From 82474125c8fdf6b39266fabe4159e82ef374d855 Mon Sep 17 00:00:00 2001 From: Rob Herley Date: Mon, 16 Oct 2023 16:20:24 +0000 Subject: [PATCH] use sha256 instead of md5 for artifact v4 integrity hash --- .../artifact/__tests__/upload-artifact.test.ts | 4 ++-- .../artifact/src/internal/upload/blob-upload.ts | 14 +++++++------- .../src/internal/upload/upload-artifact.ts | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/packages/artifact/__tests__/upload-artifact.test.ts b/packages/artifact/__tests__/upload-artifact.test.ts index c36a9ad6..955929b1 100644 --- a/packages/artifact/__tests__/upload-artifact.test.ts +++ b/packages/artifact/__tests__/upload-artifact.test.ts @@ -65,7 +65,7 @@ describe('upload-artifact', () => { Promise.resolve({ isSuccess: true, uploadSize: 1234, - md5Hash: 'test-md5-hash' + sha256Hash: 'test-sha256-hash' }) ) jest @@ -334,7 +334,7 @@ describe('upload-artifact', () => { Promise.resolve({ isSuccess: true, uploadSize: 1234, - md5Hash: 'test-md5-hash' + sha256Hash: 'test-sha256-hash' }) ) jest diff --git a/packages/artifact/src/internal/upload/blob-upload.ts b/packages/artifact/src/internal/upload/blob-upload.ts index 42a3fbd5..2bed1f39 100644 --- a/packages/artifact/src/internal/upload/blob-upload.ts +++ b/packages/artifact/src/internal/upload/blob-upload.ts @@ -18,9 +18,9 @@ export interface BlobUploadResponse { uploadSize?: number /** - * The MD5 hash of the uploaded file. Empty if the upload failed + * The SHA256 hash of the uploaded file. Empty if the upload failed */ - md5Hash?: string + sha256Hash?: string } export async function uploadZipToBlobStorage( @@ -48,9 +48,9 @@ export async function uploadZipToBlobStorage( onProgress: uploadCallback } - let md5Hash: string | undefined = undefined + let sha256Hash: string | undefined = undefined const uploadStream = new stream.PassThrough() - const hashStream = crypto.createHash('md5') + const hashStream = crypto.createHash('sha256') zipUploadStream.pipe(uploadStream) // This stream is used for the upload zipUploadStream.pipe(hashStream).setEncoding('hex') // This stream is used to compute a hash of the zip content that gets used. Integrity check @@ -68,8 +68,8 @@ export async function uploadZipToBlobStorage( core.info('Finished uploading artifact content to blob storage!') hashStream.end() - md5Hash = hashStream.read() as string - core.info(`MD5 hash of uploaded artifact zip is ${md5Hash}`) + sha256Hash = hashStream.read() as string + core.info(`SHA256 hash of uploaded artifact zip is ${sha256Hash}`) } catch (error) { core.warning( `Failed to upload artifact zip to blob storage, error: ${error}` @@ -91,6 +91,6 @@ export async function uploadZipToBlobStorage( return { isSuccess: true, uploadSize: uploadByteCount, - md5Hash + sha256Hash } } diff --git a/packages/artifact/src/internal/upload/upload-artifact.ts b/packages/artifact/src/internal/upload/upload-artifact.ts index 4d360d0d..ced05568 100644 --- a/packages/artifact/src/internal/upload/upload-artifact.ts +++ b/packages/artifact/src/internal/upload/upload-artifact.ts @@ -99,9 +99,9 @@ export async function uploadArtifact( size: uploadResult.uploadSize ? uploadResult.uploadSize.toString() : '0' } - if (uploadResult.md5Hash) { + if (uploadResult.sha256Hash) { finalizeArtifactReq.hash = StringValue.create({ - value: `md5:${uploadResult.md5Hash}` + value: `sha256:${uploadResult.sha256Hash}` }) }