Use astral-sh/versions as primary version provider (#802)

Closes: #777
Closes: #325

.agents/skills/dependabot-pr-rollup/SKILL.md

@@ -0,0 +1,48 @@
+---
+name: dependabot-pr-rollup
+description: Find open Dependabot PRs for the current GitHub repo, compare each PR head to its base branch, replay only the net dependency changes in a fresh worktree and branch, run npm validation, and optionally commit, push, and open a PR. Use when you want to batch or manually replicate active Dependabot updates.
+license: MIT
+compatibility: Requires git, git worktree, gh CLI auth, npm, and a GitHub repo with an origin remote.
+---
+
+# Dependabot PR Rollup
+
+## When to use
+
+Use this skill when the user wants to:
+- find all open Dependabot PRs in the current repo
+- reproduce their net effect in one local branch
+- validate the result with the repo's standard npm checks
+- optionally commit, push, and open a PR
+
+## Workflow
+
+1. Inspect the current checkout state, but do not reuse a dirty worktree.
+2. List open Dependabot PRs with `gh pr list --state open --author app/dependabot`.
+3. For each PR, collect the title, base branch, head branch, changed files, and relevant diffs.
+4. Compare each PR head against `origin/<base>` instead of trusting the PR title. Dependabot PRs can already be partially merged, superseded by newer versions, or have no remaining net effect.
+5. Create a new worktree and branch from `origin/<base>`.
+6. Reproduce only the remaining dependency changes in the new worktree.
+   - Inspect `package.json` before editing.
+   - Run `npm ci --ignore-scripts` before applying updates.
+   - Use `npm install ... --ignore-scripts` for direct dependency changes so `package-lock.json` stays in sync.
+7. Run `npm run all`.
+8. If requested, commit the changed source, lockfile, and generated artifacts, then push and open a PR.
+
+## Repo-specific notes
+
+- Use `gh` for GitHub operations.
+- Keep the user's original checkout untouched by working in a separate worktree.
+- In this repo, `npm run all` is the safest validation command because it runs build, check, package, and test.
+- If dependency changes affect bundled output, include the regenerated `dist/` files.
+
+## Report back
+
+Always report:
+- open Dependabot PRs found
+- which PRs required no net changes
+- new branch name
+- new worktree path
+- files changed
+- `npm run all` result
+- if applicable, commit SHA and PR URL

.github/copilot-instructions.md

@@ -1,263 +0,0 @@
-# Copilot Instructions for setup-uv
-
-This document provides essential information for GitHub Copilot coding agents working on the `astral-sh/setup-uv` repository.
-
-## Repository Overview
-
-**setup-uv** is a GitHub Action that sets up the [uv](https://docs.astral.sh/uv/)
-Python package installer in GitHub Actions workflows.
-It's a TypeScript-based action that downloads uv binaries, manages caching, handles version resolution,
-and configures the environment for subsequent workflow steps.
-
-### Key Features
-
-- Downloads and installs specific uv versions from GitHub releases
-- Supports version resolution from config files (pyproject.toml, uv.toml, .tool-versions)
-- Implements intelligent caching for both uv cache and Python installations
-- Provides cross-platform support (Linux, macOS, Windows, including ARM architectures)
-- Includes problem matchers for Python error reporting
-- Supports environment activation and custom tool directories
-
-## Repository Structure
-
-**Size**: Small-medium repository (~50 source files, ~400 total files including dependencies)
-**Languages**: TypeScript (primary), JavaScript (compiled output), JSON (configuration)
-**Runtime**: Node.js 24 (GitHub Actions runtime)
-**Key Dependencies**: @actions/core, @actions/cache, @actions/tool-cache, @octokit/core
-
-### Core Architecture
-
-```
-src/
-├── setup-uv.ts          # Main entry point and orchestration
-├── save-cache.ts        # Post-action cache saving logic
-├── update-known-versions.ts  # Maintenance script for version updates
-├── cache/               # Cache management functionality
-├── download/            # Version resolution and binary downloading
-├── utils/               # Input parsing, platform detection, configuration
-└── version/             # Version resolution from various file formats
-```
-
-### Key Files and Locations
-
-- **Action Definition**: `action.yml` - Defines all inputs/outputs and entry points
-- **Main Source**: `src/setup-uv.ts` - Primary action logic
-- **Configuration**: `biome.json` (linting), `tsconfig.json` (TypeScript), `jest.config.js` (testing)
-- **Compiled Output**: `dist/` - Contains compiled Node.js bundles (auto-generated, committed)
-- **Test Fixtures**: `__tests__/fixtures/` - Sample projects for different configuration scenarios
-- **Workflows**: `.github/workflows/test.yml` - Comprehensive CI/CD pipeline
-
-## Build and Development Process
-
-### Prerequisites
-
-- Node.js 24+ (matches GitHub Actions runtime)
-- npm (included with Node.js)
-
-### Essential Commands (ALWAYS run in this order)
-
-#### 1. Install Dependencies
-
-```bash
-npm ci --ignore-scripts
-```
-
-**Timing**: ~20-30 seconds
-**Note**: Always run this first after cloning or when package.json changes
-
-#### 2. Build TypeScript
-
-```bash
-npm run build
-```
-
-**Timing**: ~5-10 seconds
-**Purpose**: Compiles TypeScript source to JavaScript in `lib/` directory
-
-#### 3. Lint and Format Code
-
-```bash
-npm run check
-```
-
-**Timing**: ~2-5 seconds
-**Tool**: Biome (replaces ESLint/Prettier)
-**Auto-fixes**: Formatting, import organization, basic linting issues
-
-#### 4. Package for Distribution
-
-```bash
-npm run package
-```
-
-**Timing**: ~20-30 seconds
-**Purpose**: Creates bundled distributions in `dist/` using @vercel/ncc
-**Critical**: This step MUST be run before committing - the `dist/` files are used by GitHub Actions
-
-#### 5. Run Tests
-
-```bash
-npm test
-```
-
-**Timing**: ~10-15 seconds
-**Framework**: Jest with TypeScript support
-**Coverage**: Unit tests for version resolution, input parsing, checksum validation
-
-#### 6. Complete Validation (Recommended)
-
-```bash
-npm run all
-```
-
-**Timing**: ~60-90 seconds
-**Purpose**: Runs build → check → package → test in sequence
-**Use**: Before making pull requests or when unsure about build state
-
-### Important Build Notes
-
-**CRITICAL**: Always run `npm run package` after making code changes. The `dist/` directory contains the compiled bundles that GitHub Actions actually executes. Forgetting this step will cause your changes to have no effect.
-
-**TypeScript Warnings**: You may see ts-jest warnings about "isolatedModules" - these are harmless and don't affect functionality.
-
-**Biome**: This project uses Biome instead of ESLint/Prettier. Run `npm run check` to fix formatting and linting issues automatically.
-
-## Testing Strategy
-
-### Unit Tests
-
-- **Location**: `__tests__/` directory
-- **Framework**: Jest with ts-jest transformer
-- **Coverage**: Version resolution, input parsing, checksum validation, utility functions
-
-### Integration Tests
-
-- **Location**: `.github/workflows/test.yml`
-- **Scope**: Full end-to-end testing across multiple platforms and scenarios
-- **Key Test Categories**:
-  - Version installation (specific, latest, semver ranges)
-  - Cache behavior (setup, restore, invalidation)
-  - Cross-platform compatibility (Ubuntu, macOS, Windows, ARM)
-  - Configuration file parsing (pyproject.toml, uv.toml, requirements.txt)
-  - Error handling and edge cases
-
-### Test Fixtures
-
-Located in `__tests__/fixtures/`, these provide sample projects with different configurations:
-- `pyproject-toml-project/` - Standard Python project with uv version specification
-- `uv-toml-project/` - Project using uv.toml configuration
-- `requirements-txt-project/` - Legacy requirements.txt format
-- `cache-dir-defined-project/` - Custom cache directory configuration
-
-## Continuous Integration
-
-### GitHub Workflows
-
-#### Primary Test Suite (`.github/workflows/test.yml`)
-
-- **Triggers**: PRs, pushes to main, manual dispatch
-- **Matrix**: Multiple OS (Ubuntu, macOS, Windows), architecture (x64, ARM), and configuration combinations
-- **Duration**: ~5 minutes for full matrix
-- **Key Validations**:
-  - Cross-platform installation and functionality
-  - Cache behavior and performance
-  - Version resolution from various sources
-  - Tool directory configurations
-  - Problem matcher functionality
-
-#### Maintenance Workflows
-
-- **CodeQL Analysis**: Security scanning on pushes/PRs
-- **Update Known Versions**: Daily job to sync with latest uv releases
-- **Dependabot**: Automated dependency updates
-
-### Pre-commit Validation
-
-The CI runs these checks that you should run locally:
-1. `npm run all` - Complete build and test suite
-2. ActionLint - GitHub Actions workflow validation
-3. Change detection - Ensures no uncommitted build artifacts
-
-## Key Configuration Files
-
-### Action Configuration (`action.yml`)
-
-Defines 20+ inputs including version specifications,
-cache settings, tool directories, and environment options.
-This file is the authoritative source for understanding available action parameters.
-
-### TypeScript Configuration (`tsconfig.json`)
-
-- Target: ES2024
-- Module: nodenext (Node.js modules)
-- Strict mode enabled
-- Output directory: `lib/`
-
-### Linting Configuration (`biome.json`)
-
-- Formatter and linter combined
-- Enforces consistent code style
-- Automatically organizes imports and sorts object keys
-
-## Common Development Patterns
-
-### Making Code Changes
-
-1. Edit TypeScript source files in `src/`
-2. Run `npm run build` to compile
-3. Run `npm run check` to format and lint
-4. Run `npm run package` to update distribution bundles
-5. Run `npm test` to verify functionality
-6. Commit all changes including `dist/` files
-
-### Adding New Features
-
-- Follow existing patterns in `src/utils/inputs.ts` for new action inputs
-- Update `action.yml` to declare new inputs/outputs
-- Add corresponding tests in `__tests__/`
-- Add a test in `.github/workflows/test.yml` if it affects integration
-- Update README.md with usage examples
-
-### Cache-Related Changes
-
-- Cache logic is complex and affects performance significantly
-- Test with multiple cache scenarios (hit, miss, invalidation)
-- Consider impact on both GitHub-hosted and self-hosted runners
-- Validate cache key generation and dependency detection
-
-### Version Resolution Changes
-
-- Version resolution supports multiple file formats and precedence rules
-- Test with fixtures in `__tests__/fixtures/`
-- Consider backward compatibility with existing projects
-- Validate semver and PEP 440 specification handling
-
-## Troubleshooting
-
-### Build Failures
-
-- **"Module not found"**: Run `npm ci --ignore-scripts` to ensure dependencies are installed
-- **TypeScript errors**: Check `tsconfig.json` and ensure all imports are valid
-- **Test failures**: Check if test fixtures have been modified or if logic changes broke assumptions
-
-### Action Failures in Workflows
-
-- **Changes not taking effect**: Ensure `npm run package` was run and `dist/` files committed
-- **Version resolution issues**: Check version specification format and file existence
-- **Cache problems**: Verify cache key generation and dependency glob patterns
-
-### Common Gotchas
-
-- **Forgetting to package**: Code changes won't work without running `npm run package`
-- **Platform differences**: Windows paths use backslashes, test cross-platform behavior
-- **Cache invalidation**: Cache keys are sensitive to dependency file changes
-- **Tool directory permissions**: Some platforms require specific directory setups
-
-## Trust These Instructions
-
-These instructions are comprehensive and current. Only search for additional information if:
-- You encounter specific error messages not covered here
-- You need to understand implementation details of specific functions
-- The instructions appear outdated (check repository commit history)
-
-For most development tasks, following the build process and development patterns outlined above will be sufficient.

.github/release-drafter.yml

@@ -19,7 +19,7 @@ categories:
     labels:
       - "maintenance"
       - "ci"
-      - "update-known-versions"
+      - "update-known-checksums"
   - title: "📚 Documentation"
     labels:
       - "documentation"

.github/workflows/test.yml

@@ -25,10 +25,10 @@ jobs:
         with:
           persist-credentials: false
       - name: Actionlint
-        uses: eifinger/actionlint-action@447fbfe7533062b7a9ea55f790f2396fba6d052a # v1.10.0
+        uses: eifinger/actionlint-action@7802e0cc3ab3f81cbffb36fb0bf1a3621d994b89 # v1.10.1
       - name: Run zizmor
         uses: zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d # v0.5.0
-      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: .nvmrc
           cache: npm

.github/workflows/update-known-checksums.yml

@@ -1,4 +1,4 @@
-name: "Update known versions"
+name: "Update known checksums"
 on:
   workflow_dispatch:
   schedule:
@@ -18,16 +18,14 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: true
-      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: "20"
-      - name: Update known versions
-        id: update-known-versions
+      - name: Update known checksums
+        id: update-known-checksums
         run:
-          node dist/update-known-versions/index.js
+          node dist/update-known-checksums/index.js
           src/download/checksum/known-checksums.ts
-          version-manifest.json
-          ${{ secrets.GITHUB_TOKEN }}
       - name: Check for changes
         id: changes-exist
         run: |
@@ -48,10 +46,10 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
           git add .
-          git commit -m "chore: update known versions for $LATEST_VERSION"
+          git commit -m "chore: update known checksums for $LATEST_VERSION"
           git push origin HEAD:refs/heads/main
         env:
-          LATEST_VERSION: ${{ steps.update-known-versions.outputs.latest-version }}
+          LATEST_VERSION: ${{ steps.update-known-checksums.outputs.latest-version }}
 
       - name: Create Pull Request
         if: ${{ steps.changes-exist.outputs.changes-exist == 'true' && steps.commit-and-push.outcome != 'success' }}
@@ -60,11 +58,11 @@ jobs:
           commit-message: "chore: update known checksums"
           title:
             "chore: update known checksums for ${{
-            steps.update-known-versions.outputs.latest-version }}"
+            steps.update-known-checksums.outputs.latest-version }}"
           body:
             "chore: update known checksums for ${{
-            steps.update-known-versions.outputs.latest-version }}"
+            steps.update-known-checksums.outputs.latest-version }}"
           base: main
-          labels: "automated-pr,update-known-versions"
-          branch: update-known-versions-pr
+          labels: "automated-pr,update-known-checksums"
+          branch: update-known-checksums-pr
           delete-branch: true

AGENTS.md

@@ -1 +0,0 @@
-.github/copilot-instructions.md

AGENTS.md

@@ -0,0 +1,13 @@
+# setup-uv agent notes
+
+This repository is a TypeScript-based GitHub Action for installing `uv` in GitHub Actions workflows. It also supports restoring/saving the `uv` cache and optional managed-Python caching.
+
+- The published action runs the committed bundles in `dist/`, not the TypeScript in `src/`. After any code change, run `npm run package` and commit the resulting `dist/` updates.
+- Standard local validation is:
+  1. `npm ci --ignore-scripts`
+  2. `npm run all`
+- `npm run check` uses Biome (not ESLint/Prettier) and rewrites files in place.
+- User-facing changes are usually multi-file changes. If you add or change inputs, outputs, or behavior, update `action.yml`, the implementation in `src/`, tests in `__tests__/`, relevant docs/README, and then re-package.
+- The easiest areas to regress are version resolution and caching. When touching them, add or update tests for precedence, cache invalidation, and cross-platform path behavior.
+- Workflow edits have extra CI-only checks (`actionlint` and `zizmor`); `npm run all` does not cover them.
+- Before finishing, make sure validation does not leave generated or formatting-only diffs behind.

README.md

@@ -68,7 +68,7 @@ Have a look under [Advanced Configuration](#advanced-configuration) for detailed
     # The checksum of the uv version to install
     checksum: ""
 
-    # Used to increase the rate limit when retrieving versions and downloading uv
+    # Used when downloading uv from GitHub releases
     github-token: ${{ github.token }}
 
     # Enable uploading of the uv cache: true, false, or auto (enabled on GitHub-hosted runners, disabled on self-hosted runners)
@@ -114,7 +114,7 @@ Have a look under [Advanced Configuration](#advanced-configuration) for detailed
     # Custom path to set UV_TOOL_BIN_DIR to
     tool-bin-dir: ""
 
-    # URL to the manifest file containing available versions and download URLs
+    # URL to a custom manifest file (NDJSON preferred, legacy JSON array is deprecated)
     manifest-file: ""
 
     # Add problem matchers
@@ -190,10 +190,12 @@ For more advanced configuration options, see our detailed documentation:
 
 ## How it works
 
-This action downloads uv from the uv repo's official
-[GitHub Releases](https://github.com/astral-sh/uv) and uses the
-[GitHub Actions Toolkit](https://github.com/actions/toolkit) to cache it as a tool to speed up
-consecutive runs on self-hosted runners.
+By default, this action resolves uv versions from
+[`astral-sh/versions`](https://github.com/astral-sh/versions) (NDJSON) and downloads uv from the
+official [GitHub Releases](https://github.com/astral-sh/uv).
+
+It then uses the [GitHub Actions Toolkit](https://github.com/actions/toolkit) to cache uv as a
+tool to speed up consecutive runs on self-hosted runners.
 
 The installed version of uv is then added to the runner PATH, enabling later steps to invoke it
 by name (`uv`).

__tests__/download/checksum/checksum.test.ts

@@ -4,10 +4,11 @@ import {
   validateChecksum,
 } from "../../../src/download/checksum/checksum";
 
-test("checksum should match", async () => {
 const validChecksum =
   "f3da96ec7e995debee7f5d52ecd034dfb7074309a1da42f76429ecb814d813a3";
 const filePath = "__tests__/fixtures/checksumfile";
+
+test("checksum should match", async () => {
   // string params don't matter only test the checksum mechanism, not known checksums
   await validateChecksum(
     validChecksum,
@@ -18,6 +19,16 @@ test("checksum should match", async () => {
   );
 });
 
+test("provided checksum beats known checksums", async () => {
+  await validateChecksum(
+    validChecksum,
+    filePath,
+    "x86_64",
+    "unknown-linux-gnu",
+    "0.3.0",
+  );
+});
+
 type KnownVersionFixture = { version: string; known: boolean };
 
 it.each<KnownVersionFixture>([

__tests__/download/download-version.test.ts

@@ -0,0 +1,256 @@
+import { beforeEach, describe, expect, it, jest } from "@jest/globals";
+
+const mockInfo = jest.fn();
+const mockWarning = jest.fn();
+
+jest.mock("@actions/core", () => ({
+  debug: jest.fn(),
+  info: mockInfo,
+  warning: mockWarning,
+}));
+
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockDownloadTool = jest.fn<any>();
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockExtractTar = jest.fn<any>();
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockExtractZip = jest.fn<any>();
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockCacheDir = jest.fn<any>();
+
+jest.mock("@actions/tool-cache", () => {
+  const actual = jest.requireActual("@actions/tool-cache") as Record<
+    string,
+    unknown
+  >;
+
+  return {
+    ...actual,
+    cacheDir: mockCacheDir,
+    downloadTool: mockDownloadTool,
+    extractTar: mockExtractTar,
+    extractZip: mockExtractZip,
+  };
+});
+
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockGetLatestVersionFromNdjson = jest.fn<any>();
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockGetAllVersionsFromNdjson = jest.fn<any>();
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockGetArtifactFromNdjson = jest.fn<any>();
+
+jest.mock("../../src/download/versions-client", () => ({
+  getAllVersions: mockGetAllVersionsFromNdjson,
+  getArtifact: mockGetArtifactFromNdjson,
+  getLatestVersion: mockGetLatestVersionFromNdjson,
+}));
+
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockGetAllManifestVersions = jest.fn<any>();
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockGetLatestVersionInManifest = jest.fn<any>();
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockGetManifestArtifact = jest.fn<any>();
+
+jest.mock("../../src/download/version-manifest", () => ({
+  getAllVersions: mockGetAllManifestVersions,
+  getLatestKnownVersion: mockGetLatestVersionInManifest,
+  getManifestArtifact: mockGetManifestArtifact,
+}));
+
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockValidateChecksum = jest.fn<any>();
+
+jest.mock("../../src/download/checksum/checksum", () => ({
+  validateChecksum: mockValidateChecksum,
+}));
+
+import {
+  downloadVersionFromManifest,
+  downloadVersionFromNdjson,
+  resolveVersion,
+} from "../../src/download/download-version";
+
+describe("download-version", () => {
+  beforeEach(() => {
+    mockInfo.mockReset();
+    mockWarning.mockReset();
+    mockDownloadTool.mockReset();
+    mockExtractTar.mockReset();
+    mockExtractZip.mockReset();
+    mockCacheDir.mockReset();
+    mockGetLatestVersionFromNdjson.mockReset();
+    mockGetAllVersionsFromNdjson.mockReset();
+    mockGetArtifactFromNdjson.mockReset();
+    mockGetAllManifestVersions.mockReset();
+    mockGetLatestVersionInManifest.mockReset();
+    mockGetManifestArtifact.mockReset();
+    mockValidateChecksum.mockReset();
+
+    mockDownloadTool.mockResolvedValue("/tmp/downloaded");
+    mockExtractTar.mockResolvedValue("/tmp/extracted");
+    mockExtractZip.mockResolvedValue("/tmp/extracted");
+    mockCacheDir.mockResolvedValue("/tmp/cached");
+  });
+
+  describe("resolveVersion", () => {
+    it("uses astral-sh/versions to resolve latest", async () => {
+      mockGetLatestVersionFromNdjson.mockResolvedValue("0.9.26");
+
+      const version = await resolveVersion("latest", undefined);
+
+      expect(version).toBe("0.9.26");
+      expect(mockGetLatestVersionFromNdjson).toHaveBeenCalledTimes(1);
+    });
+
+    it("uses astral-sh/versions to resolve available versions", async () => {
+      mockGetAllVersionsFromNdjson.mockResolvedValue(["0.9.26", "0.9.25"]);
+
+      const version = await resolveVersion("^0.9.0", undefined);
+
+      expect(version).toBe("0.9.26");
+      expect(mockGetAllVersionsFromNdjson).toHaveBeenCalledTimes(1);
+    });
+
+    it("does not fall back when astral-sh/versions fails", async () => {
+      mockGetLatestVersionFromNdjson.mockRejectedValue(
+        new Error("NDJSON unavailable"),
+      );
+
+      await expect(resolveVersion("latest", undefined)).rejects.toThrow(
+        "NDJSON unavailable",
+      );
+    });
+
+    it("uses manifest-file when provided", async () => {
+      mockGetAllManifestVersions.mockResolvedValue(["0.9.26", "0.9.25"]);
+
+      const version = await resolveVersion(
+        "^0.9.0",
+        "https://example.com/custom.ndjson",
+      );
+
+      expect(version).toBe("0.9.26");
+      expect(mockGetAllManifestVersions).toHaveBeenCalledWith(
+        "https://example.com/custom.ndjson",
+      );
+    });
+  });
+
+  describe("downloadVersionFromNdjson", () => {
+    it("fails when NDJSON metadata lookup fails", async () => {
+      mockGetArtifactFromNdjson.mockRejectedValue(
+        new Error("NDJSON unavailable"),
+      );
+
+      await expect(
+        downloadVersionFromNdjson(
+          "unknown-linux-gnu",
+          "x86_64",
+          "0.9.26",
+          undefined,
+          "token",
+        ),
+      ).rejects.toThrow("NDJSON unavailable");
+
+      expect(mockDownloadTool).not.toHaveBeenCalled();
+      expect(mockValidateChecksum).not.toHaveBeenCalled();
+    });
+
+    it("fails when no matching artifact exists in NDJSON metadata", async () => {
+      mockGetArtifactFromNdjson.mockResolvedValue(undefined);
+
+      await expect(
+        downloadVersionFromNdjson(
+          "unknown-linux-gnu",
+          "x86_64",
+          "0.9.26",
+          undefined,
+          "token",
+        ),
+      ).rejects.toThrow(
+        "Could not find artifact for version 0.9.26, arch x86_64, platform unknown-linux-gnu in https://raw.githubusercontent.com/astral-sh/versions/main/v1/uv.ndjson .",
+      );
+
+      expect(mockDownloadTool).not.toHaveBeenCalled();
+      expect(mockValidateChecksum).not.toHaveBeenCalled();
+    });
+
+    it("uses built-in checksums for default NDJSON downloads", async () => {
+      mockGetArtifactFromNdjson.mockResolvedValue({
+        archiveFormat: "tar.gz",
+        sha256: "ndjson-checksum-that-should-be-ignored",
+        url: "https://example.com/uv.tar.gz",
+      });
+
+      await downloadVersionFromNdjson(
+        "unknown-linux-gnu",
+        "x86_64",
+        "0.9.26",
+        undefined,
+        "token",
+      );
+
+      expect(mockValidateChecksum).toHaveBeenCalledWith(
+        undefined,
+        "/tmp/downloaded",
+        "x86_64",
+        "unknown-linux-gnu",
+        "0.9.26",
+      );
+    });
+  });
+
+  describe("downloadVersionFromManifest", () => {
+    it("uses manifest-file checksum metadata when checksum input is unset", async () => {
+      mockGetManifestArtifact.mockResolvedValue({
+        archiveFormat: "tar.gz",
+        checksum: "manifest-checksum",
+        downloadUrl: "https://example.com/custom-uv.tar.gz",
+      });
+
+      await downloadVersionFromManifest(
+        "https://example.com/custom.ndjson",
+        "unknown-linux-gnu",
+        "x86_64",
+        "0.9.26",
+        "",
+        "token",
+      );
+
+      expect(mockValidateChecksum).toHaveBeenCalledWith(
+        "manifest-checksum",
+        "/tmp/downloaded",
+        "x86_64",
+        "unknown-linux-gnu",
+        "0.9.26",
+      );
+    });
+
+    it("prefers checksum input over manifest-file checksum metadata", async () => {
+      mockGetManifestArtifact.mockResolvedValue({
+        archiveFormat: "tar.gz",
+        checksum: "manifest-checksum",
+        downloadUrl: "https://example.com/custom-uv.tar.gz",
+      });
+
+      await downloadVersionFromManifest(
+        "https://example.com/custom.ndjson",
+        "unknown-linux-gnu",
+        "x86_64",
+        "0.9.26",
+        "user-checksum",
+        "token",
+      );
+
+      expect(mockValidateChecksum).toHaveBeenCalledWith(
+        "user-checksum",
+        "/tmp/downloaded",
+        "x86_64",
+        "unknown-linux-gnu",
+        "0.9.26",
+      );
+    });
+  });
+});

__tests__/download/version-manifest.test.ts

@@ -0,0 +1,136 @@
+import { beforeEach, describe, expect, it, jest } from "@jest/globals";
+
+const mockWarning = jest.fn();
+
+jest.mock("@actions/core", () => ({
+  debug: jest.fn(),
+  info: jest.fn(),
+  warning: mockWarning,
+}));
+
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockFetch = jest.fn<any>();
+jest.mock("../../src/utils/fetch", () => ({
+  fetch: mockFetch,
+}));
+
+import {
+  clearManifestCache,
+  getAllVersions,
+  getLatestKnownVersion,
+  getManifestArtifact,
+} from "../../src/download/version-manifest";
+
+const legacyManifestResponse = JSON.stringify([
+  {
+    arch: "x86_64",
+    artifactName: "uv-x86_64-unknown-linux-gnu.tar.gz",
+    downloadUrl:
+      "https://example.com/releases/download/0.7.12-alpha.1/uv-x86_64-unknown-linux-gnu.tar.gz",
+    platform: "unknown-linux-gnu",
+    version: "0.7.12-alpha.1",
+  },
+  {
+    arch: "x86_64",
+    artifactName: "uv-x86_64-unknown-linux-gnu.tar.gz",
+    downloadUrl:
+      "https://example.com/releases/download/0.7.13/uv-x86_64-unknown-linux-gnu.tar.gz",
+    platform: "unknown-linux-gnu",
+    version: "0.7.13",
+  },
+]);
+
+const ndjsonManifestResponse = `{"version":"0.10.0","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/releases/download/0.10.0/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"checksum-100"}]}
+{"version":"0.9.30","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/releases/download/0.9.30/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"checksum-0930"}]}`;
+
+const multiVariantManifestResponse = `{"version":"0.10.0","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"managed-python","url":"https://example.com/releases/download/0.10.0/uv-x86_64-unknown-linux-gnu-managed-python.tar.gz","archive_format":"tar.gz","sha256":"checksum-managed"},{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/releases/download/0.10.0/uv-x86_64-unknown-linux-gnu-default.zip","archive_format":"zip","sha256":"checksum-default"}]}`;
+
+function createMockResponse(
+  ok: boolean,
+  status: number,
+  statusText: string,
+  data: string,
+) {
+  return {
+    ok,
+    status,
+    statusText,
+    text: async () => data,
+  };
+}
+
+describe("version-manifest", () => {
+  beforeEach(() => {
+    clearManifestCache();
+    mockFetch.mockReset();
+    mockWarning.mockReset();
+  });
+
+  it("supports the legacy JSON manifest format", async () => {
+    mockFetch.mockResolvedValue(
+      createMockResponse(true, 200, "OK", legacyManifestResponse),
+    );
+
+    const latest = await getLatestKnownVersion(
+      "https://example.com/legacy.json",
+    );
+    const artifact = await getManifestArtifact(
+      "https://example.com/legacy.json",
+      "0.7.13",
+      "x86_64",
+      "unknown-linux-gnu",
+    );
+
+    expect(latest).toBe("0.7.13");
+    expect(artifact).toEqual({
+      archiveFormat: undefined,
+      checksum: undefined,
+      downloadUrl:
+        "https://example.com/releases/download/0.7.13/uv-x86_64-unknown-linux-gnu.tar.gz",
+    });
+    expect(mockWarning).toHaveBeenCalledTimes(1);
+  });
+
+  it("supports NDJSON manifests", async () => {
+    mockFetch.mockResolvedValue(
+      createMockResponse(true, 200, "OK", ndjsonManifestResponse),
+    );
+
+    const versions = await getAllVersions("https://example.com/custom.ndjson");
+    const artifact = await getManifestArtifact(
+      "https://example.com/custom.ndjson",
+      "0.10.0",
+      "x86_64",
+      "unknown-linux-gnu",
+    );
+
+    expect(versions).toEqual(["0.10.0", "0.9.30"]);
+    expect(artifact).toEqual({
+      archiveFormat: "tar.gz",
+      checksum: "checksum-100",
+      downloadUrl:
+        "https://example.com/releases/download/0.10.0/uv-x86_64-unknown-linux-gnu.tar.gz",
+    });
+    expect(mockWarning).not.toHaveBeenCalled();
+  });
+
+  it("prefers the default variant when a manifest contains multiple variants", async () => {
+    mockFetch.mockResolvedValue(
+      createMockResponse(true, 200, "OK", multiVariantManifestResponse),
+    );
+
+    const artifact = await getManifestArtifact(
+      "https://example.com/multi-variant.ndjson",
+      "0.10.0",
+      "x86_64",
+      "unknown-linux-gnu",
+    );
+
+    expect(artifact).toEqual({
+      archiveFormat: "zip",
+      checksum: "checksum-default",
+      downloadUrl:
+        "https://example.com/releases/download/0.10.0/uv-x86_64-unknown-linux-gnu-default.zip",
+    });
+  });
+});

__tests__/download/versions-client.test.ts

@@ -0,0 +1,169 @@
+import { beforeEach, describe, expect, it, jest } from "@jest/globals";
+
+// biome-ignore lint/suspicious/noExplicitAny: Mock requires flexible typing in tests.
+const mockFetch = jest.fn<any>();
+jest.mock("../../src/utils/fetch", () => ({
+  fetch: mockFetch,
+}));
+
+import {
+  clearCache,
+  fetchVersionData,
+  getAllVersions,
+  getArtifact,
+  getLatestVersion,
+  parseVersionData,
+} from "../../src/download/versions-client";
+
+const sampleNdjsonResponse = `{"version":"0.9.26","artifacts":[{"platform":"aarch64-apple-darwin","variant":"default","url":"https://github.com/astral-sh/uv/releases/download/0.9.26/uv-aarch64-apple-darwin.tar.gz","archive_format":"tar.gz","sha256":"fcf0a9ea6599c6ae28a4c854ac6da76f2c889354d7c36ce136ef071f7ab9721f"},{"platform":"x86_64-pc-windows-msvc","variant":"default","url":"https://github.com/astral-sh/uv/releases/download/0.9.26/uv-x86_64-pc-windows-msvc.zip","archive_format":"zip","sha256":"eb02fd95d8e0eed462b4a67ecdd320d865b38c560bffcda9a0b87ec944bdf036"}]}
+{"version":"0.9.25","artifacts":[{"platform":"aarch64-apple-darwin","variant":"default","url":"https://github.com/astral-sh/uv/releases/download/0.9.25/uv-aarch64-apple-darwin.tar.gz","archive_format":"tar.gz","sha256":"606b3c6949d971709f2526fa0d9f0fd23ccf60e09f117999b406b424af18a6a6"}]}`;
+
+const multiVariantNdjsonResponse = `{"version":"0.9.26","artifacts":[{"platform":"aarch64-apple-darwin","variant":"python-managed","url":"https://github.com/astral-sh/uv/releases/download/0.9.26/uv-aarch64-apple-darwin-managed.tar.gz","archive_format":"tar.gz","sha256":"managed-checksum"},{"platform":"aarch64-apple-darwin","variant":"default","url":"https://github.com/astral-sh/uv/releases/download/0.9.26/uv-aarch64-apple-darwin.zip","archive_format":"zip","sha256":"default-checksum"}]}`;
+
+function createMockResponse(
+  ok: boolean,
+  status: number,
+  statusText: string,
+  data: string,
+) {
+  return {
+    ok,
+    status,
+    statusText,
+    text: async () => data,
+  };
+}
+
+describe("versions-client", () => {
+  beforeEach(() => {
+    clearCache();
+    mockFetch.mockReset();
+  });
+
+  describe("fetchVersionData", () => {
+    it("should fetch and parse NDJSON data", async () => {
+      mockFetch.mockResolvedValue(
+        createMockResponse(true, 200, "OK", sampleNdjsonResponse),
+      );
+
+      const versions = await fetchVersionData();
+
+      expect(versions).toHaveLength(2);
+      expect(versions[0].version).toBe("0.9.26");
+      expect(versions[1].version).toBe("0.9.25");
+    });
+
+    it("should throw error on failed fetch", async () => {
+      mockFetch.mockResolvedValue(
+        createMockResponse(false, 500, "Internal Server Error", ""),
+      );
+
+      await expect(fetchVersionData()).rejects.toThrow(
+        "Failed to fetch version data: 500 Internal Server Error",
+      );
+    });
+
+    it("should cache results", async () => {
+      mockFetch.mockResolvedValue(
+        createMockResponse(true, 200, "OK", sampleNdjsonResponse),
+      );
+
+      await fetchVersionData();
+      await fetchVersionData();
+
+      expect(mockFetch).toHaveBeenCalledTimes(1);
+    });
+  });
+
+  describe("getLatestVersion", () => {
+    it("should return the first version (newest)", async () => {
+      mockFetch.mockResolvedValue(
+        createMockResponse(true, 200, "OK", sampleNdjsonResponse),
+      );
+
+      const latest = await getLatestVersion();
+
+      expect(latest).toBe("0.9.26");
+    });
+  });
+
+  describe("getAllVersions", () => {
+    it("should return all version strings", async () => {
+      mockFetch.mockResolvedValue(
+        createMockResponse(true, 200, "OK", sampleNdjsonResponse),
+      );
+
+      const versions = await getAllVersions();
+
+      expect(versions).toEqual(["0.9.26", "0.9.25"]);
+    });
+  });
+
+  describe("getArtifact", () => {
+    beforeEach(() => {
+      mockFetch.mockResolvedValue(
+        createMockResponse(true, 200, "OK", sampleNdjsonResponse),
+      );
+    });
+
+    it("should find artifact by version and platform", async () => {
+      const artifact = await getArtifact("0.9.26", "aarch64", "apple-darwin");
+
+      expect(artifact).toEqual({
+        archiveFormat: "tar.gz",
+        sha256:
+          "fcf0a9ea6599c6ae28a4c854ac6da76f2c889354d7c36ce136ef071f7ab9721f",
+        url: "https://github.com/astral-sh/uv/releases/download/0.9.26/uv-aarch64-apple-darwin.tar.gz",
+      });
+    });
+
+    it("should find windows artifact", async () => {
+      const artifact = await getArtifact("0.9.26", "x86_64", "pc-windows-msvc");
+
+      expect(artifact).toEqual({
+        archiveFormat: "zip",
+        sha256:
+          "eb02fd95d8e0eed462b4a67ecdd320d865b38c560bffcda9a0b87ec944bdf036",
+        url: "https://github.com/astral-sh/uv/releases/download/0.9.26/uv-x86_64-pc-windows-msvc.zip",
+      });
+    });
+
+    it("should prefer the default variant when multiple artifacts share a platform", async () => {
+      mockFetch.mockResolvedValue(
+        createMockResponse(true, 200, "OK", multiVariantNdjsonResponse),
+      );
+
+      const artifact = await getArtifact("0.9.26", "aarch64", "apple-darwin");
+
+      expect(artifact).toEqual({
+        archiveFormat: "zip",
+        sha256: "default-checksum",
+        url: "https://github.com/astral-sh/uv/releases/download/0.9.26/uv-aarch64-apple-darwin.zip",
+      });
+    });
+
+    it("should return undefined for unknown version", async () => {
+      const artifact = await getArtifact("0.0.1", "aarch64", "apple-darwin");
+
+      expect(artifact).toBeUndefined();
+    });
+
+    it("should return undefined for unknown platform", async () => {
+      const artifact = await getArtifact(
+        "0.9.26",
+        "aarch64",
+        "unknown-linux-musl",
+      );
+
+      expect(artifact).toBeUndefined();
+    });
+  });
+
+  describe("parseVersionData", () => {
+    it("should throw for malformed NDJSON", () => {
+      expect(() =>
+        parseVersionData('{"version":"0.1.0"', "test-source"),
+      ).toThrow("Failed to parse version data from test-source");
+    });
+  });
+});

action.yml

@@ -26,7 +26,7 @@ inputs:
     required: false
   github-token:
     description:
-      "Used to increase the rate limit when retrieving versions and downloading uv."
+      "Used when downloading uv from GitHub releases."
     required: false
     default: ${{ github.token }}
   enable-cache:
@@ -75,7 +75,7 @@ inputs:
     description: "Custom path to set UV_TOOL_BIN_DIR to."
     required: false
   manifest-file:
-    description: "URL to the manifest file containing available versions and download URLs."
+    description: "URL to a custom manifest file. Supports the astral-sh/versions NDJSON format and the legacy JSON array format (deprecated)."
     required: false
   add-problem-matchers:
     description: "Add problem matchers."

dist/save-cache/index.js

@@ -90979,12 +90979,11 @@ function getConfigValueFromTomlFile(filePath, key) {
 "use strict";
 
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.STATE_UV_VERSION = exports.STATE_UV_PATH = exports.TOOL_CACHE_NAME = exports.OWNER = exports.REPO = void 0;
-exports.REPO = "uv";
-exports.OWNER = "astral-sh";
+exports.VERSIONS_NDJSON_URL = exports.STATE_UV_VERSION = exports.STATE_UV_PATH = exports.TOOL_CACHE_NAME = void 0;
 exports.TOOL_CACHE_NAME = "uv";
 exports.STATE_UV_PATH = "uv-path";
 exports.STATE_UV_VERSION = "uv-version";
+exports.VERSIONS_NDJSON_URL = "https://raw.githubusercontent.com/astral-sh/versions/main/v1/uv.ndjson";
 
 
 /***/ }),
@@ -91307,6 +91306,7 @@ function getArch() {
         arm64: "aarch64",
         ia32: "i686",
         ppc64: "powerpc64le",
+        riscv64: "riscv64gc",
         s390x: "s390x",
         x64: "x86_64",
     };
@@ -93485,7 +93485,7 @@ function getStringEnd(str, seek) {
 }
 
 // dist/date.js
-var DATE_TIME_RE = /^(\d{4}-\d{2}-\d{2})?[T ]?(?:(\d{2}):\d{2}:\d{2}(?:\.\d+)?)?(Z|[-+]\d{2}:\d{2})?$/i;
+var DATE_TIME_RE = /^(\d{4}-\d{2}-\d{2})?[T ]?(?:(\d{2}):\d{2}(?::\d{2}(?:\.\d+)?)?)?(Z|[-+]\d{2}:\d{2})?$/i;
 var TomlDate = class _TomlDate extends Date {
   #hasDate = false;
   #hasTime = false;
@@ -93580,13 +93580,14 @@ var TomlDate = class _TomlDate extends Date {
 var INT_REGEX = /^((0x[0-9a-fA-F](_?[0-9a-fA-F])*)|(([+-]|0[ob])?\d(_?\d)*))$/;
 var FLOAT_REGEX = /^[+-]?\d(_?\d)*(\.\d(_?\d)*)?([eE][+-]?\d(_?\d)*)?$/;
 var LEADING_ZERO = /^[+-]?0[0-9_]/;
-var ESCAPE_REGEX = /^[0-9a-f]{4,8}$/i;
+var ESCAPE_REGEX = /^[0-9a-f]{2,8}$/i;
 var ESC_MAP = {
   b: "\b",
   t: "	",
   n: "\n",
   f: "\f",
   r: "\r",
+  e: "\x1B",
   '"': '"',
   "\\": "\\"
 };
@@ -93621,8 +93622,8 @@ function parseString(str, ptr = 0, endPtr = str.length) {
     }
     if (isEscape) {
       isEscape = false;
-      if (c === "u" || c === "U") {
-        let code = str.slice(ptr, ptr += c === "u" ? 4 : 8);
+      if (c === "x" || c === "u" || c === "U") {
+        let code = str.slice(ptr, ptr += c === "x" ? 2 : c === "u" ? 4 : 8);
         if (!ESCAPE_REGEX.test(code)) {
           throw new TomlError("invalid unicode escape", {
             toml: str,
@@ -93715,24 +93716,14 @@ function parseValue(value, toml, ptr, integersAsBigInt) {
 }
 
 // dist/extract.js
-function sliceAndTrimEndOf(str, startPtr, endPtr, allowNewLines) {
+function sliceAndTrimEndOf(str, startPtr, endPtr) {
   let value = str.slice(startPtr, endPtr);
   let commentIdx = value.indexOf("#");
   if (commentIdx > -1) {
     skipComment(str, commentIdx);
     value = value.slice(0, commentIdx);
   }
-  let trimmed = value.trimEnd();
-  if (!allowNewLines) {
-    let newlineIdx = value.indexOf("\n", trimmed.length);
-    if (newlineIdx > -1) {
-      throw new TomlError("newlines are not allowed in inline tables", {
-        toml: str,
-        ptr: startPtr + newlineIdx
-      });
-    }
-  }
-  return [trimmed, commentIdx];
+  return [value.trimEnd(), commentIdx];
 }
 function extractValue(str, ptr, end, depth, integersAsBigInt) {
   if (depth === 0) {
@@ -93744,24 +93735,25 @@ function extractValue(str, ptr, end, depth, integersAsBigInt) {
   let c = str[ptr];
   if (c === "[" || c === "{") {
     let [value, endPtr2] = c === "[" ? parseArray(str, ptr, depth, integersAsBigInt) : parseInlineTable(str, ptr, depth, integersAsBigInt);
-    let newPtr = end ? skipUntil(str, endPtr2, ",", end) : endPtr2;
-    if (endPtr2 - newPtr && end === "}") {
-      let nextNewLine = indexOfNewline(str, endPtr2, newPtr);
-      if (nextNewLine > -1) {
-        throw new TomlError("newlines are not allowed in inline tables", {
+    if (end) {
+      endPtr2 = skipVoid(str, endPtr2);
+      if (str[endPtr2] === ",")
+        endPtr2++;
+      else if (str[endPtr2] !== end) {
+        throw new TomlError("expected comma or end of structure", {
           toml: str,
-          ptr: nextNewLine
+          ptr: endPtr2
         });
       }
     }
-    return [value, newPtr];
+    return [value, endPtr2];
   }
   let endPtr;
   if (c === '"' || c === "'") {
     endPtr = getStringEnd(str, ptr);
     let parsed = parseString(str, ptr, endPtr);
     if (end) {
-      endPtr = skipVoid(str, endPtr, end !== "]");
+      endPtr = skipVoid(str, endPtr);
       if (str[endPtr] && str[endPtr] !== "," && str[endPtr] !== end && str[endPtr] !== "\n" && str[endPtr] !== "\r") {
         throw new TomlError("unexpected character encountered", {
           toml: str,
@@ -93773,7 +93765,7 @@ function extractValue(str, ptr, end, depth, integersAsBigInt) {
     return [parsed, endPtr];
   }
   endPtr = skipUntil(str, ptr, ",", end);
-  let slice = sliceAndTrimEndOf(str, ptr, endPtr - +(str[endPtr - 1] === ","), end === "]");
+  let slice = sliceAndTrimEndOf(str, ptr, endPtr - +(str[endPtr - 1] === ","));
   if (!slice[0]) {
     throw new TomlError("incomplete key-value declaration: no value specified", {
       toml: str,
@@ -93863,17 +93855,16 @@ function parseInlineTable(str, ptr, depth, integersAsBigInt) {
   let res = {};
   let seen = /* @__PURE__ */ new Set();
   let c;
-  let comma = 0;
   ptr++;
   while ((c = str[ptr++]) !== "}" && c) {
-    let err = { toml: str, ptr: ptr - 1 };
-    if (c === "\n") {
-      throw new TomlError("newlines are not allowed in inline tables", err);
-    } else if (c === "#") {
-      throw new TomlError("inline tables cannot contain comments", err);
-    } else if (c === ",") {
-      throw new TomlError("expected key-value, found comma", err);
-    } else if (c !== " " && c !== "	") {
+    if (c === ",") {
+      throw new TomlError("expected value, found comma", {
+        toml: str,
+        ptr: ptr - 1
+      });
+    } else if (c === "#")
+      ptr = skipComment(str, ptr);
+    else if (c !== " " && c !== "	" && c !== "\n" && c !== "\r") {
       let k;
       let t = res;
       let hasOwn = false;
@@ -93902,15 +93893,8 @@ function parseInlineTable(str, ptr, depth, integersAsBigInt) {
       seen.add(value);
       t[k] = value;
       ptr = valueEndPtr;
-      comma = str[ptr - 1] === "," ? ptr - 1 : 0;
     }
   }
-  if (comma) {
-    throw new TomlError("trailing commas are not allowed in inline tables", {
-      toml: str,
-      ptr: comma
-    });
-  }
   if (!c) {
     throw new TomlError("unfinished table encountered", {
       toml: str,
@@ -94162,14 +94146,13 @@ function stringifyArrayTable(array, key, depth, numberAsFloat) {
   }
   let res = "";
   for (let i = 0; i < array.length; i++) {
-    res += `[[${key}]]
+    res += `${res && "\n"}[[${key}]]
 `;
-    res += stringifyTable(array[i], key, depth, numberAsFloat);
-    res += "\n\n";
+    res += stringifyTable(0, array[i], key, depth, numberAsFloat);
   }
   return res;
 }
-function stringifyTable(obj, prefix, depth, numberAsFloat) {
+function stringifyTable(tableKey, obj, prefix, depth, numberAsFloat) {
   if (depth === 0) {
     throw new Error("Could not stringify the object: maximum object depth exceeded");
   }
@@ -94185,13 +94168,10 @@ function stringifyTable(obj, prefix, depth, numberAsFloat) {
       }
       let key = BARE_KEY.test(k) ? k : formatString(k);
       if (type === "array" && isArrayOfTables(obj[k])) {
-        tables += stringifyArrayTable(obj[k], prefix ? `${prefix}.${key}` : key, depth - 1, numberAsFloat);
+        tables += (tables && "\n") + stringifyArrayTable(obj[k], prefix ? `${prefix}.${key}` : key, depth - 1, numberAsFloat);
       } else if (type === "object") {
         let tblKey = prefix ? `${prefix}.${key}` : key;
-        tables += `[${tblKey}]
-`;
-        tables += stringifyTable(obj[k], tblKey, depth - 1, numberAsFloat);
-        tables += "\n\n";
+        tables += (tables && "\n") + stringifyTable(tblKey, obj[k], tblKey, depth - 1, numberAsFloat);
       } else {
         preamble += key;
         preamble += " = ";
@@ -94200,14 +94180,20 @@ function stringifyTable(obj, prefix, depth, numberAsFloat) {
       }
     }
   }
-  return `${preamble}
-${tables}`.trim();
+  if (tableKey && (preamble || !tables))
+    preamble = preamble ? `[${tableKey}]
+${preamble}` : `[${tableKey}]`;
+  return preamble && tables ? `${preamble}
+${tables}` : preamble || tables;
 }
 function stringify(obj, { maxDepth = 1e3, numbersAsFloat = false } = {}) {
   if (extendedTypeOf(obj) !== "object") {
     throw new TypeError("stringify can only be called with an object");
   }
-  return stringifyTable(obj, "", maxDepth, numbersAsFloat);
+  let str = stringifyTable(0, obj, "", maxDepth, numbersAsFloat);
+  if (str[str.length - 1] !== "\n")
+    return str + "\n";
+  return str;
 }
 
 // dist/index.js

docs/customization.md

@@ -18,12 +18,29 @@ are automatically verified by this action. The sha256 hashes can be found on the
 
 ## Manifest file
 
-The `manifest-file` input allows you to specify a JSON manifest that lists available uv versions,
-architectures, and their download URLs. By default, this action uses the manifest file contained
-in this repository, which is automatically updated with each release of uv.
+By default, setup-uv reads version metadata from
+[`astral-sh/versions`](https://github.com/astral-sh/versions) (NDJSON format).
 
-The manifest file contains an array of objects, each describing a version,
-architecture, platform, and the corresponding download URL. For example:
+The `manifest-file` input lets you override that source with your own URL, for example to test
+custom uv builds or alternate download locations.
+
+### Format
+
+The manifest file must be in NDJSON format, where each line is a JSON object representing a version and its artifacts. For example:
+
+```json
+{"version":"0.10.7","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}
+{"version":"0.10.6","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}
+```
+
+setup-uv currently only supports `default` as the `variant`.
+
+The `archive_format` field is currently ignored.
+
+### Legacy format: JSON array (deprecated)
+
+The previous JSON array format is still supported for compatibility, but deprecated and will be
+removed in a future major release.
 
 ```json
 [
@@ -33,26 +50,20 @@ architecture, platform, and the corresponding download URL. For example:
     "arch": "aarch64",
     "platform": "apple-darwin",
     "downloadUrl": "https://github.com/astral-sh/uv/releases/download/0.7.13/uv-aarch64-apple-darwin.tar.gz"
-  },
-  ...
+  }
 ]
 ```
 
-You can supply a custom manifest file URL to define additional versions,
-architectures, or different download URLs.
-This is useful if you maintain your own uv builds or want to override the default sources.
-
 ```yaml
 - name: Use a custom manifest file
   uses: astral-sh/setup-uv@v7
   with:
-    manifest-file: "https://example.com/my-custom-manifest.json"
+    manifest-file: "https://example.com/my-custom-manifest.ndjson"
 ```
 
 > [!NOTE]
-> When you use a custom manifest file and do not set the `version` input, its default value is `latest`.
-> This means the action will install the latest version available in the custom manifest file.
-> This is different from the default behavior of installing the latest version from the official uv releases.
+> When you use a custom manifest file and do not set the `version` input, setup-uv installs the
+> latest version from that custom manifest.
 
 ## Add problem matchers
 

docs/environment-and-tools.md

@@ -38,9 +38,12 @@ You can customize the venv location with `venv-path`, for example to place it in
 
 ## GitHub authentication token
 
-This action uses the GitHub API to fetch the uv release artifacts. To avoid hitting the GitHub API
-rate limit too quickly, an authentication token can be provided via the `github-token` input. By
-default, the `GITHUB_TOKEN` secret is used, which is automatically provided by GitHub Actions.
+By default, this action resolves available uv versions from
+[`astral-sh/versions`](https://github.com/astral-sh/versions), then downloads uv artifacts from
+GitHub Releases.
+
+You can provide a token via `github-token` to authenticate those downloads. By default, the
+`GITHUB_TOKEN` secret is used, which is automatically provided by GitHub Actions.
 
 If the default
 [permissions for the GitHub token](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)

package-lock.json

@@ -15,15 +15,12 @@
         "@actions/glob": "^0.5.0",
         "@actions/io": "^1.1.3",
         "@actions/tool-cache": "^2.0.2",
-        "@octokit/core": "^7.0.6",
-        "@octokit/plugin-paginate-rest": "^14.0.0",
-        "@octokit/plugin-rest-endpoint-methods": "^17.0.0",
         "@renovatebot/pep440": "^4.2.1",
-        "smol-toml": "^1.4.2",
+        "smol-toml": "^1.6.0",
         "undici": "5.28.5"
       },
       "devDependencies": {
-        "@biomejs/biome": "2.3.7",
+        "@biomejs/biome": "2.3.8",
         "@types/js-yaml": "^4.0.9",
         "@types/node": "^24.10.1",
         "@types/semver": "^7.7.1",
@@ -412,7 +409,6 @@
       "integrity": "sha512-UlLAnTPrFdNGoFtbSXwcGFQBtQZJCNjaN6hQNP3UPvuNXT1i82N26KL3dZeIpNalWywr9IuQuncaAfUaS1g6sQ==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@ampproject/remapping": "^2.2.0",
         "@babel/code-frame": "^7.27.1",
@@ -890,9 +886,9 @@
       "license": "MIT"
     },
     "node_modules/@biomejs/biome": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.3.7.tgz",
-      "integrity": "sha512-CTbAS/jNAiUc6rcq94BrTB8z83O9+BsgWj2sBCQg9rD6Wkh2gjfR87usjx0Ncx0zGXP1NKgT7JNglay5Zfs9jw==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.3.8.tgz",
+      "integrity": "sha512-Qjsgoe6FEBxWAUzwFGFrB+1+M8y/y5kwmg5CHac+GSVOdmOIqsAiXM5QMVGZJ1eCUCLlPZtq4aFAQ0eawEUuUA==",
       "dev": true,
       "license": "MIT OR Apache-2.0",
       "bin": {
@@ -906,20 +902,20 @@
         "url": "https://opencollective.com/biome"
       },
       "optionalDependencies": {
-        "@biomejs/cli-darwin-arm64": "2.3.7",
-        "@biomejs/cli-darwin-x64": "2.3.7",
-        "@biomejs/cli-linux-arm64": "2.3.7",
-        "@biomejs/cli-linux-arm64-musl": "2.3.7",
-        "@biomejs/cli-linux-x64": "2.3.7",
-        "@biomejs/cli-linux-x64-musl": "2.3.7",
-        "@biomejs/cli-win32-arm64": "2.3.7",
-        "@biomejs/cli-win32-x64": "2.3.7"
+        "@biomejs/cli-darwin-arm64": "2.3.8",
+        "@biomejs/cli-darwin-x64": "2.3.8",
+        "@biomejs/cli-linux-arm64": "2.3.8",
+        "@biomejs/cli-linux-arm64-musl": "2.3.8",
+        "@biomejs/cli-linux-x64": "2.3.8",
+        "@biomejs/cli-linux-x64-musl": "2.3.8",
+        "@biomejs/cli-win32-arm64": "2.3.8",
+        "@biomejs/cli-win32-x64": "2.3.8"
       }
     },
     "node_modules/@biomejs/cli-darwin-arm64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.7.tgz",
-      "integrity": "sha512-LirkamEwzIUULhXcf2D5b+NatXKeqhOwilM+5eRkbrnr6daKz9rsBL0kNZ16Hcy4b8RFq22SG4tcLwM+yx/wFA==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.8.tgz",
+      "integrity": "sha512-HM4Zg9CGQ3txTPflxD19n8MFPrmUAjaC7PQdLkugeeC0cQ+PiVrd7i09gaBS/11QKsTDBJhVg85CEIK9f50Qww==",
       "cpu": [
         "arm64"
       ],
@@ -934,9 +930,9 @@
       }
     },
     "node_modules/@biomejs/cli-darwin-x64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.7.tgz",
-      "integrity": "sha512-Q4TO633kvrMQkKIV7wmf8HXwF0dhdTD9S458LGE24TYgBjSRbuhvio4D5eOQzirEYg6eqxfs53ga/rbdd8nBKg==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.8.tgz",
+      "integrity": "sha512-lUDQ03D7y/qEao7RgdjWVGCu+BLYadhKTm40HkpJIi6kn8LSv5PAwRlew/DmwP4YZ9ke9XXoTIQDO1vAnbRZlA==",
       "cpu": [
         "x64"
       ],
@@ -951,9 +947,9 @@
       }
     },
     "node_modules/@biomejs/cli-linux-arm64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.7.tgz",
-      "integrity": "sha512-inHOTdlstUBzgjDcx0ge71U4SVTbwAljmkfi3MC5WzsYCRhancqfeL+sa4Ke6v2ND53WIwCFD5hGsYExoI3EZQ==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.8.tgz",
+      "integrity": "sha512-Uo1OJnIkJgSgF+USx970fsM/drtPcQ39I+JO+Fjsaa9ZdCN1oysQmy6oAGbyESlouz+rzEckLTF6DS7cWse95g==",
       "cpu": [
         "arm64"
       ],
@@ -968,9 +964,9 @@
       }
     },
     "node_modules/@biomejs/cli-linux-arm64-musl": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.7.tgz",
-      "integrity": "sha512-/afy8lto4CB8scWfMdt+NoCZtatBUF62Tk3ilWH2w8ENd5spLhM77zKlFZEvsKJv9AFNHknMl03zO67CiklL2Q==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.8.tgz",
+      "integrity": "sha512-PShR4mM0sjksUMyxbyPNMxoKFPVF48fU8Qe8Sfx6w6F42verbwRLbz+QiKNiDPRJwUoMG1nPM50OBL3aOnTevA==",
       "cpu": [
         "arm64"
       ],
@@ -985,9 +981,9 @@
       }
     },
     "node_modules/@biomejs/cli-linux-x64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.7.tgz",
-      "integrity": "sha512-fJMc3ZEuo/NaMYo5rvoWjdSS5/uVSW+HPRQujucpZqm2ZCq71b8MKJ9U4th9yrv2L5+5NjPF0nqqILCl8HY/fg==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.8.tgz",
+      "integrity": "sha512-QDPMD5bQz6qOVb3kiBui0zKZXASLo0NIQ9JVJio5RveBEFgDgsvJFUvZIbMbUZT3T00M/1wdzwWXk4GIh0KaAw==",
       "cpu": [
         "x64"
       ],
@@ -1002,9 +998,9 @@
       }
     },
     "node_modules/@biomejs/cli-linux-x64-musl": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.7.tgz",
-      "integrity": "sha512-CQUtgH1tIN6e5wiYSJqzSwJumHYolNtaj1dwZGCnZXm2PZU1jOJof9TsyiP3bXNDb+VOR7oo7ZvY01If0W3iFQ==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.8.tgz",
+      "integrity": "sha512-YGLkqU91r1276uwSjiUD/xaVikdxgV1QpsicT0bIA1TaieM6E5ibMZeSyjQ/izBn4tKQthUSsVZacmoJfa3pDA==",
       "cpu": [
         "x64"
       ],
@@ -1019,9 +1015,9 @@
       }
     },
     "node_modules/@biomejs/cli-win32-arm64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.7.tgz",
-      "integrity": "sha512-aJAE8eCNyRpcfx2JJAtsPtISnELJ0H4xVVSwnxm13bzI8RwbXMyVtxy2r5DV1xT3WiSP+7LxORcApWw0LM8HiA==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.8.tgz",
+      "integrity": "sha512-H4IoCHvL1fXKDrTALeTKMiE7GGWFAraDwBYFquE/L/5r1927Te0mYIGseXi4F+lrrwhSWbSGt5qPFswNoBaCxg==",
       "cpu": [
         "arm64"
       ],
@@ -1036,9 +1032,9 @@
       }
     },
     "node_modules/@biomejs/cli-win32-x64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.7.tgz",
-      "integrity": "sha512-pulzUshqv9Ed//MiE8MOUeeEkbkSHVDVY5Cz5wVAnH1DUqliCQG3j6s1POaITTFqFfo7AVIx2sWdKpx/GS+Nqw==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.8.tgz",
+      "integrity": "sha512-RguzimPoZWtBapfKhKjcWXBVI91tiSprqdBYu7tWhgN8pKRZhw24rFeNZTNf6UiBfjCYCi9eFQs/JzJZIhuK4w==",
       "cpu": [
         "x64"
       ],
@@ -1590,134 +1586,6 @@
         "@tybys/wasm-util": "^0.10.0"
       }
     },
-    "node_modules/@octokit/auth-token": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-6.0.0.tgz",
-      "integrity": "sha512-P4YJBPdPSpWTQ1NU4XYdvHvXJJDxM6YwpS0FZHRgP7YFkdVxsWcpWGy/NVqlAA7PcPCnMacXlRm1y2PFZRWL/w==",
-      "license": "MIT",
-      "engines": {
-        "node": ">= 20"
-      }
-    },
-    "node_modules/@octokit/core": {
-      "version": "7.0.6",
-      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.6.tgz",
-      "integrity": "sha512-DhGl4xMVFGVIyMwswXeyzdL4uXD5OGILGX5N8Y+f6W7LhC1Ze2poSNrkF/fedpVDHEEZ+PHFW0vL14I+mm8K3Q==",
-      "license": "MIT",
-      "peer": true,
-      "dependencies": {
-        "@octokit/auth-token": "^6.0.0",
-        "@octokit/graphql": "^9.0.3",
-        "@octokit/request": "^10.0.6",
-        "@octokit/request-error": "^7.0.2",
-        "@octokit/types": "^16.0.0",
-        "before-after-hook": "^4.0.0",
-        "universal-user-agent": "^7.0.0"
-      },
-      "engines": {
-        "node": ">= 20"
-      }
-    },
-    "node_modules/@octokit/endpoint": {
-      "version": "11.0.2",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.2.tgz",
-      "integrity": "sha512-4zCpzP1fWc7QlqunZ5bSEjxc6yLAlRTnDwKtgXfcI/FxxGoqedDG8V2+xJ60bV2kODqcGB+nATdtap/XYq2NZQ==",
-      "license": "MIT",
-      "dependencies": {
-        "@octokit/types": "^16.0.0",
-        "universal-user-agent": "^7.0.2"
-      },
-      "engines": {
-        "node": ">= 20"
-      }
-    },
-    "node_modules/@octokit/graphql": {
-      "version": "9.0.3",
-      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.3.tgz",
-      "integrity": "sha512-grAEuupr/C1rALFnXTv6ZQhFuL1D8G5y8CN04RgrO4FIPMrtm+mcZzFG7dcBm+nq+1ppNixu+Jd78aeJOYxlGA==",
-      "license": "MIT",
-      "dependencies": {
-        "@octokit/request": "^10.0.6",
-        "@octokit/types": "^16.0.0",
-        "universal-user-agent": "^7.0.0"
-      },
-      "engines": {
-        "node": ">= 20"
-      }
-    },
-    "node_modules/@octokit/openapi-types": {
-      "version": "27.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-27.0.0.tgz",
-      "integrity": "sha512-whrdktVs1h6gtR+09+QsNk2+FO+49j6ga1c55YZudfEG+oKJVvJLQi3zkOm5JjiUXAagWK2tI2kTGKJ2Ys7MGA==",
-      "license": "MIT"
-    },
-    "node_modules/@octokit/plugin-paginate-rest": {
-      "version": "14.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-14.0.0.tgz",
-      "integrity": "sha512-fNVRE7ufJiAA3XUrha2omTA39M6IXIc6GIZLvlbsm8QOQCYvpq/LkMNGyFlB1d8hTDzsAXa3OKtybdMAYsV/fw==",
-      "license": "MIT",
-      "dependencies": {
-        "@octokit/types": "^16.0.0"
-      },
-      "engines": {
-        "node": ">= 20"
-      },
-      "peerDependencies": {
-        "@octokit/core": ">=6"
-      }
-    },
-    "node_modules/@octokit/plugin-rest-endpoint-methods": {
-      "version": "17.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-17.0.0.tgz",
-      "integrity": "sha512-B5yCyIlOJFPqUUeiD0cnBJwWJO8lkJs5d8+ze9QDP6SvfiXSz1BF+91+0MeI1d2yxgOhU/O+CvtiZ9jSkHhFAw==",
-      "license": "MIT",
-      "dependencies": {
-        "@octokit/types": "^16.0.0"
-      },
-      "engines": {
-        "node": ">= 20"
-      },
-      "peerDependencies": {
-        "@octokit/core": ">=6"
-      }
-    },
-    "node_modules/@octokit/request": {
-      "version": "10.0.7",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.7.tgz",
-      "integrity": "sha512-v93h0i1yu4idj8qFPZwjehoJx4j3Ntn+JhXsdJrG9pYaX6j/XRz2RmasMUHtNgQD39nrv/VwTWSqK0RNXR8upA==",
-      "license": "MIT",
-      "dependencies": {
-        "@octokit/endpoint": "^11.0.2",
-        "@octokit/request-error": "^7.0.2",
-        "@octokit/types": "^16.0.0",
-        "fast-content-type-parse": "^3.0.0",
-        "universal-user-agent": "^7.0.2"
-      },
-      "engines": {
-        "node": ">= 20"
-      }
-    },
-    "node_modules/@octokit/request-error": {
-      "version": "7.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.1.0.tgz",
-      "integrity": "sha512-KMQIfq5sOPpkQYajXHwnhjCC0slzCNScLHs9JafXc4RAJI+9f+jNDlBNaIMTvazOPLgb4BnlhGJOTbnN0wIjPw==",
-      "license": "MIT",
-      "dependencies": {
-        "@octokit/types": "^16.0.0"
-      },
-      "engines": {
-        "node": ">= 20"
-      }
-    },
-    "node_modules/@octokit/types": {
-      "version": "16.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-16.0.0.tgz",
-      "integrity": "sha512-sKq+9r1Mm4efXW1FCk7hFSeJo4QKreL/tTbR0rz/qx/r1Oa2VV83LTA/H/MuCOX7uCIJmQVRKBcbmWoySjAnSg==",
-      "license": "MIT",
-      "dependencies": {
-        "@octokit/openapi-types": "^27.0.0"
-      }
-    },
     "node_modules/@opentelemetry/api": {
       "version": "1.4.1",
       "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.4.1.tgz",
@@ -2454,12 +2322,6 @@
       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
       "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c="
     },
-    "node_modules/before-after-hook": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-4.0.0.tgz",
-      "integrity": "sha512-q6tR3RPqIB1pMiTRMFcZwuG5T8vwp+vUvEG0vuI6B+Rikh5BfPp2fQ82c925FOs+b0lcFQ8CFrL+KbilfZFhOQ==",
-      "license": "Apache-2.0"
-    },
     "node_modules/brace-expansion": {
       "version": "1.1.12",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
@@ -2502,7 +2364,6 @@
         }
       ],
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "caniuse-lite": "^1.0.30001733",
         "electron-to-chromium": "^1.5.199",
@@ -3070,22 +2931,6 @@
         "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0"
       }
     },
-    "node_modules/fast-content-type-parse": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/fast-content-type-parse/-/fast-content-type-parse-3.0.0.tgz",
-      "integrity": "sha512-ZvLdcY8P+N8mGQJahJV5G4U88CSvT1rP8ApL6uETe88MBXrBHAkZlSEySdUlyztF7ccb+Znos3TFqaepHxdhBg==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/fastify"
-        },
-        {
-          "type": "opencollective",
-          "url": "https://opencollective.com/fastify"
-        }
-      ],
-      "license": "MIT"
-    },
     "node_modules/fast-json-stable-stringify": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
@@ -3630,7 +3475,6 @@
       "integrity": "sha512-F26gjC0yWN8uAA5m5Ss8ZQf5nDHWGlN/xWZIh8S5SRbsEKBovwZhxGd6LJlbZYxBgCYOtreSUyb8hpXyGC5O4A==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@jest/core": "30.2.0",
         "@jest/types": "30.2.0",
@@ -4907,9 +4751,9 @@
       }
     },
     "node_modules/smol-toml": {
-      "version": "1.4.2",
-      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.4.2.tgz",
-      "integrity": "sha512-rInDH6lCNiEyn3+hH8KVGFdbjc099j47+OSgbMrfDYX1CmXLfdKd7qi6IfcWj2wFxvSVkuI46M+wPGYfEOEj6g==",
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.6.0.tgz",
+      "integrity": "sha512-4zemZi0HvTnYwLfrpk/CF9LOd9Lt87kAt50GnqhMpyF9U3poDAP2+iukq2bZsO/ufegbYehBkqINbsWxj4l4cw==",
       "license": "BSD-3-Clause",
       "engines": {
         "node": ">= 18"
@@ -5329,7 +5173,6 @@
       "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
       "dev": true,
       "license": "Apache-2.0",
-      "peer": true,
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
@@ -5370,12 +5213,6 @@
       "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
       "license": "MIT"
     },
-    "node_modules/universal-user-agent": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-7.0.3.tgz",
-      "integrity": "sha512-TmnEAEAsBJVZM/AADELsK76llnwcf9vMKuPz8JflO1frO8Lchitr0fNaN9d+Ap0BjKtqWqd/J17qeDnXh8CL2A==",
-      "license": "ISC"
-    },
     "node_modules/unrs-resolver": {
       "version": "1.11.1",
       "resolved": "https://registry.npmjs.org/unrs-resolver/-/unrs-resolver-1.11.1.tgz",
@@ -6072,7 +5909,6 @@
       "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.0.tgz",
       "integrity": "sha512-UlLAnTPrFdNGoFtbSXwcGFQBtQZJCNjaN6hQNP3UPvuNXT1i82N26KL3dZeIpNalWywr9IuQuncaAfUaS1g6sQ==",
       "dev": true,
-      "peer": true,
       "requires": {
         "@ampproject/remapping": "^2.2.0",
         "@babel/code-frame": "^7.27.1",
@@ -6395,74 +6231,74 @@
       "dev": true
     },
     "@biomejs/biome": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.3.7.tgz",
-      "integrity": "sha512-CTbAS/jNAiUc6rcq94BrTB8z83O9+BsgWj2sBCQg9rD6Wkh2gjfR87usjx0Ncx0zGXP1NKgT7JNglay5Zfs9jw==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.3.8.tgz",
+      "integrity": "sha512-Qjsgoe6FEBxWAUzwFGFrB+1+M8y/y5kwmg5CHac+GSVOdmOIqsAiXM5QMVGZJ1eCUCLlPZtq4aFAQ0eawEUuUA==",
       "dev": true,
       "requires": {
-        "@biomejs/cli-darwin-arm64": "2.3.7",
-        "@biomejs/cli-darwin-x64": "2.3.7",
-        "@biomejs/cli-linux-arm64": "2.3.7",
-        "@biomejs/cli-linux-arm64-musl": "2.3.7",
-        "@biomejs/cli-linux-x64": "2.3.7",
-        "@biomejs/cli-linux-x64-musl": "2.3.7",
-        "@biomejs/cli-win32-arm64": "2.3.7",
-        "@biomejs/cli-win32-x64": "2.3.7"
+        "@biomejs/cli-darwin-arm64": "2.3.8",
+        "@biomejs/cli-darwin-x64": "2.3.8",
+        "@biomejs/cli-linux-arm64": "2.3.8",
+        "@biomejs/cli-linux-arm64-musl": "2.3.8",
+        "@biomejs/cli-linux-x64": "2.3.8",
+        "@biomejs/cli-linux-x64-musl": "2.3.8",
+        "@biomejs/cli-win32-arm64": "2.3.8",
+        "@biomejs/cli-win32-x64": "2.3.8"
       }
     },
     "@biomejs/cli-darwin-arm64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.7.tgz",
-      "integrity": "sha512-LirkamEwzIUULhXcf2D5b+NatXKeqhOwilM+5eRkbrnr6daKz9rsBL0kNZ16Hcy4b8RFq22SG4tcLwM+yx/wFA==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.8.tgz",
+      "integrity": "sha512-HM4Zg9CGQ3txTPflxD19n8MFPrmUAjaC7PQdLkugeeC0cQ+PiVrd7i09gaBS/11QKsTDBJhVg85CEIK9f50Qww==",
       "dev": true,
       "optional": true
     },
     "@biomejs/cli-darwin-x64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.7.tgz",
-      "integrity": "sha512-Q4TO633kvrMQkKIV7wmf8HXwF0dhdTD9S458LGE24TYgBjSRbuhvio4D5eOQzirEYg6eqxfs53ga/rbdd8nBKg==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.8.tgz",
+      "integrity": "sha512-lUDQ03D7y/qEao7RgdjWVGCu+BLYadhKTm40HkpJIi6kn8LSv5PAwRlew/DmwP4YZ9ke9XXoTIQDO1vAnbRZlA==",
       "dev": true,
       "optional": true
     },
     "@biomejs/cli-linux-arm64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.7.tgz",
-      "integrity": "sha512-inHOTdlstUBzgjDcx0ge71U4SVTbwAljmkfi3MC5WzsYCRhancqfeL+sa4Ke6v2ND53WIwCFD5hGsYExoI3EZQ==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.8.tgz",
+      "integrity": "sha512-Uo1OJnIkJgSgF+USx970fsM/drtPcQ39I+JO+Fjsaa9ZdCN1oysQmy6oAGbyESlouz+rzEckLTF6DS7cWse95g==",
       "dev": true,
       "optional": true
     },
     "@biomejs/cli-linux-arm64-musl": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.7.tgz",
-      "integrity": "sha512-/afy8lto4CB8scWfMdt+NoCZtatBUF62Tk3ilWH2w8ENd5spLhM77zKlFZEvsKJv9AFNHknMl03zO67CiklL2Q==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.8.tgz",
+      "integrity": "sha512-PShR4mM0sjksUMyxbyPNMxoKFPVF48fU8Qe8Sfx6w6F42verbwRLbz+QiKNiDPRJwUoMG1nPM50OBL3aOnTevA==",
       "dev": true,
       "optional": true
     },
     "@biomejs/cli-linux-x64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.7.tgz",
-      "integrity": "sha512-fJMc3ZEuo/NaMYo5rvoWjdSS5/uVSW+HPRQujucpZqm2ZCq71b8MKJ9U4th9yrv2L5+5NjPF0nqqILCl8HY/fg==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.8.tgz",
+      "integrity": "sha512-QDPMD5bQz6qOVb3kiBui0zKZXASLo0NIQ9JVJio5RveBEFgDgsvJFUvZIbMbUZT3T00M/1wdzwWXk4GIh0KaAw==",
       "dev": true,
       "optional": true
     },
     "@biomejs/cli-linux-x64-musl": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.7.tgz",
-      "integrity": "sha512-CQUtgH1tIN6e5wiYSJqzSwJumHYolNtaj1dwZGCnZXm2PZU1jOJof9TsyiP3bXNDb+VOR7oo7ZvY01If0W3iFQ==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.8.tgz",
+      "integrity": "sha512-YGLkqU91r1276uwSjiUD/xaVikdxgV1QpsicT0bIA1TaieM6E5ibMZeSyjQ/izBn4tKQthUSsVZacmoJfa3pDA==",
       "dev": true,
       "optional": true
     },
     "@biomejs/cli-win32-arm64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.7.tgz",
-      "integrity": "sha512-aJAE8eCNyRpcfx2JJAtsPtISnELJ0H4xVVSwnxm13bzI8RwbXMyVtxy2r5DV1xT3WiSP+7LxORcApWw0LM8HiA==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.8.tgz",
+      "integrity": "sha512-H4IoCHvL1fXKDrTALeTKMiE7GGWFAraDwBYFquE/L/5r1927Te0mYIGseXi4F+lrrwhSWbSGt5qPFswNoBaCxg==",
       "dev": true,
       "optional": true
     },
     "@biomejs/cli-win32-x64": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.7.tgz",
-      "integrity": "sha512-pulzUshqv9Ed//MiE8MOUeeEkbkSHVDVY5Cz5wVAnH1DUqliCQG3j6s1POaITTFqFfo7AVIx2sWdKpx/GS+Nqw==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.8.tgz",
+      "integrity": "sha512-RguzimPoZWtBapfKhKjcWXBVI91tiSprqdBYu7tWhgN8pKRZhw24rFeNZTNf6UiBfjCYCi9eFQs/JzJZIhuK4w==",
       "dev": true,
       "optional": true
     },
@@ -6887,94 +6723,6 @@
         "@tybys/wasm-util": "^0.10.0"
       }
     },
-    "@octokit/auth-token": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-6.0.0.tgz",
-      "integrity": "sha512-P4YJBPdPSpWTQ1NU4XYdvHvXJJDxM6YwpS0FZHRgP7YFkdVxsWcpWGy/NVqlAA7PcPCnMacXlRm1y2PFZRWL/w=="
-    },
-    "@octokit/core": {
-      "version": "7.0.6",
-      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.6.tgz",
-      "integrity": "sha512-DhGl4xMVFGVIyMwswXeyzdL4uXD5OGILGX5N8Y+f6W7LhC1Ze2poSNrkF/fedpVDHEEZ+PHFW0vL14I+mm8K3Q==",
-      "peer": true,
-      "requires": {
-        "@octokit/auth-token": "^6.0.0",
-        "@octokit/graphql": "^9.0.3",
-        "@octokit/request": "^10.0.6",
-        "@octokit/request-error": "^7.0.2",
-        "@octokit/types": "^16.0.0",
-        "before-after-hook": "^4.0.0",
-        "universal-user-agent": "^7.0.0"
-      }
-    },
-    "@octokit/endpoint": {
-      "version": "11.0.2",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.2.tgz",
-      "integrity": "sha512-4zCpzP1fWc7QlqunZ5bSEjxc6yLAlRTnDwKtgXfcI/FxxGoqedDG8V2+xJ60bV2kODqcGB+nATdtap/XYq2NZQ==",
-      "requires": {
-        "@octokit/types": "^16.0.0",
-        "universal-user-agent": "^7.0.2"
-      }
-    },
-    "@octokit/graphql": {
-      "version": "9.0.3",
-      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.3.tgz",
-      "integrity": "sha512-grAEuupr/C1rALFnXTv6ZQhFuL1D8G5y8CN04RgrO4FIPMrtm+mcZzFG7dcBm+nq+1ppNixu+Jd78aeJOYxlGA==",
-      "requires": {
-        "@octokit/request": "^10.0.6",
-        "@octokit/types": "^16.0.0",
-        "universal-user-agent": "^7.0.0"
-      }
-    },
-    "@octokit/openapi-types": {
-      "version": "27.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-27.0.0.tgz",
-      "integrity": "sha512-whrdktVs1h6gtR+09+QsNk2+FO+49j6ga1c55YZudfEG+oKJVvJLQi3zkOm5JjiUXAagWK2tI2kTGKJ2Ys7MGA=="
-    },
-    "@octokit/plugin-paginate-rest": {
-      "version": "14.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-14.0.0.tgz",
-      "integrity": "sha512-fNVRE7ufJiAA3XUrha2omTA39M6IXIc6GIZLvlbsm8QOQCYvpq/LkMNGyFlB1d8hTDzsAXa3OKtybdMAYsV/fw==",
-      "requires": {
-        "@octokit/types": "^16.0.0"
-      }
-    },
-    "@octokit/plugin-rest-endpoint-methods": {
-      "version": "17.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-17.0.0.tgz",
-      "integrity": "sha512-B5yCyIlOJFPqUUeiD0cnBJwWJO8lkJs5d8+ze9QDP6SvfiXSz1BF+91+0MeI1d2yxgOhU/O+CvtiZ9jSkHhFAw==",
-      "requires": {
-        "@octokit/types": "^16.0.0"
-      }
-    },
-    "@octokit/request": {
-      "version": "10.0.7",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.7.tgz",
-      "integrity": "sha512-v93h0i1yu4idj8qFPZwjehoJx4j3Ntn+JhXsdJrG9pYaX6j/XRz2RmasMUHtNgQD39nrv/VwTWSqK0RNXR8upA==",
-      "requires": {
-        "@octokit/endpoint": "^11.0.2",
-        "@octokit/request-error": "^7.0.2",
-        "@octokit/types": "^16.0.0",
-        "fast-content-type-parse": "^3.0.0",
-        "universal-user-agent": "^7.0.2"
-      }
-    },
-    "@octokit/request-error": {
-      "version": "7.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.1.0.tgz",
-      "integrity": "sha512-KMQIfq5sOPpkQYajXHwnhjCC0slzCNScLHs9JafXc4RAJI+9f+jNDlBNaIMTvazOPLgb4BnlhGJOTbnN0wIjPw==",
-      "requires": {
-        "@octokit/types": "^16.0.0"
-      }
-    },
-    "@octokit/types": {
-      "version": "16.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-16.0.0.tgz",
-      "integrity": "sha512-sKq+9r1Mm4efXW1FCk7hFSeJo4QKreL/tTbR0rz/qx/r1Oa2VV83LTA/H/MuCOX7uCIJmQVRKBcbmWoySjAnSg==",
-      "requires": {
-        "@octokit/openapi-types": "^27.0.0"
-      }
-    },
     "@opentelemetry/api": {
       "version": "1.4.1",
       "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.4.1.tgz",
@@ -7475,11 +7223,6 @@
       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
       "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c="
     },
-    "before-after-hook": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-4.0.0.tgz",
-      "integrity": "sha512-q6tR3RPqIB1pMiTRMFcZwuG5T8vwp+vUvEG0vuI6B+Rikh5BfPp2fQ82c925FOs+b0lcFQ8CFrL+KbilfZFhOQ=="
-    },
     "brace-expansion": {
       "version": "1.1.12",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
@@ -7503,7 +7246,6 @@
       "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.25.2.tgz",
       "integrity": "sha512-0si2SJK3ooGzIawRu61ZdPCO1IncZwS8IzuX73sPZsXW6EQ/w/DAfPyKI8l1ETTCr2MnvqWitmlCUxgdul45jA==",
       "dev": true,
-      "peer": true,
       "requires": {
         "caniuse-lite": "^1.0.30001733",
         "electron-to-chromium": "^1.5.199",
@@ -7881,11 +7623,6 @@
         "jest-util": "30.2.0"
       }
     },
-    "fast-content-type-parse": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/fast-content-type-parse/-/fast-content-type-parse-3.0.0.tgz",
-      "integrity": "sha512-ZvLdcY8P+N8mGQJahJV5G4U88CSvT1rP8ApL6uETe88MBXrBHAkZlSEySdUlyztF7ccb+Znos3TFqaepHxdhBg=="
-    },
     "fast-json-stable-stringify": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
@@ -8250,7 +7987,6 @@
       "resolved": "https://registry.npmjs.org/jest/-/jest-30.2.0.tgz",
       "integrity": "sha512-F26gjC0yWN8uAA5m5Ss8ZQf5nDHWGlN/xWZIh8S5SRbsEKBovwZhxGd6LJlbZYxBgCYOtreSUyb8hpXyGC5O4A==",
       "dev": true,
-      "peer": true,
       "requires": {
         "@jest/core": "30.2.0",
         "@jest/types": "30.2.0",
@@ -9131,9 +8867,9 @@
       "dev": true
     },
     "smol-toml": {
-      "version": "1.4.2",
-      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.4.2.tgz",
-      "integrity": "sha512-rInDH6lCNiEyn3+hH8KVGFdbjc099j47+OSgbMrfDYX1CmXLfdKd7qi6IfcWj2wFxvSVkuI46M+wPGYfEOEj6g=="
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.6.0.tgz",
+      "integrity": "sha512-4zemZi0HvTnYwLfrpk/CF9LOd9Lt87kAt50GnqhMpyF9U3poDAP2+iukq2bZsO/ufegbYehBkqINbsWxj4l4cw=="
     },
     "source-map": {
       "version": "0.6.1",
@@ -9398,8 +9134,7 @@
       "version": "5.9.3",
       "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
       "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
-      "dev": true,
-      "peer": true
+      "dev": true
     },
     "uglify-js": {
       "version": "3.19.3",
@@ -9421,11 +9156,6 @@
       "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
       "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw=="
     },
-    "universal-user-agent": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-7.0.3.tgz",
-      "integrity": "sha512-TmnEAEAsBJVZM/AADELsK76llnwcf9vMKuPz8JflO1frO8Lchitr0fNaN9d+Ap0BjKtqWqd/J17qeDnXh8CL2A=="
-    },
     "unrs-resolver": {
       "version": "1.11.1",
       "resolved": "https://registry.npmjs.org/unrs-resolver/-/unrs-resolver-1.11.1.tgz",

package.json

@@ -7,10 +7,10 @@
   "scripts": {
     "build": "tsc",
     "check": "biome check --write",
-    "package": "ncc build -o dist/setup src/setup-uv.ts && ncc build -o dist/save-cache src/save-cache.ts && ncc build -o dist/update-known-versions src/update-known-versions.ts",
+    "package": "ncc build -o dist/setup src/setup-uv.ts && ncc build -o dist/save-cache src/save-cache.ts && ncc build -o dist/update-known-checksums src/update-known-checksums.ts",
     "test": "jest",
     "act": "act pull_request -W .github/workflows/test.yml --container-architecture linux/amd64 -s GITHUB_TOKEN=\"$(gh auth token)\"",
-    "update-known-versions": "RUNNER_TEMP=known_versions node dist/update-known-versions/index.js src/download/checksum/known-versions.ts \"$(gh auth token)\"",
+    "update-known-checksums": "RUNNER_TEMP=known_versions node dist/update-known-checksums/index.js src/download/checksum/known-checksums.ts",
     "all": "npm run build && npm run check && npm run package && npm test"
   },
   "repository": {
@@ -32,15 +32,12 @@
     "@actions/glob": "^0.5.0",
     "@actions/io": "^1.1.3",
     "@actions/tool-cache": "^2.0.2",
-    "@octokit/core": "^7.0.6",
-    "@octokit/plugin-paginate-rest": "^14.0.0",
-    "@octokit/plugin-rest-endpoint-methods": "^17.0.0",
     "@renovatebot/pep440": "^4.2.1",
-    "smol-toml": "^1.4.2",
+    "smol-toml": "^1.6.0",
     "undici": "5.28.5"
   },
   "devDependencies": {
-    "@biomejs/biome": "2.3.7",
+    "@biomejs/biome": "2.3.8",
     "@types/js-yaml": "^4.0.9",
     "@types/node": "^24.10.1",
     "@types/semver": "^7.7.1",

src/download/checksum/checksum.ts

@@ -6,34 +6,36 @@ import type { Architecture, Platform } from "../../utils/platforms";
 import { KNOWN_CHECKSUMS } from "./known-checksums";
 
 export async function validateChecksum(
-  checkSum: string | undefined,
+  checksum: string | undefined,
   downloadPath: string,
   arch: Architecture,
   platform: Platform,
   version: string,
 ): Promise<void> {
-  let isValid: boolean | undefined;
-  if (checkSum !== undefined && checkSum !== "") {
-    isValid = await validateFileCheckSum(downloadPath, checkSum);
-  } else {
-    core.debug("Checksum not provided. Checking known checksums.");
   const key = `${arch}-${platform}-${version}`;
-    if (key in KNOWN_CHECKSUMS) {
-      const knownChecksum = KNOWN_CHECKSUMS[`${arch}-${platform}-${version}`];
-      core.debug(`Checking checksum for ${arch}-${platform}-${version}.`);
-      isValid = await validateFileCheckSum(downloadPath, knownChecksum);
-    } else {
-      core.debug(`No known checksum found for ${key}.`);
-    }
+  const hasProvidedChecksum = checksum !== undefined && checksum !== "";
+  const checksumToUse = hasProvidedChecksum ? checksum : KNOWN_CHECKSUMS[key];
+
+  if (checksumToUse === undefined) {
+    core.debug(`No checksum found for ${key}.`);
+    return;
   }
 
-  if (isValid === false) {
-    throw new Error(`Checksum for ${downloadPath} did not match ${checkSum}.`);
+  const checksumSource = hasProvidedChecksum
+    ? "provided checksum"
+    : `KNOWN_CHECKSUMS entry for ${key}`;
+
+  core.debug(`Validating checksum using ${checksumSource}.`);
+  const isValid = await validateFileCheckSum(downloadPath, checksumToUse);
+
+  if (!isValid) {
+    throw new Error(
+      `Checksum for ${downloadPath} did not match ${checksumToUse}.`,
+    );
   }
-  if (isValid === true) {
+
   core.debug(`Checksum for ${downloadPath} is valid.`);
 }
-}
 
 async function validateFileCheckSum(
   filePath: string,

src/download/checksum/known-checksums.ts

@@ -1,5 +1,107 @@
 // AUTOGENERATED_DO_NOT_EDIT
 export const KNOWN_CHECKSUMS: { [key: string]: string } = {
+  "aarch64-apple-darwin-0.10.9":
+    "a92f61e9ac9b0f29668c15f56152e4a60143fca148ff5bfadb86718472c3f376",
+  "aarch64-pc-windows-msvc-0.10.9":
+    "5c2526844acf978eab784161c21604343141aa6c9ed22c237ae2f315648f049d",
+  "aarch64-unknown-linux-gnu-0.10.9":
+    "cc0c5a8573e7d6d78aecb954e0a62b5c0d18217bb81f1e19363b428c57a9962a",
+  "aarch64-unknown-linux-musl-0.10.9":
+    "05b0d3087e913ebe11756365a90dd47c05d6728752fdbe129ad4c3ccd769826d",
+  "arm-unknown-linux-musleabihf-0.10.9":
+    "6220fa3eb5f8212cae4ec3a5053060914aaa829549cf706dde9f9cc344f75f61",
+  "armv7-unknown-linux-gnueabihf-0.10.9":
+    "0076eac165c2f7129627e2297478e7ffbb9465d9ae6a8961b2f53dcbd807473d",
+  "armv7-unknown-linux-musleabihf-0.10.9":
+    "f702e821b80e371e14987a886d58ee103c5948b7b096fa49a552624c24d7e073",
+  "i686-pc-windows-msvc-0.10.9":
+    "034bf6b91390b9adc5f41a5946fdb618ebc8cef1574f3d95af9c12fe2bf9aaf3",
+  "i686-unknown-linux-gnu-0.10.9":
+    "90d9168a4e7900463f9fd79a32eb1890081fb1e238d803404f6e17b2dcdcca7b",
+  "i686-unknown-linux-musl-0.10.9":
+    "1d42b0d0a037b3d658b11ec889154686db3ab269ba2b789bdbc45d36e3549f34",
+  "powerpc64le-unknown-linux-gnu-0.10.9":
+    "e804f4a7d0659e09ef806365f04bdd33c940603fab903e925402748d05dd109a",
+  "riscv64gc-unknown-linux-gnu-0.10.9":
+    "1541596da45855e34202130027a613a2ace7d441e04d747cb4dd9f2590461c9a",
+  "s390x-unknown-linux-gnu-0.10.9":
+    "a589d4a8930c82fa7225daec19c632651b3c84f50f770efe758056b387e5f0dd",
+  "x86_64-apple-darwin-0.10.9":
+    "9cc2de7d195fa157f98b306a8a1cb151ded93f488939b93363cebc8b9d598c28",
+  "x86_64-pc-windows-msvc-0.10.9":
+    "f58dc40896000229db7c52b8bdd931394040ef2ad59abd1eda841f6d70b13d7a",
+  "x86_64-unknown-linux-gnu-0.10.9":
+    "20d79708222611fa540b5c9ed84f352bcd3937740e51aacc0f8b15b271c57594",
+  "x86_64-unknown-linux-musl-0.10.9":
+    "433e56874739e92c7cfd661ba9e5f287b376ca612c08c8194a41a98a13158aea",
+  "aarch64-apple-darwin-0.10.8":
+    "c3a6fff5b6b4abddff863117878194e35dbc6b0267d61ad259ab9896f9b8dcbb",
+  "aarch64-pc-windows-msvc-0.10.8":
+    "20db25dc446f9a75d1cfde0a5f4b021e1b2eb266e600a610d32c7ca5d7ff83bf",
+  "aarch64-unknown-linux-gnu-0.10.8":
+    "661860e954f87dcd823251191866af3486484d1a9df60eed56f4586ed7559e3d",
+  "aarch64-unknown-linux-musl-0.10.8":
+    "2ef0d0489e9e2a32f134ca80097fa36be4b486c4ab004706a1d6d0d57980ff07",
+  "arm-unknown-linux-musleabihf-0.10.8":
+    "f6dfca333c566024f6feaef19adf7ce06675a1bc2fcadc2de640dd805112a518",
+  "armv7-unknown-linux-gnueabihf-0.10.8":
+    "1bee8f88a7129f7922c43b0e091a7065d4e13a2934e599aa8a48f162cf9739aa",
+  "armv7-unknown-linux-musleabihf-0.10.8":
+    "ad0ca78991518fde1c4c42f8590e86f29db1f746cedb637f9dac1bb7de2e28da",
+  "i686-pc-windows-msvc-0.10.8":
+    "db40952a0c16eb647cb3a06c8cc13712b72e5b6a2501bc080c7e00c0f0e4ad88",
+  "i686-unknown-linux-gnu-0.10.8":
+    "3a78c54ffedce8eafd59a19a32eaec538924169fa4bf9d28d2d5841a7f604210",
+  "i686-unknown-linux-musl-0.10.8":
+    "25cf70c12abded06c4c18db8fdba253776bc115ce28f849af6f6ef771e67d730",
+  "powerpc64le-unknown-linux-gnu-0.10.8":
+    "3a4a158e645d04825872eb59ca60dd5026529e4f9fe5dd88987a45478301724d",
+  "riscv64gc-unknown-linux-gnu-0.10.8":
+    "2349e786d2de14fbd72386f42ed9f398cad52f47f6cdd78e05f338a1faf1321c",
+  "s390x-unknown-linux-gnu-0.10.8":
+    "21de0f86838b06e6ebcc3cb6a079d49d3d3886e5b49822ae58e5758eb08a6710",
+  "x86_64-apple-darwin-0.10.8":
+    "e0a1b22b039f8155765f5bc8c13df03a5f994a901901179791572e8e5f053281",
+  "x86_64-pc-windows-msvc-0.10.8":
+    "2e70ecd22196cbd9d14eefb700814bcafc5b75a0d8275b52e8402e5fe256d928",
+  "x86_64-unknown-linux-gnu-0.10.8":
+    "f0c566b55683395a62fefb9261a060fa09824914b5682c3b9629fa154762ae2f",
+  "x86_64-unknown-linux-musl-0.10.8":
+    "a4e6ad1aecac61077de548d2cc9ccf2c2f1848863312b3b59fb0d2eb8d8a043c",
+  "aarch64-apple-darwin-0.10.7":
+    "1eb4dcc5e0fc8669fa0b33cf1151b64ba3b8c26b60dceff4f7a686129e2af22b",
+  "aarch64-pc-windows-msvc-0.10.7":
+    "45ba7b72a7435343d650c73d21d65d2e8bdda47f6bd39af00e37f3cb70aa79ef",
+  "aarch64-unknown-linux-gnu-0.10.7":
+    "20efc27d946860093650bcf26096a016b10fdaf03b13c33b75fbde02962beea9",
+  "aarch64-unknown-linux-musl-0.10.7":
+    "115291f9943531a3b63db3a2eabda8b74b8da4831551679382cb309c9debd9f7",
+  "arm-unknown-linux-musleabihf-0.10.7":
+    "3ea331cd68f28235e13639d5400341a3893d0455f2473a74a9926b7d62cb739c",
+  "armv7-unknown-linux-gnueabihf-0.10.7":
+    "2e2f88cc5a7b49282c9aa05cfe03e3b8b0a044e90981062fbeb60a7aeba188ca",
+  "armv7-unknown-linux-musleabihf-0.10.7":
+    "27319e842d802c5c73be52f3774999d79d0f28f37984090998560fd925133375",
+  "i686-pc-windows-msvc-0.10.7":
+    "a7960473a473ee5907a55fccb8c645e24c1da7d39076aaef652b819e3a26a28b",
+  "i686-unknown-linux-gnu-0.10.7":
+    "1a22aa0d2268a9a6fb2e5f092ca3d1ef7c14f96c3b4fd546226814f376e59d73",
+  "i686-unknown-linux-musl-0.10.7":
+    "75c2cc60675fb6f846b394c3f7b51f77c08f0981abf5cfcb5e27cfbb2f5837e0",
+  "powerpc64le-unknown-linux-gnu-0.10.7":
+    "7398686962b966959c32e7fbfd2868fbac38491ff0d86033d7c8bbb826a04026",
+  "riscv64gc-unknown-linux-gnu-0.10.7":
+    "39abc60403fdcf5c681b63c967059d42aea58a81ffb092d6dda767390222a4b0",
+  "s390x-unknown-linux-gnu-0.10.7":
+    "281ae4c1343e0c5f9775358690d40e00edbf63ca788b4d8b6574a0b5cba624f4",
+  "x86_64-apple-darwin-0.10.7":
+    "4fed9d4f4608fb3850db714ee37244436f850a2b6e485bc510795679c2d08866",
+  "x86_64-pc-windows-msvc-0.10.7":
+    "8881afb877996a1373a12e816395122a8d39a3ac06cd066272acdb49510cf0fe",
+  "x86_64-unknown-linux-gnu-0.10.7":
+    "9ac6cee4e379a5abfca06e78a777b26b7ba1f81cb7935b97054d80d85ac00774",
+  "x86_64-unknown-linux-musl-0.10.7":
+    "992529add6024e67135b1c80617abd2eca7be2cf0b99b3911f923de815bd8dc1",
   "aarch64-apple-darwin-0.10.6":
     "3993249d8f51deaf34cfce037e57e294e82267ff1f9dc45b7983a17afaf065b4",
   "aarch64-pc-windows-msvc-0.10.6":

src/download/checksum/update-known-checksums.ts

@@ -1,59 +1,34 @@
 import { promises as fs } from "node:fs";
-import * as tc from "@actions/tool-cache";
-import { KNOWN_CHECKSUMS } from "./known-checksums";
+
+export interface ChecksumEntry {
+  key: string;
+  checksum: string;
+}
+
 export async function updateChecksums(
   filePath: string,
-  downloadUrls: string[],
+  checksumEntries: ChecksumEntry[],
 ): Promise<void> {
-  await fs.rm(filePath);
-  await fs.appendFile(
-    filePath,
-    "// AUTOGENERATED_DO_NOT_EDIT\nexport const KNOWN_CHECKSUMS: { [key: string]: string } = {\n",
-  );
-  let firstLine = true;
-  for (const downloadUrl of downloadUrls) {
-    const key = getKey(downloadUrl);
-    if (key === undefined) {
+  const deduplicatedEntries = new Map<string, string>();
+
+  for (const entry of checksumEntries) {
+    if (deduplicatedEntries.has(entry.key)) {
       continue;
     }
-    const checksum = await getOrDownloadChecksum(key, downloadUrl);
-    if (!firstLine) {
-      await fs.appendFile(filePath, ",\n");
-    }
-    await fs.appendFile(filePath, `  "${key}":\n    "${checksum}"`);
-    firstLine = false;
-  }
-  await fs.appendFile(filePath, ",\n};\n");
+
+    deduplicatedEntries.set(entry.key, entry.checksum);
   }
 
-function getKey(downloadUrl: string): string | undefined {
-  // https://github.com/astral-sh/uv/releases/download/0.3.2/uv-aarch64-apple-darwin.tar.gz.sha256
-  const parts = downloadUrl.split("/");
-  const fileName = parts[parts.length - 1];
-  if (fileName.startsWith("source")) {
-    return undefined;
-  }
-  const name = fileName.split(".")[0].split("uv-")[1];
-  const version = parts[parts.length - 2];
-  return `${name}-${version}`;
-}
+  const body = [...deduplicatedEntries.entries()]
+    .map(([key, checksum]) => `  "${key}":\n    "${checksum}"`)
+    .join(",\n");
 
-async function getOrDownloadChecksum(
-  key: string,
-  downloadUrl: string,
-): Promise<string> {
-  let checksum = "";
-  if (key in KNOWN_CHECKSUMS) {
-    checksum = KNOWN_CHECKSUMS[key];
-  } else {
-    const content = await downloadAssetContent(downloadUrl);
-    checksum = content.split(" ")[0].trim();
-  }
-  return checksum;
-}
+  const content =
+    "// AUTOGENERATED_DO_NOT_EDIT\n" +
+    "export const KNOWN_CHECKSUMS: { [key: string]: string } = {\n" +
+    body +
+    (body === "" ? "" : ",\n") +
+    "};\n";
 
-async function downloadAssetContent(downloadUrl: string): Promise<string> {
-  const downloadPath = await tc.downloadTool(downloadUrl);
-  const content = await fs.readFile(downloadPath, "utf8");
-  return content;
+  await fs.writeFile(filePath, content);
 }

src/download/download-version.ts

@@ -2,20 +2,21 @@ import { promises as fs } from "node:fs";
 import * as path from "node:path";
 import * as core from "@actions/core";
 import * as tc from "@actions/tool-cache";
-import type { Endpoints } from "@octokit/types";
 import * as pep440 from "@renovatebot/pep440";
 import * as semver from "semver";
-import { OWNER, REPO, TOOL_CACHE_NAME } from "../utils/constants";
-import { Octokit } from "../utils/octokit";
+import { TOOL_CACHE_NAME, VERSIONS_NDJSON_URL } from "../utils/constants";
 import type { Architecture, Platform } from "../utils/platforms";
 import { validateChecksum } from "./checksum/checksum";
 import {
-  getDownloadUrl,
+  getAllVersions as getAllManifestVersions,
   getLatestKnownVersion as getLatestVersionInManifest,
+  getManifestArtifact,
 } from "./version-manifest";
-
-type Release =
-  Endpoints["GET /repos/{owner}/{repo}/releases"]["response"]["data"][number];
+import {
+  getAllVersions as getAllVersionsFromNdjson,
+  getArtifact as getArtifactFromNdjson,
+  getLatestVersion as getLatestVersionFromNdjson,
+} from "./versions-client";
 
 export function tryGetFromToolCache(
   arch: Architecture,
@@ -32,19 +33,26 @@ export function tryGetFromToolCache(
   return { installedPath, version: resolvedVersion };
 }
 
-export async function downloadVersionFromGithub(
+export async function downloadVersionFromNdjson(
   platform: Platform,
   arch: Architecture,
   version: string,
   checkSum: string | undefined,
   githubToken: string,
 ): Promise<{ version: string; cachedToolDir: string }> {
-  const artifact = `uv-${arch}-${platform}`;
-  const extension = getExtension(platform);
-  const downloadUrl = `https://github.com/${OWNER}/${REPO}/releases/download/${version}/${artifact}${extension}`;
+  const artifact = await getArtifactFromNdjson(version, arch, platform);
+
+  if (!artifact) {
+    throw new Error(
+      `Could not find artifact for version ${version}, arch ${arch}, platform ${platform} in ${VERSIONS_NDJSON_URL} .`,
+    );
+  }
+
+  // For the default astral-sh/versions source, checksum validation relies on
+  // user input or the built-in KNOWN_CHECKSUMS table, not NDJSON sha256 values.
   return await downloadVersion(
-    downloadUrl,
-    artifact,
+    artifact.url,
+    `uv-${arch}-${platform}`,
     platform,
     arch,
     version,
@@ -54,38 +62,32 @@ export async function downloadVersionFromGithub(
 }
 
 export async function downloadVersionFromManifest(
-  manifestUrl: string | undefined,
+  manifestUrl: string,
   platform: Platform,
   arch: Architecture,
   version: string,
   checkSum: string | undefined,
   githubToken: string,
 ): Promise<{ version: string; cachedToolDir: string }> {
-  const downloadUrl = await getDownloadUrl(
+  const artifact = await getManifestArtifact(
     manifestUrl,
     version,
     arch,
     platform,
   );
-  if (!downloadUrl) {
-    core.info(
-      `manifest-file does not contain version ${version}, arch ${arch}, platform ${platform}. Falling back to GitHub releases.`,
-    );
-    return await downloadVersionFromGithub(
-      platform,
-      arch,
-      version,
-      checkSum,
-      githubToken,
+  if (!artifact) {
+    throw new Error(
+      `manifest-file does not contain version ${version}, arch ${arch}, platform ${platform}.`,
     );
   }
+
   return await downloadVersion(
-    downloadUrl,
+    artifact.downloadUrl,
     `uv-${arch}-${platform}`,
     platform,
     arch,
     version,
-    checkSum,
+    resolveChecksum(checkSum, artifact.checksum),
     githubToken,
   );
 }
@@ -96,7 +98,7 @@ async function downloadVersion(
   platform: Platform,
   arch: Architecture,
   version: string,
-  checkSum: string | undefined,
+  checksum: string | undefined,
   githubToken: string,
 ): Promise<{ version: string; cachedToolDir: string }> {
   core.info(`Downloading uv from "${downloadUrl}" ...`);
@@ -105,14 +107,14 @@ async function downloadVersion(
     undefined,
     githubToken,
   );
-  await validateChecksum(checkSum, downloadPath, arch, platform, version);
+  await validateChecksum(checksum, downloadPath, arch, platform, version);
 
   let uvDir: string;
   if (platform === "pc-windows-msvc") {
-    // On windows extracting the zip does not create an intermediate directory
+    // On windows extracting the zip does not create an intermediate directory.
     try {
       // Try tar first as it's much faster, but only bsdtar supports zip files,
-      // so this my fail if another tar, like gnu tar, ends up being used.
+      // so this may fail if another tar, like gnu tar, ends up being used.
       uvDir = await tc.extractTar(downloadPath, undefined, "x");
     } catch (err) {
       core.info(
@@ -127,6 +129,7 @@ async function downloadVersion(
     const extractedDir = await tc.extractTar(downloadPath);
     uvDir = path.join(extractedDir, artifactName);
   }
+
   const cachedToolDir = await tc.cacheDir(
     uvDir,
     TOOL_CACHE_NAME,
@@ -136,14 +139,22 @@ async function downloadVersion(
   return { cachedToolDir, version: version };
 }
 
+function resolveChecksum(
+  checkSum: string | undefined,
+  manifestChecksum?: string,
+): string | undefined {
+  return checkSum !== undefined && checkSum !== ""
+    ? checkSum
+    : manifestChecksum;
+}
+
 function getExtension(platform: Platform): string {
   return platform === "pc-windows-msvc" ? ".zip" : ".tar.gz";
 }
 
 export async function resolveVersion(
   versionInput: string,
-  manifestFile: string | undefined,
-  githubToken: string,
+  manifestUrl: string | undefined,
   resolutionStrategy: "highest" | "lowest" = "highest",
 ): Promise<string> {
   core.debug(`Resolving version: ${versionInput}`);
@@ -155,15 +166,15 @@ export async function resolveVersion(
   if (resolveVersionSpecifierToLatest) {
     core.info("Found minimum version specifier, using latest version");
   }
-  if (manifestFile) {
+  if (manifestUrl !== undefined) {
     version =
       versionInput === "latest" || resolveVersionSpecifierToLatest
-        ? await getLatestVersionInManifest(manifestFile)
+        ? await getLatestVersionInManifest(manifestUrl)
         : versionInput;
   } else {
     version =
       versionInput === "latest" || resolveVersionSpecifierToLatest
-        ? await getLatestVersion(githubToken)
+        ? await getLatestVersionFromNdjson()
         : versionInput;
   }
   if (tc.isExplicitVersion(version)) {
@@ -175,91 +186,33 @@ export async function resolveVersion(
     }
     return version;
   }
-  const availableVersions = await getAvailableVersions(githubToken);
+
+  const availableVersions = await getAvailableVersions(manifestUrl);
   core.debug(`Available versions: ${availableVersions}`);
   const resolvedVersion =
     resolutionStrategy === "lowest"
       ? minSatisfying(availableVersions, version)
       : maxSatisfying(availableVersions, version);
+
   if (resolvedVersion === undefined) {
     throw new Error(`No version found for ${version}`);
   }
+
   return resolvedVersion;
 }
 
-async function getAvailableVersions(githubToken: string): Promise<string[]> {
-  core.info("Getting available versions from GitHub API...");
-  try {
-    const octokit = new Octokit({
-      auth: githubToken,
-    });
-    return await getReleaseTagNames(octokit);
-  } catch (err) {
-    if ((err as Error).message.includes("Bad credentials")) {
+async function getAvailableVersions(
+  manifestUrl: string | undefined,
+): Promise<string[]> {
+  if (manifestUrl !== undefined) {
     core.info(
-        "No (valid) GitHub token provided. Falling back to anonymous. Requests might be rate limited.",
+      `Getting available versions from manifest-file ${manifestUrl} ...`,
     );
-      const octokit = new Octokit();
-      return await getReleaseTagNames(octokit);
-    }
-    throw err;
-  }
+    return await getAllManifestVersions(manifestUrl);
   }
 
-async function getReleaseTagNames(octokit: Octokit): Promise<string[]> {
-  const response: Release[] = await octokit.paginate(
-    octokit.rest.repos.listReleases,
-    {
-      owner: OWNER,
-      repo: REPO,
-    },
-  );
-  const releaseTagNames = response.map((release) => release.tag_name);
-  if (releaseTagNames.length === 0) {
-    throw Error(
-      "Github API request failed while getting releases. Check the GitHub status page for outages. Try again later.",
-    );
-  }
-  return releaseTagNames;
-}
-
-async function getLatestVersion(githubToken: string) {
-  core.info("Getting latest version from GitHub API...");
-  const octokit = new Octokit({
-    auth: githubToken,
-  });
-
-  let latestRelease: { tag_name: string } | undefined;
-  try {
-    latestRelease = await getLatestRelease(octokit);
-  } catch (err) {
-    if ((err as Error).message.includes("Bad credentials")) {
-      core.info(
-        "No (valid) GitHub token provided. Falling back to anonymous. Requests might be rate limited.",
-      );
-      const octokit = new Octokit();
-      latestRelease = await getLatestRelease(octokit);
-    } else {
-      core.error(
-        "Github API request failed while getting latest release. Check the GitHub status page for outages. Try again later.",
-      );
-      throw err;
-    }
-  }
-
-  if (!latestRelease) {
-    throw new Error("Could not determine latest release.");
-  }
-  core.debug(`Latest version: ${latestRelease.tag_name}`);
-  return latestRelease.tag_name;
-}
-
-async function getLatestRelease(octokit: Octokit) {
-  const { data: latestRelease } = await octokit.rest.repos.getLatestRelease({
-    owner: OWNER,
-    repo: REPO,
-  });
-  return latestRelease;
+  core.info(`Getting available versions from ${VERSIONS_NDJSON_URL} ...`);
+  return await getAllVersionsFromNdjson();
 }
 
 function maxSatisfying(

src/download/legacy-version-manifest.ts

@@ -0,0 +1,80 @@
+import * as core from "@actions/core";
+
+export interface ManifestEntry {
+  arch: string;
+  platform: string;
+  version: string;
+  downloadUrl: string;
+  checksum?: string;
+  variant?: string;
+  archiveFormat?: string;
+}
+
+interface LegacyManifestEntry {
+  arch: string;
+  platform: string;
+  version: string;
+  downloadUrl: string;
+  checksum?: string;
+}
+
+const warnedLegacyManifestUrls = new Set<string>();
+
+export function parseLegacyManifestEntries(
+  parsedEntries: unknown[],
+  manifestUrl: string,
+): ManifestEntry[] {
+  warnAboutLegacyManifestFormat(manifestUrl);
+
+  return parsedEntries.map((entry, index) => {
+    if (!isLegacyManifestEntry(entry)) {
+      throw new Error(
+        `Invalid legacy manifest-file entry at index ${index} in ${manifestUrl}.`,
+      );
+    }
+
+    return {
+      arch: entry.arch,
+      checksum: entry.checksum,
+      downloadUrl: entry.downloadUrl,
+      platform: entry.platform,
+      version: entry.version,
+    };
+  });
+}
+
+export function clearLegacyManifestWarnings(): void {
+  warnedLegacyManifestUrls.clear();
+}
+
+function warnAboutLegacyManifestFormat(manifestUrl: string): void {
+  if (warnedLegacyManifestUrls.has(manifestUrl)) {
+    return;
+  }
+
+  warnedLegacyManifestUrls.add(manifestUrl);
+  core.warning(
+    `manifest-file ${manifestUrl} uses the legacy JSON array format, which is deprecated. Please migrate to the astral-sh/versions NDJSON format before the next major release.`,
+  );
+}
+
+function isLegacyManifestEntry(value: unknown): value is LegacyManifestEntry {
+  if (!isRecord(value)) {
+    return false;
+  }
+
+  const checksumIsValid =
+    typeof value.checksum === "string" || value.checksum === undefined;
+
+  return (
+    typeof value.arch === "string" &&
+    checksumIsValid &&
+    typeof value.downloadUrl === "string" &&
+    typeof value.platform === "string" &&
+    typeof value.version === "string"
+  );
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null;
+}

src/download/variant-selection.ts

@@ -0,0 +1,39 @@
+interface VariantAwareEntry {
+  variant?: string;
+}
+
+export function selectDefaultVariant<T extends VariantAwareEntry>(
+  entries: T[],
+  duplicateEntryDescription: string,
+): T {
+  const firstEntry = entries[0];
+  if (firstEntry === undefined) {
+    throw new Error("selectDefaultVariant requires at least one candidate.");
+  }
+
+  if (entries.length === 1) {
+    return firstEntry;
+  }
+
+  const defaultEntries = entries.filter((entry) =>
+    isDefaultVariant(entry.variant),
+  );
+  if (defaultEntries.length === 1) {
+    return defaultEntries[0];
+  }
+
+  throw new Error(
+    `${duplicateEntryDescription} with variants ${formatVariants(entries)}. setup-uv currently requires a single default variant for duplicate platform entries.`,
+  );
+}
+
+function isDefaultVariant(variant: string | undefined): boolean {
+  return variant === undefined || variant === "default";
+}
+
+function formatVariants<T extends VariantAwareEntry>(entries: T[]): string {
+  return entries
+    .map((entry) => entry.variant ?? "default")
+    .sort((left, right) => left.localeCompare(right))
+    .join(", ");
+}

src/download/version-manifest.ts

@@ -1,49 +1,78 @@
-import { promises as fs } from "node:fs";
-import { join } from "node:path";
 import * as core from "@actions/core";
 import * as semver from "semver";
 import { fetch } from "../utils/fetch";
+import {
+  clearLegacyManifestWarnings,
+  type ManifestEntry,
+  parseLegacyManifestEntries,
+} from "./legacy-version-manifest";
+import { selectDefaultVariant } from "./variant-selection";
+import { type NdjsonVersion, parseVersionData } from "./versions-client";
 
-const localManifestFile = join(__dirname, "..", "..", "version-manifest.json");
-
-interface ManifestEntry {
-  version: string;
-  artifactName: string;
-  arch: string;
-  platform: string;
+export interface ManifestArtifact {
   downloadUrl: string;
+  checksum?: string;
+  archiveFormat?: string;
 }
 
+const cachedManifestEntries = new Map<string, ManifestEntry[]>();
+
 export async function getLatestKnownVersion(
-  manifestUrl: string | undefined,
+  manifestUrl: string,
 ): Promise<string> {
-  const manifestEntries = await getManifestEntries(manifestUrl);
-  return manifestEntries.reduce((a, b) =>
-    semver.gt(a.version, b.version) ? a : b,
-  ).version;
+  const versions = await getAllVersions(manifestUrl);
+  const latestVersion = versions.reduce((latest, current) =>
+    semver.gt(current, latest) ? current : latest,
+  );
+
+  return latestVersion;
 }
 
-export async function getDownloadUrl(
-  manifestUrl: string | undefined,
+export async function getAllVersions(manifestUrl: string): Promise<string[]> {
+  const manifestEntries = await getManifestEntries(manifestUrl);
+  return [...new Set(manifestEntries.map((entry) => entry.version))];
+}
+
+export async function getManifestArtifact(
+  manifestUrl: string,
   version: string,
   arch: string,
   platform: string,
-): Promise<string | undefined> {
+): Promise<ManifestArtifact | undefined> {
   const manifestEntries = await getManifestEntries(manifestUrl);
-  const entry = manifestEntries.find(
-    (entry) =>
-      entry.version === version &&
-      entry.arch === arch &&
-      entry.platform === platform,
+  const entry = selectManifestEntry(
+    manifestEntries,
+    manifestUrl,
+    version,
+    arch,
+    platform,
   );
-  return entry ? entry.downloadUrl : undefined;
+
+  if (!entry) {
+    return undefined;
+  }
+
+  return {
+    archiveFormat: entry.archiveFormat,
+    checksum: entry.checksum,
+    downloadUrl: entry.downloadUrl,
+  };
+}
+
+export function clearManifestCache(): void {
+  cachedManifestEntries.clear();
+  clearLegacyManifestWarnings();
 }
 
 async function getManifestEntries(
-  manifestUrl: string | undefined,
+  manifestUrl: string,
 ): Promise<ManifestEntry[]> {
-  let data: string;
-  if (manifestUrl !== undefined) {
+  const cachedEntries = cachedManifestEntries.get(manifestUrl);
+  if (cachedEntries !== undefined) {
+    core.debug(`Using cached manifest-file from: ${manifestUrl}`);
+    return cachedEntries;
+  }
+
   core.info(`Fetching manifest-file from: ${manifestUrl}`);
   const response = await fetch(manifestUrl, {});
   if (!response.ok) {
@@ -51,41 +80,90 @@ async function getManifestEntries(
       `Failed to fetch manifest-file: ${response.status} ${response.statusText}`,
     );
   }
-    data = await response.text();
-  } else {
-    core.info("manifest-file not provided, reading from local file.");
-    const fileContent = await fs.readFile(localManifestFile);
-    data = fileContent.toString();
+
+  const data = await response.text();
+  const parsedEntries = parseManifestEntries(data, manifestUrl);
+  cachedManifestEntries.set(manifestUrl, parsedEntries);
+
+  return parsedEntries;
 }
 
-  return JSON.parse(data);
-}
-
-export async function updateVersionManifest(
+function parseManifestEntries(
+  data: string,
   manifestUrl: string,
-  downloadUrls: string[],
-): Promise<void> {
-  const manifest: ManifestEntry[] = [];
+): ManifestEntry[] {
+  const trimmed = data.trim();
+  if (trimmed === "") {
+    throw new Error(`manifest-file at ${manifestUrl} is empty.`);
+  }
 
-  for (const downloadUrl of downloadUrls) {
-    const urlParts = downloadUrl.split("/");
-    const version = urlParts[urlParts.length - 2];
-    const artifactName = urlParts[urlParts.length - 1];
-    if (!artifactName.startsWith("uv-")) {
-      continue;
+  const parsedAsJson = tryParseJson(trimmed);
+  if (Array.isArray(parsedAsJson)) {
+    return parseLegacyManifestEntries(parsedAsJson, manifestUrl);
   }
-    if (artifactName.startsWith("uv-installer")) {
-      continue;
+
+  const versions = parseVersionData(trimmed, manifestUrl);
+  return mapNdjsonVersionsToManifestEntries(versions, manifestUrl);
 }
-    const artifactParts = artifactName.split(".")[0].split("-");
-    manifest.push({
-      arch: artifactParts[1],
-      artifactName: artifactName,
-      downloadUrl: downloadUrl,
-      platform: artifactName.split(`uv-${artifactParts[1]}-`)[1].split(".")[0],
-      version: version,
+
+function mapNdjsonVersionsToManifestEntries(
+  versions: NdjsonVersion[],
+  manifestUrl: string,
+): ManifestEntry[] {
+  const manifestEntries: ManifestEntry[] = [];
+
+  for (const versionData of versions) {
+    for (const artifact of versionData.artifacts) {
+      const [arch, ...platformParts] = artifact.platform.split("-");
+      if (arch === undefined || platformParts.length === 0) {
+        throw new Error(
+          `Invalid artifact platform '${artifact.platform}' in manifest-file ${manifestUrl}.`,
+        );
+      }
+
+      manifestEntries.push({
+        arch,
+        archiveFormat: artifact.archive_format,
+        checksum: artifact.sha256,
+        downloadUrl: artifact.url,
+        platform: platformParts.join("-"),
+        variant: artifact.variant,
+        version: versionData.version,
       });
     }
-  core.debug(`Updating manifest-file: ${JSON.stringify(manifest)}`);
-  await fs.writeFile(manifestUrl, JSON.stringify(manifest));
+  }
+
+  return manifestEntries;
+}
+
+function selectManifestEntry(
+  manifestEntries: ManifestEntry[],
+  manifestUrl: string,
+  version: string,
+  arch: string,
+  platform: string,
+): ManifestEntry | undefined {
+  const matches = manifestEntries.filter(
+    (candidate) =>
+      candidate.version === version &&
+      candidate.arch === arch &&
+      candidate.platform === platform,
+  );
+
+  if (matches.length === 0) {
+    return undefined;
+  }
+
+  return selectDefaultVariant(
+    matches,
+    `manifest-file ${manifestUrl} contains multiple artifacts for version ${version}, arch ${arch}, platform ${platform}`,
+  );
+}
+
+function tryParseJson(value: string): unknown {
+  try {
+    return JSON.parse(value);
+  } catch {
+    return undefined;
+  }
 }

src/download/versions-client.ts

@@ -0,0 +1,191 @@
+import * as core from "@actions/core";
+import { VERSIONS_NDJSON_URL } from "../utils/constants";
+import { fetch } from "../utils/fetch";
+import { selectDefaultVariant } from "./variant-selection";
+
+export interface NdjsonArtifact {
+  platform: string;
+  variant?: string;
+  url: string;
+  archive_format: string;
+  sha256: string;
+}
+
+export interface NdjsonVersion {
+  version: string;
+  artifacts: NdjsonArtifact[];
+}
+
+export interface ArtifactResult {
+  url: string;
+  sha256: string;
+  archiveFormat: string;
+}
+
+const cachedVersionData = new Map<string, NdjsonVersion[]>();
+
+export async function fetchVersionData(
+  url: string = VERSIONS_NDJSON_URL,
+): Promise<NdjsonVersion[]> {
+  const cachedVersions = cachedVersionData.get(url);
+  if (cachedVersions !== undefined) {
+    core.debug(`Using cached NDJSON version data from ${url}`);
+    return cachedVersions;
+  }
+
+  core.info(`Fetching version data from ${url} ...`);
+  const response = await fetch(url, {});
+  if (!response.ok) {
+    throw new Error(
+      `Failed to fetch version data: ${response.status} ${response.statusText}`,
+    );
+  }
+
+  const body = await response.text();
+  const versions = parseVersionData(body, url);
+  cachedVersionData.set(url, versions);
+  return versions;
+}
+
+export function parseVersionData(
+  data: string,
+  sourceDescription: string,
+): NdjsonVersion[] {
+  const versions: NdjsonVersion[] = [];
+
+  for (const [index, line] of data.split("\n").entries()) {
+    const trimmed = line.trim();
+    if (trimmed === "") {
+      continue;
+    }
+
+    let parsed: unknown;
+    try {
+      parsed = JSON.parse(trimmed);
+    } catch (error) {
+      throw new Error(
+        `Failed to parse version data from ${sourceDescription} at line ${index + 1}: ${(error as Error).message}`,
+      );
+    }
+
+    if (!isNdjsonVersion(parsed)) {
+      throw new Error(
+        `Invalid NDJSON record in ${sourceDescription} at line ${index + 1}.`,
+      );
+    }
+
+    versions.push(parsed);
+  }
+
+  if (versions.length === 0) {
+    throw new Error(`No version data found in ${sourceDescription}.`);
+  }
+
+  return versions;
+}
+
+export async function getLatestVersion(): Promise<string> {
+  const versions = await fetchVersionData();
+  const latestVersion = versions[0]?.version;
+  if (!latestVersion) {
+    throw new Error("No versions found in NDJSON data");
+  }
+
+  core.debug(`Latest version from NDJSON: ${latestVersion}`);
+  return latestVersion;
+}
+
+export async function getAllVersions(): Promise<string[]> {
+  const versions = await fetchVersionData();
+  return versions.map((versionData) => versionData.version);
+}
+
+export async function getArtifact(
+  version: string,
+  arch: string,
+  platform: string,
+): Promise<ArtifactResult | undefined> {
+  const versions = await fetchVersionData();
+  const versionData = versions.find(
+    (candidate) => candidate.version === version,
+  );
+  if (!versionData) {
+    core.debug(`Version ${version} not found in NDJSON data`);
+    return undefined;
+  }
+
+  const targetPlatform = `${arch}-${platform}`;
+  const matchingArtifacts = versionData.artifacts.filter(
+    (candidate) => candidate.platform === targetPlatform,
+  );
+
+  if (matchingArtifacts.length === 0) {
+    core.debug(
+      `Artifact for ${targetPlatform} not found in version ${version}. Available platforms: ${versionData.artifacts
+        .map((candidate) => candidate.platform)
+        .join(", ")}`,
+    );
+    return undefined;
+  }
+
+  const artifact = selectArtifact(matchingArtifacts, version, targetPlatform);
+
+  return {
+    archiveFormat: artifact.archive_format,
+    sha256: artifact.sha256,
+    url: artifact.url,
+  };
+}
+
+export function clearCache(url?: string): void {
+  if (url === undefined) {
+    cachedVersionData.clear();
+    return;
+  }
+
+  cachedVersionData.delete(url);
+}
+
+function selectArtifact(
+  artifacts: NdjsonArtifact[],
+  version: string,
+  targetPlatform: string,
+): NdjsonArtifact {
+  return selectDefaultVariant(
+    artifacts,
+    `Multiple artifacts found for ${targetPlatform} in version ${version}`,
+  );
+}
+
+function isNdjsonVersion(value: unknown): value is NdjsonVersion {
+  if (!isRecord(value)) {
+    return false;
+  }
+
+  if (typeof value.version !== "string" || !Array.isArray(value.artifacts)) {
+    return false;
+  }
+
+  return value.artifacts.every(isNdjsonArtifact);
+}
+
+function isNdjsonArtifact(value: unknown): value is NdjsonArtifact {
+  if (!isRecord(value)) {
+    return false;
+  }
+
+  const variantIsValid =
+    typeof value.variant === "string" || value.variant === undefined;
+
+  return (
+    typeof value.archive_format === "string" &&
+    typeof value.platform === "string" &&
+    typeof value.sha256 === "string" &&
+    typeof value.url === "string" &&
+    variantIsValid
+  );
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null;
+}

src/setup-uv.ts

@@ -5,6 +5,7 @@ import * as exec from "@actions/exec";
 import { restoreCache } from "./cache/restore-cache";
 import {
   downloadVersionFromManifest,
+  downloadVersionFromNdjson,
   resolveVersion,
   tryGetFromToolCache,
 } from "./download/download-version";
@@ -139,13 +140,22 @@ async function setupUv(
     };
   }
 
-  const downloadVersionResult = await downloadVersionFromManifest(
+  const downloadVersionResult =
+    manifestFile !== undefined
+      ? await downloadVersionFromManifest(
           manifestFile,
           platform,
           arch,
           resolvedVersion,
           checkSum,
           githubToken,
+        )
+      : await downloadVersionFromNdjson(
+          platform,
+          arch,
+          resolvedVersion,
+          checkSum,
+          githubToken,
         );
 
   return {
@@ -158,12 +168,7 @@ async function determineVersion(
   manifestFile: string | undefined,
 ): Promise<string> {
   if (versionInput !== "") {
-    return await resolveVersion(
-      versionInput,
-      manifestFile,
-      githubToken,
-      resolutionStrategy,
-    );
+    return await resolveVersion(versionInput, manifestFile, resolutionStrategy);
   }
   if (versionFileInput !== "") {
     const versionFromFile = getUvVersionFromFile(versionFileInput);
@@ -175,7 +180,6 @@ async function determineVersion(
     return await resolveVersion(
       versionFromFile,
       manifestFile,
-      githubToken,
       resolutionStrategy,
     );
   }
@@ -193,7 +197,6 @@ async function determineVersion(
   return await resolveVersion(
     versionFromUvToml || versionFromPyproject || "latest",
     manifestFile,
-    githubToken,
     resolutionStrategy,
   );
 }

src/update-known-checksums.ts

@@ -0,0 +1,81 @@
+import * as core from "@actions/core";
+import * as semver from "semver";
+import { KNOWN_CHECKSUMS } from "./download/checksum/known-checksums";
+import {
+  type ChecksumEntry,
+  updateChecksums,
+} from "./download/checksum/update-known-checksums";
+import {
+  fetchVersionData,
+  getLatestVersion,
+  type NdjsonVersion,
+} from "./download/versions-client";
+
+const VERSION_IN_CHECKSUM_KEY_PATTERN =
+  /-(\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?)$/;
+
+async function run(): Promise<void> {
+  const checksumFilePath = process.argv.slice(2)[0];
+  if (!checksumFilePath) {
+    throw new Error(
+      "Missing checksum file path. Usage: node dist/update-known-checksums/index.js <checksum-file-path>",
+    );
+  }
+
+  const latestVersion = await getLatestVersion();
+  const latestKnownVersion = getLatestKnownVersionFromChecksums();
+
+  if (semver.lte(latestVersion, latestKnownVersion)) {
+    core.info(
+      `Latest release (${latestVersion}) is not newer than the latest known version (${latestKnownVersion}). Skipping update.`,
+    );
+    return;
+  }
+
+  const versions = await fetchVersionData();
+  const checksumEntries = extractChecksumsFromNdjson(versions);
+  await updateChecksums(checksumFilePath, checksumEntries);
+
+  core.setOutput("latest-version", latestVersion);
+}
+
+function getLatestKnownVersionFromChecksums(): string {
+  const versions = new Set<string>();
+
+  for (const key of Object.keys(KNOWN_CHECKSUMS)) {
+    const version = extractVersionFromChecksumKey(key);
+    if (version !== undefined) {
+      versions.add(version);
+    }
+  }
+
+  const latestVersion = [...versions].sort(semver.rcompare)[0];
+  if (!latestVersion) {
+    throw new Error("Could not determine latest known version from checksums.");
+  }
+
+  return latestVersion;
+}
+
+function extractVersionFromChecksumKey(key: string): string | undefined {
+  return key.match(VERSION_IN_CHECKSUM_KEY_PATTERN)?.[1];
+}
+
+function extractChecksumsFromNdjson(
+  versions: NdjsonVersion[],
+): ChecksumEntry[] {
+  const checksums: ChecksumEntry[] = [];
+
+  for (const version of versions) {
+    for (const artifact of version.artifacts) {
+      checksums.push({
+        checksum: artifact.sha256,
+        key: `${artifact.platform}-${version.version}`,
+      });
+    }
+  }
+
+  return checksums;
+}
+
+run();

src/update-known-versions.ts

@@ -1,63 +0,0 @@
-import * as core from "@actions/core";
-import type { Endpoints } from "@octokit/types";
-import * as semver from "semver";
-import { updateChecksums } from "./download/checksum/update-known-checksums";
-import {
-  getLatestKnownVersion,
-  updateVersionManifest,
-} from "./download/version-manifest";
-import { OWNER, REPO } from "./utils/constants";
-import { Octokit } from "./utils/octokit";
-
-type Release =
-  Endpoints["GET /repos/{owner}/{repo}/releases"]["response"]["data"][number];
-
-async function run(): Promise<void> {
-  const checksumFilePath = process.argv.slice(2)[0];
-  const versionsManifestFile = process.argv.slice(2)[1];
-  const githubToken = process.argv.slice(2)[2];
-
-  const octokit = new Octokit({
-    auth: githubToken,
-  });
-
-  const { data: latestRelease } = await octokit.rest.repos.getLatestRelease({
-    owner: OWNER,
-    repo: REPO,
-  });
-
-  const latestKnownVersion = await getLatestKnownVersion(undefined);
-
-  if (semver.lte(latestRelease.tag_name, latestKnownVersion)) {
-    core.info(
-      `Latest release (${latestRelease.tag_name}) is not newer than the latest known version (${latestKnownVersion}). Skipping update.`,
-    );
-    return;
-  }
-
-  const releases: Release[] = await octokit.paginate(
-    octokit.rest.repos.listReleases,
-    {
-      owner: OWNER,
-      repo: REPO,
-    },
-  );
-  const checksumDownloadUrls: string[] = releases.flatMap((release) =>
-    release.assets
-      .filter((asset) => asset.name.endsWith(".sha256"))
-      .map((asset) => asset.browser_download_url),
-  );
-  await updateChecksums(checksumFilePath, checksumDownloadUrls);
-
-  const artifactDownloadUrls: string[] = releases.flatMap((release) =>
-    release.assets
-      .filter((asset) => !asset.name.endsWith(".sha256"))
-      .map((asset) => asset.browser_download_url),
-  );
-
-  await updateVersionManifest(versionsManifestFile, artifactDownloadUrls);
-
-  core.setOutput("latest-version", latestRelease.tag_name);
-}
-
-run();

src/utils/constants.ts

@@ -1,5 +1,5 @@
-export const REPO = "uv";
-export const OWNER = "astral-sh";
 export const TOOL_CACHE_NAME = "uv";
 export const STATE_UV_PATH = "uv-path";
 export const STATE_UV_VERSION = "uv-version";
+export const VERSIONS_NDJSON_URL =
+  "https://raw.githubusercontent.com/astral-sh/versions/main/v1/uv.ndjson";

src/utils/octokit.ts

@@ -1,34 +0,0 @@
-import type { OctokitOptions } from "@octokit/core";
-import { Octokit as Core } from "@octokit/core";
-import {
-  type PaginateInterface,
-  paginateRest,
-} from "@octokit/plugin-paginate-rest";
-import { legacyRestEndpointMethods } from "@octokit/plugin-rest-endpoint-methods";
-import { fetch as customFetch } from "./fetch";
-
-export type { RestEndpointMethodTypes } from "@octokit/plugin-rest-endpoint-methods";
-
-const DEFAULTS = {
-  baseUrl: "https://api.github.com",
-  userAgent: "setup-uv",
-};
-
-const OctokitWithPlugins = Core.plugin(paginateRest, legacyRestEndpointMethods);
-
-export const Octokit = OctokitWithPlugins.defaults(function buildDefaults(
-  options: OctokitOptions,
-): OctokitOptions {
-  return {
-    ...DEFAULTS,
-    ...options,
-    request: {
-      fetch: customFetch,
-      ...options.request,
-    },
-  };
-});
-
-export type Octokit = InstanceType<typeof OctokitWithPlugins> & {
-  paginate: PaginateInterface;
-};

src/utils/platforms.ts

@@ -13,6 +13,7 @@ export type Architecture =
   | "x86_64"
   | "aarch64"
   | "s390x"
+  | "riscv64gc"
   | "powerpc64le";
 
 export function getArch(): Architecture | undefined {
@@ -21,6 +22,7 @@ export function getArch(): Architecture | undefined {
     arm64: "aarch64",
     ia32: "i686",
     ppc64: "powerpc64le",
+    riscv64: "riscv64gc",
     s390x: "s390x",
     x64: "x86_64",
   };