From b2f4bcbe5fc942968b2ff3ddec0c70b1e930d4a4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 17 Jun 2026 14:35:08 +0000 Subject: [PATCH] refactor: make gpg.ts generic, move Adoptium-specific constant to temurin distribution --- __tests__/distributors/temurin-installer.test.ts | 5 +++-- __tests__/gpg.test.ts | 6 ++++-- dist/cleanup/index.js | 6 ++---- dist/setup/index.js | 11 +++++------ src/distributions/temurin/installer.ts | 5 ++++- src/gpg.ts | 5 +---- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/__tests__/distributors/temurin-installer.test.ts b/__tests__/distributors/temurin-installer.test.ts index f4dd02c7..c9d992bb 100644 --- a/__tests__/distributors/temurin-installer.test.ts +++ b/__tests__/distributors/temurin-installer.test.ts @@ -4,7 +4,8 @@ import fs from 'fs'; import os from 'os'; import { TemurinDistribution, - TemurinImplementation + TemurinImplementation, + ADOPTIUM_SIGNATURE_KEY_FINGERPRINT } from '../../src/distributions/temurin/installer'; import {JavaInstallerOptions} from '../../src/distributions/base-models'; import * as util from '../../src/util'; @@ -334,7 +335,7 @@ describe('downloadTool', () => { expect(spyVerifySignature).toHaveBeenCalledWith( '/tmp/jdk.tar.gz', 'https://example.com/jdk.tar.gz.sig', - gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT + ADOPTIUM_SIGNATURE_KEY_FINGERPRINT ); }); diff --git a/__tests__/gpg.test.ts b/__tests__/gpg.test.ts index f9b227ce..9649c7c8 100644 --- a/__tests__/gpg.test.ts +++ b/__tests__/gpg.test.ts @@ -61,10 +61,12 @@ describe('gpg tests', () => { describe('verifyPackageSignature', () => { it('downloads signature and verifies package', async () => { + const testFingerprint = '3B04D753C9050D9A5D343F39843C48A565F8F04B'; (tc.downloadTool as jest.Mock).mockResolvedValue('/tmp/jdk.tar.gz.sig'); await gpg.verifyPackageSignature( '/tmp/jdk.tar.gz', - 'https://example.com/jdk.tar.gz.sig' + 'https://example.com/jdk.tar.gz.sig', + testFingerprint ); expect(tc.downloadTool).toHaveBeenCalledWith( @@ -78,7 +80,7 @@ describe('gpg tests', () => { '--keyserver', 'keyserver.ubuntu.com', '--recv-keys', - gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT + testFingerprint ], expect.objectContaining({silent: true}) ); diff --git a/dist/cleanup/index.js b/dist/cleanup/index.js index f4ff7e96..c11397fc 100644 --- a/dist/cleanup/index.js +++ b/dist/cleanup/index.js @@ -52067,7 +52067,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge }); }; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = exports.PRIVATE_KEY_FILE = void 0; +exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.PRIVATE_KEY_FILE = void 0; const fs = __importStar(__nccwpck_require__(79896)); const path = __importStar(__nccwpck_require__(16928)); const io = __importStar(__nccwpck_require__(94994)); @@ -52075,7 +52075,6 @@ const exec = __importStar(__nccwpck_require__(95236)); const tc = __importStar(__nccwpck_require__(33472)); const util = __importStar(__nccwpck_require__(54527)); exports.PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc'); -exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = '3B04D753C9050D9A5D343F39843C48A565F8F04B'; const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/; function importKey(privateKey) { return __awaiter(this, void 0, void 0, function* () { @@ -52113,7 +52112,7 @@ function deleteKey(keyFingerprint) { }); } exports.deleteKey = deleteKey; -function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT) { +function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint) { return __awaiter(this, void 0, void 0, function* () { const signaturePath = yield tc.downloadTool(signatureUrl); let gpgHome; @@ -52128,7 +52127,6 @@ function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = expo const options = { silent: true, env }; yield exec.exec('gpg', [ '--batch', - // Adoptium release-signing docs recommend keyserver.ubuntu.com for key retrieval. '--keyserver', 'keyserver.ubuntu.com', '--recv-keys', diff --git a/dist/setup/index.js b/dist/setup/index.js index 9fe3700c..b1658252 100644 --- a/dist/setup/index.js +++ b/dist/setup/index.js @@ -80247,7 +80247,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.TemurinDistribution = exports.TemurinImplementation = void 0; +exports.TemurinDistribution = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = exports.TemurinImplementation = void 0; const core = __importStar(__nccwpck_require__(37484)); const tc = __importStar(__nccwpck_require__(33472)); const fs_1 = __importDefault(__nccwpck_require__(79896)); @@ -80260,6 +80260,7 @@ var TemurinImplementation; (function (TemurinImplementation) { TemurinImplementation["Hotspot"] = "Hotspot"; })(TemurinImplementation || (exports.TemurinImplementation = TemurinImplementation = {})); +exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = '3B04D753C9050D9A5D343F39843C48A565F8F04B'; class TemurinDistribution extends base_installer_1.JavaBase { constructor(installerOptions, jvmImpl) { super(`Temurin-${jvmImpl}`, installerOptions); @@ -80307,7 +80308,7 @@ class TemurinDistribution extends base_installer_1.JavaBase { } core.info(`Verifying Java package signature...`); try { - yield gpg.verifyPackageSignature(javaArchivePath, javaRelease.signatureUrl, gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT); + yield gpg.verifyPackageSignature(javaArchivePath, javaRelease.signatureUrl, exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT); } catch (error) { throw new Error(`Failed to verify signature for Temurin version ${javaRelease.version} from ${javaRelease.signatureUrl}: ${error.message}`); @@ -80624,7 +80625,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge }); }; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = exports.PRIVATE_KEY_FILE = void 0; +exports.verifyPackageSignature = exports.deleteKey = exports.importKey = exports.PRIVATE_KEY_FILE = void 0; const fs = __importStar(__nccwpck_require__(79896)); const path = __importStar(__nccwpck_require__(16928)); const io = __importStar(__nccwpck_require__(94994)); @@ -80632,7 +80633,6 @@ const exec = __importStar(__nccwpck_require__(95236)); const tc = __importStar(__nccwpck_require__(33472)); const util = __importStar(__nccwpck_require__(54527)); exports.PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc'); -exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = '3B04D753C9050D9A5D343F39843C48A565F8F04B'; const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/; function importKey(privateKey) { return __awaiter(this, void 0, void 0, function* () { @@ -80670,7 +80670,7 @@ function deleteKey(keyFingerprint) { }); } exports.deleteKey = deleteKey; -function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = exports.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT) { +function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint) { return __awaiter(this, void 0, void 0, function* () { const signaturePath = yield tc.downloadTool(signatureUrl); let gpgHome; @@ -80685,7 +80685,6 @@ function verifyPackageSignature(archivePath, signatureUrl, keyFingerprint = expo const options = { silent: true, env }; yield exec.exec('gpg', [ '--batch', - // Adoptium release-signing docs recommend keyserver.ubuntu.com for key retrieval. '--keyserver', 'keyserver.ubuntu.com', '--recv-keys', diff --git a/src/distributions/temurin/installer.ts b/src/distributions/temurin/installer.ts index 68750aaa..bb22cc43 100644 --- a/src/distributions/temurin/installer.ts +++ b/src/distributions/temurin/installer.ts @@ -27,6 +27,9 @@ export enum TemurinImplementation { Hotspot = 'Hotspot' } +export const ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = + '3B04D753C9050D9A5D343F39843C48A565F8F04B'; + export class TemurinDistribution extends JavaBase { constructor( installerOptions: JavaInstallerOptions, @@ -93,7 +96,7 @@ export class TemurinDistribution extends JavaBase { await gpg.verifyPackageSignature( javaArchivePath, javaRelease.signatureUrl, - gpg.ADOPTIUM_SIGNATURE_KEY_FINGERPRINT + ADOPTIUM_SIGNATURE_KEY_FINGERPRINT ); } catch (error) { throw new Error( diff --git a/src/gpg.ts b/src/gpg.ts index 0a38c71a..e346b5c6 100644 --- a/src/gpg.ts +++ b/src/gpg.ts @@ -7,8 +7,6 @@ import * as util from './util'; import {ExecOptions} from '@actions/exec/lib/interfaces'; export const PRIVATE_KEY_FILE = path.join(util.getTempDir(), 'private-key.asc'); -export const ADOPTIUM_SIGNATURE_KEY_FINGERPRINT = - '3B04D753C9050D9A5D343F39843C48A565F8F04B'; const PRIVATE_KEY_FINGERPRINT_REGEX = /\w{40}/; @@ -60,7 +58,7 @@ export async function deleteKey(keyFingerprint: string) { export async function verifyPackageSignature( archivePath: string, signatureUrl: string, - keyFingerprint = ADOPTIUM_SIGNATURE_KEY_FINGERPRINT + keyFingerprint: string ) { const signaturePath = await tc.downloadTool(signatureUrl); let gpgHome: string; @@ -83,7 +81,6 @@ export async function verifyPackageSignature( 'gpg', [ '--batch', - // Adoptium release-signing docs recommend keyserver.ubuntu.com for key retrieval. '--keyserver', 'keyserver.ubuntu.com', '--recv-keys',