@netlify/build 32.0.0 → 32.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/plugins_core/secrets_scanning/index.js +9 -1
- package/lib/plugins_core/secrets_scanning/utils.d.ts +4 -0
- package/lib/plugins_core/types.d.ts +3 -1
- package/lib/status/validations.d.ts +9 -0
- package/lib/status/validations.js +10 -0
- package/lib/steps/core_step.d.ts +2 -1
- package/lib/steps/core_step.js +2 -1
- package/lib/steps/run_step.js +3 -1
- package/package.json +6 -6
|
@@ -2,9 +2,10 @@ import { trace } from '@opentelemetry/api';
|
|
|
2
2
|
import { addErrorInfo } from '../../error/info.js';
|
|
3
3
|
import { log } from '../../log/logger.js';
|
|
4
4
|
import { logSecretsScanFailBuildMessage, logSecretsScanSkipMessage, logSecretsScanSuccessMessage, } from '../../log/messages/core_steps.js';
|
|
5
|
+
import { reportValidations } from '../../status/validations.js';
|
|
5
6
|
import { getFilePathsToScan, getSecretKeysToScanFor, groupScanResultsByKey, isSecretsScanningEnabled, scanFilesForKeyValues, } from './utils.js';
|
|
6
7
|
const tracer = trace.getTracer('secrets-scanning');
|
|
7
|
-
const coreStep = async function ({ buildDir, logs, netlifyConfig, explicitSecretKeys, systemLog }) {
|
|
8
|
+
const coreStep = async function ({ buildDir, logs, netlifyConfig, explicitSecretKeys, systemLog, deployId, api, }) {
|
|
8
9
|
const stepResults = {};
|
|
9
10
|
const passedSecretKeys = (explicitSecretKeys || '').split(',');
|
|
10
11
|
const envVars = netlifyConfig.build.environment;
|
|
@@ -51,6 +52,13 @@ const coreStep = async function ({ buildDir, logs, netlifyConfig, explicitSecret
|
|
|
51
52
|
span.setAttributes(attributesForLogsAndSpan);
|
|
52
53
|
span.end();
|
|
53
54
|
});
|
|
55
|
+
if (deployId !== '0') {
|
|
56
|
+
const secretScanResult = {
|
|
57
|
+
scannedFilesCount: scanResults?.scannedFilesCount ?? 0,
|
|
58
|
+
secretsScanMatches: scanResults?.matches ?? [],
|
|
59
|
+
};
|
|
60
|
+
reportValidations({ api, secretScanResult, deployId, systemLog });
|
|
61
|
+
}
|
|
54
62
|
if (!scanResults || scanResults.matches.length === 0) {
|
|
55
63
|
logSecretsScanSuccessMessage(logs, `Secrets scanning complete. ${scanResults?.scannedFilesCount} file(s) scanned. No secrets detected in build output or repo code!`);
|
|
56
64
|
return stepResults;
|
|
@@ -13,6 +13,10 @@ interface MatchResult {
|
|
|
13
13
|
key: string;
|
|
14
14
|
file: string;
|
|
15
15
|
}
|
|
16
|
+
export type SecretScanResult = {
|
|
17
|
+
scannedFilesCount: number;
|
|
18
|
+
secretsScanMatches: MatchResult[];
|
|
19
|
+
};
|
|
16
20
|
/**
|
|
17
21
|
* Determine if the user disabled scanning via env var
|
|
18
22
|
* @param env current envars
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { type DynamicMethods } from 'packages/js-client/lib/types.js';
|
|
1
2
|
import { NetlifyPluginConstants } from '../core/constants.js';
|
|
2
3
|
import { BufferedLogs } from '../log/logger.js';
|
|
3
4
|
import { NetlifyConfig } from '../types/config/netlify_config.js';
|
|
@@ -13,7 +14,7 @@ export type CoreStepFunctionArgs = {
|
|
|
13
14
|
* `undefined` if none is set.
|
|
14
15
|
*/
|
|
15
16
|
packagePath?: string;
|
|
16
|
-
deployId
|
|
17
|
+
deployId: string;
|
|
17
18
|
saveConfig: boolean;
|
|
18
19
|
constants: NetlifyPluginConstants;
|
|
19
20
|
quiet?: boolean;
|
|
@@ -25,6 +26,7 @@ export type CoreStepFunctionArgs = {
|
|
|
25
26
|
netlifyConfig: NetlifyConfig;
|
|
26
27
|
explicitSecretKeys: $TSFixme;
|
|
27
28
|
buildbotServerSocket: $TSFixme;
|
|
29
|
+
api: DynamicMethods;
|
|
28
30
|
};
|
|
29
31
|
export type CoreStepFunction = (args: CoreStepFunctionArgs) => Promise<object>;
|
|
30
32
|
export type CoreStepCondition = (args: CoreStepFunctionArgs) => Promise<boolean> | boolean;
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { DynamicMethods } from 'packages/js-client/lib/types.js';
|
|
2
|
+
import { SecretScanResult } from '../plugins_core/secrets_scanning/utils.js';
|
|
3
|
+
import { SystemLogger } from '../plugins_core/types.js';
|
|
4
|
+
export declare const reportValidations: ({ api, secretScanResult, deployId, systemLog, }: {
|
|
5
|
+
api: DynamicMethods;
|
|
6
|
+
secretScanResult: SecretScanResult;
|
|
7
|
+
deployId: string;
|
|
8
|
+
systemLog: SystemLogger;
|
|
9
|
+
}) => Promise<void>;
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
// Reports any validations completed on the deploy to the API
|
|
2
|
+
export const reportValidations = async function ({ api, secretScanResult, deployId, systemLog, }) {
|
|
3
|
+
try {
|
|
4
|
+
// @ts-expect-error Property 'updateDeployValidations' does not exist on type 'DynamicMethods'. This is a private/internal-only method and isn't generated in the type definitions.
|
|
5
|
+
await api.updateDeployValidations({ deploy_id: deployId, body: { secrets_scan: secretScanResult } });
|
|
6
|
+
}
|
|
7
|
+
catch (e) {
|
|
8
|
+
systemLog(`Unable to report secrets scanning results to API. Deploy id: ${deployId}`, e);
|
|
9
|
+
}
|
|
10
|
+
};
|
package/lib/steps/core_step.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export declare const fireCoreStep: ({ coreStep, coreStepId, coreStepName, configPath, outputConfigPath, buildDir, repositoryRoot, packagePath, constants, buildbotServerSocket, events, logs, quiet, nodePath, childEnv, context, branch, envChanges, errorParams, configOpts, netlifyConfig, defaultConfig, configMutations, headersPath, redirectsPath, featureFlags, debug, systemLog, saveConfig, userNodeVersion, explicitSecretKeys, edgeFunctionsBootstrapURL, deployId, outputFlusher, }: {
|
|
1
|
+
export declare const fireCoreStep: ({ coreStep, coreStepId, coreStepName, configPath, outputConfigPath, buildDir, repositoryRoot, packagePath, constants, buildbotServerSocket, events, logs, quiet, nodePath, childEnv, context, branch, envChanges, errorParams, configOpts, netlifyConfig, defaultConfig, configMutations, headersPath, redirectsPath, featureFlags, debug, systemLog, saveConfig, userNodeVersion, explicitSecretKeys, edgeFunctionsBootstrapURL, deployId, outputFlusher, api, }: {
|
|
2
2
|
coreStep: any;
|
|
3
3
|
coreStepId: any;
|
|
4
4
|
coreStepName: any;
|
|
@@ -33,6 +33,7 @@ export declare const fireCoreStep: ({ coreStep, coreStepId, coreStepName, config
|
|
|
33
33
|
edgeFunctionsBootstrapURL: any;
|
|
34
34
|
deployId: any;
|
|
35
35
|
outputFlusher: any;
|
|
36
|
+
api: any;
|
|
36
37
|
}) => Promise<{
|
|
37
38
|
newEnvChanges: any;
|
|
38
39
|
netlifyConfig: any;
|
package/lib/steps/core_step.js
CHANGED
|
@@ -3,12 +3,13 @@ import { addErrorInfo, isBuildError } from '../error/info.js';
|
|
|
3
3
|
import { addOutputFlusher } from '../log/logger.js';
|
|
4
4
|
import { updateNetlifyConfig, listConfigSideFiles } from './update_config.js';
|
|
5
5
|
// Fire a core step
|
|
6
|
-
export const fireCoreStep = async function ({ coreStep, coreStepId, coreStepName, configPath, outputConfigPath, buildDir, repositoryRoot, packagePath, constants, buildbotServerSocket, events, logs, quiet, nodePath, childEnv, context, branch, envChanges, errorParams, configOpts, netlifyConfig, defaultConfig, configMutations, headersPath, redirectsPath, featureFlags, debug, systemLog, saveConfig, userNodeVersion, explicitSecretKeys, edgeFunctionsBootstrapURL, deployId, outputFlusher, }) {
|
|
6
|
+
export const fireCoreStep = async function ({ coreStep, coreStepId, coreStepName, configPath, outputConfigPath, buildDir, repositoryRoot, packagePath, constants, buildbotServerSocket, events, logs, quiet, nodePath, childEnv, context, branch, envChanges, errorParams, configOpts, netlifyConfig, defaultConfig, configMutations, headersPath, redirectsPath, featureFlags, debug, systemLog, saveConfig, userNodeVersion, explicitSecretKeys, edgeFunctionsBootstrapURL, deployId, outputFlusher, api, }) {
|
|
7
7
|
const logsA = outputFlusher ? addOutputFlusher(logs, outputFlusher) : logs;
|
|
8
8
|
try {
|
|
9
9
|
const configSideFiles = await listConfigSideFiles([headersPath, redirectsPath]);
|
|
10
10
|
const childEnvA = setEnvChanges(envChanges, { ...childEnv });
|
|
11
11
|
const { newEnvChanges = {}, configMutations: newConfigMutations = [], tags, metrics, } = await coreStep({
|
|
12
|
+
api,
|
|
12
13
|
configPath,
|
|
13
14
|
outputConfigPath,
|
|
14
15
|
buildDir,
|
package/lib/steps/run_step.js
CHANGED
|
@@ -106,6 +106,7 @@ export const runStep = async function ({ event, childProcess, packageName, coreS
|
|
|
106
106
|
explicitSecretKeys,
|
|
107
107
|
edgeFunctionsBootstrapURL,
|
|
108
108
|
deployId,
|
|
109
|
+
api,
|
|
109
110
|
});
|
|
110
111
|
const newValues = await getStepReturn({
|
|
111
112
|
event,
|
|
@@ -198,7 +199,7 @@ const getFireStep = function (packageName, coreStepId, event) {
|
|
|
198
199
|
const parentTag = normalizeTagName(packageName);
|
|
199
200
|
return measureDuration(tFireStep, event, { parentTag, category: 'pluginEvent' });
|
|
200
201
|
};
|
|
201
|
-
const tFireStep = function ({ defaultConfig, event, childProcess, packageName, pluginPackageJson, loadedFrom, outputFlusher, origin, coreStep, coreStepId, coreStepName, configPath, outputConfigPath, buildDir, repositoryRoot, packagePath, nodePath, childEnv, context, branch, envChanges, constants, steps, buildbotServerSocket, events, error, logs, debug, quiet, systemLog, verbose, saveConfig, errorParams, configOpts, netlifyConfig, configMutations, headersPath, redirectsPath, featureFlags, userNodeVersion, explicitSecretKeys, edgeFunctionsBootstrapURL, deployId, extensionMetadata, }) {
|
|
202
|
+
const tFireStep = function ({ defaultConfig, event, childProcess, packageName, pluginPackageJson, loadedFrom, outputFlusher, origin, coreStep, coreStepId, coreStepName, configPath, outputConfigPath, buildDir, repositoryRoot, packagePath, nodePath, childEnv, context, branch, envChanges, constants, steps, buildbotServerSocket, events, error, logs, debug, quiet, systemLog, verbose, saveConfig, errorParams, configOpts, netlifyConfig, configMutations, headersPath, redirectsPath, featureFlags, userNodeVersion, explicitSecretKeys, edgeFunctionsBootstrapURL, deployId, extensionMetadata, api, }) {
|
|
202
203
|
if (coreStep !== undefined) {
|
|
203
204
|
return fireCoreStep({
|
|
204
205
|
coreStep,
|
|
@@ -235,6 +236,7 @@ const tFireStep = function ({ defaultConfig, event, childProcess, packageName, p
|
|
|
235
236
|
explicitSecretKeys,
|
|
236
237
|
edgeFunctionsBootstrapURL,
|
|
237
238
|
deployId,
|
|
239
|
+
api,
|
|
238
240
|
});
|
|
239
241
|
}
|
|
240
242
|
return firePluginStep({
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@netlify/build",
|
|
3
|
-
"version": "32.
|
|
3
|
+
"version": "32.1.0",
|
|
4
4
|
"description": "Netlify build module",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": "./lib/index.js",
|
|
@@ -67,17 +67,17 @@
|
|
|
67
67
|
"license": "MIT",
|
|
68
68
|
"dependencies": {
|
|
69
69
|
"@bugsnag/js": "^7.0.0",
|
|
70
|
-
"@netlify/blobs": "^8.
|
|
70
|
+
"@netlify/blobs": "^8.2.0",
|
|
71
71
|
"@netlify/cache-utils": "^5.2.0",
|
|
72
|
-
"@netlify/config": "^22.0.
|
|
72
|
+
"@netlify/config": "^22.0.1",
|
|
73
73
|
"@netlify/edge-bundler": "13.0.2",
|
|
74
74
|
"@netlify/framework-info": "^9.9.3",
|
|
75
|
-
"@netlify/functions-utils": "^5.3.
|
|
75
|
+
"@netlify/functions-utils": "^5.3.16",
|
|
76
76
|
"@netlify/git-utils": "^5.2.0",
|
|
77
77
|
"@netlify/opentelemetry-utils": "^1.3.1",
|
|
78
78
|
"@netlify/plugins-list": "^6.80.0",
|
|
79
79
|
"@netlify/run-utils": "^5.2.0",
|
|
80
|
-
"@netlify/zip-it-and-ship-it": "10.0.
|
|
80
|
+
"@netlify/zip-it-and-ship-it": "10.0.7",
|
|
81
81
|
"@sindresorhus/slugify": "^2.0.0",
|
|
82
82
|
"ansi-escapes": "^6.0.0",
|
|
83
83
|
"chalk": "^5.0.0",
|
|
@@ -159,5 +159,5 @@
|
|
|
159
159
|
"engines": {
|
|
160
160
|
"node": "^14.16.0 || >=16.0.0"
|
|
161
161
|
},
|
|
162
|
-
"gitHead": "
|
|
162
|
+
"gitHead": "282f1c69c7008f027ba009535aea2f9e1e9d8f8d"
|
|
163
163
|
}
|