zephyr-agent 1.1.0 → 1.1.1-next.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/auth/login.js +5 -0
- package/dist/lib/auth/login.js.map +1 -1
- package/dist/lib/http/http-request.js +3 -1
- package/dist/lib/http/http-request.js.map +1 -1
- package/dist/lib/node-persist/ci-token-identity/github.d.ts +2 -0
- package/dist/lib/node-persist/ci-token-identity/github.js +103 -0
- package/dist/lib/node-persist/ci-token-identity/github.js.map +1 -0
- package/dist/lib/node-persist/ci-token-identity/gitlab.d.ts +2 -0
- package/dist/lib/node-persist/ci-token-identity/gitlab.js +122 -0
- package/dist/lib/node-persist/ci-token-identity/gitlab.js.map +1 -0
- package/dist/lib/node-persist/ci-token-identity/types.d.ts +15 -0
- package/dist/lib/node-persist/ci-token-identity/types.js +3 -0
- package/dist/lib/node-persist/ci-token-identity/types.js.map +1 -0
- package/dist/lib/node-persist/ci-token-identity/utils.d.ts +8 -0
- package/dist/lib/node-persist/ci-token-identity/utils.js +62 -0
- package/dist/lib/node-persist/ci-token-identity/utils.js.map +1 -0
- package/dist/lib/node-persist/ci-token-identity.d.ts +3 -0
- package/dist/lib/node-persist/ci-token-identity.js +19 -0
- package/dist/lib/node-persist/ci-token-identity.js.map +1 -0
- package/dist/lib/node-persist/ci-token.d.ts +2 -0
- package/dist/lib/node-persist/ci-token.js +13 -0
- package/dist/lib/node-persist/ci-token.js.map +1 -0
- package/dist/lib/node-persist/storage-keys.d.ts +1 -0
- package/dist/lib/node-persist/storage-keys.js +1 -0
- package/dist/lib/node-persist/storage-keys.js.map +1 -1
- package/dist/lib/node-persist/token.js +37 -0
- package/dist/lib/node-persist/token.js.map +1 -1
- package/dist/package.json +1 -1
- package/package.json +2 -2
package/dist/lib/auth/login.js
CHANGED
|
@@ -17,6 +17,7 @@ const storage_keys_1 = require("../node-persist/storage-keys");
|
|
|
17
17
|
const token_1 = require("../node-persist/token");
|
|
18
18
|
const sse_1 = require("./sse");
|
|
19
19
|
const auth_flags_1 = require("./auth-flags");
|
|
20
|
+
const ci_token_1 = require("../node-persist/ci-token");
|
|
20
21
|
const server_token_1 = require("../node-persist/server-token");
|
|
21
22
|
/**
|
|
22
23
|
* Check if the user is already authenticated. If not, ask if they want to open a browser
|
|
@@ -29,6 +30,7 @@ async function checkAuth(git_config) {
|
|
|
29
30
|
try {
|
|
30
31
|
const secret_token = (0, secret_token_1.getSecretToken)();
|
|
31
32
|
const server_token = (0, server_token_1.getServerToken)();
|
|
33
|
+
const ci_token = (0, ci_token_1.getCiToken)();
|
|
32
34
|
if (secret_token) {
|
|
33
35
|
(0, ze_log_event_1.logFn)('debug', 'Token found in environment. Using secret token for authentication.');
|
|
34
36
|
return;
|
|
@@ -36,6 +38,9 @@ async function checkAuth(git_config) {
|
|
|
36
38
|
if (server_token) {
|
|
37
39
|
(0, ze_log_event_1.logFn)('debug', 'Server token found in environment. Using server token for authentication.');
|
|
38
40
|
}
|
|
41
|
+
if (ci_token) {
|
|
42
|
+
(0, ze_log_event_1.logFn)('debug', 'CI token found in environment. Using CI-inferred token attribution.');
|
|
43
|
+
}
|
|
39
44
|
const existingToken = await (0, token_1.getToken)(git_config);
|
|
40
45
|
if (existingToken) {
|
|
41
46
|
// Check if the token has a valid expiration date.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/lib/auth/login.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/lib/auth/login.ts"],"names":[],"mappings":";;AAwBA,8BAsFC;AASD,8CAeC;;AAtID,mDAA6B;AAC7B,gEAA0C;AAC1C,+DAAuE;AACvE,sCAAkD;AAClD,uDAAmD;AACnD,wCAA8C;AAC9C,oDAAqF;AACrF,0DAA8D;AAC9D,+DAA8D;AAC9D,+DAA4E;AAC5E,+DAA2D;AAC3D,iDAAyE;AACzE,+BAAqC;AACrC,6CAA4C;AAC5C,uDAAsD;AACtD,+DAA8D;AAG9D;;;;;GAKG;AACI,KAAK,UAAU,SAAS,CAAC,UAAqB;;;QACnD,MAAM,YAAY,GAAG,IAAA,6BAAc,GAAE,CAAC;QACtC,MAAM,YAAY,GAAG,IAAA,6BAAc,GAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAA,qBAAU,GAAE,CAAC;QAE9B,IAAI,YAAY,EAAE,CAAC;YACjB,IAAA,oBAAK,EAAC,OAAO,EAAE,oEAAoE,CAAC,CAAC;YACrF,OAAO;QACT,CAAC;QAED,IAAI,YAAY,EAAE,CAAC;YACjB,IAAA,oBAAK,EACH,OAAO,EACP,2EAA2E,CAC5E,CAAC;QACJ,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,IAAA,oBAAK,EACH,OAAO,EACP,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,gBAAQ,EAAC,UAAU,CAAC,CAAC;QAEjD,IAAI,aAAa,EAAE,CAAC;YAClB,kDAAkD;YAClD,IAAI,iBAAiB,CAAC,aAAa,EAAE,yBAAY,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5E,gBAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;gBACzC,OAAO;YACT,CAAC;YAED,MAAM,IAAA,mBAAW,GAAE,CAAC;QACtB,CAAC;QAED,0EAA0E;QAC1E,sCAAsC;QACtC,IAAI,CAAC,iBAAK,EAAE,CAAC;YACX,IAAA,oBAAK,EAAC,MAAM,EAAE,kBAAkB,0BAAW,CAAC,eAAe,GAAG,CAAC,CAAC;QAClE,CAAC;QAED,iDAAiD;QACjD,IAAA,oBAAK,EAAC,EAAE,EAAE,GAAG,IAAA,kBAAM,EAAC,yBAAyB,CAAC,uCAAuC,CAAC,CAAC;QAEvF,+BAA+B;QAC/B,MAAM,UAAU,0CAAG,IAAA,4BAAa,GAAE,QAAA,CAAC;QACnC,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/D,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,IAAA,oBAAK,EAAC,EAAE,EAAE,IAAA,gBAAI,EAAC,+BAA+B,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,iBAAiB,GAAG,IAAI,eAAe,EAAE,CAAC;QAEhD,qDAAqD;QACrD,KAAK,mBAAmB,CAAC,OAAO,EAAE,iBAAiB,CAAC,MAAM,CAAC;aACxD,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;aAC5B,KAAK,CAAC,GAAG,EAAE,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;QAE7C,+DAA+D;QAC/D,gCAAgC;QAChC,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CACzE,iBAAiB,CAAC,KAAK,EAAE,CAC1B,CAAC;YAEF,MAAM,IAAA,iBAAS,EAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,yEAAyE;YACzE,2CAA2C;YAC3C,+EAA+E;YAC/E,MAAM,IAAA,4BAAa,EAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAE9C,MAAM,KAAK,GAAG,MAAM,IAAA,gBAAQ,EAAC,UAAU,CAAC,CAAC;YAEzC,uEAAuE;YACvE,wBAAwB;YACxB,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,oBAAW,CAAC,iBAAQ,CAAC,cAAc,EAAE;oBAC7C,OAAO,EAAE,+DAA+D;iBACzE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAA,oBAAK,EAAC,EAAE,EAAE,GAAG,IAAA,iBAAK,EAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;;;;;;;;;CACpE;AAED;;;;;;GAMG;AACH,SAAgB,iBAAiB,CAAC,KAAa,EAAE,GAAG,GAAG,CAAC;IACtD,+BAA+B;IAC/B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAE3C,IAAI,YAAY,CAAC,GAAG,EAAE,CAAC;YACrB,OAAO,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC;QAC/E,CAAC;QAED,2CAA2C;QAC3C,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,WAAM,CAAC;QACP,yCAAyC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,0DAA0D;AAC1D,KAAK,UAAU,mBAAmB,CAChC,OAAe,EACf,MAAmB;IAEnB,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;QAClC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,MAAM;KACP,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;QACrC,EAAE,CAAC,QAAQ,CACT,IAAA,2BAAY,EAAC;EACjB,OAAO;;EAEP,IAAA,gBAAI,EAAC,eAAe,IAAA,gBAAI,EAAC,IAAA,iBAAK,EAAC,OAAO,CAAC,CAAC,iCAAiC,CAAC;CAC3E,CAAC,EAEI,EAAE,MAAM,EAAE,EACV,OAAO,CACR,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,uEAAuE;AACvE,SAAS,mBAAmB,CAAC,GAAW;IACtC,IAAA,oBAAK,EAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACd,IAAA,oBAAK,EAAC,EAAE,EAAE,wDAAwD,CAAC,CAAC;IACpE,IAAA,oBAAK,EAAC,EAAE,EAAE,GAAG,IAAA,kBAAM,EAAC,iDAAiD,CAAC,EAAE,CAAC,CAAC;IAC1E,IAAA,oBAAK,EAAC,EAAE,EAAE,GAAG,CAAC,CAAC;IACf,IAAA,oBAAK,EAAC,EAAE,EAAE,GAAG,IAAA,gBAAI,EAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC;AACrF,CAAC;AAED,kDAAkD;AAClD,KAAK,UAAU,OAAO,CAAC,GAAW;IAChC,2BAA2B;IAC3B,sEAAsE;IACtE,MAAM,UAAU,GAAG,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,CAA0B,CAAC;IAC3E,MAAM,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;AAChC,CAAC;AAED,kDAAkD;AAClD,KAAK,UAAU,oBAAoB,CAAC,KAAa;IAC/C,gBAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,GAAG,IAAA,sCAAe,GAAE,GAAG,qCAAc,CAAC,cAAc,UAAU,KAAK,EAAE,CACtE,CAAC;IACF,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,MAAM,IAAA,0BAAW,EAAS;QAClD,IAAI,EAAE,qCAAc,CAAC,cAAc;QACnC,IAAI,EAAE,IAAA,sCAAe,GAAE;QACvB,KAAK,EAAE,EAAE,KAAK,EAAE;KACjB,CAAC,CAAC;IAEH,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,oBAAW,CAAC,iBAAQ,CAAC,cAAc,EAAE;YAC7C,KAAK;YACL,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,UAAkB;IAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,qCAAc,CAAC,SAAS,EAAE,IAAA,sCAAe,GAAE,CAAC,CAAC;IACjE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IAC9C,MAAM,YAAY,GAAG,IAAI,kBAAY,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,YAAY,EAAE,CAAC;IAC/C,IAAA,kBAAQ,EAAC,oBAAoB,EAAE,8BAA8B,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC/E,OAAO,IAAI,CAAC,KAAK,CAAC;AACpB,CAAC"}
|
|
@@ -46,7 +46,9 @@ function redactResponse(url, options, data, response, startTime = Date.now()) {
|
|
|
46
46
|
].join('\n');
|
|
47
47
|
return str
|
|
48
48
|
.replace(/Bearer ([^"|']+)/gi, 'Bearer [REDACTED]')
|
|
49
|
-
.replace(/"?jwt"?:["|\W']{0,2}([^"|']+)(["|'])/gi, 'jwt: [REDACTED]')
|
|
49
|
+
.replace(/"?jwt"?:["|\W']{0,2}([^"|']+)(["|'])/gi, 'jwt: [REDACTED]')
|
|
50
|
+
.replace(/"?jobToken"?:["|\W']{0,2}([^"|']+)(["|'])/gi, 'jobToken: [REDACTED]')
|
|
51
|
+
.replace(/"?access_token"?:["|\W']{0,2}([^"|']+)(["|'])/gi, 'access_token: [REDACTED]');
|
|
50
52
|
}
|
|
51
53
|
/** Main HTTP request function that handles the request and response */
|
|
52
54
|
async function makeHttpRequest(url, options = {}, data) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http-request.js","sourceRoot":"","sources":["../../../src/lib/http/http-request.ts"],"names":[],"mappings":";;AAuCA,4BAcC;
|
|
1
|
+
{"version":3,"file":"http-request.js","sourceRoot":"","sources":["../../../src/lib/http/http-request.ts"],"names":[],"mappings":";;AAuCA,4BAcC;AAyBD,0CAyDC;AAGD,kCAOC;AAGD,wCAQC;AA5JD,+DAK8B;AAC9B,sCAAkD;AAClD,4CAA0C;AAC1C,iDAAoD;AACpD,6DAAwD;AAgBxD,SAAS,YAAY,CAAC,GAAQ;IAC5B,iDAAiD;IACjD,MAAM,UAAU,GAAG,IAAA,oCAAa,GAAE,CAAC;IACnC,MAAM,oBAAoB,GAAG,IAAA,2CAAoB,GAAE,CAAC;IACpD,MAAM,mBAAmB,GAAG,IAAA,0CAAmB,GAAE,CAAC;IAElD,IAAI,UAAU,IAAI,GAAG,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;QACpD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8CAA8C;AAC9C,SAAgB,QAAQ,CAAC,MAAiB;IACxC,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,YAAY,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;IACvC,CAAC;SAAM,IAAI,MAAM,YAAY,GAAG,EAAE,CAAC;QACjC,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAE9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxD,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;AACH,CAAC;AAED,4DAA4D;AAC5D,SAAS,cAAc,CACrB,GAAQ,EACR,OAAoB,EACpB,IAAsB,EACtB,QAAkB,EAClB,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;;IAEtB,MAAM,GAAG,GAAG;QACV,IAAI,OAAO,CAAC,MAAM,IAAI,KAAK,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,IAAI;QACnE,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM,EAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAA,IAAI,CAAC,MAAM,mCAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;QACpE,QAAQ,CAAC,CAAC,CAAC,aAAa,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE;QACvC,OAAO,CAAC,CAAC,CAAC,YAAY,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;KACrD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,OAAO,GAAG;SACP,OAAO,CAAC,oBAAoB,EAAE,mBAAmB,CAAC;SAClD,OAAO,CAAC,wCAAwC,EAAE,iBAAiB,CAAC;SACpE,OAAO,CAAC,6CAA6C,EAAE,sBAAsB,CAAC;SAC9E,OAAO,CAAC,iDAAiD,EAAE,0BAA0B,CAAC,CAAC;AAC5F,CAAC;AAED,uEAAuE;AAChE,KAAK,UAAU,eAAe,CACnC,GAAQ,EACR,UAAuB,EAAE,EACzB,IAAsB;;IAEtB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,IAAA,qCAAgB,EAAC,GAAG,kCACtC,OAAO,KACV,IAAI,EAAE,IAAmC,IACzC,CAAC;QAEH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,sCAAsC;YACtC,MAAM,IAAA,mBAAW,GAAE,CAAC;YACpB,MAAM,IAAI,oBAAW,CAAC,iBAAQ,CAAC,cAAc,EAAE;gBAC7C,OAAO,EAAE,yBAAyB;aACnC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,oBAAW,CAAC,iBAAQ,CAAC,wBAAwB,EAAE;gBACvD,OAAO,EAAE,sBAAsB;aAChC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QAEvE,IAAI,OAAO,KAAK,iBAAiB,EAAE,CAAC;YAClC,MAAM,IAAI,oBAAW,CAAC,iBAAQ,CAAC,WAAW,EAAE;gBAC1C,OAAO,EAAE,8DAA8D;aACxE,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC/C,cAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;QAED,4CAA4C;QAC5C,MAAM,OAAO,GAAG,MAAA,IAAA,sCAAe,EAAU,OAAO,CAAC,mCAAI,OAAO,CAAC;QAE7D,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC/C,MAAM,IAAI,oBAAW,CAAC,iBAAQ,CAAC,cAAc,EAAE;gBAC7C,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE;gBACnB,OAAO,EAAE,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;gBACxE,MAAM,EAAE,MAAA,MAAA,OAAO,CAAC,MAAM,0CAAE,WAAW,EAAE,mCAAI,KAAK;aAC/C,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,OAAY,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,EAAE,KAAc,CAAC,CAAC;IACjC,CAAC;AACH,CAAC;AAED,qEAAqE;AACrE,SAAgB,WAAW,CACzB,MAAiB,EACjB,UAAuB,EAAE,EACzB,IAAsB;IAEtB,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC7B,OAAO,eAAe,CAAI,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AAChD,CAAC;AAED,8DAA8D;AACvD,KAAK,UAAU,cAAc,CAAI,QAAkC;IACxE,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,MAAM,QAAQ,CAAC;IAEzC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,KAAK,CAAC;IACd,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.gitHubCiIdentityProvider = void 0;
|
|
4
|
+
const promises_1 = require("node:fs/promises");
|
|
5
|
+
const utils_1 = require("./utils");
|
|
6
|
+
exports.gitHubCiIdentityProvider = {
|
|
7
|
+
provider: 'github',
|
|
8
|
+
detect: isGitHubActions,
|
|
9
|
+
infer: inferGitHubIdentity,
|
|
10
|
+
};
|
|
11
|
+
function isGitHubActions(env) {
|
|
12
|
+
return env['GITHUB_ACTIONS'] === 'true';
|
|
13
|
+
}
|
|
14
|
+
async function inferGitHubIdentity(env) {
|
|
15
|
+
const event = await readGitHubEventPayload(env);
|
|
16
|
+
const eventEmails = getGitHubEventEmails(event, env);
|
|
17
|
+
const noreplyEmail = getGitHubNoreplyEmail(env, event);
|
|
18
|
+
const emails = (0, utils_1.getEmails)([...eventEmails, noreplyEmail]);
|
|
19
|
+
const providerSubject = getGitHubActorId(env, event);
|
|
20
|
+
const username = getGitHubActor(env, event);
|
|
21
|
+
if (eventEmails.length > 0 || providerSubject) {
|
|
22
|
+
return {
|
|
23
|
+
provider: 'github',
|
|
24
|
+
email: emails[0],
|
|
25
|
+
emails,
|
|
26
|
+
issuer: getGitHubIssuer(env),
|
|
27
|
+
providerSubject,
|
|
28
|
+
username,
|
|
29
|
+
source: eventEmails.length > 0 ? 'event' : 'noreply',
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
if (noreplyEmail) {
|
|
33
|
+
return {
|
|
34
|
+
provider: 'github',
|
|
35
|
+
email: noreplyEmail,
|
|
36
|
+
emails: [noreplyEmail],
|
|
37
|
+
issuer: getGitHubIssuer(env),
|
|
38
|
+
providerSubject,
|
|
39
|
+
username,
|
|
40
|
+
source: 'noreply',
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
return undefined;
|
|
44
|
+
}
|
|
45
|
+
async function readGitHubEventPayload(env) {
|
|
46
|
+
var _a;
|
|
47
|
+
const eventPath = (_a = env['GITHUB_EVENT_PATH']) === null || _a === void 0 ? void 0 : _a.trim();
|
|
48
|
+
if (!eventPath) {
|
|
49
|
+
return undefined;
|
|
50
|
+
}
|
|
51
|
+
try {
|
|
52
|
+
return JSON.parse(await (0, promises_1.readFile)(eventPath, 'utf8'));
|
|
53
|
+
}
|
|
54
|
+
catch (_b) {
|
|
55
|
+
return undefined;
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
function getGitHubEventEmails(event, env) {
|
|
59
|
+
var _a, _b, _c, _d, _e, _f, _g;
|
|
60
|
+
if (!event) {
|
|
61
|
+
return [];
|
|
62
|
+
}
|
|
63
|
+
const matchingCommit = getGitHubMatchingCommit(event, env);
|
|
64
|
+
return (0, utils_1.getEmails)([
|
|
65
|
+
(_a = matchingCommit === null || matchingCommit === void 0 ? void 0 : matchingCommit.author) === null || _a === void 0 ? void 0 : _a.email,
|
|
66
|
+
(_b = matchingCommit === null || matchingCommit === void 0 ? void 0 : matchingCommit.committer) === null || _b === void 0 ? void 0 : _b.email,
|
|
67
|
+
(_d = (_c = event.head_commit) === null || _c === void 0 ? void 0 : _c.author) === null || _d === void 0 ? void 0 : _d.email,
|
|
68
|
+
(_f = (_e = event.head_commit) === null || _e === void 0 ? void 0 : _e.committer) === null || _f === void 0 ? void 0 : _f.email,
|
|
69
|
+
(_g = event.pusher) === null || _g === void 0 ? void 0 : _g.email,
|
|
70
|
+
]);
|
|
71
|
+
}
|
|
72
|
+
function getGitHubMatchingCommit(event, env) {
|
|
73
|
+
var _a, _b, _c;
|
|
74
|
+
const sha = (_a = env['GITHUB_SHA']) === null || _a === void 0 ? void 0 : _a.trim();
|
|
75
|
+
if (!sha) {
|
|
76
|
+
return undefined;
|
|
77
|
+
}
|
|
78
|
+
if (((_b = event.head_commit) === null || _b === void 0 ? void 0 : _b.id) === sha) {
|
|
79
|
+
return event.head_commit;
|
|
80
|
+
}
|
|
81
|
+
return (_c = event.commits) === null || _c === void 0 ? void 0 : _c.find((commit) => commit.id === sha);
|
|
82
|
+
}
|
|
83
|
+
function getGitHubNoreplyEmail(env, event) {
|
|
84
|
+
const actor = getGitHubActor(env, event);
|
|
85
|
+
const actorId = getGitHubActorId(env, event);
|
|
86
|
+
if (!actor) {
|
|
87
|
+
return undefined;
|
|
88
|
+
}
|
|
89
|
+
return actorId ? `${actorId}+${actor}@users.noreply.github.com` : `${actor}@users.noreply.github.com`;
|
|
90
|
+
}
|
|
91
|
+
function getGitHubActor(env, event) {
|
|
92
|
+
var _a, _b, _c, _d;
|
|
93
|
+
return ((_a = env['GITHUB_TRIGGERING_ACTOR']) === null || _a === void 0 ? void 0 : _a.trim()) || ((_b = env['GITHUB_ACTOR']) === null || _b === void 0 ? void 0 : _b.trim()) || ((_d = (_c = event === null || event === void 0 ? void 0 : event.sender) === null || _c === void 0 ? void 0 : _c.login) === null || _d === void 0 ? void 0 : _d.trim());
|
|
94
|
+
}
|
|
95
|
+
function getGitHubActorId(env, event) {
|
|
96
|
+
var _a, _b;
|
|
97
|
+
return ((_a = env['GITHUB_ACTOR_ID']) === null || _a === void 0 ? void 0 : _a.trim()) || (0, utils_1.stringifyId)((_b = event === null || event === void 0 ? void 0 : event.sender) === null || _b === void 0 ? void 0 : _b.id);
|
|
98
|
+
}
|
|
99
|
+
function getGitHubIssuer(env) {
|
|
100
|
+
var _a;
|
|
101
|
+
return (((_a = env['GITHUB_SERVER_URL']) === null || _a === void 0 ? void 0 : _a.trim()) || 'https://github.com').replace(/\/+$/, '').toLowerCase();
|
|
102
|
+
}
|
|
103
|
+
//# sourceMappingURL=github.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"github.js","sourceRoot":"","sources":["../../../../src/lib/node-persist/ci-token-identity/github.ts"],"names":[],"mappings":";;;AAAA,+CAA4C;AAE5C,mCAAiD;AAyBpC,QAAA,wBAAwB,GAAuB;IAC1D,QAAQ,EAAE,QAAQ;IAClB,MAAM,EAAE,eAAe;IACvB,KAAK,EAAE,mBAAmB;CAC3B,CAAC;AAEF,SAAS,eAAe,CAAC,GAAsB;IAC7C,OAAO,GAAG,CAAC,gBAAgB,CAAC,KAAK,MAAM,CAAC;AAC1C,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,GAAsB;IACvD,MAAM,KAAK,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,oBAAoB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,qBAAqB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,CAAC,GAAG,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;IACzD,MAAM,eAAe,GAAG,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAE5C,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC;QAC9C,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;YAChB,MAAM;YACN,MAAM,EAAE,eAAe,CAAC,GAAG,CAAC;YAC5B,eAAe;YACf,QAAQ;YACR,MAAM,EAAE,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;SACrD,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,YAAY;YACnB,MAAM,EAAE,CAAC,YAAY,CAAC;YACtB,MAAM,EAAE,eAAe,CAAC,GAAG,CAAC;YAC5B,eAAe;YACf,QAAQ;YACR,MAAM,EAAE,SAAS;SAClB,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,GAAsB;;IAC1D,MAAM,SAAS,GAAG,MAAA,GAAG,CAAC,mBAAmB,CAAC,0CAAE,IAAI,EAAE,CAAC;IACnD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,IAAA,mBAAQ,EAAC,SAAS,EAAE,MAAM,CAAC,CAAuB,CAAC;IAC7E,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAqC,EAAE,GAAsB;;IACzF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,cAAc,GAAG,uBAAuB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC3D,OAAO,IAAA,iBAAS,EAAC;QACf,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,0CAAE,KAAK;QAC7B,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,SAAS,0CAAE,KAAK;QAChC,MAAA,MAAA,KAAK,CAAC,WAAW,0CAAE,MAAM,0CAAE,KAAK;QAChC,MAAA,MAAA,KAAK,CAAC,WAAW,0CAAE,SAAS,0CAAE,KAAK;QACnC,MAAA,KAAK,CAAC,MAAM,0CAAE,KAAK;KACpB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAAyB,EACzB,GAAsB;;IAEtB,MAAM,GAAG,GAAG,MAAA,GAAG,CAAC,YAAY,CAAC,0CAAE,IAAI,EAAE,CAAC;IACtC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAA,MAAA,KAAK,CAAC,WAAW,0CAAE,EAAE,MAAK,GAAG,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC,WAAW,CAAC;IAC3B,CAAC;IAED,OAAO,MAAA,KAAK,CAAC,OAAO,0CAAE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,qBAAqB,CAC5B,GAAsB,EACtB,KAAqC;IAErC,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAE7C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,IAAI,KAAK,2BAA2B,CAAC,CAAC,CAAC,GAAG,KAAK,2BAA2B,CAAC;AACxG,CAAC;AAED,SAAS,cAAc,CAAC,GAAsB,EAAE,KAAqC;;IACnF,OAAO,CAAA,MAAA,GAAG,CAAC,yBAAyB,CAAC,0CAAE,IAAI,EAAE,MAAI,MAAA,GAAG,CAAC,cAAc,CAAC,0CAAE,IAAI,EAAE,CAAA,KAAI,MAAA,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,MAAM,0CAAE,KAAK,0CAAE,IAAI,EAAE,CAAA,CAAC;AAC/G,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAsB,EAAE,KAAqC;;IACrF,OAAO,CAAA,MAAA,GAAG,CAAC,iBAAiB,CAAC,0CAAE,IAAI,EAAE,KAAI,IAAA,mBAAW,EAAC,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,MAAM,0CAAE,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,eAAe,CAAC,GAAsB;;IAC7C,OAAO,CAAC,CAAA,MAAA,GAAG,CAAC,mBAAmB,CAAC,0CAAE,IAAI,EAAE,KAAI,oBAAoB,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;AACtG,CAAC"}
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.gitLabCiIdentityProvider = void 0;
|
|
4
|
+
const utils_1 = require("./utils");
|
|
5
|
+
const GITLAB_JOB_FETCH_TIMEOUT_MS = 10000;
|
|
6
|
+
exports.gitLabCiIdentityProvider = {
|
|
7
|
+
provider: 'gitlab',
|
|
8
|
+
detect: isGitLabCi,
|
|
9
|
+
infer: inferGitLabIdentity,
|
|
10
|
+
};
|
|
11
|
+
function isGitLabCi(env) {
|
|
12
|
+
return env['GITLAB_CI'] === 'true' || env['CI_SERVER_NAME'] === 'GitLab';
|
|
13
|
+
}
|
|
14
|
+
async function inferGitLabIdentity(env) {
|
|
15
|
+
var _a, _b;
|
|
16
|
+
const payload = (0, utils_1.decodeJwtPayload)(env['CI_JOB_TOKEN']);
|
|
17
|
+
const jwtEmails = (0, utils_1.getEmailClaims)(payload, ['user_email', 'email']);
|
|
18
|
+
if (payload && jwtEmails.length > 0 && gitLabClaimsMatchEnvironment(payload, env)) {
|
|
19
|
+
return {
|
|
20
|
+
provider: 'gitlab',
|
|
21
|
+
email: jwtEmails[0],
|
|
22
|
+
emails: jwtEmails,
|
|
23
|
+
issuer: getGitLabIssuer(env),
|
|
24
|
+
providerSubject: (0, utils_1.getStringClaim)(payload, ['user_id', 'user_login', 'sub']),
|
|
25
|
+
username: (0, utils_1.getStringClaim)(payload, ['user_login', 'username']),
|
|
26
|
+
source: 'jwt',
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
const apiIdentity = await inferGitLabIdentityFromApi(env);
|
|
30
|
+
if (apiIdentity) {
|
|
31
|
+
return apiIdentity;
|
|
32
|
+
}
|
|
33
|
+
const envEmail = (0, utils_1.getEmail)(env['GITLAB_USER_EMAIL']);
|
|
34
|
+
if (envEmail) {
|
|
35
|
+
return {
|
|
36
|
+
provider: 'gitlab',
|
|
37
|
+
email: envEmail,
|
|
38
|
+
emails: [envEmail],
|
|
39
|
+
issuer: getGitLabIssuer(env),
|
|
40
|
+
providerSubject: (_a = env['GITLAB_USER_ID']) === null || _a === void 0 ? void 0 : _a.trim(),
|
|
41
|
+
username: ((_b = env['GITLAB_USER_LOGIN']) === null || _b === void 0 ? void 0 : _b.trim()) || undefined,
|
|
42
|
+
source: 'env',
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
return undefined;
|
|
46
|
+
}
|
|
47
|
+
async function inferGitLabIdentityFromApi(env) {
|
|
48
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j;
|
|
49
|
+
const apiUrl = getGitLabApiUrl(env);
|
|
50
|
+
const jobToken = (_a = env['CI_JOB_TOKEN']) === null || _a === void 0 ? void 0 : _a.trim();
|
|
51
|
+
if (!apiUrl || !jobToken) {
|
|
52
|
+
return undefined;
|
|
53
|
+
}
|
|
54
|
+
try {
|
|
55
|
+
const job = await fetchGitLabJob(apiUrl, jobToken);
|
|
56
|
+
if (!gitLabJobMatchesEnvironment(job, env)) {
|
|
57
|
+
return undefined;
|
|
58
|
+
}
|
|
59
|
+
const emails = (0, utils_1.getEmails)([(_b = job.user) === null || _b === void 0 ? void 0 : _b.email, (_c = job.user) === null || _c === void 0 ? void 0 : _c.public_email, (_d = job.commit) === null || _d === void 0 ? void 0 : _d.author_email]);
|
|
60
|
+
if (emails.length === 0) {
|
|
61
|
+
return undefined;
|
|
62
|
+
}
|
|
63
|
+
return {
|
|
64
|
+
provider: 'gitlab',
|
|
65
|
+
email: emails[0],
|
|
66
|
+
emails,
|
|
67
|
+
issuer: getGitLabIssuer(env),
|
|
68
|
+
providerSubject: (_f = (0, utils_1.stringifyId)((_e = job.user) === null || _e === void 0 ? void 0 : _e.id)) !== null && _f !== void 0 ? _f : (_g = env['GITLAB_USER_ID']) === null || _g === void 0 ? void 0 : _g.trim(),
|
|
69
|
+
username: ((_j = (_h = job.user) === null || _h === void 0 ? void 0 : _h.username) === null || _j === void 0 ? void 0 : _j.trim()) || undefined,
|
|
70
|
+
source: 'api',
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
catch (_k) {
|
|
74
|
+
return undefined;
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
function getGitLabIssuer(env) {
|
|
78
|
+
var _a, _b;
|
|
79
|
+
const serverUrl = (_a = env['CI_SERVER_URL']) === null || _a === void 0 ? void 0 : _a.trim();
|
|
80
|
+
if (serverUrl) {
|
|
81
|
+
return serverUrl.replace(/\/+$/, '').toLowerCase();
|
|
82
|
+
}
|
|
83
|
+
const apiUrl = (_b = env['CI_API_V4_URL']) === null || _b === void 0 ? void 0 : _b.trim();
|
|
84
|
+
return apiUrl ? apiUrl.replace(/\/api\/v4\/?$/, '').replace(/\/+$/, '').toLowerCase() : undefined;
|
|
85
|
+
}
|
|
86
|
+
function getGitLabApiUrl(env) {
|
|
87
|
+
var _a, _b;
|
|
88
|
+
const apiUrl = (_a = env['CI_API_V4_URL']) === null || _a === void 0 ? void 0 : _a.trim();
|
|
89
|
+
if (apiUrl) {
|
|
90
|
+
return apiUrl;
|
|
91
|
+
}
|
|
92
|
+
const serverUrl = (_b = env['CI_SERVER_URL']) === null || _b === void 0 ? void 0 : _b.trim();
|
|
93
|
+
return serverUrl ? `${serverUrl.replace(/\/$/, '')}/api/v4` : undefined;
|
|
94
|
+
}
|
|
95
|
+
async function fetchGitLabJob(apiUrl, jobToken) {
|
|
96
|
+
const url = new URL('job', apiUrl.endsWith('/') ? apiUrl : `${apiUrl}/`);
|
|
97
|
+
const response = await fetch(url.toString(), {
|
|
98
|
+
headers: {
|
|
99
|
+
'JOB-TOKEN': jobToken,
|
|
100
|
+
},
|
|
101
|
+
signal: AbortSignal.timeout(GITLAB_JOB_FETCH_TIMEOUT_MS),
|
|
102
|
+
});
|
|
103
|
+
if (!response.ok) {
|
|
104
|
+
return {};
|
|
105
|
+
}
|
|
106
|
+
return (await response.json());
|
|
107
|
+
}
|
|
108
|
+
function gitLabClaimsMatchEnvironment(payload, env) {
|
|
109
|
+
if (!payload) {
|
|
110
|
+
return false;
|
|
111
|
+
}
|
|
112
|
+
return ((0, utils_1.claimMatchesEnv)(payload, 'job_id', env['CI_JOB_ID']) &&
|
|
113
|
+
(0, utils_1.claimMatchesEnv)(payload, 'project_id', env['CI_PROJECT_ID']) &&
|
|
114
|
+
(0, utils_1.claimMatchesEnv)(payload, 'pipeline_id', env['CI_PIPELINE_ID']));
|
|
115
|
+
}
|
|
116
|
+
function gitLabJobMatchesEnvironment(job, env) {
|
|
117
|
+
var _a, _b;
|
|
118
|
+
return ((0, utils_1.claimMatchesEnv)({ job_id: job.id }, 'job_id', env['CI_JOB_ID']) &&
|
|
119
|
+
(0, utils_1.claimMatchesEnv)({ project_id: (_a = job.pipeline) === null || _a === void 0 ? void 0 : _a.project_id }, 'project_id', env['CI_PROJECT_ID']) &&
|
|
120
|
+
(0, utils_1.claimMatchesEnv)({ pipeline_id: (_b = job.pipeline) === null || _b === void 0 ? void 0 : _b.id }, 'pipeline_id', env['CI_PIPELINE_ID']));
|
|
121
|
+
}
|
|
122
|
+
//# sourceMappingURL=gitlab.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"gitlab.js","sourceRoot":"","sources":["../../../../src/lib/node-persist/ci-token-identity/gitlab.ts"],"names":[],"mappings":";;;AACA,mCASiB;AAsBjB,MAAM,2BAA2B,GAAG,KAAM,CAAC;AAE9B,QAAA,wBAAwB,GAAuB;IAC1D,QAAQ,EAAE,QAAQ;IAClB,MAAM,EAAE,UAAU;IAClB,KAAK,EAAE,mBAAmB;CAC3B,CAAC;AAEF,SAAS,UAAU,CAAC,GAAsB;IACxC,OAAO,GAAG,CAAC,WAAW,CAAC,KAAK,MAAM,IAAI,GAAG,CAAC,gBAAgB,CAAC,KAAK,QAAQ,CAAC;AAC3E,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,GAAsB;;IACvD,MAAM,OAAO,GAAG,IAAA,wBAAgB,EAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,IAAA,sBAAc,EAAC,OAAO,EAAE,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;IAEnE,IAAI,OAAO,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,4BAA4B,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;QAClF,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;YACnB,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,eAAe,CAAC,GAAG,CAAC;YAC5B,eAAe,EAAE,IAAA,sBAAc,EAAC,OAAO,EAAE,CAAC,SAAS,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;YAC1E,QAAQ,EAAE,IAAA,sBAAc,EAAC,OAAO,EAAE,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YAC7D,MAAM,EAAE,KAAK;SACd,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,0BAA0B,CAAC,GAAG,CAAC,CAAC;IAC1D,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,gBAAQ,EAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC;IACpD,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,QAAQ;YACf,MAAM,EAAE,CAAC,QAAQ,CAAC;YAClB,MAAM,EAAE,eAAe,CAAC,GAAG,CAAC;YAC5B,eAAe,EAAE,MAAA,GAAG,CAAC,gBAAgB,CAAC,0CAAE,IAAI,EAAE;YAC9C,QAAQ,EAAE,CAAA,MAAA,GAAG,CAAC,mBAAmB,CAAC,0CAAE,IAAI,EAAE,KAAI,SAAS;YACvD,MAAM,EAAE,KAAK;SACd,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,0BAA0B,CAAC,GAAsB;;IAC9D,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,cAAc,CAAC,0CAAE,IAAI,EAAE,CAAC;IAC7C,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACzB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,2BAA2B,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;YAC3C,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,CAAC,MAAA,GAAG,CAAC,IAAI,0CAAE,KAAK,EAAE,MAAA,GAAG,CAAC,IAAI,0CAAE,YAAY,EAAE,MAAA,GAAG,CAAC,MAAM,0CAAE,YAAY,CAAC,CAAC,CAAC;QAC9F,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;YAChB,MAAM;YACN,MAAM,EAAE,eAAe,CAAC,GAAG,CAAC;YAC5B,eAAe,EAAE,MAAA,IAAA,mBAAW,EAAC,MAAA,GAAG,CAAC,IAAI,0CAAE,EAAE,CAAC,mCAAI,MAAA,GAAG,CAAC,gBAAgB,CAAC,0CAAE,IAAI,EAAE;YAC3E,QAAQ,EAAE,CAAA,MAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,0CAAE,IAAI,EAAE,KAAI,SAAS;YACjD,MAAM,EAAE,KAAK;SACd,CAAC;IACJ,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,GAAsB;;IAC7C,MAAM,SAAS,GAAG,MAAA,GAAG,CAAC,eAAe,CAAC,0CAAE,IAAI,EAAE,CAAC;IAC/C,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrD,CAAC;IAED,MAAM,MAAM,GAAG,MAAA,GAAG,CAAC,eAAe,CAAC,0CAAE,IAAI,EAAE,CAAC;IAC5C,OAAO,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACpG,CAAC;AAED,SAAS,eAAe,CAAC,GAAsB;;IAC7C,MAAM,MAAM,GAAG,MAAA,GAAG,CAAC,eAAe,CAAC,0CAAE,IAAI,EAAE,CAAC;IAC5C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,SAAS,GAAG,MAAA,GAAG,CAAC,eAAe,CAAC,0CAAE,IAAI,EAAE,CAAC;IAC/C,OAAO,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC1E,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,MAAc,EAAE,QAAgB;IAC5D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;IACzE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;QAC3C,OAAO,EAAE;YACP,WAAW,EAAE,QAAQ;SACtB;QACD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,2BAA2B,CAAC;KACzD,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAsB,CAAC;AACtD,CAAC;AAED,SAAS,4BAA4B,CAAC,OAA+B,EAAE,GAAsB;IAC3F,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,CACL,IAAA,uBAAe,EAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;QACpD,IAAA,uBAAe,EAAC,OAAO,EAAE,YAAY,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC;QAC5D,IAAA,uBAAe,EAAC,OAAO,EAAE,aAAa,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAC/D,CAAC;AACJ,CAAC;AAED,SAAS,2BAA2B,CAAC,GAAsB,EAAE,GAAsB;;IACjF,OAAO,CACL,IAAA,uBAAe,EAAC,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;QAC/D,IAAA,uBAAe,EAAC,EAAE,UAAU,EAAE,MAAA,GAAG,CAAC,QAAQ,0CAAE,UAAU,EAAE,EAAE,YAAY,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC;QAC7F,IAAA,uBAAe,EAAC,EAAE,WAAW,EAAE,MAAA,GAAG,CAAC,QAAQ,0CAAE,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CACzF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export type CiProvider = 'gitlab' | 'github';
|
|
2
|
+
export interface CiTokenIdentity {
|
|
3
|
+
provider: CiProvider;
|
|
4
|
+
email?: string;
|
|
5
|
+
emails?: string[];
|
|
6
|
+
issuer?: string;
|
|
7
|
+
providerSubject?: string;
|
|
8
|
+
username?: string;
|
|
9
|
+
source: 'jwt' | 'api' | 'env' | 'event' | 'noreply';
|
|
10
|
+
}
|
|
11
|
+
export interface CiIdentityProvider {
|
|
12
|
+
provider: CiProvider;
|
|
13
|
+
detect(env: NodeJS.ProcessEnv): boolean;
|
|
14
|
+
infer(env: NodeJS.ProcessEnv): Promise<CiTokenIdentity | undefined>;
|
|
15
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/lib/node-persist/ci-token-identity/types.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export type JwtPayload = Record<string, unknown>;
|
|
2
|
+
export declare function stringifyId(value: unknown): string | undefined;
|
|
3
|
+
export declare function decodeJwtPayload(token: string | undefined): JwtPayload | undefined;
|
|
4
|
+
export declare function getEmailClaims(payload: JwtPayload | undefined, keys: string[]): string[];
|
|
5
|
+
export declare function getStringClaim(payload: JwtPayload | undefined, keys: string[]): string | undefined;
|
|
6
|
+
export declare function getEmails(values: unknown[]): string[];
|
|
7
|
+
export declare function getEmail(value: unknown): string | undefined;
|
|
8
|
+
export declare function claimMatchesEnv(payload: JwtPayload, claim: string, expected: string | undefined): boolean;
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.stringifyId = stringifyId;
|
|
4
|
+
exports.decodeJwtPayload = decodeJwtPayload;
|
|
5
|
+
exports.getEmailClaims = getEmailClaims;
|
|
6
|
+
exports.getStringClaim = getStringClaim;
|
|
7
|
+
exports.getEmails = getEmails;
|
|
8
|
+
exports.getEmail = getEmail;
|
|
9
|
+
exports.claimMatchesEnv = claimMatchesEnv;
|
|
10
|
+
function stringifyId(value) {
|
|
11
|
+
if (typeof value === 'number') {
|
|
12
|
+
return String(value);
|
|
13
|
+
}
|
|
14
|
+
return typeof value === 'string' && value.trim() ? value.trim() : undefined;
|
|
15
|
+
}
|
|
16
|
+
function decodeJwtPayload(token) {
|
|
17
|
+
const payload = token === null || token === void 0 ? void 0 : token.split('.')[1];
|
|
18
|
+
if (!payload) {
|
|
19
|
+
return undefined;
|
|
20
|
+
}
|
|
21
|
+
try {
|
|
22
|
+
return JSON.parse(Buffer.from(toBase64(payload), 'base64').toString('utf8'));
|
|
23
|
+
}
|
|
24
|
+
catch (_a) {
|
|
25
|
+
return undefined;
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
function getEmailClaims(payload, keys) {
|
|
29
|
+
if (!payload) {
|
|
30
|
+
return [];
|
|
31
|
+
}
|
|
32
|
+
return getEmails(keys.map((key) => payload[key]));
|
|
33
|
+
}
|
|
34
|
+
function getStringClaim(payload, keys) {
|
|
35
|
+
if (!payload) {
|
|
36
|
+
return undefined;
|
|
37
|
+
}
|
|
38
|
+
return keys
|
|
39
|
+
.map((key) => stringifyId(payload[key]))
|
|
40
|
+
.find((value) => Boolean(value));
|
|
41
|
+
}
|
|
42
|
+
function getEmails(values) {
|
|
43
|
+
return Array.from(new Set(values.map((value) => getEmail(value)).filter((email) => Boolean(email))));
|
|
44
|
+
}
|
|
45
|
+
function getEmail(value) {
|
|
46
|
+
if (typeof value !== 'string') {
|
|
47
|
+
return undefined;
|
|
48
|
+
}
|
|
49
|
+
const trimmed = value.trim();
|
|
50
|
+
return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(trimmed) ? trimmed : undefined;
|
|
51
|
+
}
|
|
52
|
+
function claimMatchesEnv(payload, claim, expected) {
|
|
53
|
+
if (!expected || payload[claim] === undefined || payload[claim] === null) {
|
|
54
|
+
return true;
|
|
55
|
+
}
|
|
56
|
+
return String(payload[claim]) === expected;
|
|
57
|
+
}
|
|
58
|
+
function toBase64(base64Url) {
|
|
59
|
+
const normalized = base64Url.replace(/-/g, '+').replace(/_/g, '/');
|
|
60
|
+
return normalized.padEnd(normalized.length + ((4 - (normalized.length % 4)) % 4), '=');
|
|
61
|
+
}
|
|
62
|
+
//# sourceMappingURL=utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../src/lib/node-persist/ci-token-identity/utils.ts"],"names":[],"mappings":";;AAEA,kCAMC;AAED,4CAWC;AAED,wCAMC;AAED,wCAQC;AAED,8BAEC;AAED,4BAOC;AAED,0CAMC;AA1DD,SAAgB,WAAW,CAAC,KAAc;IACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC;IAED,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9E,CAAC;AAED,SAAgB,gBAAgB,CAAC,KAAyB;IACxD,MAAM,OAAO,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACrC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAe,CAAC;IAC7F,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAgB,cAAc,CAAC,OAA+B,EAAE,IAAc;IAC5E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,SAAgB,cAAc,CAAC,OAA+B,EAAE,IAAc;IAC5E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,IAAI;SACR,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;SACvC,IAAI,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,SAAgB,SAAS,CAAC,MAAiB;IACzC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACxH,CAAC;AAED,SAAgB,QAAQ,CAAC,KAAc;IACrC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,OAAO,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;AAC1E,CAAC;AAED,SAAgB,eAAe,CAAC,OAAmB,EAAE,KAAa,EAAE,QAA4B;IAC9F,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,SAAS,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,QAAQ,CAAC;AAC7C,CAAC;AAED,SAAS,QAAQ,CAAC,SAAiB;IACjC,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACnE,OAAO,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACzF,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.inferCiTokenIdentity = inferCiTokenIdentity;
|
|
4
|
+
const github_1 = require("./ci-token-identity/github");
|
|
5
|
+
const gitlab_1 = require("./ci-token-identity/gitlab");
|
|
6
|
+
const ciIdentityProviders = [gitlab_1.gitLabCiIdentityProvider, github_1.gitHubCiIdentityProvider];
|
|
7
|
+
async function inferCiTokenIdentity(env = process.env) {
|
|
8
|
+
for (const provider of ciIdentityProviders) {
|
|
9
|
+
if (!provider.detect(env)) {
|
|
10
|
+
continue;
|
|
11
|
+
}
|
|
12
|
+
const identity = await provider.infer(env);
|
|
13
|
+
if (identity) {
|
|
14
|
+
return identity;
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
return undefined;
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=ci-token-identity.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ci-token-identity.js","sourceRoot":"","sources":["../../../src/lib/node-persist/ci-token-identity.ts"],"names":[],"mappings":";;AAMA,oDAeC;AArBD,uDAAsE;AACtE,uDAAsE;AAGtE,MAAM,mBAAmB,GAAyB,CAAC,iCAAwB,EAAE,iCAAwB,CAAC,CAAC;AAEhG,KAAK,UAAU,oBAAoB,CACxC,MAAyB,OAAO,CAAC,GAAG;IAEpC,KAAK,MAAM,QAAQ,IAAI,mBAAmB,EAAE,CAAC;QAC3C,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.getCiToken = getCiToken;
|
|
4
|
+
exports.hasCiToken = hasCiToken;
|
|
5
|
+
const storage_keys_1 = require("./storage-keys");
|
|
6
|
+
function getCiToken() {
|
|
7
|
+
var _a;
|
|
8
|
+
return (_a = process.env[storage_keys_1.StorageKeys.ze_ci_token]) === null || _a === void 0 ? void 0 : _a.trim();
|
|
9
|
+
}
|
|
10
|
+
function hasCiToken() {
|
|
11
|
+
return !!getCiToken();
|
|
12
|
+
}
|
|
13
|
+
//# sourceMappingURL=ci-token.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ci-token.js","sourceRoot":"","sources":["../../../src/lib/node-persist/ci-token.ts"],"names":[],"mappings":";;AAEA,gCAEC;AAED,gCAEC;AARD,iDAA6C;AAE7C,SAAgB,UAAU;;IACxB,OAAO,MAAA,OAAO,CAAC,GAAG,CAAC,0BAAW,CAAC,WAAW,CAAC,0CAAE,IAAI,EAAE,CAAC;AACtD,CAAC;AAED,SAAgB,UAAU;IACxB,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC;AACxB,CAAC"}
|
|
@@ -25,6 +25,7 @@ var StorageKeys;
|
|
|
25
25
|
StorageKeys["ze_hash_cache"] = "ze-hash-cache";
|
|
26
26
|
StorageKeys["ze_app_deploy_result"] = "ze-app-deploy-result";
|
|
27
27
|
StorageKeys["ze_server_token"] = "ZE_SERVER_TOKEN";
|
|
28
|
+
StorageKeys["ze_ci_token"] = "ZE_CI_TOKEN";
|
|
28
29
|
StorageKeys["ze_user_email"] = "ZE_USER_EMAIL";
|
|
29
30
|
})(StorageKeys || (exports.StorageKeys = StorageKeys = {}));
|
|
30
31
|
//# sourceMappingURL=storage-keys.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storage-keys.js","sourceRoot":"","sources":["../../../src/lib/node-persist/storage-keys.ts"],"names":[],"mappings":";;;;AAAA,oDAA8B;AAC9B,oDAA8B;AAC9B,wDAAkC;AAErB,QAAA,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAChD,QAAA,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,eAAO,EAAE,SAAS,CAAC,CAAC;AACnD,QAAA,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,eAAO,EAAE,SAAS,CAAC,CAAC;AAEhE,IAAI,CAAC;IACH,2FAA2F;IAC3F,EAAE,CAAC,SAAS,CAAC,uBAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AACrD,CAAC;AAAC,OAAO,KAAK,EAAE,CAAC;IACf,OAAO,CAAC,KAAK,CACX,OAAO,EACP,8EAA8E,EAC9E,KAAK,CACN,CAAC;AACJ,CAAC;AAED,IAAY,
|
|
1
|
+
{"version":3,"file":"storage-keys.js","sourceRoot":"","sources":["../../../src/lib/node-persist/storage-keys.ts"],"names":[],"mappings":";;;;AAAA,oDAA8B;AAC9B,oDAA8B;AAC9B,wDAAkC;AAErB,QAAA,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAChD,QAAA,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,eAAO,EAAE,SAAS,CAAC,CAAC;AACnD,QAAA,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,eAAO,EAAE,SAAS,CAAC,CAAC;AAEhE,IAAI,CAAC;IACH,2FAA2F;IAC3F,EAAE,CAAC,SAAS,CAAC,uBAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AACrD,CAAC;AAAC,OAAO,KAAK,EAAE,CAAC;IACf,OAAO,CAAC,KAAK,CACX,OAAO,EACP,8EAA8E,EAC9E,KAAK,CACN,CAAC;AACJ,CAAC;AAED,IAAY,WAWX;AAXD,WAAY,WAAW;IACrB,oEAAqD,CAAA;IACrD,mEAAoD,CAAA;IACpD,8CAA+B,CAAA;IAC/B,kDAAmC,CAAA;IACnC,0CAA2B,CAAA;IAC3B,8CAA+B,CAAA;IAC/B,4DAA6C,CAAA;IAC7C,kDAAmC,CAAA;IACnC,0CAA2B,CAAA;IAC3B,8CAA+B,CAAA;AACjC,CAAC,EAXW,WAAW,2BAAX,WAAW,QAWtB"}
|
|
@@ -9,10 +9,12 @@ const secret_token_1 = require("./secret-token");
|
|
|
9
9
|
const storage_1 = require("./storage");
|
|
10
10
|
const storage_keys_1 = require("./storage-keys");
|
|
11
11
|
const http_request_1 = require("../http/http-request");
|
|
12
|
+
const ci_token_1 = require("./ci-token");
|
|
12
13
|
const server_token_1 = require("./server-token");
|
|
13
14
|
const zephyr_edge_contract_1 = require("zephyr-edge-contract");
|
|
14
15
|
const user_email_1 = require("./user-email");
|
|
15
16
|
const debug_1 = require("../logging/debug");
|
|
17
|
+
const ci_token_identity_1 = require("./ci-token-identity");
|
|
16
18
|
async function saveToken(token) {
|
|
17
19
|
await storage_1.storage;
|
|
18
20
|
await (0, node_persist_1.setItem)(storage_keys_1.StorageKeys.ze_auth_token, token);
|
|
@@ -20,9 +22,19 @@ async function saveToken(token) {
|
|
|
20
22
|
async function getToken(git_config) {
|
|
21
23
|
const tokenFromEnv = (0, secret_token_1.getSecretToken)();
|
|
22
24
|
const server_token = (0, server_token_1.getServerToken)();
|
|
25
|
+
const ci_token = (0, ci_token_1.getCiToken)();
|
|
23
26
|
if (tokenFromEnv) {
|
|
24
27
|
return tokenFromEnv;
|
|
25
28
|
}
|
|
29
|
+
if (ci_token) {
|
|
30
|
+
const ciIdentity = await (0, ci_token_identity_1.inferCiTokenIdentity)();
|
|
31
|
+
if (ciIdentity) {
|
|
32
|
+
debug_1.ze_log.auth(`Using ${ciIdentity.provider} ${ciIdentity.source} identity for CI token attribution`);
|
|
33
|
+
return await getTokenFromCiToken(ci_token, ciIdentity);
|
|
34
|
+
}
|
|
35
|
+
debug_1.ze_log.error(`${storage_keys_1.StorageKeys.ze_ci_token} was provided, but no supported CI identity was detected`);
|
|
36
|
+
return undefined;
|
|
37
|
+
}
|
|
26
38
|
await storage_1.storage;
|
|
27
39
|
const token = await (0, node_persist_1.getItem)(storage_keys_1.StorageKeys.ze_auth_token);
|
|
28
40
|
if (token) {
|
|
@@ -69,4 +81,29 @@ async function getTokenFromServerToken(server_token, git_email) {
|
|
|
69
81
|
await saveToken((_b = data === null || data === void 0 ? void 0 : data.access_token) !== null && _b !== void 0 ? _b : '');
|
|
70
82
|
return data === null || data === void 0 ? void 0 : data.access_token;
|
|
71
83
|
}
|
|
84
|
+
async function getTokenFromCiToken(ci_token, identity) {
|
|
85
|
+
var _a;
|
|
86
|
+
const [ok, cause, data] = await (0, http_request_1.makeRequest)({
|
|
87
|
+
path: zephyr_edge_contract_1.ze_api_gateway.ci_token_exchange,
|
|
88
|
+
base: (0, zephyr_edge_contract_1.ZE_API_ENDPOINT)(),
|
|
89
|
+
query: {},
|
|
90
|
+
}, {
|
|
91
|
+
method: 'POST',
|
|
92
|
+
headers: {
|
|
93
|
+
Authorization: `Bearer ${ci_token}`,
|
|
94
|
+
'Content-Type': 'application/json',
|
|
95
|
+
},
|
|
96
|
+
}, JSON.stringify(identity));
|
|
97
|
+
if (!ok) {
|
|
98
|
+
if (cause instanceof Error) {
|
|
99
|
+
debug_1.ze_log.error('Failed to get token from CI token:', cause.message);
|
|
100
|
+
}
|
|
101
|
+
else {
|
|
102
|
+
debug_1.ze_log.error('Failed to get token from CI token:', cause);
|
|
103
|
+
}
|
|
104
|
+
return undefined;
|
|
105
|
+
}
|
|
106
|
+
await saveToken((_a = data === null || data === void 0 ? void 0 : data.access_token) !== null && _a !== void 0 ? _a : '');
|
|
107
|
+
return data === null || data === void 0 ? void 0 : data.access_token;
|
|
108
|
+
}
|
|
72
109
|
//# sourceMappingURL=token.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../src/lib/node-persist/token.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../src/lib/node-persist/token.ts"],"names":[],"mappings":";;AAaA,8BAGC;AAED,4BAmCC;AAED,kCAGC;AAED,kCAGC;AA/DD,+CAAmE;AACnE,iDAAgD;AAChD,uCAAoC;AACpC,iDAA6C;AAC7C,uDAAmD;AACnD,yCAAwC;AACxC,iDAAgD;AAChD,+DAAuE;AACvE,6CAA4C;AAC5C,4CAA0C;AAE1C,2DAA2D;AAEpD,KAAK,UAAU,SAAS,CAAC,KAAa;IAC3C,MAAM,iBAAO,CAAC;IACd,MAAM,IAAA,sBAAO,EAAC,0BAAW,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;AAClD,CAAC;AAEM,KAAK,UAAU,QAAQ,CAAC,UAAsB;IACnD,MAAM,YAAY,GAAG,IAAA,6BAAc,GAAE,CAAC;IACtC,MAAM,YAAY,GAAG,IAAA,6BAAc,GAAE,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAA,qBAAU,GAAE,CAAC;IAE9B,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,UAAU,GAAG,MAAM,IAAA,wCAAoB,GAAE,CAAC;QAChD,IAAI,UAAU,EAAE,CAAC;YACf,cAAM,CAAC,IAAI,CAAC,SAAS,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,MAAM,oCAAoC,CAAC,CAAC;YACnG,OAAO,MAAM,mBAAmB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACzD,CAAC;QAED,cAAM,CAAC,KAAK,CAAC,GAAG,0BAAW,CAAC,WAAW,0DAA0D,CAAC,CAAC;QACnG,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,iBAAO,CAAC;IACd,MAAM,KAAK,GAAG,MAAM,IAAA,sBAAO,EAAC,0BAAW,CAAC,aAAa,CAAC,CAAC;IACvD,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,cAAM,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACpE,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,MAAM,uBAAuB,CAAC,YAAY,EAAE,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,WAAW;IAC/B,MAAM,iBAAO,CAAC;IACd,MAAM,IAAA,yBAAU,EAAC,0BAAW,CAAC,aAAa,CAAC,CAAC;AAC9C,CAAC;AAEM,KAAK,UAAU,WAAW;IAC/B,MAAM,iBAAO,CAAC;IACd,MAAM,IAAA,oBAAK,GAAE,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,YAAoB,EACpB,SAAiB;;IAEjB,MAAM,KAAK,GAAG,MAAA,IAAA,yBAAY,GAAE,mCAAI,SAAS,CAAC;IAC1C,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,MAAM,IAAA,0BAAW,EACzC;QACE,IAAI,EAAE,qCAAc,CAAC,gCAAgC;QACrD,IAAI,EAAE,IAAA,sCAAe,GAAE;QACvB,KAAK,EAAE,EAAE,KAAK,EAAE;KACjB,EACD;QACE,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,YAAY,EAAE;SACxC;KACF,CACF,CAAC;IAEF,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,cAAM,CAAC,KAAK,CAAC,wCAAwC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QACxE,CAAC;aAAM,CAAC;YACN,cAAM,CAAC,KAAK,CAAC,wCAAwC,EAAE,KAAK,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,SAAS,CAAC,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,YAAY,mCAAI,EAAE,CAAC,CAAC;IAC1C,OAAO,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,YAAY,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,QAAgB,EAChB,QAQC;;IAED,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,MAAM,IAAA,0BAAW,EACzC;QACE,IAAI,EAAE,qCAAc,CAAC,iBAAiB;QACtC,IAAI,EAAE,IAAA,sCAAe,GAAE;QACvB,KAAK,EAAE,EAAE;KACV,EACD;QACE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,QAAQ,EAAE;YACnC,cAAc,EAAE,kBAAkB;SACnC;KACF,EACD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CACzB,CAAC;IAEF,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,cAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,cAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;QAC5D,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,SAAS,CAAC,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,YAAY,mCAAI,EAAE,CAAC,CAAC;IAC1C,OAAO,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,YAAY,CAAC;AAC5B,CAAC"}
|
package/dist/package.json
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "zephyr-agent",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.1-next.1",
|
|
4
4
|
"description": "Zephyr plugin agent",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -41,7 +41,7 @@
|
|
|
41
41
|
"open": "^10.1.0",
|
|
42
42
|
"proper-lockfile": "^4.1.2",
|
|
43
43
|
"tslib": "^2.8.1",
|
|
44
|
-
"zephyr-edge-contract": "1.1.
|
|
44
|
+
"zephyr-edge-contract": "1.1.1-next.1"
|
|
45
45
|
},
|
|
46
46
|
"devDependencies": {
|
|
47
47
|
"@jest/globals": "^29.7.0",
|