Pull in bash script

2025-12-08 08:06:27 +00:00 · 2021-04-29 17:22:53 -04:00
parent 31d2c8f775
commit 9f471fc6f8
9 changed files with 4115 additions and 53700 deletions
--- a/dist/codecov
+++ b/dist/codecov
--- a/dist/index.js
+++ b/dist/index.js
--- a/hooks/pre-commit
+++ b/hooks/pre-commit
@@ -4,5 +4,5 @@ npm i --package-lock-only
 npm run lint --fix
 npm run build
 git add src/
-git add dist/index.js
+git add dist/
 git add package-lock.json
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "codecov-action",
-  "version": "1.4.1",
+  "version": "1.5.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
@@ -5460,16 +5460,6 @@
        }
      }
    },
    "requestretry": {
      "version": "5.0.0",
      "resolved": "https://registry.npmjs.org/requestretry/-/requestretry-5.0.0.tgz",
      "integrity": "sha512-Rx0ETW0O1K+PAL/w8XVE2yhBCEtEsu6H690qbyCBT9mAHetXaO3BQ5hO5QGGkawTu9jG29ErmfqJZwX+dUy4tw==",
      "requires": {
        "extend": "^3.0.2",
        "lodash": "^4.17.15",
        "when": "^3.7.7"
      }
    },
    "require-directory": {
      "version": "2.1.1",
      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
@@ -6488,11 +6478,6 @@
        "webidl-conversions": "^6.1.0"
      }
    },
    "when": {
      "version": "3.7.8",
      "resolved": "https://registry.npmjs.org/when/-/when-3.7.8.tgz",
      "integrity": "sha1-xxMLan6gRpPoQs3J56Hyqjmjn4I="
    },
    "which": {
      "version": "1.3.1",
      "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "codecov-action",
-  "version": "1.4.1",
+  "version": "1.5.0",
  "description": "Upload coverage reports to Codecov from GitHub Actions",
  "main": "index.js",
  "scripts": {
@@ -32,7 +32,6 @@
    "jest": "^26.6.3",
    "jest-junit": "^12.0.0",
    "request": "^2.88.2",
    "requestretry": "^5.0.0",
    "ts-jest": "^26.5.5",
    "typescript": "^4.2.4",
    "yarn": "^1.22.10"
--- a/src/codecov
+++ b/src/codecov
--- a/src/index.ts
+++ b/src/index.ts
@@ -2,73 +2,45 @@ const core = require('@actions/core');
 const exec = require('@actions/exec');
 const fs = require('fs');
 const request = require('requestretry');
 import buildExec from './buildExec';
-import validateUploader from './validate';
+
 const codecovScript = fs.readFileSync(__dirname + '/codecov');
 let failCi;
 try {
-  request({
+  const {execArgs, options, filepath, failCi} = buildExec();
    json: false,
    maxAttempts: 10,
    timeout: 3000,
    url: 'https://codecov.io/bash',
  }, async (error, response, body) => {
    const {execArgs, options, filepath, failCi} = buildExec();
-    try {
+  fs.writeFile(filepath, codecovScript, (err) => {
-      const isValid = validateUploader(body);
+    if (err && failCi) {
-      if (!isValid) {
+      throw err;
-        const failure = 'Codecov failure: ' +
+    } else if (err) {
-            'Bash script checksums do not match published values. ' +
+      core.warning(`Codecov warning: ${err.message}`);
-            'Please contact security@codecov.io immediately.';
+    }
        core.setFailed(failure);
        throw new Error(failure);
      }
-      if (error && failCi) {
+    exec.exec('bash', execArgs, options)
-        throw error;
+        .catch((err) => {
-      } else if (error) {
+          if (failCi) {
-        core.warning(`Codecov warning: ${error.message}`);
+            core.setFailed(
-      }
+                `Codecov failed with the following error: ${err.message}`,
            );
          } else {
            core.warning(`Codecov warning: ${err.message}`);
          }
        })
        .then(() => {
          unlinkFile();
        });
-      fs.writeFile(filepath, body, (err) => {
+    const unlinkFile = () => {
      fs.unlink(filepath, (err) => {
        if (err && failCi) {
          throw err;
        } else if (err) {
          core.warning(`Codecov warning: ${err.message}`);
        }
        exec.exec('bash', execArgs, options)
            .catch((err) => {
              if (failCi) {
                core.setFailed(
                    `Codecov failed with the following error: ${err.message}`,
                );
              } else {
                core.warning(`Codecov warning: ${err.message}`);
              }
            })
            .then(() => {
              unlinkFile();
            });
        const unlinkFile = () => {
          fs.unlink(filepath, (err) => {
            if (err && failCi) {
              throw err;
            } else if (err) {
              core.warning(`Codecov warning: ${err.message}`);
            }
          });
        };
      });
-    } catch (error) {
+    };
      core.setFailed(
          `Codecov failed with the following error: ${error.message}`,
      );
    }
  });
 } catch (error) {
  if (failCi) {
--- a/src/validate.test.ts
+++ b/src/validate.test.ts
@@ -1,50 +0,0 @@
 import validateUploader, {retrieveChecksum} from './validate';
 const request = require('requestretry');
 const bashScript = (async () => {
  try {
    const script = await request({
      json: false,
      maxAttempts: 10,
      timeout: 3000,
      url: 'https://codecov.io/bash',
    });
    return script.body;
  } catch (err) {
    throw err;
  }
 });
 test('valid checksums', async () => {
  const valid = validateUploader(await bashScript());
  expect(valid).toBeTruthy();
 });
 test('invalid checksums', async () => {
  const script = await bashScript();
  const valid = validateUploader(script.substring(0, script.length - 1));
  expect(valid).toBeFalsy();
 });
 test('invalid script version', async () => {
  const script = await bashScript();
  const valid = validateUploader(script.substring(0, 20));
  expect(valid).toBeFalsy();
 });
 test('invalid public checksum file', () => {
  const checksum = retrieveChecksum('foo', 'bar');
  expect(checksum).toBeFalsy();
 });
 test('invalid public checksum file', () => {
  const checksum = retrieveChecksum('foo', 'bar');
  expect(checksum).toBeFalsy();
 });
 test('invalid encryption', () => {
  const checksum = retrieveChecksum('1.0.1', 'foo');
  expect(checksum).toBeFalsy();
 });
--- a/src/validate.ts
+++ b/src/validate.ts
@@ -1,61 +0,0 @@
 const crypto = require('crypto');
 const core = require('@actions/core');
 const validateUploader = (body) => {
  const version = getVersion(body);
  if (version === null) {
    core.warning('Codecov could not identify the bash uploader version.');
    return false;
  }
  for (const i of [1, 256, 512]) {
    const publicChecksum = retrieveChecksum(version, i);
    const uploaderChecksum = calculateChecksum(body, i);
    if (uploaderChecksum !== publicChecksum) {
      core.warning(
          `Codecov ${version} checksums for SHA${i} failed to match.\n` +
          `Public checksum:   ${publicChecksum}` +
          `Uploader checksum: ${uploaderChecksum}`,
      );
      return false;
    }
  }
  return true;
 };
 export const retrieveChecksum = (version, encryption) => {
  const checksums = {
    '1.0.1': {
      '1': '0ddc61a9408418c73b19a1375f63bb460dc947a8',
      '256': '89c658e261d5f25533598a222fd96cf17a5fa0eb3772f2defac754d9970b2ec8',
      '512': 'd075b412a362a9a2b7aedfec3b8b9a9a927b3b99e98c7c15a2b76ef09862ae' +
        'b005e91d76a5fd71b511141496d0fd23d1b42095f722ebcd509d768fba030f159e',
    },
    '1.0.2': {
      '1': '537069158a6f72b145cfe5f782dceb608d9ef594',
      '256': 'd6aa3207c4908d123bd8af62ec0538e3f2b9f257c3de62fad4e29cd3b59b41d9',
      '512': 'b6492196dd844cd81a688536bb42463d28bd666448335c4a8fc7f8f9b9b9af' +
        'c346a467e3401e3fc49e6047442a30d93a4adfaa1590101224a186013c6179c48d',
    },
  };
  if (version in checksums && encryption in checksums[version]) {
    return checksums[version][encryption];
  }
  return null;
 };
 const calculateChecksum = (body, i) => {
  const shasum = crypto.createHash(`sha${i}`);
  shasum.update(body);
  return `${shasum.digest('hex')}`;
 };
 const getVersion = (body) => {
  const regex = /VERSION="([\d\.]+)"/g;
  const match = regex.exec(body);
  return match ? match[1] : null;
 };
 export default validateUploader;