github · ncalteen · Aug 27, 2025 · Aug 26, 2025 · Aug 26, 2025 · Aug 27, 2025
@@ -52,7 +52,9 @@ jobs:
   typescript-esm-npm:
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest]
+        os:
+          - ubuntu-latest
+          - windows-latest
 
     name: TypeScript ESM (npm)
     runs-on: ${{ matrix.os }}
@@ -86,7 +88,9 @@ jobs:
 
       - name: Install TypeScript Template Dependencies
         id: install-typescript
-        run: npm ci
+        run: |
+          npm ci
+          npm uninstall @github/local-action
         working-directory: typescript-action
 
       - name: Link @github/local-action
@@ -109,7 +113,9 @@ jobs:
   javascript-esm-npm:
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest]
+        os:
+          - ubuntu-latest
+          - windows-latest
 
     name: JavaScript ESM (npm)
     runs-on: ${{ matrix.os }}
@@ -143,7 +149,9 @@ jobs:
 
       - name: Install JavaScript Template Dependencies
         id: install-javascript
-        run: npm ci
+        run: |
+          npm ci
+          npm uninstall @github/local-action
         working-directory: javascript-action
 
       - name: Link @github/local-action
@@ -166,7 +174,9 @@ jobs:
   typescript-esm-pnpm:
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest]
+        os:
+          - ubuntu-latest
+          - windows-latest
 
     name: TypeScript ESM (pnpm)
     runs-on: ${{ matrix.os }}
@@ -206,14 +216,21 @@ jobs:
 
       - name: Install TypeScript Template Dependencies
         id: install-typescript
-        run: pnpm install
+        run: |
+          pnpm install
+          pnpm uninstall @github/local-action
         working-directory: typescript-pnpm-esm-action
 
-      - name: Link @github/local-action
-        id: link
-        run: pnpm link
+      - name: Create Global Link
+        id: create-link
+        run: npm link
         working-directory: local-action
 
+      - name: Use Global Link
+        id: use-link
+        run: pnpm link "${{ github.workspace }}/local-action"
+        working-directory: typescript-pnpm-esm-action
+
       - name: Generate Dotenv File
         id: dotenv
         run: |
@@ -229,7 +246,9 @@ jobs:
   typescript-cjs-pnpm:
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest]
+        os:
+          - ubuntu-latest
+          - windows-latest
 
     name: TypeScript CJS (pnpm)
     runs-on: ${{ matrix.os }}
@@ -269,14 +288,21 @@ jobs:
 
       - name: Install TypeScript Template Dependencies
         id: install-typescript
-        run: pnpm install
+        run: |
+          pnpm install
+          pnpm uninstall @github/local-action
         working-directory: typescript-pnpm-cjs-action
 
-      - name: Link @github/local-action
-        id: link
-        run: pnpm link
+      - name: Create Global Link
+        id: create-link
+        run: npm link
         working-directory: local-action
 
+      - name: Use Global Link
+        id: use-link
+        run: pnpm link "${{ github.workspace }}/local-action"
+        working-directory: typescript-pnpm-cjs-action
+
       - name: Generate Dotenv File
         id: dotenv
         run: |
@@ -333,11 +359,16 @@ jobs:
           yarn install
         working-directory: typescript-yarn-esm-action
 
-      - name: Link @github/local-action
-        id: link
-        run: yarn link
+      - name: Create Global Link
+        id: create-link
+        run: npm link
         working-directory: local-action
 
+      - name: Use Global Link
+        id: use-link
+        run: yarn link "${{ github.workspace }}/local-action"
+        working-directory: typescript-yarn-esm-action
+
       - name: Generate Dotenv File
         id: dotenv
         run: |

@@ -13,7 +13,7 @@
 # upon scanning, if a severity is found at or above the given severity then the return code will be 1
 # default is unset which will skip this validation (options: negligible, low, medium, high, critical)
 # same as --fail-on ; GRYPE_FAIL_ON_SEVERITY env var
-fail-on-severity: 'high'
+fail-on-severity: high
 
 # the output format of the vulnerability report (options: table, json, cyclonedx)
 # same as -o ; GRYPE_OUTPUT env var
@@ -145,7 +145,7 @@ exclude:
 # stock:
 #   using-cpes: true
 
-# ignore:
-#   # Ignored by default; disputed and unwarranted CVE that causes Megalinter to fail
-#   # @link https://nvd.nist.gov/vuln/detail/CVE-2018-20225
-#   - vulnerability: CVE-2018-20225
+ignore:
+  - package:
+      name: stdlib
+      type: go-module
@@ -1 +1 @@
-22.9.0
+24.4.0
@@ -25,18 +25,6 @@ function entrypoint() {
     // Get the absolute path to the `@github/local-action` package.
     const packagePath = path.resolve(__dirname, '..')
 
-    // Get the absolute path to the bootstrap script. On Windows systems, this
-    // need to be double-escaped so the path resolves correctly.
-    const bootstrapPath =
-      process.platform === 'win32'
-        ? path.join(packagePath, 'src', 'bootstrap.ts').replaceAll('\\', '\\\\')
-        : path.join(packagePath, 'src', 'bootstrap.ts')
-
-    // Require the bootstrap script in NODE_OPTIONS.
-    process.env.NODE_OPTIONS = process.env.NODE_OPTIONS
-      ? `${process.env.NODE_OPTIONS} --require "${bootstrapPath}"`
-      : `--require "${bootstrapPath}"`
-
     // Disable experimental warnings.
     process.env.NODE_NO_WARNINGS = 1
 

@@ -7,7 +7,6 @@ const config: JestConfigWithTsJest = {
   coverageDirectory: 'coverage',
   coveragePathIgnorePatterns: [
     'node_modules',
-    'src/bootstrap.ts',
     'src/types/quibble.d.ts',
     'src/commands/run.ts',
     'src/stubs/artifact/artifact.ts'

@@ -1,7 +1,7 @@
 {
   "name": "@github/local-action",
   "description": "Local Debugging for GitHub Actions",
-  "version": "5.1.0",
+  "version": "5.2.0",
   "type": "module",
   "author": "Nick Alteen <[email protected]>",
   "private": false,
@@ -19,7 +19,7 @@
     "typescript"
   ],
   "engines": {
-    "node": "^20 || ^22"
+    "node": "^20 || ^22 || ^24"
   },
   "exports": {
     ".": "./src/index.ts"

@@ -1,8 +1,11 @@
+import { parse } from 'comment-json'
 import { config } from 'dotenv'
 import { createRequire } from 'module'
 import { execSync } from 'node:child_process'
 import path from 'path'
 import * as quibble from 'quibble'
+import { loadConfig, register } from 'tsconfig-paths'
+import { fileURLToPath } from 'url'
 import { ARTIFACT_STUBS } from '../stubs/artifact/artifact.js'
 import { CORE_STUBS, CoreMeta } from '../stubs/core/core.js'
 import { EnvMeta } from '../stubs/env.js'
@@ -30,6 +33,37 @@ export async function action(
   const fs = await import('fs')
   const YAML = await import('yaml')
 
+  if (process.env.TARGET_ACTION_PATH && process.env.TARGET_ACTION_PATH !== '') {
+    // Check if the action has a `tsconfig.json` file.
+    if (fs.existsSync(`${process.env.TARGET_ACTION_PATH}/tsconfig.json`)) {
+      const __dirname = path.dirname(fileURLToPath(import.meta.url))
+
+      // Load the `tsconfig.json` from the action directory.
+      const actionTsConfig = parse(
+        fs.readFileSync(
+          `${process.env.TARGET_ACTION_PATH}/tsconfig.json`,
+          'utf-8'
+        )
+      )
+
+      // Load the current `tsconfig.json` from the root of this directory.
+      loadConfig(__dirname)
+
+      // Get the paths from the action's `tsconfig.json`, if any.
+      // @ts-expect-error comment-json type mismatch
+      const paths = actionTsConfig?.compilerOptions?.paths ?? {}
+
+      // Add any path mappings from the imported action. Replace the base URL with
+      // the target action path.
+      // @todo Should this take into account the previous `baseUrl` value?
+      register({
+        baseUrl: process.env.TARGET_ACTION_PATH,
+        paths,
+        addMatchAll: true
+      })
+    }
+  }
+
   CoreMeta.colors = {
     cyan: (msg: string) => console.log(chalk.cyan(msg)),
     blue: (msg: string) => console.log(chalk.blue(msg)),