step-security
diff --git a/‎dist/index.js
+26,140-1,364 b/‎dist/index.js
+26,140-1,364
diff --git a/‎dist/index.js.map
+1-1 b/‎dist/index.js.map
+1-1
diff --git a/‎dist/post/index.js
+26,142-1,366 b/‎dist/post/index.js
+26,142-1,366
diff --git a/‎dist/post/index.js.map
+1-1 b/‎dist/post/index.js.map
+1-1
diff --git a/‎dist/pre/index.js
+59,962-43,533 b/‎dist/pre/index.js
+59,962-43,533
diff --git a/‎dist/pre/index.js.map
+1-1 b/‎dist/pre/index.js.map
+1-1
diff --git a/‎package-lock.json
+682-460 b/‎package-lock.json
+682-460
diff --git a/‎package.json
+1-1 b/‎package.json
+1-1
diff --git a/‎src/setup.ts
+78-21 b/‎src/setup.ts
+78-21
@@ -23,7 +23,7 @@
   },
   "homepage": "https://github.com/step-security/harden-runner#readme",
   "dependencies": {
-    "@actions/cache": "^3.1.4",
+    "@actions/cache": "^4.0.0",
     "@actions/core": "^1.5.0",
     "@actions/exec": "^1.1.0",
     "@actions/github": "^5.0.0",
 
@@ -19,6 +19,10 @@ import { Configuration, PolicyResponse } from "./interfaces";
 import { fetchPolicy, mergeConfigs } from "./policy-utils";
 import * as cache from "@actions/cache";
 import { getCacheEntry } from "@actions/cache/lib/internal/cacheHttpClient";
+import * as cacheTwirpClient from "@actions/cache/lib/internal/shared/cacheTwirpClient";
+import { GetCacheEntryDownloadURLRequest } from "@actions/cache/lib/generated/results/api/v1/cache";
+import { getCacheServiceVersion } from "@actions/cache/lib/internal/config";
+
 import * as utils from "@actions/cache/lib/internal/cacheUtils";
 import { isArcRunner, sendAllowedEndpoints } from "./arc-runner";
 import { STEPSECURITY_API_URL, STEPSECURITY_WEB_URL } from "./configs";
@@ -114,28 +118,81 @@ interface MonitorResponse {
       } catch (exception) {
         console.log(exception);
       }
-      try {
-        const compressionMethod: CompressionMethod =
-          await utils.getCompressionMethod();
-        const cacheFilePath = path.join(__dirname, "cache.txt");
-        core.info(`cacheFilePath ${cacheFilePath}`);
-        const cacheEntry: ArtifactCacheEntry = await getCacheEntry(
-          [cacheKey],
-          [cacheFilePath],
-          {
-            compressionMethod: compressionMethod,
+
+      const cacheServiceVersion: string = getCacheServiceVersion();
+
+      switch (cacheServiceVersion) {
+        case "v2":
+          core.info(`cache version: v2`);
+          try {
+            const cacheFilePath = path.join(__dirname, "cache.txt");
+            core.info(`cacheFilePath ${cacheFilePath}`);
+
+            const twirpClient = cacheTwirpClient.internalCacheTwirpClient();
+            const compressionMethod = await utils.getCompressionMethod();
+
+            const request: GetCacheEntryDownloadURLRequest = {
+              key: cacheKey,
+              restoreKeys: [],
+              version: utils.getCacheVersion(
+                [cacheFilePath],
+                compressionMethod,
+                false
+              ),
+            };
+
+            const response = await twirpClient.GetCacheEntryDownloadURL(
+              request
+            );
+
+            if (!response.ok) {
+              core.debug(
+                `Cache not found for version ${request.version} of keys: ${cacheKey}`
+              );
+              return undefined;
+            }
+
+            const url = new URL(response.signedDownloadUrl);
+            core.info(
+              `Adding cacheHost: ${url.hostname}:443 to allowed-endpoints`
+            );
+
+            confg.allowed_endpoints += ` ${url.hostname}:443`;
+          } catch (e) {
+            core.error(`v2 failed: ${e}`);
+          }
+          break;
+
+        case "v1":
+          core.info(`cache version: v1`);
+
+          try {
+            const compressionMethod: CompressionMethod =
+              await utils.getCompressionMethod();
+            const cacheFilePath = path.join(__dirname, "cache.txt");
+            core.info(`cacheFilePath ${cacheFilePath}`);
+
+            const cacheEntry: ArtifactCacheEntry = await getCacheEntry(
+              [cacheKey],
+              [cacheFilePath],
+              {
+                compressionMethod: compressionMethod,
+              }
+            );
+            const url = new URL(cacheEntry.archiveLocation);
+            core.info(
+              `Adding cacheHost: ${url.hostname}:443 to allowed-endpoints`
+            );
+
+            confg.allowed_endpoints += ` ${url.hostname}:443`;
+          } catch (exception) {
+            // some exception has occurred.
+            core.info(`Unable to fetch cacheURL ${exception}`);
+            if (confg.egress_policy === "block") {
+              core.info("Switching egress-policy to audit mode");
+              confg.egress_policy = "audit";
+            }
           }
-        );
-        const url = new URL(cacheEntry.archiveLocation);
-        core.info(`Adding cacheHost: ${url.hostname}:443 to allowed-endpoints`);
-        confg.allowed_endpoints += ` ${url.hostname}:443`;
-      } catch (exception) {
-        // some exception has occurred.
-        core.info(`Unable to fetch cacheURL`);
-        if (confg.egress_policy === "block") {
-          core.info("Switching egress-policy to audit mode");
-          confg.egress_policy = "audit";
-        }
       }
     }