Compare commits
7 Commits
main
...
releases/v
Author | SHA1 | Date | |
---|---|---|---|
|
ee0669bd1c | ||
|
dc323e67f1 | ||
|
e2f20e631a | ||
|
b2eb13baee | ||
|
7884fcad6b | ||
|
f67ee5d622 | ||
|
f25a3a9f25 |
40
.github/workflows/test.yml
vendored
40
.github/workflows/test.yml
vendored
@ -142,7 +142,7 @@ jobs:
|
|||||||
options: --dns 127.0.0.1
|
options: --dns 127.0.0.1
|
||||||
services:
|
services:
|
||||||
squid-proxy:
|
squid-proxy:
|
||||||
image: datadog/squid:latest
|
image: ubuntu/squid:latest
|
||||||
ports:
|
ports:
|
||||||
- 3128:3128
|
- 3128:3128
|
||||||
env:
|
env:
|
||||||
@ -205,3 +205,41 @@ jobs:
|
|||||||
path: basic
|
path: basic
|
||||||
- name: Verify basic
|
- name: Verify basic
|
||||||
run: __test__/verify-basic.sh --archive
|
run: __test__/verify-basic.sh --archive
|
||||||
|
|
||||||
|
test-git-container:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
container: bitnami/git:latest
|
||||||
|
steps:
|
||||||
|
# Clone this repo
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
with:
|
||||||
|
path: v3
|
||||||
|
|
||||||
|
# Basic checkout using git
|
||||||
|
- name: Checkout basic
|
||||||
|
uses: ./v3
|
||||||
|
with:
|
||||||
|
ref: test-data/v2/basic
|
||||||
|
- name: Verify basic
|
||||||
|
run: |
|
||||||
|
if [ ! -f "./basic-file.txt" ]; then
|
||||||
|
echo "Expected basic file does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Verify .git folder
|
||||||
|
if [ ! -d "./.git" ]; then
|
||||||
|
echo "Expected ./.git folder to exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Verify auth token
|
||||||
|
git config --global --add safe.directory "*"
|
||||||
|
git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
|
||||||
|
|
||||||
|
# needed to make checkout post cleanup succeed
|
||||||
|
- name: Fix Checkout v3
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
with:
|
||||||
|
path: v3
|
BIN
.licenses/npm/@actions/core.dep.yml
generated
BIN
.licenses/npm/@actions/core.dep.yml
generated
Binary file not shown.
BIN
.licenses/npm/@actions/http-client-2.0.1.dep.yml
generated
Normal file
BIN
.licenses/npm/@actions/http-client-2.0.1.dep.yml
generated
Normal file
Binary file not shown.
BIN
.licenses/npm/@actions/io.dep.yml
generated
BIN
.licenses/npm/@actions/io.dep.yml
generated
Binary file not shown.
BIN
.licenses/npm/node-fetch.dep.yml
generated
BIN
.licenses/npm/node-fetch.dep.yml
generated
Binary file not shown.
BIN
.licenses/npm/qs.dep.yml
generated
BIN
.licenses/npm/qs.dep.yml
generated
Binary file not shown.
Binary file not shown.
BIN
.licenses/npm/uuid-8.3.2.dep.yml
generated
Normal file
BIN
.licenses/npm/uuid-8.3.2.dep.yml
generated
Normal file
Binary file not shown.
@ -1,5 +1,14 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## v2.5.0
|
||||||
|
- [Bump @actions/core to v1.10.0](https://github.com/actions/checkout/pull/962)
|
||||||
|
|
||||||
|
## v2.4.2
|
||||||
|
- [Add input `set-safe-directory`](https://github.com/actions/checkout/pull/776)
|
||||||
|
|
||||||
|
## v2.4.1
|
||||||
|
- [Set the safe directory option on git to prevent git commands failing when running in containers](https://github.com/actions/checkout/pull/762)
|
||||||
|
|
||||||
## v2.3.1
|
## v2.3.1
|
||||||
|
|
||||||
- [Fix default branch resolution for .wiki and when using SSH](https://github.com/actions/checkout/pull/284)
|
- [Fix default branch resolution for .wiki and when using SSH](https://github.com/actions/checkout/pull/284)
|
||||||
|
@ -105,6 +105,11 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
|
|||||||
#
|
#
|
||||||
# Default: false
|
# Default: false
|
||||||
submodules: ''
|
submodules: ''
|
||||||
|
|
||||||
|
# Add repository path as safe.directory for Git global config by running `git
|
||||||
|
# config --global --add safe.directory <path>`
|
||||||
|
# Default: true
|
||||||
|
set-safe-directory: ''
|
||||||
```
|
```
|
||||||
<!-- end usage -->
|
<!-- end usage -->
|
||||||
|
|
||||||
|
@ -643,10 +643,11 @@ describe('git-auth-helper tests', () => {
|
|||||||
expect(gitConfigContent.indexOf('http.')).toBeLessThan(0)
|
expect(gitConfigContent.indexOf('http.')).toBeLessThan(0)
|
||||||
})
|
})
|
||||||
|
|
||||||
const removeGlobalAuth_removesOverride = 'removeGlobalAuth removes override'
|
const removeGlobalConfig_removesOverride =
|
||||||
it(removeGlobalAuth_removesOverride, async () => {
|
'removeGlobalConfig removes override'
|
||||||
|
it(removeGlobalConfig_removesOverride, async () => {
|
||||||
// Arrange
|
// Arrange
|
||||||
await setup(removeGlobalAuth_removesOverride)
|
await setup(removeGlobalConfig_removesOverride)
|
||||||
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
await authHelper.configureAuth()
|
await authHelper.configureAuth()
|
||||||
await authHelper.configureGlobalAuth()
|
await authHelper.configureGlobalAuth()
|
||||||
@ -655,7 +656,7 @@ describe('git-auth-helper tests', () => {
|
|||||||
await fs.promises.stat(path.join(git.env['HOME'], '.gitconfig'))
|
await fs.promises.stat(path.join(git.env['HOME'], '.gitconfig'))
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
await authHelper.removeGlobalAuth()
|
await authHelper.removeGlobalConfig()
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
expect(git.env['HOME']).toBeUndefined()
|
expect(git.env['HOME']).toBeUndefined()
|
||||||
@ -776,7 +777,8 @@ async function setup(testName: string): Promise<void> {
|
|||||||
sshKey: sshPath ? 'some ssh private key' : '',
|
sshKey: sshPath ? 'some ssh private key' : '',
|
||||||
sshKnownHosts: '',
|
sshKnownHosts: '',
|
||||||
sshStrict: true,
|
sshStrict: true,
|
||||||
workflowOrganizationId: 123456
|
workflowOrganizationId: 123456,
|
||||||
|
setSafeDirectory: true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -85,6 +85,7 @@ describe('input-helper tests', () => {
|
|||||||
expect(settings.repositoryName).toBe('some-repo')
|
expect(settings.repositoryName).toBe('some-repo')
|
||||||
expect(settings.repositoryOwner).toBe('some-owner')
|
expect(settings.repositoryOwner).toBe('some-owner')
|
||||||
expect(settings.repositoryPath).toBe(gitHubWorkspace)
|
expect(settings.repositoryPath).toBe(gitHubWorkspace)
|
||||||
|
expect(settings.setSafeDirectory).toBe(true)
|
||||||
})
|
})
|
||||||
|
|
||||||
it('qualifies ref', async () => {
|
it('qualifies ref', async () => {
|
||||||
|
@ -68,6 +68,9 @@ inputs:
|
|||||||
When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
|
When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
|
||||||
converted to HTTPS.
|
converted to HTTPS.
|
||||||
default: false
|
default: false
|
||||||
|
set-safe-directory:
|
||||||
|
description: Add repository path as safe.directory for Git global config by running `git config --global --add safe.directory <path>`
|
||||||
|
default: true
|
||||||
runs:
|
runs:
|
||||||
using: node12
|
using: node12
|
||||||
main: dist/index.js
|
main: dist/index.js
|
||||||
|
3294
dist/index.js
vendored
3294
dist/index.js
vendored
File diff suppressed because it is too large
Load Diff
4179
package-lock.json
generated
4179
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
11
package.json
11
package.json
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "checkout",
|
"name": "checkout",
|
||||||
"version": "2.0.2",
|
"version": "2.6.0",
|
||||||
"description": "checkout action",
|
"description": "checkout action",
|
||||||
"main": "lib/main.js",
|
"main": "lib/main.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
@ -28,10 +28,10 @@
|
|||||||
},
|
},
|
||||||
"homepage": "https://github.com/actions/checkout#readme",
|
"homepage": "https://github.com/actions/checkout#readme",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@actions/core": "^1.2.6",
|
"@actions/core": "^1.10.0",
|
||||||
"@actions/exec": "^1.0.1",
|
"@actions/exec": "^1.0.1",
|
||||||
"@actions/github": "^2.2.0",
|
"@actions/github": "^2.2.0",
|
||||||
"@actions/io": "^1.0.1",
|
"@actions/io": "^1.1.2",
|
||||||
"@actions/tool-cache": "^1.1.2",
|
"@actions/tool-cache": "^1.1.2",
|
||||||
"uuid": "^3.3.3"
|
"uuid": "^3.3.3"
|
||||||
},
|
},
|
||||||
@ -39,11 +39,12 @@
|
|||||||
"@types/jest": "^27.0.2",
|
"@types/jest": "^27.0.2",
|
||||||
"@types/node": "^12.7.12",
|
"@types/node": "^12.7.12",
|
||||||
"@types/uuid": "^3.4.6",
|
"@types/uuid": "^3.4.6",
|
||||||
"@typescript-eslint/parser": "^5.1.0",
|
"@typescript-eslint/eslint-plugin": "^5.45.0",
|
||||||
|
"@typescript-eslint/parser": "^5.45.0",
|
||||||
"@zeit/ncc": "^0.20.5",
|
"@zeit/ncc": "^0.20.5",
|
||||||
"eslint": "^7.32.0",
|
"eslint": "^7.32.0",
|
||||||
"eslint-plugin-github": "^4.3.2",
|
"eslint-plugin-github": "^4.3.2",
|
||||||
"eslint-plugin-jest": "^25.2.2",
|
"eslint-plugin-jest": "^25.7.0",
|
||||||
"jest": "^27.3.0",
|
"jest": "^27.3.0",
|
||||||
"jest-circus": "^27.3.0",
|
"jest-circus": "^27.3.0",
|
||||||
"js-yaml": "^3.13.1",
|
"js-yaml": "^3.13.1",
|
||||||
|
@ -19,8 +19,9 @@ export interface IGitAuthHelper {
|
|||||||
configureAuth(): Promise<void>
|
configureAuth(): Promise<void>
|
||||||
configureGlobalAuth(): Promise<void>
|
configureGlobalAuth(): Promise<void>
|
||||||
configureSubmoduleAuth(): Promise<void>
|
configureSubmoduleAuth(): Promise<void>
|
||||||
|
configureTempGlobalConfig(): Promise<string>
|
||||||
removeAuth(): Promise<void>
|
removeAuth(): Promise<void>
|
||||||
removeGlobalAuth(): Promise<void>
|
removeGlobalConfig(): Promise<void>
|
||||||
}
|
}
|
||||||
|
|
||||||
export function createAuthHelper(
|
export function createAuthHelper(
|
||||||
@ -80,7 +81,11 @@ class GitAuthHelper {
|
|||||||
await this.configureToken()
|
await this.configureToken()
|
||||||
}
|
}
|
||||||
|
|
||||||
async configureGlobalAuth(): Promise<void> {
|
async configureTempGlobalConfig(): Promise<string> {
|
||||||
|
// Already setup global config
|
||||||
|
if (this.temporaryHomePath?.length > 0) {
|
||||||
|
return path.join(this.temporaryHomePath, '.gitconfig')
|
||||||
|
}
|
||||||
// Create a temp home directory
|
// Create a temp home directory
|
||||||
const runnerTemp = process.env['RUNNER_TEMP'] || ''
|
const runnerTemp = process.env['RUNNER_TEMP'] || ''
|
||||||
assert.ok(runnerTemp, 'RUNNER_TEMP is not defined')
|
assert.ok(runnerTemp, 'RUNNER_TEMP is not defined')
|
||||||
@ -110,13 +115,19 @@ class GitAuthHelper {
|
|||||||
await fs.promises.writeFile(newGitConfigPath, '')
|
await fs.promises.writeFile(newGitConfigPath, '')
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
// Override HOME
|
||||||
// Override HOME
|
core.info(
|
||||||
core.info(
|
`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
|
||||||
`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
|
)
|
||||||
)
|
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
|
||||||
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
|
|
||||||
|
|
||||||
|
return newGitConfigPath
|
||||||
|
}
|
||||||
|
|
||||||
|
async configureGlobalAuth(): Promise<void> {
|
||||||
|
// 'configureTempGlobalConfig' noops if already set, just returns the path
|
||||||
|
const newGitConfigPath = await this.configureTempGlobalConfig()
|
||||||
|
try {
|
||||||
// Configure the token
|
// Configure the token
|
||||||
await this.configureToken(newGitConfigPath, true)
|
await this.configureToken(newGitConfigPath, true)
|
||||||
|
|
||||||
@ -146,7 +157,8 @@ class GitAuthHelper {
|
|||||||
// by process creation audit events, which are commonly logged. For more information,
|
// by process creation audit events, which are commonly logged. For more information,
|
||||||
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
||||||
const output = await this.git.submoduleForeach(
|
const output = await this.git.submoduleForeach(
|
||||||
`git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
|
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
|
||||||
|
`sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
|
||||||
this.settings.nestedSubmodules
|
this.settings.nestedSubmodules
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -181,10 +193,12 @@ class GitAuthHelper {
|
|||||||
await this.removeToken()
|
await this.removeToken()
|
||||||
}
|
}
|
||||||
|
|
||||||
async removeGlobalAuth(): Promise<void> {
|
async removeGlobalConfig(): Promise<void> {
|
||||||
core.debug(`Unsetting HOME override`)
|
if (this.temporaryHomePath?.length > 0) {
|
||||||
this.git.removeEnvironmentVariable('HOME')
|
core.debug(`Unsetting HOME override`)
|
||||||
await io.rmRF(this.temporaryHomePath)
|
this.git.removeEnvironmentVariable('HOME')
|
||||||
|
await io.rmRF(this.temporaryHomePath)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private async configureSsh(): Promise<void> {
|
private async configureSsh(): Promise<void> {
|
||||||
@ -233,7 +247,7 @@ class GitAuthHelper {
|
|||||||
if (this.settings.sshKnownHosts) {
|
if (this.settings.sshKnownHosts) {
|
||||||
knownHosts += `# Begin from input known hosts\n${this.settings.sshKnownHosts}\n# end from input known hosts\n`
|
knownHosts += `# Begin from input known hosts\n${this.settings.sshKnownHosts}\n# end from input known hosts\n`
|
||||||
}
|
}
|
||||||
knownHosts += `# Begin implicitly added github.com\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n# End implicitly added github.com\n`
|
knownHosts += `# Begin implicitly added github.com\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=\n# End implicitly added github.com\n`
|
||||||
this.sshKnownHostsPath = path.join(runnerTemp, `${uniqueId}_known_hosts`)
|
this.sshKnownHostsPath = path.join(runnerTemp, `${uniqueId}_known_hosts`)
|
||||||
stateHelper.setSshKnownHostsPath(this.sshKnownHostsPath)
|
stateHelper.setSshKnownHostsPath(this.sshKnownHostsPath)
|
||||||
await fs.promises.writeFile(this.sshKnownHostsPath, knownHosts)
|
await fs.promises.writeFile(this.sshKnownHostsPath, knownHosts)
|
||||||
@ -352,7 +366,8 @@ class GitAuthHelper {
|
|||||||
|
|
||||||
const pattern = regexpHelper.escape(configKey)
|
const pattern = regexpHelper.escape(configKey)
|
||||||
await this.git.submoduleForeach(
|
await this.git.submoduleForeach(
|
||||||
`git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`,
|
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
|
||||||
|
`sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`,
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
@ -36,68 +36,94 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
|
|||||||
const git = await getGitCommandManager(settings)
|
const git = await getGitCommandManager(settings)
|
||||||
core.endGroup()
|
core.endGroup()
|
||||||
|
|
||||||
// Prepare existing directory, otherwise recreate
|
let authHelper: gitAuthHelper.IGitAuthHelper | null = null
|
||||||
if (isExisting) {
|
try {
|
||||||
await gitDirectoryHelper.prepareExistingDirectory(
|
if (git) {
|
||||||
git,
|
authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
settings.repositoryPath,
|
if (settings.setSafeDirectory) {
|
||||||
repositoryUrl,
|
// Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail
|
||||||
settings.clean,
|
// Otherwise all git commands we run in a container fail
|
||||||
settings.ref
|
await authHelper.configureTempGlobalConfig()
|
||||||
)
|
core.info(
|
||||||
}
|
`Adding repository directory to the temporary git global config as a safe directory`
|
||||||
|
)
|
||||||
|
|
||||||
if (!git) {
|
await git
|
||||||
// Downloading using REST API
|
.config('safe.directory', settings.repositoryPath, true, true)
|
||||||
core.info(`The repository will be downloaded using the GitHub REST API`)
|
.catch(error => {
|
||||||
core.info(
|
core.info(
|
||||||
`To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
|
`Failed to initialize safe directory with error: ${error}`
|
||||||
)
|
)
|
||||||
if (settings.submodules) {
|
})
|
||||||
throw new Error(
|
|
||||||
`Input 'submodules' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
|
stateHelper.setSafeDirectory()
|
||||||
)
|
}
|
||||||
} else if (settings.sshKey) {
|
}
|
||||||
throw new Error(
|
|
||||||
`Input 'ssh-key' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
|
// Prepare existing directory, otherwise recreate
|
||||||
|
if (isExisting) {
|
||||||
|
await gitDirectoryHelper.prepareExistingDirectory(
|
||||||
|
git,
|
||||||
|
settings.repositoryPath,
|
||||||
|
repositoryUrl,
|
||||||
|
settings.clean,
|
||||||
|
settings.ref
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
await githubApiHelper.downloadRepository(
|
if (!git) {
|
||||||
settings.authToken,
|
// Downloading using REST API
|
||||||
settings.repositoryOwner,
|
core.info(`The repository will be downloaded using the GitHub REST API`)
|
||||||
settings.repositoryName,
|
core.info(
|
||||||
settings.ref,
|
`To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
|
||||||
settings.commit,
|
)
|
||||||
settings.repositoryPath
|
if (settings.submodules) {
|
||||||
)
|
throw new Error(
|
||||||
return
|
`Input 'submodules' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
|
||||||
}
|
)
|
||||||
|
} else if (settings.sshKey) {
|
||||||
|
throw new Error(
|
||||||
|
`Input 'ssh-key' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
// Save state for POST action
|
await githubApiHelper.downloadRepository(
|
||||||
stateHelper.setRepositoryPath(settings.repositoryPath)
|
settings.authToken,
|
||||||
|
settings.repositoryOwner,
|
||||||
|
settings.repositoryName,
|
||||||
|
settings.ref,
|
||||||
|
settings.commit,
|
||||||
|
settings.repositoryPath
|
||||||
|
)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Initialize the repository
|
// Save state for POST action
|
||||||
if (
|
stateHelper.setRepositoryPath(settings.repositoryPath)
|
||||||
!fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
|
|
||||||
) {
|
// Initialize the repository
|
||||||
core.startGroup('Initializing the repository')
|
if (
|
||||||
await git.init()
|
!fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
|
||||||
await git.remoteAdd('origin', repositoryUrl)
|
) {
|
||||||
|
core.startGroup('Initializing the repository')
|
||||||
|
await git.init()
|
||||||
|
await git.remoteAdd('origin', repositoryUrl)
|
||||||
|
core.endGroup()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Disable automatic garbage collection
|
||||||
|
core.startGroup('Disabling automatic garbage collection')
|
||||||
|
if (!(await git.tryDisableAutomaticGarbageCollection())) {
|
||||||
|
core.warning(
|
||||||
|
`Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
|
||||||
|
)
|
||||||
|
}
|
||||||
core.endGroup()
|
core.endGroup()
|
||||||
}
|
|
||||||
|
|
||||||
// Disable automatic garbage collection
|
// If we didn't initialize it above, do it now
|
||||||
core.startGroup('Disabling automatic garbage collection')
|
if (!authHelper) {
|
||||||
if (!(await git.tryDisableAutomaticGarbageCollection())) {
|
authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
core.warning(
|
}
|
||||||
`Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
|
|
||||||
)
|
|
||||||
}
|
|
||||||
core.endGroup()
|
|
||||||
|
|
||||||
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
|
||||||
try {
|
|
||||||
// Configure auth
|
// Configure auth
|
||||||
core.startGroup('Setting up auth')
|
core.startGroup('Setting up auth')
|
||||||
await authHelper.configureAuth()
|
await authHelper.configureAuth()
|
||||||
@ -170,34 +196,26 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
|
|||||||
|
|
||||||
// Submodules
|
// Submodules
|
||||||
if (settings.submodules) {
|
if (settings.submodules) {
|
||||||
try {
|
// Temporarily override global config
|
||||||
// Temporarily override global config
|
core.startGroup('Setting up auth for fetching submodules')
|
||||||
core.startGroup('Setting up auth for fetching submodules')
|
await authHelper.configureGlobalAuth()
|
||||||
await authHelper.configureGlobalAuth()
|
core.endGroup()
|
||||||
core.endGroup()
|
|
||||||
|
|
||||||
// Checkout submodules
|
// Checkout submodules
|
||||||
core.startGroup('Fetching submodules')
|
core.startGroup('Fetching submodules')
|
||||||
await git.submoduleSync(settings.nestedSubmodules)
|
await git.submoduleSync(settings.nestedSubmodules)
|
||||||
await git.submoduleUpdate(
|
await git.submoduleUpdate(settings.fetchDepth, settings.nestedSubmodules)
|
||||||
settings.fetchDepth,
|
await git.submoduleForeach(
|
||||||
settings.nestedSubmodules
|
'git config --local gc.auto 0',
|
||||||
)
|
settings.nestedSubmodules
|
||||||
await git.submoduleForeach(
|
)
|
||||||
'git config --local gc.auto 0',
|
core.endGroup()
|
||||||
settings.nestedSubmodules
|
|
||||||
)
|
|
||||||
core.endGroup()
|
|
||||||
|
|
||||||
// Persist credentials
|
// Persist credentials
|
||||||
if (settings.persistCredentials) {
|
if (settings.persistCredentials) {
|
||||||
core.startGroup('Persisting credentials for submodules')
|
core.startGroup('Persisting credentials for submodules')
|
||||||
await authHelper.configureSubmoduleAuth()
|
await authHelper.configureSubmoduleAuth()
|
||||||
core.endGroup()
|
core.endGroup()
|
||||||
}
|
|
||||||
} finally {
|
|
||||||
// Remove temporary global config override
|
|
||||||
await authHelper.removeGlobalAuth()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -218,10 +236,13 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
|
|||||||
)
|
)
|
||||||
} finally {
|
} finally {
|
||||||
// Remove auth
|
// Remove auth
|
||||||
if (!settings.persistCredentials) {
|
if (authHelper) {
|
||||||
core.startGroup('Removing auth')
|
if (!settings.persistCredentials) {
|
||||||
await authHelper.removeAuth()
|
core.startGroup('Removing auth')
|
||||||
core.endGroup()
|
await authHelper.removeAuth()
|
||||||
|
core.endGroup()
|
||||||
|
}
|
||||||
|
authHelper.removeGlobalConfig()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -244,7 +265,26 @@ export async function cleanup(repositoryPath: string): Promise<void> {
|
|||||||
|
|
||||||
// Remove auth
|
// Remove auth
|
||||||
const authHelper = gitAuthHelper.createAuthHelper(git)
|
const authHelper = gitAuthHelper.createAuthHelper(git)
|
||||||
await authHelper.removeAuth()
|
try {
|
||||||
|
if (stateHelper.PostSetSafeDirectory) {
|
||||||
|
// Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail
|
||||||
|
// Otherwise all git commands we run in a container fail
|
||||||
|
await authHelper.configureTempGlobalConfig()
|
||||||
|
core.info(
|
||||||
|
`Adding repository directory to the temporary git global config as a safe directory`
|
||||||
|
)
|
||||||
|
|
||||||
|
await git
|
||||||
|
.config('safe.directory', repositoryPath, true, true)
|
||||||
|
.catch(error => {
|
||||||
|
core.info(`Failed to initialize safe directory with error: ${error}`)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
await authHelper.removeAuth()
|
||||||
|
} finally {
|
||||||
|
await authHelper.removeGlobalConfig()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async function getGitCommandManager(
|
async function getGitCommandManager(
|
||||||
|
@ -78,4 +78,9 @@ export interface IGitSourceSettings {
|
|||||||
* Organization ID for the currently running workflow (used for auth settings)
|
* Organization ID for the currently running workflow (used for auth settings)
|
||||||
*/
|
*/
|
||||||
workflowOrganizationId: number | undefined
|
workflowOrganizationId: number | undefined
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates whether to add repositoryPath as safe.directory in git global config
|
||||||
|
*/
|
||||||
|
setSafeDirectory: boolean
|
||||||
}
|
}
|
||||||
|
@ -122,5 +122,8 @@ export async function getInputs(): Promise<IGitSourceSettings> {
|
|||||||
// Workflow organization ID
|
// Workflow organization ID
|
||||||
result.workflowOrganizationId = await workflowContextHelper.getOrganizationId()
|
result.workflowOrganizationId = await workflowContextHelper.getOrganizationId()
|
||||||
|
|
||||||
|
// Set safe.directory in git global config.
|
||||||
|
result.setSafeDirectory =
|
||||||
|
(core.getInput('set-safe-directory') || 'true').toUpperCase() === 'TRUE'
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
@ -5,4 +5,4 @@ set -e
|
|||||||
src/misc/licensed-download.sh
|
src/misc/licensed-download.sh
|
||||||
|
|
||||||
echo 'Running: licensed cached'
|
echo 'Running: licensed cached'
|
||||||
_temp/licensed-3.3.1/licensed status
|
_temp/licensed-3.6.0/licensed status
|
@ -2,23 +2,23 @@
|
|||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
if [ ! -f _temp/licensed-3.3.1.done ]; then
|
if [ ! -f _temp/licensed-3.6.0.done ]; then
|
||||||
echo 'Clearing temp'
|
echo 'Clearing temp'
|
||||||
rm -rf _temp/licensed-3.3.1 || true
|
rm -rf _temp/licensed-3.6.0 || true
|
||||||
|
|
||||||
echo 'Downloading licensed'
|
echo 'Downloading licensed'
|
||||||
mkdir -p _temp/licensed-3.3.1
|
mkdir -p _temp/licensed-3.6.0
|
||||||
pushd _temp/licensed-3.3.1
|
pushd _temp/licensed-3.6.0
|
||||||
if [[ "$OSTYPE" == "darwin"* ]]; then
|
if [[ "$OSTYPE" == "darwin"* ]]; then
|
||||||
curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.3.1/licensed-3.3.1-darwin-x64.tar.gz
|
curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.6.0/licensed-3.6.0-darwin-x64.tar.gz
|
||||||
else
|
else
|
||||||
curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.3.1/licensed-3.3.1-linux-x64.tar.gz
|
curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.6.0/licensed-3.6.0-linux-x64.tar.gz
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo 'Extracting licenesed'
|
echo 'Extracting licenesed'
|
||||||
tar -xzf licensed.tar.gz
|
tar -xzf licensed.tar.gz
|
||||||
popd
|
popd
|
||||||
touch _temp/licensed-3.3.1.done
|
touch _temp/licensed-3.6.0.done
|
||||||
else
|
else
|
||||||
echo 'Licensed already downloaded'
|
echo 'Licensed already downloaded'
|
||||||
fi
|
fi
|
||||||
|
@ -5,4 +5,4 @@ set -e
|
|||||||
src/misc/licensed-download.sh
|
src/misc/licensed-download.sh
|
||||||
|
|
||||||
echo 'Running: licensed cached'
|
echo 'Running: licensed cached'
|
||||||
_temp/licensed-3.3.1/licensed cache
|
_temp/licensed-3.6.0/licensed cache
|
@ -1,58 +1,60 @@
|
|||||||
import * as coreCommand from '@actions/core/lib/command'
|
import * as core from '@actions/core'
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Indicates whether the POST action is running
|
* Indicates whether the POST action is running
|
||||||
*/
|
*/
|
||||||
export const IsPost = !!process.env['STATE_isPost']
|
export const IsPost = !!core.getState('isPost')
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The repository path for the POST action. The value is empty during the MAIN action.
|
* The repository path for the POST action. The value is empty during the MAIN action.
|
||||||
*/
|
*/
|
||||||
export const RepositoryPath =
|
export const RepositoryPath = core.getState('repositoryPath')
|
||||||
(process.env['STATE_repositoryPath'] as string) || ''
|
|
||||||
|
/**
|
||||||
|
* The set-safe-directory for the POST action. The value is set if input: 'safe-directory' is set during the MAIN action.
|
||||||
|
*/
|
||||||
|
export const PostSetSafeDirectory = core.getState('setSafeDirectory') === 'true'
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The SSH key path for the POST action. The value is empty during the MAIN action.
|
* The SSH key path for the POST action. The value is empty during the MAIN action.
|
||||||
*/
|
*/
|
||||||
export const SshKeyPath = (process.env['STATE_sshKeyPath'] as string) || ''
|
export const SshKeyPath = core.getState('sshKeyPath')
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The SSH known hosts path for the POST action. The value is empty during the MAIN action.
|
* The SSH known hosts path for the POST action. The value is empty during the MAIN action.
|
||||||
*/
|
*/
|
||||||
export const SshKnownHostsPath =
|
export const SshKnownHostsPath = core.getState('sshKnownHostsPath')
|
||||||
(process.env['STATE_sshKnownHostsPath'] as string) || ''
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Save the repository path so the POST action can retrieve the value.
|
* Save the repository path so the POST action can retrieve the value.
|
||||||
*/
|
*/
|
||||||
export function setRepositoryPath(repositoryPath: string) {
|
export function setRepositoryPath(repositoryPath: string) {
|
||||||
coreCommand.issueCommand(
|
core.saveState('repositoryPath', repositoryPath)
|
||||||
'save-state',
|
|
||||||
{name: 'repositoryPath'},
|
|
||||||
repositoryPath
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Save the SSH key path so the POST action can retrieve the value.
|
* Save the SSH key path so the POST action can retrieve the value.
|
||||||
*/
|
*/
|
||||||
export function setSshKeyPath(sshKeyPath: string) {
|
export function setSshKeyPath(sshKeyPath: string) {
|
||||||
coreCommand.issueCommand('save-state', {name: 'sshKeyPath'}, sshKeyPath)
|
core.saveState('sshKeyPath', sshKeyPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Save the SSH known hosts path so the POST action can retrieve the value.
|
* Save the SSH known hosts path so the POST action can retrieve the value.
|
||||||
*/
|
*/
|
||||||
export function setSshKnownHostsPath(sshKnownHostsPath: string) {
|
export function setSshKnownHostsPath(sshKnownHostsPath: string) {
|
||||||
coreCommand.issueCommand(
|
core.saveState('sshKnownHostsPath', sshKnownHostsPath)
|
||||||
'save-state',
|
}
|
||||||
{name: 'sshKnownHostsPath'},
|
|
||||||
sshKnownHostsPath
|
/**
|
||||||
)
|
* Save the sef-safe-directory input so the POST action can retrieve the value.
|
||||||
|
*/
|
||||||
|
export function setSafeDirectory() {
|
||||||
|
core.saveState('setSafeDirectory', 'true')
|
||||||
}
|
}
|
||||||
|
|
||||||
// Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
|
// Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
|
||||||
// This is necessary since we don't have a separate entry point.
|
// This is necessary since we don't have a separate entry point.
|
||||||
if (!IsPost) {
|
if (!IsPost) {
|
||||||
coreCommand.issueCommand('save-state', {name: 'isPost'}, 'true')
|
core.saveState('isPost', 'true')
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user