Skip to content

copy: support server-side encryption settings#137

Open
goanpeca wants to merge 8 commits into
mainfrom
fix/issue-96-copy-sse
Open

copy: support server-side encryption settings#137
goanpeca wants to merge 8 commits into
mainfrom
fix/issue-96-copy-sse

Conversation

@goanpeca

@goanpeca goanpeca commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Add source-sse for copy source SSE-C keys, mask raw key values before validation failures can reach logs, and forward source/destination SSE settings into copy requests.
  • Handle copy encryption across small and large files, including SSE-B2 destination starts without invalid part encryption, SSE-C part encryption, preserved file info, and stopping queued copy parts after a part failure.
  • Update action metadata, README, CHANGELOG, focused tests, generated dist output, and TypeDoc-visible SSE parser docs.

Closes #96

Tests

  • pnpm lint
  • pnpm docs:check-action-yml
  • pnpm run docs
  • pnpm typecheck
  • pnpm test
  • pnpm build
  • pnpm exec vitest run __tests__/commands/delete-copy-presign.test.ts --reporter=dot
  • pnpm exec vitest run __tests__/sse.test.ts --reporter=dot
  • git diff --check
  • pre-commit hook: biome lint, release provenance policy, tsc, vitest, ncc build, cspell
  • pre-push hook: vitest --coverage

Follow-up notes

  • Bucket default encryption remains out of scope, as tracked separately.

Copilot AI review requested due to automatic review settings July 3, 2026 13:38
@goanpeca goanpeca added this to the v1.2.0 milestone Jul 3, 2026
@goanpeca goanpeca added enhancement New feature or request security Security hardening or vulnerability sdk-parity SDK capability not yet exposed by the action labels Jul 3, 2026
@goanpeca goanpeca self-assigned this Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Build artifact for this PR: build.tar.gz (valid 1 hour)

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for server-side encryption configuration to the copy command by introducing a dedicated source-sse input for decrypting SSE-C sources and forwarding both source/destination encryption settings into the SDK copy APIs, with documentation and tests to ensure keys are masked in logs.

Changes:

  • Extend SSE parsing to support an input-name override and to disallow SSE-B2 where appropriate (for source-sse).
  • Parse and scrub source-sse, and forward sourceServerSideEncryption / destinationServerSideEncryption into small + large copy calls.
  • Document the new copy SSE surface and add tests for forwarding + redaction.

Reviewed changes

Copilot reviewed 9 out of 11 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/sse.ts Adds parsing options for input naming and disallowing SSE-B2 for source-sse.
src/inputs.ts Adds source-sse parsing, secret scrubbing, and exposes parsed source encryption on ParsedInputs.
src/commands/copy.ts Forwards parsed source/destination encryption settings into SDK copy calls.
README.md Documents source-sse and clarifies sse semantics for copy.
action.yml Adds source-sse input and updates sse description.
tests/sse.test.ts Adds coverage for rejecting SSE-B2 when parsing source-sse.
tests/inputs.test.ts Adds coverage for masking and parsing source-sse.
tests/commands/delete-copy-presign.test.ts Adds coverage for SSE forwarding to small/large copy and ensures keys don’t appear in stdout.
tests/_parsed-inputs.ts Updates parsed-inputs helper to include the new fields.
dist/index.js Updates the bundled action output to reflect source changes.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/sse.ts
Comment thread src/sse.ts Outdated
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Build artifact for this PR: build.tar.gz (valid 1 hour)

Copilot AI review requested due to automatic review settings July 3, 2026 13:57
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Build artifact for this PR: build.tar.gz (valid 1 hour)

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 12 changed files in this pull request and generated 1 comment.

Comment thread src/commands/copy.ts
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Build artifact for this PR: build.tar.gz (valid 1 hour)

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 12 changed files in this pull request and generated 1 comment.

Comment thread src/commands/copy.ts
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Build artifact for this PR: build.tar.gz (valid 1 hour)

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 12 changed files in this pull request and generated no new comments.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Build artifact for this PR: build.tar.gz (valid 1 hour)

Copilot AI review requested due to automatic review settings July 3, 2026 14:31
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Build artifact for this PR: build.tar.gz (valid 1 hour)

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 12 changed files in this pull request and generated no new comments.

@goanpeca
goanpeca marked this pull request as ready for review July 3, 2026 14:36
Copilot AI review requested due to automatic review settings July 8, 2026 23:22
@goanpeca
goanpeca force-pushed the fix/issue-96-copy-sse branch from 6b348ce to 688f423 Compare July 8, 2026 23:22
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Build artifact for this PR: build.tar.gz (valid 1 hour)

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 12 changed files in this pull request and generated no new comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request sdk-parity SDK capability not yet exposed by the action security Security hardening or vulnerability

Projects

None yet

Development

Successfully merging this pull request may close these issues.

copy: support server-side encryption (SSE-C source key and destination SSE)

2 participants