Ensure artifacts are only uploaded in safe situations

This commit: Turns on uploading of artifacts again but only if CLI version is >= 2.20.3. I implemented the check using our feature flag functionality. I was on the fence about this since it makes the PR more complex. However, it does give us more flexibility when controlling artifact uploads. Also, I renamed the two workflows that were previously disabled. This way we will not accidentally enable the old workflows for previous versions of the action.
2025-01-25 15:31:35 -08:00 · 2025-01-25 15:31:35 -08:00 · 2bab9f7984
commit 2bab9f7984
parent e7c0c9d71b
17 changed files with 264 additions and 39 deletions
--- a/src/debug-artifacts.test.ts
+++ b/src/debug-artifacts.test.ts
@ -1,7 +1,9 @@
 import test from "ava";

 import * as debugArtifacts from "./debug-artifacts";
+import { Feature } from "./feature-flags";
 import { getActionsLogger } from "./logging";
+import { createFeatures } from "./testing-utils";
 import { GitHubVariant } from "./util";

 test("sanitizeArtifactName", (t) => {
@ -20,16 +22,102 @@ test("sanitizeArtifactName", (t) => {
  );
 });

-test("uploadDebugArtifacts", async (t) => {
+test("uploadDebugArtifacts when artifacts empty", async (t) => {
  // Test that no error is thrown if artifacts list is empty.
  const logger = getActionsLogger();
-  await t.notThrowsAsync(
-    debugArtifacts.uploadDebugArtifacts(
+  await t.notThrowsAsync(async () => {
+    const uploaded = await debugArtifacts.uploadDebugArtifacts(
      logger,
      [],
-      "rootDir",
+      "i-dont-exist",
      "artifactName",
      GitHubVariant.DOTCOM,
-    ),
-  );
+      true,
+    );
+    t.is(
+      uploaded,
+      "no-artifacts-to-upload",
+      "Should not have uploaded any artifacts",
+    );
+  });
+});
+
+test("uploadDebugArtifacts when true", async (t) => {
+  // Test that the artifact is uploaded.
+  const logger = getActionsLogger();
+  await t.notThrowsAsync(async () => {
+    const uploaded = await debugArtifacts.uploadDebugArtifacts(
+      logger,
+      ["hucairz"],
+      "i-dont-exist",
+      "artifactName",
+      GitHubVariant.DOTCOM,
+      true,
+    );
+    t.is(
+      uploaded,
+      "upload-failed",
+      "Expect failure to upload artifacts since root dir does not exist",
+    );
+  });
+});
+
+test("uploadDebugArtifacts when false", async (t) => {
+  // Test that the artifact is not uploaded.
+  const logger = getActionsLogger();
+  await t.notThrowsAsync(async () => {
+    const uploaded = await debugArtifacts.uploadDebugArtifacts(
+      logger,
+      ["hucairz"],
+      "i-dont-exist",
+      "artifactName",
+      GitHubVariant.DOTCOM,
+      false,
+    );
+    t.is(
+      uploaded,
+      "upload-not-supported",
+      "Should not have uploaded any artifacts",
+    );
+  });
+});
+
+test("uploadDebugArtifacts when feature enabled", async (t) => {
+  // Test that the artifact is uploaded.
+  const logger = getActionsLogger();
+  await t.notThrowsAsync(async () => {
+    const uploaded = await debugArtifacts.uploadDebugArtifacts(
+      logger,
+      ["hucairz"],
+      "i-dont-exist",
+      "artifactName",
+      GitHubVariant.DOTCOM,
+      createFeatures([Feature.SafeArtifactUpload]),
+    );
+    t.is(
+      uploaded,
+      "upload-failed",
+      "Expect failure to upload artifacts since root dir does not exist",
+    );
+  });
+});
+
+test("uploadDebugArtifacts when feature disabled", async (t) => {
+  // Test that the artifact is not uploaded.
+  const logger = getActionsLogger();
+  await t.notThrowsAsync(async () => {
+    const uploaded = await debugArtifacts.uploadDebugArtifacts(
+      logger,
+      ["hucairz"],
+      "i-dont-exist",
+      "artifactName",
+      GitHubVariant.DOTCOM,
+      createFeatures([]),
+    );
+    t.is(
+      uploaded,
+      "upload-not-supported",
+      "Expect failure to upload artifacts since root dir does not exist",
+    );
+  });
 });