parse-dockerfile

.github/workflows/ci.yml

@@ -33,20 +33,20 @@ concurrency:
 
 jobs:
   miri:
-    uses: taiki-e/github-actions/.github/workflows/miri.yml@d34e3b863da529f7c30e571fec0170fbf64fa40c # main
+    uses: taiki-e/github-actions/.github/workflows/miri.yml@3c1cac16ef654d1febb66f21f328fa167f0d2fef # main
     with:
       # NB: sync with test job's --exclude option
       args: --exclude install-action-internal-codegen
   msrv:
-    uses: taiki-e/github-actions/.github/workflows/msrv.yml@d34e3b863da529f7c30e571fec0170fbf64fa40c # main
+    uses: taiki-e/github-actions/.github/workflows/msrv.yml@3c1cac16ef654d1febb66f21f328fa167f0d2fef # main
   test-manifest-schema:
-    uses: taiki-e/github-actions/.github/workflows/test.yml@d34e3b863da529f7c30e571fec0170fbf64fa40c # main
+    uses: taiki-e/github-actions/.github/workflows/test.yml@3c1cac16ef654d1febb66f21f328fa167f0d2fef # main
     with:
       # NB: sync with miri job's --exclude option
       test-args: --exclude install-action-internal-codegen
       no-std: false
   tidy:
-    uses: taiki-e/github-actions/.github/workflows/tidy.yml@d34e3b863da529f7c30e571fec0170fbf64fa40c # main
+    uses: taiki-e/github-actions/.github/workflows/tidy.yml@3c1cac16ef654d1febb66f21f328fa167f0d2fef # main
     permissions:
       contents: write # for creating branch for pr
       pull-requests: write # unused (used in `codegen-automerge: true` case)

.github/workflows/manifest.yml

@@ -33,7 +33,7 @@ concurrency:
 
 jobs:
   manifest:
-    uses: taiki-e/github-actions/.github/workflows/gen.yml@d34e3b863da529f7c30e571fec0170fbf64fa40c # main
+    uses: taiki-e/github-actions/.github/workflows/gen.yml@3c1cac16ef654d1febb66f21f328fa167f0d2fef # main
     permissions:
       contents: write # for creating branch for pr
       pull-requests: write # for gh pr review --approve

.github/workflows/release.yml

@@ -427,7 +427,7 @@ jobs:
           PREPARE_REV: ${{ needs.prepare.outputs.rev }}
           # Note that if we use secrets.GITHUB_TOKEN, the pushed commit/tag cannot trigger other workflows.
           PUSH_TOKEN: ${{ steps.push-token.outputs.token }}
-      - uses: taiki-e/create-gh-release-action@f67cf7b2dadd83d36b981e674a6b08063997ce68 # v1.10.0
+      - uses: taiki-e/create-gh-release-action@eba8ea96c86cca8a37f1b56e94b4d13301fba651 # v1.11.0
         with:
           changelog: CHANGELOG.md
           title: $version
@@ -436,7 +436,7 @@ jobs:
 
   release-manifest-schema:
     if: github.repository_owner == 'taiki-e' && inputs.target == 'install-action-manifest-schema'
-    uses: taiki-e/github-actions/.github/workflows/rust-release.yml@d34e3b863da529f7c30e571fec0170fbf64fa40c # main
+    uses: taiki-e/github-actions/.github/workflows/rust-release.yml@3c1cac16ef654d1febb66f21f328fa167f0d2fef # main
     permissions:
       contents: write # for taiki-e/create-gh-release-action
       id-token: write # for rust-lang/crates-io-auth-action

CHANGELOG.md

@@ -10,6 +10,18 @@ Note: In this file, do not use the hard wrap in the middle of a sentence for com
 
 ## [Unreleased]
 
+## [2.75.18] - 2026-04-19
+
+- Update `vacuum@latest` to 0.26.1.
+
+- Update `wasm-tools@latest` to 1.247.0.
+
+- Update `mise@latest` to 2026.4.16.
+
+- Update `espup@latest` to 0.17.1.
+
+- Update `trivy@latest` to 0.70.0.
+
 ## [2.75.17] - 2026-04-17
 
 - Update `tombi@latest` to 0.9.18.
@@ -6293,7 +6305,8 @@ Note: This release is considered a breaking change because installing on version
 
 Initial release
 
-[Unreleased]: https://github.com/taiki-e/install-action/compare/v2.75.17...HEAD
+[Unreleased]: https://github.com/taiki-e/install-action/compare/v2.75.18...HEAD
+[2.75.18]: https://github.com/taiki-e/install-action/compare/v2.75.17...v2.75.18
 [2.75.17]: https://github.com/taiki-e/install-action/compare/v2.75.16...v2.75.17
 [2.75.16]: https://github.com/taiki-e/install-action/compare/v2.75.15...v2.75.16
 [2.75.15]: https://github.com/taiki-e/install-action/compare/v2.75.14...v2.75.15

action.yml

@@ -4,8 +4,8 @@ description: GitHub Action for installing development tools
 inputs:
   tool:
     description: Tools to install (whitespace or comma separated list)
-    required: true
-    # default: #publish:tool
+    required: false
+    default: parse-dockerfile
   checksum:
     description: Whether to enable checksums (strongly discouraged to disable)
     required: false

main.sh

@@ -453,6 +453,51 @@ canonicalize_windows_path() {
   esac
 }
 
+if [[ $# -gt 0 ]]; then
+  bail "invalid argument '$1'"
+fi
+
+# Inputs
+tool="${INPUT_TOOL:-}"
+tools=()
+if [[ -n "${tool}" ]]; then
+  while read -rd,; do
+    tools+=("${REPLY}")
+  done < <(normalize_comma_or_space_separated "${tool}")
+fi
+if [[ ${#tools[@]} -eq 0 ]]; then
+  warn "no tool specified; this could be caused by a dependabot bug where @<tool_name> tags on this action are replaced by @<version> tags"
+  # Exit with 0 for backward compatibility.
+  # TODO: We want to reject it in the next major release.
+  exit 0
+fi
+
+enable_checksum="${INPUT_CHECKSUM:-}"
+case "${enable_checksum}" in
+  true) ;;
+  false)
+    enable_checksum=''
+    warn "checksums have been disabled by 'checksum' input option; this is strongly discouraged for security reasons"
+    ;;
+  *) bail "'checksum' input option must be 'true' or 'false': '${enable_checksum}'" ;;
+esac
+
+fallback="${INPUT_FALLBACK:-}"
+case "${fallback}" in
+  none | cargo-binstall | cargo-install) ;;
+  *) bail "'fallback' input option must be 'none', 'cargo-binstall', or 'cargo-install': '${fallback}'" ;;
+esac
+
+# Unlike gh command, cargo-binstall reads GITHUB_TOKEN first via cli parser, and then reads GH_TOKEN.
+# https://github.com/cargo-bins/cargo-binstall/blob/v1.17.9/crates/bin/src/args.rs#L704
+token="${GITHUB_TOKEN:-"${GH_TOKEN:-"${DEFAULT_GITHUB_TOKEN:-}"}"}"
+# This prevents tokens from being exposed to subprocesses via environment variables.
+# Since the tokens remain in memory, setting `fallback: none` (which prevents the tokens from being
+# set in the first place) remains the best practice from a security standpoint, as readme says.
+# Note that this does not prevent token leaks via reading `/proc/*/environ` on Linux or
+# via `ps -Eww` on macOS. It only reduces the risk of leaks.
+unset GITHUB_TOKEN GH_TOKEN DEFAULT_GITHUB_TOKEN
+
 # Refs: https://github.com/rust-lang/rustup/blob/HEAD/rustup-init.sh
 base_distro=''
 exe=''
@@ -591,52 +636,9 @@ fi
 export CARGO_NET_RETRY=10
 export RUSTUP_MAX_RETRIES=10
 
-if [[ $# -gt 0 ]]; then
-  bail "invalid argument '$1'"
-fi
-
 export DEBIAN_FRONTEND=noninteractive
 manifest_dir="${GITHUB_ACTION_PATH}/manifests"
 
-# Inputs
-tool="${INPUT_TOOL:-}"
-tools=()
-if [[ -n "${tool}" ]]; then
-  while read -rd,; do
-    tools+=("${REPLY}")
-  done < <(normalize_comma_or_space_separated "${tool}")
-fi
-if [[ ${#tools[@]} -eq 0 ]]; then
-  warn "no tool specified; this could be caused by a dependabot bug where @<tool_name> tags on this action are replaced by @<version> tags"
-  # Exit with 0 for backward compatibility.
-  # TODO: We want to reject it in the next major release.
-  exit 0
-fi
-
-enable_checksum="${INPUT_CHECKSUM:-}"
-case "${enable_checksum}" in
-  true) ;;
-  false)
-    enable_checksum=''
-    warn "checksums have been disabled by 'checksum' input option; this is strongly discouraged for security reasons"
-    ;;
-  *) bail "'checksum' input option must be 'true' or 'false': '${enable_checksum}'" ;;
-esac
-
-fallback="${INPUT_FALLBACK:-}"
-case "${fallback}" in
-  none | cargo-binstall | cargo-install) ;;
-  *) bail "'fallback' input option must be 'none', 'cargo-binstall', or 'cargo-install': '${fallback}'" ;;
-esac
-
-# Unlike gh command, cargo-binstall reads GITHUB_TOKEN first via cli parser, and then reads GH_TOKEN.
-# https://github.com/cargo-bins/cargo-binstall/blob/v1.17.9/crates/bin/src/args.rs#L704
-token="${GITHUB_TOKEN:-"${GH_TOKEN:-"${DEFAULT_GITHUB_TOKEN:-}"}"}"
-# This prevents tokens from being exposed to subprocesses via environment variables.
-# Since the tokens remain in memory, setting `fallback: none` (which prevents the tokens from being
-# set in the first place) remains the best practice from a security standpoint, as readme says.
-unset GITHUB_TOKEN GH_TOKEN DEFAULT_GITHUB_TOKEN
-
 case "${host_os}" in
   linux)
     if ! type -P jq >/dev/null || ! type -P curl >/dev/null || ! type -P tar >/dev/null; then

manifests/espup.json

@@ -18,7 +18,10 @@
     }
   },
   "latest": {
-    "version": "0.16.0"
+    "version": "0.17.1"
+  },
+  "0.17": {
+    "version": "0.17.1"
   },
   "0.17.1": {
     "x86_64_linux_gnu": {

manifests/mise.json

@@ -27,13 +27,39 @@
     }
   },
   "latest": {
-    "version": "2026.4.15"
+    "version": "2026.4.16"
   },
   "2026": {
-    "version": "2026.4.15"
+    "version": "2026.4.16"
   },
   "2026.4": {
-    "version": "2026.4.15"
+    "version": "2026.4.16"
+  },
+  "2026.4.17": {
+    "x86_64_linux_musl": {
+      "etag": "0x8DE9D70541A0D1C",
+      "hash": "5c661249b75506bdc0a133d91460544b9a0c096c40cdb60a5c8d9e60bc144897"
+    },
+    "x86_64_macos": {
+      "etag": "0x8DE9D705805C8FD",
+      "hash": "7925831a68bb119ae0a744408ab646b476f6309720b46d7f5ab466613ca7ada8"
+    },
+    "x86_64_windows": {
+      "etag": "0x8DE9D705A337B82",
+      "hash": "51bf2412db91411717e5b34bfdf4ec86428abe20de5115c71c3c2ae96baee5de"
+    },
+    "aarch64_linux_musl": {
+      "etag": "0x8DE9D704E988A27",
+      "hash": "e9e47b246b73f84348736f48e909424865a01d0d5e853df51d77da33d53ae84d"
+    },
+    "aarch64_macos": {
+      "etag": "0x8DE9D7056DA3305",
+      "hash": "ac0251f8ccbd48de250aa866a05637b74439b22f815a894bd47fce5d52e209e7"
+    },
+    "aarch64_windows": {
+      "etag": "0x8DE9D7059853AF9",
+      "hash": "efbeb472c5e30ec6715ff3722a099c70191da00a2324cfdae16c4c2af3e55103"
+    }
   },
   "2026.4.16": {
     "x86_64_linux_musl": {

manifests/trivy.json

@@ -31,7 +31,10 @@
     }
   },
   "latest": {
-    "version": "0.69.3"
+    "version": "0.70.0"
+  },
+  "0.70": {
+    "version": "0.70.0"
   },
   "0.70.0": {
     "x86_64_linux_gnu": {

manifests/vacuum.json

@@ -21,7 +21,36 @@
     }
   },
   "latest": {
-    "version": "0.25.9"
+    "version": "0.26.1"
+  },
+  "0.26": {
+    "version": "0.26.1"
+  },
+  "0.26.1": {
+    "x86_64_linux_musl": {
+      "etag": "0x8DE9CB74E5A88FF",
+      "hash": "e5981c4df9adfe21ab63cd8d00b073b2f11d09dc7382763da6a4ee00810bdcc2"
+    },
+    "x86_64_macos": {
+      "etag": "0x8DE9CB74E5AAFE2",
+      "hash": "d1b778986b4e5aba1f533f340c8793a223880ee75f9f619c85e1cd7f06be7e65"
+    },
+    "x86_64_windows": {
+      "etag": "0x8DE9CB74DAAC329",
+      "hash": "84d518e42fd436b64deef747e10b14efd54f295fc88af607fa79e78a9dac83aa"
+    },
+    "aarch64_linux_musl": {
+      "etag": "0x8DE9CB74DA2B5DE",
+      "hash": "48a32e9affd6b37904565fcaa83f31463f523697fd19cc87d27e1fbad8f76614"
+    },
+    "aarch64_macos": {
+      "etag": "0x8DE9CB74E5510F4",
+      "hash": "d45dbc463b5cb77e440800bd8e47f735d5a97745615e5b77d1b0df850c81354b"
+    },
+    "aarch64_windows": {
+      "etag": "0x8DE9CB74DA1A5A8",
+      "hash": "158e29510ae726ffd77a9c2278ff83f1ccb995835209000aeeedd88a51f08bd3"
+    }
   },
   "0.26.0": {
     "x86_64_linux_musl": {

manifests/wasm-tools.json

@@ -23,10 +23,13 @@
     }
   },
   "latest": {
-    "version": "1.246.2"
+    "version": "1.247.0"
   },
   "1": {
-    "version": "1.246.2"
+    "version": "1.247.0"
+  },
+  "1.247": {
+    "version": "1.247.0"
   },
   "1.247.0": {
     "x86_64_linux_gnu": {