Merge pull request #26 from dash14/remove/legacy-rule-support

Remove deprecated legacy rule support

Author: dash14

Makefile

@@ -67,11 +67,7 @@ test_audit_mode: ## Run audit mode tests
 	@$(MAKE) clean
 
 .PHONY: test_unit
-test_unit: test_legacy test_report test_qjs ## Run unit tests
-
-.PHONY: test_legacy
-test_legacy: ## Run legacy rules unit tests
-	@node --test setup/lib/legacy-rules.test.mjs
+test_unit: test_report test_qjs ## Run unit tests
 
 .PHONY: test_report
 test_report: ## Run report unit tests

docs/development.md

@@ -94,10 +94,7 @@ Fields: `[timestamp] buildcage [status] "domain:port" reason`
 │   ├── action.yml               # GitHub Action: dash14/buildcage/setup@v1
 │   ├── compose.yml              # Compose config for GitHub Actions (with image tag)
 │   ├── main.mjs                 # Setup entrypoint (rule generation, compose up)
-│   ├── post.mjs                 # Post-action cleanup
-│   └── lib/
-│       ├── legacy-rules.mjs     # Legacy domain/port → wildcard conversion
-│       └── legacy-rules.test.mjs
+│   └── post.mjs                 # Post-action cleanup
 ├── report/                      # GitHub Actions report
 │   ├── action.yml               # GitHub Action: dash14/buildcage/report@v1
 │   └── main.mjs                 # Log analysis and Job Summary output

docs/rules.md

@@ -94,39 +94,3 @@ allowed_https_rules: >-
   ~^registry\.npmjs\.org:\d+$
   ~^.*\.githubusercontent\.com:443$
 ```
-
-## Deprecated Parameters
-
-The following parameters are deprecated and will be removed in a future version:
-
-| Deprecated | Replacement |
-|------------|-------------|
-| `allowed_https_domains` | `allowed_https_rules` |
-| `allowed_http_domains` | `allowed_http_rules` |
-| `https_ports` | Port specification in rules (e.g., `example.com:8443`) |
-| `http_ports` | Port specification in rules (e.g., `example.com:8080`) |
-
-### Migration
-
-```yaml
-# Before (deprecated)
-allowed_https_domains: "registry.npmjs.org, fonts.googleapis.com"
-https_ports: "443,8443"
-
-# After
-allowed_https_rules: >-
-  registry.npmjs.org:443
-  registry.npmjs.org:8443
-  fonts.googleapis.com:443
-  fonts.googleapis.com:8443
-```
-
-If you only use the default ports (80 for HTTP, 443 for HTTPS), migration is simpler — just rename the parameter and add the port:
-
-```yaml
-# Before (deprecated)
-allowed_https_domains: "registry.npmjs.org, fonts.googleapis.com"
-
-# After
-allowed_https_rules: "registry.npmjs.org:443 fonts.googleapis.com:443"
-```

setup/action.yml

@@ -28,23 +28,7 @@ inputs:
     description: "IP address allow rules (wildcard or ~regex), separated by whitespace. Port required. e.g., '192.168.1.1:443 10.0.0.1:8080'"
     required: false
     default: ''
-  # Deprecated
-  allowed_http_domains:
-    description: "Deprecated: use allowed_http_rules instead"
-    required: false
-    default: ''
-  allowed_https_domains:
-    description: "Deprecated: use allowed_https_rules instead"
-    required: false
-    default: ''
-  http_ports:
-    description: "Deprecated: specify port per rule in allowed_http_rules (e.g., 'example.com:8080')"
-    required: false
-    default: '80'
-  https_ports:
-    description: "Deprecated: specify port per rule in allowed_https_rules (e.g., 'example.com:8443')"
-    required: false
-    default: '443'
+
 
 runs:
   using: node24

setup/lib/legacy-rules.mjs

@@ -1,7 +1,7 @@
 import { execFileSync } from "node:child_process";
 import { join, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
-import { buildLegacyRules } from "./lib/legacy-rules.mjs";
+
 import { buildRules } from "../docker/files/tools/lib/rules.mjs";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -24,10 +24,6 @@ function main() {
       httpsRulesInput: env.INPUT_ALLOWED_HTTPS_RULES,
       httpRulesInput: env.INPUT_ALLOWED_HTTP_RULES,
       ipRulesInput: env.INPUT_ALLOWED_IP_RULES,
-      httpsDomainsInput: env.INPUT_ALLOWED_HTTPS_DOMAINS,
-      httpDomainsInput: env.INPUT_ALLOWED_HTTP_DOMAINS,
-      httpsPortsInput: env.INPUT_HTTPS_PORTS,
-      httpPortsInput: env.INPUT_HTTP_PORTS,
     });
   } catch (e) {
     console.log(`::error::${e.message}`);
@@ -113,39 +109,20 @@ function resolveImageTag(repository, { versionInput, actionRef }) {
 }
 
 /**
- * Build ACL rules by merging new-style rules and legacy rules.
- * New-style rules are passed through as-is (wildcard format).
- * Legacy rules are converted to wildcard format.
+ * Build ACL rules from input strings.
+ * Rules are passed through as-is (wildcard format), validated by converting to regex.
  *
  * @returns {{ httpsRules: string[], httpRules: string[], ipRules: string[] }}
  */
-function buildACLRules({ httpsRulesInput, httpRulesInput, ipRulesInput, httpsDomainsInput, httpDomainsInput, httpsPortsInput, httpPortsInput }) {
-  // New-style rules: pass through as-is (wildcard format), validate by converting to regex
+function buildACLRules({ httpsRulesInput, httpRulesInput, ipRulesInput }) {
   const httpsRules = httpsRulesInput?.trim().split(/\s+/).filter(Boolean) ?? [];
   const httpRules = httpRulesInput?.trim().split(/\s+/).filter(Boolean) ?? [];
   const ipRules = ipRulesInput?.trim().split(/\s+/).filter(Boolean) ?? [];
   buildRules(httpsRulesInput);
   buildRules(httpRulesInput);
   buildRules(ipRulesInput);
 
-  // Legacy rules (converted to wildcard format)
-  const httpsLegacy = buildLegacyRules({
-    domainsInput: httpsDomainsInput,
-    portsInput: httpsPortsInput,
-    defaultPort: 443,
-    protocol: "HTTPS",
-  });
-  const httpLegacy = buildLegacyRules({
-    domainsInput: httpDomainsInput,
-    portsInput: httpPortsInput,
-    defaultPort: 80,
-    protocol: "HTTP",
-  });
-  return {
-    httpsRules: [...httpsRules, ...httpsLegacy],
-    httpRules: [...httpRules, ...httpLegacy],
-    ipRules,
-  };
+  return { httpsRules, httpRules, ipRules };
 }
 
 function logRules(label, rules) {