeded,
+			ForceRebuild:                       !input.noRebuild,
+			ReuseContainers:                    input.reuseContainers,
+			Workdir:                            input.Workdir(),
+			ActionCacheDir:                     input.actionCachePath,
+			ActionOfflineMode:                  input.actionOfflineMode,
+			BindWorkdir:                        input.bindWorkdir,
+			LogOutput:                          !input.noOutput,
+			JSONLogger:                         input.jsonLogger,
+			LogPrefixJobID:                     input.logPrefixJobID,
+			Env:                                envs,
+			Secrets:                            secrets,
+			Vars:                               vars,
+			Inputs:                             inputs,
+			Token:                              secrets["GITHUB_TOKEN"],
+			InsecureSecrets:                    input.insecureSecrets,
+			Platforms:                          input.newPlatforms(),
+			Privileged:                         input.privileged,
+			UsernsMode:                         input.usernsMode,
+			ContainerArchitecture:              input.containerArchitecture,
+			ContainerDaemonSocket:              input.containerDaemonSocket,
+			ContainerOptions:                   input.containerOptions,
+			UseGitIgnore:                       input.useGitIgnore,
+			GitHubInstance:                     input.githubInstance,
+			GitHubServerURL:                    input.gitHubServerURL,
+			GitHubAPIServerURL:                 input.gitHubAPIServerURL,
+			GitHubGraphQlAPIServerURL:          input.gitHubGraphQlAPIServerURL,
+			ContainerCapAdd:                    input.containerCapAdd,
+			ContainerCapDrop:                   input.containerCapDrop,
+			AutoRemove:                         input.autoRemove,
+			ArtifactServerPath:                 input.artifactServerPath,
+			ArtifactServerAddr:                 input.artifactServerAddr,
+			ArtifactServerPort:                 input.artifactServerPort,
+			NoSkipCheckout:                     input.noSkipCheckout,
+			RemoteName:                         input.remoteName,
+			ReplaceGheActionWithGithubCom:      input.replaceGheActionWithGithubCom,
+			ReplaceGheActionTokenWithGithubCom: input.replaceGheActionTokenWithGithubCom,
+			Matrix:                             matrixes,
+			ContainerNetworkMode:               docker_container.NetworkMode(input.networkName),
+			Parallel:                           input.parallel,
+			Planner:                            plannerConfig,
+			Action:                             model.ActionConfig{}, // TODO Gitea Action Schema
+			MainContextNames:                   []string{"github"},
+		}
+		if input.gitea {
+			config.Action.Schema = schema.GetGiteaActionSchema()
+			config.MainContextNames = append(config.MainContextNames, "gitea")
+		}
+		actionCache := runner.GoGitActionCache{
+			Path: config.ActionCacheDir,
+		}
+		config.ActionCache = &actionCache
+		if input.actionOfflineMode {
+			config.ActionCache = &runner.GoGitActionCacheOfflineMode{
+				Parent: actionCache,
+			}
+		}
+		if len(input.localRepository) > 0 {
+			localRepositories := map[string]string{}
+			for _, l := range input.localRepository {
+				k, v, _ := strings.Cut(l, "=")
+				localRepositories[k] = v
+			}
+			config.ActionCache = &runner.LocalRepositoryCache{
+				Parent:            config.ActionCache,
+				LocalRepositories: localRepositories,
+				CacheDirCache:     map[string]string{},
+			}
+		}
+
+		var r runner.Runner
+		if eventName == "workflow_call" {
+			// Do not use the totally broken code and instead craft a fake caller
+			convertedInputs := make(map[string]any)
+			for k, v := range inputs {
+				var raw any
+				if err := yaml.Unmarshal([]byte(v), &raw); err != nil {
+					return fmt.Errorf("failed to unmarshal input %s: %w", k, err)
+				}
+				convertedInputs[k] = raw
+			}
+			r, err = runner.NewReusableWorkflowRunner(&runner.RunContext{
+				Config:  config,
+				Name:    "_",
+				JobName: "_",
+				Run: &model.Run{
+					JobID: "_",
+					Workflow: &model.Workflow{
+						Jobs: map[string]*model.Job{
+							"_": {
+								Name: "_",
+								With: convertedInputs,
+							},
+						},
+					},
+				},
+			})
+		} else {
+			r, err = runner.New(config)
+		}
+		if err != nil {
+			return err
+		}
+
+		cancel := artifacts.Serve(ctx, input.artifactServerPath, input.artifactServerAddr, input.artifactServerPort)
+
+		const cacheURLKey = "ACTIONS_CACHE_URL"
+		var cacheHandler *artifactcache.Handler
+		if !input.noCacheServer && envs[cacheURLKey] == "" {
+			var err error
+			cacheHandler, err = artifactcache.StartHandler(input.cacheServerPath, input.cacheServerAddr, input.cacheServerPort, common.Logger(ctx))
+			if err != nil {
+				return err
+			}
+			envs[cacheURLKey] = cacheHandler.ExternalURL() + "/"
+		}
+
+		ctx = common.WithDryrun(ctx, input.dryrun)
+		if watch, err := cmd.Flags().GetBool("watch"); err != nil {
+			return err
+		} else if watch {
+			err = watchAndRun(ctx, r.NewPlanExecutor(plan))
+			if err != nil {
+				return err
+			}
+			return plannerErr
+		}
+
+		executor := r.NewPlanExecutor(plan).Finally(func(_ context.Context) error {
+			cancel()
+			_ = cacheHandler.Close()
+			return nil
+		})
+		err = executor(ctx)
+		if err != nil {
+			return err
+		}
+		return plannerErr
+	}
+}
+
+func defaultImageSurvey(actrc string) error {
+	var answer string
+	confirmation := &survey.Select{
+		Message: "Please choose the default image you want to use with act:\n  - Large size image: ca. 17GB download + 53.1GB storage, you will need 75GB of free disk space, snapshots of GitHub Hosted Runners without snap and pulled docker images\n  - Medium size image: ~500MB, includes only necessary tools to bootstrap actions and aims to be compatible with most actions\n  - Micro size image: <200MB, contains only NodeJS required to bootstrap actions, doesn't work with all actions\n\nDefault image and other options can be changed manually in " + configLocations()[0] + " (please refer to https://github.com/nektos/act#configuration for additional information about file structure)",
+		Help:    "If you want to know why act asks you that, please go to https://github.com/actions-oss/act-cli/issues/107",
+		Default: "Medium",
+		Options: []string{"Large", "Medium", "Micro"},
+	}
+
+	err := survey.AskOne(confirmation, &answer)
+	if err != nil {
+		return err
+	}
+
+	var option string
+	switch answer {
+	case "Large":
+		option = "-P ubuntu-latest=catthehacker/ubuntu:full-latest\n-P ubuntu-22.04=catthehacker/ubuntu:full-22.04\n-P ubuntu-20.04=catthehacker/ubuntu:full-20.04\n-P ubuntu-18.04=catthehacker/ubuntu:full-18.04\n"
+	case "Medium":
+		option = "-P ubuntu-latest=catthehacker/ubuntu:act-latest\n-P ubuntu-22.04=catthehacker/ubuntu:act-22.04\n-P ubuntu-20.04=catthehacker/ubuntu:act-20.04\n-P ubuntu-18.04=catthehacker/ubuntu:act-18.04\n"
+	case "Micro":
+		option = "-P ubuntu-latest=node:16-buster-slim\n-P ubuntu-22.04=node:16-bullseye-slim\n-P ubuntu-20.04=node:16-buster-slim\n-P ubuntu-18.04=node:16-buster-slim\n"
+	}
+
+	f, err := os.Create(actrc)
+	if err != nil {
+		return err
+	}
+
+	_, err = f.WriteString(option)
+	if err != nil {
+		_ = f.Close()
+		return err
+	}
+
+	err = f.Close()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func watchAndRun(ctx context.Context, fn common.Executor) error {
+	dir, err := os.Getwd()
+	if err != nil {
+		return err
+	}
+
+	ignoreFile := filepath.Join(dir, ".gitignore")
+	ignore := &gitignore.GitIgnore{}
+	if info, err := os.Stat(ignoreFile); err == nil && !info.IsDir() {
+		ignore, err = gitignore.CompileIgnoreFile(ignoreFile)
+		if err != nil {
+			return fmt.Errorf("compile %q: %w", ignoreFile, err)
+		}
+	}
+
+	folderWatcher := fswatch.NewFolderWatcher(
+		dir,
+		true,
+		ignore.MatchesPath,
+		2, // 2 seconds
+	)
+
+	folderWatcher.Start()
+	defer folderWatcher.Stop()
+
+	// run once before watching
+	if err := fn(ctx); err != nil {
+		return err
+	}
+
+	earlyCancelCtx, cancel := common.EarlyCancelContext(ctx)
+	defer cancel()
+
+	for folderWatcher.IsRunning() {
+		log.Debugf("Watching %s for changes", dir)
+		select {
+		case <-earlyCancelCtx.Done():
+			return nil
+		case changes := <-folderWatcher.ChangeDetails():
+			log.Debugf("%s", changes.String())
+			if err := fn(ctx); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}

cmd/root_test.go

@@ -0,0 +1,110 @@
+package cmd
+
+import (
+	"context"
+	"path"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestReadSecrets(t *testing.T) {
+	secrets := map[string]string{}
+	ret := readEnvsEx(path.Join("testdata", "secrets.yml"), secrets, true)
+	assert.True(t, ret)
+	assert.Equal(t, `line1
+line2
+line3
+`, secrets["MYSECRET"])
+}
+
+func TestReadEnv(t *testing.T) {
+	secrets := map[string]string{}
+	ret := readEnvs(path.Join("testdata", "secrets.yml"), secrets)
+	assert.True(t, ret)
+	assert.Equal(t, `line1
+line2
+line3
+`, secrets["mysecret"])
+}
+
+func TestListOptions(t *testing.T) {
+	rootCmd := createRootCommand(context.Background(), &Input{}, "")
+	err := newRunCommand(context.Background(), &Input{
+		listOptions: true,
+	})(rootCmd, []string{})
+	require.NoError(t, err)
+}
+
+func TestRun(t *testing.T) {
+	rootCmd := createRootCommand(context.Background(), &Input{}, "")
+	err := newRunCommand(context.Background(), &Input{
+		platforms:     []string{"ubuntu-latest=node:16-buster-slim"},
+		workdir:       "../pkg/runner/testdata/",
+		workflowsPath: "./basic/push.yml",
+	})(rootCmd, []string{})
+	require.NoError(t, err)
+}
+
+func TestRunPush(t *testing.T) {
+	rootCmd := createRootCommand(context.Background(), &Input{}, "")
+	err := newRunCommand(context.Background(), &Input{
+		platforms:     []string{"ubuntu-latest=node:16-buster-slim"},
+		workdir:       "../pkg/runner/testdata/",
+		workflowsPath: "./basic/push.yml",
+	})(rootCmd, []string{"push"})
+	require.NoError(t, err)
+}
+
+func TestRunPushJsonLogger(t *testing.T) {
+	rootCmd := createRootCommand(context.Background(), &Input{}, "")
+	err := newRunCommand(context.Background(), &Input{
+		platforms:     []string{"ubuntu-latest=node:16-buster-slim"},
+		workdir:       "../pkg/runner/testdata/",
+		workflowsPath: "./basic/push.yml",
+		jsonLogger:    true,
+	})(rootCmd, []string{"push"})
+	require.NoError(t, err)
+}
+
+func TestFlags(t *testing.T) {
+	for _, f := range []string{"graph", "list", "bug-report", "man-page"} {
+		t.Run("TestFlag-"+f, func(t *testing.T) {
+			rootCmd := createRootCommand(context.Background(), &Input{}, "")
+			err := rootCmd.Flags().Set(f, "true")
+			require.NoError(t, err)
+			err = newRunCommand(context.Background(), &Input{
+				platforms:     []string{"ubuntu-latest=node:16-buster-slim"},
+				workdir:       "../pkg/runner/testdata/",
+				workflowsPath: "./basic/push.yml",
+			})(rootCmd, []string{})
+			require.NoError(t, err)
+		})
+	}
+}
+
+func TestWorkflowCall(t *testing.T) {
+	rootCmd := createRootCommand(context.Background(), &Input{}, "")
+	err := newRunCommand(context.Background(), &Input{
+		platforms:     []string{"ubuntu-latest=node:16-buster-slim"},
+		workdir:       "../pkg/runner/testdata/",
+		workflowsPath: "./workflow_call_inputs/workflow_call_inputs.yml",
+		inputs:        []string{"required=required input", "boolean=true"},
+	})(rootCmd, []string{"workflow_call"})
+	require.NoError(t, err)
+}
+
+func TestLocalRepositories(t *testing.T) {
+	wd, _ := filepath.Abs("../pkg/runner/testdata/")
+	rootCmd := createRootCommand(context.Background(), &Input{}, "")
+	err := newRunCommand(context.Background(), &Input{
+		githubInstance:  "github.com",
+		platforms:       []string{"ubuntu-latest=node:16-buster-slim"},
+		workdir:         wd,
+		workflowsPath:   "./remote-action-composite-action-ref-partial-override/push.yml",
+		localRepository: []string{"needs/override@main=" + wd + "/actions-environment-and-context-tests"},
+	})(rootCmd, []string{"push"})
+	require.NoError(t, err)
+}

cmd/secrets.go

@@ -0,0 +1,42 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/term"
+)
+
+type secrets map[string]string
+
+func newSecrets(secretList []string) secrets {
+	s := make(map[string]string)
+	for _, secretPair := range secretList {
+		secretPairParts := strings.SplitN(secretPair, "=", 2)
+		secretPairParts[0] = strings.ToUpper(secretPairParts[0])
+		if strings.ToUpper(s[secretPairParts[0]]) == secretPairParts[0] {
+			log.Errorf("secret %s is already defined (secrets are case insensitive)", secretPairParts[0])
+		}
+		if len(secretPairParts) == 2 {
+			s[secretPairParts[0]] = secretPairParts[1]
+		} else if env, ok := os.LookupEnv(secretPairParts[0]); ok && env != "" {
+			s[secretPairParts[0]] = env
+		} else {
+			fmt.Printf("Provide value for '%s': ", secretPairParts[0])
+			val, err := term.ReadPassword(int(os.Stdin.Fd()))
+			fmt.Println()
+			if err != nil {
+				log.Errorf("failed to read input: %v", err)
+				os.Exit(1)
+			}
+			s[secretPairParts[0]] = string(val)
+		}
+	}
+	return s
+}
+
+func (s secrets) AsMap() map[string]string {
+	return s
+}

cmd/testdata/secrets.yml

@@ -0,0 +1,4 @@
+mysecret: |
+  line1
+  line2
+  line3

codecov.yml

@@ -0,0 +1,12 @@
+coverage:
+  status:
+    project:
+      default:
+        target: auto # auto compares coverage to the previous base commit
+        threshold: 1%
+    patch:
+      default:
+        target: 50%
+ignore:
+# Files generated by Google Protobuf do not require coverage
+- '**/*.pb.go'

examples/README.md

@@ -1,4 +1,4 @@
-# Usage Examples for `gitea-runner`
+# Usage Examples for `act_runner`
 
 Welcome to our collection of usage and deployment examples specifically designed for Gitea setups. Whether you're a beginner or an experienced user, you'll find practical resources here that you can directly apply to enhance your Gitea experience. We encourage you to contribute your own insights and knowledge to make this collection even more comprehensive and valuable.
 

examples/docker-compose/README.md

@@ -1,4 +1,4 @@
-### Running `gitea-runner` using `docker-compose`
+### Running `act_runner` using `docker-compose`
 
 ```yml
 ...
@@ -19,15 +19,15 @@
       # - GITEA_RUNNER_REGISTRATION_TOKEN=<user-defined registration token>
 
   runner:
-    image: gitea/runner
+    image: gitea/act_runner
     restart: always
     depends_on:
       gitea:
         # required so runner can attach to gitea, see "healthcheck"
-        condition: service_healthy
+        condition: service_healthy 
         restart: true
     volumes:
-      - ./data/runner:/data
+      - ./data/act_runner:/data
       - /var/run/docker.sock:/var/run/docker.sock
     environment:
       - GITEA_INSTANCE_URL=<instance url>
@@ -38,18 +38,18 @@
       - GITEA_RUNNER_REGISTRATION_TOKEN=<registration token>
 ```
 
-### Running `gitea-runner` using Docker-in-Docker (DIND)
+### Running `act_runner` using Docker-in-Docker (DIND) 
 
 ```yml
 ...
   runner:
-    image: gitea/runner:latest-dind-rootless
+    image: gitea/act_runner:latest-dind-rootless
     restart: always
     privileged: true
     depends_on:
       - gitea
     volumes:
-      - ./data/runner:/data
+      - ./data/act_runner:/data
     environment:
       - GITEA_INSTANCE_URL=<instance url>
       - DOCKER_HOST=unix:///var/run/user/1000/docker.sock

examples/docker/README.md

@@ -1,7 +1,7 @@
-### Run `gitea-runner` in a Docker Container
+### Run `act_runner` in a Docker Container
 
 ```sh
-docker run -e GITEA_INSTANCE_URL=http://192.168.8.18:3000 -e GITEA_RUNNER_REGISTRATION_TOKEN=<runner_token> -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/data:/data --name my_runner gitea/runner:nightly
+docker run -e GITEA_INSTANCE_URL=http://192.168.8.18:3000 -e GITEA_RUNNER_REGISTRATION_TOKEN=<runner_token> -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/data:/data --name my_runner gitea/act_runner:nightly
 ```
 
 The `/data` directory inside the docker container contains the runner API keys after registration.

examples/kubernetes/README.md

@@ -1,4 +1,4 @@
-## Kubernetes Docker in Docker Deployment with `gitea-runner`
+## Kubernetes Docker in Docker Deployment with `act_runner`
 
 NOTE: Docker in Docker (dind) requires elevated privileges on Kubernetes. The current way to achieve this is to set the pod `SecurityContext` to `privileged`. Keep in mind that this is a potential security issue that has the potential for a malicious application to break out of the container context.
 

examples/kubernetes/dind-docker.yaml

@@ -1,7 +1,7 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
-  name: runner-vol
+  name: act-runner-vol
 spec:
   accessModes:
     - ReadWriteOnce
@@ -13,7 +13,7 @@ spec:
 apiVersion: v1
 data:
   # The registration token can be obtained from the web UI, API or command-line.
-  # You can also set a pre-defined global runner registration token for the Gitea instance via
+  # You can also set a pre-defined global runner registration token for the Gitea instance via 
   # `GITEA_RUNNER_REGISTRATION_TOKEN`/`GITEA_RUNNER_REGISTRATION_TOKEN_FILE` environment variable.
   token: << base64 encoded registration token >>
 kind: Secret
@@ -25,19 +25,19 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
-    app: runner
-  name: runner
+    app: act-runner
+  name: act-runner
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: runner
+      app: act-runner
   strategy: {}
   template:
     metadata:
       creationTimestamp: null
       labels:
-        app: runner
+        app: act-runner
     spec:
       restartPolicy: Always
       volumes:
@@ -45,10 +45,10 @@ spec:
         emptyDir: {}
       - name: runner-data
         persistentVolumeClaim:
-          claimName: runner-vol
+          claimName: act-runner-vol
       containers:
       - name: runner
-        image: gitea/runner:nightly
+        image: gitea/act_runner:nightly
         command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- run.sh"]
         env:
         - name: DOCKER_HOST

examples/kubernetes/rootless-docker.yaml

@@ -1,7 +1,7 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
-  name: runner-vol
+  name: act-runner-vol
 spec:
   accessModes:
     - ReadWriteOnce
@@ -13,7 +13,7 @@ spec:
 apiVersion: v1
 data:
   # The registration token can be obtained from the web UI, API or command-line.
-  # You can also set a pre-defined global runner registration token for the Gitea instance via
+  # You can also set a pre-defined global runner registration token for the Gitea instance via 
   # `GITEA_RUNNER_REGISTRATION_TOKEN`/`GITEA_RUNNER_REGISTRATION_TOKEN_FILE` environment variable.
   token: << base64 encoded registration token >>
 kind: Secret
@@ -25,32 +25,32 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
-    app: runner
-  name: runner
+    app: act-runner
+  name: act-runner
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: runner
+      app: act-runner
   strategy: {}
   template:
     metadata:
       creationTimestamp: null
       labels:
-        app: runner
+        app: act-runner
     spec:
       restartPolicy: Always
       volumes:
       - name: runner-data
         persistentVolumeClaim:
-          claimName: runner-vol
+          claimName: act-runner-vol
       securityContext:
         fsGroup: 1000
       containers:
       - name: runner
-        image: gitea/runner:nightly-dind-rootless
+        image: gitea/act_runner:nightly-dind-rootless
         imagePullPolicy: Always
-        # command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- run.sh"]
+        # command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
         env:
         - name: DOCKER_HOST
           value: tcp://localhost:2376

examples/vm/README.md

@@ -1,4 +1,4 @@
-## `gitea-runner` on Virtual or Physical Servers
+## `act_runner` on Virtual or Physical Servers
 
 Files in this directory:
 

examples/vm/rootless-docker.md

@@ -1,12 +1,12 @@
-## Using Rootless Docker with`gitea-runner`
+## Using Rootless Docker with`act_runner`
 
-Here is a simple example of how to set up `gitea-runner` with rootless Docker. It has been created with Debian, but other Linux should work the same way.
+Here is a simple example of how to set up `act_runner` with rootless Docker. It has been created with Debian, but other Linux should work the same way.
 
 Note: This procedure needs a real login shell -- using `sudo su` or other method of accessing the account will fail some of the steps below.
 
 As `root`:
 
-- Create a user to run both `docker` and `gitea-runner`. In this example, we use a non-privileged account called `rootless`.
+- Create a user to run both `docker` and `act_runner`. In this example, we use a non-privileged account called `rootless`.
 
 ```bash
  useradd -m rootless
@@ -38,36 +38,36 @@ export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
 ```
 
 - Reboot. Ensure that the Docker process is working.
-- Create a directory for saving `gitea-runner` data between restarts
+- Create a directory for saving `act_runner` data between restarts
 
- `mkdir /home/rootless/gitea-runner`
+ `mkdir /home/rootless/act_runner`
 
 - Register the runner from the data directory
 
 ```bash
- cd /home/rootless/gitea-runner
- gitea-runner register
+ cd /home/rootless/act_runner
+ act_runner register
 ```
 
-- Generate a `gitea-runner` configuration file in the data directory. Edit the file to adjust for the system.
+- Generate a `act_runner` configuration file in the data directory. Edit the file to adjust for the system.
 
 ```bash
- gitea-runner generate-config >/home/rootless/gitea-runner/config
+ act_runner generate-config >/home/rootless/act_runner/config
 ```
 
-- Create a new user-level`systemd` unit file as `/home/rootless/.config/systemd/user/gitea-runner.service` with the following contents:
+- Create a new user-level`systemd` unit file as `/home/rootless/.config/systemd/user/act_runner.service` with the following contents:
 
 ```bash
  Description=Gitea Actions runner
- Documentation=https://gitea.com/gitea/runner
+ Documentation=https://gitea.com/gitea/act_runner
  After=docker.service
 
  [Service]
  Environment=PATH=/home/rootless/bin:/sbin:/usr/sbin:/home/rootless/bin:/home/rootless/bin:/home/rootless/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
  Environment=DOCKER_HOST=unix:///run/user/1001/docker.sock
- ExecStart=/usr/bin/gitea-runner daemon -c /home/rootless/gitea-runner/config
+ ExecStart=/usr/bin/act_runner daemon -c /home/rootless/act_runner/config
  ExecReload=/bin/kill -s HUP $MAINPID
- WorkingDirectory=/home/rootless/gitea-runner
+ WorkingDirectory=/home/rootless/act_runner
  TimeoutSec=0
  RestartSec=2
  Restart=always
@@ -88,8 +88,8 @@ export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
 
 - Reboot
 
-After the system restarts, check that the`gitea-runner` is working and that the runner is connected to Gitea.
+After the system restarts, check that the`act_runner` is working and that the runner is connected to Gitea.
 
 ````bash
- systemctl --user status gitea-runner
- journalctl --user -xeu gitea-runner
+ systemctl --user status act_runner
+ journalctl --user -xeu act_runner

go.mod

@@ -1,73 +1,77 @@
-module gitea.com/gitea/runner
+module gitea.com/gitea/act_runner
 
 go 1.26.0
 
 require (
 	code.gitea.io/actions-proto-go v0.4.1
-	connectrpc.com/connect v1.19.2
+	code.gitea.io/gitea-vet v0.2.3
+	connectrpc.com/connect v1.19.1
+	github.com/actions-oss/act-cli v0.0.0 // will be replaced
 	github.com/avast/retry-go/v4 v4.7.0
-	github.com/docker/docker v25.0.15+incompatible
+	github.com/docker/docker v28.5.1+incompatible
 	github.com/joho/godotenv v1.5.1
-	github.com/mattn/go-isatty v0.0.22
+	github.com/mattn/go-isatty v0.0.20
 	github.com/sirupsen/logrus v1.9.4
 	github.com/spf13/cobra v1.10.2
 	github.com/stretchr/testify v1.11.1
-	go.yaml.in/yaml/v4 v4.0.0-rc.3
-	golang.org/x/term v0.42.0
-	golang.org/x/time v0.14.0 // indirect
+	golang.org/x/term v0.40.0
+	golang.org/x/time v0.14.0
 	google.golang.org/protobuf v1.36.11
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools/v3 v3.5.2
 )
 
 require (
+	dario.cat/mergo v1.0.2
+	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/Masterminds/semver v1.5.0
+	github.com/adrg/xdg v0.5.3
+	github.com/andreaskoch/go-fswatch v1.0.0
+	github.com/avast/retry-go v3.0.0+incompatible
+	github.com/containerd/errdefs v1.0.0
 	github.com/creack/pty v1.1.24
 	github.com/distribution/reference v0.6.0
-	github.com/docker/cli v25.0.7+incompatible
-	github.com/docker/go-connections v0.7.0
-	github.com/go-git/go-billy/v5 v5.8.0
-	github.com/go-git/go-git/v5 v5.18.0
-	github.com/gobwas/glob v0.2.3
-	github.com/imdario/mergo v0.3.16
+	github.com/docker/cli v28.5.1+incompatible
+	github.com/docker/go-connections v0.6.0
+	github.com/go-git/go-billy/v5 v5.7.0
+	github.com/go-git/go-git/v5 v5.16.5
+	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/julienschmidt/httprouter v1.3.0
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
-	github.com/moby/buildkit v0.13.2
-	github.com/moby/patternmatcher v0.6.1
+	github.com/moby/go-archive v0.1.0
+	github.com/moby/patternmatcher v0.6.0
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/opencontainers/selinux v1.13.1
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.23.2
-	github.com/rhysd/actionlint v1.7.12
+	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
 	github.com/spf13/pflag v1.0.10
 	github.com/timshannon/bolthold v0.0.0-20240314194003-30aac6950928
 	go.etcd.io/bbolt v1.4.3
+	go.yaml.in/yaml/v4 v4.0.0-rc.3
+	golang.org/x/crypto v0.48.0
+	golang.org/x/sync v0.19.0
 )
 
 require (
 	cyphar.com/go-pathrs v0.2.3 // indirect
-	dario.cat/mergo v1.0.2 // indirect
-	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/ProtonMail/go-crypto v1.3.0 // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bmatcuk/doublestar/v4 v4.10.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/clipperhouse/uax29/v2 v2.7.0 // indirect
 	github.com/cloudflare/circl v1.6.3 // indirect
-	github.com/containerd/containerd v1.7.29 // indirect
+	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
 	github.com/cyphar/filepath-securejoin v0.6.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/docker-credential-helpers v0.9.5 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/fatih/color v1.19.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
@@ -77,21 +81,16 @@ require (
 	github.com/klauspost/compress v1.18.4 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
-	github.com/mattn/go-runewidth v0.0.21 // indirect
-	github.com/mattn/go-shellwords v1.0.12 // indirect
-	github.com/mitchellh/mapstructure v1.1.2 // indirect
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/sys/sequential v0.6.0 // indirect
 	github.com/moby/sys/user v0.4.0 // indirect
 	github.com/moby/sys/userns v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/pjbgf/sha1cd v0.5.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_model v0.6.2 // indirect
-	github.com/prometheus/common v0.66.1 // indirect
-	github.com/prometheus/procfs v0.16.1 // indirect
-	github.com/robfig/cron/v3 v3.0.1 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sergi/go-diff v1.4.0 // indirect
 	github.com/skeema/knownhosts v1.3.2 // indirect
 	github.com/stretchr/objx v0.5.3 // indirect
@@ -102,15 +101,20 @@ require (
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 // indirect
 	go.opentelemetry.io/otel v1.40.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
 	go.opentelemetry.io/otel/metric v1.40.0 // indirect
 	go.opentelemetry.io/otel/trace v1.40.0 // indirect
-	go.yaml.in/yaml/v2 v2.4.2 // indirect
-	golang.org/x/crypto v0.49.0 // indirect
-	golang.org/x/net v0.52.0 // indirect
-	golang.org/x/sync v0.20.0 // indirect
-	golang.org/x/sys v0.43.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
-	google.golang.org/grpc v1.67.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/net v0.50.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
+	golang.org/x/tools v0.42.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
+
+replace github.com/actions-oss/act-cli => gitea.com/actions-oss/act-cli v0.4.2-0.20260220200604-40ee0f3ef6fc
+
+// Remove after github.com/docker/distribution is updated to support distribution/reference v0.6.0
+// (pulled in via moby/buildkit, breaks on undefined: reference.SplitHostname)
+replace github.com/distribution/reference v0.6.0 => github.com/distribution/reference v0.5.0

go.sum

@@ -1,13 +1,19 @@
 code.gitea.io/actions-proto-go v0.4.1 h1:l0EYhjsgpUe/1VABo2eK7zcoNX2W44WOnb0MSLrKfls=
 code.gitea.io/actions-proto-go v0.4.1/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas=
-connectrpc.com/connect v1.19.2 h1:McQ83FGdzL+t60peksi0gXC7MQ/iLKgLduAnThbM0mo=
-connectrpc.com/connect v1.19.2/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
+code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI=
+code.gitea.io/gitea-vet v0.2.3/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
+connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
+connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
 cyphar.com/go-pathrs v0.2.3 h1:0pH8gep37wB0BgaXrEaN1OtZhUMeS7VvaejSr6i822o=
 cyphar.com/go-pathrs v0.2.3/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc=
 dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
 dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
+gitea.com/actions-oss/act-cli v0.4.2-0.20260220200604-40ee0f3ef6fc h1:KXg17X1FZhnUM4J0bVG3gVS6jQCtkR6U5aV2ch0tJYA=
+gitea.com/actions-oss/act-cli v0.4.2-0.20260220200604-40ee0f3ef6fc/go.mod h1:tl2dPJQRui7za899nfJIhPqP3a8ii+ySEvzL18mjC0U=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
+github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ=
+github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
@@ -15,33 +21,36 @@ github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF0
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ=
-github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU=
+github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
 github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw=
 github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
+github.com/adrg/xdg v0.5.3 h1:xRnxJXne7+oWDatRhR1JLnvuccuIeCoBu2rtuLqQB78=
+github.com/adrg/xdg v0.5.3/go.mod h1:nlTsY+NNiCBGCK2tpm09vRqfVzrc2fLmXGpBLF0zlTQ=
+github.com/andreaskoch/go-fswatch v1.0.0 h1:la8nP/HiaFCxP2IM6NZNUCoxgLWuyNFgH0RligBbnJU=
+github.com/andreaskoch/go-fswatch v1.0.0/go.mod h1:r5/iV+4jfwoY2sYqBkg8vpF04ehOvEl4qPptVGdxmqo=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0=
+github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
 github.com/avast/retry-go/v4 v4.7.0 h1:yjDs35SlGvKwRNSykujfjdMxMhMQQM0TnIjJaHB+Zio=
 github.com/avast/retry-go/v4 v4.7.0/go.mod h1:ZMPDa3sY2bKgpLtap9JRUgk2yTAba7cgiFhqxY2Sg6Q=
-github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bmatcuk/doublestar/v4 v4.10.0 h1:zU9WiOla1YA122oLM6i4EXvGW62DvKZVxIe6TYWexEs=
-github.com/bmatcuk/doublestar/v4 v4.10.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/clipperhouse/uax29/v2 v2.7.0 h1:+gs4oBZ2gPfVrKPthwbMzWZDaAFPGYK72F0NJv2v7Vk=
-github.com/clipperhouse/uax29/v2 v2.7.0/go.mod h1:EFJ2TJMRUaplDxHKj1qAEhCtQPW2tJSwu5BF98AuoVM=
 github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8=
 github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=
-github.com/containerd/containerd v1.7.29 h1:90fWABQsaN9mJhGkoVnuzEY+o1XDPbg9BTC9QTAHnuE=
-github.com/containerd/containerd v1.7.29/go.mod h1:azUkWcOvHrWvaiUjSQH0fjzuHIwSPg1WL5PshGP4Szs=
+github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
+github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
+github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
+github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
+github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s=
 github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
 github.com/cyphar/filepath-securejoin v0.6.1 h1:5CeZ1jPXEiYt3+Z6zqprSAgSWiggmpVyciv8syjIpVE=
@@ -49,53 +58,43 @@ github.com/cyphar/filepath-securejoin v0.6.1/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
-github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v25.0.7+incompatible h1:scW/AbGafKmANsonsFckFHTwpz2QypoPA/zpoLnDs/E=
-github.com/docker/cli v25.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v25.0.13+incompatible h1:YeBrkUd3q0ZoRDNoEzuopwCLU+uD8GZahDHwBdsTnkU=
-github.com/docker/docker v25.0.13+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v25.0.14+incompatible h1:+HNue3fKbqiDHYFAriyiMjfS5u25zB0E2/R8f42lOMc=
-github.com/docker/docker v25.0.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v25.0.15+incompatible h1:JhRD6vZdk0Ms3SEMztefBISJL13NbxudQnGix6l+T5M=
-github.com/docker/docker v25.0.15+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
+github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/docker/cli v28.5.1+incompatible h1:ESutzBALAD6qyCLqbQSEf1a/U8Ybms5agw59yGVc+yY=
+github.com/docker/cli v28.5.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/docker v28.5.1+incompatible h1:Bm8DchhSD2J6PsFzxC35TZo4TLGR2PdW/E69rU45NhM=
+github.com/docker/docker v28.5.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.9.5 h1:EFNN8DHvaiK8zVqFA2DT6BjXE0GzfLOZ38ggPTKePkY=
 github.com/docker/docker-credential-helpers v0.9.5/go.mod h1:v1S+hepowrQXITkEfw6o4+BMbGot02wiKpzWhGUZK6c=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
-github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf0mN39c=
-github.com/docker/go-connections v0.7.0/go.mod h1:no1qkHdjq7kLMGUXYAduOhYPSJxxvgWBh7ogVvptn3Q=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=
 github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
-github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
-github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
-github.com/fatih/color v1.19.0 h1:Zp3PiM21/9Ld6FzSKyL5c/BULoe/ONr9KlbYVOfG8+w=
-github.com/fatih/color v1.19.0/go.mod h1:zNk67I0ZUT1bEGsSGyCZYZNrHuTkJJB+r6Q9VuMi0LE=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
 github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.8.0 h1:I8hjc3LbBlXTtVuFNJuwYuMiHvQJDq1AT6u4DwDzZG0=
-github.com/go-git/go-billy/v5 v5.8.0/go.mod h1:RpvI/rw4Vr5QA+Z60c6d6LXH0rYJo0uD5SqfmrrheCY=
+github.com/go-git/go-billy/v5 v5.7.0 h1:83lBUJhGWhYp0ngzCMSgllhUSuoHP1iEWYjsPl9nwqM=
+github.com/go-git/go-billy/v5 v5.7.0/go.mod h1:/1IUejTKH8xipsAcdfcSAlUlo2J7lkYV8GTKxAT/L3E=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.18.0 h1:O831KI+0PR51hM2kep6T8k+w0/LIAD490gvqMCvL5hM=
-github.com/go-git/go-git/v5 v5.18.0/go.mod h1:pW/VmeqkanRFqR6AljLcs7EA7FbZaN5MQqO7oZADXpo=
+github.com/go-git/go-git/v5 v5.16.5 h1:mdkuqblwr57kVfXri5TTH+nMFLNUxIj9Z7F5ykFbw5s=
+github.com/go-git/go-git/v5 v5.16.5/go.mod h1:QOMLpNf1qxuSY4StA/ArOdfFR2TrKEjJiye2kel2m+M=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
-github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
+github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
+github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
@@ -106,8 +105,7 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
-github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
-github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
@@ -120,8 +118,6 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNU
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kevinburke/ssh_config v1.6.0 h1:J1FBfmuVosPHf5GRdltRLhPJtJpTlMdKTBjRgTaQBFY=
 github.com/kevinburke/ssh_config v1.6.0/go.mod h1:q2RIzfka+BXARoNexmF9gkxEX7DmvbW9P4hIVx2Kg4M=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c=
 github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
@@ -133,28 +129,23 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
-github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4=
-github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
-github.com/mattn/go-runewidth v0.0.20 h1:WcT52H91ZUAwy8+HUkdM3THM6gXqXuLJi9O3rjcQQaQ=
-github.com/mattn/go-runewidth v0.0.20/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
-github.com/mattn/go-runewidth v0.0.21 h1:jJKAZiQH+2mIinzCJIaIG9Be1+0NR+5sz/lYEEjdM8w=
-github.com/mattn/go-runewidth v0.0.21/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
-github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
-github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/moby/buildkit v0.13.2 h1:nXNszM4qD9E7QtG7bFWPnDI1teUQFQglBzon/IU3SzI=
-github.com/moby/buildkit v0.13.2/go.mod h1:2cyVOv9NoHM7arphK9ZfHIWKn9YVZRFd1wXB8kKmEzY=
+github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
+github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
+github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
+github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
+github.com/moby/go-archive v0.1.0 h1:Kk/5rdW/g+H8NHdJW2gsXyZ7UnzvJNOy6VKJqueWdcQ=
+github.com/moby/go-archive v0.1.0/go.mod h1:G9B+YoujNohJmrIYFBpSd54GTUB4lt9S+xVQvsJyFuo=
 github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
 github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
-github.com/moby/patternmatcher v0.6.1 h1:qlhtafmr6kgMIJjKJMDmMWq7WLkKIo23hsrpR3x084U=
-github.com/moby/patternmatcher v0.6.1/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
+github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
+github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
 github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
 github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
 github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs=
@@ -165,8 +156,6 @@ github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
 github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
 github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -181,23 +170,13 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
-github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
-github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
-github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
-github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs=
-github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
-github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
-github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
-github.com/rhysd/actionlint v1.7.11 h1:m+aSuCpCIClS8X02xMG4Z8s87fCHPsAtYkAoWGQZgEE=
-github.com/rhysd/actionlint v1.7.11/go.mod h1:8n50YougV9+50niD7oxgDTZ1KbN/ZnKiQ2xpLFeVhsI=
-github.com/rhysd/actionlint v1.7.12 h1:vQ4GeJN86C0QH+gTUQcs8McmK62OLT3kmakPMtEWYnY=
-github.com/rhysd/actionlint v1.7.12/go.mod h1:krOUhujIsJusovkaYzQ/VNH8PFexjNKqU0q5XI/4w+g=
-github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
-github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
+github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI=
+github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs=
 github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
 github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
@@ -218,6 +197,7 @@ github.com/stretchr/objx v0.5.3/go.mod h1:rDQraq+vQZU7Fde9LOZLr8Tax6zZvy4kuNKF+Q
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
@@ -234,8 +214,8 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
 go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo=
 go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E=
@@ -248,8 +228,8 @@ go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
 go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 h1:j9+03ymgYhPKmeXGk5Zu+cIZOlVzd9Zv7QIiyItjFBU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0/go.mod h1:Y5+XiUG4Emn1hTfciPzGPJaSI+RpDts6BnCIir0SLqk=
 go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
 go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
 go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
@@ -260,82 +240,73 @@ go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZY
 go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
 go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
 go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
-go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
-go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
-go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 go.yaml.in/yaml/v4 v4.0.0-rc.3 h1:3h1fjsh1CTAPjW7q/EMe+C8shx5d8ctzZTrLcs/j8Go=
 go.yaml.in/yaml/v4 v4.0.0-rc.3/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
 golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
-golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
-golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk=
+golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
 golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
-golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
-golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
 golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
-golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
 golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
-golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
-golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
-golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg=
 golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM=
-golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU=
-golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=
-golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
-golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
 golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
 google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8=
 google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ=
@@ -351,7 +322,6 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

install.sh

@@ -0,0 +1,433 @@
+#!/bin/sh
+set -e
+# Code originally generated by godownloader on 2021-12-22T16:10:52Z. DO NOT EDIT.
+# (godownloader is deprecated, so changes to this script are maintained in install.sh in https://github.com/nektos/act)
+#
+
+usage() {
+  this=$1
+  cat <<EOF
+$this: download go binaries for nektos/act
+
+Usage: $this [-b bindir] [-d] [-f] [tag]
+  -b sets bindir or installation directory, Defaults to ./bin
+  -d turns on debug logging
+  -f forces installation, bypassing version checks
+   [tag] is a tag from
+   https://github.com/nektos/act/releases
+   If tag is missing, then the latest will be used.
+EOF
+  exit 2
+}
+
+parse_args() {
+  #BINDIR is ./bin unless set be ENV
+  # over-ridden by flag below
+
+  BINDIR=${BINDIR:-./bin}
+  while getopts "b:dfh?x" arg; do
+    case "$arg" in
+      b) BINDIR="$OPTARG" ;;
+      d) log_set_priority 10 ;;
+      f) FORCE_INSTALL="true" ;;
+      h | \?) usage "$0" ;;
+      x) set -x ;;
+    esac
+  done
+  shift $((OPTIND - 1))
+  TAG=$1
+}
+# this function wraps all the destructive operations
+# if a curl|bash cuts off the end of the script due to
+# network, either nothing will happen or will syntax error
+# out preventing half-done work
+execute() {
+  tmpdir=$(mktemp -d)
+  log_debug "downloading files into ${tmpdir}"
+  http_download "${tmpdir}/${TARBALL}" "${TARBALL_URL}"
+  http_download "${tmpdir}/${CHECKSUM}" "${CHECKSUM_URL}"
+  hash_sha256_verify "${tmpdir}/${TARBALL}" "${tmpdir}/${CHECKSUM}"
+  srcdir="${tmpdir}"
+  (cd "${tmpdir}" && untar "${TARBALL}")
+  test ! -d "${BINDIR}" && install -d "${BINDIR}"
+  for binexe in $BINARIES; do
+    if [ "$OS" = "windows" ]; then
+      binexe="${binexe}.exe"
+    fi
+    install "${srcdir}/${binexe}" "${BINDIR}/"
+    log_info "installed ${BINDIR}/${binexe}"
+  done
+  rm -rf "${tmpdir}"
+}
+get_binaries() {
+  case "$PLATFORM" in
+    darwin/386) BINARIES="act" ;;
+    darwin/amd64) BINARIES="act" ;;
+    darwin/arm64) BINARIES="act" ;;
+    darwin/armv6) BINARIES="act" ;;
+    darwin/armv7) BINARIES="act" ;;
+    linux/386) BINARIES="act" ;;
+    linux/amd64) BINARIES="act" ;;
+    linux/arm64) BINARIES="act" ;;
+    linux/armv6) BINARIES="act" ;;
+    linux/armv7) BINARIES="act" ;;
+    windows/386) BINARIES="act" ;;
+    windows/amd64) BINARIES="act" ;;
+    windows/arm64) BINARIES="act" ;;
+    windows/armv6) BINARIES="act" ;;
+    windows/armv7) BINARIES="act" ;;
+    *)
+      log_crit "platform $PLATFORM is not supported.  Make sure this script is up-to-date and file request at https://github.com/${PREFIX}/issues/new"
+      exit 1
+      ;;
+  esac
+}
+tag_to_version() {
+  if [ -z "${TAG}" ]; then
+    log_info "checking GitHub for latest tag"
+  else
+    log_info "checking GitHub for tag '${TAG}'"
+  fi
+  REALTAG=$(github_release "$OWNER/$REPO" "${TAG}") && true
+  if test -z "$REALTAG"; then
+    log_crit "unable to find '${TAG}' - use 'latest' or see https://github.com/${PREFIX}/releases for details"
+    exit 1
+  fi
+  # if version starts with 'v', remove it
+  TAG="$REALTAG"
+  VERSION=${TAG#v}
+}
+adjust_format() {
+  # change format (tar.gz or zip) based on OS
+  case ${OS} in
+    windows) FORMAT=zip ;;
+  esac
+  true
+}
+adjust_os() {
+  # adjust archive name based on OS
+  case ${OS} in
+    386) OS=i386 ;;
+    amd64) OS=x86_64 ;;
+    darwin) OS=Darwin ;;
+    linux) OS=Linux ;;
+    windows) OS=Windows ;;
+  esac
+  true
+}
+adjust_arch() {
+  # adjust archive name based on ARCH
+  case ${ARCH} in
+    386) ARCH=i386 ;;
+    amd64) ARCH=x86_64 ;;
+    darwin) ARCH=Darwin ;;
+    linux) ARCH=Linux ;;
+    windows) ARCH=Windows ;;
+  esac
+  true
+}
+check_installed_version() {
+  # Check if force install flag is set
+  if [ "${FORCE_INSTALL}" = "true" ]; then
+    log_info "force install enabled. Skipping version check."
+    return
+  fi
+
+  # Check if the binary exists
+  if is_command "$BINARY"; then
+    # Extract installed version using cut
+    INSTALLED_VERSION=$($BINARY --version | cut -d' ' -f3)
+
+    if [ -z "$INSTALLED_VERSION" ]; then
+      log_err "failed to detect installed version. Proceeding with installation."
+      return
+    fi
+
+    log_info "found installed version: $INSTALLED_VERSION"
+
+    # Compare versions
+    if [ "$INSTALLED_VERSION" = "$VERSION" ]; then
+      log_info "$BINARY version $INSTALLED_VERSION is already installed."
+      exit 0
+    else
+      log_debug "updating $BINARY from version $INSTALLED_VERSION to $VERSION..."
+    fi
+  else
+    log_debug "$BINARY is not installed. Proceeding with installation..."
+  fi
+}
+
+
+cat /dev/null <<EOF
+------------------------------------------------------------------------
+https://github.com/client9/shlib - portable posix shell functions
+Public domain - http://unlicense.org
+https://github.com/client9/shlib/blob/master/LICENSE.md
+but credit (and pull requests) appreciated.
+------------------------------------------------------------------------
+EOF
+is_command() {
+  command -v "$1" >/dev/null
+}
+echoerr() {
+  echo "$@" 1>&2
+}
+log_prefix() {
+  echo "$0"
+}
+_logp=6
+log_set_priority() {
+  _logp="$1"
+}
+log_priority() {
+  if test -z "$1"; then
+    echo "$_logp"
+    return
+  fi
+  [ "$1" -le "$_logp" ]
+}
+log_tag() {
+  case $1 in
+    0) echo "emerg" ;;
+    1) echo "alert" ;;
+    2) echo "crit" ;;
+    3) echo "err" ;;
+    4) echo "warning" ;;
+    5) echo "notice" ;;
+    6) echo "info" ;;
+    7) echo "debug" ;;
+    *) echo "$1" ;;
+  esac
+}
+log_debug() {
+  log_priority 7 || return 0
+  echoerr "$(log_prefix)" "$(log_tag 7)" "$@"
+}
+log_info() {
+  log_priority 6 || return 0
+  echoerr "$(log_prefix)" "$(log_tag 6)" "$@"
+}
+log_err() {
+  log_priority 3 || return 0
+  echoerr "$(log_prefix)" "$(log_tag 3)" "$@"
+}
+log_crit() {
+  log_priority 2 || return 0
+  echoerr "$(log_prefix)" "$(log_tag 2)" "$@"
+}
+uname_os() {
+  os=$(uname -s | tr '[:upper:]' '[:lower:]')
+  case "$os" in
+    cygwin_nt*) os="windows" ;;
+    mingw*) os="windows" ;;
+    msys_nt*) os="windows" ;;
+  esac
+  echo "$os"
+}
+uname_arch() {
+  arch=$(uname -m)
+  case $arch in
+    x86_64) arch="amd64" ;;
+    x86) arch="386" ;;
+    i686) arch="386" ;;
+    i386) arch="386" ;;
+    aarch64) arch="arm64" ;;
+    armv5*) arch="armv5" ;;
+    armv6*) arch="armv6" ;;
+    armv7*) arch="armv7" ;;
+  esac
+  echo ${arch}
+}
+uname_os_check() {
+  os=$(uname_os)
+  case "$os" in
+    darwin) return 0 ;;
+    dragonfly) return 0 ;;
+    freebsd) return 0 ;;
+    linux) return 0 ;;
+    android) return 0 ;;
+    nacl) return 0 ;;
+    netbsd) return 0 ;;
+    openbsd) return 0 ;;
+    plan9) return 0 ;;
+    solaris) return 0 ;;
+    windows) return 0 ;;
+  esac
+  log_crit "uname_os_check '$(uname -s)' got converted to '$os' which is not a GOOS value. Please file bug at https://github.com/client9/shlib"
+  return 1
+}
+uname_arch_check() {
+  arch=$(uname_arch)
+  case "$arch" in
+    386) return 0 ;;
+    amd64) return 0 ;;
+    arm64) return 0 ;;
+    armv5) return 0 ;;
+    armv6) return 0 ;;
+    armv7) return 0 ;;
+    ppc64) return 0 ;;
+    ppc64le) return 0 ;;
+    mips) return 0 ;;
+    mipsle) return 0 ;;
+    mips64) return 0 ;;
+    mips64le) return 0 ;;
+    s390x) return 0 ;;
+    amd64p32) return 0 ;;
+  esac
+  log_crit "uname_arch_check '$(uname -m)' got converted to '$arch' which is not a GOARCH value.  Please file bug report at https://github.com/client9/shlib"
+  return 1
+}
+untar() {
+  tarball=$1
+  case "${tarball}" in
+    *.tar.gz | *.tgz) tar --no-same-owner -xzf "${tarball}" ;;
+    *.tar) tar --no-same-owner -xf "${tarball}" ;;
+    *.zip) unzip "${tarball}" ;;
+    *)
+      log_err "untar unknown archive format for ${tarball}"
+      return 1
+      ;;
+  esac
+}
+http_download_curl() {
+  local_file=$1
+  source_url=$2
+  header=$3
+  if [ -z "$header" ]; then
+    code=$(curl -w '%{http_code}' -sL -o "$local_file" "$source_url")
+  else
+    code=$(curl -w '%{http_code}' -sL -H "$header" -o "$local_file" "$source_url")
+  fi
+  if [ "$code" != "200" ]; then
+    log_debug "http_download_curl received HTTP status $code"
+    return 1
+  fi
+  return 0
+}
+http_download_wget() {
+  local_file=$1
+  source_url=$2
+  header=$3
+  if [ -z "$header" ]; then
+    wget -q -O "$local_file" "$source_url"
+  else
+    wget -q --header "$header" -O "$local_file" "$source_url"
+  fi
+}
+http_download() {
+  log_debug "http_download $2"
+  if is_command curl; then
+    http_download_curl "$@"
+    return
+  elif is_command wget; then
+    http_download_wget "$@"
+    return
+  fi
+  log_crit "http_download unable to find wget or curl"
+  return 1
+}
+http_copy() {
+  tmp=$(mktemp)
+  http_download "${tmp}" "$1" "$2" || return 1
+  body=$(cat "$tmp")
+  rm -f "${tmp}"
+  echo "$body"
+}
+github_release() {
+  owner_repo=$1
+  version=$2
+  test -z "$version" && version="latest"
+  giturl="https://github.com/${owner_repo}/releases/${version}"
+  json=$(http_copy "$giturl" "Accept:application/json")
+  test -z "$json" && return 1
+  version=$(echo "$json" | tr -s '\n' ' ' | sed 's/.*"tag_name":"//' | sed 's/".*//')
+  test -z "$version" && return 1
+  echo "$version"
+}
+hash_sha256() {
+  TARGET=${1:-/dev/stdin}
+  if is_command gsha256sum; then
+    hash=$(gsha256sum "$TARGET") || return 1
+    echo "$hash" | cut -d ' ' -f 1
+  elif is_command sha256sum; then
+    hash=$(sha256sum "$TARGET") || return 1
+    echo "$hash" | cut -d ' ' -f 1
+  elif is_command shasum; then
+    hash=$(shasum -a 256 "$TARGET" 2>/dev/null) || return 1
+    echo "$hash" | cut -d ' ' -f 1
+  elif is_command openssl; then
+    hash=$(openssl -dst openssl dgst -sha256 "$TARGET") || return 1
+    echo "$hash" | cut -d ' ' -f a
+  else
+    log_crit "hash_sha256 unable to find command to compute sha-256 hash"
+    return 1
+  fi
+}
+hash_sha256_verify() {
+  TARGET=$1
+  checksums=$2
+  if [ -z "$checksums" ]; then
+    log_err "hash_sha256_verify checksum file not specified in arg2"
+    return 1
+  fi
+  BASENAME=${TARGET##*/}
+  want=$(grep "${BASENAME}" "${checksums}" 2>/dev/null | tr '\t' ' ' | cut -d ' ' -f 1)
+  if [ -z "$want" ]; then
+    log_err "hash_sha256_verify unable to find checksum for '${TARGET}' in '${checksums}'"
+    return 1
+  fi
+  got=$(hash_sha256 "$TARGET")
+  if [ "$want" != "$got" ]; then
+    log_err "hash_sha256_verify checksum for '$TARGET' did not verify ${want} vs $got"
+    return 1
+  fi
+}
+cat /dev/null <<EOF
+------------------------------------------------------------------------
+End of functions from https://github.com/client9/shlib
+------------------------------------------------------------------------
+EOF
+
+PROJECT_NAME="act"
+OWNER=nektos
+REPO="act"
+BINARY=act
+FORMAT=tar.gz
+OS=$(uname_os)
+ARCH=$(uname_arch)
+PREFIX="$OWNER/$REPO"
+
+# use in logging routines
+log_prefix() {
+	echo "$PREFIX"
+}
+PLATFORM="${OS}/${ARCH}"
+GITHUB_DOWNLOAD=https://github.com/${OWNER}/${REPO}/releases/download
+
+uname_os_check "$OS"
+uname_arch_check "$ARCH"
+
+parse_args "$@"
+
+get_binaries
+
+tag_to_version
+
+check_installed_version
+
+adjust_format
+
+adjust_os
+
+adjust_arch
+
+log_info "found version: ${VERSION} for ${TAG}/${OS}/${ARCH}"
+
+NAME=${PROJECT_NAME}_${OS}_${ARCH}
+TARBALL=${NAME}.${FORMAT}
+TARBALL_URL=${GITHUB_DOWNLOAD}/${TAG}/${TARBALL}
+CHECKSUM=checksums.txt
+CHECKSUM_URL=${GITHUB_DOWNLOAD}/${TAG}/${CHECKSUM}
+
+
+execute

internal/app/act-cli/VERSION

@@ -0,0 +1 @@
+0.4.0

internal/app/act-cli/main.go

@@ -0,0 +1,19 @@
+package main
+
+import (
+	_ "embed"
+
+	"gitea.com/gitea/act_runner/cmd"
+	"gitea.com/gitea/act_runner/pkg/common"
+)
+
+//go:embed VERSION
+var version string
+
+func main() {
+	ctx, cancel := common.CreateGracefulJobCancellationContext()
+	defer cancel()
+
+	// run the command
+	cmd.Execute(ctx, version)
+}