Fix npm pack command with prePack script

EyalDelarea commented 3 months ago

[x] All tests passed. If this feature is not already covered by the tests, I added new tests.
[x] All static analysis checks passed.
[x] This pull request is on the dev branch.
[x] I used gofmt for formatting the code before submitting the pull request.

modified the getPackageFileNameFromOutput function to extract .tgz files from the output, which as we saw, can be different when pre pack scripts exists or any other parameters which can effect the output of the npm pack command

EyalDelarea commented 3 months ago

This generally LGTM. The only problem with this approach is that we might unintentionally identify lines that end with .tgz as packages when they aren't. I suggest investigating a bit whether we can know how many packages we expect to pack, and fail if we find more than that.

So i've added a step to verify that each of the .tgz tarballs we identified from the output actually exists.

The only way i currently think of a .tgz suffix can enter the log is by a prepack script containing .tgz suffix for some reason... that's why it will be ignored as the file doesn't really exists.

and if we have a .tgz file inside our folder that is not related, we won't publish it, as it wasn't created by the output of the pack command.

github-actions[bot] commented 3 months ago

[![👍 Frogbot scanned this pull request and did not find any new security issues.](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/noVulnerabilityBannerPR.png)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)

[🐸 JFrog Frogbot](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)

jfrog / jfrog-cli-core

Fix npm pack command with prePack script #1171

[x] I used gofmt for formatting the code before submitting the pull request.