feat: add expose input for Cypress.expose() API

[mschile]

Closes #1744

Summary

• Adds a new expose action input that maps to Cypress's --expose CLI flag (and cypressOptions.expose in Module API mode), supporting the new Cypress.expose() API introduced in Cypress 15.10.0.
• Adds an examples/expose/ example project, an example-expose.yml workflow, and README documentation matching the structure of the existing env input.

Why

Cypress.env() was deprecated in Cypress 15.10.0 (removal in 16.0.0). Its functionality is being split into two replacement APIs:

• Cypress.expose() — synchronous, browser-accessible, for non-sensitive public config values
• cy.env() — asynchronous, Node-side, for sensitive values

This action previously had no way to pass values to the new expose option, so users wanting to migrate away from Cypress.env() were blocked.

Changes

• action.yml — new expose input
• index.js — pass --expose in CLI mode, set cypressOptions.expose in Module API mode, and add expose to commandIgnoredStringInputs
• examples/expose/ — minimal example with a spec asserting Cypress.expose() access
• .github/workflows/example-expose.yml — runs the new example on push/PR
• README.md — TOC entry, new ### Expose section with usage example and badge, and --expose / -x row in the CLI option mapping table
• dist/index.js — rebuilt

Test plan

• example-expose workflow passes on this PR
• All existing example workflows continue to pass
• check-dist passes (verifies dist/index.js is in sync)

🤖 Generated with Claude Code

---

Note

Medium Risk
Medium risk because it changes how the action builds Cypress CLI/module options by introducing a new --expose/cypressOptions.expose path, which could affect command construction and option parsing; remaining changes are docs/examples and a rebuilt dist/index.js.

Overview
Adds a new action input expose and wires it through to Cypress as --expose in CLI mode and cypressOptions.expose in Module API mode (also treating it as ignored when command is used).

Updates docs/changelog to describe the new parameter and CLI mapping, and adds a runnable examples/expose project plus a new example-expose workflow to validate Cypress.expose() behavior; dist/index.js is rebuilt accordingly.

^{Reviewed by Cursor Bugbot for commit 7ff74c5. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 453d6a8. Configure here.}

[mschile]

Thanks @MikeMcC399! Added a CHANGELOG.md entry in 275f527 — used v7.2.0 as the next minor following v7.1.0, but happy to adjust if you'd prefer a different version.

[mschile]

Thanks @MikeMcC399! Added expose to scripts/update-cypress-latest-npm.sh in c0308f4.

[MikeMcC399]

LGTM!

Thanks for picking up the issue I submitted and implementing this enhancement.

I guess that the examples/env will need to be visited before migrating to Cypress 16 when the time comes. At the moment it's handling non-secret values, so possibly it could be simplified and most of its contents could be moved over to the expose example.

[github-actions]

🎉 This PR is included in version 7.3.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀