feat(publisher-s3): allow ACL omission (#3728)

JHartman5 · felixrieseberg · web-flow · commit 2b6da59a0a51 · 2024-11-12T18:27:36.000Z
* feat(publisher-s3): allow ACL omission

This allows the caller to omit the ACL from the upload request, per
Amazon's recommendation of using bucket owner-enforced permissions.

* Update packages/publisher/s3/src/Config.ts

Updates the documentation for the `omitAcl` option per the pull request review

Co-authored-by: Felix Rieseberg &lt;fr@makenotion.com&gt;

---------

Co-authored-by: Felix Rieseberg &lt;fr@makenotion.com&gt;
diff --git a/packages/publisher/s3/src/Config.ts b/packages/publisher/s3/src/Config.ts
@@ -38,6 +38,12 @@ export interface PublisherS3Config {
    * Default: false
    */
   public?: boolean;
+  /**
+   * Whether to omit the ACL when creating the S3 object. If set, `public` will have no effect.
+   *
+   * Default: false
+   */
+  omitAcl?: boolean;
   /**
    * The endpoint URI to send requests to.
    *
diff --git a/packages/publisher/s3/src/PublisherS3.ts b/packages/publisher/s3/src/PublisherS3.ts
@@ -1,7 +1,7 @@
 import fs from 'fs';
 import path from 'path';
 
-import { S3Client } from '@aws-sdk/client-s3';
+import { PutObjectCommandInput, S3Client } from '@aws-sdk/client-s3';
 import { Progress, Upload } from '@aws-sdk/lib-storage';
 import { Credentials } from '@aws-sdk/types';
 import { PublisherOptions, PublisherStatic } from '@electron-forge/publisher-static';
@@ -59,15 +59,18 @@ export default class PublisherS3 extends PublisherStatic<PublisherS3Config> {
     await Promise.all(
       artifacts.map(async (artifact) => {
         d('uploading:', artifact.path);
+        const params: PutObjectCommandInput = {
+          Body: fs.createReadStream(artifact.path),
+          Bucket: this.config.bucket,
+          Key: this.keyForArtifact(artifact),
+        };
+        if (!this.config.omitAcl) {
+          params.ACL = this.config.public ? 'public-read' : 'private';
+        }
         const uploader = new Upload({
           client: s3Client,
           leavePartsOnError: true,
-          params: {
-            Body: fs.createReadStream(artifact.path),
-            Bucket: this.config.bucket,
-            Key: this.keyForArtifact(artifact),
-            ACL: this.config.public ? 'public-read' : 'private',
-          },
+          params,
         });
 
         uploader.on('httpUploadProgress', (progress: Progress) => {
