mirror of
https://github.com/actions/cache.git
synced 2026-07-14 22:35:36 +08:00
feat: adopt @actions/cache 6.2.0 (cache-mode skip + read-denied warning)
Bumps @actions/cache to ^6.2.0 and rebuilds the vendored dist bundles. Note: package-lock.json must be regenerated with a registry install once @actions/cache 6.2.0 is published to npm, before this is merged.
This commit is contained in:
144
dist/restore-only/index.js
vendored
144
dist/restore-only/index.js
vendored
@@ -39021,7 +39021,7 @@ module.exports = { version: packageJson.version }
|
|||||||
/***/ 4012:
|
/***/ 4012:
|
||||||
/***/ ((module) => {
|
/***/ ((module) => {
|
||||||
|
|
||||||
module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.1.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}');
|
module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.2.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}');
|
||||||
|
|
||||||
/***/ })
|
/***/ })
|
||||||
|
|
||||||
@@ -43247,6 +43247,10 @@ const SystemTarPathOnWindows = `${process.env['SYSTEMDRIVE']}\\Windows\\System32
|
|||||||
const TarFilename = 'cache.tar';
|
const TarFilename = 'cache.tar';
|
||||||
const constants_ManifestFilename = 'manifest.txt';
|
const constants_ManifestFilename = 'manifest.txt';
|
||||||
const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository
|
const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository
|
||||||
|
// Prefix the cache backend embeds in a read-denial message (v2 twirp
|
||||||
|
// GetCacheEntryDownloadURL error or the GHES v1 `_apis/artifactcache` 403 body).
|
||||||
|
// Shared so cache.ts and cacheHttpClient.ts match the same contract value.
|
||||||
|
const CacheReadDeniedMessagePrefix = 'cache read denied:';
|
||||||
//# sourceMappingURL=constants.js.map
|
//# sourceMappingURL=constants.js.map
|
||||||
;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js
|
;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js
|
||||||
var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||||
@@ -92912,6 +92916,24 @@ function config_getCacheServiceVersion() {
|
|||||||
return 'v1';
|
return 'v1';
|
||||||
return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1';
|
return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1';
|
||||||
}
|
}
|
||||||
|
// The cache-mode lattice: readable = {read, write}, writable = {write,
|
||||||
|
// write-only}, none = neither.
|
||||||
|
const KNOWN_CACHE_MODES = ['none', 'read', 'write', 'write-only'];
|
||||||
|
// The effective cache-mode exported by the runner, or '' when not set.
|
||||||
|
function config_getCacheMode() {
|
||||||
|
return (process.env['ACTIONS_CACHE_MODE'] || '').trim().toLowerCase();
|
||||||
|
}
|
||||||
|
// Unset or unrecognized modes are permissive so behavior matches today.
|
||||||
|
function isCacheReadable(mode) {
|
||||||
|
if (!KNOWN_CACHE_MODES.includes(mode))
|
||||||
|
return true;
|
||||||
|
return mode === 'read' || mode === 'write';
|
||||||
|
}
|
||||||
|
function config_isCacheWritable(mode) {
|
||||||
|
if (!KNOWN_CACHE_MODES.includes(mode))
|
||||||
|
return true;
|
||||||
|
return mode === 'write' || mode === 'write-only';
|
||||||
|
}
|
||||||
function getCacheServiceURL() {
|
function getCacheServiceURL() {
|
||||||
const version = config_getCacheServiceVersion();
|
const version = config_getCacheServiceVersion();
|
||||||
// Based on the version of the cache service, we will determine which
|
// Based on the version of the cache service, we will determine which
|
||||||
@@ -92961,6 +92983,7 @@ var cacheHttpClient_awaiter = (undefined && undefined.__awaiter) || function (th
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
function getCacheApiUrl(resource) {
|
function getCacheApiUrl(resource) {
|
||||||
const baseUrl = getCacheServiceURL();
|
const baseUrl = getCacheServiceURL();
|
||||||
if (!baseUrl) {
|
if (!baseUrl) {
|
||||||
@@ -92988,6 +93011,7 @@ function createHttpClient() {
|
|||||||
}
|
}
|
||||||
function getCacheEntry(keys, paths, options) {
|
function getCacheEntry(keys, paths, options) {
|
||||||
return cacheHttpClient_awaiter(this, void 0, void 0, function* () {
|
return cacheHttpClient_awaiter(this, void 0, void 0, function* () {
|
||||||
|
var _a;
|
||||||
const httpClient = createHttpClient();
|
const httpClient = createHttpClient();
|
||||||
const version = getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive);
|
const version = getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive);
|
||||||
const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`;
|
const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`;
|
||||||
@@ -93001,6 +93025,12 @@ function getCacheEntry(keys, paths, options) {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (!requestUtils_isSuccessStatusCode(response.statusCode)) {
|
if (!requestUtils_isSuccessStatusCode(response.statusCode)) {
|
||||||
|
// Only surface the receiver's body for a `cache read denied:` policy denial
|
||||||
|
// so callers can dispatch on it; keep the generic message otherwise.
|
||||||
|
const errorMessage = (_a = response.error) === null || _a === void 0 ? void 0 : _a.message;
|
||||||
|
if (errorMessage === null || errorMessage === void 0 ? void 0 : errorMessage.includes(CacheReadDeniedMessagePrefix)) {
|
||||||
|
throw new Error(errorMessage);
|
||||||
|
}
|
||||||
throw new Error(`Cache service responded with ${response.statusCode}`);
|
throw new Error(`Cache service responded with ${response.statusCode}`);
|
||||||
}
|
}
|
||||||
const cacheResult = response.result;
|
const cacheResult = response.result;
|
||||||
@@ -94262,6 +94292,7 @@ var cache_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class ValidationError extends Error {
|
class ValidationError extends Error {
|
||||||
constructor(message) {
|
constructor(message) {
|
||||||
super(message);
|
super(message);
|
||||||
@@ -94277,19 +94308,20 @@ class ReserveCacheError extends Error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* Stable prefix the receiver writes into the cache reservation response when
|
* Stable prefix the cache service writes into the cache reservation response
|
||||||
* the issuer downgraded the cache token to read-only (for example, because
|
* when the issuer downgraded the cache token to read-only (for example, because
|
||||||
* the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2
|
* the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2
|
||||||
* dispatch on this prefix to re-classify the failure as a
|
* dispatch on this prefix to re-classify the failure as a CacheWriteDeniedError
|
||||||
* CacheWriteDeniedError so consumers (and the outer catch arm) can
|
* so consumers and tests can distinguish a policy denial from other reservation
|
||||||
* distinguish a policy denial from other reservation failures.
|
* failures. Internally it is logged as a non-fatal warning like other
|
||||||
|
* best-effort save failures.
|
||||||
*/
|
*/
|
||||||
const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:';
|
const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:';
|
||||||
/**
|
/**
|
||||||
* Raised when the cache backend refuses to reserve a writable cache entry
|
* Raised when the cache backend refuses to reserve a writable cache entry
|
||||||
* because the JWT issued for this run was scoped read-only (for example, the
|
* because the JWT issued for this run was scoped read-only (for example, the
|
||||||
* run was triggered by an event the repository administrator classified as
|
* run was triggered by an event the repository administrator classified as
|
||||||
* untrusted). The receiver-supplied detail message always begins with
|
* untrusted). The service-supplied detail message always begins with
|
||||||
* `cache write denied:` (the full error message includes additional context
|
* `cache write denied:` (the full error message includes additional context
|
||||||
* like the cache key).
|
* like the cache key).
|
||||||
*
|
*
|
||||||
@@ -94305,6 +94337,19 @@ class CacheWriteDeniedError extends ReserveCacheError {
|
|||||||
Object.setPrototypeOf(this, CacheWriteDeniedError.prototype);
|
Object.setPrototypeOf(this, CacheWriteDeniedError.prototype);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// Re-exported from constants so consumers keep referencing it here; the shared
|
||||||
|
// value also drives detection in cacheHttpClient without duplicating the string.
|
||||||
|
const CACHE_READ_DENIED_PREFIX = CacheReadDeniedMessagePrefix;
|
||||||
|
// Raised when the cache backend denies a download URL because the run's token
|
||||||
|
// has no readable cache scopes. Caching is best-effort, so restoreCache logs a
|
||||||
|
// warning and reports a cache miss rather than rethrowing this.
|
||||||
|
class CacheReadDeniedError extends Error {
|
||||||
|
constructor(message) {
|
||||||
|
super(message);
|
||||||
|
this.name = 'CacheReadDeniedError';
|
||||||
|
Object.setPrototypeOf(this, CacheReadDeniedError.prototype);
|
||||||
|
}
|
||||||
|
}
|
||||||
class FinalizeCacheError extends Error {
|
class FinalizeCacheError extends Error {
|
||||||
constructor(message) {
|
constructor(message) {
|
||||||
super(message);
|
super(message);
|
||||||
@@ -94359,6 +94404,12 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
const cacheServiceVersion = config_getCacheServiceVersion();
|
const cacheServiceVersion = config_getCacheServiceVersion();
|
||||||
core_debug(`Cache service version: ${cacheServiceVersion}`);
|
core_debug(`Cache service version: ${cacheServiceVersion}`);
|
||||||
checkPaths(paths);
|
checkPaths(paths);
|
||||||
|
const cacheMode = config_getCacheMode();
|
||||||
|
if (!isCacheReadable(cacheMode)) {
|
||||||
|
info(`Cache restore skipped: the effective cache-mode '${cacheMode}' does not permit reads.`);
|
||||||
|
core_debug(`Skipped restore for paths [${paths.join(', ')}] with primary key '${primaryKey}'.`);
|
||||||
|
return undefined;
|
||||||
|
}
|
||||||
switch (cacheServiceVersion) {
|
switch (cacheServiceVersion) {
|
||||||
case 'v2':
|
case 'v2':
|
||||||
return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive);
|
return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive);
|
||||||
@@ -94380,6 +94431,7 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
*/
|
*/
|
||||||
function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
||||||
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
||||||
|
var _a;
|
||||||
restoreKeys = restoreKeys || [];
|
restoreKeys = restoreKeys || [];
|
||||||
const keys = [primaryKey, ...restoreKeys];
|
const keys = [primaryKey, ...restoreKeys];
|
||||||
core_debug('Resolved Keys:');
|
core_debug('Resolved Keys:');
|
||||||
@@ -94394,10 +94446,26 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
let archivePath = '';
|
let archivePath = '';
|
||||||
try {
|
try {
|
||||||
// path are needed to compute version
|
// path are needed to compute version
|
||||||
const cacheEntry = yield getCacheEntry(keys, paths, {
|
let cacheEntry;
|
||||||
compressionMethod,
|
try {
|
||||||
enableCrossOsArchive
|
cacheEntry = yield getCacheEntry(keys, paths, {
|
||||||
});
|
compressionMethod,
|
||||||
|
enableCrossOsArchive
|
||||||
|
});
|
||||||
|
}
|
||||||
|
catch (error) {
|
||||||
|
// The v1 artifact cache service returns HTTP 403 with a
|
||||||
|
// `cache read denied:` body when the run's token has no readable cache
|
||||||
|
// scopes. getCacheEntry lives in a dependency-free internal module and
|
||||||
|
// cannot import CacheReadDeniedError without a circular dependency, so it
|
||||||
|
// only surfaces the raw denial message; we classify it into the typed
|
||||||
|
// error here so the outer catch and consumers can dispatch on it.
|
||||||
|
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
|
||||||
|
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
|
||||||
|
throw new CacheReadDeniedError(errorMessage);
|
||||||
|
}
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) {
|
if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) {
|
||||||
// Cache not found
|
// Cache not found
|
||||||
return undefined;
|
return undefined;
|
||||||
@@ -94426,7 +94494,9 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// warn on cache restore failure and continue build
|
// warn on cache restore failure and continue build
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
|
||||||
|
// so it falls here and is warned, treated as a cache miss.
|
||||||
if (typedError instanceof lib_HttpClientError &&
|
if (typedError instanceof lib_HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94461,6 +94531,7 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
*/
|
*/
|
||||||
function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
||||||
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
||||||
|
var _a;
|
||||||
// Override UploadOptions to force the use of Azure
|
// Override UploadOptions to force the use of Azure
|
||||||
options = Object.assign(Object.assign({}, options), { useAzureSdk: true });
|
options = Object.assign(Object.assign({}, options), { useAzureSdk: true });
|
||||||
restoreKeys = restoreKeys || [];
|
restoreKeys = restoreKeys || [];
|
||||||
@@ -94482,7 +94553,20 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
restoreKeys,
|
restoreKeys,
|
||||||
version: getCacheVersion(paths, compressionMethod, enableCrossOsArchive)
|
version: getCacheVersion(paths, compressionMethod, enableCrossOsArchive)
|
||||||
};
|
};
|
||||||
const response = yield twirpClient.GetCacheEntryDownloadURL(request);
|
let response;
|
||||||
|
try {
|
||||||
|
response = yield twirpClient.GetCacheEntryDownloadURL(request);
|
||||||
|
}
|
||||||
|
catch (error) {
|
||||||
|
// The receiver returns twirp PermissionDenied (403) when the run's token
|
||||||
|
// has no readable cache scopes. The client wraps that 403, so the stable
|
||||||
|
// prefix is embedded in the message rather than leading it.
|
||||||
|
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
|
||||||
|
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
|
||||||
|
throw new CacheReadDeniedError(errorMessage);
|
||||||
|
}
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
if (!response.ok) {
|
if (!response.ok) {
|
||||||
core_debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
|
core_debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
|
||||||
return undefined;
|
return undefined;
|
||||||
@@ -94517,8 +94601,10 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Supress all non-validation cache related errors because caching should be optional
|
// Suppress all non-validation cache related errors because caching should be optional
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
|
||||||
|
// so it falls here and is warned, treated as a cache miss.
|
||||||
if (typedError instanceof lib_HttpClientError &&
|
if (typedError instanceof lib_HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94557,6 +94643,12 @@ function cache_saveCache(paths_1, key_1, options_1) {
|
|||||||
core.debug(`Cache service version: ${cacheServiceVersion}`);
|
core.debug(`Cache service version: ${cacheServiceVersion}`);
|
||||||
checkPaths(paths);
|
checkPaths(paths);
|
||||||
checkKey(key);
|
checkKey(key);
|
||||||
|
const cacheMode = getCacheMode();
|
||||||
|
if (!isCacheWritable(cacheMode)) {
|
||||||
|
core.info(`Cache save skipped: the effective cache-mode '${cacheMode}' does not permit writes.`);
|
||||||
|
core.debug(`Skipped save for paths [${paths.join(', ')}] with key '${key}'.`);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
switch (cacheServiceVersion) {
|
switch (cacheServiceVersion) {
|
||||||
case 'v2':
|
case 'v2':
|
||||||
return yield saveCacheV2(paths, key, options, enableCrossOsArchive);
|
return yield saveCacheV2(paths, key, options, enableCrossOsArchive);
|
||||||
@@ -94634,17 +94726,14 @@ function saveCacheV1(paths_1, key_1, options_1) {
|
|||||||
if (typedError.name === ValidationError.name) {
|
if (typedError.name === ValidationError.name) {
|
||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else if (typedError.name === CacheWriteDeniedError.name) {
|
|
||||||
// Cache write was denied by policy (read-only token). Surface to the
|
|
||||||
// customer at warning level so it is visible in the workflow log
|
|
||||||
// without failing the run.
|
|
||||||
core.warning(`Failed to save: ${typedError.message}`);
|
|
||||||
}
|
|
||||||
else if (typedError.name === ReserveCacheError.name) {
|
else if (typedError.name === ReserveCacheError.name) {
|
||||||
core.info(`Failed to save: ${typedError.message}`);
|
core.info(`Failed to save: ${typedError.message}`);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A write denied by policy (CacheWriteDeniedError) is not an
|
||||||
|
// HttpClientError and its name does not match the ReserveCacheError arm,
|
||||||
|
// so it falls here and is warned without failing the run.
|
||||||
if (typedError instanceof HttpClientError &&
|
if (typedError instanceof HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94755,12 +94844,6 @@ function saveCacheV2(paths_1, key_1, options_1) {
|
|||||||
if (typedError.name === ValidationError.name) {
|
if (typedError.name === ValidationError.name) {
|
||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else if (typedError.name === CacheWriteDeniedError.name) {
|
|
||||||
// Cache write was denied by policy (read-only token). Surface to the
|
|
||||||
// customer at warning level so it is visible in the workflow log
|
|
||||||
// without failing the run.
|
|
||||||
core.warning(`Failed to save: ${typedError.message}`);
|
|
||||||
}
|
|
||||||
else if (typedError.name === ReserveCacheError.name) {
|
else if (typedError.name === ReserveCacheError.name) {
|
||||||
core.info(`Failed to save: ${typedError.message}`);
|
core.info(`Failed to save: ${typedError.message}`);
|
||||||
}
|
}
|
||||||
@@ -94768,7 +94851,10 @@ function saveCacheV2(paths_1, key_1, options_1) {
|
|||||||
core.warning(typedError.message);
|
core.warning(typedError.message);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A write denied by policy (CacheWriteDeniedError) is not an
|
||||||
|
// HttpClientError and its name does not match the ReserveCacheError arm,
|
||||||
|
// so it falls here and is warned without failing the run.
|
||||||
if (typedError instanceof HttpClientError &&
|
if (typedError instanceof HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
|
|||||||
144
dist/restore/index.js
vendored
144
dist/restore/index.js
vendored
@@ -39021,7 +39021,7 @@ module.exports = { version: packageJson.version }
|
|||||||
/***/ 4012:
|
/***/ 4012:
|
||||||
/***/ ((module) => {
|
/***/ ((module) => {
|
||||||
|
|
||||||
module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.1.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}');
|
module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.2.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}');
|
||||||
|
|
||||||
/***/ })
|
/***/ })
|
||||||
|
|
||||||
@@ -43247,6 +43247,10 @@ const SystemTarPathOnWindows = `${process.env['SYSTEMDRIVE']}\\Windows\\System32
|
|||||||
const TarFilename = 'cache.tar';
|
const TarFilename = 'cache.tar';
|
||||||
const constants_ManifestFilename = 'manifest.txt';
|
const constants_ManifestFilename = 'manifest.txt';
|
||||||
const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository
|
const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository
|
||||||
|
// Prefix the cache backend embeds in a read-denial message (v2 twirp
|
||||||
|
// GetCacheEntryDownloadURL error or the GHES v1 `_apis/artifactcache` 403 body).
|
||||||
|
// Shared so cache.ts and cacheHttpClient.ts match the same contract value.
|
||||||
|
const CacheReadDeniedMessagePrefix = 'cache read denied:';
|
||||||
//# sourceMappingURL=constants.js.map
|
//# sourceMappingURL=constants.js.map
|
||||||
;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js
|
;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js
|
||||||
var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||||
@@ -92912,6 +92916,24 @@ function config_getCacheServiceVersion() {
|
|||||||
return 'v1';
|
return 'v1';
|
||||||
return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1';
|
return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1';
|
||||||
}
|
}
|
||||||
|
// The cache-mode lattice: readable = {read, write}, writable = {write,
|
||||||
|
// write-only}, none = neither.
|
||||||
|
const KNOWN_CACHE_MODES = ['none', 'read', 'write', 'write-only'];
|
||||||
|
// The effective cache-mode exported by the runner, or '' when not set.
|
||||||
|
function config_getCacheMode() {
|
||||||
|
return (process.env['ACTIONS_CACHE_MODE'] || '').trim().toLowerCase();
|
||||||
|
}
|
||||||
|
// Unset or unrecognized modes are permissive so behavior matches today.
|
||||||
|
function isCacheReadable(mode) {
|
||||||
|
if (!KNOWN_CACHE_MODES.includes(mode))
|
||||||
|
return true;
|
||||||
|
return mode === 'read' || mode === 'write';
|
||||||
|
}
|
||||||
|
function config_isCacheWritable(mode) {
|
||||||
|
if (!KNOWN_CACHE_MODES.includes(mode))
|
||||||
|
return true;
|
||||||
|
return mode === 'write' || mode === 'write-only';
|
||||||
|
}
|
||||||
function getCacheServiceURL() {
|
function getCacheServiceURL() {
|
||||||
const version = config_getCacheServiceVersion();
|
const version = config_getCacheServiceVersion();
|
||||||
// Based on the version of the cache service, we will determine which
|
// Based on the version of the cache service, we will determine which
|
||||||
@@ -92961,6 +92983,7 @@ var cacheHttpClient_awaiter = (undefined && undefined.__awaiter) || function (th
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
function getCacheApiUrl(resource) {
|
function getCacheApiUrl(resource) {
|
||||||
const baseUrl = getCacheServiceURL();
|
const baseUrl = getCacheServiceURL();
|
||||||
if (!baseUrl) {
|
if (!baseUrl) {
|
||||||
@@ -92988,6 +93011,7 @@ function createHttpClient() {
|
|||||||
}
|
}
|
||||||
function getCacheEntry(keys, paths, options) {
|
function getCacheEntry(keys, paths, options) {
|
||||||
return cacheHttpClient_awaiter(this, void 0, void 0, function* () {
|
return cacheHttpClient_awaiter(this, void 0, void 0, function* () {
|
||||||
|
var _a;
|
||||||
const httpClient = createHttpClient();
|
const httpClient = createHttpClient();
|
||||||
const version = getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive);
|
const version = getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive);
|
||||||
const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`;
|
const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`;
|
||||||
@@ -93001,6 +93025,12 @@ function getCacheEntry(keys, paths, options) {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (!requestUtils_isSuccessStatusCode(response.statusCode)) {
|
if (!requestUtils_isSuccessStatusCode(response.statusCode)) {
|
||||||
|
// Only surface the receiver's body for a `cache read denied:` policy denial
|
||||||
|
// so callers can dispatch on it; keep the generic message otherwise.
|
||||||
|
const errorMessage = (_a = response.error) === null || _a === void 0 ? void 0 : _a.message;
|
||||||
|
if (errorMessage === null || errorMessage === void 0 ? void 0 : errorMessage.includes(CacheReadDeniedMessagePrefix)) {
|
||||||
|
throw new Error(errorMessage);
|
||||||
|
}
|
||||||
throw new Error(`Cache service responded with ${response.statusCode}`);
|
throw new Error(`Cache service responded with ${response.statusCode}`);
|
||||||
}
|
}
|
||||||
const cacheResult = response.result;
|
const cacheResult = response.result;
|
||||||
@@ -94262,6 +94292,7 @@ var cache_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class ValidationError extends Error {
|
class ValidationError extends Error {
|
||||||
constructor(message) {
|
constructor(message) {
|
||||||
super(message);
|
super(message);
|
||||||
@@ -94277,19 +94308,20 @@ class ReserveCacheError extends Error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* Stable prefix the receiver writes into the cache reservation response when
|
* Stable prefix the cache service writes into the cache reservation response
|
||||||
* the issuer downgraded the cache token to read-only (for example, because
|
* when the issuer downgraded the cache token to read-only (for example, because
|
||||||
* the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2
|
* the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2
|
||||||
* dispatch on this prefix to re-classify the failure as a
|
* dispatch on this prefix to re-classify the failure as a CacheWriteDeniedError
|
||||||
* CacheWriteDeniedError so consumers (and the outer catch arm) can
|
* so consumers and tests can distinguish a policy denial from other reservation
|
||||||
* distinguish a policy denial from other reservation failures.
|
* failures. Internally it is logged as a non-fatal warning like other
|
||||||
|
* best-effort save failures.
|
||||||
*/
|
*/
|
||||||
const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:';
|
const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:';
|
||||||
/**
|
/**
|
||||||
* Raised when the cache backend refuses to reserve a writable cache entry
|
* Raised when the cache backend refuses to reserve a writable cache entry
|
||||||
* because the JWT issued for this run was scoped read-only (for example, the
|
* because the JWT issued for this run was scoped read-only (for example, the
|
||||||
* run was triggered by an event the repository administrator classified as
|
* run was triggered by an event the repository administrator classified as
|
||||||
* untrusted). The receiver-supplied detail message always begins with
|
* untrusted). The service-supplied detail message always begins with
|
||||||
* `cache write denied:` (the full error message includes additional context
|
* `cache write denied:` (the full error message includes additional context
|
||||||
* like the cache key).
|
* like the cache key).
|
||||||
*
|
*
|
||||||
@@ -94305,6 +94337,19 @@ class CacheWriteDeniedError extends ReserveCacheError {
|
|||||||
Object.setPrototypeOf(this, CacheWriteDeniedError.prototype);
|
Object.setPrototypeOf(this, CacheWriteDeniedError.prototype);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// Re-exported from constants so consumers keep referencing it here; the shared
|
||||||
|
// value also drives detection in cacheHttpClient without duplicating the string.
|
||||||
|
const CACHE_READ_DENIED_PREFIX = CacheReadDeniedMessagePrefix;
|
||||||
|
// Raised when the cache backend denies a download URL because the run's token
|
||||||
|
// has no readable cache scopes. Caching is best-effort, so restoreCache logs a
|
||||||
|
// warning and reports a cache miss rather than rethrowing this.
|
||||||
|
class CacheReadDeniedError extends Error {
|
||||||
|
constructor(message) {
|
||||||
|
super(message);
|
||||||
|
this.name = 'CacheReadDeniedError';
|
||||||
|
Object.setPrototypeOf(this, CacheReadDeniedError.prototype);
|
||||||
|
}
|
||||||
|
}
|
||||||
class FinalizeCacheError extends Error {
|
class FinalizeCacheError extends Error {
|
||||||
constructor(message) {
|
constructor(message) {
|
||||||
super(message);
|
super(message);
|
||||||
@@ -94359,6 +94404,12 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
const cacheServiceVersion = config_getCacheServiceVersion();
|
const cacheServiceVersion = config_getCacheServiceVersion();
|
||||||
core_debug(`Cache service version: ${cacheServiceVersion}`);
|
core_debug(`Cache service version: ${cacheServiceVersion}`);
|
||||||
checkPaths(paths);
|
checkPaths(paths);
|
||||||
|
const cacheMode = config_getCacheMode();
|
||||||
|
if (!isCacheReadable(cacheMode)) {
|
||||||
|
info(`Cache restore skipped: the effective cache-mode '${cacheMode}' does not permit reads.`);
|
||||||
|
core_debug(`Skipped restore for paths [${paths.join(', ')}] with primary key '${primaryKey}'.`);
|
||||||
|
return undefined;
|
||||||
|
}
|
||||||
switch (cacheServiceVersion) {
|
switch (cacheServiceVersion) {
|
||||||
case 'v2':
|
case 'v2':
|
||||||
return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive);
|
return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive);
|
||||||
@@ -94380,6 +94431,7 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
*/
|
*/
|
||||||
function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
||||||
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
||||||
|
var _a;
|
||||||
restoreKeys = restoreKeys || [];
|
restoreKeys = restoreKeys || [];
|
||||||
const keys = [primaryKey, ...restoreKeys];
|
const keys = [primaryKey, ...restoreKeys];
|
||||||
core_debug('Resolved Keys:');
|
core_debug('Resolved Keys:');
|
||||||
@@ -94394,10 +94446,26 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
let archivePath = '';
|
let archivePath = '';
|
||||||
try {
|
try {
|
||||||
// path are needed to compute version
|
// path are needed to compute version
|
||||||
const cacheEntry = yield getCacheEntry(keys, paths, {
|
let cacheEntry;
|
||||||
compressionMethod,
|
try {
|
||||||
enableCrossOsArchive
|
cacheEntry = yield getCacheEntry(keys, paths, {
|
||||||
});
|
compressionMethod,
|
||||||
|
enableCrossOsArchive
|
||||||
|
});
|
||||||
|
}
|
||||||
|
catch (error) {
|
||||||
|
// The v1 artifact cache service returns HTTP 403 with a
|
||||||
|
// `cache read denied:` body when the run's token has no readable cache
|
||||||
|
// scopes. getCacheEntry lives in a dependency-free internal module and
|
||||||
|
// cannot import CacheReadDeniedError without a circular dependency, so it
|
||||||
|
// only surfaces the raw denial message; we classify it into the typed
|
||||||
|
// error here so the outer catch and consumers can dispatch on it.
|
||||||
|
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
|
||||||
|
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
|
||||||
|
throw new CacheReadDeniedError(errorMessage);
|
||||||
|
}
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) {
|
if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) {
|
||||||
// Cache not found
|
// Cache not found
|
||||||
return undefined;
|
return undefined;
|
||||||
@@ -94426,7 +94494,9 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// warn on cache restore failure and continue build
|
// warn on cache restore failure and continue build
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
|
||||||
|
// so it falls here and is warned, treated as a cache miss.
|
||||||
if (typedError instanceof lib_HttpClientError &&
|
if (typedError instanceof lib_HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94461,6 +94531,7 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
*/
|
*/
|
||||||
function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
||||||
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
||||||
|
var _a;
|
||||||
// Override UploadOptions to force the use of Azure
|
// Override UploadOptions to force the use of Azure
|
||||||
options = Object.assign(Object.assign({}, options), { useAzureSdk: true });
|
options = Object.assign(Object.assign({}, options), { useAzureSdk: true });
|
||||||
restoreKeys = restoreKeys || [];
|
restoreKeys = restoreKeys || [];
|
||||||
@@ -94482,7 +94553,20 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
restoreKeys,
|
restoreKeys,
|
||||||
version: getCacheVersion(paths, compressionMethod, enableCrossOsArchive)
|
version: getCacheVersion(paths, compressionMethod, enableCrossOsArchive)
|
||||||
};
|
};
|
||||||
const response = yield twirpClient.GetCacheEntryDownloadURL(request);
|
let response;
|
||||||
|
try {
|
||||||
|
response = yield twirpClient.GetCacheEntryDownloadURL(request);
|
||||||
|
}
|
||||||
|
catch (error) {
|
||||||
|
// The receiver returns twirp PermissionDenied (403) when the run's token
|
||||||
|
// has no readable cache scopes. The client wraps that 403, so the stable
|
||||||
|
// prefix is embedded in the message rather than leading it.
|
||||||
|
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
|
||||||
|
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
|
||||||
|
throw new CacheReadDeniedError(errorMessage);
|
||||||
|
}
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
if (!response.ok) {
|
if (!response.ok) {
|
||||||
core_debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
|
core_debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
|
||||||
return undefined;
|
return undefined;
|
||||||
@@ -94517,8 +94601,10 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Supress all non-validation cache related errors because caching should be optional
|
// Suppress all non-validation cache related errors because caching should be optional
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
|
||||||
|
// so it falls here and is warned, treated as a cache miss.
|
||||||
if (typedError instanceof lib_HttpClientError &&
|
if (typedError instanceof lib_HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94557,6 +94643,12 @@ function cache_saveCache(paths_1, key_1, options_1) {
|
|||||||
core.debug(`Cache service version: ${cacheServiceVersion}`);
|
core.debug(`Cache service version: ${cacheServiceVersion}`);
|
||||||
checkPaths(paths);
|
checkPaths(paths);
|
||||||
checkKey(key);
|
checkKey(key);
|
||||||
|
const cacheMode = getCacheMode();
|
||||||
|
if (!isCacheWritable(cacheMode)) {
|
||||||
|
core.info(`Cache save skipped: the effective cache-mode '${cacheMode}' does not permit writes.`);
|
||||||
|
core.debug(`Skipped save for paths [${paths.join(', ')}] with key '${key}'.`);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
switch (cacheServiceVersion) {
|
switch (cacheServiceVersion) {
|
||||||
case 'v2':
|
case 'v2':
|
||||||
return yield saveCacheV2(paths, key, options, enableCrossOsArchive);
|
return yield saveCacheV2(paths, key, options, enableCrossOsArchive);
|
||||||
@@ -94634,17 +94726,14 @@ function saveCacheV1(paths_1, key_1, options_1) {
|
|||||||
if (typedError.name === ValidationError.name) {
|
if (typedError.name === ValidationError.name) {
|
||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else if (typedError.name === CacheWriteDeniedError.name) {
|
|
||||||
// Cache write was denied by policy (read-only token). Surface to the
|
|
||||||
// customer at warning level so it is visible in the workflow log
|
|
||||||
// without failing the run.
|
|
||||||
core.warning(`Failed to save: ${typedError.message}`);
|
|
||||||
}
|
|
||||||
else if (typedError.name === ReserveCacheError.name) {
|
else if (typedError.name === ReserveCacheError.name) {
|
||||||
core.info(`Failed to save: ${typedError.message}`);
|
core.info(`Failed to save: ${typedError.message}`);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A write denied by policy (CacheWriteDeniedError) is not an
|
||||||
|
// HttpClientError and its name does not match the ReserveCacheError arm,
|
||||||
|
// so it falls here and is warned without failing the run.
|
||||||
if (typedError instanceof HttpClientError &&
|
if (typedError instanceof HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94755,12 +94844,6 @@ function saveCacheV2(paths_1, key_1, options_1) {
|
|||||||
if (typedError.name === ValidationError.name) {
|
if (typedError.name === ValidationError.name) {
|
||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else if (typedError.name === CacheWriteDeniedError.name) {
|
|
||||||
// Cache write was denied by policy (read-only token). Surface to the
|
|
||||||
// customer at warning level so it is visible in the workflow log
|
|
||||||
// without failing the run.
|
|
||||||
core.warning(`Failed to save: ${typedError.message}`);
|
|
||||||
}
|
|
||||||
else if (typedError.name === ReserveCacheError.name) {
|
else if (typedError.name === ReserveCacheError.name) {
|
||||||
core.info(`Failed to save: ${typedError.message}`);
|
core.info(`Failed to save: ${typedError.message}`);
|
||||||
}
|
}
|
||||||
@@ -94768,7 +94851,10 @@ function saveCacheV2(paths_1, key_1, options_1) {
|
|||||||
core.warning(typedError.message);
|
core.warning(typedError.message);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A write denied by policy (CacheWriteDeniedError) is not an
|
||||||
|
// HttpClientError and its name does not match the ReserveCacheError arm,
|
||||||
|
// so it falls here and is warned without failing the run.
|
||||||
if (typedError instanceof HttpClientError &&
|
if (typedError instanceof HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
|
|||||||
144
dist/save-only/index.js
vendored
144
dist/save-only/index.js
vendored
@@ -39021,7 +39021,7 @@ module.exports = { version: packageJson.version }
|
|||||||
/***/ 4012:
|
/***/ 4012:
|
||||||
/***/ ((module) => {
|
/***/ ((module) => {
|
||||||
|
|
||||||
module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.1.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}');
|
module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.2.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}');
|
||||||
|
|
||||||
/***/ })
|
/***/ })
|
||||||
|
|
||||||
@@ -43254,6 +43254,10 @@ const SystemTarPathOnWindows = `${process.env['SYSTEMDRIVE']}\\Windows\\System32
|
|||||||
const TarFilename = 'cache.tar';
|
const TarFilename = 'cache.tar';
|
||||||
const ManifestFilename = 'manifest.txt';
|
const ManifestFilename = 'manifest.txt';
|
||||||
const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository
|
const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository
|
||||||
|
// Prefix the cache backend embeds in a read-denial message (v2 twirp
|
||||||
|
// GetCacheEntryDownloadURL error or the GHES v1 `_apis/artifactcache` 403 body).
|
||||||
|
// Shared so cache.ts and cacheHttpClient.ts match the same contract value.
|
||||||
|
const constants_CacheReadDeniedMessagePrefix = 'cache read denied:';
|
||||||
//# sourceMappingURL=constants.js.map
|
//# sourceMappingURL=constants.js.map
|
||||||
;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js
|
;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js
|
||||||
var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||||
@@ -92918,6 +92922,24 @@ function config_getCacheServiceVersion() {
|
|||||||
return 'v1';
|
return 'v1';
|
||||||
return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1';
|
return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1';
|
||||||
}
|
}
|
||||||
|
// The cache-mode lattice: readable = {read, write}, writable = {write,
|
||||||
|
// write-only}, none = neither.
|
||||||
|
const KNOWN_CACHE_MODES = ['none', 'read', 'write', 'write-only'];
|
||||||
|
// The effective cache-mode exported by the runner, or '' when not set.
|
||||||
|
function config_getCacheMode() {
|
||||||
|
return (process.env['ACTIONS_CACHE_MODE'] || '').trim().toLowerCase();
|
||||||
|
}
|
||||||
|
// Unset or unrecognized modes are permissive so behavior matches today.
|
||||||
|
function config_isCacheReadable(mode) {
|
||||||
|
if (!KNOWN_CACHE_MODES.includes(mode))
|
||||||
|
return true;
|
||||||
|
return mode === 'read' || mode === 'write';
|
||||||
|
}
|
||||||
|
function isCacheWritable(mode) {
|
||||||
|
if (!KNOWN_CACHE_MODES.includes(mode))
|
||||||
|
return true;
|
||||||
|
return mode === 'write' || mode === 'write-only';
|
||||||
|
}
|
||||||
function getCacheServiceURL() {
|
function getCacheServiceURL() {
|
||||||
const version = config_getCacheServiceVersion();
|
const version = config_getCacheServiceVersion();
|
||||||
// Based on the version of the cache service, we will determine which
|
// Based on the version of the cache service, we will determine which
|
||||||
@@ -92967,6 +92989,7 @@ var cacheHttpClient_awaiter = (undefined && undefined.__awaiter) || function (th
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
function getCacheApiUrl(resource) {
|
function getCacheApiUrl(resource) {
|
||||||
const baseUrl = getCacheServiceURL();
|
const baseUrl = getCacheServiceURL();
|
||||||
if (!baseUrl) {
|
if (!baseUrl) {
|
||||||
@@ -92994,6 +93017,7 @@ function createHttpClient() {
|
|||||||
}
|
}
|
||||||
function getCacheEntry(keys, paths, options) {
|
function getCacheEntry(keys, paths, options) {
|
||||||
return cacheHttpClient_awaiter(this, void 0, void 0, function* () {
|
return cacheHttpClient_awaiter(this, void 0, void 0, function* () {
|
||||||
|
var _a;
|
||||||
const httpClient = createHttpClient();
|
const httpClient = createHttpClient();
|
||||||
const version = utils.getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive);
|
const version = utils.getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive);
|
||||||
const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`;
|
const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`;
|
||||||
@@ -93007,6 +93031,12 @@ function getCacheEntry(keys, paths, options) {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (!isSuccessStatusCode(response.statusCode)) {
|
if (!isSuccessStatusCode(response.statusCode)) {
|
||||||
|
// Only surface the receiver's body for a `cache read denied:` policy denial
|
||||||
|
// so callers can dispatch on it; keep the generic message otherwise.
|
||||||
|
const errorMessage = (_a = response.error) === null || _a === void 0 ? void 0 : _a.message;
|
||||||
|
if (errorMessage === null || errorMessage === void 0 ? void 0 : errorMessage.includes(CacheReadDeniedMessagePrefix)) {
|
||||||
|
throw new Error(errorMessage);
|
||||||
|
}
|
||||||
throw new Error(`Cache service responded with ${response.statusCode}`);
|
throw new Error(`Cache service responded with ${response.statusCode}`);
|
||||||
}
|
}
|
||||||
const cacheResult = response.result;
|
const cacheResult = response.result;
|
||||||
@@ -94267,6 +94297,7 @@ var cache_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class ValidationError extends Error {
|
class ValidationError extends Error {
|
||||||
constructor(message) {
|
constructor(message) {
|
||||||
super(message);
|
super(message);
|
||||||
@@ -94282,19 +94313,20 @@ class ReserveCacheError extends Error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* Stable prefix the receiver writes into the cache reservation response when
|
* Stable prefix the cache service writes into the cache reservation response
|
||||||
* the issuer downgraded the cache token to read-only (for example, because
|
* when the issuer downgraded the cache token to read-only (for example, because
|
||||||
* the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2
|
* the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2
|
||||||
* dispatch on this prefix to re-classify the failure as a
|
* dispatch on this prefix to re-classify the failure as a CacheWriteDeniedError
|
||||||
* CacheWriteDeniedError so consumers (and the outer catch arm) can
|
* so consumers and tests can distinguish a policy denial from other reservation
|
||||||
* distinguish a policy denial from other reservation failures.
|
* failures. Internally it is logged as a non-fatal warning like other
|
||||||
|
* best-effort save failures.
|
||||||
*/
|
*/
|
||||||
const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:';
|
const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:';
|
||||||
/**
|
/**
|
||||||
* Raised when the cache backend refuses to reserve a writable cache entry
|
* Raised when the cache backend refuses to reserve a writable cache entry
|
||||||
* because the JWT issued for this run was scoped read-only (for example, the
|
* because the JWT issued for this run was scoped read-only (for example, the
|
||||||
* run was triggered by an event the repository administrator classified as
|
* run was triggered by an event the repository administrator classified as
|
||||||
* untrusted). The receiver-supplied detail message always begins with
|
* untrusted). The service-supplied detail message always begins with
|
||||||
* `cache write denied:` (the full error message includes additional context
|
* `cache write denied:` (the full error message includes additional context
|
||||||
* like the cache key).
|
* like the cache key).
|
||||||
*
|
*
|
||||||
@@ -94310,6 +94342,19 @@ class CacheWriteDeniedError extends ReserveCacheError {
|
|||||||
Object.setPrototypeOf(this, CacheWriteDeniedError.prototype);
|
Object.setPrototypeOf(this, CacheWriteDeniedError.prototype);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// Re-exported from constants so consumers keep referencing it here; the shared
|
||||||
|
// value also drives detection in cacheHttpClient without duplicating the string.
|
||||||
|
const CACHE_READ_DENIED_PREFIX = (/* unused pure expression or super */ null && (CacheReadDeniedMessagePrefix));
|
||||||
|
// Raised when the cache backend denies a download URL because the run's token
|
||||||
|
// has no readable cache scopes. Caching is best-effort, so restoreCache logs a
|
||||||
|
// warning and reports a cache miss rather than rethrowing this.
|
||||||
|
class CacheReadDeniedError extends Error {
|
||||||
|
constructor(message) {
|
||||||
|
super(message);
|
||||||
|
this.name = 'CacheReadDeniedError';
|
||||||
|
Object.setPrototypeOf(this, CacheReadDeniedError.prototype);
|
||||||
|
}
|
||||||
|
}
|
||||||
class FinalizeCacheError extends Error {
|
class FinalizeCacheError extends Error {
|
||||||
constructor(message) {
|
constructor(message) {
|
||||||
super(message);
|
super(message);
|
||||||
@@ -94364,6 +94409,12 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
const cacheServiceVersion = getCacheServiceVersion();
|
const cacheServiceVersion = getCacheServiceVersion();
|
||||||
core.debug(`Cache service version: ${cacheServiceVersion}`);
|
core.debug(`Cache service version: ${cacheServiceVersion}`);
|
||||||
checkPaths(paths);
|
checkPaths(paths);
|
||||||
|
const cacheMode = getCacheMode();
|
||||||
|
if (!isCacheReadable(cacheMode)) {
|
||||||
|
core.info(`Cache restore skipped: the effective cache-mode '${cacheMode}' does not permit reads.`);
|
||||||
|
core.debug(`Skipped restore for paths [${paths.join(', ')}] with primary key '${primaryKey}'.`);
|
||||||
|
return undefined;
|
||||||
|
}
|
||||||
switch (cacheServiceVersion) {
|
switch (cacheServiceVersion) {
|
||||||
case 'v2':
|
case 'v2':
|
||||||
return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive);
|
return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive);
|
||||||
@@ -94385,6 +94436,7 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
*/
|
*/
|
||||||
function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
||||||
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
||||||
|
var _a;
|
||||||
restoreKeys = restoreKeys || [];
|
restoreKeys = restoreKeys || [];
|
||||||
const keys = [primaryKey, ...restoreKeys];
|
const keys = [primaryKey, ...restoreKeys];
|
||||||
core.debug('Resolved Keys:');
|
core.debug('Resolved Keys:');
|
||||||
@@ -94399,10 +94451,26 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
let archivePath = '';
|
let archivePath = '';
|
||||||
try {
|
try {
|
||||||
// path are needed to compute version
|
// path are needed to compute version
|
||||||
const cacheEntry = yield cacheHttpClient.getCacheEntry(keys, paths, {
|
let cacheEntry;
|
||||||
compressionMethod,
|
try {
|
||||||
enableCrossOsArchive
|
cacheEntry = yield cacheHttpClient.getCacheEntry(keys, paths, {
|
||||||
});
|
compressionMethod,
|
||||||
|
enableCrossOsArchive
|
||||||
|
});
|
||||||
|
}
|
||||||
|
catch (error) {
|
||||||
|
// The v1 artifact cache service returns HTTP 403 with a
|
||||||
|
// `cache read denied:` body when the run's token has no readable cache
|
||||||
|
// scopes. getCacheEntry lives in a dependency-free internal module and
|
||||||
|
// cannot import CacheReadDeniedError without a circular dependency, so it
|
||||||
|
// only surfaces the raw denial message; we classify it into the typed
|
||||||
|
// error here so the outer catch and consumers can dispatch on it.
|
||||||
|
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
|
||||||
|
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
|
||||||
|
throw new CacheReadDeniedError(errorMessage);
|
||||||
|
}
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) {
|
if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) {
|
||||||
// Cache not found
|
// Cache not found
|
||||||
return undefined;
|
return undefined;
|
||||||
@@ -94431,7 +94499,9 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// warn on cache restore failure and continue build
|
// warn on cache restore failure and continue build
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
|
||||||
|
// so it falls here and is warned, treated as a cache miss.
|
||||||
if (typedError instanceof HttpClientError &&
|
if (typedError instanceof HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94466,6 +94536,7 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
*/
|
*/
|
||||||
function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
||||||
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
||||||
|
var _a;
|
||||||
// Override UploadOptions to force the use of Azure
|
// Override UploadOptions to force the use of Azure
|
||||||
options = Object.assign(Object.assign({}, options), { useAzureSdk: true });
|
options = Object.assign(Object.assign({}, options), { useAzureSdk: true });
|
||||||
restoreKeys = restoreKeys || [];
|
restoreKeys = restoreKeys || [];
|
||||||
@@ -94487,7 +94558,20 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
restoreKeys,
|
restoreKeys,
|
||||||
version: utils.getCacheVersion(paths, compressionMethod, enableCrossOsArchive)
|
version: utils.getCacheVersion(paths, compressionMethod, enableCrossOsArchive)
|
||||||
};
|
};
|
||||||
const response = yield twirpClient.GetCacheEntryDownloadURL(request);
|
let response;
|
||||||
|
try {
|
||||||
|
response = yield twirpClient.GetCacheEntryDownloadURL(request);
|
||||||
|
}
|
||||||
|
catch (error) {
|
||||||
|
// The receiver returns twirp PermissionDenied (403) when the run's token
|
||||||
|
// has no readable cache scopes. The client wraps that 403, so the stable
|
||||||
|
// prefix is embedded in the message rather than leading it.
|
||||||
|
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
|
||||||
|
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
|
||||||
|
throw new CacheReadDeniedError(errorMessage);
|
||||||
|
}
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
if (!response.ok) {
|
if (!response.ok) {
|
||||||
core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
|
core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
|
||||||
return undefined;
|
return undefined;
|
||||||
@@ -94522,8 +94606,10 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Supress all non-validation cache related errors because caching should be optional
|
// Suppress all non-validation cache related errors because caching should be optional
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
|
||||||
|
// so it falls here and is warned, treated as a cache miss.
|
||||||
if (typedError instanceof HttpClientError &&
|
if (typedError instanceof HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94562,6 +94648,12 @@ function cache_saveCache(paths_1, key_1, options_1) {
|
|||||||
core_debug(`Cache service version: ${cacheServiceVersion}`);
|
core_debug(`Cache service version: ${cacheServiceVersion}`);
|
||||||
checkPaths(paths);
|
checkPaths(paths);
|
||||||
checkKey(key);
|
checkKey(key);
|
||||||
|
const cacheMode = config_getCacheMode();
|
||||||
|
if (!isCacheWritable(cacheMode)) {
|
||||||
|
info(`Cache save skipped: the effective cache-mode '${cacheMode}' does not permit writes.`);
|
||||||
|
core_debug(`Skipped save for paths [${paths.join(', ')}] with key '${key}'.`);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
switch (cacheServiceVersion) {
|
switch (cacheServiceVersion) {
|
||||||
case 'v2':
|
case 'v2':
|
||||||
return yield saveCacheV2(paths, key, options, enableCrossOsArchive);
|
return yield saveCacheV2(paths, key, options, enableCrossOsArchive);
|
||||||
@@ -94639,17 +94731,14 @@ function saveCacheV1(paths_1, key_1, options_1) {
|
|||||||
if (typedError.name === ValidationError.name) {
|
if (typedError.name === ValidationError.name) {
|
||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else if (typedError.name === CacheWriteDeniedError.name) {
|
|
||||||
// Cache write was denied by policy (read-only token). Surface to the
|
|
||||||
// customer at warning level so it is visible in the workflow log
|
|
||||||
// without failing the run.
|
|
||||||
warning(`Failed to save: ${typedError.message}`);
|
|
||||||
}
|
|
||||||
else if (typedError.name === ReserveCacheError.name) {
|
else if (typedError.name === ReserveCacheError.name) {
|
||||||
info(`Failed to save: ${typedError.message}`);
|
info(`Failed to save: ${typedError.message}`);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A write denied by policy (CacheWriteDeniedError) is not an
|
||||||
|
// HttpClientError and its name does not match the ReserveCacheError arm,
|
||||||
|
// so it falls here and is warned without failing the run.
|
||||||
if (typedError instanceof lib_HttpClientError &&
|
if (typedError instanceof lib_HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94760,12 +94849,6 @@ function saveCacheV2(paths_1, key_1, options_1) {
|
|||||||
if (typedError.name === ValidationError.name) {
|
if (typedError.name === ValidationError.name) {
|
||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else if (typedError.name === CacheWriteDeniedError.name) {
|
|
||||||
// Cache write was denied by policy (read-only token). Surface to the
|
|
||||||
// customer at warning level so it is visible in the workflow log
|
|
||||||
// without failing the run.
|
|
||||||
warning(`Failed to save: ${typedError.message}`);
|
|
||||||
}
|
|
||||||
else if (typedError.name === ReserveCacheError.name) {
|
else if (typedError.name === ReserveCacheError.name) {
|
||||||
info(`Failed to save: ${typedError.message}`);
|
info(`Failed to save: ${typedError.message}`);
|
||||||
}
|
}
|
||||||
@@ -94773,7 +94856,10 @@ function saveCacheV2(paths_1, key_1, options_1) {
|
|||||||
warning(typedError.message);
|
warning(typedError.message);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A write denied by policy (CacheWriteDeniedError) is not an
|
||||||
|
// HttpClientError and its name does not match the ReserveCacheError arm,
|
||||||
|
// so it falls here and is warned without failing the run.
|
||||||
if (typedError instanceof lib_HttpClientError &&
|
if (typedError instanceof lib_HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
|
|||||||
144
dist/save/index.js
vendored
144
dist/save/index.js
vendored
@@ -39021,7 +39021,7 @@ module.exports = { version: packageJson.version }
|
|||||||
/***/ 4012:
|
/***/ 4012:
|
||||||
/***/ ((module) => {
|
/***/ ((module) => {
|
||||||
|
|
||||||
module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.1.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}');
|
module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.2.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}');
|
||||||
|
|
||||||
/***/ })
|
/***/ })
|
||||||
|
|
||||||
@@ -43254,6 +43254,10 @@ const SystemTarPathOnWindows = `${process.env['SYSTEMDRIVE']}\\Windows\\System32
|
|||||||
const TarFilename = 'cache.tar';
|
const TarFilename = 'cache.tar';
|
||||||
const ManifestFilename = 'manifest.txt';
|
const ManifestFilename = 'manifest.txt';
|
||||||
const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository
|
const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository
|
||||||
|
// Prefix the cache backend embeds in a read-denial message (v2 twirp
|
||||||
|
// GetCacheEntryDownloadURL error or the GHES v1 `_apis/artifactcache` 403 body).
|
||||||
|
// Shared so cache.ts and cacheHttpClient.ts match the same contract value.
|
||||||
|
const constants_CacheReadDeniedMessagePrefix = 'cache read denied:';
|
||||||
//# sourceMappingURL=constants.js.map
|
//# sourceMappingURL=constants.js.map
|
||||||
;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js
|
;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js
|
||||||
var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||||
@@ -92918,6 +92922,24 @@ function config_getCacheServiceVersion() {
|
|||||||
return 'v1';
|
return 'v1';
|
||||||
return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1';
|
return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1';
|
||||||
}
|
}
|
||||||
|
// The cache-mode lattice: readable = {read, write}, writable = {write,
|
||||||
|
// write-only}, none = neither.
|
||||||
|
const KNOWN_CACHE_MODES = ['none', 'read', 'write', 'write-only'];
|
||||||
|
// The effective cache-mode exported by the runner, or '' when not set.
|
||||||
|
function config_getCacheMode() {
|
||||||
|
return (process.env['ACTIONS_CACHE_MODE'] || '').trim().toLowerCase();
|
||||||
|
}
|
||||||
|
// Unset or unrecognized modes are permissive so behavior matches today.
|
||||||
|
function config_isCacheReadable(mode) {
|
||||||
|
if (!KNOWN_CACHE_MODES.includes(mode))
|
||||||
|
return true;
|
||||||
|
return mode === 'read' || mode === 'write';
|
||||||
|
}
|
||||||
|
function isCacheWritable(mode) {
|
||||||
|
if (!KNOWN_CACHE_MODES.includes(mode))
|
||||||
|
return true;
|
||||||
|
return mode === 'write' || mode === 'write-only';
|
||||||
|
}
|
||||||
function getCacheServiceURL() {
|
function getCacheServiceURL() {
|
||||||
const version = config_getCacheServiceVersion();
|
const version = config_getCacheServiceVersion();
|
||||||
// Based on the version of the cache service, we will determine which
|
// Based on the version of the cache service, we will determine which
|
||||||
@@ -92967,6 +92989,7 @@ var cacheHttpClient_awaiter = (undefined && undefined.__awaiter) || function (th
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
function getCacheApiUrl(resource) {
|
function getCacheApiUrl(resource) {
|
||||||
const baseUrl = getCacheServiceURL();
|
const baseUrl = getCacheServiceURL();
|
||||||
if (!baseUrl) {
|
if (!baseUrl) {
|
||||||
@@ -92994,6 +93017,7 @@ function createHttpClient() {
|
|||||||
}
|
}
|
||||||
function getCacheEntry(keys, paths, options) {
|
function getCacheEntry(keys, paths, options) {
|
||||||
return cacheHttpClient_awaiter(this, void 0, void 0, function* () {
|
return cacheHttpClient_awaiter(this, void 0, void 0, function* () {
|
||||||
|
var _a;
|
||||||
const httpClient = createHttpClient();
|
const httpClient = createHttpClient();
|
||||||
const version = utils.getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive);
|
const version = utils.getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive);
|
||||||
const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`;
|
const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`;
|
||||||
@@ -93007,6 +93031,12 @@ function getCacheEntry(keys, paths, options) {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (!isSuccessStatusCode(response.statusCode)) {
|
if (!isSuccessStatusCode(response.statusCode)) {
|
||||||
|
// Only surface the receiver's body for a `cache read denied:` policy denial
|
||||||
|
// so callers can dispatch on it; keep the generic message otherwise.
|
||||||
|
const errorMessage = (_a = response.error) === null || _a === void 0 ? void 0 : _a.message;
|
||||||
|
if (errorMessage === null || errorMessage === void 0 ? void 0 : errorMessage.includes(CacheReadDeniedMessagePrefix)) {
|
||||||
|
throw new Error(errorMessage);
|
||||||
|
}
|
||||||
throw new Error(`Cache service responded with ${response.statusCode}`);
|
throw new Error(`Cache service responded with ${response.statusCode}`);
|
||||||
}
|
}
|
||||||
const cacheResult = response.result;
|
const cacheResult = response.result;
|
||||||
@@ -94267,6 +94297,7 @@ var cache_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class ValidationError extends Error {
|
class ValidationError extends Error {
|
||||||
constructor(message) {
|
constructor(message) {
|
||||||
super(message);
|
super(message);
|
||||||
@@ -94282,19 +94313,20 @@ class ReserveCacheError extends Error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* Stable prefix the receiver writes into the cache reservation response when
|
* Stable prefix the cache service writes into the cache reservation response
|
||||||
* the issuer downgraded the cache token to read-only (for example, because
|
* when the issuer downgraded the cache token to read-only (for example, because
|
||||||
* the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2
|
* the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2
|
||||||
* dispatch on this prefix to re-classify the failure as a
|
* dispatch on this prefix to re-classify the failure as a CacheWriteDeniedError
|
||||||
* CacheWriteDeniedError so consumers (and the outer catch arm) can
|
* so consumers and tests can distinguish a policy denial from other reservation
|
||||||
* distinguish a policy denial from other reservation failures.
|
* failures. Internally it is logged as a non-fatal warning like other
|
||||||
|
* best-effort save failures.
|
||||||
*/
|
*/
|
||||||
const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:';
|
const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:';
|
||||||
/**
|
/**
|
||||||
* Raised when the cache backend refuses to reserve a writable cache entry
|
* Raised when the cache backend refuses to reserve a writable cache entry
|
||||||
* because the JWT issued for this run was scoped read-only (for example, the
|
* because the JWT issued for this run was scoped read-only (for example, the
|
||||||
* run was triggered by an event the repository administrator classified as
|
* run was triggered by an event the repository administrator classified as
|
||||||
* untrusted). The receiver-supplied detail message always begins with
|
* untrusted). The service-supplied detail message always begins with
|
||||||
* `cache write denied:` (the full error message includes additional context
|
* `cache write denied:` (the full error message includes additional context
|
||||||
* like the cache key).
|
* like the cache key).
|
||||||
*
|
*
|
||||||
@@ -94310,6 +94342,19 @@ class CacheWriteDeniedError extends ReserveCacheError {
|
|||||||
Object.setPrototypeOf(this, CacheWriteDeniedError.prototype);
|
Object.setPrototypeOf(this, CacheWriteDeniedError.prototype);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// Re-exported from constants so consumers keep referencing it here; the shared
|
||||||
|
// value also drives detection in cacheHttpClient without duplicating the string.
|
||||||
|
const CACHE_READ_DENIED_PREFIX = (/* unused pure expression or super */ null && (CacheReadDeniedMessagePrefix));
|
||||||
|
// Raised when the cache backend denies a download URL because the run's token
|
||||||
|
// has no readable cache scopes. Caching is best-effort, so restoreCache logs a
|
||||||
|
// warning and reports a cache miss rather than rethrowing this.
|
||||||
|
class CacheReadDeniedError extends Error {
|
||||||
|
constructor(message) {
|
||||||
|
super(message);
|
||||||
|
this.name = 'CacheReadDeniedError';
|
||||||
|
Object.setPrototypeOf(this, CacheReadDeniedError.prototype);
|
||||||
|
}
|
||||||
|
}
|
||||||
class FinalizeCacheError extends Error {
|
class FinalizeCacheError extends Error {
|
||||||
constructor(message) {
|
constructor(message) {
|
||||||
super(message);
|
super(message);
|
||||||
@@ -94364,6 +94409,12 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
const cacheServiceVersion = getCacheServiceVersion();
|
const cacheServiceVersion = getCacheServiceVersion();
|
||||||
core.debug(`Cache service version: ${cacheServiceVersion}`);
|
core.debug(`Cache service version: ${cacheServiceVersion}`);
|
||||||
checkPaths(paths);
|
checkPaths(paths);
|
||||||
|
const cacheMode = getCacheMode();
|
||||||
|
if (!isCacheReadable(cacheMode)) {
|
||||||
|
core.info(`Cache restore skipped: the effective cache-mode '${cacheMode}' does not permit reads.`);
|
||||||
|
core.debug(`Skipped restore for paths [${paths.join(', ')}] with primary key '${primaryKey}'.`);
|
||||||
|
return undefined;
|
||||||
|
}
|
||||||
switch (cacheServiceVersion) {
|
switch (cacheServiceVersion) {
|
||||||
case 'v2':
|
case 'v2':
|
||||||
return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive);
|
return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive);
|
||||||
@@ -94385,6 +94436,7 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
*/
|
*/
|
||||||
function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
||||||
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
||||||
|
var _a;
|
||||||
restoreKeys = restoreKeys || [];
|
restoreKeys = restoreKeys || [];
|
||||||
const keys = [primaryKey, ...restoreKeys];
|
const keys = [primaryKey, ...restoreKeys];
|
||||||
core.debug('Resolved Keys:');
|
core.debug('Resolved Keys:');
|
||||||
@@ -94399,10 +94451,26 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
let archivePath = '';
|
let archivePath = '';
|
||||||
try {
|
try {
|
||||||
// path are needed to compute version
|
// path are needed to compute version
|
||||||
const cacheEntry = yield cacheHttpClient.getCacheEntry(keys, paths, {
|
let cacheEntry;
|
||||||
compressionMethod,
|
try {
|
||||||
enableCrossOsArchive
|
cacheEntry = yield cacheHttpClient.getCacheEntry(keys, paths, {
|
||||||
});
|
compressionMethod,
|
||||||
|
enableCrossOsArchive
|
||||||
|
});
|
||||||
|
}
|
||||||
|
catch (error) {
|
||||||
|
// The v1 artifact cache service returns HTTP 403 with a
|
||||||
|
// `cache read denied:` body when the run's token has no readable cache
|
||||||
|
// scopes. getCacheEntry lives in a dependency-free internal module and
|
||||||
|
// cannot import CacheReadDeniedError without a circular dependency, so it
|
||||||
|
// only surfaces the raw denial message; we classify it into the typed
|
||||||
|
// error here so the outer catch and consumers can dispatch on it.
|
||||||
|
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
|
||||||
|
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
|
||||||
|
throw new CacheReadDeniedError(errorMessage);
|
||||||
|
}
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) {
|
if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) {
|
||||||
// Cache not found
|
// Cache not found
|
||||||
return undefined;
|
return undefined;
|
||||||
@@ -94431,7 +94499,9 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// warn on cache restore failure and continue build
|
// warn on cache restore failure and continue build
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
|
||||||
|
// so it falls here and is warned, treated as a cache miss.
|
||||||
if (typedError instanceof HttpClientError &&
|
if (typedError instanceof HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94466,6 +94536,7 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
*/
|
*/
|
||||||
function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
||||||
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
|
||||||
|
var _a;
|
||||||
// Override UploadOptions to force the use of Azure
|
// Override UploadOptions to force the use of Azure
|
||||||
options = Object.assign(Object.assign({}, options), { useAzureSdk: true });
|
options = Object.assign(Object.assign({}, options), { useAzureSdk: true });
|
||||||
restoreKeys = restoreKeys || [];
|
restoreKeys = restoreKeys || [];
|
||||||
@@ -94487,7 +94558,20 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
restoreKeys,
|
restoreKeys,
|
||||||
version: utils.getCacheVersion(paths, compressionMethod, enableCrossOsArchive)
|
version: utils.getCacheVersion(paths, compressionMethod, enableCrossOsArchive)
|
||||||
};
|
};
|
||||||
const response = yield twirpClient.GetCacheEntryDownloadURL(request);
|
let response;
|
||||||
|
try {
|
||||||
|
response = yield twirpClient.GetCacheEntryDownloadURL(request);
|
||||||
|
}
|
||||||
|
catch (error) {
|
||||||
|
// The receiver returns twirp PermissionDenied (403) when the run's token
|
||||||
|
// has no readable cache scopes. The client wraps that 403, so the stable
|
||||||
|
// prefix is embedded in the message rather than leading it.
|
||||||
|
const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
|
||||||
|
if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) {
|
||||||
|
throw new CacheReadDeniedError(errorMessage);
|
||||||
|
}
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
if (!response.ok) {
|
if (!response.ok) {
|
||||||
core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
|
core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
|
||||||
return undefined;
|
return undefined;
|
||||||
@@ -94522,8 +94606,10 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) {
|
|||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Supress all non-validation cache related errors because caching should be optional
|
// Suppress all non-validation cache related errors because caching should be optional
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A read denied by policy (CacheReadDeniedError) is not an HttpClientError
|
||||||
|
// so it falls here and is warned, treated as a cache miss.
|
||||||
if (typedError instanceof HttpClientError &&
|
if (typedError instanceof HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94562,6 +94648,12 @@ function cache_saveCache(paths_1, key_1, options_1) {
|
|||||||
core_debug(`Cache service version: ${cacheServiceVersion}`);
|
core_debug(`Cache service version: ${cacheServiceVersion}`);
|
||||||
checkPaths(paths);
|
checkPaths(paths);
|
||||||
checkKey(key);
|
checkKey(key);
|
||||||
|
const cacheMode = config_getCacheMode();
|
||||||
|
if (!isCacheWritable(cacheMode)) {
|
||||||
|
info(`Cache save skipped: the effective cache-mode '${cacheMode}' does not permit writes.`);
|
||||||
|
core_debug(`Skipped save for paths [${paths.join(', ')}] with key '${key}'.`);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
switch (cacheServiceVersion) {
|
switch (cacheServiceVersion) {
|
||||||
case 'v2':
|
case 'v2':
|
||||||
return yield saveCacheV2(paths, key, options, enableCrossOsArchive);
|
return yield saveCacheV2(paths, key, options, enableCrossOsArchive);
|
||||||
@@ -94639,17 +94731,14 @@ function saveCacheV1(paths_1, key_1, options_1) {
|
|||||||
if (typedError.name === ValidationError.name) {
|
if (typedError.name === ValidationError.name) {
|
||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else if (typedError.name === CacheWriteDeniedError.name) {
|
|
||||||
// Cache write was denied by policy (read-only token). Surface to the
|
|
||||||
// customer at warning level so it is visible in the workflow log
|
|
||||||
// without failing the run.
|
|
||||||
warning(`Failed to save: ${typedError.message}`);
|
|
||||||
}
|
|
||||||
else if (typedError.name === ReserveCacheError.name) {
|
else if (typedError.name === ReserveCacheError.name) {
|
||||||
info(`Failed to save: ${typedError.message}`);
|
info(`Failed to save: ${typedError.message}`);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A write denied by policy (CacheWriteDeniedError) is not an
|
||||||
|
// HttpClientError and its name does not match the ReserveCacheError arm,
|
||||||
|
// so it falls here and is warned without failing the run.
|
||||||
if (typedError instanceof lib_HttpClientError &&
|
if (typedError instanceof lib_HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
@@ -94760,12 +94849,6 @@ function saveCacheV2(paths_1, key_1, options_1) {
|
|||||||
if (typedError.name === ValidationError.name) {
|
if (typedError.name === ValidationError.name) {
|
||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
else if (typedError.name === CacheWriteDeniedError.name) {
|
|
||||||
// Cache write was denied by policy (read-only token). Surface to the
|
|
||||||
// customer at warning level so it is visible in the workflow log
|
|
||||||
// without failing the run.
|
|
||||||
warning(`Failed to save: ${typedError.message}`);
|
|
||||||
}
|
|
||||||
else if (typedError.name === ReserveCacheError.name) {
|
else if (typedError.name === ReserveCacheError.name) {
|
||||||
info(`Failed to save: ${typedError.message}`);
|
info(`Failed to save: ${typedError.message}`);
|
||||||
}
|
}
|
||||||
@@ -94773,7 +94856,10 @@ function saveCacheV2(paths_1, key_1, options_1) {
|
|||||||
warning(typedError.message);
|
warning(typedError.message);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Log server errors (5xx) as errors, all other errors as warnings
|
// Log server errors (5xx) as errors, all other errors as warnings.
|
||||||
|
// A write denied by policy (CacheWriteDeniedError) is not an
|
||||||
|
// HttpClientError and its name does not match the ReserveCacheError arm,
|
||||||
|
// so it falls here and is warned without failing the run.
|
||||||
if (typedError instanceof lib_HttpClientError &&
|
if (typedError instanceof lib_HttpClientError &&
|
||||||
typeof typedError.statusCode === 'number' &&
|
typeof typedError.statusCode === 'number' &&
|
||||||
typedError.statusCode >= 500) {
|
typedError.statusCode >= 500) {
|
||||||
|
|||||||
@@ -24,7 +24,7 @@
|
|||||||
"author": "GitHub",
|
"author": "GitHub",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@actions/cache": "^6.1.0",
|
"@actions/cache": "^6.2.0",
|
||||||
"@actions/core": "^3.0.1",
|
"@actions/core": "^3.0.1",
|
||||||
"@actions/exec": "^3.0.0",
|
"@actions/exec": "^3.0.0",
|
||||||
"@actions/io": "^3.0.2"
|
"@actions/io": "^3.0.2"
|
||||||
|
|||||||
Reference in New Issue
Block a user