- Github self hosted runners may not have permissions to write to /opt/
- Also fallsback to trying to extract the deployment-url and deployment-alias-url from stdout when WRANGLER_OUTPUT_DIR is not specified
* (feat): Check for existing wrangler installation
* Add test for pre-installed wrangler
* Add changeset
* Address CR comments - check for an exact wrangler version match
* Tweak the fixture test for the pre-installed-wrangler test
* Simplify if/else logic for checking wrangler versions as per review notes
* fix(test): Fix execution for fake wrangler installation
* fixup! fix(test): Fix execution for fake wrangler installation
* Setup new CI test convention for wrangler-action
* Remove unncessary ts-expect-error comments
---------
Co-authored-by: Peter Bacon Darwin <pbacondarwin@cloudflare.com>
For up to date versions of wrangler, secrets are uploaded via the
'secret:bulk' command, which batches updates in a single API call.
For versions of wrangler without that capability, the action falls back
to the single 'secret put' command for each secret. It races all these
with a Promise.all()
Unfortunately, the single secret API cannot handle concurrency - at
best, these calls have to wait on one another, holding requests open
all the while. Often it times out and errors.
This fixes the legacy secret upload errors by making these calls
serially instead of concurrently.
Instead of using a mix of `child_process.exec`, `child_process.execSync` and a promisified version of `child_process.exec`, we now (mostly) just use `@actions/exec`. That runs `child_process.spawn` under the hood and handles a lot of character escaping for us. We can also now pass Buffers directly into the subprocess as stdin instead of relying on shell piping.
This ends up fixing a few problems we had where secrets and env var values containing shell metacharacters were being misinterpreted.
Unfortunately, `@actions/exec` doesn't support running with a shell. That means we still have to roll our own wrapper around `child_process.exec` to avoid a breaking change to `preCommands` and `postCommands`, since users might be expecting these to run within a shell.
Also worth noting that we're no longer hiding stdout and stderr from the secret uploading step. We were previously doing this out of an abundance of caution, but it made debugging issues very difficult if secret upload failed for some reason. I feel ok doing this since we're no longer echoing & piping the secret values, wrangler doesn't ever output secret values, and as a last line of defense GitHub masks any secret values that accidentally get logged.