Move computesha256 to typescript (slsa-framework#546)

* Move computesha256 to typescript - Port the computesha256 from bash to typescript. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Updated to use the native crypto library - Updated to use the native crypto library - Included README instructions - Some minor nits. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Included additional console outputs for debugging Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Removed .prettierrc.json Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Included workflow to validate the computesha256 - Included the workflow to validate the computesha256 github action Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Code review fixes - Included permissions for the workflow - Renamed the workflow file - Updated the input variable to `path` - Changed the `run` function to non-async - Updated the README instructions - Included the tag for pinned SHA * Updated to npm ci form npm i Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Add new line * Fix spaces * Fixed the error in actions code. * Moved the action within the pre-submit.actions.yml - Moved the action within the pre-submit.actions.yml - Removed the redundant instructions in README Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Remove extra line Co-authored-by: Ian Lewis <ianlewis@google.com>
ramonpetgrave64 · Jul 25, 2022 · c88f03e · c88f03e
1 parent c4e3be2
commit c88f03e
Show file tree

Hide file tree

Showing 12 changed files with 2,085 additions and 19 deletions.
diff --git a/.github/actions/compute-sha256/.gitignore b/.github/actions/compute-sha256/.gitignore
@@ -0,0 +1,99 @@
+# Dependency directory
+node_modules
+
+# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# OS metadata
+.DS_Store
+Thumbs.db
+
+# Ignore built ts files
+__tests__/runner/*
+lib/**/*
diff --git a/.github/actions/compute-sha256/.prettierignore b/.github/actions/compute-sha256/.prettierignore
@@ -0,0 +1,3 @@
+dist/
+lib/
+node_modules/
diff --git a/.github/actions/compute-sha256/README.md b/.github/actions/compute-sha256/README.md
@@ -0,0 +1,7 @@
+# Compute SHA256
+
+## How to build this action in development
+- Install node
+- Install typescript
+- `npm ci`
+- `npm run all` 
diff --git a/.github/actions/compute-sha256/action.yml b/.github/actions/compute-sha256/action.yml
@@ -10,22 +10,5 @@ outputs:
     value: "${{ steps.compute.outputs.sha256 }}"
 
 runs:
-  using: "composite"
-  steps:
-    - name: Compute the sha256
-      id: compute
-      shell: bash
-      env:
-        UNTRUSTED_PATH: "${{ inputs.path }}"
-      run: |
-        set -euo pipefail
-
-        echo "Computing SHA256 for $UNTRUSTED_PATH"
-        if ! [[ -f "$UNTRUSTED_PATH" ]]; then
-            echo "File $UNTRUSTED_PATH not present"
-            exit 5
-        fi
-        digest=$(sha256sum "$UNTRUSTED_PATH" | awk '{print $1}')
-        echo "computed sha: $digest"
-
-        echo "::set-output name=sha256::$digest"
+  using: node16
+  main: 'dist/index.js'