Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(github-releases): getDigest() #10947

Merged
merged 30 commits into from
Aug 5, 2021
Merged

feat(github-releases): getDigest() #10947

merged 30 commits into from
Aug 5, 2021

Conversation

thepwagner
Copy link
Contributor

@thepwagner thepwagner commented Jul 23, 2021

Changes:

Adds an implementation of getDigest() for the github-releases datasource.

Like #10931 , this implementation relies on passing the current version and digest to the query site:

  1. The current release is queried to identify the asset digested, called DigestAsset:
    1. In the first phase, <5KB assets attached to the release are download and parsed as checksum files (e.g. SHASUMS.txt, ${asset}.shasum). This uses string matching, so any digest algorithm is supported.
    2. If no checksum file is found, every asset attached to the release is fetched, hashed and compared. This is limited to sha256 and sha512 digests encoded in hexadecimal.
  2. The DigestAsset is mapped on to the corresponding next releases, with a mapper for filenames that include the version.

Context:

I want to be able to pin digests of assets attached to GitHub releases, I've assembled a few projects of interest in (and tested this branch against) https://github.com/thepwagner/renovate-github-releases-digests .

The method for mapping assets to digests is ported from updatedHash in a GitHub Action I use for maintaining dependencies; I'm hoping to archive that repo and use Renovate.

Supersedes #10931
Closes #7928

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please tick one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

@rarkins
Copy link
Collaborator

rarkins commented Jul 27, 2021

At a high level, this seems safe as it won't do anything unless there's a currentValue and currentDigest.

lib/datasource/index.ts Outdated Show resolved Hide resolved
lib/datasource/github-releases/types.ts Outdated Show resolved Hide resolved
lib/datasource/github-releases/index.ts Outdated Show resolved Hide resolved
lib/datasource/github-releases/index.ts Outdated Show resolved Hide resolved
lib/datasource/github-releases/index.ts Outdated Show resolved Hide resolved
lib/datasource/github-releases/index.ts Outdated Show resolved Hide resolved
@thepwagner thepwagner requested a review from viceice July 30, 2021 15:15
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some small things

lib/datasource/github-releases/index.spec.ts Outdated Show resolved Hide resolved
lib/datasource/github-releases/index.spec.ts Outdated Show resolved Hide resolved
@thepwagner thepwagner requested a review from viceice August 2, 2021 11:30
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add "**/test/**", to tsconfig.app.json exclude.

@rarkins rarkins requested a review from viceice August 5, 2021 12:27
viceice
viceice previously approved these changes Aug 5, 2021
@rarkins rarkins enabled auto-merge (squash) August 5, 2021 12:31
viceice
viceice previously approved these changes Aug 5, 2021
@rarkins rarkins merged commit 91e2743 into renovatebot:main Aug 5, 2021
@renovate-release
Copy link
Collaborator

🎉 This PR is included in version 25.69.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@thepwagner thepwagner deleted the renovate-7928 branch August 5, 2021 18:41
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 5, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Feature-Request] RegexManager Checksum-Download Support
5 participants