fix: Improve npm package implementation and CI testing

ocombe · ocombe · commit aadff8771837 · 2025-10-22T15:54:09.000+02:00
Package improvements:
- Add Windows binary support (.exe extension) in getBinary.js and run.js
- Add retry logic with exponential backoff for download failures
- Add security filters for tarball extraction (only allow binary files)
- Add binary existence check to skip redundant downloads
- Add better error handling in run.js with helpful reinstall instructions
- Support --local-tarball CLI argument for testing without network calls

CI workflow improvements:
- Fix pnpm test failure by directly executing binary instead of using pnpm exec
- Test actual production code using --local-tarball argument
- Remove code generation in CI workflow (security improvement)
- Simplify workflow by removing duplicate heredoc code
- Use --ignore-scripts and manual script execution for better control

Addresses Copilot review comments:
- Windows .exe support (comments #2452017892, #2452017916)
- Error handling in run.js (comment #2452017785)
- Reduced CI workflow complexity
diff --git a/.github/npm/getBinary.js b/.github/npm/getBinary.js
@@ -1,5 +1,5 @@
 import fetch from 'node-fetch';
-import { createWriteStream, mkdirSync, chmodSync, existsSync, readFileSync } from 'fs';
+import { createReadStream, createWriteStream, mkdirSync, chmodSync, existsSync, readFileSync } from 'fs';
 import { fileURLToPath } from 'url';
 import { dirname, join } from 'path';
 import { pipeline } from 'stream/promises';
@@ -41,43 +41,104 @@ function getVersion() {
 	return packageJson.version;
 }
 
-async function downloadBinary() {
+async function downloadBinary(options = {}) {
 	const platform = getPlatform();
 	const version = getVersion();
-	const url = `https://github.com/coralogix/protofetch/releases/download/v${version}/protofetch_${platform}.tar.gz`;
+
+	// Support local tarball for testing (not exposed via postinstall, only via direct script call)
+	const localTarball = options.localTarball;
+	const url = localTarball
+		? null
+		: `https://github.com/coralogix/protofetch/releases/download/v${version}/protofetch_${platform}.tar.gz`;
 
 	const binDir = join(__dirname, 'bin');
+	const isWindows = process.platform === 'win32';
+	const binaryName = isWindows ? 'protofetch.exe' : 'protofetch';
+	const binaryPath = join(binDir, binaryName);
+
+	// Skip download if binary already exists
+	if (existsSync(binaryPath)) {
+		console.log('protofetch binary already installed, skipping download');
+		return;
+	}
 
 	// Create bin directory if it doesn't exist
 	if (!existsSync(binDir)) {
 		mkdirSync(binDir, { recursive: true });
 	}
 
-	console.log(`Downloading protofetch binary from ${url}...`);
-
-	const response = await fetch(url);
-
-	if (!response.ok) {
-		throw new Error(`Failed to download binary: ${response.status} ${response.statusText}`);
+	if (localTarball) {
+		console.log(`Installing protofetch binary from local tarball: ${localTarball}...`);
+	} else {
+		console.log(`Downloading protofetch binary from ${url}...`);
 	}
 
-	// Extract tarball directly to bin directory
-	await pipeline(
-		response.body,
-		tar.extract({
-			cwd: binDir,
-			strip: 1 // Strip the 'bin/' prefix from tarball paths
-		})
-	);
-
-	// Make the binary executable (Unix systems)
-	const binaryPath = join(binDir, 'protofetch');
-	if (existsSync(binaryPath)) {
-		chmodSync(binaryPath, 0o755);
-		console.log('protofetch binary installed successfully');
-	} else {
-		throw new Error('Binary extraction failed - protofetch binary not found');
+	// Retry logic for transient failures
+	let lastError;
+	const maxAttempts = localTarball ? 1 : 3;
+
+	for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+		try {
+			let sourceStream;
+
+			if (localTarball) {
+				// Use local tarball for testing
+				const absolutePath = join(__dirname, localTarball);
+				sourceStream = createReadStream(absolutePath);
+			} else {
+				// Download from GitHub releases
+				const response = await fetch(url, {
+					redirect: 'follow',
+					timeout: 60000 // 60 second timeout
+				});
+
+				if (!response.ok) {
+					throw new Error(`Failed to download binary (HTTP ${response.status}): ${response.statusText}`);
+				}
+
+				sourceStream = response.body;
+			}
+
+			// Extract tarball with security filters
+			await pipeline(
+				sourceStream,
+				tar.extract({
+					cwd: binDir,
+					strip: 1, // Strip the 'bin/' prefix from tarball paths
+					strict: true,
+					preservePaths: false,
+					preserveOwner: false,
+					filter: (path, entry) => {
+						// Only allow the protofetch binary, reject symlinks and other files
+						const allowedFiles = ['protofetch', 'protofetch.exe'];
+						const fileName = path.split('/').pop();
+						return entry.type === 'File' && allowedFiles.includes(fileName);
+					}
+				})
+			);
+
+			// Make the binary executable (Unix systems only)
+			if (!isWindows && existsSync(binaryPath)) {
+				chmodSync(binaryPath, 0o755);
+			}
+
+			if (existsSync(binaryPath)) {
+				console.log('protofetch binary installed successfully');
+				return;
+			} else {
+				throw new Error(`Binary extraction failed - ${binaryName} not found after extraction`);
+			}
+		} catch (error) {
+			lastError = error;
+			if (attempt < 3) {
+				console.log(`Download attempt ${attempt} failed, retrying...`);
+				// Exponential backoff: 1s, 2s
+				await new Promise(resolve => setTimeout(resolve, attempt * 1000));
+			}
+		}
 	}
+
+	throw new Error(`Failed to download protofetch after 3 attempts: ${lastError.message}`);
 }
 
 export { downloadBinary };
diff --git a/.github/npm/run.js b/.github/npm/run.js
@@ -6,9 +6,21 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-const binaryPath = path.join(__dirname, 'bin', 'protofetch');
+const isWindows = process.platform === 'win32';
+const binaryName = isWindows ? 'protofetch.exe' : 'protofetch';
+const binaryPath = path.join(__dirname, 'bin', binaryName);
+
 const child = spawn(binaryPath, process.argv.slice(2), { stdio: 'inherit' });
 
+child.on('error', (error) => {
+	console.error(`Failed to start protofetch: ${error.message}`);
+	console.error('The binary may be missing or corrupted. Try reinstalling the package:');
+	console.error('  npm install --force');
+	console.error('  or');
+	console.error('  pnpm install --force');
+	process.exit(1);
+});
+
 child.on('close', (code) => {
 	process.exit(code);
 });
diff --git a/.github/npm/scripts.js b/.github/npm/scripts.js
@@ -1,7 +1,11 @@
 import { downloadBinary } from './getBinary.js';
 
 if (process.argv.includes('install')) {
-	downloadBinary()
+	// Check for --local-tarball argument for testing
+	const localTarballArg = process.argv.find(arg => arg.startsWith('--local-tarball='));
+	const localTarball = localTarballArg ? localTarballArg.split('=')[1] : null;
+
+	downloadBinary({ localTarball })
 		.then(() => {
 			console.log('Installation complete');
 			process.exit(0);
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -209,60 +209,18 @@ jobs:
         run: |
           cd .github/npm
 
-          # Create test version of getBinary.js that uses local tarball
-          cat > getBinary.test.js << 'EOF'
-          import { createReadStream, mkdirSync, chmodSync, existsSync } from 'fs';
-          import { fileURLToPath } from 'url';
-          import { dirname, join } from 'path';
-          import { pipeline } from 'stream/promises';
-          import * as tar from 'tar';
+          # Install dependencies
+          npm install --ignore-scripts
 
-          const __filename = fileURLToPath(import.meta.url);
-          const __dirname = dirname(__filename);
+          # Run installation script with local tarball
+          node scripts.js install --local-tarball=test-release/protofetch_${{ matrix.os.platform }}.tar.gz
 
-          async function downloadBinary() {
-            const binDir = join(__dirname, 'bin');
-
-            if (!existsSync(binDir)) {
-              mkdirSync(binDir, { recursive: true });
-            }
-
-            console.log('Installing protofetch binary from local tarball...');
-
-            const tarballPath = join(__dirname, 'test-release', 'protofetch_${{ matrix.os.platform }}.tar.gz');
-
-            await pipeline(
-              createReadStream(tarballPath),
-              tar.extract({
-                cwd: binDir,
-                strip: 1
-              })
-            );
-
-            const binaryPath = join(binDir, 'protofetch');
-            if (existsSync(binaryPath)) {
-              chmodSync(binaryPath, 0o755);
-              console.log('protofetch binary installed successfully');
-            } else {
-              throw new Error('Binary extraction failed - protofetch binary not found');
-            }
-          }
-
-          export { downloadBinary };
-          EOF
-
-          # Backup original and use test version
-          mv getBinary.js getBinary.original.js
-          mv getBinary.test.js getBinary.js
-
-          # Install with npm
-          npm install
-
-          # Verify binary works
-          npm exec protofetch -- --version
-
-          # Restore original
-          mv getBinary.original.js getBinary.js
+          # Verify binary was extracted and works
+          if [ "${{ runner.os }}" = "Windows" ]; then
+            ./bin/protofetch.exe --version
+          else
+            ./bin/protofetch --version
+          fi
 
           # Clean up
           rm -rf node_modules package-lock.json bin/
@@ -272,59 +230,18 @@ jobs:
         run: |
           cd .github/npm
 
-          # Create test version of getBinary.js
-          cat > getBinary.test.js << 'EOF'
-          import { createReadStream, mkdirSync, chmodSync, existsSync } from 'fs';
-          import { fileURLToPath } from 'url';
-          import { dirname, join } from 'path';
-          import { pipeline } from 'stream/promises';
-          import * as tar from 'tar';
-
-          const __filename = fileURLToPath(import.meta.url);
-          const __dirname = dirname(__filename);
-
-          async function downloadBinary() {
-            const binDir = join(__dirname, 'bin');
-
-            if (!existsSync(binDir)) {
-              mkdirSync(binDir, { recursive: true });
-            }
-
-            console.log('Installing protofetch binary from local tarball...');
-
-            const tarballPath = join(__dirname, 'test-release', 'protofetch_${{ matrix.os.platform }}.tar.gz');
-
-            await pipeline(
-              createReadStream(tarballPath),
-              tar.extract({
-                cwd: binDir,
-                strip: 1
-              })
-            );
-
-            const binaryPath = join(binDir, 'protofetch');
-            if (existsSync(binaryPath)) {
-              chmodSync(binaryPath, 0o755);
-              console.log('protofetch binary installed successfully');
-            } else {
-              throw new Error('Binary extraction failed - protofetch binary not found');
-            }
-          }
-
-          export { downloadBinary };
-          EOF
-
-          mv getBinary.js getBinary.original.js
-          mv getBinary.test.js getBinary.js
-
-          # Install with pnpm
-          pnpm install
+          # Install dependencies
+          pnpm install --ignore-scripts
 
-          # Verify binary works
-          pnpm exec protofetch -- --version
+          # Run installation script with local tarball
+          node scripts.js install --local-tarball=test-release/protofetch_${{ matrix.os.platform }}.tar.gz
 
-          # Restore original
-          mv getBinary.original.js getBinary.js
+          # Verify binary was extracted and works
+          if [ "${{ runner.os }}" = "Windows" ]; then
+            ./bin/protofetch.exe --version
+          else
+            ./bin/protofetch --version
+          fi
 
   release:
     runs-on: ubuntu-latest
