Merge pull request #1563 from actions/robherley/artifact-v4/sha256

Use sha256 instead of md5 for artifact v4 integrity hash
actions · Oct 16, 2023 · fe3e7ce · fe3e7ce
2 parents 494f12b + 8cd02df
commit fe3e7ce
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 48 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/artifact/__tests__/upload-artifact.test.ts b/packages/artifact/__tests__/upload-artifact.test.ts
@@ -65,7 +65,7 @@ describe('upload-artifact', () => {
       Promise.resolve({
         isSuccess: true,
         uploadSize: 1234,
-        md5Hash: 'test-md5-hash'
+        sha256Hash: 'test-sha256-hash'
       })
     )
     jest
@@ -334,7 +334,7 @@ describe('upload-artifact', () => {
       Promise.resolve({
         isSuccess: true,
         uploadSize: 1234,
-        md5Hash: 'test-md5-hash'
+        sha256Hash: 'test-sha256-hash'
       })
     )
     jest

diff --git a/packages/artifact/src/internal/upload/blob-upload.ts b/packages/artifact/src/internal/upload/blob-upload.ts
@@ -18,9 +18,9 @@ export interface BlobUploadResponse {
   uploadSize?: number
 
   /**
-   * The MD5 hash of the uploaded file. Empty if the upload failed
+   * The SHA256 hash of the uploaded file. Empty if the upload failed
    */
-  md5Hash?: string
+  sha256Hash?: string
 }
 
 export async function uploadZipToBlobStorage(
@@ -48,9 +48,9 @@ export async function uploadZipToBlobStorage(
     onProgress: uploadCallback
   }
 
-  let md5Hash: string | undefined = undefined
+  let sha256Hash: string | undefined = undefined
   const uploadStream = new stream.PassThrough()
-  const hashStream = crypto.createHash('md5')
+  const hashStream = crypto.createHash('sha256')
 
   zipUploadStream.pipe(uploadStream) // This stream is used for the upload
   zipUploadStream.pipe(hashStream).setEncoding('hex') // This stream is used to compute a hash of the zip content that gets used. Integrity check
@@ -68,8 +68,8 @@ export async function uploadZipToBlobStorage(
     core.info('Finished uploading artifact content to blob storage!')
 
     hashStream.end()
-    md5Hash = hashStream.read() as string
-    core.info(`MD5 hash of uploaded artifact zip is ${md5Hash}`)
+    sha256Hash = hashStream.read() as string
+    core.info(`SHA256 hash of uploaded artifact zip is ${sha256Hash}`)
   } catch (error) {
     core.warning(
       `Failed to upload artifact zip to blob storage, error: ${error}`
@@ -91,6 +91,6 @@ export async function uploadZipToBlobStorage(
   return {
     isSuccess: true,
     uploadSize: uploadByteCount,
-    md5Hash
+    sha256Hash
   }
 }
diff --git a/packages/artifact/src/internal/upload/upload-artifact.ts b/packages/artifact/src/internal/upload/upload-artifact.ts
@@ -99,9 +99,9 @@ export async function uploadArtifact(
     size: uploadResult.uploadSize ? uploadResult.uploadSize.toString() : '0'
   }
 
-  if (uploadResult.md5Hash) {
+  if (uploadResult.sha256Hash) {
     finalizeArtifactReq.hash = StringValue.create({
-      value: `md5:${uploadResult.md5Hash}`
+      value: `sha256:${uploadResult.sha256Hash}`
     })
   }