convert SSH URL to HTTPS (#179)
This commit is contained in:
parent
b4626ce19c
commit
80602fafba
|
@ -35,7 +35,7 @@ jobs:
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
# Basic checkout
|
# Basic checkout
|
||||||
- name: Basic checkout
|
- name: Checkout basic
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/basic
|
ref: test-data/v2/basic
|
||||||
|
@ -48,7 +48,7 @@ jobs:
|
||||||
- name: Modify work tree
|
- name: Modify work tree
|
||||||
shell: bash
|
shell: bash
|
||||||
run: __test__/modify-work-tree.sh
|
run: __test__/modify-work-tree.sh
|
||||||
- name: Clean checkout
|
- name: Checkout clean
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/basic
|
ref: test-data/v2/basic
|
||||||
|
@ -58,12 +58,12 @@ jobs:
|
||||||
run: __test__/verify-clean.sh
|
run: __test__/verify-clean.sh
|
||||||
|
|
||||||
# Side by side
|
# Side by side
|
||||||
- name: Side by side checkout 1
|
- name: Checkout side by side 1
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/side-by-side-1
|
ref: test-data/v2/side-by-side-1
|
||||||
path: side-by-side-1
|
path: side-by-side-1
|
||||||
- name: Side by side checkout 2
|
- name: Checkout side by side 2
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/side-by-side-2
|
ref: test-data/v2/side-by-side-2
|
||||||
|
@ -73,7 +73,7 @@ jobs:
|
||||||
run: __test__/verify-side-by-side.sh
|
run: __test__/verify-side-by-side.sh
|
||||||
|
|
||||||
# LFS
|
# LFS
|
||||||
- name: LFS checkout
|
- name: Checkout LFS
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
|
repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
|
||||||
|
@ -85,29 +85,29 @@ jobs:
|
||||||
run: __test__/verify-lfs.sh
|
run: __test__/verify-lfs.sh
|
||||||
|
|
||||||
# Submodules false
|
# Submodules false
|
||||||
- name: Submodules false checkout
|
- name: Checkout submodules false
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/submodule
|
ref: test-data/v2/submodule-ssh-url
|
||||||
path: submodules-false
|
path: submodules-false
|
||||||
- name: Verify submodules false
|
- name: Verify submodules false
|
||||||
run: __test__/verify-submodules-false.sh
|
run: __test__/verify-submodules-false.sh
|
||||||
|
|
||||||
# Submodules one level
|
# Submodules one level
|
||||||
- name: Submodules true checkout
|
- name: Checkout submodules true
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/submodule
|
ref: test-data/v2/submodule-ssh-url
|
||||||
path: submodules-true
|
path: submodules-true
|
||||||
submodules: true
|
submodules: true
|
||||||
- name: Verify submodules true
|
- name: Verify submodules true
|
||||||
run: __test__/verify-submodules-true.sh
|
run: __test__/verify-submodules-true.sh
|
||||||
|
|
||||||
# Submodules recursive
|
# Submodules recursive
|
||||||
- name: Submodules recursive checkout
|
- name: Checkout submodules recursive
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/submodule
|
ref: test-data/v2/submodule-ssh-url
|
||||||
path: submodules-recursive
|
path: submodules-recursive
|
||||||
submodules: recursive
|
submodules: recursive
|
||||||
- name: Verify submodules recursive
|
- name: Verify submodules recursive
|
||||||
|
@ -127,7 +127,7 @@ jobs:
|
||||||
- name: Override git version (Windows)
|
- name: Override git version (Windows)
|
||||||
if: runner.os == 'windows'
|
if: runner.os == 'windows'
|
||||||
run: __test__\\override-git-version.cmd
|
run: __test__\\override-git-version.cmd
|
||||||
- name: Basic checkout using REST API
|
- name: Checkout basic using REST API
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/basic
|
ref: test-data/v2/basic
|
||||||
|
@ -153,7 +153,7 @@ jobs:
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
# Basic checkout using git
|
# Basic checkout using git
|
||||||
- name: Basic checkout
|
- name: Checkout basic
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/basic
|
ref: test-data/v2/basic
|
||||||
|
@ -185,7 +185,7 @@ jobs:
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
# Basic checkout using git
|
# Basic checkout using git
|
||||||
- name: Basic checkout
|
- name: Checkout basic
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/basic
|
ref: test-data/v2/basic
|
||||||
|
@ -198,7 +198,7 @@ jobs:
|
||||||
# Basic checkout using REST API
|
# Basic checkout using REST API
|
||||||
- name: Override git version
|
- name: Override git version
|
||||||
run: __test__/override-git-version.sh
|
run: __test__/override-git-version.sh
|
||||||
- name: Basic checkout using REST API
|
- name: Checkout basic using REST API
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
ref: test-data/v2/basic
|
ref: test-data/v2/basic
|
||||||
|
|
|
@ -5095,6 +5095,8 @@ exports.createAuthHelper = createAuthHelper;
|
||||||
class GitAuthHelper {
|
class GitAuthHelper {
|
||||||
constructor(gitCommandManager, gitSourceSettings) {
|
constructor(gitCommandManager, gitSourceSettings) {
|
||||||
this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`;
|
this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`;
|
||||||
|
this.insteadOfKey = `url.https://${HOSTNAME}/.insteadOf`;
|
||||||
|
this.insteadOfValue = `git@${HOSTNAME}:`;
|
||||||
this.temporaryHomePath = '';
|
this.temporaryHomePath = '';
|
||||||
this.git = gitCommandManager;
|
this.git = gitCommandManager;
|
||||||
this.settings = gitSourceSettings || {};
|
this.settings = gitSourceSettings || {};
|
||||||
|
@ -5140,11 +5142,15 @@ class GitAuthHelper {
|
||||||
else {
|
else {
|
||||||
yield fs.promises.writeFile(newGitConfigPath, '');
|
yield fs.promises.writeFile(newGitConfigPath, '');
|
||||||
}
|
}
|
||||||
// Configure the token
|
|
||||||
try {
|
try {
|
||||||
|
// Override HOME
|
||||||
core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
|
core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
|
||||||
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
|
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
|
||||||
|
// Configure the token
|
||||||
yield this.configureToken(newGitConfigPath, true);
|
yield this.configureToken(newGitConfigPath, true);
|
||||||
|
// Configure HTTPS instead of SSH
|
||||||
|
yield this.git.tryConfigUnset(this.insteadOfKey, true);
|
||||||
|
yield this.git.config(this.insteadOfKey, this.insteadOfValue, true);
|
||||||
}
|
}
|
||||||
catch (err) {
|
catch (err) {
|
||||||
// Unset in case somehow written to the real global config
|
// Unset in case somehow written to the real global config
|
||||||
|
@ -5160,7 +5166,12 @@ class GitAuthHelper {
|
||||||
// Configure a placeholder value. This approach avoids the credential being captured
|
// Configure a placeholder value. This approach avoids the credential being captured
|
||||||
// by process creation audit events, which are commonly logged. For more information,
|
// by process creation audit events, which are commonly logged. For more information,
|
||||||
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
||||||
const output = yield this.git.submoduleForeach(`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules);
|
const commands = [
|
||||||
|
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
|
||||||
|
`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
|
||||||
|
`git config --local --show-origin --name-only --get-regexp remote.origin.url`
|
||||||
|
];
|
||||||
|
const output = yield this.git.submoduleForeach(commands.join(' && '), this.settings.nestedSubmodules);
|
||||||
// Replace the placeholder
|
// Replace the placeholder
|
||||||
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
|
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
|
||||||
for (const configPath of configPaths) {
|
for (const configPath of configPaths) {
|
||||||
|
|
|
@ -34,6 +34,8 @@ class GitAuthHelper {
|
||||||
private readonly settings: IGitSourceSettings
|
private readonly settings: IGitSourceSettings
|
||||||
private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader`
|
private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader`
|
||||||
private readonly tokenPlaceholderConfigValue: string
|
private readonly tokenPlaceholderConfigValue: string
|
||||||
|
private readonly insteadOfKey: string = `url.https://${HOSTNAME}/.insteadOf`
|
||||||
|
private readonly insteadOfValue: string = `git@${HOSTNAME}:`
|
||||||
private temporaryHomePath = ''
|
private temporaryHomePath = ''
|
||||||
private tokenConfigValue: string
|
private tokenConfigValue: string
|
||||||
|
|
||||||
|
@ -92,13 +94,19 @@ class GitAuthHelper {
|
||||||
await fs.promises.writeFile(newGitConfigPath, '')
|
await fs.promises.writeFile(newGitConfigPath, '')
|
||||||
}
|
}
|
||||||
|
|
||||||
// Configure the token
|
|
||||||
try {
|
try {
|
||||||
|
// Override HOME
|
||||||
core.info(
|
core.info(
|
||||||
`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
|
`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
|
||||||
)
|
)
|
||||||
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
|
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
|
||||||
|
|
||||||
|
// Configure the token
|
||||||
await this.configureToken(newGitConfigPath, true)
|
await this.configureToken(newGitConfigPath, true)
|
||||||
|
|
||||||
|
// Configure HTTPS instead of SSH
|
||||||
|
await this.git.tryConfigUnset(this.insteadOfKey, true)
|
||||||
|
await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
// Unset in case somehow written to the real global config
|
// Unset in case somehow written to the real global config
|
||||||
core.info(
|
core.info(
|
||||||
|
@ -114,8 +122,13 @@ class GitAuthHelper {
|
||||||
// Configure a placeholder value. This approach avoids the credential being captured
|
// Configure a placeholder value. This approach avoids the credential being captured
|
||||||
// by process creation audit events, which are commonly logged. For more information,
|
// by process creation audit events, which are commonly logged. For more information,
|
||||||
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
||||||
|
const commands = [
|
||||||
|
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
|
||||||
|
`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
|
||||||
|
`git config --local --show-origin --name-only --get-regexp remote.origin.url`
|
||||||
|
]
|
||||||
const output = await this.git.submoduleForeach(
|
const output = await this.git.submoduleForeach(
|
||||||
`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
|
commands.join(' && '),
|
||||||
this.settings.nestedSubmodules
|
this.settings.nestedSubmodules
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue