| 111 | } |
| 112 | |
| 113 | async function sign(url: string, key: string) { |
| 114 | const name = decodeURIComponent(new URL(url).pathname.split("/").pop() ?? key) |
| 115 | const asset = amap.get(name) |
| 116 | const res = await fetch(asset?.url ?? url, { |
| 117 | headers: { |
| 118 | Authorization: `token ${token}`, |
| 119 | ...(asset ? { Accept: "application/octet-stream" } : {}), |
| 120 | }, |
| 121 | }) |
| 122 | if (!res.ok) { |
| 123 | throw new Error(`Failed to fetch file ${name}: ${res.status} ${res.statusText} (${asset?.url ?? url})`) |
| 124 | } |
| 125 | |
| 126 | const tmp = process.env.RUNNER_TEMP ?? "/tmp" |
| 127 | const file = path.join(tmp, name) |
| 128 | await Bun.write(file, await res.arrayBuffer()) |
| 129 | await $`bunx @tauri-apps/cli signer sign ${file}` |
| 130 | const sigFile = Bun.file(`${file}.sig`) |
| 131 | if (!(await sigFile.exists())) throw new Error(`Signature file not found for ${name}`) |
| 132 | return (await sigFile.text()).trim() |
| 133 | } |
| 134 | |
| 135 | const add = async (data: Record<string, { url: string; signature: string }>, key: string, raw: string | undefined) => { |
| 136 | if (!raw) return |