From 7bb70104bf305fb789f4a9a06dcbca7fba825900 Mon Sep 17 00:00:00 2001 From: Huakun Shen Date: Mon, 24 Mar 2025 03:03:18 -0400 Subject: [PATCH] refactor: update validation data structure and improve function documentation - Removed optional `repoId` from `ExtensionPublishValidationData` and adjusted related function to reflect this change. - Added a note in the `validateJsrPackageAsKunkunExtension` function documentation to clarify frontend/backend verification logic. - Updated `ExtPublishMetadata` to rename `repoId` to `repoNodeId` for clarity. --- packages/package-registry/src/jsr/index.ts | 13 ++----------- packages/package-registry/src/models.ts | 3 +-- packages/package-registry/src/npm/index.ts | 2 ++ packages/supabase/src/models.ts | 4 +++- 4 files changed, 8 insertions(+), 14 deletions(-) diff --git a/packages/package-registry/src/jsr/index.ts b/packages/package-registry/src/jsr/index.ts index c83d4e5..e22bcdc 100644 --- a/packages/package-registry/src/jsr/index.ts +++ b/packages/package-registry/src/jsr/index.ts @@ -209,6 +209,7 @@ export function jsrPackageExists(scope: string, name: string, version?: string): /** * Validate a Jsr package as a Kunkun extension + * !This function will also run in frontend, so if there is any verification logic that must be run in backend, do not add it here * - check if jsr pkg is linked to a github repo * - check if jsr pkg is signed with github action * - check if user's github username is the same as repo's owner name @@ -373,15 +374,6 @@ export async function validateJsrPackageAsKunkunExtension(payload: { } const rekorInfo = await getInfoFromRekorLog(rekorLogId) - /* -------------------------------------------------------------------------- */ - /* Get GitHub Node ID */ - /* -------------------------------------------------------------------------- */ - const githubRepoMetadata = await getGitHubRepoMetadata( - githubRepo.owner, - githubRepo.name, - payload.githubToken - ) - return { data: { pkgJson: parseResult.output, @@ -397,8 +389,7 @@ export async function validateJsrPackageAsKunkunExtension(payload: { commit: rekorInfo.commit, repo: githubRepo.name, owner: githubRepo.owner, - workflowPath: rekorInfo.workflowPath, - repoId: githubRepoMetadata.node_id + workflowPath: rekorInfo.workflowPath } } } diff --git a/packages/package-registry/src/models.ts b/packages/package-registry/src/models.ts index f770ce8..bf33f42 100644 --- a/packages/package-registry/src/models.ts +++ b/packages/package-registry/src/models.ts @@ -74,8 +74,7 @@ export const ExtensionPublishValidationData = v.object({ commit: v.string(), repo: v.string(), owner: v.string(), - workflowPath: v.string(), - repoId: v.optional(v.string()) + workflowPath: v.string() }) }) export type ExtensionPublishValidationData = v.InferOutput diff --git a/packages/package-registry/src/npm/index.ts b/packages/package-registry/src/npm/index.ts index 2624d49..3e29864 100644 --- a/packages/package-registry/src/npm/index.ts +++ b/packages/package-registry/src/npm/index.ts @@ -2,6 +2,7 @@ import { ExtPackageJson, License } from "@kksh/api/models" import * as v from "valibot" import { authenticatedUserIsMemberOfGitHubOrg, + getGitHubRepoMetadata, parseGitHubRepoFromUri, userIsPublicMemberOfGitHubOrg } from "../github" @@ -237,6 +238,7 @@ export async function validateNpmPackageAsKunkunExtension(payload: { provenance.summary.sourceRepositoryDigest, parseResult.output.readme ?? "README.md" ) + return { data: { pkgJson: parseResult.output, diff --git a/packages/supabase/src/models.ts b/packages/supabase/src/models.ts index 68f0894..8f8a6cc 100644 --- a/packages/supabase/src/models.ts +++ b/packages/supabase/src/models.ts @@ -21,7 +21,9 @@ export const ExtPublishMetadata = v.object({ owner: v.string("GitHub owner of the extension"), commit: v.string("Commit hash of the extension"), workflowPath: v.string("Workflow path of the extension"), - repoId: v.optional(v.string("GitHub repo node ID of the extension")) + repoNodeId: v.optional( + v.string("GitHub repo node ID of the extension (a string, not the number id)") + ) }) ) })