actions/checkout
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: actions:v3
Branches Tags
actions:main actions:dependabot/github_actions/minor-actions-dependencies-ad3029623a actions:dependabot/npm_and_yarn/minor-npm-dependencies-14ee30afef actions:dependabot/npm_and_yarn/types/node-22.5.4 actions:dependabot/npm_and_yarn/typescript-eslint/parser-7.18.0 actions:dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-8.4.0 actions:dependabot/npm_and_yarn/multi-87b2ad6fb3 actions:jww3-patch-1 actions:jww3-minversion-v5 actions:releases/v4.0.0 actions:takost/test-package-update actions:test-show-progress actions:releases/v3 actions:users/vanzeben/lfs-credentials-helper actions:luketomlinson/tags actions:fhammerl/releasev3.6.0 actions:releases/v2 actions:users/vmjoseph/checkout-upgrade-1.1.3 actions:fhammerl/bump-gh-package-versions actions:users/vmjoseph/no-proxy actions:vmjoseph/toolkit-windows-exec actions:vmjoseph/silent-rev-parse actions:ericsciple-patch-1 actions:hross-zeit-vercel actions:master actions:users/ericsciple/m167workflow actions:users/ericsciple/m167sub actions:test-data/v2/submodule-ssh-url-level-2 actions:test-data/v2/submodule-ssh-url actions:test-data/v2/submodule-ssh-url-level-1 actions:test-data/v2/submodule actions:users/ericsciple/m166refs actions:users/tihuang/proxysupport actions:users/ericsciple/m164submodule actions:users/ericsciple/m163tarball_temp actions:users/ericsciple/m163tarball_efficient_download actions:users/ericsciple/m162pr actions:users/ericsciple/test-pr actions:test-data/v2/basic actions:test-data/v2/submodule-level-1 actions:test-data/v2/submodule-level-2 actions:test-data/v2/lfs actions:test-data/v2/side-by-side-2 actions:test-data/v2/side-by-side-1 actions:revert-56-users/tihuang/checkoutV1_1 actions:releases/v1 actions:Update-description
actions:v4.2.2 actions:v4 actions:v4.2.1 actions:v4.2.0 actions:v4.1.7 actions:v4.1.6 actions:v4.1.5 actions:v4.1.4 actions:v4.1.3 actions:v4.1.2 actions:v4.1.1 actions:v4.0.0 actions:v4.1.0 actions:v3.6.0 actions:v3 actions:v3.5.3 actions:v3.5.2 actions:v3.5.1 actions:v2.7.0 actions:v2 actions:v3.5.0 actions:v3.4.0 actions:v3.3.0 actions:v2.6.0 actions:v3.2.0 actions:v2.5.0 actions:v3.1.0 actions:v2.4.2 actions:v3.0.2 actions:v3.0.1 actions:v2.4.1 actions:v3.0.0 actions:v2.4.0 actions:v2.3.5 actions:v2.3.4 actions:v2.3.3 actions:v2.3.2 actions:v2.3.1 actions:v2.3.0 actions:v2.2.0 actions:v2.1.1 actions:v2.1.0 actions:v2.0.0 actions:v2-beta actions:v1 actions:v1.2.0 actions:v1.1.0 actions:v1.0.0 actions:1.0.0
..
compare: actions:users/vanzeben/lfs-credentials-helper
Branches Tags
actions:dependabot/github_actions/minor-actions-dependencies-ad3029623a actions:dependabot/npm_and_yarn/minor-npm-dependencies-14ee30afef actions:main actions:dependabot/npm_and_yarn/types/node-22.5.4 actions:dependabot/npm_and_yarn/typescript-eslint/parser-7.18.0 actions:dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-8.4.0 actions:dependabot/npm_and_yarn/multi-87b2ad6fb3 actions:jww3-patch-1 actions:jww3-minversion-v5 actions:releases/v4.0.0 actions:takost/test-package-update actions:test-show-progress actions:releases/v3 actions:users/vanzeben/lfs-credentials-helper actions:luketomlinson/tags actions:fhammerl/releasev3.6.0 actions:releases/v2 actions:users/vmjoseph/checkout-upgrade-1.1.3 actions:fhammerl/bump-gh-package-versions actions:users/vmjoseph/no-proxy actions:vmjoseph/toolkit-windows-exec actions:vmjoseph/silent-rev-parse actions:ericsciple-patch-1 actions:hross-zeit-vercel actions:master actions:users/ericsciple/m167workflow actions:users/ericsciple/m167sub actions:test-data/v2/submodule-ssh-url-level-2 actions:test-data/v2/submodule-ssh-url actions:test-data/v2/submodule-ssh-url-level-1 actions:test-data/v2/submodule actions:users/ericsciple/m166refs actions:users/tihuang/proxysupport actions:users/ericsciple/m164submodule actions:users/ericsciple/m163tarball_temp actions:users/ericsciple/m163tarball_efficient_download actions:users/ericsciple/m162pr actions:users/ericsciple/test-pr actions:test-data/v2/basic actions:test-data/v2/submodule-level-1 actions:test-data/v2/submodule-level-2 actions:test-data/v2/lfs actions:test-data/v2/side-by-side-2 actions:test-data/v2/side-by-side-1 actions:revert-56-users/tihuang/checkoutV1_1 actions:releases/v1 actions:Update-description
actions:v4.2.2 actions:v4 actions:v4.2.1 actions:v4.2.0 actions:v4.1.7 actions:v4.1.6 actions:v4.1.5 actions:v4.1.4 actions:v4.1.3 actions:v4.1.2 actions:v4.1.1 actions:v4.0.0 actions:v4.1.0 actions:v3.6.0 actions:v3 actions:v3.5.3 actions:v3.5.2 actions:v3.5.1 actions:v2.7.0 actions:v2 actions:v3.5.0 actions:v3.4.0 actions:v3.3.0 actions:v2.6.0 actions:v3.2.0 actions:v2.5.0 actions:v3.1.0 actions:v2.4.2 actions:v3.0.2 actions:v3.0.1 actions:v2.4.1 actions:v3.0.0 actions:v2.4.0 actions:v2.3.5 actions:v2.3.4 actions:v2.3.3 actions:v2.3.2 actions:v2.3.1 actions:v2.3.0 actions:v2.2.0 actions:v2.1.1 actions:v2.1.0 actions:v2.0.0 actions:v2-beta actions:v1 actions:v1.2.0 actions:v1.1.0 actions:v1.0.0 actions:1.0.0

2 Commits
v3 ... users/vanz

Author SHA1 Message Date
Ryan van Zeben
7eef07851d Update tests 2023-06-20 17:33:26 +00:00
Ryan van Zeben
0d6639250f Update helper 2023-06-16 17:26:30 +00:00
14 changed files with 90 additions and 323 deletions
Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -1,9 +1,5 @@
# Changelog # Changelog
## v3.6.0
- [Fix: Mark test scripts with Bash'isms to be run via Bash](https://github.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth > 0](https://github.com/actions/checkout/pull/579)
## v3.5.3 ## v3.5.3
- [Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in](https://github.com/actions/checkout/pull/1196) - [Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in](https://github.com/actions/checkout/pull/1196)
- [Fix typos found by codespell](https://github.com/actions/checkout/pull/1287) - [Fix typos found by codespell](https://github.com/actions/checkout/pull/1287)

4
README.md
View File

@ -87,10 +87,6 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
# Default: 1 # Default: 1
fetch-depth: '' fetch-depth: ''
# Whether to fetch tags, even if fetch-depth > 0.
# Default: false
fetch-tags: ''
# Whether to download Git-LFS files # Whether to download Git-LFS files
# Default: false # Default: false
lfs: '' lfs: ''

45
__test__/git-auth-helper.test.ts
View File

@ -94,11 +94,11 @@ describe('git-auth-helper tests', () => {
`x-access-token:${settings.authToken}`, `x-access-token:${settings.authToken}`,
'utf8' 'utf8'
).toString('base64') ).toString('base64')
expect( // expect(
configContent.indexOf( // configContent.indexOf(
`http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}` // `http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}`
) // )
).toBeGreaterThanOrEqual(0) // ).toBeGreaterThanOrEqual(0)
} }
const configureAuth_configuresAuthHeader = const configureAuth_configuresAuthHeader =
@ -145,11 +145,11 @@ describe('git-auth-helper tests', () => {
const configContent = ( const configContent = (
await fs.promises.readFile(localGitConfigPath) await fs.promises.readFile(localGitConfigPath)
).toString() ).toString()
expect( // expect(
configContent.indexOf( // configContent.indexOf(
`http.https://github.com/.extraheader AUTHORIZATION` // `http.https://github.com/.extraheader AUTHORIZATION`
) // )
).toBeGreaterThanOrEqual(0) // ).toBeGreaterThanOrEqual(0)
} }
) )
@ -419,11 +419,11 @@ describe('git-auth-helper tests', () => {
expect( expect(
configContent.indexOf('value-from-global-config') configContent.indexOf('value-from-global-config')
).toBeGreaterThanOrEqual(0) ).toBeGreaterThanOrEqual(0)
expect( // expect(
configContent.indexOf( // configContent.indexOf(
`http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}` // `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
) // )
).toBeGreaterThanOrEqual(0) // ).toBeGreaterThanOrEqual(0)
}) })
const configureGlobalAuth_createsNewGlobalGitConfigWhenGlobalDoesNotExist = const configureGlobalAuth_createsNewGlobalGitConfigWhenGlobalDoesNotExist =
@ -463,11 +463,11 @@ describe('git-auth-helper tests', () => {
const configContent = ( const configContent = (
await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig')) await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig'))
).toString() ).toString()
expect( // expect(
configContent.indexOf( // configContent.indexOf(
`http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}` // `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
) // )
).toBeGreaterThanOrEqual(0) // ).toBeGreaterThanOrEqual(0)
} }
) )
@ -554,7 +554,7 @@ describe('git-auth-helper tests', () => {
expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch( expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
/unset-all.*insteadOf/ /unset-all.*insteadOf/
) )
expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/) // expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch( expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(
/url.*insteadOf.*git@github.com:/ /url.*insteadOf.*git@github.com:/
) )
@ -593,7 +593,7 @@ describe('git-auth-helper tests', () => {
expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch( expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
/unset-all.*insteadOf/ /unset-all.*insteadOf/
) )
expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/) // expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/core\.sshCommand/) expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/core\.sshCommand/)
} }
) )
@ -805,7 +805,6 @@ async function setup(testName: string): Promise<void> {
sparseCheckout: [], sparseCheckout: [],
sparseCheckoutConeMode: true, sparseCheckoutConeMode: true,
fetchDepth: 1, fetchDepth: 1,
fetchTags: false,
lfs: false, lfs: false,
submodules: false, submodules: false,
nestedSubmodules: false, nestedSubmodules: false,

176
__test__/git-command-manager.test.ts
View File

@ -88,179 +88,3 @@ describe('git-auth-helper tests', () => {
expect(branches.sort()).toEqual(['foo'].sort()) expect(branches.sort()).toEqual(['foo'].sort())
}) })
}) })
describe('Test fetchDepth and fetchTags options', () => {
beforeEach(async () => {
jest.spyOn(fshelper, 'fileExistsSync').mockImplementation(jest.fn())
jest.spyOn(fshelper, 'directoryExistsSync').mockImplementation(jest.fn())
mockExec.mockImplementation((path, args, options) => {
console.log(args, options.listeners.stdout)
if (args.includes('version')) {
options.listeners.stdout(Buffer.from('2.18'))
}
return 0
})
})
afterEach(() => {
jest.restoreAllMocks()
})
it('should call execGit with the correct arguments when fetchDepth is 0 and fetchTags is true', async () => {
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test'
const lfs = false
const doSparseCheckout = false
git = await commandManager.createCommandManager(
workingDirectory,
lfs,
doSparseCheckout
)
const refSpec = ['refspec1', 'refspec2']
const options = {
filter: 'filterValue',
fetchDepth: 0,
fetchTags: true
}
await git.fetch(refSpec, options)
expect(mockExec).toHaveBeenCalledWith(
expect.any(String),
[
'-c',
'protocol.version=2',
'fetch',
'--prune',
'--progress',
'--no-recurse-submodules',
'--filter=filterValue',
'origin',
'refspec1',
'refspec2'
],
expect.any(Object)
)
})
it('should call execGit with the correct arguments when fetchDepth is 0 and fetchTags is false', async () => {
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test'
const lfs = false
const doSparseCheckout = false
git = await commandManager.createCommandManager(
workingDirectory,
lfs,
doSparseCheckout
)
const refSpec = ['refspec1', 'refspec2']
const options = {
filter: 'filterValue',
fetchDepth: 0,
fetchTags: false
}
await git.fetch(refSpec, options)
expect(mockExec).toHaveBeenCalledWith(
expect.any(String),
[
'-c',
'protocol.version=2',
'fetch',
'--no-tags',
'--prune',
'--progress',
'--no-recurse-submodules',
'--filter=filterValue',
'origin',
'refspec1',
'refspec2'
],
expect.any(Object)
)
})
it('should call execGit with the correct arguments when fetchDepth is 1 and fetchTags is false', async () => {
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test'
const lfs = false
const doSparseCheckout = false
git = await commandManager.createCommandManager(
workingDirectory,
lfs,
doSparseCheckout
)
const refSpec = ['refspec1', 'refspec2']
const options = {
filter: 'filterValue',
fetchDepth: 1,
fetchTags: false
}
await git.fetch(refSpec, options)
expect(mockExec).toHaveBeenCalledWith(
expect.any(String),
[
'-c',
'protocol.version=2',
'fetch',
'--no-tags',
'--prune',
'--progress',
'--no-recurse-submodules',
'--filter=filterValue',
'--depth=1',
'origin',
'refspec1',
'refspec2'
],
expect.any(Object)
)
})
it('should call execGit with the correct arguments when fetchDepth is 1 and fetchTags is true', async () => {
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test'
const lfs = false
const doSparseCheckout = false
git = await commandManager.createCommandManager(
workingDirectory,
lfs,
doSparseCheckout
)
const refSpec = ['refspec1', 'refspec2']
const options = {
filter: 'filterValue',
fetchDepth: 1,
fetchTags: true
}
await git.fetch(refSpec, options)
expect(mockExec).toHaveBeenCalledWith(
expect.any(String),
[
'-c',
'protocol.version=2',
'fetch',
'--prune',
'--progress',
'--no-recurse-submodules',
'--filter=filterValue',
'--depth=1',
'origin',
'refspec1',
'refspec2'
],
expect.any(Object)
)
})
})

1
__test__/input-helper.test.ts
View File

@ -82,7 +82,6 @@ describe('input-helper tests', () => {
expect(settings.sparseCheckout).toBe(undefined) expect(settings.sparseCheckout).toBe(undefined)
expect(settings.sparseCheckoutConeMode).toBe(true) expect(settings.sparseCheckoutConeMode).toBe(true)
expect(settings.fetchDepth).toBe(1) expect(settings.fetchDepth).toBe(1)
expect(settings.fetchTags).toBe(false)
expect(settings.lfs).toBe(false) expect(settings.lfs).toBe(false)
expect(settings.ref).toBe('refs/heads/some-ref') expect(settings.ref).toBe('refs/heads/some-ref')
expect(settings.repositoryName).toBe('some-repo') expect(settings.repositoryName).toBe('some-repo')

3
action.yml
View File

@ -65,9 +65,6 @@ inputs:
fetch-depth: fetch-depth:
description: 'Number of commits to fetch. 0 indicates all history for all branches and tags.' description: 'Number of commits to fetch. 0 indicates all history for all branches and tags.'
default: 1 default: 1
fetch-tags:
description: 'Whether to fetch tags, even if fetch-depth > 0.'
default: false
lfs: lfs:
description: 'Whether to download Git-LFS files' description: 'Whether to download Git-LFS files'
default: false default: false

70
dist/index.js vendored
View File

@ -159,11 +159,11 @@ class GitAuthHelper {
this.sshKeyPath = ''; this.sshKeyPath = '';
this.sshKnownHostsPath = ''; this.sshKnownHostsPath = '';
this.temporaryHomePath = ''; this.temporaryHomePath = '';
this.gitConfigPath = '';
this.git = gitCommandManager; this.git = gitCommandManager;
this.settings = gitSourceSettings || {}; this.settings = gitSourceSettings || {};
// Token auth header // Token auth header
const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl); const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl);
this.tokenConfigKey = `http.${serverUrl.origin}/.extraheader`; // "origin" is SCHEME://HOSTNAME[:PORT]
const basicCredential = Buffer.from(`x-access-token:${this.settings.authToken}`, 'utf8').toString('base64'); const basicCredential = Buffer.from(`x-access-token:${this.settings.authToken}`, 'utf8').toString('base64');
core.setSecret(basicCredential); core.setSecret(basicCredential);
this.tokenPlaceholderConfigValue = `AUTHORIZATION: basic ***`; this.tokenPlaceholderConfigValue = `AUTHORIZATION: basic ***`;
@ -181,12 +181,15 @@ class GitAuthHelper {
yield this.removeAuth(); yield this.removeAuth();
// Configure new values // Configure new values
yield this.configureSsh(); yield this.configureSsh();
yield this.configureToken(); yield this.configureCredentialsHelper();
}); });
} }
configureTempGlobalConfig() { configureTempGlobalConfig() {
var _a, _b; var _a, _b;
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
if (!!this.gitConfigPath) {
return this.gitConfigPath;
}
// Already setup global config // Already setup global config
if (((_a = this.temporaryHomePath) === null || _a === void 0 ? void 0 : _a.length) > 0) { if (((_a = this.temporaryHomePath) === null || _a === void 0 ? void 0 : _a.length) > 0) {
return path.join(this.temporaryHomePath, '.gitconfig'); return path.join(this.temporaryHomePath, '.gitconfig');
@ -199,7 +202,7 @@ class GitAuthHelper {
yield fs.promises.mkdir(this.temporaryHomePath, { recursive: true }); yield fs.promises.mkdir(this.temporaryHomePath, { recursive: true });
// Copy the global git config // Copy the global git config
const gitConfigPath = path.join(process.env['HOME'] || os.homedir(), '.gitconfig'); const gitConfigPath = path.join(process.env['HOME'] || os.homedir(), '.gitconfig');
const newGitConfigPath = path.join(this.temporaryHomePath, '.gitconfig'); this.gitConfigPath = path.join(this.temporaryHomePath, '.gitconfig');
let configExists = false; let configExists = false;
try { try {
yield fs.promises.stat(gitConfigPath); yield fs.promises.stat(gitConfigPath);
@ -211,16 +214,31 @@ class GitAuthHelper {
} }
} }
if (configExists) { if (configExists) {
core.info(`Copying '${gitConfigPath}' to '${newGitConfigPath}'`); core.info(`Copying '${gitConfigPath}' to '${this.gitConfigPath}'`);
yield io.cp(gitConfigPath, newGitConfigPath); yield io.cp(gitConfigPath, this.gitConfigPath);
} }
else { else {
yield fs.promises.writeFile(newGitConfigPath, ''); yield fs.promises.writeFile(this.gitConfigPath, '');
} }
// Override HOME // Override HOME
core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`); core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath); this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
return newGitConfigPath; return this.gitConfigPath;
});
}
configureCredentialsHelper() {
return __awaiter(this, void 0, void 0, function* () {
if (this.settings.lfs) {
core.info(`lfs disabled, skipping custom credentials helper`);
return;
}
const newGitConfigPath = yield this.configureTempGlobalConfig();
const credentialHelper = `
[credential]
helper = "!f() { echo username=x-access-token; echo password=${this.tokenConfigValue}; };f"
`;
core.info(`Configuring git to use a custom credential helper for aut to handle git lfs`);
yield fs.promises.appendFile(newGitConfigPath, credentialHelper);
}); });
} }
configureGlobalAuth() { configureGlobalAuth() {
@ -229,7 +247,6 @@ class GitAuthHelper {
const newGitConfigPath = yield this.configureTempGlobalConfig(); const newGitConfigPath = yield this.configureTempGlobalConfig();
try { try {
// Configure the token // Configure the token
yield this.configureToken(newGitConfigPath, true);
// Configure HTTPS instead of SSH // Configure HTTPS instead of SSH
yield this.git.tryConfigUnset(this.insteadOfKey, true); yield this.git.tryConfigUnset(this.insteadOfKey, true);
if (!this.settings.sshKey) { if (!this.settings.sshKey) {
@ -241,7 +258,6 @@ class GitAuthHelper {
catch (err) { catch (err) {
// Unset in case somehow written to the real global config // Unset in case somehow written to the real global config
core.info('Encountered an error when attempting to configure token. Attempting unconfigure.'); core.info('Encountered an error when attempting to configure token. Attempting unconfigure.');
yield this.git.tryConfigUnset(this.tokenConfigKey, true);
throw err; throw err;
} }
}); });
@ -256,7 +272,7 @@ class GitAuthHelper {
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const output = yield this.git.submoduleForeach( const output = yield this.git.submoduleForeach(
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
`sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules); `sh -c "git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules);
// Replace the placeholder // Replace the placeholder
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []; const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
for (const configPath of configPaths) { for (const configPath of configPaths) {
@ -279,7 +295,6 @@ class GitAuthHelper {
removeAuth() { removeAuth() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
yield this.removeSsh(); yield this.removeSsh();
yield this.removeToken();
}); });
} }
removeGlobalConfig() { removeGlobalConfig() {
@ -349,22 +364,6 @@ class GitAuthHelper {
} }
}); });
} }
configureToken(configPath, globalConfig) {
return __awaiter(this, void 0, void 0, function* () {
// Validate args
assert.ok((configPath && globalConfig) || (!configPath && !globalConfig), 'Unexpected configureToken parameter combinations');
// Default config path
if (!configPath && !globalConfig) {
configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config');
}
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
yield this.git.config(this.tokenConfigKey, this.tokenPlaceholderConfigValue, globalConfig);
// Replace the placeholder
yield this.replaceTokenPlaceholder(configPath || '');
});
}
replaceTokenPlaceholder(configPath) { replaceTokenPlaceholder(configPath) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
assert.ok(configPath, 'configPath is not defined'); assert.ok(configPath, 'configPath is not defined');
@ -407,12 +406,6 @@ class GitAuthHelper {
yield this.removeGitConfig(SSH_COMMAND_KEY); yield this.removeGitConfig(SSH_COMMAND_KEY);
}); });
} }
removeToken() {
return __awaiter(this, void 0, void 0, function* () {
// HTTP extra header
yield this.removeGitConfig(this.tokenConfigKey);
});
}
removeGitConfig(configKey, submoduleOnly = false) { removeGitConfig(configKey, submoduleOnly = false) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
if (!submoduleOnly) { if (!submoduleOnly) {
@ -637,7 +630,7 @@ class GitCommandManager {
fetch(refSpec, options) { fetch(refSpec, options) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
const args = ['-c', 'protocol.version=2', 'fetch']; const args = ['-c', 'protocol.version=2', 'fetch'];
if (!refSpec.some(x => x === refHelper.tagsRefSpec) && !options.fetchTags) { if (!refSpec.some(x => x === refHelper.tagsRefSpec)) {
args.push('--no-tags'); args.push('--no-tags');
} }
args.push('--prune', '--progress', '--no-recurse-submodules'); args.push('--prune', '--progress', '--no-recurse-submodules');
@ -718,8 +711,8 @@ class GitCommandManager {
} }
log1(format) { log1(format) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
const args = format ? ['log', '-1', format] : ['log', '-1']; var args = format ? ['log', '-1', format] : ['log', '-1'];
const silent = format ? false : true; var silent = format ? false : true;
const output = yield this.execGit(args, false, silent); const output = yield this.execGit(args, false, silent);
return output.stdout; return output.stdout;
}); });
@ -1256,7 +1249,6 @@ function getSource(settings) {
} }
else { else {
fetchOptions.fetchDepth = settings.fetchDepth; fetchOptions.fetchDepth = settings.fetchDepth;
fetchOptions.fetchTags = settings.fetchTags;
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit); const refSpec = refHelper.getRefSpec(settings.ref, settings.commit);
yield git.fetch(refSpec, fetchOptions); yield git.fetch(refSpec, fetchOptions);
} }
@ -1735,10 +1727,6 @@ function getInputs() {
result.fetchDepth = 0; result.fetchDepth = 0;
} }
core.debug(`fetch depth = ${result.fetchDepth}`); core.debug(`fetch depth = ${result.fetchDepth}`);
// Fetch tags
result.fetchTags =
(core.getInput('fetch-tags') || 'false').toUpperCase() === 'TRUE';
core.debug(`fetch tags = ${result.fetchTags}`);
// LFS // LFS
result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE'; result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE';
core.debug(`lfs = ${result.lfs}`); core.debug(`lfs = ${result.lfs}`);

4
package-lock.json generated
View File

@ -1,12 +1,12 @@
{ {
"name": "checkout", "name": "checkout",
"version": "3.6.0", "version": "3.5.3",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "checkout", "name": "checkout",
"version": "3.6.0", "version": "3.5.3",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@actions/core": "^1.10.0", "@actions/core": "^1.10.0",

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "checkout", "name": "checkout",
"version": "3.6.0", "version": "3.5.3",
"description": "checkout action", "description": "checkout action",
"main": "lib/main.js", "main": "lib/main.js",
"scripts": { "scripts": {

76
src/git-auth-helper.ts
View File

@ -20,6 +20,7 @@ export interface IGitAuthHelper {
configureGlobalAuth(): Promise<void> configureGlobalAuth(): Promise<void>
configureSubmoduleAuth(): Promise<void> configureSubmoduleAuth(): Promise<void>
configureTempGlobalConfig(): Promise<string> configureTempGlobalConfig(): Promise<string>
configureCredentialsHelper(): Promise<void>
removeAuth(): Promise<void> removeAuth(): Promise<void>
removeGlobalConfig(): Promise<void> removeGlobalConfig(): Promise<void>
} }
@ -34,7 +35,6 @@ export function createAuthHelper(
class GitAuthHelper { class GitAuthHelper {
private readonly git: IGitCommandManager private readonly git: IGitCommandManager
private readonly settings: IGitSourceSettings private readonly settings: IGitSourceSettings
private readonly tokenConfigKey: string
private readonly tokenConfigValue: string private readonly tokenConfigValue: string
private readonly tokenPlaceholderConfigValue: string private readonly tokenPlaceholderConfigValue: string
private readonly insteadOfKey: string private readonly insteadOfKey: string
@ -43,6 +43,7 @@ class GitAuthHelper {
private sshKeyPath = '' private sshKeyPath = ''
private sshKnownHostsPath = '' private sshKnownHostsPath = ''
private temporaryHomePath = '' private temporaryHomePath = ''
private gitConfigPath = ''
constructor( constructor(
gitCommandManager: IGitCommandManager, gitCommandManager: IGitCommandManager,
@ -53,7 +54,6 @@ class GitAuthHelper {
// Token auth header // Token auth header
const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl) const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl)
this.tokenConfigKey = `http.${serverUrl.origin}/.extraheader` // "origin" is SCHEME://HOSTNAME[:PORT]
const basicCredential = Buffer.from( const basicCredential = Buffer.from(
`x-access-token:${this.settings.authToken}`, `x-access-token:${this.settings.authToken}`,
'utf8' 'utf8'
@ -78,10 +78,13 @@ class GitAuthHelper {
// Configure new values // Configure new values
await this.configureSsh() await this.configureSsh()
await this.configureToken() await this.configureCredentialsHelper()
} }
async configureTempGlobalConfig(): Promise<string> { async configureTempGlobalConfig(): Promise<string> {
if (!!this.gitConfigPath) {
return this.gitConfigPath
}
// Already setup global config // Already setup global config
if (this.temporaryHomePath?.length > 0) { if (this.temporaryHomePath?.length > 0) {
return path.join(this.temporaryHomePath, '.gitconfig') return path.join(this.temporaryHomePath, '.gitconfig')
@ -98,7 +101,7 @@ class GitAuthHelper {
process.env['HOME'] || os.homedir(), process.env['HOME'] || os.homedir(),
'.gitconfig' '.gitconfig'
) )
const newGitConfigPath = path.join(this.temporaryHomePath, '.gitconfig') this.gitConfigPath = path.join(this.temporaryHomePath, '.gitconfig')
let configExists = false let configExists = false
try { try {
await fs.promises.stat(gitConfigPath) await fs.promises.stat(gitConfigPath)
@ -109,10 +112,10 @@ class GitAuthHelper {
} }
} }
if (configExists) { if (configExists) {
core.info(`Copying '${gitConfigPath}' to '${newGitConfigPath}'`) core.info(`Copying '${gitConfigPath}' to '${this.gitConfigPath}'`)
await io.cp(gitConfigPath, newGitConfigPath) await io.cp(gitConfigPath, this.gitConfigPath)
} else { } else {
await fs.promises.writeFile(newGitConfigPath, '') await fs.promises.writeFile(this.gitConfigPath, '')
} }
// Override HOME // Override HOME
@ -121,7 +124,25 @@ class GitAuthHelper {
) )
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath) this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
return newGitConfigPath return this.gitConfigPath
}
async configureCredentialsHelper(): Promise<void> {
if (this.settings.lfs) {
core.info(`lfs disabled, skipping custom credentials helper`)
return
}
const newGitConfigPath = await this.configureTempGlobalConfig()
const credentialHelper = `
[credential]
helper = "!f() { echo username=x-access-token; echo password=${this.tokenConfigValue}; };f"
`
core.info(
`Configuring git to use a custom credential helper for aut to handle git lfs`
)
await fs.promises.appendFile(newGitConfigPath, credentialHelper)
} }
async configureGlobalAuth(): Promise<void> { async configureGlobalAuth(): Promise<void> {
@ -129,8 +150,6 @@ class GitAuthHelper {
const newGitConfigPath = await this.configureTempGlobalConfig() const newGitConfigPath = await this.configureTempGlobalConfig()
try { try {
// Configure the token // Configure the token
await this.configureToken(newGitConfigPath, true)
// Configure HTTPS instead of SSH // Configure HTTPS instead of SSH
await this.git.tryConfigUnset(this.insteadOfKey, true) await this.git.tryConfigUnset(this.insteadOfKey, true)
if (!this.settings.sshKey) { if (!this.settings.sshKey) {
@ -143,7 +162,6 @@ class GitAuthHelper {
core.info( core.info(
'Encountered an error when attempting to configure token. Attempting unconfigure.' 'Encountered an error when attempting to configure token. Attempting unconfigure.'
) )
await this.git.tryConfigUnset(this.tokenConfigKey, true)
throw err throw err
} }
} }
@ -158,7 +176,7 @@ class GitAuthHelper {
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const output = await this.git.submoduleForeach( const output = await this.git.submoduleForeach(
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
`sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, `sh -c "git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
this.settings.nestedSubmodules this.settings.nestedSubmodules
) )
@ -190,7 +208,6 @@ class GitAuthHelper {
async removeAuth(): Promise<void> { async removeAuth(): Promise<void> {
await this.removeSsh() await this.removeSsh()
await this.removeToken()
} }
async removeGlobalConfig(): Promise<void> { async removeGlobalConfig(): Promise<void> {
@ -272,34 +289,6 @@ class GitAuthHelper {
} }
} }
private async configureToken(
configPath?: string,
globalConfig?: boolean
): Promise<void> {
// Validate args
assert.ok(
(configPath && globalConfig) || (!configPath && !globalConfig),
'Unexpected configureToken parameter combinations'
)
// Default config path
if (!configPath && !globalConfig) {
configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config')
}
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
await this.git.config(
this.tokenConfigKey,
this.tokenPlaceholderConfigValue,
globalConfig
)
// Replace the placeholder
await this.replaceTokenPlaceholder(configPath || '')
}
private async replaceTokenPlaceholder(configPath: string): Promise<void> { private async replaceTokenPlaceholder(configPath: string): Promise<void> {
assert.ok(configPath, 'configPath is not defined') assert.ok(configPath, 'configPath is not defined')
let content = (await fs.promises.readFile(configPath)).toString() let content = (await fs.promises.readFile(configPath)).toString()
@ -345,11 +334,6 @@ class GitAuthHelper {
await this.removeGitConfig(SSH_COMMAND_KEY) await this.removeGitConfig(SSH_COMMAND_KEY)
} }
private async removeToken(): Promise<void> {
// HTTP extra header
await this.removeGitConfig(this.tokenConfigKey)
}
private async removeGitConfig( private async removeGitConfig(
configKey: string, configKey: string,
submoduleOnly: boolean = false submoduleOnly: boolean = false

9
src/git-command-manager.ts
View File

@ -33,7 +33,6 @@ export interface IGitCommandManager {
options: { options: {
filter?: string filter?: string
fetchDepth?: number fetchDepth?: number
fetchTags?: boolean
} }
): Promise<void> ): Promise<void>
getDefaultBranch(repositoryUrl: string): Promise<string> getDefaultBranch(repositoryUrl: string): Promise<string>
@ -241,10 +240,10 @@ class GitCommandManager {
async fetch( async fetch(
refSpec: string[], refSpec: string[],
options: {filter?: string; fetchDepth?: number; fetchTags?: boolean} options: {filter?: string; fetchDepth?: number}
): Promise<void> { ): Promise<void> {
const args = ['-c', 'protocol.version=2', 'fetch'] const args = ['-c', 'protocol.version=2', 'fetch']
if (!refSpec.some(x => x === refHelper.tagsRefSpec) && !options.fetchTags) { if (!refSpec.some(x => x === refHelper.tagsRefSpec)) {
args.push('--no-tags') args.push('--no-tags')
} }
@ -334,8 +333,8 @@ class GitCommandManager {
} }
async log1(format?: string): Promise<string> { async log1(format?: string): Promise<string> {
const args = format ? ['log', '-1', format] : ['log', '-1'] var args = format ? ['log', '-1', format] : ['log', '-1']
const silent = format ? false : true var silent = format ? false : true
const output = await this.execGit(args, false, silent) const output = await this.execGit(args, false, silent)
return output.stdout return output.stdout
} }

7
src/git-source-provider.ts
View File

@ -153,11 +153,7 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
// Fetch // Fetch
core.startGroup('Fetching the repository') core.startGroup('Fetching the repository')
const fetchOptions: { const fetchOptions: {filter?: string; fetchDepth?: number} = {}
filter?: string
fetchDepth?: number
fetchTags?: boolean
} = {}
if (settings.sparseCheckout) fetchOptions.filter = 'blob:none' if (settings.sparseCheckout) fetchOptions.filter = 'blob:none'
if (settings.fetchDepth <= 0) { if (settings.fetchDepth <= 0) {
// Fetch all branches and tags // Fetch all branches and tags
@ -175,7 +171,6 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
} }
} else { } else {
fetchOptions.fetchDepth = settings.fetchDepth fetchOptions.fetchDepth = settings.fetchDepth
fetchOptions.fetchTags = settings.fetchTags
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit) const refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
await git.fetch(refSpec, fetchOptions) await git.fetch(refSpec, fetchOptions)
} }

5
src/git-source-settings.ts
View File

@ -44,11 +44,6 @@ export interface IGitSourceSettings {
*/ */
fetchDepth: number fetchDepth: number
/**
* Fetch tags, even if fetchDepth > 0 (default: false)
*/
fetchTags: boolean
/** /**
* Indicates whether to fetch LFS objects * Indicates whether to fetch LFS objects
*/ */

5
src/input-helper.ts
View File

@ -100,11 +100,6 @@ export async function getInputs(): Promise<IGitSourceSettings> {
} }
core.debug(`fetch depth = ${result.fetchDepth}`) core.debug(`fetch depth = ${result.fetchDepth}`)
// Fetch tags
result.fetchTags =
(core.getInput('fetch-tags') || 'false').toUpperCase() === 'TRUE'
core.debug(`fetch tags = ${result.fetchTags}`)
// LFS // LFS
result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE' result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE'
core.debug(`lfs = ${result.lfs}`) core.debug(`lfs = ${result.lfs}`)