Skip to content

Releases: testingbot/testingbot-tunnel-action

2.0.0

22 Apr 09:12

Choose a tag to compare

A major release with breaking changes, new features, and a thorough security + dependency overhaul.

⚠️ Breaking Changes

  • Runtime bumped to Node 24. The action now runs on node24. If your workflow used runs-on values that don't provide Node 24 (very old self-hosted runners), you'll need to upgrade.
  • Credentials are now passed via environment variables. key and secret inputs are injected into the Docker container as TESTINGBOT_KEY / TESTINGBOT_SECRET env vars instead of positional command-line arguments. This keeps secrets out of ps aux and docker inspect. No action needed — the inputs in your workflow stay the same.
  • Fixed wrong flag names: --no-cache → --nocache and --no-proxy → --noproxy. Previously these were silently rejected by the tunnel binary; now they take effect. If you set noCache: true or noProxy: true and relied on them not working, behavior changes.
  • Log upload API updated to @actions/artifact@2. No change to the uploadLogFile input, but the artifact internals are completely different — you may see artifact URLs and download names change.

🆕 New Features

Action outputs — consume tunnel state in downstream steps:

  • uses: testingbot/testingbot-tunnel-action@v2
    id: tunnel
    with: {...}

  • if: always()
    uses: actions/upload-artifact@v4
    with:
    name: tunnel-log
    path: ${{ steps.tunnel.outputs.log-file }}

  • container-id — Docker container ID

  • tunnel-identifier — echoed tunnel identifier

  • log-file — absolute path to the tunnel log on the runner

Six new inputs matching the full TestingBot tunnel CLI:

  • noBump — disable SSL bumping
  • extraHeaders — inject JSON-encoded headers into tunnel requests
  • hubPort — connect to hub port 80 instead of the default 4444
  • metricsPort — expose tunnel metrics on a custom port (default 8003)
  • shared — share the tunnel with your team
  • web — serve a local directory as a webserver

readyTimeout input — configure how long to wait for the tunnel ready-file (default 60s, previously hardcoded).

🔒 Security

  • Credentials forwarded via Docker env vars, not visible in process listings
  • setSecret() applied to key and secret for defense-in-depth log masking
  • All production dependencies updated to their latest secure versions (@actions/core 1.2.7 → 1.11.1, @actions/exec 1.0.4 → 1.1.1, @actions/artifact 0.5.1 → 2.x)
  • Overrides added for vulnerable transitive deps (diff, serialize-javascript, undici)
  • CI workflow pinned to permissions: contents: read
  • E2E job skipped on PRs from forks (no secret exposure)

🐛 Bug Fixes

  • readyPoller race condition — fixed case where the tunnel could write tb.ready before the watcher was attached, causing false 60s timeouts
  • retryTimeout NaN handling — empty/non-numeric input no longer causes an infinite retry loop
  • Error typing — all catch blocks now safely handle unknown/non-Error throws
  • buildOptions no longer async — was returning a Promise needlessly

🧰 Internal / Quality

  • TypeScript 4.2 → 6.0, ESLint 7 → 8, Prettier 2 → 3, WebdriverIO 7 → 9
  • 21 unit tests added (Mocha + Sinon), covering buildOptions, readyPoller, stopTunnel, uploadLog, startTunnel, retry logic in index.ts, and post-action cleanup in post.ts
  • CI split into separate unit and e2e jobs; unit matrix on Node 20/22/24
  • Pre-compile TypeScript tests to avoid Node-version-specific loader issues
  • CodeQL workflow updated to current action versions
  • dist/ now CI-verified to stay in sync with source on every push

📦 Migration Guide

For the vast majority of users, no changes needed — the input names are unchanged. The main things to verify:

  1. If you set noCache: true or noProxy: true, confirm the tunnel is actually bypassing cache / skipping the local proxy (it will now, whereas before it silently didn't).
  2. If you rely on uploadLogFile: true, the artifact in your run's artifact tab may have different contents/format.
  3. If you pin to @v1.1.0, switch to @v2 when ready.

Initial Release

29 Apr 11:49

Choose a tag to compare

Initial release for TestingBot-Tunnel-Action - use the TestingBot Tunnel in your GitHub workflows.