chore: switch to writeSecureFile from actions-utils (#535)

package.json

@@ -26,7 +26,7 @@
   "dependencies": {
     "@actions/core": "^1.6.0",
     "@actions/tool-cache": "^1.7.1",
-    "@google-github-actions/actions-utils": "^0.1.2",
+    "@google-github-actions/actions-utils": "^0.1.6",
     "@google-github-actions/setup-cloud-sdk": "^0.5.0"
   },
   "devDependencies": {

src/setup-gcloud.ts

@@ -29,8 +29,8 @@ import {
   errorMessage,
   isPinnedToHead,
   pinnedToHeadWarning,
+  writeSecureFile,
 } from '@google-github-actions/actions-utils';
-import { writeSecureFile } from './utils';
 import path from 'path';
 import crypto from 'crypto';
 

src/utils.ts

@@ -18,24 +18,6 @@
 
 import { promises as fs } from 'fs';
 
-/**
- * writeSecureFile writes a file to disk in a given directory with a
- * random name.
- *
- * @param outputPath Path in which to create random file in.
- * @param data Data to write to file.
- * @returns Path to written file.
- */
-export async function writeSecureFile(
-  outputPath: string,
-  data: string,
-): Promise<string> {
-  // Write the file as 0640 so the owner has RW, group as R, and the file is
-  // otherwise unreadable. Also write with EXCL to prevent a symlink attack.
-  await fs.writeFile(outputPath, data, { mode: 0o640, flag: 'wx' });
-  return outputPath;
-}
-
 /**
  * removeExportedCredentials removes any exported credentials file. If the file
  * does not exist, it does nothing.

tests/utils.test.ts

@@ -24,8 +24,9 @@ import { tmpdir } from 'os';
 import crypto from 'crypto';
 import path from 'path';
 
+import { writeSecureFile } from '@google-github-actions/actions-utils';
+
 import { removeExportedCredentials } from '../src/utils';
-import { writeSecureFile } from '../src/utils';
 
 describe('post', () => {
   describe('#removeExportedCredentials', () => {