* first action! (#1)

node_modules/npm-packlist/LICENSE

@@ -0,0 +1,15 @@
+The ISC License
+
+Copyright (c) Isaac Z. Schlueter and Contributors
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

node_modules/npm-packlist/README.md

@@ -0,0 +1,68 @@
+# npm-packlist
+
+[![Build Status](https://travis-ci.com/npm/npm-packlist.svg?token=hHeDp9pQmz9kvsgRNVHy&branch=master)](https://travis-ci.com/npm/npm-packlist)
+
+Get a list of the files to add from a folder into an npm package
+
+These can be handed to [tar](http://npm.im/tar) like so to make an npm
+package tarball:
+
+```js
+const packlist = require('npm-packlist')
+const tar = require('tar')
+const packageDir = '/path/to/package'
+const packageTarball = '/path/to/package.tgz'
+
+packlist({ path: packageDir })
+  .then(files => tar.create({
+    prefix: 'package/',
+    cwd: packageDir,
+    file: packageTarball,
+    gzip: true
+  }, files))
+  .then(_ => {
+    // tarball has been created, continue with your day
+  })
+```
+
+This uses the following rules:
+
+1. If a `package.json` file is found, and it has a `files` list,
+   then ignore everything that isn't in `files`.  Always include the
+   readme, license, notice, changes, changelog, and history files, if
+   they exist, and the package.json file itself.
+2. If there's no `package.json` file (or it has no `files` list), and
+   there is a `.npmignore` file, then ignore all the files in the
+   `.npmignore` file.
+3. If there's no `package.json` with a `files` list, and there's no
+   `.npmignore` file, but there is a `.gitignore` file, then ignore
+   all the files in the `.gitignore` file.
+4. Everything in the root `node_modules` is ignored, unless it's a
+   bundled dependency.  If it IS a bundled dependency, and it's a
+   symbolic link, then the target of the link is included, not the
+   symlink itself.
+4. Unless they're explicitly included (by being in a `files` list, or
+   a `!negated` rule in a relevant `.npmignore` or `.gitignore`),
+   always ignore certain common cruft files:
+
+    1. .npmignore and .gitignore files (their effect is in the package
+       already, there's no need to include them in the package)
+    2. editor junk like `.*.swp`, `._*` and `.*.orig` files
+    3. `.npmrc` files (these may contain private configs)
+    4. The `node_modules/.bin` folder
+    5. Waf and gyp cruft like `/build/config.gypi` and `.lock-wscript`
+    6. Darwin's `.DS_Store` files because wtf are those even
+    7. `npm-debug.log` files at the root of a project
+
+    You can explicitly re-include any of these with a `files` list in
+    `package.json` or a negated ignore file rule.
+
+## API
+
+Same API as [ignore-walk](http://npm.im/ignore-walk), just hard-coded
+file list and rule sets.
+
+The `Walker` and `WalkerSync` classes take a `bundled` argument, which
+is a list of package names to include from node_modules.  When calling
+the top-level `packlist()` and `packlist.sync()` functions, this
+module calls into `npm-bundled` directly.

node_modules/npm-packlist/index.js

@@ -0,0 +1,274 @@
+'use strict'
+
+// Do a two-pass walk, first to get the list of packages that need to be
+// bundled, then again to get the actual files and folders.
+// Keep a cache of node_modules content and package.json data, so that the
+// second walk doesn't have to re-do all the same work.
+
+const bundleWalk = require('npm-bundled')
+const BundleWalker = bundleWalk.BundleWalker
+const BundleWalkerSync = bundleWalk.BundleWalkerSync
+
+const ignoreWalk = require('ignore-walk')
+const IgnoreWalker = ignoreWalk.Walker
+const IgnoreWalkerSync = ignoreWalk.WalkerSync
+
+const rootBuiltinRules = Symbol('root-builtin-rules')
+const packageNecessaryRules = Symbol('package-necessary-rules')
+const path = require('path')
+
+const defaultRules = [
+  '.npmignore',
+  '.gitignore',
+  '**/.git',
+  '**/.svn',
+  '**/.hg',
+  '**/CVS',
+  '**/.git/**',
+  '**/.svn/**',
+  '**/.hg/**',
+  '**/CVS/**',
+  '/.lock-wscript',
+  '/.wafpickle-*',
+  '/build/config.gypi',
+  'npm-debug.log',
+  '**/.npmrc',
+  '.*.swp',
+  '.DS_Store',
+  '**/.DS_Store/**',
+  '._*',
+  '**/._*/**',
+  '*.orig',
+  '/package-lock.json',
+  '/yarn.lock',
+  'archived-packages/**',
+  'core',
+  '!core/',
+  '!**/core/',
+  '*.core',
+  '*.vgcore',
+  'vgcore.*',
+  'core.+([0-9])',
+]
+
+// a decorator that applies our custom rules to an ignore walker
+const npmWalker = Class => class Walker extends Class {
+  constructor (opt) {
+    opt = opt || {}
+
+    // the order in which rules are applied.
+    opt.ignoreFiles = [
+      rootBuiltinRules,
+      'package.json',
+      '.npmignore',
+      '.gitignore',
+      packageNecessaryRules
+    ]
+
+    opt.includeEmpty = false
+    opt.path = opt.path || process.cwd()
+    const dirName = path.basename(opt.path)
+    const parentName = path.basename(path.dirname(opt.path))
+    opt.follow =
+      dirName === 'node_modules' ||
+      (parentName === 'node_modules' && /^@/.test(dirName))
+    super(opt)
+
+    // ignore a bunch of things by default at the root level.
+    // also ignore anything in node_modules, except bundled dependencies
+    if (!this.parent) {
+      this.bundled = opt.bundled || []
+      this.bundledScopes = Array.from(new Set(
+        this.bundled.filter(f => /^@/.test(f))
+        .map(f => f.split('/')[0])))
+      const rules = defaultRules.join('\n') + '\n'
+      this.packageJsonCache = opt.packageJsonCache || new Map()
+      super.onReadIgnoreFile(rootBuiltinRules, rules, _=>_)
+    } else {
+      this.bundled = []
+      this.bundledScopes = []
+      this.packageJsonCache = this.parent.packageJsonCache
+    }
+  }
+
+  onReaddir (entries) {
+    if (!this.parent) {
+      entries = entries.filter(e =>
+        e !== '.git' &&
+        !(e === 'node_modules' && this.bundled.length === 0)
+      )
+    }
+    return super.onReaddir(entries)
+  }
+
+  filterEntry (entry, partial) {
+    // get the partial path from the root of the walk
+    const p = this.path.substr(this.root.length + 1)
+    const pkgre = /^node_modules\/(@[^\/]+\/?[^\/]+|[^\/]+)(\/.*)?$/
+    const isRoot = !this.parent
+    const pkg = isRoot && pkgre.test(entry) ?
+      entry.replace(pkgre, '$1') : null
+    const rootNM = isRoot && entry === 'node_modules'
+    const rootPJ = isRoot && entry === 'package.json'
+
+    return (
+      // if we're in a bundled package, check with the parent.
+      /^node_modules($|\/)/i.test(p) ? this.parent.filterEntry(
+          this.basename + '/' + entry, partial)
+
+      // if package is bundled, all files included
+      // also include @scope dirs for bundled scoped deps
+      // they'll be ignored if no files end up in them.
+      // However, this only matters if we're in the root.
+      // node_modules folders elsewhere, like lib/node_modules,
+      // should be included normally unless ignored.
+      : pkg ? -1 !== this.bundled.indexOf(pkg) ||
+        -1 !== this.bundledScopes.indexOf(pkg)
+
+      // only walk top node_modules if we want to bundle something
+      : rootNM ? !!this.bundled.length
+
+      // always include package.json at the root.
+      : rootPJ ? true
+
+      // otherwise, follow ignore-walk's logic
+      : super.filterEntry(entry, partial)
+    )
+  }
+
+  filterEntries () {
+    if (this.ignoreRules['package.json'])
+      this.ignoreRules['.gitignore'] = this.ignoreRules['.npmignore'] = null
+    else if (this.ignoreRules['.npmignore'])
+      this.ignoreRules['.gitignore'] = null
+    this.filterEntries = super.filterEntries
+    super.filterEntries()
+  }
+
+  addIgnoreFile (file, then) {
+    const ig = path.resolve(this.path, file)
+    if (this.packageJsonCache.has(ig))
+      this.onPackageJson(ig, this.packageJsonCache.get(ig), then)
+    else
+      super.addIgnoreFile(file, then)
+  }
+
+  onPackageJson (ig, pkg, then) {
+    this.packageJsonCache.set(ig, pkg)
+
+    // if there's a bin, browser or main, make sure we don't ignore it
+    // also, don't ignore the package.json itself!
+    //
+    // Weird side-effect of this: a readme (etc) file will be included
+    // if it exists anywhere within a folder with a package.json file.
+    // The original intent was only to include these files in the root,
+    // but now users in the wild are dependent on that behavior for
+    // localized documentation and other use cases.  Adding a `/` to
+    // these rules, while tempting and arguably more "correct", is a
+    // breaking change.
+    const rules = [
+      pkg.browser ? '!' + pkg.browser : '',
+      pkg.main ? '!' + pkg.main : '',
+      '!package.json',
+      '!@(readme|copying|license|licence|notice|changes|changelog|history){,.*[^~$]}'
+    ]
+    if (pkg.bin)
+      if (typeof pkg.bin === "object")
+        for (const key in pkg.bin)
+          rules.push('!' + pkg.bin[key])
+      else
+        rules.push('!' + pkg.bin)
+
+    const data = rules.filter(f => f).join('\n') + '\n'
+    super.onReadIgnoreFile(packageNecessaryRules, data, _=>_)
+
+    if (Array.isArray(pkg.files))
+      super.onReadIgnoreFile('package.json', '*\n' + pkg.files.map(
+        f => '!' + f + '\n!' + f.replace(/\/+$/, '') + '/**'
+      ).join('\n') + '\n', then)
+    else
+      then()
+  }
+
+  // override parent onstat function to nix all symlinks
+  onstat (st, entry, file, dir, then) {
+    if (st.isSymbolicLink())
+      then()
+    else
+      super.onstat(st, entry, file, dir, then)
+  }
+
+  onReadIgnoreFile (file, data, then) {
+    if (file === 'package.json')
+      try {
+        const ig = path.resolve(this.path, file)
+        this.onPackageJson(ig, JSON.parse(data), then)
+      } catch (er) {
+        // ignore package.json files that are not json
+        then()
+      }
+    else
+      super.onReadIgnoreFile(file, data, then)
+  }
+
+  sort (a, b) {
+    return sort(a, b)
+  }
+}
+
+class Walker extends npmWalker(IgnoreWalker) {
+  walker (entry, then) {
+    new Walker(this.walkerOpt(entry)).on('done', then).start()
+  }
+}
+
+class WalkerSync extends npmWalker(IgnoreWalkerSync) {
+  walker (entry, then) {
+    new WalkerSync(this.walkerOpt(entry)).start()
+    then()
+  }
+}
+
+const walk = (options, callback) => {
+  options = options || {}
+  const p = new Promise((resolve, reject) => {
+    const bw = new BundleWalker(options)
+    bw.on('done', bundled => {
+      options.bundled = bundled
+      options.packageJsonCache = bw.packageJsonCache
+      new Walker(options).on('done', resolve).on('error', reject).start()
+    })
+    bw.start()
+  })
+  return callback ? p.then(res => callback(null, res), callback) : p
+}
+
+const walkSync = options => {
+  options = options || {}
+  const bw = new BundleWalkerSync(options).start()
+  options.bundled = bw.result
+  options.packageJsonCache = bw.packageJsonCache
+  const walker = new WalkerSync(options)
+  walker.start()
+  return walker.result
+}
+
+// optimize for compressibility
+// extname, then basename, then locale alphabetically
+// https://twitter.com/isntitvacant/status/1131094910923231232
+const sort = (a, b) => {
+  const exta = path.extname(a).toLowerCase()
+  const extb = path.extname(b).toLowerCase()
+  const basea = path.basename(a).toLowerCase()
+  const baseb = path.basename(b).toLowerCase()
+
+  return exta.localeCompare(extb) ||
+    basea.localeCompare(baseb) ||
+    a.localeCompare(b)
+}
+
+
+module.exports = walk
+walk.sync = walkSync
+walk.Walker = Walker
+walk.WalkerSync = WalkerSync

node_modules/npm-packlist/package.json

@@ -0,0 +1,67 @@
+{
+  "_from": "npm-packlist@^1.1.12",
+  "_id": "npm-packlist@1.4.4",
+  "_inBundle": false,
+  "_integrity": "sha512-zTLo8UcVYtDU3gdeaFu2Xu0n0EvelfHDGuqtNIn5RO7yQj4H1TqNdBc/yZjxnWA0PVB8D3Woyp0i5B43JwQ6Vw==",
+  "_location": "/npm-packlist",
+  "_phantomChildren": {},
+  "_requested": {
+    "type": "range",
+    "registry": true,
+    "raw": "npm-packlist@^1.1.12",
+    "name": "npm-packlist",
+    "escapedName": "npm-packlist",
+    "rawSpec": "^1.1.12",
+    "saveSpec": null,
+    "fetchSpec": "^1.1.12"
+  },
+  "_requiredBy": [
+    "/pacote"
+  ],
+  "_resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-1.4.4.tgz",
+  "_shasum": "866224233850ac534b63d1a6e76050092b5d2f44",
+  "_spec": "npm-packlist@^1.1.12",
+  "_where": "/home/shimataro/projects/actions/ssh-key-action/node_modules/pacote",
+  "author": {
+    "name": "Isaac Z. Schlueter",
+    "email": "i@izs.me",
+    "url": "http://blog.izs.me/"
+  },
+  "bugs": {
+    "url": "https://github.com/npm/npm-packlist/issues"
+  },
+  "bundleDependencies": false,
+  "dependencies": {
+    "ignore-walk": "^3.0.1",
+    "npm-bundled": "^1.0.1"
+  },
+  "deprecated": false,
+  "description": "Get a list of the files to add from a folder into an npm package",
+  "devDependencies": {
+    "mkdirp": "^0.5.1",
+    "rimraf": "^2.6.1",
+    "tap": "^14.2.1"
+  },
+  "directories": {
+    "test": "test"
+  },
+  "files": [
+    "index.js"
+  ],
+  "homepage": "https://www.npmjs.com/package/npm-packlist",
+  "license": "ISC",
+  "main": "index.js",
+  "name": "npm-packlist",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/npm/npm-packlist.git"
+  },
+  "scripts": {
+    "postpublish": "git push origin --follow-tags",
+    "postversion": "npm publish",
+    "preversion": "npm test",
+    "snap": "tap",
+    "test": "tap"
+  },
+  "version": "1.4.4"
+}