fix(deps): replace step-security/retry and update action pins (#468)

* fix(deps): replace step-security/retry with nick-fields/retry

* chore(deps): update github action sha pins via pinact

* refactor: remove common-retry references from tests and validators

* chore: simplify description fallback and update action count

* docs: remove hardcoded test counts from memory and docs

Replace exact "769 tests" references with qualitative language
so these files don't go stale as test count grows.

_tests/README.md

@@ -183,9 +183,6 @@ validate_input_python "docker-build" "tag" "v1.0.0"            # success
 validate_input_python "pre-commit" "config-file" "config.yml"   # success
 validate_input_python "pre-commit" "config-file" "../etc/pass"  # failure
 
-# Injection detection
-validate_input_python "common-retry" "command" "echo test"      # success
-validate_input_python "common-retry" "command" "rm -rf /; "     # failure
 ```
 
 ### Helper Functions from spec_helper.sh
@@ -482,11 +479,6 @@ End
 ✅ **Always include**:
 
 ```bash
-It "rejects command injection"
-  When call validate_input_python "common-retry" "command" "rm -rf /; "
-  The status should be failure
-End
-
 It "rejects path traversal"
   When call validate_input_python "pre-commit" "config-file" "../etc/passwd"
   The status should be failure

_tests/framework/validation.py

@@ -264,7 +264,7 @@ def get_input_property(action_file: str, input_name: str, property_check: str) -
 
         if property_check == "description":
             description = input_data.get("description", "")
-            return description if description else "no-description"
+            return description or "no-description"
 
         if property_check == "all_optional":
             # Check if all inputs are optional (none are required)

_tests/shared/validation_core.py

@@ -337,7 +337,7 @@ class ValidationCore:
         """
         if not value:  # Empty values are generally allowed, except for specific cases
             # Some inputs should not be empty even if they're optional
-            if action_name == "php-composer" and input_name in ["composer-version"]:
+            if action_name == "php-composer" and input_name == "composer-version":
                 return False, f"Empty {input_name} is not allowed"
             return None, ""
 
@@ -552,7 +552,7 @@ class ActionFileParser:
     def _get_description_property(input_data: dict) -> str:
         """Get the description property."""
         description = input_data.get("description", "")
-        return description if description else "no-description"
+        return description or "no-description"
 
     @staticmethod
     def _get_all_optional_property(inputs: dict) -> str:

_tests/unit/spec_helper.sh

@@ -92,9 +92,6 @@ setup_default_inputs() {
   "go-build" | "go-lint")
     [[ "$input_name" != "go-version" ]] && export INPUT_GO_VERSION="1.21"
     ;;
-  "common-retry")
-    [[ "$input_name" != "command" ]] && export INPUT_COMMAND="echo test"
-    ;;
   "dotnet-version-detect")
     [[ "$input_name" != "default-version" ]] && export INPUT_DEFAULT_VERSION="8.0"
     ;;
@@ -154,9 +151,6 @@ cleanup_default_inputs() {
   "go-build" | "go-lint")
     [[ "$input_name" != "go-version" ]] && unset INPUT_GO_VERSION
     ;;
-  "common-retry")
-    [[ "$input_name" != "command" ]] && unset INPUT_COMMAND
-    ;;
   "dotnet-version-detect")
     [[ "$input_name" != "default-version" ]] && unset INPUT_DEFAULT_VERSION
     ;;
@@ -239,12 +233,6 @@ shellspec_mock_action_run() {
   "common-file-check")
     echo "found=true" >>"$GITHUB_OUTPUT"
     ;;
-  "common-retry")
-    echo "success=true" >>"$GITHUB_OUTPUT"
-    echo "attempts=1" >>"$GITHUB_OUTPUT"
-    echo "exit-code=0" >>"$GITHUB_OUTPUT"
-    echo "duration=5" >>"$GITHUB_OUTPUT"
-    ;;
   "compress-images")
     echo "images_compressed=true" >>"$GITHUB_OUTPUT"
     printf "compression_report=## Compression Results\n- 3 images compressed\n- 25%% size reduction\n" >>"$GITHUB_OUTPUT"