Tying up loose ends (#54)
* various qol updates to publish action * review comments and run bundle
This commit is contained in:
@@ -0,0 +1,49 @@
|
||||
import * as core from '@actions/core'
|
||||
import * as github from '@actions/github'
|
||||
|
||||
export async function getRepositoryMetadata(
|
||||
repository: string,
|
||||
token: string
|
||||
): Promise<{ repoId: string; ownerId: string }> {
|
||||
const response = await fetch(
|
||||
`${process.env.GITHUB_API_URL}/repos/${repository}`
|
||||
)
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(
|
||||
`Failed to fetch repository metadata due to bad status code: ${response.status}`
|
||||
)
|
||||
}
|
||||
|
||||
const data = await response.json()
|
||||
|
||||
// Check that the response contains the expected data
|
||||
if (!data.id || !data.owner.id) {
|
||||
throw new Error(
|
||||
`Failed to fetch repository metadata: unexpected response format`
|
||||
)
|
||||
}
|
||||
|
||||
return { repoId: data.id, ownerId: data.owner.id }
|
||||
}
|
||||
|
||||
export async function getContainerRegistryURL(): Promise<URL> {
|
||||
const response = await fetch(
|
||||
`${process.env.GITHUB_API_URL}/packages/container-registry-url`
|
||||
)
|
||||
if (!response.ok) {
|
||||
throw new Error(
|
||||
`Failed to fetch container registry url due to bad status code: ${response.status}`
|
||||
)
|
||||
}
|
||||
const data = await response.json()
|
||||
|
||||
if (!data.url) {
|
||||
throw new Error(
|
||||
`Failed to fetch repository metadata: unexpected response format`
|
||||
)
|
||||
}
|
||||
|
||||
const registryURL: URL = new URL(data.url)
|
||||
return registryURL
|
||||
}
|
||||
+20
-42
@@ -29,27 +29,6 @@ export interface FileMetadata {
|
||||
sha256: string
|
||||
}
|
||||
|
||||
// TODO: rename this function, it is not state-preserving, so it shouldn't just be called "get'"
|
||||
export function getConsolidatedDirectory(filePathSpec: string): {
|
||||
consolidatedPath: string
|
||||
needToCleanUpDir: boolean
|
||||
} {
|
||||
const paths: string[] = filePathSpec.split(' ') // TODO: handle files with spaces
|
||||
// TODO: do check on paths to make sure they're valid and not reaching outside the space
|
||||
let consolidatedPath = ''
|
||||
let needToCleanUpDir = false
|
||||
if (paths.length === 1 && isDirectory(paths[0])) {
|
||||
// If the path is a single directory, we can skip the bundling step
|
||||
consolidatedPath = paths[0]
|
||||
} else {
|
||||
// Otherwise, we need to bundle the files & folders into a temporary directory
|
||||
consolidatedPath = bundleFilesintoDirectory(paths)
|
||||
needToCleanUpDir = true
|
||||
}
|
||||
|
||||
return { consolidatedPath, needToCleanUpDir }
|
||||
}
|
||||
|
||||
// Creates both a tar.gz and zip archive of the given directory and returns the paths to both archives (stored in the provided target directory)
|
||||
// as well as the size/sha256 hash of each file.
|
||||
export async function createArchives(
|
||||
@@ -112,34 +91,33 @@ export function isDirectory(dirPath: string): boolean {
|
||||
return fs.existsSync(dirPath) && fs.lstatSync(dirPath).isDirectory()
|
||||
}
|
||||
|
||||
export function isActionRepo(stagingDir: string): boolean {
|
||||
return (
|
||||
fs.existsSync(path.join(stagingDir, 'action.yml')) ||
|
||||
fs.existsSync(path.join(stagingDir, 'action.yaml'))
|
||||
)
|
||||
}
|
||||
|
||||
export function readFileContents(filePath: string): Buffer {
|
||||
return fs.readFileSync(filePath)
|
||||
}
|
||||
|
||||
function bundleFilesintoDirectory(filePaths: string[]): string {
|
||||
const targetDir: string = createTempDir()
|
||||
for (const filePath of filePaths) {
|
||||
if (!fs.existsSync(filePath)) {
|
||||
throw new Error(`filePath ${filePath} does not exist`)
|
||||
}
|
||||
// Copy actions files from sourceDir to targetDir, excluding files and folders not relevant to the action
|
||||
// Errors if the repo appears to not contain any action files, such as an action.yml file
|
||||
export function stageActionFiles(actionDir: string, targetDir: string) {
|
||||
var actionYmlFound = false
|
||||
|
||||
if (isDirectory(filePath)) {
|
||||
const targetFolder = path.join(targetDir, path.basename(filePath)) // TODO: basename is probably not what we actually want here. Or is it? Maybe conflicts between dir1/dir2 and dir1/dir3/dir2 are just user error or ??
|
||||
fsExtra.copySync(filePath, targetFolder) // TODO: ignore files preceded by .
|
||||
} else {
|
||||
const targetFile = path.join(targetDir, path.basename(filePath))
|
||||
fs.copyFileSync(filePath, targetFile)
|
||||
fsExtra.copySync(actionDir, targetDir, {
|
||||
filter: (src: string, dest: string) => {
|
||||
const basename = path.basename(src)
|
||||
|
||||
if (basename === 'action.yml' || basename === 'action.yaml') {
|
||||
actionYmlFound = true
|
||||
}
|
||||
|
||||
// Filter out hidden folers like .git and .github
|
||||
return !basename.startsWith('.')
|
||||
}
|
||||
})
|
||||
|
||||
if (!actionYmlFound) {
|
||||
throw new Error(
|
||||
`No action.yml or action.yaml file found in source repository`
|
||||
)
|
||||
}
|
||||
|
||||
return targetDir
|
||||
}
|
||||
|
||||
// Converts a file path to a filemetadata object by querying the fs for relevant metadata.
|
||||
|
||||
+21
-5
@@ -10,13 +10,12 @@ export async function publishOCIArtifact(
|
||||
token: string,
|
||||
registry: URL,
|
||||
repository: string,
|
||||
releaseId: string,
|
||||
semver: string,
|
||||
zipFile: FileMetadata,
|
||||
tarFile: FileMetadata,
|
||||
manifest: ociContainer.Manifest,
|
||||
debugRequests = false
|
||||
): Promise<URL> {
|
||||
): Promise<{ packageURL: URL; manifestDigest: string }> {
|
||||
if (debugRequests) {
|
||||
configureRequestDebugLogging()
|
||||
}
|
||||
@@ -76,9 +75,16 @@ export async function publishOCIArtifact(
|
||||
|
||||
await Promise.all(layerUploads)
|
||||
|
||||
await uploadManifest(JSON.stringify(manifest), manifestEndpoint, b64Token)
|
||||
const digest = await uploadManifest(
|
||||
JSON.stringify(manifest),
|
||||
manifestEndpoint,
|
||||
b64Token
|
||||
)
|
||||
|
||||
return new URL(`${repository}:${semver}`, registry)
|
||||
return {
|
||||
packageURL: new URL(`${repository}:${semver}`, registry),
|
||||
manifestDigest: digest
|
||||
}
|
||||
}
|
||||
|
||||
async function uploadLayer(
|
||||
@@ -172,11 +178,12 @@ async function uploadLayer(
|
||||
}
|
||||
}
|
||||
|
||||
// Uploads the manifest and returns the digest returned by GHCR
|
||||
async function uploadManifest(
|
||||
manifestJSON: string,
|
||||
manifestEndpoint: string,
|
||||
b64Token: string
|
||||
): Promise<void> {
|
||||
): Promise<string> {
|
||||
core.info(`Uploading manifest to ${manifestEndpoint}.`)
|
||||
|
||||
const putResponse = await axios.put(manifestEndpoint, manifestJSON, {
|
||||
@@ -194,6 +201,15 @@ async function uploadManifest(
|
||||
`Unexpected response from PUT manifest ${putResponse.status}`
|
||||
)
|
||||
}
|
||||
|
||||
const digestResponseHeader = putResponse.headers['Docker-Content-Digest']
|
||||
if (digestResponseHeader === undefined) {
|
||||
throw new Error(
|
||||
`No digest header in response from PUT manifest ${manifestEndpoint}`
|
||||
)
|
||||
}
|
||||
|
||||
return digestResponseHeader
|
||||
}
|
||||
|
||||
function configureRequestDebugLogging(): void {
|
||||
|
||||
+64
-52
@@ -3,8 +3,8 @@ import * as github from '@actions/github'
|
||||
import * as fsHelper from './fs-helper'
|
||||
import * as ociContainer from './oci-container'
|
||||
import * as ghcr from './ghcr-client'
|
||||
import * as api from './api-client'
|
||||
import semver from 'semver'
|
||||
import crypto from 'crypto'
|
||||
|
||||
/**
|
||||
* The main function for the action.
|
||||
@@ -14,82 +14,62 @@ export async function run(pathInput: string): Promise<void> {
|
||||
const tmpDirs: string[] = []
|
||||
|
||||
try {
|
||||
// Parse and validate Actions execution context, including the repository name, release name and event type
|
||||
const repository: string = process.env.GITHUB_REPOSITORY || ''
|
||||
|
||||
if (repository === '') {
|
||||
core.setFailed(`Could not find Repository.`)
|
||||
return
|
||||
}
|
||||
|
||||
if (github.context.eventName !== 'release') {
|
||||
core.setFailed('Please ensure you have the workflow trigger as release.')
|
||||
const token: string = process.env.TOKEN || ''
|
||||
const sourceCommit: string = process.env.GITHUB_SHA || ''
|
||||
if (token === '') {
|
||||
core.setFailed(`Could not find GITHUB_TOKEN.`)
|
||||
return
|
||||
}
|
||||
if (sourceCommit === '') {
|
||||
core.setFailed(`Could not find source commit.`)
|
||||
return
|
||||
}
|
||||
|
||||
const releaseId: string = github.context.payload.release.id
|
||||
const releaseTag: string = github.context.payload.release.tag_name
|
||||
// Strip any leading 'v' from the tag in case the release format is e.g. 'v1.0.0' as recommended by GitHub docs
|
||||
// https://docs.github.com/en/actions/creating-actions/releasing-and-maintaining-actions
|
||||
const targetVersion = semver.parse(releaseTag.replace(/^v/, ''))
|
||||
if (!targetVersion) {
|
||||
core.setFailed(
|
||||
`${releaseTag} is not a valid semantic version, and so cannot be uploaded as an Immutable Action.`
|
||||
)
|
||||
return
|
||||
}
|
||||
const semanticVersion = parseSourceSemanticVersion()
|
||||
|
||||
const token: string = process.env.TOKEN!
|
||||
|
||||
const { consolidatedPath, needToCleanUpDir } =
|
||||
fsHelper.getConsolidatedDirectory(pathInput)
|
||||
if (needToCleanUpDir) {
|
||||
tmpDirs.push(consolidatedPath)
|
||||
}
|
||||
|
||||
if (!fsHelper.isActionRepo(consolidatedPath)) {
|
||||
core.setFailed(
|
||||
'action.y(a)ml not found. Action packages can be created only for action repositories.'
|
||||
)
|
||||
return
|
||||
}
|
||||
// Create a temporary directory to stage files for packaging in archives
|
||||
const stagedActionFilesDir = fsHelper.createTempDir()
|
||||
tmpDirs.push(stagedActionFilesDir)
|
||||
fsHelper.stageActionFiles('.', stagedActionFilesDir)
|
||||
|
||||
// Create a temporary directory to store the archives
|
||||
const archiveDir = fsHelper.createTempDir()
|
||||
tmpDirs.push(archiveDir)
|
||||
const archives = await fsHelper.createArchives(
|
||||
stagedActionFilesDir,
|
||||
archiveDir
|
||||
)
|
||||
|
||||
const archives = await fsHelper.createArchives(consolidatedPath, archiveDir)
|
||||
const { repoId, ownerId } = await api.getRepositoryMetadata(
|
||||
repository,
|
||||
token
|
||||
)
|
||||
|
||||
const manifest = ociContainer.createActionPackageManifest(
|
||||
archives.tarFile,
|
||||
archives.zipFile,
|
||||
repository,
|
||||
targetVersion.raw,
|
||||
repoId,
|
||||
ownerId,
|
||||
sourceCommit,
|
||||
semanticVersion.raw,
|
||||
new Date()
|
||||
)
|
||||
|
||||
// Generate SHA-256 hash of the manifest
|
||||
const manifestSHA = crypto.createHash('sha256')
|
||||
const manifestHash = manifestSHA
|
||||
.update(JSON.stringify(manifest))
|
||||
.digest('hex')
|
||||
const containerRegistryURL = await api.getContainerRegistryURL()
|
||||
console.log(`Container registry URL: ${containerRegistryURL}`)
|
||||
|
||||
const response = await fetch(
|
||||
`${process.env.GITHUB_API_URL}/packages/container-registry-url`
|
||||
)
|
||||
if (!response.ok) {
|
||||
throw new Error(`Failed to fetch status page: ${response.statusText}`)
|
||||
}
|
||||
const data = await response.json()
|
||||
const registryURL: URL = new URL(data.url)
|
||||
console.log(`Container registry URL: ${registryURL}`)
|
||||
|
||||
const packageURL = await ghcr.publishOCIArtifact(
|
||||
const { packageURL, manifestDigest } = await ghcr.publishOCIArtifact(
|
||||
token,
|
||||
registryURL,
|
||||
containerRegistryURL,
|
||||
repository,
|
||||
releaseId.toString(),
|
||||
targetVersion.raw,
|
||||
semanticVersion.raw,
|
||||
archives.zipFile,
|
||||
archives.tarFile,
|
||||
manifest,
|
||||
@@ -98,7 +78,7 @@ export async function run(pathInput: string): Promise<void> {
|
||||
|
||||
core.setOutput('package-url', packageURL.toString())
|
||||
core.setOutput('package-manifest', JSON.stringify(manifest))
|
||||
core.setOutput('package-manifest-sha', `sha256:${manifestHash}`)
|
||||
core.setOutput('package-manifest-sha', `sha256:${manifestDigest}`)
|
||||
} catch (error) {
|
||||
// Fail the workflow run if an error occurs
|
||||
if (error instanceof Error) core.setFailed(error.message)
|
||||
@@ -111,3 +91,35 @@ export async function run(pathInput: string): Promise<void> {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// This action can be triggered by release events or tag push events.
|
||||
// In each case, the source event should produce a Semantic Version compliant tag representing the code to be packaged.
|
||||
function parseSourceSemanticVersion(): semver.SemVer {
|
||||
const event = github.context.eventName
|
||||
var semverTag = ''
|
||||
|
||||
// Grab the raw tag
|
||||
if (event === 'release') semverTag = github.context.payload.release.tag_name
|
||||
else if (event === 'push' && github.context.ref.startsWith('refs/tags/')) {
|
||||
semverTag = github.context.ref.replace(/^refs\/tags\//, '')
|
||||
} else {
|
||||
throw new Error(
|
||||
`This action can only be triggered by release events or tag push events.`
|
||||
)
|
||||
}
|
||||
|
||||
if (semverTag === '') {
|
||||
throw new Error(
|
||||
`Could not find a Semantic Version tag in the event payload.`
|
||||
)
|
||||
}
|
||||
|
||||
const semanticVersion = semver.parse(semverTag.replace(/^v/, ''))
|
||||
if (!semanticVersion) {
|
||||
throw new Error(
|
||||
`${semverTag} is not a valid semantic version, and so cannot be uploaded as an Immutable Action.`
|
||||
)
|
||||
}
|
||||
|
||||
return semanticVersion
|
||||
}
|
||||
|
||||
@@ -21,6 +21,9 @@ export function createActionPackageManifest(
|
||||
tarFile: FileMetadata,
|
||||
zipFile: FileMetadata,
|
||||
repository: string,
|
||||
repoId: string,
|
||||
ownerId: string,
|
||||
sourceCommit: string,
|
||||
version: string,
|
||||
created: Date
|
||||
): Manifest {
|
||||
@@ -32,14 +35,18 @@ export function createActionPackageManifest(
|
||||
const manifest: Manifest = {
|
||||
schemaVersion: 2,
|
||||
mediaType: 'application/vnd.oci.image.manifest.v1+json',
|
||||
artifactType: 'application/vnd.oci.image.manifest.v1+json',
|
||||
artifactType: 'application/vnd.github.actions.package.v1+json',
|
||||
config: configLayer,
|
||||
layers: [configLayer, tarLayer, zipLayer],
|
||||
annotations: {
|
||||
'org.opencontainers.image.created': created.toISOString(),
|
||||
'action.tar.gz.digest': tarFile.sha256,
|
||||
'action.zip.digest': zipFile.sha256,
|
||||
'com.github.package.type': 'actions_oci_pkg'
|
||||
'com.github.package.type': 'actions_oci_pkg',
|
||||
'com.github.package.version': version,
|
||||
'com.github.source.repo.id': repoId,
|
||||
'com.github.source.repo.owner.id': ownerId,
|
||||
'com.github.source.commit': sourceCommit
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user