From 65e34a8aa75f5bde397987b6ffe9822cd7d90247 Mon Sep 17 00:00:00 2001 From: Brian DeHamer Date: Fri, 6 Dec 2024 07:14:14 -0800 Subject: [PATCH] deduplicate subjects before adding to statement (#180) Signed-off-by: Brian DeHamer --- __tests__/subject.test.ts | 25 +++++++++++++++++++++++++ dist/index.js | 5 ++++- package-lock.json | 4 ++-- package.json | 2 +- src/subject.ts | 9 ++++++++- 5 files changed, 40 insertions(+), 5 deletions(-) diff --git a/__tests__/subject.test.ts b/__tests__/subject.test.ts index c4250b09..d1d16378 100644 --- a/__tests__/subject.test.ts +++ b/__tests__/subject.test.ts @@ -362,6 +362,31 @@ describe('subjectFromInputs', () => { }) }) }) + + describe('when duplicate subjects are supplied', () => { + let otherDir = '' + + // Add duplicate subject in alternate directory + beforeEach(async () => { + // Set-up temp directory + const tmpDir = await fs.realpath(os.tmpdir()) + otherDir = await fs.mkdtemp(tmpDir + path.sep) + + // Write file to temp directory + await fs.writeFile(path.join(otherDir, filename), content) + }) + + it('returns de-duplicated subjects', async () => { + const inputs: SubjectInputs = { + ...blankInputs, + subjectPath: `${path.join(dir, 'subject')}, ${path.join(otherDir, 'subject')} ` + } + const subjects = await subjectFromInputs(inputs) + + expect(subjects).toBeDefined() + expect(subjects).toHaveLength(1) + }) + }) }) }) diff --git a/dist/index.js b/dist/index.js index c1826116..f6d9726b 100644 --- a/dist/index.js +++ b/dist/index.js @@ -71205,7 +71205,10 @@ const getSubjectFromPath = async (subjectPath, subjectName) => { for (const file of files) { const name = subjectName || path_1.default.parse(file).base; const digest = await digestFile(DIGEST_ALGORITHM, file); - digestedSubjects.push({ name, digest: { [DIGEST_ALGORITHM]: digest } }); + // Only add the subject if it is not already in the list + if (!digestedSubjects.some(s => s.name === name && s.digest[DIGEST_ALGORITHM] === digest)) { + digestedSubjects.push({ name, digest: { [DIGEST_ALGORITHM]: digest } }); + } } if (digestedSubjects.length === 0) { throw new Error(`Could not find subject at path ${subjectPath}`); diff --git a/package-lock.json b/package-lock.json index 9d77add1..a55b8c8a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "actions/attest", - "version": "2.0.0", + "version": "2.0.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "actions/attest", - "version": "2.0.0", + "version": "2.0.1", "license": "MIT", "dependencies": { "@actions/attest": "^1.5.0", diff --git a/package.json b/package.json index 3905794e..ea6375d4 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "actions/attest", "description": "Generate signed attestations for workflow artifacts", - "version": "2.0.0", + "version": "2.0.1", "author": "", "private": true, "homepage": "https://github.com/actions/attest", diff --git a/src/subject.ts b/src/subject.ts index ae27a5a1..4fbfc89e 100644 --- a/src/subject.ts +++ b/src/subject.ts @@ -84,7 +84,14 @@ const getSubjectFromPath = async ( const name = subjectName || path.parse(file).base const digest = await digestFile(DIGEST_ALGORITHM, file) - digestedSubjects.push({ name, digest: { [DIGEST_ALGORITHM]: digest } }) + // Only add the subject if it is not already in the list + if ( + !digestedSubjects.some( + s => s.name === name && s.digest[DIGEST_ALGORITHM] === digest + ) + ) { + digestedSubjects.push({ name, digest: { [DIGEST_ALGORITHM]: digest } }) + } } if (digestedSubjects.length === 0) {