mirror of
https://github.com/actions/checkout.git
synced 2025-01-02 09:17:41 +03:00
set insteadOf url for org-id (#621)
This commit is contained in:
parent
fd47087372
commit
ec3a7ce113
@ -518,12 +518,17 @@ describe('git-auth-helper tests', () => {
|
||||
await authHelper.configureSubmoduleAuth()
|
||||
|
||||
// Assert
|
||||
expect(mockSubmoduleForeach).toHaveBeenCalledTimes(3)
|
||||
expect(mockSubmoduleForeach).toHaveBeenCalledTimes(4)
|
||||
expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
|
||||
/unset-all.*insteadOf/
|
||||
)
|
||||
expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
|
||||
expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/url.*insteadOf/)
|
||||
expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(
|
||||
/url.*insteadOf.*git@github.com:/
|
||||
)
|
||||
expect(mockSubmoduleForeach.mock.calls[3][0]).toMatch(
|
||||
/url.*insteadOf.*org-123456@github.com:/
|
||||
)
|
||||
}
|
||||
)
|
||||
|
||||
@ -770,7 +775,8 @@ async function setup(testName: string): Promise<void> {
|
||||
repositoryPath: '',
|
||||
sshKey: sshPath ? 'some ssh private key' : '',
|
||||
sshKnownHosts: '',
|
||||
sshStrict: true
|
||||
sshStrict: true,
|
||||
workflowOrganizationId: 123456
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,9 +1,9 @@
|
||||
import * as assert from 'assert'
|
||||
import * as core from '@actions/core'
|
||||
import * as fsHelper from '../lib/fs-helper'
|
||||
import * as github from '@actions/github'
|
||||
import * as inputHelper from '../lib/input-helper'
|
||||
import * as path from 'path'
|
||||
import * as workflowContextHelper from '../lib/workflow-context-helper'
|
||||
import {IGitSourceSettings} from '../lib/git-source-settings'
|
||||
|
||||
const originalGitHubWorkspace = process.env['GITHUB_WORKSPACE']
|
||||
@ -43,6 +43,11 @@ describe('input-helper tests', () => {
|
||||
.spyOn(fsHelper, 'directoryExistsSync')
|
||||
.mockImplementation((path: string) => path == gitHubWorkspace)
|
||||
|
||||
// Mock ./workflowContextHelper getOrganizationId()
|
||||
jest
|
||||
.spyOn(workflowContextHelper, 'getOrganizationId')
|
||||
.mockImplementation(() => Promise.resolve(123456))
|
||||
|
||||
// GitHub workspace
|
||||
process.env['GITHUB_WORKSPACE'] = gitHubWorkspace
|
||||
})
|
||||
@ -67,8 +72,8 @@ describe('input-helper tests', () => {
|
||||
jest.restoreAllMocks()
|
||||
})
|
||||
|
||||
it('sets defaults', () => {
|
||||
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||
it('sets defaults', async () => {
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings).toBeTruthy()
|
||||
expect(settings.authToken).toBeFalsy()
|
||||
expect(settings.clean).toBe(true)
|
||||
@ -82,11 +87,11 @@ describe('input-helper tests', () => {
|
||||
expect(settings.repositoryPath).toBe(gitHubWorkspace)
|
||||
})
|
||||
|
||||
it('qualifies ref', () => {
|
||||
it('qualifies ref', async () => {
|
||||
let originalRef = github.context.ref
|
||||
try {
|
||||
github.context.ref = 'some-unqualified-ref'
|
||||
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings).toBeTruthy()
|
||||
expect(settings.commit).toBe('1234567890123456789012345678901234567890')
|
||||
expect(settings.ref).toBe('refs/heads/some-unqualified-ref')
|
||||
@ -95,32 +100,42 @@ describe('input-helper tests', () => {
|
||||
}
|
||||
})
|
||||
|
||||
it('requires qualified repo', () => {
|
||||
it('requires qualified repo', async () => {
|
||||
inputs.repository = 'some-unqualified-repo'
|
||||
assert.throws(() => {
|
||||
inputHelper.getInputs()
|
||||
}, /Invalid repository 'some-unqualified-repo'/)
|
||||
try {
|
||||
await inputHelper.getInputs()
|
||||
throw 'should not reach here'
|
||||
} catch (err) {
|
||||
expect(`(${(err as any).message}`).toMatch(
|
||||
"Invalid repository 'some-unqualified-repo'"
|
||||
)
|
||||
}
|
||||
})
|
||||
|
||||
it('roots path', () => {
|
||||
it('roots path', async () => {
|
||||
inputs.path = 'some-directory/some-subdirectory'
|
||||
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings.repositoryPath).toBe(
|
||||
path.join(gitHubWorkspace, 'some-directory', 'some-subdirectory')
|
||||
)
|
||||
})
|
||||
|
||||
it('sets ref to empty when explicit sha', () => {
|
||||
it('sets ref to empty when explicit sha', async () => {
|
||||
inputs.ref = '1111111111222222222233333333334444444444'
|
||||
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings.ref).toBeFalsy()
|
||||
expect(settings.commit).toBe('1111111111222222222233333333334444444444')
|
||||
})
|
||||
|
||||
it('sets sha to empty when explicit ref', () => {
|
||||
it('sets sha to empty when explicit ref', async () => {
|
||||
inputs.ref = 'refs/heads/some-other-ref'
|
||||
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings.ref).toBe('refs/heads/some-other-ref')
|
||||
expect(settings.commit).toBeFalsy()
|
||||
})
|
||||
|
||||
it('sets workflow organization ID', async () => {
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings.workflowOrganizationId).toBe(123456)
|
||||
})
|
||||
})
|
||||
|
113
dist/index.js
vendored
113
dist/index.js
vendored
@ -4149,7 +4149,7 @@ function run() {
|
||||
var _a, _b;
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
try {
|
||||
const sourceSettings = inputHelper.getInputs();
|
||||
const sourceSettings = yield inputHelper.getInputs();
|
||||
try {
|
||||
// Register problem matcher
|
||||
coreCommand.issueCommand('add-matcher', {}, path.join(__dirname, 'problem-matcher.json'));
|
||||
@ -6542,6 +6542,7 @@ function createAuthHelper(git, settings) {
|
||||
exports.createAuthHelper = createAuthHelper;
|
||||
class GitAuthHelper {
|
||||
constructor(gitCommandManager, gitSourceSettings) {
|
||||
this.insteadOfValues = [];
|
||||
this.sshCommand = '';
|
||||
this.sshKeyPath = '';
|
||||
this.sshKnownHostsPath = '';
|
||||
@ -6557,7 +6558,10 @@ class GitAuthHelper {
|
||||
this.tokenConfigValue = `AUTHORIZATION: basic ${basicCredential}`;
|
||||
// Instead of SSH URL
|
||||
this.insteadOfKey = `url.${serverUrl.origin}/.insteadOf`; // "origin" is SCHEME://HOSTNAME[:PORT]
|
||||
this.insteadOfValue = `git@${serverUrl.hostname}:`;
|
||||
this.insteadOfValues.push(`git@${serverUrl.hostname}:`);
|
||||
if (this.settings.workflowOrganizationId) {
|
||||
this.insteadOfValues.push(`org-${this.settings.workflowOrganizationId}@github.com:`);
|
||||
}
|
||||
}
|
||||
configureAuth() {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
@ -6606,7 +6610,9 @@ class GitAuthHelper {
|
||||
// Configure HTTPS instead of SSH
|
||||
yield this.git.tryConfigUnset(this.insteadOfKey, true);
|
||||
if (!this.settings.sshKey) {
|
||||
yield this.git.config(this.insteadOfKey, this.insteadOfValue, true);
|
||||
for (const insteadOfValue of this.insteadOfValues) {
|
||||
yield this.git.config(this.insteadOfKey, insteadOfValue, true, true);
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (err) {
|
||||
@ -6638,7 +6644,9 @@ class GitAuthHelper {
|
||||
}
|
||||
else {
|
||||
// Configure HTTPS instead of SSH
|
||||
yield this.git.submoduleForeach(`git config --local '${this.insteadOfKey}' '${this.insteadOfValue}'`, this.settings.nestedSubmodules);
|
||||
for (const insteadOfValue of this.insteadOfValues) {
|
||||
yield this.git.submoduleForeach(`git config --local --add '${this.insteadOfKey}' '${insteadOfValue}'`, this.settings.nestedSubmodules);
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
@ -6928,14 +6936,14 @@ class GitCommandManager {
|
||||
yield this.execGit(args);
|
||||
});
|
||||
}
|
||||
config(configKey, configValue, globalConfig) {
|
||||
config(configKey, configValue, globalConfig, add) {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
yield this.execGit([
|
||||
'config',
|
||||
globalConfig ? '--global' : '--local',
|
||||
configKey,
|
||||
configValue
|
||||
]);
|
||||
const args = ['config', globalConfig ? '--global' : '--local'];
|
||||
if (add) {
|
||||
args.push('--add');
|
||||
}
|
||||
args.push(...[configKey, configValue]);
|
||||
yield this.execGit(args);
|
||||
});
|
||||
}
|
||||
configExists(configKey, globalConfig) {
|
||||
@ -13522,6 +13530,75 @@ module.exports = function callBoundIntrinsic(name, allowMissing) {
|
||||
|
||||
module.exports = require("net");
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 642:
|
||||
/***/ (function(__unusedmodule, exports, __webpack_require__) {
|
||||
|
||||
"use strict";
|
||||
|
||||
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
|
||||
}) : (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
o[k2] = m[k];
|
||||
}));
|
||||
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
||||
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
||||
}) : function(o, v) {
|
||||
o["default"] = v;
|
||||
});
|
||||
var __importStar = (this && this.__importStar) || function (mod) {
|
||||
if (mod && mod.__esModule) return mod;
|
||||
var result = {};
|
||||
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
||||
__setModuleDefault(result, mod);
|
||||
return result;
|
||||
};
|
||||
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
||||
return new (P || (P = Promise))(function (resolve, reject) {
|
||||
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
||||
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
||||
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
||||
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
||||
});
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.getOrganizationId = void 0;
|
||||
const core = __importStar(__webpack_require__(470));
|
||||
const fs = __importStar(__webpack_require__(747));
|
||||
/**
|
||||
* Gets the organization ID of the running workflow or undefined if the value cannot be loaded from the GITHUB_EVENT_PATH
|
||||
*/
|
||||
function getOrganizationId() {
|
||||
var _a, _b;
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
try {
|
||||
const eventPath = process.env.GITHUB_EVENT_PATH;
|
||||
if (!eventPath) {
|
||||
core.debug(`GITHUB_EVENT_PATH is not defined`);
|
||||
return;
|
||||
}
|
||||
const content = yield fs.promises.readFile(eventPath, { encoding: 'utf8' });
|
||||
const event = JSON.parse(content);
|
||||
const id = (_b = (_a = event === null || event === void 0 ? void 0 : event.repository) === null || _a === void 0 ? void 0 : _a.owner) === null || _b === void 0 ? void 0 : _b.id;
|
||||
if (typeof id !== 'number') {
|
||||
core.debug('Repository owner ID not found within GITHUB event info');
|
||||
return;
|
||||
}
|
||||
return id;
|
||||
}
|
||||
catch (err) {
|
||||
core.debug(`Unable to load organization ID from GITHUB_EVENT_PATH: ${err
|
||||
.message || err}`);
|
||||
}
|
||||
});
|
||||
}
|
||||
exports.getOrganizationId = getOrganizationId;
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 649:
|
||||
@ -17062,13 +17139,24 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
||||
__setModuleDefault(result, mod);
|
||||
return result;
|
||||
};
|
||||
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
||||
return new (P || (P = Promise))(function (resolve, reject) {
|
||||
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
||||
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
||||
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
||||
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
||||
});
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.getInputs = void 0;
|
||||
const core = __importStar(__webpack_require__(470));
|
||||
const fsHelper = __importStar(__webpack_require__(618));
|
||||
const github = __importStar(__webpack_require__(469));
|
||||
const path = __importStar(__webpack_require__(622));
|
||||
const workflowContextHelper = __importStar(__webpack_require__(642));
|
||||
function getInputs() {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
const result = {};
|
||||
// GitHub workspace
|
||||
let githubWorkspacePath = process.env['GITHUB_WORKSPACE'];
|
||||
@ -17154,7 +17242,10 @@ function getInputs() {
|
||||
// Persist credentials
|
||||
result.persistCredentials =
|
||||
(core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE';
|
||||
// Workflow organization ID
|
||||
result.workflowOrganizationId = yield workflowContextHelper.getOrganizationId();
|
||||
return result;
|
||||
});
|
||||
}
|
||||
exports.getInputs = getInputs;
|
||||
|
||||
|
@ -37,7 +37,7 @@ class GitAuthHelper {
|
||||
private readonly tokenConfigValue: string
|
||||
private readonly tokenPlaceholderConfigValue: string
|
||||
private readonly insteadOfKey: string
|
||||
private readonly insteadOfValue: string
|
||||
private readonly insteadOfValues: string[] = []
|
||||
private sshCommand = ''
|
||||
private sshKeyPath = ''
|
||||
private sshKnownHostsPath = ''
|
||||
@ -45,7 +45,7 @@ class GitAuthHelper {
|
||||
|
||||
constructor(
|
||||
gitCommandManager: IGitCommandManager,
|
||||
gitSourceSettings?: IGitSourceSettings
|
||||
gitSourceSettings: IGitSourceSettings | undefined
|
||||
) {
|
||||
this.git = gitCommandManager
|
||||
this.settings = gitSourceSettings || (({} as unknown) as IGitSourceSettings)
|
||||
@ -63,7 +63,12 @@ class GitAuthHelper {
|
||||
|
||||
// Instead of SSH URL
|
||||
this.insteadOfKey = `url.${serverUrl.origin}/.insteadOf` // "origin" is SCHEME://HOSTNAME[:PORT]
|
||||
this.insteadOfValue = `git@${serverUrl.hostname}:`
|
||||
this.insteadOfValues.push(`git@${serverUrl.hostname}:`)
|
||||
if (this.settings.workflowOrganizationId) {
|
||||
this.insteadOfValues.push(
|
||||
`org-${this.settings.workflowOrganizationId}@github.com:`
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
async configureAuth(): Promise<void> {
|
||||
@ -118,7 +123,9 @@ class GitAuthHelper {
|
||||
// Configure HTTPS instead of SSH
|
||||
await this.git.tryConfigUnset(this.insteadOfKey, true)
|
||||
if (!this.settings.sshKey) {
|
||||
await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
|
||||
for (const insteadOfValue of this.insteadOfValues) {
|
||||
await this.git.config(this.insteadOfKey, insteadOfValue, true, true)
|
||||
}
|
||||
}
|
||||
} catch (err) {
|
||||
// Unset in case somehow written to the real global config
|
||||
@ -159,13 +166,15 @@ class GitAuthHelper {
|
||||
)
|
||||
} else {
|
||||
// Configure HTTPS instead of SSH
|
||||
for (const insteadOfValue of this.insteadOfValues) {
|
||||
await this.git.submoduleForeach(
|
||||
`git config --local '${this.insteadOfKey}' '${this.insteadOfValue}'`,
|
||||
`git config --local --add '${this.insteadOfKey}' '${insteadOfValue}'`,
|
||||
this.settings.nestedSubmodules
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async removeAuth(): Promise<void> {
|
||||
await this.removeSsh()
|
||||
|
@ -21,7 +21,8 @@ export interface IGitCommandManager {
|
||||
config(
|
||||
configKey: string,
|
||||
configValue: string,
|
||||
globalConfig?: boolean
|
||||
globalConfig?: boolean,
|
||||
add?: boolean
|
||||
): Promise<void>
|
||||
configExists(configKey: string, globalConfig?: boolean): Promise<boolean>
|
||||
fetch(refSpec: string[], fetchDepth?: number): Promise<void>
|
||||
@ -140,14 +141,15 @@ class GitCommandManager {
|
||||
async config(
|
||||
configKey: string,
|
||||
configValue: string,
|
||||
globalConfig?: boolean
|
||||
globalConfig?: boolean,
|
||||
add?: boolean
|
||||
): Promise<void> {
|
||||
await this.execGit([
|
||||
'config',
|
||||
globalConfig ? '--global' : '--local',
|
||||
configKey,
|
||||
configValue
|
||||
])
|
||||
const args: string[] = ['config', globalConfig ? '--global' : '--local']
|
||||
if (add) {
|
||||
args.push('--add')
|
||||
}
|
||||
args.push(...[configKey, configValue])
|
||||
await this.execGit(args)
|
||||
}
|
||||
|
||||
async configExists(
|
||||
|
@ -73,4 +73,9 @@ export interface IGitSourceSettings {
|
||||
* Indicates whether to persist the credentials on disk to enable scripting authenticated git commands
|
||||
*/
|
||||
persistCredentials: boolean
|
||||
|
||||
/**
|
||||
* Organization ID for the currently running workflow (used for auth settings)
|
||||
*/
|
||||
workflowOrganizationId: number | undefined
|
||||
}
|
||||
|
@ -2,9 +2,10 @@ import * as core from '@actions/core'
|
||||
import * as fsHelper from './fs-helper'
|
||||
import * as github from '@actions/github'
|
||||
import * as path from 'path'
|
||||
import * as workflowContextHelper from './workflow-context-helper'
|
||||
import {IGitSourceSettings} from './git-source-settings'
|
||||
|
||||
export function getInputs(): IGitSourceSettings {
|
||||
export async function getInputs(): Promise<IGitSourceSettings> {
|
||||
const result = ({} as unknown) as IGitSourceSettings
|
||||
|
||||
// GitHub workspace
|
||||
@ -118,5 +119,8 @@ export function getInputs(): IGitSourceSettings {
|
||||
result.persistCredentials =
|
||||
(core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'
|
||||
|
||||
// Workflow organization ID
|
||||
result.workflowOrganizationId = await workflowContextHelper.getOrganizationId()
|
||||
|
||||
return result
|
||||
}
|
||||
|
@ -7,7 +7,7 @@ import * as stateHelper from './state-helper'
|
||||
|
||||
async function run(): Promise<void> {
|
||||
try {
|
||||
const sourceSettings = inputHelper.getInputs()
|
||||
const sourceSettings = await inputHelper.getInputs()
|
||||
|
||||
try {
|
||||
// Register problem matcher
|
||||
|
30
src/workflow-context-helper.ts
Normal file
30
src/workflow-context-helper.ts
Normal file
@ -0,0 +1,30 @@
|
||||
import * as core from '@actions/core'
|
||||
import * as fs from 'fs'
|
||||
|
||||
/**
|
||||
* Gets the organization ID of the running workflow or undefined if the value cannot be loaded from the GITHUB_EVENT_PATH
|
||||
*/
|
||||
export async function getOrganizationId(): Promise<number | undefined> {
|
||||
try {
|
||||
const eventPath = process.env.GITHUB_EVENT_PATH
|
||||
if (!eventPath) {
|
||||
core.debug(`GITHUB_EVENT_PATH is not defined`)
|
||||
return
|
||||
}
|
||||
|
||||
const content = await fs.promises.readFile(eventPath, {encoding: 'utf8'})
|
||||
const event = JSON.parse(content)
|
||||
const id = event?.repository?.owner?.id
|
||||
if (typeof id !== 'number') {
|
||||
core.debug('Repository owner ID not found within GITHUB event info')
|
||||
return
|
||||
}
|
||||
|
||||
return id as number
|
||||
} catch (err) {
|
||||
core.debug(
|
||||
`Unable to load organization ID from GITHUB_EVENT_PATH: ${(err as any)
|
||||
.message || err}`
|
||||
)
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user