Merge pull request #1509 from actions/Link-/cache-4.2.0

Prepare release `v4.2.0`

.github/dependabot.yml

@@ -0,0 +1,22 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      minor-actions-dependencies:
+        update-types: [minor, patch]
+  
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily" 
+    allow:
+    - dependency-type: direct
+    - dependency-type: production

.github/workflows/close-inactive-issues.yml

@@ -10,7 +10,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@v3
+      - uses: actions/stale@v9
         with:
           days-before-issue-stale: 200
           days-before-issue-close: 5

.github/workflows/codeql.yml

@@ -17,11 +17,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java, ruby
@@ -29,7 +29,7 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
     # If this step fails, then you should remove it and run the build manually (see below).
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -43,4 +43,4 @@ jobs:
     #     make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/workflow.yml

@@ -20,9 +20,9 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Setup Node.js 20.x
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 20.x
         cache: npm
@@ -43,7 +43,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Generate files in working directory
       shell: bash
       run: __tests__/create-cache-files.sh ${{ runner.os }} test-cache
@@ -66,7 +66,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Restore cache
       uses: ./
       with:
@@ -96,7 +96,7 @@ jobs:
       https_proxy: http://squid-proxy:3128
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Generate files
       run: __tests__/create-cache-files.sh proxy test-cache
     - name: Save cache
@@ -119,7 +119,7 @@ jobs:
       https_proxy: http://squid-proxy:3128
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Restore cache
       uses: ./
       with:

.licensed.yml

@@ -13,4 +13,10 @@ allowed:
 
 reviewed:
   npm:
-  - sax
+  - sax
+  - "@protobuf-ts/plugin-framework" # Apache-2.0
+  - "@protobuf-ts/runtime" # Apache-2.0
+  - fs.realpath # ISC
+  - glob # ISC
+  - prettier # MIT
+  - lodash # MIT

README.md

@@ -3,6 +3,7 @@
 This action allows caching dependencies and build outputs to improve workflow execution time.
 
 >Two other actions are available in addition to the primary `cache` action:
+>
 >* [Restore action](./restore/README.md)
 >* [Save action](./save/README.md)
 
@@ -14,12 +15,30 @@ See ["Caching dependencies to speed up workflows"](https://docs.github.com/en/ac
 
 ## What's New
 
+### ⚠️ Important changes
+
+The cache backend service has been rewritten from the ground up for improved performance and reliability. [actions/cache](https://github.com/actions/cache) now integrates with the new cache service (v2) APIs.
+
+The new service will gradually roll out as of **February 1st, 2025**. The legacy service will also be sunset on the same date. Changes in these release are **fully backward compatible**.
+
+**We are deprecating some versions of this action**. We recommend upgrading to version `v4` or `v3` as soon as possible before **February 1st, 2025.** (Upgrade instructions below).
+
+If you are using pinned SHAs, please use the SHAs of versions `v4.2.0` or `v3.4.0`
+
+If you do not upgrade, all workflow runs using any of the deprecated [actions/cache](https://github.com/actions/cache) will fail.
+
+Upgrading to the recommended versions will not break your workflows.
+
+Read more about the change & access the migration guide: [reference to the announcement](https://github.com/actions/cache/discussions/1510).
+
 ### v4
 
+* Integrated with the new cache service (v2) APIs.
 * Updated to node 20
 
 ### v3
 
+* Integrated with the new cache service (v2) APIs.
 * Added support for caching in GHES 3.5+.
 * Fixed download issue for files > 2GB during restore.
 * Updated the minimum runner version support from node 12 -> node 16.
@@ -64,9 +83,9 @@ If you are using a `self-hosted` Windows runner, `GNU tar` and `zstd` are requir
 
 ### Outputs
 
-* `cache-hit` - A boolean value to indicate an exact match was found for the key.
-
-    > **Note** `cache-hit` will only be set to `true` when a cache hit occurs for the exact `key` match. For a partial key match via `restore-keys` or a cache miss, it will be set to `false`.
+* `cache-hit` - A string value to indicate an exact match was found for the key.
+  * If there's a cache hit, this will be 'true' or 'false' to indicate if there's an exact match for `key`.
+  * If there's a cache miss, this will be an empty string.
 
 See [Skipping steps based on cache-hit](#skipping-steps-based-on-cache-hit) for info on using this output
 
@@ -157,6 +176,7 @@ Every programming language and framework has its own way of caching.
 
 See [Examples](examples.md) for a list of `actions/cache` implementations for use with:
 
+* [Bun](./examples.md#bun)
 * [C# - NuGet](./examples.md#c---nuget)
 * [Clojure - Lein Deps](./examples.md#clojure---lein-deps)
 * [D - DUB](./examples.md#d---dub)

RELEASES.md

@@ -1,6 +1,30 @@
 # Releases
 
+### 4.2.0
+
+TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. [actions/cache](https://github.com/actions/cache) now integrates with the new cache service (v2) APIs.
+
+The new service will gradually roll out as of **February 1st, 2025**. The legacy service will also be sunset on the same date. Changes in these release are **fully backward compatible**.
+
+**We are deprecating some versions of this action**. We recommend upgrading to version `v4` or `v3` as soon as possible before **February 1st, 2025.** (Upgrade instructions below).
+
+If you are using pinned SHAs, please use the SHAs of versions `v4.2.0` or `v3.4.0`
+
+If you do not upgrade, all workflow runs using any of the deprecated [actions/cache](https://github.com/actions/cache) will fail.
+
+Upgrading to the recommended versions will not break your workflows.
+
+### 4.1.2
+
+- Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - [#1474](https://github.com/actions/cache/pull/1474)
+- Security fix: Bump braces from 3.0.2 to 3.0.3 - [#1475](https://github.com/actions/cache/pull/1475)
+
+### 4.1.1
+
+- Restore original behavior of `cache-hit` output - [#1467](https://github.com/actions/cache/pull/1467)
+
 ### 4.1.0
+
 - Ensure `cache-hit` output is set when a cache is missed - [#1404](https://github.com/actions/cache/pull/1404)
 - Deprecate `save-always` input - [#1452](https://github.com/actions/cache/pull/1452)
 
@@ -16,6 +40,10 @@
 
 - Updated minimum runner version support from node 12 -> node 20
 
+### 3.4.0
+
+- Integrated with the new cache service (v2) APIs
+
 ### 3.3.3
 
 - Updates @actions/cache to v3.2.3 to fix accidental mutated path arguments to `getCacheVersion` [actions/toolkit#1378](https://github.com/actions/toolkit/pull/1378)

__tests__/actionUtils.test.ts

@@ -8,17 +8,26 @@ import * as testUtils from "../src/utils/testUtils";
 jest.mock("@actions/core");
 jest.mock("@actions/cache");
 
+let pristineEnv: NodeJS.ProcessEnv;
+
 beforeAll(() => {
+    pristineEnv = process.env;
     jest.spyOn(core, "getInput").mockImplementation((name, options) => {
         return jest.requireActual("@actions/core").getInput(name, options);
     });
 });
 
-afterEach(() => {
+beforeEach(() => {
+    jest.resetModules();
+    process.env = pristineEnv;
     delete process.env[Events.Key];
     delete process.env[RefKey];
 });
 
+afterAll(() => {
+    process.env = pristineEnv;
+});
+
 test("isGhes returns true if server url is not github.com", () => {
     try {
         process.env["GITHUB_SERVER_URL"] = "http://example.com";
@@ -231,3 +240,28 @@ test("isCacheFeatureAvailable for ac disabled on dotcom", () => {
         delete process.env["GITHUB_SERVER_URL"];
     }
 });
+
+test("isGhes returns false when the GITHUB_SERVER_URL environment variable is not defined", async () => {
+    delete process.env["GITHUB_SERVER_URL"];
+    expect(actionUtils.isGhes()).toBeFalsy();
+});
+
+test("isGhes returns false when the GITHUB_SERVER_URL environment variable is set to github.com", async () => {
+    process.env["GITHUB_SERVER_URL"] = "https://github.com";
+    expect(actionUtils.isGhes()).toBeFalsy();
+});
+
+test("isGhes returns false when the GITHUB_SERVER_URL environment variable is set to a GitHub Enterprise Cloud-style URL", async () => {
+    process.env["GITHUB_SERVER_URL"] = "https://contoso.ghe.com";
+    expect(actionUtils.isGhes()).toBeFalsy();
+});
+
+test("isGhes returns false when the GITHUB_SERVER_URL environment variable has a .localhost suffix", async () => {
+    process.env["GITHUB_SERVER_URL"] = "https://mock-github.localhost";
+    expect(actionUtils.isGhes()).toBeFalsy();
+});
+
+test("isGhes returns true when the GITHUB_SERVER_URL environment variable is set to some other URL", async () => {
+    process.env["GITHUB_SERVER_URL"] = "https://src.onpremise.fabrikam.com";
+    expect(actionUtils.isGhes()).toBeTruthy();
+});

__tests__/restore.test.ts

@@ -260,7 +260,7 @@ test("Fail restore when fail on cache miss is enabled and primary + restore keys
     );
 
     expect(stateMock).toHaveBeenCalledWith("CACHE_KEY", key);
-    expect(setCacheHitOutputMock).toHaveBeenCalledTimes(1);
+    expect(setCacheHitOutputMock).toHaveBeenCalledTimes(0);
 
     expect(failedMock).toHaveBeenCalledWith(
         `Failed to restore cache entry. Exiting as fail-on-cache-miss is set. Input key: ${key}`

__tests__/restoreOnly.test.ts

@@ -86,8 +86,7 @@ test("restore with no cache found", async () => {
     );
 
     expect(outputMock).toHaveBeenCalledWith("cache-primary-key", key);
-    expect(outputMock).toHaveBeenCalledWith("cache-hit", "false");
-    expect(outputMock).toHaveBeenCalledTimes(2);
+    expect(outputMock).toHaveBeenCalledTimes(1);
     expect(failedMock).toHaveBeenCalledTimes(0);
 
     expect(infoMock).toHaveBeenCalledWith(

examples.md

@@ -1,5 +1,6 @@
 # Examples
 
+- [Bun](#bun)
 - [C# - NuGet](#c---nuget)
 - [Clojure - Lein Deps](#clojure---lein-deps)
 - [D - DUB](#d---dub)
@@ -41,6 +42,26 @@
 - [Swift - Mint](#swift---mint)
 - [* - Bazel](#---bazel)
 
+## Bun
+
+```yaml
+- uses: actions/cache@v4
+  with:
+    path: |
+      ~/.bun/install/cache
+    key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+```
+
+### Windows
+
+```yaml
+- uses: actions/cache@v4
+  with:
+    path: |
+      ~\.bun
+    key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
+```
+
 ## C# - NuGet
 
 Using [NuGet lock files](https://docs.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies):

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cache",
-  "version": "4.1.0",
+  "version": "4.2.0",
   "private": true,
   "description": "Cache dependencies and build outputs",
   "main": "dist/restore/index.js",
@@ -23,10 +23,10 @@
   "author": "GitHub",
   "license": "MIT",
   "dependencies": {
-    "@actions/cache": "^3.2.3",
-    "@actions/core": "^1.10.0",
+    "@actions/cache": "^4.0.0",
+    "@actions/core": "^1.11.1",
     "@actions/exec": "^1.1.1",
-    "@actions/io": "^1.1.2"
+    "@actions/io": "^1.1.3"
   },
   "devDependencies": {
     "@types/jest": "^27.5.2",
@@ -34,7 +34,7 @@
     "@types/node": "^16.18.3",
     "@typescript-eslint/eslint-plugin": "^5.45.0",
     "@typescript-eslint/parser": "^5.45.0",
-    "@vercel/ncc": "^0.38.1",
+    "@vercel/ncc": "^0.38.3",
     "eslint": "^8.28.0",
     "eslint-config-prettier": "^8.5.0",
     "eslint-plugin-import": "^2.26.0",
@@ -48,4 +48,4 @@
     "ts-jest": "^28.0.8",
     "typescript": "^4.9.3"
   }
-}
+}

src/restoreImpl.ts

@@ -51,7 +51,9 @@ export async function restoreImpl(
         );
 
         if (!cacheKey) {
-            core.setOutput(Outputs.CacheHit, false.toString());
+            // `cache-hit` is intentionally not set to `false` here to preserve existing behavior
+            // See https://github.com/actions/cache/issues/1466
+
             if (failOnCacheMiss) {
                 throw new Error(
                     `Failed to restore cache entry. Exiting as fail-on-cache-miss is set. Input key: ${primaryKey}`

src/utils/actionUtils.ts

@@ -7,7 +7,13 @@ export function isGhes(): boolean {
     const ghUrl = new URL(
         process.env["GITHUB_SERVER_URL"] || "https://github.com"
     );
-    return ghUrl.hostname.toUpperCase() !== "GITHUB.COM";
+
+    const hostname = ghUrl.hostname.trimEnd().toUpperCase();
+    const isGitHubHost = hostname === "GITHUB.COM";
+    const isGitHubEnterpriseCloudHost = hostname.endsWith(".GHE.COM");
+    const isLocalHost = hostname.endsWith(".LOCALHOST");
+
+    return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost;
 }
 
 export function isExactKeyMatch(key: string, cacheKey?: string): boolean {