actions
/
toolkit
mirror of https://github.com/actions/toolkit
1
0
Fork 0
Code

Moved oidc functionality to actions/core

pull/887/head
Sourav Chanduka 2021-08-04 09:24:51 +05:30
parent 5afccaa9db
commit 9c6e7d8265
18 changed files with 170 additions and 17027 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
packages/core/__tests__/core.test.ts
View File

@ -2,6 +2,7 @@ import * as fs from 'fs'
import * as os from 'os'
import * as path from 'path'
import * as core from '../src/core'
var httpclient = require('@actions/http-client')
/* eslint-disable @typescript-eslint/unbound-method */
@ -387,3 +388,20 @@ function verifyFileCommand(command: string, expectedContents: string): void {
fs.unlinkSync(filePath)
}
}
function getTokenEndPoint() {
return 'https://vstoken.actions.githubusercontent.com/.well-known/openid-configuration'
}
describe('oidc-client-tests', () => {
it('Get Http Client', async () => {
const http = new httpclient.HttpClient('actions/oidc-client')
expect(http).toBeDefined()
})
it('HTTP get request to get token endpoint', async () => {
const http = new httpclient.HttpClient('actions/oidc-client')
const res = await http.get(getTokenEndPoint())
expect(res.message.statusCode).toBe(200)
})
})

54
packages/core/package-lock.json generated
View File

@ -1,14 +1,64 @@
{
"name": "@actions/core",
"version": "1.4.0",
"lockfileVersion": 1,
"version": "1.4.1",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "@actions/core",
"version": "1.4.1",
"license": "MIT",
"devDependencies": {
"@actions/http-client": "^1.0.11",
"@types/node": "^12.0.2"
}
},
"node_modules/@actions/http-client": {
"version": "1.0.11",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz",
"integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==",
"dev": true,
"dependencies": {
"tunnel": "0.0.6"
}
},
"node_modules/@types/node": {
"version": "12.0.2",
"resolved": "https://registry.npmjs.org/@types/node/-/node-12.0.2.tgz",
"integrity": "sha512-5tabW/i+9mhrfEOUcLDu2xBPsHJ+X5Orqy9FKpale3SjDA17j5AEpYq5vfy3oAeAHGcvANRCO3NV3d2D6q3NiA==",
"dev": true
},
"node_modules/tunnel": {
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
"dev": true,
"engines": {
"node": ">=0.6.11 <=0.7.0 || >=0.7.3"
}
}
},
"dependencies": {
"@actions/http-client": {
"version": "1.0.11",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz",
"integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==",
"dev": true,
"requires": {
"tunnel": "0.0.6"
}
},
"@types/node": {
"version": "12.0.2",
"resolved": "https://registry.npmjs.org/@types/node/-/node-12.0.2.tgz",
"integrity": "sha512-5tabW/i+9mhrfEOUcLDu2xBPsHJ+X5Orqy9FKpale3SjDA17j5AEpYq5vfy3oAeAHGcvANRCO3NV3d2D6q3NiA==",
"dev": true
},
"tunnel": {
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
"dev": true
}
}
}

3
packages/core/package.json
View File

@ -1,6 +1,6 @@
{
"name": "@actions/core",
"version": "1.4.0",
"version": "1.4.1",
"description": "Actions core lib",
"keywords": [
"github",
@ -36,6 +36,7 @@
"url": "https://github.com/actions/toolkit/issues"
},
"devDependencies": {
"@actions/http-client": "^1.0.11",
"@types/node": "^12.0.2"
}
}

19
packages/core/src/core.ts
View File

@ -5,6 +5,8 @@ import {toCommandValue} from './utils'
import * as os from 'os'
import * as path from 'path'
import {getIDTokenUrl, parseJson, postCall} from './oidc-utils'
/**
* Interface for getInput options
*/
@ -284,3 +286,20 @@ export function saveState(name: string, value: any): void {
export function getState(name: string): string {
return process.env[`STATE_${name}`] || ''
}
export async function getIDToken(audience: string): Promise<string> {
try {
// New ID Token is requested from action service
let id_token_url: string = getIDTokenUrl()
debug(`ID token url is ${id_token_url}`)
let body: string = await postCall(id_token_url, audience)
let id_token = parseJson(body)
return id_token
} catch (error) {
setFailed(error.message)
return error.message
}
}

79
packages/core/src/oidc-utils.ts Normal file
View File

@ -0,0 +1,79 @@
import * as actions_http_client from '@actions/http-client'
import {IHeaders} from '@actions/http-client/interfaces'
import {HttpClient} from '@actions/http-client'
import {BearerCredentialHandler} from '@actions/http-client/auth'
import {debug} from './core'
export function createHttpClient() {
return new HttpClient('actions/oidc-client', [
new BearerCredentialHandler(getRuntimeToken())
])
}
export function getApiVersion(): string {
return '2.0'
}
export function getRuntimeToken(){
const token = process.env['ACTIONS_RUNTIME_TOKEN']
if (!token) {
throw new Error('Unable to get ACTIONS_RUNTIME_TOKEN env variable')
}
return token
}
export function getIDTokenUrl(){
let runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
if (!runtimeUrl) {
throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable')
}
return runtimeUrl + '?api-version=' + getApiVersion()
}
export function isSuccessStatusCode(statusCode?: number): boolean {
if (!statusCode) {
return false
}
return statusCode >= 200 && statusCode < 300
}
export async function postCall(id_token_url: string, audience: string): Promise<string> {
const httpclient = createHttpClient()
if (httpclient === undefined) {
throw new Error(`Failed to get Httpclient `)
}
debug(`Httpclient created ${httpclient} `) // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true
const additionalHeaders: IHeaders = {}
additionalHeaders[actions_http_client.Headers.ContentType] = actions_http_client.MediaTypes.ApplicationJson
additionalHeaders[actions_http_client.Headers.Accept] = actions_http_client.MediaTypes.ApplicationJson
debug(`audience is ${audience !== null ? audience : 'null'}`)
const data: string = audience !== null ? JSON.stringify({aud: audience}) : ''
const response = await httpclient.post(id_token_url, data, additionalHeaders)
if (!isSuccessStatusCode(response.message.statusCode)) {
throw new Error(
`Failed to get ID Token. Error Code : ${response.message.statusCode} Error message : ${response.message.statusMessage}`
)
}
let body: string = await response.readBody()
return body
}
export function parseJson(body: string): string {
const val = JSON.parse(body)
let id_token = ''
if ('value' in val) {
id_token = val['value']
} else {
throw new Error('Response json body do not have ID Token field')
}
debug(`id_token : ${id_token}`)
return id_token
}

9
packages/oidc-client/LICENSE.md
View File

@ -1,9 +0,0 @@
The MIT License (MIT)
Copyright 2019 GitHub
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

58
packages/oidc-client/README.md
View File

@ -1,58 +0,0 @@
<h2>@actions/oidc-client</h2>
<h3>Usage</h3>
You can use this package to interact with the GitHub OIDC provider and get a JWT ID token which would help to get access token from third party cloud providers.
<h3>Get the ID token</h3>
Method Name: getIDToken
<h3>Inputs</h3>
audience : optional
<h3>Outputs</h3>
A [JWT](https://jwt.io/) ID Token
<h3>Example:</h3>
You can use this [template](https://github.com/actions/typescript-action) to use the package.
main.ts
```
const core = require('@actions/core');
const id = require('@actions/oidc-client')
async function getIDTokenAction(): Promise<void> {
let aud = ''
const audience = core.getInput('audience', {required: false})
if (audience !== undefined)
aud = `${audience}`
const id_token = await id.getIDToken(aud)
const val = `ID token is ${id_token}`
core.setOutput('id_token', id_token);
}
getIDTokenAction()
```
actions.yml
```
name: 'GetIDToken'
description: 'Get ID token from Github OIDC provider'
inputs:
audience:
description: 'Audience for which the ID token is intended for'
required: false
outputs:
id_token:
description: 'ID token obtained from OIDC provider'
runs:
using: 'node12'
main: 'dist/index.js'
```

18
packages/oidc-client/__tests__/main.test.ts
View File

@ -1,18 +0,0 @@
var httpclient = require('@actions/http-client')
function getTokenEndPoint() {
return 'https://vstoken.actions.githubusercontent.com/.well-known/openid-configuration'
}
describe('oidc-client-tests', () => {
it('Get Http Client', async () => {
const http = new httpclient.HttpClient('actions/oidc-client')
expect(http).toBeDefined()
})
it('HTTP get request to get token endpoint', async () => {
const http = new httpclient.HttpClient('actions/oidc-client')
const res = await http.get(getTokenEndPoint())
expect(res.message.statusCode).toBe(200)
})
})

1711
packages/oidc-client/dist/index.js vendored
View File

File diff suppressed because it is too large Load Diff

1
packages/oidc-client/dist/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

60
packages/oidc-client/dist/licenses.txt vendored
View File

@ -1,60 +0,0 @@
@actions/core
MIT
The MIT License (MIT)
Copyright 2019 GitHub
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@actions/http-client
MIT
Actions Http Client for Node.js
Copyright (c) GitHub, Inc.
All rights reserved.
MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
associated documentation files (the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
tunnel
MIT
The MIT License (MIT)
Copyright (c) 2012 Koichi Kobayashi
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

3910
packages/oidc-client/dist/sourcemap-register.js vendored
View File

File diff suppressed because it is too large Load Diff

11089
packages/oidc-client/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

55
packages/oidc-client/package.json
View File

@ -1,55 +0,0 @@
{
"name": "@actions/oidc-client",
"version": "0.0.0",
"description": "To get id token from oidc provider",
"main": "lib/main.js",
"types": "lib/main.d.ts",
"scripts": {
"build": "tsc",
"format": "prettier --write **/*.ts",
"format-check": "prettier --check **/*.ts",
"package": "ncc build --source-map --license licenses.txt",
"test": "jest",
"all": "npm run build && npm run format && npm run package && npm test",
"tsc": "tsc"
},
"publishConfig": {
"access": "public"
},
"repository": {
"type": "git",
"url": "git+https://github.com/actions/toolkit.git",
"directory": "packages/oidc-client"
},
"keywords": [
"actions",
"node",
"setup"
],
"directories": {
"lib": "lib"
},
"license": "MIT",
"dependencies": {
"@actions/core": "^1.2.6",
"@actions/http-client": "^1.0.11",
"@octokit/core": "^3.4.0",
"jwt-decode": "3.1.2"
},
"devDependencies": {
"@types/jest": "^26.0.15",
"@types/node": "^14.14.9",
"@vercel/ncc": "^0.25.1",
"jest": "^26.6.3",
"jest-circus": "^26.6.3",
"js-yaml": "^3.14.0",
"prettier": "2.2.1",
"ts-jest": "^26.4.4",
"typescript": "^4.1.3",
"jwt-decode": "3.1.2"
},
"bugs": {
"url": "https://github.com/actions/toolkit/issues"
},
"homepage": "https://github.com/actions/toolkit#readme"
}

17
packages/oidc-client/src/internal/config-variables.ts
View File

@ -1,17 +0,0 @@
import {getApiVersion} from './utils'
export function getRuntimeToken(){
const token = process.env['ACTIONS_RUNTIME_TOKEN']
if (!token) {
throw new Error('Unable to get ACTIONS_RUNTIME_TOKEN env variable')
}
return token
}
export function getIDTokenUrl(){
const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
if (!runtimeUrl) {
throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable')
}
return runtimeUrl + '?api-version=' + getApiVersion()
}

20
packages/oidc-client/src/internal/utils.ts
View File

@ -1,20 +0,0 @@
import {HttpClient} from '@actions/http-client'
import {BearerCredentialHandler} from '@actions/http-client/auth'
import {getRuntimeToken} from './config-variables'
export function isSuccessStatusCode(statusCode?: number): boolean {
if (!statusCode) {
return false
}
return statusCode >= 200 && statusCode < 300
}
export function createHttpClient(): HttpClient {
return new HttpClient('actions/oidc-client', [
new BearerCredentialHandler(getRuntimeToken())
])
}
export function getApiVersion(): string {
return '2.0'
}

62
packages/oidc-client/src/main.ts
View File

@ -1,62 +0,0 @@
import * as core from '@actions/core'
import * as actions_http_client from '@actions/http-client'
import {IHeaders} from '@actions/http-client/interfaces'
import {createHttpClient, isSuccessStatusCode} from './internal/utils'
import {getIDTokenUrl} from './internal/config-variables'
async function postCall(id_token_url: string, audience: string): Promise<string> {
const httpclient = createHttpClient()
if (httpclient === undefined) {
throw new Error(`Failed to get Httpclient `)
}
core.debug(`Httpclient created ${httpclient} `) // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true
const additionalHeaders: IHeaders = {}
additionalHeaders[actions_http_client.Headers.ContentType] = actions_http_client.MediaTypes.ApplicationJson
additionalHeaders[actions_http_client.Headers.Accept] = actions_http_client.MediaTypes.ApplicationJson
core.debug(`audience is ${audience !== null ? audience : 'null'}`)
const data: string = audience !== null ? JSON.stringify({aud: audience}) : ''
const response = await httpclient.post(id_token_url, data, additionalHeaders)
if (!isSuccessStatusCode(response.message.statusCode)) {
throw new Error(
`Failed to get ID Token. Error Code : ${response.message.statusCode} Error message : ${response.message.statusMessage}`
)
}
let body: string = await response.readBody()
return body
}
function parseJson(body: string): string {
const val = JSON.parse(body)
let id_token = ''
if ('value' in val) {
id_token = val['value']
} else {
throw new Error('Response json body do not have ID Token field')
}
core.debug(`id_token : ${id_token}`)
return id_token
}
export async function getIDToken(audience: string): Promise<string> {
try {
// New ID Token is requested from action service
let id_token_url: string = getIDTokenUrl()
core.debug(`ID token url is ${id_token_url}`)
let body: string = await postCall(id_token_url, audience)
let id_token = parseJson(body)
return id_token
} catch (error) {
core.setFailed(error.message)
return error.message
}
}

14
packages/oidc-client/tsconfig.json
View File

@ -1,14 +0,0 @@
{
"extends": "../../tsconfig.json",
"compilerOptions": {
"baseUrl": "./",
"outDir": "./lib", /* Redirect output structure to the directory. */
"rootDir": "./src", /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
"noImplicitAny": true, /* Raise error on expressions and declarations with an implied 'any' type. */
"esModuleInterop": true, /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
"moduleResolution": "node",
},
"include": [
"./src"
]
}