feat: PUBLISH_FOR_PULL_REQUEST

docs/api/electron-builder-util.md

@@ -26,6 +26,7 @@
 * [electron-builder-util/out/binDownload](#module_electron-builder-util/out/binDownload)
     * [`.getBin(name, dirName, url, sha2)`](#module_electron-builder-util/out/binDownload.getBin) ⇒ <code>Promise&lt;string&gt;</code>
     * [`.getBinFromBintray(name, version, sha2)`](#module_electron-builder-util/out/binDownload.getBinFromBintray) ⇒ <code>Promise&lt;string&gt;</code>
+    * [`.getBinFromGithub(name, version, sha2)`](#module_electron-builder-util/out/binDownload.getBinFromGithub) ⇒ <code>Promise&lt;string&gt;</code>
 
 <a name="module_electron-builder-util/out/binDownload.getBin"></a>
 
@@ -50,6 +51,17 @@
 | version | <code>string</code> | 
 | sha2 | <code>string</code> | 
 
+<a name="module_electron-builder-util/out/binDownload.getBinFromGithub"></a>
+
+### `electron-builder-util/out/binDownload.getBinFromGithub(name, version, sha2)` ⇒ <code>Promise&lt;string&gt;</code>
+**Kind**: method of [<code>electron-builder-util/out/binDownload</code>](#module_electron-builder-util/out/binDownload)  
+
+| Param | Type |
+| --- | --- |
+| name | <code>string</code> | 
+| version | <code>string</code> | 
+| sha2 | <code>string</code> | 
+
 <a name="module_electron-builder-util/out/deepAssign"></a>
 
 ## electron-builder-util/out/deepAssign

package.json

@@ -28,8 +28,8 @@
   "///": "all dependencies for all packages (hoisted)",
   "dependencies": {
     "7zip-bin": "^2.0.4",
-    "ajv": "^5.1.4",
-    "ajv-keywords": "^2.0.0",
+    "ajv": "^5.1.5",
+    "ajv-keywords": "^2.1.0",
     "archiver": "^1.3.0",
     "aws-sdk": "^2.58.0",
     "bluebird-lst": "^1.0.2",
@@ -84,7 +84,7 @@
     "develar-typescript-json-schema": "0.11.0",
     "env-paths": "^1.0.0",
     "globby": "^6.1.0",
-    "jest-cli": "^20.0.3",
+    "jest-cli": "^20.0.4",
     "jest-environment-node-debug": "^2.0.0",
     "jest-junit": "^1.5.1",
     "jsdoc-to-markdown": "^3.0.0",

packages/electron-builder/package.json

@@ -45,8 +45,8 @@
   "homepage": "https://github.com/electron-userland/electron-builder",
   "dependencies": {
     "7zip-bin": "^2.0.4",
-    "ajv": "^5.1.4",
-    "ajv-keywords": "^2.0.0",
+    "ajv": "^5.1.5",
+    "ajv-keywords": "^2.1.0",
     "bluebird-lst": "^1.0.2",
     "chalk": "^1.1.3",
     "chromium-pickle-js": "^0.2.0",

packages/electron-builder/src/macPackager.ts

@@ -125,7 +125,7 @@ export default class MacPackager extends PlatformPackager<MacOptions> {
       }
       else {
         // https://github.com/electron-userland/electron-builder/issues/1524
-        log("Current build is a part of pull request, code signing will be skipped." +
+        warn("Current build is a part of pull request, code signing will be skipped." +
           "\nSet env CSC_FOR_PULL_REQUEST to true to force code signing." +
           `\n${buildForPrWarning}`)
         return

packages/electron-builder/src/publish/PublishManager.ts

@@ -22,6 +22,9 @@ import { ArtifactCreated, BuildInfo } from "../packagerApi"
 import { PlatformPackager } from "../platformPackager"
 import { WinPackager } from "../winPackager"
 
+const publishForPrWarning = "There are serious security concerns with PUBLISH_FOR_PULL_REQUEST=true (see the  CircleCI documentation (https://circleci.com/docs/1.0/fork-pr-builds/) for details)" +
+  "\nIf you have SSH keys, sensitive env vars or AWS credentials stored in your project settings and untrusted forks can make pull requests against your repo, then this option isn't for you."
+
 export class PublishManager implements PublishContext {
   private readonly nameToPublisher = new Map<string, Publisher | null>()
 
@@ -33,7 +36,12 @@ export class PublishManager implements PublishContext {
   readonly progress = (<TtyWriteStream>process.stdout).isTTY ? new MultiProgress() : null
 
   constructor(packager: Packager, private readonly publishOptions: PublishOptions, readonly cancellationToken: CancellationToken) {
-    if (!isPullRequest()) {
+    const forcePublishForPr = process.env.PUBLISH_FOR_PULL_REQUEST === "true"
+    if (!isPullRequest() || forcePublishForPr) {
+      if (forcePublishForPr) {
+        warn(publishForPrWarning)
+      }
+
       if (publishOptions.publish === undefined) {
         if (process.env.npm_lifecycle_event === "release") {
           publishOptions.publish = "always"
@@ -56,7 +64,9 @@ export class PublishManager implements PublishContext {
       }
     }
     else if (publishOptions.publish !== "never") {
-      log("Current build is a part of pull request, publishing will be skipped")
+      log("Current build is a part of pull request, publishing will be skipped" +
+        "\nSet env PUBLISH_FOR_PULL_REQUEST to true to force code signing." +
+        `\n${publishForPrWarning}`)
     }
 
     packager.addAfterPackHandler(async event => {

test/src/windows/oneClickInstallerTest.ts

@@ -31,6 +31,9 @@ test("one-click", app({
 
 test.ifAll("multi language license", app({
   targets: Platform.WINDOWS.createTarget("nsis"),
+  config: {
+    publish: null,
+  },
 }, {
   projectDirCreated: projectDir => {
     return BluebirdPromise.all([
@@ -120,6 +123,7 @@ test.ifAll("menuCategory", app({
     productName: "Test Menu Category"
   },
   config: {
+    publish: null,
     nsis: {
       oneClick: false,
       menuCategory: true,
@@ -142,6 +146,7 @@ test.ifAll("string menuCategory", app({
     productName: "Test Menu Category"
   },
   config: {
+    publish: null,
     nsis: {
       oneClick: false,
       menuCategory: "Foo/Bar",