feat(scripts): 为下载脚本添加网络代理和TLS证书支持#764
Conversation
添加 configureNetworkOnce 函数以支持通过环境变量配置 HTTP/HTTPS 代理和自定义 CA 证书。 新增对代理连接失败和 TLS 证书验证错误的详细错误提示,提高在企业网络环境下的可用性。
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3831ab558e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| #!/usr/bin/env zx | ||
|
|
||
| import 'zx/globals'; | ||
| import { Agent, ProxyAgent, setGlobalDispatcher } from 'undici'; |
There was a problem hiding this comment.
Both download scripts now do import { Agent, ProxyAgent, setGlobalDispatcher } from 'undici', but this commit does not add undici to the root importer dependencies/devDependencies. In pnpm’s default isolated layout, transitive packages are not reliably resolvable from project root scripts, so pnpm run uv:download / pnpm run node:download:win can fail at startup with ERR_MODULE_NOT_FOUND on fresh installs, breaking init/packaging workflows.
Useful? React with 👍 / 👎.
|
Thanks for the review suggestion — agreed.
Both download-bundled-uv.mjs and download-bundled-node.mjs now import undici ( Agent/ProxyAgent/setGlobalDispatcher ). Under pnpm’s default isolated layout, relying on transitive resolution is not safe, and a fresh install can indeed fail with ERR_MODULE_NOT_FOUND .
I’ll push a follow-up commit to add undici as an explicit root dependency (likely devDependencies , since these are build/prep scripts) so pnpm run uv:download / pnpm run node:download:win remain reliable on clean environments. Thanks for catching this.
望
***@***.***
|
将 libsignal-node 依赖从 tarball URL 引用更新为 git 仓库引用,以解决潜在的依赖解析问题。同时添加 undici 作为新的运行时依赖。
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 01b4bfb2b6
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| new ProxyAgent({ | ||
| uri: proxy, | ||
| connect: { ca, rejectUnauthorized }, |
There was a problem hiding this comment.
ProxyAgent does not consume AgentOptions#connect, so the connect: { ca, rejectUnauthorized } object here is ignored; undici expects TLS overrides in requestTls/proxyTls. In environments that set HTTPS_PROXY and require a custom CA (or temporarily set NODE_TLS_REJECT_UNAUTHORIZED=0), downloads will still fail TLS validation because those settings never reach proxied connections. The same pattern is duplicated in scripts/download-bundled-uv.mjs, so both download workflows are affected.
Useful? React with 👍 / 👎.
| new Agent({ | ||
| connect: { ca, rejectUnauthorized }, | ||
| }), |
There was a problem hiding this comment.
Passing ca explicitly into the custom Agent replaces Node’s default trust store, but NODE_EXTRA_CA_CERTS is intended to extend defaults. When users provide only their corporate root in that file (a common setup), this code drops public roots and can break downloads from nodejs.org/github.com with certificate errors. Because this logic is mirrored in scripts/download-bundled-uv.mjs, both scripts can regress under the same environment setting.
Useful? React with 👍 / 👎.
1 participant
Summary
Related Issue(s)
Type of Change
Validation
Checklist