From 6e56f7a5a657d87c991269fdb2c44ff3eabc749e Mon Sep 17 00:00:00 2001 From: Tom Hu Date: Thu, 15 Apr 2021 11:25:10 -0400 Subject: [PATCH 1/8] Test version pulling --- src/index.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/index.ts b/src/index.ts index 12e294403..3a35c116c 100644 --- a/src/index.ts +++ b/src/index.ts @@ -14,6 +14,9 @@ try { timeout: 3000, url: 'https://codecov.io/bash', }, (error, response, body) => { + const bashVersion = body.match('VERSION=\"(.*)\"'); + conosole.log(bashVersion); + const {execArgs, options, filepath, failCi} = buildExec(); try { From 040839f579c614b247366096f5d107b52bb5f4b2 Mon Sep 17 00:00:00 2001 From: Tom Hu Date: Thu, 15 Apr 2021 22:08:27 -0400 Subject: [PATCH 2/8] Add validation of checksums --- dist/index.js | 243 ++++++++++++++++++++++++++++++++++++------- src/index.ts | 15 ++- src/validate.test.ts | 28 +++++ src/validate.ts | 58 +++++++++++ 4 files changed, 305 insertions(+), 39 deletions(-) create mode 100644 src/validate.test.ts create mode 100644 src/validate.ts diff --git a/dist/index.js b/dist/index.js index 707acd60f..38e0a3262 100644 --- a/dist/index.js +++ b/dist/index.js @@ -13152,12 +13152,49 @@ module.exports = {"$id":"log.json#","$schema":"http://json-schema.org/draft-06/s "use strict"; +var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { + function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } + return new (P || (P = Promise))(function (resolve, reject) { + function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } + function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } + function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); +}; +var __generator = (this && this.__generator) || function (thisArg, body) { + var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; + return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; + function verb(n) { return function (v) { return step([n, v]); }; } + function step(op) { + if (f) throw new TypeError("Generator is already executing."); + while (_) try { + if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; + if (y = 0, t) op = [op[0] & 2, t.value]; + switch (op[0]) { + case 0: case 1: t = op; break; + case 4: _.label++; return { value: op[1], done: false }; + case 5: _.label++; y = op[1]; op = [0]; continue; + case 7: op = _.ops.pop(); _.trys.pop(); continue; + default: + if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } + if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } + if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } + if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } + if (t[2]) _.ops.pop(); + _.trys.pop(); continue; + } + op = body.call(thisArg, _); + } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } + if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; + } +}; exports.__esModule = true; var core = __webpack_require__(470); var exec = __webpack_require__(986); var fs = __webpack_require__(747); var request = __webpack_require__(335); var buildExec_1 = __webpack_require__(983); +var validate_1 = __webpack_require__(743); var failCi; try { request({ @@ -13165,49 +13202,69 @@ try { maxAttempts: 10, timeout: 3000, url: 'https://codecov.io/bash', - }, function (error, response, body) { - var _a = buildExec_1["default"](), execArgs = _a.execArgs, options = _a.options, filepath = _a.filepath, failCi = _a.failCi; - try { - if (error && failCi) { - throw error; - } - else if (error) { - core.warning("Codecov warning: " + error.message); - } - fs.writeFile(filepath, body, function (err) { - if (err && failCi) { - throw err; - } - else if (err) { - core.warning("Codecov warning: " + err.message); - } - exec.exec('bash', execArgs, options)["catch"](function (err) { - if (failCi) { - core.setFailed("Codecov failed with the following error: " + err.message); + }, function (error, response, body) { return __awaiter(void 0, void 0, void 0, function () { + var _a, execArgs, options, filepath, failCi, isValid, failure, error_1; + return __generator(this, function (_b) { + switch (_b.label) { + case 0: + _a = buildExec_1["default"](), execArgs = _a.execArgs, options = _a.options, filepath = _a.filepath, failCi = _a.failCi; + _b.label = 1; + case 1: + _b.trys.push([1, 3, , 4]); + return [4 /*yield*/, validate_1["default"](body)]; + case 2: + isValid = _b.sent(); + if (!isValid) { + failure = 'Codecov failure: ' + + 'Bash script checksums do not match published values. ' + + 'Please contact security@codecov.io immediately.'; + core.setFailed(failure); + throw new Error(failure); } - else { - core.warning("Codecov warning: " + err.message); + if (error && failCi) { + throw error; } - }) - .then(function () { - unlinkFile(); - }); - var unlinkFile = function () { - fs.unlink(filepath, function (err) { + else if (error) { + core.warning("Codecov warning: " + error.message); + } + fs.writeFile(filepath, body, function (err) { if (err && failCi) { throw err; } else if (err) { core.warning("Codecov warning: " + err.message); } + exec.exec('bash', execArgs, options)["catch"](function (err) { + if (failCi) { + core.setFailed("Codecov failed with the following error: " + err.message); + } + else { + core.warning("Codecov warning: " + err.message); + } + }) + .then(function () { + unlinkFile(); + }); + var unlinkFile = function () { + fs.unlink(filepath, function (err) { + if (err && failCi) { + throw err; + } + else if (err) { + core.warning("Codecov warning: " + err.message); + } + }); + }; }); - }; - }); - } - catch (error) { - core.setFailed("Codecov failed with the following error: " + error.message); - } - }); + return [3 /*break*/, 4]; + case 3: + error_1 = _b.sent(); + core.setFailed("Codecov failed with the following error: " + error_1.message); + return [3 /*break*/, 4]; + case 4: return [2 /*return*/]; + } + }); + }); }); } catch (error) { if (failCi) { @@ -49116,7 +49173,123 @@ module.exports = function (data, opts) { /***/ }), -/* 743 */, +/* 743 */ +/***/ (function(__unusedmodule, exports, __webpack_require__) { + +"use strict"; + +var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { + function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } + return new (P || (P = Promise))(function (resolve, reject) { + function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } + function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } + function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); +}; +var __generator = (this && this.__generator) || function (thisArg, body) { + var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; + return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; + function verb(n) { return function (v) { return step([n, v]); }; } + function step(op) { + if (f) throw new TypeError("Generator is already executing."); + while (_) try { + if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; + if (y = 0, t) op = [op[0] & 2, t.value]; + switch (op[0]) { + case 0: case 1: t = op; break; + case 4: _.label++; return { value: op[1], done: false }; + case 5: _.label++; y = op[1]; op = [0]; continue; + case 7: op = _.ops.pop(); _.trys.pop(); continue; + default: + if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } + if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } + if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } + if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } + if (t[2]) _.ops.pop(); + _.trys.pop(); continue; + } + op = body.call(thisArg, _); + } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } + if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; + } +}; +exports.__esModule = true; +var crypto = __webpack_require__(417); +var core = __webpack_require__(470); +var request = __webpack_require__(335); +var validateUploader = function (body) { return __awaiter(void 0, void 0, void 0, function () { + var version, _i, _a, i, publicChecksum, uploaderChecksum; + return __generator(this, function (_b) { + switch (_b.label) { + case 0: + version = getVersion(body); + if (version === null) { + core.warning('Codecov could not identify the bash uploader version.'); + return [2 /*return*/, false]; + } + _i = 0, _a = [1, 256, 512]; + _b.label = 1; + case 1: + if (!(_i < _a.length)) return [3 /*break*/, 4]; + i = _a[_i]; + return [4 /*yield*/, retrieveChecksum(version, i)]; + case 2: + publicChecksum = _b.sent(); + uploaderChecksum = calculateChecksum(body, i); + if (uploaderChecksum !== publicChecksum.trim()) { + core.warning("Codecov " + version + " checksums for SHA1 failed to match.\n" + + ("Public checksum: " + publicChecksum) + + ("Uploader checksum: " + uploaderChecksum)); + return [2 /*return*/, false]; + } + _b.label = 3; + case 3: + _i++; + return [3 /*break*/, 1]; + case 4: return [2 /*return*/, true]; + } + }); +}); }; +var retrieveChecksum = function (version, encryption) { return __awaiter(void 0, void 0, void 0, function () { + var url, response, err_1; + return __generator(this, function (_a) { + switch (_a.label) { + case 0: + url = "https://raw.githubusercontent.com/codecov/codecov-bash/" + version + "/SHA" + encryption + "SUM"; + _a.label = 1; + case 1: + _a.trys.push([1, 3, , 4]); + return [4 /*yield*/, request({ + maxAttempts: 10, + timeout: 3000, + url: url, + })]; + case 2: + response = _a.sent(); + return [2 /*return*/, response.body]; + case 3: + err_1 = _a.sent(); + core.warning("Codecov could not retrieve checksum SHA" + encryption + " at " + url); + return [2 /*return*/, false]; + case 4: return [2 /*return*/]; + } + }); +}); }; +var calculateChecksum = function (body, i) { + var shasum = crypto.createHash("sha" + i); + shasum.update(body); + return shasum.digest('hex') + " codecov"; +}; +var getVersion = function (body) { + var regex = /VERSION="(.*)+"/g; + var match = regex.exec(body); + return match ? match[1] : null; +}; +exports["default"] = validateUploader; + + +/***/ }), /* 744 */ /***/ (function(module) { diff --git a/src/index.ts b/src/index.ts index 3a35c116c..4cb77680c 100644 --- a/src/index.ts +++ b/src/index.ts @@ -5,6 +5,7 @@ const fs = require('fs'); const request = require('requestretry'); import buildExec from './buildExec'; +import validateUploader from './validate'; let failCi; try { @@ -13,13 +14,19 @@ try { maxAttempts: 10, timeout: 3000, url: 'https://codecov.io/bash', - }, (error, response, body) => { - const bashVersion = body.match('VERSION=\"(.*)\"'); - conosole.log(bashVersion); - + }, async (error, response, body) => { const {execArgs, options, filepath, failCi} = buildExec(); try { + const isValid = await validateUploader(body); + if (!isValid) { + const failure = 'Codecov failure: ' + + 'Bash script checksums do not match published values. ' + + 'Please contact security@codecov.io immediately.'; + core.setFailed(failure); + throw new Error(failure); + } + if (error && failCi) { throw error; } else if (error) { diff --git a/src/validate.test.ts b/src/validate.test.ts new file mode 100644 index 000000000..4c0486d27 --- /dev/null +++ b/src/validate.test.ts @@ -0,0 +1,28 @@ +import validateUploader from './validate'; + +const request = require('requestretry'); + +const bashScript = (async () => { + try { + const script = await request({ + json: false, + maxAttempts: 10, + timeout: 3000, + url: 'https://codecov.io/bash', + }); + return script.body; + } catch (err) { + throw err; + } +}); + +test('validChecksums', async () => { + const valid = await validateUploader(await bashScript()); + expect(valid).toBeTruthy(); +}); + +test('invalidChecksums', async () => { + const script = await bashScript(); + const valid = await validateUploader(script.substring(0, script.length - 1)); + expect(valid).toBeFalsy(); +}); diff --git a/src/validate.ts b/src/validate.ts new file mode 100644 index 000000000..ebca49dee --- /dev/null +++ b/src/validate.ts @@ -0,0 +1,58 @@ +const crypto = require('crypto'); + +const core = require('@actions/core'); + +const request = require('requestretry'); + +const validateUploader = async (body) => { + const version = getVersion(body); + if (version === null) { + core.warning('Codecov could not identify the bash uploader version.'); + return false; + } + + for (const i of [1, 256, 512]) { + const publicChecksum = await retrieveChecksum(version, i); + const uploaderChecksum = calculateChecksum(body, i); + if (uploaderChecksum !== publicChecksum.trim()) { + core.warning( + `Codecov ${version} checksums for SHA1 failed to match.\n` + + `Public checksum: ${publicChecksum}` + + `Uploader checksum: ${uploaderChecksum}`, + ); + return false; + } + } + return true; +}; + +const retrieveChecksum = async (version, encryption) => { + const url = `https://raw.githubusercontent.com/codecov/codecov-bash/${version}/SHA${encryption}SUM`; + try { + const response = await request({ + maxAttempts: 10, + timeout: 3000, + url: url, + }); + return response.body; + } catch (err) { + core.warning( + `Codecov could not retrieve checksum SHA${encryption} at ${url}`, + ); + return false; + } +}; + +const calculateChecksum = (body, i) => { + const shasum = crypto.createHash(`sha${i}`); + shasum.update(body); + return `${shasum.digest('hex')} codecov`; +}; + +const getVersion = (body) => { + const regex = /VERSION="(.*)+"/g; + const match = regex.exec(body); + return match ? match[1] : null; +}; + +export default validateUploader; From 83cbbf806b7df1198914629c2d400fff96871c57 Mon Sep 17 00:00:00 2001 From: Tom Hu Date: Thu, 15 Apr 2021 22:10:41 -0400 Subject: [PATCH 3/8] Add another test --- src/validate.test.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/validate.test.ts b/src/validate.test.ts index 4c0486d27..fefb1863e 100644 --- a/src/validate.test.ts +++ b/src/validate.test.ts @@ -26,3 +26,9 @@ test('invalidChecksums', async () => { const valid = await validateUploader(script.substring(0, script.length - 1)); expect(valid).toBeFalsy(); }); + +test('invalidVersion', async () => { + const script = await bashScript(); + const valid = await validateUploader(script.substring(0, 20)); + expect(valid).toBeFalsy(); +}); From 444b352d525965b18b9926ffc62d0136cffabe33 Mon Sep 17 00:00:00 2001 From: Tom Hu Date: Thu, 15 Apr 2021 22:25:03 -0400 Subject: [PATCH 4/8] Update tests --- dist/index.js | 20 +++++++++----------- src/validate.test.ts | 13 +++++++++---- src/validate.ts | 20 ++++++++++---------- 3 files changed, 28 insertions(+), 25 deletions(-) diff --git a/dist/index.js b/dist/index.js index 38e0a3262..edbcbb308 100644 --- a/dist/index.js +++ b/dist/index.js @@ -49215,6 +49215,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) { } }; exports.__esModule = true; +exports.retrieveChecksum = void 0; var crypto = __webpack_require__(417); var core = __webpack_require__(470); var request = __webpack_require__(335); @@ -49233,7 +49234,7 @@ var validateUploader = function (body) { return __awaiter(void 0, void 0, void 0 case 1: if (!(_i < _a.length)) return [3 /*break*/, 4]; i = _a[_i]; - return [4 /*yield*/, retrieveChecksum(version, i)]; + return [4 /*yield*/, exports.retrieveChecksum(version, i)]; case 2: publicChecksum = _b.sent(); uploaderChecksum = calculateChecksum(body, i); @@ -49252,30 +49253,27 @@ var validateUploader = function (body) { return __awaiter(void 0, void 0, void 0 }); }); }; var retrieveChecksum = function (version, encryption) { return __awaiter(void 0, void 0, void 0, function () { - var url, response, err_1; + var url, response; return __generator(this, function (_a) { switch (_a.label) { case 0: url = "https://raw.githubusercontent.com/codecov/codecov-bash/" + version + "/SHA" + encryption + "SUM"; - _a.label = 1; - case 1: - _a.trys.push([1, 3, , 4]); return [4 /*yield*/, request({ maxAttempts: 10, timeout: 3000, url: url, })]; - case 2: + case 1: response = _a.sent(); + if (response.statusCode != 200) { + core.warning("Codecov could not retrieve checksum SHA" + encryption + " at " + url); + return [2 /*return*/, '']; + } return [2 /*return*/, response.body]; - case 3: - err_1 = _a.sent(); - core.warning("Codecov could not retrieve checksum SHA" + encryption + " at " + url); - return [2 /*return*/, false]; - case 4: return [2 /*return*/]; } }); }); }; +exports.retrieveChecksum = retrieveChecksum; var calculateChecksum = function (body, i) { var shasum = crypto.createHash("sha" + i); shasum.update(body); diff --git a/src/validate.test.ts b/src/validate.test.ts index fefb1863e..07305b41b 100644 --- a/src/validate.test.ts +++ b/src/validate.test.ts @@ -1,4 +1,4 @@ -import validateUploader from './validate'; +import validateUploader, {retrieveChecksum} from './validate'; const request = require('requestretry'); @@ -16,19 +16,24 @@ const bashScript = (async () => { } }); -test('validChecksums', async () => { +test('valid checksums', async () => { const valid = await validateUploader(await bashScript()); expect(valid).toBeTruthy(); }); -test('invalidChecksums', async () => { +test('invalid checksums', async () => { const script = await bashScript(); const valid = await validateUploader(script.substring(0, script.length - 1)); expect(valid).toBeFalsy(); }); -test('invalidVersion', async () => { +test('invalid script version', async () => { const script = await bashScript(); const valid = await validateUploader(script.substring(0, 20)); expect(valid).toBeFalsy(); }); + +test('invalid public checksum file', async () => { + const checksum = await retrieveChecksum('foo', 'bar'); + expect(checksum).toBeFalsy(); +}); diff --git a/src/validate.ts b/src/validate.ts index ebca49dee..a0ae35b3a 100644 --- a/src/validate.ts +++ b/src/validate.ts @@ -26,21 +26,21 @@ const validateUploader = async (body) => { return true; }; -const retrieveChecksum = async (version, encryption) => { +export const retrieveChecksum = async (version, encryption) => { const url = `https://raw.githubusercontent.com/codecov/codecov-bash/${version}/SHA${encryption}SUM`; - try { - const response = await request({ - maxAttempts: 10, - timeout: 3000, - url: url, - }); - return response.body; - } catch (err) { + const response = await request({ + maxAttempts: 10, + timeout: 3000, + url: url, + }); + + if (response.statusCode != 200) { core.warning( `Codecov could not retrieve checksum SHA${encryption} at ${url}`, ); - return false; + return ''; } + return response.body; }; const calculateChecksum = (body, i) => { From 5e8c27dd4da71820c8edbcac866f0061865ea684 Mon Sep 17 00:00:00 2001 From: Tom Hu Date: Thu, 15 Apr 2021 22:26:06 -0400 Subject: [PATCH 5/8] tab --- src/validate.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/validate.test.ts b/src/validate.test.ts index 07305b41b..f59c8384c 100644 --- a/src/validate.test.ts +++ b/src/validate.test.ts @@ -34,6 +34,6 @@ test('invalid script version', async () => { }); test('invalid public checksum file', async () => { - const checksum = await retrieveChecksum('foo', 'bar'); + const checksum = await retrieveChecksum('foo', 'bar'); expect(checksum).toBeFalsy(); }); From 5ab0dbc5848947c1c2f2f517af5542726947d5a3 Mon Sep 17 00:00:00 2001 From: Tom Hu Date: Thu, 15 Apr 2021 22:28:38 -0400 Subject: [PATCH 6/8] alpha --- action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 6a6792a3e..91c0e171d 100644 --- a/action.yml +++ b/action.yml @@ -59,6 +59,8 @@ inputs: name: description: 'User defined upload name. Visible in Codecov UI' required: false + network_filter: + description: 'Used to restrict the set of git/hg files that can be matched with filenames in the coverage report. This is useful for monorepos or other setups where a full filepath may not be specified in the coverage report, and that shortened filepath may appear multiple times in a directory structure (e.g. __init__.py)' override_branch: description: 'Specify the branch name' required: false @@ -74,8 +76,6 @@ inputs: override_tag: description: 'Specify the git tag' required: false - network_filter: - description: 'Used to restrict the set of git/hg files that can be matched with filenames in the coverage report. This is useful for monorepos or other setups where a full filepath may not be specified in the coverage report, and that shortened filepath may appear multiple times in a directory structure (e.g. __init__.py)' required: false path_to_write_report: description: 'Write upload file to path before uploading' From 6ac8172373797629be09bf125419cac0f99d53c9 Mon Sep 17 00:00:00 2001 From: Tom Hu Date: Thu, 15 Apr 2021 22:30:15 -0400 Subject: [PATCH 7/8] copypasta --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 91c0e171d..fa18b4ace 100644 --- a/action.yml +++ b/action.yml @@ -61,6 +61,7 @@ inputs: required: false network_filter: description: 'Used to restrict the set of git/hg files that can be matched with filenames in the coverage report. This is useful for monorepos or other setups where a full filepath may not be specified in the coverage report, and that shortened filepath may appear multiple times in a directory structure (e.g. __init__.py)' + required: false override_branch: description: 'Specify the branch name' required: false @@ -76,7 +77,6 @@ inputs: override_tag: description: 'Specify the git tag' required: false - required: false path_to_write_report: description: 'Write upload file to path before uploading' required: false From 864620acb9bd669e6ab7c30f8775e5226c22d52b Mon Sep 17 00:00:00 2001 From: Tom Hu Date: Fri, 16 Apr 2021 07:58:51 -0400 Subject: [PATCH 8/8] Use i not 1 --- dist/index.js | 2 +- src/validate.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/index.js b/dist/index.js index edbcbb308..ff84a32d3 100644 --- a/dist/index.js +++ b/dist/index.js @@ -49239,7 +49239,7 @@ var validateUploader = function (body) { return __awaiter(void 0, void 0, void 0 publicChecksum = _b.sent(); uploaderChecksum = calculateChecksum(body, i); if (uploaderChecksum !== publicChecksum.trim()) { - core.warning("Codecov " + version + " checksums for SHA1 failed to match.\n" + + core.warning("Codecov " + version + " checksums for SHA" + i + " failed to match.\n" + ("Public checksum: " + publicChecksum) + ("Uploader checksum: " + uploaderChecksum)); return [2 /*return*/, false]; diff --git a/src/validate.ts b/src/validate.ts index a0ae35b3a..68cbd63ad 100644 --- a/src/validate.ts +++ b/src/validate.ts @@ -16,7 +16,7 @@ const validateUploader = async (body) => { const uploaderChecksum = calculateChecksum(body, i); if (uploaderChecksum !== publicChecksum.trim()) { core.warning( - `Codecov ${version} checksums for SHA1 failed to match.\n` + + `Codecov ${version} checksums for SHA${i} failed to match.\n` + `Public checksum: ${publicChecksum}` + `Uploader checksum: ${uploaderChecksum}`, );