Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump @hashicorp/js-releases from 1.5.0 to 1.5.1 #166

Merged
merged 2 commits into from Mar 30, 2022
Merged

Bump @hashicorp/js-releases from 1.5.0 to 1.5.1 #166

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8eefffb
Bump @hashicorp/js-releases from 1.5.0 to 1.5.1
dependabot[bot] Mar 21, 2022
8545844
run build
jpogran Mar 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
56 changes: 30 additions & 26 deletions dist/index.js
View file
Open in desktop
Expand Up @@ -6495,8 +6495,11 @@ const crypto = __nccwpck_require__(6113);
const fs = __nccwpck_require__(7147);
const openpgp = __nccwpck_require__(7946);
const semver = __nccwpck_require__(2221);
const stream = __nccwpck_require__(2781);
const yauzl = __nccwpck_require__(8781);
const util_1 = __nccwpck_require__(3837);
const utils_1 = __nccwpck_require__(698);
const finished = (0, util_1.promisify)(stream.finished);
const hashiPublicKeyId = '72D7468F';
const hashiPublicKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----

Expand Down Expand Up @@ -6621,41 +6624,37 @@ ZF5q4h4I33PSGDdSvGXn9UMY5Isjpg==
=7pIB

-----END PGP PUBLIC KEY BLOCK-----`;
const releasesUrl = "https://releases.hashicorp.com";
const releasesUrl = 'https://releases.hashicorp.com';
class Release {
constructor(release) {
this.name = release.name;
this.version = release.version;
this.builds = release.builds;
this.shasums = release.shasums;
if (release.shasums_signatures) {
this.shasums_signature = release.shasums_signatures.find(sig => sig.endsWith(`_SHA256SUMS.${hashiPublicKeyId}.sig`));
this.shasums_signature = release.shasums_signatures.find((sig) => sig.endsWith(`_SHA256SUMS.${hashiPublicKeyId}.sig`));
}
else {
this.shasums_signature = release.shasums_signature;
}
}
getBuild(platform, arch) {
return this.builds.find(b => b.os === platform && b.arch === arch);
return this.builds.find((b) => b.os === platform && b.arch === arch);
}
download(downloadUrl, installPath, identifier) {
const headers = { 'User-Agent': identifier };
return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {
try {
const result = yield (0, utils_1.request)(downloadUrl, { headers: Object.assign({}, headers), responseType: 'stream' });
result.pipe(fs.createWriteStream(installPath));
resolve();
}
catch (e) {
return reject(e.message);
}
}));
return __awaiter(this, void 0, void 0, function* () {
const headers = { 'User-Agent': identifier };
const writer = fs.createWriteStream(installPath);
const result = yield (0, utils_1.request)(downloadUrl, { headers: Object.assign({}, headers), responseType: 'stream' });
result.pipe(writer);
yield finished(writer);
});
}
verify(pkg, buildName) {
return __awaiter(this, void 0, void 0, function* () {
const [localSum, remoteSum] = yield Promise.all([
this.calculateFileSha256Sum(pkg),
this.downloadSha256Sum(buildName)
this.downloadSha256Sum(buildName),
]);
if (remoteSum !== localSum) {
throw new Error(`Install error: SHA sum for ${buildName} does not match.\n` +
Expand All @@ -6668,32 +6667,36 @@ class Release {
const hash = crypto.createHash('sha256');
fs.createReadStream(path)
.on('error', reject)
.on('data', data => hash.update(data))
.on('data', (data) => hash.update(data))
.on('end', () => resolve(hash.digest('hex')));
});
}
downloadSha256Sum(buildName) {
return __awaiter(this, void 0, void 0, function* () {
const [shasumsResponse, shasumsSignature] = yield Promise.all([
(0, utils_1.request)(`${releasesUrl}/${this.name}/${this.version}/${this.shasums}`),
(0, utils_1.request)(`${releasesUrl}/${this.name}/${this.version}/${this.shasums_signature}`),
(0, utils_1.request)(`${releasesUrl}/${this.name}/${this.version}/${this.shasums}`, {
responseType: 'text',
}),
(0, utils_1.request)(`${releasesUrl}/${this.name}/${this.version}/${this.shasums_signature}`, {
responseType: 'arraybuffer',
}),
]);
const publicKey = yield openpgp.readKey({ armoredKey: hashiPublicKey });
const signature = yield openpgp.readSignature({ binarySignature: Buffer.from(shasumsSignature, 'hex') });
const message = yield openpgp.createMessage({ text: shasumsResponse });
const verified = yield openpgp.verify({
message: message,
verificationKeys: publicKey,
signature: signature
signature: signature,
});
if (!verified) {
throw new Error('signature could not be verified');
}
const shasumLine = shasumsResponse.split(`\n`).find(line => line.includes(buildName));
const shasumLine = shasumsResponse.split(`\n`).find((line) => line.includes(buildName));
if (!shasumLine) {
throw new Error(`Install error: no matching SHA sum for ${buildName}`);
}
return shasumLine.split(" ")[0];
return shasumLine.split(' ')[0];
});
}
unpack(directory, pkgName) {
Expand Down Expand Up @@ -6735,8 +6738,9 @@ function getRelease(product, version, userAgent, includePrerelease) {
const headers = userAgent ? { 'User-Agent': userAgent } : null;
const response = yield (0, utils_1.request)(indexUrl, { headers });
let release;
if (!validVersion) { // pick the latest release (prereleases will be skipped for safety, set an explicit version instead)
const releaseVersions = Object.keys(response.versions).filter(v => !semver.prerelease(v));
if (!validVersion) {
// pick the latest release (prereleases will be skipped for safety, set an explicit version instead)
const releaseVersions = Object.keys(response.versions).filter((v) => !semver.prerelease(v));
version = releaseVersions.sort((a, b) => semver.rcompare(a, b))[0];
release = new Release(response.versions[version]);
}
Expand All @@ -6756,7 +6760,7 @@ function matchVersion(versions, range, includePrerelease) {
return new Release(versions[version]);
}
else {
throw new Error("No matching version found");
throw new Error('No matching version found');
}
}
//# sourceMappingURL=index.js.map
Expand All @@ -6781,8 +6785,8 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.request = void 0;
const axios_1 = __nccwpck_require__(6545);
const ProxyAgent = __nccwpck_require__(7367);
const httpProxy = process.env["HTTP_PROXY"] || process.env["http_proxy"];
const httpsProxy = process.env["HTTPS_PROXY"] || process.env["https_proxy"];
const httpProxy = process.env['HTTP_PROXY'] || process.env['http_proxy'];
const httpsProxy = process.env['HTTPS_PROXY'] || process.env['https_proxy'];
let proxyConf = {};
if (httpProxy || httpsProxy) {
proxyConf = {
Expand Down
6 changes: 3 additions & 3 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Expand Up @@ -23,7 +23,7 @@
"@actions/github": "^5.0.0",
"@actions/io": "^1.1.1",
"@actions/tool-cache": "^1.7.1",
"@hashicorp/js-releases": "^1.5.0"
"@hashicorp/js-releases": "^1.5.1"
},
"devDependencies": {
"@vercel/ncc": "0.33.3",
Expand Down