codecov/codecov-action
1
0
Fork 0
mirror of https://github.com/codecov/codecov-action.git synced 2026-03-29 17:35:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Pull in bash script

Browse Source
This commit is contained in:
Tom Hu
2021-04-29 17:22:53 -04:00
parent 31d2c8f775
commit 9f471fc6f8
9 changed files with 4115 additions and 53700 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1884
src/codecov Normal file
View File

File diff suppressed because it is too large Load Diff

78
src/index.ts
View File

@@ -2,73 +2,45 @@ const core = require('@actions/core');
const exec = require('@actions/exec');
const fs = require('fs');
const request = require('requestretry');
import buildExec from './buildExec';
import validateUploader from './validate';
const codecovScript = fs.readFileSync(__dirname + '/codecov');
let failCi;
try {
request({
json: false,
maxAttempts: 10,
timeout: 3000,
url: 'https://codecov.io/bash',
}, async (error, response, body) => {
const {execArgs, options, filepath, failCi} = buildExec();
const {execArgs, options, filepath, failCi} = buildExec();
try {
const isValid = validateUploader(body);
if (!isValid) {
const failure = 'Codecov failure: ' +
'Bash script checksums do not match published values. ' +
'Please contact security@codecov.io immediately.';
core.setFailed(failure);
throw new Error(failure);
}
fs.writeFile(filepath, codecovScript, (err) => {
if (err && failCi) {
throw err;
} else if (err) {
core.warning(`Codecov warning: ${err.message}`);
}
if (error && failCi) {
throw error;
} else if (error) {
core.warning(`Codecov warning: ${error.message}`);
}
exec.exec('bash', execArgs, options)
.catch((err) => {
if (failCi) {
core.setFailed(
`Codecov failed with the following error: ${err.message}`,
);
} else {
core.warning(`Codecov warning: ${err.message}`);
}
})
.then(() => {
unlinkFile();
});
fs.writeFile(filepath, body, (err) => {
const unlinkFile = () => {
fs.unlink(filepath, (err) => {
if (err && failCi) {
throw err;
} else if (err) {
core.warning(`Codecov warning: ${err.message}`);
}
exec.exec('bash', execArgs, options)
.catch((err) => {
if (failCi) {
core.setFailed(
`Codecov failed with the following error: ${err.message}`,
);
} else {
core.warning(`Codecov warning: ${err.message}`);
}
})
.then(() => {
unlinkFile();
});
const unlinkFile = () => {
fs.unlink(filepath, (err) => {
if (err && failCi) {
throw err;
} else if (err) {
core.warning(`Codecov warning: ${err.message}`);
}
});
};
});
} catch (error) {
core.setFailed(
`Codecov failed with the following error: ${error.message}`,
);
}
};
});
} catch (error) {
if (failCi) {

50
src/validate.test.ts
View File

@@ -1,50 +0,0 @@
import validateUploader, {retrieveChecksum} from './validate';
const request = require('requestretry');
const bashScript = (async () => {
try {
const script = await request({
json: false,
maxAttempts: 10,
timeout: 3000,
url: 'https://codecov.io/bash',
});
return script.body;
} catch (err) {
throw err;
}
});
test('valid checksums', async () => {
const valid = validateUploader(await bashScript());
expect(valid).toBeTruthy();
});
test('invalid checksums', async () => {
const script = await bashScript();
const valid = validateUploader(script.substring(0, script.length - 1));
expect(valid).toBeFalsy();
});
test('invalid script version', async () => {
const script = await bashScript();
const valid = validateUploader(script.substring(0, 20));
expect(valid).toBeFalsy();
});
test('invalid public checksum file', () => {
const checksum = retrieveChecksum('foo', 'bar');
expect(checksum).toBeFalsy();
});
test('invalid public checksum file', () => {
const checksum = retrieveChecksum('foo', 'bar');
expect(checksum).toBeFalsy();
});
test('invalid encryption', () => {
const checksum = retrieveChecksum('1.0.1', 'foo');
expect(checksum).toBeFalsy();
});

61
src/validate.ts
View File

@@ -1,61 +0,0 @@
const crypto = require('crypto');
const core = require('@actions/core');
const validateUploader = (body) => {
const version = getVersion(body);
if (version === null) {
core.warning('Codecov could not identify the bash uploader version.');
return false;
}
for (const i of [1, 256, 512]) {
const publicChecksum = retrieveChecksum(version, i);
const uploaderChecksum = calculateChecksum(body, i);
if (uploaderChecksum !== publicChecksum) {
core.warning(
`Codecov ${version} checksums for SHA${i} failed to match.\n` +
`Public checksum: ${publicChecksum}` +
`Uploader checksum: ${uploaderChecksum}`,
);
return false;
}
}
return true;
};
export const retrieveChecksum = (version, encryption) => {
const checksums = {
'1.0.1': {
'1': '0ddc61a9408418c73b19a1375f63bb460dc947a8',
'256': '89c658e261d5f25533598a222fd96cf17a5fa0eb3772f2defac754d9970b2ec8',
'512': 'd075b412a362a9a2b7aedfec3b8b9a9a927b3b99e98c7c15a2b76ef09862ae' +
'b005e91d76a5fd71b511141496d0fd23d1b42095f722ebcd509d768fba030f159e',
},
'1.0.2': {
'1': '537069158a6f72b145cfe5f782dceb608d9ef594',
'256': 'd6aa3207c4908d123bd8af62ec0538e3f2b9f257c3de62fad4e29cd3b59b41d9',
'512': 'b6492196dd844cd81a688536bb42463d28bd666448335c4a8fc7f8f9b9b9af' +
'c346a467e3401e3fc49e6047442a30d93a4adfaa1590101224a186013c6179c48d',
},
};
if (version in checksums && encryption in checksums[version]) {
return checksums[version][encryption];
}
return null;
};
const calculateChecksum = (body, i) => {
const shasum = crypto.createHash(`sha${i}`);
shasum.update(body);
return `${shasum.digest('hex')}`;
};
const getVersion = (body) => {
const regex = /VERSION="([\d\.]+)"/g;
const match = regex.exec(body);
return match ? match[1] : null;
};
export default validateUploader;