From 245f7dcb7fb29b93e18e35f59f0b195e0989b7f6 Mon Sep 17 00:00:00 2001 From: justin hartman Date: Fri, 4 Oct 2024 10:23:14 -0400 Subject: [PATCH 1/2] feat(publisher-s3): allow ACL omission This allows the caller to omit the ACL from the upload request, per Amazon's recommendation of using bucket owner-enforced permissions. --- packages/publisher/s3/src/Config.ts | 6 ++++++ packages/publisher/s3/src/PublisherS3.ts | 17 ++++++++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/packages/publisher/s3/src/Config.ts b/packages/publisher/s3/src/Config.ts index 0ff4d02c96..bcf9665ded 100644 --- a/packages/publisher/s3/src/Config.ts +++ b/packages/publisher/s3/src/Config.ts @@ -38,6 +38,12 @@ export interface PublisherS3Config { * Default: false */ public?: boolean; + /** + * Whether to omit the ACL when creating the S3 object + * + * Default: false + */ + omitAcl?: boolean; /** * The endpoint URI to send requests to. * diff --git a/packages/publisher/s3/src/PublisherS3.ts b/packages/publisher/s3/src/PublisherS3.ts index d7a05be60f..d76764866f 100644 --- a/packages/publisher/s3/src/PublisherS3.ts +++ b/packages/publisher/s3/src/PublisherS3.ts @@ -1,7 +1,7 @@ import fs from 'fs'; import path from 'path'; -import { S3Client } from '@aws-sdk/client-s3'; +import { PutObjectCommandInput, S3Client } from '@aws-sdk/client-s3'; import { Progress, Upload } from '@aws-sdk/lib-storage'; import { Credentials } from '@aws-sdk/types'; import { PublisherOptions, PublisherStatic } from '@electron-forge/publisher-static'; @@ -59,15 +59,18 @@ export default class PublisherS3 extends PublisherStatic { await Promise.all( artifacts.map(async (artifact) => { d('uploading:', artifact.path); + const params: PutObjectCommandInput = { + Body: fs.createReadStream(artifact.path), + Bucket: this.config.bucket, + Key: this.keyForArtifact(artifact), + }; + if (!this.config.omitAcl) { + params.ACL = this.config.public ? 'public-read' : 'private'; + } const uploader = new Upload({ client: s3Client, leavePartsOnError: true, - params: { - Body: fs.createReadStream(artifact.path), - Bucket: this.config.bucket, - Key: this.keyForArtifact(artifact), - ACL: this.config.public ? 'public-read' : 'private', - }, + params, }); uploader.on('httpUploadProgress', (progress: Progress) => { From 681fbf121d533c78152fc8e6057dd30e1f878cd4 Mon Sep 17 00:00:00 2001 From: JHartman5 Date: Fri, 18 Oct 2024 12:57:17 -0400 Subject: [PATCH 2/2] Update packages/publisher/s3/src/Config.ts Updates the documentation for the `omitAcl` option per the pull request review Co-authored-by: Felix Rieseberg --- packages/publisher/s3/src/Config.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/publisher/s3/src/Config.ts b/packages/publisher/s3/src/Config.ts index bcf9665ded..52abd50a30 100644 --- a/packages/publisher/s3/src/Config.ts +++ b/packages/publisher/s3/src/Config.ts @@ -39,7 +39,7 @@ export interface PublisherS3Config { */ public?: boolean; /** - * Whether to omit the ACL when creating the S3 object + * Whether to omit the ACL when creating the S3 object. If set, `public` will have no effect. * * Default: false */