@dk/hipp 0.1.20 → 0.1.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -5
- package/hipp.js +31 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -220,16 +220,16 @@ PERFORMANCE OF THIS SOFTWARE.
|
|
|
220
220
|
Verify this package with [@dk/hipp](https://www.npmjs.com/package/@dk/hipp):
|
|
221
221
|
|
|
222
222
|
```bash
|
|
223
|
-
npx @dk/hipp verify @dk/hipp@0.1.
|
|
223
|
+
npx @dk/hipp verify @dk/hipp@0.1.22
|
|
224
224
|
```
|
|
225
225
|
|
|
226
226
|
```json
|
|
227
227
|
{
|
|
228
228
|
"origin": "git@github.com:dmytri/hipp.git",
|
|
229
|
-
"tag": "v0.1.
|
|
230
|
-
"revision": "
|
|
231
|
-
"hash": "
|
|
232
|
-
"signature": "
|
|
229
|
+
"tag": "v0.1.22",
|
|
230
|
+
"revision": "384db1fb92cd1d5f0c72a32f12748c6b683996e0",
|
|
231
|
+
"hash": "afad3a4ee75bb430c416067e841dd127de3577c27cd89bbf4064e1da568e1aa1",
|
|
232
|
+
"signature": "2XhbwQWY5tp/7frdyRjh2ynyigjdu5fumebrfN1/eMvSSuSawNwekZctBs+CfsfBI61V1tu4plzOhRvgsw8AAw==",
|
|
233
233
|
"name": "Dmytri Kleiner",
|
|
234
234
|
"email": "dev@dmytri.to",
|
|
235
235
|
"npm": "11.12.1",
|
package/hipp.js
CHANGED
|
@@ -33,6 +33,22 @@ function getGitUserInfo() {
|
|
|
33
33
|
return { name, email };
|
|
34
34
|
}
|
|
35
35
|
|
|
36
|
+
function sshToHttpsUrl(sshUrl) {
|
|
37
|
+
const match = sshUrl.match(/^git@([^:]+):(.+\.git)$/);
|
|
38
|
+
if (match) {
|
|
39
|
+
return `https://${match[1]}/${match[2]}`;
|
|
40
|
+
}
|
|
41
|
+
return sshUrl;
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
function httpsToSshUrl(httpsUrl) {
|
|
45
|
+
const match = httpsUrl.match(/^https:\/\/([^/]+)\/(.+)$/);
|
|
46
|
+
if (match) {
|
|
47
|
+
return `git@${match[1]}:${match[2]}`;
|
|
48
|
+
}
|
|
49
|
+
return httpsUrl;
|
|
50
|
+
}
|
|
51
|
+
|
|
36
52
|
function runCmd(cmd, args, options = {}) {
|
|
37
53
|
const result = spawnSync(cmd, args, {
|
|
38
54
|
encoding: 'utf8',
|
|
@@ -474,7 +490,18 @@ async function runVerify(packageSpec) {
|
|
|
474
490
|
const stageDir = fs.mkdtempSync(path.join(os.tmpdir(), `hipp-verify-stage-`));
|
|
475
491
|
|
|
476
492
|
try {
|
|
477
|
-
|
|
493
|
+
let cloneResult;
|
|
494
|
+
try {
|
|
495
|
+
cloneResult = git(['clone', '--branch', tag, '--depth', '1', originUrl, tmpDir], { stdio: 'pipe' });
|
|
496
|
+
} catch (cloneErr) {
|
|
497
|
+
if (originUrl.startsWith('git@')) {
|
|
498
|
+
const httpsUrl = sshToHttpsUrl(originUrl);
|
|
499
|
+
log.info(`🌿 SSH clone failed, trying HTTPS: ${httpsUrl}...`);
|
|
500
|
+
cloneResult = git(['clone', '--branch', tag, '--depth', '1', httpsUrl, tmpDir], { stdio: 'pipe' });
|
|
501
|
+
} else {
|
|
502
|
+
throw cloneErr;
|
|
503
|
+
}
|
|
504
|
+
}
|
|
478
505
|
|
|
479
506
|
const clonedRevision = git(['rev-parse', 'HEAD'], { cwd: tmpDir });
|
|
480
507
|
if (clonedRevision !== revision) {
|
|
@@ -650,11 +677,12 @@ async function run() {
|
|
|
650
677
|
const revision = refInfo.head;
|
|
651
678
|
const npmVersion = runCmd('npm', ['--version']).stdout.trim();
|
|
652
679
|
const nodeVersion = process.version;
|
|
653
|
-
const
|
|
680
|
+
const originUrl = provenance.remoteUrl;
|
|
681
|
+
const dataToSign = buildSignData(tarballHash, originUrl, rawTag, revision, name, email);
|
|
654
682
|
const signature = signContent(dataToSign, privateKey);
|
|
655
683
|
|
|
656
684
|
const manifestJson = {
|
|
657
|
-
origin:
|
|
685
|
+
origin: originUrl,
|
|
658
686
|
tag: rawTag,
|
|
659
687
|
revision: revision,
|
|
660
688
|
hash: tarballHash,
|