Merge pull request #7 from datatheorem/SASB-5115-support-sourcemap-uploads

Sasb 5115 support sourcemap uploads

Author: superlama

action.yml

@@ -9,15 +9,19 @@ inputs:
   UPLOAD_BINARY_PATH:
     description: >
       Path to the app to upload.
-      
+
       You can use a glob pattern to indicate variable parts of the build's file name (for example, if the app's version number or build date is in the file name).
       Examples of glob patterns:
       - `app-*.apk` : search for any apk starting with `app-` in workspace root directory
       - `**/app-*.ipa` : search for any ipa starting with `app-` in any subdirectory of the workspace
       - `{,**/}app-debug*.*` : search for any file containing `app-debug` in root the directory or in any subdirectory of the workspace
-      
+
       If multiple files match the provided pattern all matching files will be uploaded. The pattern should not match more than 3 files.
     required: true
+  SOURCEMAP_FILE_PATH:
+    description: >
+      Path to the sourcemap file used to map obfuscated symbols to their original code name
+    required: false
   USERNAME:
     description: >
       Username to be used for authenticated testing of the application.  If provided, will override the previosly provided value.
@@ -32,22 +36,22 @@ inputs:
     required: false
   RELEASE_ID:
     description: >
-      A custom ID associated with the binary being submitted, since the app version may not change very often. 
+      A custom ID associated with the binary being submitted, since the app version may not change very often.
       It is recommended that you use a unique value for this, such as the CI/CD job ID.
       If not set, Data Theorem will assign the binary a release_id.
     required: false
   PLATFORM_VARIANT:
     description: >
-      The variant of the platform to use for scanning; Currently, the accepted value is 
+      The variant of the platform to use for scanning; Currently, the accepted value is
       IOS_ON_MAC (scan an iOS build on an Apple Silicon Mac instead of on an iOS device, in order to exercise code paths that are specific to Macs.)
     required: false
   EXTERNAL_ID:
     description: >
       The external_id field represents your organization’s custom identifier for the app, if any.
-    required: false   
+    required: false
 runs:
   using: 'node16'
   main: 'main.js'
 branding:
   color: 'blue'
-  icon: 'arrow-up-circle'
+  icon: 'arrow-up-circle'

main.js

@@ -9,12 +9,12 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
     function verb(n) { return function (v) { return step([n, v]); }; }
     function step(op) {
         if (f) throw new TypeError("Generator is already executing.");
-        while (_) try {
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
             if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
             if (y = 0, t) op = [op[0] & 2, t.value];
             switch (op[0]) {
@@ -35,7 +35,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
         if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
     }
 };
-exports.__esModule = true;
+Object.defineProperty(exports, "__esModule", { value: true });
 var core = require("@actions/core");
 var fetch = require("node-fetch");
 var glob = require("glob");
@@ -44,15 +44,32 @@ var fs = require("fs");
 // Global constants
 var maxUploadFiles = 3; // no more than 3 files can be uploaded at a time
 var maxRetries = 3; // max number of uploads to retry
+function upload_step_init(dt_upload_api_key) {
+    return __awaiter(this, void 0, void 0, function () {
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0: return [4 /*yield*/, fetch("https://api.securetheorem.com/uploadapi/v1/upload_init", {
+                        "headers": {
+                            "Accept": "application/json",
+                            "Authorization": "APIKey " + dt_upload_api_key,
+                            "Content-Type": "application/json",
+                        },
+                        "method": "POST",
+                    })];
+                case 1: return [2 /*return*/, _a.sent()];
+            }
+        });
+    });
+}
 function run() {
     return __awaiter(this, void 0, void 0, function () {
-        var dt_upload_api_key, input_binary_path, username, password, comments, release_id, platform_variant, external_id, files, file_idx, output, _i, files_1, file_path, form, loop_idx, auth_response, auth_json, err_1, response, jsonformat, err_2, err_3;
+        var dt_upload_api_key, input_binary_path, sourcemap_file_path, username, password, comments, release_id, platform_variant, external_id, files, file_idx, output, _i, files_1, file_path, form, loop_idx, auth_response, auth_json, err_1, response, jsonformat, err_2;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
-                    _a.trys.push([0, 16, , 17]);
                     dt_upload_api_key = core.getInput("DT_UPLOAD_API_KEY");
                     input_binary_path = core.getInput("UPLOAD_BINARY_PATH");
+                    sourcemap_file_path = core.getInput("SOURCEMAP_FILE_PATH");
                     username = core.getInput("USERNAME");
                     password = core.getInput("PASSWORD");
                     comments = core.getInput("COMMENTS");
@@ -90,7 +107,19 @@ function run() {
                     console.log("Processing file " + file_path + " (" + file_idx + " of " + files.length + ").");
                     form = new FormData();
                     form.append("file", fs.createReadStream(file_path));
-                    // only append optional fields if explicitly set 
+                    if (sourcemap_file_path) {
+                        if (!fs.existsSync(sourcemap_file_path)) {
+                            throw new Error("Could not access file:" + sourcemap_file_path);
+                        }
+                        try {
+                            form.append("sourcemap", fs.createReadStream(sourcemap_file_path));
+                        }
+                        catch (err) {
+                            core.setFailed(err);
+                            return [2 /*return*/];
+                        }
+                    }
+                    // only append optional fields if explicitly set
                     if (username) {
                         form.append("username", username);
                         console.log("DAST username set to: " + username);
@@ -119,14 +148,7 @@ function run() {
                     _a.label = 2;
                 case 2:
                     if (!(loop_idx < maxRetries)) return [3 /*break*/, 14];
-                    return [4 /*yield*/, fetch("https://api.securetheorem.com/uploadapi/v1/upload_init", {
-                            method: "POST",
-                            headers: {
-                                Authorization: "APIKey " + dt_upload_api_key,
-                                Accept: "application/json",
-                                "Content-Type": "application/json"
-                            }
-                        })];
+                    return [4 /*yield*/, upload_step_init(dt_upload_api_key)];
                 case 3:
                     auth_response = _a.sent();
                     auth_json = void 0;
@@ -150,8 +172,8 @@ function run() {
                     // Send the scan request with file
                     console.log("Starting upload...");
                     return [4 /*yield*/, fetch(auth_json.upload_url, {
-                            method: "POST",
-                            body: form
+                            "method": "POST",
+                            "body": form,
                         })];
                 case 8:
                     response = _a.sent();
@@ -170,10 +192,10 @@ function run() {
                     return [3 /*break*/, 12];
                 case 12:
                     output.push(jsonformat);
-                    console.log("Response: HHTP/" + response.status);
+                    console.log("Response: HTTP/" + response.status);
                     console.log(jsonformat);
                     // Check the response
-                    // If we receive 409 (ownership conflict) or if this is the last try, bail out 
+                    // If we receive 409 (ownership conflict) or if this is the last try, bail out
                     if (response.status === 200) {
                         return [3 /*break*/, 14];
                     }
@@ -194,14 +216,14 @@ function run() {
                 case 15:
                     core.setOutput("responses", output);
                     core.setOutput("response", output[0]); // keep the `response` output as the response of the first file upload to maintain compatibility
-                    return [3 /*break*/, 17];
-                case 16:
-                    err_3 = _a.sent();
-                    core.setFailed(err_3.message);
-                    return [3 /*break*/, 17];
-                case 17: return [2 /*return*/];
+                    return [2 /*return*/];
             }
         });
     });
 }
-run();
+try {
+    run();
+}
+catch (err) {
+    core.setFailed(err.message);
+}