Compare commits
62 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| cf80afb392 | |||
| 0607d7a54b | |||
| 36d90eb54c | |||
| 4ee32849b4 | |||
| d76f9fe99a | |||
| 7e08d73d76 | |||
| 8b842d839b | |||
| 16cd46c365 | |||
| 75b8dd1009 | |||
| a7c6618070 | |||
| 54ad3ca9ba | |||
| 3c424f0d63 | |||
| d9346d8d93 | |||
| 1f375f130a | |||
| 140509034c | |||
| b68d046fe3 | |||
| e4598e374b | |||
| 14a090004e | |||
| 3643ce2db4 | |||
| ffeb50bd02 | |||
| b0917c5a37 | |||
| a8ea745713 | |||
| 0df75b91ff | |||
| 233d556477 | |||
| 23cbecacad | |||
| 74fcfdbd10 | |||
| 20647b6bcf | |||
| 6bd5e50ee1 | |||
| 44d43b5490 | |||
| 76ac4dd95f | |||
| 632b2cbff6 | |||
| 73bdb59ac2 | |||
| 22d35395d4 | |||
| ed4fdc98c4 | |||
| 6211ca9cbd | |||
| 99dfdab194 | |||
| 6ec76cbf3d | |||
| 7c6cc28ed5 | |||
| 8f62bc23d1 | |||
| bbaffb4bb3 | |||
| c23cc6e61c | |||
| 943ff82d3d | |||
| 06bca4509d | |||
| 21229dc09e | |||
| 6fd292ebdd | |||
| 89f01c9125 | |||
| 85466c0f54 | |||
| bd4fb086f1 | |||
| 49c3d09c01 | |||
| 91d76bea50 | |||
| 69f29a1b1c | |||
| 7987771a2b | |||
| 605cc18397 | |||
| 27e5a955bf | |||
| 6fe3c0f3e6 | |||
| 8c90e2297a | |||
| 8351a5d84d | |||
| 5203b671f1 | |||
| 975fcbd402 | |||
| ffae274475 | |||
| 1c20378379 | |||
| 0be0a6ef89 |
@@ -57,3 +57,8 @@ This will ask you some questions about the new package. Start with `0.0.0` as th
|
||||
```
|
||||
|
||||
3. Start developing 😄.
|
||||
|
||||
## Releasing Packages
|
||||
|
||||
For information on how packages are published to npm, including workflow inputs, dist-tags, and safety guards, see the [release documentation](../docs/release.md).
|
||||
|
||||
|
||||
@@ -71,10 +71,143 @@ jobs:
|
||||
} catch (err) {
|
||||
console.log('Successfully blocked second artifact upload')
|
||||
}
|
||||
|
||||
upload-single-file:
|
||||
name: Upload Single File (no zip)
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
runs-on: [ubuntu-latest, windows-latest, macos-latest]
|
||||
fail-fast: false
|
||||
|
||||
runs-on: ${{ matrix.runs-on }}
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: Set Node.js 24.x
|
||||
uses: actions/setup-node@v5
|
||||
with:
|
||||
node-version: 24.x
|
||||
|
||||
- name: Install root npm packages
|
||||
run: npm ci
|
||||
|
||||
- name: Compile artifact package
|
||||
run: |
|
||||
npm ci
|
||||
npm run tsc
|
||||
working-directory: packages/artifact
|
||||
|
||||
- name: Create file that will be uploaded
|
||||
run: |
|
||||
echo -n 'hello from single file upload' > single-file-${{ matrix.runs-on }}.txt
|
||||
|
||||
- name: Upload Single File Artifact (skipArchive)
|
||||
uses: actions/github-script@v8
|
||||
with:
|
||||
script: |
|
||||
const {default: artifact} = require('./packages/artifact/lib/artifact')
|
||||
|
||||
const artifactName = 'my-single-file-${{ matrix.runs-on }}'
|
||||
console.log('artifactName: ' + artifactName)
|
||||
|
||||
const uploadResult = await artifact.uploadArtifact(
|
||||
artifactName,
|
||||
['single-file-${{ matrix.runs-on }}.txt'],
|
||||
'./',
|
||||
{skipArchive: true}
|
||||
)
|
||||
console.log(uploadResult)
|
||||
|
||||
const size = uploadResult.size
|
||||
const id = uploadResult.id
|
||||
|
||||
if (!id) {
|
||||
throw new Error('Artifact ID is missing from upload result')
|
||||
}
|
||||
|
||||
console.log(`Successfully uploaded single file artifact ${id}`)
|
||||
|
||||
upload-html-file:
|
||||
name: Upload HTML File (no zip)
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: Set Node.js 24.x
|
||||
uses: actions/setup-node@v5
|
||||
with:
|
||||
node-version: 24.x
|
||||
|
||||
- name: Install root npm packages
|
||||
run: npm ci
|
||||
|
||||
- name: Compile artifact package
|
||||
run: |
|
||||
npm ci
|
||||
npm run tsc
|
||||
working-directory: packages/artifact
|
||||
|
||||
- name: Create HTML file
|
||||
run: |
|
||||
cat > report.html << 'EOF'
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Artifact Upload Test Report</title>
|
||||
<style>
|
||||
body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Helvetica, Arial, sans-serif; max-width: 800px; margin: 40px auto; padding: 0 20px; color: #24292f; }
|
||||
h1 { border-bottom: 1px solid #d0d7de; padding-bottom: 8px; }
|
||||
.success { color: #1a7f37; }
|
||||
.info { background: #ddf4ff; border: 1px solid #54aeff; border-radius: 6px; padding: 12px 16px; margin: 16px 0; }
|
||||
table { border-collapse: collapse; width: 100%; margin: 16px 0; }
|
||||
th, td { border: 1px solid #d0d7de; padding: 8px 12px; text-align: left; }
|
||||
th { background: #f6f8fa; }
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Artifact Upload Test Report</h1>
|
||||
<div class="info">
|
||||
<strong>This HTML file was uploaded as a single un-zipped artifact.</strong>
|
||||
If you can see this in the browser, the feature is working correctly!
|
||||
</div>
|
||||
<table>
|
||||
<tr><th>Property</th><th>Value</th></tr>
|
||||
<tr><td>Upload method</td><td><code>skipArchive: true</code></td></tr>
|
||||
<tr><td>Content-Type</td><td><code>text/html</code></td></tr>
|
||||
<tr><td>File</td><td><code>report.html</code></td></tr>
|
||||
</table>
|
||||
<p class="success">✔ Single file upload is working!</p>
|
||||
</body>
|
||||
</html>
|
||||
EOF
|
||||
|
||||
- name: Upload HTML Artifact (skipArchive)
|
||||
uses: actions/github-script@v8
|
||||
with:
|
||||
script: |
|
||||
const {default: artifact} = require('./packages/artifact/lib/artifact')
|
||||
|
||||
const uploadResult = await artifact.uploadArtifact(
|
||||
'test-report',
|
||||
['report.html'],
|
||||
'./',
|
||||
{skipArchive: true}
|
||||
)
|
||||
console.log(uploadResult)
|
||||
console.log(`Successfully uploaded HTML artifact ${uploadResult.id}`)
|
||||
console.log('This artifact is intentionally kept for manual browser verification')
|
||||
|
||||
verify:
|
||||
name: Verify and Delete
|
||||
runs-on: ubuntu-latest
|
||||
needs: [upload]
|
||||
needs: [upload, upload-single-file, upload-html-file]
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v5
|
||||
@@ -164,6 +297,71 @@ jobs:
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
- name: Download and Verify Single File Artifacts
|
||||
uses: actions/github-script@v8
|
||||
with:
|
||||
script: |
|
||||
const {default: artifactClient} = require('./packages/artifact/lib/artifact')
|
||||
|
||||
const {readFile} = require('fs/promises')
|
||||
const path = require('path')
|
||||
|
||||
const findBy = {
|
||||
repositoryOwner: process.env.GITHUB_REPOSITORY.split('/')[0],
|
||||
repositoryName: process.env.GITHUB_REPOSITORY.split('/')[1],
|
||||
token: '${{ secrets.GITHUB_TOKEN }}',
|
||||
workflowRunId: process.env.GITHUB_RUN_ID
|
||||
}
|
||||
|
||||
const listResult = await artifactClient.listArtifacts({latest: true, findBy})
|
||||
const expectedSingleFiles = [
|
||||
'single-file-ubuntu-latest.txt',
|
||||
'single-file-windows-latest.txt',
|
||||
'single-file-macos-latest.txt'
|
||||
]
|
||||
|
||||
// Single file artifacts are named after the file basename
|
||||
const singleFileArtifacts = listResult.artifacts.filter(a =>
|
||||
expectedSingleFiles.includes(a.name)
|
||||
)
|
||||
|
||||
console.log('Found single file artifacts:', singleFileArtifacts.length)
|
||||
|
||||
if (singleFileArtifacts.length !== 3) {
|
||||
console.log('Unexpected single file artifacts:', singleFileArtifacts)
|
||||
throw new Error(
|
||||
`Expected 3 single-file artifacts but found ${singleFileArtifacts.length}`
|
||||
)
|
||||
}
|
||||
|
||||
for (const artifact of singleFileArtifacts) {
|
||||
const downloadDir = `single-file-download-${artifact.id}`
|
||||
const {downloadPath} = await artifactClient.downloadArtifact(artifact.id, {
|
||||
path: downloadDir,
|
||||
findBy
|
||||
})
|
||||
|
||||
console.log('Downloaded single file artifact to:', downloadPath)
|
||||
|
||||
const filePath = path.join(
|
||||
process.env.GITHUB_WORKSPACE,
|
||||
downloadPath,
|
||||
artifact.name
|
||||
)
|
||||
|
||||
console.log('Checking file:', filePath)
|
||||
|
||||
const content = await readFile(filePath, 'utf8')
|
||||
if (content.trim() !== 'hello from single file upload') {
|
||||
throw new Error(
|
||||
`Expected single file to contain 'hello from single file upload' but found '${content}'`
|
||||
)
|
||||
}
|
||||
|
||||
console.log(`Successfully verified single file artifact ${artifact.id}`)
|
||||
}
|
||||
|
||||
- name: Delete Artifacts
|
||||
uses: actions/github-script@v8
|
||||
with:
|
||||
@@ -173,11 +371,19 @@ jobs:
|
||||
const artifactsToDelete = [
|
||||
'my-artifact-ubuntu-latest',
|
||||
'my-artifact-windows-latest',
|
||||
'my-artifact-macos-latest'
|
||||
'my-artifact-macos-latest',
|
||||
'single-file-ubuntu-latest.txt',
|
||||
'single-file-windows-latest.txt',
|
||||
'single-file-macos-latest.txt'
|
||||
]
|
||||
|
||||
for (const artifactName of artifactsToDelete) {
|
||||
const {id} = await artifactClient.deleteArtifact(artifactName)
|
||||
try {
|
||||
const {id} = await artifactClient.deleteArtifact(artifactName)
|
||||
console.log(`Deleted artifact '${artifactName}' (ID: ${id})`)
|
||||
} catch (err) {
|
||||
console.log(`Could not delete artifact '${artifactName}': ${err.message}`)
|
||||
}
|
||||
}
|
||||
|
||||
const {artifacts} = await artifactClient.listArtifacts({latest: true})
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
name: Publish NPM
|
||||
|
||||
run-name: Publish NPM - ${{ github.event.inputs.package }}
|
||||
run-name: Publish NPM - ${{ inputs.package }} from ${{ inputs.branch }}
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
@@ -20,21 +20,37 @@ on:
|
||||
- http-client
|
||||
- io
|
||||
- tool-cache
|
||||
|
||||
branch:
|
||||
type: string
|
||||
required: false
|
||||
default: 'main'
|
||||
description: 'Branch to release from'
|
||||
npm-tag:
|
||||
type: string
|
||||
required: false
|
||||
default: 'latest'
|
||||
description: 'npm dist-tag for the release. Use "latest" for main branch releases. For non-main branches, use a non-semver tag like "v1-longlived". Semver values (e.g. "5.0.0") are not valid dist-tags and will be rejected by npm.'
|
||||
test-all:
|
||||
type: boolean
|
||||
required: false
|
||||
default: false
|
||||
description: 'Run tests for all packages instead of only the package being published'
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: macos-latest-large
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: setup repo
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
ref: ${{ inputs.branch }}
|
||||
|
||||
- name: verify package exists
|
||||
run: ls packages/${{ github.event.inputs.package }}
|
||||
|
||||
- name: Set Node.js 24.x
|
||||
uses: actions/setup-node@v5
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: 24.x
|
||||
|
||||
@@ -48,20 +64,25 @@ jobs:
|
||||
run: npm run build
|
||||
|
||||
- name: test
|
||||
run: npm run test
|
||||
run: |
|
||||
if [ "${{ inputs.test-all }}" = "true" ]; then
|
||||
npm run test
|
||||
else
|
||||
npm run test -- --testPathPattern="packages/${{ inputs.package }}"
|
||||
fi
|
||||
|
||||
- name: pack
|
||||
run: npm pack
|
||||
working-directory: packages/${{ github.event.inputs.package }}
|
||||
|
||||
- name: upload artifact
|
||||
uses: actions/upload-artifact@v4
|
||||
uses: actions/upload-artifact@v7
|
||||
with:
|
||||
name: ${{ github.event.inputs.package }}
|
||||
path: packages/${{ github.event.inputs.package }}/*.tgz
|
||||
|
||||
publish:
|
||||
runs-on: macos-latest-large
|
||||
runs-on: ubuntu-slim
|
||||
needs: test
|
||||
environment: npm-publish
|
||||
permissions:
|
||||
@@ -70,29 +91,35 @@ jobs:
|
||||
steps:
|
||||
|
||||
- name: Set Node.js 24.x
|
||||
uses: actions/setup-node@v5
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: 24.x
|
||||
|
||||
- name: download artifact
|
||||
uses: actions/download-artifact@v4
|
||||
uses: actions/download-artifact@v8
|
||||
with:
|
||||
name: ${{ github.event.inputs.package }}
|
||||
name: ${{ inputs.package }}
|
||||
|
||||
- name: guard against publishing latest from non-main branch
|
||||
if: inputs.branch != 'main' && inputs.npm-tag == 'latest'
|
||||
run: |
|
||||
echo "::error::Publishing with the 'latest' dist-tag from a non-main branch ('${{ inputs.branch }}') is not allowed. Use the package major version as the tag (e.g. v5)."
|
||||
exit 1
|
||||
|
||||
- name: publish
|
||||
run: npm publish --provenance *.tgz
|
||||
run: npm publish --provenance --tag "${{ inputs.npm-tag }}" *.tgz
|
||||
|
||||
- name: notify slack on failure
|
||||
if: failure()
|
||||
run: |
|
||||
curl -X POST -H 'Content-type: application/json' --data '{"text":":pb__failed: Failed to publish a new version of ${{ github.event.inputs.package }}"}' $SLACK_WEBHOOK
|
||||
curl -X POST -H 'Content-type: application/json' --data '{"text":":pb__failed: Failed to publish a new version of ${{ inputs.package }} from ${{ inputs.branch }} (tag: ${{ inputs.npm-tag }})"}' $SLACK_WEBHOOK
|
||||
env:
|
||||
SLACK_WEBHOOK: ${{ secrets.SLACK }}
|
||||
|
||||
- name: notify slack on success
|
||||
if: success()
|
||||
run: |
|
||||
curl -X POST -H 'Content-type: application/json' --data '{"text":":dance: Successfully published a new version of ${{ github.event.inputs.package }}"}' $SLACK_WEBHOOK
|
||||
curl -X POST -H 'Content-type: application/json' --data '{"text":":dance: Successfully published a new version of ${{ inputs.package }} from ${{ inputs.branch }} (tag: ${{ inputs.npm-tag }})"}' $SLACK_WEBHOOK
|
||||
env:
|
||||
SLACK_WEBHOOK: ${{ secrets.SLACK }}
|
||||
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 170 KiB |
@@ -0,0 +1,82 @@
|
||||
# Releasing Packages
|
||||
|
||||
Packages are published to npm via the **Publish NPM** workflow ([`.github/workflows/releases.yml`](../.github/workflows/releases.yml)). The workflow is triggered manually through `workflow_dispatch` from the GitHub Actions UI.
|
||||
|
||||
## How it works
|
||||
|
||||
The workflow has two jobs:
|
||||
|
||||
1. **test** — Checks out the specified branch, installs dependencies, bootstraps the monorepo, builds all packages, runs tests, then packs the target package into a `.tgz` archive and uploads it as a workflow artifact.
|
||||
2. **publish** — Downloads the packed artifact and publishes it to npm with `--provenance` (OIDC-based). Sends a Slack notification on success or failure. Requires the `npm-publish` environment.
|
||||
|
||||
## Inputs
|
||||
|
||||
| Input | Type | Required | Default | Description |
|
||||
|---|---|---|---|---|
|
||||
| `package` | choice | **yes** | — | Which package to release. One of: `artifact`, `attest`, `cache`, `core`, `exec`, `github`, `glob`, `http-client`, `io`, `tool-cache`. |
|
||||
| `branch` | string | no | `main` | The branch to check out and release from. |
|
||||
| `npm-tag` | string | no | `latest` | The npm dist-tag to publish under. See [Dist-tags](#dist-tags) below. |
|
||||
| `test-all` | boolean | no | `false` | When `false`, only tests for the selected package are run. Set to `true` to run the full test suite across all packages. |
|
||||
|
||||
## Dist-tags
|
||||
|
||||
npm dist-tags control which version users get when they `npm install @actions/<package>` (or `@<tag>`).
|
||||
|
||||
> **Important:** npm dist-tags **cannot** be valid semver strings. Values like `5.0.0` or `1.2.3` will be rejected by npm. Use a descriptive name instead.
|
||||
|
||||
- **`latest`** — The default tag. This is what users get with a plain `npm install`. Should only be used for releases from `main`.
|
||||
- **Custom tags** (e.g. `v1-longlived`) — Used for releases from long-lived or experimental branches.
|
||||
|
||||
Examples of **valid** dist-tags: `latest`, `next`, `beta`, `v1-longlived`
|
||||
Examples of **invalid** dist-tags: `5.0.0`, `1.2.3`, `6.0.0-rc.1` (these are semver and will be rejected)
|
||||
|
||||
|  |
|
||||
|---|
|
||||
| npm distribution tags |
|
||||
|
||||
### Safety guard
|
||||
|
||||
The workflow **blocks** publishing with the `latest` dist-tag from any branch other than `main`. This prevents accidentally overwriting `latest` with a version from an older or experimental branch. If you're releasing from a non-main branch, use the package's major version as the tag (e.g. `v5`).
|
||||
|
||||
## Examples
|
||||
|
||||
### Standard release from main
|
||||
|
||||
Use default inputs — just pick the package:
|
||||
|
||||
| Input | Value |
|
||||
|---|---|
|
||||
| `package` | `core` |
|
||||
| `branch` | `main` (default) |
|
||||
| `npm-tag` | `latest` (default) |
|
||||
| `test-all` | `false` (default) |
|
||||
|
||||
This publishes the version in `packages/core/package.json` on `main` as `@actions/core@latest`.
|
||||
|
||||
### Patch release from a long-lived branch
|
||||
|
||||
| Input | Value |
|
||||
|---|---|
|
||||
| `package` | `artifact` |
|
||||
| `branch` | `releases/v5` |
|
||||
| `npm-tag` | `v5` |
|
||||
| `test-all` | `false` (default) |
|
||||
|
||||
This publishes the version in `packages/artifact/package.json` on the `releases/v5` branch under the `v5` dist-tag. The `latest` tag remains untouched.
|
||||
|
||||
### Release with full test suite
|
||||
|
||||
| Input | Value |
|
||||
|---|---|
|
||||
| `package` | `cache` |
|
||||
| `branch` | `main` (default) |
|
||||
| `npm-tag` | `latest` (default) |
|
||||
| `test-all` | `true` |
|
||||
|
||||
Same as a standard release, but runs tests for all packages before publishing.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- You must have permission to trigger workflows on this repository.
|
||||
- The `npm-publish` environment must be configured with npm credentials and OIDC.
|
||||
- The `SLACK` secret must be set for Slack notifications to work.
|
||||
+3
-2
@@ -17,7 +17,8 @@ module.exports = {
|
||||
'^@actions/github/lib/utils$': '<rootDir>/packages/github/lib/utils.js',
|
||||
'^@actions/glob$': '<rootDir>/packages/glob/lib/glob.js',
|
||||
'^@actions/tool-cache$': '<rootDir>/packages/tool-cache/lib/tool-cache.js',
|
||||
'^@actions/cache$': '<rootDir>/packages/cache/lib/cache.js'
|
||||
'^@actions/cache$': '<rootDir>/packages/cache/lib/cache.js',
|
||||
'^@actions/attest$': '<rootDir>/packages/attest/lib/index.js'
|
||||
},
|
||||
transform: {
|
||||
'^.+\\.(ts|js)$': ['ts-jest', {
|
||||
@@ -31,7 +32,7 @@ module.exports = {
|
||||
}]
|
||||
},
|
||||
transformIgnorePatterns: [
|
||||
'/node_modules/(?!(@octokit|@actions/github|@actions/http-client|@actions/io|@actions/exec|@actions/core|@actions/glob|@actions/tool-cache|@actions/cache|universal-user-agent|before-after-hook)/)'
|
||||
'/node_modules/(?!(@octokit|@actions/github|@actions/http-client|@actions/io|@actions/exec|@actions/core|@actions/glob|@actions/tool-cache|@actions/cache|@actions/attest|universal-user-agent|before-after-hook)/)'
|
||||
],
|
||||
verbose: true
|
||||
}
|
||||
|
||||
Generated
+22
-19
@@ -4322,15 +4322,15 @@
|
||||
}
|
||||
},
|
||||
"node_modules/axios": {
|
||||
"version": "1.12.2",
|
||||
"resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz",
|
||||
"integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==",
|
||||
"version": "1.15.1",
|
||||
"resolved": "https://registry.npmjs.org/axios/-/axios-1.15.1.tgz",
|
||||
"integrity": "sha512-WOG+Jj8ZOvR0a3rAn+Tuf1UQJRxw5venr6DgdbJzngJE3qG7X0kL83CZGpdHMxEm+ZK3seAbvFsw4FfOfP9vxg==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"follow-redirects": "^1.15.6",
|
||||
"form-data": "^4.0.4",
|
||||
"proxy-from-env": "^1.1.0"
|
||||
"follow-redirects": "^1.15.11",
|
||||
"form-data": "^4.0.5",
|
||||
"proxy-from-env": "^2.1.0"
|
||||
}
|
||||
},
|
||||
"node_modules/axobject-query": {
|
||||
@@ -7215,9 +7215,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/flatted": {
|
||||
"version": "3.3.3",
|
||||
"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz",
|
||||
"integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==",
|
||||
"version": "3.4.2",
|
||||
"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
|
||||
"integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
|
||||
"dev": true,
|
||||
"license": "ISC"
|
||||
},
|
||||
@@ -7235,9 +7235,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/follow-redirects": {
|
||||
"version": "1.15.11",
|
||||
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz",
|
||||
"integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==",
|
||||
"version": "1.16.0",
|
||||
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz",
|
||||
"integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==",
|
||||
"dev": true,
|
||||
"funding": [
|
||||
{
|
||||
@@ -13278,9 +13278,9 @@
|
||||
"license": "ISC"
|
||||
},
|
||||
"node_modules/picomatch": {
|
||||
"version": "2.3.1",
|
||||
"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
|
||||
"integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
|
||||
"version": "2.3.2",
|
||||
"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
|
||||
"integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
@@ -13570,11 +13570,14 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/proxy-from-env": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
|
||||
"integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==",
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz",
|
||||
"integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==",
|
||||
"dev": true,
|
||||
"license": "MIT"
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">=10"
|
||||
}
|
||||
},
|
||||
"node_modules/pure-rand": {
|
||||
"version": "6.1.0",
|
||||
|
||||
@@ -1,5 +1,22 @@
|
||||
# @actions/artifact Releases
|
||||
|
||||
## 6.2.1
|
||||
|
||||
- Support the RFC 5987 `filename*` field in the `content-disposition` header. This allows us to correctly download files and artifacts with Chinese/Japanese/Korean (among other) characters in their name.
|
||||
|
||||
## 6.2.0
|
||||
|
||||
- Support uploading single un-archived files (not zipped). Direct uploads are only supported for artifacts version 7+ (based on the major version of `actions/upload-artifact`). Callers must pass the `skipArchive` option to `uploadArtifact`. Only single files can be uploaded at a time right now. Default behavior should remain unchanged if `skipArchive = false`. When `skipArchive = true`, the name of the file is used as the name of the artifact for consistency with the downloads: you upload `artifact.txt`, you download `artifact.txt`.
|
||||
|
||||
## 6.1.0
|
||||
|
||||
- Support downloading non-zip artifacts. Zipped artifacts will be decompressed automatically (with an optional override). Un-zipped artifacts will be downloaded as-is.
|
||||
|
||||
## 6.0.0
|
||||
|
||||
- **Breaking change**: Package is now ESM-only
|
||||
- CommonJS consumers must use dynamic `import()` instead of `require()`
|
||||
|
||||
## 5.0.3
|
||||
|
||||
- Bump `@actions/http-client` to `3.0.2`
|
||||
|
||||
@@ -104,6 +104,7 @@ const cleanup = async (): Promise<void> => {
|
||||
const mockGetArtifactSuccess = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'application/zip'
|
||||
message.push(fs.readFileSync(fixtures.exampleArtifact.path))
|
||||
message.push(null)
|
||||
return {
|
||||
@@ -114,6 +115,7 @@ const mockGetArtifactSuccess = jest.fn(() => {
|
||||
const mockGetArtifactHung = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'application/zip'
|
||||
// Don't push any data or call push(null) to end the stream
|
||||
// This creates a stream that hangs and never completes
|
||||
return {
|
||||
@@ -134,6 +136,7 @@ const mockGetArtifactFailure = jest.fn(() => {
|
||||
const mockGetArtifactMalicious = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'application/zip'
|
||||
message.push(fs.readFileSync(path.join(__dirname, 'fixtures', 'evil.zip'))) // evil.zip contains files that are formatted x/../../etc/hosts
|
||||
message.push(null)
|
||||
return {
|
||||
@@ -619,10 +622,17 @@ describe('download-artifact', () => {
|
||||
...fixtures.backendIds,
|
||||
name: fixtures.artifactName
|
||||
})
|
||||
})
|
||||
}, 38000)
|
||||
})
|
||||
|
||||
describe('streamExtractExternal', () => {
|
||||
beforeEach(async () => {
|
||||
await setup()
|
||||
// Create workspace directory for streamExtractExternal tests
|
||||
await fs.promises.mkdir(fixtures.workspaceDir, {recursive: true})
|
||||
})
|
||||
afterEach(cleanup)
|
||||
|
||||
it('should fail if the timeout is exceeded', async () => {
|
||||
const mockSlowGetArtifact = jest.fn(mockGetArtifactHung)
|
||||
|
||||
@@ -641,12 +651,451 @@ describe('download-artifact', () => {
|
||||
{timeout: 2}
|
||||
)
|
||||
expect(true).toBe(false) // should not be called
|
||||
} catch (e) {
|
||||
} catch (error: unknown) {
|
||||
const e = error as Error
|
||||
expect(e).toBeInstanceOf(Error)
|
||||
expect(e.message).toContain('did not respond in 2ms')
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
expect(mockSlowGetArtifact).toHaveBeenCalledTimes(1)
|
||||
}
|
||||
})
|
||||
|
||||
it('should extract zip file when content-type is application/zip', async () => {
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetArtifactSuccess
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(
|
||||
fixtures.blobStorageUrl,
|
||||
fixtures.workspaceDir
|
||||
)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
// Verify files were extracted (not saved as a single file)
|
||||
await expectExtractedArchive(fixtures.workspaceDir)
|
||||
})
|
||||
|
||||
it('should save raw file without extracting when content-type is not a zip', async () => {
|
||||
const rawFileContent = 'This is a raw text file, not a zip'
|
||||
const rawFileName = 'my-artifact.txt'
|
||||
|
||||
const mockGetRawFile = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'text/plain'
|
||||
message.headers['content-disposition'] =
|
||||
`attachment; filename="${rawFileName}"`
|
||||
message.push(Buffer.from(rawFileContent))
|
||||
message.push(null)
|
||||
return {
|
||||
message
|
||||
}
|
||||
})
|
||||
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetRawFile
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(
|
||||
fixtures.blobStorageUrl,
|
||||
fixtures.workspaceDir
|
||||
)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
// Verify file was saved as-is, not extracted
|
||||
const savedFilePath = path.join(fixtures.workspaceDir, rawFileName)
|
||||
expect(fs.existsSync(savedFilePath)).toBe(true)
|
||||
expect(fs.readFileSync(savedFilePath, 'utf8')).toBe(rawFileContent)
|
||||
})
|
||||
|
||||
it('should save raw file with default name when content-disposition is missing', async () => {
|
||||
const rawFileContent = 'Binary content here'
|
||||
|
||||
const mockGetRawFileNoDisposition = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'application/octet-stream'
|
||||
// No content-disposition header
|
||||
message.push(Buffer.from(rawFileContent))
|
||||
message.push(null)
|
||||
return {
|
||||
message
|
||||
}
|
||||
})
|
||||
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetRawFileNoDisposition
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(
|
||||
fixtures.blobStorageUrl,
|
||||
fixtures.workspaceDir
|
||||
)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
// Verify file was saved with default name 'artifact'
|
||||
const savedFilePath = path.join(fixtures.workspaceDir, 'artifact')
|
||||
expect(fs.existsSync(savedFilePath)).toBe(true)
|
||||
expect(fs.readFileSync(savedFilePath, 'utf8')).toBe(rawFileContent)
|
||||
})
|
||||
|
||||
it('should not attempt to unzip when content-type is image/png', async () => {
|
||||
const pngFileName = 'screenshot.png'
|
||||
// Simple PNG header bytes for testing
|
||||
const pngContent = Buffer.from([
|
||||
0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a
|
||||
])
|
||||
|
||||
const mockGetPngFile = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'image/png'
|
||||
message.headers['content-disposition'] =
|
||||
`attachment; filename="${pngFileName}"`
|
||||
message.push(pngContent)
|
||||
message.push(null)
|
||||
return {
|
||||
message
|
||||
}
|
||||
})
|
||||
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetPngFile
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(
|
||||
fixtures.blobStorageUrl,
|
||||
fixtures.workspaceDir
|
||||
)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
// Verify PNG was saved as-is
|
||||
const savedFilePath = path.join(fixtures.workspaceDir, pngFileName)
|
||||
expect(fs.existsSync(savedFilePath)).toBe(true)
|
||||
expect(fs.readFileSync(savedFilePath)).toEqual(pngContent)
|
||||
})
|
||||
|
||||
it('should extract when content-type is application/x-zip-compressed', async () => {
|
||||
const mockGetZipCompressed = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'application/x-zip-compressed'
|
||||
message.push(fs.readFileSync(fixtures.exampleArtifact.path))
|
||||
message.push(null)
|
||||
return {
|
||||
message
|
||||
}
|
||||
})
|
||||
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetZipCompressed
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(
|
||||
fixtures.blobStorageUrl,
|
||||
fixtures.workspaceDir
|
||||
)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
// Verify files were extracted
|
||||
await expectExtractedArchive(fixtures.workspaceDir)
|
||||
})
|
||||
|
||||
it('should extract zip when URL ends with .zip even if content-type is not application/zip', async () => {
|
||||
const blobUrlWithZipExtension =
|
||||
'https://blob-storage.local/artifact.zip?sig=abc123'
|
||||
|
||||
const mockGetZipByUrl = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
// Azure Blob Storage may return a generic content-type
|
||||
message.headers['content-type'] = 'application/octet-stream'
|
||||
message.push(fs.readFileSync(fixtures.exampleArtifact.path))
|
||||
message.push(null)
|
||||
return {
|
||||
message
|
||||
}
|
||||
})
|
||||
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetZipByUrl
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(
|
||||
blobUrlWithZipExtension,
|
||||
fixtures.workspaceDir
|
||||
)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
// Verify files were extracted based on URL .zip extension
|
||||
await expectExtractedArchive(fixtures.workspaceDir)
|
||||
})
|
||||
|
||||
it('should skip decompression when skipDecompress option is true even for zip content-type', async () => {
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetArtifactSuccess
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(
|
||||
fixtures.blobStorageUrl,
|
||||
fixtures.workspaceDir,
|
||||
{skipDecompress: true}
|
||||
)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
// Verify zip was saved as-is, not extracted
|
||||
// When skipDecompress is true, the file should be saved with default name 'artifact'
|
||||
const savedFilePath = path.join(fixtures.workspaceDir, 'artifact')
|
||||
expect(fs.existsSync(savedFilePath)).toBe(true)
|
||||
// The saved file should be the raw zip content
|
||||
const savedContent = fs.readFileSync(savedFilePath)
|
||||
const originalZipContent = fs.readFileSync(fixtures.exampleArtifact.path)
|
||||
expect(savedContent).toEqual(originalZipContent)
|
||||
})
|
||||
|
||||
it('should sanitize path traversal attempts in Content-Disposition filename', async () => {
|
||||
const rawFileContent = 'malicious content'
|
||||
const maliciousFileName = '../../../etc/passwd'
|
||||
|
||||
const mockGetMaliciousFile = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'text/plain'
|
||||
message.headers['content-disposition'] =
|
||||
`attachment; filename="${maliciousFileName}"`
|
||||
message.push(Buffer.from(rawFileContent))
|
||||
message.push(null)
|
||||
return {
|
||||
message
|
||||
}
|
||||
})
|
||||
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetMaliciousFile
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(
|
||||
fixtures.blobStorageUrl,
|
||||
fixtures.workspaceDir
|
||||
)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
// Verify file was saved with sanitized name (just 'passwd', not the full path)
|
||||
const sanitizedFileName = 'passwd'
|
||||
const savedFilePath = path.join(fixtures.workspaceDir, sanitizedFileName)
|
||||
expect(fs.existsSync(savedFilePath)).toBe(true)
|
||||
expect(fs.readFileSync(savedFilePath, 'utf8')).toBe(rawFileContent)
|
||||
|
||||
// Verify the file was NOT written outside the workspace directory
|
||||
const maliciousPath = path.resolve(
|
||||
fixtures.workspaceDir,
|
||||
maliciousFileName
|
||||
)
|
||||
expect(fs.existsSync(maliciousPath)).toBe(false)
|
||||
})
|
||||
|
||||
it('should handle encoded path traversal attempts in Content-Disposition filename', async () => {
|
||||
const rawFileContent = 'encoded malicious content'
|
||||
// URL encoded version of ../../../etc/passwd
|
||||
const encodedMaliciousFileName = '..%2F..%2F..%2Fetc%2Fpasswd'
|
||||
|
||||
const mockGetEncodedMaliciousFile = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'application/octet-stream'
|
||||
message.headers['content-disposition'] =
|
||||
`attachment; filename="${encodedMaliciousFileName}"`
|
||||
message.push(Buffer.from(rawFileContent))
|
||||
message.push(null)
|
||||
return {
|
||||
message
|
||||
}
|
||||
})
|
||||
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetEncodedMaliciousFile
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(
|
||||
fixtures.blobStorageUrl,
|
||||
fixtures.workspaceDir
|
||||
)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
// After decoding and sanitizing, should just be 'passwd'
|
||||
const sanitizedFileName = 'passwd'
|
||||
const savedFilePath = path.join(fixtures.workspaceDir, sanitizedFileName)
|
||||
expect(fs.existsSync(savedFilePath)).toBe(true)
|
||||
expect(fs.readFileSync(savedFilePath, 'utf8')).toBe(rawFileContent)
|
||||
|
||||
// Verify the file was NOT written outside the workspace directory
|
||||
const maliciousPathEncoded = path.resolve(
|
||||
fixtures.workspaceDir,
|
||||
encodedMaliciousFileName
|
||||
)
|
||||
expect(fs.existsSync(maliciousPathEncoded)).toBe(false)
|
||||
|
||||
const maliciousPath = path.resolve(
|
||||
fixtures.workspaceDir,
|
||||
'../../../etc/passwd'
|
||||
)
|
||||
expect(fs.existsSync(maliciousPath)).toBe(false)
|
||||
})
|
||||
|
||||
it('should correctly handle Content-Disposition with filename* parameter (RFC 5987)', async () => {
|
||||
const rawFileContent = 'content with rfc5987 encoding'
|
||||
const expectedFileName = '报告-土-x.txt'
|
||||
const asciiFileName = '__-_-x.txt'
|
||||
|
||||
const mockGetRfc5987File = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'text/plain'
|
||||
// Server sends both: filename with _ fallbacks, filename* with UTF-8 encoding
|
||||
message.headers['content-disposition'] =
|
||||
`attachment; filename="${asciiFileName}"; filename*=UTF-8''${encodeURIComponent(expectedFileName)}`
|
||||
message.push(Buffer.from(rawFileContent, 'utf8'))
|
||||
message.push(null)
|
||||
return {
|
||||
message
|
||||
}
|
||||
})
|
||||
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetRfc5987File
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(
|
||||
fixtures.blobStorageUrl,
|
||||
fixtures.workspaceDir
|
||||
)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
const savedFilePath = path.join(fixtures.workspaceDir, expectedFileName)
|
||||
expect(fs.existsSync(savedFilePath)).toBe(true)
|
||||
expect(fs.readFileSync(savedFilePath, 'utf8')).toBe(rawFileContent)
|
||||
})
|
||||
|
||||
it('should handle zip artifacts with Chinese characters in the artifact name', async () => {
|
||||
// Simulate Azure Blob Storage URL with rscd containing Chinese filename
|
||||
const chineseArtifactName = 'probe-土-x'
|
||||
const asciiArtifactName = 'probe-_-x'
|
||||
const blobUrlWithChineseName = `https://blob-storage.local/artifact.zip?rscd=${encodeURIComponent(`attachment; filename="${asciiArtifactName}.zip"; filename*=UTF-8''${encodeURIComponent(`${chineseArtifactName}.zip`)}`)}&rsct=application%2Fzip&sig=abc123`
|
||||
|
||||
const mockGetZip = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'application/zip'
|
||||
message.headers['content-disposition'] =
|
||||
`attachment; filename="${asciiArtifactName}.zip"; filename*=UTF-8''${encodeURIComponent(`${chineseArtifactName}.zip`)}`
|
||||
message.push(fs.readFileSync(fixtures.exampleArtifact.path))
|
||||
message.push(null)
|
||||
return {
|
||||
message
|
||||
}
|
||||
})
|
||||
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetZip
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(blobUrlWithChineseName, fixtures.workspaceDir)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
// Zip should be extracted normally regardless of Chinese artifact name
|
||||
await expectExtractedArchive(fixtures.workspaceDir)
|
||||
})
|
||||
|
||||
it.each([
|
||||
['土', '_'], // U+571F - known to cause 400 errors
|
||||
['日', '_'], // U+65E5 - reported to work fine
|
||||
['中文测试', '____'], // multiple Chinese characters
|
||||
['文件-2026年', '__-2026_'], // mixed Chinese and numbers
|
||||
['データ', '___'], // Japanese katakana
|
||||
['테스트', '___'] // Korean characters
|
||||
])(
|
||||
'should prefer filename* over filename for non-ASCII character %s (%s)',
|
||||
async (chars, asciiReplacement) => {
|
||||
const rawFileContent = `content for ${chars}`
|
||||
const expectedFileName = `artifact-${chars}.txt`
|
||||
const asciiFileName = `artifact-${asciiReplacement}.txt`
|
||||
|
||||
const mockGetFile = jest.fn(() => {
|
||||
const message = new http.IncomingMessage(new net.Socket())
|
||||
message.statusCode = 200
|
||||
message.headers['content-type'] = 'text/plain'
|
||||
// Server sends filename with _ replacing non-ASCII, filename* with proper encoding
|
||||
message.headers['content-disposition'] =
|
||||
`attachment; filename="${asciiFileName}"; filename*=UTF-8''${encodeURIComponent(expectedFileName)}`
|
||||
message.push(Buffer.from(rawFileContent, 'utf8'))
|
||||
message.push(null)
|
||||
return {
|
||||
message
|
||||
}
|
||||
})
|
||||
|
||||
const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
|
||||
() => {
|
||||
return {
|
||||
get: mockGetFile
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
await streamExtractExternal(
|
||||
fixtures.blobStorageUrl,
|
||||
fixtures.workspaceDir
|
||||
)
|
||||
|
||||
expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
|
||||
const savedFilePath = path.join(fixtures.workspaceDir, expectedFileName)
|
||||
expect(fs.existsSync(savedFilePath)).toBe(true)
|
||||
expect(fs.readFileSync(savedFilePath, 'utf8')).toBe(rawFileContent)
|
||||
}
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
@@ -0,0 +1,59 @@
|
||||
import * as fs from 'fs'
|
||||
import * as path from 'path'
|
||||
import {createRawFileUploadStream} from '../src/internal/upload/stream.js'
|
||||
import {noopLogs} from './common.js'
|
||||
|
||||
const fixtures = {
|
||||
testDirectory: path.join(__dirname, '_temp', 'stream-test'),
|
||||
testFile: path.join(__dirname, '_temp', 'stream-test', 'test-file.txt'),
|
||||
testContent: 'hello stream test'
|
||||
}
|
||||
|
||||
describe('createRawFileUploadStream', () => {
|
||||
beforeAll(() => {
|
||||
fs.mkdirSync(fixtures.testDirectory, {recursive: true})
|
||||
fs.writeFileSync(fixtures.testFile, fixtures.testContent)
|
||||
})
|
||||
|
||||
beforeEach(() => {
|
||||
noopLogs()
|
||||
})
|
||||
|
||||
afterEach(() => {
|
||||
jest.restoreAllMocks()
|
||||
})
|
||||
|
||||
it('should stream file contents through the upload stream', async () => {
|
||||
const uploadStream = await createRawFileUploadStream(fixtures.testFile)
|
||||
|
||||
const chunks: Buffer[] = []
|
||||
const result = await new Promise<string>((resolve, reject) => {
|
||||
uploadStream.on('data', chunk => chunks.push(Buffer.from(chunk)))
|
||||
uploadStream.on('end', () =>
|
||||
resolve(Buffer.concat(chunks).toString('utf-8'))
|
||||
)
|
||||
uploadStream.on('error', reject)
|
||||
})
|
||||
|
||||
expect(result).toBe(fixtures.testContent)
|
||||
})
|
||||
|
||||
it('should propagate file read errors through the upload stream', async () => {
|
||||
// Use a directory path — createReadStream on a directory fails cross-platform
|
||||
// Mock lstat to return a non-symlink result so we reach createReadStream
|
||||
const dirPath = fixtures.testDirectory
|
||||
jest
|
||||
.spyOn(fs.promises, 'lstat')
|
||||
.mockResolvedValue({isSymbolicLink: () => false} as fs.Stats)
|
||||
|
||||
const uploadStream = await createRawFileUploadStream(dirPath)
|
||||
|
||||
await expect(
|
||||
new Promise((resolve, reject) => {
|
||||
uploadStream.on('data', resolve)
|
||||
uploadStream.on('end', resolve)
|
||||
uploadStream.on('error', reject)
|
||||
})
|
||||
).rejects.toThrow('An error has occurred during file read for the artifact')
|
||||
})
|
||||
})
|
||||
@@ -7,6 +7,7 @@ import * as blobUpload from '../src/internal/upload/blob-upload.js'
|
||||
import {uploadArtifact} from '../src/internal/upload/upload-artifact.js'
|
||||
import {noopLogs} from './common.js'
|
||||
import {FilesNotFoundError} from '../src/internal/shared/errors.js'
|
||||
import * as stream from '../src/internal/upload/stream.js'
|
||||
import {BlockBlobUploadStreamOptions} from '@azure/storage-blob'
|
||||
import * as fs from 'fs'
|
||||
import * as path from 'path'
|
||||
@@ -150,7 +151,7 @@ describe('upload-artifact', () => {
|
||||
it('should return false if the creation request fails', async () => {
|
||||
jest
|
||||
.spyOn(zip, 'createZipUploadStream')
|
||||
.mockReturnValue(Promise.resolve(new zip.ZipUploadStream(1)))
|
||||
.mockReturnValue(Promise.resolve(new stream.WaterMarkedUploadStream(1)))
|
||||
jest
|
||||
.spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact')
|
||||
.mockReturnValue(Promise.resolve({ok: false, signedUploadUrl: ''}))
|
||||
@@ -167,7 +168,7 @@ describe('upload-artifact', () => {
|
||||
it('should return false if blob storage upload is unsuccessful', async () => {
|
||||
jest
|
||||
.spyOn(zip, 'createZipUploadStream')
|
||||
.mockReturnValue(Promise.resolve(new zip.ZipUploadStream(1)))
|
||||
.mockReturnValue(Promise.resolve(new stream.WaterMarkedUploadStream(1)))
|
||||
jest
|
||||
.spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact')
|
||||
.mockReturnValue(
|
||||
@@ -177,7 +178,7 @@ describe('upload-artifact', () => {
|
||||
})
|
||||
)
|
||||
jest
|
||||
.spyOn(blobUpload, 'uploadZipToBlobStorage')
|
||||
.spyOn(blobUpload, 'uploadToBlobStorage')
|
||||
.mockReturnValue(Promise.reject(new Error('boom')))
|
||||
|
||||
const uploadResp = uploadArtifact(
|
||||
@@ -192,7 +193,7 @@ describe('upload-artifact', () => {
|
||||
it('should reject if finalize artifact fails', async () => {
|
||||
jest
|
||||
.spyOn(zip, 'createZipUploadStream')
|
||||
.mockReturnValue(Promise.resolve(new zip.ZipUploadStream(1)))
|
||||
.mockReturnValue(Promise.resolve(new stream.WaterMarkedUploadStream(1)))
|
||||
jest
|
||||
.spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact')
|
||||
.mockReturnValue(
|
||||
@@ -201,7 +202,7 @@ describe('upload-artifact', () => {
|
||||
signedUploadUrl: 'https://signed-upload-url.com'
|
||||
})
|
||||
)
|
||||
jest.spyOn(blobUpload, 'uploadZipToBlobStorage').mockReturnValue(
|
||||
jest.spyOn(blobUpload, 'uploadToBlobStorage').mockReturnValue(
|
||||
Promise.resolve({
|
||||
uploadSize: 1234,
|
||||
sha256Hash: 'test-sha256-hash'
|
||||
@@ -370,4 +371,284 @@ describe('upload-artifact', () => {
|
||||
|
||||
await expect(uploadResp).rejects.toThrow('Upload progress stalled.')
|
||||
})
|
||||
|
||||
describe('skipArchive option', () => {
|
||||
it('should throw an error if skipArchive is true and files array is empty', async () => {
|
||||
const uploadResp = uploadArtifact(
|
||||
fixtures.inputs.artifactName,
|
||||
[],
|
||||
fixtures.inputs.rootDirectory,
|
||||
{skipArchive: true}
|
||||
)
|
||||
|
||||
await expect(uploadResp).rejects.toThrow(FilesNotFoundError)
|
||||
})
|
||||
|
||||
it('should throw an error if skipArchive is true and multiple files are provided', async () => {
|
||||
const uploadResp = uploadArtifact(
|
||||
fixtures.inputs.artifactName,
|
||||
fixtures.inputs.files,
|
||||
fixtures.inputs.rootDirectory,
|
||||
{skipArchive: true}
|
||||
)
|
||||
|
||||
await expect(uploadResp).rejects.toThrow(
|
||||
'skipArchive option is only supported when uploading a single file'
|
||||
)
|
||||
})
|
||||
|
||||
it('should upload a single file without archiving when skipArchive is true', async () => {
|
||||
jest
|
||||
.spyOn(uploadZipSpecification, 'getUploadZipSpecification')
|
||||
.mockRestore()
|
||||
|
||||
const singleFile = path.join(fixtures.uploadDirectory, 'file1.txt')
|
||||
const expectedContent = 'test 1 file content'
|
||||
|
||||
jest
|
||||
.spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact')
|
||||
.mockReturnValue(
|
||||
Promise.resolve({
|
||||
ok: true,
|
||||
signedUploadUrl: 'https://signed-upload-url.local'
|
||||
})
|
||||
)
|
||||
jest
|
||||
.spyOn(ArtifactServiceClientJSON.prototype, 'FinalizeArtifact')
|
||||
.mockReturnValue(
|
||||
Promise.resolve({
|
||||
ok: true,
|
||||
artifactId: '1'
|
||||
})
|
||||
)
|
||||
|
||||
let uploadedContent = ''
|
||||
let loadedBytes = 0
|
||||
uploadStreamMock.mockImplementation(
|
||||
async (
|
||||
stream: NodeJS.ReadableStream,
|
||||
bufferSize?: number,
|
||||
maxConcurrency?: number,
|
||||
options?: BlockBlobUploadStreamOptions
|
||||
) => {
|
||||
const {onProgress} = options || {}
|
||||
|
||||
onProgress?.({loadedBytes: 0})
|
||||
return new Promise((resolve, reject) => {
|
||||
stream.on('data', chunk => {
|
||||
loadedBytes += chunk.length
|
||||
uploadedContent += chunk.toString()
|
||||
onProgress?.({loadedBytes})
|
||||
})
|
||||
stream.on('end', () => {
|
||||
onProgress?.({loadedBytes})
|
||||
resolve({})
|
||||
})
|
||||
stream.on('error', err => {
|
||||
reject(err)
|
||||
})
|
||||
})
|
||||
}
|
||||
)
|
||||
|
||||
const {id, size, digest} = await uploadArtifact(
|
||||
fixtures.inputs.artifactName,
|
||||
[singleFile],
|
||||
fixtures.uploadDirectory,
|
||||
{skipArchive: true}
|
||||
)
|
||||
|
||||
expect(id).toBe(1)
|
||||
expect(size).toBe(loadedBytes)
|
||||
expect(digest).toBeDefined()
|
||||
expect(digest).toHaveLength(64)
|
||||
// Verify the uploaded content is the raw file, not a zip
|
||||
expect(uploadedContent).toBe(expectedContent)
|
||||
})
|
||||
|
||||
it('should use the correct MIME type when skipArchive is true', async () => {
|
||||
jest
|
||||
.spyOn(uploadZipSpecification, 'getUploadZipSpecification')
|
||||
.mockRestore()
|
||||
|
||||
const singleFile = path.join(fixtures.uploadDirectory, 'file1.txt')
|
||||
|
||||
const createArtifactSpy = jest
|
||||
.spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact')
|
||||
.mockReturnValue(
|
||||
Promise.resolve({
|
||||
ok: true,
|
||||
signedUploadUrl: 'https://signed-upload-url.local'
|
||||
})
|
||||
)
|
||||
jest
|
||||
.spyOn(ArtifactServiceClientJSON.prototype, 'FinalizeArtifact')
|
||||
.mockReturnValue(
|
||||
Promise.resolve({
|
||||
ok: true,
|
||||
artifactId: '1'
|
||||
})
|
||||
)
|
||||
|
||||
uploadStreamMock.mockImplementation(
|
||||
async (
|
||||
stream: NodeJS.ReadableStream,
|
||||
bufferSize?: number,
|
||||
maxConcurrency?: number,
|
||||
options?: BlockBlobUploadStreamOptions
|
||||
) => {
|
||||
const {onProgress} = options || {}
|
||||
onProgress?.({loadedBytes: 0})
|
||||
return new Promise((resolve, reject) => {
|
||||
stream.on('data', chunk => {
|
||||
onProgress?.({loadedBytes: chunk.length})
|
||||
})
|
||||
stream.on('end', () => {
|
||||
resolve({})
|
||||
})
|
||||
stream.on('error', err => {
|
||||
reject(err)
|
||||
})
|
||||
})
|
||||
}
|
||||
)
|
||||
|
||||
await uploadArtifact(
|
||||
fixtures.inputs.artifactName,
|
||||
[singleFile],
|
||||
fixtures.uploadDirectory,
|
||||
{skipArchive: true}
|
||||
)
|
||||
|
||||
// Verify CreateArtifact was called with the correct MIME type for .txt file
|
||||
expect(createArtifactSpy).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
mimeType: expect.objectContaining({value: 'text/plain'})
|
||||
})
|
||||
)
|
||||
})
|
||||
|
||||
it('should use application/zip MIME type when skipArchive is false', async () => {
|
||||
jest
|
||||
.spyOn(uploadZipSpecification, 'getUploadZipSpecification')
|
||||
.mockRestore()
|
||||
|
||||
const createArtifactSpy = jest
|
||||
.spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact')
|
||||
.mockReturnValue(
|
||||
Promise.resolve({
|
||||
ok: true,
|
||||
signedUploadUrl: 'https://signed-upload-url.local'
|
||||
})
|
||||
)
|
||||
jest
|
||||
.spyOn(ArtifactServiceClientJSON.prototype, 'FinalizeArtifact')
|
||||
.mockReturnValue(
|
||||
Promise.resolve({
|
||||
ok: true,
|
||||
artifactId: '1'
|
||||
})
|
||||
)
|
||||
|
||||
uploadStreamMock.mockImplementation(
|
||||
async (
|
||||
stream: NodeJS.ReadableStream,
|
||||
bufferSize?: number,
|
||||
maxConcurrency?: number,
|
||||
options?: BlockBlobUploadStreamOptions
|
||||
) => {
|
||||
const {onProgress} = options || {}
|
||||
onProgress?.({loadedBytes: 0})
|
||||
return new Promise((resolve, reject) => {
|
||||
stream.on('data', chunk => {
|
||||
onProgress?.({loadedBytes: chunk.length})
|
||||
})
|
||||
stream.on('end', () => {
|
||||
resolve({})
|
||||
})
|
||||
stream.on('error', err => {
|
||||
reject(err)
|
||||
})
|
||||
})
|
||||
}
|
||||
)
|
||||
|
||||
await uploadArtifact(
|
||||
fixtures.inputs.artifactName,
|
||||
fixtures.files.map(file =>
|
||||
path.join(fixtures.uploadDirectory, file.name)
|
||||
),
|
||||
fixtures.uploadDirectory
|
||||
)
|
||||
|
||||
// Verify CreateArtifact was called with application/zip MIME type
|
||||
expect(createArtifactSpy).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
mimeType: expect.objectContaining({value: 'application/zip'})
|
||||
})
|
||||
)
|
||||
})
|
||||
|
||||
it('should use the file basename as artifact name when skipArchive is true', async () => {
|
||||
jest
|
||||
.spyOn(uploadZipSpecification, 'getUploadZipSpecification')
|
||||
.mockRestore()
|
||||
|
||||
const singleFile = path.join(fixtures.uploadDirectory, 'file1.txt')
|
||||
|
||||
const createArtifactSpy = jest
|
||||
.spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact')
|
||||
.mockReturnValue(
|
||||
Promise.resolve({
|
||||
ok: true,
|
||||
signedUploadUrl: 'https://signed-upload-url.local'
|
||||
})
|
||||
)
|
||||
jest
|
||||
.spyOn(ArtifactServiceClientJSON.prototype, 'FinalizeArtifact')
|
||||
.mockReturnValue(
|
||||
Promise.resolve({
|
||||
ok: true,
|
||||
artifactId: '1'
|
||||
})
|
||||
)
|
||||
|
||||
uploadStreamMock.mockImplementation(
|
||||
async (
|
||||
stream: NodeJS.ReadableStream,
|
||||
bufferSize?: number,
|
||||
maxConcurrency?: number,
|
||||
options?: BlockBlobUploadStreamOptions
|
||||
) => {
|
||||
const {onProgress} = options || {}
|
||||
onProgress?.({loadedBytes: 0})
|
||||
return new Promise((resolve, reject) => {
|
||||
stream.on('data', chunk => {
|
||||
onProgress?.({loadedBytes: chunk.length})
|
||||
})
|
||||
stream.on('end', () => {
|
||||
resolve({})
|
||||
})
|
||||
stream.on('error', err => {
|
||||
reject(err)
|
||||
})
|
||||
})
|
||||
}
|
||||
)
|
||||
|
||||
await uploadArtifact(
|
||||
'original-name',
|
||||
[singleFile],
|
||||
fixtures.uploadDirectory,
|
||||
{skipArchive: true}
|
||||
)
|
||||
|
||||
// Verify CreateArtifact was called with the file basename, not the original name
|
||||
expect(createArtifactSpy).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
name: 'file1.txt'
|
||||
})
|
||||
)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
Generated
+8
-9
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "@actions/artifact",
|
||||
"version": "6.0.0",
|
||||
"version": "6.2.1",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "@actions/artifact",
|
||||
"version": "6.0.0",
|
||||
"version": "6.2.1",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/core": "^3.0.0",
|
||||
@@ -1112,9 +1112,9 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/fast-xml-parser": {
|
||||
"version": "5.3.3",
|
||||
"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.3.tgz",
|
||||
"integrity": "sha512-2O3dkPAAC6JavuMm8+4+pgTk+5hoAs+CjZ+sWcQLkX9+/tHRuTkQh/Oaifr8qDmZ8iEHb771Ea6G8CdwkrgvYA==",
|
||||
"version": "5.3.4",
|
||||
"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.4.tgz",
|
||||
"integrity": "sha512-EFd6afGmXlCx8H8WTZHhAoDaWaGyuIBoZJ2mknrNxug+aZKjkp0a0dlars9Izl+jF+7Gu1/5f/2h68cQpe0IiA==",
|
||||
"funding": [
|
||||
{
|
||||
"type": "github",
|
||||
@@ -1795,7 +1795,6 @@
|
||||
"version": "5.9.3",
|
||||
"resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
|
||||
"integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"bin": {
|
||||
"tsc": "bin/tsc",
|
||||
@@ -1813,9 +1812,9 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/undici": {
|
||||
"version": "6.23.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
|
||||
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
|
||||
"version": "6.24.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.0.tgz",
|
||||
"integrity": "sha512-lVLNosgqo5EkGqh5XUDhGfsMSoO8K0BAN0TyJLvwNRSl4xWGZlCVYsAIpa/OpA3TvmnM01GWcoKmc3ZWo5wKKA==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">=18.17"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@actions/artifact",
|
||||
"version": "6.0.0",
|
||||
"version": "6.2.1",
|
||||
"preview": true,
|
||||
"description": "Actions artifact lib",
|
||||
"keywords": [
|
||||
|
||||
@@ -15,66 +15,6 @@ import { MessageType } from "@protobuf-ts/runtime";
|
||||
import { Int64Value } from "../../../google/protobuf/wrappers.js";
|
||||
import { StringValue } from "../../../google/protobuf/wrappers.js";
|
||||
import { Timestamp } from "../../../google/protobuf/timestamp.js";
|
||||
/**
|
||||
* @generated from protobuf message github.actions.results.api.v1.MigrateArtifactRequest
|
||||
*/
|
||||
export interface MigrateArtifactRequest {
|
||||
/**
|
||||
* @generated from protobuf field: string workflow_run_backend_id = 1;
|
||||
*/
|
||||
workflowRunBackendId: string;
|
||||
/**
|
||||
* @generated from protobuf field: string name = 2;
|
||||
*/
|
||||
name: string;
|
||||
/**
|
||||
* @generated from protobuf field: google.protobuf.Timestamp expires_at = 3;
|
||||
*/
|
||||
expiresAt?: Timestamp;
|
||||
}
|
||||
/**
|
||||
* @generated from protobuf message github.actions.results.api.v1.MigrateArtifactResponse
|
||||
*/
|
||||
export interface MigrateArtifactResponse {
|
||||
/**
|
||||
* @generated from protobuf field: bool ok = 1;
|
||||
*/
|
||||
ok: boolean;
|
||||
/**
|
||||
* @generated from protobuf field: string signed_upload_url = 2;
|
||||
*/
|
||||
signedUploadUrl: string;
|
||||
}
|
||||
/**
|
||||
* @generated from protobuf message github.actions.results.api.v1.FinalizeMigratedArtifactRequest
|
||||
*/
|
||||
export interface FinalizeMigratedArtifactRequest {
|
||||
/**
|
||||
* @generated from protobuf field: string workflow_run_backend_id = 1;
|
||||
*/
|
||||
workflowRunBackendId: string;
|
||||
/**
|
||||
* @generated from protobuf field: string name = 2;
|
||||
*/
|
||||
name: string;
|
||||
/**
|
||||
* @generated from protobuf field: int64 size = 3;
|
||||
*/
|
||||
size: string;
|
||||
}
|
||||
/**
|
||||
* @generated from protobuf message github.actions.results.api.v1.FinalizeMigratedArtifactResponse
|
||||
*/
|
||||
export interface FinalizeMigratedArtifactResponse {
|
||||
/**
|
||||
* @generated from protobuf field: bool ok = 1;
|
||||
*/
|
||||
ok: boolean;
|
||||
/**
|
||||
* @generated from protobuf field: int64 artifact_id = 2;
|
||||
*/
|
||||
artifactId: string;
|
||||
}
|
||||
/**
|
||||
* @generated from protobuf message github.actions.results.api.v1.CreateArtifactRequest
|
||||
*/
|
||||
@@ -99,6 +39,10 @@ export interface CreateArtifactRequest {
|
||||
* @generated from protobuf field: int32 version = 5;
|
||||
*/
|
||||
version: number;
|
||||
/**
|
||||
* @generated from protobuf field: google.protobuf.StringValue mime_type = 6;
|
||||
*/
|
||||
mimeType?: StringValue; // optional
|
||||
}
|
||||
/**
|
||||
* @generated from protobuf message github.actions.results.api.v1.CreateArtifactResponse
|
||||
@@ -293,236 +237,6 @@ export interface DeleteArtifactResponse {
|
||||
artifactId: string;
|
||||
}
|
||||
// @generated message type with reflection information, may provide speed optimized methods
|
||||
class MigrateArtifactRequest$Type extends MessageType<MigrateArtifactRequest> {
|
||||
constructor() {
|
||||
super("github.actions.results.api.v1.MigrateArtifactRequest", [
|
||||
{ no: 1, name: "workflow_run_backend_id", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
|
||||
{ no: 2, name: "name", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
|
||||
{ no: 3, name: "expires_at", kind: "message", T: () => Timestamp }
|
||||
]);
|
||||
}
|
||||
create(value?: PartialMessage<MigrateArtifactRequest>): MigrateArtifactRequest {
|
||||
const message = { workflowRunBackendId: "", name: "" };
|
||||
globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this });
|
||||
if (value !== undefined)
|
||||
reflectionMergePartial<MigrateArtifactRequest>(this, message, value);
|
||||
return message;
|
||||
}
|
||||
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: MigrateArtifactRequest): MigrateArtifactRequest {
|
||||
let message = target ?? this.create(), end = reader.pos + length;
|
||||
while (reader.pos < end) {
|
||||
let [fieldNo, wireType] = reader.tag();
|
||||
switch (fieldNo) {
|
||||
case /* string workflow_run_backend_id */ 1:
|
||||
message.workflowRunBackendId = reader.string();
|
||||
break;
|
||||
case /* string name */ 2:
|
||||
message.name = reader.string();
|
||||
break;
|
||||
case /* google.protobuf.Timestamp expires_at */ 3:
|
||||
message.expiresAt = Timestamp.internalBinaryRead(reader, reader.uint32(), options, message.expiresAt);
|
||||
break;
|
||||
default:
|
||||
let u = options.readUnknownField;
|
||||
if (u === "throw")
|
||||
throw new globalThis.Error(`Unknown field ${fieldNo} (wire type ${wireType}) for ${this.typeName}`);
|
||||
let d = reader.skip(wireType);
|
||||
if (u !== false)
|
||||
(u === true ? UnknownFieldHandler.onRead : u)(this.typeName, message, fieldNo, wireType, d);
|
||||
}
|
||||
}
|
||||
return message;
|
||||
}
|
||||
internalBinaryWrite(message: MigrateArtifactRequest, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter {
|
||||
/* string workflow_run_backend_id = 1; */
|
||||
if (message.workflowRunBackendId !== "")
|
||||
writer.tag(1, WireType.LengthDelimited).string(message.workflowRunBackendId);
|
||||
/* string name = 2; */
|
||||
if (message.name !== "")
|
||||
writer.tag(2, WireType.LengthDelimited).string(message.name);
|
||||
/* google.protobuf.Timestamp expires_at = 3; */
|
||||
if (message.expiresAt)
|
||||
Timestamp.internalBinaryWrite(message.expiresAt, writer.tag(3, WireType.LengthDelimited).fork(), options).join();
|
||||
let u = options.writeUnknownFields;
|
||||
if (u !== false)
|
||||
(u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer);
|
||||
return writer;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* @generated MessageType for protobuf message github.actions.results.api.v1.MigrateArtifactRequest
|
||||
*/
|
||||
export const MigrateArtifactRequest = new MigrateArtifactRequest$Type();
|
||||
// @generated message type with reflection information, may provide speed optimized methods
|
||||
class MigrateArtifactResponse$Type extends MessageType<MigrateArtifactResponse> {
|
||||
constructor() {
|
||||
super("github.actions.results.api.v1.MigrateArtifactResponse", [
|
||||
{ no: 1, name: "ok", kind: "scalar", T: 8 /*ScalarType.BOOL*/ },
|
||||
{ no: 2, name: "signed_upload_url", kind: "scalar", T: 9 /*ScalarType.STRING*/ }
|
||||
]);
|
||||
}
|
||||
create(value?: PartialMessage<MigrateArtifactResponse>): MigrateArtifactResponse {
|
||||
const message = { ok: false, signedUploadUrl: "" };
|
||||
globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this });
|
||||
if (value !== undefined)
|
||||
reflectionMergePartial<MigrateArtifactResponse>(this, message, value);
|
||||
return message;
|
||||
}
|
||||
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: MigrateArtifactResponse): MigrateArtifactResponse {
|
||||
let message = target ?? this.create(), end = reader.pos + length;
|
||||
while (reader.pos < end) {
|
||||
let [fieldNo, wireType] = reader.tag();
|
||||
switch (fieldNo) {
|
||||
case /* bool ok */ 1:
|
||||
message.ok = reader.bool();
|
||||
break;
|
||||
case /* string signed_upload_url */ 2:
|
||||
message.signedUploadUrl = reader.string();
|
||||
break;
|
||||
default:
|
||||
let u = options.readUnknownField;
|
||||
if (u === "throw")
|
||||
throw new globalThis.Error(`Unknown field ${fieldNo} (wire type ${wireType}) for ${this.typeName}`);
|
||||
let d = reader.skip(wireType);
|
||||
if (u !== false)
|
||||
(u === true ? UnknownFieldHandler.onRead : u)(this.typeName, message, fieldNo, wireType, d);
|
||||
}
|
||||
}
|
||||
return message;
|
||||
}
|
||||
internalBinaryWrite(message: MigrateArtifactResponse, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter {
|
||||
/* bool ok = 1; */
|
||||
if (message.ok !== false)
|
||||
writer.tag(1, WireType.Varint).bool(message.ok);
|
||||
/* string signed_upload_url = 2; */
|
||||
if (message.signedUploadUrl !== "")
|
||||
writer.tag(2, WireType.LengthDelimited).string(message.signedUploadUrl);
|
||||
let u = options.writeUnknownFields;
|
||||
if (u !== false)
|
||||
(u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer);
|
||||
return writer;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* @generated MessageType for protobuf message github.actions.results.api.v1.MigrateArtifactResponse
|
||||
*/
|
||||
export const MigrateArtifactResponse = new MigrateArtifactResponse$Type();
|
||||
// @generated message type with reflection information, may provide speed optimized methods
|
||||
class FinalizeMigratedArtifactRequest$Type extends MessageType<FinalizeMigratedArtifactRequest> {
|
||||
constructor() {
|
||||
super("github.actions.results.api.v1.FinalizeMigratedArtifactRequest", [
|
||||
{ no: 1, name: "workflow_run_backend_id", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
|
||||
{ no: 2, name: "name", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
|
||||
{ no: 3, name: "size", kind: "scalar", T: 3 /*ScalarType.INT64*/ }
|
||||
]);
|
||||
}
|
||||
create(value?: PartialMessage<FinalizeMigratedArtifactRequest>): FinalizeMigratedArtifactRequest {
|
||||
const message = { workflowRunBackendId: "", name: "", size: "0" };
|
||||
globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this });
|
||||
if (value !== undefined)
|
||||
reflectionMergePartial<FinalizeMigratedArtifactRequest>(this, message, value);
|
||||
return message;
|
||||
}
|
||||
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: FinalizeMigratedArtifactRequest): FinalizeMigratedArtifactRequest {
|
||||
let message = target ?? this.create(), end = reader.pos + length;
|
||||
while (reader.pos < end) {
|
||||
let [fieldNo, wireType] = reader.tag();
|
||||
switch (fieldNo) {
|
||||
case /* string workflow_run_backend_id */ 1:
|
||||
message.workflowRunBackendId = reader.string();
|
||||
break;
|
||||
case /* string name */ 2:
|
||||
message.name = reader.string();
|
||||
break;
|
||||
case /* int64 size */ 3:
|
||||
message.size = reader.int64().toString();
|
||||
break;
|
||||
default:
|
||||
let u = options.readUnknownField;
|
||||
if (u === "throw")
|
||||
throw new globalThis.Error(`Unknown field ${fieldNo} (wire type ${wireType}) for ${this.typeName}`);
|
||||
let d = reader.skip(wireType);
|
||||
if (u !== false)
|
||||
(u === true ? UnknownFieldHandler.onRead : u)(this.typeName, message, fieldNo, wireType, d);
|
||||
}
|
||||
}
|
||||
return message;
|
||||
}
|
||||
internalBinaryWrite(message: FinalizeMigratedArtifactRequest, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter {
|
||||
/* string workflow_run_backend_id = 1; */
|
||||
if (message.workflowRunBackendId !== "")
|
||||
writer.tag(1, WireType.LengthDelimited).string(message.workflowRunBackendId);
|
||||
/* string name = 2; */
|
||||
if (message.name !== "")
|
||||
writer.tag(2, WireType.LengthDelimited).string(message.name);
|
||||
/* int64 size = 3; */
|
||||
if (message.size !== "0")
|
||||
writer.tag(3, WireType.Varint).int64(message.size);
|
||||
let u = options.writeUnknownFields;
|
||||
if (u !== false)
|
||||
(u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer);
|
||||
return writer;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* @generated MessageType for protobuf message github.actions.results.api.v1.FinalizeMigratedArtifactRequest
|
||||
*/
|
||||
export const FinalizeMigratedArtifactRequest = new FinalizeMigratedArtifactRequest$Type();
|
||||
// @generated message type with reflection information, may provide speed optimized methods
|
||||
class FinalizeMigratedArtifactResponse$Type extends MessageType<FinalizeMigratedArtifactResponse> {
|
||||
constructor() {
|
||||
super("github.actions.results.api.v1.FinalizeMigratedArtifactResponse", [
|
||||
{ no: 1, name: "ok", kind: "scalar", T: 8 /*ScalarType.BOOL*/ },
|
||||
{ no: 2, name: "artifact_id", kind: "scalar", T: 3 /*ScalarType.INT64*/ }
|
||||
]);
|
||||
}
|
||||
create(value?: PartialMessage<FinalizeMigratedArtifactResponse>): FinalizeMigratedArtifactResponse {
|
||||
const message = { ok: false, artifactId: "0" };
|
||||
globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this });
|
||||
if (value !== undefined)
|
||||
reflectionMergePartial<FinalizeMigratedArtifactResponse>(this, message, value);
|
||||
return message;
|
||||
}
|
||||
internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: FinalizeMigratedArtifactResponse): FinalizeMigratedArtifactResponse {
|
||||
let message = target ?? this.create(), end = reader.pos + length;
|
||||
while (reader.pos < end) {
|
||||
let [fieldNo, wireType] = reader.tag();
|
||||
switch (fieldNo) {
|
||||
case /* bool ok */ 1:
|
||||
message.ok = reader.bool();
|
||||
break;
|
||||
case /* int64 artifact_id */ 2:
|
||||
message.artifactId = reader.int64().toString();
|
||||
break;
|
||||
default:
|
||||
let u = options.readUnknownField;
|
||||
if (u === "throw")
|
||||
throw new globalThis.Error(`Unknown field ${fieldNo} (wire type ${wireType}) for ${this.typeName}`);
|
||||
let d = reader.skip(wireType);
|
||||
if (u !== false)
|
||||
(u === true ? UnknownFieldHandler.onRead : u)(this.typeName, message, fieldNo, wireType, d);
|
||||
}
|
||||
}
|
||||
return message;
|
||||
}
|
||||
internalBinaryWrite(message: FinalizeMigratedArtifactResponse, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter {
|
||||
/* bool ok = 1; */
|
||||
if (message.ok !== false)
|
||||
writer.tag(1, WireType.Varint).bool(message.ok);
|
||||
/* int64 artifact_id = 2; */
|
||||
if (message.artifactId !== "0")
|
||||
writer.tag(2, WireType.Varint).int64(message.artifactId);
|
||||
let u = options.writeUnknownFields;
|
||||
if (u !== false)
|
||||
(u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer);
|
||||
return writer;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* @generated MessageType for protobuf message github.actions.results.api.v1.FinalizeMigratedArtifactResponse
|
||||
*/
|
||||
export const FinalizeMigratedArtifactResponse = new FinalizeMigratedArtifactResponse$Type();
|
||||
// @generated message type with reflection information, may provide speed optimized methods
|
||||
class CreateArtifactRequest$Type extends MessageType<CreateArtifactRequest> {
|
||||
constructor() {
|
||||
super("github.actions.results.api.v1.CreateArtifactRequest", [
|
||||
@@ -530,7 +244,8 @@ class CreateArtifactRequest$Type extends MessageType<CreateArtifactRequest> {
|
||||
{ no: 2, name: "workflow_job_run_backend_id", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
|
||||
{ no: 3, name: "name", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
|
||||
{ no: 4, name: "expires_at", kind: "message", T: () => Timestamp },
|
||||
{ no: 5, name: "version", kind: "scalar", T: 5 /*ScalarType.INT32*/ }
|
||||
{ no: 5, name: "version", kind: "scalar", T: 5 /*ScalarType.INT32*/ },
|
||||
{ no: 6, name: "mime_type", kind: "message", T: () => StringValue }
|
||||
]);
|
||||
}
|
||||
create(value?: PartialMessage<CreateArtifactRequest>): CreateArtifactRequest {
|
||||
@@ -560,6 +275,9 @@ class CreateArtifactRequest$Type extends MessageType<CreateArtifactRequest> {
|
||||
case /* int32 version */ 5:
|
||||
message.version = reader.int32();
|
||||
break;
|
||||
case /* google.protobuf.StringValue mime_type */ 6:
|
||||
message.mimeType = StringValue.internalBinaryRead(reader, reader.uint32(), options, message.mimeType);
|
||||
break;
|
||||
default:
|
||||
let u = options.readUnknownField;
|
||||
if (u === "throw")
|
||||
@@ -587,6 +305,9 @@ class CreateArtifactRequest$Type extends MessageType<CreateArtifactRequest> {
|
||||
/* int32 version = 5; */
|
||||
if (message.version !== 0)
|
||||
writer.tag(5, WireType.Varint).int32(message.version);
|
||||
/* google.protobuf.StringValue mime_type = 6; */
|
||||
if (message.mimeType)
|
||||
StringValue.internalBinaryWrite(message.mimeType, writer.tag(6, WireType.LengthDelimited).fork(), options).join();
|
||||
let u = options.writeUnknownFields;
|
||||
if (u !== false)
|
||||
(u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer);
|
||||
@@ -852,7 +573,7 @@ export const ListArtifactsRequest = new ListArtifactsRequest$Type();
|
||||
class ListArtifactsResponse$Type extends MessageType<ListArtifactsResponse> {
|
||||
constructor() {
|
||||
super("github.actions.results.api.v1.ListArtifactsResponse", [
|
||||
{ no: 1, name: "artifacts", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => ListArtifactsResponse_MonolithArtifact }
|
||||
{ no: 1, name: "artifacts", kind: "message", repeat: 2 /*RepeatType.UNPACKED*/, T: () => ListArtifactsResponse_MonolithArtifact }
|
||||
]);
|
||||
}
|
||||
create(value?: PartialMessage<ListArtifactsResponse>): ListArtifactsResponse {
|
||||
@@ -1215,7 +936,5 @@ export const ArtifactService = new ServiceType("github.actions.results.api.v1.Ar
|
||||
{ name: "FinalizeArtifact", options: {}, I: FinalizeArtifactRequest, O: FinalizeArtifactResponse },
|
||||
{ name: "ListArtifacts", options: {}, I: ListArtifactsRequest, O: ListArtifactsResponse },
|
||||
{ name: "GetSignedArtifactURL", options: {}, I: GetSignedArtifactURLRequest, O: GetSignedArtifactURLResponse },
|
||||
{ name: "DeleteArtifact", options: {}, I: DeleteArtifactRequest, O: DeleteArtifactResponse },
|
||||
{ name: "MigrateArtifact", options: {}, I: MigrateArtifactRequest, O: MigrateArtifactResponse },
|
||||
{ name: "FinalizeMigratedArtifact", options: {}, I: FinalizeMigratedArtifactRequest, O: FinalizeMigratedArtifactResponse }
|
||||
{ name: "DeleteArtifact", options: {}, I: DeleteArtifactRequest, O: DeleteArtifactResponse }
|
||||
]);
|
||||
@@ -229,4 +229,4 @@ export class ArtifactServiceClientProtobuf implements ArtifactServiceClient {
|
||||
DeleteArtifactResponse.fromBinary(data as Uint8Array)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,8 @@
|
||||
import fs from 'fs/promises'
|
||||
import * as fsSync from 'fs'
|
||||
import * as crypto from 'crypto'
|
||||
import * as stream from 'stream'
|
||||
import * as path from 'path'
|
||||
|
||||
import * as github from '@actions/github'
|
||||
import * as core from '@actions/core'
|
||||
@@ -43,12 +45,13 @@ async function exists(path: string): Promise<boolean> {
|
||||
|
||||
async function streamExtract(
|
||||
url: string,
|
||||
directory: string
|
||||
directory: string,
|
||||
skipDecompress?: boolean
|
||||
): Promise<StreamExtractResponse> {
|
||||
let retryCount = 0
|
||||
while (retryCount < 5) {
|
||||
try {
|
||||
return await streamExtractExternal(url, directory)
|
||||
return await streamExtractExternal(url, directory, {skipDecompress})
|
||||
} catch (error) {
|
||||
retryCount++
|
||||
core.debug(
|
||||
@@ -65,8 +68,9 @@ async function streamExtract(
|
||||
export async function streamExtractExternal(
|
||||
url: string,
|
||||
directory: string,
|
||||
opts: {timeout: number} = {timeout: 30 * 1000}
|
||||
opts: {timeout?: number; skipDecompress?: boolean} = {}
|
||||
): Promise<StreamExtractResponse> {
|
||||
const {timeout = 30 * 1000, skipDecompress = false} = opts
|
||||
const client = new httpClient.HttpClient(getUserAgentString())
|
||||
const response = await client.get(url)
|
||||
if (response.message.statusCode !== 200) {
|
||||
@@ -75,49 +79,97 @@ export async function streamExtractExternal(
|
||||
)
|
||||
}
|
||||
|
||||
const contentType = response.message.headers['content-type'] || ''
|
||||
const mimeType = contentType.split(';', 1)[0].trim().toLowerCase()
|
||||
|
||||
// Check if the URL path ends with .zip (ignoring query parameters)
|
||||
const urlPath = new URL(url).pathname.toLowerCase()
|
||||
const urlEndsWithZip = urlPath.endsWith('.zip')
|
||||
|
||||
const isZip =
|
||||
mimeType === 'application/zip' ||
|
||||
mimeType === 'application/x-zip-compressed' ||
|
||||
mimeType === 'application/zip-compressed' ||
|
||||
urlEndsWithZip
|
||||
|
||||
// Extract filename from Content-Disposition header
|
||||
// Prefer filename* (RFC 5987) which supports UTF-8 encoded filenames,
|
||||
// fall back to filename which may contain ASCII-only replacements
|
||||
const contentDisposition =
|
||||
response.message.headers['content-disposition'] || ''
|
||||
let fileName = 'artifact'
|
||||
const filenameStar = contentDisposition.match(
|
||||
/filename\*\s*=\s*UTF-8''([^;\r\n]*)/i
|
||||
)
|
||||
const filenamePlain = contentDisposition.match(
|
||||
/(?<!\*)filename\s*=\s*['"]?([^;\r\n"']*)['"]?/i
|
||||
)
|
||||
const rawName = filenameStar?.[1] || filenamePlain?.[1]
|
||||
if (rawName) {
|
||||
// Sanitize fileName to prevent path traversal attacks
|
||||
// Use path.basename to extract only the filename component
|
||||
fileName = path.basename(decodeURIComponent(rawName.trim()))
|
||||
}
|
||||
|
||||
core.debug(
|
||||
`Content-Type: ${contentType}, mimeType: ${mimeType}, urlEndsWithZip: ${urlEndsWithZip}, isZip: ${isZip}, skipDecompress: ${skipDecompress}`
|
||||
)
|
||||
core.debug(
|
||||
`Content-Disposition: ${contentDisposition}, fileName: ${fileName}`
|
||||
)
|
||||
|
||||
let sha256Digest: string | undefined = undefined
|
||||
|
||||
return new Promise((resolve, reject) => {
|
||||
const timerFn = (): void => {
|
||||
const timeoutError = new Error(
|
||||
`Blob storage chunk did not respond in ${opts.timeout}ms`
|
||||
`Blob storage chunk did not respond in ${timeout}ms`
|
||||
)
|
||||
response.message.destroy(timeoutError)
|
||||
reject(timeoutError)
|
||||
}
|
||||
const timer = setTimeout(timerFn, opts.timeout)
|
||||
const timer = setTimeout(timerFn, timeout)
|
||||
|
||||
const onError = (error: Error): void => {
|
||||
core.debug(`response.message: Artifact download failed: ${error.message}`)
|
||||
clearTimeout(timer)
|
||||
reject(error)
|
||||
}
|
||||
|
||||
const hashStream = crypto.createHash('sha256').setEncoding('hex')
|
||||
const passThrough = new stream.PassThrough()
|
||||
|
||||
response.message.pipe(passThrough)
|
||||
passThrough.pipe(hashStream)
|
||||
const extractStream = passThrough
|
||||
|
||||
extractStream
|
||||
.on('data', () => {
|
||||
timer.refresh()
|
||||
})
|
||||
.on('error', (error: Error) => {
|
||||
core.debug(
|
||||
`response.message: Artifact download failed: ${error.message}`
|
||||
)
|
||||
clearTimeout(timer)
|
||||
reject(error)
|
||||
})
|
||||
.pipe(unzip.Extract({path: directory}))
|
||||
.on('close', () => {
|
||||
clearTimeout(timer)
|
||||
if (hashStream) {
|
||||
hashStream.end()
|
||||
sha256Digest = hashStream.read() as string
|
||||
core.info(`SHA256 digest of downloaded artifact is ${sha256Digest}`)
|
||||
}
|
||||
resolve({sha256Digest: `sha256:${sha256Digest}`})
|
||||
})
|
||||
.on('error', (error: Error) => {
|
||||
reject(error)
|
||||
})
|
||||
.on('error', onError)
|
||||
|
||||
response.message.pipe(passThrough)
|
||||
passThrough.pipe(hashStream)
|
||||
|
||||
const onClose = (): void => {
|
||||
clearTimeout(timer)
|
||||
if (hashStream) {
|
||||
hashStream.end()
|
||||
sha256Digest = hashStream.read() as string
|
||||
core.info(`SHA256 digest of downloaded artifact is ${sha256Digest}`)
|
||||
}
|
||||
resolve({sha256Digest: `sha256:${sha256Digest}`})
|
||||
}
|
||||
|
||||
if (isZip && !skipDecompress) {
|
||||
// Extract zip file
|
||||
passThrough
|
||||
.pipe(unzip.Extract({path: directory}))
|
||||
.on('close', onClose)
|
||||
.on('error', onError)
|
||||
} else {
|
||||
// Save raw file without extracting
|
||||
const filePath = path.join(directory, fileName)
|
||||
const writeStream = fsSync.createWriteStream(filePath)
|
||||
|
||||
core.info(`Downloading raw file (non-zip) to: ${filePath}`)
|
||||
passThrough.pipe(writeStream).on('close', onClose).on('error', onError)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
@@ -163,7 +215,11 @@ export async function downloadArtifactPublic(
|
||||
|
||||
try {
|
||||
core.info(`Starting download of artifact to: ${downloadPath}`)
|
||||
const extractResponse = await streamExtract(location, downloadPath)
|
||||
const extractResponse = await streamExtract(
|
||||
location,
|
||||
downloadPath,
|
||||
options?.skipDecompress
|
||||
)
|
||||
core.info(`Artifact download completed successfully.`)
|
||||
if (options?.expectedHash) {
|
||||
if (options?.expectedHash !== extractResponse.sha256Digest) {
|
||||
@@ -224,7 +280,11 @@ export async function downloadArtifactInternal(
|
||||
|
||||
try {
|
||||
core.info(`Starting download of artifact to: ${downloadPath}`)
|
||||
const extractResponse = await streamExtract(signedUrl, downloadPath)
|
||||
const extractResponse = await streamExtract(
|
||||
signedUrl,
|
||||
downloadPath,
|
||||
options?.skipDecompress
|
||||
)
|
||||
core.info(`Artifact download completed successfully.`)
|
||||
if (options?.expectedHash) {
|
||||
if (options?.expectedHash !== extractResponse.sha256Digest) {
|
||||
|
||||
@@ -60,7 +60,7 @@ export class NetworkError extends Error {
|
||||
|
||||
export class UsageError extends Error {
|
||||
constructor() {
|
||||
const message = `Artifact storage quota has been hit. Unable to upload any new artifacts. Usage is recalculated every 6-12 hours.\nMore info on storage limits: https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions#calculating-minute-and-storage-spending`
|
||||
const message = `Artifact storage quota has been hit. Unable to upload any new artifacts.\nMore info on storage limits: https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions#calculating-minute-and-storage-spending`
|
||||
super(message)
|
||||
this.name = 'UsageError'
|
||||
}
|
||||
|
||||
@@ -50,6 +50,13 @@ export interface UploadArtifactOptions {
|
||||
* For large files that are not easily compressed, a value of 0 is recommended for significantly faster uploads.
|
||||
*/
|
||||
compressionLevel?: number
|
||||
/**
|
||||
* If true, the artifact will be uploaded without being archived (zipped).
|
||||
* This is only supported when uploading a single file.
|
||||
* When using this option, the artifact will not be compressed.
|
||||
* When using this option, the name parameter passed to the upload is ignored. Instead, the name of the file is used as the name of the artifact.
|
||||
*/
|
||||
skipArchive?: boolean
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -113,6 +120,12 @@ export interface DownloadArtifactOptions {
|
||||
* matches the expected hash.
|
||||
*/
|
||||
expectedHash?: string
|
||||
|
||||
/**
|
||||
* If true, the downloaded artifact will not be automatically extracted/decompressed.
|
||||
* The artifact will be saved as-is to the destination path.
|
||||
*/
|
||||
skipDecompress?: boolean
|
||||
}
|
||||
|
||||
export interface StreamExtractResponse {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import {BlobClient, BlockBlobUploadStreamOptions} from '@azure/storage-blob'
|
||||
import {TransferProgressEvent} from '@azure/core-http-compat'
|
||||
import {ZipUploadStream} from './zip.js'
|
||||
import {WaterMarkedUploadStream} from './stream.js'
|
||||
import {
|
||||
getUploadChunkSize,
|
||||
getConcurrency,
|
||||
@@ -23,9 +23,10 @@ export interface BlobUploadResponse {
|
||||
sha256Hash?: string
|
||||
}
|
||||
|
||||
export async function uploadZipToBlobStorage(
|
||||
export async function uploadToBlobStorage(
|
||||
authenticatedUploadURL: string,
|
||||
zipUploadStream: ZipUploadStream
|
||||
uploadStream: WaterMarkedUploadStream,
|
||||
contentType: string
|
||||
): Promise<BlobUploadResponse> {
|
||||
let uploadByteCount = 0
|
||||
let lastProgressTime = Date.now()
|
||||
@@ -51,7 +52,7 @@ export async function uploadZipToBlobStorage(
|
||||
const blockBlobClient = blobClient.getBlockBlobClient()
|
||||
|
||||
core.debug(
|
||||
`Uploading artifact zip to blob storage with maxConcurrency: ${maxConcurrency}, bufferSize: ${bufferSize}`
|
||||
`Uploading artifact to blob storage with maxConcurrency: ${maxConcurrency}, bufferSize: ${bufferSize}, contentType: ${contentType}`
|
||||
)
|
||||
|
||||
const uploadCallback = (progress: TransferProgressEvent): void => {
|
||||
@@ -61,24 +62,24 @@ export async function uploadZipToBlobStorage(
|
||||
}
|
||||
|
||||
const options: BlockBlobUploadStreamOptions = {
|
||||
blobHTTPHeaders: {blobContentType: 'zip'},
|
||||
blobHTTPHeaders: {blobContentType: contentType},
|
||||
onProgress: uploadCallback,
|
||||
abortSignal: abortController.signal
|
||||
}
|
||||
|
||||
let sha256Hash: string | undefined = undefined
|
||||
const uploadStream = new stream.PassThrough()
|
||||
const blobUploadStream = new stream.PassThrough()
|
||||
const hashStream = crypto.createHash('sha256')
|
||||
|
||||
zipUploadStream.pipe(uploadStream) // This stream is used for the upload
|
||||
zipUploadStream.pipe(hashStream).setEncoding('hex') // This stream is used to compute a hash of the zip content that gets used. Integrity check
|
||||
uploadStream.pipe(blobUploadStream) // This stream is used for the upload
|
||||
uploadStream.pipe(hashStream).setEncoding('hex') // This stream is used to compute a hash of the content for integrity check
|
||||
|
||||
core.info('Beginning upload of artifact content to blob storage')
|
||||
|
||||
try {
|
||||
await Promise.race([
|
||||
blockBlobClient.uploadStream(
|
||||
uploadStream,
|
||||
blobUploadStream,
|
||||
bufferSize,
|
||||
maxConcurrency,
|
||||
options
|
||||
@@ -98,7 +99,7 @@ export async function uploadZipToBlobStorage(
|
||||
|
||||
hashStream.end()
|
||||
sha256Hash = hashStream.read() as string
|
||||
core.info(`SHA256 digest of uploaded artifact zip is ${sha256Hash}`)
|
||||
core.info(`SHA256 digest of uploaded artifact is ${sha256Hash}`)
|
||||
|
||||
if (uploadByteCount === 0) {
|
||||
core.warning(
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
import * as stream from 'stream'
|
||||
import * as fs from 'fs'
|
||||
import {realpath} from 'fs/promises'
|
||||
import * as core from '@actions/core'
|
||||
import {getUploadChunkSize} from '../shared/config.js'
|
||||
|
||||
// Custom stream transformer so we can set the highWaterMark property
|
||||
// See https://github.com/nodejs/node/issues/8855
|
||||
export class WaterMarkedUploadStream extends stream.Transform {
|
||||
constructor(bufferSize: number) {
|
||||
super({
|
||||
highWaterMark: bufferSize
|
||||
})
|
||||
}
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
_transform(chunk: any, enc: any, cb: any): void {
|
||||
cb(null, chunk)
|
||||
}
|
||||
}
|
||||
|
||||
export async function createRawFileUploadStream(
|
||||
filePath: string
|
||||
): Promise<WaterMarkedUploadStream> {
|
||||
core.debug(`Creating raw file upload stream for: ${filePath}`)
|
||||
|
||||
const bufferSize = getUploadChunkSize()
|
||||
const uploadStream = new WaterMarkedUploadStream(bufferSize)
|
||||
|
||||
// Check if symlink and resolve the source path
|
||||
let sourcePath = filePath
|
||||
const stats = await fs.promises.lstat(filePath)
|
||||
if (stats.isSymbolicLink()) {
|
||||
sourcePath = await realpath(filePath)
|
||||
}
|
||||
|
||||
// Create a read stream from the file and pipe it to the upload stream
|
||||
const fileStream = fs.createReadStream(sourcePath, {
|
||||
highWaterMark: bufferSize
|
||||
})
|
||||
|
||||
fileStream.on('error', error => {
|
||||
core.error('An error has occurred while reading the file for upload')
|
||||
core.error(String(error))
|
||||
uploadStream.destroy(
|
||||
new Error('An error has occurred during file read for the artifact')
|
||||
)
|
||||
})
|
||||
|
||||
fileStream.pipe(uploadStream)
|
||||
|
||||
return uploadStream
|
||||
}
|
||||
@@ -0,0 +1,82 @@
|
||||
import * as path from 'path'
|
||||
|
||||
/**
|
||||
* Maps file extensions to MIME types
|
||||
*/
|
||||
const mimeTypes: Record<string, string> = {
|
||||
// Text
|
||||
'.txt': 'text/plain',
|
||||
'.html': 'text/html',
|
||||
'.htm': 'text/html',
|
||||
'.css': 'text/css',
|
||||
'.csv': 'text/csv',
|
||||
'.xml': 'text/xml',
|
||||
'.md': 'text/markdown',
|
||||
|
||||
// JavaScript/JSON
|
||||
'.js': 'application/javascript',
|
||||
'.mjs': 'application/javascript',
|
||||
'.json': 'application/json',
|
||||
|
||||
// Images
|
||||
'.png': 'image/png',
|
||||
'.jpg': 'image/jpeg',
|
||||
'.jpeg': 'image/jpeg',
|
||||
'.gif': 'image/gif',
|
||||
'.svg': 'image/svg+xml',
|
||||
'.webp': 'image/webp',
|
||||
'.ico': 'image/x-icon',
|
||||
'.bmp': 'image/bmp',
|
||||
'.tiff': 'image/tiff',
|
||||
'.tif': 'image/tiff',
|
||||
|
||||
// Audio
|
||||
'.mp3': 'audio/mpeg',
|
||||
'.wav': 'audio/wav',
|
||||
'.ogg': 'audio/ogg',
|
||||
'.flac': 'audio/flac',
|
||||
|
||||
// Video
|
||||
'.mp4': 'video/mp4',
|
||||
'.webm': 'video/webm',
|
||||
'.avi': 'video/x-msvideo',
|
||||
'.mov': 'video/quicktime',
|
||||
|
||||
// Documents
|
||||
'.pdf': 'application/pdf',
|
||||
'.doc': 'application/msword',
|
||||
'.docx':
|
||||
'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
|
||||
'.xls': 'application/vnd.ms-excel',
|
||||
'.xlsx': 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
|
||||
'.ppt': 'application/vnd.ms-powerpoint',
|
||||
'.pptx':
|
||||
'application/vnd.openxmlformats-officedocument.presentationml.presentation',
|
||||
|
||||
// Archives
|
||||
'.zip': 'application/zip',
|
||||
'.tar': 'application/x-tar',
|
||||
'.gz': 'application/gzip',
|
||||
'.rar': 'application/vnd.rar',
|
||||
'.7z': 'application/x-7z-compressed',
|
||||
|
||||
// Code/Data
|
||||
'.wasm': 'application/wasm',
|
||||
'.yaml': 'application/x-yaml',
|
||||
'.yml': 'application/x-yaml',
|
||||
|
||||
// Fonts
|
||||
'.woff': 'font/woff',
|
||||
'.woff2': 'font/woff2',
|
||||
'.ttf': 'font/ttf',
|
||||
'.otf': 'font/otf',
|
||||
'.eot': 'application/vnd.ms-fontobject'
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the MIME type for a file based on its extension
|
||||
*/
|
||||
export function getMimeType(filePath: string): string {
|
||||
const ext = path.extname(filePath).toLowerCase()
|
||||
return mimeTypes[ext] || 'application/octet-stream'
|
||||
}
|
||||
@@ -1,4 +1,6 @@
|
||||
import * as core from '@actions/core'
|
||||
import * as fs from 'fs'
|
||||
import * as path from 'path'
|
||||
import {
|
||||
UploadArtifactOptions,
|
||||
UploadArtifactResponse
|
||||
@@ -12,14 +14,16 @@ import {
|
||||
validateRootDirectory
|
||||
} from './upload-zip-specification.js'
|
||||
import {getBackendIdsFromToken} from '../shared/util.js'
|
||||
import {uploadZipToBlobStorage} from './blob-upload.js'
|
||||
import {uploadToBlobStorage} from './blob-upload.js'
|
||||
import {createZipUploadStream} from './zip.js'
|
||||
import {createRawFileUploadStream, WaterMarkedUploadStream} from './stream.js'
|
||||
import {
|
||||
CreateArtifactRequest,
|
||||
FinalizeArtifactRequest,
|
||||
StringValue
|
||||
} from '../../generated/index.js'
|
||||
import {FilesNotFoundError, InvalidResponseError} from '../shared/errors.js'
|
||||
import {getMimeType} from './types.js'
|
||||
|
||||
export async function uploadArtifact(
|
||||
name: string,
|
||||
@@ -27,19 +31,43 @@ export async function uploadArtifact(
|
||||
rootDirectory: string,
|
||||
options?: UploadArtifactOptions | undefined
|
||||
): Promise<UploadArtifactResponse> {
|
||||
let artifactFileName = `${name}.zip`
|
||||
if (options?.skipArchive) {
|
||||
if (files.length === 0) {
|
||||
throw new FilesNotFoundError([])
|
||||
}
|
||||
|
||||
if (files.length > 1) {
|
||||
throw new Error(
|
||||
'skipArchive option is only supported when uploading a single file'
|
||||
)
|
||||
}
|
||||
|
||||
if (!fs.existsSync(files[0])) {
|
||||
throw new FilesNotFoundError(files)
|
||||
}
|
||||
|
||||
artifactFileName = path.basename(files[0])
|
||||
name = artifactFileName
|
||||
}
|
||||
|
||||
validateArtifactName(name)
|
||||
validateRootDirectory(rootDirectory)
|
||||
|
||||
const zipSpecification: UploadZipSpecification[] = getUploadZipSpecification(
|
||||
files,
|
||||
rootDirectory
|
||||
)
|
||||
if (zipSpecification.length === 0) {
|
||||
throw new FilesNotFoundError(
|
||||
zipSpecification.flatMap(s => (s.sourcePath ? [s.sourcePath] : []))
|
||||
)
|
||||
let zipSpecification: UploadZipSpecification[] = []
|
||||
|
||||
if (!options?.skipArchive) {
|
||||
zipSpecification = getUploadZipSpecification(files, rootDirectory)
|
||||
|
||||
if (zipSpecification.length === 0) {
|
||||
throw new FilesNotFoundError(
|
||||
zipSpecification.flatMap(s => (s.sourcePath ? [s.sourcePath] : []))
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
const contentType = getMimeType(artifactFileName)
|
||||
|
||||
// get the IDs needed for the artifact creation
|
||||
const backendIds = getBackendIdsFromToken()
|
||||
|
||||
@@ -51,7 +79,8 @@ export async function uploadArtifact(
|
||||
workflowRunBackendId: backendIds.workflowRunBackendId,
|
||||
workflowJobRunBackendId: backendIds.workflowJobRunBackendId,
|
||||
name,
|
||||
version: 4
|
||||
mimeType: StringValue.create({value: contentType}),
|
||||
version: 7
|
||||
}
|
||||
|
||||
// if there is a retention period, add it to the request
|
||||
@@ -68,15 +97,24 @@ export async function uploadArtifact(
|
||||
)
|
||||
}
|
||||
|
||||
const zipUploadStream = await createZipUploadStream(
|
||||
zipSpecification,
|
||||
options?.compressionLevel
|
||||
)
|
||||
let stream: WaterMarkedUploadStream
|
||||
|
||||
// Upload zip to blob storage
|
||||
const uploadResult = await uploadZipToBlobStorage(
|
||||
if (options?.skipArchive) {
|
||||
// Upload raw file without archiving
|
||||
stream = await createRawFileUploadStream(files[0])
|
||||
} else {
|
||||
// Create and upload zip archive
|
||||
stream = await createZipUploadStream(
|
||||
zipSpecification,
|
||||
options?.compressionLevel
|
||||
)
|
||||
}
|
||||
|
||||
core.info(`Uploading artifact: ${artifactFileName}`)
|
||||
const uploadResult = await uploadToBlobStorage(
|
||||
createArtifactResp.signedUploadUrl,
|
||||
zipUploadStream
|
||||
stream,
|
||||
contentType
|
||||
)
|
||||
|
||||
// finalize the artifact
|
||||
@@ -105,7 +143,7 @@ export async function uploadArtifact(
|
||||
|
||||
const artifactId = BigInt(finalizeArtifactResp.artifactId)
|
||||
core.info(
|
||||
`Artifact ${name}.zip successfully finalized. Artifact ID ${artifactId}`
|
||||
`Artifact ${name} successfully finalized. Artifact ID ${artifactId}`
|
||||
)
|
||||
|
||||
return {
|
||||
|
||||
@@ -1,31 +1,16 @@
|
||||
import * as stream from 'stream'
|
||||
import {realpath} from 'fs/promises'
|
||||
import archiver from 'archiver'
|
||||
import * as core from '@actions/core'
|
||||
import {UploadZipSpecification} from './upload-zip-specification.js'
|
||||
import {getUploadChunkSize} from '../shared/config.js'
|
||||
import {WaterMarkedUploadStream} from './stream.js'
|
||||
|
||||
export const DEFAULT_COMPRESSION_LEVEL = 6
|
||||
|
||||
// Custom stream transformer so we can set the highWaterMark property
|
||||
// See https://github.com/nodejs/node/issues/8855
|
||||
export class ZipUploadStream extends stream.Transform {
|
||||
constructor(bufferSize: number) {
|
||||
super({
|
||||
highWaterMark: bufferSize
|
||||
})
|
||||
}
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
_transform(chunk: any, enc: any, cb: any): void {
|
||||
cb(null, chunk)
|
||||
}
|
||||
}
|
||||
|
||||
export async function createZipUploadStream(
|
||||
uploadSpecification: UploadZipSpecification[],
|
||||
compressionLevel: number = DEFAULT_COMPRESSION_LEVEL
|
||||
): Promise<ZipUploadStream> {
|
||||
): Promise<WaterMarkedUploadStream> {
|
||||
core.debug(
|
||||
`Creating Artifact archive with compressionLevel: ${compressionLevel}`
|
||||
)
|
||||
@@ -60,7 +45,7 @@ export async function createZipUploadStream(
|
||||
}
|
||||
|
||||
const bufferSize = getUploadChunkSize()
|
||||
const zipUploadStream = new ZipUploadStream(bufferSize)
|
||||
const zipUploadStream = new WaterMarkedUploadStream(bufferSize)
|
||||
|
||||
core.debug(
|
||||
`Zip write high watermark value ${zipUploadStream.writableHighWaterMark}`
|
||||
|
||||
+30
-14
@@ -1,28 +1,43 @@
|
||||
# @actions/attest Releases
|
||||
|
||||
### 2.2.1
|
||||
## 3.2.0
|
||||
|
||||
- Add custom user-agent for more API calls [#2321](https://github.com/actions/toolkit/pull/2321)
|
||||
|
||||
## 3.1.0
|
||||
|
||||
- Add support for `ACTIONS_ORCHESTRATION_ID` in user-agent [#2320](https://github.com/actions/toolkit/pull/2320)
|
||||
|
||||
## 3.0.0
|
||||
|
||||
- **Breaking change**: Package is now ESM-only
|
||||
- CommonJS consumers must use dynamic `import()` instead of `require()`
|
||||
- Bump `@actions/core` to `^3.0.0`
|
||||
- Bump `@actions/http-client` to `^4.0.0`
|
||||
|
||||
## 2.2.1
|
||||
|
||||
- Bump `@actions/http-client` to `3.0.2`
|
||||
- Bump `undici` to `6.23.0`
|
||||
|
||||
### 2.2.0
|
||||
## 2.2.0
|
||||
|
||||
- Bump @actions/core from 1.11.1 to 2.0.2
|
||||
- Bump @actions/github from 6.0.0 to 7.0.0
|
||||
- Bump @actions/http-client from 2.2.3 to 3.0.1
|
||||
|
||||
### 2.0.0
|
||||
## 2.0.0
|
||||
|
||||
- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
|
||||
- Bump @sigstore/bundle from 3.0.0 to 3.1.0
|
||||
- Bump @sigstore/sign from 3.0.0 to 3.1.0
|
||||
- Bump jose from 5.2.3 to 5.10.0
|
||||
|
||||
### 1.6.0
|
||||
## 1.6.0
|
||||
|
||||
- Update `buildSLSAProvenancePredicate` to populate `workflow.ref` field from the `ref` claim in the OIDC token [#1969](https://github.com/actions/toolkit/pull/1969)
|
||||
|
||||
### 1.5.0
|
||||
## 1.5.0
|
||||
|
||||
- Bump @actions/core from 1.10.1 to 1.11.1 [#1847](https://github.com/actions/toolkit/pull/1847)
|
||||
- Bump @sigstore/bundle from 2.3.2 to 3.0.0 [#1846](https://github.com/actions/toolkit/pull/1846)
|
||||
@@ -30,23 +45,24 @@
|
||||
- Support for generating multi-subject attestations [#1864](https://github.com/actions/toolkit/pull/1865)
|
||||
- Fix bug in `buildSLSAProvenancePredicate` related to `workflow_ref` OIDC token claims containing the "@" symbol in the tag name [#1863](https://github.com/actions/toolkit/pull/1863)
|
||||
|
||||
### 1.4.2
|
||||
## 1.4.2
|
||||
|
||||
- Fix bug in `buildSLSAProvenancePredicate`/`attestProvenance` when generating provenance statement for enterprise account using customized OIDC issuer value [#1823](https://github.com/actions/toolkit/pull/1823)
|
||||
|
||||
### 1.4.1
|
||||
## 1.4.1
|
||||
|
||||
- Bump @actions/http-client from 2.2.1 to 2.2.3 [#1805](https://github.com/actions/toolkit/pull/1805)
|
||||
|
||||
### 1.4.0
|
||||
## 1.4.0
|
||||
|
||||
- Add new `headers` parameter to the `attest` and `attestProvenance` functions [#1790](https://github.com/actions/toolkit/pull/1790)
|
||||
- Update `buildSLSAProvenancePredicate`/`attestProvenance` to automatically derive default OIDC issuer URL from current execution context [#1796](https://github.com/actions/toolkit/pull/1796)
|
||||
### 1.3.1
|
||||
|
||||
## 1.3.1
|
||||
|
||||
- Fix bug with proxy support when retrieving JWKS for OIDC issuer [#1776](https://github.com/actions/toolkit/pull/1776)
|
||||
|
||||
### 1.3.0
|
||||
## 1.3.0
|
||||
|
||||
- Dynamic construction of Sigstore API URLs [#1735](https://github.com/actions/toolkit/pull/1735)
|
||||
- Switch to new GH provenance build type [#1745](https://github.com/actions/toolkit/pull/1745)
|
||||
@@ -54,21 +70,21 @@
|
||||
- Bump @sigstore/bundle from 2.3.0 to 2.3.2 [#1738](https://github.com/actions/toolkit/pull/1738)
|
||||
- Bump @sigstore/sign from 2.3.0 to 2.3.2 [#1738](https://github.com/actions/toolkit/pull/1738)
|
||||
|
||||
### 1.2.1
|
||||
## 1.2.1
|
||||
|
||||
- Retry request on attestation persistence failure [#1725](https://github.com/actions/toolkit/pull/1725)
|
||||
|
||||
### 1.2.0
|
||||
## 1.2.0
|
||||
|
||||
- Generate attestations using the v0.3 Sigstore bundle format [#1701](https://github.com/actions/toolkit/pull/1701)
|
||||
- Bump @sigstore/bundle from 2.2.0 to 2.3.0 [#1701](https://github.com/actions/toolkit/pull/1701)
|
||||
- Bump @sigstore/sign from 2.2.3 to 2.3.0 [#1701](https://github.com/actions/toolkit/pull/1701)
|
||||
- Remove dependency on make-fetch-happen [#1714](https://github.com/actions/toolkit/pull/1714)
|
||||
|
||||
### 1.1.0
|
||||
## 1.1.0
|
||||
|
||||
- Updates the `attestProvenance` function to retrieve a token from the GitHub OIDC provider and use the token claims to populate the provenance statement [#1693](https://github.com/actions/toolkit/pull/1693)
|
||||
|
||||
### 1.0.0
|
||||
## 1.0.0
|
||||
|
||||
- Initial release
|
||||
|
||||
Generated
+140
-238
@@ -1,18 +1,18 @@
|
||||
{
|
||||
"name": "@actions/attest",
|
||||
"version": "2.2.1",
|
||||
"version": "3.2.0",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "@actions/attest",
|
||||
"version": "2.2.1",
|
||||
"version": "3.2.0",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/core": "^2.0.2",
|
||||
"@actions/github": "^7.0.0",
|
||||
"@actions/http-client": "^3.0.2",
|
||||
"@octokit/plugin-retry": "^6.0.1",
|
||||
"@actions/core": "^3.0.0",
|
||||
"@actions/github": "^9.0.0",
|
||||
"@actions/http-client": "^4.0.0",
|
||||
"@octokit/plugin-retry": "^8.0.3",
|
||||
"@sigstore/bundle": "^3.1.0",
|
||||
"@sigstore/sign": "^3.1.0",
|
||||
"jose": "^5.10.0"
|
||||
@@ -26,52 +26,40 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/core": {
|
||||
"version": "2.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@actions/core/-/core-2.0.2.tgz",
|
||||
"integrity": "sha512-Ast1V7yHbGAhplAsuVlnb/5J8Mtr/Zl6byPPL+Qjq3lmfIgWF1ak1iYfF/079cRERiuTALTXkSuEUdZeDCfGtA==",
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@actions/core/-/core-3.0.0.tgz",
|
||||
"integrity": "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/exec": "^2.0.0",
|
||||
"@actions/http-client": "^3.0.1"
|
||||
"@actions/exec": "^3.0.0",
|
||||
"@actions/http-client": "^4.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/exec": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-2.0.0.tgz",
|
||||
"integrity": "sha512-k8ngrX2voJ/RIN6r9xB82NVqKpnMRtxDoiO+g3olkIUpQNqjArXrCQceduQZCQj3P3xm32pChRLqRrtXTlqhIw==",
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-3.0.0.tgz",
|
||||
"integrity": "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/io": "^2.0.0"
|
||||
"@actions/io": "^3.0.2"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/github": {
|
||||
"version": "7.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@actions/github/-/github-7.0.0.tgz",
|
||||
"integrity": "sha512-PyGODO938aoBTZd/IfN/+e+Pd5hUcVpyf+thm4CPESLeqhdSkq5QwMTGX9v84XHE1ifmHWBQ60KB8kIgm96opw==",
|
||||
"version": "9.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@actions/github/-/github-9.0.0.tgz",
|
||||
"integrity": "sha512-yJ0RoswsAaKcvkmpCE4XxBRiy/whH2SdTBHWzs0gi4wkqTDhXMChjSdqBz/F4AeiDlP28rQqL33iHb+kjAMX6w==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/http-client": "^3.0.1",
|
||||
"@octokit/core": "^5.0.1",
|
||||
"@octokit/plugin-paginate-rest": "^9.2.2",
|
||||
"@octokit/plugin-rest-endpoint-methods": "^10.4.0",
|
||||
"@octokit/request": "^8.4.1",
|
||||
"@octokit/request-error": "^5.1.1",
|
||||
"undici": "^5.28.5"
|
||||
"@actions/http-client": "^3.0.2",
|
||||
"@octokit/core": "^7.0.6",
|
||||
"@octokit/plugin-paginate-rest": "^14.0.0",
|
||||
"@octokit/plugin-rest-endpoint-methods": "^17.0.0",
|
||||
"@octokit/request": "^10.0.7",
|
||||
"@octokit/request-error": "^7.1.0",
|
||||
"undici": "^6.23.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/github/node_modules/undici": {
|
||||
"version": "5.29.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
|
||||
"integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@fastify/busboy": "^2.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=14.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/http-client": {
|
||||
"node_modules/@actions/github/node_modules/@actions/http-client": {
|
||||
"version": "3.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-3.0.2.tgz",
|
||||
"integrity": "sha512-JP38FYYpyqvUsz+Igqlc/JG6YO9PaKuvqjM3iGvaLqFnJ7TFmcLyy2IDrY0bI0qCQug8E9K+elv5ZNfw62ZJzA==",
|
||||
@@ -81,21 +69,31 @@
|
||||
"undici": "^6.23.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/io": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@actions/io/-/io-2.0.0.tgz",
|
||||
"integrity": "sha512-Jv33IN09XLO+0HS79aaODsvIRyduiF7NY/F6LYeK5oeUmrsz7aFdRphQjFoESF4jS7lMauDOttKALcpapVDIAg==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@fastify/busboy": {
|
||||
"version": "2.1.1",
|
||||
"resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
|
||||
"integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
|
||||
"node_modules/@actions/github/node_modules/@actions/http-client/node_modules/undici": {
|
||||
"version": "6.23.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
|
||||
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">=14"
|
||||
"node": ">=18.17"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/http-client": {
|
||||
"version": "4.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.0.tgz",
|
||||
"integrity": "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"tunnel": "^0.0.6",
|
||||
"undici": "^6.23.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/io": {
|
||||
"version": "3.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@actions/io/-/io-3.0.2.tgz",
|
||||
"integrity": "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@isaacs/cliui": {
|
||||
"version": "8.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
|
||||
@@ -167,238 +165,147 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/auth-token": {
|
||||
"version": "4.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-4.0.0.tgz",
|
||||
"integrity": "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA==",
|
||||
"version": "6.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-6.0.0.tgz",
|
||||
"integrity": "sha512-P4YJBPdPSpWTQ1NU4XYdvHvXJJDxM6YwpS0FZHRgP7YFkdVxsWcpWGy/NVqlAA7PcPCnMacXlRm1y2PFZRWL/w==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
"node": ">= 20"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/core": {
|
||||
"version": "5.2.2",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.2.2.tgz",
|
||||
"integrity": "sha512-/g2d4sW9nUDJOMz3mabVQvOGhVa4e/BN/Um7yca9Bb2XTzPPnfTWHWQg+IsEYO7M3Vx+EXvaM/I2pJWIMun1bg==",
|
||||
"version": "7.0.6",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.6.tgz",
|
||||
"integrity": "sha512-DhGl4xMVFGVIyMwswXeyzdL4uXD5OGILGX5N8Y+f6W7LhC1Ze2poSNrkF/fedpVDHEEZ+PHFW0vL14I+mm8K3Q==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/auth-token": "^4.0.0",
|
||||
"@octokit/graphql": "^7.1.0",
|
||||
"@octokit/request": "^8.4.1",
|
||||
"@octokit/request-error": "^5.1.1",
|
||||
"@octokit/types": "^13.0.0",
|
||||
"before-after-hook": "^2.2.0",
|
||||
"universal-user-agent": "^6.0.0"
|
||||
"@octokit/auth-token": "^6.0.0",
|
||||
"@octokit/graphql": "^9.0.3",
|
||||
"@octokit/request": "^10.0.6",
|
||||
"@octokit/request-error": "^7.0.2",
|
||||
"@octokit/types": "^16.0.0",
|
||||
"before-after-hook": "^4.0.0",
|
||||
"universal-user-agent": "^7.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/core/node_modules/@octokit/openapi-types": {
|
||||
"version": "24.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
|
||||
"integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@octokit/core/node_modules/@octokit/types": {
|
||||
"version": "13.10.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
|
||||
"integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/openapi-types": "^24.2.0"
|
||||
"node": ">= 20"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/endpoint": {
|
||||
"version": "9.0.6",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-9.0.6.tgz",
|
||||
"integrity": "sha512-H1fNTMA57HbkFESSt3Y9+FBICv+0jFceJFPWDePYlR/iMGrwM5ph+Dd4XRQs+8X+PUFURLQgX9ChPfhJ/1uNQw==",
|
||||
"version": "11.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.2.tgz",
|
||||
"integrity": "sha512-4zCpzP1fWc7QlqunZ5bSEjxc6yLAlRTnDwKtgXfcI/FxxGoqedDG8V2+xJ60bV2kODqcGB+nATdtap/XYq2NZQ==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/types": "^13.1.0",
|
||||
"universal-user-agent": "^6.0.0"
|
||||
"@octokit/types": "^16.0.0",
|
||||
"universal-user-agent": "^7.0.2"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/endpoint/node_modules/@octokit/openapi-types": {
|
||||
"version": "24.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
|
||||
"integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@octokit/endpoint/node_modules/@octokit/types": {
|
||||
"version": "13.10.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
|
||||
"integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/openapi-types": "^24.2.0"
|
||||
"node": ">= 20"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/graphql": {
|
||||
"version": "7.1.1",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-7.1.1.tgz",
|
||||
"integrity": "sha512-3mkDltSfcDUoa176nlGoA32RGjeWjl3K7F/BwHwRMJUW/IteSa4bnSV8p2ThNkcIcZU2umkZWxwETSSCJf2Q7g==",
|
||||
"version": "9.0.3",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.3.tgz",
|
||||
"integrity": "sha512-grAEuupr/C1rALFnXTv6ZQhFuL1D8G5y8CN04RgrO4FIPMrtm+mcZzFG7dcBm+nq+1ppNixu+Jd78aeJOYxlGA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/request": "^8.4.1",
|
||||
"@octokit/types": "^13.0.0",
|
||||
"universal-user-agent": "^6.0.0"
|
||||
"@octokit/request": "^10.0.6",
|
||||
"@octokit/types": "^16.0.0",
|
||||
"universal-user-agent": "^7.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/graphql/node_modules/@octokit/openapi-types": {
|
||||
"version": "24.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
|
||||
"integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@octokit/graphql/node_modules/@octokit/types": {
|
||||
"version": "13.10.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
|
||||
"integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/openapi-types": "^24.2.0"
|
||||
"node": ">= 20"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/openapi-types": {
|
||||
"version": "20.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-20.0.0.tgz",
|
||||
"integrity": "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA==",
|
||||
"version": "27.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-27.0.0.tgz",
|
||||
"integrity": "sha512-whrdktVs1h6gtR+09+QsNk2+FO+49j6ga1c55YZudfEG+oKJVvJLQi3zkOm5JjiUXAagWK2tI2kTGKJ2Ys7MGA==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@octokit/plugin-paginate-rest": {
|
||||
"version": "9.2.2",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-9.2.2.tgz",
|
||||
"integrity": "sha512-u3KYkGF7GcZnSD/3UP0S7K5XUFT2FkOQdcfXZGZQPGv3lm4F2Xbf71lvjldr8c1H3nNbF+33cLEkWYbokGWqiQ==",
|
||||
"version": "14.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-14.0.0.tgz",
|
||||
"integrity": "sha512-fNVRE7ufJiAA3XUrha2omTA39M6IXIc6GIZLvlbsm8QOQCYvpq/LkMNGyFlB1d8hTDzsAXa3OKtybdMAYsV/fw==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/types": "^12.6.0"
|
||||
"@octokit/types": "^16.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
"node": ">= 20"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"@octokit/core": "5"
|
||||
"@octokit/core": ">=6"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/plugin-rest-endpoint-methods": {
|
||||
"version": "10.4.1",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-10.4.1.tgz",
|
||||
"integrity": "sha512-xV1b+ceKV9KytQe3zCVqjg+8GTGfDYwaT1ATU5isiUyVtlVAO3HNdzpS4sr4GBx4hxQ46s7ITtZrAsxG22+rVg==",
|
||||
"version": "17.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-17.0.0.tgz",
|
||||
"integrity": "sha512-B5yCyIlOJFPqUUeiD0cnBJwWJO8lkJs5d8+ze9QDP6SvfiXSz1BF+91+0MeI1d2yxgOhU/O+CvtiZ9jSkHhFAw==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/types": "^12.6.0"
|
||||
"@octokit/types": "^16.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
"node": ">= 20"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"@octokit/core": "5"
|
||||
"@octokit/core": ">=6"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/plugin-retry": {
|
||||
"version": "6.1.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/plugin-retry/-/plugin-retry-6.1.0.tgz",
|
||||
"integrity": "sha512-WrO3bvq4E1Xh1r2mT9w6SDFg01gFmP81nIG77+p/MqW1JeXXgL++6umim3t6x0Zj5pZm3rXAN+0HEjmmdhIRig==",
|
||||
"version": "8.0.3",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/plugin-retry/-/plugin-retry-8.0.3.tgz",
|
||||
"integrity": "sha512-vKGx1i3MC0za53IzYBSBXcrhmd+daQDzuZfYDd52X5S0M2otf3kVZTVP8bLA3EkU0lTvd1WEC2OlNNa4G+dohA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/request-error": "^5.0.0",
|
||||
"@octokit/types": "^13.0.0",
|
||||
"@octokit/request-error": "^7.0.2",
|
||||
"@octokit/types": "^16.0.0",
|
||||
"bottleneck": "^2.15.3"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
"node": ">= 20"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"@octokit/core": "5"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/plugin-retry/node_modules/@octokit/openapi-types": {
|
||||
"version": "24.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
|
||||
"integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@octokit/plugin-retry/node_modules/@octokit/types": {
|
||||
"version": "13.10.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
|
||||
"integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/openapi-types": "^24.2.0"
|
||||
"@octokit/core": ">=7"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/request": {
|
||||
"version": "8.4.1",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/request/-/request-8.4.1.tgz",
|
||||
"integrity": "sha512-qnB2+SY3hkCmBxZsR/MPCybNmbJe4KAlfWErXq+rBKkQJlbjdJeS85VI9r8UqeLYLvnAenU8Q1okM/0MBsAGXw==",
|
||||
"version": "10.0.7",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.7.tgz",
|
||||
"integrity": "sha512-v93h0i1yu4idj8qFPZwjehoJx4j3Ntn+JhXsdJrG9pYaX6j/XRz2RmasMUHtNgQD39nrv/VwTWSqK0RNXR8upA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/endpoint": "^9.0.6",
|
||||
"@octokit/request-error": "^5.1.1",
|
||||
"@octokit/types": "^13.1.0",
|
||||
"universal-user-agent": "^6.0.0"
|
||||
"@octokit/endpoint": "^11.0.2",
|
||||
"@octokit/request-error": "^7.0.2",
|
||||
"@octokit/types": "^16.0.0",
|
||||
"fast-content-type-parse": "^3.0.0",
|
||||
"universal-user-agent": "^7.0.2"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
"node": ">= 20"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/request-error": {
|
||||
"version": "5.1.1",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.1.1.tgz",
|
||||
"integrity": "sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g==",
|
||||
"version": "7.1.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.1.0.tgz",
|
||||
"integrity": "sha512-KMQIfq5sOPpkQYajXHwnhjCC0slzCNScLHs9JafXc4RAJI+9f+jNDlBNaIMTvazOPLgb4BnlhGJOTbnN0wIjPw==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/types": "^13.1.0",
|
||||
"deprecation": "^2.0.0",
|
||||
"once": "^1.4.0"
|
||||
"@octokit/types": "^16.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/request-error/node_modules/@octokit/openapi-types": {
|
||||
"version": "24.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
|
||||
"integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@octokit/request-error/node_modules/@octokit/types": {
|
||||
"version": "13.10.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
|
||||
"integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/openapi-types": "^24.2.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/request/node_modules/@octokit/openapi-types": {
|
||||
"version": "24.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
|
||||
"integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@octokit/request/node_modules/@octokit/types": {
|
||||
"version": "13.10.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
|
||||
"integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/openapi-types": "^24.2.0"
|
||||
"node": ">= 20"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/types": {
|
||||
"version": "12.6.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz",
|
||||
"integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==",
|
||||
"version": "16.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-16.0.0.tgz",
|
||||
"integrity": "sha512-sKq+9r1Mm4efXW1FCk7hFSeJo4QKreL/tTbR0rz/qx/r1Oa2VV83LTA/H/MuCOX7uCIJmQVRKBcbmWoySjAnSg==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@octokit/openapi-types": "^20.0.0"
|
||||
"@octokit/openapi-types": "^27.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@peculiar/asn1-cms": {
|
||||
@@ -759,9 +666,9 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/before-after-hook": {
|
||||
"version": "2.2.3",
|
||||
"resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz",
|
||||
"integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==",
|
||||
"version": "4.0.0",
|
||||
"resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-4.0.0.tgz",
|
||||
"integrity": "sha512-q6tR3RPqIB1pMiTRMFcZwuG5T8vwp+vUvEG0vuI6B+Rikh5BfPp2fQ82c925FOs+b0lcFQ8CFrL+KbilfZFhOQ==",
|
||||
"license": "Apache-2.0"
|
||||
},
|
||||
"node_modules/bottleneck": {
|
||||
@@ -880,12 +787,6 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"node_modules/deprecation": {
|
||||
"version": "2.3.1",
|
||||
"resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
|
||||
"integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==",
|
||||
"license": "ISC"
|
||||
},
|
||||
"node_modules/eastasianwidth": {
|
||||
"version": "0.2.0",
|
||||
"resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
|
||||
@@ -914,6 +815,22 @@
|
||||
"integrity": "sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/fast-content-type-parse": {
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/fast-content-type-parse/-/fast-content-type-parse-3.0.0.tgz",
|
||||
"integrity": "sha512-ZvLdcY8P+N8mGQJahJV5G4U88CSvT1rP8ApL6uETe88MBXrBHAkZlSEySdUlyztF7ccb+Znos3TFqaepHxdhBg==",
|
||||
"funding": [
|
||||
{
|
||||
"type": "github",
|
||||
"url": "https://github.com/sponsors/fastify"
|
||||
},
|
||||
{
|
||||
"type": "opencollective",
|
||||
"url": "https://opencollective.com/fastify"
|
||||
}
|
||||
],
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/foreground-child": {
|
||||
"version": "3.3.1",
|
||||
"resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz",
|
||||
@@ -1284,15 +1201,6 @@
|
||||
"node": ">= 10.13"
|
||||
}
|
||||
},
|
||||
"node_modules/once": {
|
||||
"version": "1.4.0",
|
||||
"resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
|
||||
"integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"wrappy": "1"
|
||||
}
|
||||
},
|
||||
"node_modules/p-map": {
|
||||
"version": "7.0.3",
|
||||
"resolved": "https://registry.npmjs.org/p-map/-/p-map-7.0.3.tgz",
|
||||
@@ -1621,9 +1529,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/tar": {
|
||||
"version": "7.5.6",
|
||||
"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.6.tgz",
|
||||
"integrity": "sha512-xqUeu2JAIJpXyvskvU3uvQW8PAmHrtXp2KDuMJwQqW8Sqq0CaZBAQ+dKS3RBXVhU4wC5NjAdKrmh84241gO9cA==",
|
||||
"version": "7.5.10",
|
||||
"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.10.tgz",
|
||||
"integrity": "sha512-8mOPs1//5q/rlkNSPcCegA6hiHJYDmSLEI8aMH/CdSQJNWztHC9WHNam5zdQlfpTwB9Xp7IBEsHfV5LKMJGVAw==",
|
||||
"license": "BlueOak-1.0.0",
|
||||
"dependencies": {
|
||||
"@isaacs/fs-minipass": "^4.0.0",
|
||||
@@ -1713,9 +1621,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/universal-user-agent": {
|
||||
"version": "6.0.1",
|
||||
"resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.1.tgz",
|
||||
"integrity": "sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ==",
|
||||
"version": "7.0.3",
|
||||
"resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-7.0.3.tgz",
|
||||
"integrity": "sha512-TmnEAEAsBJVZM/AADELsK76llnwcf9vMKuPz8JflO1frO8Lchitr0fNaN9d+Ap0BjKtqWqd/J17qeDnXh8CL2A==",
|
||||
"license": "ISC"
|
||||
},
|
||||
"node_modules/webcrypto-core": {
|
||||
@@ -1838,12 +1746,6 @@
|
||||
"node": ">=8"
|
||||
}
|
||||
},
|
||||
"node_modules/wrappy": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
|
||||
"integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
|
||||
"license": "ISC"
|
||||
},
|
||||
"node_modules/yallist": {
|
||||
"version": "5.0.0",
|
||||
"resolved": "https://registry.npmjs.org/yallist/-/yallist-5.0.0.tgz",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@actions/attest",
|
||||
"version": "2.2.1",
|
||||
"version": "3.2.0",
|
||||
"description": "Actions attestation lib",
|
||||
"keywords": [
|
||||
"github",
|
||||
@@ -9,8 +9,15 @@
|
||||
],
|
||||
"homepage": "https://github.com/actions/toolkit/tree/main/packages/attest",
|
||||
"license": "MIT",
|
||||
"type": "module",
|
||||
"main": "lib/index.js",
|
||||
"types": "lib/index.d.ts",
|
||||
"exports": {
|
||||
".": {
|
||||
"types": "./lib/index.d.ts",
|
||||
"import": "./lib/index.js"
|
||||
}
|
||||
},
|
||||
"directories": {
|
||||
"lib": "lib",
|
||||
"test": "__tests__"
|
||||
@@ -29,7 +36,7 @@
|
||||
},
|
||||
"scripts": {
|
||||
"test": "echo \"Error: run tests from root\" && exit 1",
|
||||
"tsc": "tsc"
|
||||
"tsc": "tsc && cp src/internal/package-version.cjs lib/internal/"
|
||||
},
|
||||
"bugs": {
|
||||
"url": "https://github.com/actions/toolkit/issues"
|
||||
@@ -42,17 +49,12 @@
|
||||
"undici": "^6.23.0"
|
||||
},
|
||||
"dependencies": {
|
||||
"@actions/core": "^2.0.2",
|
||||
"@actions/github": "^7.0.0",
|
||||
"@actions/http-client": "^3.0.2",
|
||||
"@octokit/plugin-retry": "^6.0.1",
|
||||
"@actions/core": "^3.0.0",
|
||||
"@actions/github": "^9.0.0",
|
||||
"@actions/http-client": "^4.0.0",
|
||||
"@octokit/plugin-retry": "^8.0.3",
|
||||
"@sigstore/bundle": "^3.1.0",
|
||||
"@sigstore/sign": "^3.1.0",
|
||||
"jose": "^5.10.0"
|
||||
},
|
||||
"overrides": {
|
||||
"@octokit/plugin-retry": {
|
||||
"@octokit/core": "^5.2.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import * as github from '@actions/github'
|
||||
import {retry} from '@octokit/plugin-retry'
|
||||
import {RequestHeaders} from '@octokit/types'
|
||||
import {getUserAgent} from './internal/utils.js'
|
||||
|
||||
const CREATE_STORAGE_RECORD_REQUEST =
|
||||
'POST /orgs/{owner}/artifacts/metadata/storage-record'
|
||||
@@ -52,10 +53,16 @@ export async function createStorageRecord(
|
||||
): Promise<number[]> {
|
||||
const retries = retryAttempts ?? DEFAULT_RETRY_COUNT
|
||||
const octokit = github.getOctokit(token, {retry: {retries}}, retry)
|
||||
|
||||
const headersWithUserAgent = {
|
||||
'User-Agent': getUserAgent(),
|
||||
...headers
|
||||
}
|
||||
|
||||
try {
|
||||
const response = await octokit.request(CREATE_STORAGE_RECORD_REQUEST, {
|
||||
owner: github.context.repo.owner,
|
||||
headers,
|
||||
headers: headersWithUserAgent,
|
||||
...buildRequestParams(artifactOptions, packageRegistryOptions)
|
||||
})
|
||||
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
import {bundleToJSON} from '@sigstore/bundle'
|
||||
import {X509Certificate} from 'crypto'
|
||||
import {SigstoreInstance, signingEndpoints} from './endpoints'
|
||||
import {buildIntotoStatement} from './intoto'
|
||||
import {Payload, signPayload} from './sign'
|
||||
import {writeAttestation} from './store'
|
||||
import {SigstoreInstance, signingEndpoints} from './endpoints.js'
|
||||
import {buildIntotoStatement} from './intoto.js'
|
||||
import {Payload, signPayload} from './sign.js'
|
||||
import {writeAttestation} from './store.js'
|
||||
|
||||
import type {Bundle} from '@sigstore/sign'
|
||||
import type {Attestation, Predicate, Subject} from './shared.types'
|
||||
import type {Attestation, Predicate, Subject} from './shared.types.js'
|
||||
|
||||
const INTOTO_PAYLOAD_TYPE = 'application/vnd.in-toto+json'
|
||||
|
||||
|
||||
@@ -1,10 +1,15 @@
|
||||
export {createStorageRecord} from './artifactMetadata'
|
||||
export {AttestOptions, attest} from './attest'
|
||||
export {
|
||||
createStorageRecord,
|
||||
ArtifactOptions,
|
||||
PackageRegistryOptions
|
||||
} from './artifactMetadata.js'
|
||||
export {AttestOptions, attest} from './attest.js'
|
||||
export {
|
||||
AttestProvenanceOptions,
|
||||
attestProvenance,
|
||||
buildSLSAProvenancePredicate
|
||||
} from './provenance'
|
||||
} from './provenance.js'
|
||||
|
||||
export type {SerializedBundle} from '@sigstore/bundle'
|
||||
export type {Attestation, Predicate, Subject} from './shared.types'
|
||||
export type {Attestation, Predicate, Subject} from './shared.types.js'
|
||||
export type {SigstoreInstance} from './endpoints.js'
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
// This file exists as a CommonJS module to read the version from package.json.
|
||||
// In an ESM package, using `require()` directly in .ts files requires disabling
|
||||
// ESLint rules and doesn't work reliably across all Node.js versions.
|
||||
// By keeping this as a .cjs file, we can use require() naturally and export
|
||||
// the version for the ESM modules to import.
|
||||
const packageJson = require('../../package.json')
|
||||
module.exports = {version: packageJson.version}
|
||||
@@ -0,0 +1,15 @@
|
||||
import {version} from './package-version.cjs'
|
||||
|
||||
export const getUserAgent = (): string => {
|
||||
const baseUserAgent = `@actions/attest-${version}`
|
||||
|
||||
const orchId = process.env['ACTIONS_ORCHESTRATION_ID']
|
||||
if (orchId) {
|
||||
// Sanitize the orchestration ID to ensure it contains only valid characters
|
||||
// Valid characters: 0-9, a-z, _, -, .
|
||||
const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_')
|
||||
return `${baseUserAgent} actions_orchestration_id/${sanitizedId}`
|
||||
}
|
||||
|
||||
return baseUserAgent
|
||||
}
|
||||
@@ -1,4 +1,4 @@
|
||||
import {Predicate, Subject} from './shared.types'
|
||||
import {Predicate, Subject} from './shared.types.js'
|
||||
|
||||
const INTOTO_STATEMENT_V1_TYPE = 'https://in-toto.io/Statement/v1'
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import {attest, AttestOptions} from './attest'
|
||||
import {getIDTokenClaims} from './oidc'
|
||||
import type {Attestation, Predicate} from './shared.types'
|
||||
import {attest, AttestOptions} from './attest.js'
|
||||
import {getIDTokenClaims} from './oidc.js'
|
||||
import type {Attestation, Predicate} from './shared.types.js'
|
||||
|
||||
const SLSA_PREDICATE_V1_TYPE = 'https://slsa.dev/provenance/v1'
|
||||
const GITHUB_BUILD_TYPE = 'https://actions.github.io/buildtypes/workflow/v1'
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import * as github from '@actions/github'
|
||||
import {retry} from '@octokit/plugin-retry'
|
||||
import {RequestHeaders} from '@octokit/types'
|
||||
import {getUserAgent} from './internal/utils.js'
|
||||
|
||||
const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations'
|
||||
const DEFAULT_RETRY_COUNT = 5
|
||||
@@ -24,11 +25,16 @@ export const writeAttestation = async (
|
||||
const retries = options.retry ?? DEFAULT_RETRY_COUNT
|
||||
const octokit = github.getOctokit(token, {retry: {retries}}, retry)
|
||||
|
||||
const headers = {
|
||||
'User-Agent': getUserAgent(),
|
||||
...options.headers
|
||||
}
|
||||
|
||||
try {
|
||||
const response = await octokit.request(CREATE_ATTESTATION_REQUEST, {
|
||||
owner: github.context.repo.owner,
|
||||
repo: github.context.repo.repo,
|
||||
headers: options.headers,
|
||||
headers,
|
||||
bundle: attestation as {
|
||||
mediaType?: string
|
||||
verificationMaterial?: {[key: string]: unknown}
|
||||
|
||||
@@ -4,7 +4,9 @@
|
||||
"baseUrl": "./",
|
||||
"outDir": "./lib",
|
||||
"declaration": true,
|
||||
"rootDir": "./src"
|
||||
"rootDir": "./src",
|
||||
"module": "node16",
|
||||
"moduleResolution": "node16"
|
||||
},
|
||||
"include": [
|
||||
"./src"
|
||||
|
||||
+1
-1
@@ -60,7 +60,7 @@ export class NetworkError extends Error {
|
||||
|
||||
export class UsageError extends Error {
|
||||
constructor() {
|
||||
const message = `Cache storage quota has been hit. Unable to upload any new cache entries. Usage is recalculated every 6-12 hours.\nMore info on storage limits: https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions#calculating-minute-and-storage-spending`
|
||||
const message = `Cache storage quota has been hit. Unable to upload any new cache entries.\nMore info on storage limits: https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions#calculating-minute-and-storage-spending`
|
||||
super(message)
|
||||
this.name = 'UsageError'
|
||||
}
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# @actions/core Releases
|
||||
|
||||
## 3.0.1
|
||||
|
||||
- Bump `undici` from `6.23.0` to `6.24.1` [#2348](https://github.com/actions/toolkit/pull/2348)
|
||||
|
||||
## 3.0.0
|
||||
|
||||
- **Breaking change**: Package is now ESM-only
|
||||
|
||||
@@ -677,5 +677,8 @@ describe('oidc-client-tests', () => {
|
||||
const http = new HttpClient('actions/oidc-client')
|
||||
const res = await http.get(getTokenEndPoint())
|
||||
expect(res.message.statusCode).toBe(200)
|
||||
// Consume the response to close the socket
|
||||
await res.readBody()
|
||||
res.message.destroy()
|
||||
})
|
||||
})
|
||||
|
||||
Generated
+5
-5
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "@actions/core",
|
||||
"version": "3.0.0",
|
||||
"version": "3.0.1",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "@actions/core",
|
||||
"version": "3.0.0",
|
||||
"version": "3.0.1",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/exec": "^3.0.0",
|
||||
@@ -61,9 +61,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/undici": {
|
||||
"version": "6.23.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
|
||||
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
|
||||
"version": "6.24.1",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.1.tgz",
|
||||
"integrity": "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">=18.17"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@actions/core",
|
||||
"version": "3.0.0",
|
||||
"version": "3.0.1",
|
||||
"description": "Actions core lib",
|
||||
"keywords": [
|
||||
"github",
|
||||
|
||||
@@ -1,5 +1,13 @@
|
||||
# @actions/github Releases
|
||||
|
||||
### 9.1.1
|
||||
|
||||
- Bump `undici` from `6.23.0` to `6.24.0` [#2346](https://github.com/actions/toolkit/pull/2346)
|
||||
|
||||
### 9.1.0
|
||||
|
||||
- Append `actions_orchestration_id` to user-agent when the `ACTIONS_ORCHESTRATION_ID` environment variable is set [#2364](https://github.com/actions/toolkit/pull/2364)
|
||||
|
||||
### 9.0.0
|
||||
|
||||
- **Breaking change**: Package is now ESM-only
|
||||
|
||||
@@ -0,0 +1,130 @@
|
||||
import {getOctokitOptions, getUserAgentWithOrchestrationId} from '../src/utils'
|
||||
import {getUserAgentWithOrchestrationId as internalGetUserAgentWithOrchestrationId} from '../src/internal/utils'
|
||||
|
||||
describe('orchestration ID support', () => {
|
||||
let originalOrchId: string | undefined
|
||||
|
||||
beforeEach(() => {
|
||||
originalOrchId = process.env['ACTIONS_ORCHESTRATION_ID']
|
||||
delete process.env['ACTIONS_ORCHESTRATION_ID']
|
||||
})
|
||||
|
||||
afterEach(() => {
|
||||
if (originalOrchId !== undefined) {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] = originalOrchId
|
||||
} else {
|
||||
delete process.env['ACTIONS_ORCHESTRATION_ID']
|
||||
}
|
||||
})
|
||||
|
||||
describe('getUserAgentWithOrchestrationId', () => {
|
||||
it('returns undefined when env var is not set and no base user agent', () => {
|
||||
expect(getUserAgentWithOrchestrationId()).toBeUndefined()
|
||||
})
|
||||
|
||||
it('returns base user agent unchanged when env var is not set', () => {
|
||||
expect(getUserAgentWithOrchestrationId('my-app')).toBe('my-app')
|
||||
})
|
||||
|
||||
it('returns orchestration ID without base when env var is set and no base', () => {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] = 'abc-123'
|
||||
expect(getUserAgentWithOrchestrationId()).toBe(
|
||||
'actions_orchestration_id/abc-123'
|
||||
)
|
||||
})
|
||||
|
||||
it('appends orchestration ID to base user agent', () => {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] = 'abc-123'
|
||||
expect(getUserAgentWithOrchestrationId('my-app')).toBe(
|
||||
'my-app actions_orchestration_id/abc-123'
|
||||
)
|
||||
})
|
||||
|
||||
it('sanitizes special characters in orchestration ID', () => {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] = 'id with spaces/and$pecial!'
|
||||
expect(getUserAgentWithOrchestrationId('my-app')).toBe(
|
||||
'my-app actions_orchestration_id/id_with_spaces_and_pecial_'
|
||||
)
|
||||
})
|
||||
|
||||
it('preserves allowed characters in orchestration ID', () => {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] =
|
||||
'valid_id-with.allowed_chars.123'
|
||||
expect(getUserAgentWithOrchestrationId()).toBe(
|
||||
'actions_orchestration_id/valid_id-with.allowed_chars.123'
|
||||
)
|
||||
})
|
||||
|
||||
it('ignores whitespace-only orchestration ID', () => {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] = ' '
|
||||
expect(getUserAgentWithOrchestrationId('my-app')).toBe('my-app')
|
||||
})
|
||||
|
||||
it('does not duplicate orchestration ID if already present in base', () => {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] = 'abc-123'
|
||||
const alreadyTagged = 'my-app actions_orchestration_id/abc-123'
|
||||
expect(getUserAgentWithOrchestrationId(alreadyTagged)).toBe(alreadyTagged)
|
||||
})
|
||||
})
|
||||
|
||||
describe('public re-export', () => {
|
||||
it('exports getUserAgentWithOrchestrationId from utils (public API)', () => {
|
||||
expect(getUserAgentWithOrchestrationId).toBe(
|
||||
internalGetUserAgentWithOrchestrationId
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe('getOctokitOptions', () => {
|
||||
it('sets userAgent when ACTIONS_ORCHESTRATION_ID is set', () => {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id'
|
||||
const opts = getOctokitOptions('fake-token')
|
||||
expect(opts.userAgent).toBe('actions_orchestration_id/test-orch-id')
|
||||
})
|
||||
|
||||
it('does not set userAgent when ACTIONS_ORCHESTRATION_ID is not set', () => {
|
||||
const opts = getOctokitOptions('fake-token')
|
||||
expect(opts.userAgent).toBeUndefined()
|
||||
})
|
||||
|
||||
it('preserves and appends to caller-provided userAgent', () => {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id'
|
||||
const opts = getOctokitOptions('fake-token', {
|
||||
userAgent: 'custom-agent/1.0'
|
||||
})
|
||||
expect(opts.userAgent).toBe(
|
||||
'custom-agent/1.0 actions_orchestration_id/test-orch-id'
|
||||
)
|
||||
})
|
||||
|
||||
it('leaves caller-provided userAgent intact when env var is not set', () => {
|
||||
const opts = getOctokitOptions('fake-token', {
|
||||
userAgent: 'custom-agent/1.0'
|
||||
})
|
||||
expect(opts.userAgent).toBe('custom-agent/1.0')
|
||||
})
|
||||
|
||||
it('does not mutate the original options object', () => {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id'
|
||||
const original = {userAgent: 'original/1.0'}
|
||||
getOctokitOptions('fake-token', original)
|
||||
expect(original.userAgent).toBe('original/1.0')
|
||||
})
|
||||
|
||||
it('sanitizes special characters through getOctokitOptions', () => {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] = 'bad chars here!'
|
||||
const opts = getOctokitOptions('fake-token')
|
||||
expect(opts.userAgent).toBe('actions_orchestration_id/bad_chars_here_')
|
||||
})
|
||||
|
||||
it('does not duplicate orchestration ID when caller already applied it', () => {
|
||||
process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id'
|
||||
const opts = getOctokitOptions('fake-token', {
|
||||
userAgent: 'my-app actions_orchestration_id/test-orch-id'
|
||||
})
|
||||
expect(opts.userAgent).toBe(
|
||||
'my-app actions_orchestration_id/test-orch-id'
|
||||
)
|
||||
})
|
||||
})
|
||||
})
|
||||
Generated
+5
-5
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "@actions/github",
|
||||
"version": "9.0.0",
|
||||
"version": "9.1.1",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "@actions/github",
|
||||
"version": "9.0.0",
|
||||
"version": "9.1.1",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/http-client": "^3.0.2",
|
||||
@@ -363,9 +363,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/undici": {
|
||||
"version": "6.23.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
|
||||
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
|
||||
"version": "6.24.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.0.tgz",
|
||||
"integrity": "sha512-lVLNosgqo5EkGqh5XUDhGfsMSoO8K0BAN0TyJLvwNRSl4xWGZlCVYsAIpa/OpA3TvmnM01GWcoKmc3ZWo5wKKA==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">=18.17"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@actions/github",
|
||||
"version": "9.0.0",
|
||||
"version": "9.1.1",
|
||||
"description": "Actions github lib",
|
||||
"keywords": [
|
||||
"github",
|
||||
|
||||
@@ -42,3 +42,17 @@ export function getProxyFetch(destinationUrl): typeof fetch {
|
||||
export function getApiBaseUrl(): string {
|
||||
return process.env['GITHUB_API_URL'] || 'https://api.github.com'
|
||||
}
|
||||
|
||||
export function getUserAgentWithOrchestrationId(
|
||||
baseUserAgent?: string
|
||||
): string | undefined {
|
||||
const orchId = process.env['ACTIONS_ORCHESTRATION_ID']?.trim()
|
||||
if (orchId) {
|
||||
const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_')
|
||||
const tag = `actions_orchestration_id/${sanitizedId}`
|
||||
if (baseUserAgent?.includes(tag)) return baseUserAgent
|
||||
const ua = baseUserAgent ? `${baseUserAgent} ` : ''
|
||||
return `${ua}${tag}`
|
||||
}
|
||||
return baseUserAgent
|
||||
}
|
||||
|
||||
@@ -23,6 +23,8 @@ export const GitHub = Octokit.plugin(
|
||||
paginateRest
|
||||
).defaults(defaults)
|
||||
|
||||
export {getUserAgentWithOrchestrationId} from './internal/utils.js'
|
||||
|
||||
/**
|
||||
* Convience function to correctly format Octokit Options to pass into the constructor.
|
||||
*
|
||||
@@ -41,5 +43,13 @@ export function getOctokitOptions(
|
||||
opts.auth = auth
|
||||
}
|
||||
|
||||
// Orchestration ID
|
||||
const userAgent = Utils.getUserAgentWithOrchestrationId(
|
||||
opts.userAgent as string | undefined
|
||||
)
|
||||
if (userAgent) {
|
||||
opts.userAgent = userAgent
|
||||
}
|
||||
|
||||
return opts
|
||||
}
|
||||
|
||||
@@ -1,5 +1,11 @@
|
||||
# @actions/glob Releases
|
||||
|
||||
## 0.7.0
|
||||
|
||||
- Bump `minimatch` from `^3.0.4` to `^10.2.5` [#2355](https://github.com/actions/toolkit/pull/2355)
|
||||
- Bump `undici` from `6.23.0` to `6.24.0` [#2345](https://github.com/actions/toolkit/pull/2345)
|
||||
- Bump `brace-expansion` in `/packages/glob` [#2369](https://github.com/actions/toolkit/pull/2369)
|
||||
|
||||
## 0.6.1
|
||||
|
||||
- Fix a bad import for `minimatch`
|
||||
|
||||
@@ -303,7 +303,7 @@ describe('pattern', () => {
|
||||
expect(pattern.match(`${root}foo/bar/baz`)).toBeFalsy()
|
||||
pattern = new Pattern(`${root}foo/b[!]r/b*`)
|
||||
expect(pattern.searchPath).toBe(`${root}foo${path.sep}b!r`)
|
||||
expect(pattern.match(`${root}foo/b!r/baz`)).toBeTruthy()
|
||||
expect(pattern.match(`${root}foo/b!r/baz`)).toBeFalsy()
|
||||
pattern = new Pattern(`${root}foo/b[[]ar/b*`)
|
||||
expect(pattern.searchPath).toBe(`${root}foo${path.sep}b[ar`)
|
||||
expect(pattern.match(`${root}foo/b[ar/baz`)).toBeTruthy()
|
||||
@@ -340,9 +340,18 @@ describe('pattern', () => {
|
||||
pattern = new Pattern('C:/foo/b\\[a]r/b*')
|
||||
expect(pattern.searchPath).toBe(`C:\\foo\\b\\ar`)
|
||||
expect(pattern.match('C:/foo/b/ar/baz')).toBeTruthy()
|
||||
|
||||
// Regression testing for minimatch v3
|
||||
// Historically, minimatch/glob had a bug when parsing a character class
|
||||
// containing an escaped '!' (e.g. `[\\!]`). In some cases, the internal
|
||||
// pattern construction would incorrectly insert the literal string
|
||||
// "undefined" into the generated pattern/segment, which could make a
|
||||
// pattern intended to match `b[\\!]r` also match a path segment like
|
||||
// `b[undefined/!]r`. This test ensures that a pattern with a literal
|
||||
// `[\\!]` in the directory name does *not* match such malformed paths.
|
||||
pattern = new Pattern('C:/foo/b[\\!]r/b*')
|
||||
expect(pattern.searchPath).toBe('C:\\foo\\b[\\!]r')
|
||||
expect(pattern.match('C:/foo/b[undefined/!]r/baz')).toBeTruthy() // Note, "undefined" substr to accommodate a bug in Minimatch when nocase=true
|
||||
expect(pattern.match('C:/foo/b[undefined/!]r/baz')).toBeFalsy()
|
||||
}
|
||||
})
|
||||
})
|
||||
|
||||
Generated
+33
-31
@@ -1,16 +1,16 @@
|
||||
{
|
||||
"name": "@actions/glob",
|
||||
"version": "0.6.1",
|
||||
"version": "0.7.0",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "@actions/glob",
|
||||
"version": "0.6.1",
|
||||
"version": "0.7.0",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/core": "^3.0.0",
|
||||
"minimatch": "^3.0.4"
|
||||
"minimatch": "^10.2.5"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/core": {
|
||||
@@ -49,37 +49,39 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/balanced-match": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
|
||||
"integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/brace-expansion": {
|
||||
"version": "1.1.12",
|
||||
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
|
||||
"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
|
||||
"version": "4.0.4",
|
||||
"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
|
||||
"integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"balanced-match": "^1.0.0",
|
||||
"concat-map": "0.0.1"
|
||||
"engines": {
|
||||
"node": "18 || 20 || >=22"
|
||||
}
|
||||
},
|
||||
"node_modules/concat-map": {
|
||||
"version": "0.0.1",
|
||||
"resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
|
||||
"integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/minimatch": {
|
||||
"version": "3.1.2",
|
||||
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
|
||||
"integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
|
||||
"license": "ISC",
|
||||
"node_modules/brace-expansion": {
|
||||
"version": "5.0.5",
|
||||
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
|
||||
"integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"brace-expansion": "^1.1.7"
|
||||
"balanced-match": "^4.0.2"
|
||||
},
|
||||
"engines": {
|
||||
"node": "*"
|
||||
"node": "18 || 20 || >=22"
|
||||
}
|
||||
},
|
||||
"node_modules/minimatch": {
|
||||
"version": "10.2.5",
|
||||
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
|
||||
"integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
|
||||
"license": "BlueOak-1.0.0",
|
||||
"dependencies": {
|
||||
"brace-expansion": "^5.0.5"
|
||||
},
|
||||
"engines": {
|
||||
"node": "18 || 20 || >=22"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/isaacs"
|
||||
}
|
||||
},
|
||||
"node_modules/tunnel": {
|
||||
@@ -92,9 +94,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/undici": {
|
||||
"version": "6.23.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
|
||||
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
|
||||
"version": "6.24.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.0.tgz",
|
||||
"integrity": "sha512-lVLNosgqo5EkGqh5XUDhGfsMSoO8K0BAN0TyJLvwNRSl4xWGZlCVYsAIpa/OpA3TvmnM01GWcoKmc3ZWo5wKKA==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">=18.17"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@actions/glob",
|
||||
"version": "0.6.1",
|
||||
"version": "0.7.0",
|
||||
"preview": true,
|
||||
"description": "Actions glob lib",
|
||||
"keywords": [
|
||||
@@ -45,6 +45,6 @@
|
||||
},
|
||||
"dependencies": {
|
||||
"@actions/core": "^3.0.0",
|
||||
"minimatch": "^3.0.4"
|
||||
"minimatch": "^10.2.5"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,14 +2,10 @@ import * as os from 'os'
|
||||
import * as path from 'path'
|
||||
import * as pathHelper from './internal-path-helper.js'
|
||||
import assert from 'assert'
|
||||
import minimatch from 'minimatch'
|
||||
import {Minimatch, type MinimatchOptions} from 'minimatch'
|
||||
import {MatchKind} from './internal-match-kind.js'
|
||||
import {Path} from './internal-path.js'
|
||||
|
||||
type IMinimatch = minimatch.IMinimatch
|
||||
type IMinimatchOptions = minimatch.IOptions
|
||||
const {Minimatch} = minimatch
|
||||
|
||||
const IS_WINDOWS = process.platform === 'win32'
|
||||
|
||||
export class Pattern {
|
||||
@@ -38,7 +34,7 @@ export class Pattern {
|
||||
/**
|
||||
* The Minimatch object used for matching
|
||||
*/
|
||||
private readonly minimatch: IMinimatch
|
||||
private readonly minimatch: Minimatch
|
||||
|
||||
/**
|
||||
* Used to workaround a limitation with Minimatch when determining a partial
|
||||
@@ -126,7 +122,7 @@ export class Pattern {
|
||||
this.isImplicitPattern = isImplicitPattern
|
||||
|
||||
// Create minimatch
|
||||
const minimatchOptions: IMinimatchOptions = {
|
||||
const minimatchOptions: MinimatchOptions = {
|
||||
dot: true,
|
||||
nobrace: true,
|
||||
nocase: IS_WINDOWS,
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# Releases
|
||||
|
||||
## 4.0.1
|
||||
|
||||
- Bump `undici` from `6.23.0` to `6.24.0` [#2347](https://github.com/actions/toolkit/pull/2347)
|
||||
|
||||
## 4.0.0
|
||||
|
||||
- **Breaking change**: Package is now ESM-only
|
||||
|
||||
@@ -238,6 +238,8 @@ describe('basics', () => {
|
||||
'https://postman-echo.com/get'
|
||||
)
|
||||
expect(res.message.statusCode).toBe(200)
|
||||
// Consume the response to close the socket
|
||||
res.message.destroy()
|
||||
})
|
||||
|
||||
it('does basic http delete request', async () => {
|
||||
|
||||
Generated
+5
-5
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "@actions/http-client",
|
||||
"version": "4.0.0",
|
||||
"version": "4.0.1",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "@actions/http-client",
|
||||
"version": "4.0.0",
|
||||
"version": "4.0.1",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"tunnel": "^0.0.6",
|
||||
@@ -232,9 +232,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/undici": {
|
||||
"version": "6.23.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
|
||||
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
|
||||
"version": "6.24.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.0.tgz",
|
||||
"integrity": "sha512-lVLNosgqo5EkGqh5XUDhGfsMSoO8K0BAN0TyJLvwNRSl4xWGZlCVYsAIpa/OpA3TvmnM01GWcoKmc3ZWo5wKKA==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">=18.17"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@actions/http-client",
|
||||
"version": "4.0.0",
|
||||
"version": "4.0.1",
|
||||
"description": "Actions Http Client",
|
||||
"keywords": [
|
||||
"github",
|
||||
|
||||
Reference in New Issue
Block a user