Bump the actions group with 2 updates (#199)

Bumps the actions group with 2 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest).


Updates `@types/node` from 24.0.7 to 24.0.10
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `jest` from 30.0.3 to 30.0.4
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.0.4/packages/jest)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: jest
  dependency-version: 30.0.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates:
+   - package-ecosystem: npm
+     directory: /
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'
+   - package-ecosystem: github-actions
+     directory: .github/workflows
+     schedule:
+        interval: weekly
+     groups:
+        actions:
+           patterns:
+              - '*'

.github/workflows/defaultLabels.yml

@@ -13,7 +13,7 @@ jobs:
 
       # Steps represent a sequence of tasks that will be executed as part of the job
       steps:
-         - uses: actions/stale@v3
+         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 #v9.1.0
            name: Setting issue as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -24,7 +24,7 @@ jobs:
               operations-per-run: 100
               exempt-issue-labels: 'backlog'
 
-         - uses: actions/stale@v3
+         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 #v9.1.0
            name: Setting PR as idle
            with:
               repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/integration-tests.yml

@@ -15,7 +15,7 @@ jobs:
          PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
       steps:
          - name: Check out repository
-           uses: actions/checkout@v2
+           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
          - name: npm install and build
            id: action-npm-build
            run: |
@@ -63,3 +63,25 @@ jobs:
               else
                 echo "HELM VERSION $HELM_3_5_0 INSTALLED SUCCESSFULLY"
               fi
+         - name: Setup helm latest version
+           uses: ./
+           with:
+              version: latest
+              token: ${{ secrets.GITHUB_TOKEN }}
+         - name: Validate latest
+           env:
+              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+           run: |
+              HELM_LATEST=$(gh release list \
+                --repo helm/helm \
+                --exclude-drafts \
+                --exclude-pre-releases \
+                --limit 1 | awk '{print $4}')
+
+              if [[ $(helm version) != *$HELM_LATEST* ]]; then
+                echo "HELM VERSION INCORRECT: HELM VERSION DOES NOT CONTAIN $HELM_LATEST"
+                echo "HELM VERSION OUTPUT: $(helm version)"
+                exit 1
+              else
+                echo "HELM VERSION $HELM_LATEST INSTALLED SUCCESSFULLY"
+              fi

.github/workflows/prettify-code.yml

@@ -10,9 +10,7 @@ jobs:
       runs-on: ubuntu-latest
       steps:
          - name: Checkout Repository
-           uses: actions/checkout@v2
+           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
          - name: Enforce Prettier
-           uses: actionsx/prettier@v2
-           with:
-              args: --check .
+           run: npx prettier --check .

.github/workflows/release-pr.yml

@@ -1,14 +1,18 @@
-name: Create release PR
+name: Release Project
 
 on:
+   push:
+      branches:
+         - main
+      paths:
+         - CHANGELOG.md
    workflow_dispatch:
-      inputs:
-         release:
-            description: 'Define release version (ex: v1, v2, v3)'
-            required: true
 
 jobs:
-   release-pr:
-      uses: OliverMKing/javascript-release-workflow/.github/workflows/release-pr.yml@main
+   release:
+      permissions:
+         actions: read
+         contents: write
+      uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@3c677ba5ab58f5c5c1a6f0cfb176b333b1f27405 # v1.0.3
       with:
-         release: ${{ github.event.inputs.release }}
+         changelogPath: ./CHANGELOG.md

.github/workflows/tag-and-draft.yml

@@ -7,4 +7,4 @@ on:
 
 jobs:
    tag-and-release:
-      uses: OliverMKing/javascript-release-workflow/.github/workflows/tag-and-release.yml@main
+      uses: OliverMKing/javascript-release-workflow/.github/workflows/tag-and-release.yml@c753e1545b144562237cd1177a95bab21a785cff # main

.github/workflows/unit-tests.yml

@@ -13,7 +13,7 @@ jobs:
    build: # make sure build/ci works properly
       runs-on: ubuntu-latest
       steps:
-         - uses: actions/checkout@v1
+         - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
          - name: Run L0 tests.
            run: |

.gitignore

@@ -11,6 +11,8 @@ pids
 *.seed
 *.pid.lock
 
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
 
 # Coverage directory used by tools like istanbul
 coverage
@@ -62,3 +64,4 @@ node_modules
 coverage
 
 # Transpiled JS
+lib/

.husky/pre-commit

@@ -0,0 +1,7 @@
+npm test
+npm run format-check || {
+  echo ""
+  echo "❌ Formatting check failed."
+  echo "💡 Run 'npm run format' or 'prettier --write .' to fix formatting issues."
+  exit 1
+}

CHANGELOG.md

@@ -0,0 +1,19 @@
+# Change Log
+
+## [4.3.0] - 2025-02-15
+
+- #152 feat: log when restoring from cache
+- #157 Dependencies Update
+- #137 Add dependabot
+
+## [4.2.0] - 2024-04-15
+
+- #124 Fix OS detection and download OS-native archive extension
+
+## [4.1.0] - 2024-03-01
+
+- #130 switches to use Helm published file to read latest version instead of using GitHub releases
+
+## [4.0.0] - 2024-02-12
+
+- #121 update to node20 as node16 is deprecated

CODE_OF_CONDUCT.md

@@ -4,6 +4,6 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope
 
 Resources:
 
--  [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
--  [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
--  Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
+- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns

README.md

@@ -4,17 +4,17 @@ Install a specific version of helm binary on the runner.
 
 ## Example
 
-Acceptable values are latest or any semantic version string like v3.5.0 Use this action in workflow to define which version of helm will be used. v2 and v3 of this action only support Helm3.
+Acceptable values are latest or any semantic version string like v3.5.0 Use this action in workflow to define which version of helm will be used. v2+ of this action only support Helm3.
 
 ```yaml
-- uses: azure/setup-helm@v3
+- uses: azure/setup-helm@v4.3.0
   with:
      version: '<version>' # default is latest (stable)
-     token: ${{ secrets.GITHUB_TOKEN }} # only needed if version is 'latest'
   id: install
 ```
 
-> Note: When using latest version you might hit the GitHub GraphQL API hourly rate limit of 5,000. The action will then return the hardcoded default stable version (currently v3.9.0). If you rely on a certain version higher than the default, you should use that version instead of latest.
+> [!NOTE]
+> If something goes wrong with fetching the latest version the action will use the hardcoded default stable version (currently v3.13.3). If you rely on a certain version higher than the default, you should explicitly use that version instead of latest.
 
 The cached helm binary path is prepended to the PATH environment variable as well as stored in the helm-path output variable.
 Refer to the action metadata file for details about all the inputs https://github.com/Azure/setup-helm/blob/master/action.yml

SECURITY.md

@@ -18,13 +18,13 @@ You should receive a response within 24 hours. If for some reason you do not, pl
 
 Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
 
--  Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
--  Full paths of source file(s) related to the manifestation of the issue
--  The location of the affected source code (tag/branch/commit or direct URL)
--  Any special configuration required to reproduce the issue
--  Step-by-step instructions to reproduce the issue
--  Proof-of-concept or exploit code (if possible)
--  Impact of the issue, including how an attacker might exploit the issue
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
 
 This information will help us triage your report more quickly.
 

action.yml

@@ -6,13 +6,19 @@ inputs:
       required: true
       default: 'latest'
    token:
-      description: GitHub token. Required only if 'version' == 'latest'
+      description: GitHub token. Used to be required to fetch the latest version
       required: false
+      deprecationMessage: 'GitHub token is no longer required'
+      default: '${{ github.token }}'
+   downloadBaseURL:
+      description: 'Set the download base URL'
+      required: false
+      default: 'https://get.helm.sh'
 outputs:
    helm-path:
       description: 'Path to the cached helm binary'
 branding:
    color: 'blue'
 runs:
-   using: 'node16'
+   using: 'node20'
    main: 'lib/index.js'

package.json

@@ -1,33 +1,36 @@
 {
    "name": "setuphelm",
-   "version": "0.0.0",
+   "version": "4.3.0",
    "private": true,
    "description": "Setup helm",
    "author": "Anumita Shenoy",
    "license": "MIT",
    "dependencies": {
-      "@actions/core": "^1.10.0",
+      "@actions/core": "^1.11.1",
       "@actions/exec": "^1.1.1",
       "@actions/io": "^1.1.2",
-      "@actions/tool-cache": "2.0.1",
-      "@octokit/auth-action": "^2.0.0",
-      "@octokit/graphql": "^4.6.1",
-      "semver": "^6.1.0"
+      "@actions/tool-cache": "2.0.2",
+      "@octokit/action": "^8.0.2",
+      "semver": "^7.7.2"
    },
    "main": "lib/index.js",
    "scripts": {
-      "build": "ncc build src/run.ts -o lib",
+      "prebuild": "npm i ncc",
+      "build": "ncc build src/index.ts -o lib",
       "test": "jest",
       "test-coverage": "jest --coverage",
       "format": "prettier --write .",
-      "format-check": "prettier --check ."
+      "format-check": "prettier --check .",
+      "prepare": "husky"
    },
    "devDependencies": {
-      "@types/jest": "^26.0.0",
-      "@types/node": "^12.0.10",
-      "@vercel/ncc": "^0.34.0",
-      "jest": "^26.0.1",
-      "ts-jest": "^26.0.0",
-      "typescript": "^3.5.2"
+      "@types/jest": "^30.0.0",
+      "@types/node": "^24.0.10",
+      "@vercel/ncc": "^0.38.3",
+      "husky": "^9.1.7",
+      "jest": "^30.0.4",
+      "prettier": "^3.6.2",
+      "ts-jest": "^29.4.0",
+      "typescript": "^5.8.3"
    }
 }

src/index.ts

@@ -0,0 +1,4 @@
+import {run} from './run'
+import * as core from '@actions/core'
+
+run().catch(core.setFailed)

src/run.test.ts

@@ -6,97 +6,115 @@ import * as path from 'path'
 import * as core from '@actions/core'
 
 describe('run.ts', () => {
+   const downloadBaseURL = 'https://test.tld'
+
+   // Cleanup mocks after each test to ensure that subsequent tests are not affected by the mocks.
+   afterEach(() => {
+      jest.restoreAllMocks()
+   })
+
    test('getExecutableExtension() - return .exe when os is Windows', () => {
-      jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
+      jest.spyOn(os, 'platform').mockReturnValue('win32')
 
       expect(run.getExecutableExtension()).toBe('.exe')
-      expect(os.type).toBeCalled()
+      expect(os.platform).toHaveBeenCalled()
    })
 
    test('getExecutableExtension() - return empty string for non-windows OS', () => {
-      jest.spyOn(os, 'type').mockReturnValue('Darwin')
+      jest.spyOn(os, 'platform').mockReturnValue('darwin')
 
       expect(run.getExecutableExtension()).toBe('')
-      expect(os.type).toBeCalled()
+      expect(os.platform).toHaveBeenCalled()
    })
 
-   test('getHelmDownloadURL() - return the URL to download helm for Linux', () => {
-      jest.spyOn(os, 'type').mockReturnValue('Linux')
-      jest.spyOn(os, 'arch').mockReturnValueOnce('unknown')
-      const kubectlLinuxUrl = 'https://get.helm.sh/helm-v3.8.0-linux-amd64.zip'
+   test('getHelmDownloadURL() - return the URL to download helm for Linux amd64', () => {
+      jest.spyOn(os, 'platform').mockReturnValue('linux')
+      jest.spyOn(os, 'arch').mockReturnValue('x64')
+      const expected = 'https://test.tld/helm-v3.8.0-linux-amd64.tar.gz'
 
-      expect(run.getHelmDownloadURL('v3.8.0')).toBe(kubectlLinuxUrl)
-      expect(os.type).toBeCalled()
-      expect(os.arch).toBeCalled()
-
-      // arm64
-      jest.spyOn(os, 'type').mockReturnValue('Linux')
-      jest.spyOn(os, 'arch').mockReturnValueOnce('arm64')
-      const kubectlLinuxArm64Url =
-         'https://get.helm.sh/helm-v3.8.0-linux-arm64.zip'
-
-      expect(run.getHelmDownloadURL('v3.8.0')).toBe(kubectlLinuxArm64Url)
-      expect(os.type).toBeCalled()
-      expect(os.arch).toBeCalled()
+      expect(run.getHelmDownloadURL(downloadBaseURL, 'v3.8.0')).toBe(expected)
+      expect(os.platform).toHaveBeenCalled()
+      expect(os.arch).toHaveBeenCalled()
    })
 
-   test('getHelmDownloadURL() - return the URL to download helm for Darwin', () => {
-      jest.spyOn(os, 'type').mockReturnValue('Darwin')
-      jest.spyOn(os, 'arch').mockReturnValueOnce('unknown')
-      const kubectlDarwinUrl =
-         'https://get.helm.sh/helm-v3.8.0-darwin-amd64.zip'
+   test('getHelmDownloadURL() - return the URL to download helm for Linux arm64', () => {
+      jest.spyOn(os, 'platform').mockReturnValue('linux')
+      jest.spyOn(os, 'arch').mockReturnValue('arm64')
+      const expected = 'https://test.tld/helm-v3.8.0-linux-arm64.tar.gz'
 
-      expect(run.getHelmDownloadURL('v3.8.0')).toBe(kubectlDarwinUrl)
-      expect(os.type).toBeCalled()
-      expect(os.arch).toBeCalled()
+      expect(run.getHelmDownloadURL(downloadBaseURL, 'v3.8.0')).toBe(expected)
+      expect(os.platform).toHaveBeenCalled()
+      expect(os.arch).toHaveBeenCalled()
+   })
 
-      // arm64
-      jest.spyOn(os, 'type').mockReturnValue('Darwin')
-      jest.spyOn(os, 'arch').mockReturnValueOnce('arm64')
-      const kubectlDarwinArm64Url =
-         'https://get.helm.sh/helm-v3.8.0-darwin-arm64.zip'
+   test('getHelmDownloadURL() - return the URL to download helm for Darwin x64', () => {
+      jest.spyOn(os, 'platform').mockReturnValue('darwin')
+      jest.spyOn(os, 'arch').mockReturnValue('x64')
+      const expected = 'https://test.tld/helm-v3.8.0-darwin-amd64.tar.gz'
 
-      expect(run.getHelmDownloadURL('v3.8.0')).toBe(kubectlDarwinArm64Url)
-      expect(os.type).toBeCalled()
-      expect(os.arch).toBeCalled()
+      expect(run.getHelmDownloadURL(downloadBaseURL, 'v3.8.0')).toBe(expected)
+      expect(os.platform).toHaveBeenCalled()
+      expect(os.arch).toHaveBeenCalled()
+   })
+
+   test('getHelmDownloadURL() - return the URL to download helm for Darwin arm64', () => {
+      jest.spyOn(os, 'platform').mockReturnValue('darwin')
+      jest.spyOn(os, 'arch').mockReturnValue('arm64')
+      const expected = 'https://test.tld/helm-v3.8.0-darwin-arm64.tar.gz'
+
+      expect(run.getHelmDownloadURL(downloadBaseURL, 'v3.8.0')).toBe(expected)
+      expect(os.platform).toHaveBeenCalled()
+      expect(os.arch).toHaveBeenCalled()
+   })
+
+   test('getHelmDownloadURL() - return the URL to download helm for Windows', () => {
+      jest.spyOn(os, 'platform').mockReturnValue('win32')
+      jest.spyOn(os, 'arch').mockReturnValue('x64')
+
+      const expected = 'https://test.tld/helm-v3.8.0-windows-amd64.zip'
+      expect(run.getHelmDownloadURL(downloadBaseURL, 'v3.8.0')).toBe(expected)
+      expect(os.platform).toHaveBeenCalled()
+   })
+
+   test('getLatestHelmVersion() - return the latest version of HELM', async () => {
+      const res = {
+         status: 200,
+         text: async () => 'v9.99.999'
+      } as Response
+      global.fetch = jest.fn().mockReturnValue(res)
+      expect(await run.getLatestHelmVersion()).toBe('v9.99.999')
+   })
+
+   test('getLatestHelmVersion() - return the stable version of HELM when simulating a network error', async () => {
+      const errorMessage: string = 'Network Error'
+      global.fetch = jest.fn().mockRejectedValueOnce(new Error(errorMessage))
+      expect(await run.getLatestHelmVersion()).toBe('v3.13.3')
    })
 
    test('getValidVersion() - return version with v prepended', () => {
       expect(run.getValidVersion('3.8.0')).toBe('v3.8.0')
    })
 
-   test('getHelmDownloadURL() - return the URL to download helm for Windows', () => {
-      jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
-
-      const kubectlWindowsUrl =
-         'https://get.helm.sh/helm-v3.8.0-windows-amd64.zip'
-      expect(run.getHelmDownloadURL('v3.8.0')).toBe(kubectlWindowsUrl)
-      expect(os.type).toBeCalled()
-   })
-
-   test('getLatestHelmVersion() - return the stable version of HELM since its not authenticated', async () => {
-      expect(await run.getLatestHelmVersion()).toBe('v3.9.0')
-   })
-
    test('walkSync() - return path to the all files matching fileToFind in dir', () => {
       jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => {
          if (file == 'mainFolder')
             return [
-               'file1' as unknown as fs.Dirent,
-               'file2' as unknown as fs.Dirent,
-               'folder1' as unknown as fs.Dirent,
-               'folder2' as unknown as fs.Dirent
+               'file1' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
+               'file2' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
+               'folder1' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
+               'folder2' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
             ]
          if (file == path.join('mainFolder', 'folder1'))
             return [
-               'file11' as unknown as fs.Dirent,
-               'file12' as unknown as fs.Dirent
+               'file11' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
+               'file12' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
             ]
          if (file == path.join('mainFolder', 'folder2'))
             return [
-               'file21' as unknown as fs.Dirent,
-               'file22' as unknown as fs.Dirent
+               'file21' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
+               'file22' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
             ]
+         return []
       })
       jest.spyOn(core, 'debug').mockImplementation()
       jest.spyOn(fs, 'statSync').mockImplementation((file) => {
@@ -108,29 +126,30 @@ describe('run.ts', () => {
       expect(run.walkSync('mainFolder', null, 'file21')).toEqual([
          path.join('mainFolder', 'folder2', 'file21')
       ])
-      expect(fs.readdirSync).toBeCalledTimes(3)
-      expect(fs.statSync).toBeCalledTimes(8)
+      expect(fs.readdirSync).toHaveBeenCalledTimes(3)
+      expect(fs.statSync).toHaveBeenCalledTimes(8)
    })
 
    test('walkSync() - return empty array if no file with name fileToFind exists', () => {
       jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => {
          if (file == 'mainFolder')
             return [
-               'file1' as unknown as fs.Dirent,
-               'file2' as unknown as fs.Dirent,
-               'folder1' as unknown as fs.Dirent,
-               'folder2' as unknown as fs.Dirent
+               'file1' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
+               'file2' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
+               'folder1' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
+               'folder2' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
             ]
          if (file == path.join('mainFolder', 'folder1'))
             return [
-               'file11' as unknown as fs.Dirent,
-               'file12' as unknown as fs.Dirent
+               'file11' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
+               'file12' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
             ]
          if (file == path.join('mainFolder', 'folder2'))
             return [
-               'file21' as unknown as fs.Dirent,
-               'file22' as unknown as fs.Dirent
+               'file21' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>,
+               'file22' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
             ]
+         return []
       })
       jest.spyOn(core, 'debug').mockImplementation()
       jest.spyOn(fs, 'statSync').mockImplementation((file) => {
@@ -140,21 +159,23 @@ describe('run.ts', () => {
       })
 
       expect(run.walkSync('mainFolder', null, 'helm.exe')).toEqual([])
-      expect(fs.readdirSync).toBeCalledTimes(3)
-      expect(fs.statSync).toBeCalledTimes(8)
+      expect(fs.readdirSync).toHaveBeenCalledTimes(3)
+      expect(fs.statSync).toHaveBeenCalledTimes(8)
    })
 
    test('findHelm() - change access permissions and find the helm in given directory', () => {
       jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
       jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => {
-         if (file == 'mainFolder') return ['helm.exe' as unknown as fs.Dirent]
+         if (file == 'mainFolder')
+            return ['helm.exe' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>]
+         return []
       })
       jest.spyOn(fs, 'statSync').mockImplementation((file) => {
          const isDirectory =
             (file as string).indexOf('folder') == -1 ? false : true
          return {isDirectory: () => isDirectory} as fs.Stats
       })
-      jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
+      jest.spyOn(os, 'platform').mockReturnValue('win32')
 
       expect(run.findHelm('mainFolder')).toBe(
          path.join('mainFolder', 'helm.exe')
@@ -165,11 +186,13 @@ describe('run.ts', () => {
       jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
       jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => {
          if (file == 'mainFolder') return []
+         return []
       })
       jest.spyOn(fs, 'statSync').mockImplementation((file) => {
          return {isDirectory: () => true} as fs.Stats
       })
-      jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
+      jest.spyOn(os, 'platform').mockReturnValue('win32')
+
       expect(() => run.findHelm('mainFolder')).toThrow(
          'Helm executable not found in path mainFolder'
       )
@@ -180,31 +203,31 @@ describe('run.ts', () => {
       jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
       const response = JSON.stringify([{tag_name: 'v4.0.0'}])
       jest.spyOn(fs, 'readFileSync').mockReturnValue(response)
-      jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
+      jest.spyOn(os, 'platform').mockReturnValue('win32')
       jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
-      jest
-         .spyOn(toolCache, 'extractZip')
-         .mockResolvedValue('pathToUnzippedHelm')
+      jest.spyOn(toolCache, 'extractZip').mockResolvedValue('extractedPath')
       jest.spyOn(toolCache, 'cacheDir').mockResolvedValue('pathToCachedDir')
       jest
          .spyOn(fs, 'readdirSync')
-         .mockImplementation((file, _) => ['helm.exe' as unknown as fs.Dirent])
+         .mockImplementation((file, _) => [
+            'helm.exe' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
+         ])
       jest.spyOn(fs, 'statSync').mockImplementation((file) => {
          const isDirectory =
             (file as string).indexOf('folder') == -1 ? false : true
          return {isDirectory: () => isDirectory} as fs.Stats
       })
 
-      expect(await run.downloadHelm('v4.0.0')).toBe(
+      expect(await run.downloadHelm(downloadBaseURL, 'v4.0.0')).toBe(
          path.join('pathToCachedDir', 'helm.exe')
       )
-      expect(toolCache.find).toBeCalledWith('helm', 'v4.0.0')
-      expect(toolCache.downloadTool).toBeCalledWith(
-         'https://get.helm.sh/helm-v4.0.0-windows-amd64.zip'
+      expect(toolCache.find).toHaveBeenCalledWith('helm', 'v4.0.0')
+      expect(toolCache.downloadTool).toHaveBeenCalledWith(
+         'https://test.tld/helm-v4.0.0-windows-amd64.zip'
       )
-      expect(fs.chmodSync).toBeCalledWith('pathToTool', '777')
-      expect(toolCache.extractZip).toBeCalledWith('pathToTool')
-      expect(fs.chmodSync).toBeCalledWith(
+      expect(fs.chmodSync).toHaveBeenCalledWith('pathToTool', '777')
+      expect(toolCache.extractZip).toHaveBeenCalledWith('pathToTool')
+      expect(fs.chmodSync).toHaveBeenCalledWith(
          path.join('pathToCachedDir', 'helm.exe'),
          '777'
       )
@@ -215,26 +238,39 @@ describe('run.ts', () => {
       jest.spyOn(toolCache, 'downloadTool').mockImplementation(async () => {
          throw 'Unable to download'
       })
-      jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
+      jest.spyOn(os, 'platform').mockReturnValue('win32')
 
-      await expect(run.downloadHelm('v3.2.1')).rejects.toThrow(
-         'Failed to download Helm from location https://get.helm.sh/helm-v3.2.1-windows-amd64.zip'
-      )
-      expect(toolCache.find).toBeCalledWith('helm', 'v3.2.1')
-      expect(toolCache.downloadTool).toBeCalledWith(
-         'https://get.helm.sh/helm-v3.2.1-windows-amd64.zip'
+      const downloadUrl = 'https://test.tld/helm-v3.2.1-windows-amd64.zip'
+      await expect(run.downloadHelm(downloadBaseURL, 'v3.2.1')).rejects.toThrow(
+         `Failed to download Helm from location ${downloadUrl}`
       )
+      expect(toolCache.find).toHaveBeenCalledWith('helm', 'v3.2.1')
+      expect(toolCache.downloadTool).toHaveBeenCalledWith(`${downloadUrl}`)
    })
 
    test('downloadHelm() - return path to helm tool with same version from toolCache', async () => {
       jest.spyOn(toolCache, 'find').mockReturnValue('pathToCachedDir')
+      jest.spyOn(toolCache, 'cacheDir').mockResolvedValue('pathToCachedDir')
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(toolCache, 'extractZip').mockResolvedValue('extractedPath')
+      jest.spyOn(os, 'platform').mockReturnValue('win32')
       jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
+      jest
+         .spyOn(fs, 'readdirSync')
+         .mockReturnValue([
+            'helm.exe' as unknown as fs.Dirent<Buffer<ArrayBufferLike>>
+         ])
+      jest.spyOn(fs, 'statSync').mockImplementation((file) => {
+         const isDirectory =
+            (file as string).indexOf('folder') == -1 ? false : true
+         return {isDirectory: () => isDirectory} as fs.Stats
+      })
 
-      expect(await run.downloadHelm('v3.2.1')).toBe(
+      expect(await run.downloadHelm(downloadBaseURL, 'v3.2.1')).toBe(
          path.join('pathToCachedDir', 'helm.exe')
       )
-      expect(toolCache.find).toBeCalledWith('helm', 'v3.2.1')
-      expect(fs.chmodSync).toBeCalledWith(
+      expect(toolCache.find).toHaveBeenCalledWith('helm', 'v3.2.1')
+      expect(fs.chmodSync).toHaveBeenCalledWith(
          path.join('pathToCachedDir', 'helm.exe'),
          '777'
       )
@@ -243,12 +279,11 @@ describe('run.ts', () => {
    test('downloadHelm() - throw error is helm is not found in path', async () => {
       jest.spyOn(toolCache, 'find').mockReturnValue('')
       jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
-      jest.spyOn(os, 'type').mockReturnValue('Windows_NT')
-      jest.spyOn(fs, 'chmodSync').mockImplementation()
-      jest
-         .spyOn(toolCache, 'extractZip')
-         .mockResolvedValue('pathToUnzippedHelm')
       jest.spyOn(toolCache, 'cacheDir').mockResolvedValue('pathToCachedDir')
+      jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool')
+      jest.spyOn(toolCache, 'extractZip').mockResolvedValue('extractedPath')
+      jest.spyOn(os, 'platform').mockReturnValue('win32')
+      jest.spyOn(fs, 'chmodSync').mockImplementation()
       jest.spyOn(fs, 'readdirSync').mockImplementation((file, _) => [])
       jest.spyOn(fs, 'statSync').mockImplementation((file) => {
          const isDirectory =
@@ -256,14 +291,14 @@ describe('run.ts', () => {
          return {isDirectory: () => isDirectory} as fs.Stats
       })
 
-      await expect(run.downloadHelm('v3.2.1')).rejects.toThrow(
+      await expect(run.downloadHelm(downloadBaseURL, 'v3.2.1')).rejects.toThrow(
          'Helm executable not found in path pathToCachedDir'
       )
-      expect(toolCache.find).toBeCalledWith('helm', 'v3.2.1')
-      expect(toolCache.downloadTool).toBeCalledWith(
-         'https://get.helm.sh/helm-v3.2.1-windows-amd64.zip'
+      expect(toolCache.find).toHaveBeenCalledWith('helm', 'v3.2.1')
+      expect(toolCache.downloadTool).toHaveBeenCalledWith(
+         'https://test.tld/helm-v3.2.1-windows-amd64.zip'
       )
-      expect(fs.chmodSync).toBeCalledWith('pathToTool', '777')
-      expect(toolCache.extractZip).toBeCalledWith('pathToTool')
+      expect(fs.chmodSync).toHaveBeenCalledWith('pathToTool', '777')
+      expect(toolCache.extractZip).toHaveBeenCalledWith('pathToTool')
    })
 })

src/run.ts

@@ -1,5 +1,4 @@
 // Copyright (c) Microsoft Corporation.
-// Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 
 import * as os from 'os'
@@ -9,12 +8,9 @@ import * as fs from 'fs'
 
 import * as toolCache from '@actions/tool-cache'
 import * as core from '@actions/core'
-import {graphql} from '@octokit/graphql'
-import {createActionAuth} from '@octokit/auth-action'
-import {create} from 'domain'
 
 const helmToolName = 'helm'
-const stableHelmVersion = 'v3.9.0'
+const stableHelmVersion = 'v3.13.3'
 
 export async function run() {
    let version = core.getInput('version', {required: true})
@@ -27,8 +23,10 @@ export async function run() {
       version = await getLatestHelmVersion()
    }
 
-   core.startGroup(`Downloading ${version}`)
-   const cachedPath = await downloadHelm(version)
+   const downloadBaseURL = core.getInput('downloadBaseURL', {required: false})
+
+   core.startGroup(`Installing ${version}`)
+   const cachedPath = await downloadHelm(downloadBaseURL, version)
    core.endGroup()
 
    try {
@@ -51,117 +49,70 @@ export function getValidVersion(version: string): string {
 // Gets the latest helm version or returns a default stable if getting latest fails
 export async function getLatestHelmVersion(): Promise<string> {
    try {
-      const auth = createActionAuth()
-      const graphqlAuthenticated = graphql.defaults({
-         request: {hook: auth.hook}
-      })
-      const {repository} = await graphqlAuthenticated(
-         `
-            {
-               repository(name: "helm", owner: "helm") {
-                  releases(first: 100, orderBy: {field: CREATED_AT, direction: DESC}) {
-                     nodes {
-                        tagName
-                        isLatest
-                        isDraft
-                        isPrerelease
-                     }
-                  }
-               }
-            }
-         `
-      )
-      const latestValidRelease: string = repository.releases.nodes.find(
-         ({tagName, isLatest, isDraft, isPreRelease}) =>
-            isValidVersion(tagName) && isLatest && !isDraft && !isPreRelease
-      )?.tagName
-
-      if (latestValidRelease) return latestValidRelease
+      const response = await fetch('https://get.helm.sh/helm-latest-version')
+      const release = (await response.text()).trim()
+      return release
    } catch (err) {
       core.warning(
          `Error while fetching latest Helm release: ${err.toString()}. Using default version ${stableHelmVersion}`
       )
       return stableHelmVersion
    }
-
-   core.warning(
-      `Could not find valid release. Using default version ${stableHelmVersion}`
-   )
-   return stableHelmVersion
 }
 
-// isValidVersion checks if verison is a stable release
-function isValidVersion(version: string): boolean {
-   return version.indexOf('rc') == -1
+export function getArch(): string {
+   return os.arch() === 'x64' ? 'amd64' : os.arch()
+}
+
+export function getPlatform(): string {
+   return os.platform() === 'win32' ? 'windows' : os.platform()
+}
+
+export function getArchiveExtension(): string {
+   return os.platform() === 'win32' ? 'zip' : 'tar.gz'
 }
 
 export function getExecutableExtension(): string {
-   if (os.type().match(/^Win/)) {
-      return '.exe'
-   }
-   return ''
+   return os.platform() === 'win32' ? '.exe' : ''
 }
 
-const LINUX = 'Linux'
-const MAC_OS = 'Darwin'
-const WINDOWS = 'Windows_NT'
-const ARM64 = 'arm64'
-export function getHelmDownloadURL(version: string): string {
-   const arch = os.arch()
-   const operatingSystem = os.type()
-
-   switch (true) {
-      case operatingSystem == LINUX && arch == ARM64:
-         return util.format(
-            'https://get.helm.sh/helm-%s-linux-arm64.zip',
-            version
-         )
-      case operatingSystem == LINUX:
-         return util.format(
-            'https://get.helm.sh/helm-%s-linux-amd64.zip',
-            version
-         )
-
-      case operatingSystem == MAC_OS && arch == ARM64:
-         return util.format(
-            'https://get.helm.sh/helm-%s-darwin-arm64.zip',
-            version
-         )
-      case operatingSystem == MAC_OS:
-         return util.format(
-            'https://get.helm.sh/helm-%s-darwin-amd64.zip',
-            version
-         )
-
-      case operatingSystem == WINDOWS:
-      default:
-         return util.format(
-            'https://get.helm.sh/helm-%s-windows-amd64.zip',
-            version
-         )
-   }
+export function getHelmDownloadURL(baseURL: string, version: string): string {
+   const urlPath = `helm-${version}-${getPlatform()}-${getArch()}.${getArchiveExtension()}`
+   const url = new URL(urlPath, baseURL)
+   return url.toString()
 }
 
-export async function downloadHelm(version: string): Promise<string> {
+export async function downloadHelm(
+   baseURL: string,
+   version: string
+): Promise<string> {
    let cachedToolpath = toolCache.find(helmToolName, version)
-   if (!cachedToolpath) {
+   if (cachedToolpath) {
+      core.info(`Restoring '${version}' from cache`)
+   } else {
+      core.info(`Downloading '${version}' from '${baseURL}'`)
       let helmDownloadPath
       try {
          helmDownloadPath = await toolCache.downloadTool(
-            getHelmDownloadURL(version)
+            getHelmDownloadURL(baseURL, version)
          )
       } catch (exception) {
          throw new Error(
             `Failed to download Helm from location ${getHelmDownloadURL(
+               baseURL,
                version
             )}`
          )
       }
 
       fs.chmodSync(helmDownloadPath, '777')
-      const unzipedHelmPath = await toolCache.extractZip(helmDownloadPath)
+      const extractedPath =
+         getPlatform() === 'windows'
+            ? await toolCache.extractZip(helmDownloadPath)
+            : await toolCache.extractTar(helmDownloadPath)
+
       cachedToolpath = await toolCache.cacheDir(
-         unzipedHelmPath,
+         extractedPath,
          helmToolName,
          version
       )
@@ -206,5 +157,3 @@ export var walkSync = function (dir, filelist, fileToFind) {
    })
    return filelist
 }
-
-run().catch(core.setFailed)