Compare commits
36 Commits
users/tihu
...
master
Author | SHA1 | Date |
---|---|---|
eric sciple | 61b9e3751b | |
eric sciple | 28c7f3d2b5 | |
eric sciple | fb6f360df2 | |
eric sciple | b4483adec3 | |
eric sciple | 00a3be8934 | |
eric sciple | 453ee27fca | |
Daniel Hwang | 65865e15a1 | |
eric sciple | aabbfeb2ce | |
eric sciple | e52d022eb5 | |
eric sciple | 2ff2fbdea4 | |
eric sciple | df86c829eb | |
Peter Evans | 97b30c411c | |
eric sciple | 86f86b36ef | |
eric sciple | 7523e23789 | |
eric sciple | ac455590d1 | |
eric sciple | 94c2de77cc | |
eric sciple | 01aecccf73 | |
eric sciple | 85b1f35505 | |
eric sciple | 574281d34c | |
Jef LeCompte | fbb30c60ab | |
eric sciple | 58070a9fc3 | |
eric sciple | 9a3a9ade82 | |
eric sciple | b2e6b7ed13 | |
eric sciple | 80602fafba | |
eric sciple | b4626ce19c | |
eric sciple | 422dc45671 | |
eric sciple | 204620207c | |
eric sciple | f219062370 | |
eric sciple | 096e927750 | |
eric sciple | f858c22e96 | |
Christopher Sexton | 77904fd431 | |
eric sciple | 06218e4404 | |
eric sciple | 61fd8fd0c7 | |
eric sciple | f95f2a3856 | |
eric sciple | f90c7b395d | |
eric sciple | 090d9c9dfd |
|
@ -11,13 +11,14 @@ jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
|
- uses: actions/setup-node@v1
|
||||||
|
with:
|
||||||
|
node-version: 12.x
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- run: npm ci
|
- run: npm ci
|
||||||
- run: npm run build
|
- run: npm run build
|
||||||
- run: npm run format-check
|
- run: npm run format-check
|
||||||
- run: npm run lint
|
- run: npm run lint
|
||||||
- run: npm run pack
|
|
||||||
- run: npm run gendocs
|
|
||||||
- run: npm test
|
- run: npm test
|
||||||
- name: Verify no unstaged changes
|
- name: Verify no unstaged changes
|
||||||
run: __test__/verify-no-unstaged-changes.sh
|
run: __test__/verify-no-unstaged-changes.sh
|
||||||
|
@ -34,7 +35,7 @@ jobs:
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
# Basic checkout
|
# Basic checkout
|
||||||
- name: Basic checkout
|
- name: Checkout basic
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/basic
|
ref: test-data/v2/basic
|
||||||
|
@ -47,7 +48,7 @@ jobs:
|
||||||
- name: Modify work tree
|
- name: Modify work tree
|
||||||
shell: bash
|
shell: bash
|
||||||
run: __test__/modify-work-tree.sh
|
run: __test__/modify-work-tree.sh
|
||||||
- name: Clean checkout
|
- name: Checkout clean
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/basic
|
ref: test-data/v2/basic
|
||||||
|
@ -57,12 +58,12 @@ jobs:
|
||||||
run: __test__/verify-clean.sh
|
run: __test__/verify-clean.sh
|
||||||
|
|
||||||
# Side by side
|
# Side by side
|
||||||
- name: Side by side checkout 1
|
- name: Checkout side by side 1
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/side-by-side-1
|
ref: test-data/v2/side-by-side-1
|
||||||
path: side-by-side-1
|
path: side-by-side-1
|
||||||
- name: Side by side checkout 2
|
- name: Checkout side by side 2
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/side-by-side-2
|
ref: test-data/v2/side-by-side-2
|
||||||
|
@ -72,7 +73,7 @@ jobs:
|
||||||
run: __test__/verify-side-by-side.sh
|
run: __test__/verify-side-by-side.sh
|
||||||
|
|
||||||
# LFS
|
# LFS
|
||||||
- name: LFS checkout
|
- name: Checkout LFS
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
|
repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
|
||||||
|
@ -83,16 +84,121 @@ jobs:
|
||||||
shell: bash
|
shell: bash
|
||||||
run: __test__/verify-lfs.sh
|
run: __test__/verify-lfs.sh
|
||||||
|
|
||||||
test-job-container:
|
# Submodules false
|
||||||
runs-on: ubuntu-latest
|
- name: Checkout submodules false
|
||||||
container: alpine:latest
|
uses: ./
|
||||||
steps:
|
with:
|
||||||
# Clone this repo
|
ref: test-data/v2/submodule-ssh-url
|
||||||
- name: Checkout
|
path: submodules-false
|
||||||
uses: actions/checkout@v2
|
- name: Verify submodules false
|
||||||
|
run: __test__/verify-submodules-false.sh
|
||||||
|
|
||||||
# Basic checkout
|
# Submodules one level
|
||||||
- name: Basic checkout
|
- name: Checkout submodules true
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
ref: test-data/v2/submodule-ssh-url
|
||||||
|
path: submodules-true
|
||||||
|
submodules: true
|
||||||
|
- name: Verify submodules true
|
||||||
|
run: __test__/verify-submodules-true.sh
|
||||||
|
|
||||||
|
# Submodules recursive
|
||||||
|
- name: Checkout submodules recursive
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
ref: test-data/v2/submodule-ssh-url
|
||||||
|
path: submodules-recursive
|
||||||
|
submodules: recursive
|
||||||
|
- name: Verify submodules recursive
|
||||||
|
run: __test__/verify-submodules-recursive.sh
|
||||||
|
|
||||||
|
# Basic checkout using REST API
|
||||||
|
- name: Remove basic
|
||||||
|
if: runner.os != 'windows'
|
||||||
|
run: rm -rf basic
|
||||||
|
- name: Remove basic (Windows)
|
||||||
|
if: runner.os == 'windows'
|
||||||
|
shell: cmd
|
||||||
|
run: rmdir /s /q basic
|
||||||
|
- name: Override git version
|
||||||
|
if: runner.os != 'windows'
|
||||||
|
run: __test__/override-git-version.sh
|
||||||
|
- name: Override git version (Windows)
|
||||||
|
if: runner.os == 'windows'
|
||||||
|
run: __test__\\override-git-version.cmd
|
||||||
|
- name: Checkout basic using REST API
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
ref: test-data/v2/basic
|
||||||
|
path: basic
|
||||||
|
- name: Verify basic
|
||||||
|
run: __test__/verify-basic.sh --archive
|
||||||
|
|
||||||
|
test-proxy:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
container:
|
||||||
|
image: alpine/git:latest
|
||||||
|
options: --dns 127.0.0.1
|
||||||
|
services:
|
||||||
|
squid-proxy:
|
||||||
|
image: datadog/squid:latest
|
||||||
|
ports:
|
||||||
|
- 3128:3128
|
||||||
|
env:
|
||||||
|
https_proxy: http://squid-proxy:3128
|
||||||
|
steps:
|
||||||
|
# Clone this repo
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
|
# Basic checkout using git
|
||||||
|
- name: Checkout basic
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
ref: test-data/v2/basic
|
||||||
|
path: basic
|
||||||
|
- name: Verify basic
|
||||||
|
run: __test__/verify-basic.sh
|
||||||
|
|
||||||
|
# Basic checkout using REST API
|
||||||
|
- name: Remove basic
|
||||||
|
run: rm -rf basic
|
||||||
|
- name: Override git version
|
||||||
|
run: __test__/override-git-version.sh
|
||||||
|
- name: Basic checkout using REST API
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
ref: test-data/v2/basic
|
||||||
|
path: basic
|
||||||
|
- name: Verify basic
|
||||||
|
run: __test__/verify-basic.sh --archive
|
||||||
|
|
||||||
|
test-bypass-proxy:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
env:
|
||||||
|
https_proxy: http://no-such-proxy:3128
|
||||||
|
no_proxy: api.github.com,github.com
|
||||||
|
steps:
|
||||||
|
# Clone this repo
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
|
# Basic checkout using git
|
||||||
|
- name: Checkout basic
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
ref: test-data/v2/basic
|
||||||
|
path: basic
|
||||||
|
- name: Verify basic
|
||||||
|
run: __test__/verify-basic.sh
|
||||||
|
- name: Remove basic
|
||||||
|
run: rm -rf basic
|
||||||
|
|
||||||
|
# Basic checkout using REST API
|
||||||
|
- name: Override git version
|
||||||
|
run: __test__/override-git-version.sh
|
||||||
|
- name: Checkout basic using REST API
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/basic
|
ref: test-data/v2/basic
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
|
__test__/_temp
|
||||||
lib/
|
lib/
|
||||||
node_modules/
|
node_modules/
|
35
CHANGELOG.md
35
CHANGELOG.md
|
@ -1,5 +1,40 @@
|
||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## v2.3.1
|
||||||
|
|
||||||
|
- [Fix default branch resolution for .wiki and when using SSH](https://github.com/actions/checkout/pull/284)
|
||||||
|
|
||||||
|
|
||||||
|
## v2.3.0
|
||||||
|
|
||||||
|
- [Fallback to the default branch](https://github.com/actions/checkout/pull/278)
|
||||||
|
|
||||||
|
## v2.2.0
|
||||||
|
|
||||||
|
- [Fetch all history for all tags and branches when fetch-depth=0](https://github.com/actions/checkout/pull/258)
|
||||||
|
|
||||||
|
## v2.1.1
|
||||||
|
|
||||||
|
- Changes to support GHES ([here](https://github.com/actions/checkout/pull/236) and [here](https://github.com/actions/checkout/pull/248))
|
||||||
|
|
||||||
|
## v2.1.0
|
||||||
|
|
||||||
|
- [Group output](https://github.com/actions/checkout/pull/191)
|
||||||
|
- [Changes to support GHES alpha release](https://github.com/actions/checkout/pull/199)
|
||||||
|
- [Persist core.sshCommand for submodules](https://github.com/actions/checkout/pull/184)
|
||||||
|
- [Add support ssh](https://github.com/actions/checkout/pull/163)
|
||||||
|
- [Convert submodule SSH URL to HTTPS, when not using SSH](https://github.com/actions/checkout/pull/179)
|
||||||
|
- [Add submodule support](https://github.com/actions/checkout/pull/157)
|
||||||
|
- [Follow proxy settings](https://github.com/actions/checkout/pull/144)
|
||||||
|
- [Fix ref for pr closed event when a pr is merged](https://github.com/actions/checkout/pull/141)
|
||||||
|
- [Fix issue checking detached when git less than 2.22](https://github.com/actions/checkout/pull/128)
|
||||||
|
|
||||||
|
## v2.0.0
|
||||||
|
|
||||||
|
- [Do not pass cred on command line](https://github.com/actions/checkout/pull/108)
|
||||||
|
- [Add input persist-credentials](https://github.com/actions/checkout/pull/107)
|
||||||
|
- [Fallback to REST API to download repo](https://github.com/actions/checkout/pull/104)
|
||||||
|
|
||||||
## v2 (beta)
|
## v2 (beta)
|
||||||
|
|
||||||
- Improved fetch performance
|
- Improved fetch performance
|
||||||
|
|
101
README.md
101
README.md
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
This action checks-out your repository under `$GITHUB_WORKSPACE`, so your workflow can access it.
|
This action checks-out your repository under `$GITHUB_WORKSPACE`, so your workflow can access it.
|
||||||
|
|
||||||
Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set `fetch-depth` to fetch more history. Refer [here](https://help.github.com/en/articles/events-that-trigger-workflows) to learn which commit `$GITHUB_SHA` points to for different events.
|
Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set `fetch-depth: 0` to fetch all history for all branches and tags. Refer [here](https://help.github.com/en/articles/events-that-trigger-workflows) to learn which commit `$GITHUB_SHA` points to for different events.
|
||||||
|
|
||||||
The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set `persist-credentials: false` to opt-out.
|
The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set `persist-credentials: false` to opt-out.
|
||||||
|
|
||||||
|
@ -18,6 +18,7 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
|
||||||
- Fetches only a single commit by default
|
- Fetches only a single commit by default
|
||||||
- Script authenticated git commands
|
- Script authenticated git commands
|
||||||
- Auth token persisted in the local git config
|
- Auth token persisted in the local git config
|
||||||
|
- Supports SSH
|
||||||
- Creates a local branch
|
- Creates a local branch
|
||||||
- No longer detached HEAD when checking out a branch
|
- No longer detached HEAD when checking out a branch
|
||||||
- Improved layout
|
- Improved layout
|
||||||
|
@ -26,7 +27,6 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
|
||||||
- Fallback to REST API download
|
- Fallback to REST API download
|
||||||
- When Git 2.18 or higher is not in the PATH, the REST API will be used to download the files
|
- When Git 2.18 or higher is not in the PATH, the REST API will be used to download the files
|
||||||
- When using a job container, the container's PATH is used
|
- When using a job container, the container's PATH is used
|
||||||
- Removed input `submodules`
|
|
||||||
|
|
||||||
Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous versions.
|
Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous versions.
|
||||||
|
|
||||||
|
@ -42,17 +42,43 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
|
||||||
|
|
||||||
# The branch, tag or SHA to checkout. When checking out the repository that
|
# The branch, tag or SHA to checkout. When checking out the repository that
|
||||||
# triggered a workflow, this defaults to the reference or SHA for that event.
|
# triggered a workflow, this defaults to the reference or SHA for that event.
|
||||||
# Otherwise, defaults to `master`.
|
# Otherwise, uses the default branch.
|
||||||
ref: ''
|
ref: ''
|
||||||
|
|
||||||
# Auth token used to fetch the repository. The token is stored in the local git
|
# Personal access token (PAT) used to fetch the repository. The PAT is configured
|
||||||
# config, which enables your scripts to run authenticated git commands. The
|
# with the local git config, which enables your scripts to run authenticated git
|
||||||
# post-job step removes the token from the git config. [Learn more about creating
|
# commands. The post-job step removes the PAT.
|
||||||
# and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
#
|
||||||
|
# We recommend using a service account with the least permissions necessary. Also
|
||||||
|
# when generating a new PAT, select the least scopes necessary.
|
||||||
|
#
|
||||||
|
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
||||||
|
#
|
||||||
# Default: ${{ github.token }}
|
# Default: ${{ github.token }}
|
||||||
token: ''
|
token: ''
|
||||||
|
|
||||||
# Whether to persist the token in the git config
|
# SSH key used to fetch the repository. The SSH key is configured with the local
|
||||||
|
# git config, which enables your scripts to run authenticated git commands. The
|
||||||
|
# post-job step removes the SSH key.
|
||||||
|
#
|
||||||
|
# We recommend using a service account with the least permissions necessary.
|
||||||
|
#
|
||||||
|
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
||||||
|
ssh-key: ''
|
||||||
|
|
||||||
|
# Known hosts in addition to the user and global host key database. The public SSH
|
||||||
|
# keys for a host may be obtained using the utility `ssh-keyscan`. For example,
|
||||||
|
# `ssh-keyscan github.com`. The public key for github.com is always implicitly
|
||||||
|
# added.
|
||||||
|
ssh-known-hosts: ''
|
||||||
|
|
||||||
|
# Whether to perform strict host key checking. When true, adds the options
|
||||||
|
# `StrictHostKeyChecking=yes` and `CheckHostIP=no` to the SSH command line. Use
|
||||||
|
# the input `ssh-known-hosts` to configure additional hosts.
|
||||||
|
# Default: true
|
||||||
|
ssh-strict: ''
|
||||||
|
|
||||||
|
# Whether to configure the token or SSH key with the local git config
|
||||||
# Default: true
|
# Default: true
|
||||||
persist-credentials: ''
|
persist-credentials: ''
|
||||||
|
|
||||||
|
@ -63,18 +89,28 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
|
||||||
# Default: true
|
# Default: true
|
||||||
clean: ''
|
clean: ''
|
||||||
|
|
||||||
# Number of commits to fetch. 0 indicates all history.
|
# Number of commits to fetch. 0 indicates all history for all branches and tags.
|
||||||
# Default: 1
|
# Default: 1
|
||||||
fetch-depth: ''
|
fetch-depth: ''
|
||||||
|
|
||||||
# Whether to download Git-LFS files
|
# Whether to download Git-LFS files
|
||||||
# Default: false
|
# Default: false
|
||||||
lfs: ''
|
lfs: ''
|
||||||
|
|
||||||
|
# Whether to checkout submodules: `true` to checkout submodules or `recursive` to
|
||||||
|
# recursively checkout submodules.
|
||||||
|
#
|
||||||
|
# When the `ssh-key` input is not provided, SSH URLs beginning with
|
||||||
|
# `git@github.com:` are converted to HTTPS.
|
||||||
|
#
|
||||||
|
# Default: false
|
||||||
|
submodules: ''
|
||||||
```
|
```
|
||||||
<!-- end usage -->
|
<!-- end usage -->
|
||||||
|
|
||||||
# Scenarios
|
# Scenarios
|
||||||
|
|
||||||
|
- [Fetch all history for all tags and branches](#Fetch-all-history-for-all-tags-and-branches)
|
||||||
- [Checkout a different branch](#Checkout-a-different-branch)
|
- [Checkout a different branch](#Checkout-a-different-branch)
|
||||||
- [Checkout HEAD^](#Checkout-HEAD)
|
- [Checkout HEAD^](#Checkout-HEAD)
|
||||||
- [Checkout multiple repos (side by side)](#Checkout-multiple-repos-side-by-side)
|
- [Checkout multiple repos (side by side)](#Checkout-multiple-repos-side-by-side)
|
||||||
|
@ -82,10 +118,14 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
|
||||||
- [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
|
- [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
|
||||||
- [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit)
|
- [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit)
|
||||||
- [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event)
|
- [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event)
|
||||||
- [Checkout submodules](#Checkout-submodules)
|
|
||||||
- [Fetch all tags](#Fetch-all-tags)
|
## Fetch all history for all tags and branches
|
||||||
- [Fetch all branches](#Fetch-all-branches)
|
|
||||||
- [Fetch all history for all tags and branches](#Fetch-all-history-for-all-tags-and-branches)
|
```yaml
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
```
|
||||||
|
|
||||||
## Checkout a different branch
|
## Checkout a different branch
|
||||||
|
|
||||||
|
@ -173,41 +213,6 @@ jobs:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
```
|
```
|
||||||
|
|
||||||
## Checkout submodules
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- name: Checkout submodules
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
auth_header="$(git config --local --get http.https://github.com/.extraheader)"
|
|
||||||
git submodule sync --recursive
|
|
||||||
git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1
|
|
||||||
```
|
|
||||||
|
|
||||||
## Fetch all tags
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
|
|
||||||
```
|
|
||||||
|
|
||||||
## Fetch all branches
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- run: |
|
|
||||||
git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*
|
|
||||||
```
|
|
||||||
|
|
||||||
## Fetch all history for all tags and branches
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- run: |
|
|
||||||
git fetch --prune --unshallow
|
|
||||||
```
|
|
||||||
|
|
||||||
# License
|
# License
|
||||||
|
|
||||||
The scripts and documentation in this project are released under the [MIT License](LICENSE)
|
The scripts and documentation in this project are released under the [MIT License](LICENSE)
|
||||||
|
|
|
@ -0,0 +1,802 @@
|
||||||
|
import * as core from '@actions/core'
|
||||||
|
import * as fs from 'fs'
|
||||||
|
import * as gitAuthHelper from '../lib/git-auth-helper'
|
||||||
|
import * as io from '@actions/io'
|
||||||
|
import * as os from 'os'
|
||||||
|
import * as path from 'path'
|
||||||
|
import * as stateHelper from '../lib/state-helper'
|
||||||
|
import {IGitCommandManager} from '../lib/git-command-manager'
|
||||||
|
import {IGitSourceSettings} from '../lib/git-source-settings'
|
||||||
|
|
||||||
|
const isWindows = process.platform === 'win32'
|
||||||
|
const testWorkspace = path.join(__dirname, '_temp', 'git-auth-helper')
|
||||||
|
const originalRunnerTemp = process.env['RUNNER_TEMP']
|
||||||
|
const originalHome = process.env['HOME']
|
||||||
|
let workspace: string
|
||||||
|
let localGitConfigPath: string
|
||||||
|
let globalGitConfigPath: string
|
||||||
|
let runnerTemp: string
|
||||||
|
let tempHomedir: string
|
||||||
|
let git: IGitCommandManager & {env: {[key: string]: string}}
|
||||||
|
let settings: IGitSourceSettings
|
||||||
|
let sshPath: string
|
||||||
|
|
||||||
|
describe('git-auth-helper tests', () => {
|
||||||
|
beforeAll(async () => {
|
||||||
|
// SSH
|
||||||
|
sshPath = await io.which('ssh')
|
||||||
|
|
||||||
|
// Clear test workspace
|
||||||
|
await io.rmRF(testWorkspace)
|
||||||
|
})
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
// Mock setSecret
|
||||||
|
jest.spyOn(core, 'setSecret').mockImplementation((secret: string) => {})
|
||||||
|
|
||||||
|
// Mock error/warning/info/debug
|
||||||
|
jest.spyOn(core, 'error').mockImplementation(jest.fn())
|
||||||
|
jest.spyOn(core, 'warning').mockImplementation(jest.fn())
|
||||||
|
jest.spyOn(core, 'info').mockImplementation(jest.fn())
|
||||||
|
jest.spyOn(core, 'debug').mockImplementation(jest.fn())
|
||||||
|
|
||||||
|
// Mock state helper
|
||||||
|
jest.spyOn(stateHelper, 'setSshKeyPath').mockImplementation(jest.fn())
|
||||||
|
jest
|
||||||
|
.spyOn(stateHelper, 'setSshKnownHostsPath')
|
||||||
|
.mockImplementation(jest.fn())
|
||||||
|
})
|
||||||
|
|
||||||
|
afterEach(() => {
|
||||||
|
// Unregister mocks
|
||||||
|
jest.restoreAllMocks()
|
||||||
|
|
||||||
|
// Restore HOME
|
||||||
|
if (originalHome) {
|
||||||
|
process.env['HOME'] = originalHome
|
||||||
|
} else {
|
||||||
|
delete process.env['HOME']
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
afterAll(() => {
|
||||||
|
// Restore RUNNER_TEMP
|
||||||
|
delete process.env['RUNNER_TEMP']
|
||||||
|
if (originalRunnerTemp) {
|
||||||
|
process.env['RUNNER_TEMP'] = originalRunnerTemp
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
const configureAuth_configuresAuthHeader =
|
||||||
|
'configureAuth configures auth header'
|
||||||
|
it(configureAuth_configuresAuthHeader, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(configureAuth_configuresAuthHeader)
|
||||||
|
expect(settings.authToken).toBeTruthy() // sanity check
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
|
||||||
|
// Assert config
|
||||||
|
const configContent = (
|
||||||
|
await fs.promises.readFile(localGitConfigPath)
|
||||||
|
).toString()
|
||||||
|
const basicCredential = Buffer.from(
|
||||||
|
`x-access-token:${settings.authToken}`,
|
||||||
|
'utf8'
|
||||||
|
).toString('base64')
|
||||||
|
expect(
|
||||||
|
configContent.indexOf(
|
||||||
|
`http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
|
||||||
|
)
|
||||||
|
).toBeGreaterThanOrEqual(0)
|
||||||
|
})
|
||||||
|
|
||||||
|
const configureAuth_configuresAuthHeaderEvenWhenPersistCredentialsFalse =
|
||||||
|
'configureAuth configures auth header even when persist credentials false'
|
||||||
|
it(
|
||||||
|
configureAuth_configuresAuthHeaderEvenWhenPersistCredentialsFalse,
|
||||||
|
async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(
|
||||||
|
configureAuth_configuresAuthHeaderEvenWhenPersistCredentialsFalse
|
||||||
|
)
|
||||||
|
expect(settings.authToken).toBeTruthy() // sanity check
|
||||||
|
settings.persistCredentials = false
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
|
||||||
|
// Assert config
|
||||||
|
const configContent = (
|
||||||
|
await fs.promises.readFile(localGitConfigPath)
|
||||||
|
).toString()
|
||||||
|
expect(
|
||||||
|
configContent.indexOf(
|
||||||
|
`http.https://github.com/.extraheader AUTHORIZATION`
|
||||||
|
)
|
||||||
|
).toBeGreaterThanOrEqual(0)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
const configureAuth_copiesUserKnownHosts =
|
||||||
|
'configureAuth copies user known hosts'
|
||||||
|
it(configureAuth_copiesUserKnownHosts, async () => {
|
||||||
|
if (!sshPath) {
|
||||||
|
process.stdout.write(
|
||||||
|
`Skipped test "${configureAuth_copiesUserKnownHosts}". Executable 'ssh' not found in the PATH.\n`
|
||||||
|
)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Arange
|
||||||
|
await setup(configureAuth_copiesUserKnownHosts)
|
||||||
|
expect(settings.sshKey).toBeTruthy() // sanity check
|
||||||
|
|
||||||
|
// Mock fs.promises.readFile
|
||||||
|
const realReadFile = fs.promises.readFile
|
||||||
|
jest.spyOn(fs.promises, 'readFile').mockImplementation(
|
||||||
|
async (file: any, options: any): Promise<Buffer> => {
|
||||||
|
const userKnownHostsPath = path.join(
|
||||||
|
os.homedir(),
|
||||||
|
'.ssh',
|
||||||
|
'known_hosts'
|
||||||
|
)
|
||||||
|
if (file === userKnownHostsPath) {
|
||||||
|
return Buffer.from('some-domain.com ssh-rsa ABCDEF')
|
||||||
|
}
|
||||||
|
|
||||||
|
return await realReadFile(file, options)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
|
||||||
|
// Assert known hosts
|
||||||
|
const actualSshKnownHostsPath = await getActualSshKnownHostsPath()
|
||||||
|
const actualSshKnownHostsContent = (
|
||||||
|
await fs.promises.readFile(actualSshKnownHostsPath)
|
||||||
|
).toString()
|
||||||
|
expect(actualSshKnownHostsContent).toMatch(
|
||||||
|
/some-domain\.com ssh-rsa ABCDEF/
|
||||||
|
)
|
||||||
|
expect(actualSshKnownHostsContent).toMatch(/github\.com ssh-rsa AAAAB3N/)
|
||||||
|
})
|
||||||
|
|
||||||
|
const configureAuth_registersBasicCredentialAsSecret =
|
||||||
|
'configureAuth registers basic credential as secret'
|
||||||
|
it(configureAuth_registersBasicCredentialAsSecret, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(configureAuth_registersBasicCredentialAsSecret)
|
||||||
|
expect(settings.authToken).toBeTruthy() // sanity check
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
|
||||||
|
// Assert secret
|
||||||
|
const setSecretSpy = core.setSecret as jest.Mock<any, any>
|
||||||
|
expect(setSecretSpy).toHaveBeenCalledTimes(1)
|
||||||
|
const expectedSecret = Buffer.from(
|
||||||
|
`x-access-token:${settings.authToken}`,
|
||||||
|
'utf8'
|
||||||
|
).toString('base64')
|
||||||
|
expect(setSecretSpy).toHaveBeenCalledWith(expectedSecret)
|
||||||
|
})
|
||||||
|
|
||||||
|
const setsSshCommandEnvVarWhenPersistCredentialsFalse =
|
||||||
|
'sets SSH command env var when persist-credentials false'
|
||||||
|
it(setsSshCommandEnvVarWhenPersistCredentialsFalse, async () => {
|
||||||
|
if (!sshPath) {
|
||||||
|
process.stdout.write(
|
||||||
|
`Skipped test "${setsSshCommandEnvVarWhenPersistCredentialsFalse}". Executable 'ssh' not found in the PATH.\n`
|
||||||
|
)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Arrange
|
||||||
|
await setup(setsSshCommandEnvVarWhenPersistCredentialsFalse)
|
||||||
|
settings.persistCredentials = false
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
|
||||||
|
// Assert git env var
|
||||||
|
const actualKeyPath = await getActualSshKeyPath()
|
||||||
|
const actualKnownHostsPath = await getActualSshKnownHostsPath()
|
||||||
|
const expectedSshCommand = `"${sshPath}" -i "$RUNNER_TEMP/${path.basename(
|
||||||
|
actualKeyPath
|
||||||
|
)}" -o StrictHostKeyChecking=yes -o CheckHostIP=no -o "UserKnownHostsFile=$RUNNER_TEMP/${path.basename(
|
||||||
|
actualKnownHostsPath
|
||||||
|
)}"`
|
||||||
|
expect(git.setEnvironmentVariable).toHaveBeenCalledWith(
|
||||||
|
'GIT_SSH_COMMAND',
|
||||||
|
expectedSshCommand
|
||||||
|
)
|
||||||
|
|
||||||
|
// Asserty git config
|
||||||
|
const gitConfigLines = (await fs.promises.readFile(localGitConfigPath))
|
||||||
|
.toString()
|
||||||
|
.split('\n')
|
||||||
|
.filter(x => x)
|
||||||
|
expect(gitConfigLines).toHaveLength(1)
|
||||||
|
expect(gitConfigLines[0]).toMatch(/^http\./)
|
||||||
|
})
|
||||||
|
|
||||||
|
const configureAuth_setsSshCommandWhenPersistCredentialsTrue =
|
||||||
|
'sets SSH command when persist-credentials true'
|
||||||
|
it(configureAuth_setsSshCommandWhenPersistCredentialsTrue, async () => {
|
||||||
|
if (!sshPath) {
|
||||||
|
process.stdout.write(
|
||||||
|
`Skipped test "${configureAuth_setsSshCommandWhenPersistCredentialsTrue}". Executable 'ssh' not found in the PATH.\n`
|
||||||
|
)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Arrange
|
||||||
|
await setup(configureAuth_setsSshCommandWhenPersistCredentialsTrue)
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
|
||||||
|
// Assert git env var
|
||||||
|
const actualKeyPath = await getActualSshKeyPath()
|
||||||
|
const actualKnownHostsPath = await getActualSshKnownHostsPath()
|
||||||
|
const expectedSshCommand = `"${sshPath}" -i "$RUNNER_TEMP/${path.basename(
|
||||||
|
actualKeyPath
|
||||||
|
)}" -o StrictHostKeyChecking=yes -o CheckHostIP=no -o "UserKnownHostsFile=$RUNNER_TEMP/${path.basename(
|
||||||
|
actualKnownHostsPath
|
||||||
|
)}"`
|
||||||
|
expect(git.setEnvironmentVariable).toHaveBeenCalledWith(
|
||||||
|
'GIT_SSH_COMMAND',
|
||||||
|
expectedSshCommand
|
||||||
|
)
|
||||||
|
|
||||||
|
// Asserty git config
|
||||||
|
expect(git.config).toHaveBeenCalledWith(
|
||||||
|
'core.sshCommand',
|
||||||
|
expectedSshCommand
|
||||||
|
)
|
||||||
|
})
|
||||||
|
|
||||||
|
const configureAuth_writesExplicitKnownHosts = 'writes explicit known hosts'
|
||||||
|
it(configureAuth_writesExplicitKnownHosts, async () => {
|
||||||
|
if (!sshPath) {
|
||||||
|
process.stdout.write(
|
||||||
|
`Skipped test "${configureAuth_writesExplicitKnownHosts}". Executable 'ssh' not found in the PATH.\n`
|
||||||
|
)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Arrange
|
||||||
|
await setup(configureAuth_writesExplicitKnownHosts)
|
||||||
|
expect(settings.sshKey).toBeTruthy() // sanity check
|
||||||
|
settings.sshKnownHosts = 'my-custom-host.com ssh-rsa ABC123'
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
|
||||||
|
// Assert known hosts
|
||||||
|
const actualSshKnownHostsPath = await getActualSshKnownHostsPath()
|
||||||
|
const actualSshKnownHostsContent = (
|
||||||
|
await fs.promises.readFile(actualSshKnownHostsPath)
|
||||||
|
).toString()
|
||||||
|
expect(actualSshKnownHostsContent).toMatch(
|
||||||
|
/my-custom-host\.com ssh-rsa ABC123/
|
||||||
|
)
|
||||||
|
expect(actualSshKnownHostsContent).toMatch(/github\.com ssh-rsa AAAAB3N/)
|
||||||
|
})
|
||||||
|
|
||||||
|
const configureAuth_writesSshKeyAndImplicitKnownHosts =
|
||||||
|
'writes SSH key and implicit known hosts'
|
||||||
|
it(configureAuth_writesSshKeyAndImplicitKnownHosts, async () => {
|
||||||
|
if (!sshPath) {
|
||||||
|
process.stdout.write(
|
||||||
|
`Skipped test "${configureAuth_writesSshKeyAndImplicitKnownHosts}". Executable 'ssh' not found in the PATH.\n`
|
||||||
|
)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Arrange
|
||||||
|
await setup(configureAuth_writesSshKeyAndImplicitKnownHosts)
|
||||||
|
expect(settings.sshKey).toBeTruthy() // sanity check
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
|
||||||
|
// Assert SSH key
|
||||||
|
const actualSshKeyPath = await getActualSshKeyPath()
|
||||||
|
expect(actualSshKeyPath).toBeTruthy()
|
||||||
|
const actualSshKeyContent = (
|
||||||
|
await fs.promises.readFile(actualSshKeyPath)
|
||||||
|
).toString()
|
||||||
|
expect(actualSshKeyContent).toBe(settings.sshKey + '\n')
|
||||||
|
if (!isWindows) {
|
||||||
|
// Assert read/write for user, not group or others.
|
||||||
|
// Otherwise SSH client will error.
|
||||||
|
expect((await fs.promises.stat(actualSshKeyPath)).mode & 0o777).toBe(
|
||||||
|
0o600
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Assert known hosts
|
||||||
|
const actualSshKnownHostsPath = await getActualSshKnownHostsPath()
|
||||||
|
const actualSshKnownHostsContent = (
|
||||||
|
await fs.promises.readFile(actualSshKnownHostsPath)
|
||||||
|
).toString()
|
||||||
|
expect(actualSshKnownHostsContent).toMatch(/github\.com ssh-rsa AAAAB3N/)
|
||||||
|
})
|
||||||
|
|
||||||
|
const configureGlobalAuth_configuresUrlInsteadOfWhenSshKeyNotSet =
|
||||||
|
'configureGlobalAuth configures URL insteadOf when SSH key not set'
|
||||||
|
it(configureGlobalAuth_configuresUrlInsteadOfWhenSshKeyNotSet, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(configureGlobalAuth_configuresUrlInsteadOfWhenSshKeyNotSet)
|
||||||
|
settings.sshKey = ''
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
await authHelper.configureGlobalAuth()
|
||||||
|
|
||||||
|
// Assert temporary global config
|
||||||
|
expect(git.env['HOME']).toBeTruthy()
|
||||||
|
const configContent = (
|
||||||
|
await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig'))
|
||||||
|
).toString()
|
||||||
|
expect(
|
||||||
|
configContent.indexOf(`url.https://github.com/.insteadOf git@github.com`)
|
||||||
|
).toBeGreaterThanOrEqual(0)
|
||||||
|
})
|
||||||
|
|
||||||
|
const configureGlobalAuth_copiesGlobalGitConfig =
|
||||||
|
'configureGlobalAuth copies global git config'
|
||||||
|
it(configureGlobalAuth_copiesGlobalGitConfig, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(configureGlobalAuth_copiesGlobalGitConfig)
|
||||||
|
await fs.promises.writeFile(globalGitConfigPath, 'value-from-global-config')
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
await authHelper.configureGlobalAuth()
|
||||||
|
|
||||||
|
// Assert original global config not altered
|
||||||
|
let configContent = (
|
||||||
|
await fs.promises.readFile(globalGitConfigPath)
|
||||||
|
).toString()
|
||||||
|
expect(configContent).toBe('value-from-global-config')
|
||||||
|
|
||||||
|
// Assert temporary global config
|
||||||
|
expect(git.env['HOME']).toBeTruthy()
|
||||||
|
const basicCredential = Buffer.from(
|
||||||
|
`x-access-token:${settings.authToken}`,
|
||||||
|
'utf8'
|
||||||
|
).toString('base64')
|
||||||
|
configContent = (
|
||||||
|
await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig'))
|
||||||
|
).toString()
|
||||||
|
expect(
|
||||||
|
configContent.indexOf('value-from-global-config')
|
||||||
|
).toBeGreaterThanOrEqual(0)
|
||||||
|
expect(
|
||||||
|
configContent.indexOf(
|
||||||
|
`http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
|
||||||
|
)
|
||||||
|
).toBeGreaterThanOrEqual(0)
|
||||||
|
})
|
||||||
|
|
||||||
|
const configureGlobalAuth_createsNewGlobalGitConfigWhenGlobalDoesNotExist =
|
||||||
|
'configureGlobalAuth creates new git config when global does not exist'
|
||||||
|
it(
|
||||||
|
configureGlobalAuth_createsNewGlobalGitConfigWhenGlobalDoesNotExist,
|
||||||
|
async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(
|
||||||
|
configureGlobalAuth_createsNewGlobalGitConfigWhenGlobalDoesNotExist
|
||||||
|
)
|
||||||
|
await io.rmRF(globalGitConfigPath)
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
await authHelper.configureGlobalAuth()
|
||||||
|
|
||||||
|
// Assert original global config not recreated
|
||||||
|
try {
|
||||||
|
await fs.promises.stat(globalGitConfigPath)
|
||||||
|
throw new Error(
|
||||||
|
`Did not expect file to exist: '${globalGitConfigPath}'`
|
||||||
|
)
|
||||||
|
} catch (err) {
|
||||||
|
if (err.code !== 'ENOENT') {
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Assert temporary global config
|
||||||
|
expect(git.env['HOME']).toBeTruthy()
|
||||||
|
const basicCredential = Buffer.from(
|
||||||
|
`x-access-token:${settings.authToken}`,
|
||||||
|
'utf8'
|
||||||
|
).toString('base64')
|
||||||
|
const configContent = (
|
||||||
|
await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig'))
|
||||||
|
).toString()
|
||||||
|
expect(
|
||||||
|
configContent.indexOf(
|
||||||
|
`http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
|
||||||
|
)
|
||||||
|
).toBeGreaterThanOrEqual(0)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
const configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeyNotSet =
|
||||||
|
'configureSubmoduleAuth configures submodules when persist credentials false and SSH key not set'
|
||||||
|
it(
|
||||||
|
configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeyNotSet,
|
||||||
|
async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(
|
||||||
|
configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeyNotSet
|
||||||
|
)
|
||||||
|
settings.persistCredentials = false
|
||||||
|
settings.sshKey = ''
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>
|
||||||
|
mockSubmoduleForeach.mockClear() // reset calls
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureSubmoduleAuth()
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
expect(mockSubmoduleForeach).toBeCalledTimes(1)
|
||||||
|
expect(mockSubmoduleForeach.mock.calls[0][0] as string).toMatch(
|
||||||
|
/unset-all.*insteadOf/
|
||||||
|
)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
const configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeySet =
|
||||||
|
'configureSubmoduleAuth configures submodules when persist credentials false and SSH key set'
|
||||||
|
it(
|
||||||
|
configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeySet,
|
||||||
|
async () => {
|
||||||
|
if (!sshPath) {
|
||||||
|
process.stdout.write(
|
||||||
|
`Skipped test "${configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeySet}". Executable 'ssh' not found in the PATH.\n`
|
||||||
|
)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Arrange
|
||||||
|
await setup(
|
||||||
|
configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeySet
|
||||||
|
)
|
||||||
|
settings.persistCredentials = false
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>
|
||||||
|
mockSubmoduleForeach.mockClear() // reset calls
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureSubmoduleAuth()
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
expect(mockSubmoduleForeach).toHaveBeenCalledTimes(1)
|
||||||
|
expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
|
||||||
|
/unset-all.*insteadOf/
|
||||||
|
)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
const configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeyNotSet =
|
||||||
|
'configureSubmoduleAuth configures submodules when persist credentials true and SSH key not set'
|
||||||
|
it(
|
||||||
|
configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeyNotSet,
|
||||||
|
async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(
|
||||||
|
configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeyNotSet
|
||||||
|
)
|
||||||
|
settings.sshKey = ''
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>
|
||||||
|
mockSubmoduleForeach.mockClear() // reset calls
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureSubmoduleAuth()
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
expect(mockSubmoduleForeach).toHaveBeenCalledTimes(3)
|
||||||
|
expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
|
||||||
|
/unset-all.*insteadOf/
|
||||||
|
)
|
||||||
|
expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
|
||||||
|
expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/url.*insteadOf/)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
const configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeySet =
|
||||||
|
'configureSubmoduleAuth configures submodules when persist credentials true and SSH key set'
|
||||||
|
it(
|
||||||
|
configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeySet,
|
||||||
|
async () => {
|
||||||
|
if (!sshPath) {
|
||||||
|
process.stdout.write(
|
||||||
|
`Skipped test "${configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeySet}". Executable 'ssh' not found in the PATH.\n`
|
||||||
|
)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Arrange
|
||||||
|
await setup(
|
||||||
|
configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeySet
|
||||||
|
)
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>
|
||||||
|
mockSubmoduleForeach.mockClear() // reset calls
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.configureSubmoduleAuth()
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
expect(mockSubmoduleForeach).toHaveBeenCalledTimes(3)
|
||||||
|
expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
|
||||||
|
/unset-all.*insteadOf/
|
||||||
|
)
|
||||||
|
expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
|
||||||
|
expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/core\.sshCommand/)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
const removeAuth_removesSshCommand = 'removeAuth removes SSH command'
|
||||||
|
it(removeAuth_removesSshCommand, async () => {
|
||||||
|
if (!sshPath) {
|
||||||
|
process.stdout.write(
|
||||||
|
`Skipped test "${removeAuth_removesSshCommand}". Executable 'ssh' not found in the PATH.\n`
|
||||||
|
)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Arrange
|
||||||
|
await setup(removeAuth_removesSshCommand)
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
let gitConfigContent = (
|
||||||
|
await fs.promises.readFile(localGitConfigPath)
|
||||||
|
).toString()
|
||||||
|
expect(gitConfigContent.indexOf('core.sshCommand')).toBeGreaterThanOrEqual(
|
||||||
|
0
|
||||||
|
) // sanity check
|
||||||
|
const actualKeyPath = await getActualSshKeyPath()
|
||||||
|
expect(actualKeyPath).toBeTruthy()
|
||||||
|
await fs.promises.stat(actualKeyPath)
|
||||||
|
const actualKnownHostsPath = await getActualSshKnownHostsPath()
|
||||||
|
expect(actualKnownHostsPath).toBeTruthy()
|
||||||
|
await fs.promises.stat(actualKnownHostsPath)
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.removeAuth()
|
||||||
|
|
||||||
|
// Assert git config
|
||||||
|
gitConfigContent = (
|
||||||
|
await fs.promises.readFile(localGitConfigPath)
|
||||||
|
).toString()
|
||||||
|
expect(gitConfigContent.indexOf('core.sshCommand')).toBeLessThan(0)
|
||||||
|
|
||||||
|
// Assert SSH key file
|
||||||
|
try {
|
||||||
|
await fs.promises.stat(actualKeyPath)
|
||||||
|
throw new Error('SSH key should have been deleted')
|
||||||
|
} catch (err) {
|
||||||
|
if (err.code !== 'ENOENT') {
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Assert known hosts file
|
||||||
|
try {
|
||||||
|
await fs.promises.stat(actualKnownHostsPath)
|
||||||
|
throw new Error('SSH known hosts should have been deleted')
|
||||||
|
} catch (err) {
|
||||||
|
if (err.code !== 'ENOENT') {
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
const removeAuth_removesToken = 'removeAuth removes token'
|
||||||
|
it(removeAuth_removesToken, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(removeAuth_removesToken)
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
let gitConfigContent = (
|
||||||
|
await fs.promises.readFile(localGitConfigPath)
|
||||||
|
).toString()
|
||||||
|
expect(gitConfigContent.indexOf('http.')).toBeGreaterThanOrEqual(0) // sanity check
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.removeAuth()
|
||||||
|
|
||||||
|
// Assert git config
|
||||||
|
gitConfigContent = (
|
||||||
|
await fs.promises.readFile(localGitConfigPath)
|
||||||
|
).toString()
|
||||||
|
expect(gitConfigContent.indexOf('http.')).toBeLessThan(0)
|
||||||
|
})
|
||||||
|
|
||||||
|
const removeGlobalAuth_removesOverride = 'removeGlobalAuth removes override'
|
||||||
|
it(removeGlobalAuth_removesOverride, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(removeGlobalAuth_removesOverride)
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
await authHelper.configureGlobalAuth()
|
||||||
|
const homeOverride = git.env['HOME'] // Sanity check
|
||||||
|
expect(homeOverride).toBeTruthy()
|
||||||
|
await fs.promises.stat(path.join(git.env['HOME'], '.gitconfig'))
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await authHelper.removeGlobalAuth()
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
expect(git.env['HOME']).toBeUndefined()
|
||||||
|
try {
|
||||||
|
await fs.promises.stat(homeOverride)
|
||||||
|
throw new Error(`Should have been deleted '${homeOverride}'`)
|
||||||
|
} catch (err) {
|
||||||
|
if (err.code !== 'ENOENT') {
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
async function setup(testName: string): Promise<void> {
|
||||||
|
testName = testName.replace(/[^a-zA-Z0-9_]+/g, '-')
|
||||||
|
|
||||||
|
// Directories
|
||||||
|
workspace = path.join(testWorkspace, testName, 'workspace')
|
||||||
|
runnerTemp = path.join(testWorkspace, testName, 'runner-temp')
|
||||||
|
tempHomedir = path.join(testWorkspace, testName, 'home-dir')
|
||||||
|
await fs.promises.mkdir(workspace, {recursive: true})
|
||||||
|
await fs.promises.mkdir(runnerTemp, {recursive: true})
|
||||||
|
await fs.promises.mkdir(tempHomedir, {recursive: true})
|
||||||
|
process.env['RUNNER_TEMP'] = runnerTemp
|
||||||
|
process.env['HOME'] = tempHomedir
|
||||||
|
|
||||||
|
// Create git config
|
||||||
|
globalGitConfigPath = path.join(tempHomedir, '.gitconfig')
|
||||||
|
await fs.promises.writeFile(globalGitConfigPath, '')
|
||||||
|
localGitConfigPath = path.join(workspace, '.git', 'config')
|
||||||
|
await fs.promises.mkdir(path.dirname(localGitConfigPath), {recursive: true})
|
||||||
|
await fs.promises.writeFile(localGitConfigPath, '')
|
||||||
|
|
||||||
|
git = {
|
||||||
|
branchDelete: jest.fn(),
|
||||||
|
branchExists: jest.fn(),
|
||||||
|
branchList: jest.fn(),
|
||||||
|
checkout: jest.fn(),
|
||||||
|
checkoutDetach: jest.fn(),
|
||||||
|
config: jest.fn(
|
||||||
|
async (key: string, value: string, globalConfig?: boolean) => {
|
||||||
|
const configPath = globalConfig
|
||||||
|
? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
|
||||||
|
: localGitConfigPath
|
||||||
|
await fs.promises.appendFile(configPath, `\n${key} ${value}`)
|
||||||
|
}
|
||||||
|
),
|
||||||
|
configExists: jest.fn(
|
||||||
|
async (key: string, globalConfig?: boolean): Promise<boolean> => {
|
||||||
|
const configPath = globalConfig
|
||||||
|
? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
|
||||||
|
: localGitConfigPath
|
||||||
|
const content = await fs.promises.readFile(configPath)
|
||||||
|
const lines = content
|
||||||
|
.toString()
|
||||||
|
.split('\n')
|
||||||
|
.filter(x => x)
|
||||||
|
return lines.some(x => x.startsWith(key))
|
||||||
|
}
|
||||||
|
),
|
||||||
|
env: {},
|
||||||
|
fetch: jest.fn(),
|
||||||
|
getDefaultBranch: jest.fn(),
|
||||||
|
getWorkingDirectory: jest.fn(() => workspace),
|
||||||
|
init: jest.fn(),
|
||||||
|
isDetached: jest.fn(),
|
||||||
|
lfsFetch: jest.fn(),
|
||||||
|
lfsInstall: jest.fn(),
|
||||||
|
log1: jest.fn(),
|
||||||
|
remoteAdd: jest.fn(),
|
||||||
|
removeEnvironmentVariable: jest.fn((name: string) => delete git.env[name]),
|
||||||
|
revParse: jest.fn(),
|
||||||
|
setEnvironmentVariable: jest.fn((name: string, value: string) => {
|
||||||
|
git.env[name] = value
|
||||||
|
}),
|
||||||
|
shaExists: jest.fn(),
|
||||||
|
submoduleForeach: jest.fn(async () => {
|
||||||
|
return ''
|
||||||
|
}),
|
||||||
|
submoduleSync: jest.fn(),
|
||||||
|
submoduleUpdate: jest.fn(),
|
||||||
|
tagExists: jest.fn(),
|
||||||
|
tryClean: jest.fn(),
|
||||||
|
tryConfigUnset: jest.fn(
|
||||||
|
async (key: string, globalConfig?: boolean): Promise<boolean> => {
|
||||||
|
const configPath = globalConfig
|
||||||
|
? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
|
||||||
|
: localGitConfigPath
|
||||||
|
let content = await fs.promises.readFile(configPath)
|
||||||
|
let lines = content
|
||||||
|
.toString()
|
||||||
|
.split('\n')
|
||||||
|
.filter(x => x)
|
||||||
|
.filter(x => !x.startsWith(key))
|
||||||
|
await fs.promises.writeFile(configPath, lines.join('\n'))
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
),
|
||||||
|
tryDisableAutomaticGarbageCollection: jest.fn(),
|
||||||
|
tryGetFetchUrl: jest.fn(),
|
||||||
|
tryReset: jest.fn()
|
||||||
|
}
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
authToken: 'some auth token',
|
||||||
|
clean: true,
|
||||||
|
commit: '',
|
||||||
|
fetchDepth: 1,
|
||||||
|
lfs: false,
|
||||||
|
submodules: false,
|
||||||
|
nestedSubmodules: false,
|
||||||
|
persistCredentials: true,
|
||||||
|
ref: 'refs/heads/master',
|
||||||
|
repositoryName: 'my-repo',
|
||||||
|
repositoryOwner: 'my-org',
|
||||||
|
repositoryPath: '',
|
||||||
|
sshKey: sshPath ? 'some ssh private key' : '',
|
||||||
|
sshKnownHosts: '',
|
||||||
|
sshStrict: true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async function getActualSshKeyPath(): Promise<string> {
|
||||||
|
let actualTempFiles = (await fs.promises.readdir(runnerTemp))
|
||||||
|
.sort()
|
||||||
|
.map(x => path.join(runnerTemp, x))
|
||||||
|
if (actualTempFiles.length === 0) {
|
||||||
|
return ''
|
||||||
|
}
|
||||||
|
|
||||||
|
expect(actualTempFiles).toHaveLength(2)
|
||||||
|
expect(actualTempFiles[0].endsWith('_known_hosts')).toBeFalsy()
|
||||||
|
return actualTempFiles[0]
|
||||||
|
}
|
||||||
|
|
||||||
|
async function getActualSshKnownHostsPath(): Promise<string> {
|
||||||
|
let actualTempFiles = (await fs.promises.readdir(runnerTemp))
|
||||||
|
.sort()
|
||||||
|
.map(x => path.join(runnerTemp, x))
|
||||||
|
if (actualTempFiles.length === 0) {
|
||||||
|
return ''
|
||||||
|
}
|
||||||
|
|
||||||
|
expect(actualTempFiles).toHaveLength(2)
|
||||||
|
expect(actualTempFiles[1].endsWith('_known_hosts')).toBeTruthy()
|
||||||
|
expect(actualTempFiles[1].startsWith(actualTempFiles[0])).toBeTruthy()
|
||||||
|
return actualTempFiles[1]
|
||||||
|
}
|
|
@ -0,0 +1,441 @@
|
||||||
|
import * as core from '@actions/core'
|
||||||
|
import * as fs from 'fs'
|
||||||
|
import * as gitDirectoryHelper from '../lib/git-directory-helper'
|
||||||
|
import * as io from '@actions/io'
|
||||||
|
import * as path from 'path'
|
||||||
|
import {IGitCommandManager} from '../lib/git-command-manager'
|
||||||
|
|
||||||
|
const testWorkspace = path.join(__dirname, '_temp', 'git-directory-helper')
|
||||||
|
let repositoryPath: string
|
||||||
|
let repositoryUrl: string
|
||||||
|
let clean: boolean
|
||||||
|
let ref: string
|
||||||
|
let git: IGitCommandManager
|
||||||
|
|
||||||
|
describe('git-directory-helper tests', () => {
|
||||||
|
beforeAll(async () => {
|
||||||
|
// Clear test workspace
|
||||||
|
await io.rmRF(testWorkspace)
|
||||||
|
})
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
// Mock error/warning/info/debug
|
||||||
|
jest.spyOn(core, 'error').mockImplementation(jest.fn())
|
||||||
|
jest.spyOn(core, 'warning').mockImplementation(jest.fn())
|
||||||
|
jest.spyOn(core, 'info').mockImplementation(jest.fn())
|
||||||
|
jest.spyOn(core, 'debug').mockImplementation(jest.fn())
|
||||||
|
})
|
||||||
|
|
||||||
|
afterEach(() => {
|
||||||
|
// Unregister mocks
|
||||||
|
jest.restoreAllMocks()
|
||||||
|
})
|
||||||
|
|
||||||
|
const cleansWhenCleanTrue = 'cleans when clean true'
|
||||||
|
it(cleansWhenCleanTrue, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(cleansWhenCleanTrue)
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files.sort()).toEqual(['.git', 'my-file'])
|
||||||
|
expect(git.tryClean).toHaveBeenCalled()
|
||||||
|
expect(git.tryReset).toHaveBeenCalled()
|
||||||
|
expect(core.warning).not.toHaveBeenCalled()
|
||||||
|
})
|
||||||
|
|
||||||
|
const checkoutDetachWhenNotDetached = 'checkout detach when not detached'
|
||||||
|
it(checkoutDetachWhenNotDetached, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(checkoutDetachWhenNotDetached)
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files.sort()).toEqual(['.git', 'my-file'])
|
||||||
|
expect(git.checkoutDetach).toHaveBeenCalled()
|
||||||
|
})
|
||||||
|
|
||||||
|
const doesNotCheckoutDetachWhenNotAlreadyDetached =
|
||||||
|
'does not checkout detach when already detached'
|
||||||
|
it(doesNotCheckoutDetachWhenNotAlreadyDetached, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(doesNotCheckoutDetachWhenNotAlreadyDetached)
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
const mockIsDetached = git.isDetached as jest.Mock<any, any>
|
||||||
|
mockIsDetached.mockImplementation(async () => {
|
||||||
|
return true
|
||||||
|
})
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files.sort()).toEqual(['.git', 'my-file'])
|
||||||
|
expect(git.checkoutDetach).not.toHaveBeenCalled()
|
||||||
|
})
|
||||||
|
|
||||||
|
const doesNotCleanWhenCleanFalse = 'does not clean when clean false'
|
||||||
|
it(doesNotCleanWhenCleanFalse, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(doesNotCleanWhenCleanFalse)
|
||||||
|
clean = false
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files.sort()).toEqual(['.git', 'my-file'])
|
||||||
|
expect(git.isDetached).toHaveBeenCalled()
|
||||||
|
expect(git.branchList).toHaveBeenCalled()
|
||||||
|
expect(core.warning).not.toHaveBeenCalled()
|
||||||
|
expect(git.tryClean).not.toHaveBeenCalled()
|
||||||
|
expect(git.tryReset).not.toHaveBeenCalled()
|
||||||
|
})
|
||||||
|
|
||||||
|
const removesContentsWhenCleanFails = 'removes contents when clean fails'
|
||||||
|
it(removesContentsWhenCleanFails, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(removesContentsWhenCleanFails)
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
let mockTryClean = git.tryClean as jest.Mock<any, any>
|
||||||
|
mockTryClean.mockImplementation(async () => {
|
||||||
|
return false
|
||||||
|
})
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files).toHaveLength(0)
|
||||||
|
expect(git.tryClean).toHaveBeenCalled()
|
||||||
|
expect(core.warning).toHaveBeenCalled()
|
||||||
|
expect(git.tryReset).not.toHaveBeenCalled()
|
||||||
|
})
|
||||||
|
|
||||||
|
const removesContentsWhenDifferentRepositoryUrl =
|
||||||
|
'removes contents when different repository url'
|
||||||
|
it(removesContentsWhenDifferentRepositoryUrl, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(removesContentsWhenDifferentRepositoryUrl)
|
||||||
|
clean = false
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
const differentRepositoryUrl =
|
||||||
|
'https://github.com/my-different-org/my-different-repo'
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
differentRepositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files).toHaveLength(0)
|
||||||
|
expect(core.warning).not.toHaveBeenCalled()
|
||||||
|
expect(git.isDetached).not.toHaveBeenCalled()
|
||||||
|
})
|
||||||
|
|
||||||
|
const removesContentsWhenNoGitDirectory =
|
||||||
|
'removes contents when no git directory'
|
||||||
|
it(removesContentsWhenNoGitDirectory, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(removesContentsWhenNoGitDirectory)
|
||||||
|
clean = false
|
||||||
|
await io.rmRF(path.join(repositoryPath, '.git'))
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files).toHaveLength(0)
|
||||||
|
expect(core.warning).not.toHaveBeenCalled()
|
||||||
|
expect(git.isDetached).not.toHaveBeenCalled()
|
||||||
|
})
|
||||||
|
|
||||||
|
const removesContentsWhenResetFails = 'removes contents when reset fails'
|
||||||
|
it(removesContentsWhenResetFails, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(removesContentsWhenResetFails)
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
let mockTryReset = git.tryReset as jest.Mock<any, any>
|
||||||
|
mockTryReset.mockImplementation(async () => {
|
||||||
|
return false
|
||||||
|
})
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files).toHaveLength(0)
|
||||||
|
expect(git.tryClean).toHaveBeenCalled()
|
||||||
|
expect(git.tryReset).toHaveBeenCalled()
|
||||||
|
expect(core.warning).toHaveBeenCalled()
|
||||||
|
})
|
||||||
|
|
||||||
|
const removesContentsWhenUndefinedGitCommandManager =
|
||||||
|
'removes contents when undefined git command manager'
|
||||||
|
it(removesContentsWhenUndefinedGitCommandManager, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(removesContentsWhenUndefinedGitCommandManager)
|
||||||
|
clean = false
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
undefined,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files).toHaveLength(0)
|
||||||
|
expect(core.warning).not.toHaveBeenCalled()
|
||||||
|
})
|
||||||
|
|
||||||
|
const removesLocalBranches = 'removes local branches'
|
||||||
|
it(removesLocalBranches, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(removesLocalBranches)
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
const mockBranchList = git.branchList as jest.Mock<any, any>
|
||||||
|
mockBranchList.mockImplementation(async (remote: boolean) => {
|
||||||
|
return remote ? [] : ['local-branch-1', 'local-branch-2']
|
||||||
|
})
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files.sort()).toEqual(['.git', 'my-file'])
|
||||||
|
expect(git.branchDelete).toHaveBeenCalledWith(false, 'local-branch-1')
|
||||||
|
expect(git.branchDelete).toHaveBeenCalledWith(false, 'local-branch-2')
|
||||||
|
})
|
||||||
|
|
||||||
|
const removesLockFiles = 'removes lock files'
|
||||||
|
it(removesLockFiles, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(removesLockFiles)
|
||||||
|
clean = false
|
||||||
|
await fs.promises.writeFile(
|
||||||
|
path.join(repositoryPath, '.git', 'index.lock'),
|
||||||
|
''
|
||||||
|
)
|
||||||
|
await fs.promises.writeFile(
|
||||||
|
path.join(repositoryPath, '.git', 'shallow.lock'),
|
||||||
|
''
|
||||||
|
)
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
let files = await fs.promises.readdir(path.join(repositoryPath, '.git'))
|
||||||
|
expect(files).toHaveLength(0)
|
||||||
|
files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files.sort()).toEqual(['.git', 'my-file'])
|
||||||
|
expect(git.isDetached).toHaveBeenCalled()
|
||||||
|
expect(git.branchList).toHaveBeenCalled()
|
||||||
|
expect(core.warning).not.toHaveBeenCalled()
|
||||||
|
expect(git.tryClean).not.toHaveBeenCalled()
|
||||||
|
expect(git.tryReset).not.toHaveBeenCalled()
|
||||||
|
})
|
||||||
|
|
||||||
|
const removesAncestorRemoteBranch = 'removes ancestor remote branch'
|
||||||
|
it(removesAncestorRemoteBranch, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(removesAncestorRemoteBranch)
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
const mockBranchList = git.branchList as jest.Mock<any, any>
|
||||||
|
mockBranchList.mockImplementation(async (remote: boolean) => {
|
||||||
|
return remote ? ['origin/remote-branch-1', 'origin/remote-branch-2'] : []
|
||||||
|
})
|
||||||
|
ref = 'remote-branch-1/conflict'
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files.sort()).toEqual(['.git', 'my-file'])
|
||||||
|
expect(git.branchDelete).toHaveBeenCalledTimes(1)
|
||||||
|
expect(git.branchDelete).toHaveBeenCalledWith(
|
||||||
|
true,
|
||||||
|
'origin/remote-branch-1'
|
||||||
|
)
|
||||||
|
})
|
||||||
|
|
||||||
|
const removesDescendantRemoteBranches = 'removes descendant remote branch'
|
||||||
|
it(removesDescendantRemoteBranches, async () => {
|
||||||
|
// Arrange
|
||||||
|
await setup(removesDescendantRemoteBranches)
|
||||||
|
await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '')
|
||||||
|
const mockBranchList = git.branchList as jest.Mock<any, any>
|
||||||
|
mockBranchList.mockImplementation(async (remote: boolean) => {
|
||||||
|
return remote
|
||||||
|
? ['origin/remote-branch-1/conflict', 'origin/remote-branch-2']
|
||||||
|
: []
|
||||||
|
})
|
||||||
|
ref = 'remote-branch-1'
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
clean,
|
||||||
|
ref
|
||||||
|
)
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
const files = await fs.promises.readdir(repositoryPath)
|
||||||
|
expect(files.sort()).toEqual(['.git', 'my-file'])
|
||||||
|
expect(git.branchDelete).toHaveBeenCalledTimes(1)
|
||||||
|
expect(git.branchDelete).toHaveBeenCalledWith(
|
||||||
|
true,
|
||||||
|
'origin/remote-branch-1/conflict'
|
||||||
|
)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
async function setup(testName: string): Promise<void> {
|
||||||
|
testName = testName.replace(/[^a-zA-Z0-9_]+/g, '-')
|
||||||
|
|
||||||
|
// Repository directory
|
||||||
|
repositoryPath = path.join(testWorkspace, testName)
|
||||||
|
await fs.promises.mkdir(path.join(repositoryPath, '.git'), {recursive: true})
|
||||||
|
|
||||||
|
// Repository URL
|
||||||
|
repositoryUrl = 'https://github.com/my-org/my-repo'
|
||||||
|
|
||||||
|
// Clean
|
||||||
|
clean = true
|
||||||
|
|
||||||
|
// Ref
|
||||||
|
ref = ''
|
||||||
|
|
||||||
|
// Git command manager
|
||||||
|
git = {
|
||||||
|
branchDelete: jest.fn(),
|
||||||
|
branchExists: jest.fn(),
|
||||||
|
branchList: jest.fn(async () => {
|
||||||
|
return []
|
||||||
|
}),
|
||||||
|
checkout: jest.fn(),
|
||||||
|
checkoutDetach: jest.fn(),
|
||||||
|
config: jest.fn(),
|
||||||
|
configExists: jest.fn(),
|
||||||
|
fetch: jest.fn(),
|
||||||
|
getDefaultBranch: jest.fn(),
|
||||||
|
getWorkingDirectory: jest.fn(() => repositoryPath),
|
||||||
|
init: jest.fn(),
|
||||||
|
isDetached: jest.fn(),
|
||||||
|
lfsFetch: jest.fn(),
|
||||||
|
lfsInstall: jest.fn(),
|
||||||
|
log1: jest.fn(),
|
||||||
|
remoteAdd: jest.fn(),
|
||||||
|
removeEnvironmentVariable: jest.fn(),
|
||||||
|
revParse: jest.fn(),
|
||||||
|
setEnvironmentVariable: jest.fn(),
|
||||||
|
shaExists: jest.fn(),
|
||||||
|
submoduleForeach: jest.fn(),
|
||||||
|
submoduleSync: jest.fn(),
|
||||||
|
submoduleUpdate: jest.fn(),
|
||||||
|
tagExists: jest.fn(),
|
||||||
|
tryClean: jest.fn(async () => {
|
||||||
|
return true
|
||||||
|
}),
|
||||||
|
tryConfigUnset: jest.fn(),
|
||||||
|
tryDisableAutomaticGarbageCollection: jest.fn(),
|
||||||
|
tryGetFetchUrl: jest.fn(async () => {
|
||||||
|
// Sanity check - this function shouldn't be called when the .git directory doesn't exist
|
||||||
|
await fs.promises.stat(path.join(repositoryPath, '.git'))
|
||||||
|
return repositoryUrl
|
||||||
|
}),
|
||||||
|
tryReset: jest.fn(async () => {
|
||||||
|
return true
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,47 +1,50 @@
|
||||||
import * as assert from 'assert'
|
import * as assert from 'assert'
|
||||||
|
import * as core from '@actions/core'
|
||||||
|
import * as fsHelper from '../lib/fs-helper'
|
||||||
|
import * as github from '@actions/github'
|
||||||
|
import * as inputHelper from '../lib/input-helper'
|
||||||
import * as path from 'path'
|
import * as path from 'path'
|
||||||
import {ISourceSettings} from '../lib/git-source-provider'
|
import {IGitSourceSettings} from '../lib/git-source-settings'
|
||||||
|
|
||||||
const originalGitHubWorkspace = process.env['GITHUB_WORKSPACE']
|
const originalGitHubWorkspace = process.env['GITHUB_WORKSPACE']
|
||||||
const gitHubWorkspace = path.resolve('/checkout-tests/workspace')
|
const gitHubWorkspace = path.resolve('/checkout-tests/workspace')
|
||||||
|
|
||||||
// Late bind
|
// Inputs for mock @actions/core
|
||||||
let inputHelper: any
|
|
||||||
|
|
||||||
// Mock @actions/core
|
|
||||||
let inputs = {} as any
|
let inputs = {} as any
|
||||||
const mockCore = jest.genMockFromModule('@actions/core') as any
|
|
||||||
mockCore.getInput = (name: string) => {
|
|
||||||
return inputs[name]
|
|
||||||
}
|
|
||||||
|
|
||||||
// Mock @actions/github
|
// Shallow clone original @actions/github context
|
||||||
const mockGitHub = jest.genMockFromModule('@actions/github') as any
|
let originalContext = {...github.context}
|
||||||
mockGitHub.context = {
|
|
||||||
repo: {
|
|
||||||
owner: 'some-owner',
|
|
||||||
repo: 'some-repo'
|
|
||||||
},
|
|
||||||
ref: 'refs/heads/some-ref',
|
|
||||||
sha: '1234567890123456789012345678901234567890'
|
|
||||||
}
|
|
||||||
|
|
||||||
// Mock ./fs-helper
|
|
||||||
const mockFSHelper = jest.genMockFromModule('../lib/fs-helper') as any
|
|
||||||
mockFSHelper.directoryExistsSync = (path: string) => path == gitHubWorkspace
|
|
||||||
|
|
||||||
describe('input-helper tests', () => {
|
describe('input-helper tests', () => {
|
||||||
beforeAll(() => {
|
beforeAll(() => {
|
||||||
|
// Mock getInput
|
||||||
|
jest.spyOn(core, 'getInput').mockImplementation((name: string) => {
|
||||||
|
return inputs[name]
|
||||||
|
})
|
||||||
|
|
||||||
|
// Mock error/warning/info/debug
|
||||||
|
jest.spyOn(core, 'error').mockImplementation(jest.fn())
|
||||||
|
jest.spyOn(core, 'warning').mockImplementation(jest.fn())
|
||||||
|
jest.spyOn(core, 'info').mockImplementation(jest.fn())
|
||||||
|
jest.spyOn(core, 'debug').mockImplementation(jest.fn())
|
||||||
|
|
||||||
|
// Mock github context
|
||||||
|
jest.spyOn(github.context, 'repo', 'get').mockImplementation(() => {
|
||||||
|
return {
|
||||||
|
owner: 'some-owner',
|
||||||
|
repo: 'some-repo'
|
||||||
|
}
|
||||||
|
})
|
||||||
|
github.context.ref = 'refs/heads/some-ref'
|
||||||
|
github.context.sha = '1234567890123456789012345678901234567890'
|
||||||
|
|
||||||
|
// Mock ./fs-helper directoryExistsSync()
|
||||||
|
jest
|
||||||
|
.spyOn(fsHelper, 'directoryExistsSync')
|
||||||
|
.mockImplementation((path: string) => path == gitHubWorkspace)
|
||||||
|
|
||||||
// GitHub workspace
|
// GitHub workspace
|
||||||
process.env['GITHUB_WORKSPACE'] = gitHubWorkspace
|
process.env['GITHUB_WORKSPACE'] = gitHubWorkspace
|
||||||
|
|
||||||
// Mocks
|
|
||||||
jest.setMock('@actions/core', mockCore)
|
|
||||||
jest.setMock('@actions/github', mockGitHub)
|
|
||||||
jest.setMock('../lib/fs-helper', mockFSHelper)
|
|
||||||
|
|
||||||
// Now import
|
|
||||||
inputHelper = require('../lib/input-helper')
|
|
||||||
})
|
})
|
||||||
|
|
||||||
beforeEach(() => {
|
beforeEach(() => {
|
||||||
|
@ -50,18 +53,22 @@ describe('input-helper tests', () => {
|
||||||
})
|
})
|
||||||
|
|
||||||
afterAll(() => {
|
afterAll(() => {
|
||||||
// Reset GitHub workspace
|
// Restore GitHub workspace
|
||||||
delete process.env['GITHUB_WORKSPACE']
|
delete process.env['GITHUB_WORKSPACE']
|
||||||
if (originalGitHubWorkspace) {
|
if (originalGitHubWorkspace) {
|
||||||
process.env['GITHUB_WORKSPACE'] = originalGitHubWorkspace
|
process.env['GITHUB_WORKSPACE'] = originalGitHubWorkspace
|
||||||
}
|
}
|
||||||
|
|
||||||
// Reset modules
|
// Restore @actions/github context
|
||||||
jest.resetModules()
|
github.context.ref = originalContext.ref
|
||||||
|
github.context.sha = originalContext.sha
|
||||||
|
|
||||||
|
// Restore
|
||||||
|
jest.restoreAllMocks()
|
||||||
})
|
})
|
||||||
|
|
||||||
it('sets defaults', () => {
|
it('sets defaults', () => {
|
||||||
const settings: ISourceSettings = inputHelper.getInputs()
|
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||||
expect(settings).toBeTruthy()
|
expect(settings).toBeTruthy()
|
||||||
expect(settings.authToken).toBeFalsy()
|
expect(settings.authToken).toBeFalsy()
|
||||||
expect(settings.clean).toBe(true)
|
expect(settings.clean).toBe(true)
|
||||||
|
@ -75,6 +82,19 @@ describe('input-helper tests', () => {
|
||||||
expect(settings.repositoryPath).toBe(gitHubWorkspace)
|
expect(settings.repositoryPath).toBe(gitHubWorkspace)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('qualifies ref', () => {
|
||||||
|
let originalRef = github.context.ref
|
||||||
|
try {
|
||||||
|
github.context.ref = 'some-unqualified-ref'
|
||||||
|
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||||
|
expect(settings).toBeTruthy()
|
||||||
|
expect(settings.commit).toBe('1234567890123456789012345678901234567890')
|
||||||
|
expect(settings.ref).toBe('refs/heads/some-unqualified-ref')
|
||||||
|
} finally {
|
||||||
|
github.context.ref = originalRef
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
it('requires qualified repo', () => {
|
it('requires qualified repo', () => {
|
||||||
inputs.repository = 'some-unqualified-repo'
|
inputs.repository = 'some-unqualified-repo'
|
||||||
assert.throws(() => {
|
assert.throws(() => {
|
||||||
|
@ -84,37 +104,23 @@ describe('input-helper tests', () => {
|
||||||
|
|
||||||
it('roots path', () => {
|
it('roots path', () => {
|
||||||
inputs.path = 'some-directory/some-subdirectory'
|
inputs.path = 'some-directory/some-subdirectory'
|
||||||
const settings: ISourceSettings = inputHelper.getInputs()
|
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||||
expect(settings.repositoryPath).toBe(
|
expect(settings.repositoryPath).toBe(
|
||||||
path.join(gitHubWorkspace, 'some-directory', 'some-subdirectory')
|
path.join(gitHubWorkspace, 'some-directory', 'some-subdirectory')
|
||||||
)
|
)
|
||||||
})
|
})
|
||||||
|
|
||||||
it('sets correct default ref/sha for other repo', () => {
|
|
||||||
inputs.repository = 'some-owner/some-other-repo'
|
|
||||||
const settings: ISourceSettings = inputHelper.getInputs()
|
|
||||||
expect(settings.ref).toBe('refs/heads/master')
|
|
||||||
expect(settings.commit).toBeFalsy()
|
|
||||||
})
|
|
||||||
|
|
||||||
it('sets ref to empty when explicit sha', () => {
|
it('sets ref to empty when explicit sha', () => {
|
||||||
inputs.ref = '1111111111222222222233333333334444444444'
|
inputs.ref = '1111111111222222222233333333334444444444'
|
||||||
const settings: ISourceSettings = inputHelper.getInputs()
|
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||||
expect(settings.ref).toBeFalsy()
|
expect(settings.ref).toBeFalsy()
|
||||||
expect(settings.commit).toBe('1111111111222222222233333333334444444444')
|
expect(settings.commit).toBe('1111111111222222222233333333334444444444')
|
||||||
})
|
})
|
||||||
|
|
||||||
it('sets sha to empty when explicit ref', () => {
|
it('sets sha to empty when explicit ref', () => {
|
||||||
inputs.ref = 'refs/heads/some-other-ref'
|
inputs.ref = 'refs/heads/some-other-ref'
|
||||||
const settings: ISourceSettings = inputHelper.getInputs()
|
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||||
expect(settings.ref).toBe('refs/heads/some-other-ref')
|
expect(settings.ref).toBe('refs/heads/some-other-ref')
|
||||||
expect(settings.commit).toBeFalsy()
|
expect(settings.commit).toBeFalsy()
|
||||||
})
|
})
|
||||||
|
|
||||||
it('gives good error message for submodules input', () => {
|
|
||||||
inputs.submodules = 'true'
|
|
||||||
assert.throws(() => {
|
|
||||||
inputHelper.getInputs()
|
|
||||||
}, /The input 'submodules' is not supported/)
|
|
||||||
})
|
|
||||||
})
|
})
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
|
||||||
|
mkdir override-git-version
|
||||||
|
cd override-git-version
|
||||||
|
echo @echo override git version 1.2.3 > git.cmd
|
||||||
|
echo ::add-path::%CD%
|
||||||
|
cd ..
|
|
@ -0,0 +1,9 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
mkdir override-git-version
|
||||||
|
cd override-git-version
|
||||||
|
echo "#!/bin/sh" > git
|
||||||
|
echo "echo override git version 1.2.3" >> git
|
||||||
|
chmod +x git
|
||||||
|
echo "::add-path::$(pwd)"
|
||||||
|
cd ..
|
|
@ -1,18 +1,17 @@
|
||||||
const mockCore = jest.genMockFromModule('@actions/core') as any
|
import * as core from '@actions/core'
|
||||||
mockCore.info = (message: string) => {
|
import {RetryHelper} from '../lib/retry-helper'
|
||||||
info.push(message)
|
|
||||||
}
|
|
||||||
let info: string[]
|
let info: string[]
|
||||||
let retryHelper: any
|
let retryHelper: any
|
||||||
|
|
||||||
describe('retry-helper tests', () => {
|
describe('retry-helper tests', () => {
|
||||||
beforeAll(() => {
|
beforeAll(() => {
|
||||||
// Mocks
|
// Mock @actions/core info()
|
||||||
jest.setMock('@actions/core', mockCore)
|
jest.spyOn(core, 'info').mockImplementation((message: string) => {
|
||||||
|
info.push(message)
|
||||||
|
})
|
||||||
|
|
||||||
// Now import
|
retryHelper = new RetryHelper(3, 0, 0)
|
||||||
const retryHelperModule = require('../lib/retry-helper')
|
|
||||||
retryHelper = new retryHelperModule.RetryHelper(3, 0, 0)
|
|
||||||
})
|
})
|
||||||
|
|
||||||
beforeEach(() => {
|
beforeEach(() => {
|
||||||
|
@ -21,8 +20,8 @@ describe('retry-helper tests', () => {
|
||||||
})
|
})
|
||||||
|
|
||||||
afterAll(() => {
|
afterAll(() => {
|
||||||
// Reset modules
|
// Restore
|
||||||
jest.resetModules()
|
jest.restoreAllMocks()
|
||||||
})
|
})
|
||||||
|
|
||||||
it('first attempt succeeds', async () => {
|
it('first attempt succeeds', async () => {
|
||||||
|
|
|
@ -12,6 +12,6 @@ if [[ "$(git status --porcelain)" != "" ]]; then
|
||||||
echo ----------------------------------------
|
echo ----------------------------------------
|
||||||
echo Troubleshooting
|
echo Troubleshooting
|
||||||
echo ----------------------------------------
|
echo ----------------------------------------
|
||||||
echo "::error::Unstaged changes detected. Locally try running: git clean -ffdx && npm ci && npm run all"
|
echo "::error::Unstaged changes detected. Locally try running: git clean -ffdx && npm ci && npm run format && npm run build"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ ! -f "./submodules-false/regular-file.txt" ]; then
|
||||||
|
echo "Expected regular file does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "./submodules-false/submodule-level-1/submodule-file.txt" ]; then
|
||||||
|
echo "Unexpected submodule file exists"
|
||||||
|
exit 1
|
||||||
|
fi
|
|
@ -1,11 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ ! -f "./submodules-not-checked-out/regular-file.txt" ]; then
|
|
||||||
echo "Expected regular file does not exist"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "./submodules-not-checked-out/submodule-level-1/submodule-file.txt" ]; then
|
|
||||||
echo "Unexpected submodule file exists"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ ! -f "./submodules-recursive/regular-file.txt" ]; then
|
||||||
|
echo "Expected regular file does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "./submodules-recursive/submodule-level-1/submodule-file.txt" ]; then
|
||||||
|
echo "Expected submodule file does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "./submodules-recursive/submodule-level-1/submodule-level-2/nested-submodule-file.txt" ]; then
|
||||||
|
echo "Expected nested submodule file does not exists"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Testing persisted credential"
|
||||||
|
pushd ./submodules-recursive/submodule-level-1/submodule-level-2
|
||||||
|
git config --local --name-only --get-regexp http.+extraheader && git fetch
|
||||||
|
if [ "$?" != "0" ]; then
|
||||||
|
echo "Failed to validate persisted credential"
|
||||||
|
popd
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
popd
|
|
@ -0,0 +1,26 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ ! -f "./submodules-true/regular-file.txt" ]; then
|
||||||
|
echo "Expected regular file does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "./submodules-true/submodule-level-1/submodule-file.txt" ]; then
|
||||||
|
echo "Expected submodule file does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "./submodules-true/submodule-level-1/submodule-level-2/nested-submodule-file.txt" ]; then
|
||||||
|
echo "Unexpected nested submodule file exists"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Testing persisted credential"
|
||||||
|
pushd ./submodules-true/submodule-level-1
|
||||||
|
git config --local --name-only --get-regexp http.+extraheader && git fetch
|
||||||
|
if [ "$?" != "0" ]; then
|
||||||
|
echo "Failed to validate persisted credential"
|
||||||
|
popd
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
popd
|
52
action.yml
52
action.yml
|
@ -8,16 +8,45 @@ inputs:
|
||||||
description: >
|
description: >
|
||||||
The branch, tag or SHA to checkout. When checking out the repository that
|
The branch, tag or SHA to checkout. When checking out the repository that
|
||||||
triggered a workflow, this defaults to the reference or SHA for that
|
triggered a workflow, this defaults to the reference or SHA for that
|
||||||
event. Otherwise, defaults to `master`.
|
event. Otherwise, uses the default branch.
|
||||||
token:
|
token:
|
||||||
description: >
|
description: >
|
||||||
Auth token used to fetch the repository. The token is stored in the local
|
Personal access token (PAT) used to fetch the repository. The PAT is configured
|
||||||
git config, which enables your scripts to run authenticated git commands.
|
with the local git config, which enables your scripts to run authenticated git
|
||||||
The post-job step removes the token from the git config. [Learn more about
|
commands. The post-job step removes the PAT.
|
||||||
creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
|
||||||
|
|
||||||
|
We recommend using a service account with the least permissions necessary.
|
||||||
|
Also when generating a new PAT, select the least scopes necessary.
|
||||||
|
|
||||||
|
|
||||||
|
[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
||||||
default: ${{ github.token }}
|
default: ${{ github.token }}
|
||||||
|
ssh-key:
|
||||||
|
description: >
|
||||||
|
SSH key used to fetch the repository. The SSH key is configured with the local
|
||||||
|
git config, which enables your scripts to run authenticated git commands.
|
||||||
|
The post-job step removes the SSH key.
|
||||||
|
|
||||||
|
|
||||||
|
We recommend using a service account with the least permissions necessary.
|
||||||
|
|
||||||
|
|
||||||
|
[Learn more about creating and using
|
||||||
|
encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
||||||
|
ssh-known-hosts:
|
||||||
|
description: >
|
||||||
|
Known hosts in addition to the user and global host key database. The public
|
||||||
|
SSH keys for a host may be obtained using the utility `ssh-keyscan`. For example,
|
||||||
|
`ssh-keyscan github.com`. The public key for github.com is always implicitly added.
|
||||||
|
ssh-strict:
|
||||||
|
description: >
|
||||||
|
Whether to perform strict host key checking. When true, adds the options `StrictHostKeyChecking=yes`
|
||||||
|
and `CheckHostIP=no` to the SSH command line. Use the input `ssh-known-hosts` to
|
||||||
|
configure additional hosts.
|
||||||
|
default: true
|
||||||
persist-credentials:
|
persist-credentials:
|
||||||
description: 'Whether to persist the token in the git config'
|
description: 'Whether to configure the token or SSH key with the local git config'
|
||||||
default: true
|
default: true
|
||||||
path:
|
path:
|
||||||
description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
|
description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
|
||||||
|
@ -25,11 +54,20 @@ inputs:
|
||||||
description: 'Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching'
|
description: 'Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching'
|
||||||
default: true
|
default: true
|
||||||
fetch-depth:
|
fetch-depth:
|
||||||
description: 'Number of commits to fetch. 0 indicates all history.'
|
description: 'Number of commits to fetch. 0 indicates all history for all branches and tags.'
|
||||||
default: 1
|
default: 1
|
||||||
lfs:
|
lfs:
|
||||||
description: 'Whether to download Git-LFS files'
|
description: 'Whether to download Git-LFS files'
|
||||||
default: false
|
default: false
|
||||||
|
submodules:
|
||||||
|
description: >
|
||||||
|
Whether to checkout submodules: `true` to checkout submodules or `recursive` to
|
||||||
|
recursively checkout submodules.
|
||||||
|
|
||||||
|
|
||||||
|
When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
|
||||||
|
converted to HTTPS.
|
||||||
|
default: false
|
||||||
runs:
|
runs:
|
||||||
using: node12
|
using: node12
|
||||||
main: dist/index.js
|
main: dist/index.js
|
||||||
|
|
|
@ -0,0 +1,290 @@
|
||||||
|
# ADR 0153: Checkout v2
|
||||||
|
|
||||||
|
**Date**: 2019-10-21
|
||||||
|
|
||||||
|
**Status**: Accepted
|
||||||
|
|
||||||
|
## Context
|
||||||
|
|
||||||
|
This ADR details the behavior for `actions/checkout@v2`.
|
||||||
|
|
||||||
|
The new action will be written in typescript. We are moving away from runner-plugin actions.
|
||||||
|
|
||||||
|
We want to take this opportunity to make behavioral changes, from v1. This document is scoped to those differences.
|
||||||
|
|
||||||
|
## Decision
|
||||||
|
|
||||||
|
### Inputs
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
repository:
|
||||||
|
description: 'Repository name with owner. For example, actions/checkout'
|
||||||
|
default: ${{ github.repository }}
|
||||||
|
ref:
|
||||||
|
description: >
|
||||||
|
The branch, tag or SHA to checkout. When checking out the repository that
|
||||||
|
triggered a workflow, this defaults to the reference or SHA for that
|
||||||
|
event. Otherwise, defaults to `master`.
|
||||||
|
token:
|
||||||
|
description: >
|
||||||
|
Personal access token (PAT) used to fetch the repository. The PAT is configured
|
||||||
|
with the local git config, which enables your scripts to run authenticated git
|
||||||
|
commands. The post-job step removes the PAT.
|
||||||
|
|
||||||
|
|
||||||
|
We recommend using a service account with the least permissions necessary.
|
||||||
|
Also when generating a new PAT, select the least scopes necessary.
|
||||||
|
|
||||||
|
|
||||||
|
[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
||||||
|
default: ${{ github.token }}
|
||||||
|
ssh-key:
|
||||||
|
description: >
|
||||||
|
SSH key used to fetch the repository. The SSH key is configured with the local
|
||||||
|
git config, which enables your scripts to run authenticated git commands.
|
||||||
|
The post-job step removes the SSH key.
|
||||||
|
|
||||||
|
|
||||||
|
We recommend using a service account with the least permissions necessary.
|
||||||
|
|
||||||
|
|
||||||
|
[Learn more about creating and using
|
||||||
|
encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
||||||
|
ssh-known-hosts:
|
||||||
|
description: >
|
||||||
|
Known hosts in addition to the user and global host key database. The public
|
||||||
|
SSH keys for a host may be obtained using the utility `ssh-keyscan`. For example,
|
||||||
|
`ssh-keyscan github.com`. The public key for github.com is always implicitly added.
|
||||||
|
ssh-strict:
|
||||||
|
description: >
|
||||||
|
Whether to perform strict host key checking. When true, adds the options `StrictHostKeyChecking=yes`
|
||||||
|
and `CheckHostIP=no` to the SSH command line. Use the input `ssh-known-hosts` to
|
||||||
|
configure additional hosts.
|
||||||
|
default: true
|
||||||
|
persist-credentials:
|
||||||
|
description: 'Whether to configure the token or SSH key with the local git config'
|
||||||
|
default: true
|
||||||
|
path:
|
||||||
|
description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
|
||||||
|
clean:
|
||||||
|
description: 'Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching'
|
||||||
|
default: true
|
||||||
|
fetch-depth:
|
||||||
|
description: 'Number of commits to fetch. 0 indicates all history for all tags and branches.'
|
||||||
|
default: 1
|
||||||
|
lfs:
|
||||||
|
description: 'Whether to download Git-LFS files'
|
||||||
|
default: false
|
||||||
|
submodules:
|
||||||
|
description: >
|
||||||
|
Whether to checkout submodules: `true` to checkout submodules or `recursive` to
|
||||||
|
recursively checkout submodules.
|
||||||
|
|
||||||
|
|
||||||
|
When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
|
||||||
|
converted to HTTPS.
|
||||||
|
default: false
|
||||||
|
```
|
||||||
|
|
||||||
|
Note:
|
||||||
|
- SSH support is new
|
||||||
|
- `persist-credentials` is new
|
||||||
|
- `path` behavior is different (refer [below](#path) for details)
|
||||||
|
|
||||||
|
### Fallback to GitHub API
|
||||||
|
|
||||||
|
When a sufficient version of git is not in the PATH, fallback to the [web API](https://developer.github.com/v3/repos/contents/#get-archive-link) to download a tarball/zipball.
|
||||||
|
|
||||||
|
Note:
|
||||||
|
- LFS files are not included in the archive. Therefore fail if LFS is set to true.
|
||||||
|
- Submodules are also not included in the archive.
|
||||||
|
|
||||||
|
### Persist credentials
|
||||||
|
|
||||||
|
The credentials will be persisted on disk. This will allow users to script authenticated git commands, like `git fetch`.
|
||||||
|
|
||||||
|
A post script will remove the credentials (cleanup for self-hosted).
|
||||||
|
|
||||||
|
Users may opt-out by specifying `persist-credentials: false`
|
||||||
|
|
||||||
|
Note:
|
||||||
|
- Users scripting `git commit` may need to set the username and email. The service does not provide any reasonable default value. Users can add `git config user.name <NAME>` and `git config user.email <EMAIL>`. We will document this guidance.
|
||||||
|
|
||||||
|
#### PAT
|
||||||
|
|
||||||
|
When using the `${{github.token}}` or a PAT, the token will be persisted in the local git config. The config key `http.https://github.com/.extraheader` enables an auth header to be specified on all authenticated commands `AUTHORIZATION: basic <BASE64_U:P>`.
|
||||||
|
|
||||||
|
Note:
|
||||||
|
- The auth header is scoped to all of github `http.https://github.com/.extraheader`
|
||||||
|
- Additional public remotes also just work.
|
||||||
|
- If users want to authenticate to an additional private remote, they should provide the `token` input.
|
||||||
|
|
||||||
|
#### SSH key
|
||||||
|
|
||||||
|
The SSH key will be written to disk under the `$RUNNER_TEMP` directory. The SSH key will
|
||||||
|
be removed by the action's post-job hook. Additionally, RUNNER_TEMP is cleared by the
|
||||||
|
runner between jobs.
|
||||||
|
|
||||||
|
The SSH key must be written with strict file permissions. The SSH client requires the file
|
||||||
|
to be read/write for the user, and not accessible by others.
|
||||||
|
|
||||||
|
The user host key database (`~/.ssh/known_hosts`) will be copied to a unique file under
|
||||||
|
`$RUNNER_TEMP`. And values from the input `ssh-known-hosts` will be added to the file.
|
||||||
|
|
||||||
|
The SSH command will be overridden for the local git config:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
git config core.sshCommand 'ssh -i "$RUNNER_TEMP/path-to-ssh-key" -o StrictHostKeyChecking=yes -o CheckHostIP=no -o "UserKnownHostsFile=$RUNNER_TEMP/path-to-known-hosts"'
|
||||||
|
```
|
||||||
|
|
||||||
|
When the input `ssh-strict` is set to `false`, the options `CheckHostIP` and `StrictHostKeyChecking` will not be overridden.
|
||||||
|
|
||||||
|
Note:
|
||||||
|
- When `ssh-strict` is set to `true` (default), the SSH option `CheckHostIP` can safely be disabled.
|
||||||
|
Strict host checking verifies the server's public key. Therefore, IP verification is unnecessary
|
||||||
|
and noisy. For example:
|
||||||
|
> Warning: Permanently added the RSA host key for IP address '140.82.113.4' to the list of known hosts.
|
||||||
|
- Since GIT_SSH_COMMAND overrides core.sshCommand, temporarily set the env var when fetching the repo. When creds
|
||||||
|
are persisted, core.sshCommand is leveraged to avoid multiple checkout steps stomping over each other.
|
||||||
|
- Modify actions/runner to mount RUNNER_TEMP to enable scripting authenticated git commands from a container action.
|
||||||
|
- Refer [here](https://linux.die.net/man/5/ssh_config) for SSH config details.
|
||||||
|
|
||||||
|
### Fetch behavior
|
||||||
|
|
||||||
|
Fetch only the SHA being built and set depth=1. This significantly reduces the fetch time for large repos.
|
||||||
|
|
||||||
|
If a SHA isn't available (e.g. multi repo), then fetch only the specified ref with depth=1.
|
||||||
|
|
||||||
|
The input `fetch-depth` can be used to control the depth.
|
||||||
|
|
||||||
|
Note:
|
||||||
|
- Fetching a single commit is supported by Git wire protocol version 2. The git client uses protocol version 0 by default. The desired protocol version can be overridden in the git config or on the fetch command line invocation (`-c protocol.version=2`). We will override on the fetch command line, for transparency.
|
||||||
|
- Git client version 2.18+ (released June 2018) is required for wire protocol version 2.
|
||||||
|
|
||||||
|
### Checkout behavior
|
||||||
|
|
||||||
|
For CI, checkout will create a local ref with the upstream set. This allows users to script git as they normally would.
|
||||||
|
|
||||||
|
For PR, continue to checkout detached head. The PR branch is special - the branch and merge commit are created by the server. It doesn't match a users' local workflow.
|
||||||
|
|
||||||
|
Note:
|
||||||
|
- Consider deleting all local refs during cleanup if that helps avoid collisions. More testing required.
|
||||||
|
|
||||||
|
### Path
|
||||||
|
|
||||||
|
For the mainline scenario, the disk-layout behavior remains the same.
|
||||||
|
|
||||||
|
Remember, given the repo `johndoe/foo`, the mainline disk layout looks like:
|
||||||
|
|
||||||
|
```
|
||||||
|
GITHUB_WORKSPACE=/home/runner/work/foo/foo
|
||||||
|
RUNNER_WORKSPACE=/home/runner/work/foo
|
||||||
|
```
|
||||||
|
|
||||||
|
V2 introduces a new contraint on the checkout path. The location must now be under `github.workspace`. Whereas the checkout@v1 constraint was one level up, under `runner.workspace`.
|
||||||
|
|
||||||
|
V2 no longer changes `github.workspace` to follow wherever the self repo is checked-out.
|
||||||
|
|
||||||
|
These behavioral changes align better with container actions. The [documented filesystem contract](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/virtual-environments-for-github-hosted-runners#docker-container-filesystem) is:
|
||||||
|
|
||||||
|
- `/github/home`
|
||||||
|
- `/github/workspace` - Note: GitHub Actions must be run by the default Docker user (root). Ensure your Dockerfile does not set the USER instruction, otherwise you will not be able to access `GITHUB_WORKSPACE`.
|
||||||
|
- `/github/workflow`
|
||||||
|
|
||||||
|
Note:
|
||||||
|
- The tracking config will not be updated to reflect the path of the workflow repo.
|
||||||
|
- Any existing workflow repo will not be moved when the checkout path changes. In fact some customers want to checkout the workflow repo twice, side by side against different branches.
|
||||||
|
- Actions that need to operate only against the root of the self repo, should expose a `path` input.
|
||||||
|
|
||||||
|
#### Default value for `path` input
|
||||||
|
|
||||||
|
The `path` input will default to `./` which is rooted against `github.workspace`.
|
||||||
|
|
||||||
|
This default fits the mainline scenario well: single checkout
|
||||||
|
|
||||||
|
For multi-checkout, users must specify the `path` input for at least one of the repositories.
|
||||||
|
|
||||||
|
Note:
|
||||||
|
- An alternative is for the self repo to default to `./` and other repos default to `<REPO_NAME>`. However nested layout is an atypical git layout and therefore is not a good default. Users should supply the path info.
|
||||||
|
|
||||||
|
#### Example - Nested layout
|
||||||
|
|
||||||
|
The following example checks-out two repositories and creates a nested layout.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# Self repo - Checkout to $GITHUB_WORKSPACE
|
||||||
|
- uses: checkout@v2
|
||||||
|
|
||||||
|
# Other repo - Checkout to $GITHUB_WORKSPACE/myscripts
|
||||||
|
- uses: checkout@v2
|
||||||
|
with:
|
||||||
|
repository: myorg/myscripts
|
||||||
|
path: myscripts
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Example - Side by side layout
|
||||||
|
|
||||||
|
The following example checks-out two repositories and creates a side-by-side layout.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# Self repo - Checkout to $GITHUB_WORKSPACE/foo
|
||||||
|
- uses: checkout@v2
|
||||||
|
with:
|
||||||
|
path: foo
|
||||||
|
|
||||||
|
# Other repo - Checkout to $GITHUB_WORKSPACE/myscripts
|
||||||
|
- uses: checkout@v2
|
||||||
|
with:
|
||||||
|
repository: myorg/myscripts
|
||||||
|
path: myscripts
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Path impact to problem matchers
|
||||||
|
|
||||||
|
Problem matchers associate the source files with annotations.
|
||||||
|
|
||||||
|
Today the runner verifies the source file is under the `github.workspace`. Otherwise the source file property is dropped.
|
||||||
|
|
||||||
|
Multi-checkout complicates the matter. However even today submodules may cause this heuristic to be inaccurate.
|
||||||
|
|
||||||
|
A better solution is:
|
||||||
|
|
||||||
|
Given a source file path, walk up the directories until the first `.git/config` is found. Check if it matches the self repo (`url = https://github.com/OWNER/REPO`). If not, drop the source file path.
|
||||||
|
|
||||||
|
### Submodules
|
||||||
|
|
||||||
|
With both PAT and SSH key support, we should be able to provide frictionless support for
|
||||||
|
submodules scenarios: recursive, non-recursive, relative submodule paths.
|
||||||
|
|
||||||
|
When fetching submodules, follow the `fetch-depth` settings.
|
||||||
|
|
||||||
|
Also when fetching submodules, if the `ssh-key` input is not provided then convert SSH URLs to HTTPS: `-c url."https://github.com/".insteadOf "git@github.com:"`
|
||||||
|
|
||||||
|
Credentials will be persisted in the submodules local git config too.
|
||||||
|
|
||||||
|
### Port to typescript
|
||||||
|
|
||||||
|
The checkout action should be a typescript action on the GitHub graph, for the following reasons:
|
||||||
|
- Enables customers to fork the checkout repo and modify
|
||||||
|
- Serves as an example for customers
|
||||||
|
- Demystifies the checkout action manifest
|
||||||
|
- Simplifies the runner
|
||||||
|
- Reduce the amount of runner code to port (if we ever do)
|
||||||
|
|
||||||
|
Note:
|
||||||
|
- This means job-container images will need git in the PATH, for checkout.
|
||||||
|
|
||||||
|
### Branching strategy and release tags
|
||||||
|
|
||||||
|
- Create a servicing branch for V1: `releases/v1`
|
||||||
|
- Merge the changes into `master`
|
||||||
|
- Release using a new tag `preview`
|
||||||
|
- When stable, release using a new tag `v2`
|
||||||
|
|
||||||
|
## Consequences
|
||||||
|
|
||||||
|
- Update the checkout action and readme
|
||||||
|
- Update samples to consume `actions/checkout@v2`
|
||||||
|
- Job containers now require git in the PATH for checkout, otherwise fallback to REST API
|
||||||
|
- Minimum git version 2.18
|
||||||
|
- Update problem matcher logic regarding source file verification (runner)
|
File diff suppressed because one or more lines are too long
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "checkout",
|
"name": "checkout",
|
||||||
"version": "2.0.0",
|
"version": "2.0.2",
|
||||||
"lockfileVersion": 1,
|
"lockfileVersion": 1,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
|
@ -15,12 +15,28 @@
|
||||||
"integrity": "sha512-nvFkxwiicvpzNiCBF4wFBDfnBvi7xp/as7LE1hBxBxKG2L29+gkIPBiLKMVORL+Hg3JNf07AKRfl0V5djoypjQ=="
|
"integrity": "sha512-nvFkxwiicvpzNiCBF4wFBDfnBvi7xp/as7LE1hBxBxKG2L29+gkIPBiLKMVORL+Hg3JNf07AKRfl0V5djoypjQ=="
|
||||||
},
|
},
|
||||||
"@actions/github": {
|
"@actions/github": {
|
||||||
"version": "2.0.0",
|
"version": "2.2.0",
|
||||||
"resolved": "https://registry.npmjs.org/@actions/github/-/github-2.0.0.tgz",
|
"resolved": "https://registry.npmjs.org/@actions/github/-/github-2.2.0.tgz",
|
||||||
"integrity": "sha512-sNpZ5dJyJyfJIO5lNYx8r/Gha4Tlm8R0MLO2cBkGdOnAAEn3t1M/MHVcoBhY/VPfjGVe5RNAUPz+6INrViiUPA==",
|
"integrity": "sha512-9UAZqn8ywdR70n3GwVle4N8ALosQs4z50N7XMXrSTUVOmVpaBC5kE3TRTT7qQdi3OaQV24mjGuJZsHUmhD+ZXw==",
|
||||||
"requires": {
|
"requires": {
|
||||||
|
"@actions/http-client": "^1.0.3",
|
||||||
"@octokit/graphql": "^4.3.1",
|
"@octokit/graphql": "^4.3.1",
|
||||||
"@octokit/rest": "^16.15.0"
|
"@octokit/rest": "^16.43.1"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"@actions/http-client": {
|
||||||
|
"version": "1.0.8",
|
||||||
|
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.8.tgz",
|
||||||
|
"integrity": "sha512-G4JjJ6f9Hb3Zvejj+ewLLKLf99ZC+9v+yCxoYf9vSyH+WkzPLB2LuUtRMGNkooMqdugGBFStIKXOuvH1W+EctA==",
|
||||||
|
"requires": {
|
||||||
|
"tunnel": "0.0.6"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"tunnel": {
|
||||||
|
"version": "0.0.6",
|
||||||
|
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
|
||||||
|
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"@actions/io": {
|
"@actions/io": {
|
||||||
|
@ -597,14 +613,32 @@
|
||||||
"@types/yargs": "^13.0.0"
|
"@types/yargs": "^13.0.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"@octokit/endpoint": {
|
"@octokit/auth-token": {
|
||||||
"version": "5.5.1",
|
"version": "2.4.0",
|
||||||
"resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-5.5.1.tgz",
|
"resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.4.0.tgz",
|
||||||
"integrity": "sha512-nBFhRUb5YzVTCX/iAK1MgQ4uWo89Gu0TH00qQHoYRCsE12dWcG1OiLd7v2EIo2+tpUKPMOQ62QFy9hy9Vg2ULg==",
|
"integrity": "sha512-eoOVMjILna7FVQf96iWc3+ZtE/ZT6y8ob8ZzcqKY1ibSQCnu4O/B7pJvzMx5cyZ/RjAff6DAdEb0O0Cjcxidkg==",
|
||||||
"requires": {
|
"requires": {
|
||||||
"@octokit/types": "^2.0.0",
|
"@octokit/types": "^2.0.0"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"@octokit/endpoint": {
|
||||||
|
"version": "6.0.1",
|
||||||
|
"resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.1.tgz",
|
||||||
|
"integrity": "sha512-pOPHaSz57SFT/m3R5P8MUu4wLPszokn5pXcB/pzavLTQf2jbU+6iayTvzaY6/BiotuRS0qyEUkx3QglT4U958A==",
|
||||||
|
"requires": {
|
||||||
|
"@octokit/types": "^2.11.1",
|
||||||
"is-plain-object": "^3.0.0",
|
"is-plain-object": "^3.0.0",
|
||||||
"universal-user-agent": "^4.0.0"
|
"universal-user-agent": "^5.0.0"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"universal-user-agent": {
|
||||||
|
"version": "5.0.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-5.0.0.tgz",
|
||||||
|
"integrity": "sha512-B5TPtzZleXyPrUMKCpEHFmVhMN6EhmJYjG5PQna9s7mXeSqGTLap4OpqLl5FCEFUI3UBmllkETwKf/db66Y54Q==",
|
||||||
|
"requires": {
|
||||||
|
"os-name": "^3.1.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"@octokit/graphql": {
|
"@octokit/graphql": {
|
||||||
|
@ -617,25 +651,57 @@
|
||||||
"universal-user-agent": "^4.0.0"
|
"universal-user-agent": "^4.0.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"@octokit/request": {
|
"@octokit/plugin-paginate-rest": {
|
||||||
"version": "5.3.1",
|
"version": "1.1.2",
|
||||||
"resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.3.1.tgz",
|
"resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-1.1.2.tgz",
|
||||||
"integrity": "sha512-5/X0AL1ZgoU32fAepTfEoggFinO3rxsMLtzhlUX+RctLrusn/CApJuGFCd0v7GMFhF+8UiCsTTfsu7Fh1HnEJg==",
|
"integrity": "sha512-jbsSoi5Q1pj63sC16XIUboklNw+8tL9VOnJsWycWYR78TKss5PVpIPb1TUUcMQ+bBh7cY579cVAWmf5qG+dw+Q==",
|
||||||
"requires": {
|
"requires": {
|
||||||
"@octokit/endpoint": "^5.5.0",
|
"@octokit/types": "^2.0.1"
|
||||||
"@octokit/request-error": "^1.0.1",
|
}
|
||||||
"@octokit/types": "^2.0.0",
|
},
|
||||||
|
"@octokit/plugin-request-log": {
|
||||||
|
"version": "1.0.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/@octokit/plugin-request-log/-/plugin-request-log-1.0.0.tgz",
|
||||||
|
"integrity": "sha512-ywoxP68aOT3zHCLgWZgwUJatiENeHE7xJzYjfz8WI0goynp96wETBF+d95b8g/uL4QmS6owPVlaxiz3wyMAzcw=="
|
||||||
|
},
|
||||||
|
"@octokit/plugin-rest-endpoint-methods": {
|
||||||
|
"version": "2.4.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-2.4.0.tgz",
|
||||||
|
"integrity": "sha512-EZi/AWhtkdfAYi01obpX0DF7U6b1VRr30QNQ5xSFPITMdLSfhcBqjamE3F+sKcxPbD7eZuMHu3Qkk2V+JGxBDQ==",
|
||||||
|
"requires": {
|
||||||
|
"@octokit/types": "^2.0.1",
|
||||||
|
"deprecation": "^2.3.1"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"@octokit/request": {
|
||||||
|
"version": "5.4.2",
|
||||||
|
"resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.4.2.tgz",
|
||||||
|
"integrity": "sha512-zKdnGuQ2TQ2vFk9VU8awFT4+EYf92Z/v3OlzRaSh4RIP0H6cvW1BFPXq4XYvNez+TPQjqN+0uSkCYnMFFhcFrw==",
|
||||||
|
"requires": {
|
||||||
|
"@octokit/endpoint": "^6.0.1",
|
||||||
|
"@octokit/request-error": "^2.0.0",
|
||||||
|
"@octokit/types": "^2.11.1",
|
||||||
"deprecation": "^2.0.0",
|
"deprecation": "^2.0.0",
|
||||||
"is-plain-object": "^3.0.0",
|
"is-plain-object": "^3.0.0",
|
||||||
"node-fetch": "^2.3.0",
|
"node-fetch": "^2.3.0",
|
||||||
"once": "^1.4.0",
|
"once": "^1.4.0",
|
||||||
"universal-user-agent": "^4.0.0"
|
"universal-user-agent": "^5.0.0"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"universal-user-agent": {
|
||||||
|
"version": "5.0.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-5.0.0.tgz",
|
||||||
|
"integrity": "sha512-B5TPtzZleXyPrUMKCpEHFmVhMN6EhmJYjG5PQna9s7mXeSqGTLap4OpqLl5FCEFUI3UBmllkETwKf/db66Y54Q==",
|
||||||
|
"requires": {
|
||||||
|
"os-name": "^3.1.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"@octokit/request-error": {
|
"@octokit/request-error": {
|
||||||
"version": "1.2.0",
|
"version": "2.0.0",
|
||||||
"resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-1.2.0.tgz",
|
"resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.0.0.tgz",
|
||||||
"integrity": "sha512-DNBhROBYjjV/I9n7A8kVkmQNkqFAMem90dSxqvPq57e2hBr7mNTX98y3R2zDpqMQHVRpBDjsvsfIGgBzy+4PAg==",
|
"integrity": "sha512-rtYicB4Absc60rUv74Rjpzek84UbVHGHJRu4fNVlZ1mCcyUPPuzFfG9Rn6sjHrd95DEsmjSt1Axlc699ZlbDkw==",
|
||||||
"requires": {
|
"requires": {
|
||||||
"@octokit/types": "^2.0.0",
|
"@octokit/types": "^2.0.0",
|
||||||
"deprecation": "^2.0.0",
|
"deprecation": "^2.0.0",
|
||||||
|
@ -643,10 +709,14 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"@octokit/rest": {
|
"@octokit/rest": {
|
||||||
"version": "16.35.0",
|
"version": "16.43.1",
|
||||||
"resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-16.35.0.tgz",
|
"resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-16.43.1.tgz",
|
||||||
"integrity": "sha512-9ShFqYWo0CLoGYhA1FdtdykJuMzS/9H6vSbbQWDX4pWr4p9v+15MsH/wpd/3fIU+tSxylaNO48+PIHqOkBRx3w==",
|
"integrity": "sha512-gfFKwRT/wFxq5qlNjnW2dh+qh74XgTQ2B179UX5K1HYCluioWj8Ndbgqw2PVqa1NnVJkGHp2ovMpVn/DImlmkw==",
|
||||||
"requires": {
|
"requires": {
|
||||||
|
"@octokit/auth-token": "^2.4.0",
|
||||||
|
"@octokit/plugin-paginate-rest": "^1.1.1",
|
||||||
|
"@octokit/plugin-request-log": "^1.0.0",
|
||||||
|
"@octokit/plugin-rest-endpoint-methods": "2.4.0",
|
||||||
"@octokit/request": "^5.2.0",
|
"@octokit/request": "^5.2.0",
|
||||||
"@octokit/request-error": "^1.0.2",
|
"@octokit/request-error": "^1.0.2",
|
||||||
"atob-lite": "^2.0.0",
|
"atob-lite": "^2.0.0",
|
||||||
|
@ -659,12 +729,24 @@
|
||||||
"octokit-pagination-methods": "^1.1.0",
|
"octokit-pagination-methods": "^1.1.0",
|
||||||
"once": "^1.4.0",
|
"once": "^1.4.0",
|
||||||
"universal-user-agent": "^4.0.0"
|
"universal-user-agent": "^4.0.0"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"@octokit/request-error": {
|
||||||
|
"version": "1.2.1",
|
||||||
|
"resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-1.2.1.tgz",
|
||||||
|
"integrity": "sha512-+6yDyk1EES6WK+l3viRDElw96MvwfJxCt45GvmjDUKWjYIb3PJZQkq3i46TwGwoPD4h8NmTrENmtyA1FwbmhRA==",
|
||||||
|
"requires": {
|
||||||
|
"@octokit/types": "^2.0.0",
|
||||||
|
"deprecation": "^2.0.0",
|
||||||
|
"once": "^1.4.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"@octokit/types": {
|
"@octokit/types": {
|
||||||
"version": "2.0.2",
|
"version": "2.14.0",
|
||||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-2.0.2.tgz",
|
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-2.14.0.tgz",
|
||||||
"integrity": "sha512-StASIL2lgT3TRjxv17z9pAqbnI7HGu9DrJlg3sEBFfCLaMEqp+O3IQPUF6EZtQ4xkAu2ml6kMBBCtGxjvmtmuQ==",
|
"integrity": "sha512-1w2wxpN45rEXPDFeB7rGain7wcJ/aTRg8bdILITVnS0O7a4zEGELa3JmIe+jeLdekQjvZRbVfNPqS+mi5fKCKQ==",
|
||||||
"requires": {
|
"requires": {
|
||||||
"@types/node": ">= 8"
|
"@types/node": ">= 8"
|
||||||
}
|
}
|
||||||
|
@ -6695,9 +6777,9 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"universal-user-agent": {
|
"universal-user-agent": {
|
||||||
"version": "4.0.0",
|
"version": "4.0.1",
|
||||||
"resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-4.0.0.tgz",
|
"resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-4.0.1.tgz",
|
||||||
"integrity": "sha512-eM8knLpev67iBDizr/YtqkJsF3GK8gzDc6st/WKzrTuPtcsOKW/0IdL4cnMBsU69pOx0otavLWBDGTwg+dB0aA==",
|
"integrity": "sha512-LnST3ebHwVL2aNe4mejI9IQh2HfZ1RLo8Io2HugSif8ekzD1TlWpHpColOB/eh8JHMLkGH3Akqf040I+4ylNxg==",
|
||||||
"requires": {
|
"requires": {
|
||||||
"os-name": "^3.1.0"
|
"os-name": "^3.1.0"
|
||||||
}
|
}
|
||||||
|
@ -6876,9 +6958,9 @@
|
||||||
"dev": true
|
"dev": true
|
||||||
},
|
},
|
||||||
"windows-release": {
|
"windows-release": {
|
||||||
"version": "3.2.0",
|
"version": "3.3.0",
|
||||||
"resolved": "https://registry.npmjs.org/windows-release/-/windows-release-3.2.0.tgz",
|
"resolved": "https://registry.npmjs.org/windows-release/-/windows-release-3.3.0.tgz",
|
||||||
"integrity": "sha512-QTlz2hKLrdqukrsapKsINzqMgOUpQW268eJ0OaOpJN32h272waxR9fkB9VoWRtK7uKHG5EHJcTXQBD8XZVJkFA==",
|
"integrity": "sha512-2HetyTg1Y+R+rUgrKeUEhAG/ZuOmTrI1NBb3ZyAGQMYmOJjBBPe4MTodghRkmLJZHwkuPi02anbeGP+Zf401LQ==",
|
||||||
"requires": {
|
"requires": {
|
||||||
"execa": "^1.0.0"
|
"execa": "^1.0.0"
|
||||||
}
|
}
|
||||||
|
|
15
package.json
15
package.json
|
@ -1,17 +1,14 @@
|
||||||
{
|
{
|
||||||
"name": "checkout",
|
"name": "checkout",
|
||||||
"version": "2.0.1",
|
"version": "2.0.2",
|
||||||
"description": "checkout action",
|
"description": "checkout action",
|
||||||
"main": "lib/main.js",
|
"main": "lib/main.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"build": "tsc",
|
"build": "tsc && ncc build && node lib/misc/generate-docs.js",
|
||||||
"format": "prettier --write **/*.ts",
|
"format": "prettier --write '**/*.ts'",
|
||||||
"format-check": "prettier --check **/*.ts",
|
"format-check": "prettier --check '**/*.ts'",
|
||||||
"lint": "eslint src/**/*.ts",
|
"lint": "eslint src/**/*.ts",
|
||||||
"pack": "ncc build",
|
"test": "jest"
|
||||||
"gendocs": "node lib/misc/generate-docs.js",
|
|
||||||
"test": "jest",
|
|
||||||
"all": "npm run build && npm run format && npm run lint && npm run pack && npm run gendocs && npm test"
|
|
||||||
},
|
},
|
||||||
"repository": {
|
"repository": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
|
@ -31,7 +28,7 @@
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@actions/core": "^1.1.3",
|
"@actions/core": "^1.1.3",
|
||||||
"@actions/exec": "^1.0.1",
|
"@actions/exec": "^1.0.1",
|
||||||
"@actions/github": "^2.0.0",
|
"@actions/github": "^2.2.0",
|
||||||
"@actions/io": "^1.0.1",
|
"@actions/io": "^1.0.1",
|
||||||
"@actions/tool-cache": "^1.1.2",
|
"@actions/tool-cache": "^1.1.2",
|
||||||
"uuid": "^3.3.3"
|
"uuid": "^3.3.3"
|
||||||
|
|
|
@ -0,0 +1,350 @@
|
||||||
|
import * as assert from 'assert'
|
||||||
|
import * as core from '@actions/core'
|
||||||
|
import * as exec from '@actions/exec'
|
||||||
|
import * as fs from 'fs'
|
||||||
|
import * as io from '@actions/io'
|
||||||
|
import * as os from 'os'
|
||||||
|
import * as path from 'path'
|
||||||
|
import * as regexpHelper from './regexp-helper'
|
||||||
|
import * as stateHelper from './state-helper'
|
||||||
|
import * as urlHelper from './url-helper'
|
||||||
|
import {default as uuid} from 'uuid/v4'
|
||||||
|
import {IGitCommandManager} from './git-command-manager'
|
||||||
|
import {IGitSourceSettings} from './git-source-settings'
|
||||||
|
|
||||||
|
const IS_WINDOWS = process.platform === 'win32'
|
||||||
|
const SSH_COMMAND_KEY = 'core.sshCommand'
|
||||||
|
|
||||||
|
export interface IGitAuthHelper {
|
||||||
|
configureAuth(): Promise<void>
|
||||||
|
configureGlobalAuth(): Promise<void>
|
||||||
|
configureSubmoduleAuth(): Promise<void>
|
||||||
|
removeAuth(): Promise<void>
|
||||||
|
removeGlobalAuth(): Promise<void>
|
||||||
|
}
|
||||||
|
|
||||||
|
export function createAuthHelper(
|
||||||
|
git: IGitCommandManager,
|
||||||
|
settings?: IGitSourceSettings
|
||||||
|
): IGitAuthHelper {
|
||||||
|
return new GitAuthHelper(git, settings)
|
||||||
|
}
|
||||||
|
|
||||||
|
class GitAuthHelper {
|
||||||
|
private readonly git: IGitCommandManager
|
||||||
|
private readonly settings: IGitSourceSettings
|
||||||
|
private readonly tokenConfigKey: string
|
||||||
|
private readonly tokenConfigValue: string
|
||||||
|
private readonly tokenPlaceholderConfigValue: string
|
||||||
|
private readonly insteadOfKey: string
|
||||||
|
private readonly insteadOfValue: string
|
||||||
|
private sshCommand = ''
|
||||||
|
private sshKeyPath = ''
|
||||||
|
private sshKnownHostsPath = ''
|
||||||
|
private temporaryHomePath = ''
|
||||||
|
|
||||||
|
constructor(
|
||||||
|
gitCommandManager: IGitCommandManager,
|
||||||
|
gitSourceSettings?: IGitSourceSettings
|
||||||
|
) {
|
||||||
|
this.git = gitCommandManager
|
||||||
|
this.settings = gitSourceSettings || (({} as unknown) as IGitSourceSettings)
|
||||||
|
|
||||||
|
// Token auth header
|
||||||
|
const serverUrl = urlHelper.getServerUrl()
|
||||||
|
this.tokenConfigKey = `http.${serverUrl.origin}/.extraheader` // "origin" is SCHEME://HOSTNAME[:PORT]
|
||||||
|
const basicCredential = Buffer.from(
|
||||||
|
`x-access-token:${this.settings.authToken}`,
|
||||||
|
'utf8'
|
||||||
|
).toString('base64')
|
||||||
|
core.setSecret(basicCredential)
|
||||||
|
this.tokenPlaceholderConfigValue = `AUTHORIZATION: basic ***`
|
||||||
|
this.tokenConfigValue = `AUTHORIZATION: basic ${basicCredential}`
|
||||||
|
|
||||||
|
// Instead of SSH URL
|
||||||
|
this.insteadOfKey = `url.${serverUrl.origin}/.insteadOf` // "origin" is SCHEME://HOSTNAME[:PORT]
|
||||||
|
this.insteadOfValue = `git@${serverUrl.hostname}:`
|
||||||
|
}
|
||||||
|
|
||||||
|
async configureAuth(): Promise<void> {
|
||||||
|
// Remove possible previous values
|
||||||
|
await this.removeAuth()
|
||||||
|
|
||||||
|
// Configure new values
|
||||||
|
await this.configureSsh()
|
||||||
|
await this.configureToken()
|
||||||
|
}
|
||||||
|
|
||||||
|
async configureGlobalAuth(): Promise<void> {
|
||||||
|
// Create a temp home directory
|
||||||
|
const runnerTemp = process.env['RUNNER_TEMP'] || ''
|
||||||
|
assert.ok(runnerTemp, 'RUNNER_TEMP is not defined')
|
||||||
|
const uniqueId = uuid()
|
||||||
|
this.temporaryHomePath = path.join(runnerTemp, uniqueId)
|
||||||
|
await fs.promises.mkdir(this.temporaryHomePath, {recursive: true})
|
||||||
|
|
||||||
|
// Copy the global git config
|
||||||
|
const gitConfigPath = path.join(
|
||||||
|
process.env['HOME'] || os.homedir(),
|
||||||
|
'.gitconfig'
|
||||||
|
)
|
||||||
|
const newGitConfigPath = path.join(this.temporaryHomePath, '.gitconfig')
|
||||||
|
let configExists = false
|
||||||
|
try {
|
||||||
|
await fs.promises.stat(gitConfigPath)
|
||||||
|
configExists = true
|
||||||
|
} catch (err) {
|
||||||
|
if (err.code !== 'ENOENT') {
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (configExists) {
|
||||||
|
core.info(`Copying '${gitConfigPath}' to '${newGitConfigPath}'`)
|
||||||
|
await io.cp(gitConfigPath, newGitConfigPath)
|
||||||
|
} else {
|
||||||
|
await fs.promises.writeFile(newGitConfigPath, '')
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
// Override HOME
|
||||||
|
core.info(
|
||||||
|
`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
|
||||||
|
)
|
||||||
|
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
|
||||||
|
|
||||||
|
// Configure the token
|
||||||
|
await this.configureToken(newGitConfigPath, true)
|
||||||
|
|
||||||
|
// Configure HTTPS instead of SSH
|
||||||
|
await this.git.tryConfigUnset(this.insteadOfKey, true)
|
||||||
|
if (!this.settings.sshKey) {
|
||||||
|
await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
|
||||||
|
}
|
||||||
|
} catch (err) {
|
||||||
|
// Unset in case somehow written to the real global config
|
||||||
|
core.info(
|
||||||
|
'Encountered an error when attempting to configure token. Attempting unconfigure.'
|
||||||
|
)
|
||||||
|
await this.git.tryConfigUnset(this.tokenConfigKey, true)
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async configureSubmoduleAuth(): Promise<void> {
|
||||||
|
// Remove possible previous HTTPS instead of SSH
|
||||||
|
await this.removeGitConfig(this.insteadOfKey, true)
|
||||||
|
|
||||||
|
if (this.settings.persistCredentials) {
|
||||||
|
// Configure a placeholder value. This approach avoids the credential being captured
|
||||||
|
// by process creation audit events, which are commonly logged. For more information,
|
||||||
|
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
||||||
|
const output = await this.git.submoduleForeach(
|
||||||
|
`git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
|
||||||
|
this.settings.nestedSubmodules
|
||||||
|
)
|
||||||
|
|
||||||
|
// Replace the placeholder
|
||||||
|
const configPaths: string[] =
|
||||||
|
output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []
|
||||||
|
for (const configPath of configPaths) {
|
||||||
|
core.debug(`Replacing token placeholder in '${configPath}'`)
|
||||||
|
this.replaceTokenPlaceholder(configPath)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.settings.sshKey) {
|
||||||
|
// Configure core.sshCommand
|
||||||
|
await this.git.submoduleForeach(
|
||||||
|
`git config --local '${SSH_COMMAND_KEY}' '${this.sshCommand}'`,
|
||||||
|
this.settings.nestedSubmodules
|
||||||
|
)
|
||||||
|
} else {
|
||||||
|
// Configure HTTPS instead of SSH
|
||||||
|
await this.git.submoduleForeach(
|
||||||
|
`git config --local '${this.insteadOfKey}' '${this.insteadOfValue}'`,
|
||||||
|
this.settings.nestedSubmodules
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async removeAuth(): Promise<void> {
|
||||||
|
await this.removeSsh()
|
||||||
|
await this.removeToken()
|
||||||
|
}
|
||||||
|
|
||||||
|
async removeGlobalAuth(): Promise<void> {
|
||||||
|
core.debug(`Unsetting HOME override`)
|
||||||
|
this.git.removeEnvironmentVariable('HOME')
|
||||||
|
await io.rmRF(this.temporaryHomePath)
|
||||||
|
}
|
||||||
|
|
||||||
|
private async configureSsh(): Promise<void> {
|
||||||
|
if (!this.settings.sshKey) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Write key
|
||||||
|
const runnerTemp = process.env['RUNNER_TEMP'] || ''
|
||||||
|
assert.ok(runnerTemp, 'RUNNER_TEMP is not defined')
|
||||||
|
const uniqueId = uuid()
|
||||||
|
this.sshKeyPath = path.join(runnerTemp, uniqueId)
|
||||||
|
stateHelper.setSshKeyPath(this.sshKeyPath)
|
||||||
|
await fs.promises.mkdir(runnerTemp, {recursive: true})
|
||||||
|
await fs.promises.writeFile(
|
||||||
|
this.sshKeyPath,
|
||||||
|
this.settings.sshKey.trim() + '\n',
|
||||||
|
{mode: 0o600}
|
||||||
|
)
|
||||||
|
|
||||||
|
// Remove inherited permissions on Windows
|
||||||
|
if (IS_WINDOWS) {
|
||||||
|
const icacls = await io.which('icacls.exe')
|
||||||
|
await exec.exec(
|
||||||
|
`"${icacls}" "${this.sshKeyPath}" /grant:r "${process.env['USERDOMAIN']}\\${process.env['USERNAME']}:F"`
|
||||||
|
)
|
||||||
|
await exec.exec(`"${icacls}" "${this.sshKeyPath}" /inheritance:r`)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Write known hosts
|
||||||
|
const userKnownHostsPath = path.join(os.homedir(), '.ssh', 'known_hosts')
|
||||||
|
let userKnownHosts = ''
|
||||||
|
try {
|
||||||
|
userKnownHosts = (
|
||||||
|
await fs.promises.readFile(userKnownHostsPath)
|
||||||
|
).toString()
|
||||||
|
} catch (err) {
|
||||||
|
if (err.code !== 'ENOENT') {
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let knownHosts = ''
|
||||||
|
if (userKnownHosts) {
|
||||||
|
knownHosts += `# Begin from ${userKnownHostsPath}\n${userKnownHosts}\n# End from ${userKnownHostsPath}\n`
|
||||||
|
}
|
||||||
|
if (this.settings.sshKnownHosts) {
|
||||||
|
knownHosts += `# Begin from input known hosts\n${this.settings.sshKnownHosts}\n# end from input known hosts\n`
|
||||||
|
}
|
||||||
|
knownHosts += `# Begin implicitly added github.com\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n# End implicitly added github.com\n`
|
||||||
|
this.sshKnownHostsPath = path.join(runnerTemp, `${uniqueId}_known_hosts`)
|
||||||
|
stateHelper.setSshKnownHostsPath(this.sshKnownHostsPath)
|
||||||
|
await fs.promises.writeFile(this.sshKnownHostsPath, knownHosts)
|
||||||
|
|
||||||
|
// Configure GIT_SSH_COMMAND
|
||||||
|
const sshPath = await io.which('ssh', true)
|
||||||
|
this.sshCommand = `"${sshPath}" -i "$RUNNER_TEMP/${path.basename(
|
||||||
|
this.sshKeyPath
|
||||||
|
)}"`
|
||||||
|
if (this.settings.sshStrict) {
|
||||||
|
this.sshCommand += ' -o StrictHostKeyChecking=yes -o CheckHostIP=no'
|
||||||
|
}
|
||||||
|
this.sshCommand += ` -o "UserKnownHostsFile=$RUNNER_TEMP/${path.basename(
|
||||||
|
this.sshKnownHostsPath
|
||||||
|
)}"`
|
||||||
|
core.info(`Temporarily overriding GIT_SSH_COMMAND=${this.sshCommand}`)
|
||||||
|
this.git.setEnvironmentVariable('GIT_SSH_COMMAND', this.sshCommand)
|
||||||
|
|
||||||
|
// Configure core.sshCommand
|
||||||
|
if (this.settings.persistCredentials) {
|
||||||
|
await this.git.config(SSH_COMMAND_KEY, this.sshCommand)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private async configureToken(
|
||||||
|
configPath?: string,
|
||||||
|
globalConfig?: boolean
|
||||||
|
): Promise<void> {
|
||||||
|
// Validate args
|
||||||
|
assert.ok(
|
||||||
|
(configPath && globalConfig) || (!configPath && !globalConfig),
|
||||||
|
'Unexpected configureToken parameter combinations'
|
||||||
|
)
|
||||||
|
|
||||||
|
// Default config path
|
||||||
|
if (!configPath && !globalConfig) {
|
||||||
|
configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config')
|
||||||
|
}
|
||||||
|
|
||||||
|
// Configure a placeholder value. This approach avoids the credential being captured
|
||||||
|
// by process creation audit events, which are commonly logged. For more information,
|
||||||
|
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
||||||
|
await this.git.config(
|
||||||
|
this.tokenConfigKey,
|
||||||
|
this.tokenPlaceholderConfigValue,
|
||||||
|
globalConfig
|
||||||
|
)
|
||||||
|
|
||||||
|
// Replace the placeholder
|
||||||
|
await this.replaceTokenPlaceholder(configPath || '')
|
||||||
|
}
|
||||||
|
|
||||||
|
private async replaceTokenPlaceholder(configPath: string): Promise<void> {
|
||||||
|
assert.ok(configPath, 'configPath is not defined')
|
||||||
|
let content = (await fs.promises.readFile(configPath)).toString()
|
||||||
|
const placeholderIndex = content.indexOf(this.tokenPlaceholderConfigValue)
|
||||||
|
if (
|
||||||
|
placeholderIndex < 0 ||
|
||||||
|
placeholderIndex != content.lastIndexOf(this.tokenPlaceholderConfigValue)
|
||||||
|
) {
|
||||||
|
throw new Error(`Unable to replace auth placeholder in ${configPath}`)
|
||||||
|
}
|
||||||
|
assert.ok(this.tokenConfigValue, 'tokenConfigValue is not defined')
|
||||||
|
content = content.replace(
|
||||||
|
this.tokenPlaceholderConfigValue,
|
||||||
|
this.tokenConfigValue
|
||||||
|
)
|
||||||
|
await fs.promises.writeFile(configPath, content)
|
||||||
|
}
|
||||||
|
|
||||||
|
private async removeSsh(): Promise<void> {
|
||||||
|
// SSH key
|
||||||
|
const keyPath = this.sshKeyPath || stateHelper.SshKeyPath
|
||||||
|
if (keyPath) {
|
||||||
|
try {
|
||||||
|
await io.rmRF(keyPath)
|
||||||
|
} catch (err) {
|
||||||
|
core.debug(err.message)
|
||||||
|
core.warning(`Failed to remove SSH key '${keyPath}'`)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// SSH known hosts
|
||||||
|
const knownHostsPath =
|
||||||
|
this.sshKnownHostsPath || stateHelper.SshKnownHostsPath
|
||||||
|
if (knownHostsPath) {
|
||||||
|
try {
|
||||||
|
await io.rmRF(knownHostsPath)
|
||||||
|
} catch {
|
||||||
|
// Intentionally empty
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// SSH command
|
||||||
|
await this.removeGitConfig(SSH_COMMAND_KEY)
|
||||||
|
}
|
||||||
|
|
||||||
|
private async removeToken(): Promise<void> {
|
||||||
|
// HTTP extra header
|
||||||
|
await this.removeGitConfig(this.tokenConfigKey)
|
||||||
|
}
|
||||||
|
|
||||||
|
private async removeGitConfig(
|
||||||
|
configKey: string,
|
||||||
|
submoduleOnly: boolean = false
|
||||||
|
): Promise<void> {
|
||||||
|
if (!submoduleOnly) {
|
||||||
|
if (
|
||||||
|
(await this.git.configExists(configKey)) &&
|
||||||
|
!(await this.git.tryConfigUnset(configKey))
|
||||||
|
) {
|
||||||
|
// Load the config contents
|
||||||
|
core.warning(`Failed to remove '${configKey}' from the git config`)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const pattern = regexpHelper.escape(configKey)
|
||||||
|
await this.git.submoduleForeach(
|
||||||
|
`git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`,
|
||||||
|
true
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
|
@ -3,6 +3,8 @@ import * as exec from '@actions/exec'
|
||||||
import * as fshelper from './fs-helper'
|
import * as fshelper from './fs-helper'
|
||||||
import * as io from '@actions/io'
|
import * as io from '@actions/io'
|
||||||
import * as path from 'path'
|
import * as path from 'path'
|
||||||
|
import * as refHelper from './ref-helper'
|
||||||
|
import * as regexpHelper from './regexp-helper'
|
||||||
import * as retryHelper from './retry-helper'
|
import * as retryHelper from './retry-helper'
|
||||||
import {GitVersion} from './git-version'
|
import {GitVersion} from './git-version'
|
||||||
|
|
||||||
|
@ -16,25 +18,37 @@ export interface IGitCommandManager {
|
||||||
branchList(remote: boolean): Promise<string[]>
|
branchList(remote: boolean): Promise<string[]>
|
||||||
checkout(ref: string, startPoint: string): Promise<void>
|
checkout(ref: string, startPoint: string): Promise<void>
|
||||||
checkoutDetach(): Promise<void>
|
checkoutDetach(): Promise<void>
|
||||||
config(configKey: string, configValue: string): Promise<void>
|
config(
|
||||||
configExists(configKey: string): Promise<boolean>
|
configKey: string,
|
||||||
fetch(fetchDepth: number, refSpec: string[]): Promise<void>
|
configValue: string,
|
||||||
|
globalConfig?: boolean
|
||||||
|
): Promise<void>
|
||||||
|
configExists(configKey: string, globalConfig?: boolean): Promise<boolean>
|
||||||
|
fetch(refSpec: string[], fetchDepth?: number): Promise<void>
|
||||||
|
getDefaultBranch(repositoryUrl: string): Promise<string>
|
||||||
getWorkingDirectory(): string
|
getWorkingDirectory(): string
|
||||||
init(): Promise<void>
|
init(): Promise<void>
|
||||||
isDetached(): Promise<boolean>
|
isDetached(): Promise<boolean>
|
||||||
lfsFetch(ref: string): Promise<void>
|
lfsFetch(ref: string): Promise<void>
|
||||||
lfsInstall(): Promise<void>
|
lfsInstall(): Promise<void>
|
||||||
log1(): Promise<void>
|
log1(): Promise<string>
|
||||||
remoteAdd(remoteName: string, remoteUrl: string): Promise<void>
|
remoteAdd(remoteName: string, remoteUrl: string): Promise<void>
|
||||||
|
removeEnvironmentVariable(name: string): void
|
||||||
|
revParse(ref: string): Promise<string>
|
||||||
|
setEnvironmentVariable(name: string, value: string): void
|
||||||
|
shaExists(sha: string): Promise<boolean>
|
||||||
|
submoduleForeach(command: string, recursive: boolean): Promise<string>
|
||||||
|
submoduleSync(recursive: boolean): Promise<void>
|
||||||
|
submoduleUpdate(fetchDepth: number, recursive: boolean): Promise<void>
|
||||||
tagExists(pattern: string): Promise<boolean>
|
tagExists(pattern: string): Promise<boolean>
|
||||||
tryClean(): Promise<boolean>
|
tryClean(): Promise<boolean>
|
||||||
tryConfigUnset(configKey: string): Promise<boolean>
|
tryConfigUnset(configKey: string, globalConfig?: boolean): Promise<boolean>
|
||||||
tryDisableAutomaticGarbageCollection(): Promise<boolean>
|
tryDisableAutomaticGarbageCollection(): Promise<boolean>
|
||||||
tryGetFetchUrl(): Promise<string>
|
tryGetFetchUrl(): Promise<string>
|
||||||
tryReset(): Promise<boolean>
|
tryReset(): Promise<boolean>
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function CreateCommandManager(
|
export async function createCommandManager(
|
||||||
workingDirectory: string,
|
workingDirectory: string,
|
||||||
lfs: boolean
|
lfs: boolean
|
||||||
): Promise<IGitCommandManager> {
|
): Promise<IGitCommandManager> {
|
||||||
|
@ -123,32 +137,45 @@ class GitCommandManager {
|
||||||
await this.execGit(args)
|
await this.execGit(args)
|
||||||
}
|
}
|
||||||
|
|
||||||
async config(configKey: string, configValue: string): Promise<void> {
|
async config(
|
||||||
await this.execGit(['config', '--local', configKey, configValue])
|
configKey: string,
|
||||||
|
configValue: string,
|
||||||
|
globalConfig?: boolean
|
||||||
|
): Promise<void> {
|
||||||
|
await this.execGit([
|
||||||
|
'config',
|
||||||
|
globalConfig ? '--global' : '--local',
|
||||||
|
configKey,
|
||||||
|
configValue
|
||||||
|
])
|
||||||
}
|
}
|
||||||
|
|
||||||
async configExists(configKey: string): Promise<boolean> {
|
async configExists(
|
||||||
const pattern = configKey.replace(/[^a-zA-Z0-9_]/g, x => {
|
configKey: string,
|
||||||
return `\\${x}`
|
globalConfig?: boolean
|
||||||
})
|
): Promise<boolean> {
|
||||||
|
const pattern = regexpHelper.escape(configKey)
|
||||||
const output = await this.execGit(
|
const output = await this.execGit(
|
||||||
['config', '--local', '--name-only', '--get-regexp', pattern],
|
[
|
||||||
|
'config',
|
||||||
|
globalConfig ? '--global' : '--local',
|
||||||
|
'--name-only',
|
||||||
|
'--get-regexp',
|
||||||
|
pattern
|
||||||
|
],
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
return output.exitCode === 0
|
return output.exitCode === 0
|
||||||
}
|
}
|
||||||
|
|
||||||
async fetch(fetchDepth: number, refSpec: string[]): Promise<void> {
|
async fetch(refSpec: string[], fetchDepth?: number): Promise<void> {
|
||||||
const args = [
|
const args = ['-c', 'protocol.version=2', 'fetch']
|
||||||
'-c',
|
if (!refSpec.some(x => x === refHelper.tagsRefSpec)) {
|
||||||
'protocol.version=2',
|
args.push('--no-tags')
|
||||||
'fetch',
|
}
|
||||||
'--no-tags',
|
|
||||||
'--prune',
|
args.push('--prune', '--progress', '--no-recurse-submodules')
|
||||||
'--progress',
|
if (fetchDepth && fetchDepth > 0) {
|
||||||
'--no-recurse-submodules'
|
|
||||||
]
|
|
||||||
if (fetchDepth > 0) {
|
|
||||||
args.push(`--depth=${fetchDepth}`)
|
args.push(`--depth=${fetchDepth}`)
|
||||||
} else if (
|
} else if (
|
||||||
fshelper.fileExistsSync(
|
fshelper.fileExistsSync(
|
||||||
|
@ -169,6 +196,34 @@ class GitCommandManager {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async getDefaultBranch(repositoryUrl: string): Promise<string> {
|
||||||
|
let output: GitOutput | undefined
|
||||||
|
await retryHelper.execute(async () => {
|
||||||
|
output = await this.execGit([
|
||||||
|
'ls-remote',
|
||||||
|
'--quiet',
|
||||||
|
'--exit-code',
|
||||||
|
'--symref',
|
||||||
|
repositoryUrl,
|
||||||
|
'HEAD'
|
||||||
|
])
|
||||||
|
})
|
||||||
|
|
||||||
|
if (output) {
|
||||||
|
// Satisfy compiler, will always be set
|
||||||
|
for (let line of output.stdout.trim().split('\n')) {
|
||||||
|
line = line.trim()
|
||||||
|
if (line.startsWith('ref:') || line.endsWith('HEAD')) {
|
||||||
|
return line
|
||||||
|
.substr('ref:'.length, line.length - 'ref:'.length - 'HEAD'.length)
|
||||||
|
.trim()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new Error('Unexpected output when retrieving default branch')
|
||||||
|
}
|
||||||
|
|
||||||
getWorkingDirectory(): string {
|
getWorkingDirectory(): string {
|
||||||
return this.workingDirectory
|
return this.workingDirectory
|
||||||
}
|
}
|
||||||
|
@ -199,14 +254,74 @@ class GitCommandManager {
|
||||||
await this.execGit(['lfs', 'install', '--local'])
|
await this.execGit(['lfs', 'install', '--local'])
|
||||||
}
|
}
|
||||||
|
|
||||||
async log1(): Promise<void> {
|
async log1(): Promise<string> {
|
||||||
await this.execGit(['log', '-1'])
|
const output = await this.execGit(['log', '-1'])
|
||||||
|
return output.stdout
|
||||||
}
|
}
|
||||||
|
|
||||||
async remoteAdd(remoteName: string, remoteUrl: string): Promise<void> {
|
async remoteAdd(remoteName: string, remoteUrl: string): Promise<void> {
|
||||||
await this.execGit(['remote', 'add', remoteName, remoteUrl])
|
await this.execGit(['remote', 'add', remoteName, remoteUrl])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
removeEnvironmentVariable(name: string): void {
|
||||||
|
delete this.gitEnv[name]
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Resolves a ref to a SHA. For a branch or lightweight tag, the commit SHA is returned.
|
||||||
|
* For an annotated tag, the tag SHA is returned.
|
||||||
|
* @param {string} ref For example: 'refs/heads/master' or '/refs/tags/v1'
|
||||||
|
* @returns {Promise<string>}
|
||||||
|
*/
|
||||||
|
async revParse(ref: string): Promise<string> {
|
||||||
|
const output = await this.execGit(['rev-parse', ref])
|
||||||
|
return output.stdout.trim()
|
||||||
|
}
|
||||||
|
|
||||||
|
setEnvironmentVariable(name: string, value: string): void {
|
||||||
|
this.gitEnv[name] = value
|
||||||
|
}
|
||||||
|
|
||||||
|
async shaExists(sha: string): Promise<boolean> {
|
||||||
|
const args = ['rev-parse', '--verify', '--quiet', `${sha}^{object}`]
|
||||||
|
const output = await this.execGit(args, true)
|
||||||
|
return output.exitCode === 0
|
||||||
|
}
|
||||||
|
|
||||||
|
async submoduleForeach(command: string, recursive: boolean): Promise<string> {
|
||||||
|
const args = ['submodule', 'foreach']
|
||||||
|
if (recursive) {
|
||||||
|
args.push('--recursive')
|
||||||
|
}
|
||||||
|
args.push(command)
|
||||||
|
|
||||||
|
const output = await this.execGit(args)
|
||||||
|
return output.stdout
|
||||||
|
}
|
||||||
|
|
||||||
|
async submoduleSync(recursive: boolean): Promise<void> {
|
||||||
|
const args = ['submodule', 'sync']
|
||||||
|
if (recursive) {
|
||||||
|
args.push('--recursive')
|
||||||
|
}
|
||||||
|
|
||||||
|
await this.execGit(args)
|
||||||
|
}
|
||||||
|
|
||||||
|
async submoduleUpdate(fetchDepth: number, recursive: boolean): Promise<void> {
|
||||||
|
const args = ['-c', 'protocol.version=2']
|
||||||
|
args.push('submodule', 'update', '--init', '--force')
|
||||||
|
if (fetchDepth > 0) {
|
||||||
|
args.push(`--depth=${fetchDepth}`)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (recursive) {
|
||||||
|
args.push('--recursive')
|
||||||
|
}
|
||||||
|
|
||||||
|
await this.execGit(args)
|
||||||
|
}
|
||||||
|
|
||||||
async tagExists(pattern: string): Promise<boolean> {
|
async tagExists(pattern: string): Promise<boolean> {
|
||||||
const output = await this.execGit(['tag', '--list', pattern])
|
const output = await this.execGit(['tag', '--list', pattern])
|
||||||
return !!output.stdout.trim()
|
return !!output.stdout.trim()
|
||||||
|
@ -217,9 +332,17 @@ class GitCommandManager {
|
||||||
return output.exitCode === 0
|
return output.exitCode === 0
|
||||||
}
|
}
|
||||||
|
|
||||||
async tryConfigUnset(configKey: string): Promise<boolean> {
|
async tryConfigUnset(
|
||||||
|
configKey: string,
|
||||||
|
globalConfig?: boolean
|
||||||
|
): Promise<boolean> {
|
||||||
const output = await this.execGit(
|
const output = await this.execGit(
|
||||||
['config', '--local', '--unset-all', configKey],
|
[
|
||||||
|
'config',
|
||||||
|
globalConfig ? '--global' : '--local',
|
||||||
|
'--unset-all',
|
||||||
|
configKey
|
||||||
|
],
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
return output.exitCode === 0
|
return output.exitCode === 0
|
||||||
|
|
|
@ -0,0 +1,117 @@
|
||||||
|
import * as assert from 'assert'
|
||||||
|
import * as core from '@actions/core'
|
||||||
|
import * as fs from 'fs'
|
||||||
|
import * as fsHelper from './fs-helper'
|
||||||
|
import * as io from '@actions/io'
|
||||||
|
import * as path from 'path'
|
||||||
|
import {IGitCommandManager} from './git-command-manager'
|
||||||
|
|
||||||
|
export async function prepareExistingDirectory(
|
||||||
|
git: IGitCommandManager | undefined,
|
||||||
|
repositoryPath: string,
|
||||||
|
repositoryUrl: string,
|
||||||
|
clean: boolean,
|
||||||
|
ref: string
|
||||||
|
): Promise<void> {
|
||||||
|
assert.ok(repositoryPath, 'Expected repositoryPath to be defined')
|
||||||
|
assert.ok(repositoryUrl, 'Expected repositoryUrl to be defined')
|
||||||
|
|
||||||
|
// Indicates whether to delete the directory contents
|
||||||
|
let remove = false
|
||||||
|
|
||||||
|
// Check whether using git or REST API
|
||||||
|
if (!git) {
|
||||||
|
remove = true
|
||||||
|
}
|
||||||
|
// Fetch URL does not match
|
||||||
|
else if (
|
||||||
|
!fsHelper.directoryExistsSync(path.join(repositoryPath, '.git')) ||
|
||||||
|
repositoryUrl !== (await git.tryGetFetchUrl())
|
||||||
|
) {
|
||||||
|
remove = true
|
||||||
|
} else {
|
||||||
|
// Delete any index.lock and shallow.lock left by a previously canceled run or crashed git process
|
||||||
|
const lockPaths = [
|
||||||
|
path.join(repositoryPath, '.git', 'index.lock'),
|
||||||
|
path.join(repositoryPath, '.git', 'shallow.lock')
|
||||||
|
]
|
||||||
|
for (const lockPath of lockPaths) {
|
||||||
|
try {
|
||||||
|
await io.rmRF(lockPath)
|
||||||
|
} catch (error) {
|
||||||
|
core.debug(`Unable to delete '${lockPath}'. ${error.message}`)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
core.startGroup('Removing previously created refs, to avoid conflicts')
|
||||||
|
// Checkout detached HEAD
|
||||||
|
if (!(await git.isDetached())) {
|
||||||
|
await git.checkoutDetach()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove all refs/heads/*
|
||||||
|
let branches = await git.branchList(false)
|
||||||
|
for (const branch of branches) {
|
||||||
|
await git.branchDelete(false, branch)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove any conflicting refs/remotes/origin/*
|
||||||
|
// Example 1: Consider ref is refs/heads/foo and previously fetched refs/remotes/origin/foo/bar
|
||||||
|
// Example 2: Consider ref is refs/heads/foo/bar and previously fetched refs/remotes/origin/foo
|
||||||
|
if (ref) {
|
||||||
|
ref = ref.startsWith('refs/') ? ref : `refs/heads/${ref}`
|
||||||
|
if (ref.startsWith('refs/heads/')) {
|
||||||
|
const upperName1 = ref.toUpperCase().substr('REFS/HEADS/'.length)
|
||||||
|
const upperName1Slash = `${upperName1}/`
|
||||||
|
branches = await git.branchList(true)
|
||||||
|
for (const branch of branches) {
|
||||||
|
const upperName2 = branch.substr('origin/'.length).toUpperCase()
|
||||||
|
const upperName2Slash = `${upperName2}/`
|
||||||
|
if (
|
||||||
|
upperName1.startsWith(upperName2Slash) ||
|
||||||
|
upperName2.startsWith(upperName1Slash)
|
||||||
|
) {
|
||||||
|
await git.branchDelete(true, branch)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
core.endGroup()
|
||||||
|
|
||||||
|
// Clean
|
||||||
|
if (clean) {
|
||||||
|
core.startGroup('Cleaning the repository')
|
||||||
|
if (!(await git.tryClean())) {
|
||||||
|
core.debug(
|
||||||
|
`The clean command failed. This might be caused by: 1) path too long, 2) permission issue, or 3) file in use. For futher investigation, manually run 'git clean -ffdx' on the directory '${repositoryPath}'.`
|
||||||
|
)
|
||||||
|
remove = true
|
||||||
|
} else if (!(await git.tryReset())) {
|
||||||
|
remove = true
|
||||||
|
}
|
||||||
|
core.endGroup()
|
||||||
|
|
||||||
|
if (remove) {
|
||||||
|
core.warning(
|
||||||
|
`Unable to clean or reset the repository. The repository will be recreated instead.`
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} catch (error) {
|
||||||
|
core.warning(
|
||||||
|
`Unable to prepare the existing repository. The repository will be recreated instead.`
|
||||||
|
)
|
||||||
|
remove = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (remove) {
|
||||||
|
// Delete the contents of the directory. Don't delete the directory itself
|
||||||
|
// since it might be the current working directory.
|
||||||
|
core.info(`Deleting the contents of '${repositoryPath}'`)
|
||||||
|
for (const file of await fs.promises.readdir(repositoryPath)) {
|
||||||
|
await io.rmRF(path.join(repositoryPath, file))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,37 +1,23 @@
|
||||||
import * as core from '@actions/core'
|
import * as core from '@actions/core'
|
||||||
import * as fs from 'fs'
|
|
||||||
import * as fsHelper from './fs-helper'
|
import * as fsHelper from './fs-helper'
|
||||||
|
import * as gitAuthHelper from './git-auth-helper'
|
||||||
import * as gitCommandManager from './git-command-manager'
|
import * as gitCommandManager from './git-command-manager'
|
||||||
|
import * as gitDirectoryHelper from './git-directory-helper'
|
||||||
import * as githubApiHelper from './github-api-helper'
|
import * as githubApiHelper from './github-api-helper'
|
||||||
import * as io from '@actions/io'
|
import * as io from '@actions/io'
|
||||||
import * as path from 'path'
|
import * as path from 'path'
|
||||||
import * as refHelper from './ref-helper'
|
import * as refHelper from './ref-helper'
|
||||||
import * as stateHelper from './state-helper'
|
import * as stateHelper from './state-helper'
|
||||||
|
import * as urlHelper from './url-helper'
|
||||||
import {IGitCommandManager} from './git-command-manager'
|
import {IGitCommandManager} from './git-command-manager'
|
||||||
|
import {IGitSourceSettings} from './git-source-settings'
|
||||||
|
|
||||||
const authConfigKey = `http.https://github.com/.extraheader`
|
export async function getSource(settings: IGitSourceSettings): Promise<void> {
|
||||||
|
|
||||||
export interface ISourceSettings {
|
|
||||||
repositoryPath: string
|
|
||||||
repositoryOwner: string
|
|
||||||
repositoryName: string
|
|
||||||
ref: string
|
|
||||||
commit: string
|
|
||||||
clean: boolean
|
|
||||||
fetchDepth: number
|
|
||||||
lfs: boolean
|
|
||||||
authToken: string
|
|
||||||
persistCredentials: boolean
|
|
||||||
}
|
|
||||||
|
|
||||||
export async function getSource(settings: ISourceSettings): Promise<void> {
|
|
||||||
// Repository URL
|
// Repository URL
|
||||||
core.info(
|
core.info(
|
||||||
`Syncing repository: ${settings.repositoryOwner}/${settings.repositoryName}`
|
`Syncing repository: ${settings.repositoryOwner}/${settings.repositoryName}`
|
||||||
)
|
)
|
||||||
const repositoryUrl = `https://github.com/${encodeURIComponent(
|
const repositoryUrl = urlHelper.getFetchUrl(settings)
|
||||||
settings.repositoryOwner
|
|
||||||
)}/${encodeURIComponent(settings.repositoryName)}`
|
|
||||||
|
|
||||||
// Remove conflicting file path
|
// Remove conflicting file path
|
||||||
if (fsHelper.fileExistsSync(settings.repositoryPath)) {
|
if (fsHelper.fileExistsSync(settings.repositoryPath)) {
|
||||||
|
@ -46,15 +32,18 @@ export async function getSource(settings: ISourceSettings): Promise<void> {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Git command manager
|
// Git command manager
|
||||||
|
core.startGroup('Getting Git version info')
|
||||||
const git = await getGitCommandManager(settings)
|
const git = await getGitCommandManager(settings)
|
||||||
|
core.endGroup()
|
||||||
|
|
||||||
// Prepare existing directory, otherwise recreate
|
// Prepare existing directory, otherwise recreate
|
||||||
if (isExisting) {
|
if (isExisting) {
|
||||||
await prepareExistingDirectory(
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
git,
|
git,
|
||||||
settings.repositoryPath,
|
settings.repositoryPath,
|
||||||
repositoryUrl,
|
repositoryUrl,
|
||||||
settings.clean
|
settings.clean,
|
||||||
|
settings.ref
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,6 +53,16 @@ export async function getSource(settings: ISourceSettings): Promise<void> {
|
||||||
core.info(
|
core.info(
|
||||||
`To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
|
`To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
|
||||||
)
|
)
|
||||||
|
if (settings.submodules) {
|
||||||
|
throw new Error(
|
||||||
|
`Input 'submodules' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
|
||||||
|
)
|
||||||
|
} else if (settings.sshKey) {
|
||||||
|
throw new Error(
|
||||||
|
`Input 'ssh-key' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
await githubApiHelper.downloadRepository(
|
await githubApiHelper.downloadRepository(
|
||||||
settings.authToken,
|
settings.authToken,
|
||||||
settings.repositoryOwner,
|
settings.repositoryOwner,
|
||||||
|
@ -72,90 +71,185 @@ export async function getSource(settings: ISourceSettings): Promise<void> {
|
||||||
settings.commit,
|
settings.commit,
|
||||||
settings.repositoryPath
|
settings.repositoryPath
|
||||||
)
|
)
|
||||||
} else {
|
return
|
||||||
// Save state for POST action
|
}
|
||||||
stateHelper.setRepositoryPath(settings.repositoryPath)
|
|
||||||
|
|
||||||
// Initialize the repository
|
// Save state for POST action
|
||||||
if (
|
stateHelper.setRepositoryPath(settings.repositoryPath)
|
||||||
!fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
|
|
||||||
) {
|
|
||||||
await git.init()
|
|
||||||
await git.remoteAdd('origin', repositoryUrl)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Disable automatic garbage collection
|
// Initialize the repository
|
||||||
if (!(await git.tryDisableAutomaticGarbageCollection())) {
|
if (
|
||||||
core.warning(
|
!fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
|
||||||
`Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
|
) {
|
||||||
)
|
core.startGroup('Initializing the repository')
|
||||||
}
|
await git.init()
|
||||||
|
await git.remoteAdd('origin', repositoryUrl)
|
||||||
|
core.endGroup()
|
||||||
|
}
|
||||||
|
|
||||||
// Remove possible previous extraheader
|
// Disable automatic garbage collection
|
||||||
await removeGitConfig(git, authConfigKey)
|
core.startGroup('Disabling automatic garbage collection')
|
||||||
|
if (!(await git.tryDisableAutomaticGarbageCollection())) {
|
||||||
|
core.warning(
|
||||||
|
`Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
|
||||||
|
)
|
||||||
|
}
|
||||||
|
core.endGroup()
|
||||||
|
|
||||||
try {
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
// Config auth token
|
try {
|
||||||
await configureAuthToken(git, settings.authToken)
|
// Configure auth
|
||||||
|
core.startGroup('Setting up auth')
|
||||||
|
await authHelper.configureAuth()
|
||||||
|
core.endGroup()
|
||||||
|
|
||||||
// LFS install
|
// Determine the default branch
|
||||||
if (settings.lfs) {
|
if (!settings.ref && !settings.commit) {
|
||||||
await git.lfsInstall()
|
core.startGroup('Determining the default branch')
|
||||||
|
if (settings.sshKey) {
|
||||||
|
settings.ref = await git.getDefaultBranch(repositoryUrl)
|
||||||
|
} else {
|
||||||
|
settings.ref = await githubApiHelper.getDefaultBranch(
|
||||||
|
settings.authToken,
|
||||||
|
settings.repositoryOwner,
|
||||||
|
settings.repositoryName
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
core.endGroup()
|
||||||
|
}
|
||||||
|
|
||||||
// Fetch
|
// LFS install
|
||||||
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
|
if (settings.lfs) {
|
||||||
await git.fetch(settings.fetchDepth, refSpec)
|
await git.lfsInstall()
|
||||||
|
}
|
||||||
|
|
||||||
// Checkout info
|
// Fetch
|
||||||
const checkoutInfo = await refHelper.getCheckoutInfo(
|
core.startGroup('Fetching the repository')
|
||||||
git,
|
if (settings.fetchDepth <= 0) {
|
||||||
|
// Fetch all branches and tags
|
||||||
|
let refSpec = refHelper.getRefSpecForAllHistory(
|
||||||
settings.ref,
|
settings.ref,
|
||||||
settings.commit
|
settings.commit
|
||||||
)
|
)
|
||||||
|
await git.fetch(refSpec)
|
||||||
|
|
||||||
// LFS fetch
|
// When all history is fetched, the ref we're interested in may have moved to a different
|
||||||
// Explicit lfs-fetch to avoid slow checkout (fetches one lfs object at a time).
|
// commit (push or force push). If so, fetch again with a targeted refspec.
|
||||||
// Explicit lfs fetch will fetch lfs objects in parallel.
|
if (!(await refHelper.testRef(git, settings.ref, settings.commit))) {
|
||||||
if (settings.lfs) {
|
refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
|
||||||
await git.lfsFetch(checkoutInfo.startPoint || checkoutInfo.ref)
|
await git.fetch(refSpec)
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
|
||||||
|
await git.fetch(refSpec, settings.fetchDepth)
|
||||||
|
}
|
||||||
|
core.endGroup()
|
||||||
|
|
||||||
// Checkout
|
// Checkout info
|
||||||
await git.checkout(checkoutInfo.ref, checkoutInfo.startPoint)
|
core.startGroup('Determining the checkout info')
|
||||||
|
const checkoutInfo = await refHelper.getCheckoutInfo(
|
||||||
|
git,
|
||||||
|
settings.ref,
|
||||||
|
settings.commit
|
||||||
|
)
|
||||||
|
core.endGroup()
|
||||||
|
|
||||||
// Dump some info about the checked out commit
|
// LFS fetch
|
||||||
await git.log1()
|
// Explicit lfs-fetch to avoid slow checkout (fetches one lfs object at a time).
|
||||||
} finally {
|
// Explicit lfs fetch will fetch lfs objects in parallel.
|
||||||
if (!settings.persistCredentials) {
|
if (settings.lfs) {
|
||||||
await removeGitConfig(git, authConfigKey)
|
core.startGroup('Fetching LFS objects')
|
||||||
|
await git.lfsFetch(checkoutInfo.startPoint || checkoutInfo.ref)
|
||||||
|
core.endGroup()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Checkout
|
||||||
|
core.startGroup('Checking out the ref')
|
||||||
|
await git.checkout(checkoutInfo.ref, checkoutInfo.startPoint)
|
||||||
|
core.endGroup()
|
||||||
|
|
||||||
|
// Submodules
|
||||||
|
if (settings.submodules) {
|
||||||
|
try {
|
||||||
|
// Temporarily override global config
|
||||||
|
core.startGroup('Setting up auth for fetching submodules')
|
||||||
|
await authHelper.configureGlobalAuth()
|
||||||
|
core.endGroup()
|
||||||
|
|
||||||
|
// Checkout submodules
|
||||||
|
core.startGroup('Fetching submodules')
|
||||||
|
await git.submoduleSync(settings.nestedSubmodules)
|
||||||
|
await git.submoduleUpdate(
|
||||||
|
settings.fetchDepth,
|
||||||
|
settings.nestedSubmodules
|
||||||
|
)
|
||||||
|
await git.submoduleForeach(
|
||||||
|
'git config --local gc.auto 0',
|
||||||
|
settings.nestedSubmodules
|
||||||
|
)
|
||||||
|
core.endGroup()
|
||||||
|
|
||||||
|
// Persist credentials
|
||||||
|
if (settings.persistCredentials) {
|
||||||
|
core.startGroup('Persisting credentials for submodules')
|
||||||
|
await authHelper.configureSubmoduleAuth()
|
||||||
|
core.endGroup()
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
// Remove temporary global config override
|
||||||
|
await authHelper.removeGlobalAuth()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Dump some info about the checked out commit
|
||||||
|
const commitInfo = await git.log1()
|
||||||
|
|
||||||
|
// Check for incorrect pull request merge commit
|
||||||
|
await refHelper.checkCommitInfo(
|
||||||
|
settings.authToken,
|
||||||
|
commitInfo,
|
||||||
|
settings.repositoryOwner,
|
||||||
|
settings.repositoryName,
|
||||||
|
settings.ref,
|
||||||
|
settings.commit
|
||||||
|
)
|
||||||
|
} finally {
|
||||||
|
// Remove auth
|
||||||
|
if (!settings.persistCredentials) {
|
||||||
|
core.startGroup('Removing auth')
|
||||||
|
await authHelper.removeAuth()
|
||||||
|
core.endGroup()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function cleanup(repositoryPath: string): Promise<void> {
|
export async function cleanup(repositoryPath: string): Promise<void> {
|
||||||
// Repo exists?
|
// Repo exists?
|
||||||
if (!fsHelper.fileExistsSync(path.join(repositoryPath, '.git', 'config'))) {
|
if (
|
||||||
|
!repositoryPath ||
|
||||||
|
!fsHelper.fileExistsSync(path.join(repositoryPath, '.git', 'config'))
|
||||||
|
) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
fsHelper.directoryExistsSync(repositoryPath, true)
|
|
||||||
|
|
||||||
// Remove the config key
|
let git: IGitCommandManager
|
||||||
const git = await gitCommandManager.CreateCommandManager(
|
try {
|
||||||
repositoryPath,
|
git = await gitCommandManager.createCommandManager(repositoryPath, false)
|
||||||
false
|
} catch {
|
||||||
)
|
return
|
||||||
await removeGitConfig(git, authConfigKey)
|
}
|
||||||
|
|
||||||
|
// Remove auth
|
||||||
|
const authHelper = gitAuthHelper.createAuthHelper(git)
|
||||||
|
await authHelper.removeAuth()
|
||||||
}
|
}
|
||||||
|
|
||||||
async function getGitCommandManager(
|
async function getGitCommandManager(
|
||||||
settings: ISourceSettings
|
settings: IGitSourceSettings
|
||||||
): Promise<IGitCommandManager> {
|
): Promise<IGitCommandManager | undefined> {
|
||||||
core.info(`Working directory is '${settings.repositoryPath}'`)
|
core.info(`Working directory is '${settings.repositoryPath}'`)
|
||||||
let git = (null as unknown) as IGitCommandManager
|
|
||||||
try {
|
try {
|
||||||
return await gitCommandManager.CreateCommandManager(
|
return await gitCommandManager.createCommandManager(
|
||||||
settings.repositoryPath,
|
settings.repositoryPath,
|
||||||
settings.lfs
|
settings.lfs
|
||||||
)
|
)
|
||||||
|
@ -166,138 +260,6 @@ async function getGitCommandManager(
|
||||||
}
|
}
|
||||||
|
|
||||||
// Otherwise fallback to REST API
|
// Otherwise fallback to REST API
|
||||||
return (null as unknown) as IGitCommandManager
|
return undefined
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
async function prepareExistingDirectory(
|
|
||||||
git: IGitCommandManager,
|
|
||||||
repositoryPath: string,
|
|
||||||
repositoryUrl: string,
|
|
||||||
clean: boolean
|
|
||||||
): Promise<void> {
|
|
||||||
let remove = false
|
|
||||||
|
|
||||||
// Check whether using git or REST API
|
|
||||||
if (!git) {
|
|
||||||
remove = true
|
|
||||||
}
|
|
||||||
// Fetch URL does not match
|
|
||||||
else if (
|
|
||||||
!fsHelper.directoryExistsSync(path.join(repositoryPath, '.git')) ||
|
|
||||||
repositoryUrl !== (await git.tryGetFetchUrl())
|
|
||||||
) {
|
|
||||||
remove = true
|
|
||||||
} else {
|
|
||||||
// Delete any index.lock and shallow.lock left by a previously canceled run or crashed git process
|
|
||||||
const lockPaths = [
|
|
||||||
path.join(repositoryPath, '.git', 'index.lock'),
|
|
||||||
path.join(repositoryPath, '.git', 'shallow.lock')
|
|
||||||
]
|
|
||||||
for (const lockPath of lockPaths) {
|
|
||||||
try {
|
|
||||||
await io.rmRF(lockPath)
|
|
||||||
} catch (error) {
|
|
||||||
core.debug(`Unable to delete '${lockPath}'. ${error.message}`)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
// Checkout detached HEAD
|
|
||||||
if (!(await git.isDetached())) {
|
|
||||||
await git.checkoutDetach()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Remove all refs/heads/*
|
|
||||||
let branches = await git.branchList(false)
|
|
||||||
for (const branch of branches) {
|
|
||||||
await git.branchDelete(false, branch)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Remove all refs/remotes/origin/* to avoid conflicts
|
|
||||||
branches = await git.branchList(true)
|
|
||||||
for (const branch of branches) {
|
|
||||||
await git.branchDelete(true, branch)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Clean
|
|
||||||
if (clean) {
|
|
||||||
if (!(await git.tryClean())) {
|
|
||||||
core.debug(
|
|
||||||
`The clean command failed. This might be caused by: 1) path too long, 2) permission issue, or 3) file in use. For futher investigation, manually run 'git clean -ffdx' on the directory '${repositoryPath}'.`
|
|
||||||
)
|
|
||||||
remove = true
|
|
||||||
} else if (!(await git.tryReset())) {
|
|
||||||
remove = true
|
|
||||||
}
|
|
||||||
|
|
||||||
if (remove) {
|
|
||||||
core.warning(
|
|
||||||
`Unable to clean or reset the repository. The repository will be recreated instead.`
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (error) {
|
|
||||||
core.warning(
|
|
||||||
`Unable to prepare the existing repository. The repository will be recreated instead.`
|
|
||||||
)
|
|
||||||
remove = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (remove) {
|
|
||||||
// Delete the contents of the directory. Don't delete the directory itself
|
|
||||||
// since it might be the current working directory.
|
|
||||||
core.info(`Deleting the contents of '${repositoryPath}'`)
|
|
||||||
for (const file of await fs.promises.readdir(repositoryPath)) {
|
|
||||||
await io.rmRF(path.join(repositoryPath, file))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
async function configureAuthToken(
|
|
||||||
git: IGitCommandManager,
|
|
||||||
authToken: string
|
|
||||||
): Promise<void> {
|
|
||||||
// Configure a placeholder value. This approach avoids the credential being captured
|
|
||||||
// by process creation audit events, which are commonly logged. For more information,
|
|
||||||
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
|
||||||
const placeholder = `AUTHORIZATION: basic ***`
|
|
||||||
await git.config(authConfigKey, placeholder)
|
|
||||||
|
|
||||||
// Determine the basic credential value
|
|
||||||
const basicCredential = Buffer.from(
|
|
||||||
`x-access-token:${authToken}`,
|
|
||||||
'utf8'
|
|
||||||
).toString('base64')
|
|
||||||
core.setSecret(basicCredential)
|
|
||||||
|
|
||||||
// Replace the value in the config file
|
|
||||||
const configPath = path.join(git.getWorkingDirectory(), '.git', 'config')
|
|
||||||
let content = (await fs.promises.readFile(configPath)).toString()
|
|
||||||
const placeholderIndex = content.indexOf(placeholder)
|
|
||||||
if (
|
|
||||||
placeholderIndex < 0 ||
|
|
||||||
placeholderIndex != content.lastIndexOf(placeholder)
|
|
||||||
) {
|
|
||||||
throw new Error('Unable to replace auth placeholder in .git/config')
|
|
||||||
}
|
|
||||||
content = content.replace(
|
|
||||||
placeholder,
|
|
||||||
`AUTHORIZATION: basic ${basicCredential}`
|
|
||||||
)
|
|
||||||
await fs.promises.writeFile(configPath, content)
|
|
||||||
}
|
|
||||||
|
|
||||||
async function removeGitConfig(
|
|
||||||
git: IGitCommandManager,
|
|
||||||
configKey: string
|
|
||||||
): Promise<void> {
|
|
||||||
if (
|
|
||||||
(await git.configExists(configKey)) &&
|
|
||||||
!(await git.tryConfigUnset(configKey))
|
|
||||||
) {
|
|
||||||
// Load the config contents
|
|
||||||
core.warning(`Failed to remove '${configKey}' from the git config`)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,76 @@
|
||||||
|
export interface IGitSourceSettings {
|
||||||
|
/**
|
||||||
|
* The location on disk where the repository will be placed
|
||||||
|
*/
|
||||||
|
repositoryPath: string
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The repository owner
|
||||||
|
*/
|
||||||
|
repositoryOwner: string
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The repository name
|
||||||
|
*/
|
||||||
|
repositoryName: string
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The ref to fetch
|
||||||
|
*/
|
||||||
|
ref: string
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The commit to checkout
|
||||||
|
*/
|
||||||
|
commit: string
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates whether to clean the repository
|
||||||
|
*/
|
||||||
|
clean: boolean
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The depth when fetching
|
||||||
|
*/
|
||||||
|
fetchDepth: number
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates whether to fetch LFS objects
|
||||||
|
*/
|
||||||
|
lfs: boolean
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates whether to checkout submodules
|
||||||
|
*/
|
||||||
|
submodules: boolean
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates whether to recursively checkout submodules
|
||||||
|
*/
|
||||||
|
nestedSubmodules: boolean
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The auth token to use when fetching the repository
|
||||||
|
*/
|
||||||
|
authToken: string
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The SSH key to configure
|
||||||
|
*/
|
||||||
|
sshKey: string
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Additional SSH known hosts
|
||||||
|
*/
|
||||||
|
sshKnownHosts: string
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates whether the server must be a known host
|
||||||
|
*/
|
||||||
|
sshStrict: boolean
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates whether to persist the credentials on disk to enable scripting authenticated git commands
|
||||||
|
*/
|
||||||
|
persistCredentials: boolean
|
||||||
|
}
|
|
@ -7,7 +7,7 @@ import * as path from 'path'
|
||||||
import * as retryHelper from './retry-helper'
|
import * as retryHelper from './retry-helper'
|
||||||
import * as toolCache from '@actions/tool-cache'
|
import * as toolCache from '@actions/tool-cache'
|
||||||
import {default as uuid} from 'uuid/v4'
|
import {default as uuid} from 'uuid/v4'
|
||||||
import {ReposGetArchiveLinkParams} from '@octokit/rest'
|
import {Octokit} from '@octokit/rest'
|
||||||
|
|
||||||
const IS_WINDOWS = process.platform === 'win32'
|
const IS_WINDOWS = process.platform === 'win32'
|
||||||
|
|
||||||
|
@ -19,6 +19,12 @@ export async function downloadRepository(
|
||||||
commit: string,
|
commit: string,
|
||||||
repositoryPath: string
|
repositoryPath: string
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
|
// Determine the default branch
|
||||||
|
if (!ref && !commit) {
|
||||||
|
core.info('Determining the default branch')
|
||||||
|
ref = await getDefaultBranch(authToken, owner, repo)
|
||||||
|
}
|
||||||
|
|
||||||
// Download the archive
|
// Download the archive
|
||||||
let archiveData = await retryHelper.execute(async () => {
|
let archiveData = await retryHelper.execute(async () => {
|
||||||
core.info('Downloading the archive')
|
core.info('Downloading the archive')
|
||||||
|
@ -67,6 +73,46 @@ export async function downloadRepository(
|
||||||
io.rmRF(extractPath)
|
io.rmRF(extractPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Looks up the default branch name
|
||||||
|
*/
|
||||||
|
export async function getDefaultBranch(
|
||||||
|
authToken: string,
|
||||||
|
owner: string,
|
||||||
|
repo: string
|
||||||
|
): Promise<string> {
|
||||||
|
return await retryHelper.execute(async () => {
|
||||||
|
core.info('Retrieving the default branch name')
|
||||||
|
const octokit = new github.GitHub(authToken)
|
||||||
|
let result: string
|
||||||
|
try {
|
||||||
|
// Get the default branch from the repo info
|
||||||
|
const response = await octokit.repos.get({owner, repo})
|
||||||
|
result = response.data.default_branch
|
||||||
|
assert.ok(result, 'default_branch cannot be empty')
|
||||||
|
} catch (err) {
|
||||||
|
// Handle .wiki repo
|
||||||
|
if (err['status'] === 404 && repo.toUpperCase().endsWith('.WIKI')) {
|
||||||
|
result = 'master'
|
||||||
|
}
|
||||||
|
// Otherwise error
|
||||||
|
else {
|
||||||
|
throw err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Print the default branch
|
||||||
|
core.info(`Default branch '${result}'`)
|
||||||
|
|
||||||
|
// Prefix with 'refs/heads'
|
||||||
|
if (!result.startsWith('refs/')) {
|
||||||
|
result = `refs/heads/${result}`
|
||||||
|
}
|
||||||
|
|
||||||
|
return result
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
async function downloadArchive(
|
async function downloadArchive(
|
||||||
authToken: string,
|
authToken: string,
|
||||||
owner: string,
|
owner: string,
|
||||||
|
@ -75,7 +121,7 @@ async function downloadArchive(
|
||||||
commit: string
|
commit: string
|
||||||
): Promise<Buffer> {
|
): Promise<Buffer> {
|
||||||
const octokit = new github.GitHub(authToken)
|
const octokit = new github.GitHub(authToken)
|
||||||
const params: ReposGetArchiveLinkParams = {
|
const params: Octokit.ReposGetArchiveLinkParams = {
|
||||||
owner: owner,
|
owner: owner,
|
||||||
repo: repo,
|
repo: repo,
|
||||||
archive_format: IS_WINDOWS ? 'zipball' : 'tarball',
|
archive_format: IS_WINDOWS ? 'zipball' : 'tarball',
|
||||||
|
|
|
@ -2,10 +2,10 @@ import * as core from '@actions/core'
|
||||||
import * as fsHelper from './fs-helper'
|
import * as fsHelper from './fs-helper'
|
||||||
import * as github from '@actions/github'
|
import * as github from '@actions/github'
|
||||||
import * as path from 'path'
|
import * as path from 'path'
|
||||||
import {ISourceSettings} from './git-source-provider'
|
import {IGitSourceSettings} from './git-source-settings'
|
||||||
|
|
||||||
export function getInputs(): ISourceSettings {
|
export function getInputs(): IGitSourceSettings {
|
||||||
const result = ({} as unknown) as ISourceSettings
|
const result = ({} as unknown) as IGitSourceSettings
|
||||||
|
|
||||||
// GitHub workspace
|
// GitHub workspace
|
||||||
let githubWorkspacePath = process.env['GITHUB_WORKSPACE']
|
let githubWorkspacePath = process.env['GITHUB_WORKSPACE']
|
||||||
|
@ -61,10 +61,12 @@ export function getInputs(): ISourceSettings {
|
||||||
if (isWorkflowRepository) {
|
if (isWorkflowRepository) {
|
||||||
result.ref = github.context.ref
|
result.ref = github.context.ref
|
||||||
result.commit = github.context.sha
|
result.commit = github.context.sha
|
||||||
}
|
|
||||||
|
|
||||||
if (!result.ref && !result.commit) {
|
// Some events have an unqualifed ref. For example when a PR is merged (pull_request closed event),
|
||||||
result.ref = 'refs/heads/master'
|
// the ref is unqualifed like "master" instead of "refs/heads/master".
|
||||||
|
if (result.commit && result.ref && !result.ref.startsWith('refs/')) {
|
||||||
|
result.ref = `refs/heads/${result.ref}`
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// SHA?
|
// SHA?
|
||||||
|
@ -79,13 +81,6 @@ export function getInputs(): ISourceSettings {
|
||||||
result.clean = (core.getInput('clean') || 'true').toUpperCase() === 'TRUE'
|
result.clean = (core.getInput('clean') || 'true').toUpperCase() === 'TRUE'
|
||||||
core.debug(`clean = ${result.clean}`)
|
core.debug(`clean = ${result.clean}`)
|
||||||
|
|
||||||
// Submodules
|
|
||||||
if (core.getInput('submodules')) {
|
|
||||||
throw new Error(
|
|
||||||
"The input 'submodules' is not supported in actions/checkout@v2"
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Fetch depth
|
// Fetch depth
|
||||||
result.fetchDepth = Math.floor(Number(core.getInput('fetch-depth') || '1'))
|
result.fetchDepth = Math.floor(Number(core.getInput('fetch-depth') || '1'))
|
||||||
if (isNaN(result.fetchDepth) || result.fetchDepth < 0) {
|
if (isNaN(result.fetchDepth) || result.fetchDepth < 0) {
|
||||||
|
@ -97,8 +92,27 @@ export function getInputs(): ISourceSettings {
|
||||||
result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE'
|
result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE'
|
||||||
core.debug(`lfs = ${result.lfs}`)
|
core.debug(`lfs = ${result.lfs}`)
|
||||||
|
|
||||||
|
// Submodules
|
||||||
|
result.submodules = false
|
||||||
|
result.nestedSubmodules = false
|
||||||
|
const submodulesString = (core.getInput('submodules') || '').toUpperCase()
|
||||||
|
if (submodulesString == 'RECURSIVE') {
|
||||||
|
result.submodules = true
|
||||||
|
result.nestedSubmodules = true
|
||||||
|
} else if (submodulesString == 'TRUE') {
|
||||||
|
result.submodules = true
|
||||||
|
}
|
||||||
|
core.debug(`submodules = ${result.submodules}`)
|
||||||
|
core.debug(`recursive submodules = ${result.nestedSubmodules}`)
|
||||||
|
|
||||||
// Auth token
|
// Auth token
|
||||||
result.authToken = core.getInput('token')
|
result.authToken = core.getInput('token', {required: true})
|
||||||
|
|
||||||
|
// SSH
|
||||||
|
result.sshKey = core.getInput('ssh-key')
|
||||||
|
result.sshKnownHosts = core.getInput('ssh-known-hosts')
|
||||||
|
result.sshStrict =
|
||||||
|
(core.getInput('ssh-strict') || 'true').toUpperCase() === 'TRUE'
|
||||||
|
|
||||||
// Persist credentials
|
// Persist credentials
|
||||||
result.persistCredentials =
|
result.persistCredentials =
|
||||||
|
|
|
@ -59,13 +59,17 @@ function updateUsage(
|
||||||
|
|
||||||
// Constrain the width of the description
|
// Constrain the width of the description
|
||||||
const width = 80
|
const width = 80
|
||||||
let description = input.description as string
|
let description = (input.description as string)
|
||||||
|
.trimRight()
|
||||||
|
.replace(/\r\n/g, '\n') // Convert CR to LF
|
||||||
|
.replace(/ +/g, ' ') // Squash consecutive spaces
|
||||||
|
.replace(/ \n/g, '\n') // Squash space followed by newline
|
||||||
while (description) {
|
while (description) {
|
||||||
// Longer than width? Find a space to break apart
|
// Longer than width? Find a space to break apart
|
||||||
let segment: string = description
|
let segment: string = description
|
||||||
if (description.length > width) {
|
if (description.length > width) {
|
||||||
segment = description.substr(0, width + 1)
|
segment = description.substr(0, width + 1)
|
||||||
while (!segment.endsWith(' ') && segment) {
|
while (!segment.endsWith(' ') && !segment.endsWith('\n') && segment) {
|
||||||
segment = segment.substr(0, segment.length - 1)
|
segment = segment.substr(0, segment.length - 1)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -77,15 +81,30 @@ function updateUsage(
|
||||||
segment = description
|
segment = description
|
||||||
}
|
}
|
||||||
|
|
||||||
description = description.substr(segment.length) // Remaining
|
// Check for newline
|
||||||
segment = segment.trimRight() // Trim the trailing space
|
const newlineIndex = segment.indexOf('\n')
|
||||||
newReadme.push(` # ${segment}`)
|
if (newlineIndex >= 0) {
|
||||||
|
segment = segment.substr(0, newlineIndex + 1)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Append segment
|
||||||
|
newReadme.push(` # ${segment}`.trimRight())
|
||||||
|
|
||||||
|
// Remaining
|
||||||
|
description = description.substr(segment.length)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Input and default
|
|
||||||
if (input.default !== undefined) {
|
if (input.default !== undefined) {
|
||||||
|
// Append blank line if description had paragraphs
|
||||||
|
if ((input.description as string).trimRight().match(/\n[ ]*\r?\n/)) {
|
||||||
|
newReadme.push(` #`)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Default
|
||||||
newReadme.push(` # Default: ${input.default}`)
|
newReadme.push(` # Default: ${input.default}`)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Input name
|
||||||
newReadme.push(` ${key}: ''`)
|
newReadme.push(` ${key}: ''`)
|
||||||
|
|
||||||
firstInput = false
|
firstInput = false
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
|
import {URL} from 'url'
|
||||||
import {IGitCommandManager} from './git-command-manager'
|
import {IGitCommandManager} from './git-command-manager'
|
||||||
|
import * as core from '@actions/core'
|
||||||
|
import * as github from '@actions/github'
|
||||||
|
|
||||||
|
export const tagsRefSpec = '+refs/tags/*:refs/tags/*'
|
||||||
|
|
||||||
export interface ICheckoutInfo {
|
export interface ICheckoutInfo {
|
||||||
ref: string
|
ref: string
|
||||||
|
@ -57,6 +62,16 @@ export async function getCheckoutInfo(
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export function getRefSpecForAllHistory(ref: string, commit: string): string[] {
|
||||||
|
const result = ['+refs/heads/*:refs/remotes/origin/*', tagsRefSpec]
|
||||||
|
if (ref && ref.toUpperCase().startsWith('REFS/PULL/')) {
|
||||||
|
const branch = ref.substring('refs/pull/'.length)
|
||||||
|
result.push(`+${commit || ref}:refs/remotes/pull/${branch}`)
|
||||||
|
}
|
||||||
|
|
||||||
|
return result
|
||||||
|
}
|
||||||
|
|
||||||
export function getRefSpec(ref: string, commit: string): string[] {
|
export function getRefSpec(ref: string, commit: string): string[] {
|
||||||
if (!ref && !commit) {
|
if (!ref && !commit) {
|
||||||
throw new Error('Args ref and commit cannot both be empty')
|
throw new Error('Args ref and commit cannot both be empty')
|
||||||
|
@ -107,3 +122,162 @@ export function getRefSpec(ref: string, commit: string): string[] {
|
||||||
return [`+${ref}:${ref}`]
|
return [`+${ref}:${ref}`]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests whether the initial fetch created the ref at the expected commit
|
||||||
|
*/
|
||||||
|
export async function testRef(
|
||||||
|
git: IGitCommandManager,
|
||||||
|
ref: string,
|
||||||
|
commit: string
|
||||||
|
): Promise<boolean> {
|
||||||
|
if (!git) {
|
||||||
|
throw new Error('Arg git cannot be empty')
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!ref && !commit) {
|
||||||
|
throw new Error('Args ref and commit cannot both be empty')
|
||||||
|
}
|
||||||
|
|
||||||
|
// No SHA? Nothing to test
|
||||||
|
if (!commit) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
// SHA only?
|
||||||
|
else if (!ref) {
|
||||||
|
return await git.shaExists(commit)
|
||||||
|
}
|
||||||
|
|
||||||
|
const upperRef = ref.toUpperCase()
|
||||||
|
|
||||||
|
// refs/heads/
|
||||||
|
if (upperRef.startsWith('REFS/HEADS/')) {
|
||||||
|
const branch = ref.substring('refs/heads/'.length)
|
||||||
|
return (
|
||||||
|
(await git.branchExists(true, `origin/${branch}`)) &&
|
||||||
|
commit === (await git.revParse(`refs/remotes/origin/${branch}`))
|
||||||
|
)
|
||||||
|
}
|
||||||
|
// refs/pull/
|
||||||
|
else if (upperRef.startsWith('REFS/PULL/')) {
|
||||||
|
// Assume matches because fetched using the commit
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
// refs/tags/
|
||||||
|
else if (upperRef.startsWith('REFS/TAGS/')) {
|
||||||
|
const tagName = ref.substring('refs/tags/'.length)
|
||||||
|
return (
|
||||||
|
(await git.tagExists(tagName)) && commit === (await git.revParse(ref))
|
||||||
|
)
|
||||||
|
}
|
||||||
|
// Unexpected
|
||||||
|
else {
|
||||||
|
core.debug(`Unexpected ref format '${ref}' when testing ref info`)
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export async function checkCommitInfo(
|
||||||
|
token: string,
|
||||||
|
commitInfo: string,
|
||||||
|
repositoryOwner: string,
|
||||||
|
repositoryName: string,
|
||||||
|
ref: string,
|
||||||
|
commit: string
|
||||||
|
): Promise<void> {
|
||||||
|
try {
|
||||||
|
// GHES?
|
||||||
|
if (isGhes()) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Auth token?
|
||||||
|
if (!token) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Public PR synchronize, for workflow repo?
|
||||||
|
if (
|
||||||
|
fromPayload('repository.private') !== false ||
|
||||||
|
github.context.eventName !== 'pull_request' ||
|
||||||
|
fromPayload('action') !== 'synchronize' ||
|
||||||
|
repositoryOwner !== github.context.repo.owner ||
|
||||||
|
repositoryName !== github.context.repo.repo ||
|
||||||
|
ref !== github.context.ref ||
|
||||||
|
!ref.startsWith('refs/pull/') ||
|
||||||
|
commit !== github.context.sha
|
||||||
|
) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Head SHA
|
||||||
|
const expectedHeadSha = fromPayload('after')
|
||||||
|
if (!expectedHeadSha) {
|
||||||
|
core.debug('Unable to determine head sha')
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Base SHA
|
||||||
|
const expectedBaseSha = fromPayload('pull_request.base.sha')
|
||||||
|
if (!expectedBaseSha) {
|
||||||
|
core.debug('Unable to determine base sha')
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Expected message?
|
||||||
|
const expectedMessage = `Merge ${expectedHeadSha} into ${expectedBaseSha}`
|
||||||
|
if (commitInfo.indexOf(expectedMessage) >= 0) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Extract details from message
|
||||||
|
const match = commitInfo.match(/Merge ([0-9a-f]{40}) into ([0-9a-f]{40})/)
|
||||||
|
if (!match) {
|
||||||
|
core.debug('Unexpected message format')
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Post telemetry
|
||||||
|
const actualHeadSha = match[1]
|
||||||
|
if (actualHeadSha !== expectedHeadSha) {
|
||||||
|
core.debug(
|
||||||
|
`Expected head sha ${expectedHeadSha}; actual head sha ${actualHeadSha}`
|
||||||
|
)
|
||||||
|
const octokit = new github.GitHub(token, {
|
||||||
|
userAgent: `actions-checkout-tracepoint/1.0 (code=STALE_MERGE;owner=${repositoryOwner};repo=${repositoryName};pr=${fromPayload(
|
||||||
|
'number'
|
||||||
|
)};run_id=${
|
||||||
|
process.env['GITHUB_RUN_ID']
|
||||||
|
};expected_head_sha=${expectedHeadSha};actual_head_sha=${actualHeadSha})`
|
||||||
|
})
|
||||||
|
await octokit.repos.get({owner: repositoryOwner, repo: repositoryName})
|
||||||
|
}
|
||||||
|
} catch (err) {
|
||||||
|
core.debug(`Error when validating commit info: ${err.stack}`)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function fromPayload(path: string): any {
|
||||||
|
return select(github.context.payload, path)
|
||||||
|
}
|
||||||
|
|
||||||
|
function select(obj: any, path: string): any {
|
||||||
|
if (!obj) {
|
||||||
|
return undefined
|
||||||
|
}
|
||||||
|
|
||||||
|
const i = path.indexOf('.')
|
||||||
|
if (i < 0) {
|
||||||
|
return obj[path]
|
||||||
|
}
|
||||||
|
|
||||||
|
const key = path.substr(0, i)
|
||||||
|
return select(obj[key], path.substr(i + 1))
|
||||||
|
}
|
||||||
|
|
||||||
|
function isGhes(): boolean {
|
||||||
|
const ghUrl = new URL(
|
||||||
|
process.env['GITHUB_SERVER_URL'] || 'https://github.com'
|
||||||
|
)
|
||||||
|
return ghUrl.hostname.toUpperCase() !== 'GITHUB.COM'
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
export function escape(value: string): string {
|
||||||
|
return value.replace(/[^a-zA-Z0-9_]/g, x => {
|
||||||
|
return `\\${x}`
|
||||||
|
})
|
||||||
|
}
|
|
@ -1,4 +1,3 @@
|
||||||
import * as core from '@actions/core'
|
|
||||||
import * as coreCommand from '@actions/core/lib/command'
|
import * as coreCommand from '@actions/core/lib/command'
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -12,6 +11,17 @@ export const IsPost = !!process.env['STATE_isPost']
|
||||||
export const RepositoryPath =
|
export const RepositoryPath =
|
||||||
(process.env['STATE_repositoryPath'] as string) || ''
|
(process.env['STATE_repositoryPath'] as string) || ''
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The SSH key path for the POST action. The value is empty during the MAIN action.
|
||||||
|
*/
|
||||||
|
export const SshKeyPath = (process.env['STATE_sshKeyPath'] as string) || ''
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The SSH known hosts path for the POST action. The value is empty during the MAIN action.
|
||||||
|
*/
|
||||||
|
export const SshKnownHostsPath =
|
||||||
|
(process.env['STATE_sshKnownHostsPath'] as string) || ''
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Save the repository path so the POST action can retrieve the value.
|
* Save the repository path so the POST action can retrieve the value.
|
||||||
*/
|
*/
|
||||||
|
@ -23,6 +33,24 @@ export function setRepositoryPath(repositoryPath: string) {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Save the SSH key path so the POST action can retrieve the value.
|
||||||
|
*/
|
||||||
|
export function setSshKeyPath(sshKeyPath: string) {
|
||||||
|
coreCommand.issueCommand('save-state', {name: 'sshKeyPath'}, sshKeyPath)
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Save the SSH known hosts path so the POST action can retrieve the value.
|
||||||
|
*/
|
||||||
|
export function setSshKnownHostsPath(sshKnownHostsPath: string) {
|
||||||
|
coreCommand.issueCommand(
|
||||||
|
'save-state',
|
||||||
|
{name: 'sshKnownHostsPath'},
|
||||||
|
sshKnownHostsPath
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
// Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
|
// Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
|
||||||
// This is necessary since we don't have a separate entry point.
|
// This is necessary since we don't have a separate entry point.
|
||||||
if (!IsPost) {
|
if (!IsPost) {
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
import * as assert from 'assert'
|
||||||
|
import {IGitSourceSettings} from './git-source-settings'
|
||||||
|
import {URL} from 'url'
|
||||||
|
|
||||||
|
export function getFetchUrl(settings: IGitSourceSettings): string {
|
||||||
|
assert.ok(
|
||||||
|
settings.repositoryOwner,
|
||||||
|
'settings.repositoryOwner must be defined'
|
||||||
|
)
|
||||||
|
assert.ok(settings.repositoryName, 'settings.repositoryName must be defined')
|
||||||
|
const serviceUrl = getServerUrl()
|
||||||
|
const encodedOwner = encodeURIComponent(settings.repositoryOwner)
|
||||||
|
const encodedName = encodeURIComponent(settings.repositoryName)
|
||||||
|
if (settings.sshKey) {
|
||||||
|
return `git@${serviceUrl.hostname}:${encodedOwner}/${encodedName}.git`
|
||||||
|
}
|
||||||
|
|
||||||
|
// "origin" is SCHEME://HOSTNAME[:PORT]
|
||||||
|
return `${serviceUrl.origin}/${encodedOwner}/${encodedName}`
|
||||||
|
}
|
||||||
|
|
||||||
|
export function getServerUrl(): URL {
|
||||||
|
// todo: remove GITHUB_URL after support for GHES Alpha is no longer needed
|
||||||
|
return new URL(
|
||||||
|
process.env['GITHUB_SERVER_URL'] ||
|
||||||
|
process.env['GITHUB_URL'] ||
|
||||||
|
'https://github.com'
|
||||||
|
)
|
||||||
|
}
|
Loading…
Reference in New Issue