Releasing federated token details in logs (#186)

Displaying token details as logs

README.md

@@ -1,335 +1,310 @@
-# GitHub Actions for deploying to Azure
+# GitHub Actions for deploying to Azure
-
+
-## Automate your GitHub workflows using Azure Actions
+## Automate your GitHub workflows using Azure Actions
-
+
-[GitHub Actions](https://help.github.com/en/articles/about-github-actions)  gives you the flexibility to build an automated software development lifecycle workflow. 
+[GitHub Actions](https://help.github.com/en/articles/about-github-actions)  gives you the flexibility to build an automated software development lifecycle workflow. 
-
+
-With [GitHub Actions for Azure](https://github.com/Azure/actions/) you can create workflows that you can set up in your repository to build, test, package, release and **deploy** to Azure. 
+With [GitHub Actions for Azure](https://github.com/Azure/actions/) you can create workflows that you can set up in your repository to build, test, package, release and **deploy** to Azure. 
-
+
-# GitHub Action for Azure Login
+# GitHub Action for Azure Login
-
+
-With the [Azure Login](https://github.com/Azure/login/blob/master/action.yml) Action, you can automate your workflow to do an Azure login using [Azure service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals) and run Az CLI and Azure PowerShell scripts.
+With the [Azure Login](https://github.com/Azure/login/blob/master/action.yml) Action, you can automate your workflow to do an Azure login using [Azure service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals) and run Az CLI and Azure PowerShell scripts.
-
+
-- By default, the action only logs in with the Azure CLI (using the `az login` command). To log in with the Az PowerShell module, set `enable-AzPSSession` to true. To login to Azure tenants without any subscriptions, set the optional parameter `allow-no-subscriptions` to true. 
+- By default, the action only logs in with the Azure CLI (using the `az login` command). To log in with the Az PowerShell module, set `enable-AzPSSession` to true. To login to Azure tenants without any subscriptions, set the optional parameter `allow-no-subscriptions` to true. 
-
+
-- To login into one of the Azure Government clouds or Azure Stack, set the optional parameter `environment` with one of the supported values `AzureUSGovernment` or `AzureChinaCloud` or `AzureStack`. If this parameter is not specified, it takes the default value `AzureCloud` and connects to the Azure Public Cloud. Additionally the parameter `creds` takes the Azure service principal created in the particular cloud to connect (Refer to [this](#configure-a-service-principal-with-a-secret)  section below for details).
+- To login into one of the Azure Government clouds or Azure Stack, set the optional parameter `environment` with one of the supported values `AzureUSGovernment` or `AzureChinaCloud` or `AzureStack`. If this parameter is not specified, it takes the default value `AzureCloud` and connects to the Azure Public Cloud. Additionally the parameter `creds` takes the Azure service principal created in the particular cloud to connect (Refer to [this](#configure-a-service-principal-with-a-secret)  section below for details).
-
+
-- The Action supports two different ways of authentication with Azure. One using the Azure Service Principal with secrets. The other is OpenID connect (OIDC) method of authentication using Azure Service Principal with a Federated Identity Credential. 
+- The Action supports two different ways of authentication with Azure. One using the Azure Service Principal with secrets. The other is OpenID connect (OIDC) method of authentication using Azure Service Principal with a Federated Identity Credential. 
-- To login using Azure Service Principal with a secret, follow [this](#configure-a-service-principal-with-a-secret) guidance.
+- To login using Azure Service Principal with a secret, follow [this](#configure-a-service-principal-with-a-secret) guidance.
-- To login using **OpenID Connect (OIDC) based Federated Identity Credentials**, 
+- To login using **OpenID Connect (OIDC) based Federated Identity Credentials**, 
-   1. Follow [this](#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication) guidance to create a Federated Credential associated with your AD App (Service Principal). This is needed to establish OIDC trust between GitHub deployment workflows and the specific Azure resources scoped by the service principal.
+   1. Follow [this](#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication) guidance to create a Federated Credential associated with your AD App (Service Principal). This is needed to establish OIDC trust between GitHub deployment workflows and the specific Azure resources scoped by the service principal.
-   2. In your GitHub workflow, Set `permissions:` with `id-token: write` at workflow level or job level based on whether the OIDC token needs to be auto-generated for all Jobs or a specific Job. 
+   2. In your GitHub workflow, Set `permissions:` with `id-token: write` at workflow level or job level based on whether the OIDC token needs to be auto-generated for all Jobs or a specific Job. 
-   3. Within the Job deploying to Azure, add Azure/login action and pass the `client-id`, `tenant-id` and `subscription-id` of the Azure service principal associated with an OIDC Federated Identity Credential credeted in step (i)
+   3. Within the Job deploying to Azure, add Azure/login action and pass the `client-id`, `tenant-id` and `subscription-id` of the Azure service principal associated with an OIDC Federated Identity Credential credeted in step (i)
-
+
-Note: 
+Note: 
-   - OIDC support in Azure is in Public Preview and is supported only for public clouds. Support for other clouds like Government clouds, Azure Stacks would be added soon. 
+   - Ensure the CLI version is 2.30 or above to use OIDC support.
-   - GitHub runners will soon be updated with the Az CLI and PowerShell versions that support with OIDC. Hence the below sample workflows include scripts to download the same during workflow execution. 
+   - OIDC support in Azure is in Public Preview and is supported only for public clouds. Support for other clouds like Government clouds, Azure Stacks would be added soon. 
-   - By default, Azure access tokens issued during OIDC based login could have limited validity. This expiration time is configurable in Azure.
+   - GitHub runners will soon be updating the with the Az CLI and PowerShell versions that support with OIDC. Hence the below sample workflows include explicit instructions to download the same during workflow execution. 
-
+   - By default, Azure access tokens issued during OIDC based login could have limited validity. This expiration time is configurable in Azure.
-
+
-## Sample workflow that uses Azure login action to run az cli
+
-
+## Sample workflow that uses Azure login action to run az cli
-```yaml
+
-
+```yaml
-# File: .github/workflows/workflow.yml
+
-
+# File: .github/workflows/workflow.yml
-on: [push]
+
-
+on: [push]
-name: AzureLoginSample
+
-
+name: AzureLoginSample
-jobs:
+
-
+jobs:
-  build-and-deploy:
+
-    runs-on: ubuntu-latest
+  build-and-deploy:
-    steps:
+    runs-on: ubuntu-latest
-    
+    steps:
-    - uses: azure/login@v1
+    
-      with:
+    - uses: azure/login@v1
-        creds: ${{ secrets.AZURE_CREDENTIALS }}
+      with:
-    
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
-    - run: |
+    
-        az webapp list --query "[?state=='Running']"
+    - run: |
-
+        az webapp list --query "[?state=='Running']"
-```
+
-
+```
-## Sample workflow that uses Azure login action to run Azure PowerShell
+
-
+## Sample workflow that uses Azure login action to run Azure PowerShell
-```yaml
+
-
+```yaml
-# File: .github/workflows/workflow.yml
+
-
+# File: .github/workflows/workflow.yml
-on: [push]
+
-
+on: [push]
-name: AzurePowerShellLoginSample
+
-
+name: AzurePowerShellLoginSample
-jobs:
+
-
+jobs:
-  build:
+
-    runs-on: ubuntu-latest
+  build:
-    steps:
+    runs-on: ubuntu-latest
-    
+    steps:
-    - name: Login via Az module
+    
-      uses: azure/login@v1
+    - name: Login via Az module
-      with:
+      uses: azure/login@v1
-        creds: ${{secrets.AZURE_CREDENTIALS}}
+      with:
-        enable-AzPSSession: true 
+        creds: ${{secrets.AZURE_CREDENTIALS}}
-     
+        enable-AzPSSession: true 
-     - run: |
+     
-        Get-AzVM -ResourceGroupName "ResourceGroup11"
+     - run: |
-        
+        Get-AzVM -ResourceGroupName "ResourceGroup11"
-```
+        
-## Sample workflow that uses Azure login action using OIDC to run az cli (Linux)
+```
-
+## Sample workflow that uses Azure login action using OIDC to run az cli (Linux)
-```yaml
+
-# File: .github/workflows/OIDC_workflow.yml
+```yaml
-
+# File: .github/workflows/OIDC_workflow.yml
-name: Run Azure Login with OIDC
+
-on: [push]
+name: Run Azure Login with OIDC
-
+on: [push]
-permissions:
+
-      id-token: write
+permissions:
-      
+      id-token: write
-jobs: 
+      contents: read
-  build-and-deploy:
+jobs: 
-    runs-on: ubuntu-latest
+  build-and-deploy:
-    steps:
+    runs-on: ubuntu-latest
-        
+    steps:
-      # ubuntu Az CLI installation 
+      - name: 'Az CLI login'
-      - name: Install CLI-beta
+        uses: azure/login@v1
-        run: |
+        with:
-           cd ../..
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-           CWD="$(pwd)"
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-           python3 -m venv oidc-venv
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-           . oidc-venv/bin/activate
+  
-           echo "activated environment" 
+      - name: 'Run az commands'
-           python3 -m pip install --upgrade pip
+        run: |
-           echo "started installing cli beta" 
+          az account show
-           pip install -q --extra-index-url https://azcliprod.blob.core.windows.net/beta/simple/ azure-cli
+          az group list
-           echo "installed cli beta"    
+          pwd 
-           echo "$CWD/oidc-venv/bin" >> $GITHUB_PATH   
+```
-  
+Users can also specify `audience` field for access-token in the input parameters of the action. If not specified, it is defaulted to `api://AzureADTokenExchange`. This action supports login az powershell as well for both windows and linux runners by setting an input parameter `enable-AzPSSession: true`. Below is the sample workflow for the same using the windows runner. Please note that powershell login is not supported in Macos runners.
-      - name: 'Az CLI login'
+
-        uses: azure/login@v1.4.0
+## Sample workflow that uses Azure login action using OIDC to run az PowerShell (Windows)
-        with:
+
-          client-id: ${{ secrets.AZURE_CLIENTID }}
+```yaml
-          tenant-id: ${{ secrets.AZURE_TENANTID }}
+# File: .github/workflows/OIDC_workflow.yml
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID }}
+
-  
+name: Run Azure Login with OIDC
-      - name: 'Run az commands'
+on: [push]
-        run: |
+
-          az account show
+permissions:
-          az group list
+      id-token: write
-          pwd 
+      contents: read
-```
+      
-This action supports login az powershell as well for both windows and linux runners by setting an input parameter `enable-AzPSSession: true`. Below is the sample workflow for the same using the windows runner. Please note that powershell login is not supported in Macos runners.
+jobs: 
-
+  Windows-latest:
-## Sample workflow that uses Azure login action using OIDC to run az PowerShell (Windows)
+      runs-on: windows-latest
-
+      steps:
-```yaml
+        - name: OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true)
-# File: .github/workflows/OIDC_workflow.yml
+          uses: azure/login@v1
-
+          with:
-name: Run Azure Login with OIDC
+            client-id: ${{ secrets.AZURE_CLIENT_ID }}
-on: [push]
+            tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-
+            subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} 
-permissions:
+            enable-AzPSSession: true
-      id-token: write
+
-      
+        - name: 'Get RG with powershell action'
-jobs: 
+          uses: azure/powershell@v1
-  Windows-latest:
+          with:
-      runs-on: windows-latest
+             inlineScript: |
-      steps:
+               Get-AzResourceGroup
-
+             azPSVersion: "latest"
-        # windows Az CLI installation 
+
-        - name: Install CLI-beta
+```
-          run: |
+
-              cd ../..
+Refer [Azure PowerShell](https://github.com/azure/powershell) Github action to run your Azure PowerShell scripts.
-              $CWD = Convert-Path .
+
-              echo $CWD
+## Sample to connect to Azure US Government cloud
-              python --version
+
-              python -m venv oidc-venv
+```yaml
-              . .\oidc-venv\Scripts\Activate.ps1
+    - name: Login to Azure US Gov Cloud with CLI
-              python -m pip install -q --upgrade pip
+      uses: azure/login@v1
-              echo "started installing cli beta" 
+      with:
-              pip install -q --extra-index-url https://azcliprod.blob.core.windows.net/beta/simple/ azure-cli
+        creds: ${{ secrets.AZURE_US_GOV_CREDENTIALS }}
-              echo "installed cli beta" 
+        environment: 'AzureUSGovernment'
-              echo "$CWD\oidc-venv\Scripts" >> $env:GITHUB_PATH
+        enable-AzPSSession: false
-
+    - name: Login to Azure US Gov Cloud with Az Powershell
-        - name: Installing Az.accounts for powershell
+      uses: azure/login@v1
-          shell: pwsh
+      with:
-          run: |
+        creds: ${{ secrets.AZURE_US_GOV_CREDENTIALS }}
-               Install-Module -Name Az.Accounts -Force -AllowClobber -Repository PSGallery
+        environment: 'AzureUSGovernment'
-  
+        enable-AzPSSession: true
-        - name: OIDC Login to Azure Public Cloud with AzPowershell (enableAzPSSession true)
+```
-          uses: azure/login@v1.4.0
+
-          with:
+Refer to the [Azure PowerShell](https://github.com/azure/powershell) Github action to run your Azure PowerShell scripts.
-            client-id: ${{ secrets.AZURE_CLIENTID }}
+
-            tenant-id: ${{ secrets.AZURE_TENANTID }}
+## Sample Azure Login workflow that to run az cli on Azure Stack Hub
-            subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID }} 
+
-            enable-AzPSSession: true
+```yaml
-
+
-        - name: 'Get RG with powershell action'
+# File: .github/workflows/workflow.yml
-          uses: azure/powershell@v1
+
-          with:
+on: [push]
-             inlineScript: |
+
-               Get-AzResourceGroup
+name: AzureLoginSample
-             azPSVersion: "latest"
+
-
+jobs:
-```
+
-
+  build-and-deploy:
-Refer [Azure PowerShell](https://github.com/azure/powershell) Github action to run your Azure PowerShell scripts.
+    runs-on: ubuntu-latest
-
+    steps:
-## Sample to connect to Azure US Government cloud
+    - uses: azure/login@v1
-
+      with:
-```yaml
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
-    - name: Login to Azure US Gov Cloud with CLI
+        environment: 'AzureStack'
-      uses: azure/login@v1
+
-      with:
+    - run: |
-        creds: ${{ secrets.AZURE_US_GOV_CREDENTIALS }}
+        az webapp list --query "[?state=='Running']"
-        environment: 'AzureUSGovernment'
+
-        enable-AzPSSession: false
+```
-    - name: Login to Azure US Gov Cloud with Az Powershell
+Refer to the [Azure Stack Hub Login Action Tutorial](https://docs.microsoft.com/en-us/azure-stack/user/ci-cd-github-action-login-cli?view=azs-2008) for more detailed instructions.
-      uses: azure/login@v1
+
-      with:
+## Configure deployment credentials:
-        creds: ${{ secrets.AZURE_US_GOV_CREDENTIALS }}
+  
-        environment: 'AzureUSGovernment'
+### Configure a service principal with a secret:
-        enable-AzPSSession: true
+
-```
+For using any credentials like Azure Service Principal, Publish Profile etc add them as [secrets](https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables) in the GitHub repository and then use them in the workflow.
-
+
-Refer to the [Azure PowerShell](https://github.com/azure/powershell) Github action to run your Azure PowerShell scripts.
+
-
+Follow the steps to configure Azure Service Principal with a secret:
-## Sample Azure Login workflow that to run az cli on Azure Stack Hub
+  * Define a new secret under your repository settings, Add secret menu
-
+  * Store the output of the below [az cli](https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest) command as the value of secret variable, for example 'AZURE_CREDENTIALS'
-```yaml
+```bash  
-
+
-# File: .github/workflows/workflow.yml
+   az ad sp create-for-rbac --name "myApp" --role contributor \
-
+                            --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
-on: [push]
+                            --sdk-auth
-
+                            
-name: AzureLoginSample
+  # Replace {subscription-id}, {resource-group} with the subscription, resource group details
-
+
-jobs:
+  # The command should output a JSON object similar to this:
-
+
-  build-and-deploy:
+  {
-    runs-on: ubuntu-latest
+    "clientId": "<GUID>",
-    steps:
+    "clientSecret": "<GUID>",
-    - uses: azure/login@v1
+    "subscriptionId": "<GUID>",
-      with:
+    "tenantId": "<GUID>",
-        creds: ${{ secrets.AZURE_CREDENTIALS }}
+    (...)
-        environment: 'AzureStack'
+  }
-
+  
-    - run: |
+```
-        az webapp list --query "[?state=='Running']"
+  * Now in the workflow file in your branch: `.github/workflows/workflow.yml` replace the secret in Azure login action with your secret (Refer to the example above)
-
+
-```
+### Configure a service principal with a Federated Credential to use OIDC based authentication:
-Refer to the [Azure Stack Hub Login Action Tutorial](https://docs.microsoft.com/en-us/azure-stack/user/ci-cd-github-action-login-cli?view=azs-2008) for more detailed instructions.
+
-
+
-## Configure deployment credentials:
+You can add federated credentials in the Azure portal or with the Microsoft Graph REST API.
-  
+
-### Configure a service principal with a secret:
+#### Azure portal
-
+1. Go to **Certificates and secrets**.  In the **Federated credentials** tab, select **Add credential**.  
-For using any credentials like Azure Service Principal, Publish Profile etc add them as [secrets](https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables) in the GitHub repository and then use them in the workflow.
+1. The **Add a credential** blade opens.
-
+1. In the **Federated credential scenario** box select **GitHub actions deploying Azure resources**.
-
+1. Specify the **Organization** and **Repository** for your GitHub Actions workflow which needs to access the Azure resources scoped by this App (Service Principal) 
-Follow the steps to configure Azure Service Principal with a secret:
+1. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value, based on how you have configured the trigger for your GitHub workflow. For a more detailed overview, see [GitHub OIDC guidance]( https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#defining-[…]dc-claims). 
-  * Define a new secret under your repository settings, Add secret menu
+1. Add a **Name** for the federated credential.
-  * Store the output of the below [az cli](https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest) command as the value of secret variable, for example 'AZURE_CREDENTIALS'
+1. Click **Add** to configure the federated credential.
-```bash  
+
-
+For a more detailed overview, see more guidance around [Azure Federated Credentials](https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation-create-trust-github). 
-   az ad sp create-for-rbac --name "myApp" --role contributor \
+
-                            --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
+#### Microsoft Graph
-                            --sdk-auth
+
-                            
+1. Launch [Azure Cloud Shell](https://portal.azure.com/#cloudshell/) and sign in to your tenant.
-  # Replace {subscription-id}, {resource-group} with the subscription, resource group details
+1. Create a federated identity credential
-
+
-  # The command should output a JSON object similar to this:
+    Run the following command to [create a new federated identity credential](https://docs.microsoft.com/en-us/graph/api/application-post-federatedidentitycredentials?view=graph-rest-beta&preserve-view=true) on your app (specified by the object ID of the app). Substitute the values `APPLICATION-OBJECT-ID`, `CREDENTIAL-NAME`, `SUBJECT`. The options for subject refer to your request filter. These are the conditions that OpenID Connect uses to determine when to issue an authentication token.  
-
+    * specific environment
-  {
+        ```azurecli
-    "clientId": "<GUID>",
+        az rest --method POST --uri 'https://graph.microsoft.com/beta/applications/<APPLICATION-OBJECT-ID>/federatedIdentityCredentials' --body '{"name":"<CREDENTIAL-NAME>","issuer":"https://token.actions.githubusercontent.com","subject":"repo:octo-org/octo-repo:environment:Production","description":"Testing","audiences":["api://AzureADTokenExchange"]}' 
-    "clientSecret": "<GUID>",
+        ```
-    "subscriptionId": "<GUID>",
+    * pull_request events
-    "tenantId": "<GUID>",
+       ```azurecli
-    (...)
+        az rest --method POST --uri 'https://graph.microsoft.com/beta/applications/<APPLICATION-OBJECT-ID>/federatedIdentityCredentials' --body '{"name":"<CREDENTIAL-NAME>","issuer":"https://token.actions.githubusercontent.com","subject":"repo:octo-org/octo-repo:pull_request","description":"Testing","audiences":["api://AzureADTokenExchange"]}' 
-  }
+        ```
-  
+    * specific branch
-```
+       ```azurecli
-  * Now in the workflow file in your branch: `.github/workflows/workflow.yml` replace the secret in Azure login action with your secret (Refer to the example above)
+        az rest --method POST --uri 'https://graph.microsoft.com/beta/applications/<APPLICATION-OBJECT-ID>/federatedIdentityCredentials' --body '{"name":"<CREDENTIAL-NAME>","issuer":"https://token.actions.githubusercontent.com","subject":"repo:octo-org/octo-repo:ref:refs/heads/{Branch}","description":"Testing","audiences":["api://AzureADTokenExchange"]}' 
-
+        ```
-### Configure a service principal with a Federated Credential to use OIDC based authentication:
+    * specific tag
-
+       ```azurecli
-
+        az rest --method POST --uri 'https://graph.microsoft.com/beta/applications/<APPLICATION-OBJECT-ID>/federatedIdentityCredentials' --body '{"name":"<CREDENTIAL-NAME>","issuer":"https://token.actions.githubusercontent.com","subject":"repo:octo-org/octo-repo:ref:refs/heads/{Tag}","description":"Testing","audiences":["api://AzureADTokenExchange"]}' 
-You can add federated credentials in the Azure portal or with the Microsoft Graph REST API.
+        ```
-
+
-#### Azure portal
+## Support for using `allow-no-subscriptions` flag with az login
-1. Go to **Certificates and secrets**.  In the **Federated credentials** tab, select **Add credential**.  
+
-1. The **Add a credential** blade opens.
+Capability has been added to support access to tenants without subscriptions for both OIDC and non-OIDC. This can be useful to run tenant level commands, such as `az ad`. The action accepts an optional parameter `allow-no-subscriptions` which is `false` by default.
-1. In the **Federated credential scenario** box select **GitHub actions deploying Azure resources**.
+
-1. Specify the **Organization** and **Repository** for your GitHub Actions workflow which needs to access the Azure resources scoped by this App (Service Principal) 
+```yaml
-1. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value, based on how you have configured the trigger for your GitHub workflow. For a more detailed overview, see [GitHub OIDC guidance](). 
+# File: .github/workflows/workflow.yml
-1. Add a **Name** for the federated credential.
+
-1. Click **Add** to configure the federated credential.
+on: [push]
-
+
-For a more detailed overview, see more guidance around [Azure Federated Credentials](). 
+name: AzureLoginWithNoSubscriptions
-
+
-#### Microsoft Graph
+jobs:
-
+
-1. Launch [Azure Cloud Shell](https://portal.azure.com/#cloudshell/) and sign in to your tenant.
+  build-and-deploy:
-1. Create a federated identity credential
+    runs-on: ubuntu-latest
-
+    steps:
-    Run the following command to [create a new federated identity credential](/graph/api/application-post-federatedidentitycredentials?view=graph-rest-beta&preserve-view=true) on your app (specified by the object ID of the app). Substitute the values `APPLICATION-ID`, `CREDENTIAL-NAME`, `SUBJECT`. The options for subject refer to your request filter. These are the conditions that OpenID Connect uses to determine when to issue an authentication token.  
+
-    * specific environment
+    - uses: azure/login@v1
-    * pull_request events
+      with:
-    * specific branch
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
-    * specific tag
+        allow-no-subscriptions: true
-
+```
-        ```azurecli
+## Az logout and security hardening
-        az rest --method POST --uri 'https://graph.microsoft.com/beta/applications/<APPLICATION-ID>/federatedIdentityCredentials' --body '{"name":"<CREDENTIAL-NAME>","issuer":"https://token.actions.githubusercontent.com/","subject":"repo:octo-org/octo-repo:environment:Production","description":"Testing","audiences":["api://AzureADTokenExchange"]}' 
+
-        ```
+This action doesn't implement ```az logout``` by default at the end of execution. However there is no way of tampering the credentials or account information because the github hosted runner is on a VM that will get reimaged for every customer run which gets everything deleted. But if the runner is self-hosted which is not github provided it is recommended to manually logout at the end of the workflow as shown below. More details on security of the runners can be found [here](https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#hardening-for-self-hosted-runners).
-## Support for using `allow-no-subscriptions` flag with az login
+```
-
+- name: Azure CLI script
-Capability has been added to support access to tenants without subscriptions for both OIDC and non-OIDC. This can be useful to run tenant level commands, such as `az ad`. The action accepts an optional parameter `allow-no-subscriptions` which is `false` by default.
+  uses: azure/CLI@v1
-
+  with:
-```yaml
+    azcliversion: 2.0.72
-# File: .github/workflows/workflow.yml
+    inlineScript: |
-
+      az logout
-on: [push]
+      az cache purge
-
+      az account clear
-name: AzureLoginWithNoSubscriptions
+```
-
+
-jobs:
+# Contributing
-
+
-  build-and-deploy:
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a
-    runs-on: ubuntu-latest
+Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-    steps:
+the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
-
+
-    - uses: azure/login@v1
+When you submit a pull request, a CLA bot will automatically determine whether you need to provide
-      with:
+a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
-        creds: ${{ secrets.AZURE_CREDENTIALS }}
+provided by the bot. You will only need to do this once across all repos using our CLA.
-        allow-no-subscriptions: true
+
-```
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-## Az logout and security hardening
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
-
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
-This action doesn't implement ```az logout``` by default at the end of execution. However there is no way of tampering the credentials or account information because the github hosted runner is on a VM that will get reimaged for every customer run which gets everything deleted. But if the runner is self-hosted which is not github provided it is recommended to manually logout at the end of the workflow as shown below. More details on security of the runners can be found [here](https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#hardening-for-self-hosted-runners).
-```
-- name: Azure CLI script
-  uses: azure/CLI@v1
-  with:
-    azcliversion: 2.0.72
-    inlineScript: |
-      az logout
-      az cache purge
-      az account clear
-```
-
-# Contributing
-
-This project welcomes contributions and suggestions.  Most contributions require you to agree to a
-Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
-
-When you submit a pull request, a CLA bot will automatically determine whether you need to provide
-a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
-provided by the bot. You will only need to do this once across all repos using our CLA.
-
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
-contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.

action.yml

@@ -26,6 +26,10 @@ inputs:
     description: 'Set this value to true to enable support for accessing tenants without subscriptions'
     required: false
     default: false
+  audience:
+    description: 'Provide audience field for access-token. Default value is api://AzureADTokenExchange' 
+    required: false
+    default: 'api://AzureADTokenExchange'
 branding:
   icon: 'login.svg'
   color: 'blue'

lib/PowerShell/ServicePrincipalLogin.js

@@ -59,10 +59,18 @@ class ServicePrincipalLogin {
     login() {
         return __awaiter(this, void 0, void 0, function* () {
             let output = "";
+            let commandStdErr = false;
             const options = {
                 listeners: {
                     stdout: (data) => {
                         output += data.toString();
+                    },
+                    stderr: (data) => {
+                        let error = data.toString();
+                        if (error && error.trim().length !== 0) {
+                            commandStdErr = true;
+                            core.error(error);
+                        }
                     }
                 }
             };

lib/PowerShell/Utilities/PowerShellToolRunner.js

@@ -40,6 +40,7 @@ class PowerShellToolRunner {
     }
     static executePowerShellScriptBlock(scriptBlock, options = {}) {
         return __awaiter(this, void 0, void 0, function* () {
+            //Options for error handling
             yield exec.exec(`"${PowerShellToolRunner.psPath}" -Command`, [scriptBlock], options);
         });
     }

lib/main.js

@@ -39,6 +39,27 @@ var azPSHostEnv = !!process.env.AZUREPS_HOST_ENVIRONMENT ? `${process.env.AZUREP
 function main() {
     return __awaiter(this, void 0, void 0, function* () {
         try {
+            //Options for error handling
+            let commandStdErr = false;
+            const loginOptions = {
+                silent: true,
+                ignoreReturnCode: true,
+                failOnStdErr: true,
+                listeners: {
+                    stderr: (data) => {
+                        let error = data.toString();
+                        //removing the keyword 'ERROR' to avoid duplicates while throwing error
+                        if (error.toLowerCase().startsWith('error')) {
+                            error = error.slice(5);
+                        }
+                        // printing error
+                        if (error && error.trim().length !== 0) {
+                            commandStdErr = true;
+                            core.error(error);
+                        }
+                    }
+                }
+            };
             // Set user agent variable
             var isAzCLISuccess = false;
             let usrAgentRepo = `${process.env.GITHUB_REPOSITORY}`;
@@ -73,7 +94,6 @@ function main() {
             const allowNoSubscriptionsLogin = core.getInput('allow-no-subscriptions').toLowerCase() === "true";
             //Check for the credentials in individual parameters in the workflow.
             var servicePrincipalId = core.getInput('client-id', { required: false });
-            ;
             var servicePrincipalKey = null;
             var tenantId = core.getInput('tenant-id', { required: false });
             var subscriptionId = core.getInput('subscription-id', { required: false });
@@ -84,7 +104,7 @@ function main() {
             if (servicePrincipalId || tenantId || subscriptionId) {
                 //If few of the individual credentials (clent_id, tenat_id, subscription_id) are missing in action inputs.
                 if (!(servicePrincipalId && tenantId && (subscriptionId || allowNoSubscriptionsLogin)))
-                    throw new Error("Few credentials are missing. ClientId,tenantId are mandatory. SubscriptionId is also mandatory if allow-no-subscriptions is not set.");
+                    throw new Error("Few credentials are missing. ClientId, tenantId are mandatory. SubscriptionId is also mandatory if allow-no-subscriptions is not set.");
             }
             else {
                 if (creds) {
@@ -115,16 +135,17 @@ function main() {
             if (enableOIDC) {
                 console.log('Using OIDC authentication...');
                 //generating ID-token
-                federatedToken = yield core.getIDToken('api://AzureADTokenExchange');
+                let audience = core.getInput('audience', { required: false });
+                federatedToken = yield core.getIDToken(audience);
                 if (!!federatedToken) {
                     if (environment != "azurecloud")
                         throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`);
+                    let [issuer, subjectClaim] = yield jwtParser(federatedToken);
+                    console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
                 }
                 else {
                     throw new Error("Could not get ID token for authentication.");
                 }
-                let [issuer, subjectClaim] = yield jwtParser(federatedToken);
-                console.log("Federated token details: \n issuer- " + issuer + " \n subject claim - " + subjectClaim);
             }
             // Attempting Az cli login
             if (environment == "azurestack") {
@@ -171,13 +192,13 @@ function main() {
             else {
                 commonArgs = commonArgs.concat("-p", servicePrincipalKey);
             }
-            yield executeAzCliCommand(`login`, true, {}, commonArgs);
+            yield executeAzCliCommand(`login`, true, loginOptions, commonArgs);
             if (!allowNoSubscriptionsLogin) {
                 var args = [
                     "--subscription",
                     subscriptionId
                 ];
-                yield executeAzCliCommand(`account set`, true, {}, args);
+                yield executeAzCliCommand(`account set`, true, loginOptions, args);
             }
             isAzCLISuccess = true;
             if (enableAzPSSession) {
@@ -192,13 +213,11 @@ function main() {
         }
         catch (error) {
             if (!isAzCLISuccess) {
-                core.error("CLI error:" + error);
+                core.setFailed("Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
-                core.error("Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
             }
             else {
-                core.error(`Azure PowerShell Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
+                core.setFailed(`Azure PowerShell Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
             }
-            core.setFailed(error);
         }
         finally {
             // Reset AZURE_HTTP_USER_AGENT
@@ -210,20 +229,15 @@ function main() {
 function executeAzCliCommand(command, silent, execOptions = {}, args = []) {
     return __awaiter(this, void 0, void 0, function* () {
         execOptions.silent = !!silent;
-        try {
+        yield exec.exec(`"${azPath}" ${command}`, args, execOptions);
-            yield exec.exec(`"${azPath}" ${command}`, args, execOptions);
-        }
-        catch (error) {
-            throw new Error(error);
-        }
     });
 }
 function jwtParser(federatedToken) {
     return __awaiter(this, void 0, void 0, function* () {
         let tokenPayload = federatedToken.split('.')[1];
         let bufferObj = Buffer.from(tokenPayload, "base64");
-        let decodedPayload = bufferObj.toString("utf8");
+        let decodedPayload = JSON.parse(bufferObj.toString("utf8"));
-        return [decodedPayload["iss"], decodedPayload["sub"]];
+        return [decodedPayload['iss'], decodedPayload['sub']];
     });
 }
 main();

node_modules/.bin/acorn

@@ -1 +0,0 @@
-../acorn/bin/acorn

node_modules/.bin/acorn

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../acorn/bin/acorn" "$@"
+  ret=$?
+else 
+  node  "$basedir/../acorn/bin/acorn" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/acorn.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\acorn\bin\acorn" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/acorn.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../acorn/bin/acorn" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../acorn/bin/acorn" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/atob

@@ -1 +0,0 @@
-../atob/bin/atob.js

node_modules/.bin/atob

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../atob/bin/atob.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../atob/bin/atob.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/atob.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\atob\bin\atob.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/atob.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../atob/bin/atob.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../atob/bin/atob.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/escodegen

@@ -1 +0,0 @@
-../escodegen/bin/escodegen.js

node_modules/.bin/escodegen

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../escodegen/bin/escodegen.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../escodegen/bin/escodegen.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/escodegen.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\escodegen\bin\escodegen.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/escodegen.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../escodegen/bin/escodegen.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../escodegen/bin/escodegen.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/esgenerate

@@ -1 +0,0 @@
-../escodegen/bin/esgenerate.js

node_modules/.bin/esgenerate

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../escodegen/bin/esgenerate.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../escodegen/bin/esgenerate.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/esgenerate.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\escodegen\bin\esgenerate.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/esgenerate.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../escodegen/bin/esgenerate.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../escodegen/bin/esgenerate.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/esparse

@@ -1 +0,0 @@
-../esprima/bin/esparse.js

node_modules/.bin/esparse

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../esprima/bin/esparse.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../esprima/bin/esparse.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/esparse.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\esprima\bin\esparse.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/esparse.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../esprima/bin/esparse.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../esprima/bin/esparse.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/esvalidate

@@ -1 +0,0 @@
-../esprima/bin/esvalidate.js

node_modules/.bin/esvalidate

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../esprima/bin/esvalidate.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../esprima/bin/esvalidate.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/esvalidate.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\esprima\bin\esvalidate.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/esvalidate.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../esprima/bin/esvalidate.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../esprima/bin/esvalidate.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/import-local-fixture

@@ -1 +0,0 @@
-../import-local/fixtures/cli.js

node_modules/.bin/import-local-fixture

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../import-local/fixtures/cli.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../import-local/fixtures/cli.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/import-local-fixture.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\import-local\fixtures\cli.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/import-local-fixture.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../import-local/fixtures/cli.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../import-local/fixtures/cli.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/is-ci

@@ -1 +0,0 @@
-../is-ci/bin.js

node_modules/.bin/is-ci

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../is-ci/bin.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../is-ci/bin.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/is-ci.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\is-ci\bin.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/is-ci.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../is-ci/bin.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../is-ci/bin.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/jest

@@ -1 +0,0 @@
-../jest/bin/jest.js

node_modules/.bin/jest

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../jest/bin/jest.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../jest/bin/jest.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/jest-runtime

@@ -1 +0,0 @@
-../jest-runtime/bin/jest-runtime.js

node_modules/.bin/jest-runtime

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../jest-runtime/bin/jest-runtime.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../jest-runtime/bin/jest-runtime.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/jest-runtime.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\jest-runtime\bin\jest-runtime.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/jest-runtime.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../jest-runtime/bin/jest-runtime.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../jest-runtime/bin/jest-runtime.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/jest.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\jest\bin\jest.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/jest.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../jest/bin/jest.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../jest/bin/jest.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/js-yaml

@@ -1 +0,0 @@
-../js-yaml/bin/js-yaml.js

node_modules/.bin/js-yaml

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../js-yaml/bin/js-yaml.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../js-yaml/bin/js-yaml.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/js-yaml.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\js-yaml\bin\js-yaml.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/js-yaml.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../js-yaml/bin/js-yaml.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../js-yaml/bin/js-yaml.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/jsesc

@@ -1 +0,0 @@
-../jsesc/bin/jsesc

node_modules/.bin/jsesc

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../jsesc/bin/jsesc" "$@"
+  ret=$?
+else 
+  node  "$basedir/../jsesc/bin/jsesc" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/jsesc.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\jsesc\bin\jsesc" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/jsesc.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../jsesc/bin/jsesc" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../jsesc/bin/jsesc" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/json5

@@ -1 +0,0 @@
-../json5/lib/cli.js

node_modules/.bin/json5

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../json5/lib/cli.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../json5/lib/cli.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/json5.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\json5\lib\cli.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/json5.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../json5/lib/cli.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../json5/lib/cli.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/node-which

@@ -1 +0,0 @@
-../which/bin/node-which

node_modules/.bin/node-which

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../which/bin/node-which" "$@"
+  ret=$?
+else 
+  node  "$basedir/../which/bin/node-which" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/node-which.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\which\bin\node-which" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/node-which.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../which/bin/node-which" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../which/bin/node-which" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/package-lock

@@ -1 +0,0 @@
-../package-lock/bin/package-lock.js

node_modules/.bin/package-lock

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../package-lock/bin/package-lock.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../package-lock/bin/package-lock.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/package-lock.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\package-lock\bin\package-lock.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/package-lock.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../package-lock/bin/package-lock.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../package-lock/bin/package-lock.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/parser

@@ -1 +0,0 @@
-../@babel/parser/bin/babel-parser.js

node_modules/.bin/parser

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../@babel/parser/bin/babel-parser.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../@babel/parser/bin/babel-parser.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/parser.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\@babel\parser\bin\babel-parser.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/parser.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../@babel/parser/bin/babel-parser.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../@babel/parser/bin/babel-parser.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/rimraf

@@ -1 +0,0 @@
-../rimraf/bin.js

node_modules/.bin/rimraf

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../rimraf/bin.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../rimraf/bin.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/rimraf.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\rimraf\bin.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/rimraf.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../rimraf/bin.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../rimraf/bin.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/sane

@@ -1 +0,0 @@
-../sane/src/cli.js

node_modules/.bin/sane

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../sane/src/cli.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../sane/src/cli.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/sane.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\sane\src\cli.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/sane.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../sane/src/cli.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../sane/src/cli.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/semver

@@ -1 +0,0 @@
-../semver/bin/semver.js

node_modules/.bin/semver

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../semver/bin/semver.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../semver/bin/semver.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/semver.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\semver\bin\semver.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/semver.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../semver/bin/semver.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../semver/bin/semver.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/sshpk-conv

@@ -1 +0,0 @@
-../sshpk/bin/sshpk-conv

node_modules/.bin/sshpk-conv

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../sshpk/bin/sshpk-conv" "$@"
+  ret=$?
+else 
+  node  "$basedir/../sshpk/bin/sshpk-conv" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/sshpk-conv.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\sshpk\bin\sshpk-conv" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/sshpk-conv.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../sshpk/bin/sshpk-conv" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../sshpk/bin/sshpk-conv" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/sshpk-sign

@@ -1 +0,0 @@
-../sshpk/bin/sshpk-sign

node_modules/.bin/sshpk-sign

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../sshpk/bin/sshpk-sign" "$@"
+  ret=$?
+else 
+  node  "$basedir/../sshpk/bin/sshpk-sign" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/sshpk-sign.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\sshpk\bin\sshpk-sign" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/sshpk-sign.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../sshpk/bin/sshpk-sign" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../sshpk/bin/sshpk-sign" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/sshpk-verify

@@ -1 +0,0 @@
-../sshpk/bin/sshpk-verify

node_modules/.bin/sshpk-verify

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../sshpk/bin/sshpk-verify" "$@"
+  ret=$?
+else 
+  node  "$basedir/../sshpk/bin/sshpk-verify" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/sshpk-verify.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\sshpk\bin\sshpk-verify" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/sshpk-verify.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../sshpk/bin/sshpk-verify" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../sshpk/bin/sshpk-verify" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/ts-jest

@@ -1 +0,0 @@
-../ts-jest/cli.js

node_modules/.bin/ts-jest

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../ts-jest/cli.js" "$@"
+  ret=$?
+else 
+  node  "$basedir/../ts-jest/cli.js" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/ts-jest.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\ts-jest\cli.js" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b

node_modules/.bin/ts-jest.ps1

@@ -0,0 +1,18 @@
+#!/usr/bin/env pwsh
+$basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
+
+$exe=""
+if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
+  # Fix case when both the Windows and Linux builds of Node
+  # are installed in the same directory
+  $exe=".exe"
+}
+$ret=0
+if (Test-Path "$basedir/node$exe") {
+  & "$basedir/node$exe"  "$basedir/../ts-jest/cli.js" $args
+  $ret=$LASTEXITCODE
+} else {
+  & "node$exe"  "$basedir/../ts-jest/cli.js" $args
+  $ret=$LASTEXITCODE
+}
+exit $ret

node_modules/.bin/tsc

@@ -1 +0,0 @@
-../typescript/bin/tsc

node_modules/.bin/tsc

@@ -0,0 +1,15 @@
+#!/bin/sh
+basedir=$(dirname "$(echo "$0" | sed -e 's,\\,/,g')")
+
+case `uname` in
+    *CYGWIN*|*MINGW*|*MSYS*) basedir=`cygpath -w "$basedir"`;;
+esac
+
+if [ -x "$basedir/node" ]; then
+  "$basedir/node"  "$basedir/../typescript/bin/tsc" "$@"
+  ret=$?
+else 
+  node  "$basedir/../typescript/bin/tsc" "$@"
+  ret=$?
+fi
+exit $ret

node_modules/.bin/tsc.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+"%_prog%"  "%dp0%\..\typescript\bin\tsc" %*
+ENDLOCAL
+EXIT /b %errorlevel%
+:find_dp0
+SET dp0=%~dp0
+EXIT /b