convert SSH URL to HTTPS (#179)

This commit is contained in:
eric sciple 2020-03-10 10:45:50 -04:00 committed by GitHub
parent b4626ce19c
commit 80602fafba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 19 deletions

@ -35,7 +35,7 @@ jobs:
uses: actions/checkout@v2 uses: actions/checkout@v2
# Basic checkout # Basic checkout
- name: Basic checkout - name: Checkout basic
uses: ./ uses: ./
with: with:
ref: test-data/v2/basic ref: test-data/v2/basic
@ -48,7 +48,7 @@ jobs:
- name: Modify work tree - name: Modify work tree
shell: bash shell: bash
run: __test__/modify-work-tree.sh run: __test__/modify-work-tree.sh
- name: Clean checkout - name: Checkout clean
uses: ./ uses: ./
with: with:
ref: test-data/v2/basic ref: test-data/v2/basic
@ -58,12 +58,12 @@ jobs:
run: __test__/verify-clean.sh run: __test__/verify-clean.sh
# Side by side # Side by side
- name: Side by side checkout 1 - name: Checkout side by side 1
uses: ./ uses: ./
with: with:
ref: test-data/v2/side-by-side-1 ref: test-data/v2/side-by-side-1
path: side-by-side-1 path: side-by-side-1
- name: Side by side checkout 2 - name: Checkout side by side 2
uses: ./ uses: ./
with: with:
ref: test-data/v2/side-by-side-2 ref: test-data/v2/side-by-side-2
@ -73,7 +73,7 @@ jobs:
run: __test__/verify-side-by-side.sh run: __test__/verify-side-by-side.sh
# LFS # LFS
- name: LFS checkout - name: Checkout LFS
uses: ./ uses: ./
with: with:
repository: actions/checkout # hardcoded, otherwise doesn't work from a fork repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
@ -85,29 +85,29 @@ jobs:
run: __test__/verify-lfs.sh run: __test__/verify-lfs.sh
# Submodules false # Submodules false
- name: Submodules false checkout - name: Checkout submodules false
uses: ./ uses: ./
with: with:
ref: test-data/v2/submodule ref: test-data/v2/submodule-ssh-url
path: submodules-false path: submodules-false
- name: Verify submodules false - name: Verify submodules false
run: __test__/verify-submodules-false.sh run: __test__/verify-submodules-false.sh
# Submodules one level # Submodules one level
- name: Submodules true checkout - name: Checkout submodules true
uses: ./ uses: ./
with: with:
ref: test-data/v2/submodule ref: test-data/v2/submodule-ssh-url
path: submodules-true path: submodules-true
submodules: true submodules: true
- name: Verify submodules true - name: Verify submodules true
run: __test__/verify-submodules-true.sh run: __test__/verify-submodules-true.sh
# Submodules recursive # Submodules recursive
- name: Submodules recursive checkout - name: Checkout submodules recursive
uses: ./ uses: ./
with: with:
ref: test-data/v2/submodule ref: test-data/v2/submodule-ssh-url
path: submodules-recursive path: submodules-recursive
submodules: recursive submodules: recursive
- name: Verify submodules recursive - name: Verify submodules recursive
@ -127,7 +127,7 @@ jobs:
- name: Override git version (Windows) - name: Override git version (Windows)
if: runner.os == 'windows' if: runner.os == 'windows'
run: __test__\\override-git-version.cmd run: __test__\\override-git-version.cmd
- name: Basic checkout using REST API - name: Checkout basic using REST API
uses: ./ uses: ./
with: with:
ref: test-data/v2/basic ref: test-data/v2/basic
@ -153,7 +153,7 @@ jobs:
uses: actions/checkout@v2 uses: actions/checkout@v2
# Basic checkout using git # Basic checkout using git
- name: Basic checkout - name: Checkout basic
uses: ./ uses: ./
with: with:
ref: test-data/v2/basic ref: test-data/v2/basic
@ -185,7 +185,7 @@ jobs:
uses: actions/checkout@v2 uses: actions/checkout@v2
# Basic checkout using git # Basic checkout using git
- name: Basic checkout - name: Checkout basic
uses: ./ uses: ./
with: with:
ref: test-data/v2/basic ref: test-data/v2/basic
@ -198,7 +198,7 @@ jobs:
# Basic checkout using REST API # Basic checkout using REST API
- name: Override git version - name: Override git version
run: __test__/override-git-version.sh run: __test__/override-git-version.sh
- name: Basic checkout using REST API - name: Checkout basic using REST API
uses: ./ uses: ./
with: with:
ref: test-data/v2/basic ref: test-data/v2/basic

15
dist/index.js vendored

@ -5095,6 +5095,8 @@ exports.createAuthHelper = createAuthHelper;
class GitAuthHelper { class GitAuthHelper {
constructor(gitCommandManager, gitSourceSettings) { constructor(gitCommandManager, gitSourceSettings) {
this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`; this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`;
this.insteadOfKey = `url.https://${HOSTNAME}/.insteadOf`;
this.insteadOfValue = `git@${HOSTNAME}:`;
this.temporaryHomePath = ''; this.temporaryHomePath = '';
this.git = gitCommandManager; this.git = gitCommandManager;
this.settings = gitSourceSettings || {}; this.settings = gitSourceSettings || {};
@ -5140,11 +5142,15 @@ class GitAuthHelper {
else { else {
yield fs.promises.writeFile(newGitConfigPath, ''); yield fs.promises.writeFile(newGitConfigPath, '');
} }
// Configure the token
try { try {
// Override HOME
core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`); core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath); this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
// Configure the token
yield this.configureToken(newGitConfigPath, true); yield this.configureToken(newGitConfigPath, true);
// Configure HTTPS instead of SSH
yield this.git.tryConfigUnset(this.insteadOfKey, true);
yield this.git.config(this.insteadOfKey, this.insteadOfValue, true);
} }
catch (err) { catch (err) {
// Unset in case somehow written to the real global config // Unset in case somehow written to the real global config
@ -5160,7 +5166,12 @@ class GitAuthHelper {
// Configure a placeholder value. This approach avoids the credential being captured // Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information, // by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const output = yield this.git.submoduleForeach(`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules); const commands = [
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
`git config --local --show-origin --name-only --get-regexp remote.origin.url`
];
const output = yield this.git.submoduleForeach(commands.join(' && '), this.settings.nestedSubmodules);
// Replace the placeholder // Replace the placeholder
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []; const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
for (const configPath of configPaths) { for (const configPath of configPaths) {

@ -34,6 +34,8 @@ class GitAuthHelper {
private readonly settings: IGitSourceSettings private readonly settings: IGitSourceSettings
private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader` private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader`
private readonly tokenPlaceholderConfigValue: string private readonly tokenPlaceholderConfigValue: string
private readonly insteadOfKey: string = `url.https://${HOSTNAME}/.insteadOf`
private readonly insteadOfValue: string = `git@${HOSTNAME}:`
private temporaryHomePath = '' private temporaryHomePath = ''
private tokenConfigValue: string private tokenConfigValue: string
@ -92,13 +94,19 @@ class GitAuthHelper {
await fs.promises.writeFile(newGitConfigPath, '') await fs.promises.writeFile(newGitConfigPath, '')
} }
// Configure the token
try { try {
// Override HOME
core.info( core.info(
`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes` `Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
) )
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath) this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
// Configure the token
await this.configureToken(newGitConfigPath, true) await this.configureToken(newGitConfigPath, true)
// Configure HTTPS instead of SSH
await this.git.tryConfigUnset(this.insteadOfKey, true)
await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
} catch (err) { } catch (err) {
// Unset in case somehow written to the real global config // Unset in case somehow written to the real global config
core.info( core.info(
@ -114,8 +122,13 @@ class GitAuthHelper {
// Configure a placeholder value. This approach avoids the credential being captured // Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information, // by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const commands = [
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
`git config --local --show-origin --name-only --get-regexp remote.origin.url`
]
const output = await this.git.submoduleForeach( const output = await this.git.submoduleForeach(
`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`, commands.join(' && '),
this.settings.nestedSubmodules this.settings.nestedSubmodules
) )