Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump @hashicorp/js-releases from 1.5.0 to 1.5.1 #166

Merged
merged 2 commits into from
Mar 30, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 30 additions & 26 deletions dist/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -6495,8 +6495,11 @@ const crypto = __nccwpck_require__(6113);
const fs = __nccwpck_require__(7147);
const openpgp = __nccwpck_require__(7946);
const semver = __nccwpck_require__(2221);
const stream = __nccwpck_require__(2781);
const yauzl = __nccwpck_require__(8781);
const util_1 = __nccwpck_require__(3837);
const utils_1 = __nccwpck_require__(698);
const finished = (0, util_1.promisify)(stream.finished);
const hashiPublicKeyId = '72D7468F';
const hashiPublicKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----

Expand Down Expand Up @@ -6621,41 +6624,37 @@ ZF5q4h4I33PSGDdSvGXn9UMY5Isjpg==
=7pIB

-----END PGP PUBLIC KEY BLOCK-----`;
const releasesUrl = "https://releases.hashicorp.com";
const releasesUrl = 'https://releases.hashicorp.com';
class Release {
constructor(release) {
this.name = release.name;
this.version = release.version;
this.builds = release.builds;
this.shasums = release.shasums;
if (release.shasums_signatures) {
this.shasums_signature = release.shasums_signatures.find(sig => sig.endsWith(`_SHA256SUMS.${hashiPublicKeyId}.sig`));
this.shasums_signature = release.shasums_signatures.find((sig) => sig.endsWith(`_SHA256SUMS.${hashiPublicKeyId}.sig`));
}
else {
this.shasums_signature = release.shasums_signature;
}
}
getBuild(platform, arch) {
return this.builds.find(b => b.os === platform && b.arch === arch);
return this.builds.find((b) => b.os === platform && b.arch === arch);
}
download(downloadUrl, installPath, identifier) {
const headers = { 'User-Agent': identifier };
return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {
try {
const result = yield (0, utils_1.request)(downloadUrl, { headers: Object.assign({}, headers), responseType: 'stream' });
result.pipe(fs.createWriteStream(installPath));
resolve();
}
catch (e) {
return reject(e.message);
}
}));
return __awaiter(this, void 0, void 0, function* () {
const headers = { 'User-Agent': identifier };
const writer = fs.createWriteStream(installPath);
const result = yield (0, utils_1.request)(downloadUrl, { headers: Object.assign({}, headers), responseType: 'stream' });
result.pipe(writer);
yield finished(writer);
});
}
verify(pkg, buildName) {
return __awaiter(this, void 0, void 0, function* () {
const [localSum, remoteSum] = yield Promise.all([
this.calculateFileSha256Sum(pkg),
this.downloadSha256Sum(buildName)
this.downloadSha256Sum(buildName),
]);
if (remoteSum !== localSum) {
throw new Error(`Install error: SHA sum for ${buildName} does not match.\n` +
Expand All @@ -6668,32 +6667,36 @@ class Release {
const hash = crypto.createHash('sha256');
fs.createReadStream(path)
.on('error', reject)
.on('data', data => hash.update(data))
.on('data', (data) => hash.update(data))
.on('end', () => resolve(hash.digest('hex')));
});
}
downloadSha256Sum(buildName) {
return __awaiter(this, void 0, void 0, function* () {
const [shasumsResponse, shasumsSignature] = yield Promise.all([
(0, utils_1.request)(`${releasesUrl}/${this.name}/${this.version}/${this.shasums}`),
(0, utils_1.request)(`${releasesUrl}/${this.name}/${this.version}/${this.shasums_signature}`),
(0, utils_1.request)(`${releasesUrl}/${this.name}/${this.version}/${this.shasums}`, {
responseType: 'text',
}),
(0, utils_1.request)(`${releasesUrl}/${this.name}/${this.version}/${this.shasums_signature}`, {
responseType: 'arraybuffer',
}),
]);
const publicKey = yield openpgp.readKey({ armoredKey: hashiPublicKey });
const signature = yield openpgp.readSignature({ binarySignature: Buffer.from(shasumsSignature, 'hex') });
const message = yield openpgp.createMessage({ text: shasumsResponse });
const verified = yield openpgp.verify({
message: message,
verificationKeys: publicKey,
signature: signature
signature: signature,
});
if (!verified) {
throw new Error('signature could not be verified');
}
const shasumLine = shasumsResponse.split(`\n`).find(line => line.includes(buildName));
const shasumLine = shasumsResponse.split(`\n`).find((line) => line.includes(buildName));
if (!shasumLine) {
throw new Error(`Install error: no matching SHA sum for ${buildName}`);
}
return shasumLine.split(" ")[0];
return shasumLine.split(' ')[0];
});
}
unpack(directory, pkgName) {
Expand Down Expand Up @@ -6735,8 +6738,9 @@ function getRelease(product, version, userAgent, includePrerelease) {
const headers = userAgent ? { 'User-Agent': userAgent } : null;
const response = yield (0, utils_1.request)(indexUrl, { headers });
let release;
if (!validVersion) { // pick the latest release (prereleases will be skipped for safety, set an explicit version instead)
const releaseVersions = Object.keys(response.versions).filter(v => !semver.prerelease(v));
if (!validVersion) {
// pick the latest release (prereleases will be skipped for safety, set an explicit version instead)
const releaseVersions = Object.keys(response.versions).filter((v) => !semver.prerelease(v));
version = releaseVersions.sort((a, b) => semver.rcompare(a, b))[0];
release = new Release(response.versions[version]);
}
Expand All @@ -6756,7 +6760,7 @@ function matchVersion(versions, range, includePrerelease) {
return new Release(versions[version]);
}
else {
throw new Error("No matching version found");
throw new Error('No matching version found');
}
}
//# sourceMappingURL=index.js.map
Expand All @@ -6781,8 +6785,8 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.request = void 0;
const axios_1 = __nccwpck_require__(6545);
const ProxyAgent = __nccwpck_require__(7367);
const httpProxy = process.env["HTTP_PROXY"] || process.env["http_proxy"];
const httpsProxy = process.env["HTTPS_PROXY"] || process.env["https_proxy"];
const httpProxy = process.env['HTTP_PROXY'] || process.env['http_proxy'];
const httpsProxy = process.env['HTTPS_PROXY'] || process.env['https_proxy'];
let proxyConf = {};
if (httpProxy || httpsProxy) {
proxyConf = {
Expand Down
6 changes: 3 additions & 3 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
"@actions/github": "^5.0.0",
"@actions/io": "^1.1.1",
"@actions/tool-cache": "^1.7.1",
"@hashicorp/js-releases": "^1.5.0"
"@hashicorp/js-releases": "^1.5.1"
},
"devDependencies": {
"@vercel/ncc": "0.33.3",
Expand Down