Merge pull request #1620 from actions/nebuk89-patch-1

Update README.md
2025-06-17 21:37:42 +00:00 · 2025-06-17 14:18:22 +01:00 · 2025-06-16 10:08:03 +01:00 · 2025-03-19 18:06:32 +00:00 · 2025-03-18 08:00:50 -07:00 · 2025-03-18 07:58:36 -07:00
10 changed files with 421 additions and 35 deletions
--- a/.github/workflows/publish-immutable-actions.yml
+++ b/.github/workflows/publish-immutable-actions.yml
@ -2,7 +2,7 @@ name: 'Publish Immutable Action Version'
 on:
  release:
-    types: [published]
+    types: [released]
 jobs:
  publish:
--- a/.licenses/npm/@actions/cache.dep.yml
+++ b/.licenses/npm/@actions/cache.dep.yml
@ -1,6 +1,6 @@
 ---
 name: "@actions/cache"
-version: 4.0.1
+version: 4.0.3
 type: npm
 summary: Actions cache lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/cache
--- a/README.md
+++ b/README.md
@ -335,9 +335,23 @@ There are a number of community practices/workarounds to fulfill specific requir
 Please note that Windows environment variables (like `%LocalAppData%`) will NOT be expanded by this action. Instead, prefer using `~` in your paths which will expand to the HOME directory. For example, instead of `%LocalAppData%`, use `~\AppData\Local`. For a list of supported default environment variables, see the [Learn GitHub Actions: Variables](https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables) page.
-## Contributing
+## Note
-We would love for you to contribute to `actions/cache`. Pull requests are welcome! Please see the [CONTRIBUTING.md](CONTRIBUTING.md) for more information.
+Thank you for your interest in this GitHub repo, however, right now we are not taking contributions. 
 We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features we’re working on and what stage they’re in.
 We are taking the following steps to better direct requests related to GitHub Actions, including:
 1. We will be directing questions and support requests to our [Community Discussions area](https://github.com/orgs/community/discussions/categories/actions)
 2. High Priority bugs can be reported through Community Discussions or you can report these to our support team https://support.github.com/contact/bug-report.
 3. Security Issues should be handled as per our [security.md](SECURITY.md).
 We will still provide security updates for this project and fix major breaking changes during this time.
 You are welcome to still raise bugs in this repo.
 ## License
--- a/RELEASES.md
+++ b/RELEASES.md
@ -1,5 +1,13 @@
 # Releases
 ### 4.2.3
 - Bump `@actions/cache` to v4.0.3 (obfuscates SAS token in debug logs for cache entries)
 ### 4.2.2
 - Bump `@actions/cache` to v4.0.2
 ### 4.2.1
 - Bump `@actions/cache` to v4.0.1
--- a/dist/restore-only/index.js
+++ b/dist/restore-only/index.js
@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
            };
            const response = yield twirpClient.GetCacheEntryDownloadURL(request);
            if (!response.ok) {
-                core.debug(`Cache not found for keys: ${keys.join(', ')}`);
+                core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
                return undefined;
            }
            core.info(`Cache hit for: ${request.key}`);
@ -412,12 +412,20 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
                key,
                version
            };
            let signedUploadUrl;
            try {
                const response = yield twirpClient.CreateCacheEntry(request);
                if (!response.ok) {
                    throw new Error('Response was not ok');
                }
                signedUploadUrl = response.signedUploadUrl;
            }
            catch (error) {
                core.debug(`Failed to reserve cache: ${error}`);
                throw new ReserveCacheError(`Unable to reserve cache with key ${key}, another job may be creating this cache.`);
            }
            core.debug(`Attempting to upload cache located at: ${archivePath}`);
-            yield cacheHttpClient.saveCache(cacheId, archivePath, response.signedUploadUrl, options);
+            yield cacheHttpClient.saveCache(cacheId, archivePath, signedUploadUrl, options);
            const finalizeRequest = {
                key,
                version,
@ -2196,6 +2204,7 @@ const cacheUtils_1 = __nccwpck_require__(8299);
 const auth_1 = __nccwpck_require__(4552);
 const http_client_1 = __nccwpck_require__(4844);
 const cache_twirp_client_1 = __nccwpck_require__(1486);
 const util_1 = __nccwpck_require__(7564);
 /**
 * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
 *
@ -2255,6 +2264,7 @@ class CacheServiceClient {
                    (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
                    (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
                    const body = JSON.parse(rawBody);
                    (0, util_1.maskSecretUrls)(body);
                    (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
                    if (this.isSuccessStatusCode(statusCode)) {
                        return { response, body };
@ -2436,6 +2446,87 @@ exports.getUserAgentString = getUserAgentString;
 /***/ }),
 /***/ 7564:
 /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
 "use strict";
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.maskSecretUrls = exports.maskSigUrl = void 0;
 const core_1 = __nccwpck_require__(7484);
 /**
 * Masks the `sig` parameter in a URL and sets it as a secret.
 *
 * @param url - The URL containing the signature parameter to mask
 * @remarks
 * This function attempts to parse the provided URL and identify the 'sig' query parameter.
 * If found, it registers both the raw and URL-encoded signature values as secrets using
 * the Actions `setSecret` API, which prevents them from being displayed in logs.
 *
 * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
 *
 * @example
 * ```typescript
 * // Mask a signature in an Azure SAS token URL
 * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
 * ```
 */
 function maskSigUrl(url) {
    if (!url)
        return;
    try {
        const parsedUrl = new URL(url);
        const signature = parsedUrl.searchParams.get('sig');
        if (signature) {
            (0, core_1.setSecret)(signature);
            (0, core_1.setSecret)(encodeURIComponent(signature));
        }
    }
    catch (error) {
        (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
    }
 }
 exports.maskSigUrl = maskSigUrl;
 /**
 * Masks sensitive information in URLs containing signature parameters.
 * Currently supports masking 'sig' parameters in the 'signed_upload_url'
 * and 'signed_download_url' properties of the provided object.
 *
 * @param body - The object should contain a signature
 * @remarks
 * This function extracts URLs from the object properties and calls maskSigUrl
 * on each one to redact sensitive signature information. The function doesn't
 * modify the original object; it only marks the signatures as secrets for
 * logging purposes.
 *
 * @example
 * ```typescript
 * const responseBody = {
 *   signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
 *   signed_download_url: 'https://blob.core/windows.net/?sig=def456'
 * };
 * maskSecretUrls(responseBody);
 * ```
 */
 function maskSecretUrls(body) {
    if (typeof body !== 'object' || body === null) {
        (0, core_1.debug)('body is not an object or is null');
        return;
    }
    if ('signed_upload_url' in body &&
        typeof body.signed_upload_url === 'string') {
        maskSigUrl(body.signed_upload_url);
    }
    if ('signed_download_url' in body &&
        typeof body.signed_download_url === 'string') {
        maskSigUrl(body.signed_download_url);
    }
 }
 exports.maskSecretUrls = maskSecretUrls;
 //# sourceMappingURL=util.js.map
 /***/ }),
 /***/ 5321:
 /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
@ -65309,7 +65400,7 @@ module.exports = require("zlib");
 /***/ ((module) => {
 "use strict";
-module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.1","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
+module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
 /***/ }),
--- a/dist/restore/index.js
+++ b/dist/restore/index.js
@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
            };
            const response = yield twirpClient.GetCacheEntryDownloadURL(request);
            if (!response.ok) {
-                core.debug(`Cache not found for keys: ${keys.join(', ')}`);
+                core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
                return undefined;
            }
            core.info(`Cache hit for: ${request.key}`);
@ -412,12 +412,20 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
                key,
                version
            };
            let signedUploadUrl;
            try {
                const response = yield twirpClient.CreateCacheEntry(request);
                if (!response.ok) {
                    throw new Error('Response was not ok');
                }
                signedUploadUrl = response.signedUploadUrl;
            }
            catch (error) {
                core.debug(`Failed to reserve cache: ${error}`);
                throw new ReserveCacheError(`Unable to reserve cache with key ${key}, another job may be creating this cache.`);
            }
            core.debug(`Attempting to upload cache located at: ${archivePath}`);
-            yield cacheHttpClient.saveCache(cacheId, archivePath, response.signedUploadUrl, options);
+            yield cacheHttpClient.saveCache(cacheId, archivePath, signedUploadUrl, options);
            const finalizeRequest = {
                key,
                version,
@ -2196,6 +2204,7 @@ const cacheUtils_1 = __nccwpck_require__(8299);
 const auth_1 = __nccwpck_require__(4552);
 const http_client_1 = __nccwpck_require__(4844);
 const cache_twirp_client_1 = __nccwpck_require__(1486);
 const util_1 = __nccwpck_require__(7564);
 /**
 * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
 *
@ -2255,6 +2264,7 @@ class CacheServiceClient {
                    (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
                    (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
                    const body = JSON.parse(rawBody);
                    (0, util_1.maskSecretUrls)(body);
                    (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
                    if (this.isSuccessStatusCode(statusCode)) {
                        return { response, body };
@ -2436,6 +2446,87 @@ exports.getUserAgentString = getUserAgentString;
 /***/ }),
 /***/ 7564:
 /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
 "use strict";
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.maskSecretUrls = exports.maskSigUrl = void 0;
 const core_1 = __nccwpck_require__(7484);
 /**
 * Masks the `sig` parameter in a URL and sets it as a secret.
 *
 * @param url - The URL containing the signature parameter to mask
 * @remarks
 * This function attempts to parse the provided URL and identify the 'sig' query parameter.
 * If found, it registers both the raw and URL-encoded signature values as secrets using
 * the Actions `setSecret` API, which prevents them from being displayed in logs.
 *
 * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
 *
 * @example
 * ```typescript
 * // Mask a signature in an Azure SAS token URL
 * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
 * ```
 */
 function maskSigUrl(url) {
    if (!url)
        return;
    try {
        const parsedUrl = new URL(url);
        const signature = parsedUrl.searchParams.get('sig');
        if (signature) {
            (0, core_1.setSecret)(signature);
            (0, core_1.setSecret)(encodeURIComponent(signature));
        }
    }
    catch (error) {
        (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
    }
 }
 exports.maskSigUrl = maskSigUrl;
 /**
 * Masks sensitive information in URLs containing signature parameters.
 * Currently supports masking 'sig' parameters in the 'signed_upload_url'
 * and 'signed_download_url' properties of the provided object.
 *
 * @param body - The object should contain a signature
 * @remarks
 * This function extracts URLs from the object properties and calls maskSigUrl
 * on each one to redact sensitive signature information. The function doesn't
 * modify the original object; it only marks the signatures as secrets for
 * logging purposes.
 *
 * @example
 * ```typescript
 * const responseBody = {
 *   signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
 *   signed_download_url: 'https://blob.core/windows.net/?sig=def456'
 * };
 * maskSecretUrls(responseBody);
 * ```
 */
 function maskSecretUrls(body) {
    if (typeof body !== 'object' || body === null) {
        (0, core_1.debug)('body is not an object or is null');
        return;
    }
    if ('signed_upload_url' in body &&
        typeof body.signed_upload_url === 'string') {
        maskSigUrl(body.signed_upload_url);
    }
    if ('signed_download_url' in body &&
        typeof body.signed_download_url === 'string') {
        maskSigUrl(body.signed_download_url);
    }
 }
 exports.maskSecretUrls = maskSecretUrls;
 //# sourceMappingURL=util.js.map
 /***/ }),
 /***/ 5321:
 /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
@ -65309,7 +65400,7 @@ module.exports = require("zlib");
 /***/ ((module) => {
 "use strict";
-module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.1","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
+module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
 /***/ }),
--- a/dist/save-only/index.js
+++ b/dist/save-only/index.js
@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
            };
            const response = yield twirpClient.GetCacheEntryDownloadURL(request);
            if (!response.ok) {
-                core.debug(`Cache not found for keys: ${keys.join(', ')}`);
+                core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
                return undefined;
            }
            core.info(`Cache hit for: ${request.key}`);
@ -412,12 +412,20 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
                key,
                version
            };
            let signedUploadUrl;
            try {
                const response = yield twirpClient.CreateCacheEntry(request);
                if (!response.ok) {
                    throw new Error('Response was not ok');
                }
                signedUploadUrl = response.signedUploadUrl;
            }
            catch (error) {
                core.debug(`Failed to reserve cache: ${error}`);
                throw new ReserveCacheError(`Unable to reserve cache with key ${key}, another job may be creating this cache.`);
            }
            core.debug(`Attempting to upload cache located at: ${archivePath}`);
-            yield cacheHttpClient.saveCache(cacheId, archivePath, response.signedUploadUrl, options);
+            yield cacheHttpClient.saveCache(cacheId, archivePath, signedUploadUrl, options);
            const finalizeRequest = {
                key,
                version,
@ -2196,6 +2204,7 @@ const cacheUtils_1 = __nccwpck_require__(8299);
 const auth_1 = __nccwpck_require__(4552);
 const http_client_1 = __nccwpck_require__(4844);
 const cache_twirp_client_1 = __nccwpck_require__(1486);
 const util_1 = __nccwpck_require__(7564);
 /**
 * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
 *
@ -2255,6 +2264,7 @@ class CacheServiceClient {
                    (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
                    (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
                    const body = JSON.parse(rawBody);
                    (0, util_1.maskSecretUrls)(body);
                    (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
                    if (this.isSuccessStatusCode(statusCode)) {
                        return { response, body };
@ -2436,6 +2446,87 @@ exports.getUserAgentString = getUserAgentString;
 /***/ }),
 /***/ 7564:
 /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
 "use strict";
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.maskSecretUrls = exports.maskSigUrl = void 0;
 const core_1 = __nccwpck_require__(7484);
 /**
 * Masks the `sig` parameter in a URL and sets it as a secret.
 *
 * @param url - The URL containing the signature parameter to mask
 * @remarks
 * This function attempts to parse the provided URL and identify the 'sig' query parameter.
 * If found, it registers both the raw and URL-encoded signature values as secrets using
 * the Actions `setSecret` API, which prevents them from being displayed in logs.
 *
 * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
 *
 * @example
 * ```typescript
 * // Mask a signature in an Azure SAS token URL
 * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
 * ```
 */
 function maskSigUrl(url) {
    if (!url)
        return;
    try {
        const parsedUrl = new URL(url);
        const signature = parsedUrl.searchParams.get('sig');
        if (signature) {
            (0, core_1.setSecret)(signature);
            (0, core_1.setSecret)(encodeURIComponent(signature));
        }
    }
    catch (error) {
        (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
    }
 }
 exports.maskSigUrl = maskSigUrl;
 /**
 * Masks sensitive information in URLs containing signature parameters.
 * Currently supports masking 'sig' parameters in the 'signed_upload_url'
 * and 'signed_download_url' properties of the provided object.
 *
 * @param body - The object should contain a signature
 * @remarks
 * This function extracts URLs from the object properties and calls maskSigUrl
 * on each one to redact sensitive signature information. The function doesn't
 * modify the original object; it only marks the signatures as secrets for
 * logging purposes.
 *
 * @example
 * ```typescript
 * const responseBody = {
 *   signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
 *   signed_download_url: 'https://blob.core/windows.net/?sig=def456'
 * };
 * maskSecretUrls(responseBody);
 * ```
 */
 function maskSecretUrls(body) {
    if (typeof body !== 'object' || body === null) {
        (0, core_1.debug)('body is not an object or is null');
        return;
    }
    if ('signed_upload_url' in body &&
        typeof body.signed_upload_url === 'string') {
        maskSigUrl(body.signed_upload_url);
    }
    if ('signed_download_url' in body &&
        typeof body.signed_download_url === 'string') {
        maskSigUrl(body.signed_download_url);
    }
 }
 exports.maskSecretUrls = maskSecretUrls;
 //# sourceMappingURL=util.js.map
 /***/ }),
 /***/ 5321:
 /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
@ -65322,7 +65413,7 @@ module.exports = require("zlib");
 /***/ ((module) => {
 "use strict";
-module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.1","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
+module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
 /***/ }),
--- a/dist/save/index.js
+++ b/dist/save/index.js
@ -220,7 +220,7 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
            };
            const response = yield twirpClient.GetCacheEntryDownloadURL(request);
            if (!response.ok) {
-                core.debug(`Cache not found for keys: ${keys.join(', ')}`);
+                core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
                return undefined;
            }
            core.info(`Cache hit for: ${request.key}`);
@ -412,12 +412,20 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
                key,
                version
            };
            let signedUploadUrl;
            try {
                const response = yield twirpClient.CreateCacheEntry(request);
                if (!response.ok) {
                    throw new Error('Response was not ok');
                }
                signedUploadUrl = response.signedUploadUrl;
            }
            catch (error) {
                core.debug(`Failed to reserve cache: ${error}`);
                throw new ReserveCacheError(`Unable to reserve cache with key ${key}, another job may be creating this cache.`);
            }
            core.debug(`Attempting to upload cache located at: ${archivePath}`);
-            yield cacheHttpClient.saveCache(cacheId, archivePath, response.signedUploadUrl, options);
+            yield cacheHttpClient.saveCache(cacheId, archivePath, signedUploadUrl, options);
            const finalizeRequest = {
                key,
                version,
@ -2196,6 +2204,7 @@ const cacheUtils_1 = __nccwpck_require__(8299);
 const auth_1 = __nccwpck_require__(4552);
 const http_client_1 = __nccwpck_require__(4844);
 const cache_twirp_client_1 = __nccwpck_require__(1486);
 const util_1 = __nccwpck_require__(7564);
 /**
 * This class is a wrapper around the CacheServiceClientJSON class generated by Twirp.
 *
@ -2255,6 +2264,7 @@ class CacheServiceClient {
                    (0, core_1.debug)(`[Response] - ${response.message.statusCode}`);
                    (0, core_1.debug)(`Headers: ${JSON.stringify(response.message.headers, null, 2)}`);
                    const body = JSON.parse(rawBody);
                    (0, util_1.maskSecretUrls)(body);
                    (0, core_1.debug)(`Body: ${JSON.stringify(body, null, 2)}`);
                    if (this.isSuccessStatusCode(statusCode)) {
                        return { response, body };
@ -2436,6 +2446,87 @@ exports.getUserAgentString = getUserAgentString;
 /***/ }),
 /***/ 7564:
 /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
 "use strict";
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.maskSecretUrls = exports.maskSigUrl = void 0;
 const core_1 = __nccwpck_require__(7484);
 /**
 * Masks the `sig` parameter in a URL and sets it as a secret.
 *
 * @param url - The URL containing the signature parameter to mask
 * @remarks
 * This function attempts to parse the provided URL and identify the 'sig' query parameter.
 * If found, it registers both the raw and URL-encoded signature values as secrets using
 * the Actions `setSecret` API, which prevents them from being displayed in logs.
 *
 * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
 *
 * @example
 * ```typescript
 * // Mask a signature in an Azure SAS token URL
 * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
 * ```
 */
 function maskSigUrl(url) {
    if (!url)
        return;
    try {
        const parsedUrl = new URL(url);
        const signature = parsedUrl.searchParams.get('sig');
        if (signature) {
            (0, core_1.setSecret)(signature);
            (0, core_1.setSecret)(encodeURIComponent(signature));
        }
    }
    catch (error) {
        (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
    }
 }
 exports.maskSigUrl = maskSigUrl;
 /**
 * Masks sensitive information in URLs containing signature parameters.
 * Currently supports masking 'sig' parameters in the 'signed_upload_url'
 * and 'signed_download_url' properties of the provided object.
 *
 * @param body - The object should contain a signature
 * @remarks
 * This function extracts URLs from the object properties and calls maskSigUrl
 * on each one to redact sensitive signature information. The function doesn't
 * modify the original object; it only marks the signatures as secrets for
 * logging purposes.
 *
 * @example
 * ```typescript
 * const responseBody = {
 *   signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
 *   signed_download_url: 'https://blob.core/windows.net/?sig=def456'
 * };
 * maskSecretUrls(responseBody);
 * ```
 */
 function maskSecretUrls(body) {
    if (typeof body !== 'object' || body === null) {
        (0, core_1.debug)('body is not an object or is null');
        return;
    }
    if ('signed_upload_url' in body &&
        typeof body.signed_upload_url === 'string') {
        maskSigUrl(body.signed_upload_url);
    }
    if ('signed_download_url' in body &&
        typeof body.signed_download_url === 'string') {
        maskSigUrl(body.signed_download_url);
    }
 }
 exports.maskSecretUrls = maskSecretUrls;
 //# sourceMappingURL=util.js.map
 /***/ }),
 /***/ 5321:
 /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
@ -65322,7 +65413,7 @@ module.exports = require("zlib");
 /***/ ((module) => {
 "use strict";
-module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.1","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
+module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"4.0.3","preview":true,"description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","main":"lib/cache.js","types":"lib/cache.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.11.1","@actions/exec":"^1.0.1","@actions/glob":"^0.1.0","@actions/http-client":"^2.1.1","@actions/io":"^1.0.1","@azure/abort-controller":"^1.1.0","@azure/ms-rest-js":"^2.6.0","@azure/storage-blob":"^12.13.0","@protobuf-ts/plugin":"^2.9.4","semver":"^6.3.1"},"devDependencies":{"@types/node":"^22.13.9","@types/semver":"^6.0.0","typescript":"^5.2.2"}}');
 /***/ }),
--- a/package-lock.json
+++ b/package-lock.json
@ -1,15 +1,15 @@
 {
  "name": "cache",
-  "version": "4.2.1",
+  "version": "4.2.3",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "cache",
-      "version": "4.2.1",
+      "version": "4.2.3",
      "license": "MIT",
      "dependencies": {
-        "@actions/cache": "^4.0.1",
+        "@actions/cache": "^4.0.3",
        "@actions/core": "^1.11.1",
        "@actions/exec": "^1.1.1",
        "@actions/io": "^1.1.3"
@ -36,9 +36,9 @@
      }
    },
    "node_modules/@actions/cache": {
-      "version": "4.0.1",
+      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.3.tgz",
-      "integrity": "sha512-u2NrTo95PDmk145wrr+fMhrvpF0hfPmD6cLkR7NozvNHqanR0BmRHBzEe1yiGZFFEHbu6/e6EOEX7qoM7fWVTA==",
+      "integrity": "sha512-SvrqFtYJ7I48A/uXNkoJrnukx5weQv1fGquhs3+4nkByZThBH109KTIqj5x/cGV7JGNvb8dLPVywUOqX1fjiXg==",
      "license": "MIT",
      "dependencies": {
        "@actions/core": "^1.11.1",
@ -9600,9 +9600,9 @@
  },
  "dependencies": {
    "@actions/cache": {
-      "version": "4.0.1",
+      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.3.tgz",
-      "integrity": "sha512-u2NrTo95PDmk145wrr+fMhrvpF0hfPmD6cLkR7NozvNHqanR0BmRHBzEe1yiGZFFEHbu6/e6EOEX7qoM7fWVTA==",
+      "integrity": "sha512-SvrqFtYJ7I48A/uXNkoJrnukx5weQv1fGquhs3+4nkByZThBH109KTIqj5x/cGV7JGNvb8dLPVywUOqX1fjiXg==",
      "requires": {
        "@actions/core": "^1.11.1",
        "@actions/exec": "^1.0.1",
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "cache",
-  "version": "4.2.1",
+  "version": "4.2.3",
  "private": true,
  "description": "Cache dependencies and build outputs",
  "main": "dist/restore/index.js",
@ -23,7 +23,7 @@
  "author": "GitHub",
  "license": "MIT",
  "dependencies": {
-    "@actions/cache": "^4.0.1",
+    "@actions/cache": "^4.0.3",
    "@actions/core": "^1.11.1",
    "@actions/exec": "^1.1.1",
    "@actions/io": "^1.1.3"
Author	SHA1	Message	Date
Ben De St Paer-Gotch	640a1c2554	Merge pull request #1620 from actions/nebuk89-patch-1 Update README.md	2025-06-17 14:18:22 +01:00
Ben De St Paer-Gotch	c45d39173a	Update README.md	2025-06-16 10:08:03 +01:00
Salman Chishti	5a3ec84eff	Merge pull request #1577 from salmanmkc/salmanmkc/4-test Update to use @actions/cache 4.0.3 package & prepare for new release	2025-03-19 18:06:32 +00:00
Salman Chishti	7de21022a7	Update releases.md	2025-03-18 08:00:50 -07:00
Salman Chishti	76d40dd347	Update to use the latest version of the cache package to obfuscate the SAS	2025-03-18 07:58:36 -07:00
Salman Chishti	76dd5eb692	update cache with main	2025-03-18 03:43:02 -07:00
Salman Chishti	8c80c27c5e	new package	2025-03-13 04:55:45 -07:00
Salman Chishti	45cfd0e7ff	updates	2025-03-13 04:30:51 -07:00
Salman Chishti	edd449b9cf	updated cache with latest changes	2025-03-12 03:22:00 -07:00
Salman Chishti	0576707e37	latest test before pr	2025-03-10 06:54:42 -07:00
Salman Chishti	3105dc9754	update	2025-03-10 04:27:54 -07:00
Salman Chishti	9450d42d15	mask	2025-03-10 04:24:44 -07:00
Salman Chishti	7d05b27fb9	update cache package to mask whole sas to the end of the line	2025-03-10 04:20:14 -07:00
Salman Chishti	507b84c6a6	artifact changes	2025-03-07 08:47:30 -08:00
Salman Chishti	f248408e15	type	2025-03-07 08:12:07 -08:00
Salman Chishti	c30eb5542e	debugging	2025-03-07 08:06:30 -08:00
Salman Chishti	5b6ae99d8b	mask whole url	2025-03-07 08:02:01 -08:00
Salman Chishti	eca7c65a55	changed	2025-03-07 08:00:03 -08:00
Salman Chishti	1b5d75f5cf	add changes	2025-03-07 07:56:21 -08:00
Rob Herley	d4323d4df1	Merge pull request #1560 from actions/robherley/v4.2.2 Bump @actions/cache to v4.0.2	2025-02-27 09:47:05 -05:00
Rob Herley	da26677639	bump @actions/cache to v4.0.2, prep for v4.2.2 release	2025-02-26 12:45:56 -05:00
Rob Herley	7921ae235b	Merge pull request #1557 from actions/robherley/ia-workflow-released Update publish-immutable-actions.yml	2025-02-18 17:47:05 -05:00
Rob Herley	3937731706	Update publish-immutable-actions.yml	2025-02-18 17:43:49 -05:00