A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/npm/cli/commit/7d900c4656cfffc8cca93240c6cda4b441fbbfaa below:

oidc visibility check for provenance (#8467) · npm/cli@7d900c4 · GitHub

@@ -1317,6 +1317,7 @@ t.test('oidc token exchange - no provenance', t => {

 1317 1317

})

 1318 1318 1319 1319

t.test('oidc token exchange - provenance', (t) => {

 1320 +

const githubPrivateIdToken = githubIdToken({ visibility: 'private' })

 1320 1321

const githubPublicIdToken = githubIdToken({ visibility: 'public' })

 1321 1322

const gitlabPublicIdToken = gitlabIdToken({ visibility: 'public' })

 1322 1323

const SIGSTORE_ID_TOKEN = sigstoreIdToken()

@@ -1340,6 +1341,7 @@ t.test('oidc token exchange - provenance', (t) => {

 1340 1341

token: 'exchange-token',

 1341 1342

},

 1342 1343

provenance: true,

 1344 +

oidcVisibilityOptions: { public: true },

 1343 1345

}))

 1344 1346 1345 1347

t.test('default registry success gitlab', oidcPublishTest({

@@ -1357,6 +1359,7 @@ t.test('oidc token exchange - provenance', (t) => {

 1357 1359

token: 'exchange-token',

 1358 1360

},

 1359 1361

provenance: true,

 1362 +

oidcVisibilityOptions: { public: true },

 1360 1363

}))

 1361 1364 1362 1365

t.test('default registry success gitlab without SIGSTORE_ID_TOKEN', oidcPublishTest({

@@ -1376,6 +1379,10 @@ t.test('oidc token exchange - provenance', (t) => {

 1376 1379

provenance: false,

 1377 1380

}))

 1378 1381 1382 +

/**

 1383 +

* when the user sets provenance to true or false

 1384 +

* the OIDC flow should not concern itself with provenance at all

 1385 +

*/

 1379 1386

t.test('setting provenance true in config should enable provenance', oidcPublishTest({

 1380 1387

oidcOptions: { github: true },

 1381 1388

config: {

@@ -1475,5 +1482,95 @@ t.test('oidc token exchange - provenance', (t) => {

 1475 1482

provenance: false,

 1476 1483

}))

 1477 1484 1485 +

t.test('attempt to publish a private package with OIDC provenance should be false', oidcPublishTest({

 1486 +

oidcOptions: { github: true },

 1487 +

config: {

 1488 +

'//registry.npmjs.org/:_authToken': 'existing-fallback-token',

 1489 +

},

 1490 +

mockGithubOidcOptions: {

 1491 +

audience: 'npm:registry.npmjs.org',

 1492 +

idToken: githubPublicIdToken,

 1493 +

},

 1494 +

mockOidcTokenExchangeOptions: {

 1495 +

idToken: githubPublicIdToken,

 1496 +

body: {

 1497 +

token: 'exchange-token',

 1498 +

},

 1499 +

},

 1500 +

publishOptions: {

 1501 +

token: 'exchange-token',

 1502 +

},

 1503 +

provenance: false,

 1504 +

oidcVisibilityOptions: { public: false },

 1505 +

}))

 1506 + 1507 +

/** this call shows that if the repo is private, the visibility check will not be called */

 1508 +

t.test('attempt to publish a private repository with OIDC provenance should be false', oidcPublishTest({

 1509 +

oidcOptions: { github: true },

 1510 +

config: {

 1511 +

'//registry.npmjs.org/:_authToken': 'existing-fallback-token',

 1512 +

},

 1513 +

mockGithubOidcOptions: {

 1514 +

audience: 'npm:registry.npmjs.org',

 1515 +

idToken: githubPrivateIdToken,

 1516 +

},

 1517 +

mockOidcTokenExchangeOptions: {

 1518 +

idToken: githubPrivateIdToken,

 1519 +

body: {

 1520 +

token: 'exchange-token',

 1521 +

},

 1522 +

},

 1523 +

publishOptions: {

 1524 +

token: 'exchange-token',

 1525 +

},

 1526 +

provenance: false,

 1527 +

}))

 1528 + 1529 +

const provenanceFailures = [[

 1530 +

new Error('Valid error'),

 1531 +

'verbose oidc Failed to set provenance with message: Valid error',

 1532 +

], [

 1533 +

'Valid error',

 1534 +

'verbose oidc Failed to set provenance with message: Unknown error',

 1535 +

]]

 1536 + 1537 +

provenanceFailures.forEach(([error, logMessage], index) => {

 1538 +

t.test(`provenance visibility check failure, coverage for try-catch ${index}`, async t => {

 1539 +

const { npm, logs, joinedOutput } = await mockOidc(t, {

 1540 +

load: {

 1541 +

mocks: {

 1542 +

libnpmaccess: {

 1543 +

getVisibility: () => {

 1544 +

throw error

 1545 +

},

 1546 +

},

 1547 +

},

 1548 +

},

 1549 +

oidcOptions: { github: true },

 1550 +

config: {

 1551 +

'//registry.npmjs.org/:_authToken': 'existing-fallback-token',

 1552 +

},

 1553 +

mockGithubOidcOptions: {

 1554 +

audience: 'npm:registry.npmjs.org',

 1555 +

idToken: githubPublicIdToken,

 1556 +

},

 1557 +

mockOidcTokenExchangeOptions: {

 1558 +

idToken: githubPublicIdToken,

 1559 +

body: {

 1560 +

token: 'exchange-token',

 1561 +

},

 1562 +

},

 1563 +

publishOptions: {

 1564 +

token: 'exchange-token',

 1565 +

},

 1566 +

provenance: false,

 1567 +

})

 1568 + 1569 +

await npm.exec('publish', [])

 1570 +

t.match(joinedOutput(), '+ @npmcli/test-package@1.0.0')

 1571 +

t.ok(logs.includes(logMessage))

 1572 +

})

 1573 +

})

 1574 + 1478 1575

t.end()

 1479 1576

})

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4