mirror of
https://github.com/codecov/codecov-action.git
synced 2025-12-08 16:16:24 +00:00
Compare commits
19 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
0e28ff86a5 | ||
|
|
72182f9425 | ||
|
|
ce1ffb8db7 | ||
|
|
864620acb9 | ||
|
|
6ac8172373 | ||
|
|
5ab0dbc584 | ||
|
|
5e8c27dd4d | ||
|
|
444b352d52 | ||
|
|
83cbbf806b | ||
|
|
040839f579 | ||
|
|
6e56f7a5a6 | ||
|
|
9b0b9bbe2c | ||
|
|
1ee0196081 | ||
|
|
c6a36d2dbb | ||
|
|
aaf0ccb935 | ||
|
|
d9a1bbc2da | ||
|
|
18017b2a95 | ||
|
|
fcebab03f2 | ||
|
|
7ea3ba9ac0 |
46
CHANGELOG.md
46
CHANGELOG.md
@@ -1,43 +1,49 @@
|
||||
### 1.3.0
|
||||
## 1.4.0
|
||||
### Features
|
||||
- #282 Add checksum verification of bash script
|
||||
|
||||
#### Features
|
||||
## 1.3.2
|
||||
### Fixes
|
||||
- #264 Overwrites pr number for pull_request_target events
|
||||
|
||||
## 1.3.1
|
||||
### Fixes
|
||||
- #253 Add `network_filter` to action manifest
|
||||
|
||||
## 1.3.0
|
||||
### Features
|
||||
- #252 Add "network_filter" input
|
||||
|
||||
### 1.2.2
|
||||
|
||||
#### Fixes
|
||||
## 1.2.2
|
||||
### Fixes
|
||||
- #241 pass root_dir using proper bash arg
|
||||
- #244 Overwrite the commit on pull_request* events
|
||||
|
||||
### 1.2.1
|
||||
|
||||
#### Fixes
|
||||
## 1.2.1
|
||||
### Fixes
|
||||
- #196 Add parameters to the action.yml
|
||||
|
||||
### 1.2.0
|
||||
|
||||
#### Features
|
||||
## 1.2.0
|
||||
### Features
|
||||
- #193 Add all the bash params
|
||||
|
||||
#### Fixes
|
||||
### Fixes
|
||||
- #193 Fixes issue with working-directory
|
||||
|
||||
### 1.1.1
|
||||
|
||||
#### Fixes
|
||||
## 1.1.1
|
||||
### Fixes
|
||||
- #184 Add automations ensure proper builds and deployments
|
||||
- #184 Fixes verbose flag
|
||||
|
||||
### 1.1.0
|
||||
|
||||
#### Features
|
||||
## 1.1.0
|
||||
### Features
|
||||
- #110 Add "working-directory:" input
|
||||
- #174 Support Xcode specificed parameters
|
||||
|
||||
#### Fixes
|
||||
### Fixes
|
||||
- #172 File is saved as text
|
||||
|
||||
#### Dependencies and Misc
|
||||
### Dependencies and Misc
|
||||
- #166 Bump requestretry from 4.1.1 to 4.1.2
|
||||
- #169 Bump typescript from 4.0.5 to 4.1.2
|
||||
- #178 Bump @types/jest from 26.0.15 to 26.0.19
|
||||
|
||||
@@ -59,6 +59,9 @@ inputs:
|
||||
name:
|
||||
description: 'User defined upload name. Visible in Codecov UI'
|
||||
required: false
|
||||
network_filter:
|
||||
description: 'Used to restrict the set of git/hg files that can be matched with filenames in the coverage report. This is useful for monorepos or other setups where a full filepath may not be specified in the coverage report, and that shortened filepath may appear multiple times in a directory structure (e.g. __init__.py)'
|
||||
required: false
|
||||
override_branch:
|
||||
description: 'Specify the branch name'
|
||||
required: false
|
||||
|
||||
188
dist/index.js
vendored
188
dist/index.js
vendored
@@ -13152,12 +13152,49 @@ module.exports = {"$id":"log.json#","$schema":"http://json-schema.org/draft-06/s
|
||||
|
||||
"use strict";
|
||||
|
||||
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
||||
return new (P || (P = Promise))(function (resolve, reject) {
|
||||
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
||||
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
||||
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
||||
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
||||
});
|
||||
};
|
||||
var __generator = (this && this.__generator) || function (thisArg, body) {
|
||||
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
||||
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
||||
function verb(n) { return function (v) { return step([n, v]); }; }
|
||||
function step(op) {
|
||||
if (f) throw new TypeError("Generator is already executing.");
|
||||
while (_) try {
|
||||
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
||||
if (y = 0, t) op = [op[0] & 2, t.value];
|
||||
switch (op[0]) {
|
||||
case 0: case 1: t = op; break;
|
||||
case 4: _.label++; return { value: op[1], done: false };
|
||||
case 5: _.label++; y = op[1]; op = [0]; continue;
|
||||
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
||||
default:
|
||||
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
||||
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
||||
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
||||
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
||||
if (t[2]) _.ops.pop();
|
||||
_.trys.pop(); continue;
|
||||
}
|
||||
op = body.call(thisArg, _);
|
||||
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
||||
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
||||
}
|
||||
};
|
||||
exports.__esModule = true;
|
||||
var core = __webpack_require__(470);
|
||||
var exec = __webpack_require__(986);
|
||||
var fs = __webpack_require__(747);
|
||||
var request = __webpack_require__(335);
|
||||
var buildExec_1 = __webpack_require__(983);
|
||||
var validate_1 = __webpack_require__(743);
|
||||
var failCi;
|
||||
try {
|
||||
request({
|
||||
@@ -13165,9 +13202,25 @@ try {
|
||||
maxAttempts: 10,
|
||||
timeout: 3000,
|
||||
url: 'https://codecov.io/bash',
|
||||
}, function (error, response, body) {
|
||||
var _a = buildExec_1["default"](), execArgs = _a.execArgs, options = _a.options, filepath = _a.filepath, failCi = _a.failCi;
|
||||
try {
|
||||
}, function (error, response, body) { return __awaiter(void 0, void 0, void 0, function () {
|
||||
var _a, execArgs, options, filepath, failCi, isValid, failure, error_1;
|
||||
return __generator(this, function (_b) {
|
||||
switch (_b.label) {
|
||||
case 0:
|
||||
_a = buildExec_1["default"](), execArgs = _a.execArgs, options = _a.options, filepath = _a.filepath, failCi = _a.failCi;
|
||||
_b.label = 1;
|
||||
case 1:
|
||||
_b.trys.push([1, 3, , 4]);
|
||||
return [4 /*yield*/, validate_1["default"](body)];
|
||||
case 2:
|
||||
isValid = _b.sent();
|
||||
if (!isValid) {
|
||||
failure = 'Codecov failure: ' +
|
||||
'Bash script checksums do not match published values. ' +
|
||||
'Please contact security@codecov.io immediately.';
|
||||
core.setFailed(failure);
|
||||
throw new Error(failure);
|
||||
}
|
||||
if (error && failCi) {
|
||||
throw error;
|
||||
}
|
||||
@@ -13203,11 +13256,15 @@ try {
|
||||
});
|
||||
};
|
||||
});
|
||||
}
|
||||
catch (error) {
|
||||
core.setFailed("Codecov failed with the following error: " + error.message);
|
||||
return [3 /*break*/, 4];
|
||||
case 3:
|
||||
error_1 = _b.sent();
|
||||
core.setFailed("Codecov failed with the following error: " + error_1.message);
|
||||
return [3 /*break*/, 4];
|
||||
case 4: return [2 /*return*/];
|
||||
}
|
||||
});
|
||||
}); });
|
||||
}
|
||||
catch (error) {
|
||||
if (failCi) {
|
||||
@@ -49116,7 +49173,121 @@ module.exports = function (data, opts) {
|
||||
|
||||
|
||||
/***/ }),
|
||||
/* 743 */,
|
||||
/* 743 */
|
||||
/***/ (function(__unusedmodule, exports, __webpack_require__) {
|
||||
|
||||
"use strict";
|
||||
|
||||
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
||||
return new (P || (P = Promise))(function (resolve, reject) {
|
||||
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
||||
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
||||
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
||||
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
||||
});
|
||||
};
|
||||
var __generator = (this && this.__generator) || function (thisArg, body) {
|
||||
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
||||
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
||||
function verb(n) { return function (v) { return step([n, v]); }; }
|
||||
function step(op) {
|
||||
if (f) throw new TypeError("Generator is already executing.");
|
||||
while (_) try {
|
||||
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
||||
if (y = 0, t) op = [op[0] & 2, t.value];
|
||||
switch (op[0]) {
|
||||
case 0: case 1: t = op; break;
|
||||
case 4: _.label++; return { value: op[1], done: false };
|
||||
case 5: _.label++; y = op[1]; op = [0]; continue;
|
||||
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
||||
default:
|
||||
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
||||
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
||||
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
||||
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
||||
if (t[2]) _.ops.pop();
|
||||
_.trys.pop(); continue;
|
||||
}
|
||||
op = body.call(thisArg, _);
|
||||
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
||||
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
||||
}
|
||||
};
|
||||
exports.__esModule = true;
|
||||
exports.retrieveChecksum = void 0;
|
||||
var crypto = __webpack_require__(417);
|
||||
var core = __webpack_require__(470);
|
||||
var request = __webpack_require__(335);
|
||||
var validateUploader = function (body) { return __awaiter(void 0, void 0, void 0, function () {
|
||||
var version, _i, _a, i, publicChecksum, uploaderChecksum;
|
||||
return __generator(this, function (_b) {
|
||||
switch (_b.label) {
|
||||
case 0:
|
||||
version = getVersion(body);
|
||||
if (version === null) {
|
||||
core.warning('Codecov could not identify the bash uploader version.');
|
||||
return [2 /*return*/, false];
|
||||
}
|
||||
_i = 0, _a = [1, 256, 512];
|
||||
_b.label = 1;
|
||||
case 1:
|
||||
if (!(_i < _a.length)) return [3 /*break*/, 4];
|
||||
i = _a[_i];
|
||||
return [4 /*yield*/, exports.retrieveChecksum(version, i)];
|
||||
case 2:
|
||||
publicChecksum = _b.sent();
|
||||
uploaderChecksum = calculateChecksum(body, i);
|
||||
if (uploaderChecksum !== publicChecksum.trim()) {
|
||||
core.warning("Codecov " + version + " checksums for SHA" + i + " failed to match.\n" +
|
||||
("Public checksum: " + publicChecksum) +
|
||||
("Uploader checksum: " + uploaderChecksum));
|
||||
return [2 /*return*/, false];
|
||||
}
|
||||
_b.label = 3;
|
||||
case 3:
|
||||
_i++;
|
||||
return [3 /*break*/, 1];
|
||||
case 4: return [2 /*return*/, true];
|
||||
}
|
||||
});
|
||||
}); };
|
||||
var retrieveChecksum = function (version, encryption) { return __awaiter(void 0, void 0, void 0, function () {
|
||||
var url, response;
|
||||
return __generator(this, function (_a) {
|
||||
switch (_a.label) {
|
||||
case 0:
|
||||
url = "https://raw.githubusercontent.com/codecov/codecov-bash/" + version + "/SHA" + encryption + "SUM";
|
||||
return [4 /*yield*/, request({
|
||||
maxAttempts: 10,
|
||||
timeout: 3000,
|
||||
url: url,
|
||||
})];
|
||||
case 1:
|
||||
response = _a.sent();
|
||||
if (response.statusCode != 200) {
|
||||
core.warning("Codecov could not retrieve checksum SHA" + encryption + " at " + url);
|
||||
return [2 /*return*/, ''];
|
||||
}
|
||||
return [2 /*return*/, response.body];
|
||||
}
|
||||
});
|
||||
}); };
|
||||
exports.retrieveChecksum = retrieveChecksum;
|
||||
var calculateChecksum = function (body, i) {
|
||||
var shasum = crypto.createHash("sha" + i);
|
||||
shasum.update(body);
|
||||
return shasum.digest('hex') + " codecov";
|
||||
};
|
||||
var getVersion = function (body) {
|
||||
var regex = /VERSION="(.*)+"/g;
|
||||
var match = regex.exec(body);
|
||||
return match ? match[1] : null;
|
||||
};
|
||||
exports["default"] = validateUploader;
|
||||
|
||||
|
||||
/***/ }),
|
||||
/* 744 */
|
||||
/***/ (function(module) {
|
||||
|
||||
@@ -59636,6 +59807,9 @@ var buildExec = function () {
|
||||
if (overridePr) {
|
||||
execArgs.push('-P', "" + overridePr);
|
||||
}
|
||||
else if ("" + context.eventName == 'pull_request_target') {
|
||||
execArgs.push('-P', "" + context.payload.number);
|
||||
}
|
||||
if (overrideTag) {
|
||||
execArgs.push('-T', "" + overrideTag);
|
||||
}
|
||||
|
||||
60
package-lock.json
generated
60
package-lock.json
generated
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "codecov-action",
|
||||
"version": "1.3.0",
|
||||
"version": "1.4.0",
|
||||
"lockfileVersion": 1,
|
||||
"requires": true,
|
||||
"dependencies": {
|
||||
@@ -1284,41 +1284,41 @@
|
||||
}
|
||||
},
|
||||
"@typescript-eslint/parser": {
|
||||
"version": "4.16.1",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.16.1.tgz",
|
||||
"integrity": "sha512-/c0LEZcDL5y8RyI1zLcmZMvJrsR6SM1uetskFkoh3dvqDKVXPsXI+wFB/CbVw7WkEyyTKobC1mUNp/5y6gRvXg==",
|
||||
"version": "4.20.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.20.0.tgz",
|
||||
"integrity": "sha512-m6vDtgL9EABdjMtKVw5rr6DdeMCH3OA1vFb0dAyuZSa3e5yw1YRzlwFnm9knma9Lz6b2GPvoNSa8vOXrqsaglA==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"@typescript-eslint/scope-manager": "4.16.1",
|
||||
"@typescript-eslint/types": "4.16.1",
|
||||
"@typescript-eslint/typescript-estree": "4.16.1",
|
||||
"@typescript-eslint/scope-manager": "4.20.0",
|
||||
"@typescript-eslint/types": "4.20.0",
|
||||
"@typescript-eslint/typescript-estree": "4.20.0",
|
||||
"debug": "^4.1.1"
|
||||
},
|
||||
"dependencies": {
|
||||
"@typescript-eslint/scope-manager": {
|
||||
"version": "4.16.1",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.16.1.tgz",
|
||||
"integrity": "sha512-6IlZv9JaurqV0jkEg923cV49aAn8V6+1H1DRfhRcvZUrptQ+UtSKHb5kwTayzOYTJJ/RsYZdcvhOEKiBLyc0Cw==",
|
||||
"version": "4.20.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.20.0.tgz",
|
||||
"integrity": "sha512-/zm6WR6iclD5HhGpcwl/GOYDTzrTHmvf8LLLkwKqqPKG6+KZt/CfSgPCiybshmck66M2L5fWSF/MKNuCwtKQSQ==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"@typescript-eslint/types": "4.16.1",
|
||||
"@typescript-eslint/visitor-keys": "4.16.1"
|
||||
"@typescript-eslint/types": "4.20.0",
|
||||
"@typescript-eslint/visitor-keys": "4.20.0"
|
||||
}
|
||||
},
|
||||
"@typescript-eslint/types": {
|
||||
"version": "4.16.1",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.16.1.tgz",
|
||||
"integrity": "sha512-nnKqBwMgRlhzmJQF8tnFDZWfunXmJyuXj55xc8Kbfup4PbkzdoDXZvzN8//EiKR27J6vUSU8j4t37yUuYPiLqA==",
|
||||
"version": "4.20.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.20.0.tgz",
|
||||
"integrity": "sha512-cYY+1PIjei1nk49JAPnH1VEnu7OYdWRdJhYI5wiKOUMhLTG1qsx5cQxCUTuwWCmQoyriadz3Ni8HZmGSofeC+w==",
|
||||
"dev": true
|
||||
},
|
||||
"@typescript-eslint/typescript-estree": {
|
||||
"version": "4.16.1",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.16.1.tgz",
|
||||
"integrity": "sha512-m8I/DKHa8YbeHt31T+UGd/l8Kwr0XCTCZL3H4HMvvLCT7HU9V7yYdinTOv1gf/zfqNeDcCgaFH2BMsS8x6NvJg==",
|
||||
"version": "4.20.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.20.0.tgz",
|
||||
"integrity": "sha512-Knpp0reOd4ZsyoEJdW8i/sK3mtZ47Ls7ZHvD8WVABNx5Xnn7KhenMTRGegoyMTx6TiXlOVgMz9r0pDgXTEEIHA==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"@typescript-eslint/types": "4.16.1",
|
||||
"@typescript-eslint/visitor-keys": "4.16.1",
|
||||
"@typescript-eslint/types": "4.20.0",
|
||||
"@typescript-eslint/visitor-keys": "4.20.0",
|
||||
"debug": "^4.1.1",
|
||||
"globby": "^11.0.1",
|
||||
"is-glob": "^4.0.1",
|
||||
@@ -1327,19 +1327,19 @@
|
||||
}
|
||||
},
|
||||
"@typescript-eslint/visitor-keys": {
|
||||
"version": "4.16.1",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.16.1.tgz",
|
||||
"integrity": "sha512-s/aIP1XcMkEqCNcPQtl60ogUYjSM8FU2mq1O7y5cFf3Xcob1z1iXWNB6cC43Op+NGRTFgGolri6s8z/efA9i1w==",
|
||||
"version": "4.20.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.20.0.tgz",
|
||||
"integrity": "sha512-NXKRM3oOVQL8yNFDNCZuieRIwZ5UtjNLYtmMx2PacEAGmbaEYtGgVHUHVyZvU/0rYZcizdrWjDo+WBtRPSgq+A==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"@typescript-eslint/types": "4.16.1",
|
||||
"@typescript-eslint/types": "4.20.0",
|
||||
"eslint-visitor-keys": "^2.0.0"
|
||||
}
|
||||
},
|
||||
"semver": {
|
||||
"version": "7.3.4",
|
||||
"resolved": "https://registry.npmjs.org/semver/-/semver-7.3.4.tgz",
|
||||
"integrity": "sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==",
|
||||
"version": "7.3.5",
|
||||
"resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
|
||||
"integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"lru-cache": "^6.0.0"
|
||||
@@ -6589,9 +6589,9 @@
|
||||
"integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw=="
|
||||
},
|
||||
"y18n": {
|
||||
"version": "4.0.0",
|
||||
"resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz",
|
||||
"integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w=="
|
||||
"version": "4.0.1",
|
||||
"resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
|
||||
"integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ=="
|
||||
},
|
||||
"yallist": {
|
||||
"version": "4.0.0",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "codecov-action",
|
||||
"version": "1.3.0",
|
||||
"version": "1.4.0",
|
||||
"description": "Upload coverage reports to Codecov from GitHub Actions",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
@@ -39,7 +39,7 @@
|
||||
},
|
||||
"devDependencies": {
|
||||
"@typescript-eslint/eslint-plugin": "^4.16.1",
|
||||
"@typescript-eslint/parser": "^4.16.1",
|
||||
"@typescript-eslint/parser": "^4.20.0",
|
||||
"eslint": "^7.21.0",
|
||||
"eslint-config-google": "^0.14.0"
|
||||
}
|
||||
|
||||
@@ -143,6 +143,10 @@ const buildExec = () => {
|
||||
}
|
||||
if (overridePr) {
|
||||
execArgs.push('-P', `${overridePr}`);
|
||||
} else if (
|
||||
`${context.eventName}` == 'pull_request_target'
|
||||
) {
|
||||
execArgs.push('-P', `${context.payload.number}`);
|
||||
}
|
||||
if (overrideTag) {
|
||||
execArgs.push('-T', `${overrideTag}`);
|
||||
|
||||
12
src/index.ts
12
src/index.ts
@@ -5,6 +5,7 @@ const fs = require('fs');
|
||||
const request = require('requestretry');
|
||||
|
||||
import buildExec from './buildExec';
|
||||
import validateUploader from './validate';
|
||||
|
||||
let failCi;
|
||||
try {
|
||||
@@ -13,10 +14,19 @@ try {
|
||||
maxAttempts: 10,
|
||||
timeout: 3000,
|
||||
url: 'https://codecov.io/bash',
|
||||
}, (error, response, body) => {
|
||||
}, async (error, response, body) => {
|
||||
const {execArgs, options, filepath, failCi} = buildExec();
|
||||
|
||||
try {
|
||||
const isValid = await validateUploader(body);
|
||||
if (!isValid) {
|
||||
const failure = 'Codecov failure: ' +
|
||||
'Bash script checksums do not match published values. ' +
|
||||
'Please contact security@codecov.io immediately.';
|
||||
core.setFailed(failure);
|
||||
throw new Error(failure);
|
||||
}
|
||||
|
||||
if (error && failCi) {
|
||||
throw error;
|
||||
} else if (error) {
|
||||
|
||||
39
src/validate.test.ts
Normal file
39
src/validate.test.ts
Normal file
@@ -0,0 +1,39 @@
|
||||
import validateUploader, {retrieveChecksum} from './validate';
|
||||
|
||||
const request = require('requestretry');
|
||||
|
||||
const bashScript = (async () => {
|
||||
try {
|
||||
const script = await request({
|
||||
json: false,
|
||||
maxAttempts: 10,
|
||||
timeout: 3000,
|
||||
url: 'https://codecov.io/bash',
|
||||
});
|
||||
return script.body;
|
||||
} catch (err) {
|
||||
throw err;
|
||||
}
|
||||
});
|
||||
|
||||
test('valid checksums', async () => {
|
||||
const valid = await validateUploader(await bashScript());
|
||||
expect(valid).toBeTruthy();
|
||||
});
|
||||
|
||||
test('invalid checksums', async () => {
|
||||
const script = await bashScript();
|
||||
const valid = await validateUploader(script.substring(0, script.length - 1));
|
||||
expect(valid).toBeFalsy();
|
||||
});
|
||||
|
||||
test('invalid script version', async () => {
|
||||
const script = await bashScript();
|
||||
const valid = await validateUploader(script.substring(0, 20));
|
||||
expect(valid).toBeFalsy();
|
||||
});
|
||||
|
||||
test('invalid public checksum file', async () => {
|
||||
const checksum = await retrieveChecksum('foo', 'bar');
|
||||
expect(checksum).toBeFalsy();
|
||||
});
|
||||
58
src/validate.ts
Normal file
58
src/validate.ts
Normal file
@@ -0,0 +1,58 @@
|
||||
const crypto = require('crypto');
|
||||
|
||||
const core = require('@actions/core');
|
||||
|
||||
const request = require('requestretry');
|
||||
|
||||
const validateUploader = async (body) => {
|
||||
const version = getVersion(body);
|
||||
if (version === null) {
|
||||
core.warning('Codecov could not identify the bash uploader version.');
|
||||
return false;
|
||||
}
|
||||
|
||||
for (const i of [1, 256, 512]) {
|
||||
const publicChecksum = await retrieveChecksum(version, i);
|
||||
const uploaderChecksum = calculateChecksum(body, i);
|
||||
if (uploaderChecksum !== publicChecksum.trim()) {
|
||||
core.warning(
|
||||
`Codecov ${version} checksums for SHA${i} failed to match.\n` +
|
||||
`Public checksum: ${publicChecksum}` +
|
||||
`Uploader checksum: ${uploaderChecksum}`,
|
||||
);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
};
|
||||
|
||||
export const retrieveChecksum = async (version, encryption) => {
|
||||
const url = `https://raw.githubusercontent.com/codecov/codecov-bash/${version}/SHA${encryption}SUM`;
|
||||
const response = await request({
|
||||
maxAttempts: 10,
|
||||
timeout: 3000,
|
||||
url: url,
|
||||
});
|
||||
|
||||
if (response.statusCode != 200) {
|
||||
core.warning(
|
||||
`Codecov could not retrieve checksum SHA${encryption} at ${url}`,
|
||||
);
|
||||
return '';
|
||||
}
|
||||
return response.body;
|
||||
};
|
||||
|
||||
const calculateChecksum = (body, i) => {
|
||||
const shasum = crypto.createHash(`sha${i}`);
|
||||
shasum.update(body);
|
||||
return `${shasum.digest('hex')} codecov`;
|
||||
};
|
||||
|
||||
const getVersion = (body) => {
|
||||
const regex = /VERSION="(.*)+"/g;
|
||||
const match = regex.exec(body);
|
||||
return match ? match[1] : null;
|
||||
};
|
||||
|
||||
export default validateUploader;
|
||||
Reference in New Issue
Block a user