From 85a425b58245f413b3970d6afdd4332a24a8c4c5 Mon Sep 17 00:00:00 2001 From: eric sciple Date: Wed, 18 Mar 2020 23:33:26 -0400 Subject: [PATCH] use token for workflow repo --- __test__/git-auth-helper.test.ts | 4 +- __test__/git-directory-helper.test.ts | 75 ++++++++++++++++++++------- dist/index.js | 48 ++++++++++++----- src/git-command-manager.ts | 9 +++- src/git-directory-helper.ts | 21 +++++++- src/git-source-provider.ts | 30 +++++++---- src/git-source-settings.ts | 64 +++++++++++++++++++++++ src/input-helper.ts | 6 ++- 8 files changed, 210 insertions(+), 47 deletions(-) diff --git a/__test__/git-auth-helper.test.ts b/__test__/git-auth-helper.test.ts index 1d5c3d5..026be7c 100644 --- a/__test__/git-auth-helper.test.ts +++ b/__test__/git-auth-helper.test.ts @@ -725,6 +725,7 @@ async function setup(testName: string): Promise { setEnvironmentVariable: jest.fn((name: string, value: string) => { git.env[name] = value }), + setRemoteUrl: jest.fn(), submoduleForeach: jest.fn(async () => { return '' }), @@ -748,7 +749,7 @@ async function setup(testName: string): Promise { } ), tryDisableAutomaticGarbageCollection: jest.fn(), - tryGetFetchUrl: jest.fn(), + tryGetRemoteUrl: jest.fn(), tryReset: jest.fn() } @@ -757,6 +758,7 @@ async function setup(testName: string): Promise { clean: true, commit: '', fetchDepth: 1, + isWorkflowRepository: true, lfs: false, submodules: false, nestedSubmodules: false, diff --git a/__test__/git-directory-helper.test.ts b/__test__/git-directory-helper.test.ts index c39a2a5..22f3767 100644 --- a/__test__/git-directory-helper.test.ts +++ b/__test__/git-directory-helper.test.ts @@ -7,7 +7,8 @@ import {IGitCommandManager} from '../lib/git-command-manager' const testWorkspace = path.join(__dirname, '_temp', 'git-directory-helper') let repositoryPath: string -let repositoryUrl: string +let httpsUrl: string +let sshUrl: string let clean: boolean let git: IGitCommandManager @@ -40,7 +41,8 @@ describe('git-directory-helper tests', () => { await gitDirectoryHelper.prepareExistingDirectory( git, repositoryPath, - repositoryUrl, + httpsUrl, + [httpsUrl, sshUrl], clean ) @@ -62,7 +64,8 @@ describe('git-directory-helper tests', () => { await gitDirectoryHelper.prepareExistingDirectory( git, repositoryPath, - repositoryUrl, + httpsUrl, + [httpsUrl, sshUrl], clean ) @@ -87,7 +90,8 @@ describe('git-directory-helper tests', () => { await gitDirectoryHelper.prepareExistingDirectory( git, repositoryPath, - repositoryUrl, + httpsUrl, + [httpsUrl, sshUrl], clean ) @@ -108,7 +112,8 @@ describe('git-directory-helper tests', () => { await gitDirectoryHelper.prepareExistingDirectory( git, repositoryPath, - repositoryUrl, + httpsUrl, + [httpsUrl, sshUrl], clean ) @@ -136,7 +141,8 @@ describe('git-directory-helper tests', () => { await gitDirectoryHelper.prepareExistingDirectory( git, repositoryPath, - repositoryUrl, + httpsUrl, + [httpsUrl, sshUrl], clean ) @@ -155,14 +161,15 @@ describe('git-directory-helper tests', () => { await setup(removesContentsWhenDifferentRepositoryUrl) clean = false await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '') - const differentRepositoryUrl = + const differentRemoteUrl = 'https://github.com/my-different-org/my-different-repo' // Act await gitDirectoryHelper.prepareExistingDirectory( git, repositoryPath, - differentRepositoryUrl, + differentRemoteUrl, + [differentRemoteUrl], clean ) @@ -186,7 +193,8 @@ describe('git-directory-helper tests', () => { await gitDirectoryHelper.prepareExistingDirectory( git, repositoryPath, - repositoryUrl, + httpsUrl, + [httpsUrl, sshUrl], clean ) @@ -211,7 +219,8 @@ describe('git-directory-helper tests', () => { await gitDirectoryHelper.prepareExistingDirectory( git, repositoryPath, - repositoryUrl, + httpsUrl, + [httpsUrl, sshUrl], clean ) @@ -235,7 +244,8 @@ describe('git-directory-helper tests', () => { await gitDirectoryHelper.prepareExistingDirectory( undefined, repositoryPath, - repositoryUrl, + httpsUrl, + [httpsUrl, sshUrl], clean ) @@ -259,7 +269,8 @@ describe('git-directory-helper tests', () => { await gitDirectoryHelper.prepareExistingDirectory( git, repositoryPath, - repositoryUrl, + httpsUrl, + [httpsUrl, sshUrl], clean ) @@ -289,7 +300,8 @@ describe('git-directory-helper tests', () => { await gitDirectoryHelper.prepareExistingDirectory( git, repositoryPath, - repositoryUrl, + httpsUrl, + [httpsUrl, sshUrl], clean ) @@ -319,7 +331,8 @@ describe('git-directory-helper tests', () => { await gitDirectoryHelper.prepareExistingDirectory( git, repositoryPath, - repositoryUrl, + httpsUrl, + [httpsUrl, sshUrl], clean ) @@ -329,6 +342,30 @@ describe('git-directory-helper tests', () => { expect(git.branchDelete).toHaveBeenCalledWith(true, 'remote-branch-1') expect(git.branchDelete).toHaveBeenCalledWith(true, 'remote-branch-2') }) + + const updatesRemoteUrl = 'updates remote URL' + it(updatesRemoteUrl, async () => { + // Arrange + await setup(updatesRemoteUrl) + await fs.promises.writeFile(path.join(repositoryPath, 'my-file'), '') + + // Act + await gitDirectoryHelper.prepareExistingDirectory( + git, + repositoryPath, + sshUrl, + [sshUrl, httpsUrl], + clean + ) + + // Assert + const files = await fs.promises.readdir(repositoryPath) + expect(files.sort()).toEqual(['.git', 'my-file']) + expect(git.isDetached).toHaveBeenCalled() + expect(git.branchList).toHaveBeenCalled() + expect(core.warning).not.toHaveBeenCalled() + expect(git.setRemoteUrl).toHaveBeenCalledWith(sshUrl) + }) }) async function setup(testName: string): Promise { @@ -338,8 +375,9 @@ async function setup(testName: string): Promise { repositoryPath = path.join(testWorkspace, testName) await fs.promises.mkdir(path.join(repositoryPath, '.git'), {recursive: true}) - // Repository URL - repositoryUrl = 'https://github.com/my-org/my-repo' + // Remote URLs + httpsUrl = 'https://github.com/my-org/my-repo' + sshUrl = 'git@github.com:my-org/my-repo' // Clean clean = true @@ -365,6 +403,7 @@ async function setup(testName: string): Promise { remoteAdd: jest.fn(), removeEnvironmentVariable: jest.fn(), setEnvironmentVariable: jest.fn(), + setRemoteUrl: jest.fn(), submoduleForeach: jest.fn(), submoduleSync: jest.fn(), submoduleUpdate: jest.fn(), @@ -374,10 +413,10 @@ async function setup(testName: string): Promise { }), tryConfigUnset: jest.fn(), tryDisableAutomaticGarbageCollection: jest.fn(), - tryGetFetchUrl: jest.fn(async () => { + tryGetRemoteUrl: jest.fn(async () => { // Sanity check - this function shouldn't be called when the .git directory doesn't exist await fs.promises.stat(path.join(repositoryPath, '.git')) - return repositoryUrl + return httpsUrl }), tryReset: jest.fn(async () => { return true diff --git a/dist/index.js b/dist/index.js index 3992650..6e5f8f2 100644 --- a/dist/index.js +++ b/dist/index.js @@ -5581,6 +5581,11 @@ class GitCommandManager { setEnvironmentVariable(name, value) { this.gitEnv[name] = value; } + setRemoteUrl(value) { + return __awaiter(this, void 0, void 0, function* () { + yield this.config('git.remote.url', value); + }); + } submoduleForeach(command, recursive) { return __awaiter(this, void 0, void 0, function* () { const args = ['submodule', 'foreach']; @@ -5643,7 +5648,7 @@ class GitCommandManager { return output.exitCode === 0; }); } - tryGetFetchUrl() { + tryGetRemoteUrl() { return __awaiter(this, void 0, void 0, function* () { const output = yield this.execGit(['config', '--local', '--get', 'remote.origin.url'], true); if (output.exitCode !== 0) { @@ -5800,11 +5805,12 @@ const stateHelper = __importStar(__webpack_require__(153)); const hostname = 'github.com'; function getSource(settings) { return __awaiter(this, void 0, void 0, function* () { - // Repository URL core.info(`Syncing repository: ${settings.repositoryOwner}/${settings.repositoryName}`); - const repositoryUrl = settings.sshKey - ? `git@${hostname}:${encodeURIComponent(settings.repositoryOwner)}/${encodeURIComponent(settings.repositoryName)}.git` - : `https://${hostname}/${encodeURIComponent(settings.repositoryOwner)}/${encodeURIComponent(settings.repositoryName)}`; + // Remote URL + const httpsUrl = `https://${hostname}/${encodeURIComponent(settings.repositoryOwner)}/${encodeURIComponent(settings.repositoryName)}`; + const sshUrl = `git@${hostname}:${encodeURIComponent(settings.repositoryOwner)}/${encodeURIComponent(settings.repositoryName)}.git`; + // Always fetch the workflow repository using the token, not the SSH key + const initialRemoteUrl = !settings.sshKey || settings.isWorkflowRepository ? httpsUrl : sshUrl; // Remove conflicting file path if (fsHelper.fileExistsSync(settings.repositoryPath)) { yield io.rmRF(settings.repositoryPath); @@ -5819,7 +5825,7 @@ function getSource(settings) { const git = yield getGitCommandManager(settings); // Prepare existing directory, otherwise recreate if (isExisting) { - yield gitDirectoryHelper.prepareExistingDirectory(git, settings.repositoryPath, repositoryUrl, settings.clean); + yield gitDirectoryHelper.prepareExistingDirectory(git, settings.repositoryPath, initialRemoteUrl, [httpsUrl, sshUrl], settings.clean); } if (!git) { // Downloading using REST API @@ -5839,7 +5845,7 @@ function getSource(settings) { // Initialize the repository if (!fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))) { yield git.init(); - yield git.remoteAdd('origin', repositoryUrl); + yield git.remoteAdd('origin', initialRemoteUrl); } // Disable automatic garbage collection if (!(yield git.tryDisableAutomaticGarbageCollection())) { @@ -5864,6 +5870,10 @@ function getSource(settings) { if (settings.lfs) { yield git.lfsFetch(checkoutInfo.startPoint || checkoutInfo.ref); } + // Fix URL when using SSH + if (settings.sshKey && initialRemoteUrl != sshUrl) { + yield git.setRemoteUrl(sshUrl); + } // Checkout yield git.checkout(checkoutInfo.ref, checkoutInfo.startPoint); // Submodules @@ -7191,21 +7201,29 @@ var __importStar = (this && this.__importStar) || function (mod) { return result; }; Object.defineProperty(exports, "__esModule", { value: true }); +const assert = __importStar(__webpack_require__(357)); const core = __importStar(__webpack_require__(470)); const fs = __importStar(__webpack_require__(747)); const fsHelper = __importStar(__webpack_require__(618)); const io = __importStar(__webpack_require__(1)); const path = __importStar(__webpack_require__(622)); -function prepareExistingDirectory(git, repositoryPath, repositoryUrl, clean) { +function prepareExistingDirectory(git, repositoryPath, initialRemoteUrl, allowedRemoteUrls, clean) { return __awaiter(this, void 0, void 0, function* () { + assert.ok(repositoryPath, 'Expected repositoryPath to be defined'); + assert.ok(allowedRemoteUrls, 'Expected allowedRemoteUrls to be defined'); + assert.ok(allowedRemoteUrls.length, 'Expected allowedRemoteUrls to have at least one value'); + assert.ok(initialRemoteUrl, 'Expected initialRemoteUrl to be defined'); + // Indicates whether to delete the directory contents let remove = false; + // The remote URL + let remoteUrl; // Check whether using git or REST API if (!git) { remove = true; } // Fetch URL does not match else if (!fsHelper.directoryExistsSync(path.join(repositoryPath, '.git')) || - repositoryUrl !== (yield git.tryGetFetchUrl())) { + allowedRemoteUrls.indexOf((remoteUrl = yield git.tryGetRemoteUrl())) < 0) { remove = true; } else { @@ -7250,6 +7268,10 @@ function prepareExistingDirectory(git, repositoryPath, repositoryUrl, clean) { core.warning(`Unable to clean or reset the repository. The repository will be recreated instead.`); } } + // Always fetch the workflow repository using HTTPS + if (remoteUrl !== initialRemoteUrl) { + yield git.setRemoteUrl(initialRemoteUrl); + } } catch (error) { core.warning(`Unable to prepare the existing repository. The repository will be recreated instead.`); @@ -13989,6 +14011,7 @@ const core = __importStar(__webpack_require__(470)); const fsHelper = __importStar(__webpack_require__(618)); const github = __importStar(__webpack_require__(469)); const path = __importStar(__webpack_require__(622)); +const hostname = 'github.com'; function getInputs() { const result = {}; // GitHub workspace @@ -14018,12 +14041,13 @@ function getInputs() { throw new Error(`Repository path '${result.repositoryPath}' is not under '${githubWorkspacePath}'`); } // Workflow repository? - const isWorkflowRepository = qualifiedRepository.toUpperCase() === - `${github.context.repo.owner}/${github.context.repo.repo}`.toUpperCase(); + result.isWorkflowRepository = + qualifiedRepository.toUpperCase() === + `${github.context.repo.owner}/${github.context.repo.repo}`.toUpperCase(); // Source branch, source version result.ref = core.getInput('ref'); if (!result.ref) { - if (isWorkflowRepository) { + if (result.isWorkflowRepository) { result.ref = github.context.ref; result.commit = github.context.sha; // Some events have an unqualifed ref. For example when a PR is merged (pull_request closed event), diff --git a/src/git-command-manager.ts b/src/git-command-manager.ts index 4cbfe4a..a874e35 100644 --- a/src/git-command-manager.ts +++ b/src/git-command-manager.ts @@ -33,6 +33,7 @@ export interface IGitCommandManager { remoteAdd(remoteName: string, remoteUrl: string): Promise removeEnvironmentVariable(name: string): void setEnvironmentVariable(name: string, value: string): void + setRemoteUrl(url: string): Promise submoduleForeach(command: string, recursive: boolean): Promise submoduleSync(recursive: boolean): Promise submoduleUpdate(fetchDepth: number, recursive: boolean): Promise @@ -40,7 +41,7 @@ export interface IGitCommandManager { tryClean(): Promise tryConfigUnset(configKey: string, globalConfig?: boolean): Promise tryDisableAutomaticGarbageCollection(): Promise - tryGetFetchUrl(): Promise + tryGetRemoteUrl(): Promise tryReset(): Promise } @@ -241,6 +242,10 @@ class GitCommandManager { this.gitEnv[name] = value } + async setRemoteUrl(value: string): Promise { + await this.config('git.remote.url', value) + } + async submoduleForeach(command: string, recursive: boolean): Promise { const args = ['submodule', 'foreach'] if (recursive) { @@ -309,7 +314,7 @@ class GitCommandManager { return output.exitCode === 0 } - async tryGetFetchUrl(): Promise { + async tryGetRemoteUrl(): Promise { const output = await this.execGit( ['config', '--local', '--get', 'remote.origin.url'], true diff --git a/src/git-directory-helper.ts b/src/git-directory-helper.ts index bfaa4a9..a7d6ae8 100644 --- a/src/git-directory-helper.ts +++ b/src/git-directory-helper.ts @@ -1,18 +1,30 @@ +import * as assert from 'assert' import * as core from '@actions/core' import * as fs from 'fs' import * as fsHelper from './fs-helper' import * as io from '@actions/io' import * as path from 'path' import {IGitCommandManager} from './git-command-manager' +import {IGitSourceSettings} from './git-source-settings' export async function prepareExistingDirectory( git: IGitCommandManager | undefined, repositoryPath: string, - repositoryUrl: string, + preferredRemoteUrl: string, + allowedRemoteUrls: string[], clean: boolean ): Promise { + assert.ok(repositoryPath, 'Expected repositoryPath to be defined') + assert.ok(preferredRemoteUrl, 'Expected preferredRemoteUrl to be defined') + assert.ok(allowedRemoteUrls, 'Expected allowedRemoteUrls to be defined') + assert.ok(allowedRemoteUrls.length, 'Expected allowedRemoteUrls to have at least one value') + + // Indicates whether to delete the directory contents let remove = false + // The remote URL + let remoteUrl: string + // Check whether using git or REST API if (!git) { remove = true @@ -20,7 +32,7 @@ export async function prepareExistingDirectory( // Fetch URL does not match else if ( !fsHelper.directoryExistsSync(path.join(repositoryPath, '.git')) || - repositoryUrl !== (await git.tryGetFetchUrl()) + allowedRemoteUrls.indexOf((remoteUrl = await git.tryGetRemoteUrl())) < 0 ) { remove = true } else { @@ -72,6 +84,11 @@ export async function prepareExistingDirectory( ) } } + + // Update to the preferred remote URL + if (remoteUrl !== preferredRemoteUrl) { + await git.setRemoteUrl(preferredRemoteUrl) + } } catch (error) { core.warning( `Unable to prepare the existing repository. The repository will be recreated instead.` diff --git a/src/git-source-provider.ts b/src/git-source-provider.ts index 4bce702..c1859a6 100644 --- a/src/git-source-provider.ts +++ b/src/git-source-provider.ts @@ -14,17 +14,21 @@ import {IGitSourceSettings} from './git-source-settings' const hostname = 'github.com' export async function getSource(settings: IGitSourceSettings): Promise { - // Repository URL core.info( `Syncing repository: ${settings.repositoryOwner}/${settings.repositoryName}` ) - const repositoryUrl = settings.sshKey - ? `git@${hostname}:${encodeURIComponent( - settings.repositoryOwner - )}/${encodeURIComponent(settings.repositoryName)}.git` - : `https://${hostname}/${encodeURIComponent( - settings.repositoryOwner - )}/${encodeURIComponent(settings.repositoryName)}` + + // Remote URL + const httpsUrl = `https://${hostname}/${encodeURIComponent( + settings.repositoryOwner + )}/${encodeURIComponent(settings.repositoryName)}` + const sshUrl = `git@${hostname}:${encodeURIComponent( + settings.repositoryOwner + )}/${encodeURIComponent(settings.repositoryName)}.git` + + // Always fetch the workflow repository using the token, not the SSH key + const initialRemoteUrl = + !settings.sshKey || settings.isWorkflowRepository ? httpsUrl : sshUrl // Remove conflicting file path if (fsHelper.fileExistsSync(settings.repositoryPath)) { @@ -46,7 +50,8 @@ export async function getSource(settings: IGitSourceSettings): Promise { await gitDirectoryHelper.prepareExistingDirectory( git, settings.repositoryPath, - repositoryUrl, + initialRemoteUrl, + [httpsUrl, sshUrl], settings.clean ) } @@ -86,7 +91,7 @@ export async function getSource(settings: IGitSourceSettings): Promise { !fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git')) ) { await git.init() - await git.remoteAdd('origin', repositoryUrl) + await git.remoteAdd('origin', initialRemoteUrl) } // Disable automatic garbage collection @@ -124,6 +129,11 @@ export async function getSource(settings: IGitSourceSettings): Promise { await git.lfsFetch(checkoutInfo.startPoint || checkoutInfo.ref) } + // Fix URL when using SSH + if (settings.sshKey && initialRemoteUrl != sshUrl) { + await git.setRemoteUrl(sshUrl) + } + // Checkout await git.checkout(checkoutInfo.ref, checkoutInfo.startPoint) diff --git a/src/git-source-settings.ts b/src/git-source-settings.ts index 04d548c..25af0c8 100644 --- a/src/git-source-settings.ts +++ b/src/git-source-settings.ts @@ -1,17 +1,81 @@ export interface IGitSourceSettings { + /** + * The location on disk where the repository will be placed + */ repositoryPath: string + + /** + * The repository owner + */ repositoryOwner: string + + /** + * The repository name + */ repositoryName: string + + /** + * Indicates whether the repository is main workflow repository + */ + isWorkflowRepository: boolean + + /** + * The ref to fetch + */ ref: string + + /** + * The commit to checkout + */ commit: string + + /** + * Indicates whether to clean the repository + */ clean: boolean + + /** + * The depth when fetching + */ fetchDepth: number + + /** + * Indicates whether to fetch LFS objects + */ lfs: boolean + + /** + * Indicates whether to checkout submodules + */ submodules: boolean + + /** + * Indicates whether to recursively checkout submodules + */ nestedSubmodules: boolean + + /** + * The auth token to use when fetching the repository + */ authToken: string + + /** + * The SSH key to configure + */ sshKey: string + + /** + * Additional SSH known hosts + */ sshKnownHosts: string + + /** + * Indicates whether the server must be a known host + */ sshStrict: boolean + + /** + * Indicates whether to persist the credentials on disk to enable scripting authenticated git commands + */ persistCredentials: boolean } diff --git a/src/input-helper.ts b/src/input-helper.ts index 11a1ab6..6e35986 100644 --- a/src/input-helper.ts +++ b/src/input-helper.ts @@ -4,6 +4,8 @@ import * as github from '@actions/github' import * as path from 'path' import {IGitSourceSettings} from './git-source-settings' +const hostname = 'github.com' + export function getInputs(): IGitSourceSettings { const result = ({} as unknown) as IGitSourceSettings @@ -51,14 +53,14 @@ export function getInputs(): IGitSourceSettings { } // Workflow repository? - const isWorkflowRepository = + result.isWorkflowRepository = qualifiedRepository.toUpperCase() === `${github.context.repo.owner}/${github.context.repo.repo}`.toUpperCase() // Source branch, source version result.ref = core.getInput('ref') if (!result.ref) { - if (isWorkflowRepository) { + if (result.isWorkflowRepository) { result.ref = github.context.ref result.commit = github.context.sha