Tying up loose ends (#54)

* various qol updates to publish action

* review comments and run bundle
This commit is contained in:
Conor Sloan
2024-02-02 13:02:14 -05:00
committed by Edwin Sirko
parent 3c4259bfdd
commit 1f47b19ed3
23 changed files with 811 additions and 514 deletions
+49
View File
@@ -0,0 +1,49 @@
import * as core from '@actions/core'
import * as github from '@actions/github'
export async function getRepositoryMetadata(
repository: string,
token: string
): Promise<{ repoId: string; ownerId: string }> {
const response = await fetch(
`${process.env.GITHUB_API_URL}/repos/${repository}`
)
if (!response.ok) {
throw new Error(
`Failed to fetch repository metadata due to bad status code: ${response.status}`
)
}
const data = await response.json()
// Check that the response contains the expected data
if (!data.id || !data.owner.id) {
throw new Error(
`Failed to fetch repository metadata: unexpected response format`
)
}
return { repoId: data.id, ownerId: data.owner.id }
}
export async function getContainerRegistryURL(): Promise<URL> {
const response = await fetch(
`${process.env.GITHUB_API_URL}/packages/container-registry-url`
)
if (!response.ok) {
throw new Error(
`Failed to fetch container registry url due to bad status code: ${response.status}`
)
}
const data = await response.json()
if (!data.url) {
throw new Error(
`Failed to fetch repository metadata: unexpected response format`
)
}
const registryURL: URL = new URL(data.url)
return registryURL
}
+20 -42
View File
@@ -29,27 +29,6 @@ export interface FileMetadata {
sha256: string
}
// TODO: rename this function, it is not state-preserving, so it shouldn't just be called "get'"
export function getConsolidatedDirectory(filePathSpec: string): {
consolidatedPath: string
needToCleanUpDir: boolean
} {
const paths: string[] = filePathSpec.split(' ') // TODO: handle files with spaces
// TODO: do check on paths to make sure they're valid and not reaching outside the space
let consolidatedPath = ''
let needToCleanUpDir = false
if (paths.length === 1 && isDirectory(paths[0])) {
// If the path is a single directory, we can skip the bundling step
consolidatedPath = paths[0]
} else {
// Otherwise, we need to bundle the files & folders into a temporary directory
consolidatedPath = bundleFilesintoDirectory(paths)
needToCleanUpDir = true
}
return { consolidatedPath, needToCleanUpDir }
}
// Creates both a tar.gz and zip archive of the given directory and returns the paths to both archives (stored in the provided target directory)
// as well as the size/sha256 hash of each file.
export async function createArchives(
@@ -112,34 +91,33 @@ export function isDirectory(dirPath: string): boolean {
return fs.existsSync(dirPath) && fs.lstatSync(dirPath).isDirectory()
}
export function isActionRepo(stagingDir: string): boolean {
return (
fs.existsSync(path.join(stagingDir, 'action.yml')) ||
fs.existsSync(path.join(stagingDir, 'action.yaml'))
)
}
export function readFileContents(filePath: string): Buffer {
return fs.readFileSync(filePath)
}
function bundleFilesintoDirectory(filePaths: string[]): string {
const targetDir: string = createTempDir()
for (const filePath of filePaths) {
if (!fs.existsSync(filePath)) {
throw new Error(`filePath ${filePath} does not exist`)
}
// Copy actions files from sourceDir to targetDir, excluding files and folders not relevant to the action
// Errors if the repo appears to not contain any action files, such as an action.yml file
export function stageActionFiles(actionDir: string, targetDir: string) {
var actionYmlFound = false
if (isDirectory(filePath)) {
const targetFolder = path.join(targetDir, path.basename(filePath)) // TODO: basename is probably not what we actually want here. Or is it? Maybe conflicts between dir1/dir2 and dir1/dir3/dir2 are just user error or ??
fsExtra.copySync(filePath, targetFolder) // TODO: ignore files preceded by .
} else {
const targetFile = path.join(targetDir, path.basename(filePath))
fs.copyFileSync(filePath, targetFile)
fsExtra.copySync(actionDir, targetDir, {
filter: (src: string, dest: string) => {
const basename = path.basename(src)
if (basename === 'action.yml' || basename === 'action.yaml') {
actionYmlFound = true
}
// Filter out hidden folers like .git and .github
return !basename.startsWith('.')
}
})
if (!actionYmlFound) {
throw new Error(
`No action.yml or action.yaml file found in source repository`
)
}
return targetDir
}
// Converts a file path to a filemetadata object by querying the fs for relevant metadata.
+21 -5
View File
@@ -10,13 +10,12 @@ export async function publishOCIArtifact(
token: string,
registry: URL,
repository: string,
releaseId: string,
semver: string,
zipFile: FileMetadata,
tarFile: FileMetadata,
manifest: ociContainer.Manifest,
debugRequests = false
): Promise<URL> {
): Promise<{ packageURL: URL; manifestDigest: string }> {
if (debugRequests) {
configureRequestDebugLogging()
}
@@ -76,9 +75,16 @@ export async function publishOCIArtifact(
await Promise.all(layerUploads)
await uploadManifest(JSON.stringify(manifest), manifestEndpoint, b64Token)
const digest = await uploadManifest(
JSON.stringify(manifest),
manifestEndpoint,
b64Token
)
return new URL(`${repository}:${semver}`, registry)
return {
packageURL: new URL(`${repository}:${semver}`, registry),
manifestDigest: digest
}
}
async function uploadLayer(
@@ -172,11 +178,12 @@ async function uploadLayer(
}
}
// Uploads the manifest and returns the digest returned by GHCR
async function uploadManifest(
manifestJSON: string,
manifestEndpoint: string,
b64Token: string
): Promise<void> {
): Promise<string> {
core.info(`Uploading manifest to ${manifestEndpoint}.`)
const putResponse = await axios.put(manifestEndpoint, manifestJSON, {
@@ -194,6 +201,15 @@ async function uploadManifest(
`Unexpected response from PUT manifest ${putResponse.status}`
)
}
const digestResponseHeader = putResponse.headers['Docker-Content-Digest']
if (digestResponseHeader === undefined) {
throw new Error(
`No digest header in response from PUT manifest ${manifestEndpoint}`
)
}
return digestResponseHeader
}
function configureRequestDebugLogging(): void {
+64 -52
View File
@@ -3,8 +3,8 @@ import * as github from '@actions/github'
import * as fsHelper from './fs-helper'
import * as ociContainer from './oci-container'
import * as ghcr from './ghcr-client'
import * as api from './api-client'
import semver from 'semver'
import crypto from 'crypto'
/**
* The main function for the action.
@@ -14,82 +14,62 @@ export async function run(pathInput: string): Promise<void> {
const tmpDirs: string[] = []
try {
// Parse and validate Actions execution context, including the repository name, release name and event type
const repository: string = process.env.GITHUB_REPOSITORY || ''
if (repository === '') {
core.setFailed(`Could not find Repository.`)
return
}
if (github.context.eventName !== 'release') {
core.setFailed('Please ensure you have the workflow trigger as release.')
const token: string = process.env.TOKEN || ''
const sourceCommit: string = process.env.GITHUB_SHA || ''
if (token === '') {
core.setFailed(`Could not find GITHUB_TOKEN.`)
return
}
if (sourceCommit === '') {
core.setFailed(`Could not find source commit.`)
return
}
const releaseId: string = github.context.payload.release.id
const releaseTag: string = github.context.payload.release.tag_name
// Strip any leading 'v' from the tag in case the release format is e.g. 'v1.0.0' as recommended by GitHub docs
// https://docs.github.com/en/actions/creating-actions/releasing-and-maintaining-actions
const targetVersion = semver.parse(releaseTag.replace(/^v/, ''))
if (!targetVersion) {
core.setFailed(
`${releaseTag} is not a valid semantic version, and so cannot be uploaded as an Immutable Action.`
)
return
}
const semanticVersion = parseSourceSemanticVersion()
const token: string = process.env.TOKEN!
const { consolidatedPath, needToCleanUpDir } =
fsHelper.getConsolidatedDirectory(pathInput)
if (needToCleanUpDir) {
tmpDirs.push(consolidatedPath)
}
if (!fsHelper.isActionRepo(consolidatedPath)) {
core.setFailed(
'action.y(a)ml not found. Action packages can be created only for action repositories.'
)
return
}
// Create a temporary directory to stage files for packaging in archives
const stagedActionFilesDir = fsHelper.createTempDir()
tmpDirs.push(stagedActionFilesDir)
fsHelper.stageActionFiles('.', stagedActionFilesDir)
// Create a temporary directory to store the archives
const archiveDir = fsHelper.createTempDir()
tmpDirs.push(archiveDir)
const archives = await fsHelper.createArchives(
stagedActionFilesDir,
archiveDir
)
const archives = await fsHelper.createArchives(consolidatedPath, archiveDir)
const { repoId, ownerId } = await api.getRepositoryMetadata(
repository,
token
)
const manifest = ociContainer.createActionPackageManifest(
archives.tarFile,
archives.zipFile,
repository,
targetVersion.raw,
repoId,
ownerId,
sourceCommit,
semanticVersion.raw,
new Date()
)
// Generate SHA-256 hash of the manifest
const manifestSHA = crypto.createHash('sha256')
const manifestHash = manifestSHA
.update(JSON.stringify(manifest))
.digest('hex')
const containerRegistryURL = await api.getContainerRegistryURL()
console.log(`Container registry URL: ${containerRegistryURL}`)
const response = await fetch(
`${process.env.GITHUB_API_URL}/packages/container-registry-url`
)
if (!response.ok) {
throw new Error(`Failed to fetch status page: ${response.statusText}`)
}
const data = await response.json()
const registryURL: URL = new URL(data.url)
console.log(`Container registry URL: ${registryURL}`)
const packageURL = await ghcr.publishOCIArtifact(
const { packageURL, manifestDigest } = await ghcr.publishOCIArtifact(
token,
registryURL,
containerRegistryURL,
repository,
releaseId.toString(),
targetVersion.raw,
semanticVersion.raw,
archives.zipFile,
archives.tarFile,
manifest,
@@ -98,7 +78,7 @@ export async function run(pathInput: string): Promise<void> {
core.setOutput('package-url', packageURL.toString())
core.setOutput('package-manifest', JSON.stringify(manifest))
core.setOutput('package-manifest-sha', `sha256:${manifestHash}`)
core.setOutput('package-manifest-sha', `sha256:${manifestDigest}`)
} catch (error) {
// Fail the workflow run if an error occurs
if (error instanceof Error) core.setFailed(error.message)
@@ -111,3 +91,35 @@ export async function run(pathInput: string): Promise<void> {
}
}
}
// This action can be triggered by release events or tag push events.
// In each case, the source event should produce a Semantic Version compliant tag representing the code to be packaged.
function parseSourceSemanticVersion(): semver.SemVer {
const event = github.context.eventName
var semverTag = ''
// Grab the raw tag
if (event === 'release') semverTag = github.context.payload.release.tag_name
else if (event === 'push' && github.context.ref.startsWith('refs/tags/')) {
semverTag = github.context.ref.replace(/^refs\/tags\//, '')
} else {
throw new Error(
`This action can only be triggered by release events or tag push events.`
)
}
if (semverTag === '') {
throw new Error(
`Could not find a Semantic Version tag in the event payload.`
)
}
const semanticVersion = semver.parse(semverTag.replace(/^v/, ''))
if (!semanticVersion) {
throw new Error(
`${semverTag} is not a valid semantic version, and so cannot be uploaded as an Immutable Action.`
)
}
return semanticVersion
}
+9 -2
View File
@@ -21,6 +21,9 @@ export function createActionPackageManifest(
tarFile: FileMetadata,
zipFile: FileMetadata,
repository: string,
repoId: string,
ownerId: string,
sourceCommit: string,
version: string,
created: Date
): Manifest {
@@ -32,14 +35,18 @@ export function createActionPackageManifest(
const manifest: Manifest = {
schemaVersion: 2,
mediaType: 'application/vnd.oci.image.manifest.v1+json',
artifactType: 'application/vnd.oci.image.manifest.v1+json',
artifactType: 'application/vnd.github.actions.package.v1+json',
config: configLayer,
layers: [configLayer, tarLayer, zipLayer],
annotations: {
'org.opencontainers.image.created': created.toISOString(),
'action.tar.gz.digest': tarFile.sha256,
'action.zip.digest': zipFile.sha256,
'com.github.package.type': 'actions_oci_pkg'
'com.github.package.type': 'actions_oci_pkg',
'com.github.package.version': version,
'com.github.source.repo.id': repoId,
'com.github.source.repo.owner.id': ownerId,
'com.github.source.commit': sourceCommit
}
}