Port dependencies & remove dependency on toolkit/artifacts

2026-04-06 18:03:19 +08:00 · 2024-11-14 03:01:04 -08:00
parent d109d9c03e
commit 9dff82c727
2 changed files with 84 additions and 14 deletions
--- a/packages/cache/src/internal/cacheUtils.ts
+++ b/packages/cache/src/internal/cacheUtils.ts
@@ -7,6 +7,7 @@ import * as fs from 'fs'
 import * as path from 'path'
 import * as semver from 'semver'
 import * as util from 'util'
+import jwt_decode from 'jwt-decode'
 import {
  CacheFilename,
  CompressionMethod,
@@ -169,4 +170,80 @@ export function getCacheVersion(
  components.push(versionSalt)

  return crypto.createHash('sha256').update(components.join('|')).digest('hex')
+}
+
+export function getRuntimeToken(): string {
+  const token = process.env['ACTIONS_RUNTIME_TOKEN']
+  if (!token) {
+    throw new Error('Unable to get the ACTIONS_RUNTIME_TOKEN env variable')
+  }
+  return token
+}
+
+export interface BackendIds {
+  workflowRunBackendId: string
+  workflowJobRunBackendId: string
+}
+
+interface ActionsToken {
+  scp: string
+}
+
+const InvalidJwtError = new Error(
+  'Failed to get backend IDs: The provided JWT token is invalid and/or missing claims'
+)
+
+// uses the JWT token claims to get the
+// workflow run and workflow job run backend ids
+export function getBackendIdsFromToken(): BackendIds {
+  const token = getRuntimeToken()
+  const decoded = jwt_decode<ActionsToken>(token)
+  if (!decoded.scp) {
+    throw InvalidJwtError
+  }
+
+  /*
+   * example decoded:
+   * {
+   *   scp: "Actions.ExampleScope Actions.Results:ce7f54c7-61c7-4aae-887f-30da475f5f1a:ca395085-040a-526b-2ce8-bdc85f692774"
+   * }
+   */
+
+  const scpParts = decoded.scp.split(' ')
+  if (scpParts.length === 0) {
+    throw InvalidJwtError
+  }
+  /*
+   * example scpParts:
+   * ["Actions.ExampleScope", "Actions.Results:ce7f54c7-61c7-4aae-887f-30da475f5f1a:ca395085-040a-526b-2ce8-bdc85f692774"]
+   */
+
+  for (const scopes of scpParts) {
+    const scopeParts = scopes.split(':')
+    if (scopeParts?.[0] !== 'Actions.Results') {
+      // not the Actions.Results scope
+      continue
+    }
+
+    /*
+     * example scopeParts:
+     * ["Actions.Results", "ce7f54c7-61c7-4aae-887f-30da475f5f1a", "ca395085-040a-526b-2ce8-bdc85f692774"]
+     */
+    if (scopeParts.length !== 3) {
+      // missing expected number of claims
+      throw InvalidJwtError
+    }
+
+    const ids = {
+      workflowRunBackendId: scopeParts[1],
+      workflowJobRunBackendId: scopeParts[2]
+    }
+
+    core.debug(`Workflow Run Backend ID: ${ids.workflowRunBackendId}`)
+    core.debug(`Workflow Job Run Backend ID: ${ids.workflowJobRunBackendId}`)
+
+    return ids
+  }
+
+  throw InvalidJwtError
 }