When extracting GitHub source URLs in the workflow, only search the "# Source:" line first to avoid matching other URLs (such as license links). Update the grep pipeline to filter for the Source line (case-insensitive) before extracting the https://github.com/... pattern and add explanatory comments.
* fix(workflow): improve Node.js version drift detection accuracy
1. Fix source URL regex: now captures 'Github: https://github.com/...'
pattern (pipe-separated), not just '# Source: https://github.com/...'
This was causing ~50 scripts to show 'No GitHub source'
2. Fix semver comparison: engines.node constraints like '>=18.0.0'
no longer flag version 22 as drift. >= and ^ constraints are now
properly evaluated (our_version >= min_major = satisfied)
3. Add fallback detection: when no Dockerfile or engines.node is found,
check .nvmrc and .node-version files for Node version hints
4. Add subdirectory search: Dockerfile and package.json are now found
via GitHub API tree search, not just in repo root
5. Use GitHub API to detect default branch instead of guessing
main/master/dev with multiple HEAD requests
* fix typos in node_version
* runs on vps
Scans all install scripts using setup_nodejs and compares our
NODE_VERSION with upstream Dockerfile and package.json values.
Features:
- Detects FROM node:XX, nodesource/setup_XX, FROM alpine:X.Y
- Resolves Alpine package registry for nodejs version when
upstream uses alpine base images
- Caches Alpine version lookups to minimize requests
- Creates individual GitHub issues per script with investigation
checklist when drift is detected
- Rate-limited to avoid GitHub API throttling
- Runs weekly on Monday at 06:00 UTC + manual dispatch
