-
-
Notifications
You must be signed in to change notification settings - Fork 108
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: handle malformed npm packages gracefully in extract action
- Loading branch information
1 parent
f52cc4c
commit d044659
Showing
7 changed files
with
955 additions
and
919 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,26 +2,26 @@ | |
| # Input hashes for repository rule npm_translate_lock(name = "npm", pnpm_lock = "@@//:pnpm-lock.yaml"). | ||
| # This file should be checked into version control along with the pnpm-lock.yaml file. | ||
| .npmrc=-2065072158 | ||
| pnpm-lock.yaml=-481966245 | ||
| pnpm-lock.yaml=-1309835144 | ||
| examples/npm_deps/patches/[email protected]=-442666336 | ||
| package.json=-275319675 | ||
| pnpm-workspace.yaml=-1178830835 | ||
| examples/js_binary/package.json=-41174383 | ||
| examples/linked_empty_node_modules/package.json=-1039372825 | ||
| examples/macro/package.json=857146175 | ||
| examples/npm_deps/package.json=-1377141392 | ||
| examples/npm_package/libs/lib_a/package.json=-1377103079 | ||
| examples/npm_package/packages/pkg_a/package.json=1006424040 | ||
| examples/npm_package/packages/pkg_b/package.json=1041247977 | ||
| examples/webpack_cli/package.json=1911342006 | ||
| js/private/coverage/bundle/package.json=-1543718929 | ||
| js/private/image/package.json=-1260474848 | ||
| js/private/test/image/package.json=-687546763 | ||
| js/private/test/js_run_devserver/package.json=-260856079 | ||
| js/private/worker/src/package.json=1608383745 | ||
| npm/private/test/package.json=1756993924 | ||
| npm/private/test/package.json=600650131 | ||
| npm/private/test/vendored/lodash-4.17.21.tgz=-1206623349 | ||
| npm/private/test/npm_package/package.json=-1991705133 | ||
| npm/private/test/vendored/is-odd/package.json=1041695223 | ||
| npm/private/test/vendored/semver-max/package.json=578664053 | ||
| examples/linked_empty_node_modules/package.json=-1039372825 | ||
| examples/npm_package/packages/pkg_d/package.json=1110895851 | ||
| js/private/image/package.json=-1260474848 | ||
| js/private/test/image/package.json=-687546763 | ||
| js/private/test/js_run_devserver/package.json=-260856079 | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -205,25 +205,20 @@ def _npm_package_store_impl(ctx): | |
| else: | ||
| package_store_directory = ctx.actions.declare_directory(package_store_directory_path) | ||
| if utils.is_tarball_extension(src.extension): | ||
| # npm packages are always published with one top-level directory inside the tarball, tho the name is not predictable | ||
| # we can use the --strip-components 1 argument with tar to strip one directory level | ||
| args = ctx.actions.args() | ||
| args.add("--extract") | ||
| args.add("--no-same-owner") | ||
| args.add("--no-same-permissions") | ||
| args.add("--strip-components") | ||
| args.add(str(1)) | ||
| args.add("--file") | ||
| args.add(src.path) | ||
| args.add("--directory") | ||
| args.add(package_store_directory.path) | ||
|
|
||
| # npm packages are always published with one top-level directory inside the tarball, | ||
| # tho the name is not predictable we can use the --strip-components 1 argument with | ||
| # tar to strip one directory level. Some packages have directory permissions missing | ||
| # executable which make the directories not listable ([email protected] for example). Run | ||
| # `chmod -R a+X` to fix up these packages (https://stackoverflow.com/a/14634721). | ||
| # See https://github.com/aspect-build/rules_js/issues/1637 for more info. | ||
| bsdtar = ctx.toolchains["@aspect_bazel_lib//lib:tar_toolchain_type"] | ||
| ctx.actions.run( | ||
| executable = bsdtar.tarinfo.binary, | ||
| ctx.actions.run_shell( | ||
| tools = [bsdtar.tarinfo.binary], | ||
| inputs = depset(direct = [src], transitive = [bsdtar.default.files]), | ||
| outputs = [package_store_directory], | ||
| arguments = [args], | ||
| command = bsdtar.tarinfo.binary.path + " --extract --no-same-owner --no-same-permissions --strip-components 1 --file " + | ||
| src.path + " --directory " + | ||
| package_store_directory.path + " && chmod -R a+X " + package_store_directory.path, | ||
| mnemonic = "NpmPackageExtract", | ||
| progress_message = "Extracting npm package {}@{}".format(package, version), | ||
| ) | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.