chore(main): release 2.2.1 (#72)

Co-authored-by: jimehbot[bot] <132453784+jimehbot[bot]@users.noreply.github.com>

.github/.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "2.2.0"
+  ".": "2.2.1"
 }

.github/dependabot.yml

@@ -6,8 +6,9 @@ updates:
     schedule:
       interval: weekly
     groups:
-      actions-minor:
+      actions:
         update-types:
+          - major
           - minor
           - patch
   - package-ecosystem: npm
@@ -18,9 +19,12 @@ updates:
       npm-development:
         dependency-type: development
         update-types:
+          - major
           - minor
           - patch
       npm-production:
         dependency-type: production
         update-types:
+          - major
+          - minor
           - patch

.github/workflows/ci.yml

@@ -16,8 +16,8 @@ jobs:
   check-dist:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: .node-version
           cache: npm
@@ -39,7 +39,7 @@ jobs:
           fi
       - name: Upload Artifact
         if: ${{ failure() && steps.diff.outcome == 'failure' }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: dist
           path: dist/
@@ -51,10 +51,10 @@ jobs:
       packages: read
       statuses: write
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: .node-version
           cache: npm
@@ -64,10 +64,10 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: .node-version
           cache: npm
@@ -85,8 +85,8 @@ jobs:
       - uses: jimeh/release-please-manifest-action@84f33fd2828210488c36f3e0a7e3209252d2ae7d # v3.0.0
         id: release-please
         with:
-          app-id: ${{ secrets.RELEASE_BOT_APP_ID }}
-          private-key: ${{ secrets.RELEASE_BOT_PRIVATE_KEY }}
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
 
   release-tags:
     runs-on: ubuntu-latest
@@ -95,7 +95,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: jimeh/update-tags-action@bf34cb3d0919fe9e601539e11a89b250e00e9cc3 # v2.0.0
+      - uses: jimeh/update-tags-action@eecd8caae9a536ed536cff9b2b7f0bd187f67c13 # v2.2.0
         with:
           tags: |
             v${{ needs.release-please.outputs.major }}

.github/workflows/copilot-setup-steps.yml

@@ -15,13 +15,13 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: .node-version
           cache: npm
       - run: npm ci
-      - uses: ruby/setup-ruby@d5126b9b3579e429dd52e51e68624dda2e05be25 # v1.267.0
+      - uses: ruby/setup-ruby@d354de180d0c9e813cfddfcbdc079945d4be589b # v1.275.0
         with:
           ruby-version: ruby
           bundler-cache: true

.github/workflows/dependabot-rebuild.yml

@@ -0,0 +1,61 @@
+---
+name: Dependabot Rebuild
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+permissions:
+  contents: write
+  pull-requests: read
+
+jobs:
+  rebuild:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' && github.event.sender.login == 'dependabot[bot]' }}
+    steps:
+      - name: Generate app token
+        id: app-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+
+      # Update and push dist if changed.
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        with:
+          node-version-file: .node-version
+          cache: npm
+      - run: npm ci
+      - name: Rebuild dist
+        run: npm run bundle
+      - name: Commit and push if changed
+        uses: ryancyq/github-signed-commit@e9f3b28c80da7be66d24b8f501a5abe82a6b855f # v1.2.0
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+        with:
+          files: |
+            dist/
+          commit-message: |-
+            chore: rebuild dist
+
+      # Update and push .licenses if changed.
+      - uses: ruby/setup-ruby@d354de180d0c9e813cfddfcbdc079945d4be589b # v1.275.0
+        with:
+          ruby-version: ruby
+          bundler-cache: true
+      - name: Update Licenses
+        id: update-licenses
+        run: bin/licensed cache
+      - name: Commit and push if changed
+        uses: ryancyq/github-signed-commit@e9f3b28c80da7be66d24b8f501a5abe82a6b855f # v1.2.0
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+        with:
+          files: |
+            .licenses/
+          commit-message: |-
+            chore(licensed): update license files

.github/workflows/licensed.yml

@@ -20,13 +20,24 @@ jobs:
   check-licenses:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      # Checkout code using app token.
+      - name: Generate app token
+        id: app-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+
+      # Setup Node and Ruby runtimes.
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version-file: .node-version
           cache: npm
       - run: npm ci
-      - uses: ruby/setup-ruby@d5126b9b3579e429dd52e51e68624dda2e05be25 # v1.267.0
+      - uses: ruby/setup-ruby@d354de180d0c9e813cfddfcbdc079945d4be589b # v1.275.0
         with:
           ruby-version: ruby
           bundler-cache: true
@@ -36,17 +47,16 @@ jobs:
         name: Update Licenses
         id: update-licenses
         run: bin/licensed cache
-
-      # Then, commit the updated licenses to the repository.
       - if: ${{ github.event_name == 'workflow_dispatch' }}
-        name: Commit Licenses
-        id: commit-licenses
-        run: |
-          git config --local user.email "licensed-ci@users.noreply.github.com"
-          git config --local user.name "licensed-ci"
-          git add .
-          git commit -m "Auto-update license files"
-          git push
+        name: Commit and push if changed
+        uses: ryancyq/github-signed-commit@e9f3b28c80da7be66d24b8f501a5abe82a6b855f # v1.2.0
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+        with:
+          files: |
+            .licenses/
+          commit-message: |-
+            chore(licensed): update license files
 
       # Last, check the status of the cached licenses.
       - name: Check Licenses

.licenses/npm/@actions/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/core"
-version: 1.11.1
+version: 2.0.1
 type: npm
 summary: Actions core lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/core

.licenses/npm/@actions/exec.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/exec"
-version: 1.1.1
+version: 2.0.0
 type: npm
 summary: Actions exec lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/exec

.licenses/npm/@actions/http-client-3.0.0.dep.yml

@@ -0,0 +1,32 @@
+---
+name: "@actions/http-client"
+version: 3.0.0
+type: npm
+summary: Actions Http Client
+homepage: https://github.com/actions/toolkit/tree/main/packages/http-client
+license: other
+licenses:
+- sources: LICENSE
+  text: |
+    Actions Http Client for Node.js
+
+    Copyright (c) GitHub, Inc.
+
+    All rights reserved.
+
+    MIT License
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+    associated documentation files (the "Software"), to deal in the Software without restriction,
+    including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+    and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
+    subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+    LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+    NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+    WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+    SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

.licenses/npm/@actions/io.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/io"
-version: 1.1.3
+version: 2.0.0
 type: npm
 summary: Actions io lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/io

.mise.toml

@@ -0,0 +1,2 @@
+[settings]
+idiomatic_version_file_enable_tools = ["ruby", "node"]

.node-version

@@ -1 +1 @@
-24.4.0
+24.12.0

.ruby-version

@@ -0,0 +1 @@
+3.4.8

AGENTS.md

@@ -21,7 +21,7 @@ up-to-date. Always run `npm run package` (or `npm run bundle`) after modifying
 
 ## Development Commands
 
-Package manager: npm (Node 24 via mise.toml)
+Package manager: npm
 
 ```bash
 # Install dependencies
@@ -59,11 +59,12 @@ npm run package:watch # Auto-rebuild on changes
   function that coordinates input parsing, tag processing, and output setting
 - **[src/inputs.ts](src/inputs.ts)**: Input parsing and validation. Exports
   `getInputs()` that reads action inputs and `Inputs` interface
-- **[src/tags.ts](src/tags.ts)**: Tag parsing and processing logic:
-  - `parseTagsInput()`: Parses CSV/newline input, handles `tag:ref` syntax,
-    pre-resolves all unique refs to SHAs in parallel (optimization)
-  - `processTag()`: Creates/updates individual tags based on `when_exists` mode
-  - `resolveRefToSha()`: Converts git refs to commit SHAs (private helper)
+- **[src/tags.ts](src/tags.ts)**: Tag planning and execution logic:
+  - `planTagOperations()`: Parses tags, pre-resolves refs to SHAs in parallel,
+    plans create/update/skip operations
+  - `executeTagOperation()`: Executes a single planned operation (create,
+    update, or skip with logging)
+  - Private helpers for tag creation, updates, and annotation handling
 - **[action.yml](action.yml)**: GitHub Action metadata (inputs/outputs)
 - **[tests/fixtures/](tests/fixtures)**: Mock implementations of @actions/core,
   @actions/github, and csv-parse for testing
@@ -76,14 +77,16 @@ per-tag ref overrides: `v1:main` tags `v1` to `main` branch.
 ### Tag Update Logic
 
 1. Parse and validate inputs ([inputs.ts](src/inputs.ts))
-2. Parse tags and extract per-tag refs ([tags.ts](src/tags.ts):parseTagsInput)
-3. Pre-resolve all unique refs to SHAs in parallel (optimization)
-4. For each tag ([tags.ts](src/tags.ts):processTag):
-   - If exists + update mode: Update if SHA differs
-   - If exists + skip mode: Skip silently
-   - If exists + fail mode: Fail action
-   - If doesn't exist (404): Create it
-5. Set outputs with created/updated tag lists ([main.ts](src/main.ts))
+2. Plan all tag operations ([tags.ts](src/tags.ts):planTagOperations):
+   - Parse `tag:ref` syntax and extract per-tag refs
+   - Pre-resolve all unique refs to SHAs in parallel (optimization)
+   - For each tag, check existence and determine operation:
+     - If exists + fail mode: Fail action immediately
+     - If exists + skip mode: Plan skip
+     - If exists + update mode: Plan update if SHA or annotation differs
+     - If doesn't exist (404): Plan create
+3. Execute each planned operation ([tags.ts](src/tags.ts):executeTagOperation)
+4. Set outputs with created/updated/skipped tag lists ([main.ts](src/main.ts))
 
 ### Testing Patterns
 
@@ -119,9 +122,10 @@ Mock fixtures live in `tests/fixtures/` (e.g., `core.ts` mocks @actions/core).
 `.github/workflows/ci.yml` runs:
 
 1. **check-dist**: Verify bundled dist/ matches source
-2. **lint**: ESLint with GitHub formatter
-3. **release-please**: Semantic versioning releases
-4. **release-tags**: Self-referential tag updates after release
+2. **lint**: ESLint check
+3. **test**: Run Jest test suite
+4. **release-please**: Semantic versioning releases
+5. **release-tags**: Self-referential tag updates after release
 
 ## Release Process
 
@@ -187,6 +191,7 @@ chore(deps): bump @actions/core to v1.10.0
 - `tags`: CSV/newline list, supports `tag:ref` syntax
 - `ref`: SHA/ref to tag (default: current commit)
 - `when_exists`: update|skip|fail (default: update)
+- `annotation`: Optional message for annotated tags (default: lightweight)
 - `github_token`: Auth token (default: github.token)
 
 **Outputs:**
@@ -194,6 +199,7 @@ chore(deps): bump @actions/core to v1.10.0
 - `tags`: All created/updated tags
 - `created`: Newly created tags
 - `updated`: Updated tags
+- `skipped`: Skipped tags (already matching or when_exists=skip)
 
 ## Code Style and Guidelines
 

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## [2.2.1](https://github.com/jimeh/update-tags-action/compare/v2.2.0...v2.2.1) (2025-12-22)
+
+
+### Documentation
+
+* **AGENTS.md:** update to align with current state of project ([#71](https://github.com/jimeh/update-tags-action/issues/71)) ([a25f37f](https://github.com/jimeh/update-tags-action/commit/a25f37f9e6300ff3fcdf28424cdec9d99944522f))
+
 ## [2.2.0](https://github.com/jimeh/update-tags-action/compare/v2.1.1...v2.2.0) (2025-10-29)
 
 

mise.toml

@@ -1,2 +0,0 @@
-[tools]
-node = "24"

package.json

@@ -1,6 +1,6 @@
 {
   "name": "update-tags-action",
-  "version": "2.2.0",
+  "version": "2.2.1",
   "author": "jimeh",
   "type": "module",
   "private": true,
@@ -41,35 +41,34 @@
     "update-readme": "npx action-docs --update-readme && npx prettier --write README.md"
   },
   "dependencies": {
-    "@actions/core": "^1.11.1",
+    "@actions/core": "^2.0.1",
     "@actions/github": "^6.0.1",
     "csv-parse": "^6.1.0"
   },
   "devDependencies": {
-    "@eslint/compat": "^1.4.0",
+    "@eslint/compat": "^2.0.0",
     "@jest/globals": "^30.2.0",
-    "@rollup/plugin-commonjs": "^28.0.9",
+    "@rollup/plugin-commonjs": "^29.0.0",
     "@rollup/plugin-node-resolve": "^16.0.3",
-    "@rollup/plugin-terser": "^0.4.4",
     "@rollup/plugin-typescript": "^12.3.0",
     "@types/jest": "^30.0.0",
-    "@types/node": "^24.9.1",
-    "@typescript-eslint/eslint-plugin": "^8.46.2",
+    "@types/node": "^25.0.3",
+    "@typescript-eslint/eslint-plugin": "^8.50.0",
     "@typescript-eslint/parser": "^8.46.2",
     "action-docs": "^2.5.1",
-    "eslint": "^9.38.0",
+    "eslint": "^9.39.2",
     "eslint-config-prettier": "^10.1.8",
     "eslint-import-resolver-typescript": "^4.4.4",
     "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-jest": "^29.0.1",
+    "eslint-plugin-jest": "^29.9.0",
     "eslint-plugin-prettier": "^5.5.4",
     "jest": "^30.2.0",
     "make-coverage-badge": "^1.2.0",
     "npm-run-all": "^4.1.5",
-    "prettier": "^3.6.2",
+    "prettier": "^3.7.4",
     "prettier-eslint": "^16.4.2",
-    "rollup": "^4.52.5",
-    "ts-jest": "^29.4.5",
+    "rollup": "^4.54.0",
+    "ts-jest": "^29.4.6",
     "ts-jest-resolver": "^2.0.1",
     "typescript": "^5.9.3"
   }

rollup.config.ts

@@ -2,7 +2,6 @@
 
 import commonjs from '@rollup/plugin-commonjs'
 import nodeResolve from '@rollup/plugin-node-resolve'
-import terser from '@rollup/plugin-terser'
 import typescript from '@rollup/plugin-typescript'
 
 const config = {
@@ -13,12 +12,7 @@ const config = {
     format: 'es',
     sourcemap: true
   },
-  plugins: [
-    typescript(),
-    nodeResolve({ preferBuiltins: true }),
-    commonjs(),
-    terser()
-  ]
+  plugins: [typescript(), nodeResolve({ preferBuiltins: true }), commonjs()]
 }
 
 export default config