-
Notifications
You must be signed in to change notification settings - Fork 136
/
Copy pathverify.js
157 lines (147 loc) · 4.92 KB
/
verify.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
import {
isString,
isPlainObject,
isNil,
isArray,
isNumber,
isBoolean,
} from "lodash-es";
import urlJoin from "url-join";
import parseGithubUrl from "./parse-github-url.js";
import resolveConfig from "./resolve-config.js";
import { toOctokitOptions } from "./octokit.js";
import getError from "./get-error.js";
const isNonEmptyString = (value) => isString(value) && value.trim();
const oneOf = (enumArray) => (value) => enumArray.includes(value);
const isStringOrStringArray = (value) =>
isNonEmptyString(value) ||
(isArray(value) && value.every((string) => isNonEmptyString(string)));
const isArrayOf = (validator) => (array) =>
isArray(array) && array.every((value) => validator(value));
const canBeDisabled = (validator) => (value) =>
value === false || validator(value);
const VALIDATORS = {
proxy: canBeDisabled(
(proxy) =>
isNonEmptyString(proxy) ||
(isPlainObject(proxy) &&
isNonEmptyString(proxy.host) &&
isNumber(proxy.port)),
),
assets: isArrayOf(
(asset) =>
isStringOrStringArray(asset) ||
(isPlainObject(asset) && isStringOrStringArray(asset.path)),
),
successComment: canBeDisabled(isNonEmptyString),
successCommentCondition: canBeDisabled(isNonEmptyString),
failTitle: canBeDisabled(isNonEmptyString),
failComment: canBeDisabled(isNonEmptyString),
failCommentCondition: canBeDisabled(isNonEmptyString),
labels: canBeDisabled(isArrayOf(isNonEmptyString)),
assignees: isArrayOf(isNonEmptyString),
releasedLabels: canBeDisabled(isArrayOf(isNonEmptyString)),
addReleases: canBeDisabled(oneOf(["bottom", "top"])),
draftRelease: isBoolean,
releaseBodyTemplate: isNonEmptyString,
releaseNameTemplate: isNonEmptyString,
discussionCategoryName: canBeDisabled(isNonEmptyString),
};
export default async function verify(pluginConfig, context, { Octokit }) {
const {
env,
options: { repositoryUrl },
logger,
} = context;
const {
githubToken,
githubUrl,
githubApiPathPrefix,
githubApiUrl,
proxy,
...options
} = resolveConfig(pluginConfig, context);
const errors = Object.entries({ ...options, proxy }).reduce(
(errors, [option, value]) =>
!isNil(value) && !VALIDATORS[option](value)
? [
...errors,
getError(`EINVALID${option.toUpperCase()}`, { [option]: value }),
]
: errors,
[],
);
if (githubApiUrl) {
logger.log("Verify GitHub authentication (%s)", githubApiUrl);
} else if (githubUrl) {
logger.log(
"Verify GitHub authentication (%s)",
urlJoin(githubUrl, githubApiPathPrefix),
);
} else {
logger.log("Verify GitHub authentication");
}
const { repo, owner } = parseGithubUrl(repositoryUrl);
if (!owner || !repo) {
errors.push(getError("EINVALIDGITHUBURL"));
} else if (
githubToken &&
!errors.find(({ code }) => code === "EINVALIDPROXY")
) {
const octokit = new Octokit(
toOctokitOptions({
githubToken,
githubUrl,
githubApiPathPrefix,
githubApiUrl,
proxy,
}),
);
try {
const {
data: { permissions, clone_url },
} = await octokit.request("GET /repos/{owner}/{repo}", { repo, owner });
// Verify if Repository Name wasn't changed
const parsedCloneUrl = parseGithubUrl(clone_url);
if (
`${owner}/${repo}`.toLowerCase() !==
`${parsedCloneUrl.owner}/${parsedCloneUrl.repo}`.toLowerCase()
) {
errors.push(
getError("EMISMATCHGITHUBURL", { repositoryUrl, clone_url }),
);
}
// https://github.com/semantic-release/github/issues/182
// Do not check for permissions in GitHub actions, as the provided token is an installation access token.
// octokit.request("GET /repos/{owner}/{repo}", {repo, owner}) does not return the "permissions" key in that case.
// But GitHub Actions have all permissions required for @semantic-release/github to work
if (!env.GITHUB_ACTION && !permissions?.push) {
// If authenticated as GitHub App installation, `push` will always be false.
// We send another request to check if current authentication is an installation.
// Note: we cannot check if the installation has all required permissions, it's
// up to the user to make sure it has
if (
!(await octokit
.request("HEAD /installation/repositories", { per_page: 1 })
.catch(() => false))
) {
errors.push(getError("EGHNOPERMISSION", { owner, repo }));
}
}
} catch (error) {
if (error.status === 401) {
errors.push(getError("EINVALIDGHTOKEN", { owner, repo }));
} else if (error.status === 404) {
errors.push(getError("EMISSINGREPO", { owner, repo }));
} else {
throw error;
}
}
}
if (!githubToken) {
errors.push(getError("ENOGHTOKEN", { owner, repo }));
}
if (errors.length > 0) {
throw new AggregateError(errors);
}
}