chore(deps): update actions/setup-node action to v4.0.4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/setup-node	action	patch	v4.0.3 -> v4.0.4

---

Release Notes

actions/setup-node (actions/setup-node)

v4.0.4

Compare Source

---

Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

anthropic debug - [puLL-Merge] - actions/setup-node@v4.0.3..v4.0.4

Description

This PR introduces several changes to the actions/setup-node repository, including a new workflow for publishing immutable action versions, updates to the README, and modifications to the Node.js distribution handling code. The changes aim to improve the action's functionality and documentation clarity.

Changes

Changes

1. .github/workflows/publish-immutable-actions.yml (New file):

   • Added a new GitHub Actions workflow to publish immutable action versions.
   • Triggered on release creation.
   • Uses actions/publish-immutable-action@0.0.1 to publish the action.

2. README.md:

   • Updated the documentation for the node-version input.
   • Changed "emits" to "admits" when describing version aliases.

3. dist/setup/index.js and src/distributions/base-distribution.ts:

   • Modified the extractArchive method to include a new isOfficialArchive parameter.
   • Updated the condition for extracting zip files to consider isOfficialArchive.

4. src/distributions/official_builds/official_builds.ts:

   • Updated the extractArchive method call to include false for the isOfficialArchive parameter.

Possible Issues

1. The new publish-immutable-actions.yml workflow uses a specific version (0.0.1) of the actions/publish-immutable-action. This might need to be updated in the future to use the latest version or a more stable release.

2. The change in the zip extraction logic (isOfficialArchive check) might affect how certain Node.js distributions are handled. Thorough testing should be done to ensure this doesn't break existing functionality for any Node.js versions or distributions.

Security Hotspots

No significant security hotspots were identified in this PR. However, it's always good practice to review the permissions granted in the new workflow file to ensure they align with the principle of least privilege.

[github-actions]

openai debug - [puLL-Merge] - actions/setup-node@v4.0.3..v4.0.4

Description

This pull request introduces a new GitHub Actions workflow file for publishing immutable action versions, refines the README documentation, and updates the BaseDistribution class to handle a new isOfficialArchive parameter when extracting archives. The motivation for this change seems to be to facilitate the creation of immutable action versions, improve documentation clarity, and enhance the flexibility of archive extraction based on the source of the archive.

Changes

Changes

1. .github/workflows/publish-immutable-actions.yml

   • Introduced a new GitHub Actions workflow that publishes immutable action versions:

     name: 'Publish Immutable Action Version'
     on:
       release:
         types: [created]
     jobs:
       publish:
         runs-on: ubuntu-latest
         permissions:
           contents: read
           id-token: write
           packages: write
         steps:
           - name: Checking out
             uses: actions/checkout@v4
           - name: Publish
             id: publish
             uses: actions/publish-immutable-action@0.0.1
             with:
               github-token: ${{ secrets.GITHUB_TOKEN }}

2. README.md

   • Corrected a minor documentation typo to improve clarity:

     -    # It also emits such aliases as lts, latest, nightly and canary builds
     +    # It also admits such aliases as lts/*, latest, nightly and canary builds

3. dist/setup/index.js, src/distributions/base-distribution.ts & src/distributions/official_builds/official_builds.ts

   • Updated extractArchive method to accept an additional parameter isOfficialArchive:

     // dist/setup/index.js
     const toolPath = yield this.extractArchive(downloadPath, info, true); // Passing true for official archives
     ...
     const toolPath = yield this.extractArchive(downloadPath, versionInfo, false); // Passing false for non-official archives

     // src/distributions/base-distribution.ts
     protected async extractArchive(
       downloadPath: string,
       info: INodeVersionInfo | null,
       isOfficialArchive?: boolean // New optional parameter
     ) {
       ...
       if (extension === '.zip' && isOfficialArchive) {
         const renamedArchive = `${downloadPath}.zip`;
         fs.renameSync(downloadPath, renamedArchive);
         extPath = await tc.extractZip(renamedArchive);
       }
     }

4. src/distributions/official_builds/official_builds.ts

   • Ensured that the extractArchive method is called with the correct boolean value indicating whether the archive is official:

     if (downloadPath) {
       toolPath = await this.extractArchive(
         downloadPath,
         versionInfo,
         false // Indicating this is not an official archive
       );
     }

Possible Issues

1. Backward Compatibility
   • Adding the isOfficialArchive parameter to extractArchive might affect other parts of the codebase if not handled properly, leading to potential bugs in archive extraction.

Security Hotspots

• Token Exposure in GitHub Actions
  • Ensure that ${{ secrets.GITHUB_TOKEN }} is correctly secured and not exposed in logs or through any inadvertent means to prevent unauthorized access to the repository or packages.

Overall, the changes align with the described purpose and seem to be well-implemented, maintaining backward compatibility while introducing new functionalities.

[github-actions]

bedrock debug - [puLL-Merge] - actions/setup-node@v4.0.3..v4.0.4

Description

This PR introduces several changes to the actions/setup-node repository, including a new workflow for publishing immutable action versions, improvements to the README, and modifications to the Node.js distribution handling logic.

Changes

Changes

1. New file: .github/workflows/publish-immutable-actions.yml

   • Adds a new GitHub Actions workflow to publish immutable action versions when a new release is created.

2. README.md

   • Updates the documentation for the node-version input, changing "emits" to "admits" for clarity.

3. dist/setup/index.js

   • Modifies the extractArchive method to include a new isOfficialArchive parameter.
   • Updates calls to extractArchive to include the new parameter.
   • Changes the condition for handling .zip files to consider the isOfficialArchive flag.

4. src/distributions/base-distribution.ts

   • Adds the isOfficialArchive parameter to the extractArchive method.
   • Updates the .zip file handling logic to consider the isOfficialArchive flag.

5. src/distributions/official_builds/official_builds.ts

   • Updates the call to extractArchive to include false for the isOfficialArchive parameter.

Possible Issues

1. The new isOfficialArchive parameter is set to true in the base distribution but false in the official builds. This might lead to inconsistent behavior if not properly managed across different distribution types.

2. The change in the ZIP file handling logic might affect how certain archives are processed, potentially breaking existing setups if not thoroughly tested.

Security Hotspots

1. The new workflow (publish-immutable-actions.yml) uses actions/publish-immutable-action@0.0.1, which is a very early version. Ensure this action is trustworthy and up-to-date to avoid potential security risks.

2. The workflow uses ${{ secrets.GITHUB_TOKEN }} for authentication. While this is a standard practice, ensure that the permissions granted to this token are appropriate and not overly broad.