Merge pull request #1577 from salmanmkc/salmanmkc/4-test

Update to use @actions/cache 4.0.3 package & prepare for new release

.github/dependabot.yml

@@ -0,0 +1,22 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      minor-actions-dependencies:
+        update-types: [minor, patch]
+  
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily" 
+    allow:
+    - dependency-type: direct
+    - dependency-type: production

.github/workflows/check-dist.yml

@@ -15,3 +15,5 @@ jobs:
   call-check-dist:
     name: Check dist/
     uses: actions/reusable-workflows/.github/workflows/check-dist.yml@main
+    with:
+      node-version: "20.x"

.github/workflows/close-inactive-issues.yml

@@ -10,7 +10,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@v3
+      - uses: actions/stale@v9
         with:
           days-before-issue-stale: 200
           days-before-issue-close: 5

.github/workflows/codeql.yml

@@ -17,11 +17,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java, ruby
@@ -29,7 +29,7 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
     # If this step fails, then you should remove it and run the build manually (see below).
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -43,4 +43,4 @@ jobs:
     #     make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/release-new-action-version.yml

@@ -0,0 +1,28 @@
+name: Release new action version
+on:
+  release:
+    types: [released]
+  workflow_dispatch:
+    inputs:
+      TAG_NAME:
+        description: 'Tag name that the major tag will point to'
+        required: true
+
+env:
+  TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
+permissions:
+  contents: write
+
+jobs:
+  update_tag:
+    name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes
+    environment:
+      name: releaseNewActionVersion
+    runs-on: ubuntu-latest
+    steps:
+    - name: Update the ${{ env.TAG_NAME }} tag
+      id: update-major-tag
+      uses: actions/publish-action@v0.3.0
+      with:
+        source-tag: ${{ env.TAG_NAME }}
+        slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/workflow.yml

@@ -20,11 +20,11 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
-    - name: Setup Node.js 16.x
-      uses: actions/setup-node@v3
+      uses: actions/checkout@v4
+    - name: Setup Node.js 20.x
+      uses: actions/setup-node@v4
       with:
-        node-version: 16.x
+        node-version: 20.x
         cache: npm
     - run: npm ci
     - name: Prettier Format Check
@@ -43,7 +43,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Generate files in working directory
       shell: bash
       run: __tests__/create-cache-files.sh ${{ runner.os }} test-cache
@@ -66,7 +66,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Restore cache
       uses: ./
       with:
@@ -96,7 +96,7 @@ jobs:
       https_proxy: http://squid-proxy:3128
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Generate files
       run: __tests__/create-cache-files.sh proxy test-cache
     - name: Save cache
@@ -119,7 +119,7 @@ jobs:
       https_proxy: http://squid-proxy:3128
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Restore cache
       uses: ./
       with:

.licenses/npm/@actions/cache.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/cache"
-version: 4.0.1
+version: 4.0.3
 type: npm
 summary: Actions cache lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/cache

.licenses/npm/commander.dep.yml

@@ -3,7 +3,7 @@ name: commander
 version: 6.2.1
 type: npm
 summary: the complete solution for node.js command-line programs
-homepage: 
+homepage:
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/dot-object.dep.yml

@@ -4,7 +4,7 @@ version: 2.1.5
 type: npm
 summary: dot-object makes it possible to transform and read (JSON) objects using dot
   notation.
-homepage: 
+homepage:
 license: mit
 licenses:
 - sources: MIT-LICENSE

.licenses/npm/fs.realpath.dep.yml

@@ -4,7 +4,7 @@ version: 1.0.0
 type: npm
 summary: Use node's fs.realpath, but fall back to the JS implementation if the native
   one fails
-homepage: 
+homepage:
 license: other
 licenses:
 - sources: LICENSE

.licenses/npm/glob.dep.yml

@@ -3,7 +3,7 @@ name: glob
 version: 7.2.0
 type: npm
 summary: a little globber
-homepage: 
+homepage:
 license: other
 licenses:
 - sources: LICENSE

.licenses/npm/inherits.dep.yml

@@ -3,7 +3,7 @@ name: inherits
 version: 2.0.4
 type: npm
 summary: Browser-friendly inheritance fully compatible with standard node.js inherits()
-homepage: 
+homepage:
 license: isc
 licenses:
 - sources: LICENSE
@@ -25,3 +25,4 @@ licenses:
     PERFORMANCE OF THIS SOFTWARE.
 
 notices: []
+...

.licenses/npm/once.dep.yml

@@ -3,7 +3,7 @@ name: once
 version: 1.4.0
 type: npm
 summary: Run a function exactly one time
-homepage: 
+homepage:
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/path-is-absolute.dep.yml

@@ -3,7 +3,7 @@ name: path-is-absolute
 version: 1.0.1
 type: npm
 summary: Node.js 0.12 path.isAbsolute() ponyfill
-homepage: 
+homepage:
 license: mit
 licenses:
 - sources: license

.licenses/npm/path-to-regexp.dep.yml

@@ -3,7 +3,7 @@ name: path-to-regexp
 version: 6.3.0
 type: npm
 summary: Express style path to RegExp utility
-homepage: 
+homepage:
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/ts-poet.dep.yml

@@ -3,7 +3,7 @@ name: ts-poet
 version: 4.15.0
 type: npm
 summary: code generation DSL for TypeScript
-homepage: 
+homepage:
 license: apache-2.0
 licenses:
 - sources: LICENSE.txt
@@ -213,3 +213,4 @@ licenses:
        limitations under the License.
 
 notices: []
+...

.licenses/npm/twirp-ts.dep.yml

@@ -3,7 +3,7 @@ name: twirp-ts
 version: 2.5.0
 type: npm
 summary: Typescript implementation of the Twirp protocol
-homepage: 
+homepage:
 license: mit
 licenses:
 - sources: README.md

.licenses/npm/typescript.dep.yml

@@ -132,7 +132,7 @@ notices:
     Hejlsberg\r\n - Anders Kaseorg\r\n - Andre Sutherland\r\n - Andreas Martin\r\n
     - Andrej Baran\r\n - Andrew\r\n - Andrew Branch\r\n - Andrew Casey\r\n - Andrew
     Faulkner\r\n - Andrew Ochsner\r\n - Andrew Stegmaier\r\n - Andrew Z Allen\r\n
-    - Andrey Roenko\r\n - Andrii Dieiev\r\n - András Parditka\r\n - Andy Hanson\r\n
+    - Andrey Roenko\r\n - Andrii Dieiev\r\n - Andr??s Parditka\r\n - Andy Hanson\r\n
     - Anil Anar\r\n - Anix\r\n - Anton Khlynovskiy\r\n - Anton Tolmachev\r\n - Anubha
     Mathur\r\n - AnyhowStep\r\n - Armando Aguirre\r\n - Arnaud Tournier\r\n - Arnav
     Singh\r\n - Arpad Borsos\r\n - Artem Tyurin\r\n - Arthur Ozga\r\n - Asad Saeeduddin\r\n
@@ -149,29 +149,29 @@ notices:
     - Colin Snover\r\n - Collins Abitekaniza\r\n - Connor Clark\r\n - Cotton Hou\r\n
     - csigs\r\n - Cyrus Najmabadi\r\n - Dafrok Zhang\r\n - Dahan Gong\r\n - Daiki
     Nishikawa\r\n - Dan Corder\r\n - Dan Freeman\r\n - Dan Quirk\r\n - Dan Rollo\r\n
-    - Daniel Gooss\r\n - Daniel Imms\r\n - Daniel Krom\r\n - Daniel Król\r\n - Daniel
+    - Daniel Gooss\r\n - Daniel Imms\r\n - Daniel Krom\r\n - Daniel Kr??l\r\n - Daniel
     Lehenbauer\r\n - Daniel Rosenwasser\r\n - David Li\r\n - David Sheldrick\r\n -
     David Sherret\r\n - David Souther\r\n - David Staheli\r\n - Denis Nedelyaev\r\n
     - Derek P Sifford\r\n - Dhruv Rajvanshi\r\n - Dick van den Brink\r\n - Diogo Franco
-    (Kovensky)\r\n - Dirk Bäumer\r\n - Dirk Holtwick\r\n - Dmitrijs Minajevs\r\n -
-    Dom Chen\r\n - Donald Pipowitch\r\n - Doug Ilijev\r\n - dreamran43@gmail.com\r\n
+    (Kovensky)\r\n - Dirk B??umer\r\n - Dirk Holtwick\r\n - Dmitrijs Minajevs\r\n
+    - Dom Chen\r\n - Donald Pipowitch\r\n - Doug Ilijev\r\n - dreamran43@gmail.com\r\n
     - @e-cloud\r\n - Ecole Keine\r\n - Eddie Jaoude\r\n - Edward Thomson\r\n - EECOLOR\r\n
     - Eli Barzilay\r\n - Elizabeth Dinella\r\n - Ely Alamillo\r\n - Eric Grube\r\n
     - Eric Tsang\r\n - Erik Edrosa\r\n - Erik McClenney\r\n - Esakki Raj\r\n - Ethan
     Resnick\r\n - Ethan Rubio\r\n - Eugene Timokhov\r\n - Evan Cahill\r\n - Evan Martin\r\n
     - Evan Sebastian\r\n - ExE Boss\r\n - Eyas Sharaiha\r\n - Fabian Cook\r\n - @falsandtru\r\n
     - Filipe Silva\r\n - @flowmemo\r\n - Forbes Lindesay\r\n - Francois Hendriks\r\n
-    - Francois Wouts\r\n - Frank Wallis\r\n - František Žiacik\r\n - Frederico Bittencourt\r\n
+    - Francois Wouts\r\n - Frank Wallis\r\n - Franti??ek ??iacik\r\n - Frederico Bittencourt\r\n
     - fullheightcoding\r\n - Gabe Moothart\r\n - Gabriel Isenberg\r\n - Gabriela Araujo
     Britto\r\n - Gabriela Britto\r\n - gb714us\r\n - Gilad Peleg\r\n - Godfrey Chan\r\n
-    - Gorka Hernández Estomba\r\n - Graeme Wicksted\r\n - Guillaume Salles\r\n - Guy
-    Bedford\r\n - hafiz\r\n - Halasi Tamás\r\n - Hendrik Liebau\r\n - Henry Mercer\r\n
+    - Gorka Hern??ndez Estomba\r\n - Graeme Wicksted\r\n - Guillaume Salles\r\n -
+    Guy Bedford\r\n - hafiz\r\n - Halasi Tam??s\r\n - Hendrik Liebau\r\n - Henry Mercer\r\n
     - Herrington Darkholme\r\n - Hoang Pham\r\n - Holger Jeromin\r\n - Homa Wong\r\n
     - Hye Sung Jung\r\n - Iain Monro\r\n - @IdeaHunter\r\n - Igor Novozhilov\r\n -
     Igor Oleinikov\r\n - Ika\r\n - iliashkolyar\r\n - IllusionMH\r\n - Ingvar Stepanyan\r\n
     - Ingvar Stepanyan\r\n - Isiah Meadows\r\n - ispedals\r\n - Ivan Enderlin\r\n
     - Ivo Gabe de Wolff\r\n - Iwata Hidetaka\r\n - Jack Bates\r\n - Jack Williams\r\n
-    - Jake Boone\r\n - Jakub Korzeniowski\r\n - Jakub Młokosiewicz\r\n - James Henry\r\n
+    - Jake Boone\r\n - Jakub Korzeniowski\r\n - Jakub M??okosiewicz\r\n - James Henry\r\n
     - James Keane\r\n - James Whitney\r\n - Jan Melcher\r\n - Jason Freeman\r\n -
     Jason Jarrett\r\n - Jason Killian\r\n - Jason Ramsay\r\n - JBerger\r\n - Jean
     Pierre\r\n - Jed Mao\r\n - Jeff Wilcox\r\n - Jeffrey Morlan\r\n - Jesse Schalken\r\n
@@ -180,60 +180,60 @@ notices:
     - John Vilk\r\n - Jonathan Bond-Caron\r\n - Jonathan Park\r\n - Jonathan Toland\r\n
     - Jordan Harband\r\n - Jordi Oliveras Rovira\r\n - Joscha Feth\r\n - Joseph Wunderlich\r\n
     - Josh Abernathy\r\n - Josh Goldberg\r\n - Josh Kalderimis\r\n - Josh Soref\r\n
-    - Juan Luis Boya García\r\n - Julian Williams\r\n - Justin Bay\r\n - Justin Johansson\r\n
-    - jwbay\r\n - K. Preißer\r\n - Kagami Sascha Rosylight\r\n - Kanchalai Tanglertsampan\r\n
-    - karthikkp\r\n - Kate Miháliková\r\n - Keen Yee Liau\r\n - Keith Mashinter\r\n
+    - Juan Luis Boya Garc??a\r\n - Julian Williams\r\n - Justin Bay\r\n - Justin Johansson\r\n
+    - jwbay\r\n - K. Prei??er\r\n - Kagami Sascha Rosylight\r\n - Kanchalai Tanglertsampan\r\n
+    - karthikkp\r\n - Kate Mih??likov??\r\n - Keen Yee Liau\r\n - Keith Mashinter\r\n
     - Ken Howard\r\n - Kenji Imamula\r\n - Kerem Kat\r\n - Kevin Donnelly\r\n - Kevin
-    Gibbons\r\n - Kevin Lang\r\n - Khải\r\n - Kitson Kelly\r\n - Klaus Meinhardt\r\n
-    - Kris Zyp\r\n - Kyle Kelley\r\n - Kārlis Gaņģis\r\n - laoxiong\r\n - Leon Aves\r\n
-    - Limon Monte\r\n - Lorant Pinter\r\n - Lucien Greathouse\r\n - Luka Hartwig\r\n
-    - Lukas Elmer\r\n - M.Yoshimura\r\n - Maarten Sijm\r\n - Magnus Hiie\r\n - Magnus
-    Kulke\r\n - Manish Bansal\r\n - Manish Giri\r\n - Marcus Noble\r\n - Marin Marinov\r\n
-    - Marius Schulz\r\n - Markus Johnsson\r\n - Markus Wolf\r\n - Martin\r\n - Martin
-    Hiller\r\n - Martin Johns\r\n - Martin Probst\r\n - Martin Vseticka\r\n - Martyn
-    Janes\r\n - Masahiro Wakame\r\n - Mateusz Burzyński\r\n - Matt Bierner\r\n - Matt
-    McCutchen\r\n - Matt Mitchell\r\n - Matthew Aynalem\r\n - Matthew Miller\r\n -
-    Mattias Buelens\r\n - Max Heiber\r\n - Maxwell Paul Brickner\r\n - @meyer\r\n
-    - Micah Zoltu\r\n - @micbou\r\n - Michael\r\n - Michael Crane\r\n - Michael Henderson\r\n
-    - Michael Tamm\r\n - Michael Tang\r\n - Michal Przybys\r\n - Mike Busyrev\r\n
-    - Mike Morearty\r\n - Milosz Piechocki\r\n - Mine Starks\r\n - Minh Nguyen\r\n
-    - Mohamed Hegazy\r\n - Mohsen Azimi\r\n - Mukesh Prasad\r\n - Myles Megyesi\r\n
-    - Nathan Day\r\n - Nathan Fenner\r\n - Nathan Shively-Sanders\r\n - Nathan Yee\r\n
-    - ncoley\r\n - Nicholas Yang\r\n - Nicu Micleușanu\r\n - @nieltg\r\n - Nima Zahedi\r\n
-    - Noah Chen\r\n - Noel Varanda\r\n - Noel Yoo\r\n - Noj Vek\r\n - nrcoley\r\n
-    - Nuno Arruda\r\n - Oleg Mihailik\r\n - Oleksandr Chekhovskyi\r\n - Omer Sheikh\r\n
-    - Orta Therox\r\n - Orta Therox\r\n - Oskar Grunning\r\n - Oskar Segersva¨rd\r\n
-    - Oussama Ben Brahim\r\n - Ozair Patel\r\n - Patrick McCartney\r\n - Patrick Zhong\r\n
-    - Paul Koerbitz\r\n - Paul van Brenk\r\n - @pcbro\r\n - Pedro Maltez\r\n - Pete
-    Bacon Darwin\r\n - Peter Burns\r\n - Peter Šándor\r\n - Philip Pesca\r\n - Philippe
-    Voinov\r\n - Pi Lanningham\r\n - Piero Cangianiello\r\n - Pierre-Antoine Mills\r\n
-    - @piloopin\r\n - Pranav Senthilnathan\r\n - Prateek Goel\r\n - Prateek Nayak\r\n
-    - Prayag Verma\r\n - Priyantha Lankapura\r\n - @progre\r\n - Punya Biswal\r\n
-    - r7kamura\r\n - Rado Kirov\r\n - Raj Dosanjh\r\n - rChaser53\r\n - Reiner Dolp\r\n
-    - Remo H. Jansen\r\n - @rflorian\r\n - Rhys van der Waerden\r\n - @rhysd\r\n -
-    Ricardo N Feliciano\r\n - Richard Karmazín\r\n - Richard Knoll\r\n - Roger Spratley\r\n
-    - Ron Buckton\r\n - Rostislav Galimsky\r\n - Rowan Wyborn\r\n - rpgeeganage\r\n
-    - Ruwan Pradeep Geeganage\r\n - Ryan Cavanaugh\r\n - Ryan Clarke\r\n - Ryohei
-    Ikegami\r\n - Salisbury, Tom\r\n - Sam Bostock\r\n - Sam Drugan\r\n - Sam El-Husseini\r\n
-    - Sam Lanning\r\n - Sangmin Lee\r\n - Sanket Mishra\r\n - Sarangan Rajamanickam\r\n
-    - Sasha Joseph\r\n - Sean Barag\r\n - Sergey Rubanov\r\n - Sergey Shandar\r\n
-    - Sergey Tychinin\r\n - Sergii Bezliudnyi\r\n - Sergio Baidon\r\n - Sharon Rolel\r\n
-    - Sheetal Nandi\r\n - Shengping Zhong\r\n - Sheon Han\r\n - Shyyko Serhiy\r\n
-    - Siddharth Singh\r\n - sisisin\r\n - Slawomir Sadziak\r\n - Solal Pirelli\r\n
-    - Soo Jae Hwang\r\n - Stan Thomas\r\n - Stanislav Iliev\r\n - Stanislav Sysoev\r\n
-    - Stas Vilchik\r\n - Stephan Ginthör\r\n - Steve Lucco\r\n - @styfle\r\n - Sudheesh
-    Singanamalla\r\n - Suhas\r\n - Suhas Deshpande\r\n - superkd37\r\n - Sébastien
-    Arod\r\n - @T18970237136\r\n - @t_\r\n - Tan Li Hau\r\n - Tapan Prakash\r\n -
-    Taras Mankovski\r\n - Tarik Ozket\r\n - Tetsuharu Ohzeki\r\n - The Gitter Badger\r\n
-    - Thomas den Hollander\r\n - Thorsten Ball\r\n - Tien Hoanhtien\r\n - Tim Lancina\r\n
-    - Tim Perry\r\n - Tim Schaub\r\n - Tim Suchanek\r\n - Tim Viiding-Spader\r\n -
-    Tingan Ho\r\n - Titian Cernicova-Dragomir\r\n - tkondo\r\n - Todd Thomson\r\n
-    - togru\r\n - Tom J\r\n - Torben Fitschen\r\n - Toxyxer\r\n - @TravCav\r\n - Troy
-    Tae\r\n - TruongSinh Tran-Nguyen\r\n - Tycho Grouwstra\r\n - uhyo\r\n - Vadi Taslim\r\n
-    - Vakhurin Sergey\r\n - Valera Rozuvan\r\n - Vilic Vane\r\n - Vimal Raghubir\r\n
-    - Vladimir Kurchatkin\r\n - Vladimir Matveev\r\n - Vyacheslav Pukhanov\r\n - Wenlu
-    Wang\r\n - Wes Souza\r\n - Wesley Wigham\r\n - William Orr\r\n - Wilson Hobbs\r\n
-    - xiaofa\r\n - xl1\r\n - Yacine Hmito\r\n - Yang Cao\r\n - York Yao\r\n - @yortus\r\n
-    - Yoshiki Shibukawa\r\n - Yuichi Nukiyama\r\n - Yuval Greenfield\r\n - Yuya Tanaka\r\n
-    - Z\r\n - Zeeshan Ahmed\r\n - Zev Spitz\r\n - Zhengbo Li\r\n - Zixiang Li\r\n
-    - @Zzzen\r\n - 阿卡琳"
+    Gibbons\r\n - Kevin Lang\r\n - Kh???i\r\n - Kitson Kelly\r\n - Klaus Meinhardt\r\n
+    - Kris Zyp\r\n - Kyle Kelley\r\n - K??rlis Ga????is\r\n - laoxiong\r\n - Leon
+    Aves\r\n - Limon Monte\r\n - Lorant Pinter\r\n - Lucien Greathouse\r\n - Luka
+    Hartwig\r\n - Lukas Elmer\r\n - M.Yoshimura\r\n - Maarten Sijm\r\n - Magnus Hiie\r\n
+    - Magnus Kulke\r\n - Manish Bansal\r\n - Manish Giri\r\n - Marcus Noble\r\n -
+    Marin Marinov\r\n - Marius Schulz\r\n - Markus Johnsson\r\n - Markus Wolf\r\n
+    - Martin\r\n - Martin Hiller\r\n - Martin Johns\r\n - Martin Probst\r\n - Martin
+    Vseticka\r\n - Martyn Janes\r\n - Masahiro Wakame\r\n - Mateusz Burzy??ski\r\n
+    - Matt Bierner\r\n - Matt McCutchen\r\n - Matt Mitchell\r\n - Matthew Aynalem\r\n
+    - Matthew Miller\r\n - Mattias Buelens\r\n - Max Heiber\r\n - Maxwell Paul Brickner\r\n
+    - @meyer\r\n - Micah Zoltu\r\n - @micbou\r\n - Michael\r\n - Michael Crane\r\n
+    - Michael Henderson\r\n - Michael Tamm\r\n - Michael Tang\r\n - Michal Przybys\r\n
+    - Mike Busyrev\r\n - Mike Morearty\r\n - Milosz Piechocki\r\n - Mine Starks\r\n
+    - Minh Nguyen\r\n - Mohamed Hegazy\r\n - Mohsen Azimi\r\n - Mukesh Prasad\r\n
+    - Myles Megyesi\r\n - Nathan Day\r\n - Nathan Fenner\r\n - Nathan Shively-Sanders\r\n
+    - Nathan Yee\r\n - ncoley\r\n - Nicholas Yang\r\n - Nicu Micleu??anu\r\n - @nieltg\r\n
+    - Nima Zahedi\r\n - Noah Chen\r\n - Noel Varanda\r\n - Noel Yoo\r\n - Noj Vek\r\n
+    - nrcoley\r\n - Nuno Arruda\r\n - Oleg Mihailik\r\n - Oleksandr Chekhovskyi\r\n
+    - Omer Sheikh\r\n - Orta Therox\r\n - Orta Therox\r\n - Oskar Grunning\r\n - Oskar
+    Segersva??rd\r\n - Oussama Ben Brahim\r\n - Ozair Patel\r\n - Patrick McCartney\r\n
+    - Patrick Zhong\r\n - Paul Koerbitz\r\n - Paul van Brenk\r\n - @pcbro\r\n - Pedro
+    Maltez\r\n - Pete Bacon Darwin\r\n - Peter Burns\r\n - Peter ????ndor\r\n - Philip
+    Pesca\r\n - Philippe Voinov\r\n - Pi Lanningham\r\n - Piero Cangianiello\r\n -
+    Pierre-Antoine Mills\r\n - @piloopin\r\n - Pranav Senthilnathan\r\n - Prateek
+    Goel\r\n - Prateek Nayak\r\n - Prayag Verma\r\n - Priyantha Lankapura\r\n - @progre\r\n
+    - Punya Biswal\r\n - r7kamura\r\n - Rado Kirov\r\n - Raj Dosanjh\r\n - rChaser53\r\n
+    - Reiner Dolp\r\n - Remo H. Jansen\r\n - @rflorian\r\n - Rhys van der Waerden\r\n
+    - @rhysd\r\n - Ricardo N Feliciano\r\n - Richard Karmaz??n\r\n - Richard Knoll\r\n
+    - Roger Spratley\r\n - Ron Buckton\r\n - Rostislav Galimsky\r\n - Rowan Wyborn\r\n
+    - rpgeeganage\r\n - Ruwan Pradeep Geeganage\r\n - Ryan Cavanaugh\r\n - Ryan Clarke\r\n
+    - Ryohei Ikegami\r\n - Salisbury, Tom\r\n - Sam Bostock\r\n - Sam Drugan\r\n -
+    Sam El-Husseini\r\n - Sam Lanning\r\n - Sangmin Lee\r\n - Sanket Mishra\r\n -
+    Sarangan Rajamanickam\r\n - Sasha Joseph\r\n - Sean Barag\r\n - Sergey Rubanov\r\n
+    - Sergey Shandar\r\n - Sergey Tychinin\r\n - Sergii Bezliudnyi\r\n - Sergio Baidon\r\n
+    - Sharon Rolel\r\n - Sheetal Nandi\r\n - Shengping Zhong\r\n - Sheon Han\r\n -
+    Shyyko Serhiy\r\n - Siddharth Singh\r\n - sisisin\r\n - Slawomir Sadziak\r\n -
+    Solal Pirelli\r\n - Soo Jae Hwang\r\n - Stan Thomas\r\n - Stanislav Iliev\r\n
+    - Stanislav Sysoev\r\n - Stas Vilchik\r\n - Stephan Ginth??r\r\n - Steve Lucco\r\n
+    - @styfle\r\n - Sudheesh Singanamalla\r\n - Suhas\r\n - Suhas Deshpande\r\n -
+    superkd37\r\n - S??bastien Arod\r\n - @T18970237136\r\n - @t_\r\n - Tan Li Hau\r\n
+    - Tapan Prakash\r\n - Taras Mankovski\r\n - Tarik Ozket\r\n - Tetsuharu Ohzeki\r\n
+    - The Gitter Badger\r\n - Thomas den Hollander\r\n - Thorsten Ball\r\n - Tien
+    Hoanhtien\r\n - Tim Lancina\r\n - Tim Perry\r\n - Tim Schaub\r\n - Tim Suchanek\r\n
+    - Tim Viiding-Spader\r\n - Tingan Ho\r\n - Titian Cernicova-Dragomir\r\n - tkondo\r\n
+    - Todd Thomson\r\n - togru\r\n - Tom J\r\n - Torben Fitschen\r\n - Toxyxer\r\n
+    - @TravCav\r\n - Troy Tae\r\n - TruongSinh Tran-Nguyen\r\n - Tycho Grouwstra\r\n
+    - uhyo\r\n - Vadi Taslim\r\n - Vakhurin Sergey\r\n - Valera Rozuvan\r\n - Vilic
+    Vane\r\n - Vimal Raghubir\r\n - Vladimir Kurchatkin\r\n - Vladimir Matveev\r\n
+    - Vyacheslav Pukhanov\r\n - Wenlu Wang\r\n - Wes Souza\r\n - Wesley Wigham\r\n
+    - William Orr\r\n - Wilson Hobbs\r\n - xiaofa\r\n - xl1\r\n - Yacine Hmito\r\n
+    - Yang Cao\r\n - York Yao\r\n - @yortus\r\n - Yoshiki Shibukawa\r\n - Yuichi Nukiyama\r\n
+    - Yuval Greenfield\r\n - Yuya Tanaka\r\n - Z\r\n - Zeeshan Ahmed\r\n - Zev Spitz\r\n
+    - Zhengbo Li\r\n - Zixiang Li\r\n - @Zzzen\r\n - ?????????"

.licenses/npm/uuid.dep.yml

@@ -3,7 +3,7 @@ name: uuid
 version: 8.3.2
 type: npm
 summary: RFC4122 (v1, v4, and v5) UUIDs
-homepage: 
+homepage:
 license: mit
 licenses:
 - sources: LICENSE.md

README.md

@@ -31,6 +31,11 @@ Upgrading to the recommended versions will not break your workflows.
 
 Read more about the change & access the migration guide: [reference to the announcement](https://github.com/actions/cache/discussions/1510).
 
+### v4
+
+* Integrated with the new cache service (v2) APIs.
+* Updated to node 20
+
 ### v3
 
 * Integrated with the new cache service (v2) APIs.
@@ -67,7 +72,7 @@ If you are using a `self-hosted` Windows runner, `GNU tar` and `zstd` are requir
 
 * `key` - An explicit key for a cache entry. See [creating a cache key](#creating-a-cache-key).
 * `path` - A list of files, directories, and wildcard patterns to cache and restore. See [`@actions/glob`](https://github.com/actions/toolkit/tree/main/packages/glob) for supported patterns.
-* `restore-keys` - An ordered list of prefix-matched keys to use for restoring stale cache if no cache hit occurred for key.
+* `restore-keys` - An ordered multiline string listing the prefix-matched keys, that are used for restoring stale cache if no cache hit occurred for key.
 * `enableCrossOsArchive` - An optional boolean when enabled, allows Windows runners to save or restore caches that can be restored or saved respectively on other platforms. Default: `false`
 * `fail-on-cache-miss` - Fail the workflow if cache entry is not found. Default: `false`
 * `lookup-only` - If true, only checks if cache entry exists and skips download. Does not change save cache behavior. Default: `false`
@@ -78,9 +83,9 @@ If you are using a `self-hosted` Windows runner, `GNU tar` and `zstd` are requir
 
 ### Outputs
 
-* `cache-hit` - A boolean value to indicate an exact match was found for the key.
-
-    > **Note** `cache-hit` will only be set to `true` when a cache hit occurs for the exact `key` match. For a partial key match via `restore-keys` or a cache miss, it will be set to `false`.
+* `cache-hit` - A string value to indicate an exact match was found for the key.
+  * If there's a cache hit, this will be 'true' or 'false' to indicate if there's an exact match for `key`.
+  * If there's a cache miss, this will be an empty string.
 
 See [Skipping steps based on cache-hit](#skipping-steps-based-on-cache-hit) for info on using this output
 
@@ -104,11 +109,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Cache Primes
       id: cache-primes
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: prime-numbers
         key: ${{ runner.os }}-primes
@@ -135,11 +140,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Restore cached Primes
       id: cache-primes-restore
-      uses: actions/cache/restore@v3
+      uses: actions/cache/restore@v4
       with:
         path: |
           path/to/dependencies
@@ -150,7 +155,7 @@ jobs:
     .
     - name: Save Primes
       id: cache-primes-save
-      uses: actions/cache/save@v3
+      uses: actions/cache/save@v4
       with:
         path: |
           path/to/dependencies
@@ -171,6 +176,7 @@ Every programming language and framework has its own way of caching.
 
 See [Examples](examples.md) for a list of `actions/cache` implementations for use with:
 
+* [Bun](./examples.md#bun)
 * [C# - NuGet](./examples.md#c---nuget)
 * [Clojure - Lein Deps](./examples.md#clojure---lein-deps)
 * [D - DUB](./examples.md#d---dub)
@@ -204,7 +210,7 @@ A cache key can include any of the contexts, functions, literals, and operators
 For example, using the [`hashFiles`](https://docs.github.com/en/actions/learn-github-actions/expressions#hashfiles) function allows you to create a new cache when dependencies change.
 
 ```yaml
-  - uses: actions/cache@v3
+  - uses: actions/cache@v4
     with:
       path: |
         path/to/dependencies
@@ -222,7 +228,7 @@ Additionally, you can use arbitrary command output in a cache key, such as a dat
       echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
     shell: bash
 
-  - uses: actions/cache@v3
+  - uses: actions/cache@v4
     with:
       path: path/to/dependencies
       key: ${{ runner.os }}-${{ steps.get-date.outputs.date }}-${{ hashFiles('**/lockfiles') }}
@@ -242,9 +248,9 @@ Example:
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 
-  - uses: actions/cache@v3
+  - uses: actions/cache@v4
     id: cache
     with:
       path: path/to/dependencies
@@ -272,11 +278,11 @@ jobs:
   build-linux:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Cache Primes
         id: cache-primes
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: prime-numbers
           key: primes
@@ -287,7 +293,7 @@ jobs:
 
       - name: Cache Numbers
         id: cache-numbers
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: numbers
           key: primes
@@ -299,11 +305,11 @@ jobs:
   build-windows:
     runs-on: windows-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Cache Primes
         id: cache-primes
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: prime-numbers
           key: primes

RELEASES.md

@@ -1,77 +1,98 @@
 # Releases
 
-### 3.0.0
+### 4.2.3
 
-- Updated minimum runner version support from node 12 -> node 16
+- Bump `@actions/cache` to v4.0.3 (obfuscates SAS token in debug logs for cache entries)
 
-### 3.0.1
+### 4.2.2
 
-- Added support for caching from GHES 3.5.
-- Fixed download issue for files > 2GB during restore.
+- Bump `@actions/cache` to v4.0.2
 
-### 3.0.2
+### 4.2.1
 
-- Added support for dynamic cache size cap on GHES.
+- Bump `@actions/cache` to v4.0.1
 
-### 3.0.3
+### 4.2.0
 
-- Fixed avoiding empty cache save when no files are available for caching. ([issue](https://github.com/actions/cache/issues/624))
+TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. [actions/cache](https://github.com/actions/cache) now integrates with the new cache service (v2) APIs.
 
-### 3.0.4
+The new service will gradually roll out as of **February 1st, 2025**. The legacy service will also be sunset on the same date. Changes in these release are **fully backward compatible**.
 
-- Fixed tar creation error while trying to create tar with path as `~/` home folder on `ubuntu-latest`. ([issue](https://github.com/actions/cache/issues/689))
+**We are deprecating some versions of this action**. We recommend upgrading to version `v4` or `v3` as soon as possible before **February 1st, 2025.** (Upgrade instructions below).
 
-### 3.0.5
+If you are using pinned SHAs, please use the SHAs of versions `v4.2.0` or `v3.4.0`
 
-- Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. ([PR](https://github.com/actions/cache/pull/834))
+If you do not upgrade, all workflow runs using any of the deprecated [actions/cache](https://github.com/actions/cache) will fail.
 
-### 3.0.6
+Upgrading to the recommended versions will not break your workflows.
 
-- Fixed [#809](https://github.com/actions/cache/issues/809) - zstd -d: no such file or directory error
-- Fixed [#833](https://github.com/actions/cache/issues/833) - cache doesn't work with github workspace directory
+### 4.1.2
 
-### 3.0.7
+- Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - [#1474](https://github.com/actions/cache/pull/1474)
+- Security fix: Bump braces from 3.0.2 to 3.0.3 - [#1475](https://github.com/actions/cache/pull/1475)
 
-- Fixed [#810](https://github.com/actions/cache/issues/810) - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.
+### 4.1.1
 
-### 3.0.8
+- Restore original behavior of `cache-hit` output - [#1467](https://github.com/actions/cache/pull/1467)
 
-- Fix zstd not working for windows on gnu tar in issues [#888](https://github.com/actions/cache/issues/888) and [#891](https://github.com/actions/cache/issues/891).
-- Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable `SEGMENT_DOWNLOAD_TIMEOUT_MINS`. Default is 60 minutes.
+### 4.1.0
 
-### 3.0.9
+- Ensure `cache-hit` output is set when a cache is missed - [#1404](https://github.com/actions/cache/pull/1404)
+- Deprecate `save-always` input - [#1452](https://github.com/actions/cache/pull/1452)
 
-- Enhanced the warning message for cache unavailablity in case of GHES.
+### 4.0.2
 
-### 3.0.10
+- Fixed restore `fail-on-cache-miss` not working.
 
-- Fix a bug with sorting inputs.
-- Update definition for restore-keys in README.md
+### 4.0.1
 
-### 3.0.11
+- Updated `isGhes` check
 
-- Update toolkit version to 3.0.5 to include `@actions/core@^1.10.0`
-- Update `@actions/cache` to use updated `saveState` and `setOutput` functions from `@actions/core@^1.10.0`
+### 4.0.0
 
-### 3.1.0-beta.1
+- Updated minimum runner version support from node 12 -> node 20
 
-- Update `@actions/cache` on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. ([issue](https://github.com/actions/cache/issues/984))
+### 3.4.0
 
-### 3.1.0-beta.2
+- Integrated with the new cache service (v2) APIs
 
-- Added support for fallback to gzip to restore old caches on windows.
+### 3.3.3
 
-### 3.1.0-beta.3
+- Updates @actions/cache to v3.2.3 to fix accidental mutated path arguments to `getCacheVersion` [actions/toolkit#1378](https://github.com/actions/toolkit/pull/1378)
+- Additional audit fixes of npm package(s)
 
-- Bug fixes for bsdtar fallback if gnutar not available and gzip fallback if cache saved using old cache action on windows.
+### 3.3.2
 
-### 3.2.0-beta.1
+- Fixes bug with Azure SDK causing blob downloads to get stuck.
 
-- Added two new actions - [restore](restore/action.yml) and [save](save/action.yml) for granular control on cache.
+### 3.3.1
 
-### 3.2.0
+- Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.
 
-- Released the two new actions - [restore](restore/action.yml) and [save](save/action.yml) for granular control on cache
+### 3.3.0
+
+- Added option to lookup cache without downloading it.
+
+### 3.2.6
+
+- Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.
+
+### 3.2.5
+
+- Added fix to prevent from setting MYSYS environment variable globally.
+
+### 3.2.4
+
+- Added option to fail job on cache miss.
+
+### 3.2.3
+
+- Support cross os caching on Windows as an opt-in feature.
+- Fix issue with symlink restoration on Windows for cross-os caches.
+
+### 3.2.2
+
+- Reverted the changes made in 3.2.1 to use gnu tar and zstd by default on windows.
 
 ### 3.2.1
 
@@ -79,44 +100,75 @@
 - Added support for fallback to gzip to restore old caches on windows.
 - Added logs for cache version in case of a cache miss.
 
-### 3.2.2
+### 3.2.0
 
-- Reverted the changes made in 3.2.1 to use gnu tar and zstd by default on windows.
+- Released the two new actions - [restore](restore/action.yml) and [save](save/action.yml) for granular control on cache
 
-### 3.2.3
+### 3.2.0-beta.1
 
-- Support cross os caching on Windows as an opt-in feature.
-- Fix issue with symlink restoration on Windows for cross-os caches.
+- Added two new actions - [restore](restore/action.yml) and [save](save/action.yml) for granular control on cache.
 
-### 3.2.4
+### 3.1.0-beta.3
 
-- Added option to fail job on cache miss.
+- Bug fixes for bsdtar fallback if gnutar not available and gzip fallback if cache saved using old cache action on windows.
 
-### 3.2.5
+### 3.1.0-beta.2
 
-- Added fix to prevent from setting MYSYS environment variable globally.
+- Added support for fallback to gzip to restore old caches on windows.
 
-### 3.2.6
+### 3.1.0-beta.1
 
-- Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.
+- Update `@actions/cache` on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. ([issue](https://github.com/actions/cache/issues/984))
 
-### 3.3.0
+### 3.0.11
 
-- Added option to lookup cache without downloading it.
+- Update toolkit version to 3.0.5 to include `@actions/core@^1.10.0`
+- Update `@actions/cache` to use updated `saveState` and `setOutput` functions from `@actions/core@^1.10.0`
 
-### 3.3.1
+### 3.0.10
 
-- Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.
+- Fix a bug with sorting inputs.
+- Update definition for restore-keys in README.md
 
-### 3.3.2
+### 3.0.9
 
-- Fixes bug with Azure SDK causing blob downloads to get stuck.
+- Enhanced the warning message for cache unavailablity in case of GHES.
 
-### 3.3.3
+### 3.0.8
 
-- Updates @actions/cache to v3.2.3 to fix accidental mutated path arguments to `getCacheVersion` [actions/toolkit#1378](https://github.com/actions/toolkit/pull/1378)
-- Additional audit fixes of npm package(s)
+- Fix zstd not working for windows on gnu tar in issues [#888](https://github.com/actions/cache/issues/888) and [#891](https://github.com/actions/cache/issues/891).
+- Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable `SEGMENT_DOWNLOAD_TIMEOUT_MINS`. Default is 60 minutes.
 
-### 3.4.0
+### 3.0.7
 
-- Integrated with the new cache service (v2) APIs
+- Fixed [#810](https://github.com/actions/cache/issues/810) - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.
+
+### 3.0.6
+
+- Fixed [#809](https://github.com/actions/cache/issues/809) - zstd -d: no such file or directory error
+- Fixed [#833](https://github.com/actions/cache/issues/833) - cache doesn't work with github workspace directory
+
+### 3.0.5
+
+- Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. ([PR](https://github.com/actions/cache/pull/834))
+
+### 3.0.4
+
+- Fixed tar creation error while trying to create tar with path as `~/` home folder on `ubuntu-latest`. ([issue](https://github.com/actions/cache/issues/689))
+
+### 3.0.3
+
+- Fixed avoiding empty cache save when no files are available for caching. ([issue](https://github.com/actions/cache/issues/624))
+
+### 3.0.2
+
+- Added support for dynamic cache size cap on GHES.
+
+### 3.0.1
+
+- Added support for caching from GHES 3.5.
+- Fixed download issue for files > 2GB during restore.
+
+### 3.0.0
+
+- Updated minimum runner version support from node 12 -> node 16

__tests__/actionUtils.test.ts

@@ -8,17 +8,26 @@ import * as testUtils from "../src/utils/testUtils";
 jest.mock("@actions/core");
 jest.mock("@actions/cache");
 
+let pristineEnv: NodeJS.ProcessEnv;
+
 beforeAll(() => {
+    pristineEnv = process.env;
     jest.spyOn(core, "getInput").mockImplementation((name, options) => {
         return jest.requireActual("@actions/core").getInput(name, options);
     });
 });
 
-afterEach(() => {
+beforeEach(() => {
+    jest.resetModules();
+    process.env = pristineEnv;
     delete process.env[Events.Key];
     delete process.env[RefKey];
 });
 
+afterAll(() => {
+    process.env = pristineEnv;
+});
+
 test("isGhes returns true if server url is not github.com", () => {
     try {
         process.env["GITHUB_SERVER_URL"] = "http://example.com";
@@ -231,3 +240,28 @@ test("isCacheFeatureAvailable for ac disabled on dotcom", () => {
         delete process.env["GITHUB_SERVER_URL"];
     }
 });
+
+test("isGhes returns false when the GITHUB_SERVER_URL environment variable is not defined", async () => {
+    delete process.env["GITHUB_SERVER_URL"];
+    expect(actionUtils.isGhes()).toBeFalsy();
+});
+
+test("isGhes returns false when the GITHUB_SERVER_URL environment variable is set to github.com", async () => {
+    process.env["GITHUB_SERVER_URL"] = "https://github.com";
+    expect(actionUtils.isGhes()).toBeFalsy();
+});
+
+test("isGhes returns false when the GITHUB_SERVER_URL environment variable is set to a GitHub Enterprise Cloud-style URL", async () => {
+    process.env["GITHUB_SERVER_URL"] = "https://contoso.ghe.com";
+    expect(actionUtils.isGhes()).toBeFalsy();
+});
+
+test("isGhes returns false when the GITHUB_SERVER_URL environment variable has a .localhost suffix", async () => {
+    process.env["GITHUB_SERVER_URL"] = "https://mock-github.localhost";
+    expect(actionUtils.isGhes()).toBeFalsy();
+});
+
+test("isGhes returns true when the GITHUB_SERVER_URL environment variable is set to some other URL", async () => {
+    process.env["GITHUB_SERVER_URL"] = "https://src.onpremise.fabrikam.com";
+    expect(actionUtils.isGhes()).toBeTruthy();
+});

__tests__/restoreImpl.test.ts

@@ -449,3 +449,19 @@ test("restore with lookup-only set", async () => {
     );
     expect(failedMock).toHaveBeenCalledTimes(0);
 });
+
+test("restore failure with earlyExit should call process exit", async () => {
+    testUtils.setInput(Inputs.Path, "node_modules");
+    const failedMock = jest.spyOn(core, "setFailed");
+    const restoreCacheMock = jest.spyOn(cache, "restoreCache");
+    const processExitMock = jest.spyOn(process, "exit").mockImplementation();
+
+    // call restoreImpl with `earlyExit` set to true
+    await restoreImpl(new StateProvider(), true);
+
+    expect(restoreCacheMock).toHaveBeenCalledTimes(0);
+    expect(failedMock).toHaveBeenCalledWith(
+        "Input required and not supplied: key"
+    );
+    expect(processExitMock).toHaveBeenCalledWith(1);
+});

__tests__/save.test.ts

@@ -2,7 +2,7 @@ import * as cache from "@actions/cache";
 import * as core from "@actions/core";
 
 import { Events, Inputs, RefKey } from "../src/constants";
-import run from "../src/save";
+import { saveRun } from "../src/saveImpl";
 import * as actionUtils from "../src/utils/actionUtils";
 import * as testUtils from "../src/utils/testUtils";
 
@@ -100,7 +100,7 @@ test("save with valid inputs uploads a cache", async () => {
             return Promise.resolve(cacheId);
         });
 
-    await run();
+    await saveRun();
 
     expect(saveCacheMock).toHaveBeenCalledTimes(1);
     expect(saveCacheMock).toHaveBeenCalledWith(

__tests__/saveImpl.test.ts

@@ -2,7 +2,7 @@ import * as cache from "@actions/cache";
 import * as core from "@actions/core";
 
 import { Events, Inputs, RefKey } from "../src/constants";
-import run from "../src/saveImpl";
+import { saveImpl } from "../src/saveImpl";
 import { StateProvider } from "../src/stateProvider";
 import * as actionUtils from "../src/utils/actionUtils";
 import * as testUtils from "../src/utils/testUtils";
@@ -77,7 +77,7 @@ test("save with invalid event outputs warning", async () => {
     const invalidEvent = "commit_comment";
     process.env[Events.Key] = invalidEvent;
     delete process.env[RefKey];
-    await run(new StateProvider());
+    await saveImpl(new StateProvider());
     expect(logWarningMock).toHaveBeenCalledWith(
         `Event Validation Error: The event type ${invalidEvent} is not supported because it's not tied to a branch or tag ref.`
     );
@@ -100,7 +100,7 @@ test("save with no primary key in state outputs warning", async () => {
         });
     const saveCacheMock = jest.spyOn(cache, "saveCache");
 
-    await run(new StateProvider());
+    await saveImpl(new StateProvider());
 
     expect(saveCacheMock).toHaveBeenCalledTimes(0);
     expect(logWarningMock).toHaveBeenCalledWith(`Key is not specified.`);
@@ -115,7 +115,7 @@ test("save without AC available should no-op", async () => {
 
     const saveCacheMock = jest.spyOn(cache, "saveCache");
 
-    await run(new StateProvider());
+    await saveImpl(new StateProvider());
 
     expect(saveCacheMock).toHaveBeenCalledTimes(0);
 });
@@ -128,7 +128,7 @@ test("save on ghes without AC available should no-op", async () => {
 
     const saveCacheMock = jest.spyOn(cache, "saveCache");
 
-    await run(new StateProvider());
+    await saveImpl(new StateProvider());
 
     expect(saveCacheMock).toHaveBeenCalledTimes(0);
 });
@@ -161,7 +161,7 @@ test("save on GHES with AC available", async () => {
             return Promise.resolve(cacheId);
         });
 
-    await run(new StateProvider());
+    await saveImpl(new StateProvider());
 
     expect(saveCacheMock).toHaveBeenCalledTimes(1);
     expect(saveCacheMock).toHaveBeenCalledWith(
@@ -194,7 +194,7 @@ test("save with exact match returns early", async () => {
         });
     const saveCacheMock = jest.spyOn(cache, "saveCache");
 
-    await run(new StateProvider());
+    await saveImpl(new StateProvider());
 
     expect(saveCacheMock).toHaveBeenCalledTimes(0);
     expect(infoMock).toHaveBeenCalledWith(
@@ -221,7 +221,7 @@ test("save with missing input outputs warning", async () => {
         });
     const saveCacheMock = jest.spyOn(cache, "saveCache");
 
-    await run(new StateProvider());
+    await saveImpl(new StateProvider());
 
     expect(saveCacheMock).toHaveBeenCalledTimes(0);
     expect(logWarningMock).toHaveBeenCalledWith(
@@ -259,7 +259,7 @@ test("save with large cache outputs warning", async () => {
             );
         });
 
-    await run(new StateProvider());
+    await saveImpl(new StateProvider());
 
     expect(saveCacheMock).toHaveBeenCalledTimes(1);
     expect(saveCacheMock).toHaveBeenCalledWith(
@@ -306,7 +306,7 @@ test("save with reserve cache failure outputs warning", async () => {
             throw error;
         });
 
-    await run(new StateProvider());
+    await saveImpl(new StateProvider());
 
     expect(saveCacheMock).toHaveBeenCalledTimes(1);
     expect(saveCacheMock).toHaveBeenCalledWith(
@@ -349,7 +349,7 @@ test("save with server error outputs warning", async () => {
             throw new Error("HTTP Error Occurred");
         });
 
-    await run(new StateProvider());
+    await saveImpl(new StateProvider());
 
     expect(saveCacheMock).toHaveBeenCalledTimes(1);
     expect(saveCacheMock).toHaveBeenCalledWith(
@@ -392,7 +392,7 @@ test("save with valid inputs uploads a cache", async () => {
             return Promise.resolve(cacheId);
         });
 
-    await run(new StateProvider());
+    await saveImpl(new StateProvider());
 
     expect(saveCacheMock).toHaveBeenCalledTimes(1);
     expect(saveCacheMock).toHaveBeenCalledWith(

__tests__/saveOnly.test.ts

@@ -2,7 +2,7 @@ import * as cache from "@actions/cache";
 import * as core from "@actions/core";
 
 import { Events, Inputs, RefKey } from "../src/constants";
-import run from "../src/saveOnly";
+import { saveOnlyRun } from "../src/saveImpl";
 import * as actionUtils from "../src/utils/actionUtils";
 import * as testUtils from "../src/utils/testUtils";
 
@@ -90,7 +90,7 @@ test("save with valid inputs uploads a cache", async () => {
             return Promise.resolve(cacheId);
         });
 
-    await run();
+    await saveOnlyRun();
 
     expect(saveCacheMock).toHaveBeenCalledTimes(1);
     expect(saveCacheMock).toHaveBeenCalledWith(
@@ -122,7 +122,7 @@ test("save failing logs the warning message", async () => {
             return Promise.resolve(cacheId);
         });
 
-    await run();
+    await saveOnlyRun();
 
     expect(saveCacheMock).toHaveBeenCalledTimes(1);
     expect(saveCacheMock).toHaveBeenCalledWith(

action.yml

@@ -9,7 +9,7 @@ inputs:
     description: 'An explicit key for restoring and saving the cache'
     required: true
   restore-keys:
-    description: 'An ordered list of keys to use for restoring stale cache if no cache hit occurred for key. Note `cache-hit` returns false in this case.'
+    description: 'An ordered multiline string listing the prefix-matched keys, that are used for restoring stale cache if no cache hit occurred for key. Note `cache-hit` returns false in this case.'
     required: false
   upload-chunk-size:
     description: 'The chunk size used to split up large files during upload, in bytes'
@@ -26,14 +26,22 @@ inputs:
     description: 'Check if a cache entry exists for the given input(s) (key, restore-keys) without downloading the cache'
     default: 'false'
     required: false
+  save-always:
+    description: 'Run the post step to save the cache even if another step before fails'
+    default: 'false'
+    required: false
+    deprecationMessage: |
+      save-always does not work as intended and will be removed in a future release.
+      A separate `actions/cache/restore` step should be used instead.
+      See https://github.com/actions/cache/tree/main/save#always-save-cache for more details.
 outputs:
   cache-hit:
     description: 'A boolean value to indicate an exact match was found for the primary key'
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'dist/restore/index.js'
   post: 'dist/save/index.js'
-  post-if: success()
+  post-if: "success()"
 branding:
   icon: 'archive'
   color: 'gray-dark'

caching-strategies.md

@@ -12,7 +12,7 @@ This document lists some of the strategies (and example workflows if possible) w
 jobs:
   build:
     runs-on: ubuntu-latest
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       with:
         key: ${{ some-metadata }}-cache
 ```
@@ -24,7 +24,7 @@ In your workflows, you can use different strategies to name your key depending o
 One of the most common use case is to use hash for lockfile as key. This way, same cache will be restored for a lockfile until there's a change in dependencies listed in lockfile.
 
 ```yaml
-  - uses: actions/cache@v3
+  - uses: actions/cache@v4
     with:
       path: |
         path/to/dependencies
@@ -37,7 +37,7 @@ One of the most common use case is to use hash for lockfile as key. This way, sa
 If cache is not found matching the primary key, restore keys can be used to download the closest matching cache that was recently created. This ensures that the build/install step will need to additionally fetch just a handful of newer dependencies, and hence saving build time.
 
 ```yaml
-  - uses: actions/cache@v3
+  - uses: actions/cache@v4
     with:
       path: |
         path/to/dependencies
@@ -54,7 +54,7 @@ The restore keys can be provided as a complete name, or a prefix, read more [her
 In case of workflows with matrix running for multiple Operating Systems, the caches can be stored separately for each of them. This can be used in combination with hashfiles in case multiple caches are being generated per OS.
 
 ```yaml
-  - uses: actions/cache@v3
+  - uses: actions/cache@v4
     with:
       path: |
         path/to/dependencies
@@ -73,7 +73,7 @@ Caches scoped to the particular workflow run id or run attempt can be stored and
 On similar lines, commit sha can be used to create a very specialized and short lived cache.
 
 ```yaml
-  - uses: actions/cache@v3
+  - uses: actions/cache@v4
     with:
       path: |
         path/to/dependencies
@@ -81,12 +81,12 @@ On similar lines, commit sha can be used to create a very specialized and short
       key: cache-${{ github.sha }}
 ```
 
-### Using multiple factors while forming a key depening on the need
+### Using multiple factors while forming a key depending on the need
 
 Cache key can be formed by combination of more than one metadata, evaluated info.
 
 ```yaml
-  - uses: actions/cache@v3
+  - uses: actions/cache@v4
     with:
       path: |
         path/to/dependencies
@@ -102,7 +102,7 @@ The [GitHub Context](https://docs.github.com/en/actions/learn-github-actions/con
 
 While setting paths for caching dependencies it is important to give correct path depending on the hosted runner you are using or whether the action is running in a container job. Assigning different `path` for save and restore will result in cache miss.
 
-Below are GiHub hosted runner specific paths one should take care of when writing a workflow which saves/restores caches across OS.
+Below are GitHub hosted runner specific paths one should take care of when writing a workflow which saves/restores caches across OS.
 
 #### Ubuntu Paths
 
@@ -146,9 +146,9 @@ In case you are using a centralized job to create and save your cache that can b
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 
-  - uses: actions/cache/restore@v3
+  - uses: actions/cache/restore@v4
     id: cache
     with:
       path: path/to/dependencies
@@ -171,9 +171,9 @@ You can use the output of this action to exit the workflow on cache miss. This w
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 
-  - uses: actions/cache/restore@v3
+  - uses: actions/cache/restore@v4
     id: cache
     with:
       path: path/to/dependencies
@@ -194,7 +194,7 @@ steps:
 If you want to avoid re-computing the cache key again in `save` action, the outputs from `restore` action can be used as input to the `save` action.
 
 ```yaml
-  - uses: actions/cache/restore@v3
+  - uses: actions/cache/restore@v4
     id: restore-cache
     with:
       path: |
@@ -204,7 +204,7 @@ If you want to avoid re-computing the cache key again in `save` action, the outp
   .
   .
   .
-  - uses: actions/cache/save@v3
+  - uses: actions/cache/save@v4
     with:
       path: |
         path/to/dependencies
@@ -219,7 +219,7 @@ On the other hand, the key can also be explicitly re-computed while executing th
 Let's say we have a restore step that computes key at runtime
 
 ```yaml
-uses: actions/cache/restore@v3
+uses: actions/cache/restore@v4
 id: restore-cache
 with:
     key: cache-${{ hashFiles('**/lockfiles') }}
@@ -228,7 +228,7 @@ with:
 Case 1: Where an user would want to reuse the key as it is
 
 ```yaml
-uses: actions/cache/save@v3
+uses: actions/cache/save@v4
 with:
     key: ${{ steps.restore-cache.outputs.cache-primary-key }}
 ```
@@ -236,31 +236,14 @@ with:
 Case 2: Where the user would want to re-evaluate the key
 
 ```yaml
-uses: actions/cache/save@v3
+uses: actions/cache/save@v4
 with:
     key: npm-cache-${{hashfiles(package-lock.json)}}
 ```
 
 ### Saving cache even if the build fails
 
-There can be cases where a cache should be saved even if the build job fails. For example, a job can fail due to flaky tests but the caches can still be re-used. You can use `actions/cache/save` action to save the cache by using `if: always()` condition.
-
-Similarly, `actions/cache/save` action can be conditionally used based on the output of the previous steps. This way you get more control on when to save the cache.
-
-```yaml
-steps:
-  - uses: actions/checkout@v3
-  .
-  . // restore if need be
-  .
-  - name: Build
-    run: /build.sh
-  - uses: actions/cache/save@v3
-    if: always() // or any other condition to invoke the save action
-    with:
-      path: path/to/dependencies
-      key: ${{ runner.os }}-${{ hashFiles('**/lockfiles') }}
-```
+See [Always save cache](./save/README.md#always-save-cache).
 
 ### Saving cache once and reusing in multiple workflows
 
@@ -270,12 +253,12 @@ In case of multi-module projects, where the built artifact of one project needs
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 
   - name: Build
     run: ./build-parent-module.sh
 
-  - uses: actions/cache/save@v3
+  - uses: actions/cache/save@v4
     id: cache
     with:
       path: path/to/dependencies
@@ -286,9 +269,9 @@ steps:
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 
-  - uses: actions/cache/restore@v3
+  - uses: actions/cache/restore@v4
     id: cache
     with:
       path: path/to/dependencies

dist/restore-only/index.js

@@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
             };
             const response = yield twirpClient.GetCacheEntryDownloadURL(request);
             if (!response.ok) {
-                core.debug(`Cache not found for keys: ${keys.join(', ')}`);
+                core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
                 return undefined;
             }
             core.info(`Cache hit for: ${request.key}`);
@@ -412,12 +412,20 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
                 key,
                 version
             };
-            const response = yield twirpClient.CreateCacheEntry(request);
-            if (!response.ok) {
+            let signedUploadUrl;
+            try {
+                const response = yield twirpClient.CreateCacheEntry(request);
+                if (!response.ok) {
+                    throw new Error('Response was not ok');
+                }
+                signedUploadUrl = response.signedUploadUrl;
+            }
+            catch (error) {
+                core.debug(`Failed to reserve cache: ${error}`);
                 throw new ReserveCacheError(`Unable to reserve cache with key ${key}, another job may be creating this cache.`);
             }
             core.debug(`Attempting to upload cache located at: ${archivePath}`);
-            yield cacheHttpClient.saveCache(cacheId, archivePath, response.signedUploadUrl, options);
+            yield cacheHttpClient.saveCache(cacheId, archivePath, signedUploadUrl, options);
             const finalizeRequest = {
                 key,
                 version,
@@ -2196,6 +2204,7 @@ const cacheUtils_1 = __nccwpck_require__(8299);
 const auth_1 = __nccwpck_require__(4552);
 const http_client_1 = __nccwpck_require__(4844);
 const cache_twirp_client_1 = __nccwpck_require__(1486);
+const util_1 = __nccwpck_require__(7564);
 /**
  * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
  *
@@ -2255,6 +2264,7 @@ class CacheServiceClient {
                     (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
                     (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
                     const body = JSON.parse(rawBody);
+                    (0, util_1.maskSecretUrls)(body);
                     (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
                     if (this.isSuccessStatusCode(statusCode)) {
                         return { response, body };
@@ -2436,6 +2446,87 @@ exports.getUserAgentString = getUserAgentString;
 
 /***/ }),
 
+/***/ 7564:
+/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.maskSecretUrls = exports.maskSigUrl = void 0;
+const core_1 = __nccwpck_require__(7484);
+/**
+ * Masks the `sig` parameter in a URL and sets it as a secret.
+ *
+ * @param url - The URL containing the signature parameter to mask
+ * @remarks
+ * This function attempts to parse the provided URL and identify the 'sig' query parameter.
+ * If found, it registers both the raw and URL-encoded signature values as secrets using
+ * the Actions `setSecret` API, which prevents them from being displayed in logs.
+ *
+ * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
+ *
+ * @example
+ * ```typescript
+ * // Mask a signature in an Azure SAS token URL
+ * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
+ * ```
+ */
+function maskSigUrl(url) {
+    if (!url)
+        return;
+    try {
+        const parsedUrl = new URL(url);
+        const signature = parsedUrl.searchParams.get('sig');
+        if (signature) {
+            (0, core_1.setSecret)(signature);
+            (0, core_1.setSecret)(encodeURIComponent(signature));
+        }
+    }
+    catch (error) {
+        (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
+    }
+}
+exports.maskSigUrl = maskSigUrl;
+/**
+ * Masks sensitive information in URLs containing signature parameters.
+ * Currently supports masking 'sig' parameters in the 'signed_upload_url'
+ * and 'signed_download_url' properties of the provided object.
+ *
+ * @param body - The object should contain a signature
+ * @remarks
+ * This function extracts URLs from the object properties and calls maskSigUrl
+ * on each one to redact sensitive signature information. The function doesn't
+ * modify the original object; it only marks the signatures as secrets for
+ * logging purposes.
+ *
+ * @example
+ * ```typescript
+ * const responseBody = {
+ *   signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
+ *   signed_download_url: 'https://blob.core/windows.net/?sig=def456'
+ * };
+ * maskSecretUrls(responseBody);
+ * ```
+ */
+function maskSecretUrls(body) {
+    if (typeof body !== 'object' || body === null) {
+        (0, core_1.debug)('body is not an object or is null');
+        return;
+    }
+    if ('signed_upload_url' in body &&
+        typeof body.signed_upload_url === 'string') {
+        maskSigUrl(body.signed_upload_url);
+    }
+    if ('signed_download_url' in body &&
+        typeof body.signed_download_url === 'string') {
+        maskSigUrl(body.signed_download_url);
+    }
+}
+exports.maskSecretUrls = maskSecretUrls;
+//# sourceMappingURL=util.js.map
+
+/***/ }),
+
 /***/ 5321:
 /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
 
@@ -64888,7 +64979,7 @@ const core = __importStar(__nccwpck_require__(7484));
 const constants_1 = __nccwpck_require__(7242);
 const stateProvider_1 = __nccwpck_require__(2879);
 const utils = __importStar(__nccwpck_require__(8270));
-function restoreImpl(stateProvider) {
+function restoreImpl(stateProvider, earlyExit) {
     return __awaiter(this, void 0, void 0, function* () {
         try {
             if (!utils.isCacheFeatureAvailable()) {
@@ -64911,6 +65002,8 @@ function restoreImpl(stateProvider) {
             const lookupOnly = utils.getInputAsBool(constants_1.Inputs.LookupOnly);
             const cacheKey = yield cache.restoreCache(cachePaths, primaryKey, restoreKeys, { lookupOnly: lookupOnly }, enableCrossOsArchive);
             if (!cacheKey) {
+                // `cache-hit` is intentionally not set to `false` here to preserve existing behavior
+                // See https://github.com/actions/cache/issues/1466
                 if (failOnCacheMiss) {
                     throw new Error(`Failed to restore cache entry. Exiting as fail-on-cache-miss is set. Input key: ${primaryKey}`);
                 }
@@ -64934,21 +65027,16 @@ function restoreImpl(stateProvider) {
         }
         catch (error) {
             core.setFailed(error.message);
+            if (earlyExit) {
+                process.exit(1);
+            }
         }
     });
 }
 exports.restoreImpl = restoreImpl;
 function run(stateProvider, earlyExit) {
     return __awaiter(this, void 0, void 0, function* () {
-        try {
-            yield restoreImpl(stateProvider);
-        }
-        catch (err) {
-            console.error(err);
-            if (earlyExit) {
-                process.exit(1);
-            }
-        }
+        yield restoreImpl(stateProvider, earlyExit);
         // node will stay alive if any promises are not resolved,
         // which is a possibility if HTTP requests are dangling
         // due to retries or timeouts. We know that if we got here
@@ -65085,7 +65173,11 @@ const core = __importStar(__nccwpck_require__(7484));
 const constants_1 = __nccwpck_require__(7242);
 function isGhes() {
     const ghUrl = new URL(process.env["GITHUB_SERVER_URL"] || "https://github.com");
-    return ghUrl.hostname.toUpperCase() !== "GITHUB.COM";
+    const hostname = ghUrl.hostname.trimEnd().toUpperCase();
+    const isGitHubHost = hostname === "GITHUB.COM";
+    const isGitHubEnterpriseCloudHost = hostname.endsWith(".GHE.COM");
+    const isLocalHost = hostname.endsWith(".LOCALHOST");
+    return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost;
 }
 exports.isGhes = isGhes;
 function isExactKeyMatch(key, cacheKey) {
@@ -65308,7 +65400,7 @@ module.exports = require("zlib");
 /***/ ((module) => {
 
 "use strict";
-module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.1","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
+module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
 
 /***/ }),
 

dist/restore/index.js

@@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
             };
             const response = yield twirpClient.GetCacheEntryDownloadURL(request);
             if (!response.ok) {
-                core.debug(`Cache not found for keys: ${keys.join(', ')}`);
+                core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
                 return undefined;
             }
             core.info(`Cache hit for: ${request.key}`);
@@ -412,12 +412,20 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
                 key,
                 version
             };
-            const response = yield twirpClient.CreateCacheEntry(request);
-            if (!response.ok) {
+            let signedUploadUrl;
+            try {
+                const response = yield twirpClient.CreateCacheEntry(request);
+                if (!response.ok) {
+                    throw new Error('Response was not ok');
+                }
+                signedUploadUrl = response.signedUploadUrl;
+            }
+            catch (error) {
+                core.debug(`Failed to reserve cache: ${error}`);
                 throw new ReserveCacheError(`Unable to reserve cache with key ${key}, another job may be creating this cache.`);
             }
             core.debug(`Attempting to upload cache located at: ${archivePath}`);
-            yield cacheHttpClient.saveCache(cacheId, archivePath, response.signedUploadUrl, options);
+            yield cacheHttpClient.saveCache(cacheId, archivePath, signedUploadUrl, options);
             const finalizeRequest = {
                 key,
                 version,
@@ -2196,6 +2204,7 @@ const cacheUtils_1 = __nccwpck_require__(8299);
 const auth_1 = __nccwpck_require__(4552);
 const http_client_1 = __nccwpck_require__(4844);
 const cache_twirp_client_1 = __nccwpck_require__(1486);
+const util_1 = __nccwpck_require__(7564);
 /**
  * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
  *
@@ -2255,6 +2264,7 @@ class CacheServiceClient {
                     (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
                     (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
                     const body = JSON.parse(rawBody);
+                    (0, util_1.maskSecretUrls)(body);
                     (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
                     if (this.isSuccessStatusCode(statusCode)) {
                         return { response, body };
@@ -2436,6 +2446,87 @@ exports.getUserAgentString = getUserAgentString;
 
 /***/ }),
 
+/***/ 7564:
+/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.maskSecretUrls = exports.maskSigUrl = void 0;
+const core_1 = __nccwpck_require__(7484);
+/**
+ * Masks the `sig` parameter in a URL and sets it as a secret.
+ *
+ * @param url - The URL containing the signature parameter to mask
+ * @remarks
+ * This function attempts to parse the provided URL and identify the 'sig' query parameter.
+ * If found, it registers both the raw and URL-encoded signature values as secrets using
+ * the Actions `setSecret` API, which prevents them from being displayed in logs.
+ *
+ * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
+ *
+ * @example
+ * ```typescript
+ * // Mask a signature in an Azure SAS token URL
+ * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
+ * ```
+ */
+function maskSigUrl(url) {
+    if (!url)
+        return;
+    try {
+        const parsedUrl = new URL(url);
+        const signature = parsedUrl.searchParams.get('sig');
+        if (signature) {
+            (0, core_1.setSecret)(signature);
+            (0, core_1.setSecret)(encodeURIComponent(signature));
+        }
+    }
+    catch (error) {
+        (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
+    }
+}
+exports.maskSigUrl = maskSigUrl;
+/**
+ * Masks sensitive information in URLs containing signature parameters.
+ * Currently supports masking 'sig' parameters in the 'signed_upload_url'
+ * and 'signed_download_url' properties of the provided object.
+ *
+ * @param body - The object should contain a signature
+ * @remarks
+ * This function extracts URLs from the object properties and calls maskSigUrl
+ * on each one to redact sensitive signature information. The function doesn't
+ * modify the original object; it only marks the signatures as secrets for
+ * logging purposes.
+ *
+ * @example
+ * ```typescript
+ * const responseBody = {
+ *   signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
+ *   signed_download_url: 'https://blob.core/windows.net/?sig=def456'
+ * };
+ * maskSecretUrls(responseBody);
+ * ```
+ */
+function maskSecretUrls(body) {
+    if (typeof body !== 'object' || body === null) {
+        (0, core_1.debug)('body is not an object or is null');
+        return;
+    }
+    if ('signed_upload_url' in body &&
+        typeof body.signed_upload_url === 'string') {
+        maskSigUrl(body.signed_upload_url);
+    }
+    if ('signed_download_url' in body &&
+        typeof body.signed_download_url === 'string') {
+        maskSigUrl(body.signed_download_url);
+    }
+}
+exports.maskSecretUrls = maskSecretUrls;
+//# sourceMappingURL=util.js.map
+
+/***/ }),
+
 /***/ 5321:
 /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
 
@@ -64888,7 +64979,7 @@ const core = __importStar(__nccwpck_require__(7484));
 const constants_1 = __nccwpck_require__(7242);
 const stateProvider_1 = __nccwpck_require__(2879);
 const utils = __importStar(__nccwpck_require__(8270));
-function restoreImpl(stateProvider) {
+function restoreImpl(stateProvider, earlyExit) {
     return __awaiter(this, void 0, void 0, function* () {
         try {
             if (!utils.isCacheFeatureAvailable()) {
@@ -64911,6 +65002,8 @@ function restoreImpl(stateProvider) {
             const lookupOnly = utils.getInputAsBool(constants_1.Inputs.LookupOnly);
             const cacheKey = yield cache.restoreCache(cachePaths, primaryKey, restoreKeys, { lookupOnly: lookupOnly }, enableCrossOsArchive);
             if (!cacheKey) {
+                // `cache-hit` is intentionally not set to `false` here to preserve existing behavior
+                // See https://github.com/actions/cache/issues/1466
                 if (failOnCacheMiss) {
                     throw new Error(`Failed to restore cache entry. Exiting as fail-on-cache-miss is set. Input key: ${primaryKey}`);
                 }
@@ -64934,21 +65027,16 @@ function restoreImpl(stateProvider) {
         }
         catch (error) {
             core.setFailed(error.message);
+            if (earlyExit) {
+                process.exit(1);
+            }
         }
     });
 }
 exports.restoreImpl = restoreImpl;
 function run(stateProvider, earlyExit) {
     return __awaiter(this, void 0, void 0, function* () {
-        try {
-            yield restoreImpl(stateProvider);
-        }
-        catch (err) {
-            console.error(err);
-            if (earlyExit) {
-                process.exit(1);
-            }
-        }
+        yield restoreImpl(stateProvider, earlyExit);
         // node will stay alive if any promises are not resolved,
         // which is a possibility if HTTP requests are dangling
         // due to retries or timeouts. We know that if we got here
@@ -65085,7 +65173,11 @@ const core = __importStar(__nccwpck_require__(7484));
 const constants_1 = __nccwpck_require__(7242);
 function isGhes() {
     const ghUrl = new URL(process.env["GITHUB_SERVER_URL"] || "https://github.com");
-    return ghUrl.hostname.toUpperCase() !== "GITHUB.COM";
+    const hostname = ghUrl.hostname.trimEnd().toUpperCase();
+    const isGitHubHost = hostname === "GITHUB.COM";
+    const isGitHubEnterpriseCloudHost = hostname.endsWith(".GHE.COM");
+    const isLocalHost = hostname.endsWith(".LOCALHOST");
+    return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost;
 }
 exports.isGhes = isGhes;
 function isExactKeyMatch(key, cacheKey) {
@@ -65308,7 +65400,7 @@ module.exports = require("zlib");
 /***/ ((module) => {
 
 "use strict";
-module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.1","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
+module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
 
 /***/ }),
 

dist/save-only/index.js

@@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
             };
             const response = yield twirpClient.GetCacheEntryDownloadURL(request);
             if (!response.ok) {
-                core.debug(`Cache not found for keys: ${keys.join(', ')}`);
+                core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
                 return undefined;
             }
             core.info(`Cache hit for: ${request.key}`);
@@ -412,12 +412,20 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
                 key,
                 version
             };
-            const response = yield twirpClient.CreateCacheEntry(request);
-            if (!response.ok) {
+            let signedUploadUrl;
+            try {
+                const response = yield twirpClient.CreateCacheEntry(request);
+                if (!response.ok) {
+                    throw new Error('Response was not ok');
+                }
+                signedUploadUrl = response.signedUploadUrl;
+            }
+            catch (error) {
+                core.debug(`Failed to reserve cache: ${error}`);
                 throw new ReserveCacheError(`Unable to reserve cache with key ${key}, another job may be creating this cache.`);
             }
             core.debug(`Attempting to upload cache located at: ${archivePath}`);
-            yield cacheHttpClient.saveCache(cacheId, archivePath, response.signedUploadUrl, options);
+            yield cacheHttpClient.saveCache(cacheId, archivePath, signedUploadUrl, options);
             const finalizeRequest = {
                 key,
                 version,
@@ -2196,6 +2204,7 @@ const cacheUtils_1 = __nccwpck_require__(8299);
 const auth_1 = __nccwpck_require__(4552);
 const http_client_1 = __nccwpck_require__(4844);
 const cache_twirp_client_1 = __nccwpck_require__(1486);
+const util_1 = __nccwpck_require__(7564);
 /**
  * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
  *
@@ -2255,6 +2264,7 @@ class CacheServiceClient {
                     (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
                     (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
                     const body = JSON.parse(rawBody);
+                    (0, util_1.maskSecretUrls)(body);
                     (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
                     if (this.isSuccessStatusCode(statusCode)) {
                         return { response, body };
@@ -2436,6 +2446,87 @@ exports.getUserAgentString = getUserAgentString;
 
 /***/ }),
 
+/***/ 7564:
+/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.maskSecretUrls = exports.maskSigUrl = void 0;
+const core_1 = __nccwpck_require__(7484);
+/**
+ * Masks the `sig` parameter in a URL and sets it as a secret.
+ *
+ * @param url - The URL containing the signature parameter to mask
+ * @remarks
+ * This function attempts to parse the provided URL and identify the 'sig' query parameter.
+ * If found, it registers both the raw and URL-encoded signature values as secrets using
+ * the Actions `setSecret` API, which prevents them from being displayed in logs.
+ *
+ * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
+ *
+ * @example
+ * ```typescript
+ * // Mask a signature in an Azure SAS token URL
+ * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
+ * ```
+ */
+function maskSigUrl(url) {
+    if (!url)
+        return;
+    try {
+        const parsedUrl = new URL(url);
+        const signature = parsedUrl.searchParams.get('sig');
+        if (signature) {
+            (0, core_1.setSecret)(signature);
+            (0, core_1.setSecret)(encodeURIComponent(signature));
+        }
+    }
+    catch (error) {
+        (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
+    }
+}
+exports.maskSigUrl = maskSigUrl;
+/**
+ * Masks sensitive information in URLs containing signature parameters.
+ * Currently supports masking 'sig' parameters in the 'signed_upload_url'
+ * and 'signed_download_url' properties of the provided object.
+ *
+ * @param body - The object should contain a signature
+ * @remarks
+ * This function extracts URLs from the object properties and calls maskSigUrl
+ * on each one to redact sensitive signature information. The function doesn't
+ * modify the original object; it only marks the signatures as secrets for
+ * logging purposes.
+ *
+ * @example
+ * ```typescript
+ * const responseBody = {
+ *   signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
+ *   signed_download_url: 'https://blob.core/windows.net/?sig=def456'
+ * };
+ * maskSecretUrls(responseBody);
+ * ```
+ */
+function maskSecretUrls(body) {
+    if (typeof body !== 'object' || body === null) {
+        (0, core_1.debug)('body is not an object or is null');
+        return;
+    }
+    if ('signed_upload_url' in body &&
+        typeof body.signed_upload_url === 'string') {
+        maskSigUrl(body.signed_upload_url);
+    }
+    if ('signed_download_url' in body &&
+        typeof body.signed_download_url === 'string') {
+        maskSigUrl(body.signed_download_url);
+    }
+}
+exports.maskSecretUrls = maskSecretUrls;
+//# sourceMappingURL=util.js.map
+
+/***/ }),
+
 /***/ 5321:
 /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
 
@@ -64882,9 +64973,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.saveRun = exports.saveOnlyRun = exports.saveImpl = void 0;
 const cache = __importStar(__nccwpck_require__(5116));
 const core = __importStar(__nccwpck_require__(7484));
 const constants_1 = __nccwpck_require__(7242);
+const stateProvider_1 = __nccwpck_require__(2879);
 const utils = __importStar(__nccwpck_require__(8270));
 // Catch and log any unhandled exceptions.  These exceptions can leak out of the uploadChunk method in
 // @actions/toolkit when a failed upload closes the file descriptor causing any in-process reads to
@@ -64931,65 +65024,54 @@ function saveImpl(stateProvider) {
         return cacheId;
     });
 }
-exports["default"] = saveImpl;
-
-
-/***/ }),
-
-/***/ 8168:
-/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
-
-"use strict";
-
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", ({ value: true }));
-const core = __importStar(__nccwpck_require__(7484));
-const saveImpl_1 = __importDefault(__nccwpck_require__(56));
-const stateProvider_1 = __nccwpck_require__(2879);
-function run() {
+exports.saveImpl = saveImpl;
+function saveOnlyRun(earlyExit) {
     return __awaiter(this, void 0, void 0, function* () {
-        const cacheId = yield (0, saveImpl_1.default)(new stateProvider_1.NullStateProvider());
-        if (cacheId === -1) {
-            core.warning(`Cache save failed.`);
+        try {
+            const cacheId = yield saveImpl(new stateProvider_1.NullStateProvider());
+            if (cacheId === -1) {
+                core.warning(`Cache save failed.`);
+            }
+        }
+        catch (err) {
+            console.error(err);
+            if (earlyExit) {
+                process.exit(1);
+            }
+        }
+        // node will stay alive if any promises are not resolved,
+        // which is a possibility if HTTP requests are dangling
+        // due to retries or timeouts. We know that if we got here
+        // that all promises that we care about have successfully
+        // resolved, so simply exit with success.
+        if (earlyExit) {
+            process.exit(0);
         }
     });
 }
-run();
-exports["default"] = run;
+exports.saveOnlyRun = saveOnlyRun;
+function saveRun(earlyExit) {
+    return __awaiter(this, void 0, void 0, function* () {
+        try {
+            yield saveImpl(new stateProvider_1.StateProvider());
+        }
+        catch (err) {
+            console.error(err);
+            if (earlyExit) {
+                process.exit(1);
+            }
+        }
+        // node will stay alive if any promises are not resolved,
+        // which is a possibility if HTTP requests are dangling
+        // due to retries or timeouts. We know that if we got here
+        // that all promises that we care about have successfully
+        // resolved, so simply exit with success.
+        if (earlyExit) {
+            process.exit(0);
+        }
+    });
+}
+exports.saveRun = saveRun;
 
 
 /***/ }),
@@ -65104,7 +65186,11 @@ const core = __importStar(__nccwpck_require__(7484));
 const constants_1 = __nccwpck_require__(7242);
 function isGhes() {
     const ghUrl = new URL(process.env["GITHUB_SERVER_URL"] || "https://github.com");
-    return ghUrl.hostname.toUpperCase() !== "GITHUB.COM";
+    const hostname = ghUrl.hostname.trimEnd().toUpperCase();
+    const isGitHubHost = hostname === "GITHUB.COM";
+    const isGitHubEnterpriseCloudHost = hostname.endsWith(".GHE.COM");
+    const isLocalHost = hostname.endsWith(".LOCALHOST");
+    return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost;
 }
 exports.isGhes = isGhes;
 function isExactKeyMatch(key, cacheKey) {
@@ -65327,7 +65413,7 @@ module.exports = require("zlib");
 /***/ ((module) => {
 
 "use strict";
-module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.1","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
+module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
 
 /***/ }),
 
@@ -65385,12 +65471,18 @@ module.exports = /*#__PURE__*/JSON.parse('[[[0,44],"disallowed_STD3_valid"],[[45
 /******/ 	if (typeof __nccwpck_require__ !== 'undefined') __nccwpck_require__.ab = __dirname + "/";
 /******/ 	
 /************************************************************************/
-/******/ 	
-/******/ 	// startup
-/******/ 	// Load entry module and return exports
-/******/ 	// This entry module is referenced by other modules so it can't be inlined
-/******/ 	var __webpack_exports__ = __nccwpck_require__(8168);
-/******/ 	module.exports = __webpack_exports__;
-/******/ 	
+var __webpack_exports__ = {};
+// This entry need to be wrapped in an IIFE because it need to be in strict mode.
+(() => {
+"use strict";
+var exports = __webpack_exports__;
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+const saveImpl_1 = __nccwpck_require__(56);
+(0, saveImpl_1.saveOnlyRun)(true);
+
+})();
+
+module.exports = __webpack_exports__;
 /******/ })()
 ;

dist/save/index.js

@@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
             };
             const response = yield twirpClient.GetCacheEntryDownloadURL(request);
             if (!response.ok) {
-                core.debug(`Cache not found for keys: ${keys.join(', ')}`);
+                core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
                 return undefined;
             }
             core.info(`Cache hit for: ${request.key}`);
@@ -412,12 +412,20 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
                 key,
                 version
             };
-            const response = yield twirpClient.CreateCacheEntry(request);
-            if (!response.ok) {
+            let signedUploadUrl;
+            try {
+                const response = yield twirpClient.CreateCacheEntry(request);
+                if (!response.ok) {
+                    throw new Error('Response was not ok');
+                }
+                signedUploadUrl = response.signedUploadUrl;
+            }
+            catch (error) {
+                core.debug(`Failed to reserve cache: ${error}`);
                 throw new ReserveCacheError(`Unable to reserve cache with key ${key}, another job may be creating this cache.`);
             }
             core.debug(`Attempting to upload cache located at: ${archivePath}`);
-            yield cacheHttpClient.saveCache(cacheId, archivePath, response.signedUploadUrl, options);
+            yield cacheHttpClient.saveCache(cacheId, archivePath, signedUploadUrl, options);
             const finalizeRequest = {
                 key,
                 version,
@@ -2196,6 +2204,7 @@ const cacheUtils_1 = __nccwpck_require__(8299);
 const auth_1 = __nccwpck_require__(4552);
 const http_client_1 = __nccwpck_require__(4844);
 const cache_twirp_client_1 = __nccwpck_require__(1486);
+const util_1 = __nccwpck_require__(7564);
 /**
  * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
  *
@@ -2255,6 +2264,7 @@ class CacheServiceClient {
                     (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
                     (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
                     const body = JSON.parse(rawBody);
+                    (0, util_1.maskSecretUrls)(body);
                     (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
                     if (this.isSuccessStatusCode(statusCode)) {
                         return { response, body };
@@ -2436,6 +2446,87 @@ exports.getUserAgentString = getUserAgentString;
 
 /***/ }),
 
+/***/ 7564:
+/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.maskSecretUrls = exports.maskSigUrl = void 0;
+const core_1 = __nccwpck_require__(7484);
+/**
+ * Masks the `sig` parameter in a URL and sets it as a secret.
+ *
+ * @param url - The URL containing the signature parameter to mask
+ * @remarks
+ * This function attempts to parse the provided URL and identify the 'sig' query parameter.
+ * If found, it registers both the raw and URL-encoded signature values as secrets using
+ * the Actions `setSecret` API, which prevents them from being displayed in logs.
+ *
+ * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
+ *
+ * @example
+ * ```typescript
+ * // Mask a signature in an Azure SAS token URL
+ * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
+ * ```
+ */
+function maskSigUrl(url) {
+    if (!url)
+        return;
+    try {
+        const parsedUrl = new URL(url);
+        const signature = parsedUrl.searchParams.get('sig');
+        if (signature) {
+            (0, core_1.setSecret)(signature);
+            (0, core_1.setSecret)(encodeURIComponent(signature));
+        }
+    }
+    catch (error) {
+        (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
+    }
+}
+exports.maskSigUrl = maskSigUrl;
+/**
+ * Masks sensitive information in URLs containing signature parameters.
+ * Currently supports masking 'sig' parameters in the 'signed_upload_url'
+ * and 'signed_download_url' properties of the provided object.
+ *
+ * @param body - The object should contain a signature
+ * @remarks
+ * This function extracts URLs from the object properties and calls maskSigUrl
+ * on each one to redact sensitive signature information. The function doesn't
+ * modify the original object; it only marks the signatures as secrets for
+ * logging purposes.
+ *
+ * @example
+ * ```typescript
+ * const responseBody = {
+ *   signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
+ *   signed_download_url: 'https://blob.core/windows.net/?sig=def456'
+ * };
+ * maskSecretUrls(responseBody);
+ * ```
+ */
+function maskSecretUrls(body) {
+    if (typeof body !== 'object' || body === null) {
+        (0, core_1.debug)('body is not an object or is null');
+        return;
+    }
+    if ('signed_upload_url' in body &&
+        typeof body.signed_upload_url === 'string') {
+        maskSigUrl(body.signed_upload_url);
+    }
+    if ('signed_download_url' in body &&
+        typeof body.signed_download_url === 'string') {
+        maskSigUrl(body.signed_download_url);
+    }
+}
+exports.maskSecretUrls = maskSecretUrls;
+//# sourceMappingURL=util.js.map
+
+/***/ }),
+
 /***/ 5321:
 /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
 
@@ -64842,37 +64933,6 @@ var Events;
 exports.RefKey = "GITHUB_REF";
 
 
-/***/ }),
-
-/***/ 198:
-/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
-
-"use strict";
-
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", ({ value: true }));
-const saveImpl_1 = __importDefault(__nccwpck_require__(56));
-const stateProvider_1 = __nccwpck_require__(2879);
-function run() {
-    return __awaiter(this, void 0, void 0, function* () {
-        yield (0, saveImpl_1.default)(new stateProvider_1.StateProvider());
-    });
-}
-run();
-exports["default"] = run;
-
-
 /***/ }),
 
 /***/ 56:
@@ -64913,9 +64973,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.saveRun = exports.saveOnlyRun = exports.saveImpl = void 0;
 const cache = __importStar(__nccwpck_require__(5116));
 const core = __importStar(__nccwpck_require__(7484));
 const constants_1 = __nccwpck_require__(7242);
+const stateProvider_1 = __nccwpck_require__(2879);
 const utils = __importStar(__nccwpck_require__(8270));
 // Catch and log any unhandled exceptions.  These exceptions can leak out of the uploadChunk method in
 // @actions/toolkit when a failed upload closes the file descriptor causing any in-process reads to
@@ -64962,7 +65024,54 @@ function saveImpl(stateProvider) {
         return cacheId;
     });
 }
-exports["default"] = saveImpl;
+exports.saveImpl = saveImpl;
+function saveOnlyRun(earlyExit) {
+    return __awaiter(this, void 0, void 0, function* () {
+        try {
+            const cacheId = yield saveImpl(new stateProvider_1.NullStateProvider());
+            if (cacheId === -1) {
+                core.warning(`Cache save failed.`);
+            }
+        }
+        catch (err) {
+            console.error(err);
+            if (earlyExit) {
+                process.exit(1);
+            }
+        }
+        // node will stay alive if any promises are not resolved,
+        // which is a possibility if HTTP requests are dangling
+        // due to retries or timeouts. We know that if we got here
+        // that all promises that we care about have successfully
+        // resolved, so simply exit with success.
+        if (earlyExit) {
+            process.exit(0);
+        }
+    });
+}
+exports.saveOnlyRun = saveOnlyRun;
+function saveRun(earlyExit) {
+    return __awaiter(this, void 0, void 0, function* () {
+        try {
+            yield saveImpl(new stateProvider_1.StateProvider());
+        }
+        catch (err) {
+            console.error(err);
+            if (earlyExit) {
+                process.exit(1);
+            }
+        }
+        // node will stay alive if any promises are not resolved,
+        // which is a possibility if HTTP requests are dangling
+        // due to retries or timeouts. We know that if we got here
+        // that all promises that we care about have successfully
+        // resolved, so simply exit with success.
+        if (earlyExit) {
+            process.exit(0);
+        }
+    });
+}
+exports.saveRun = saveRun;
 
 
 /***/ }),
@@ -65077,7 +65186,11 @@ const core = __importStar(__nccwpck_require__(7484));
 const constants_1 = __nccwpck_require__(7242);
 function isGhes() {
     const ghUrl = new URL(process.env["GITHUB_SERVER_URL"] || "https://github.com");
-    return ghUrl.hostname.toUpperCase() !== "GITHUB.COM";
+    const hostname = ghUrl.hostname.trimEnd().toUpperCase();
+    const isGitHubHost = hostname === "GITHUB.COM";
+    const isGitHubEnterpriseCloudHost = hostname.endsWith(".GHE.COM");
+    const isLocalHost = hostname.endsWith(".LOCALHOST");
+    return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost;
 }
 exports.isGhes = isGhes;
 function isExactKeyMatch(key, cacheKey) {
@@ -65300,7 +65413,7 @@ module.exports = require("zlib");
 /***/ ((module) => {
 
 "use strict";
-module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.1","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
+module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
 
 /***/ }),
 
@@ -65358,12 +65471,18 @@ module.exports = /*#__PURE__*/JSON.parse('[[[0,44],"disallowed_STD3_valid"],[[45
 /******/ 	if (typeof __nccwpck_require__ !== 'undefined') __nccwpck_require__.ab = __dirname + "/";
 /******/ 	
 /************************************************************************/
-/******/ 	
-/******/ 	// startup
-/******/ 	// Load entry module and return exports
-/******/ 	// This entry module is referenced by other modules so it can't be inlined
-/******/ 	var __webpack_exports__ = __nccwpck_require__(198);
-/******/ 	module.exports = __webpack_exports__;
-/******/ 	
+var __webpack_exports__ = {};
+// This entry need to be wrapped in an IIFE because it need to be in strict mode.
+(() => {
+"use strict";
+var exports = __webpack_exports__;
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+const saveImpl_1 = __nccwpck_require__(56);
+(0, saveImpl_1.saveRun)(true);
+
+})();
+
+module.exports = __webpack_exports__;
 /******/ })()
 ;

examples.md

@@ -1,5 +1,6 @@
 # Examples
 
+- [Bun](#bun)
 - [C# - NuGet](#c---nuget)
 - [Clojure - Lein Deps](#clojure---lein-deps)
 - [D - DUB](#d---dub)
@@ -41,12 +42,32 @@
 - [Swift - Mint](#swift---mint)
 - [* - Bazel](#---bazel)
 
+## Bun
+
+```yaml
+- uses: actions/cache@v4
+  with:
+    path: |
+      ~/.bun/install/cache
+    key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+```
+
+### Windows
+
+```yaml
+- uses: actions/cache@v4
+  with:
+    path: |
+      ~\.bun
+    key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+```
+
 ## C# - NuGet
 
 Using [NuGet lock files](https://docs.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies):
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: ~/.nuget/packages
     key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -55,10 +76,10 @@ Using [NuGet lock files](https://docs.microsoft.com/nuget/consume-packages/packa
 ```
 
 Depending on the environment, huge packages might be pre-installed in the global cache folder.
-With `actions/cache@v3` you can now exclude unwanted packages with [exclude pattern](https://github.com/actions/toolkit/tree/main/packages/glob#exclude-patterns)
+With `actions/cache@v4` you can now exclude unwanted packages with [exclude pattern](https://github.com/actions/toolkit/tree/main/packages/glob#exclude-patterns)
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: |
       ~/.nuget/packages
@@ -75,7 +96,7 @@ Or you could move the cache folder like below.
 env:
   NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
 steps:
-  - uses: actions/cache@v3
+  - uses: actions/cache@v4
     with:
       path: ${{ github.workspace }}/.nuget/packages
       key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -87,7 +108,7 @@ steps:
 
 ```yaml
 - name: Cache lein project dependencies
-  uses: actions/cache@v3
+  uses: actions/cache@v4
   with:
     path: ~/.m2/repository
     key: ${{ runner.os }}-clojure-${{ hashFiles('**/project.clj') }}
@@ -101,7 +122,7 @@ steps:
 ### POSIX
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: ~/.dub
     key: ${{ runner.os }}-dub-${{ hashFiles('**/dub.selections.json') }}
@@ -112,7 +133,7 @@ steps:
 ### Windows
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: ~\AppData\Local\dub
     key: ${{ runner.os }}-dub-${{ hashFiles('**/dub.selections.json') }}
@@ -125,7 +146,7 @@ steps:
 ### Linux
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: |
       ~/.deno
@@ -136,7 +157,7 @@ steps:
 ### macOS
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: |
       ~/.deno
@@ -147,7 +168,7 @@ steps:
 ### Windows
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: |
       ~\.deno
@@ -158,7 +179,7 @@ steps:
 ## Elixir - Mix
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: |
       deps
@@ -185,7 +206,7 @@ steps:
 ### Linux
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: |
       ~/.cache/go-build
@@ -198,7 +219,7 @@ steps:
 ### macOS
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: |
       ~/Library/Caches/go-build
@@ -211,7 +232,7 @@ steps:
 ### Windows
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: |
       ~\AppData\Local\go-build
@@ -227,7 +248,7 @@ We cache the elements of the Cabal store separately, as the entirety of `~/.caba
 
 ```yaml
 - name: Cache ~/.cabal/packages, ~/.cabal/store and dist-newstyle
-  uses: actions/cache@v3
+  uses: actions/cache@v4
   with:
     path: |
       ~/.cabal/packages
@@ -242,14 +263,14 @@ We cache the elements of the Cabal store separately, as the entirety of `~/.caba
 ### Linux or macOS
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   name: Cache ~/.stack
   with:
     path: ~/.stack
     key: ${{ runner.os }}-stack-global-${{ hashFiles('stack.yaml') }}-${{ hashFiles('package.yaml') }}
     restore-keys: |
       ${{ runner.os }}-stack-global-
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   name: Cache .stack-work
   with:
     path: .stack-work
@@ -261,7 +282,7 @@ We cache the elements of the Cabal store separately, as the entirety of `~/.caba
 ### Windows
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   name: Cache %APPDATA%\stack %LOCALAPPDATA%\Programs\stack
   with:
     path: |
@@ -270,7 +291,7 @@ We cache the elements of the Cabal store separately, as the entirety of `~/.caba
     key: ${{ runner.os }}-stack-global-${{ hashFiles('stack.yaml') }}-${{ hashFiles('package.yaml') }}
     restore-keys: |
       ${{ runner.os }}-stack-global-
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   name: Cache .stack-work
   with:
     path: .stack-work
@@ -284,7 +305,7 @@ We cache the elements of the Cabal store separately, as the entirety of `~/.caba
 > **Note** Ensure no Gradle daemons are running anymore when your workflow completes. Creating the cache package might fail due to locks being held by Gradle. Refer to the [Gradle Daemon documentation](https://docs.gradle.org/current/userguide/gradle_daemon.html) on how to disable or stop the Gradle Daemons.
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: |
       ~/.gradle/caches
@@ -298,7 +319,7 @@ We cache the elements of the Cabal store separately, as the entirety of `~/.caba
 
 ```yaml
 - name: Cache local Maven repository
-  uses: actions/cache@v3
+  uses: actions/cache@v4
   with:
     path: ~/.m2/repository
     key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -334,7 +355,7 @@ After [deprecation](https://github.blog/changelog/2022-10-11-github-actions-depr
 `Get npm cache directory` step can then be used with `actions/cache` as shown below
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   id: npm-cache # use this to check for `cache-hit` ==> if: steps.npm-cache.outputs.cache-hit != 'true'
   with:
     path: ${{ steps.npm-cache-dir.outputs.dir }}
@@ -347,7 +368,7 @@ After [deprecation](https://github.blog/changelog/2022-10-11-github-actions-depr
 
 ```yaml
 - name: restore lerna
-  uses: actions/cache@v3
+  uses: actions/cache@v4
   with:
     path: '**/node_modules'
     key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}
@@ -361,7 +382,7 @@ The yarn cache directory will depend on your operating system and version of `ya
   id: yarn-cache-dir-path
   run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
 
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
   with:
     path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -379,7 +400,7 @@ The yarn 2 cache directory will depend on your config. See https://yarnpkg.com/c
   id: yarn-cache-dir-path
   run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
 
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
   with:
     path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -394,7 +415,7 @@ Esy allows you to export built dependencies and import pre-built dependencies.
 ```yaml
     - name: Restore Cache
       id: restore-cache
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: _export
         key:  ${{ runner.os }}-esy-${{ hashFiles('esy.lock/index.json') }}
@@ -423,7 +444,7 @@ Esy allows you to export built dependencies and import pre-built dependencies.
   id: composer-cache
   run: |
     echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: ${{ steps.composer-cache.outputs.dir }}
     key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -444,7 +465,7 @@ Locations:
 ### Simple example
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: ~/.cache/pip
     key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
@@ -457,7 +478,7 @@ Replace `~/.cache/pip` with the correct `path` if not using Ubuntu.
 ### Multiple OS's in a workflow
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   if: startsWith(runner.os, 'Linux')
   with:
     path: ~/.cache/pip
@@ -465,7 +486,7 @@ Replace `~/.cache/pip` with the correct `path` if not using Ubuntu.
     restore-keys: |
       ${{ runner.os }}-pip-
 
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   if: startsWith(runner.os, 'macOS')
   with:
     path: ~/Library/Caches/pip
@@ -473,7 +494,7 @@ Replace `~/.cache/pip` with the correct `path` if not using Ubuntu.
     restore-keys: |
       ${{ runner.os }}-pip-
 
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   if: startsWith(runner.os, 'Windows')
   with:
     path: ~\AppData\Local\pip\Cache
@@ -499,7 +520,7 @@ jobs:
         - os: windows-latest
           path: ~\AppData\Local\pip\Cache
     steps:
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       with:
         path: ${{ matrix.path }}
         key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
@@ -513,11 +534,12 @@ jobs:
 ```yaml
 - name: Get pip cache dir
   id: pip-cache
+  shell: bash
   run: |
     echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
 
 - name: pip cache
-  uses: actions/cache@v3
+  uses: actions/cache@v4
   with:
     path: ${{ steps.pip-cache.outputs.dir }}
     key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
@@ -535,7 +557,7 @@ jobs:
 
   ⋮
 
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: ~/.local/share/virtualenvs
     key: ${{ runner.os }}-python-${{ steps.setup-python.outputs.python-version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
@@ -562,7 +584,7 @@ For renv, the cache directory will vary by OS. The `RENV_PATHS_ROOT` environment
     cat("##[set-output name=r-version;]", R.Version()$version.string, sep = "")
   shell: Rscript {0}
 - name: Restore Renv package cache
-  uses: actions/cache@v3
+  uses: actions/cache@v4
   with:
     path: ${{ env.RENV_PATHS_ROOT }}
     key: ${{ steps.get-version.outputs.os-version }}-${{ steps.get-version.outputs.r-version }}-${{ inputs.cache-version }}-${{ hashFiles('renv.lock') }}
@@ -588,7 +610,7 @@ whenever possible:
 ## Rust - Cargo
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: |
       ~/.cargo/bin/
@@ -603,7 +625,7 @@ whenever possible:
 
 ```yaml
 - name: Cache SBT
-  uses: actions/cache@v3
+  uses: actions/cache@v4
   with:
     path: |
       ~/.ivy2/cache
@@ -614,7 +636,7 @@ whenever possible:
 ## Swift, Objective-C - Carthage
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: Carthage
     key: ${{ runner.os }}-carthage-${{ hashFiles('**/Cartfile.resolved') }}
@@ -625,7 +647,7 @@ whenever possible:
 ## Swift, Objective-C - CocoaPods
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: Pods
     key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock') }}
@@ -636,7 +658,7 @@ whenever possible:
 ## Swift - Swift Package Manager
 
 ```yaml
-- uses: actions/cache@v3
+- uses: actions/cache@v4
   with:
     path: .build
     key: ${{ runner.os }}-spm-${{ hashFiles('**/Package.resolved') }}
@@ -651,7 +673,7 @@ env:
   MINT_PATH: .mint/lib
   MINT_LINK_PATH: .mint/bin
 steps:
-  - uses: actions/cache@v3
+  - uses: actions/cache@v4
     with:
       path: .mint
       key: ${{ runner.os }}-mint-${{ hashFiles('**/Mintfile') }}
@@ -667,7 +689,7 @@ steps:
 
 ```yaml
 - name: Cache Bazel
-  uses: actions/cache@v3
+  uses: actions/cache@v4
   with:
     path: |
       ~/.cache/bazel
@@ -681,7 +703,7 @@ steps:
 
 ```yaml
 - name: Cache Bazel
-  uses: actions/cache@v3
+  uses: actions/cache@v4
   with:
     path: |
       /private/var/tmp/_bazel_runner/

package-lock.json

@@ -1,15 +1,15 @@
 {
   "name": "cache",
-  "version": "3.4.1",
+  "version": "4.2.3",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "cache",
-      "version": "3.4.1",
+      "version": "4.2.3",
       "license": "MIT",
       "dependencies": {
-        "@actions/cache": "^4.0.1",
+        "@actions/cache": "^4.0.3",
         "@actions/core": "^1.11.1",
         "@actions/exec": "^1.1.1",
         "@actions/io": "^1.1.3"
@@ -36,9 +36,9 @@
       }
     },
     "node_modules/@actions/cache": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.1.tgz",
-      "integrity": "sha512-u2NrTo95PDmk145wrr+fMhrvpF0hfPmD6cLkR7NozvNHqanR0BmRHBzEe1yiGZFFEHbu6/e6EOEX7qoM7fWVTA==",
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.3.tgz",
+      "integrity": "sha512-SvrqFtYJ7I48A/uXNkoJrnukx5weQv1fGquhs3+4nkByZThBH109KTIqj5x/cGV7JGNvb8dLPVywUOqX1fjiXg==",
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^1.11.1",
@@ -3598,7 +3598,6 @@
       "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
       "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "fill-range": "^7.1.1"
       },
@@ -4701,7 +4700,6 @@
       "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
       "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "to-regex-range": "^5.0.1"
       },
@@ -5223,7 +5221,6 @@
       "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
       "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
       "dev": true,
-      "license": "MIT",
       "engines": {
         "node": ">=0.12.0"
       }
@@ -9226,7 +9223,6 @@
       "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
       "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "is-number": "^7.0.0"
       },
@@ -9604,9 +9600,9 @@
   },
   "dependencies": {
     "@actions/cache": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.1.tgz",
-      "integrity": "sha512-u2NrTo95PDmk145wrr+fMhrvpF0hfPmD6cLkR7NozvNHqanR0BmRHBzEe1yiGZFFEHbu6/e6EOEX7qoM7fWVTA==",
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.3.tgz",
+      "integrity": "sha512-SvrqFtYJ7I48A/uXNkoJrnukx5weQv1fGquhs3+4nkByZThBH109KTIqj5x/cGV7JGNvb8dLPVywUOqX1fjiXg==",
       "requires": {
         "@actions/core": "^1.11.1",
         "@actions/exec": "^1.0.1",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cache",
-  "version": "3.4.1",
+  "version": "4.2.3",
   "private": true,
   "description": "Cache dependencies and build outputs",
   "main": "dist/restore/index.js",
@@ -23,7 +23,7 @@
   "author": "GitHub",
   "license": "MIT",
   "dependencies": {
-    "@actions/cache": "^4.0.1",
+    "@actions/cache": "^4.0.3",
     "@actions/core": "^1.11.1",
     "@actions/exec": "^1.1.1",
     "@actions/io": "^1.1.3"

restore/README.md

@@ -35,9 +35,9 @@ If you are using separate jobs to create and save your cache(s) to be reused by
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 
-  - uses: actions/cache/restore@v3
+  - uses: actions/cache/restore@v4
     id: cache
     with:
       path: path/to/dependencies
@@ -64,12 +64,12 @@ In case of multi-module projects, where the built artifact of one project needs
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 
   - name: Build
     run: /build-parent-module.sh
 
-  - uses: actions/cache/save@v3
+  - uses: actions/cache/save@v4
     id: cache
     with:
       path: path/to/dependencies
@@ -80,9 +80,9 @@ steps:
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 
-  - uses: actions/cache/restore@v3
+  - uses: actions/cache/restore@v4
     id: cache
     with:
       path: path/to/dependencies
@@ -107,9 +107,9 @@ To fail if there is no cache hit for the primary key, leave `restore-keys` empty
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 
-  - uses: actions/cache/restore@v3
+  - uses: actions/cache/restore@v4
     id: cache
     with:
       path: path/to/dependencies

restore/action.yml

@@ -9,7 +9,7 @@ inputs:
     description: 'An explicit key for restoring the cache'
     required: true
   restore-keys:
-    description: 'An ordered list of keys to use for restoring stale cache if no cache hit occurred for key. Note `cache-hit` returns false in this case.'
+    description: 'An ordered multiline string listing the prefix-matched keys, that are used for restoring stale cache if no cache hit occurred for key. Note `cache-hit` returns false in this case.'
     required: false
   enableCrossOsArchive:
     description: 'An optional boolean when enabled, allows windows runners to restore caches that were saved on other platforms'
@@ -31,7 +31,7 @@ outputs:
   cache-matched-key:
     description: 'Key of the cache that was restored, it could either be the primary key on cache-hit or a partial/complete match of one of the restore keys'
 runs:
-  using: 'node16'
+  using: 'node20'
   main: '../dist/restore-only/index.js'
 branding:
   icon: 'archive'

save/README.md

@@ -23,7 +23,7 @@ If you are using separate jobs for generating common artifacts and sharing them
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 
   - name: Install Dependencies
     run: /install.sh
@@ -31,7 +31,7 @@ steps:
   - name: Build artifacts
     run: /build.sh
 
-  - uses: actions/cache/save@v3
+  - uses: actions/cache/save@v4
     id: cache
     with:
       path: path/to/dependencies
@@ -47,7 +47,7 @@ Let's say we have a restore step that computes a key at runtime.
 #### Restore a cache
 
 ```yaml
-uses: actions/cache/restore@v3
+uses: actions/cache/restore@v4
 id: restore-cache
 with:
     key: cache-${{ hashFiles('**/lockfiles') }}
@@ -55,7 +55,7 @@ with:
 
 #### Case 1 - Where a user would want to reuse the key as it is
 ```yaml
-uses: actions/cache/save@v3
+uses: actions/cache/save@v4
 with:
     key: ${{ steps.restore-cache.outputs.cache-primary-key }}
 ```
@@ -63,26 +63,54 @@ with:
 #### Case 2 - Where the user would want to re-evaluate the key
 
 ```yaml
-uses: actions/cache/save@v3
+uses: actions/cache/save@v4
 with:
     key: npm-cache-${{hashfiles(package-lock.json)}}
 ```
 
 ### Always save cache
 
-There are instances where some flaky test cases would fail the entire workflow and users would get frustrated because the builds would run for hours and the cache couldn't be saved as the workflow failed in between. For such use-cases, users now have the ability to use the `actions/cache/save` action to save the cache by using an `if: always()` condition. This way the cache will always be saved if generated, or a warning will be generated that nothing is found on the cache path. Users can also use the `if` condition to only execute the `actions/cache/save` action depending on the output of previous steps. This way they get more control of when to save the cache.
+There are instances where some flaky test cases would fail the entire workflow and users would get frustrated because the builds would run for hours and the cache couldn't be saved as the workflow failed in between.
+For such use-cases, users now have the ability to use the `actions/cache/save` action to save the cache by using an [`always()`](https://docs.github.com/actions/writing-workflows/choosing-what-your-workflow-does/expressions#always) condition.
+This way the cache will always be saved if generated, or a warning will be generated that nothing is found on the cache path. Users can also use the `if` condition to only execute the `actions/cache/save` action depending on the output of previous steps. This way they get more control of when to save the cache.
+
+To avoid saving a cache that already exists, the `cache-hit` output from a restore step should be checked.
+
+The `cache-primary-key` output from the restore step should also be used to ensure
+the cache key does not change during the build if it's calculated based on file contents.
+
+Here's an example where we imagine we're calculating a lot of prime numbers and want to cache them:
 
 ```yaml
-steps:
-  - uses: actions/checkout@v3
-  .
-  . // restore if need be
-  .
-  - name: Build
-    run: /build.sh
-  - uses: actions/cache/save@v3
-    if: always() // or any other condition to invoke the save action
-    with:
-      path: path/to/dependencies
-      key: ${{ runner.os }}-${{ hashFiles('**/lockfiles') }}
+name: Always Caching Prime Numbers
+
+on: push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Restore cached Prime Numbers
+      id: cache-prime-numbers-restore
+      uses: actions/cache/restore@v4
+      with:
+        key: ${{ runner.os }}-prime-numbers
+        path: |
+          path/to/dependencies
+          some/other/dependencies
+
+    # Intermediate workflow steps
+
+    - name: Always Save Prime Numbers
+      id: cache-prime-numbers-save
+      if: always() && steps.cache-prime-numbers-restore.outputs.cache-hit != 'true'
+      uses: actions/cache/save@v4
+      with:
+        key: ${{ steps.cache-prime-numbers-restore.outputs.cache-primary-key }}
+        path: |
+          path/to/dependencies
+          some/other/dependencies
 ```

save/action.yml

@@ -16,7 +16,7 @@ inputs:
     default: 'false'
     required: false
 runs:
-  using: 'node16'
+  using: 'node20'
   main: '../dist/save-only/index.js'
 branding:
   icon: 'archive'

src/restoreImpl.ts

@@ -10,7 +10,8 @@ import {
 import * as utils from "./utils/actionUtils";
 
 export async function restoreImpl(
-    stateProvider: IStateProvider
+    stateProvider: IStateProvider,
+    earlyExit?: boolean | undefined
 ): Promise<string | undefined> {
     try {
         if (!utils.isCacheFeatureAvailable()) {
@@ -50,6 +51,9 @@ export async function restoreImpl(
         );
 
         if (!cacheKey) {
+            // `cache-hit` is intentionally not set to `false` here to preserve existing behavior
+            // See https://github.com/actions/cache/issues/1466
+
             if (failOnCacheMiss) {
                 throw new Error(
                     `Failed to restore cache entry. Exiting as fail-on-cache-miss is set. Input key: ${primaryKey}`
@@ -61,7 +65,6 @@ export async function restoreImpl(
                     ...restoreKeys
                 ].join(", ")}`
             );
-
             return;
         }
 
@@ -83,6 +86,9 @@ export async function restoreImpl(
         return cacheKey;
     } catch (error: unknown) {
         core.setFailed((error as Error).message);
+        if (earlyExit) {
+            process.exit(1);
+        }
     }
 }
 
@@ -90,14 +96,7 @@ async function run(
     stateProvider: IStateProvider,
     earlyExit: boolean | undefined
 ): Promise<void> {
-    try {
-        await restoreImpl(stateProvider);
-    } catch (err) {
-        console.error(err);
-        if (earlyExit) {
-            process.exit(1);
-        }
-    }
+    await restoreImpl(stateProvider, earlyExit);
 
     // node will stay alive if any promises are not resolved,
     // which is a possibility if HTTP requests are dangling

src/save.ts

@@ -1,10 +1,3 @@
-import saveImpl from "./saveImpl";
-import { StateProvider } from "./stateProvider";
+import { saveRun } from "./saveImpl";
 
-async function run(): Promise<void> {
-    await saveImpl(new StateProvider());
-}
-
-run();
-
-export default run;
+saveRun(true);

src/saveImpl.ts

@@ -2,7 +2,11 @@ import * as cache from "@actions/cache";
 import * as core from "@actions/core";
 
 import { Events, Inputs, State } from "./constants";
-import { IStateProvider } from "./stateProvider";
+import {
+    IStateProvider,
+    NullStateProvider,
+    StateProvider
+} from "./stateProvider";
 import * as utils from "./utils/actionUtils";
 
 // Catch and log any unhandled exceptions.  These exceptions can leak out of the uploadChunk method in
@@ -10,7 +14,9 @@ import * as utils from "./utils/actionUtils";
 // throw an uncaught exception.  Instead of failing this action, just warn.
 process.on("uncaughtException", e => utils.logWarning(e.message));
 
-async function saveImpl(stateProvider: IStateProvider): Promise<number | void> {
+export async function saveImpl(
+    stateProvider: IStateProvider
+): Promise<number | void> {
     let cacheId = -1;
     try {
         if (!utils.isCacheFeatureAvailable()) {
@@ -72,4 +78,47 @@ async function saveImpl(stateProvider: IStateProvider): Promise<number | void> {
     return cacheId;
 }
 
-export default saveImpl;
+export async function saveOnlyRun(
+    earlyExit?: boolean | undefined
+): Promise<void> {
+    try {
+        const cacheId = await saveImpl(new NullStateProvider());
+        if (cacheId === -1) {
+            core.warning(`Cache save failed.`);
+        }
+    } catch (err) {
+        console.error(err);
+        if (earlyExit) {
+            process.exit(1);
+        }
+    }
+
+    // node will stay alive if any promises are not resolved,
+    // which is a possibility if HTTP requests are dangling
+    // due to retries or timeouts. We know that if we got here
+    // that all promises that we care about have successfully
+    // resolved, so simply exit with success.
+    if (earlyExit) {
+        process.exit(0);
+    }
+}
+
+export async function saveRun(earlyExit?: boolean | undefined): Promise<void> {
+    try {
+        await saveImpl(new StateProvider());
+    } catch (err) {
+        console.error(err);
+        if (earlyExit) {
+            process.exit(1);
+        }
+    }
+
+    // node will stay alive if any promises are not resolved,
+    // which is a possibility if HTTP requests are dangling
+    // due to retries or timeouts. We know that if we got here
+    // that all promises that we care about have successfully
+    // resolved, so simply exit with success.
+    if (earlyExit) {
+        process.exit(0);
+    }
+}

src/saveOnly.ts

@@ -1,15 +1,3 @@
-import * as core from "@actions/core";
+import { saveOnlyRun } from "./saveImpl";
 
-import saveImpl from "./saveImpl";
-import { NullStateProvider } from "./stateProvider";
-
-async function run(): Promise<void> {
-    const cacheId = await saveImpl(new NullStateProvider());
-    if (cacheId === -1) {
-        core.warning(`Cache save failed.`);
-    }
-}
-
-run();
-
-export default run;
+saveOnlyRun(true);

src/utils/actionUtils.ts

@@ -7,7 +7,13 @@ export function isGhes(): boolean {
     const ghUrl = new URL(
         process.env["GITHUB_SERVER_URL"] || "https://github.com"
     );
-    return ghUrl.hostname.toUpperCase() !== "GITHUB.COM";
+
+    const hostname = ghUrl.hostname.trimEnd().toUpperCase();
+    const isGitHubHost = hostname === "GITHUB.COM";
+    const isGitHubEnterpriseCloudHost = hostname.endsWith(".GHE.COM");
+    const isLocalHost = hostname.endsWith(".LOCALHOST");
+
+    return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost;
 }
 
 export function isExactKeyMatch(key: string, cacheKey?: string): boolean {

tips-and-workarounds.md

@@ -12,7 +12,7 @@ A cache today is immutable and cannot be updated. But some use cases require the
 
   ```yaml
       - name: update cache on every commit
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: prime-numbers
           key: primes-${{ runner.os }}-${{ github.run_id }} # Can use time based key as well
@@ -37,9 +37,8 @@ From `v3.2.3` cache is cross-os compatible when `enableCrossOsArchive` input is
 
 ## Force deletion of caches overriding default cache eviction policy
 
-Caches have [branch scope restriction](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache) in place. This means that if caches for a specific branch are using a lot of storage quota, it may result into more frequently used caches from `default` branch getting thrashed. For example, if there are many pull requests happening on a repo and are creating caches, these cannot be used in default branch scope but will still occupy a lot of space till they get cleaned up by [eviction policy](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#usage-limits-and-eviction-policy). But sometime we want to clean them up on a faster cadence so as to ensure default branch is not thrashing. In order to achieve this, [gh-actions-cache cli](https://github.com/actions/gh-actions-cache/) can be used to delete caches for specific branches.
+Caches have [branch scope restriction](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache) in place. This means that if caches for a specific branch are using a lot of storage quota, it may result into more frequently used caches from `default` branch getting thrashed. For example, if there are many pull requests happening on a repo and are creating caches, these cannot be used in default branch scope but will still occupy a lot of space till they get cleaned up by [eviction policy](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#usage-limits-and-eviction-policy). But sometime we want to clean them up on a faster cadence so as to ensure default branch is not thrashing.
 
-This workflow uses `gh-actions-cache` to delete all the caches created by a branch.
 <details>
   <summary>Example</summary>
 
@@ -60,29 +59,23 @@ jobs:
       actions: write
       contents: read
     steps:
-      - name: Check out code
-        uses: actions/checkout@v3
-
       - name: Cleanup
         run: |
-          gh extension install actions/gh-actions-cache
-          
-          REPO=${{ github.repository }}
-          BRANCH=refs/pull/${{ github.event.pull_request.number }}/merge
-
           echo "Fetching list of cache key"
-          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH | cut -f 1 )
+          cacheKeysForPR=$(gh cache list --ref $BRANCH --limit 100 --json id --jq '.[].id')
 
-          ## Setting this to not fail the workflow while deleting cache keys. 
+          ## Setting this to not fail the workflow while deleting cache keys.
           set +e
           echo "Deleting caches..."
           for cacheKey in $cacheKeysForPR
           do
-              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
+              gh cache delete $cacheKey
           done
           echo "Done"
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_REPO: ${{ github.repository }}
+          BRANCH: refs/pull/${{ github.event.pull_request.number }}/merge
 ```
 
 </details>