feat(publisher-s3): allow ACL omission (#3728)

* feat(publisher-s3): allow ACL omission This allows the caller to omit the ACL from the upload request, per Amazon's recommendation of using bucket owner-enforced permissions. * Update packages/publisher/s3/src/Config.ts Updates the documentation for the `omitAcl` option per the pull request review Co-authored-by: Felix Rieseberg <[email protected]> --------- Co-authored-by: Felix Rieseberg <[email protected]>
electron · Nov 12, 2024 · 2b6da59 · 2b6da59
1 parent f947936
commit 2b6da59
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/packages/publisher/s3/src/Config.ts b/packages/publisher/s3/src/Config.ts
@@ -38,6 +38,12 @@ export interface PublisherS3Config {
    * Default: false
    */
   public?: boolean;
+  /**
+   * Whether to omit the ACL when creating the S3 object. If set, `public` will have no effect.
+   *
+   * Default: false
+   */
+  omitAcl?: boolean;
   /**
    * The endpoint URI to send requests to.
    *

diff --git a/packages/publisher/s3/src/PublisherS3.ts b/packages/publisher/s3/src/PublisherS3.ts
@@ -1,7 +1,7 @@
 import fs from 'fs';
 import path from 'path';
 
-import { S3Client } from '@aws-sdk/client-s3';
+import { PutObjectCommandInput, S3Client } from '@aws-sdk/client-s3';
 import { Progress, Upload } from '@aws-sdk/lib-storage';
 import { Credentials } from '@aws-sdk/types';
 import { PublisherOptions, PublisherStatic } from '@electron-forge/publisher-static';
@@ -59,15 +59,18 @@ export default class PublisherS3 extends PublisherStatic<PublisherS3Config> {
     await Promise.all(
       artifacts.map(async (artifact) => {
         d('uploading:', artifact.path);
+        const params: PutObjectCommandInput = {
+          Body: fs.createReadStream(artifact.path),
+          Bucket: this.config.bucket,
+          Key: this.keyForArtifact(artifact),
+        };
+        if (!this.config.omitAcl) {
+          params.ACL = this.config.public ? 'public-read' : 'private';
+        }
         const uploader = new Upload({
           client: s3Client,
           leavePartsOnError: true,
-          params: {
-            Body: fs.createReadStream(artifact.path),
-            Bucket: this.config.bucket,
-            Key: this.keyForArtifact(artifact),
-            ACL: this.config.public ? 'public-read' : 'private',
-          },
+          params,
         });
 
         uploader.on('httpUploadProgress', (progress: Progress) => {