feat(qa-bundle-upload): add batch directory upload action#81
feat(qa-bundle-upload): add batch directory upload action#81originalix wants to merge 17 commits intoOneKeyHQ:mainfrom
Conversation
…json Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Move ZIP magic check from validateInputs to run() after readFileSync, eliminating FD leak risk if readSync throws - Rebuild FormData inside retry loop to avoid stream reuse after consumption - Recompute HMAC timestamp/signature per attempt to prevent stale signatures - Add core.setSecret(secret) to mask upload secret in logs - Add NaN guard for max-retries input Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SHA256 of the file buffer is constant across retries, so compute it once in run() instead of inside the retry loop. Also restores the SHA256 log line for debugging visibility. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace single-file mode with directory scanning approach that reads .info metadata files automatically, enabling one action call to upload multiple platform bundles. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
7-task plan covering action.yml update, test fixtures, scanBundleDir and parseInfoFile implementation, dist build, and manual verification. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
C1: Validate server response has bundleVersion/downloadUrl before use I1: Split try-catch in parseInfoFile to distinguish ENOENT from bad JSON I3: Validate sha256 is a 64-char hex string I4: Validate appVersion matches x.y.z format I5: Only append commitHash to form when truthy Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 12d8b0c103
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
qa-bundle-upload/src/index.js
Outdated
| let hasFailure = false; | ||
|
|
||
| for (const bundle of bundles) { | ||
| const meta = parseInfoFile(bundle.infoPath); |
There was a problem hiding this comment.
parseInfoFile(bundle.infoPath) runs before the per-bundle try/catch, so a single malformed or incomplete .info file throws into the outer run() catch and aborts the whole loop. In that case, later valid bundles are never attempted and results is not emitted, which breaks the intended partial-failure behavior for batch uploads.
Useful? React with 👍 / 👎.
qa-bundle-upload/src/index.js
Outdated
| core.info(`[${label}] Uploading ${path.basename(bundle.zipPath)} (${fileSizeMB} MB, v${meta.appVersion})...`); | ||
|
|
||
| const computedHash = crypto.createHash('sha256').update(fileBuffer).digest('hex'); | ||
| if (computedHash !== meta.sha256) { |
There was a problem hiding this comment.
The parser accepts uppercase hex hashes (/^[0-9a-f]{64}$/i), but this comparison is case-sensitive against computedHash, which is always lowercase. If a valid .info file contains an uppercase SHA256, this check will falsely report a mismatch and fail the upload; normalize meta.sha256 (or both sides) before equality comparison.
Useful? React with 👍 / 👎.
…rmalize sha256 case Move parseInfoFile into per-bundle try/catch so a malformed .info file skips only that bundle instead of aborting the entire loop. Normalize sha256 to lowercase before comparison to avoid false mismatch on uppercase hex hashes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add integration README covering inputs/outputs, bundle directory structure, .info file format, HMAC upload protocol, retry behavior, and server integration checklist. Update server-url example to onekeytest.com and upload path to /utility/v1/app-update/bundles/upload. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…tigation Add diagnostic logging of request URL and headers (with signature truncated) to help identify why Cloudflare WAF is blocking the upload request. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2 participants
Summary
qa-bundle-uploadGitHub Action: scans a directory for*-bundle.zipfiles +.infometadata, then uploads each bundle to the Utility server via HMAC-signed multipart POSTappVersion,platform,sha256from.infofiles automatically — no manual input needed.infoand computed hash ensures file integritymax-retries)Test Plan
Note
release-desktop-bundle.ymlinx-app-monorepohas a JSON syntax bug (missing comma inelectron-bundle.json.infotemplate, line 117). This needs a separate fix before the desktop workflow can use this action.🤖 Generated with Claude Code