feat: build for release

README.md

@@ -6,9 +6,13 @@
 
 A GitHub action that publishes your code coverage to [Code Climate](http://codeclimate.com/).
 
+> **Note**
+>
+> Please use a _specific_ version of this action – for example, `v3.2.0`, instead of using only major versions like `v3` or `v3.2` – these will **not** work!
+
 > **Warning**
 >
-> Please upgrade to v3.1.1 immediately. v3.1.0 was recently broken inadverdently, and the only fix is to upgrade your action to v3.1.1. Please see [#626](https://github.com/paambaati/codeclimate-action/issues/626) for more details.
+> Please upgrade to v3.1.1 (or higher) immediately. v3.1.0 was recently broken inadverdently, and the only fix is to upgrade your action to v3.1.1 or higher. Please see [#626](https://github.com/paambaati/codeclimate-action/issues/626) for more details.
 
 
 ## Usage

lib/main.js

@@ -32,16 +32,20 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.run = exports.CODECLIMATE_GPG_PUBLIC_KEY_ID = void 0;
+exports.run = exports.verifyChecksumAndSignature = exports.downloadAndRecord = exports.FILE_ARTIFACTS = exports.CODECLIMATE_GPG_PUBLIC_KEY_ID = exports.EXECUTABLE = exports.DOWNLOAD_URL = void 0;
 const os_1 = require("os");
 const process_1 = require("process");
+const fs_1 = require("fs");
 const core_1 = require("@actions/core");
 const exec_1 = require("@actions/exec");
 const github_1 = require("@actions/github");
 const glob = __importStar(require("@actions/glob"));
 const utils_1 = require("./utils");
-const DOWNLOAD_URL = `https://codeclimate.com/downloads/test-reporter/test-reporter-latest-${(0, os_1.platform)()}-amd64`;
-const EXECUTABLE = './cc-reporter';
+// REFER: https://docs.codeclimate.com/docs/configuring-test-coverage#locations-of-pre-built-binaries
+/** Canonical download URL for the official CodeClimate reporter. */
+exports.DOWNLOAD_URL = `https://codeclimate.com/downloads/test-reporter/test-reporter-latest-${(0, os_1.platform)()}-${(0, os_1.arch)() === 'arm64' ? 'arm64' : 'amd64'}`;
+/** Local file name of the CodeClimate reporter. */
+exports.EXECUTABLE = './cc-reporter';
 exports.CODECLIMATE_GPG_PUBLIC_KEY_ID = '9BD9E2DD46DA965A537E5B0A5CBF320243B6FD85';
 const CODECLIMATE_GPG_PUBLIC_KEY_URL = `https://keys.openpgp.org/vks/v1/by-fingerprint/${exports.CODECLIMATE_GPG_PUBLIC_KEY_ID}`;
 const DEFAULT_COVERAGE_COMMAND = '';
@@ -55,6 +59,22 @@ const SUPPORTED_GITHUB_EVENTS = [
     // PRs that were triggered on remote forks.
     'pull_request_target',
 ];
+/** Central data structure that holds a list of all downloaded file artifacts. */
+exports.FILE_ARTIFACTS = new Set();
+/**
+ * Downloads a given URL to a given filename and then records it in the global artifacts data structure.
+ *
+ * @param url Fully qualified URL to download.
+ * @param file Local file path to save the downloaded content.
+ * @param mode (Optional) File mode.
+ */
+function downloadAndRecord(url, file, mode) {
+    return __awaiter(this, void 0, void 0, function* () {
+        yield (0, utils_1.downloadToFile)(url, file, mode);
+        exports.FILE_ARTIFACTS.add(file);
+    });
+}
+exports.downloadAndRecord = downloadAndRecord;
 function prepareEnv() {
     var _a, _b;
     const env = process.env;
@@ -71,6 +91,50 @@ function prepareEnv() {
     }
     return env;
 }
+/**
+ * Verifies SHA256 checksum and the GPG signature for the downloaded Reporter executable.
+ *
+ * @param downloadUrl (Optional) Canonical download URL for the CodeClimate reporter.
+ * @param executablePath (Optional) Local file name of the reporter executable.
+ * @param algorithm (Optional) Algorithm to verify checksum @default 'sha256'.
+ */
+function verifyChecksumAndSignature(downloadUrl = exports.DOWNLOAD_URL, executablePath = exports.EXECUTABLE, algorithm = 'sha256') {
+    return __awaiter(this, void 0, void 0, function* () {
+        const checksumUrl = `${downloadUrl}.${algorithm}`;
+        const checksumFilePath = `${executablePath}.${algorithm}`;
+        const signatureUrl = `${downloadUrl}.${algorithm}.sig`;
+        const signatureFilePath = `${executablePath}.${algorithm}.sig`;
+        const ccPublicKeyFilePath = 'public-key.asc';
+        try {
+            (0, core_1.debug)(`ℹ️ Verifying CC Reporter checksum...`);
+            yield downloadAndRecord(checksumUrl, checksumFilePath);
+            const checksumVerified = yield (0, utils_1.verifyChecksum)(executablePath, checksumFilePath, algorithm);
+            if (!checksumVerified)
+                throw new Error('CC Reporter checksum does not match!');
+            (0, core_1.debug)('✅ CC Reported checksum verification completed...');
+        }
+        catch (err) {
+            (0, core_1.error)(err.message);
+            (0, core_1.setFailed)('🚨 CC Reporter checksum verfication failed!');
+            throw err;
+        }
+        try {
+            (0, core_1.debug)(`ℹ️ Verifying CC Reporter GPG signature...`);
+            yield downloadAndRecord(signatureUrl, signatureFilePath);
+            yield downloadAndRecord(CODECLIMATE_GPG_PUBLIC_KEY_URL, ccPublicKeyFilePath);
+            const signatureVerified = yield (0, utils_1.verifySignature)(checksumFilePath, signatureFilePath, ccPublicKeyFilePath);
+            if (!signatureVerified)
+                throw new Error('CC Reporter GPG signature is invalid!');
+            (0, core_1.debug)('✅ CC Reported GPG signature verification completed...');
+        }
+        catch (err) {
+            (0, core_1.error)(err.message);
+            (0, core_1.setFailed)('🚨 CC Reporter GPG signature verfication failed!');
+            throw err;
+        }
+    });
+}
+exports.verifyChecksumAndSignature = verifyChecksumAndSignature;
 function getLocationLines(coverageLocationPatternsParam) {
     return __awaiter(this, void 0, void 0, function* () {
         const coverageLocationPatternsLines = coverageLocationPatternsParam
@@ -93,7 +157,7 @@ function getLocationLines(coverageLocationPatternsParam) {
         return coverageLocationLines;
     });
 }
-function run(downloadUrl = DOWNLOAD_URL, executable = EXECUTABLE, coverageCommand = DEFAULT_COVERAGE_COMMAND, workingDirectory = DEFAULT_WORKING_DIRECTORY, codeClimateDebug = DEFAULT_CODECLIMATE_DEBUG, coverageLocationsParam = DEFAULT_COVERAGE_LOCATIONS, coveragePrefix, verifyDownload = DEFAULT_VERIFY_DOWNLOAD) {
+function run(downloadUrl = exports.DOWNLOAD_URL, executable = exports.EXECUTABLE, coverageCommand = DEFAULT_COVERAGE_COMMAND, workingDirectory = DEFAULT_WORKING_DIRECTORY, codeClimateDebug = DEFAULT_CODECLIMATE_DEBUG, coverageLocationsParam = DEFAULT_COVERAGE_LOCATIONS, coveragePrefix, verifyDownload = DEFAULT_VERIFY_DOWNLOAD) {
     return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {
         if ((0, os_1.platform)() === 'win32') {
             const err = new Error('CC Reporter is not supported on Windows!');
@@ -117,7 +181,7 @@ function run(downloadUrl = DOWNLOAD_URL, executable = EXECUTABLE, coverageComman
         }
         try {
             (0, core_1.debug)(`ℹ️ Downloading CC Reporter from ${downloadUrl} ...`);
-            yield (0, utils_1.downloadToFile)(downloadUrl, executable);
+            yield downloadAndRecord(downloadUrl, executable);
             (0, core_1.debug)('✅ CC Reporter downloaded...');
         }
         catch (err) {
@@ -128,36 +192,10 @@ function run(downloadUrl = DOWNLOAD_URL, executable = EXECUTABLE, coverageComman
             return reject(err);
         }
         if (verifyDownload === 'true') {
-            const checksumUrl = `${downloadUrl}.sha256`;
-            const checksumFilePath = `${executable}.sha256`;
-            const signatureUrl = `${downloadUrl}.sha256.sig`;
-            const signatureFilePath = `${executable}.sha256.sig`;
-            const ccPublicKeyFilePath = 'public-key.asc';
-            try {
-                (0, core_1.debug)(`ℹ️ Verifying CC Reporter checksum...`);
-                yield (0, utils_1.downloadToFile)(checksumUrl, checksumFilePath);
-                const checksumVerified = yield (0, utils_1.verifyChecksum)(executable, checksumFilePath, 'sha256');
-                if (!checksumVerified)
-                    throw new Error('CC Reporter checksum does not match!');
-                (0, core_1.debug)('✅ CC Reported checksum verification completed...');
-            }
-            catch (err) {
-                (0, core_1.error)(err.message);
-                (0, core_1.setFailed)('🚨 CC Reporter checksum verfication failed!');
-                return reject(err);
-            }
             try {
-                (0, core_1.debug)(`ℹ️ Verifying CC Reporter GPG signature...`);
-                yield (0, utils_1.downloadToFile)(signatureUrl, signatureFilePath);
-                yield (0, utils_1.downloadToFile)(CODECLIMATE_GPG_PUBLIC_KEY_URL, ccPublicKeyFilePath);
-                const signatureVerified = yield (0, utils_1.verifySignature)(checksumFilePath, signatureFilePath, ccPublicKeyFilePath);
-                if (!signatureVerified)
-                    throw new Error('CC Reporter GPG signature is invalid!');
-                (0, core_1.debug)('✅ CC Reported GPG signature verification completed...');
+                yield verifyChecksumAndSignature(downloadUrl, executable);
             }
             catch (err) {
-                (0, core_1.error)(err.message);
-                (0, core_1.setFailed)('🚨 CC Reporter GPG signature verfication failed!');
                 return reject(err);
             }
         }
@@ -303,5 +341,19 @@ if (require.main === module) {
     const coverageLocations = (0, utils_1.getOptionalString)('coverageLocations', DEFAULT_COVERAGE_LOCATIONS);
     const coveragePrefix = (0, utils_1.getOptionalString)('prefix');
     const verifyDownload = (0, utils_1.getOptionalString)('verifyDownload', DEFAULT_VERIFY_DOWNLOAD);
-    run(DOWNLOAD_URL, EXECUTABLE, coverageCommand, workingDirectory, codeClimateDebug, coverageLocations, coveragePrefix, verifyDownload);
+    try {
+        run(exports.DOWNLOAD_URL, exports.EXECUTABLE, coverageCommand, workingDirectory, codeClimateDebug, coverageLocations, coveragePrefix, verifyDownload);
+    }
+    catch (err) {
+        throw err;
+    }
+    finally {
+        // Finally clean up all artifacts that we downloaded.
+        for (const artifact of exports.FILE_ARTIFACTS) {
+            try {
+                (0, fs_1.unlinkSync)(artifact);
+            }
+            catch (_a) { }
+        }
+    }
 }