add input persist-credentials (#107)
parent
a572f640b0
commit
c170eefc26
|
@ -18,6 +18,7 @@ jobs:
|
||||||
- run: npm run lint
|
- run: npm run lint
|
||||||
- run: npm run pack
|
- run: npm run pack
|
||||||
- run: npm run gendocs
|
- run: npm run gendocs
|
||||||
|
- run: npm test
|
||||||
- name: Verify no unstaged changes
|
- name: Verify no unstaged changes
|
||||||
run: __test__/verify-no-unstaged-changes.sh
|
run: __test__/verify-no-unstaged-changes.sh
|
||||||
|
|
||||||
|
@ -84,15 +85,12 @@ jobs:
|
||||||
|
|
||||||
test-job-container:
|
test-job-container:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container: pstauffer/curl:latest
|
container: alpine:latest
|
||||||
steps:
|
steps:
|
||||||
# Clone this repo
|
# Clone this repo
|
||||||
# todo: after v2-beta contains the latest changes, switch this to "uses: actions/checkout@v2-beta". Also switch to "alpine:latest"
|
# todo: after v2-beta contains the latest changes, switch this to "uses: actions/checkout@v2-beta"
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
run: |
|
uses: actions/checkout@a572f640b07e96fc5837b3adfa0e5a2ddd8dae21
|
||||||
curl --location --user token:${{ github.token }} --output checkout.tar.gz https://api.github.com/repos/actions/checkout/tarball/${{ github.sha }}
|
|
||||||
tar -xzf checkout.tar.gz
|
|
||||||
mv */* ./
|
|
||||||
|
|
||||||
# Basic checkout
|
# Basic checkout
|
||||||
- name: Basic checkout
|
- name: Basic checkout
|
||||||
|
|
18
README.md
18
README.md
|
@ -15,16 +15,16 @@ Refer [here](https://help.github.com/en/articles/events-that-trigger-workflows)
|
||||||
- Improved fetch performance
|
- Improved fetch performance
|
||||||
- The default behavior now fetches only the commit being checked-out
|
- The default behavior now fetches only the commit being checked-out
|
||||||
- Script authenticated git commands
|
- Script authenticated git commands
|
||||||
- Persists `with.token` in the local git config
|
- Persists the input `token` in the local git config
|
||||||
- Enables your scripts to run authenticated git commands
|
- Enables your scripts to run authenticated git commands
|
||||||
- Post-job cleanup removes the token
|
- Post-job cleanup removes the token
|
||||||
- Coming soon: Opt out by setting `with.persist-credentials` to `false`
|
- Opt out by setting the input `persist-credentials: false`
|
||||||
- Creates a local branch
|
- Creates a local branch
|
||||||
- No longer detached HEAD when checking out a branch
|
- No longer detached HEAD when checking out a branch
|
||||||
- A local branch is created with the corresponding upstream branch set
|
- A local branch is created with the corresponding upstream branch set
|
||||||
- Improved layout
|
- Improved layout
|
||||||
- `with.path` is always relative to `github.workspace`
|
- The input `path` is always relative to $GITHUB_WORKSPACE
|
||||||
- Aligns better with container actions, where `github.workspace` gets mapped in
|
- Aligns better with container actions, where $GITHUB_WORKSPACE gets mapped in
|
||||||
- Fallback to REST API download
|
- Fallback to REST API download
|
||||||
- When Git 2.18 or higher is not in the PATH, the REST API will be used to download the files
|
- When Git 2.18 or higher is not in the PATH, the REST API will be used to download the files
|
||||||
- Removed input `submodules`
|
- Removed input `submodules`
|
||||||
|
@ -41,15 +41,21 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
|
||||||
# Default: ${{ github.repository }}
|
# Default: ${{ github.repository }}
|
||||||
repository: ''
|
repository: ''
|
||||||
|
|
||||||
# The branch, tag or SHA to checkout. When checking out the repository that
|
# The branch, tag or SHA to checkout. When checking out the repository that
|
||||||
# triggered a workflow, this defaults to the reference or SHA for that event.
|
# triggered a workflow, this defaults to the reference or SHA for that event.
|
||||||
# Otherwise, defaults to `master`.
|
# Otherwise, defaults to `master`.
|
||||||
ref: ''
|
ref: ''
|
||||||
|
|
||||||
# Access token for clone repository
|
# Auth token used to fetch the repository. The token is stored in the local git
|
||||||
|
# config, which enables your scripts to run authenticated git commands. The
|
||||||
|
# post-job step removes the token from the git config.
|
||||||
# Default: ${{ github.token }}
|
# Default: ${{ github.token }}
|
||||||
token: ''
|
token: ''
|
||||||
|
|
||||||
|
# Whether to persist the token in the git config
|
||||||
|
# Default: true
|
||||||
|
persist-credentials: ''
|
||||||
|
|
||||||
# Relative path under $GITHUB_WORKSPACE to place the repository
|
# Relative path under $GITHUB_WORKSPACE to place the repository
|
||||||
path: ''
|
path: ''
|
||||||
|
|
||||||
|
|
|
@ -63,7 +63,7 @@ describe('input-helper tests', () => {
|
||||||
it('sets defaults', () => {
|
it('sets defaults', () => {
|
||||||
const settings: ISourceSettings = inputHelper.getInputs()
|
const settings: ISourceSettings = inputHelper.getInputs()
|
||||||
expect(settings).toBeTruthy()
|
expect(settings).toBeTruthy()
|
||||||
expect(settings.accessToken).toBeFalsy()
|
expect(settings.authToken).toBeFalsy()
|
||||||
expect(settings.clean).toBe(true)
|
expect(settings.clean).toBe(true)
|
||||||
expect(settings.commit).toBeTruthy()
|
expect(settings.commit).toBeTruthy()
|
||||||
expect(settings.commit).toBe('1234567890123456789012345678901234567890')
|
expect(settings.commit).toBe('1234567890123456789012345678901234567890')
|
||||||
|
|
14
action.yml
14
action.yml
|
@ -6,12 +6,18 @@ inputs:
|
||||||
default: ${{ github.repository }}
|
default: ${{ github.repository }}
|
||||||
ref:
|
ref:
|
||||||
description: >
|
description: >
|
||||||
The branch, tag or SHA to checkout. When checking out the repository
|
The branch, tag or SHA to checkout. When checking out the repository that
|
||||||
that triggered a workflow, this defaults to the reference or SHA for
|
triggered a workflow, this defaults to the reference or SHA for that
|
||||||
that event. Otherwise, defaults to `master`.
|
event. Otherwise, defaults to `master`.
|
||||||
token:
|
token:
|
||||||
description: 'Access token for clone repository'
|
description: >
|
||||||
|
Auth token used to fetch the repository. The token is stored in the local
|
||||||
|
git config, which enables your scripts to run authenticated git commands.
|
||||||
|
The post-job step removes the token from the git config.
|
||||||
default: ${{ github.token }}
|
default: ${{ github.token }}
|
||||||
|
persist-credentials:
|
||||||
|
description: 'Whether to persist the token in the git config'
|
||||||
|
default: true
|
||||||
path:
|
path:
|
||||||
description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
|
description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
|
||||||
clean:
|
clean:
|
||||||
|
|
|
@ -4838,7 +4838,7 @@ class GitCommandManager {
|
||||||
}
|
}
|
||||||
config(configKey, configValue) {
|
config(configKey, configValue) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
yield this.execGit(['config', configKey, configValue]);
|
yield this.execGit(['config', '--local', configKey, configValue]);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
configExists(configKey) {
|
configExists(configKey) {
|
||||||
|
@ -4846,7 +4846,7 @@ class GitCommandManager {
|
||||||
const pattern = configKey.replace(/[^a-zA-Z0-9_]/g, x => {
|
const pattern = configKey.replace(/[^a-zA-Z0-9_]/g, x => {
|
||||||
return `\\${x}`;
|
return `\\${x}`;
|
||||||
});
|
});
|
||||||
const output = yield this.execGit(['config', '--name-only', '--get-regexp', pattern], true);
|
const output = yield this.execGit(['config', '--local', '--name-only', '--get-regexp', pattern], true);
|
||||||
return output.exitCode === 0;
|
return output.exitCode === 0;
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -4932,19 +4932,19 @@ class GitCommandManager {
|
||||||
}
|
}
|
||||||
tryConfigUnset(configKey) {
|
tryConfigUnset(configKey) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
const output = yield this.execGit(['config', '--unset-all', configKey], true);
|
const output = yield this.execGit(['config', '--local', '--unset-all', configKey], true);
|
||||||
return output.exitCode === 0;
|
return output.exitCode === 0;
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
tryDisableAutomaticGarbageCollection() {
|
tryDisableAutomaticGarbageCollection() {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
const output = yield this.execGit(['config', 'gc.auto', '0'], true);
|
const output = yield this.execGit(['config', '--local', 'gc.auto', '0'], true);
|
||||||
return output.exitCode === 0;
|
return output.exitCode === 0;
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
tryGetFetchUrl() {
|
tryGetFetchUrl() {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
const output = yield this.execGit(['config', '--get', 'remote.origin.url'], true);
|
const output = yield this.execGit(['config', '--local', '--get', 'remote.origin.url'], true);
|
||||||
if (output.exitCode !== 0) {
|
if (output.exitCode !== 0) {
|
||||||
return '';
|
return '';
|
||||||
}
|
}
|
||||||
|
@ -5121,7 +5121,7 @@ function getSource(settings) {
|
||||||
// Downloading using REST API
|
// Downloading using REST API
|
||||||
core.info(`The repository will be downloaded using the GitHub REST API`);
|
core.info(`The repository will be downloaded using the GitHub REST API`);
|
||||||
core.info(`To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`);
|
core.info(`To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`);
|
||||||
yield githubApiHelper.downloadRepository(settings.accessToken, settings.repositoryOwner, settings.repositoryName, settings.ref, settings.commit, settings.repositoryPath);
|
yield githubApiHelper.downloadRepository(settings.authToken, settings.repositoryOwner, settings.repositoryName, settings.ref, settings.commit, settings.repositoryPath);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Save state for POST action
|
// Save state for POST action
|
||||||
|
@ -5137,30 +5137,34 @@ function getSource(settings) {
|
||||||
}
|
}
|
||||||
// Remove possible previous extraheader
|
// Remove possible previous extraheader
|
||||||
yield removeGitConfig(git, authConfigKey);
|
yield removeGitConfig(git, authConfigKey);
|
||||||
// Add extraheader (auth)
|
try {
|
||||||
const base64Credentials = Buffer.from(`x-access-token:${settings.accessToken}`, 'utf8').toString('base64');
|
// Config auth token
|
||||||
core.setSecret(base64Credentials);
|
yield configureAuthToken(git, settings.authToken);
|
||||||
const authConfigValue = `AUTHORIZATION: basic ${base64Credentials}`;
|
// LFS install
|
||||||
yield git.config(authConfigKey, authConfigValue);
|
if (settings.lfs) {
|
||||||
// LFS install
|
yield git.lfsInstall();
|
||||||
if (settings.lfs) {
|
}
|
||||||
yield git.lfsInstall();
|
// Fetch
|
||||||
|
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit);
|
||||||
|
yield git.fetch(settings.fetchDepth, refSpec);
|
||||||
|
// Checkout info
|
||||||
|
const checkoutInfo = yield refHelper.getCheckoutInfo(git, settings.ref, settings.commit);
|
||||||
|
// LFS fetch
|
||||||
|
// Explicit lfs-fetch to avoid slow checkout (fetches one lfs object at a time).
|
||||||
|
// Explicit lfs fetch will fetch lfs objects in parallel.
|
||||||
|
if (settings.lfs) {
|
||||||
|
yield git.lfsFetch(checkoutInfo.startPoint || checkoutInfo.ref);
|
||||||
|
}
|
||||||
|
// Checkout
|
||||||
|
yield git.checkout(checkoutInfo.ref, checkoutInfo.startPoint);
|
||||||
|
// Dump some info about the checked out commit
|
||||||
|
yield git.log1();
|
||||||
}
|
}
|
||||||
// Fetch
|
finally {
|
||||||
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit);
|
if (!settings.persistCredentials) {
|
||||||
yield git.fetch(settings.fetchDepth, refSpec);
|
yield removeGitConfig(git, authConfigKey);
|
||||||
// Checkout info
|
}
|
||||||
const checkoutInfo = yield refHelper.getCheckoutInfo(git, settings.ref, settings.commit);
|
|
||||||
// LFS fetch
|
|
||||||
// Explicit lfs-fetch to avoid slow checkout (fetches one lfs object at a time).
|
|
||||||
// Explicit lfs fetch will fetch lfs objects in parallel.
|
|
||||||
if (settings.lfs) {
|
|
||||||
yield git.lfsFetch(checkoutInfo.startPoint || checkoutInfo.ref);
|
|
||||||
}
|
}
|
||||||
// Checkout
|
|
||||||
yield git.checkout(checkoutInfo.ref, checkoutInfo.startPoint);
|
|
||||||
// Dump some info about the checked out commit
|
|
||||||
yield git.log1();
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -5265,23 +5269,21 @@ function prepareExistingDirectory(git, repositoryPath, repositoryUrl, clean) {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
function configureAuthToken(git, authToken) {
|
||||||
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
|
// Add extraheader (auth)
|
||||||
|
const base64Credentials = Buffer.from(`x-access-token:${authToken}`, 'utf8').toString('base64');
|
||||||
|
core.setSecret(base64Credentials);
|
||||||
|
const authConfigValue = `AUTHORIZATION: basic ${base64Credentials}`;
|
||||||
|
yield git.config(authConfigKey, authConfigValue);
|
||||||
|
});
|
||||||
|
}
|
||||||
function removeGitConfig(git, configKey) {
|
function removeGitConfig(git, configKey) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
if ((yield git.configExists(configKey)) &&
|
if ((yield git.configExists(configKey)) &&
|
||||||
!(yield git.tryConfigUnset(configKey))) {
|
!(yield git.tryConfigUnset(configKey))) {
|
||||||
// Load the config contents
|
// Load the config contents
|
||||||
core.warning(`Failed to remove '${configKey}' from the git config. Attempting to remove the config value by editing the file directly.`);
|
core.warning(`Failed to remove '${configKey}' from the git config`);
|
||||||
const configPath = path.join(git.getWorkingDirectory(), '.git', 'config');
|
|
||||||
fsHelper.fileExistsSync(configPath);
|
|
||||||
let contents = fs.readFileSync(configPath).toString() || '';
|
|
||||||
// Filter - only includes lines that do not contain the config key
|
|
||||||
const upperConfigKey = configKey.toUpperCase();
|
|
||||||
const split = contents
|
|
||||||
.split('\n')
|
|
||||||
.filter(x => !x.toUpperCase().includes(upperConfigKey));
|
|
||||||
contents = split.join('\n');
|
|
||||||
// Rewrite the config file
|
|
||||||
fs.writeFileSync(configPath, contents);
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -8403,12 +8405,12 @@ const retryHelper = __importStar(__webpack_require__(587));
|
||||||
const toolCache = __importStar(__webpack_require__(533));
|
const toolCache = __importStar(__webpack_require__(533));
|
||||||
const v4_1 = __importDefault(__webpack_require__(826));
|
const v4_1 = __importDefault(__webpack_require__(826));
|
||||||
const IS_WINDOWS = process.platform === 'win32';
|
const IS_WINDOWS = process.platform === 'win32';
|
||||||
function downloadRepository(accessToken, owner, repo, ref, commit, repositoryPath) {
|
function downloadRepository(authToken, owner, repo, ref, commit, repositoryPath) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
// Download the archive
|
// Download the archive
|
||||||
let archiveData = yield retryHelper.execute(() => __awaiter(this, void 0, void 0, function* () {
|
let archiveData = yield retryHelper.execute(() => __awaiter(this, void 0, void 0, function* () {
|
||||||
core.info('Downloading the archive');
|
core.info('Downloading the archive');
|
||||||
return yield downloadArchive(accessToken, owner, repo, ref, commit);
|
return yield downloadArchive(authToken, owner, repo, ref, commit);
|
||||||
}));
|
}));
|
||||||
// Write archive to disk
|
// Write archive to disk
|
||||||
core.info('Writing archive to disk');
|
core.info('Writing archive to disk');
|
||||||
|
@ -8449,9 +8451,9 @@ function downloadRepository(accessToken, owner, repo, ref, commit, repositoryPat
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
exports.downloadRepository = downloadRepository;
|
exports.downloadRepository = downloadRepository;
|
||||||
function downloadArchive(accessToken, owner, repo, ref, commit) {
|
function downloadArchive(authToken, owner, repo, ref, commit) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
const octokit = new github.GitHub(accessToken);
|
const octokit = new github.GitHub(authToken);
|
||||||
const params = {
|
const params = {
|
||||||
owner: owner,
|
owner: owner,
|
||||||
repo: repo,
|
repo: repo,
|
||||||
|
@ -12764,8 +12766,11 @@ function getInputs() {
|
||||||
// LFS
|
// LFS
|
||||||
result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE';
|
result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE';
|
||||||
core.debug(`lfs = ${result.lfs}`);
|
core.debug(`lfs = ${result.lfs}`);
|
||||||
// Access token
|
// Auth token
|
||||||
result.accessToken = core.getInput('token');
|
result.authToken = core.getInput('token');
|
||||||
|
// Persist credentials
|
||||||
|
result.persistCredentials =
|
||||||
|
(core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE';
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
exports.getInputs = getInputs;
|
exports.getInputs = getInputs;
|
||||||
|
|
|
@ -116,7 +116,7 @@ class GitCommandManager {
|
||||||
}
|
}
|
||||||
|
|
||||||
async config(configKey: string, configValue: string): Promise<void> {
|
async config(configKey: string, configValue: string): Promise<void> {
|
||||||
await this.execGit(['config', configKey, configValue])
|
await this.execGit(['config', '--local', configKey, configValue])
|
||||||
}
|
}
|
||||||
|
|
||||||
async configExists(configKey: string): Promise<boolean> {
|
async configExists(configKey: string): Promise<boolean> {
|
||||||
|
@ -124,7 +124,7 @@ class GitCommandManager {
|
||||||
return `\\${x}`
|
return `\\${x}`
|
||||||
})
|
})
|
||||||
const output = await this.execGit(
|
const output = await this.execGit(
|
||||||
['config', '--name-only', '--get-regexp', pattern],
|
['config', '--local', '--name-only', '--get-regexp', pattern],
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
return output.exitCode === 0
|
return output.exitCode === 0
|
||||||
|
@ -211,20 +211,23 @@ class GitCommandManager {
|
||||||
|
|
||||||
async tryConfigUnset(configKey: string): Promise<boolean> {
|
async tryConfigUnset(configKey: string): Promise<boolean> {
|
||||||
const output = await this.execGit(
|
const output = await this.execGit(
|
||||||
['config', '--unset-all', configKey],
|
['config', '--local', '--unset-all', configKey],
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
return output.exitCode === 0
|
return output.exitCode === 0
|
||||||
}
|
}
|
||||||
|
|
||||||
async tryDisableAutomaticGarbageCollection(): Promise<boolean> {
|
async tryDisableAutomaticGarbageCollection(): Promise<boolean> {
|
||||||
const output = await this.execGit(['config', 'gc.auto', '0'], true)
|
const output = await this.execGit(
|
||||||
|
['config', '--local', 'gc.auto', '0'],
|
||||||
|
true
|
||||||
|
)
|
||||||
return output.exitCode === 0
|
return output.exitCode === 0
|
||||||
}
|
}
|
||||||
|
|
||||||
async tryGetFetchUrl(): Promise<string> {
|
async tryGetFetchUrl(): Promise<string> {
|
||||||
const output = await this.execGit(
|
const output = await this.execGit(
|
||||||
['config', '--get', 'remote.origin.url'],
|
['config', '--local', '--get', 'remote.origin.url'],
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
import * as core from '@actions/core'
|
import * as core from '@actions/core'
|
||||||
import * as coreCommand from '@actions/core/lib/command'
|
|
||||||
import * as fs from 'fs'
|
import * as fs from 'fs'
|
||||||
import * as fsHelper from './fs-helper'
|
import * as fsHelper from './fs-helper'
|
||||||
import * as gitCommandManager from './git-command-manager'
|
import * as gitCommandManager from './git-command-manager'
|
||||||
|
@ -21,7 +20,8 @@ export interface ISourceSettings {
|
||||||
clean: boolean
|
clean: boolean
|
||||||
fetchDepth: number
|
fetchDepth: number
|
||||||
lfs: boolean
|
lfs: boolean
|
||||||
accessToken: string
|
authToken: string
|
||||||
|
persistCredentials: boolean
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function getSource(settings: ISourceSettings): Promise<void> {
|
export async function getSource(settings: ISourceSettings): Promise<void> {
|
||||||
|
@ -65,7 +65,7 @@ export async function getSource(settings: ISourceSettings): Promise<void> {
|
||||||
`To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
|
`To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
|
||||||
)
|
)
|
||||||
await githubApiHelper.downloadRepository(
|
await githubApiHelper.downloadRepository(
|
||||||
settings.accessToken,
|
settings.authToken,
|
||||||
settings.repositoryOwner,
|
settings.repositoryOwner,
|
||||||
settings.repositoryName,
|
settings.repositoryName,
|
||||||
settings.ref,
|
settings.ref,
|
||||||
|
@ -94,43 +94,43 @@ export async function getSource(settings: ISourceSettings): Promise<void> {
|
||||||
// Remove possible previous extraheader
|
// Remove possible previous extraheader
|
||||||
await removeGitConfig(git, authConfigKey)
|
await removeGitConfig(git, authConfigKey)
|
||||||
|
|
||||||
// Add extraheader (auth)
|
try {
|
||||||
const base64Credentials = Buffer.from(
|
// Config auth token
|
||||||
`x-access-token:${settings.accessToken}`,
|
await configureAuthToken(git, settings.authToken)
|
||||||
'utf8'
|
|
||||||
).toString('base64')
|
|
||||||
core.setSecret(base64Credentials)
|
|
||||||
const authConfigValue = `AUTHORIZATION: basic ${base64Credentials}`
|
|
||||||
await git.config(authConfigKey, authConfigValue)
|
|
||||||
|
|
||||||
// LFS install
|
// LFS install
|
||||||
if (settings.lfs) {
|
if (settings.lfs) {
|
||||||
await git.lfsInstall()
|
await git.lfsInstall()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fetch
|
||||||
|
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
|
||||||
|
await git.fetch(settings.fetchDepth, refSpec)
|
||||||
|
|
||||||
|
// Checkout info
|
||||||
|
const checkoutInfo = await refHelper.getCheckoutInfo(
|
||||||
|
git,
|
||||||
|
settings.ref,
|
||||||
|
settings.commit
|
||||||
|
)
|
||||||
|
|
||||||
|
// LFS fetch
|
||||||
|
// Explicit lfs-fetch to avoid slow checkout (fetches one lfs object at a time).
|
||||||
|
// Explicit lfs fetch will fetch lfs objects in parallel.
|
||||||
|
if (settings.lfs) {
|
||||||
|
await git.lfsFetch(checkoutInfo.startPoint || checkoutInfo.ref)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Checkout
|
||||||
|
await git.checkout(checkoutInfo.ref, checkoutInfo.startPoint)
|
||||||
|
|
||||||
|
// Dump some info about the checked out commit
|
||||||
|
await git.log1()
|
||||||
|
} finally {
|
||||||
|
if (!settings.persistCredentials) {
|
||||||
|
await removeGitConfig(git, authConfigKey)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fetch
|
|
||||||
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
|
|
||||||
await git.fetch(settings.fetchDepth, refSpec)
|
|
||||||
|
|
||||||
// Checkout info
|
|
||||||
const checkoutInfo = await refHelper.getCheckoutInfo(
|
|
||||||
git,
|
|
||||||
settings.ref,
|
|
||||||
settings.commit
|
|
||||||
)
|
|
||||||
|
|
||||||
// LFS fetch
|
|
||||||
// Explicit lfs-fetch to avoid slow checkout (fetches one lfs object at a time).
|
|
||||||
// Explicit lfs fetch will fetch lfs objects in parallel.
|
|
||||||
if (settings.lfs) {
|
|
||||||
await git.lfsFetch(checkoutInfo.startPoint || checkoutInfo.ref)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Checkout
|
|
||||||
await git.checkout(checkoutInfo.ref, checkoutInfo.startPoint)
|
|
||||||
|
|
||||||
// Dump some info about the checked out commit
|
|
||||||
await git.log1()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -255,6 +255,20 @@ async function prepareExistingDirectory(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function configureAuthToken(
|
||||||
|
git: IGitCommandManager,
|
||||||
|
authToken: string
|
||||||
|
): Promise<void> {
|
||||||
|
// Add extraheader (auth)
|
||||||
|
const base64Credentials = Buffer.from(
|
||||||
|
`x-access-token:${authToken}`,
|
||||||
|
'utf8'
|
||||||
|
).toString('base64')
|
||||||
|
core.setSecret(base64Credentials)
|
||||||
|
const authConfigValue = `AUTHORIZATION: basic ${base64Credentials}`
|
||||||
|
await git.config(authConfigKey, authConfigValue)
|
||||||
|
}
|
||||||
|
|
||||||
async function removeGitConfig(
|
async function removeGitConfig(
|
||||||
git: IGitCommandManager,
|
git: IGitCommandManager,
|
||||||
configKey: string
|
configKey: string
|
||||||
|
@ -264,21 +278,6 @@ async function removeGitConfig(
|
||||||
!(await git.tryConfigUnset(configKey))
|
!(await git.tryConfigUnset(configKey))
|
||||||
) {
|
) {
|
||||||
// Load the config contents
|
// Load the config contents
|
||||||
core.warning(
|
core.warning(`Failed to remove '${configKey}' from the git config`)
|
||||||
`Failed to remove '${configKey}' from the git config. Attempting to remove the config value by editing the file directly.`
|
|
||||||
)
|
|
||||||
const configPath = path.join(git.getWorkingDirectory(), '.git', 'config')
|
|
||||||
fsHelper.fileExistsSync(configPath)
|
|
||||||
let contents = fs.readFileSync(configPath).toString() || ''
|
|
||||||
|
|
||||||
// Filter - only includes lines that do not contain the config key
|
|
||||||
const upperConfigKey = configKey.toUpperCase()
|
|
||||||
const split = contents
|
|
||||||
.split('\n')
|
|
||||||
.filter(x => !x.toUpperCase().includes(upperConfigKey))
|
|
||||||
contents = split.join('\n')
|
|
||||||
|
|
||||||
// Rewrite the config file
|
|
||||||
fs.writeFileSync(configPath, contents)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,7 @@ import {ReposGetArchiveLinkParams} from '@octokit/rest'
|
||||||
const IS_WINDOWS = process.platform === 'win32'
|
const IS_WINDOWS = process.platform === 'win32'
|
||||||
|
|
||||||
export async function downloadRepository(
|
export async function downloadRepository(
|
||||||
accessToken: string,
|
authToken: string,
|
||||||
owner: string,
|
owner: string,
|
||||||
repo: string,
|
repo: string,
|
||||||
ref: string,
|
ref: string,
|
||||||
|
@ -22,7 +22,7 @@ export async function downloadRepository(
|
||||||
// Download the archive
|
// Download the archive
|
||||||
let archiveData = await retryHelper.execute(async () => {
|
let archiveData = await retryHelper.execute(async () => {
|
||||||
core.info('Downloading the archive')
|
core.info('Downloading the archive')
|
||||||
return await downloadArchive(accessToken, owner, repo, ref, commit)
|
return await downloadArchive(authToken, owner, repo, ref, commit)
|
||||||
})
|
})
|
||||||
|
|
||||||
// Write archive to disk
|
// Write archive to disk
|
||||||
|
@ -68,13 +68,13 @@ export async function downloadRepository(
|
||||||
}
|
}
|
||||||
|
|
||||||
async function downloadArchive(
|
async function downloadArchive(
|
||||||
accessToken: string,
|
authToken: string,
|
||||||
owner: string,
|
owner: string,
|
||||||
repo: string,
|
repo: string,
|
||||||
ref: string,
|
ref: string,
|
||||||
commit: string
|
commit: string
|
||||||
): Promise<Buffer> {
|
): Promise<Buffer> {
|
||||||
const octokit = new github.GitHub(accessToken)
|
const octokit = new github.GitHub(authToken)
|
||||||
const params: ReposGetArchiveLinkParams = {
|
const params: ReposGetArchiveLinkParams = {
|
||||||
owner: owner,
|
owner: owner,
|
||||||
repo: repo,
|
repo: repo,
|
||||||
|
|
|
@ -97,8 +97,12 @@ export function getInputs(): ISourceSettings {
|
||||||
result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE'
|
result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE'
|
||||||
core.debug(`lfs = ${result.lfs}`)
|
core.debug(`lfs = ${result.lfs}`)
|
||||||
|
|
||||||
// Access token
|
// Auth token
|
||||||
result.accessToken = core.getInput('token')
|
result.authToken = core.getInput('token')
|
||||||
|
|
||||||
|
// Persist credentials
|
||||||
|
result.persistCredentials =
|
||||||
|
(core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'
|
||||||
|
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue