actions/toolkit
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/actions/toolkit synced 2026-04-01 14:33:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

use sha256 instead of md5 for artifact v4 integrity hash

Browse Source
This commit is contained in:
Rob Herley
2023-10-16 16:20:24 +00:00
committed by GitHub
parent 494f12bcd9
commit 82474125c8
3 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
packages/artifact/src/internal/upload/blob-upload.ts
View File

@@ -18,9 +18,9 @@ export interface BlobUploadResponse {
uploadSize?: number
/**
* The MD5 hash of the uploaded file. Empty if the upload failed
* The SHA256 hash of the uploaded file. Empty if the upload failed
*/
md5Hash?: string
sha256Hash?: string
}
export async function uploadZipToBlobStorage(
@@ -48,9 +48,9 @@ export async function uploadZipToBlobStorage(
onProgress: uploadCallback
}
let md5Hash: string | undefined = undefined
let sha256Hash: string | undefined = undefined
const uploadStream = new stream.PassThrough()
const hashStream = crypto.createHash('md5')
const hashStream = crypto.createHash('sha256')
zipUploadStream.pipe(uploadStream) // This stream is used for the upload
zipUploadStream.pipe(hashStream).setEncoding('hex') // This stream is used to compute a hash of the zip content that gets used. Integrity check
@@ -68,8 +68,8 @@ export async function uploadZipToBlobStorage(
core.info('Finished uploading artifact content to blob storage!')
hashStream.end()
md5Hash = hashStream.read() as string
core.info(`MD5 hash of uploaded artifact zip is ${md5Hash}`)
sha256Hash = hashStream.read() as string
core.info(`SHA256 hash of uploaded artifact zip is ${sha256Hash}`)
} catch (error) {
core.warning(
`Failed to upload artifact zip to blob storage, error: ${error}`
@@ -91,6 +91,6 @@ export async function uploadZipToBlobStorage(
return {
isSuccess: true,
uploadSize: uploadByteCount,
md5Hash
sha256Hash
}
}

4
packages/artifact/src/internal/upload/upload-artifact.ts
View File

@@ -99,9 +99,9 @@ export async function uploadArtifact(
size: uploadResult.uploadSize ? uploadResult.uploadSize.toString() : '0'
}
if (uploadResult.md5Hash) {
if (uploadResult.sha256Hash) {
finalizeArtifactReq.hash = StringValue.create({
value: `md5:${uploadResult.md5Hash}`
value: `sha256:${uploadResult.sha256Hash}`
})
}