actions
/
toolkit
mirror of https://github.com/actions/toolkit
1
0
Fork 0
Code

use sha256 instead of md5 for artifact v4 integrity hash

pull/1563/head
Rob Herley 2023-10-16 16:20:24 +00:00 committed by GitHub
parent 494f12bcd9
commit 82474125c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/artifact/__tests__/upload-artifact.test.ts
View File

@ -65,7 +65,7 @@ describe('upload-artifact', () => {
Promise.resolve({ Promise.resolve({
isSuccess: true, isSuccess: true,
uploadSize: 1234, uploadSize: 1234,
md5Hash: 'test-md5-hash' sha256Hash: 'test-sha256-hash'
}) })
) )
jest jest
@ -334,7 +334,7 @@ describe('upload-artifact', () => {
Promise.resolve({ Promise.resolve({
isSuccess: true, isSuccess: true,
uploadSize: 1234, uploadSize: 1234,
md5Hash: 'test-md5-hash' sha256Hash: 'test-sha256-hash'
}) })
) )
jest jest

14
packages/artifact/src/internal/upload/blob-upload.ts
View File

@ -18,9 +18,9 @@ export interface BlobUploadResponse {
uploadSize?: number uploadSize?: number
/** /**
* The MD5 hash of the uploaded file. Empty if the upload failed * The SHA256 hash of the uploaded file. Empty if the upload failed
*/ */
md5Hash?: string sha256Hash?: string
} }
export async function uploadZipToBlobStorage( export async function uploadZipToBlobStorage(
@ -48,9 +48,9 @@ export async function uploadZipToBlobStorage(
onProgress: uploadCallback onProgress: uploadCallback
} }
let md5Hash: string | undefined = undefined let sha256Hash: string | undefined = undefined
const uploadStream = new stream.PassThrough() const uploadStream = new stream.PassThrough()
const hashStream = crypto.createHash('md5') const hashStream = crypto.createHash('sha256')
zipUploadStream.pipe(uploadStream) // This stream is used for the upload zipUploadStream.pipe(uploadStream) // This stream is used for the upload
zipUploadStream.pipe(hashStream).setEncoding('hex') // This stream is used to compute a hash of the zip content that gets used. Integrity check zipUploadStream.pipe(hashStream).setEncoding('hex') // This stream is used to compute a hash of the zip content that gets used. Integrity check
@ -68,8 +68,8 @@ export async function uploadZipToBlobStorage(
core.info('Finished uploading artifact content to blob storage!') core.info('Finished uploading artifact content to blob storage!')
hashStream.end() hashStream.end()
md5Hash = hashStream.read() as string sha256Hash = hashStream.read() as string
core.info(`MD5 hash of uploaded artifact zip is ${md5Hash}`) core.info(`SHA256 hash of uploaded artifact zip is ${sha256Hash}`)
} catch (error) { } catch (error) {
core.warning( core.warning(
`Failed to upload artifact zip to blob storage, error: ${error}` `Failed to upload artifact zip to blob storage, error: ${error}`
@ -91,6 +91,6 @@ export async function uploadZipToBlobStorage(
return { return {
isSuccess: true, isSuccess: true,
uploadSize: uploadByteCount, uploadSize: uploadByteCount,
md5Hash sha256Hash
} }
} }

4
packages/artifact/src/internal/upload/upload-artifact.ts
View File

@ -99,9 +99,9 @@ export async function uploadArtifact(
size: uploadResult.uploadSize ? uploadResult.uploadSize.toString() : '0' size: uploadResult.uploadSize ? uploadResult.uploadSize.toString() : '0'
} }
if (uploadResult.md5Hash) { if (uploadResult.sha256Hash) {
finalizeArtifactReq.hash = StringValue.create({ finalizeArtifactReq.hash = StringValue.create({
value: `md5:${uploadResult.md5Hash}` value: `sha256:${uploadResult.sha256Hash}`
}) })
} }