Compare commits

...

7 Commits

Author SHA1 Message Date
Jan-Kåre Solbakken
489b1f5fef
Merge c955c43bf4 into 97ca147735 2024-09-12 11:41:23 +02:00
Joel Ambass
97ca147735
Merge pull request #1125 from actions/add-is-release-workflow
Add workflow file for publishing releases to immutable action package
2024-09-10 15:29:38 +02:00
Joel Ambass
aa363ded8f Create publish-immutable-action.yml 2024-09-10 15:23:39 +02:00
Priya Gupta
1c7b2db920
Fix: windows arm64 setup (#1126)
* Add condition to ensure ZIP extraction targets only Windows ARM64 official archives

* Bumps micromatch from 4.0.5 to 4.0.8
2024-09-06 14:30:34 -05:00
J-K. Solbakken
c955c43bf4
removed unused import 2024-02-05 19:40:23 +01:00
J-K. Solbakken
8d3d0041fe
adds the ability to set ignore-scripts in npm config 2024-02-05 19:38:46 +01:00
J-K. Solbakken
e54c83ad43
ignore built artifacts 2024-02-05 19:21:57 +01:00
13 changed files with 159 additions and 14 deletions

View File

@ -0,0 +1,22 @@
name: 'Publish Immutable Action Version'
on:
release:
types: [created]
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
- name: Checking out
uses: actions/checkout@v4
- name: Publish
id: publish
uses: actions/publish-immutable-action@0.0.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}

3
.gitignore vendored
View File

@ -93,3 +93,6 @@ typings/
# DynamoDB Local files # DynamoDB Local files
.dynamodb/ .dynamodb/
# Built artifacts
dist/

View File

@ -76,6 +76,10 @@ See [action.yml](action.yml)
# Set always-auth option in npmrc file. # Set always-auth option in npmrc file.
# Default: '' # Default: ''
always-auth: '' always-auth: ''
# Set ignore-scripts in npmrc file to prevent pre and postinstall scripts from running as they are a potential security problem.
# Default: false
ignore-scripts: false
``` ```
<!-- end usage --> <!-- end usage -->

View File

@ -0,0 +1,46 @@
import path from 'path';
import fs from 'fs';
import * as ignorescripts from '../src/ignore-scripts';
import {getNpmrcLocation} from '../src/util';
let rcFile: string;
describe('ignore-scripts tests', () => {
const runnerDir = path.join(__dirname, 'runner');
beforeEach(async () => {
rcFile = getNpmrcLocation();
}, 5000);
afterEach(async () => {
fs.unlinkSync(rcFile);
rcFile = getNpmrcLocation();
}, 10000);
it('sets the value to true according to input', async () => {
ignorescripts.ignoreScriptsInNpmConfig('true');
const rcContents = fs.readFileSync(rcFile).toString();
expect(rcContents).toMatch('\nignore-scripts=true\n');
});
it('sets the value to false according to input', async () => {
ignorescripts.ignoreScriptsInNpmConfig('false');
const rcContents = fs.readFileSync(rcFile).toString();
expect(rcContents).toMatch('\nignore-scripts=false\n');
});
it('defaults to false on empty input', async () => {
ignorescripts.ignoreScriptsInNpmConfig('');
const rcContents = fs.readFileSync(rcFile).toString();
expect(rcContents).toMatch('\nignore-scripts=false\n');
});
it('preserves existing npmrc file contents', async () => {
fs.writeFileSync(getNpmrcLocation(), 'something\nwhatever\nstuff');
ignorescripts.ignoreScriptsInNpmConfig('true');
const rcContents = fs.readFileSync(rcFile).toString();
expect(rcContents).toMatch(
'something\nwhatever\nstuff\nignore-scripts=true\n'
);
});
});

View File

@ -25,6 +25,9 @@ inputs:
description: 'Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm.' description: 'Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm.'
cache-dependency-path: cache-dependency-path:
description: 'Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. Supports wildcards or a list of file names for caching multiple dependencies.' description: 'Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. Supports wildcards or a list of file names for caching multiple dependencies.'
ignore-scripts:
description: 'Set ignore-scripts in npmrc to prevent pre and postinstall scripts from running as they are a potential security problem.'
default: 'false'
# TODO: add input to control forcing to pull from cloud or dist. # TODO: add input to control forcing to pull from cloud or dist.
# escape valve for someone having issues or needing the absolute latest which isn't cached yet # escape valve for someone having issues or needing the absolute latest which isn't cached yet
outputs: outputs:

View File

@ -84064,7 +84064,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod }; return (mod && mod.__esModule) ? mod : { "default": mod };
}; };
Object.defineProperty(exports, "__esModule", ({ value: true })); Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.unique = exports.printEnvDetailsAndSetOutput = exports.getNodeVersionFromFile = void 0; exports.defaultIfEmpty = exports.getNpmrcLocation = exports.unique = exports.printEnvDetailsAndSetOutput = exports.getNodeVersionFromFile = void 0;
const core = __importStar(__nccwpck_require__(2186)); const core = __importStar(__nccwpck_require__(2186));
const exec = __importStar(__nccwpck_require__(1514)); const exec = __importStar(__nccwpck_require__(1514));
const io = __importStar(__nccwpck_require__(7436)); const io = __importStar(__nccwpck_require__(7436));
@ -84162,6 +84162,12 @@ const unique = () => {
}; };
}; };
exports.unique = unique; exports.unique = unique;
const getNpmrcLocation = () => {
return path_1.default.resolve(process.env['RUNNER_TEMP'] || process.cwd(), '.npmrc');
};
exports.getNpmrcLocation = getNpmrcLocation;
const defaultIfEmpty = (input, defaultValue) => input.length === 0 ? defaultValue : input;
exports.defaultIfEmpty = defaultIfEmpty;
/***/ }), /***/ }),

42
dist/setup/index.js vendored
View File

@ -93883,7 +93883,7 @@ class BaseDistribution {
} }
throw err; throw err;
} }
const toolPath = yield this.extractArchive(downloadPath, info); const toolPath = yield this.extractArchive(downloadPath, info, true);
core.info('Done'); core.info('Done');
return toolPath; return toolPath;
}); });
@ -93933,7 +93933,7 @@ class BaseDistribution {
return toolPath; return toolPath;
}); });
} }
extractArchive(downloadPath, info) { extractArchive(downloadPath, info, isOfficialArchive) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
// //
// Extract // Extract
@ -93948,7 +93948,7 @@ class BaseDistribution {
// on Windows runners without PowerShell Core. // on Windows runners without PowerShell Core.
// //
// For default PowerShell Windows it should contain extension type to unpack it. // For default PowerShell Windows it should contain extension type to unpack it.
if (extension === '.zip') { if (extension === '.zip' && isOfficialArchive) {
const renamedArchive = `${downloadPath}.zip`; const renamedArchive = `${downloadPath}.zip`;
fs_1.default.renameSync(downloadPath, renamedArchive); fs_1.default.renameSync(downloadPath, renamedArchive);
extPath = yield tc.extractZip(renamedArchive); extPath = yield tc.extractZip(renamedArchive);
@ -94186,7 +94186,7 @@ class OfficialBuilds extends base_distribution_1.default {
core.info(`Acquiring ${versionInfo.resolvedVersion} - ${versionInfo.arch} from ${versionInfo.downloadUrl}`); core.info(`Acquiring ${versionInfo.resolvedVersion} - ${versionInfo.arch} from ${versionInfo.downloadUrl}`);
downloadPath = yield tc.downloadTool(versionInfo.downloadUrl, undefined, this.nodeInfo.auth); downloadPath = yield tc.downloadTool(versionInfo.downloadUrl, undefined, this.nodeInfo.auth);
if (downloadPath) { if (downloadPath) {
toolPath = yield this.extractArchive(downloadPath, versionInfo); toolPath = yield this.extractArchive(downloadPath, versionInfo, false);
} }
} }
else { else {
@ -94371,6 +94371,29 @@ class CanaryBuild extends base_distribution_prerelease_1.default {
exports["default"] = CanaryBuild; exports["default"] = CanaryBuild;
/***/ }),
/***/ 6572:
/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
"use strict";
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.ignoreScriptsInNpmConfig = void 0;
const fs_1 = __nccwpck_require__(7147);
const util_1 = __nccwpck_require__(2629);
const ignoreScriptsInNpmConfig = (ignore) => {
const nonEmptyInput = (0, util_1.defaultIfEmpty)(ignore, 'false');
const ignored = JSON.parse(nonEmptyInput);
appendToNpmrc(ignored);
};
exports.ignoreScriptsInNpmConfig = ignoreScriptsInNpmConfig;
const appendToNpmrc = (ignoreScripts) => {
const npmrc = (0, util_1.getNpmrcLocation)();
(0, fs_1.writeFileSync)(npmrc, `\nignore-scripts=${ignoreScripts}\n`, { flag: 'a' });
};
/***/ }), /***/ }),
/***/ 399: /***/ 399:
@ -94424,6 +94447,7 @@ const cache_utils_1 = __nccwpck_require__(1678);
const installer_factory_1 = __nccwpck_require__(5617); const installer_factory_1 = __nccwpck_require__(5617);
const util_1 = __nccwpck_require__(2629); const util_1 = __nccwpck_require__(2629);
const constants_1 = __nccwpck_require__(9042); const constants_1 = __nccwpck_require__(9042);
const ignore_scripts_1 = __nccwpck_require__(6572);
function run() { function run() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
try { try {
@ -94463,6 +94487,8 @@ function run() {
if (registryUrl) { if (registryUrl) {
auth.configAuthentication(registryUrl, alwaysAuth); auth.configAuthentication(registryUrl, alwaysAuth);
} }
const ignoreScripts = core.getInput('ignore-scripts');
(0, ignore_scripts_1.ignoreScriptsInNpmConfig)(ignoreScripts);
if (cache && (0, cache_utils_1.isCacheFeatureAvailable)()) { if (cache && (0, cache_utils_1.isCacheFeatureAvailable)()) {
core.saveState(constants_1.State.CachePackageManager, cache); core.saveState(constants_1.State.CachePackageManager, cache);
const cacheDependencyPath = core.getInput('cache-dependency-path'); const cacheDependencyPath = core.getInput('cache-dependency-path');
@ -94546,7 +94572,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod }; return (mod && mod.__esModule) ? mod : { "default": mod };
}; };
Object.defineProperty(exports, "__esModule", ({ value: true })); Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.unique = exports.printEnvDetailsAndSetOutput = exports.getNodeVersionFromFile = void 0; exports.defaultIfEmpty = exports.getNpmrcLocation = exports.unique = exports.printEnvDetailsAndSetOutput = exports.getNodeVersionFromFile = void 0;
const core = __importStar(__nccwpck_require__(2186)); const core = __importStar(__nccwpck_require__(2186));
const exec = __importStar(__nccwpck_require__(1514)); const exec = __importStar(__nccwpck_require__(1514));
const io = __importStar(__nccwpck_require__(7436)); const io = __importStar(__nccwpck_require__(7436));
@ -94644,6 +94670,12 @@ const unique = () => {
}; };
}; };
exports.unique = unique; exports.unique = unique;
const getNpmrcLocation = () => {
return path_1.default.resolve(process.env['RUNNER_TEMP'] || process.cwd(), '.npmrc');
};
exports.getNpmrcLocation = getNpmrcLocation;
const defaultIfEmpty = (input, defaultValue) => input.length === 0 ? defaultValue : input;
exports.defaultIfEmpty = defaultIfEmpty;
/***/ }), /***/ }),

8
package-lock.json generated
View File

@ -4429,12 +4429,12 @@
} }
}, },
"node_modules/micromatch": { "node_modules/micromatch": {
"version": "4.0.5", "version": "4.0.8",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
"dev": true, "dev": true,
"dependencies": { "dependencies": {
"braces": "^3.0.2", "braces": "^3.0.3",
"picomatch": "^2.3.1" "picomatch": "^2.3.1"
}, },
"engines": { "engines": {

View File

@ -150,7 +150,7 @@ export default abstract class BaseDistribution {
throw err; throw err;
} }
const toolPath = await this.extractArchive(downloadPath, info); const toolPath = await this.extractArchive(downloadPath, info, true);
core.info('Done'); core.info('Done');
return toolPath; return toolPath;
@ -210,7 +210,8 @@ export default abstract class BaseDistribution {
protected async extractArchive( protected async extractArchive(
downloadPath: string, downloadPath: string,
info: INodeVersionInfo | null info: INodeVersionInfo | null,
isOfficialArchive?: boolean
) { ) {
// //
// Extract // Extract
@ -225,7 +226,7 @@ export default abstract class BaseDistribution {
// on Windows runners without PowerShell Core. // on Windows runners without PowerShell Core.
// //
// For default PowerShell Windows it should contain extension type to unpack it. // For default PowerShell Windows it should contain extension type to unpack it.
if (extension === '.zip') { if (extension === '.zip' && isOfficialArchive) {
const renamedArchive = `${downloadPath}.zip`; const renamedArchive = `${downloadPath}.zip`;
fs.renameSync(downloadPath, renamedArchive); fs.renameSync(downloadPath, renamedArchive);
extPath = await tc.extractZip(renamedArchive); extPath = await tc.extractZip(renamedArchive);

View File

@ -88,7 +88,11 @@ export default class OfficialBuilds extends BaseDistribution {
); );
if (downloadPath) { if (downloadPath) {
toolPath = await this.extractArchive(downloadPath, versionInfo); toolPath = await this.extractArchive(
downloadPath,
versionInfo,
false
);
} }
} else { } else {
core.info( core.info(

13
src/ignore-scripts.ts Normal file
View File

@ -0,0 +1,13 @@
import {writeFileSync} from 'fs';
import {defaultIfEmpty, getNpmrcLocation} from './util';
export const ignoreScriptsInNpmConfig = (ignore: string): void => {
const nonEmptyInput: string = defaultIfEmpty(ignore, 'false');
const ignored: boolean = JSON.parse(nonEmptyInput);
appendToNpmrc(ignored);
};
const appendToNpmrc = (ignoreScripts: boolean): void => {
const npmrc = getNpmrcLocation();
writeFileSync(npmrc, `\nignore-scripts=${ignoreScripts}\n`, {flag: 'a'});
};

View File

@ -9,6 +9,7 @@ import {isCacheFeatureAvailable} from './cache-utils';
import {getNodejsDistribution} from './distributions/installer-factory'; import {getNodejsDistribution} from './distributions/installer-factory';
import {getNodeVersionFromFile, printEnvDetailsAndSetOutput} from './util'; import {getNodeVersionFromFile, printEnvDetailsAndSetOutput} from './util';
import {State} from './constants'; import {State} from './constants';
import {ignoreScriptsInNpmConfig} from './ignore-scripts';
export async function run() { export async function run() {
try { try {
@ -59,6 +60,9 @@ export async function run() {
auth.configAuthentication(registryUrl, alwaysAuth); auth.configAuthentication(registryUrl, alwaysAuth);
} }
const ignoreScripts: string = core.getInput('ignore-scripts');
ignoreScriptsInNpmConfig(ignoreScripts);
if (cache && isCacheFeatureAvailable()) { if (cache && isCacheFeatureAvailable()) {
core.saveState(State.CachePackageManager, cache); core.saveState(State.CachePackageManager, cache);
const cacheDependencyPath = core.getInput('cache-dependency-path'); const cacheDependencyPath = core.getInput('cache-dependency-path');

View File

@ -106,3 +106,10 @@ export const unique = () => {
return true; return true;
}; };
}; };
export const getNpmrcLocation: () => string = () => {
return path.resolve(process.env['RUNNER_TEMP'] || process.cwd(), '.npmrc');
};
export const defaultIfEmpty = (input: string, defaultValue: string): string =>
input.length === 0 ? defaultValue : input;