Compare commits

...
Author SHA1 Message Date
Philip GaiandCopilot App 2a49485529 chore(deps): bump @actions/cache to 6.2.0
Bump @actions/cache from ^6.1.0 to ^6.2.0 and rebuild the vendored dist
bundles (dist/setup, dist/cache-save) via ncc. Update the licensed cache
record for @actions/cache to 6.2.0.

6.2.0 ships two transparent client behaviors: honor ACTIONS_CACHE_MODE to
skip restore/save when the effective cache-mode disallows it, and surface a
core.warning (not a run failure) when the cache service denies a read/write
due to token scopes.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 0acd1380-0102-4f9d-b613-192a6ddef737
2026-07-15 13:54:41 -05:00
v-jitenderpalsinghandGitHub 363be39a57 Add Node version validation and manifest fetch retry (#1580)
* Add Node version validation and manifest fetch retry

* Add debug logs for expected and actual Node versions

* chore: rebuild dist

* refactor: enhance debug logging for Node installation failure

* update test cases

* Improve formatting of test cases

* revert package-lock.json
2026-07-14 17:55:44 -05:00
7 changed files with 461 additions and 84 deletions
+1 -1
View File
@@ -1,6 +1,6 @@
--- ---
name: "@actions/cache" name: "@actions/cache"
version: 6.1.0 version: 6.2.0
type: npm type: npm
summary: Actions cache lib summary: Actions cache lib
homepage: https://github.com/actions/toolkit/tree/main/packages/cache homepage: https://github.com/actions/toolkit/tree/main/packages/cache
+112 -6
View File
@@ -258,7 +258,11 @@ describe('setup-node', () => {
// @actions/exec // @actions/exec
getExecOutputSpy = exec.getExecOutput as jest.Mock; getExecOutputSpy = exec.getExecOutput as jest.Mock;
getExecOutputSpy.mockImplementation(() => 'v16.15.0'); getExecOutputSpy.mockImplementation(async () => ({
stdout: 'v16.15.0',
stderr: '',
exitCode: 0
}));
}); });
afterEach(() => { afterEach(() => {
@@ -379,6 +383,16 @@ describe('setup-node', () => {
whichSpy.mockImplementation((cmd: any) => { whichSpy.mockImplementation((cmd: any) => {
return `some/${cmd}/path`; return `some/${cmd}/path`;
}); });
getExecOutputSpy.mockImplementation(async (cmd: string) => ({
stdout:
cmd === 'node'
? `v${resolvedVersion}`
: cmd === 'npm'
? '11.12.1'
: '4.17.1',
stderr: '',
exitCode: 0
}));
await main.run(); await main.run();
@@ -756,7 +770,7 @@ describe('setup-node', () => {
`Attempting to download ${versionSpec}...` `Attempting to download ${versionSpec}...`
); );
expect(addPathSpy).toHaveBeenCalledWith(expPath); expect(addPathSpy).toHaveBeenCalledWith(expPath);
}); }, 10000);
}); });
describe('LTS version', () => { describe('LTS version', () => {
@@ -924,8 +938,10 @@ describe('setup-node', () => {
expect(dbgSpy).toHaveBeenCalledWith( expect(dbgSpy).toHaveBeenCalledWith(
'Getting manifest from actions/node-versions@main' 'Getting manifest from actions/node-versions@main'
); );
expect(setFailedSpy).toHaveBeenCalledWith('Unable to download manifest'); expect(setFailedSpy).toHaveBeenCalledWith(
}); `Failed to fetch a valid manifest after 3 attempts. Last error: Unable to download manifest`
);
}, 10000);
}); });
describe('latest alias syntax', () => { describe('latest alias syntax', () => {
@@ -947,10 +963,13 @@ describe('setup-node', () => {
await main.run(); await main.run();
// assert // assert
expect(logSpy).toHaveBeenCalledWith('Unable to download manifest'); expect(logSpy).toHaveBeenCalledWith(
'Failed to fetch a valid manifest after 3 attempts. Last error: Unable to download manifest'
);
expect(logSpy).toHaveBeenCalledWith('getting latest node version...'); expect(logSpy).toHaveBeenCalledWith('getting latest node version...');
} },
10000
); );
}); });
@@ -1020,4 +1039,91 @@ describe('setup-node', () => {
); );
} }
}, 100000); }, 100000);
describe('manifest retry and validation', () => {
beforeEach(() => {
os.platform = 'linux';
os.arch = 'x64';
inputs['node-version'] = 'lts/erbium';
findSpy.mockImplementation(() => '');
});
it('retries fetching the manifest and succeeds on a later attempt', async () => {
let calls = 0;
getManifestSpy.mockImplementation(() => {
calls++;
if (calls < 2) {
throw new Error('transient network failure');
}
return <tc.IToolRelease[]>nodeTestManifest;
});
dlSpy.mockImplementation(async () => '/some/temp/path');
const toolPath = path.normalize('/cache/node/12.16.2/x64');
exSpy.mockImplementation(async () => '/some/other/temp/path');
cacheSpy.mockImplementation(async () => toolPath);
getExecOutputSpy.mockImplementation(async () => ({
stdout: `v${path.basename(path.dirname(toolPath))}\n`,
stderr: '',
exitCode: 0
}));
await main.run();
expect(calls).toBe(2);
expect(logSpy).toHaveBeenCalledWith('Retrying to fetch the manifest...');
expect(dbgSpy).toHaveBeenCalledWith(
`Found LTS release '12.16.2' for Node version 'lts/erbium'`
);
}, 10000);
it('rejects an empty manifest as invalid and retries', async () => {
getManifestSpy.mockImplementation(() => []);
await main.run();
expect(getManifestSpy).toHaveBeenCalledTimes(3);
expect(setFailedSpy).toHaveBeenCalledWith(
`Failed to fetch a valid manifest after 3 attempts. Last error: The manifest fetched is empty, truncated, or does not contain any valid tool release entries.`
);
}, 10000);
});
describe('node version verification', () => {
beforeEach(() => {
os.platform = 'linux';
os.arch = 'x64';
inputs['node-version'] = '12';
});
it('fails when the installed node version does not match the expected version', async () => {
const toolPath = path.normalize('/cache/node/12.16.1/x64');
findSpy.mockReturnValue(toolPath);
getExecOutputSpy.mockImplementation(async () => ({
stdout: 'v22.22.3\n',
stderr: '',
exitCode: 0
}));
await main.run();
expect(setFailedSpy).toHaveBeenCalledWith(
`Node v12.16.1 installation failed, likely due to an incomplete or corrupted download.`
);
});
it('fails when the node executable cannot be invoked', async () => {
const toolPath = path.normalize('/cache/node/12.16.1/x64');
findSpy.mockReturnValue(toolPath);
getExecOutputSpy.mockImplementation(async () => {
throw new Error('node not found');
});
await main.run();
expect(setFailedSpy).toHaveBeenCalledWith(
`Node installation failed. Node may not be installed or not on PATH: node not found`
);
});
});
}); });
+115 -29
View File
@@ -39020,7 +39020,7 @@ module.exports = { version: packageJson.version }
/***/ 4012: /***/ 4012:
/***/ ((module) => { /***/ ((module) => {
module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.1.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}'); module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.2.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}');
/***/ }) /***/ })
@@ -43258,6 +43258,10 @@ const SystemTarPathOnWindows = `${process.env['SYSTEMDRIVE']}\\Windows\\System32
const TarFilename = 'cache.tar'; const TarFilename = 'cache.tar';
const ManifestFilename = 'manifest.txt'; const ManifestFilename = 'manifest.txt';
const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository
// Prefix the cache backend embeds in a read-denial message (v2 twirp
// GetCacheEntryDownloadURL error or the GHES v1 `_apis/artifactcache` 403 body).
// Shared so cache.ts and cacheHttpClient.ts match the same contract value.
const constants_CacheReadDeniedMessagePrefix = 'cache read denied:';
//# sourceMappingURL=constants.js.map //# sourceMappingURL=constants.js.map
;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js ;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js
var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) { var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
@@ -87289,6 +87293,24 @@ function config_getCacheServiceVersion() {
return 'v1'; return 'v1';
return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1'; return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1';
} }
// The cache-mode lattice: readable = {read, write}, writable = {write,
// write-only}, none = neither.
const KNOWN_CACHE_MODES = ['none', 'read', 'write', 'write-only'];
// The effective cache-mode exported by the runner, or '' when not set.
function config_getCacheMode() {
return (process.env['ACTIONS_CACHE_MODE'] || '').trim().toLowerCase();
}
// Unset or unrecognized modes are permissive so behavior matches today.
function config_isCacheReadable(mode) {
if (!KNOWN_CACHE_MODES.includes(mode))
return true;
return mode === 'read' || mode === 'write';
}
function isCacheWritable(mode) {
if (!KNOWN_CACHE_MODES.includes(mode))
return true;
return mode === 'write' || mode === 'write-only';
}
function getCacheServiceURL() { function getCacheServiceURL() {
const version = config_getCacheServiceVersion(); const version = config_getCacheServiceVersion();
// Based on the version of the cache service, we will determine which // Based on the version of the cache service, we will determine which
@@ -87338,6 +87360,7 @@ var cacheHttpClient_awaiter = (undefined && undefined.__awaiter) || function (th
function getCacheApiUrl(resource) { function getCacheApiUrl(resource) {
const baseUrl = getCacheServiceURL(); const baseUrl = getCacheServiceURL();
if (!baseUrl) { if (!baseUrl) {
@@ -87365,6 +87388,7 @@ function createHttpClient() {
} }
function getCacheEntry(keys, paths, options) { function getCacheEntry(keys, paths, options) {
return cacheHttpClient_awaiter(this, void 0, void 0, function* () { return cacheHttpClient_awaiter(this, void 0, void 0, function* () {
var _a;
const httpClient = createHttpClient(); const httpClient = createHttpClient();
const version = utils.getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive); const version = utils.getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive);
const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`; const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`;
@@ -87378,6 +87402,12 @@ function getCacheEntry(keys, paths, options) {
return null; return null;
} }
if (!isSuccessStatusCode(response.statusCode)) { if (!isSuccessStatusCode(response.statusCode)) {
// Only surface the receiver's body for a `cache read denied:` policy denial
// so callers can dispatch on it; keep the generic message otherwise.
const errorMessage = (_a = response.error) === null || _a === void 0 ? void 0 : _a.message;
if (errorMessage === null || errorMessage === void 0 ? void 0 : errorMessage.includes(CacheReadDeniedMessagePrefix)) {
throw new Error(errorMessage);
}
throw new Error(`Cache service responded with ${response.statusCode}`); throw new Error(`Cache service responded with ${response.statusCode}`);
} }
const cacheResult = response.result; const cacheResult = response.result;
@@ -88638,6 +88668,7 @@ var cache_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
class ValidationError extends Error { class ValidationError extends Error {
constructor(message) { constructor(message) {
super(message); super(message);
@@ -88653,19 +88684,20 @@ class ReserveCacheError extends Error {
} }
} }
/** /**
* Stable prefix the receiver writes into the cache reservation response when * Stable prefix the cache service writes into the cache reservation response
* the issuer downgraded the cache token to read-only (for example, because * when the issuer downgraded the cache token to read-only (for example, because
* the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2 * the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2
* dispatch on this prefix to re-classify the failure as a * dispatch on this prefix to re-classify the failure as a CacheWriteDeniedError
* CacheWriteDeniedError so consumers (and the outer catch arm) can * so consumers and tests can distinguish a policy denial from other reservation
* distinguish a policy denial from other reservation failures. * failures. Internally it is logged as a non-fatal warning like other
* best-effort save failures.
*/ */
const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:'; const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:';
/** /**
* Raised when the cache backend refuses to reserve a writable cache entry * Raised when the cache backend refuses to reserve a writable cache entry
* because the JWT issued for this run was scoped read-only (for example, the * because the JWT issued for this run was scoped read-only (for example, the
* run was triggered by an event the repository administrator classified as * run was triggered by an event the repository administrator classified as
* untrusted). The receiver-supplied detail message always begins with * untrusted). The service-supplied detail message always begins with
* `cache write denied:` (the full error message includes additional context * `cache write denied:` (the full error message includes additional context
* like the cache key). * like the cache key).
* *
@@ -88681,6 +88713,19 @@ class CacheWriteDeniedError extends ReserveCacheError {
Object.setPrototypeOf(this, CacheWriteDeniedError.prototype); Object.setPrototypeOf(this, CacheWriteDeniedError.prototype);
} }
} }
// Re-exported from constants so consumers keep referencing it here; the shared
// value also drives detection in cacheHttpClient without duplicating the string.
const CACHE_READ_DENIED_PREFIX = (/* unused pure expression or super */ null && (CacheReadDeniedMessagePrefix));
// Raised when the cache backend denies a download URL because the run's token
// has no readable cache scopes. Caching is best-effort, so restoreCache logs a
// warning and reports a cache miss rather than rethrowing this.
class CacheReadDeniedError extends Error {
constructor(message) {
super(message);
this.name = 'CacheReadDeniedError';
Object.setPrototypeOf(this, CacheReadDeniedError.prototype);
}
}
class FinalizeCacheError extends Error { class FinalizeCacheError extends Error {
constructor(message) { constructor(message) {
super(message); super(message);
@@ -88735,6 +88780,12 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
const cacheServiceVersion = getCacheServiceVersion(); const cacheServiceVersion = getCacheServiceVersion();
core.debug(`Cache service version: ${cacheServiceVersion}`); core.debug(`Cache service version: ${cacheServiceVersion}`);
checkPaths(paths); checkPaths(paths);
const cacheMode = getCacheMode();
if (!isCacheReadable(cacheMode)) {
core.info(`Cache restore skipped: the effective cache-mode '${cacheMode}' does not permit reads.`);
core.debug(`Skipped restore for paths [${paths.join(', ')}] with primary key '${primaryKey}'.`);
return undefined;
}
switch (cacheServiceVersion) { switch (cacheServiceVersion) {
case 'v2': case 'v2':
return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive); return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive);
@@ -88756,6 +88807,7 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
*/ */
function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) { function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) { return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
var _a;
restoreKeys = restoreKeys || []; restoreKeys = restoreKeys || [];
const keys = [primaryKey, ...restoreKeys]; const keys = [primaryKey, ...restoreKeys];
core.debug('Resolved Keys:'); core.debug('Resolved Keys:');
@@ -88770,10 +88822,26 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
let archivePath = ''; let archivePath = '';
try { try {
// path are needed to compute version // path are needed to compute version
const cacheEntry = yield cacheHttpClient.getCacheEntry(keys, paths, { let cacheEntry;
compressionMethod, try {
enableCrossOsArchive cacheEntry = yield cacheHttpClient.getCacheEntry(keys, paths, {
}); compressionMethod,
enableCrossOsArchive
});
}
catch (error) {
// The v1 artifact cache service returns HTTP 403 with a
// `cache read denied:` body when the run's token has no readable cache
// scopes. getCacheEntry lives in a dependency-free internal module and
// cannot import CacheReadDeniedError without a circular dependency, so it
// only surfaces the raw denial message; we classify it into the typed
// error here so the outer catch and consumers can dispatch on it.
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
throw new CacheReadDeniedError(errorMessage);
}
throw error;
}
if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) { if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) {
// Cache not found // Cache not found
return undefined; return undefined;
@@ -88802,7 +88870,9 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
} }
else { else {
// warn on cache restore failure and continue build // warn on cache restore failure and continue build
// Log server errors (5xx) as errors, all other errors as warnings // Log server errors (5xx) as errors, all other errors as warnings.
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
// so it falls here and is warned, treated as a cache miss.
if (typedError instanceof HttpClientError && if (typedError instanceof HttpClientError &&
typeof typedError.statusCode === 'number' && typeof typedError.statusCode === 'number' &&
typedError.statusCode >= 500) { typedError.statusCode >= 500) {
@@ -88837,6 +88907,7 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
*/ */
function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) { function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) { return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
var _a;
// Override UploadOptions to force the use of Azure // Override UploadOptions to force the use of Azure
options = Object.assign(Object.assign({}, options), { useAzureSdk: true }); options = Object.assign(Object.assign({}, options), { useAzureSdk: true });
restoreKeys = restoreKeys || []; restoreKeys = restoreKeys || [];
@@ -88858,7 +88929,20 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
restoreKeys, restoreKeys,
version: utils.getCacheVersion(paths, compressionMethod, enableCrossOsArchive) version: utils.getCacheVersion(paths, compressionMethod, enableCrossOsArchive)
}; };
const response = yield twirpClient.GetCacheEntryDownloadURL(request); let response;
try {
response = yield twirpClient.GetCacheEntryDownloadURL(request);
}
catch (error) {
// The receiver returns twirp PermissionDenied (403) when the run's token
// has no readable cache scopes. The client wraps that 403, so the stable
// prefix is embedded in the message rather than leading it.
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
throw new CacheReadDeniedError(errorMessage);
}
throw error;
}
if (!response.ok) { if (!response.ok) {
core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`); core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
return undefined; return undefined;
@@ -88893,8 +88977,10 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
throw error; throw error;
} }
else { else {
// Supress all non-validation cache related errors because caching should be optional // Suppress all non-validation cache related errors because caching should be optional
// Log server errors (5xx) as errors, all other errors as warnings // Log server errors (5xx) as errors, all other errors as warnings.
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
// so it falls here and is warned, treated as a cache miss.
if (typedError instanceof HttpClientError && if (typedError instanceof HttpClientError &&
typeof typedError.statusCode === 'number' && typeof typedError.statusCode === 'number' &&
typedError.statusCode >= 500) { typedError.statusCode >= 500) {
@@ -88933,6 +89019,12 @@ function cache_saveCache(paths_1, key_1, options_1) {
core_debug(`Cache service version: ${cacheServiceVersion}`); core_debug(`Cache service version: ${cacheServiceVersion}`);
checkPaths(paths); checkPaths(paths);
checkKey(key); checkKey(key);
const cacheMode = config_getCacheMode();
if (!isCacheWritable(cacheMode)) {
info(`Cache save skipped: the effective cache-mode '${cacheMode}' does not permit writes.`);
core_debug(`Skipped save for paths [${paths.join(', ')}] with key '${key}'.`);
return -1;
}
switch (cacheServiceVersion) { switch (cacheServiceVersion) {
case 'v2': case 'v2':
return yield saveCacheV2(paths, key, options, enableCrossOsArchive); return yield saveCacheV2(paths, key, options, enableCrossOsArchive);
@@ -89010,17 +89102,14 @@ function saveCacheV1(paths_1, key_1, options_1) {
if (typedError.name === ValidationError.name) { if (typedError.name === ValidationError.name) {
throw error; throw error;
} }
else if (typedError.name === CacheWriteDeniedError.name) {
// Cache write was denied by policy (read-only token). Surface to the
// customer at warning level so it is visible in the workflow log
// without failing the run.
warning(`Failed to save: ${typedError.message}`);
}
else if (typedError.name === ReserveCacheError.name) { else if (typedError.name === ReserveCacheError.name) {
info(`Failed to save: ${typedError.message}`); info(`Failed to save: ${typedError.message}`);
} }
else { else {
// Log server errors (5xx) as errors, all other errors as warnings // Log server errors (5xx) as errors, all other errors as warnings.
// A write denied by policy (CacheWriteDeniedError) is not an
// HttpClientError and its name does not match the ReserveCacheError arm,
// so it falls here and is warned without failing the run.
if (typedError instanceof lib_HttpClientError && if (typedError instanceof lib_HttpClientError &&
typeof typedError.statusCode === 'number' && typeof typedError.statusCode === 'number' &&
typedError.statusCode >= 500) { typedError.statusCode >= 500) {
@@ -89131,12 +89220,6 @@ function saveCacheV2(paths_1, key_1, options_1) {
if (typedError.name === ValidationError.name) { if (typedError.name === ValidationError.name) {
throw error; throw error;
} }
else if (typedError.name === CacheWriteDeniedError.name) {
// Cache write was denied by policy (read-only token). Surface to the
// customer at warning level so it is visible in the workflow log
// without failing the run.
warning(`Failed to save: ${typedError.message}`);
}
else if (typedError.name === ReserveCacheError.name) { else if (typedError.name === ReserveCacheError.name) {
info(`Failed to save: ${typedError.message}`); info(`Failed to save: ${typedError.message}`);
} }
@@ -89144,7 +89227,10 @@ function saveCacheV2(paths_1, key_1, options_1) {
warning(typedError.message); warning(typedError.message);
} }
else { else {
// Log server errors (5xx) as errors, all other errors as warnings // Log server errors (5xx) as errors, all other errors as warnings.
// A write denied by policy (CacheWriteDeniedError) is not an
// HttpClientError and its name does not match the ReserveCacheError arm,
// so it falls here and is warned without failing the run.
if (typedError instanceof lib_HttpClientError && if (typedError instanceof lib_HttpClientError &&
typeof typedError.statusCode === 'number' && typeof typedError.statusCode === 'number' &&
typedError.statusCode >= 500) { typedError.statusCode >= 500) {
+162 -34
View File
@@ -40038,7 +40038,7 @@ module.exports = { version: packageJson.version }
/***/ 4012: /***/ 4012:
/***/ ((module) => { /***/ ((module) => {
module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.1.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}'); module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.2.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}');
/***/ }) /***/ })
@@ -48645,6 +48645,10 @@ const SystemTarPathOnWindows = `${process.env['SYSTEMDRIVE']}\\Windows\\System32
const TarFilename = 'cache.tar'; const TarFilename = 'cache.tar';
const constants_ManifestFilename = 'manifest.txt'; const constants_ManifestFilename = 'manifest.txt';
const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository
// Prefix the cache backend embeds in a read-denial message (v2 twirp
// GetCacheEntryDownloadURL error or the GHES v1 `_apis/artifactcache` 403 body).
// Shared so cache.ts and cacheHttpClient.ts match the same contract value.
const CacheReadDeniedMessagePrefix = 'cache read denied:';
//# sourceMappingURL=constants.js.map //# sourceMappingURL=constants.js.map
;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js ;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js
var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) { var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
@@ -92675,6 +92679,24 @@ function config_getCacheServiceVersion() {
return 'v1'; return 'v1';
return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1'; return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1';
} }
// The cache-mode lattice: readable = {read, write}, writable = {write,
// write-only}, none = neither.
const KNOWN_CACHE_MODES = ['none', 'read', 'write', 'write-only'];
// The effective cache-mode exported by the runner, or '' when not set.
function config_getCacheMode() {
return (process.env['ACTIONS_CACHE_MODE'] || '').trim().toLowerCase();
}
// Unset or unrecognized modes are permissive so behavior matches today.
function isCacheReadable(mode) {
if (!KNOWN_CACHE_MODES.includes(mode))
return true;
return mode === 'read' || mode === 'write';
}
function config_isCacheWritable(mode) {
if (!KNOWN_CACHE_MODES.includes(mode))
return true;
return mode === 'write' || mode === 'write-only';
}
function getCacheServiceURL() { function getCacheServiceURL() {
const version = config_getCacheServiceVersion(); const version = config_getCacheServiceVersion();
// Based on the version of the cache service, we will determine which // Based on the version of the cache service, we will determine which
@@ -92724,6 +92746,7 @@ var cacheHttpClient_awaiter = (undefined && undefined.__awaiter) || function (th
function getCacheApiUrl(resource) { function getCacheApiUrl(resource) {
const baseUrl = getCacheServiceURL(); const baseUrl = getCacheServiceURL();
if (!baseUrl) { if (!baseUrl) {
@@ -92751,6 +92774,7 @@ function createHttpClient() {
} }
function getCacheEntry(keys, paths, options) { function getCacheEntry(keys, paths, options) {
return cacheHttpClient_awaiter(this, void 0, void 0, function* () { return cacheHttpClient_awaiter(this, void 0, void 0, function* () {
var _a;
const httpClient = createHttpClient(); const httpClient = createHttpClient();
const version = getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive); const version = getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive);
const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`; const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`;
@@ -92764,6 +92788,12 @@ function getCacheEntry(keys, paths, options) {
return null; return null;
} }
if (!requestUtils_isSuccessStatusCode(response.statusCode)) { if (!requestUtils_isSuccessStatusCode(response.statusCode)) {
// Only surface the receiver's body for a `cache read denied:` policy denial
// so callers can dispatch on it; keep the generic message otherwise.
const errorMessage = (_a = response.error) === null || _a === void 0 ? void 0 : _a.message;
if (errorMessage === null || errorMessage === void 0 ? void 0 : errorMessage.includes(CacheReadDeniedMessagePrefix)) {
throw new Error(errorMessage);
}
throw new Error(`Cache service responded with ${response.statusCode}`); throw new Error(`Cache service responded with ${response.statusCode}`);
} }
const cacheResult = response.result; const cacheResult = response.result;
@@ -94025,6 +94055,7 @@ var cache_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
class ValidationError extends Error { class ValidationError extends Error {
constructor(message) { constructor(message) {
super(message); super(message);
@@ -94040,19 +94071,20 @@ class ReserveCacheError extends Error {
} }
} }
/** /**
* Stable prefix the receiver writes into the cache reservation response when * Stable prefix the cache service writes into the cache reservation response
* the issuer downgraded the cache token to read-only (for example, because * when the issuer downgraded the cache token to read-only (for example, because
* the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2 * the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2
* dispatch on this prefix to re-classify the failure as a * dispatch on this prefix to re-classify the failure as a CacheWriteDeniedError
* CacheWriteDeniedError so consumers (and the outer catch arm) can * so consumers and tests can distinguish a policy denial from other reservation
* distinguish a policy denial from other reservation failures. * failures. Internally it is logged as a non-fatal warning like other
* best-effort save failures.
*/ */
const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:'; const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:';
/** /**
* Raised when the cache backend refuses to reserve a writable cache entry * Raised when the cache backend refuses to reserve a writable cache entry
* because the JWT issued for this run was scoped read-only (for example, the * because the JWT issued for this run was scoped read-only (for example, the
* run was triggered by an event the repository administrator classified as * run was triggered by an event the repository administrator classified as
* untrusted). The receiver-supplied detail message always begins with * untrusted). The service-supplied detail message always begins with
* `cache write denied:` (the full error message includes additional context * `cache write denied:` (the full error message includes additional context
* like the cache key). * like the cache key).
* *
@@ -94068,6 +94100,19 @@ class CacheWriteDeniedError extends ReserveCacheError {
Object.setPrototypeOf(this, CacheWriteDeniedError.prototype); Object.setPrototypeOf(this, CacheWriteDeniedError.prototype);
} }
} }
// Re-exported from constants so consumers keep referencing it here; the shared
// value also drives detection in cacheHttpClient without duplicating the string.
const CACHE_READ_DENIED_PREFIX = CacheReadDeniedMessagePrefix;
// Raised when the cache backend denies a download URL because the run's token
// has no readable cache scopes. Caching is best-effort, so restoreCache logs a
// warning and reports a cache miss rather than rethrowing this.
class CacheReadDeniedError extends Error {
constructor(message) {
super(message);
this.name = 'CacheReadDeniedError';
Object.setPrototypeOf(this, CacheReadDeniedError.prototype);
}
}
class FinalizeCacheError extends Error { class FinalizeCacheError extends Error {
constructor(message) { constructor(message) {
super(message); super(message);
@@ -94122,6 +94167,12 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
const cacheServiceVersion = config_getCacheServiceVersion(); const cacheServiceVersion = config_getCacheServiceVersion();
core_debug(`Cache service version: ${cacheServiceVersion}`); core_debug(`Cache service version: ${cacheServiceVersion}`);
checkPaths(paths); checkPaths(paths);
const cacheMode = config_getCacheMode();
if (!isCacheReadable(cacheMode)) {
core_info(`Cache restore skipped: the effective cache-mode '${cacheMode}' does not permit reads.`);
core_debug(`Skipped restore for paths [${paths.join(', ')}] with primary key '${primaryKey}'.`);
return undefined;
}
switch (cacheServiceVersion) { switch (cacheServiceVersion) {
case 'v2': case 'v2':
return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive); return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive);
@@ -94143,6 +94194,7 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
*/ */
function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) { function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) { return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
var _a;
restoreKeys = restoreKeys || []; restoreKeys = restoreKeys || [];
const keys = [primaryKey, ...restoreKeys]; const keys = [primaryKey, ...restoreKeys];
core_debug('Resolved Keys:'); core_debug('Resolved Keys:');
@@ -94157,10 +94209,26 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
let archivePath = ''; let archivePath = '';
try { try {
// path are needed to compute version // path are needed to compute version
const cacheEntry = yield getCacheEntry(keys, paths, { let cacheEntry;
compressionMethod, try {
enableCrossOsArchive cacheEntry = yield getCacheEntry(keys, paths, {
}); compressionMethod,
enableCrossOsArchive
});
}
catch (error) {
// The v1 artifact cache service returns HTTP 403 with a
// `cache read denied:` body when the run's token has no readable cache
// scopes. getCacheEntry lives in a dependency-free internal module and
// cannot import CacheReadDeniedError without a circular dependency, so it
// only surfaces the raw denial message; we classify it into the typed
// error here so the outer catch and consumers can dispatch on it.
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
throw new CacheReadDeniedError(errorMessage);
}
throw error;
}
if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) { if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) {
// Cache not found // Cache not found
return undefined; return undefined;
@@ -94189,7 +94257,9 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
} }
else { else {
// warn on cache restore failure and continue build // warn on cache restore failure and continue build
// Log server errors (5xx) as errors, all other errors as warnings // Log server errors (5xx) as errors, all other errors as warnings.
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
// so it falls here and is warned, treated as a cache miss.
if (typedError instanceof lib_HttpClientError && if (typedError instanceof lib_HttpClientError &&
typeof typedError.statusCode === 'number' && typeof typedError.statusCode === 'number' &&
typedError.statusCode >= 500) { typedError.statusCode >= 500) {
@@ -94224,6 +94294,7 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
*/ */
function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) { function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) { return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
var _a;
// Override UploadOptions to force the use of Azure // Override UploadOptions to force the use of Azure
options = Object.assign(Object.assign({}, options), { useAzureSdk: true }); options = Object.assign(Object.assign({}, options), { useAzureSdk: true });
restoreKeys = restoreKeys || []; restoreKeys = restoreKeys || [];
@@ -94245,7 +94316,20 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
restoreKeys, restoreKeys,
version: getCacheVersion(paths, compressionMethod, enableCrossOsArchive) version: getCacheVersion(paths, compressionMethod, enableCrossOsArchive)
}; };
const response = yield twirpClient.GetCacheEntryDownloadURL(request); let response;
try {
response = yield twirpClient.GetCacheEntryDownloadURL(request);
}
catch (error) {
// The receiver returns twirp PermissionDenied (403) when the run's token
// has no readable cache scopes. The client wraps that 403, so the stable
// prefix is embedded in the message rather than leading it.
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
throw new CacheReadDeniedError(errorMessage);
}
throw error;
}
if (!response.ok) { if (!response.ok) {
core_debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`); core_debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
return undefined; return undefined;
@@ -94280,8 +94364,10 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
throw error; throw error;
} }
else { else {
// Supress all non-validation cache related errors because caching should be optional // Suppress all non-validation cache related errors because caching should be optional
// Log server errors (5xx) as errors, all other errors as warnings // Log server errors (5xx) as errors, all other errors as warnings.
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
// so it falls here and is warned, treated as a cache miss.
if (typedError instanceof lib_HttpClientError && if (typedError instanceof lib_HttpClientError &&
typeof typedError.statusCode === 'number' && typeof typedError.statusCode === 'number' &&
typedError.statusCode >= 500) { typedError.statusCode >= 500) {
@@ -94320,6 +94406,12 @@ function cache_saveCache(paths_1, key_1, options_1) {
core.debug(`Cache service version: ${cacheServiceVersion}`); core.debug(`Cache service version: ${cacheServiceVersion}`);
checkPaths(paths); checkPaths(paths);
checkKey(key); checkKey(key);
const cacheMode = getCacheMode();
if (!isCacheWritable(cacheMode)) {
core.info(`Cache save skipped: the effective cache-mode '${cacheMode}' does not permit writes.`);
core.debug(`Skipped save for paths [${paths.join(', ')}] with key '${key}'.`);
return -1;
}
switch (cacheServiceVersion) { switch (cacheServiceVersion) {
case 'v2': case 'v2':
return yield saveCacheV2(paths, key, options, enableCrossOsArchive); return yield saveCacheV2(paths, key, options, enableCrossOsArchive);
@@ -94397,17 +94489,14 @@ function saveCacheV1(paths_1, key_1, options_1) {
if (typedError.name === ValidationError.name) { if (typedError.name === ValidationError.name) {
throw error; throw error;
} }
else if (typedError.name === CacheWriteDeniedError.name) {
// Cache write was denied by policy (read-only token). Surface to the
// customer at warning level so it is visible in the workflow log
// without failing the run.
core.warning(`Failed to save: ${typedError.message}`);
}
else if (typedError.name === ReserveCacheError.name) { else if (typedError.name === ReserveCacheError.name) {
core.info(`Failed to save: ${typedError.message}`); core.info(`Failed to save: ${typedError.message}`);
} }
else { else {
// Log server errors (5xx) as errors, all other errors as warnings // Log server errors (5xx) as errors, all other errors as warnings.
// A write denied by policy (CacheWriteDeniedError) is not an
// HttpClientError and its name does not match the ReserveCacheError arm,
// so it falls here and is warned without failing the run.
if (typedError instanceof HttpClientError && if (typedError instanceof HttpClientError &&
typeof typedError.statusCode === 'number' && typeof typedError.statusCode === 'number' &&
typedError.statusCode >= 500) { typedError.statusCode >= 500) {
@@ -94518,12 +94607,6 @@ function saveCacheV2(paths_1, key_1, options_1) {
if (typedError.name === ValidationError.name) { if (typedError.name === ValidationError.name) {
throw error; throw error;
} }
else if (typedError.name === CacheWriteDeniedError.name) {
// Cache write was denied by policy (read-only token). Surface to the
// customer at warning level so it is visible in the workflow log
// without failing the run.
core.warning(`Failed to save: ${typedError.message}`);
}
else if (typedError.name === ReserveCacheError.name) { else if (typedError.name === ReserveCacheError.name) {
core.info(`Failed to save: ${typedError.message}`); core.info(`Failed to save: ${typedError.message}`);
} }
@@ -94531,7 +94614,10 @@ function saveCacheV2(paths_1, key_1, options_1) {
core.warning(typedError.message); core.warning(typedError.message);
} }
else { else {
// Log server errors (5xx) as errors, all other errors as warnings // Log server errors (5xx) as errors, all other errors as warnings.
// A write denied by policy (CacheWriteDeniedError) is not an
// HttpClientError and its name does not match the ReserveCacheError arm,
// so it falls here and is warned without failing the run.
if (typedError instanceof HttpClientError && if (typedError instanceof HttpClientError &&
typeof typedError.statusCode === 'number' && typeof typedError.statusCode === 'number' &&
typedError.statusCode >= 500) { typedError.statusCode >= 500) {
@@ -99439,6 +99525,7 @@ class NightlyNodejs extends BasePrereleaseNodejs {
class OfficialBuilds extends BaseDistribution { class OfficialBuilds extends BaseDistribution {
constructor(nodeInfo) { constructor(nodeInfo) {
super(nodeInfo); super(nodeInfo);
@@ -99473,7 +99560,9 @@ class OfficialBuilds extends BaseDistribution {
let toolPath = this.findVersionInHostedToolCacheDirectory(); let toolPath = this.findVersionInHostedToolCacheDirectory();
if (toolPath) { if (toolPath) {
core_info(`Found in cache @ ${toolPath}`); core_info(`Found in cache @ ${toolPath}`);
const installedDir = toolPath;
this.addToolPath(toolPath); this.addToolPath(toolPath);
await this.verifyNodeVersion(installedDir);
return; return;
} }
let downloadPath = ''; let downloadPath = '';
@@ -99508,10 +99597,12 @@ class OfficialBuilds extends BaseDistribution {
if (!toolPath) { if (!toolPath) {
toolPath = await this.downloadDirectlyFromNode(); toolPath = await this.downloadDirectlyFromNode();
} }
const installedDir = toolPath;
if (this.osPlat != 'win32') { if (this.osPlat != 'win32') {
toolPath = external_path_default().join(toolPath, 'bin'); toolPath = external_path_default().join(toolPath, 'bin');
} }
addPath(toolPath); addPath(toolPath);
await this.verifyNodeVersion(installedDir);
} }
addToolPath(toolPath) { addToolPath(toolPath) {
if (this.osPlat != 'win32') { if (this.osPlat != 'win32') {
@@ -99553,11 +99644,30 @@ class OfficialBuilds extends BaseDistribution {
const url = mirror || 'https://nodejs.org'; const url = mirror || 'https://nodejs.org';
return `${url}/dist`; return `${url}/dist`;
} }
getManifest() { async getManifest() {
core_debug('Getting manifest from actions/node-versions@main'); let lastError;
return getManifestFromRepo('actions', 'node-versions', this.nodeInfo.mirror && this.nodeInfo.mirrorToken const maxAttempts = 3;
? this.nodeInfo.mirrorToken core_debug(`Getting manifest from actions/node-versions@main`);
: this.nodeInfo.auth, 'main'); for (let attempt = 1; attempt <= maxAttempts; attempt++) {
try {
const manifest = await getManifestFromRepo('actions', 'node-versions', this.nodeInfo.mirror && this.nodeInfo.mirrorToken
? this.nodeInfo.mirrorToken
: this.nodeInfo.auth, 'main');
if (Array.isArray(manifest) && manifest.length > 0) {
return manifest;
}
lastError = new Error(`The manifest fetched is empty, truncated, or does not contain any valid tool release entries.`);
}
catch (err) {
lastError = err instanceof Error ? err : new Error(String(err));
}
core_debug(`Attempt ${attempt}/${maxAttempts} to fetch the manifest failed: ${lastError.message}`);
if (attempt < maxAttempts) {
core_info(`Retrying to fetch the manifest...`);
await new Promise(resolve => setTimeout(resolve, 1000 * 2 ** (attempt - 1))); // Retry after a delay
}
}
throw new Error(`Failed to fetch a valid manifest after ${maxAttempts} attempts. Last error: ${lastError?.message}`);
} }
resolveLtsAliasFromManifest(versionSpec, stable, manifest) { resolveLtsAliasFromManifest(versionSpec, stable, manifest) {
const alias = versionSpec.split('lts/')[1]?.toLowerCase(); const alias = versionSpec.split('lts/')[1]?.toLowerCase();
@@ -99615,6 +99725,24 @@ class OfficialBuilds extends BaseDistribution {
isLatestSyntax(versionSpec) { isLatestSyntax(versionSpec) {
return ['current', 'latest', 'node'].includes(versionSpec); return ['current', 'latest', 'node'].includes(versionSpec);
} }
async verifyNodeVersion(installedDir) {
// tool-cache layout: <root>/node/<version>/<arch>
const expectedVersion = 'v' + external_path_default().basename(external_path_default().dirname(installedDir));
let actualVersion = '';
try {
const { stdout } = await getExecOutput('node', ['--version'], {
silent: true
});
actualVersion = stdout.trim();
}
catch (err) {
throw new Error(`Node installation failed. Node may not be installed or not on PATH: ${err.message}`, { cause: err });
}
if (actualVersion !== expectedVersion) {
core_debug(`Node installation failed: expected ${expectedVersion} but "node --version" reported ${actualVersion || '(empty)'} (installedDir: ${installedDir}).`);
throw new Error(`Node ${expectedVersion} installation failed, likely due to an incomplete or corrupted download.`);
}
}
} }
;// CONCATENATED MODULE: ./src/distributions/rc/rc_builds.ts ;// CONCATENATED MODULE: ./src/distributions/rc/rc_builds.ts
+4 -4
View File
@@ -9,7 +9,7 @@
"version": "7.0.0", "version": "7.0.0",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@actions/cache": "^6.1.0", "@actions/cache": "^6.2.0",
"@actions/core": "^3.0.1", "@actions/core": "^3.0.1",
"@actions/exec": "^3.0.0", "@actions/exec": "^3.0.0",
"@actions/github": "^9.1.1", "@actions/github": "^9.1.1",
@@ -43,9 +43,9 @@
} }
}, },
"node_modules/@actions/cache": { "node_modules/@actions/cache": {
"version": "6.1.0", "version": "6.2.0",
"resolved": "https://registry.npmjs.org/@actions/cache/-/cache-6.1.0.tgz", "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-6.2.0.tgz",
"integrity": "sha512-LVqybSbzhBp2uAETOQ3HnVjXA4AcjavgMH+LCr+cjgO+PZfciv/1QAgoW+esXBaAhvDid+vXeV70GGJpAh4V5Q==", "integrity": "sha512-Nv0xWRmbxfDbAn/70flO/F6tj2Nv4XTYMAsQHiDFSojCDfso/Zni+fRKa14ToI9hnmOW/rQcY1WYb6wsM7Pgwg==",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@actions/core": "^3.0.1", "@actions/core": "^3.0.1",
+1 -1
View File
@@ -29,7 +29,7 @@
"author": "GitHub", "author": "GitHub",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@actions/cache": "^6.1.0", "@actions/cache": "^6.2.0",
"@actions/core": "^3.0.1", "@actions/core": "^3.0.1",
"@actions/exec": "^3.0.0", "@actions/exec": "^3.0.0",
"@actions/github": "^9.1.1", "@actions/github": "^9.1.1",
@@ -1,6 +1,7 @@
import * as core from '@actions/core'; import * as core from '@actions/core';
import * as tc from '@actions/tool-cache'; import * as tc from '@actions/tool-cache';
import path from 'path'; import path from 'path';
import * as exec from '@actions/exec';
import BaseDistribution from '../base-distribution.js'; import BaseDistribution from '../base-distribution.js';
import {NodeInputs, INodeVersion, INodeVersionInfo} from '../base-models.js'; import {NodeInputs, INodeVersion, INodeVersionInfo} from '../base-models.js';
@@ -62,7 +63,9 @@ export default class OfficialBuilds extends BaseDistribution {
if (toolPath) { if (toolPath) {
core.info(`Found in cache @ ${toolPath}`); core.info(`Found in cache @ ${toolPath}`);
const installedDir = toolPath;
this.addToolPath(toolPath); this.addToolPath(toolPath);
await this.verifyNodeVersion(installedDir);
return; return;
} }
@@ -123,11 +126,13 @@ export default class OfficialBuilds extends BaseDistribution {
toolPath = await this.downloadDirectlyFromNode(); toolPath = await this.downloadDirectlyFromNode();
} }
const installedDir = toolPath;
if (this.osPlat != 'win32') { if (this.osPlat != 'win32') {
toolPath = path.join(toolPath, 'bin'); toolPath = path.join(toolPath, 'bin');
} }
core.addPath(toolPath); core.addPath(toolPath);
await this.verifyNodeVersion(installedDir);
} }
protected addToolPath(toolPath: string) { protected addToolPath(toolPath: string) {
@@ -185,15 +190,41 @@ export default class OfficialBuilds extends BaseDistribution {
return `${url}/dist`; return `${url}/dist`;
} }
private getManifest(): Promise<tc.IToolRelease[]> { private async getManifest(): Promise<tc.IToolRelease[]> {
core.debug('Getting manifest from actions/node-versions@main'); let lastError: Error | undefined;
return tc.getManifestFromRepo( const maxAttempts = 3;
'actions', core.debug(`Getting manifest from actions/node-versions@main`);
'node-versions', for (let attempt = 1; attempt <= maxAttempts; attempt++) {
this.nodeInfo.mirror && this.nodeInfo.mirrorToken try {
? this.nodeInfo.mirrorToken const manifest = await tc.getManifestFromRepo(
: this.nodeInfo.auth, 'actions',
'main' 'node-versions',
this.nodeInfo.mirror && this.nodeInfo.mirrorToken
? this.nodeInfo.mirrorToken
: this.nodeInfo.auth,
'main'
);
if (Array.isArray(manifest) && manifest.length > 0) {
return manifest;
}
lastError = new Error(
`The manifest fetched is empty, truncated, or does not contain any valid tool release entries.`
);
} catch (err) {
lastError = err instanceof Error ? err : new Error(String(err));
}
core.debug(
`Attempt ${attempt}/${maxAttempts} to fetch the manifest failed: ${lastError.message}`
);
if (attempt < maxAttempts) {
core.info(`Retrying to fetch the manifest...`);
await new Promise(resolve =>
setTimeout(resolve, 1000 * 2 ** (attempt - 1))
); // Retry after a delay
}
}
throw new Error(
`Failed to fetch a valid manifest after ${maxAttempts} attempts. Last error: ${lastError?.message}`
); );
} }
@@ -298,4 +329,30 @@ export default class OfficialBuilds extends BaseDistribution {
private isLatestSyntax(versionSpec): boolean { private isLatestSyntax(versionSpec): boolean {
return ['current', 'latest', 'node'].includes(versionSpec); return ['current', 'latest', 'node'].includes(versionSpec);
} }
private async verifyNodeVersion(installedDir: string) {
// tool-cache layout: <root>/node/<version>/<arch>
const expectedVersion = 'v' + path.basename(path.dirname(installedDir));
let actualVersion = '';
try {
const {stdout} = await exec.getExecOutput('node', ['--version'], {
silent: true
});
actualVersion = stdout.trim();
} catch (err) {
throw new Error(
`Node installation failed. Node may not be installed or not on PATH: ${(err as Error).message}`,
{cause: err}
);
}
if (actualVersion !== expectedVersion) {
core.debug(
`Node installation failed: expected ${expectedVersion} but "node --version" reported ${actualVersion || '(empty)'} (installedDir: ${installedDir}).`
);
throw new Error(
`Node ${expectedVersion} installation failed, likely due to an incomplete or corrupted download.`
);
}
}
} }