From 7d300c1b43098759eaa52df6c0d9baa8830ab1ee Mon Sep 17 00:00:00 2001 From: Taha Date: Tue, 23 Sep 2025 16:33:49 +0200 Subject: [PATCH 1/7] SIGN-8057 Change action to only talk with the connector --- .../connector-url-builder.ts | 30 +++++++ .../dtos/signing-request-status.ts | 6 ++ .../dtos/signing-request.ts | 9 -- .../helper-input-output.ts | 2 + .../signpath-url-builder.ts | 29 ------ actions/submit-signing-request/task.ts | 89 ++++++++++--------- .../tests/connector-url-builder.test.ts | 32 +++++++ .../tests/helper-artifact-download.test.ts | 3 +- .../submit-signing-request/tests/task.test.ts | 73 +++++++-------- actions/submit-signing-request/version.ts | 2 + 10 files changed, 155 insertions(+), 120 deletions(-) create mode 100644 actions/submit-signing-request/connector-url-builder.ts create mode 100644 actions/submit-signing-request/dtos/signing-request-status.ts delete mode 100644 actions/submit-signing-request/dtos/signing-request.ts delete mode 100644 actions/submit-signing-request/signpath-url-builder.ts create mode 100644 actions/submit-signing-request/tests/connector-url-builder.test.ts diff --git a/actions/submit-signing-request/connector-url-builder.ts b/actions/submit-signing-request/connector-url-builder.ts new file mode 100644 index 0000000..83ddf85 --- /dev/null +++ b/actions/submit-signing-request/connector-url-builder.ts @@ -0,0 +1,30 @@ +// TODO: write tests + +export class ConnectorUrlBuilder { + private readonly apiVersion: string = "1.0"; + private readonly baseSigningRequestsRoute: string; + + constructor(private readonly connectorBaseUrl: string, private readonly organizationId: string) { + this.connectorBaseUrl = this.trimSlash(this.connectorBaseUrl); + this.baseSigningRequestsRoute = `${this.connectorBaseUrl}/${encodeURIComponent(this.organizationId)}/SigningRequests` + } + + public buildSubmitSigningRequestUrl(): string { + return `${this.baseSigningRequestsRoute}?api-version=${this.apiVersion}` + } + + public buildGetSigningRequestStatusUrl(signingRequestId: string): string { + return `${this.baseSigningRequestsRoute}/${encodeURIComponent(signingRequestId)}/Status?api-version=${this.apiVersion}` + } + + public buildGetSignedArtifactUrl(signingRequestId: string): string { + return `${this.baseSigningRequestsRoute}/${encodeURIComponent(signingRequestId)}/SignedArtifact?api-version=${this.apiVersion}` + } + + private trimSlash(text: string): string { + if (text && text[text.length - 1] === '/') { + return text.substring(0, text.length - 1); + } + return text; + } +} \ No newline at end of file diff --git a/actions/submit-signing-request/dtos/signing-request-status.ts b/actions/submit-signing-request/dtos/signing-request-status.ts new file mode 100644 index 0000000..0f53820 --- /dev/null +++ b/actions/submit-signing-request/dtos/signing-request-status.ts @@ -0,0 +1,6 @@ +export interface SigningRequestStatusDto { + status: string; + isFinalStatus: boolean; + webLink: string; + hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval: boolean; +} diff --git a/actions/submit-signing-request/dtos/signing-request.ts b/actions/submit-signing-request/dtos/signing-request.ts deleted file mode 100644 index 4d384e9..0000000 --- a/actions/submit-signing-request/dtos/signing-request.ts +++ /dev/null @@ -1,9 +0,0 @@ -export interface SigningRequestDto -{ - status: string; - workflowStatus: string; - signedArtifactLink: string; - projectSlug: string; - isFinalStatus: boolean; - unsignedArtifactLink: string; -} diff --git a/actions/submit-signing-request/helper-input-output.ts b/actions/submit-signing-request/helper-input-output.ts index 55f81f2..d835ba9 100644 --- a/actions/submit-signing-request/helper-input-output.ts +++ b/actions/submit-signing-request/helper-input-output.ts @@ -60,6 +60,7 @@ export class HelperInputOutput { return getInputNumber('service-unavailable-timeout-in-seconds', { required: true }); } + // TODO: change to connector right? setSignedArtifactDownloadUrl(url: string):void { core.setOutput('signed-artifact-download-url', url); } @@ -72,6 +73,7 @@ export class HelperInputOutput { core.setOutput('signing-request-web-url', signingRequestUrl); } + // TODO: drop? setSignPathApiUrl(signingRequestUrl: string): void { core.setOutput('signpath-api-url', signingRequestUrl); } diff --git a/actions/submit-signing-request/signpath-url-builder.ts b/actions/submit-signing-request/signpath-url-builder.ts deleted file mode 100644 index d20feea..0000000 --- a/actions/submit-signing-request/signpath-url-builder.ts +++ /dev/null @@ -1,29 +0,0 @@ -export class SignPathUrlBuilder { - - public signPathBaseUrl: string = 'https://signpath.io'; - - constructor( - private signPathGitHubConnectorBaseUrl: string) { - this.signPathGitHubConnectorBaseUrl = this.trimSlash(this.signPathGitHubConnectorBaseUrl); - } - - buildSubmitSigningRequestUrl(): string { - return this.signPathGitHubConnectorBaseUrl + '/api/sign?api-version=1.0'; - } - - buildGetSigningRequestUrl(organizationId: string, signingRequestId: string): string { - if (!this.signPathBaseUrl) { - throw new Error('SignPath Base Url is not set'); - } - - return this.signPathBaseUrl + `/API/v1/${encodeURIComponent(organizationId)}/SigningRequests/${encodeURIComponent(signingRequestId)}`; - } - - private trimSlash(text: string): string { - if(text && text[text.length - 1] === '/') { - return text.substring(0, text.length - 1); - } - return text; - } - -} \ No newline at end of file diff --git a/actions/submit-signing-request/task.ts b/actions/submit-signing-request/task.ts index c7362bd..439cb12 100644 --- a/actions/submit-signing-request/task.ts +++ b/actions/submit-signing-request/task.ts @@ -2,16 +2,15 @@ import axios, { AxiosError, AxiosResponse } from 'axios'; import axiosRetry from 'axios-retry'; import * as core from '@actions/core'; import * as moment from 'moment'; -import url from 'url'; import { LogEntry, LogLevelDebug, LogLevelError, LogLevelInformation, LogLevelWarning, SubmitSigningRequestResult, ValidationResult } from './dtos/submit-signing-request-result'; import { buildSignPathAuthorizationHeader, executeWithRetries, httpErrorResponseToText } from './utils'; -import { SignPathUrlBuilder } from './signpath-url-builder'; -import { SigningRequestDto } from './dtos/signing-request'; +import { ConnectorUrlBuilder } from './connector-url-builder'; import { HelperInputOutput } from './helper-input-output'; import { taskVersion } from './version'; import { HelperArtifactDownload } from './helper-artifact-download'; import { Config } from './config'; +import { SigningRequestStatusDto } from './dtos/signing-request-status'; // output variables // signingRequestId - the id of the newly created signing request @@ -20,13 +19,14 @@ import { Config } from './config'; // signingRequestDownloadUrl - the url of the signed artifact in SignPath export class Task { - urlBuilder: SignPathUrlBuilder; + urlBuilder: ConnectorUrlBuilder; - constructor ( + constructor( private helperInputOutput: HelperInputOutput, private helperArtifactDownload: HelperArtifactDownload, - private config: Config) { - this.urlBuilder = new SignPathUrlBuilder(this.helperInputOutput.signPathConnectorUrl); + private config: Config + ) { + this.urlBuilder = new ConnectorUrlBuilder(this.helperInputOutput.signPathConnectorUrl, this.helperInputOutput.organizationId); } async run() { @@ -37,11 +37,10 @@ export class Task { const signingRequestId = await this.submitSigningRequest(); if (this.helperInputOutput.waitForCompletion) { - const signingRequest = await this.ensureSigningRequestCompleted(signingRequestId); - this.helperInputOutput.setSignedArtifactDownloadUrl(signingRequest.signedArtifactLink); + await this.ensureSigningRequestCompleted(signingRequestId); - if(this.helperInputOutput.outputArtifactDirectory) { - await this.helperArtifactDownload.downloadSignedArtifact(signingRequest.signedArtifactLink); + if (this.helperInputOutput.outputArtifactDirectory) { + await this.helperArtifactDownload.downloadSignedArtifact(this.urlBuilder.buildGetSignedArtifactUrl(signingRequestId)); } } else { @@ -53,7 +52,7 @@ export class Task { } } - private async submitSigningRequest (): Promise { + private async submitSigningRequest(): Promise { core.info('Submitting the signing request to SignPath CI connector...'); @@ -63,15 +62,20 @@ export class Task { // call the signPath API to submit the signing request const response = (await axios .post(this.urlBuilder.buildSubmitSigningRequestUrl(), - submitRequestPayload, - { responseType: "json" }) + submitRequestPayload, + { + responseType: "json", + headers: { + "Authorization": buildSignPathAuthorizationHeader(this.helperInputOutput.signPathApiToken) + } + }) .catch((e: AxiosError) => { - if(e.code === AxiosError.ERR_BAD_REQUEST) { + if (e.code === AxiosError.ERR_BAD_REQUEST) { const connectorResponse = e.response as AxiosResponse; - if(connectorResponse.data.error) { + if (connectorResponse.data.error) { this.redirectConnectorLogsToActionLogs(connectorResponse.data.logs); // when an error occurs in the validator the error details are in the validationResult this.checkCiSystemValidationResult(connectorResponse.data.validationResult); @@ -91,16 +95,15 @@ export class Task { this.redirectConnectorLogsToActionLogs(response.logs); this.checkCiSystemValidationResult(response.validationResult); - const signingRequestUrlObj = url.parse(response.signingRequestUrl); - this.urlBuilder.signPathBaseUrl = signingRequestUrlObj.protocol + '//' + signingRequestUrlObj.host; - core.info(`SignPath signing request has been successfully submitted`); core.info(`The signing request id is ${response.signingRequestId}`); core.info(`You can view the signing request here: ${response.signingRequestUrl}`); this.helperInputOutput.setSigningRequestId(response.signingRequestId); this.helperInputOutput.setSigningRequestWebUrl(response.signingRequestUrl); - this.helperInputOutput.setSignPathApiUrl(this.urlBuilder.signPathBaseUrl + '/API'); + + // TODO: think what to set as output + // this.helperInputOutput.setSignPathApiUrl(this.urlBuilder.signPathBaseUrl + '/API'); return response.signingRequestId; } @@ -115,8 +118,7 @@ export class Task { validationResult.errors.forEach(validationError => { core.error(`${validationError.error}`); - if (validationError.howToFix) - { + if (validationError.howToFix) { core.info(validationError.howToFix); } }); @@ -127,16 +129,17 @@ export class Task { } } + // TODO: what the heck // if auto-generated GitHub Actions token (secrets.GITHUB_TOKEN) is used for artifact download, // ensure the workflow continues running until the download is complete. // The token is valid only for the workflow's duration private async ensureSignPathDownloadedUnsignedArtifact(signingRequestId: string): Promise { core.info(`Waiting until SignPath downloaded the unsigned artifact...`); - const requestData = await (executeWithRetries( + const requestData = await (executeWithRetries( async () => { - const signingRequestDto = await (this.getSigningRequest(signingRequestId) + const signingRequestDto = await (this.getSigningRequestStatus(signingRequestId) .then(data => { - if(!data.unsignedArtifactLink && !data.isFinalStatus) { + if (!data.hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval && !data.isFinalStatus) { core.info(`Checking the download status: not yet complete`); // retry artifact download status check return { retry: true }; @@ -149,9 +152,9 @@ export class Task { this.config.CheckArtifactDownloadStatusIntervalInSeconds * 1000, this.config.CheckArtifactDownloadStatusIntervalInSeconds * 1000)); - if (!requestData.unsignedArtifactLink) { + if (!requestData.hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval) { - if(!requestData.isFinalStatus) { + if (!requestData.isFinalStatus) { const maxWaitingTime = moment.utc(this.helperInputOutput.waitForCompletionTimeoutInSeconds * 1000).format("hh:mm"); core.error(`We have exceeded the maximum waiting time, which is ${maxWaitingTime}, and the GitHub artifact is still not downloaded by SignPath`); } else { @@ -166,21 +169,21 @@ export class Task { // artifact already downloaded by SignPath } - private async ensureSigningRequestCompleted(signingRequestId: string): Promise { + private async ensureSigningRequestCompleted(signingRequestId: string): Promise { // check for status update core.info(`Checking the signing request status...`); - const requestData = await (executeWithRetries( + const requestData = await (executeWithRetries( async () => { - const signingRequestDto = await (this.getSigningRequest(signingRequestId) + const signingRequestStatusDto = await (this.getSigningRequestStatus(signingRequestId) .then(data => { - if(data && !data.isFinalStatus) { + if (data && !data.isFinalStatus) { core.info(`The signing request status is ${data.status}, which is not a final status; after a delay, we will check again...`); return { retry: true }; } return { retry: false, result: data }; })); - return signingRequestDto; + return signingRequestStatusDto; }, this.helperInputOutput.waitForCompletionTimeoutInSeconds * 1000, this.config.MinDelayBetweenSigningRequestStatusChecksInSeconds * 1000, @@ -200,12 +203,11 @@ export class Task { return requestData; } - private async getSigningRequest(signingRequestId: string): Promise { - const requestStatusUrl = this.urlBuilder.buildGetSigningRequestUrl( - this.helperInputOutput.organizationId, signingRequestId); + private async getSigningRequestStatus(signingRequestId: string): Promise { + const requestStatusUrl = this.urlBuilder.buildGetSigningRequestStatusUrl(signingRequestId); - const signingRequestDto = await axios - .get( + const signingRequestStatusDto = await axios + .get( requestStatusUrl, { responseType: "json", @@ -220,7 +222,8 @@ export class Task { throw new Error(httpErrorResponseToText(e)); }) .then(response => response.data); - return signingRequestDto; + + return signingRequestStatusDto; } private configureAxios(): void { @@ -249,22 +252,22 @@ export class Task { axiosRetry.isRetryableError = (error: AxiosError) => { let retryableHttpErrorCode = false; - if(error.response) { - if(error.response.status === 502 + if (error.response) { + if (error.response.status === 502 || error.response.status === 503 || error.response.status === 504) { retryableHttpErrorCode = true; core.info(`SignPath REST API is temporarily unavailable (server responded with ${error.response.status}).`); } - if(error.response.status === 429) { + if (error.response.status === 429) { retryableHttpErrorCode = true; core.info('SignPath REST API encountered too many requests.'); } } return (error.code !== 'ECONNABORTED' && - (!error.response || retryableHttpErrorCode)); + (!error.response || retryableHttpErrorCode)); } // set retries @@ -325,12 +328,10 @@ export class Task { private buildSigningRequestPayload(): any { return { - signPathApiToken: this.helperInputOutput.signPathApiToken, artifactId: this.helperInputOutput.githubArtifactId, gitHubWorkflowRunId: process.env.GITHUB_RUN_ID, gitHubRepository: process.env.GITHUB_REPOSITORY, gitHubToken: this.helperInputOutput.gitHubToken, - signPathOrganizationId: this.helperInputOutput.organizationId, signPathProjectSlug: this.helperInputOutput.projectSlug, signPathSigningPolicySlug: this.helperInputOutput.signingPolicySlug, signPathArtifactConfigurationSlug: this.helperInputOutput.artifactConfigurationSlug, diff --git a/actions/submit-signing-request/tests/connector-url-builder.test.ts b/actions/submit-signing-request/tests/connector-url-builder.test.ts new file mode 100644 index 0000000..1c38d20 --- /dev/null +++ b/actions/submit-signing-request/tests/connector-url-builder.test.ts @@ -0,0 +1,32 @@ +import * as uuid from 'uuid'; +import { assert } from "chai"; +import { ConnectorUrlBuilder } from '../connector-url-builder'; + +const connectorUrl = "https://connector.com"; +const apiVersion = "1.0" +const orgId = uuid.v4(); + +const sut = new ConnectorUrlBuilder(connectorUrl, orgId); + +it("Should build submit signing request url correctly", () => { + const expected = `${connectorUrl}/${orgId}/SigningRequests?api-version=${apiVersion}` + const actual = sut.buildSubmitSigningRequestUrl(); + + assert.equal(actual, expected) +}) + +it("Should build get signing request status url correctly", () => { + const srId = uuid.v4(); + const expected = `${connectorUrl}/${orgId}/SigningRequests/${srId}/Status?api-version=${apiVersion}` + const actual = sut.buildGetSigningRequestStatusUrl(srId); + + assert.equal(actual, expected) +}) + +it("Should build get signed artifact url correctly", () => { + const srId = uuid.v4(); + const expected = `${connectorUrl}/${orgId}/SigningRequests/${srId}/SignedArtifact?api-version=${apiVersion}` + const actual = sut.buildGetSignedArtifactUrl(srId); + + assert.equal(actual, expected) +}) \ No newline at end of file diff --git a/actions/submit-signing-request/tests/helper-artifact-download.test.ts b/actions/submit-signing-request/tests/helper-artifact-download.test.ts index a973255..280b31e 100644 --- a/actions/submit-signing-request/tests/helper-artifact-download.test.ts +++ b/actions/submit-signing-request/tests/helper-artifact-download.test.ts @@ -1,7 +1,6 @@ -import { assert, expect } from "chai"; +import { assert } from "chai"; import { HelperArtifactDownload } from "../helper-artifact-download" import * as path from 'path'; -import * as os from 'os'; import * as uuid from 'uuid'; import * as fs from 'fs' import { HelperInputOutput } from "../helper-input-output"; diff --git a/actions/submit-signing-request/tests/task.test.ts b/actions/submit-signing-request/tests/task.test.ts index eb2b977..ee943e9 100644 --- a/actions/submit-signing-request/tests/task.test.ts +++ b/actions/submit-signing-request/tests/task.test.ts @@ -8,16 +8,12 @@ import * as core from '@actions/core'; import { HelperInputOutput } from '../helper-input-output'; import { HelperArtifactDownload } from '../helper-artifact-download'; import axiosRetry from 'axios-retry'; -import { Config } from '../config'; -import { log } from 'console'; +import { SigningRequestStatusDto } from '../dtos/signing-request-status'; const testSignPathApiToken = 'TEST_TOKEN'; const testSigningRequestId = 'TEST_ID'; const testConnectorUrl = 'https://domain'; -const testSignPathUrl = 'https://signpath'; -const testSigningRequestUrl = testSignPathUrl + '/api/SigningRequests'; -const testSignedArtifactLink = testConnectorUrl + '/api/artifactlink'; -const testUnsignedArtifactLink = testConnectorUrl + '/api/unsignedartifactlink'; +const testSigningRequestUrl = testConnectorUrl + '/SigningRequests'; const testGitHubArtifactId = 'TEST_ARTIFACT_ID'; const testArtifactConfigurationSlug = 'TEST_ARTIFACT_CONFIGURATION_SLUG'; const testOrganizationId = 'TEST_ORGANIZATION_ID'; @@ -26,6 +22,8 @@ const testSigningPolicySlug = 'TEST_POLICY_SLUG'; const testGitHubToken = 'TEST_GITHUB_TOKEN'; const testConnectorLogMessage = 'TEST_CONNECTOR_LOG_MESSAGE'; +const submitSigningRequestRouteTemplate = new RegExp(`\/${testOrganizationId}\/SigningRequests.*`) + const defaultTestInputMap = { 'wait-for-completion': 'true', 'connector-url': testConnectorUrl, @@ -54,21 +52,25 @@ let setOutputStub: sinon.SinonStub; let getInputStub: sinon.SinonStub; beforeEach(() => { - const submitSigningRequestResponse = { signingRequestUrl: testSigningRequestUrl, signingRequestId: testSigningRequestId, isFinalStatus: true, status: 'Completed', - unsignedArtifactLink: testUnsignedArtifactLink, - signedArtifactLink: testSignedArtifactLink, + unsignedArtifactLink: "unused", + signedArtifactLink: "unused", logs: [ { message: testConnectorLogMessage, level: 'Information' } ] }; - const getSigningRequestResponse = submitSigningRequestResponse; + const getSigningRequestStatusResponse : SigningRequestStatusDto = { + status: submitSigningRequestResponse.status, + hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval: true, + isFinalStatus: true, + webLink: testSigningRequestUrl + } axiosPostStub = sandbox.stub(axios, 'post').resolves({ data: submitSigningRequestResponse }); - axiosGetStub = sandbox.stub(axios, 'get').resolves({ data: getSigningRequestResponse }); + axiosGetStub = sandbox.stub(axios, 'get').resolves({ data: getSigningRequestStatusResponse }); setOutputStub = sandbox.stub(core, 'setOutput'); // set input stubs to return default values @@ -113,7 +115,6 @@ it('test that the task fails if the signing request has "Failed" as a final stat const failedStatusSigningRequestResponse = { status: 'TEST_FAILED', isFinalStatus: true, - unsignedArtifactLink: testUnsignedArtifactLink // to go through the unsigned artifact downloading loop }; axiosGetStub.restore(); // we don't need default stub behavior in this test sandbox.stub(axios, 'get').resolves({ data: failedStatusSigningRequestResponse }); @@ -161,8 +162,12 @@ it('test that the output variables are set correctly', async () => { await task.run(); assert.equal(setOutputStub.calledWith('signing-request-id', testSigningRequestId), true); assert.equal(setOutputStub.calledWith('signing-request-web-url', testSigningRequestUrl), true); - assert.equal(setOutputStub.calledWith('signpath-api-url', testSignPathUrl + '/API'), true); - assert.equal(setOutputStub.calledWith('signed-artifact-download-url', testSignedArtifactLink), true); + + // TODO: drop? + // assert.equal(setOutputStub.calledWith('signpath-api-url', testSignPathUrl + '/API'), true); + + // TODO: + //assert.equal(setOutputStub.calledWith('signed-artifact-download-url', testSignedArtifactLink), true); }); it('connector logs logged to the build log', async () => { @@ -187,9 +192,7 @@ it('test if input variables are passed through', async () => { assert.equal(axiosPostStub.calledWith( sinon.match.any, sinon.match((value:any) => { - return value.signPathApiToken === testSignPathApiToken - && value.signPathOrganizationId === testOrganizationId - && value.artifactId === testGitHubArtifactId + return value.artifactId === testGitHubArtifactId && value.signPathProjectSlug === testProjectSlug && value.signPathSigningPolicySlug === testSigningPolicySlug && value.gitHubToken === testGitHubToken @@ -214,14 +217,13 @@ it('task fails if the submit request connector fails', async () => { assert.equal(setFailedStub.calledOnce, true); }); - it('if submit signing request fails with 429,502,503,504 the task retries', async () => { // use real *POST* axios for this test, because retries are implemented in axios axiosPostStub.restore(); const retryTestId = 'RETRY_TEST_ID'; const addErrorResponse = (httpCode: number) => { - nock(testConnectorUrl).post(/\/api\/sign.*/).once().reply(httpCode, 'Server Error'); + nock(testConnectorUrl).post(submitSigningRequestRouteTemplate).once().reply(httpCode, 'Server Error'); } addErrorResponse(429); @@ -230,7 +232,7 @@ it('if submit signing request fails with 429,502,503,504 the task retries', asyn addErrorResponse(504); nock(testConnectorUrl) - .post(/\/api\/sign.*/) + .post(submitSigningRequestRouteTemplate) .reply(200, { signingRequestUrl: testSigningRequestUrl, signingRequestId: retryTestId @@ -249,17 +251,16 @@ it('no retries for http code 500', async () => { // use real *POST* axios for this test, because retries are implemented in axios axiosPostStub.restore(); - nock(testConnectorUrl).post(/\/api\/sign.*/).reply(500, 'Server Error'); - + nock(testConnectorUrl).post(submitSigningRequestRouteTemplate).reply(500, 'Server Error'); const setFailedStub = sandbox.stub(core, 'setFailed'); await task.run(); assert.equal(setFailedStub.calledOnce, true); }); -it('task waits for artifact being downloaded before completing', async () => { +it('task waits for unsigned artifact being downloaded by SignPath before completing', async () => { - // use non stubbed axius, define responses sequence suing nock + // use non stubbed axios, define responses sequence suing nock axiosGetStub.restore(); // non-default input map, with 'wait-for-completion' set to 'false' @@ -270,25 +271,25 @@ it('task waits for artifact being downloaded before completing', async () => { return input[paramName as keyof typeof input] || 'test'; }); - const addGetRequestDataResponse = (link: string | null) => { - return nock(testSignPathUrl).get(uri => uri.includes('SigningRequests')).once().reply(200, { - unsignedArtifactLink: link + const addGetRequestDataResponse = (hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval: boolean) => { + return nock(testConnectorUrl).get(uri => uri.includes('SigningRequests')).once().reply(200, { + hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval: hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval }); } const nockScopes = []; // artifact is not downloaded for the first 4 calls - nockScopes.push(addGetRequestDataResponse(null)); - nockScopes.push(addGetRequestDataResponse(null)); - nockScopes.push(addGetRequestDataResponse(null)); - nockScopes.push(addGetRequestDataResponse(null)); + nockScopes.push(addGetRequestDataResponse(false)); + nockScopes.push(addGetRequestDataResponse(false)); + nockScopes.push(addGetRequestDataResponse(false)); + nockScopes.push(addGetRequestDataResponse(false)); // artifact is downloaded when the 5th call happens - nockScopes.push(addGetRequestDataResponse(testUnsignedArtifactLink)); + nockScopes.push(addGetRequestDataResponse(true)); // this request should not happen // because it should stop checking after the previous request - const notDoneScope = addGetRequestDataResponse(null); + const notDoneScope = addGetRequestDataResponse(false); const setFailedStub = sandbox.stub(core, 'setFailed'); await task.run(); @@ -302,7 +303,7 @@ it('task waits for artifact being downloaded before completing', async () => { it('if the signing request status is final, the task stops checking for artifact download status and reports an error', async () => { - // use non stubbed axius, define responses sequence suing nock + // use non stubbed axios, define responses sequence using nock axiosGetStub.restore(); // non-default input map, with 'wait-for-completion' set to 'false' @@ -315,8 +316,8 @@ it('if the signing request status is final, the task stops checking for artifact // signing request status is final and artifact is not downloaded // something went wrong, the sining request cannot be completed - nock(testSignPathUrl).get(uri => uri.includes('SigningRequests')).once().reply(200, { - unsignedArtifactLink: null, + nock(testConnectorUrl).get(uri => uri.includes('SigningRequests')).once().reply(200, { + hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval: false, isFinalStatus: true }); diff --git a/actions/submit-signing-request/version.ts b/actions/submit-signing-request/version.ts index 314f1ec..ace57f4 100644 --- a/actions/submit-signing-request/version.ts +++ b/actions/submit-signing-request/version.ts @@ -1,2 +1,4 @@ +// TODO: this does not correspond with actual version! + const taskVersion = '1.1'; export { taskVersion }; From 71e5ad27fedaec61ccd31f9815a8a570f408361c Mon Sep 17 00:00:00 2001 From: Taha Date: Tue, 23 Sep 2025 16:37:39 +0200 Subject: [PATCH 2/7] SIGN-8057 Fix build --- .../submit-signing-request/tests/task.test.ts | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/actions/submit-signing-request/tests/task.test.ts b/actions/submit-signing-request/tests/task.test.ts index ee943e9..5824c90 100644 --- a/actions/submit-signing-request/tests/task.test.ts +++ b/actions/submit-signing-request/tests/task.test.ts @@ -59,10 +59,10 @@ beforeEach(() => { status: 'Completed', unsignedArtifactLink: "unused", signedArtifactLink: "unused", - logs: [ { message: testConnectorLogMessage, level: 'Information' } ] + logs: [{ message: testConnectorLogMessage, level: 'Information' }] }; - const getSigningRequestStatusResponse : SigningRequestStatusDto = { + const getSigningRequestStatusResponse: SigningRequestStatusDto = { status: submitSigningRequestResponse.status, hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval: true, isFinalStatus: true, @@ -107,9 +107,9 @@ it('test that the task fails if the signing request submit fails', async () => { it('test that the task fails if the signing request has "Failed" as a final status', async () => { const setFailedStub = sandbox.stub(core, 'setFailed') - .withArgs(sinon.match((value:any) => { + .withArgs(sinon.match((value: any) => { return value.includes('TEST_FAILED') - && value.includes('The signing request is not completed.'); + && value.includes('The signing request is not completed.'); })); const failedStatusSigningRequestResponse = { @@ -121,7 +121,7 @@ it('test that the task fails if the signing request has "Failed" as a final stat await task.run(); assert.equal(setFailedStub.calledOnce, true, 'setFailed should be called once'); - }); +}); it('test that the signing request was not submitted due to validation errors', async () => { const submitSigningRequestValidationErrorResponse = { @@ -138,17 +138,17 @@ it('test that the signing request was not submitted due to validation errors', a sandbox.stub(axios, 'post').resolves({ data: submitSigningRequestValidationErrorResponse }); // check that task was marked as failed, because of validation errors const setFailedStub = sandbox.stub(core, 'setFailed') - .withArgs(sinon.match((value:any) => { + .withArgs(sinon.match((value: any) => { return value.includes('CI system validation failed'); })); // check that error message was logged const errorLogStub = sandbox.stub(core, 'error') - .withArgs(sinon.match((value:any) => { + .withArgs(sinon.match((value: any) => { return value.includes('TEST_ERROR'); })); // check that howToFix message was logged const coreInfoStub = sandbox.stub(core, 'info') - .withArgs(sinon.match((value:any) => { + .withArgs(sinon.match((value: any) => { return value.includes('TEST_FIX'); })); @@ -160,19 +160,19 @@ it('test that the signing request was not submitted due to validation errors', a it('test that the output variables are set correctly', async () => { await task.run(); - assert.equal(setOutputStub.calledWith('signing-request-id', testSigningRequestId), true); + assert.equal(setOutputStub.calledWith('signing-request-id', testSigningRequestId), true); assert.equal(setOutputStub.calledWith('signing-request-web-url', testSigningRequestUrl), true); - + // TODO: drop? // assert.equal(setOutputStub.calledWith('signpath-api-url', testSignPathUrl + '/API'), true); // TODO: - //assert.equal(setOutputStub.calledWith('signed-artifact-download-url', testSignedArtifactLink), true); + // assert.equal(setOutputStub.calledWith('signed-artifact-download-url', testSignedArtifactLink), true); }); it('connector logs logged to the build log', async () => { const coreInfoStub = sandbox.stub(core, 'info') - .withArgs(sinon.match((value:any) => { + .withArgs(sinon.match((value: any) => { return value.includes(testConnectorLogMessage); })); await task.run(); @@ -182,7 +182,7 @@ it('connector logs logged to the build log', async () => { it('test that the connectors url has api version', async () => { await task.run(); assert.equal(axiosPostStub.calledWith( - sinon.match((value:any) => { + sinon.match((value: any) => { return value.indexOf('api-version') !== -1; })), true); }); @@ -191,7 +191,7 @@ it('test if input variables are passed through', async () => { await task.run(); assert.equal(axiosPostStub.calledWith( sinon.match.any, - sinon.match((value:any) => { + sinon.match((value: any) => { return value.artifactId === testGitHubArtifactId && value.signPathProjectSlug === testProjectSlug && value.signPathSigningPolicySlug === testSigningPolicySlug @@ -210,7 +210,7 @@ it('task fails if the submit request connector fails', async () => { throw { response: { data: httpCallError } }; }); const setFailedStub = sandbox.stub(core, 'setFailed') - .withArgs(sinon.match((value:string) => { + .withArgs(sinon.match((value: string) => { return value.indexOf(httpCallError) !== -1; })); await task.run(); @@ -244,7 +244,7 @@ it('if submit signing request fails with 429,502,503,504 the task retries', asyn await task.run(); // signing request id should be set in the output - assert.equal(setOutputStub.calledWith('signing-request-id', retryTestId), true); + assert.equal(setOutputStub.calledWith('signing-request-id', retryTestId), true); }); it('no retries for http code 500', async () => { @@ -265,7 +265,7 @@ it('task waits for unsigned artifact being downloaded by SignPath before complet // non-default input map, with 'wait-for-completion' set to 'false' getInputStub.restore(); - const input = Object.assign({ }, defaultTestInputMap); + const input = Object.assign({}, defaultTestInputMap); input['wait-for-completion'] = 'false'; getInputStub = sandbox.stub(core, 'getInput').callsFake((paramName) => { return input[paramName as keyof typeof input] || 'test'; @@ -273,7 +273,7 @@ it('task waits for unsigned artifact being downloaded by SignPath before complet const addGetRequestDataResponse = (hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval: boolean) => { return nock(testConnectorUrl).get(uri => uri.includes('SigningRequests')).once().reply(200, { - hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval: hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval + hasArtifactBeenDownloadedBySignPathInCaseOfArtifactRetrieval }); } @@ -308,7 +308,7 @@ it('if the signing request status is final, the task stops checking for artifact // non-default input map, with 'wait-for-completion' set to 'false' getInputStub.restore(); - const input = Object.assign({ }, defaultTestInputMap); + const input = Object.assign({}, defaultTestInputMap); input['wait-for-completion'] = 'false'; getInputStub = sandbox.stub(core, 'getInput').callsFake((paramName) => { return input[paramName as keyof typeof input] || 'test'; From b7addcb45e2fa7a3df2dab5273b2b032a2c81e00 Mon Sep 17 00:00:00 2001 From: Taha Date: Wed, 24 Sep 2025 13:36:49 +0200 Subject: [PATCH 3/7] SIGN-8057 Improve logging and simplify code --- .../connector-url-builder.ts | 2 - .../helper-artifact-download.ts | 17 +++--- actions/submit-signing-request/task.ts | 55 +++++++++---------- actions/submit-signing-request/utils.ts | 4 -- 4 files changed, 34 insertions(+), 44 deletions(-) diff --git a/actions/submit-signing-request/connector-url-builder.ts b/actions/submit-signing-request/connector-url-builder.ts index 83ddf85..8acebaf 100644 --- a/actions/submit-signing-request/connector-url-builder.ts +++ b/actions/submit-signing-request/connector-url-builder.ts @@ -1,5 +1,3 @@ -// TODO: write tests - export class ConnectorUrlBuilder { private readonly apiVersion: string = "1.0"; private readonly baseSigningRequestsRoute: string; diff --git a/actions/submit-signing-request/helper-artifact-download.ts b/actions/submit-signing-request/helper-artifact-download.ts index ce97e6e..7a8cbf8 100644 --- a/actions/submit-signing-request/helper-artifact-download.ts +++ b/actions/submit-signing-request/helper-artifact-download.ts @@ -4,7 +4,7 @@ import * as path from 'path'; import * as nodeStreamZip from 'node-stream-zip'; import axios, { AxiosError } from 'axios'; import { HelperInputOutput } from "./helper-input-output"; -import { buildSignPathAuthorizationHeader, httpErrorResponseToText } from './utils'; +import { httpErrorResponseToText } from './utils'; import { TimeoutStream } from './timeout-stream'; @@ -19,14 +19,11 @@ export class HelperArtifactDownload { const response = await axios.get(artifactDownloadUrl, { responseType: 'stream', - timeout: timeoutMs, - headers: { - Authorization: buildSignPathAuthorizationHeader(this.helperInputOutput.signPathApiToken) - } + timeout: timeoutMs }) - .catch((e: AxiosError) => { - throw new Error(httpErrorResponseToText(e)); - }); + .catch((e: AxiosError) => { + throw new Error(httpErrorResponseToText(e)); + }); const targetDirectory = this.resolveOrCreateDirectory(this.helperInputOutput.outputArtifactDirectory); @@ -67,8 +64,8 @@ export class HelperArtifactDownload { core.info(`The signed artifact has been successfully downloaded from SignPath and extracted to ${targetDirectory}`); } - public resolveOrCreateDirectory(directoryPath:string): string { - const workingDirectory = process.env.GITHUB_WORKSPACE as string; + public resolveOrCreateDirectory(directoryPath: string): string { + const workingDirectory = process.env.GITHUB_WORKSPACE as string; const absolutePath = path.isAbsolute(directoryPath) ? directoryPath : path.join(workingDirectory as string, directoryPath); diff --git a/actions/submit-signing-request/task.ts b/actions/submit-signing-request/task.ts index 439cb12..0340983 100644 --- a/actions/submit-signing-request/task.ts +++ b/actions/submit-signing-request/task.ts @@ -4,7 +4,7 @@ import * as core from '@actions/core'; import * as moment from 'moment'; import { LogEntry, LogLevelDebug, LogLevelError, LogLevelInformation, LogLevelWarning, SubmitSigningRequestResult, ValidationResult } from './dtos/submit-signing-request-result'; -import { buildSignPathAuthorizationHeader, executeWithRetries, httpErrorResponseToText } from './utils'; +import { executeWithRetries, httpErrorResponseToText } from './utils'; import { ConnectorUrlBuilder } from './connector-url-builder'; import { HelperInputOutput } from './helper-input-output'; import { taskVersion } from './version'; @@ -15,18 +15,19 @@ import { SigningRequestStatusDto } from './dtos/signing-request-status'; // output variables // signingRequestId - the id of the newly created signing request // signingRequestWebUrl - the url of the signing request in SignPath -// signPathApiUrl - the base API url of the SignPath API -// signingRequestDownloadUrl - the url of the signed artifact in SignPath +// signingRequestDownloadUrl - the url of the signed artifact to retrieve via the connector export class Task { - urlBuilder: ConnectorUrlBuilder; + private readonly urlBuilder: ConnectorUrlBuilder; + private readonly userAgent: string; constructor( - private helperInputOutput: HelperInputOutput, - private helperArtifactDownload: HelperArtifactDownload, - private config: Config + private readonly helperInputOutput: HelperInputOutput, + private readonly helperArtifactDownload: HelperArtifactDownload, + private readonly config: Config ) { this.urlBuilder = new ConnectorUrlBuilder(this.helperInputOutput.signPathConnectorUrl, this.helperInputOutput.organizationId); + this.userAgent = `SignPath.SubmitSigningRequestGitHubAction/${taskVersion}(NodeJS/${process.version}; ${process.platform} ${process.arch}})`; } async run() { @@ -54,20 +55,18 @@ export class Task { private async submitSigningRequest(): Promise { - core.info('Submitting the signing request to SignPath CI connector...'); + const submitSigningRequestUrl = this.urlBuilder.buildSubmitSigningRequestUrl(); + core.info('Submitting the signing request to SignPath GitHub Actions connector...'); // prepare the payload const submitRequestPayload = this.buildSigningRequestPayload(); - // call the signPath API to submit the signing request + // call the connector to submit the signing request const response = (await axios - .post(this.urlBuilder.buildSubmitSigningRequestUrl(), + .post(submitSigningRequestUrl, submitRequestPayload, { - responseType: "json", - headers: { - "Authorization": buildSignPathAuthorizationHeader(this.helperInputOutput.signPathApiToken) - } + responseType: "json" }) .catch((e: AxiosError) => { @@ -101,9 +100,7 @@ export class Task { this.helperInputOutput.setSigningRequestId(response.signingRequestId); this.helperInputOutput.setSigningRequestWebUrl(response.signingRequestUrl); - - // TODO: think what to set as output - // this.helperInputOutput.setSignPathApiUrl(this.urlBuilder.signPathBaseUrl + '/API'); + this.helperInputOutput.setSignedArtifactDownloadUrl(this.urlBuilder.buildGetSignedArtifactUrl(response.signingRequestId)) return response.signingRequestId; } @@ -129,7 +126,6 @@ export class Task { } } - // TODO: what the heck // if auto-generated GitHub Actions token (secrets.GITHUB_TOKEN) is used for artifact download, // ensure the workflow continues running until the download is complete. // The token is valid only for the workflow's duration @@ -205,15 +201,13 @@ export class Task { private async getSigningRequestStatus(signingRequestId: string): Promise { const requestStatusUrl = this.urlBuilder.buildGetSigningRequestStatusUrl(signingRequestId); + core.info(`Sending request: GET ${requestStatusUrl}`) const signingRequestStatusDto = await axios .get( requestStatusUrl, { - responseType: "json", - headers: { - "Authorization": buildSignPathAuthorizationHeader(this.helperInputOutput.signPathApiToken) - } + responseType: "json" } ) .catch((e: AxiosError) => { @@ -229,10 +223,20 @@ export class Task { private configureAxios(): void { // set user agent - axios.defaults.headers.common['User-Agent'] = this.buildUserAgent(); + axios.defaults.headers.common['User-Agent'] = this.userAgent; + + // set token for all outgoing requests + axios.defaults.headers.common.Authorization = `Bearer ${this.helperInputOutput.signPathApiToken}` + const timeoutMs = this.helperInputOutput.serviceUnavailableTimeoutInSeconds * 1000 axios.defaults.timeout = timeoutMs; + // log all outgoing requests + axios.interceptors.request.use(request => { + core.info(`Sending request: ${request.method?.toUpperCase()} ${request.url}`) + return request; + }) + // original axiosRetry doesn't work for POST requests // thats why we need to override some functions axiosRetry.isNetworkOrIdempotentRequestError = (error: AxiosError) => { @@ -287,11 +291,6 @@ export class Task { } - private buildUserAgent(): string { - const userAgent = `SignPath.SubmitSigningRequestGitHubAction/${taskVersion}(NodeJS/${process.version}; ${process.platform} ${process.arch}})`; - return userAgent; - } - private checkResponseStructure(response: SubmitSigningRequestResult): void { if (!response.validationResult && !response.signingRequestId) { diff --git a/actions/submit-signing-request/utils.ts b/actions/submit-signing-request/utils.ts index c615f64..a0761ff 100644 --- a/actions/submit-signing-request/utils.ts +++ b/actions/submit-signing-request/utils.ts @@ -49,10 +49,6 @@ export function getInputNumber(name: string, options?: core.InputOptions): numbe return result; } -export function buildSignPathAuthorizationHeader(apiToken: string): string { - return `Bearer ${apiToken}`; -} - export function httpErrorResponseToText(err: AxiosError): string { const response = err.response as AxiosResponse; From 89720ee91fa539bd49d288c7ca3a38dfeccf3c23 Mon Sep 17 00:00:00 2001 From: Taha Date: Wed, 24 Sep 2025 13:55:33 +0200 Subject: [PATCH 4/7] SIGN-8057 Log all requests and responses on debug level --- actions/submit-signing-request/task.ts | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/actions/submit-signing-request/task.ts b/actions/submit-signing-request/task.ts index 0340983..1fea613 100644 --- a/actions/submit-signing-request/task.ts +++ b/actions/submit-signing-request/task.ts @@ -201,8 +201,6 @@ export class Task { private async getSigningRequestStatus(signingRequestId: string): Promise { const requestStatusUrl = this.urlBuilder.buildGetSigningRequestStatusUrl(signingRequestId); - core.info(`Sending request: GET ${requestStatusUrl}`) - const signingRequestStatusDto = await axios .get( requestStatusUrl, @@ -233,10 +231,19 @@ export class Task { // log all outgoing requests axios.interceptors.request.use(request => { - core.info(`Sending request: ${request.method?.toUpperCase()} ${request.url}`) + core.debug(`Sending request: ${request.method?.toUpperCase()} ${request.url}`); return request; }) + // log all outgoing responses + axios.interceptors.response.use(response => { + core.debug(`Received response: ${response.status} ${response.statusText} from ${response.request.url}`); + return response; + }, error => { + core.debug(`Received response: ${error.response.status} ${error.response.statusText}`) + return Promise.reject(error); + }) + // original axiosRetry doesn't work for POST requests // thats why we need to override some functions axiosRetry.isNetworkOrIdempotentRequestError = (error: AxiosError) => { From 200da0195932c3c1015c94aab01f9463c0199b2d Mon Sep 17 00:00:00 2001 From: Taha Date: Wed, 24 Sep 2025 14:53:43 +0200 Subject: [PATCH 5/7] SIGN-8057 Resolve TODOs --- .../helper-input-output.ts | 6 ----- .../submit-signing-request/tests/task.test.ts | 22 ++++++++----------- 2 files changed, 9 insertions(+), 19 deletions(-) diff --git a/actions/submit-signing-request/helper-input-output.ts b/actions/submit-signing-request/helper-input-output.ts index d835ba9..a4276e2 100644 --- a/actions/submit-signing-request/helper-input-output.ts +++ b/actions/submit-signing-request/helper-input-output.ts @@ -60,7 +60,6 @@ export class HelperInputOutput { return getInputNumber('service-unavailable-timeout-in-seconds', { required: true }); } - // TODO: change to connector right? setSignedArtifactDownloadUrl(url: string):void { core.setOutput('signed-artifact-download-url', url); } @@ -72,9 +71,4 @@ export class HelperInputOutput { setSigningRequestWebUrl(signingRequestUrl: string): void { core.setOutput('signing-request-web-url', signingRequestUrl); } - - // TODO: drop? - setSignPathApiUrl(signingRequestUrl: string): void { - core.setOutput('signpath-api-url', signingRequestUrl); - } } diff --git a/actions/submit-signing-request/tests/task.test.ts b/actions/submit-signing-request/tests/task.test.ts index 5824c90..2a22c76 100644 --- a/actions/submit-signing-request/tests/task.test.ts +++ b/actions/submit-signing-request/tests/task.test.ts @@ -22,6 +22,7 @@ const testSigningPolicySlug = 'TEST_POLICY_SLUG'; const testGitHubToken = 'TEST_GITHUB_TOKEN'; const testConnectorLogMessage = 'TEST_CONNECTOR_LOG_MESSAGE'; +const testSignedArtifactLink = `${testConnectorUrl}/${testOrganizationId}/SigningRequests/${testSigningRequestId}/SignedArtifact?api-version=1.0` const submitSigningRequestRouteTemplate = new RegExp(`\/${testOrganizationId}\/SigningRequests.*`) const defaultTestInputMap = { @@ -87,7 +88,6 @@ beforeEach(() => { MaxDelayBetweenSigningRequestStatusChecksInSeconds: 0, CheckArtifactDownloadStatusIntervalInSeconds: 0 }); - }); afterEach(() => { @@ -158,18 +158,6 @@ it('test that the signing request was not submitted due to validation errors', a assert.equal(coreInfoStub.called, true); }); -it('test that the output variables are set correctly', async () => { - await task.run(); - assert.equal(setOutputStub.calledWith('signing-request-id', testSigningRequestId), true); - assert.equal(setOutputStub.calledWith('signing-request-web-url', testSigningRequestUrl), true); - - // TODO: drop? - // assert.equal(setOutputStub.calledWith('signpath-api-url', testSignPathUrl + '/API'), true); - - // TODO: - // assert.equal(setOutputStub.calledWith('signed-artifact-download-url', testSignedArtifactLink), true); -}); - it('connector logs logged to the build log', async () => { const coreInfoStub = sandbox.stub(core, 'info') .withArgs(sinon.match((value: any) => { @@ -326,4 +314,12 @@ it('if the signing request status is final, the task stops checking for artifact // and successfully completed assert.equal(setFailedStub.called, true); +}); + +it('test that the output variables are set correctly', async () => { + await task.run(); + + assert.equal(setOutputStub.calledWith('signing-request-id', testSigningRequestId), true); + assert.equal(setOutputStub.calledWith('signing-request-web-url', testSigningRequestUrl), true); + assert.equal(setOutputStub.calledWith('signed-artifact-download-url', testSignedArtifactLink), true); }); \ No newline at end of file From bd166c3463a1299b7fb831852d99f9a5d79d0ac2 Mon Sep 17 00:00:00 2001 From: Taha Date: Wed, 24 Sep 2025 15:22:22 +0200 Subject: [PATCH 6/7] SIGN-8057 Update version --- actions/submit-signing-request/version.ts | 4 +--- make.js | 1 - package.json | 2 +- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/actions/submit-signing-request/version.ts b/actions/submit-signing-request/version.ts index ace57f4..be1f33f 100644 --- a/actions/submit-signing-request/version.ts +++ b/actions/submit-signing-request/version.ts @@ -1,4 +1,2 @@ -// TODO: this does not correspond with actual version! - -const taskVersion = '1.1'; +const taskVersion = '1.4'; export { taskVersion }; diff --git a/make.js b/make.js index 2675aec..11ef017 100644 --- a/make.js +++ b/make.js @@ -5,7 +5,6 @@ var fs = require('fs'); var argv = require('minimist')(process.argv.slice(2)); - var run = util.run; var CLI = {}; diff --git a/package.json b/package.json index a859697..8175a70 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "lint": "tslint --project tsconfig.json" }, "name": "signpath.connectors.githubactions.actions", - "version": "1.0.0", + "version": "1.4.0", "description": "Use SignPath to sign your build artifacts.", "devDependencies": { "@types/chai": "^4.3.5", From 752d05eae778506bdb921692f66daa7ccf39dbe5 Mon Sep 17 00:00:00 2001 From: Taha Date: Thu, 2 Oct 2025 11:55:37 +0200 Subject: [PATCH 7/7] SIGN-8057 Bump task version to 2.0 --- actions/submit-signing-request/task.ts | 1 - actions/submit-signing-request/version.ts | 2 +- package.json | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/actions/submit-signing-request/task.ts b/actions/submit-signing-request/task.ts index 1fea613..a06e321 100644 --- a/actions/submit-signing-request/task.ts +++ b/actions/submit-signing-request/task.ts @@ -295,7 +295,6 @@ export class Task { retries: maxRetryCount, retryCondition: axiosRetry.isNetworkOrIdempotentRequestError }); - } private checkResponseStructure(response: SubmitSigningRequestResult): void { diff --git a/actions/submit-signing-request/version.ts b/actions/submit-signing-request/version.ts index be1f33f..9d7606a 100644 --- a/actions/submit-signing-request/version.ts +++ b/actions/submit-signing-request/version.ts @@ -1,2 +1,2 @@ -const taskVersion = '1.4'; +const taskVersion = '2.0'; export { taskVersion }; diff --git a/package.json b/package.json index 8175a70..3eab851 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "lint": "tslint --project tsconfig.json" }, "name": "signpath.connectors.githubactions.actions", - "version": "1.4.0", + "version": "2.0.0", "description": "Use SignPath to sign your build artifacts.", "devDependencies": { "@types/chai": "^4.3.5",