Skip to content

Source Code Artifact component #1019

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Jun 26, 2025
Merged

Source Code Artifact component #1019

merged 13 commits into from
Jun 26, 2025

Conversation

andream16
Copy link
Contributor

@andream16 andream16 commented Jun 25, 2025
edited
Loading

Read the README.md for details.

This is a rework of our private s3 target. We are extending it for http archives as well as making it more robust and tested.

This component is able to download and unpack repo archives from:

It supports the following file formats:

  • zip
  • tar
  • tar.gz

It essentially:

  • configures the artifact backend based on the passed artifact_url
  • fetches the artifact
  • unpacks it based on the file extension into the scratch volume
  • outputs the contents in the sourceCodeWorkspace for scanners to pick-up
  • outputs metadata information

I tried to keep it simple by using dependency injection for the fetchers/extractors so the target itself is very small and highly extensible.

How to test:

  • plain http: run the example workflow smithyctl workflow run --build-component-images=true --overrides=examples/source-code-artifact/overrides.yaml examples/source-code-artifact/workflow.yaml
  • gs: get an example file in a gs bucket like gs://my-bucket/my-archive.zip, amend examples/source-code-artifact/overrides.yaml parameters, including credentials, and re-run the command above.
  • s3: same as for gs but using an s3 compatible archive_url like s3://my-bucket/my-archive.tar

@andream16 andream16 self-assigned this Jun 25, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 25, 2025
View reviewed changes
components/targets/source-code-artifact/internal/artifact/extractor/common/untar.go
// just fall through and get the next file or directory to create
}

header, err := tr.Next()

Check failure

Code scanning / CodeQL

Arbitrary file access during archive extraction ("Zip Slip") High

Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
smithy-cloud-plexor[bot]
smithy-cloud-plexor bot reviewed Jun 25, 2025
View reviewed changes
Copy link

@smithy-cloud-plexor smithy-cloud-plexor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smithy scan results

@andream16 andream16 force-pushed the andream16/feature/user-98-rename-the-s3-target-to-source-code-artefact-and-extend-it branch from 8a8e61e to 8ec34b6 Compare June 25, 2025 14:20
ptzianos
ptzianos reviewed Jun 25, 2025
View reviewed changes
@andream16 andream16 force-pushed the andream16/feature/user-98-rename-the-s3-target-to-source-code-artefact-and-extend-it branch from 8ec34b6 to 2ee6998 Compare June 25, 2025 15:34
smithy-cloud-plexor[bot]
smithy-cloud-plexor bot reviewed Jun 25, 2025
View reviewed changes
Copy link

@smithy-cloud-plexor smithy-cloud-plexor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smithy scan results

senglezou
senglezou approved these changes Jun 26, 2025
View reviewed changes
Copy link

@senglezou senglezou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@andream16 andream16 force-pushed the andream16/feature/user-98-rename-the-s3-target-to-source-code-artefact-and-extend-it branch from 2ee6998 to 831a9dd Compare June 26, 2025 13:26
smithy-cloud-plexor[bot]
smithy-cloud-plexor bot reviewed Jun 26, 2025
View reviewed changes
Copy link

@smithy-cloud-plexor smithy-cloud-plexor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smithy scan results

@andream16 andream16 force-pushed the andream16/feature/user-98-rename-the-s3-target-to-source-code-artefact-and-extend-it branch from 831a9dd to f8a3fc3 Compare June 26, 2025 13:52
smithy-cloud-plexor[bot]
smithy-cloud-plexor bot reviewed Jun 26, 2025
View reviewed changes
Copy link

@smithy-cloud-plexor smithy-cloud-plexor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smithy scan results

@andream16 andream16 merged commit ee24805 into main Jun 26, 2025
7 of 8 checks passed
@andream16 andream16 deleted the andream16/feature/user-98-rename-the-s3-target-to-source-code-artefact-and-extend-it branch June 26, 2025 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smithy-cloud-plexor smithy-cloud-plexor[bot] smithy-cloud-plexor[bot] left review comments

@ptzianos ptzianos ptzianos approved these changes

@senglezou senglezou senglezou approved these changes

@northdpole northdpole Awaiting requested review from northdpole

Assignees

@andream16 andream16

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andream16 @ptzianos @senglezou