@rushstack/rush-amazon-s3-build-cache-plugin 5.168.0 → 5.169.1

package/{lib → lib-dts}/tsdoc-metadata.json

@@ -5,7 +5,7 @@
   "toolPackages": [
     {
       "packageName": "@microsoft/api-extractor",
-      "packageVersion": "7.56.3"
+      "packageVersion": "7.57.0"
     }
   ]
 }

package/lib-esm/AmazonS3BuildCacheProvider.js

@@ -0,0 +1,131 @@
+// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
+// See LICENSE in the project root for license information.
+import { CredentialCache } from '@rushstack/credential-cache';
+import { RushConstants, EnvironmentVariableNames, EnvironmentConfiguration } from '@rushstack/rush-sdk';
+import { WebClient } from '@rushstack/rush-sdk/lib/utilities/WebClient';
+import { AmazonS3Client } from './AmazonS3Client';
+import { fromAmazonEnv, fromRushEnv } from './AmazonS3Credentials';
+const DEFAULT_S3_REGION = 'us-east-1';
+export class AmazonS3BuildCacheProvider {
+    get isCacheWriteAllowed() {
+        var _a;
+        return (_a = EnvironmentConfiguration.buildCacheWriteAllowed) !== null && _a !== void 0 ? _a : this._isCacheWriteAllowedByConfiguration;
+    }
+    constructor(options, rushSession) {
+        this._rushSession = rushSession;
+        this._options = options;
+        this._s3Prefix = options.s3Prefix;
+        this._isCacheWriteAllowedByConfiguration = options.isCacheWriteAllowed;
+    }
+    get _s3Endpoint() {
+        const options = this._options;
+        if ('s3Bucket' in options) {
+            // options: IAmazonS3BuildCacheProviderOptionsSimple
+            const bucket = options.s3Bucket;
+            if (options.s3Region === DEFAULT_S3_REGION) {
+                return `https://${bucket}.s3.amazonaws.com`;
+            }
+            else {
+                return `https://${bucket}.s3-${options.s3Region}.amazonaws.com`;
+            }
+        }
+        // options: IAmazonS3BuildCacheProviderOptionsAdvanced
+        return options.s3Endpoint;
+    }
+    get _credentialCacheId() {
+        if (!this.__credentialCacheId) {
+            const cacheIdParts = ['aws-s3', this._options.s3Region, this._s3Endpoint];
+            if (this._isCacheWriteAllowedByConfiguration) {
+                cacheIdParts.push('cacheWriteAllowed');
+            }
+            this.__credentialCacheId = cacheIdParts.join('|');
+        }
+        return this.__credentialCacheId;
+    }
+    async _getS3ClientAsync(terminal) {
+        var _a, _b;
+        if (!this.__s3Client) {
+            let credentials = (_a = fromRushEnv()) !== null && _a !== void 0 ? _a : fromAmazonEnv();
+            if (!credentials) {
+                terminal.writeDebugLine('No credentials found in env. Trying cloud credentials.');
+                let cacheEntry;
+                await CredentialCache.usingAsync({
+                    supportEditing: false
+                }, (credentialsCache) => {
+                    cacheEntry = credentialsCache.tryGetCacheEntry(this._credentialCacheId);
+                });
+                if (cacheEntry) {
+                    const expirationTime = (_b = cacheEntry.expires) === null || _b === void 0 ? void 0 : _b.getTime();
+                    if (expirationTime && expirationTime < Date.now()) {
+                        throw new Error('Cached Amazon S3 credentials have expired. ' +
+                            `Update the credentials by running "rush ${RushConstants.updateCloudCredentialsCommandName}".`);
+                    }
+                    else {
+                        credentials = fromRushEnv(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.credential);
+                    }
+                }
+                else if (this._isCacheWriteAllowedByConfiguration) {
+                    throw new Error("An Amazon S3 credential hasn't been provided, or has expired. " +
+                        `Update the credentials by running "rush ${RushConstants.updateCloudCredentialsCommandName}", ` +
+                        `or provide an <AccessKeyId>:<SecretAccessKey> pair in the ` +
+                        `${EnvironmentVariableNames.RUSH_BUILD_CACHE_CREDENTIAL} environment variable`);
+                }
+            }
+            this.__s3Client = new AmazonS3Client(credentials, {
+                ...this._options,
+                // advanced options
+                s3Endpoint: this._s3Endpoint
+            }, new WebClient(), terminal);
+        }
+        return this.__s3Client;
+    }
+    async tryGetCacheEntryBufferByIdAsync(terminal, cacheId) {
+        try {
+            const client = await this._getS3ClientAsync(terminal);
+            return await client.getObjectAsync(this._s3Prefix ? `${this._s3Prefix}/${cacheId}` : cacheId);
+        }
+        catch (e) {
+            terminal.writeWarningLine(`Error getting cache entry from S3: ${e}`);
+            return undefined;
+        }
+    }
+    async trySetCacheEntryBufferAsync(terminal, cacheId, objectBuffer) {
+        if (!this.isCacheWriteAllowed) {
+            terminal.writeErrorLine('Writing to S3 cache is not allowed in the current configuration.');
+            return false;
+        }
+        terminal.writeDebugLine('Uploading object with cacheId: ', cacheId);
+        try {
+            const client = await this._getS3ClientAsync(terminal);
+            await client.uploadObjectAsync(this._s3Prefix ? `${this._s3Prefix}/${cacheId}` : cacheId, objectBuffer);
+            return true;
+        }
+        catch (e) {
+            terminal.writeWarningLine(`Error uploading cache entry to S3: ${e}`);
+            return false;
+        }
+    }
+    async updateCachedCredentialAsync(terminal, credential) {
+        await CredentialCache.usingAsync({
+            supportEditing: true
+        }, async (credentialsCache) => {
+            credentialsCache.setCacheEntry(this._credentialCacheId, { credential });
+            await credentialsCache.saveIfModifiedAsync();
+        });
+    }
+    async updateCachedCredentialInteractiveAsync(terminal) {
+        throw new Error('The interactive cloud credentials flow is not supported for Amazon S3.\n' +
+            'Provide your credentials to rush using the --credential flag instead. Credentials must be ' +
+            'in the form of <ACCESS KEY ID>:<SECRET ACCESS KEY> or ' +
+            '<ACCESS KEY ID>:<SECRET ACCESS KEY>:<SESSION TOKEN>.');
+    }
+    async deleteCachedCredentialsAsync(terminal) {
+        await CredentialCache.usingAsync({
+            supportEditing: true
+        }, async (credentialsCache) => {
+            credentialsCache.deleteCacheEntry(this._credentialCacheId);
+            await credentialsCache.saveIfModifiedAsync();
+        });
+    }
+}
+//# sourceMappingURL=AmazonS3BuildCacheProvider.js.map

package/lib-esm/AmazonS3BuildCacheProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AmazonS3BuildCacheProvider.js","sourceRoot":"","sources":["../src/AmazonS3BuildCacheProvider.ts"],"names":[],"mappings":"AAAA,4FAA4F;AAC5F,2DAA2D;AAE3D,OAAO,EAA8B,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE1F,OAAO,EAGL,aAAa,EACb,wBAAwB,EACxB,wBAAwB,EACzB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,MAAM,6CAA6C,CAAC;AAExE,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAA6B,aAAa,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AA0B9F,MAAM,iBAAiB,GAAgB,WAAW,CAAC;AACnD,MAAM,OAAO,0BAA0B;IASrC,IAAW,mBAAmB;;QAC5B,OAAO,MAAA,wBAAwB,CAAC,sBAAsB,mCAAI,IAAI,CAAC,mCAAmC,CAAC;IACrG,CAAC;IAID,YACE,OAA8F,EAC9F,WAAwB;QAExB,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAChC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,CAAC,mCAAmC,GAAG,OAAO,CAAC,mBAAmB,CAAC;IACzE,CAAC;IAED,IAAY,WAAW;QACrB,MAAM,OAAO,GACX,IAAI,CAAC,QAAQ,CAAC;QAChB,IAAI,UAAU,IAAI,OAAO,EAAE,CAAC;YAC1B,oDAAoD;YACpD,MAAM,MAAM,GAAW,OAAO,CAAC,QAAQ,CAAC;YACxC,IAAI,OAAO,CAAC,QAAQ,KAAK,iBAAiB,EAAE,CAAC;gBAC3C,OAAO,WAAW,MAAM,mBAAmB,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,WAAW,MAAM,OAAO,OAAO,CAAC,QAAQ,gBAAgB,CAAC;YAClE,CAAC;QACH,CAAC;QACD,sDAAsD;QACtD,OAAO,OAAO,CAAC,UAAU,CAAC;IAC5B,CAAC;IAED,IAAY,kBAAkB;QAC5B,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC9B,MAAM,YAAY,GAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YAEpF,IAAI,IAAI,CAAC,mCAAmC,EAAE,CAAC;gBAC7C,YAAY,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACzC,CAAC;YAED,IAAI,CAAC,mBAAmB,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,IAAI,CAAC,mBAAmB,CAAC;IAClC,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,QAAmB;;QACjD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,IAAI,WAAW,GAAqC,MAAA,WAAW,EAAE,mCAAI,aAAa,EAAE,CAAC;YAErF,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,QAAQ,CAAC,cAAc,CAAC,wDAAwD,CAAC,CAAC;gBAElF,IAAI,UAA6C,CAAC;gBAClD,MAAM,eAAe,CAAC,UAAU,CAC9B;oBACE,cAAc,EAAE,KAAK;iBACtB,EACD,CAAC,gBAAiC,EAAE,EAAE;oBACpC,UAAU,GAAG,gBAAgB,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBAC1E,CAAC,CACF,CAAC;gBAEF,IAAI,UAAU,EAAE,CAAC;oBACf,MAAM,cAAc,GAAuB,MAAA,UAAU,CAAC,OAAO,0CAAE,OAAO,EAAE,CAAC;oBACzE,IAAI,cAAc,IAAI,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;wBAClD,MAAM,IAAI,KAAK,CACb,6CAA6C;4BAC3C,2CAA2C,aAAa,CAAC,iCAAiC,IAAI,CACjG,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACN,WAAW,GAAG,WAAW,CAAC,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,UAAU,CAAC,CAAC;oBACpD,CAAC;gBACH,CAAC;qBAAM,IAAI,IAAI,CAAC,mCAAmC,EAAE,CAAC;oBACpD,MAAM,IAAI,KAAK,CACb,gEAAgE;wBAC9D,2CAA2C,aAAa,CAAC,iCAAiC,KAAK;wBAC/F,4DAA4D;wBAC5D,GAAG,wBAAwB,CAAC,2BAA2B,uBAAuB,CACjF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,IAAI,CAAC,UAAU,GAAG,IAAI,cAAc,CAClC,WAAW,EACX;gBACE,GAAG,IAAI,CAAC,QAAQ;gBAChB,mBAAmB;gBACnB,UAAU,EAAE,IAAI,CAAC,WAAW;aAC7B,EACD,IAAI,SAAS,EAAE,EACf,QAAQ,CACT,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAEM,KAAK,CAAC,+BAA+B,CAC1C,QAAmB,EACnB,OAAe;QAEf,IAAI,CAAC;YACH,MAAM,MAAM,GAAmB,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACtE,OAAO,MAAM,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAChG,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,QAAQ,CAAC,gBAAgB,CAAC,sCAAsC,CAAC,EAAE,CAAC,CAAC;YACrE,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,2BAA2B,CACtC,QAAmB,EACnB,OAAe,EACf,YAAoB;QAEpB,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC9B,QAAQ,CAAC,cAAc,CAAC,kEAAkE,CAAC,CAAC;YAC5F,OAAO,KAAK,CAAC;QACf,CAAC;QAED,QAAQ,CAAC,cAAc,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;QAEpE,IAAI,CAAC;YACH,MAAM,MAAM,GAAmB,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACtE,MAAM,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YACxG,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,QAAQ,CAAC,gBAAgB,CAAC,sCAAsC,CAAC,EAAE,CAAC,CAAC;YACrE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,2BAA2B,CAAC,QAAmB,EAAE,UAAkB;QAC9E,MAAM,eAAe,CAAC,UAAU,CAC9B;YACE,cAAc,EAAE,IAAI;SACrB,EACD,KAAK,EAAE,gBAAiC,EAAE,EAAE;YAC1C,gBAAgB,CAAC,aAAa,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;YACxE,MAAM,gBAAgB,CAAC,mBAAmB,EAAE,CAAC;QAC/C,CAAC,CACF,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,sCAAsC,CAAC,QAAmB;QACrE,MAAM,IAAI,KAAK,CACb,0EAA0E;YACxE,4FAA4F;YAC5F,wDAAwD;YACxD,sDAAsD,CACzD,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,4BAA4B,CAAC,QAAmB;QAC3D,MAAM,eAAe,CAAC,UAAU,CAC9B;YACE,cAAc,EAAE,IAAI;SACrB,EACD,KAAK,EAAE,gBAAiC,EAAE,EAAE;YAC1C,gBAAgB,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC3D,MAAM,gBAAgB,CAAC,mBAAmB,EAAE,CAAC;QAC/C,CAAC,CACF,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\n// See LICENSE in the project root for license information.\n\nimport { type ICredentialCacheEntry, CredentialCache } from '@rushstack/credential-cache';\nimport type { ITerminal } from '@rushstack/terminal';\nimport {\n  type ICloudBuildCacheProvider,\n  type RushSession,\n  RushConstants,\n  EnvironmentVariableNames,\n  EnvironmentConfiguration\n} from '@rushstack/rush-sdk';\nimport { WebClient } from '@rushstack/rush-sdk/lib/utilities/WebClient';\n\nimport { AmazonS3Client } from './AmazonS3Client';\nimport { type IAmazonS3Credentials, fromAmazonEnv, fromRushEnv } from './AmazonS3Credentials';\n\n/**\n * @public\n */\nexport interface IAmazonS3BuildCacheProviderOptionsBase {\n  s3Region: string;\n  s3Prefix: string | undefined;\n  isCacheWriteAllowed: boolean;\n}\n\n/**\n * Advanced options where user has the specify the full http endpoint\n * @public\n */\nexport interface IAmazonS3BuildCacheProviderOptionsAdvanced extends IAmazonS3BuildCacheProviderOptionsBase {\n  s3Endpoint: string;\n}\n/**\n * Simple options where user only provides the bucket and the endpoint is automatically built\n * @public\n */\nexport interface IAmazonS3BuildCacheProviderOptionsSimple extends IAmazonS3BuildCacheProviderOptionsBase {\n  s3Bucket: string;\n}\n\nconst DEFAULT_S3_REGION: 'us-east-1' = 'us-east-1';\nexport class AmazonS3BuildCacheProvider implements ICloudBuildCacheProvider {\n  private readonly _options:\n    | IAmazonS3BuildCacheProviderOptionsSimple\n    | IAmazonS3BuildCacheProviderOptionsAdvanced;\n  private readonly _s3Prefix: string | undefined;\n  private readonly _isCacheWriteAllowedByConfiguration: boolean;\n  private __credentialCacheId: string | undefined;\n  private _rushSession: RushSession;\n\n  public get isCacheWriteAllowed(): boolean {\n    return EnvironmentConfiguration.buildCacheWriteAllowed ?? this._isCacheWriteAllowedByConfiguration;\n  }\n\n  private __s3Client: AmazonS3Client | undefined;\n\n  public constructor(\n    options: IAmazonS3BuildCacheProviderOptionsSimple | IAmazonS3BuildCacheProviderOptionsAdvanced,\n    rushSession: RushSession\n  ) {\n    this._rushSession = rushSession;\n    this._options = options;\n    this._s3Prefix = options.s3Prefix;\n    this._isCacheWriteAllowedByConfiguration = options.isCacheWriteAllowed;\n  }\n\n  private get _s3Endpoint(): string {\n    const options: IAmazonS3BuildCacheProviderOptionsSimple | IAmazonS3BuildCacheProviderOptionsAdvanced =\n      this._options;\n    if ('s3Bucket' in options) {\n      // options: IAmazonS3BuildCacheProviderOptionsSimple\n      const bucket: string = options.s3Bucket;\n      if (options.s3Region === DEFAULT_S3_REGION) {\n        return `https://${bucket}.s3.amazonaws.com`;\n      } else {\n        return `https://${bucket}.s3-${options.s3Region}.amazonaws.com`;\n      }\n    }\n    // options: IAmazonS3BuildCacheProviderOptionsAdvanced\n    return options.s3Endpoint;\n  }\n\n  private get _credentialCacheId(): string {\n    if (!this.__credentialCacheId) {\n      const cacheIdParts: string[] = ['aws-s3', this._options.s3Region, this._s3Endpoint];\n\n      if (this._isCacheWriteAllowedByConfiguration) {\n        cacheIdParts.push('cacheWriteAllowed');\n      }\n\n      this.__credentialCacheId = cacheIdParts.join('|');\n    }\n\n    return this.__credentialCacheId;\n  }\n\n  private async _getS3ClientAsync(terminal: ITerminal): Promise<AmazonS3Client> {\n    if (!this.__s3Client) {\n      let credentials: IAmazonS3Credentials | undefined = fromRushEnv() ?? fromAmazonEnv();\n\n      if (!credentials) {\n        terminal.writeDebugLine('No credentials found in env. Trying cloud credentials.');\n\n        let cacheEntry: ICredentialCacheEntry | undefined;\n        await CredentialCache.usingAsync(\n          {\n            supportEditing: false\n          },\n          (credentialsCache: CredentialCache) => {\n            cacheEntry = credentialsCache.tryGetCacheEntry(this._credentialCacheId);\n          }\n        );\n\n        if (cacheEntry) {\n          const expirationTime: number | undefined = cacheEntry.expires?.getTime();\n          if (expirationTime && expirationTime < Date.now()) {\n            throw new Error(\n              'Cached Amazon S3 credentials have expired. ' +\n                `Update the credentials by running \"rush ${RushConstants.updateCloudCredentialsCommandName}\".`\n            );\n          } else {\n            credentials = fromRushEnv(cacheEntry?.credential);\n          }\n        } else if (this._isCacheWriteAllowedByConfiguration) {\n          throw new Error(\n            \"An Amazon S3 credential hasn't been provided, or has expired. \" +\n              `Update the credentials by running \"rush ${RushConstants.updateCloudCredentialsCommandName}\", ` +\n              `or provide an <AccessKeyId>:<SecretAccessKey> pair in the ` +\n              `${EnvironmentVariableNames.RUSH_BUILD_CACHE_CREDENTIAL} environment variable`\n          );\n        }\n      }\n\n      this.__s3Client = new AmazonS3Client(\n        credentials,\n        {\n          ...this._options,\n          // advanced options\n          s3Endpoint: this._s3Endpoint\n        },\n        new WebClient(),\n        terminal\n      );\n    }\n\n    return this.__s3Client;\n  }\n\n  public async tryGetCacheEntryBufferByIdAsync(\n    terminal: ITerminal,\n    cacheId: string\n  ): Promise<Buffer | undefined> {\n    try {\n      const client: AmazonS3Client = await this._getS3ClientAsync(terminal);\n      return await client.getObjectAsync(this._s3Prefix ? `${this._s3Prefix}/${cacheId}` : cacheId);\n    } catch (e) {\n      terminal.writeWarningLine(`Error getting cache entry from S3: ${e}`);\n      return undefined;\n    }\n  }\n\n  public async trySetCacheEntryBufferAsync(\n    terminal: ITerminal,\n    cacheId: string,\n    objectBuffer: Buffer\n  ): Promise<boolean> {\n    if (!this.isCacheWriteAllowed) {\n      terminal.writeErrorLine('Writing to S3 cache is not allowed in the current configuration.');\n      return false;\n    }\n\n    terminal.writeDebugLine('Uploading object with cacheId: ', cacheId);\n\n    try {\n      const client: AmazonS3Client = await this._getS3ClientAsync(terminal);\n      await client.uploadObjectAsync(this._s3Prefix ? `${this._s3Prefix}/${cacheId}` : cacheId, objectBuffer);\n      return true;\n    } catch (e) {\n      terminal.writeWarningLine(`Error uploading cache entry to S3: ${e}`);\n      return false;\n    }\n  }\n\n  public async updateCachedCredentialAsync(terminal: ITerminal, credential: string): Promise<void> {\n    await CredentialCache.usingAsync(\n      {\n        supportEditing: true\n      },\n      async (credentialsCache: CredentialCache) => {\n        credentialsCache.setCacheEntry(this._credentialCacheId, { credential });\n        await credentialsCache.saveIfModifiedAsync();\n      }\n    );\n  }\n\n  public async updateCachedCredentialInteractiveAsync(terminal: ITerminal): Promise<void> {\n    throw new Error(\n      'The interactive cloud credentials flow is not supported for Amazon S3.\\n' +\n        'Provide your credentials to rush using the --credential flag instead. Credentials must be ' +\n        'in the form of <ACCESS KEY ID>:<SECRET ACCESS KEY> or ' +\n        '<ACCESS KEY ID>:<SECRET ACCESS KEY>:<SESSION TOKEN>.'\n    );\n  }\n\n  public async deleteCachedCredentialsAsync(terminal: ITerminal): Promise<void> {\n    await CredentialCache.usingAsync(\n      {\n        supportEditing: true\n      },\n      async (credentialsCache: CredentialCache) => {\n        credentialsCache.deleteCacheEntry(this._credentialCacheId);\n        await credentialsCache.saveIfModifiedAsync();\n      }\n    );\n  }\n}\n"]}

package/lib-esm/AmazonS3Client.js

@@ -0,0 +1,364 @@
+// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
+// See LICENSE in the project root for license information.
+import * as crypto from 'node:crypto';
+import { Async } from '@rushstack/node-core-library';
+import { Colorize } from '@rushstack/terminal';
+import { AUTHORIZATION_HEADER_NAME } from '@rushstack/rush-sdk/lib/utilities/WebClient';
+import { fromRushEnv } from './AmazonS3Credentials';
+const CONTENT_HASH_HEADER_NAME = 'x-amz-content-sha256';
+const DATE_HEADER_NAME = 'x-amz-date';
+const HOST_HEADER_NAME = 'host';
+const SECURITY_TOKEN_HEADER_NAME = 'x-amz-security-token';
+const protocolRegex = /^https?:\/\//;
+const portRegex = /:(\d{1,5})$/;
+// Similar to https://docs.microsoft.com/en-us/javascript/api/@azure/storage-blob/storageretrypolicytype?view=azure-node-latest
+var StorageRetryPolicyType;
+(function (StorageRetryPolicyType) {
+    StorageRetryPolicyType[StorageRetryPolicyType["EXPONENTIAL"] = 0] = "EXPONENTIAL";
+    StorageRetryPolicyType[StorageRetryPolicyType["FIXED"] = 1] = "FIXED";
+})(StorageRetryPolicyType || (StorageRetryPolicyType = {}));
+const storageRetryOptions = {
+    maxRetryDelayInMs: 120 * 1000,
+    maxTries: 4,
+    retryDelayInMs: 4 * 1000,
+    retryPolicyType: StorageRetryPolicyType.EXPONENTIAL
+};
+/**
+ * A helper for reading and updating objects on Amazon S3
+ *
+ * @public
+ */
+export class AmazonS3Client {
+    constructor(credentials, options, webClient, terminal) {
+        this._credentials = credentials;
+        this._terminal = terminal;
+        this._validateEndpoint(options.s3Endpoint);
+        this._s3Endpoint = options.s3Endpoint;
+        this._s3Region = options.s3Region;
+        this._webClient = webClient;
+    }
+    // https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html#create-signature-presign-entire-payload
+    // We want to keep all slashes non encoded
+    static UriEncode(input) {
+        let output = '';
+        for (let i = 0; i < input.length; i += 1) {
+            const ch = input[i];
+            if (ch.match(/[A-Za-z0-9~._-]|\//)) {
+                output += ch;
+            }
+            else {
+                if (ch === ' ') {
+                    output += '%20';
+                }
+                else {
+                    output += `%${ch.charCodeAt(0).toString(16).toUpperCase()}`;
+                }
+            }
+        }
+        return output;
+    }
+    static tryDeserializeCredentials(credentialString) {
+        return fromRushEnv(credentialString);
+    }
+    async getObjectAsync(objectName) {
+        this._writeDebugLine('Reading object from S3');
+        return await this._sendCacheRequestWithRetriesAsync(async () => {
+            const response = await this._makeRequestAsync('GET', objectName);
+            if (response.ok) {
+                return {
+                    hasNetworkError: false,
+                    response: await response.getBufferAsync()
+                };
+            }
+            else if (response.status === 404) {
+                return {
+                    hasNetworkError: false,
+                    response: undefined
+                };
+            }
+            else if ((response.status === 400 || response.status === 401 || response.status === 403) &&
+                !this._credentials) {
+                // unauthorized due to not providing credentials,
+                // silence error for better DX when e.g. running locally without credentials
+                this._writeWarningLine(`No credentials found and received a ${response.status}`, ' response code from the cloud storage.', ' Maybe run rush update-cloud-credentials', ' or set the RUSH_BUILD_CACHE_CREDENTIAL env');
+                return {
+                    hasNetworkError: false,
+                    response: undefined
+                };
+            }
+            else if (response.status === 400 || response.status === 401 || response.status === 403) {
+                throw await this._getS3ErrorAsync(response);
+            }
+            else {
+                const error = await this._getS3ErrorAsync(response);
+                return {
+                    hasNetworkError: true,
+                    error
+                };
+            }
+        });
+    }
+    async uploadObjectAsync(objectName, objectBuffer) {
+        if (!this._credentials) {
+            throw new Error('Credentials are required to upload objects to S3.');
+        }
+        await this._sendCacheRequestWithRetriesAsync(async () => {
+            const response = await this._makeRequestAsync('PUT', objectName, objectBuffer);
+            if (!response.ok) {
+                return {
+                    hasNetworkError: true,
+                    error: await this._getS3ErrorAsync(response)
+                };
+            }
+            return {
+                hasNetworkError: false,
+                response: undefined
+            };
+        });
+    }
+    _writeDebugLine(...messageParts) {
+        // if the terminal has been closed then don't bother sending a debug message
+        try {
+            this._terminal.writeDebugLine(...messageParts);
+        }
+        catch (err) {
+            // ignore error
+        }
+    }
+    _writeWarningLine(...messageParts) {
+        // if the terminal has been closed then don't bother sending a warning message
+        try {
+            this._terminal.writeWarningLine(...messageParts);
+        }
+        catch (err) {
+            // ignore error
+        }
+    }
+    async _makeRequestAsync(verb, objectName, body) {
+        const isoDateString = this._getIsoDateString();
+        const bodyHash = this._getSha256(body);
+        const headers = {};
+        headers[DATE_HEADER_NAME] = isoDateString.dateTime;
+        headers[CONTENT_HASH_HEADER_NAME] = bodyHash;
+        // the host can be e.g. https://s3.aws.com or http://localhost:9000
+        const host = this._s3Endpoint.replace(protocolRegex, '');
+        const canonicalUri = AmazonS3Client.UriEncode(`/${objectName}`);
+        this._writeDebugLine(Colorize.bold('Canonical URI: '), canonicalUri);
+        if (this._credentials) {
+            // Compute the authorization header. See https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
+            const canonicalHeaders = [
+                `${HOST_HEADER_NAME}:${host}`,
+                `${CONTENT_HASH_HEADER_NAME}:${bodyHash}`,
+                `${DATE_HEADER_NAME}:${isoDateString.dateTime}`
+            ];
+            // Handle signing with temporary credentials (via sts:assume-role)
+            if (this._credentials.sessionToken) {
+                canonicalHeaders.push(`${SECURITY_TOKEN_HEADER_NAME}:${this._credentials.sessionToken}`);
+            }
+            // the canonical headers must be sorted by header name
+            canonicalHeaders.sort((aHeader, bHeader) => {
+                const aHeaderName = aHeader.split(':')[0];
+                const bHeaderName = bHeader.split(':')[0];
+                if (aHeaderName < bHeaderName) {
+                    return -1;
+                }
+                if (aHeaderName > bHeaderName) {
+                    return 1;
+                }
+                return 0;
+            });
+            // the singed header names are derived from the canonicalHeaders
+            const signedHeaderNamesString = canonicalHeaders
+                .map((header) => {
+                const headerName = header.split(':')[0];
+                return headerName;
+            })
+                .join(';');
+            // The canonical request looks like this:
+            //  GET
+            // /test.txt
+            //
+            // host:examplebucket.s3.amazonaws.com
+            // range:bytes=0-9
+            // x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+            // x-amz-date:20130524T000000Z
+            //
+            // host;range;x-amz-content-sha256;x-amz-date
+            // e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+            const canonicalRequest = [
+                verb,
+                canonicalUri,
+                '', // we don't use query strings for these requests
+                ...canonicalHeaders,
+                '',
+                signedHeaderNamesString,
+                bodyHash
+            ].join('\n');
+            const canonicalRequestHash = this._getSha256(canonicalRequest);
+            const scope = `${isoDateString.date}/${this._s3Region}/s3/aws4_request`;
+            // The string to sign looks like this:
+            // AWS4-HMAC-SHA256
+            // 20130524T423589Z
+            // 20130524/us-east-1/s3/aws4_request
+            // 7344ae5b7ee6c3e7e6b0fe0640412a37625d1fbfff95c48bbb2dc43964946972
+            const stringToSign = [
+                'AWS4-HMAC-SHA256',
+                isoDateString.dateTime,
+                scope,
+                canonicalRequestHash
+            ].join('\n');
+            const dateKey = this._getSha256Hmac(`AWS4${this._credentials.secretAccessKey}`, isoDateString.date);
+            const dateRegionKey = this._getSha256Hmac(dateKey, this._s3Region);
+            const dateRegionServiceKey = this._getSha256Hmac(dateRegionKey, 's3');
+            const signingKey = this._getSha256Hmac(dateRegionServiceKey, 'aws4_request');
+            const signature = this._getSha256Hmac(signingKey, stringToSign, 'hex');
+            const authorizationHeader = `AWS4-HMAC-SHA256 Credential=${this._credentials.accessKeyId}/${scope},SignedHeaders=${signedHeaderNamesString},Signature=${signature}`;
+            headers[AUTHORIZATION_HEADER_NAME] = authorizationHeader;
+            if (this._credentials.sessionToken) {
+                // Handle signing with temporary credentials (via sts:assume-role)
+                headers['X-Amz-Security-Token'] = this._credentials.sessionToken;
+            }
+        }
+        const webFetchOptions = {
+            verb,
+            headers
+        };
+        if (verb === 'PUT') {
+            webFetchOptions.body = body;
+        }
+        const url = `${this._s3Endpoint}${canonicalUri}`;
+        this._writeDebugLine(Colorize.bold(Colorize.underline('Sending request to S3')));
+        this._writeDebugLine(Colorize.bold('HOST: '), url);
+        this._writeDebugLine(Colorize.bold('Headers: '));
+        for (const [name, value] of Object.entries(headers)) {
+            this._writeDebugLine(Colorize.cyan(`\t${name}: ${value}`));
+        }
+        const response = await this._webClient.fetchAsync(url, webFetchOptions);
+        return response;
+    }
+    _getSha256Hmac(key, data, encoding) {
+        const hash = crypto.createHmac('sha256', key);
+        hash.update(data);
+        if (encoding) {
+            return hash.digest(encoding);
+        }
+        else {
+            return hash.digest();
+        }
+    }
+    _getSha256(data) {
+        if (data) {
+            const hash = crypto.createHash('sha256');
+            hash.update(data);
+            return hash.digest('hex');
+        }
+        else {
+            // This is the null SHA256 hash
+            return 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855';
+        }
+    }
+    _getIsoDateString(date = new Date()) {
+        let dateString = date.toISOString();
+        dateString = dateString.replace(/[-:]/g, ''); // Remove separator characters
+        dateString = dateString.substring(0, 15); // Drop milliseconds
+        // dateTime is an ISO8601 date. It looks like "20130524T423589"
+        // date is an ISO date. It looks like "20130524"
+        return {
+            dateTime: `${dateString}Z`,
+            date: dateString.substring(0, 8)
+        };
+    }
+    async _safeReadResponseTextAsync(response) {
+        try {
+            return await response.getTextAsync();
+        }
+        catch (err) {
+            // ignore the error
+        }
+        return undefined;
+    }
+    async _getS3ErrorAsync(response) {
+        const text = await this._safeReadResponseTextAsync(response);
+        return new Error(`Amazon S3 responded with status code ${response.status} (${response.statusText})${text ? `\n${text}` : ''}`);
+    }
+    /**
+     * Validates a S3 endpoint which is http(s):// + hostname + port. Hostname validated according to RFC 1123
+     * {@link https://docs.aws.amazon.com/general/latest/gr/s3.html}
+     */
+    _validateEndpoint(s3Endpoint) {
+        let host = s3Endpoint;
+        if (!s3Endpoint) {
+            throw new Error('A S3 endpoint must be provided');
+        }
+        if (!s3Endpoint.match(protocolRegex)) {
+            throw new Error('The S3 endpoint must start with https:// or http://');
+        }
+        host = host.replace(protocolRegex, '');
+        if (host.match(/\//)) {
+            throw new Error('The path should be omitted from the endpoint. Use s3Prefix to specify a path');
+        }
+        const portMatch = s3Endpoint.match(portRegex);
+        if (portMatch) {
+            const port = Number(portMatch[1]);
+            if (Number.isNaN(port) || port > 65535) {
+                throw new Error(`Port: ${port} is an invalid port number`);
+            }
+            host = host.replace(portRegex, '');
+        }
+        if (host.endsWith('.')) {
+            host = host.slice(0, host.length - 1);
+        }
+        if (host.length > 253) {
+            throw new Error('The S3 endpoint is too long. RFC 1123 specifies a hostname should be no longer than 253 characters.');
+        }
+        const subDomains = host.split('.');
+        const subDomainRegex = /^[a-zA-Z0-9-]+$/;
+        const isValid = subDomains.every((subDomain) => {
+            return (subDomainRegex.test(subDomain) &&
+                subDomain.length < 64 &&
+                !subDomain.startsWith('-') &&
+                !subDomain.endsWith('-'));
+        });
+        if (!isValid) {
+            throw new Error('Invalid S3 endpoint. Some part of the hostname contains invalid characters or is too long');
+        }
+    }
+    async _sendCacheRequestWithRetriesAsync(sendRequest) {
+        const response = await sendRequest();
+        const log = this._writeDebugLine.bind(this);
+        if (response.hasNetworkError) {
+            if (storageRetryOptions && storageRetryOptions.maxTries > 1) {
+                log('Network request failed. Will retry request as specified in storageRetryOptions');
+                async function retry(retryAttempt) {
+                    const { retryDelayInMs, retryPolicyType, maxTries, maxRetryDelayInMs } = storageRetryOptions;
+                    let delay = retryDelayInMs;
+                    if (retryPolicyType === StorageRetryPolicyType.EXPONENTIAL) {
+                        delay = retryDelayInMs * Math.pow(2, retryAttempt - 1);
+                    }
+                    delay = Math.min(maxRetryDelayInMs, delay);
+                    log(`Will retry request in ${delay}s...`);
+                    await Async.sleepAsync(delay);
+                    const retryResponse = await sendRequest();
+                    if (retryResponse.hasNetworkError) {
+                        if (retryAttempt < maxTries - 1) {
+                            log('The retried request failed, will try again');
+                            return retry(retryAttempt + 1);
+                        }
+                        else {
+                            log('The retried request failed and has reached the maxTries limit');
+                            throw retryResponse.error;
+                        }
+                    }
+                    return retryResponse.response;
+                }
+                return retry(1);
+            }
+            else {
+                log('Network request failed and storageRetryOptions is not specified');
+                throw response.error;
+            }
+        }
+        return response.response;
+    }
+}
+//# sourceMappingURL=AmazonS3Client.js.map

package/lib-esm/AmazonS3Client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AmazonS3Client.js","sourceRoot":"","sources":["../src/AmazonS3Client.ts"],"names":[],"mappings":"AAAA,4FAA4F;AAC5F,2DAA2D;AAE3D,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,KAAK,EAAE,MAAM,8BAA8B,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAkB,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAKL,yBAAyB,EAC1B,MAAM,6CAA6C,CAAC;AAGrD,OAAO,EAA6B,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAE/E,MAAM,wBAAwB,GAA2B,sBAAsB,CAAC;AAChF,MAAM,gBAAgB,GAAiB,YAAY,CAAC;AACpD,MAAM,gBAAgB,GAAW,MAAM,CAAC;AACxC,MAAM,0BAA0B,GAA2B,sBAAsB,CAAC;AAiBlF,MAAM,aAAa,GAAW,cAAc,CAAC;AAC7C,MAAM,SAAS,GAAW,aAAa,CAAC;AAExC,+HAA+H;AAC/H,IAAK,sBAGJ;AAHD,WAAK,sBAAsB;IACzB,iFAAe,CAAA;IACf,qEAAS,CAAA;AACX,CAAC,EAHI,sBAAsB,KAAtB,sBAAsB,QAG1B;AAUD,MAAM,mBAAmB,GAAyB;IAChD,iBAAiB,EAAE,GAAG,GAAG,IAAI;IAC7B,QAAQ,EAAE,CAAC;IACX,cAAc,EAAE,CAAC,GAAG,IAAI;IACxB,eAAe,EAAE,sBAAsB,CAAC,WAAW;CACpD,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,cAAc;IASzB,YACE,WAA6C,EAC7C,OAAmD,EACnD,SAAoB,EACpB,QAAmB;QAEnB,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAChC,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAE1B,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC;QAElC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;IAC9B,CAAC;IAED,wHAAwH;IACxH,0CAA0C;IACnC,MAAM,CAAC,SAAS,CAAC,KAAa;QACnC,IAAI,MAAM,GAAW,EAAE,CAAC;QACxB,KAAK,IAAI,CAAC,GAAW,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,MAAM,EAAE,GAAW,KAAK,CAAC,CAAC,CAAC,CAAC;YAC5B,IAAI,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBACnC,MAAM,IAAI,EAAE,CAAC;YACf,CAAC;iBAAM,CAAC;gBACN,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC;gBAClB,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC9D,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEM,MAAM,CAAC,yBAAyB,CACrC,gBAAoC;QAEpC,OAAO,WAAW,CAAC,gBAAgB,CAAC,CAAC;IACvC,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,UAAkB;QAC5C,IAAI,CAAC,eAAe,CAAC,wBAAwB,CAAC,CAAC;QAC/C,OAAO,MAAM,IAAI,CAAC,iCAAiC,CAAC,KAAK,IAAI,EAAE;YAC7D,MAAM,QAAQ,GAAuB,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;YACrF,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,OAAO;oBACL,eAAe,EAAE,KAAK;oBACtB,QAAQ,EAAE,MAAM,QAAQ,CAAC,cAAc,EAAE;iBAC1C,CAAC;YACJ,CAAC;iBAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnC,OAAO;oBACL,eAAe,EAAE,KAAK;oBACtB,QAAQ,EAAE,SAAS;iBACpB,CAAC;YACJ,CAAC;iBAAM,IACL,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC;gBAC/E,CAAC,IAAI,CAAC,YAAY,EAClB,CAAC;gBACD,iDAAiD;gBACjD,4EAA4E;gBAC5E,IAAI,CAAC,iBAAiB,CACpB,uCAAuC,QAAQ,CAAC,MAAM,EAAE,EACxD,wCAAwC,EACxC,0CAA0C,EAC1C,6CAA6C,CAC9C,CAAC;gBACF,OAAO;oBACL,eAAe,EAAE,KAAK;oBACtB,QAAQ,EAAE,SAAS;iBACpB,CAAC;YACJ,CAAC;iBAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACzF,MAAM,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,GAAU,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAC3D,OAAO;oBACL,eAAe,EAAE,IAAI;oBACrB,KAAK;iBACN,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAAC,UAAkB,EAAE,YAAoB;QACrE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QAED,MAAM,IAAI,CAAC,iCAAiC,CAAC,KAAK,IAAI,EAAE;YACtD,MAAM,QAAQ,GAAuB,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;YACnG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO;oBACL,eAAe,EAAE,IAAI;oBACrB,KAAK,EAAE,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC;iBAC7C,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,eAAe,EAAE,KAAK;gBACtB,QAAQ,EAAE,SAAS;aACpB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,eAAe,CAAC,GAAG,YAAsB;QAC/C,4EAA4E;QAC5E,IAAI,CAAC;YACH,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,YAAY,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAe;QACjB,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,GAAG,YAAsB;QACjD,8EAA8E;QAC9E,IAAI,CAAC;YACH,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,YAAY,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAe;QACjB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAC7B,IAAmB,EACnB,UAAkB,EAClB,IAAa;QAEb,MAAM,aAAa,GAAmB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC/D,MAAM,QAAQ,GAAW,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,OAAO,CAAC,gBAAgB,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC;QACnD,OAAO,CAAC,wBAAwB,CAAC,GAAG,QAAQ,CAAC;QAE7C,mEAAmE;QACnE,MAAM,IAAI,GAAW,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACjE,MAAM,YAAY,GAAW,cAAc,CAAC,SAAS,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;QACxE,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,YAAY,CAAC,CAAC;QAErE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,sHAAsH;YACtH,MAAM,gBAAgB,GAAa;gBACjC,GAAG,gBAAgB,IAAI,IAAI,EAAE;gBAC7B,GAAG,wBAAwB,IAAI,QAAQ,EAAE;gBACzC,GAAG,gBAAgB,IAAI,aAAa,CAAC,QAAQ,EAAE;aAChD,CAAC;YAEF,kEAAkE;YAClE,IAAI,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC;gBACnC,gBAAgB,CAAC,IAAI,CAAC,GAAG,0BAA0B,IAAI,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC,CAAC;YAC3F,CAAC;YAED,sDAAsD;YACtD,gBAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE;gBACzC,MAAM,WAAW,GAAW,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClD,MAAM,WAAW,GAAW,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClD,IAAI,WAAW,GAAG,WAAW,EAAE,CAAC;oBAC9B,OAAO,CAAC,CAAC,CAAC;gBACZ,CAAC;gBACD,IAAI,WAAW,GAAG,WAAW,EAAE,CAAC;oBAC9B,OAAO,CAAC,CAAC;gBACX,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC,CAAC,CAAC;YAEH,gEAAgE;YAChE,MAAM,uBAAuB,GAAW,gBAAgB;iBACrD,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;gBACd,MAAM,UAAU,GAAW,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAChD,OAAO,UAAU,CAAC;YACpB,CAAC,CAAC;iBACD,IAAI,CAAC,GAAG,CAAC,CAAC;YAEb,yCAAyC;YACzC,OAAO;YACP,YAAY;YACZ,EAAE;YACF,sCAAsC;YACtC,kBAAkB;YAClB,wFAAwF;YACxF,8BAA8B;YAC9B,EAAE;YACF,6CAA6C;YAC7C,mEAAmE;YACnE,MAAM,gBAAgB,GAAW;gBAC/B,IAAI;gBACJ,YAAY;gBACZ,EAAE,EAAE,gDAAgD;gBACpD,GAAG,gBAAgB;gBACnB,EAAE;gBACF,uBAAuB;gBACvB,QAAQ;aACT,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,MAAM,oBAAoB,GAAW,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;YAEvE,MAAM,KAAK,GAAW,GAAG,aAAa,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,kBAAkB,CAAC;YAChF,sCAAsC;YACtC,mBAAmB;YACnB,mBAAmB;YACnB,qCAAqC;YACrC,mEAAmE;YACnE,MAAM,YAAY,GAAW;gBAC3B,kBAAkB;gBAClB,aAAa,CAAC,QAAQ;gBACtB,KAAK;gBACL,oBAAoB;aACrB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEb,MAAM,OAAO,GAAW,IAAI,CAAC,cAAc,CACzC,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,EAC1C,aAAa,CAAC,IAAI,CACnB,CAAC;YACF,MAAM,aAAa,GAAW,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YAC3E,MAAM,oBAAoB,GAAW,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;YAC9E,MAAM,UAAU,GAAW,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,cAAc,CAAC,CAAC;YACrF,MAAM,SAAS,GAAW,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;YAE/E,MAAM,mBAAmB,GAAW,+BAA+B,IAAI,CAAC,YAAY,CAAC,WAAW,IAAI,KAAK,kBAAkB,uBAAuB,cAAc,SAAS,EAAE,CAAC;YAE5K,OAAO,CAAC,yBAAyB,CAAC,GAAG,mBAAmB,CAAC;YACzD,IAAI,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC;gBACnC,kEAAkE;gBAClE,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC;YACnE,CAAC;QACH,CAAC;QAED,MAAM,eAAe,GAA6C;YAChE,IAAI;YACJ,OAAO;SACR,CAAC;QACF,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YAClB,eAAyC,CAAC,IAAI,GAAG,IAAI,CAAC;QACzD,CAAC;QAED,MAAM,GAAG,GAAW,GAAG,IAAI,CAAC,WAAW,GAAG,YAAY,EAAE,CAAC;QAEzD,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;QACjF,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC;QACnD,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QACjD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,QAAQ,GAAuB,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QAE5F,OAAO,QAAQ,CAAC;IAClB,CAAC;IAIM,cAAc,CAAC,GAAoB,EAAE,IAAY,EAAE,QAAgB;QACxE,MAAM,IAAI,GAAgB,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAClB,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;IAEO,UAAU,CAAC,IAAsB;QACvC,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,IAAI,GAAgB,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YACtD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClB,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,+BAA+B;YAC/B,OAAO,kEAAkE,CAAC;QAC5E,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,OAAa,IAAI,IAAI,EAAE;QAC/C,IAAI,UAAU,GAAW,IAAI,CAAC,WAAW,EAAE,CAAC;QAC5C,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,8BAA8B;QAC5E,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB;QAE9D,+DAA+D;QAC/D,gDAAgD;QAChD,OAAO;YACL,QAAQ,EAAE,GAAG,UAAU,GAAG;YAC1B,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC;SACjC,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,0BAA0B,CAAC,QAA4B;QACnE,IAAI,CAAC;YACH,OAAO,MAAM,QAAQ,CAAC,YAAY,EAAE,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,mBAAmB;QACrB,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,QAA4B;QACzD,MAAM,IAAI,GAAuB,MAAM,IAAI,CAAC,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACjF,OAAO,IAAI,KAAK,CACd,wCAAwC,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,UAAU,IAC7E,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,EACvB,EAAE,CACH,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,iBAAiB,CAAC,UAAkB;QAC1C,IAAI,IAAI,GAAW,UAAU,CAAC;QAE9B,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAEvC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,SAAS,GAA4B,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACvE,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,IAAI,GAAW,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,KAAK,EAAE,CAAC;gBACvC,MAAM,IAAI,KAAK,CAAC,SAAS,IAAI,4BAA4B,CAAC,CAAC;YAC7D,CAAC;YACD,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACrC,CAAC;QAED,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,qGAAqG,CACtG,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAa,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAE7C,MAAM,cAAc,GAAW,iBAAiB,CAAC;QACjD,MAAM,OAAO,GAAY,UAAU,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE;YACtD,OAAO,CACL,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC;gBAC9B,SAAS,CAAC,MAAM,GAAG,EAAE;gBACrB,CAAC,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC;gBAC1B,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CACzB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iCAAiC,CAC7C,WAAuD;QAEvD,MAAM,QAAQ,GAAgC,MAAM,WAAW,EAAE,CAAC;QAElE,MAAM,GAAG,GAAwC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEjF,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;YAC7B,IAAI,mBAAmB,IAAI,mBAAmB,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;gBAC5D,GAAG,CAAC,gFAAgF,CAAC,CAAC;gBACtF,KAAK,UAAU,KAAK,CAAC,YAAoB;oBACvC,MAAM,EAAE,cAAc,EAAE,eAAe,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,mBAAmB,CAAC;oBAC7F,IAAI,KAAK,GAAW,cAAc,CAAC;oBACnC,IAAI,eAAe,KAAK,sBAAsB,CAAC,WAAW,EAAE,CAAC;wBAC3D,KAAK,GAAG,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,YAAY,GAAG,CAAC,CAAC,CAAC;oBACzD,CAAC;oBACD,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;oBAE3C,GAAG,CAAC,yBAAyB,KAAK,MAAM,CAAC,CAAC;oBAC1C,MAAM,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;oBAC9B,MAAM,aAAa,GAAgC,MAAM,WAAW,EAAE,CAAC;oBAEvE,IAAI,aAAa,CAAC,eAAe,EAAE,CAAC;wBAClC,IAAI,YAAY,GAAG,QAAQ,GAAG,CAAC,EAAE,CAAC;4BAChC,GAAG,CAAC,4CAA4C,CAAC,CAAC;4BAClD,OAAO,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC;wBACjC,CAAC;6BAAM,CAAC;4BACN,GAAG,CAAC,+DAA+D,CAAC,CAAC;4BACrE,MAAM,aAAa,CAAC,KAAK,CAAC;wBAC5B,CAAC;oBACH,CAAC;oBAED,OAAO,aAAa,CAAC,QAAQ,CAAC;gBAChC,CAAC;gBACD,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,iEAAiE,CAAC,CAAC;gBACvE,MAAM,QAAQ,CAAC,KAAK,CAAC;YACvB,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC,QAAQ,CAAC;IAC3B,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\n// See LICENSE in the project root for license information.\n\nimport * as crypto from 'node:crypto';\n\nimport { Async } from '@rushstack/node-core-library';\nimport { Colorize, type ITerminal } from '@rushstack/terminal';\nimport {\n  type IGetFetchOptions,\n  type IFetchOptionsWithBody,\n  type IWebClientResponse,\n  type WebClient,\n  AUTHORIZATION_HEADER_NAME\n} from '@rushstack/rush-sdk/lib/utilities/WebClient';\n\nimport type { IAmazonS3BuildCacheProviderOptionsAdvanced } from './AmazonS3BuildCacheProvider';\nimport { type IAmazonS3Credentials, fromRushEnv } from './AmazonS3Credentials';\n\nconst CONTENT_HASH_HEADER_NAME: 'x-amz-content-sha256' = 'x-amz-content-sha256';\nconst DATE_HEADER_NAME: 'x-amz-date' = 'x-amz-date';\nconst HOST_HEADER_NAME: 'host' = 'host';\nconst SECURITY_TOKEN_HEADER_NAME: 'x-amz-security-token' = 'x-amz-security-token';\n\ninterface IIsoDateString {\n  date: string;\n  dateTime: string;\n}\n\ntype RetryableRequestResponse<T> =\n  | {\n      hasNetworkError: true;\n      error: Error;\n    }\n  | {\n      hasNetworkError: false;\n      response: T;\n    };\n\nconst protocolRegex: RegExp = /^https?:\\/\\//;\nconst portRegex: RegExp = /:(\\d{1,5})$/;\n\n// Similar to https://docs.microsoft.com/en-us/javascript/api/@azure/storage-blob/storageretrypolicytype?view=azure-node-latest\nenum StorageRetryPolicyType {\n  EXPONENTIAL = 0,\n  FIXED = 1\n}\n\n// Similar to https://docs.microsoft.com/en-us/javascript/api/@azure/storage-blob/storageretryoptions?view=azure-node-latest\ninterface IStorageRetryOptions {\n  maxRetryDelayInMs: number;\n  maxTries: number;\n  retryDelayInMs: number;\n  retryPolicyType: StorageRetryPolicyType;\n}\n\nconst storageRetryOptions: IStorageRetryOptions = {\n  maxRetryDelayInMs: 120 * 1000,\n  maxTries: 4,\n  retryDelayInMs: 4 * 1000,\n  retryPolicyType: StorageRetryPolicyType.EXPONENTIAL\n};\n\n/**\n * A helper for reading and updating objects on Amazon S3\n *\n * @public\n */\nexport class AmazonS3Client {\n  private readonly _credentials: IAmazonS3Credentials | undefined;\n  private readonly _s3Endpoint: string;\n  private readonly _s3Region: string;\n\n  private readonly _webClient: WebClient;\n\n  private readonly _terminal: ITerminal;\n\n  public constructor(\n    credentials: IAmazonS3Credentials | undefined,\n    options: IAmazonS3BuildCacheProviderOptionsAdvanced,\n    webClient: WebClient,\n    terminal: ITerminal\n  ) {\n    this._credentials = credentials;\n    this._terminal = terminal;\n\n    this._validateEndpoint(options.s3Endpoint);\n\n    this._s3Endpoint = options.s3Endpoint;\n    this._s3Region = options.s3Region;\n\n    this._webClient = webClient;\n  }\n\n  // https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html#create-signature-presign-entire-payload\n  // We want to keep all slashes non encoded\n  public static UriEncode(input: string): string {\n    let output: string = '';\n    for (let i: number = 0; i < input.length; i += 1) {\n      const ch: string = input[i];\n      if (ch.match(/[A-Za-z0-9~._-]|\\//)) {\n        output += ch;\n      } else {\n        if (ch === ' ') {\n          output += '%20';\n        } else {\n          output += `%${ch.charCodeAt(0).toString(16).toUpperCase()}`;\n        }\n      }\n    }\n    return output;\n  }\n\n  public static tryDeserializeCredentials(\n    credentialString: string | undefined\n  ): IAmazonS3Credentials | undefined {\n    return fromRushEnv(credentialString);\n  }\n\n  public async getObjectAsync(objectName: string): Promise<Buffer | undefined> {\n    this._writeDebugLine('Reading object from S3');\n    return await this._sendCacheRequestWithRetriesAsync(async () => {\n      const response: IWebClientResponse = await this._makeRequestAsync('GET', objectName);\n      if (response.ok) {\n        return {\n          hasNetworkError: false,\n          response: await response.getBufferAsync()\n        };\n      } else if (response.status === 404) {\n        return {\n          hasNetworkError: false,\n          response: undefined\n        };\n      } else if (\n        (response.status === 400 || response.status === 401 || response.status === 403) &&\n        !this._credentials\n      ) {\n        // unauthorized due to not providing credentials,\n        // silence error for better DX when e.g. running locally without credentials\n        this._writeWarningLine(\n          `No credentials found and received a ${response.status}`,\n          ' response code from the cloud storage.',\n          ' Maybe run rush update-cloud-credentials',\n          ' or set the RUSH_BUILD_CACHE_CREDENTIAL env'\n        );\n        return {\n          hasNetworkError: false,\n          response: undefined\n        };\n      } else if (response.status === 400 || response.status === 401 || response.status === 403) {\n        throw await this._getS3ErrorAsync(response);\n      } else {\n        const error: Error = await this._getS3ErrorAsync(response);\n        return {\n          hasNetworkError: true,\n          error\n        };\n      }\n    });\n  }\n\n  public async uploadObjectAsync(objectName: string, objectBuffer: Buffer): Promise<void> {\n    if (!this._credentials) {\n      throw new Error('Credentials are required to upload objects to S3.');\n    }\n\n    await this._sendCacheRequestWithRetriesAsync(async () => {\n      const response: IWebClientResponse = await this._makeRequestAsync('PUT', objectName, objectBuffer);\n      if (!response.ok) {\n        return {\n          hasNetworkError: true,\n          error: await this._getS3ErrorAsync(response)\n        };\n      }\n      return {\n        hasNetworkError: false,\n        response: undefined\n      };\n    });\n  }\n\n  private _writeDebugLine(...messageParts: string[]): void {\n    // if the terminal has been closed then don't bother sending a debug message\n    try {\n      this._terminal.writeDebugLine(...messageParts);\n    } catch (err) {\n      // ignore error\n    }\n  }\n\n  private _writeWarningLine(...messageParts: string[]): void {\n    // if the terminal has been closed then don't bother sending a warning message\n    try {\n      this._terminal.writeWarningLine(...messageParts);\n    } catch (err) {\n      // ignore error\n    }\n  }\n\n  private async _makeRequestAsync(\n    verb: 'GET' | 'PUT',\n    objectName: string,\n    body?: Buffer\n  ): Promise<IWebClientResponse> {\n    const isoDateString: IIsoDateString = this._getIsoDateString();\n    const bodyHash: string = this._getSha256(body);\n    const headers: Record<string, string> = {};\n    headers[DATE_HEADER_NAME] = isoDateString.dateTime;\n    headers[CONTENT_HASH_HEADER_NAME] = bodyHash;\n\n    // the host can be e.g. https://s3.aws.com or http://localhost:9000\n    const host: string = this._s3Endpoint.replace(protocolRegex, '');\n    const canonicalUri: string = AmazonS3Client.UriEncode(`/${objectName}`);\n    this._writeDebugLine(Colorize.bold('Canonical URI: '), canonicalUri);\n\n    if (this._credentials) {\n      // Compute the authorization header. See https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html\n      const canonicalHeaders: string[] = [\n        `${HOST_HEADER_NAME}:${host}`,\n        `${CONTENT_HASH_HEADER_NAME}:${bodyHash}`,\n        `${DATE_HEADER_NAME}:${isoDateString.dateTime}`\n      ];\n\n      // Handle signing with temporary credentials (via sts:assume-role)\n      if (this._credentials.sessionToken) {\n        canonicalHeaders.push(`${SECURITY_TOKEN_HEADER_NAME}:${this._credentials.sessionToken}`);\n      }\n\n      // the canonical headers must be sorted by header name\n      canonicalHeaders.sort((aHeader, bHeader) => {\n        const aHeaderName: string = aHeader.split(':')[0];\n        const bHeaderName: string = bHeader.split(':')[0];\n        if (aHeaderName < bHeaderName) {\n          return -1;\n        }\n        if (aHeaderName > bHeaderName) {\n          return 1;\n        }\n        return 0;\n      });\n\n      // the singed header names are derived from the canonicalHeaders\n      const signedHeaderNamesString: string = canonicalHeaders\n        .map((header) => {\n          const headerName: string = header.split(':')[0];\n          return headerName;\n        })\n        .join(';');\n\n      // The canonical request looks like this:\n      //  GET\n      // /test.txt\n      //\n      // host:examplebucket.s3.amazonaws.com\n      // range:bytes=0-9\n      // x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n      // x-amz-date:20130524T000000Z\n      //\n      // host;range;x-amz-content-sha256;x-amz-date\n      // e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n      const canonicalRequest: string = [\n        verb,\n        canonicalUri,\n        '', // we don't use query strings for these requests\n        ...canonicalHeaders,\n        '',\n        signedHeaderNamesString,\n        bodyHash\n      ].join('\\n');\n      const canonicalRequestHash: string = this._getSha256(canonicalRequest);\n\n      const scope: string = `${isoDateString.date}/${this._s3Region}/s3/aws4_request`;\n      // The string to sign looks like this:\n      // AWS4-HMAC-SHA256\n      // 20130524T423589Z\n      // 20130524/us-east-1/s3/aws4_request\n      // 7344ae5b7ee6c3e7e6b0fe0640412a37625d1fbfff95c48bbb2dc43964946972\n      const stringToSign: string = [\n        'AWS4-HMAC-SHA256',\n        isoDateString.dateTime,\n        scope,\n        canonicalRequestHash\n      ].join('\\n');\n\n      const dateKey: Buffer = this._getSha256Hmac(\n        `AWS4${this._credentials.secretAccessKey}`,\n        isoDateString.date\n      );\n      const dateRegionKey: Buffer = this._getSha256Hmac(dateKey, this._s3Region);\n      const dateRegionServiceKey: Buffer = this._getSha256Hmac(dateRegionKey, 's3');\n      const signingKey: Buffer = this._getSha256Hmac(dateRegionServiceKey, 'aws4_request');\n      const signature: string = this._getSha256Hmac(signingKey, stringToSign, 'hex');\n\n      const authorizationHeader: string = `AWS4-HMAC-SHA256 Credential=${this._credentials.accessKeyId}/${scope},SignedHeaders=${signedHeaderNamesString},Signature=${signature}`;\n\n      headers[AUTHORIZATION_HEADER_NAME] = authorizationHeader;\n      if (this._credentials.sessionToken) {\n        // Handle signing with temporary credentials (via sts:assume-role)\n        headers['X-Amz-Security-Token'] = this._credentials.sessionToken;\n      }\n    }\n\n    const webFetchOptions: IGetFetchOptions | IFetchOptionsWithBody = {\n      verb,\n      headers\n    };\n    if (verb === 'PUT') {\n      (webFetchOptions as IFetchOptionsWithBody).body = body;\n    }\n\n    const url: string = `${this._s3Endpoint}${canonicalUri}`;\n\n    this._writeDebugLine(Colorize.bold(Colorize.underline('Sending request to S3')));\n    this._writeDebugLine(Colorize.bold('HOST: '), url);\n    this._writeDebugLine(Colorize.bold('Headers: '));\n    for (const [name, value] of Object.entries(headers)) {\n      this._writeDebugLine(Colorize.cyan(`\\t${name}: ${value}`));\n    }\n\n    const response: IWebClientResponse = await this._webClient.fetchAsync(url, webFetchOptions);\n\n    return response;\n  }\n\n  public _getSha256Hmac(key: string | Buffer, data: string): Buffer;\n  public _getSha256Hmac(key: string | Buffer, data: string, encoding: 'hex'): string;\n  public _getSha256Hmac(key: string | Buffer, data: string, encoding?: 'hex'): Buffer | string {\n    const hash: crypto.Hmac = crypto.createHmac('sha256', key);\n    hash.update(data);\n    if (encoding) {\n      return hash.digest(encoding);\n    } else {\n      return hash.digest();\n    }\n  }\n\n  private _getSha256(data?: string | Buffer): string {\n    if (data) {\n      const hash: crypto.Hash = crypto.createHash('sha256');\n      hash.update(data);\n      return hash.digest('hex');\n    } else {\n      // This is the null SHA256 hash\n      return 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855';\n    }\n  }\n\n  private _getIsoDateString(date: Date = new Date()): IIsoDateString {\n    let dateString: string = date.toISOString();\n    dateString = dateString.replace(/[-:]/g, ''); // Remove separator characters\n    dateString = dateString.substring(0, 15); // Drop milliseconds\n\n    // dateTime is an ISO8601 date. It looks like \"20130524T423589\"\n    // date is an ISO date. It looks like \"20130524\"\n    return {\n      dateTime: `${dateString}Z`,\n      date: dateString.substring(0, 8)\n    };\n  }\n\n  private async _safeReadResponseTextAsync(response: IWebClientResponse): Promise<string | undefined> {\n    try {\n      return await response.getTextAsync();\n    } catch (err) {\n      // ignore the error\n    }\n    return undefined;\n  }\n\n  private async _getS3ErrorAsync(response: IWebClientResponse): Promise<Error> {\n    const text: string | undefined = await this._safeReadResponseTextAsync(response);\n    return new Error(\n      `Amazon S3 responded with status code ${response.status} (${response.statusText})${\n        text ? `\\n${text}` : ''\n      }`\n    );\n  }\n\n  /**\n   * Validates a S3 endpoint which is http(s):// + hostname + port. Hostname validated according to RFC 1123\n   * {@link https://docs.aws.amazon.com/general/latest/gr/s3.html}\n   */\n  private _validateEndpoint(s3Endpoint: string): void {\n    let host: string = s3Endpoint;\n\n    if (!s3Endpoint) {\n      throw new Error('A S3 endpoint must be provided');\n    }\n\n    if (!s3Endpoint.match(protocolRegex)) {\n      throw new Error('The S3 endpoint must start with https:// or http://');\n    }\n\n    host = host.replace(protocolRegex, '');\n\n    if (host.match(/\\//)) {\n      throw new Error('The path should be omitted from the endpoint. Use s3Prefix to specify a path');\n    }\n\n    const portMatch: RegExpMatchArray | null = s3Endpoint.match(portRegex);\n    if (portMatch) {\n      const port: number = Number(portMatch[1]);\n      if (Number.isNaN(port) || port > 65535) {\n        throw new Error(`Port: ${port} is an invalid port number`);\n      }\n      host = host.replace(portRegex, '');\n    }\n\n    if (host.endsWith('.')) {\n      host = host.slice(0, host.length - 1);\n    }\n\n    if (host.length > 253) {\n      throw new Error(\n        'The S3 endpoint is too long. RFC 1123 specifies a hostname should be no longer than 253 characters.'\n      );\n    }\n\n    const subDomains: string[] = host.split('.');\n\n    const subDomainRegex: RegExp = /^[a-zA-Z0-9-]+$/;\n    const isValid: boolean = subDomains.every((subDomain) => {\n      return (\n        subDomainRegex.test(subDomain) &&\n        subDomain.length < 64 &&\n        !subDomain.startsWith('-') &&\n        !subDomain.endsWith('-')\n      );\n    });\n\n    if (!isValid) {\n      throw new Error(\n        'Invalid S3 endpoint. Some part of the hostname contains invalid characters or is too long'\n      );\n    }\n  }\n\n  private async _sendCacheRequestWithRetriesAsync<T>(\n    sendRequest: () => Promise<RetryableRequestResponse<T>>\n  ): Promise<T> {\n    const response: RetryableRequestResponse<T> = await sendRequest();\n\n    const log: (...messageParts: string[]) => void = this._writeDebugLine.bind(this);\n\n    if (response.hasNetworkError) {\n      if (storageRetryOptions && storageRetryOptions.maxTries > 1) {\n        log('Network request failed. Will retry request as specified in storageRetryOptions');\n        async function retry(retryAttempt: number): Promise<T> {\n          const { retryDelayInMs, retryPolicyType, maxTries, maxRetryDelayInMs } = storageRetryOptions;\n          let delay: number = retryDelayInMs;\n          if (retryPolicyType === StorageRetryPolicyType.EXPONENTIAL) {\n            delay = retryDelayInMs * Math.pow(2, retryAttempt - 1);\n          }\n          delay = Math.min(maxRetryDelayInMs, delay);\n\n          log(`Will retry request in ${delay}s...`);\n          await Async.sleepAsync(delay);\n          const retryResponse: RetryableRequestResponse<T> = await sendRequest();\n\n          if (retryResponse.hasNetworkError) {\n            if (retryAttempt < maxTries - 1) {\n              log('The retried request failed, will try again');\n              return retry(retryAttempt + 1);\n            } else {\n              log('The retried request failed and has reached the maxTries limit');\n              throw retryResponse.error;\n            }\n          }\n\n          return retryResponse.response;\n        }\n        return retry(1);\n      } else {\n        log('Network request failed and storageRetryOptions is not specified');\n        throw response.error;\n      }\n    }\n\n    return response.response;\n  }\n}\n"]}

package/lib-esm/AmazonS3Credentials.js

@@ -0,0 +1,50 @@
+// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
+// See LICENSE in the project root for license information.
+import { EnvironmentConfiguration } from '@rushstack/rush-sdk';
+export const AWS_ACCESS_KEY_ID = 'AWS_ACCESS_KEY_ID';
+export const AWS_SECRET_ACCESS_KEY = 'AWS_SECRET_ACCESS_KEY';
+export const AWS_SESSION_TOKEN = 'AWS_SESSION_TOKEN';
+/**
+ * Attempt to read credentials from the commonly used AWS_* env vars.
+ */
+export const fromAmazonEnv = () => {
+    const accessKeyId = process.env[AWS_ACCESS_KEY_ID];
+    const secretAccessKey = process.env[AWS_SECRET_ACCESS_KEY];
+    const sessionToken = process.env[AWS_SESSION_TOKEN];
+    if (accessKeyId && secretAccessKey) {
+        return {
+            accessKeyId,
+            secretAccessKey,
+            sessionToken
+        };
+    }
+    else if (accessKeyId) {
+        throw new Error(`The "${AWS_ACCESS_KEY_ID}" env variable is set, but the "${AWS_SECRET_ACCESS_KEY}" ` +
+            `env variable is not set. Both or neither must be provided.`);
+    }
+    else if (secretAccessKey) {
+        throw new Error(`The "${AWS_SECRET_ACCESS_KEY}" env variable is set, but the "${AWS_ACCESS_KEY_ID}" ` +
+            `env variable is not set. Both or neither must be provided.`);
+    }
+    else {
+        return undefined;
+    }
+};
+/**
+ * Attempt to parse credentials set from the RUSH_BUILD_CACHE_CREDENTIAL env var.
+ */
+export const fromRushEnv = (credential = EnvironmentConfiguration.buildCacheCredential) => {
+    if (!credential) {
+        return undefined;
+    }
+    const fields = credential.split(':');
+    if (fields.length < 2 || fields.length > 3) {
+        throw new Error(`Rush build cache credential is in an unexpected format.`);
+    }
+    return {
+        accessKeyId: fields[0],
+        secretAccessKey: fields[1],
+        sessionToken: fields[2]
+    };
+};
+//# sourceMappingURL=AmazonS3Credentials.js.map

package/lib-esm/AmazonS3Credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AmazonS3Credentials.js","sourceRoot":"","sources":["../src/AmazonS3Credentials.ts"],"names":[],"mappings":"AAAA,4FAA4F;AAC5F,2DAA2D;AAE3D,OAAO,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AAE/D,MAAM,CAAC,MAAM,iBAAiB,GAAwB,mBAAmB,CAAC;AAC1E,MAAM,CAAC,MAAM,qBAAqB,GAA4B,uBAAuB,CAAC;AACtF,MAAM,CAAC,MAAM,iBAAiB,GAAwB,mBAAmB,CAAC;AAa1E;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,GAAqC,EAAE;IAClE,MAAM,WAAW,GAAuB,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACvE,MAAM,eAAe,GAAuB,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC/E,MAAM,YAAY,GAAuB,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAExE,IAAI,WAAW,IAAI,eAAe,EAAE,CAAC;QACnC,OAAO;YACL,WAAW;YACX,eAAe;YACf,YAAY;SACb,CAAC;IACJ,CAAC;SAAM,IAAI,WAAW,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,QAAQ,iBAAiB,mCAAmC,qBAAqB,IAAI;YACnF,4DAA4D,CAC/D,CAAC;IACJ,CAAC;SAAM,IAAI,eAAe,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,QAAQ,qBAAqB,mCAAmC,iBAAiB,IAAI;YACnF,4DAA4D,CAC/D,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,CACzB,UAAU,GAAG,wBAAwB,CAAC,oBAAoB,EACxB,EAAE;IACpC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAa,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IAED,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;QAC1B,YAAY,EAAE,MAAM,CAAC,CAAC,CAAC;KACxB,CAAC;AACJ,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\n// See LICENSE in the project root for license information.\n\nimport { EnvironmentConfiguration } from '@rushstack/rush-sdk';\n\nexport const AWS_ACCESS_KEY_ID: 'AWS_ACCESS_KEY_ID' = 'AWS_ACCESS_KEY_ID';\nexport const AWS_SECRET_ACCESS_KEY: 'AWS_SECRET_ACCESS_KEY' = 'AWS_SECRET_ACCESS_KEY';\nexport const AWS_SESSION_TOKEN: 'AWS_SESSION_TOKEN' = 'AWS_SESSION_TOKEN';\n\n/**\n * Credentials for authorizing and signing requests to an Amazon S3 endpoint.\n *\n * @public\n */\nexport interface IAmazonS3Credentials {\n  accessKeyId: string;\n  secretAccessKey: string;\n  sessionToken: string | undefined;\n}\n\n/**\n * Attempt to read credentials from the commonly used AWS_* env vars.\n */\nexport const fromAmazonEnv = (): IAmazonS3Credentials | undefined => {\n  const accessKeyId: string | undefined = process.env[AWS_ACCESS_KEY_ID];\n  const secretAccessKey: string | undefined = process.env[AWS_SECRET_ACCESS_KEY];\n  const sessionToken: string | undefined = process.env[AWS_SESSION_TOKEN];\n\n  if (accessKeyId && secretAccessKey) {\n    return {\n      accessKeyId,\n      secretAccessKey,\n      sessionToken\n    };\n  } else if (accessKeyId) {\n    throw new Error(\n      `The \"${AWS_ACCESS_KEY_ID}\" env variable is set, but the \"${AWS_SECRET_ACCESS_KEY}\" ` +\n        `env variable is not set. Both or neither must be provided.`\n    );\n  } else if (secretAccessKey) {\n    throw new Error(\n      `The \"${AWS_SECRET_ACCESS_KEY}\" env variable is set, but the \"${AWS_ACCESS_KEY_ID}\" ` +\n        `env variable is not set. Both or neither must be provided.`\n    );\n  } else {\n    return undefined;\n  }\n};\n\n/**\n * Attempt to parse credentials set from the RUSH_BUILD_CACHE_CREDENTIAL env var.\n */\nexport const fromRushEnv = (\n  credential = EnvironmentConfiguration.buildCacheCredential\n): IAmazonS3Credentials | undefined => {\n  if (!credential) {\n    return undefined;\n  }\n\n  const fields: string[] = credential.split(':');\n  if (fields.length < 2 || fields.length > 3) {\n    throw new Error(`Rush build cache credential is in an unexpected format.`);\n  }\n\n  return {\n    accessKeyId: fields[0],\n    secretAccessKey: fields[1],\n    sessionToken: fields[2]\n  };\n};\n"]}

package/lib-esm/RushAmazonS3BuildCachePlugin.js

@@ -0,0 +1,53 @@
+// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
+// See LICENSE in the project root for license information.
+const PLUGIN_NAME = 'AmazonS3BuildCachePlugin';
+/**
+ * @public
+ */
+export class RushAmazonS3BuildCachePlugin {
+    constructor() {
+        this.pluginName = PLUGIN_NAME;
+    }
+    apply(rushSession, rushConfig) {
+        rushSession.hooks.initialize.tap(PLUGIN_NAME, () => {
+            rushSession.registerCloudBuildCacheProviderFactory('amazon-s3', async (buildCacheConfig) => {
+                const { amazonS3Configuration } = buildCacheConfig;
+                let options;
+                const { s3Endpoint, s3Bucket, s3Region } = amazonS3Configuration;
+                const s3Prefix = amazonS3Configuration.s3Prefix || undefined;
+                const isCacheWriteAllowed = !!amazonS3Configuration.isCacheWriteAllowed;
+                if (s3Prefix && s3Prefix[0] === '/') {
+                    throw new Error('s3Prefix should not have a leading /');
+                }
+                // mutually exclusive
+                if (s3Bucket && s3Endpoint) {
+                    throw new Error('Only one of "s3Bucket" or "s3Endpoint" must be provided.');
+                }
+                if (s3Endpoint) {
+                    options = {
+                        // IAmazonS3BuildCacheProviderOptionsAdvanced
+                        s3Region,
+                        s3Endpoint,
+                        s3Prefix,
+                        isCacheWriteAllowed
+                    };
+                }
+                if (s3Bucket) {
+                    options = {
+                        // IAmazonS3BuildCacheProviderOptionsSimple
+                        s3Region,
+                        s3Bucket,
+                        s3Prefix,
+                        isCacheWriteAllowed
+                    };
+                }
+                if (!options) {
+                    throw new Error('You must provide either an s3Endpoint or s3Bucket');
+                }
+                const { AmazonS3BuildCacheProvider } = await import('./AmazonS3BuildCacheProvider');
+                return new AmazonS3BuildCacheProvider(options, rushSession);
+            });
+        });
+    }
+}
+//# sourceMappingURL=RushAmazonS3BuildCachePlugin.js.map

package/lib-esm/RushAmazonS3BuildCachePlugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RushAmazonS3BuildCachePlugin.js","sourceRoot":"","sources":["../src/RushAmazonS3BuildCachePlugin.ts"],"names":[],"mappings":"AAAA,4FAA4F;AAC5F,2DAA2D;AAS3D,MAAM,WAAW,GAAW,0BAA0B,CAAC;AAgCvD;;GAEG;AACH,MAAM,OAAO,4BAA4B;IAAzC;QACS,eAAU,GAAW,WAAW,CAAC;IAqD1C,CAAC;IAnDQ,KAAK,CAAC,WAAwB,EAAE,UAA6B;QAClE,WAAW,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,EAAE;YACjD,WAAW,CAAC,sCAAsC,CAAC,WAAW,EAAE,KAAK,EAAE,gBAAgB,EAAE,EAAE;gBAIzF,MAAM,EAAE,qBAAqB,EAAE,GAAG,gBAA+B,CAAC;gBAClE,IAAI,OAGS,CAAC;gBACd,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,qBAAqB,CAAC;gBACjE,MAAM,QAAQ,GAAuB,qBAAqB,CAAC,QAAQ,IAAI,SAAS,CAAC;gBACjF,MAAM,mBAAmB,GAAY,CAAC,CAAC,qBAAqB,CAAC,mBAAmB,CAAC;gBAEjF,IAAI,QAAQ,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;oBACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;gBAC1D,CAAC;gBAED,qBAAqB;gBACrB,IAAI,QAAQ,IAAI,UAAU,EAAE,CAAC;oBAC3B,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;gBAC9E,CAAC;gBAED,IAAI,UAAU,EAAE,CAAC;oBACf,OAAO,GAAG;wBACR,6CAA6C;wBAC7C,QAAQ;wBACR,UAAU;wBACV,QAAQ;wBACR,mBAAmB;qBACpB,CAAC;gBACJ,CAAC;gBACD,IAAI,QAAQ,EAAE,CAAC;oBACb,OAAO,GAAG;wBACR,2CAA2C;wBAC3C,QAAQ;wBACR,QAAQ;wBACR,QAAQ;wBACR,mBAAmB;qBACpB,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;gBACvE,CAAC;gBAED,MAAM,EAAE,0BAA0B,EAAE,GAAG,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;gBACpF,OAAO,IAAI,0BAA0B,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAC9D,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\n// See LICENSE in the project root for license information.\n\nimport type { IRushPlugin, RushSession, RushConfiguration } from '@rushstack/rush-sdk';\n\nimport type {\n  IAmazonS3BuildCacheProviderOptionsAdvanced,\n  IAmazonS3BuildCacheProviderOptionsSimple\n} from './AmazonS3BuildCacheProvider';\n\nconst PLUGIN_NAME: string = 'AmazonS3BuildCachePlugin';\n\n/**\n * @public\n */\nexport interface IAmazonS3ConfigurationJson {\n  /**\n   * (Required unless s3Endpoint is specified) The name of the bucket to use for build cache (e.g. \"my-bucket\").\n   */\n  s3Bucket?: string;\n\n  /**\n   * (Required unless s3Bucket is specified) The Amazon S3 endpoint of the bucket to use for build cache (e.g. \"my-bucket.s3.us-east-2.amazonaws.com\" or \"http://localhost:9000\").\n   */\n  s3Endpoint?: string;\n\n  /**\n   * The Amazon S3 region of the bucket to use for build cache (e.g. \"us-east-1\").\n   */\n  s3Region: string;\n\n  /**\n   * An optional prefix (\"folder\") for cache items.\n   */\n  s3Prefix?: string;\n\n  /**\n   * If set to true, allow writing to the cache. Defaults to false.\n   */\n  isCacheWriteAllowed?: boolean;\n}\n\n/**\n * @public\n */\nexport class RushAmazonS3BuildCachePlugin implements IRushPlugin {\n  public pluginName: string = PLUGIN_NAME;\n\n  public apply(rushSession: RushSession, rushConfig: RushConfiguration): void {\n    rushSession.hooks.initialize.tap(PLUGIN_NAME, () => {\n      rushSession.registerCloudBuildCacheProviderFactory('amazon-s3', async (buildCacheConfig) => {\n        type IBuildCache = typeof buildCacheConfig & {\n          amazonS3Configuration: IAmazonS3ConfigurationJson;\n        };\n        const { amazonS3Configuration } = buildCacheConfig as IBuildCache;\n        let options:\n          | IAmazonS3BuildCacheProviderOptionsAdvanced\n          | IAmazonS3BuildCacheProviderOptionsSimple\n          | undefined;\n        const { s3Endpoint, s3Bucket, s3Region } = amazonS3Configuration;\n        const s3Prefix: undefined | string = amazonS3Configuration.s3Prefix || undefined;\n        const isCacheWriteAllowed: boolean = !!amazonS3Configuration.isCacheWriteAllowed;\n\n        if (s3Prefix && s3Prefix[0] === '/') {\n          throw new Error('s3Prefix should not have a leading /');\n        }\n\n        // mutually exclusive\n        if (s3Bucket && s3Endpoint) {\n          throw new Error('Only one of \"s3Bucket\" or \"s3Endpoint\" must be provided.');\n        }\n\n        if (s3Endpoint) {\n          options = {\n            // IAmazonS3BuildCacheProviderOptionsAdvanced\n            s3Region,\n            s3Endpoint,\n            s3Prefix,\n            isCacheWriteAllowed\n          };\n        }\n        if (s3Bucket) {\n          options = {\n            // IAmazonS3BuildCacheProviderOptionsSimple\n            s3Region,\n            s3Bucket,\n            s3Prefix,\n            isCacheWriteAllowed\n          };\n        }\n        if (!options) {\n          throw new Error('You must provide either an s3Endpoint or s3Bucket');\n        }\n\n        const { AmazonS3BuildCacheProvider } = await import('./AmazonS3BuildCacheProvider');\n        return new AmazonS3BuildCacheProvider(options, rushSession);\n      });\n    });\n  }\n}\n"]}

package/lib-esm/index.js

@@ -0,0 +1,7 @@
+// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
+// See LICENSE in the project root for license information.
+/// <reference types="node" preserve="true" />
+import { RushAmazonS3BuildCachePlugin } from './RushAmazonS3BuildCachePlugin';
+export { AmazonS3Client } from './AmazonS3Client';
+export default RushAmazonS3BuildCachePlugin;
+//# sourceMappingURL=index.js.map

package/lib-esm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,4FAA4F;AAC5F,2DAA2D;AAE3D,8CAA8C;AAE9C,OAAO,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AAG9E,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,eAAe,4BAA4B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\n// See LICENSE in the project root for license information.\n\n/// <reference types=\"node\" preserve=\"true\" />\n\nimport { RushAmazonS3BuildCachePlugin } from './RushAmazonS3BuildCachePlugin';\n\nexport { type IAmazonS3Credentials } from './AmazonS3Credentials';\nexport { AmazonS3Client } from './AmazonS3Client';\nexport default RushAmazonS3BuildCachePlugin;\nexport type {\n  IAmazonS3BuildCacheProviderOptionsBase,\n  IAmazonS3BuildCacheProviderOptionsAdvanced,\n  IAmazonS3BuildCacheProviderOptionsSimple\n} from './AmazonS3BuildCacheProvider';\n"]}

package/lib-esm/schemas/amazon-s3-config.schema.json

@@ -0,0 +1,51 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "title": "Configuration for build cache with Amazon S3 configuration",
+  "type": "object",
+  "oneOf": [
+    {
+      "type": "object",
+      "required": ["s3Endpoint", "s3Region"],
+      "properties": {
+        "s3Endpoint": {
+          "type": "string",
+          "description": "(Required) The Amazon S3 endpoint of the bucket to use for build cache (e.g. \"s3.us-east-2.amazonaws.com\")."
+        },
+        "s3Region": {
+          "type": "string",
+          "description": "(Required) The Amazon S3 region of the bucket to use for build cache (e.g. \"us-east-1\")."
+        },
+        "s3Prefix": {
+          "type": "string",
+          "description": "An optional prefix (\"folder\") for cache items."
+        },
+        "isCacheWriteAllowed": {
+          "type": "boolean",
+          "description": "If set to true, allow writing to the cache. Defaults to false."
+        }
+      }
+    },
+    {
+      "type": "object",
+      "required": ["s3Bucket", "s3Region"],
+      "properties": {
+        "s3Bucket": {
+          "type": "string",
+          "description": "(Required unless s3Endpoint is specified) The name of the bucket to use for build cache (e.g. \"my-bucket\")."
+        },
+        "s3Region": {
+          "type": "string",
+          "description": "(Required) The Amazon S3 region of the bucket to use for build cache (e.g. \"us-east-1\")."
+        },
+        "s3Prefix": {
+          "type": "string",
+          "description": "An optional prefix (\"folder\") for cache items."
+        },
+        "isCacheWriteAllowed": {
+          "type": "boolean",
+          "description": "If set to true, allow writing to the cache. Defaults to false."
+        }
+      }
+    }
+  ]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rushstack/rush-amazon-s3-build-cache-plugin",
-  "version": "5.168.0",
+  "version": "5.169.1",
   "description": "Rush plugin for Amazon S3 cloud build cache",
   "repository": {
     "type": "git",
@@ -8,22 +8,46 @@
     "directory": "rush-plugins/rush-amazon-s3-build-cache-plugin"
   },
   "homepage": "https://rushjs.io",
-  "main": "lib/index.js",
-  "types": "lib/index.d.ts",
+  "main": "./lib-commonjs/index.js",
+  "module": "./lib-esm/index.js",
+  "types": "./lib-dts/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./lib-dts/index.d.ts",
+      "import": "./lib-esm/index.js",
+      "require": "./lib-commonjs/index.js"
+    },
+    "./lib/*.schema.json": "./lib-commonjs/*.schema.json",
+    "./lib/*": {
+      "types": "./lib-dts/*.d.ts",
+      "import": "./lib-esm/*.js",
+      "require": "./lib-commonjs/*.js"
+    },
+    "./rush-plugin-manifest.json": "./rush-plugin-manifest.json",
+    "./package.json": "./package.json"
+  },
+  "typesVersions": {
+    "*": {
+      "lib/*": [
+        "lib-dts/*"
+      ]
+    }
+  },
   "license": "MIT",
   "dependencies": {
     "https-proxy-agent": "~5.0.0",
-    "@rushstack/node-core-library": "5.19.1",
-    "@rushstack/rush-sdk": "5.168.0",
-    "@rushstack/credential-cache": "0.1.11",
-    "@rushstack/terminal": "0.21.0"
+    "@rushstack/credential-cache": "0.2.0",
+    "@rushstack/node-core-library": "5.20.0",
+    "@rushstack/terminal": "0.22.0",
+    "@rushstack/rush-sdk": "5.169.1"
   },
   "devDependencies": {
     "eslint": "~9.37.0",
-    "@microsoft/rush-lib": "5.168.0",
-    "@rushstack/heft": "1.1.14",
+    "@microsoft/rush-lib": "5.169.1",
+    "@rushstack/heft": "1.2.0",
     "local-node-rig": "1.0.0"
   },
+  "sideEffects": false,
   "scripts": {
     "build": "heft build --clean",
     "start": "heft test --clean --watch",

package/rush-plugin-manifest.json

@@ -4,8 +4,8 @@
     {
       "pluginName": "rush-amazon-s3-build-cache-plugin",
       "description": "Rush plugin for Amazon S3 cloud build cache",
-      "entryPoint": "lib/index.js",
-      "optionsSchema": "lib/schemas/amazon-s3-config.schema.json"
+      "entryPoint": "./lib-commonjs/index.js",
+      "optionsSchema": "./lib-commonjs/schemas/amazon-s3-config.schema.json"
     }
   ]
 }