add url_prefix input

<!-- markdownlint-disable-file MD041 -->

## Pull request checklist

Please check if your PR fulfills the following requirements:

- [ ] I have read the
[CONTRIBUTING](https://github.com/fabasoad/setup-mark-action/blob/main/CONTRIBUTING.md)
      doc.
- [ ] Tests for the changes have been added (for bug fixes / features).
- [ ] Docs have been reviewed and added / updated if needed (for bug
fixes / features).

## Pull request type

<!-- Please do not submit updates to dependencies unless it fixes an
issue. -->

<!-- Please try to limit your pull request to one type, submit multiple
pull
requests if needed. -->

Please check the type of change your PR introduces:

- [ ] Bugfix
- [ ] Feature
- [ ] Code style update (formatting, renaming)
- [ ] Refactoring (no functional changes, no api changes)
- [ ] Build related changes
- [ ] Documentation content changes
- [ ] Other (please describe):

## What is the current behavior

<!-- Please describe the current behavior that you are modifying, or
link to a
relevant issue. -->

## What is the new behavior

<!-- Please describe the behavior or changes that are being added by
this PR. -->

-
-
-

## Does this introduce a breaking change

- [ ] Yes
- [ ] No

<!-- If this introduces a breaking change, please describe the impact
and
migration path for existing applications below. -->

## Other information

<!-- Any other information that is important to this PR such as
screenshots of
how the component looks before and after the change. -->
<!-- This document was adapted from the open-source
[appium/appium](https://github.com/appium/appium/blob/master/.github/PULL_REQUEST_TEMPLATE.md)
repository. -->

---

Closes #{IssueNumber}

.github/labels.yml

@@ -1,78 +0,0 @@
----
-- name: "breaking-change"
-  color: ee0701
-  description: "A breaking change for existing users."
-- name: "bugfix"
-  color: ee0701
-  description: "Inconsistencies or issues which will cause a problem for users or implementors."
-- name: "documentation"
-  color: 0052cc
-  description: "Solely about the documentation of the project."
-- name: "enhancement"
-  color: 1d76db
-  description: "Enhancement of the code, not introducing new features."
-- name: "refactor"
-  color: 1d76db
-  description: "Improvement of existing code, not introducing new features."
-- name: "performance"
-  color: 1d76db
-  description: "Improving performance, not introducing new features."
-- name: "new-feature"
-  color: 0e8a16
-  description: "New features or options."
-- name: "maintenance"
-  color: 2af79e
-  description: "Generic maintenance tasks."
-- name: "ci"
-  color: 1d76db
-  description: "Work that improves the continue integration."
-- name: "dependencies"
-  color: 1d76db
-  description: "Upgrade or downgrade of project dependencies."
-
-- name: "in-progress"
-  color: fbca04
-  description: "Issue is currently being resolved by a developer."
-- name: "stale"
-  color: fef2c0
-  description: "There has not been activity on this issue or PR for quite some time."
-- name: "no-stale"
-  color: fef2c0
-  description: "This issue or PR is exempted from the stable bot."
-
-- name: "security"
-  color: ee0701
-  description: "Marks a security issue that needs to be resolved asap."
-- name: "incomplete"
-  color: fef2c0
-  description: "Marks a PR or issue that is missing information."
-- name: "invalid"
-  color: fef2c0
-  description: "Marks a PR or issue that is missing information."
-
-- name: "beginner-friendly"
-  color: 0e8a16
-  description: "Good first issue for people wanting to contribute to the project."
-- name: "help-wanted"
-  color: 0e8a16
-  description: "We need some extra helping hands or expertise in order to resolve this."
-
-- name: "priority-critical"
-  color: ee0701
-  description: "This should be dealt with ASAP. Not fixing this issue would be a serious error."
-- name: "priority-high"
-  color: b60205
-  description: "After critical issues are fixed, these should be dealt with before any further issues."
-- name: "priority-medium"
-  color: 0e8a16
-  description: "This issue may be useful, and needs some attention."
-- name: "priority-low"
-  color: e4ea8a
-  description: "Nice addition, maybe... someday..."
-
-- name: "major"
-  color: b60205
-  description: "This PR causes a major version bump in the version number."
-- name: "minor"
-  color: 0e8a16
-  description: "This PR causes a minor version bump in the version number."

.github/workflows/functional-tests.yml

@@ -23,7 +23,7 @@ jobs:
       fail-fast: false
       matrix:
         os: ["ubuntu", "macos"]
-        version: ["9.11.1", "9.11.0", "9.10.1", "9.10.0", "9.9.0"]
+        version: ["latest", "11.2.0", "11.1.0", "11.0.1", "11.0.0", "10.0.1"]
     runs-on: ${{ matrix.os }}-latest
     steps:
       - name: Checkout ${{ github.repository }}

.github/workflows/release.yml

@@ -7,30 +7,6 @@ on: # yamllint disable-line rule:truthy
       - "v*.*.*"
 
 jobs:
-  create-release:
-    name: Create release
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Get changelog
-        id: changelog
-        uses: simbo/changes-since-last-release-action@v1
-      - name: Create release
-        uses: softprops/action-gh-release@v2
-        with:
-          tag_name: ${{ github.ref }}
-          name: ${{ github.ref_name }}
-          token: ${{ secrets.GITHUB_TOKEN }}
-          body: |
-            # Changelog
-
-            ${{ steps.changelog.outputs.log }}
-          draft: false
-          prerelease: false
-      - name: Bump tags
-        uses: fischerscode/tagger@v0
-        with:
-          prefix: v
+  github:
+    name: GitHub
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-github-release.yml@main

.github/workflows/security.yml

@@ -7,45 +7,10 @@ on: # yamllint disable-line rule:truthy
     branches:
       - main
 
-defaults:
-  run:
-    shell: sh
-
 jobs:
-  code-scanning:
-    name: Code scanning
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: "javascript"
-      - name: Perform CodeQL Analysis
-        id: codeql-analysis
-        uses: github/codeql-action/analyze@v3
-      - name: Upload to GHAS
-        if: always()
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          category: "code-scanning"
-          sarif_file: "${{ steps.codeql-analysis.outputs.sarif-output }}"
-  directory-scanning:
-    name: Directory scanning
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Scan current project
-        id: scan-directory
-        uses: anchore/scan-action@v3
-        with:
-          by-cve: "true"
-          path: "."
-      - name: Upload to GHAS
-        if: always()
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          category: "directory-scanning"
-          sarif_file: "${{ steps.scan-directory.outputs.sarif }}"
+  sast:
+    name: SAST
+    permissions:
+      contents: read
+      security-events: write
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-security-sast.yml@main

.github/workflows/sync-labels.yml

@@ -1,23 +1,13 @@
 ---
-name: Sync labels
+name: Labels
 
 on: # yamllint disable-line rule:truthy
   push:
     branches:
       - main
-    paths:
-      - .github/labels.yml
-      - .github/workflows/sync-labels.yml
-  workflow_dispatch:
+  workflow_dispatch: {}
 
 jobs:
-  sync-labels:
-    name: Sync labels
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Run Label Syncer
-        uses: micnncim/action-label-syncer@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  maintenance:
+    name: Maintenance
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-sync-labels.yml@main

.github/workflows/update-license.yml

@@ -1,30 +1,11 @@
 ---
-name: Update license
+name: License
 
 on: # yamllint disable-line rule:truthy
   schedule:
     - cron: "0 5 1 1 *"
 
 jobs:
-  run:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Update LICENSE file
-        uses: FantasticFiasco/action-update-license-year@v3
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          assignees: ${{ github.repository_owner }}
-          labels: enhancement
-          prTitle: Update license copyright year to {{currentYear}}
-          prBody: |
-            ## Changelog
-
-            - Update license copyright year to {{currentYear}}
-
-            ---
-
-            Powered by [FantasticFiasco/action-update-license-year](https://github.com/FantasticFiasco/action-update-license-year)
+  maintenance:
+    name: Maintenance
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-update-license.yml@main

.pre-commit-config.yaml

@@ -3,22 +3,49 @@ default_install_hook_types: ["pre-commit", "pre-push"]
 default_stages: ["commit"]
 minimum_pre_commit_version: 2.18.0
 repos:
+  # Linting
+  - repo: local
+    hooks:
+      - id: prettier
+        name: Prettier
+        entry: prettier --write --ignore-unknown
+        language: node
+        types: [text]
+        args: []
+        # https://github.com/prettier/prettier/releases
+        additional_dependencies: ["prettier@3.3.3"]
+        stages: ["commit"]
   # Security
   - repo: https://github.com/Yelp/detect-secrets
-    rev: v1.4.0
+    rev: v1.5.0
     hooks:
       - id: detect-secrets
         stages: ["commit", "push"]
   - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.18.2
+    rev: v8.21.0
     hooks:
       - id: gitleaks
         stages: ["commit", "push"]
+  - repo: https://github.com/fabasoad/pre-commit-grype
+    rev: v0.6.1
+    hooks:
+      - id: grype-dir
+        args:
+          - --grype-args=--by-cve --fail-on=low
+          - --hook-args=--log-level debug
+        stages: ["push"]
   # Markdown
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.39.0
+    rev: v0.42.0
     hooks:
       - id: markdownlint-fix
+  # Shell
+  - repo: https://github.com/openstack/bashate
+    rev: 2.1.1
+    hooks:
+      - id: bashate
+        args: ["-i", "E003,E006"]
+        stages: ["commit"]
   # Yaml
   - repo: https://github.com/adrienverge/yamllint
     rev: v1.35.1
@@ -27,19 +54,19 @@ repos:
         stages: ["push"]
   # GitHub Actions
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.6.27
+    rev: v1.7.3
     hooks:
       - id: actionlint
         args: ["-pyflakes="]
-        stages: ["push"]
+        stages: ["commit"]
   # Other
-  - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v3.1.0
-    hooks:
-      - id: prettier
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v5.0.0
     hooks:
+      - id: check-executables-have-shebangs
+        stages: ["commit"]
+      - id: check-shebang-scripts-are-executable
+        stages: ["commit"]
       - id: check-merge-conflict
       - id: check-json
         stages: ["push"]

README.md

@@ -21,10 +21,10 @@ action:
 ## Inputs
 
 ```yaml
-- uses: fabasoad/setup-mark-action@v0
+- uses: fabasoad/setup-mark-action@v1
   with:
-    # (Optional) mark version. Defaults to "9.11.1".
-    version: "9.11.1"
+    # (Optional) mark version. Defaults to "latest".
+    version: "11.2.0"
 ```
 
 ## Outputs

action.yml

@@ -9,13 +9,24 @@ inputs:
   version:
     description: "mark version."
     required: false
-    default: "9.11.1"
+    default: "latest"
+  url_prefix:
+    description: "mark url."
+    required: false
+    default: "https://github.com/kovetskiy/mark"
 runs:
   using: "composite"
   steps:
+    - name: Validate inputs
+      env:
+        INPUT_VERSION: "${{ inputs.version }}"
+      run: ./validate-inputs.sh "${INPUT_VERSION}"
+      shell: sh
+      working-directory: ${{ github.action_path }}/src
     - name: Install kovetskiy/mark
       env:
         INPUT_VERSION: "${{ inputs.version }}"
-      run: ./install-mark.sh "${INPUT_VERSION}"
+        INPUT_URL_PREFIX: "${{ inputs.url_prefix }}"
+      run: ./install-mark.sh "${INPUT_VERSION}" "${INPUT_URL_PREFIX}"
       shell: sh
       working-directory: ${{ github.action_path }}/src

src/install-mark.sh

@@ -1,38 +1,58 @@
 #!/usr/bin/env sh
 
-mark_version="$1"
+main() {
+  mark_version="${1}"
+  url_prefix="${2}"
 
-# shellcheck disable=SC2039
-if command -v mark >/dev/null 2>&1; then
-  msg="$(mark --version) is already installed. Skipping installation."
-  printf "[setup-mark-action] %s level=info %s\n" "$(date +'%Y-%m-%d %T')" "${msg}"
-  exit 0
-fi
-
-url=""
-if [ "${RUNNER_OS}" = "macOS" ]; then
-  if [ "${RUNNER_ARCH}" = "X64" ]; then
-    url="https://github.com/kovetskiy/mark/releases/download/${mark_version}/mark_Darwin_x86_64.tar.gz"
-  elif [ "${RUNNER_ARCH}" = "ARM64" ]; then
-    url="https://github.com/kovetskiy/mark/releases/download/${mark_version}/mark_Darwin_arm64.tar.gz"
+  # shellcheck disable=SC2039
+  if command -v mark >/dev/null 2>&1; then
+    msg="$(mark --version) is already installed. Skipping installation."
+    printf "[info] [setup-mark-action] %s %s\n" "$(date +'%Y-%m-%d %T')" "${msg}"
+    exit 0
   fi
-elif [ "${RUNNER_OS}" = "Linux" ]; then
-  if [ "${RUNNER_ARCH}" = "X64" ]; then
-    url="https://github.com/kovetskiy/mark/releases/download/${mark_version}/mark_Linux_x86_64.tar.gz"
-  elif [ "${RUNNER_ARCH}" = "ARM64" ]; then
-    url="https://github.com/kovetskiy/mark/releases/download/${mark_version}/mark_Linux_arm64.tar.gz"
+
+  url_prefix="${url_prefix}/releases"
+  if [ "${mark_version}" = "latest" ]; then
+    url_prefix="${url_prefix}/latest/download"
+  else
+    url_prefix="${url_prefix}/download/${mark_version}"
   fi
-fi
 
-if [ -z "${url}" ]; then
-  echo "::error title=OS is not supported::${RUNNER_OS} ${RUNNER_ARCH} is not supported"
-  exit 1
-fi
+  url=""
+  if [ "${RUNNER_OS}" = "macOS" ]; then
+    if [ "${RUNNER_ARCH}" = "X64" ]; then
+      url="${url_prefix}/mark_Darwin_x86_64.tar.gz"
+    elif [ "${RUNNER_ARCH}" = "ARM64" ]; then
+      url="${url_prefix}/mark_Darwin_arm64.tar.gz"
+    fi
+  elif [ "${RUNNER_OS}" = "Linux" ]; then
+    if [ "${RUNNER_ARCH}" = "X64" ]; then
+      url="${url_prefix}/mark_Linux_x86_64.tar.gz"
+    elif [ "${RUNNER_ARCH}" = "ARM64" ]; then
+      url="${url_prefix}/mark_Linux_arm64.tar.gz"
+    fi
+  fi
 
-bin_path="${RUNNER_TEMP}/bin"
-mkdir -p "${bin_path}"
-tar_path="${bin_path}/mark.tar.gz"
-curl -sL "${url}" -o "${tar_path}"
-tar -xf "${tar_path}" -C "${bin_path}"
-rm -f "${tar_path}"
-echo "${bin_path}" >> "$GITHUB_PATH"
+  if [ -z "${url}" ]; then
+    echo "::error title=OS is not supported::${RUNNER_OS} ${RUNNER_ARCH} is not supported"
+    exit 1
+  fi
+
+  bin_path="${RUNNER_TEMP}/bin"
+  mkdir -p "${bin_path}"
+  tar_path="${bin_path}/mark.tar.gz"
+  checksums_path="${bin_path}/checksums.txt"
+  curl -sL "${url}" -o "${tar_path}"
+  curl -sL "${url_prefix}/checksums.txt" -o "${checksums_path}"
+
+  if ! grep -qF "$(shasum -a 256 "${tar_path}" | cut -d ' ' -f 1)" "${checksums_path}"; then
+    echo "::error title=Checksum error::Checksum is different from the downloaded binary"
+    exit 1
+  fi
+
+  tar -xf "${tar_path}" -C "${bin_path}"
+  rm -f "${tar_path}"
+  echo "${bin_path}" >> "$GITHUB_PATH"
+}
+
+main "$@"

src/validate-inputs.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env sh
+
+# Validates value to be a valid semver string.
+# Parameters:
+# 1. (Required) Param name to display it correctly in the error message for the
+#    users.
+# 2. (Required) Param value that will be validated.
+#
+# Usage examples:
+# check_semver "my-valid-semver-1" "1.2.3"
+# check_semver "my-valid-semver-3" "latest"
+# check_semver "my-invalid-semver" "1.2.3-rc1"
+check_semver() {
+  if ! echo "${2}" | grep -Eq '^(latest|[0-9]+(\.[0-9]+){0,2})$'; then
+    msg="\"${1}\" parameter is invalid. \"${2}\" is not a valid semver."
+    echo "::error title=Invalid parameter::${msg}"
+    exit 30
+  fi
+}
+
+main() {
+  input_version="${1}"
+
+  check_semver "version" "${input_version}"
+}
+
+main "$@"