Bump Go Modules (#367)

Bumps Go modules used by the project. See the commit for details on what modules were updated.

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: buildpack-bot <buildpack-bot@users.noreply.github.com>

.github/CODEOWNERS

@@ -1 +1 @@
-* @buildpacks/distribution-maintainers
+* @buildpacks/platform-maintainers @buildpacks/toc @edmorley

.github/dependabot.yml

@@ -4,6 +4,8 @@ updates:
       directory: /
       schedule:
         interval: daily
+      ignore:
+        - dependency-name: github.com/onsi/gomega
       labels:
         - semver:patch
         - type:dependency-upgrade

.github/pipeline-descriptor.yml

@@ -4,4 +4,4 @@ github:
 
 codeowners:
 - path:  "*"
-  owner: "@buildpacks/distribution-maintainers"
+  owner: "@buildpacks/platform-maintainers @buildpacks/toc"

.github/pipeline-version

@@ -1 +1 @@
-1.29.0
+1.41.2

.github/workflows/action-buildpack-compute-metadata.yml

@@ -22,7 +22,7 @@ jobs:
     steps:
     - if:   ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }}
       name: Docker login ghcr.io
-      uses: docker/login-action@v1.10.0
+      uses: docker/login-action@v3.0.0
       with:
         password: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}
         registry: ghcr.io
@@ -43,7 +43,7 @@ jobs:
               VERSION=$(git rev-parse --short HEAD)
             fi
 
-            echo "::set-output name=version::${VERSION}"
+            echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
             echo "Selected ${VERSION} from
               * ref: ${GITHUB_REF}
               * sha: ${GITHUB_SHA}

.github/workflows/action-buildpackage-verify-metadata.yml

@@ -22,7 +22,7 @@ jobs:
     steps:
     - if:   ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }}
       name: Docker login ghcr.io
-      uses: docker/login-action@v1.10.0
+      uses: docker/login-action@v3.0.0
       with:
         password: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}
         registry: ghcr.io
@@ -43,7 +43,7 @@ jobs:
               VERSION=$(git rev-parse --short HEAD)
             fi
 
-            echo "::set-output name=version::${VERSION}"
+            echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
             echo "Selected ${VERSION} from
               * ref: ${GITHUB_REF}
               * sha: ${GITHUB_SHA}

.github/workflows/action-registry-add-entry.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
     - if:   ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }}
       name: Docker login ghcr.io
-      uses: docker/login-action@v1.10.0
+      uses: docker/login-action@v3.0.0
       with:
         password: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}
         registry: ghcr.io
@@ -45,7 +45,7 @@ jobs:
               VERSION=$(git rev-parse --short HEAD)
             fi
 
-            echo "::set-output name=version::${VERSION}"
+            echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
             echo "Selected ${VERSION} from
               * ref: ${GITHUB_REF}
               * sha: ${GITHUB_SHA}

.github/workflows/action-registry-compute-metadata.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
     - if:   ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }}
       name: Docker login ghcr.io
-      uses: docker/login-action@v1.10.0
+      uses: docker/login-action@v3.0.0
       with:
         password: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}
         registry: ghcr.io
@@ -45,7 +45,7 @@ jobs:
               VERSION=$(git rev-parse --short HEAD)
             fi
 
-            echo "::set-output name=version::${VERSION}"
+            echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
             echo "Selected ${VERSION} from
               * ref: ${GITHUB_REF}
               * sha: ${GITHUB_SHA}

.github/workflows/action-registry-index-update-release.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Repository Dispatch
-        uses: peter-evans/repository-dispatch@v1
+        uses: peter-evans/repository-dispatch@v3
         with:
           token: ${{ secrets.DISTRIBUTION_GITHUB_TOKEN }}
           repository: buildpacks/registry-index

.github/workflows/action-registry-request-add-entry.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
     - if:   ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }}
       name: Docker login ghcr.io
-      uses: docker/login-action@v1.10.0
+      uses: docker/login-action@v3.0.0
       with:
         password: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}
         registry: ghcr.io
@@ -45,7 +45,7 @@ jobs:
               VERSION=$(git rev-parse --short HEAD)
             fi
 
-            echo "::set-output name=version::${VERSION}"
+            echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
             echo "Selected ${VERSION} from
               * ref: ${GITHUB_REF}
               * sha: ${GITHUB_SHA}

.github/workflows/action-registry-request-yank-entry.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
     - if:   ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }}
       name: Docker login ghcr.io
-      uses: docker/login-action@v1.10.0
+      uses: docker/login-action@v3.0.0
       with:
         password: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}
         registry: ghcr.io
@@ -45,7 +45,7 @@ jobs:
               VERSION=$(git rev-parse --short HEAD)
             fi
 
-            echo "::set-output name=version::${VERSION}"
+            echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
             echo "Selected ${VERSION} from
               * ref: ${GITHUB_REF}
               * sha: ${GITHUB_SHA}

.github/workflows/action-registry-verify-namespace-owner.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
     - if:   ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }}
       name: Docker login ghcr.io
-      uses: docker/login-action@v1.10.0
+      uses: docker/login-action@v3.0.0
       with:
         password: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}
         registry: ghcr.io
@@ -45,7 +45,7 @@ jobs:
               VERSION=$(git rev-parse --short HEAD)
             fi
 
-            echo "::set-output name=version::${VERSION}"
+            echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
             echo "Selected ${VERSION} from
               * ref: ${GITHUB_REF}
               * sha: ${GITHUB_SHA}

.github/workflows/action-registry-yank-entry.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
     - if:   ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }}
       name: Docker login ghcr.io
-      uses: docker/login-action@v1.10.0
+      uses: docker/login-action@v3.0.0
       with:
         password: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}
         registry: ghcr.io
@@ -45,7 +45,7 @@ jobs:
               VERSION=$(git rev-parse --short HEAD)
             fi
 
-            echo "::set-output name=version::${VERSION}"
+            echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
             echo "Selected ${VERSION} from
               * ref: ${GITHUB_REF}
               * sha: ${GITHUB_SHA}

.github/workflows/minimal-labels.yml

@@ -1,29 +0,0 @@
-name: Minimal Labels
-"on":
-    pull_request:
-        types:
-            - synchronize
-            - reopened
-            - labeled
-            - unlabeled
-jobs:
-    semver:
-        name: Minimal Semver Labels
-        runs-on:
-            - ubuntu-latest
-        steps:
-            - uses: mheap/github-action-required-labels@v2
-              with:
-                count: 1
-                labels: semver:major, semver:minor, semver:patch
-                mode: exactly
-    type:
-        name: Minimal Type Labels
-        runs-on:
-            - ubuntu-latest
-        steps:
-            - uses: mheap/github-action-required-labels@v2
-              with:
-                count: 1
-                labels: type:bug, type:dependency-upgrade, type:documentation, type:enhancement, type:question, type:task
-                mode: exactly

.github/workflows/pb-minimal-labels.yml

@@ -12,7 +12,7 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - uses: mheap/github-action-required-labels@v2
+            - uses: mheap/github-action-required-labels@v5
               with:
                 count: 1
                 labels: semver:major, semver:minor, semver:patch
@@ -22,7 +22,7 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - uses: mheap/github-action-required-labels@v2
+            - uses: mheap/github-action-required-labels@v5
               with:
                 count: 1
                 labels: type:bug, type:dependency-upgrade, type:documentation, type:enhancement, type:question, type:task

.github/workflows/pb-synchronize-labels.yml

@@ -11,7 +11,7 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
             - uses: micnncim/action-label-syncer@v1
               env:
                 GITHUB_TOKEN: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}

.github/workflows/pb-tests.yml

@@ -1,5 +1,10 @@
 name: Tests
 "on":
+    merge_group:
+        types:
+            - checks_requested
+        branches:
+            - main
     pull_request: {}
     push:
         branches:
@@ -10,15 +15,15 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - uses: actions/checkout@v3
-            - uses: actions/cache@v3
+            - uses: actions/checkout@v4
+            - uses: actions/cache@v4
               with:
                 key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
                 path: ${{ env.HOME }}/go/pkg/mod
                 restore-keys: ${{ runner.os }}-go-
-            - uses: actions/setup-go@v3
+            - uses: actions/setup-go@v5
               with:
-                go-version: "1.18"
+                go-version: "1.24"
             - name: Install richgo
               run: |
                 #!/usr/bin/env bash

.github/workflows/pb-update-go.yml

@@ -1,7 +1,7 @@
 name: Update Go
 "on":
     schedule:
-        - cron: 0 2 * * 1
+        - cron: 26 2 * * 1
     workflow_dispatch: {}
 jobs:
     update:
@@ -9,10 +9,10 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - uses: actions/setup-go@v3
+            - uses: actions/setup-go@v5
               with:
-                go-version: "1.18"
-            - uses: actions/checkout@v3
+                go-version: "1.24"
+            - uses: actions/checkout@v4
             - name: Update Go Version & Modules
               id: update-go
               run: |
@@ -25,11 +25,11 @@ jobs:
                     exit 1
                 fi
 
-                OLD_GO_VERSION=$(grep -P '^go \d\.\d+' go.mod | cut -d ' ' -f 2)
+                OLD_GO_VERSION=$(grep -P '^go \d\.\d+' go.mod | cut -d ' ' -f 2 | cut -d '.' -f 1-2)
 
                 go mod edit -go="$GO_VERSION"
                 go mod tidy
-                go get -u all
+                go get -u -t ./...
                 go mod tidy
 
                 git add go.mod go.sum
@@ -45,12 +45,12 @@ jobs:
                     COMMIT_SEMVER="semver:minor"
                 fi
 
-                echo "::set-output name=commit-title::${COMMIT_TITLE}"
-                echo "::set-output name=commit-body::${COMMIT_BODY}"
-                echo "::set-output name=commit-semver::${COMMIT_SEMVER}"
+                echo "commit-title=${COMMIT_TITLE}" >> "$GITHUB_OUTPUT"
+                echo "commit-body=${COMMIT_BODY}" >> "$GITHUB_OUTPUT"
+                echo "commit-semver=${COMMIT_SEMVER}" >> "$GITHUB_OUTPUT"
               env:
-                GO_VERSION: "1.18"
-            - uses: peter-evans/create-pull-request@v4
+                GO_VERSION: "1.24"
+            - uses: peter-evans/create-pull-request@v6
               with:
                 author: ${{ secrets.IMPLEMENTATION_GITHUB_USERNAME }} <${{ secrets.IMPLEMENTATION_GITHUB_USERNAME }}@users.noreply.github.com>
                 body: |-

.github/workflows/pb-update-pipeline.yml

@@ -14,9 +14,9 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - uses: actions/setup-go@v3
+            - uses: actions/setup-go@v5
               with:
-                go-version: "1.18"
+                go-version: "1.24"
             - name: Install octo
               run: |
                 #!/usr/bin/env bash
@@ -24,7 +24,7 @@ jobs:
                 set -euo pipefail
 
                 go install -ldflags="-s -w" github.com/paketo-buildpacks/pipeline-builder/cmd/octo@latest
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
             - name: Update Pipeline
               id: pipeline
               run: |
@@ -55,15 +55,23 @@ jobs:
                 )
 
                 git add .github/
+                git add .gitignore
+
+                if [ -f scripts/build.sh ]; then
+                  git add scripts/build.sh
+                fi
+
                 git checkout -- .
 
-                echo "::set-output name=old-version::${OLD_VERSION}"
-                echo "::set-output name=new-version::${NEW_VERSION}"
-                echo "::set-output name=release-notes::${RELEASE_NOTES//$'\n'/%0A}"
+                echo "old-version=${OLD_VERSION}" >> "$GITHUB_OUTPUT"
+                echo "new-version=${NEW_VERSION}" >> "$GITHUB_OUTPUT"
+
+                DELIMITER=$(openssl rand -hex 16) # roughly the same entropy as uuid v4 used in https://github.com/actions/toolkit/blob/b36e70495fbee083eb20f600eafa9091d832577d/packages/core/src/file-command.ts#L28
+                printf "release-notes<<%s\n%s\n%s\n" "${DELIMITER}" "${RELEASE_NOTES}" "${DELIMITER}" >> "${GITHUB_OUTPUT}" # see https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
               env:
                 DESCRIPTOR: .github/pipeline-descriptor.yml
                 GITHUB_TOKEN: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}
-            - uses: peter-evans/create-pull-request@v4
+            - uses: peter-evans/create-pull-request@v6
               with:
                 author: ${{ secrets.IMPLEMENTATION_GITHUB_USERNAME }} <${{ secrets.IMPLEMENTATION_GITHUB_USERNAME }}@users.noreply.github.com>
                 body: |-

.github/workflows/synchronize-labels.yml

@@ -1,17 +0,0 @@
-name: Synchronize Labels
-"on":
-    push:
-        branches:
-            - main
-        paths:
-            - .github/labels.yml
-jobs:
-    synchronize:
-        name: Synchronize Labels
-        runs-on:
-            - ubuntu-latest
-        steps:
-            - uses: actions/checkout@v3
-            - uses: micnncim/action-label-syncer@v1
-              env:
-                GITHUB_TOKEN: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}

.github/workflows/tests.yml

@@ -1,49 +0,0 @@
-name: Tests
-"on":
-    pull_request: {}
-    push:
-        branches:
-            - main
-jobs:
-    unit:
-        name: Unit Test
-        runs-on:
-            - ubuntu-latest
-        steps:
-            - uses: actions/checkout@v3
-            - uses: actions/cache@v3
-              with:
-                key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-                path: ${{ env.HOME }}/go/pkg/mod
-                restore-keys: ${{ runner.os }}-go-
-            - uses: actions/setup-go@v3
-              with:
-                go-version: "1.19"
-            - name: Install richgo
-              run: |
-                #!/usr/bin/env bash
-
-                set -euo pipefail
-
-                echo "Installing richgo ${RICHGO_VERSION}"
-
-                mkdir -p "${HOME}"/bin
-                echo "${HOME}/bin" >> "${GITHUB_PATH}"
-
-                curl \
-                  --location \
-                  --show-error \
-                  --silent \
-                  "https://github.com/kyoh86/richgo/releases/download/v${RICHGO_VERSION}/richgo_${RICHGO_VERSION}_linux_amd64.tar.gz" \
-                | tar -C "${HOME}"/bin -xz richgo
-              env:
-                RICHGO_VERSION: 0.3.10
-            - name: Run Tests
-              run: |
-                #!/usr/bin/env bash
-
-                set -euo pipefail
-
-                richgo test ./...
-              env:
-                RICHGO_FORCE_COLOR: "1"

.github/workflows/update-draft-release.yml

@@ -1,15 +0,0 @@
-name: Update Draft Release
-"on":
-    push:
-        branches:
-            - main
-jobs:
-    update:
-        name: Update Draft Release
-        runs-on:
-            - ubuntu-latest
-        steps:
-            - id: release-drafter
-              uses: release-drafter/release-drafter@v5
-              env:
-                GITHUB_TOKEN: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}

.github/workflows/update-pack-version.yml

@@ -7,7 +7,7 @@ on:
       - pack-release
 
 jobs:
-  update-version:
+  update-pack-version:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
@@ -18,9 +18,9 @@ jobs:
             echo "new_version=${NEW_VERSION}" >> ${GITHUB_OUTPUT}
       - name: Update setup-pack/action.yml with the new Pack version
         run: |
-            sed -i -z "s/default:     '[0-9]\{1,\}.[0-9]\{1,\}.[0-9]\{1,\}'/default:     '${{ steps.version.outputs.new_version }}'/2" setup-pack/action.yml
+            sed -i -z "s/default:     '[0-9]\{1,\}.[0-9]\{1,\}.[0-9]\{1,\}'/default:     '${{ steps.version.outputs.new_version }}'/" setup-pack/action.yml
       - name: Create pull request
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.DISTRIBUTION_GITHUB_TOKEN }}
           commit-message: Update default Pack version to v${{ steps.version.outputs.new_version }}
@@ -30,6 +30,9 @@ jobs:
             
             Release notes:
             https://github.com/buildpacks/pack/releases/tag/v${{ steps.version.outputs.new_version }}
+          labels: |
+            semver:patch
+            type:dependency-upgrade
           branch: update-version
           base: main
           signoff: true

.github/workflows/update-pipeline.yml

@@ -1,84 +0,0 @@
-name: Update Pipeline
-"on":
-    push:
-        branches:
-            - main
-        paths:
-            - .github/pipeline-descriptor.yml
-    schedule:
-        - cron: 0 5 * * 1-5
-    workflow_dispatch: {}
-jobs:
-    update:
-        name: Update Pipeline
-        runs-on:
-            - ubuntu-latest
-        steps:
-            - uses: actions/setup-go@v3
-              with:
-                go-version: "1.17"
-            - name: Install octo
-              run: |
-                #!/usr/bin/env bash
-
-                set -euo pipefail
-
-                GO111MODULE=on go get -u -ldflags="-s -w" github.com/paketo-buildpacks/pipeline-builder/cmd/octo
-            - uses: actions/checkout@v3
-            - name: Update Pipeline
-              id: pipeline
-              run: |
-                #!/usr/bin/env bash
-
-                set -euo pipefail
-
-                if [[ -f .github/pipeline-version ]]; then
-                  OLD_VERSION=$(cat .github/pipeline-version)
-                else
-                  OLD_VERSION="0.0.0"
-                fi
-
-                octo --descriptor "${DESCRIPTOR}"
-
-                PAYLOAD=$(gh api /repos/paketo-buildpacks/pipeline-builder/releases/latest)
-
-                NEW_VERSION=$(jq -n -r --argjson PAYLOAD "${PAYLOAD}" '$PAYLOAD.name')
-                echo "${NEW_VERSION}" > .github/pipeline-version
-
-                RELEASE_NOTES=$(
-                  gh api \
-                    -F text="$(jq -n -r --argjson PAYLOAD "${PAYLOAD}" '$PAYLOAD.body')" \
-                    -F mode="gfm" \
-                    -F context="paketo-buildpacks/pipeline-builder" \
-                    -X POST /markdown
-                )
-
-                git add .github/
-                git checkout -- .
-
-                echo "::set-output name=old-version::${OLD_VERSION}"
-                echo "::set-output name=new-version::${NEW_VERSION}"
-                echo "::set-output name=release-notes::${RELEASE_NOTES//$'\n'/%0A}"
-              env:
-                DESCRIPTOR: .github/pipeline-descriptor.yml
-                GITHUB_TOKEN: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}
-            - uses: peter-evans/create-pull-request@v4
-              with:
-                author: ${{ secrets.IMPLEMENTATION_GITHUB_USERNAME }} <${{ secrets.IMPLEMENTATION_GITHUB_USERNAME }}@users.noreply.github.com>
-                body: |-
-                    Bumps pipeline from `${{ steps.pipeline.outputs.old-version }}` to `${{ steps.pipeline.outputs.new-version }}`.
-
-                    <details>
-                    <summary>Release Notes</summary>
-                    ${{ steps.pipeline.outputs.release-notes }}
-                    </details>
-                branch: update/pipeline
-                commit-message: |-
-                    Bump pipeline from ${{ steps.pipeline.outputs.old-version }} to ${{ steps.pipeline.outputs.new-version }}
-
-                    Bumps pipeline from ${{ steps.pipeline.outputs.old-version }} to ${{ steps.pipeline.outputs.new-version }}.
-                delete-branch: true
-                labels: semver:patch, type:task
-                signoff: true
-                title: Bump pipeline from ${{ steps.pipeline.outputs.old-version }} to ${{ steps.pipeline.outputs.new-version }}
-                token: ${{ secrets.IMPLEMENTATION_GITHUB_TOKEN }}

.gitignore

@@ -11,4 +11,10 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-.idea/
+
+bin/
+linux/
+dependencies/
+package/
+scratch/
+

Dockerfile

@@ -1,6 +1,4 @@
-FROM golang:1.17 as build-stage
-
-RUN apt-get update && apt-get install -y --no-install-recommends upx
+FROM golang:1.24 as build-stage
 
 WORKDIR /src
 ENV GO111MODULE=on CGO_ENABLED=0
@@ -17,9 +15,8 @@ RUN go build \
 
 RUN strip /bin/action
 
-RUN upx -q -9 /bin/action
-
 FROM scratch
+LABEL org.opencontainers.image.source=https://github.com/buildpacks/github-actions
 COPY --from=build-stage /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=build-stage /bin/action /bin/action
 ENTRYPOINT ["/bin/action"]

go.mod

@@ -1,43 +1,42 @@
 module github.com/buildpacks/github-actions
 
-go 1.19
+go 1.24
 
 require (
-	github.com/buildpacks/libcnb v1.27.0
-	github.com/google/go-containerregistry v0.12.1
+	github.com/buildpacks/libcnb v1.30.4
+	github.com/google/go-containerregistry v0.20.6
 	github.com/google/go-github/v39 v39.2.0
-	github.com/onsi/gomega v1.24.2
+	github.com/onsi/gomega v1.38.0
 	github.com/pelletier/go-toml v1.9.5
 	github.com/sclevine/spec v1.4.0
-	github.com/stretchr/testify v1.8.1
-	golang.org/x/oauth2 v0.3.0
+	github.com/stretchr/testify v1.10.0
+	golang.org/x/oauth2 v0.30.0
 	gopkg.in/retry.v1 v1.0.3
 )
 
 require (
-	github.com/BurntSushi/toml v1.2.1 // indirect
-	github.com/Masterminds/semver/v3 v3.1.1 // indirect
+	github.com/BurntSushi/toml v1.5.0 // indirect
+	github.com/Masterminds/semver/v3 v3.4.0 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.17.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v20.10.21+incompatible // indirect
-	github.com/docker/distribution v2.8.1+incompatible // indirect
-	github.com/docker/docker v20.10.21+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/docker/cli v28.3.3+incompatible // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.9.3 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
+	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
-	golang.org/x/crypto v0.1.0 // indirect
-	golang.org/x/net v0.4.0 // indirect
-	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/sys v0.3.0 // indirect
-	golang.org/x/text v0.5.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/vbatts/tar-split v0.12.1 // indirect
+	golang.org/x/crypto v0.41.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,42 +1,43 @@
-github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
-github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
-github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/buildpacks/libcnb v1.27.0 h1:Jwp5EDGJWYBLPn902w/648w3S+H2HL7/Xw8FLcrXgAo=
-github.com/buildpacks/libcnb v1.27.0/go.mod h1:SZirCtDl+AiFHTS6R4KlUPMqWzjwmEACsz/c2wI1nb8=
-github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0=
+github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
+github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
+github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/buildpacks/libcnb v1.30.4 h1:Jp6cJxYsZQgqix+lpRdSpjHt5bv5yCJqgkw9zWmS6xU=
+github.com/buildpacks/libcnb v1.30.4/go.mod h1:vjEDAlK3/Rf67AcmBzphXoqIlbdFgBNUK5d8wjreJbY=
+github.com/containerd/stargz-snapshotter/estargz v0.17.0 h1:+TyQIsR/zSFI1Rm31EQBwpAA1ovYgIKHy7kctL3sLcE=
+github.com/containerd/stargz-snapshotter/estargz v0.17.0/go.mod h1:s06tWAiJcXQo9/8AReBCIo/QxcXFZ2n4qfsRnpl71SM=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SHndOuGsfwyhU=
-github.com/docker/cli v20.10.21+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
-github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.21+incompatible h1:UTLdBmHk3bEY+w8qeO5KttOhy6OmXWsl/FEet9Uswog=
-github.com/docker/docker v20.10.21+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
-github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
+github.com/docker/cli v28.3.3+incompatible h1:fp9ZHAr1WWPGdIWBM1b3zLtgCF+83gRdVMTJsUeiyAo=
+github.com/docker/cli v28.3.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
+github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8=
+github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo=
 github.com/frankban/quicktest v1.2.2 h1:xfmOhhoH5fGPgbEAlhLpJH9p0z/0Qizio9osmvn9IUY=
 github.com/frankban/quicktest v1.2.2/go.mod h1:Qh/WofXFeiAFII1aEBu529AtJo6Zg2VHscnEsbBnJ20=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.2.1-0.20190312032427-6f77996f0c42/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.12.1 h1:W1mzdNUTx4Zla4JaixCRLhORcR7G6KxE5hHl5fkPsp8=
-github.com/google/go-containerregistry v0.12.1/go.mod h1:sdIK+oHQO7B93xI8UweYdl887YhuIwg9vz8BSLH3+8k=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB31qAwjAohdSTU=
+github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y=
 github.com/google/go-github/v39 v39.2.0 h1:rNNM311XtPOz5rDdsJXAp2o8F67X9FnROXTvto3aSnQ=
 github.com/google/go-github/v39 v39.2.0/go.mod h1:C1s8C5aCC9L+JXIYpJM5GYytdX52vC1bLvHEF1IhBrE=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
-github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c=
+github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
+github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@@ -44,13 +45,14 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q=
-github.com/onsi/gomega v1.24.2 h1:J/tulyYK6JwBldPViHJReihxxZ+22FHs0piGjQAvoUE=
-github.com/onsi/gomega v1.24.2/go.mod h1:gs3J10IS7Z7r7eXRoNJIrNqU4ToQukCJhFtKrWgHWnk=
+github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
+github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
+github.com/onsi/gomega v1.38.0 h1:c/WX+w8SLAinvuKKQFh77WEucCnPk4j2OTUr7lt7BeY=
+github.com/onsi/gomega v1.38.0/go.mod h1:OcXcwId0b9QsE7Y49u+BTrL4IdKOBOKnD6VQNTJEB6o=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
-github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
+github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
+github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -61,56 +63,54 @@ github.com/rogpeppe/clock v0.0.0-20190514195947-2896927a307a h1:3QH7VyOaaiUHNrA9
 github.com/rogpeppe/clock v0.0.0-20190514195947-2896927a307a/go.mod h1:4r5QyqhjIWCcK8DO4KMclc5Iknq5qVBAlbYYzAbUScQ=
 github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8=
 github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo=
+github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
+go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
+go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
+golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
-golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.3.0 h1:6l90koy8/LaBLmLu8jpHeHexzMwEita0zFfYlggy2F8=
-golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
+golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
+golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
-golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
+golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
+golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/retry.v1 v1.0.3 h1:a9CArYczAVv6Qs6VGoLMio99GEs7kY9UzSF9+LD+iGs=
 gopkg.in/retry.v1 v1.0.3/go.mod h1:FJkXmWiMaAo7xB+xhvDF59zhfjDWyzmyAxiT4dB688g=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
+gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=

internal/toolkit/toolkit.go

@@ -17,6 +17,8 @@
 package toolkit
 
 import (
+	"crypto/rand"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
@@ -92,6 +94,7 @@ type DefaultToolkit struct {
 
 	Environment map[string]string
 	Writer      io.Writer
+	Delemiter   string
 }
 
 func (d *DefaultToolkit) AddPath(paths ...string) error {
@@ -116,11 +119,15 @@ func (d *DefaultToolkit) AddPath(paths ...string) error {
 }
 
 func (d *DefaultToolkit) ExportVariable(name string, value string) error {
+	return d.export("GITHUB_ENV", name, value)
+}
+
+func (d *DefaultToolkit) export(env string, name string, value string) error {
 	d.once.Do(d.init)
 
-	path, ok := d.Environment["GITHUB_ENV"]
+	path, ok := d.Environment[env]
 	if !ok {
-		return FailedError("$GITHUB_ENV must be set")
+		return FailedErrorf("$%s must be set", env)
 	}
 
 	f, err := os.OpenFile(path, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0644)
@@ -130,7 +137,7 @@ func (d *DefaultToolkit) ExportVariable(name string, value string) error {
 	defer f.Close()
 
 	if strings.ContainsRune(value, '\n') {
-		if _, err := fmt.Fprintln(f, fmt.Sprintf("%s<<EOF\n%s\nEOF", name, value)); err != nil {
+		if _, err := fmt.Fprintln(f, fmt.Sprintf("%s<<%s\n%s\n%s", name, d.Delemiter, value, d.Delemiter)); err != nil {
 			return FailedError("unable to write variable")
 		}
 	} else {
@@ -154,8 +161,10 @@ func (d *DefaultToolkit) GetInputList(name string) ([]string, bool) {
 }
 
 func (d *DefaultToolkit) SetOutput(name string, value string) {
-	d.once.Do(d.init)
-	_, _ = fmt.Fprintf(d.Writer, "::set-output name=%s::%s\n", name, escape(value))
+	err := d.export("GITHUB_OUTPUT", name, value)
+	if err != nil {
+		panic(err)
+	}
 }
 
 func (d *DefaultToolkit) GetState(name string) (string, bool) {
@@ -165,8 +174,10 @@ func (d *DefaultToolkit) GetState(name string) (string, bool) {
 }
 
 func (d *DefaultToolkit) SetState(name string, value string) {
-	d.once.Do(d.init)
-	_, _ = fmt.Fprintf(d.Writer, "::save-state name=%s::%s\n", name, escape(value))
+	err := d.export("GITHUB_STATE", name, value)
+	if err != nil {
+		panic(err)
+	}
 }
 
 func (d *DefaultToolkit) AddMask(mask string) {
@@ -248,6 +259,15 @@ func (d *DefaultToolkit) init() {
 	if d.Writer == nil {
 		d.Writer = os.Stdout
 	}
+
+	if d.Delemiter == "" {
+		data := make([]byte, 16) // roughly the same entropy as uuid v4 used in https://github.com/actions/toolkit/blob/b36e70495fbee083eb20f600eafa9091d832577d/packages/core/src/file-command.ts#L28
+		_, err := rand.Read(data)
+		if err != nil {
+			panic(fmt.Errorf("could not generate random delimiter: %w", err))
+		}
+		d.Delemiter = hex.EncodeToString(data)
+	}
 }
 
 func errorString(a ...interface{}) string {

internal/toolkit/toolkit_test.go

@@ -19,7 +19,7 @@ package toolkit_test
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"testing"
 
 	. "github.com/onsi/gomega"
@@ -81,11 +81,11 @@ func TestToolkit(t *testing.T) {
 
 			var (
 				b  = &bytes.Buffer{}
-				tk = toolkit.DefaultToolkit{Writer: b}
+				tk = toolkit.DefaultToolkit{Writer: b, Delemiter: "EOF"}
 			)
 
 			it("adds path", func() {
-				f, err := ioutil.TempFile("", "github-path")
+				f, err := os.CreateTemp("", "github-path")
 				Expect(err).NotTo(HaveOccurred())
 				_, err = fmt.Fprintln(f, "test-value")
 				Expect(err).NotTo(HaveOccurred())
@@ -95,12 +95,13 @@ func TestToolkit(t *testing.T) {
 
 				Expect(tk.AddPath("test-path-1", "test-path-2")).To(Succeed())
 
-				b, err := ioutil.ReadFile(f.Name())
+				b, err := os.ReadFile(f.Name())
+				Expect(err).NotTo(HaveOccurred())
 				Expect(string(b)).To(Equal("test-value\ntest-path-1\ntest-path-2\n"))
 			})
 
 			it("exports variable", func() {
-				f, err := ioutil.TempFile("", "github-env")
+				f, err := os.CreateTemp("", "github-env")
 				Expect(err).NotTo(HaveOccurred())
 				_, err = fmt.Fprintln(f, "TEST_KEY=test-value")
 				Expect(err).NotTo(HaveOccurred())
@@ -111,7 +112,8 @@ func TestToolkit(t *testing.T) {
 				Expect(tk.ExportVariable("TEST_NAME_1", "test-value-1")).To(Succeed())
 				Expect(tk.ExportVariable("TEST_NAME_2", "test-value-2\ntest-value-3")).To(Succeed())
 
-				b, err := ioutil.ReadFile(f.Name())
+				b, err := os.ReadFile(f.Name())
+				Expect(err).NotTo(HaveOccurred())
 				Expect(string(b)).To(Equal("TEST_KEY=test-value\nTEST_NAME_1=test-value-1\nTEST_NAME_2<<EOF\ntest-value-2\ntest-value-3\nEOF\n"))
 			})
 
@@ -138,9 +140,18 @@ func TestToolkit(t *testing.T) {
 			})
 
 			it("sets output", func() {
+				f, err := os.CreateTemp("", "github-output")
+				Expect(err).NotTo(HaveOccurred())
+				_, err = fmt.Fprintln(f, "TEST_OUTPUT=test-value")
+				Expect(err).NotTo(HaveOccurred())
+				Expect(f.Close()).To(Succeed())
+				tk.Environment = map[string]string{"GITHUB_OUTPUT": f.Name()}
+
 				tk.SetOutput("test-name", "test-value-1\ntest-value-2")
 
-				Expect(b.String()).To(Equal("::set-output name=test-name::test-value-1%0Atest-value-2\n"))
+				b, err := os.ReadFile(f.Name())
+				Expect(err).NotTo(HaveOccurred())
+				Expect(string(b)).To(Equal("TEST_OUTPUT=test-value\ntest-name<<EOF\ntest-value-1\ntest-value-2\nEOF\n"))
 			})
 
 			it("gets state", func() {
@@ -155,9 +166,18 @@ func TestToolkit(t *testing.T) {
 			})
 
 			it("sets state", func() {
+				f, err := os.CreateTemp("", "github-state")
+				Expect(err).NotTo(HaveOccurred())
+				_, err = fmt.Fprintln(f, "TEST_STATE=test-value")
+				Expect(err).NotTo(HaveOccurred())
+				Expect(f.Close()).To(Succeed())
+				tk.Environment = map[string]string{"GITHUB_STATE": f.Name()}
+
 				tk.SetState("test-name", "test-value-1\ntest-value-2")
 
-				Expect(b.String()).To(Equal("::save-state name=test-name::test-value-1%0Atest-value-2\n"))
+				b, err := os.ReadFile(f.Name())
+				Expect(err).NotTo(HaveOccurred())
+				Expect(string(b)).To(Equal("TEST_STATE=test-value\ntest-name<<EOF\ntest-value-1\ntest-value-2\nEOF\n"))
 			})
 
 			it("adds mask", func() {

registry/request-add-entry/cmd/main.go

@@ -27,7 +27,7 @@ import (
 	"gopkg.in/retry.v1"
 
 	"github.com/buildpacks/github-actions/internal/toolkit"
-	"github.com/buildpacks/github-actions/registry/request-add-entry"
+	entry "github.com/buildpacks/github-actions/registry/request-add-entry"
 )
 
 func main() {
@@ -41,7 +41,7 @@ func main() {
 
 	gh := github.NewClient(oauth2.NewClient(context.Background(), oauth2.StaticTokenSource(&oauth2.Token{AccessToken: t})))
 
-	strategy := retry.LimitTime(2*time.Minute,
+	strategy := retry.LimitTime(20*time.Minute,
 		retry.Exponential{
 			Initial:  time.Second,
 			MaxDelay: 30 * time.Second,

registry/request-yank-entry/cmd/main.go

@@ -27,7 +27,7 @@ import (
 	"gopkg.in/retry.v1"
 
 	"github.com/buildpacks/github-actions/internal/toolkit"
-	"github.com/buildpacks/github-actions/registry/request-yank-entry"
+	entry "github.com/buildpacks/github-actions/registry/request-yank-entry"
 )
 
 func main() {
@@ -41,7 +41,7 @@ func main() {
 
 	gh := github.NewClient(oauth2.NewClient(context.Background(), oauth2.StaticTokenSource(&oauth2.Token{AccessToken: t})))
 
-	strategy := retry.LimitTime(2*time.Minute,
+	strategy := retry.LimitTime(20*time.Minute,
 		retry.Exponential{
 			Initial:  time.Second,
 			MaxDelay: 30 * time.Second,

setup-pack/action.yml

@@ -6,7 +6,7 @@ inputs:
   pack-version:
     description: 'The version of pack to install'
     required:    false
-    default:     '0.28.0'
+    default:     '0.38.2'
 
 runs:
   using: "composite"
@@ -21,6 +21,11 @@ runs:
            mkdir -p "${HOME}"/bin
            echo "PATH=${HOME}/bin:${PATH}" >> "${GITHUB_ENV}"
 
+           PLATFORM="linux"
+           if [ $(arch) = "aarch64" ]; then
+              PLATFORM="linux-arm64"
+           fi
+
            PACK_VERSION=${{ inputs.pack-version }}
            echo "Installing pack ${PACK_VERSION}"
            curl \
@@ -31,5 +36,5 @@ runs:
              --retry 3 \
              --connect-timeout 5 \
              --max-time 60 \
-             "https://github.com/buildpacks/pack/releases/download/v${PACK_VERSION}/pack-v${PACK_VERSION}-linux.tgz" \
+             "https://github.com/buildpacks/pack/releases/download/v${PACK_VERSION}/pack-v${PACK_VERSION}-${PLATFORM}.tgz" \
            | tar -C "${HOME}/bin" -xz pack

setup-tools/action.yml

@@ -6,7 +6,7 @@ inputs:
   crane-version:
     description: 'The version of crane to install'
     required:    false
-    default:     '0.12.1'
+    default:     '0.19.1'
   yj-version:
     description: 'The version of yj to install'
     required:    false
@@ -24,7 +24,11 @@ runs:
 
            mkdir -p "${HOME}"/bin
            echo "PATH=${HOME}/bin:${PATH}" >> "${GITHUB_ENV}"
-
+          
+           CRANE_PLATFORM="Linux_x86_64"
+           if [ $(arch) = "aarch64" ]; then
+              CRANE_PLATFORM="Linux_arm64"
+           fi
            CRANE_VERSION=${{ inputs.crane-version }}
            echo "Installing crane ${CRANE_VERSION}"
            curl \
@@ -35,11 +39,20 @@ runs:
              --retry 3 \
              --connect-timeout 5 \
              --max-time 60 \
-             "https://github.com/google/go-containerregistry/releases/download/v${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" \
+             "https://github.com/google/go-containerregistry/releases/download/v${CRANE_VERSION}/go-containerregistry_${CRANE_PLATFORM}.tar.gz" \
            | tar -C "${HOME}/bin" -xz crane
 
            YJ_VERSION=${{ inputs.yj-version }}
            echo "Installing yj ${YJ_VERSION}"
+           YJ_DOWNLOAD_FILENAME="yj-linux"
+           if [[ "${YJ_VERSION}" < "5.1.0" ]]; then
+             YJ_PLATFORM=""
+           else
+             YJ_PLATFORM="-amd64"
+           fi
+           if [ $(arch) = "aarch64" ]; then
+              YJ_PLATFORM="-arm64"
+           fi
            curl \
              --show-error \
              --silent \
@@ -49,5 +62,5 @@ runs:
              --connect-timeout 5 \
              --max-time 60 \
              --output "${HOME}/bin/yj" \
-             "https://github.com/sclevine/yj/releases/download/v${YJ_VERSION}/yj-linux"
+             "https://github.com/sclevine/yj/releases/download/v${YJ_VERSION}/${YJ_DOWNLOAD_FILENAME}${YJ_PLATFORM}"
            chmod +x "${HOME}"/bin/yj