async all file functions
Signed-off-by: Brian DeHamer <bdehamer@github.com>
This commit is contained in:
+18
-14
@@ -11,33 +11,35 @@ describe('subjectFromInputs', () => {
|
||||
}
|
||||
|
||||
describe('when no inputs are provided', () => {
|
||||
it('throws an error', () => {
|
||||
expect(() => predicateFromInputs(blankInputs)).toThrow(/predicate-type/i)
|
||||
it('throws an error', async () => {
|
||||
await expect(predicateFromInputs(blankInputs)).rejects.toThrow(
|
||||
/predicate-type/i
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe('when neither predicate path nor predicate are provided', () => {
|
||||
it('throws an error', () => {
|
||||
it('throws an error', async () => {
|
||||
const inputs: PredicateInputs = {
|
||||
...blankInputs,
|
||||
predicateType: 'https://example.com/predicate'
|
||||
}
|
||||
|
||||
expect(() => predicateFromInputs(inputs)).toThrow(
|
||||
await expect(predicateFromInputs(inputs)).rejects.toThrow(
|
||||
/one of predicate-path or predicate must be provided/i
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe('when both predicate path and predicate are provided', () => {
|
||||
it('throws an error', () => {
|
||||
it('throws an error', async () => {
|
||||
const inputs: PredicateInputs = {
|
||||
predicateType: 'https://example.com/predicate',
|
||||
predicate: '{}',
|
||||
predicatePath: 'path/to/predicate'
|
||||
}
|
||||
|
||||
expect(() => predicateFromInputs(inputs)).toThrow(
|
||||
await expect(predicateFromInputs(inputs)).rejects.toThrow(
|
||||
/only one of predicate-path or predicate may be provided/i
|
||||
)
|
||||
})
|
||||
@@ -65,13 +67,13 @@ describe('subjectFromInputs', () => {
|
||||
await fs.rm(path.parse(predicatePath).dir, { recursive: true })
|
||||
})
|
||||
|
||||
it('returns the predicate', () => {
|
||||
it('returns the predicate', async () => {
|
||||
const inputs: PredicateInputs = {
|
||||
...blankInputs,
|
||||
predicateType,
|
||||
predicatePath
|
||||
}
|
||||
expect(predicateFromInputs(inputs)).toEqual({
|
||||
await expect(predicateFromInputs(inputs)).resolves.toEqual({
|
||||
type: predicateType,
|
||||
params: JSON.parse(content)
|
||||
})
|
||||
@@ -82,13 +84,15 @@ describe('subjectFromInputs', () => {
|
||||
const predicateType = 'https://example.com/predicate'
|
||||
const predicatePath = 'foo'
|
||||
|
||||
it('returns the predicate', () => {
|
||||
it('returns the predicate', async () => {
|
||||
const inputs: PredicateInputs = {
|
||||
...blankInputs,
|
||||
predicateType,
|
||||
predicatePath
|
||||
}
|
||||
expect(() => predicateFromInputs(inputs)).toThrow(/file not found/)
|
||||
await expect(predicateFromInputs(inputs)).rejects.toThrow(
|
||||
/file not found/
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
@@ -96,14 +100,14 @@ describe('subjectFromInputs', () => {
|
||||
const predicateType = 'https://example.com/predicate'
|
||||
const content = '{}'
|
||||
|
||||
it('returns the predicate', () => {
|
||||
it('returns the predicate', async () => {
|
||||
const inputs: PredicateInputs = {
|
||||
...blankInputs,
|
||||
predicateType,
|
||||
predicate: content
|
||||
}
|
||||
|
||||
expect(predicateFromInputs(inputs)).toEqual({
|
||||
await expect(predicateFromInputs(inputs)).resolves.toEqual({
|
||||
type: predicateType,
|
||||
params: JSON.parse(content)
|
||||
})
|
||||
@@ -114,14 +118,14 @@ describe('subjectFromInputs', () => {
|
||||
const predicateType = 'https://example.com/predicate'
|
||||
const content = JSON.stringify({ a: 'a'.repeat(16 * 1024 * 1024) })
|
||||
|
||||
it('throws an error', () => {
|
||||
it('throws an error', async () => {
|
||||
const inputs: PredicateInputs = {
|
||||
...blankInputs,
|
||||
predicateType,
|
||||
predicate: content
|
||||
}
|
||||
|
||||
expect(() => predicateFromInputs(inputs)).toThrow(
|
||||
await expect(predicateFromInputs(inputs)).rejects.toThrow(
|
||||
/predicate string exceeds maximum/
|
||||
)
|
||||
})
|
||||
|
||||
+6
-6
@@ -1,6 +1,6 @@
|
||||
import * as core from '@actions/core'
|
||||
import * as github from '@actions/github'
|
||||
import fs from 'fs'
|
||||
import fs from 'fs/promises'
|
||||
import os from 'os'
|
||||
import path from 'path'
|
||||
import { AttestResult, SigstoreInstance, createAttestation } from './attest'
|
||||
@@ -90,7 +90,7 @@ export async function run(inputs: RunInputs): Promise<void> {
|
||||
// Generate predicate based on attestation type
|
||||
const predicate = await getPredicateForType(attestationType, inputs)
|
||||
|
||||
const outputPath = path.join(tempDir(), ATTESTATION_FILE_NAME)
|
||||
const outputPath = path.join(await tempDir(), ATTESTATION_FILE_NAME)
|
||||
core.setOutput('bundle-path', outputPath)
|
||||
|
||||
const att = await createAttestation(subjects, predicate, {
|
||||
@@ -103,7 +103,7 @@ export async function run(inputs: RunInputs): Promise<void> {
|
||||
logAttestation(subjects, att, sigstoreInstance)
|
||||
|
||||
// Write attestation bundle to output file
|
||||
fs.writeFileSync(outputPath, JSON.stringify(att.bundle) + os.EOL, {
|
||||
await fs.writeFile(outputPath, JSON.stringify(att.bundle) + os.EOL, {
|
||||
encoding: 'utf-8',
|
||||
flag: 'a'
|
||||
})
|
||||
@@ -113,7 +113,7 @@ export async function run(inputs: RunInputs): Promise<void> {
|
||||
if (baseDir) {
|
||||
const outputSummaryPath = path.join(baseDir, ATTESTATION_PATHS_FILE_NAME)
|
||||
// Append the output path to the attestations paths file
|
||||
fs.appendFileSync(outputSummaryPath, outputPath + os.EOL, {
|
||||
await fs.appendFile(outputSummaryPath, outputPath + os.EOL, {
|
||||
encoding: 'utf-8',
|
||||
flag: 'a'
|
||||
})
|
||||
@@ -221,7 +221,7 @@ const logSummary = async (attestation: AttestResult): Promise<void> => {
|
||||
}
|
||||
}
|
||||
|
||||
const tempDir = (): string => {
|
||||
const tempDir = async (): Promise<string> => {
|
||||
const basePath = process.env['RUNNER_TEMP']
|
||||
|
||||
/* istanbul ignore if */
|
||||
@@ -229,7 +229,7 @@ const tempDir = (): string => {
|
||||
throw new Error('Missing RUNNER_TEMP environment variable')
|
||||
}
|
||||
|
||||
return fs.mkdtempSync(path.join(basePath, path.sep))
|
||||
return fs.mkdtemp(path.join(basePath, path.sep))
|
||||
}
|
||||
|
||||
const attestationURL = (id: string): string =>
|
||||
|
||||
+11
-5
@@ -1,4 +1,4 @@
|
||||
import fs from 'fs'
|
||||
import fs from 'fs/promises'
|
||||
|
||||
import type { Predicate } from '@actions/attest'
|
||||
|
||||
@@ -12,7 +12,9 @@ const MAX_PREDICATE_SIZE_BYTES = 16 * 1024 * 1024
|
||||
|
||||
// Returns the predicate specified by the action's inputs. The predicate value
|
||||
// may be specified as a path to a file or as a string.
|
||||
export const predicateFromInputs = (inputs: PredicateInputs): Predicate => {
|
||||
export const predicateFromInputs = async (
|
||||
inputs: PredicateInputs
|
||||
): Promise<Predicate> => {
|
||||
const { predicateType, predicate, predicatePath } = inputs
|
||||
|
||||
if (!predicateType) {
|
||||
@@ -30,18 +32,22 @@ export const predicateFromInputs = (inputs: PredicateInputs): Predicate => {
|
||||
let params: string = predicate
|
||||
|
||||
if (predicatePath) {
|
||||
if (!fs.existsSync(predicatePath)) {
|
||||
try {
|
||||
await fs.access(predicatePath)
|
||||
} catch {
|
||||
throw new Error(`predicate file not found: ${predicatePath}`)
|
||||
}
|
||||
|
||||
/* istanbul ignore next */
|
||||
if (fs.statSync(predicatePath).size > MAX_PREDICATE_SIZE_BYTES) {
|
||||
const stat = await fs.stat(predicatePath)
|
||||
/* istanbul ignore next */
|
||||
if (stat.size > MAX_PREDICATE_SIZE_BYTES) {
|
||||
throw new Error(
|
||||
`predicate file exceeds maximum allowed size: ${MAX_PREDICATE_SIZE_BYTES} bytes`
|
||||
)
|
||||
}
|
||||
|
||||
params = fs.readFileSync(predicatePath, 'utf-8')
|
||||
params = await fs.readFile(predicatePath, 'utf-8')
|
||||
} else {
|
||||
if (predicate.length > MAX_PREDICATE_SIZE_BYTES) {
|
||||
throw new Error(
|
||||
|
||||
+3
-3
@@ -1,4 +1,4 @@
|
||||
import fs from 'fs'
|
||||
import fs from 'fs/promises'
|
||||
|
||||
import type { Predicate } from '@actions/attest'
|
||||
|
||||
@@ -11,9 +11,9 @@ export type SBOM = {
|
||||
const MAX_SBOM_SIZE_BYTES = 16 * 1024 * 1024
|
||||
|
||||
export const parseSBOMFromPath = async (filePath: string): Promise<SBOM> => {
|
||||
const fileContent = await fs.promises.readFile(filePath, 'utf8')
|
||||
const fileContent = await fs.readFile(filePath, 'utf8')
|
||||
|
||||
const stats = await fs.promises.stat(filePath)
|
||||
const stats = await fs.stat(filePath)
|
||||
if (stats.size > MAX_SBOM_SIZE_BYTES) {
|
||||
throw new Error(
|
||||
`SBOM file exceeds maximum allowed size: ${MAX_SBOM_SIZE_BYTES} bytes`
|
||||
|
||||
+17
-10
@@ -2,7 +2,8 @@ import * as glob from '@actions/glob'
|
||||
import assert from 'assert'
|
||||
import crypto from 'crypto'
|
||||
import { parse } from 'csv-parse/sync'
|
||||
import fs from 'fs'
|
||||
import { createReadStream } from 'fs'
|
||||
import fs from 'fs/promises'
|
||||
import os from 'os'
|
||||
import path from 'path'
|
||||
|
||||
@@ -64,7 +65,7 @@ export const subjectFromInputs = async (
|
||||
case !!subjectDigest:
|
||||
return [getSubjectFromDigest(subjectDigest, name)]
|
||||
case !!subjectChecksums:
|
||||
return getSubjectFromChecksums(subjectChecksums)
|
||||
return await getSubjectFromChecksums(subjectChecksums)
|
||||
/* istanbul ignore next */
|
||||
default:
|
||||
// This should be unreachable, but TS requires a default case
|
||||
@@ -94,7 +95,8 @@ const getSubjectFromPath = async (
|
||||
const paths = await glob.create(subjectPaths).then(async g => g.glob())
|
||||
|
||||
// Filter path list to just the files (not directories)
|
||||
const files = paths.filter(p => fs.statSync(p).isFile())
|
||||
const stats = await Promise.all(paths.map(async p => fs.stat(p)))
|
||||
const files = paths.filter((_, i) => stats[i].isFile())
|
||||
|
||||
if (files.length > MAX_SUBJECT_COUNT) {
|
||||
throw new Error(
|
||||
@@ -142,16 +144,21 @@ const getSubjectFromDigest = (
|
||||
}
|
||||
}
|
||||
|
||||
const getSubjectFromChecksums = (subjectChecksums: string): Subject[] => {
|
||||
if (fs.existsSync(subjectChecksums)) {
|
||||
const getSubjectFromChecksums = async (
|
||||
subjectChecksums: string
|
||||
): Promise<Subject[]> => {
|
||||
try {
|
||||
await fs.access(subjectChecksums)
|
||||
return getSubjectFromChecksumsFile(subjectChecksums)
|
||||
} else {
|
||||
} catch {
|
||||
return getSubjectFromChecksumsString(subjectChecksums)
|
||||
}
|
||||
}
|
||||
|
||||
const getSubjectFromChecksumsFile = (checksumsPath: string): Subject[] => {
|
||||
const stats = fs.statSync(checksumsPath)
|
||||
const getSubjectFromChecksumsFile = async (
|
||||
checksumsPath: string
|
||||
): Promise<Subject[]> => {
|
||||
const stats = await fs.stat(checksumsPath)
|
||||
if (!stats.isFile()) {
|
||||
throw new Error(`subject checksums file not found: ${checksumsPath}`)
|
||||
}
|
||||
@@ -163,7 +170,7 @@ const getSubjectFromChecksumsFile = (checksumsPath: string): Subject[] => {
|
||||
)
|
||||
}
|
||||
|
||||
const checksums = fs.readFileSync(checksumsPath, 'utf-8')
|
||||
const checksums = await fs.readFile(checksumsPath, 'utf-8')
|
||||
return getSubjectFromChecksumsString(checksums)
|
||||
}
|
||||
|
||||
@@ -218,7 +225,7 @@ const digestFile = async (
|
||||
): Promise<string> => {
|
||||
return new Promise((resolve, reject) => {
|
||||
const hash = crypto.createHash(algorithm).setEncoding('hex')
|
||||
fs.createReadStream(filePath)
|
||||
createReadStream(filePath)
|
||||
.once('error', reject)
|
||||
.pipe(hash)
|
||||
.once('finish', () => resolve(hash.read()))
|
||||
|
||||
Reference in New Issue
Block a user