actions/setup-java
2
0
Fork 0
mirror of https://github.com/actions/setup-java.git synced 2025-04-19 17:36:45 +00:00
Code Issues Projects Releases Packages Wiki Activity

bugfix(auth): Update authentication logic in settings.xml, unit tests, and documentation examples

Browse source 
To address this issue, we've implemented substantial enhancements to the logic within settings.xml to improve the management of authentication data. Furthermore, we've updated the unit tests to align with these modifications, guaranteeing thorough validation. The documentation and examples have been meticulously revised to offer more straightforward instructions on how to effectively configure and employ this updated methodology.
This commit is contained in:
Parry 2024-03-01 12:43:13 +08:00
parent 9704b39bf2
commit 0185e0f794
No known key found for this signature in database
GPG key ID: B9795B3F9F07BF96
5 changed files with 66 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

16
.github/workflows/e2e-publishing.yml vendored
View file

@ -36,6 +36,10 @@ jobs:
server-username: MAVEN_USERNAME server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE gpg-passphrase: MAVEN_GPG_PASSPHRASE
env:
MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate settings.xml - name: Validate settings.xml
run: | run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml" $xmlPath = Join-Path $HOME ".m2" "settings.xml"
@ -77,6 +81,10 @@ jobs:
server-username: MAVEN_USERNAME server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE gpg-passphrase: MAVEN_GPG_PASSPHRASE
env:
MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate settings.xml is overwritten - name: Validate settings.xml is overwritten
run: | run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml" $xmlPath = Join-Path $HOME ".m2" "settings.xml"
@ -114,6 +122,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN server-password: MAVEN_CENTRAL_TOKEN
overwrite-settings: false overwrite-settings: false
gpg-passphrase: MAVEN_GPG_PASSPHRASE gpg-passphrase: MAVEN_GPG_PASSPHRASE
env:
MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate that settings.xml is not overwritten - name: Validate that settings.xml is not overwritten
run: | run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml" $xmlPath = Join-Path $HOME ".m2" "settings.xml"
@ -145,6 +157,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE gpg-passphrase: MAVEN_GPG_PASSPHRASE
settings-path: ${{ runner.temp }} settings-path: ${{ runner.temp }}
env:
MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate settings.xml location - name: Validate settings.xml location
run: | run: |
$path = Join-Path $env:RUNNER_TEMP "settings.xml" $path = Join-Path $env:RUNNER_TEMP "settings.xml"

33
__tests__/auth.test.ts
View file

@ -1,8 +1,8 @@
import * as io from '@actions/io';
import * as core from '@actions/core'; import * as core from '@actions/core';
import * as io from '@actions/io';
import * as fs from 'fs'; import * as fs from 'fs';
import * as path from 'path';
import os from 'os'; import os from 'os';
import * as path from 'path';
import * as auth from '../src/auth'; import * as auth from '../src/auth';
import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants'; import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants';
@ -10,6 +10,14 @@ import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants';
const m2Dir = path.join(__dirname, M2_DIR); const m2Dir = path.join(__dirname, M2_DIR);
const settingsFile = path.join(m2Dir, MVN_SETTINGS_FILE); const settingsFile = path.join(m2Dir, MVN_SETTINGS_FILE);
// escape xml special characters
function escapeXml(unsafeStr: string) {
return unsafeStr
.replace(/&/g, '&')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;');
}
describe('auth tests', () => { describe('auth tests', () => {
let spyOSHomedir: jest.SpyInstance; let spyOSHomedir: jest.SpyInstance;
let spyInfo: jest.SpyInstance; let spyInfo: jest.SpyInstance;
@ -157,14 +165,17 @@ describe('auth tests', () => {
const username = 'USER'; const username = 'USER';
const password = '&<>"\'\'"><&'; const password = '&<>"\'\'"><&';
process.env['username'] = username;
process.env['password'] = password;
const expectedSettings = `<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" const expectedSettings = `<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd"> xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers> <servers>
<server> <server>
<id>${id}</id> <id>${escapeXml(id)}</id>
<username>\${env.${username}}</username> <username>${escapeXml(username)}</username>
<password>\${env.&amp;&lt;&gt;"''"&gt;&lt;&amp;}</password> <password>${escapeXml(password)}</password>
</server> </server>
</servers> </servers>
</settings>`; </settings>`;
@ -178,18 +189,22 @@ describe('auth tests', () => {
const password = '&<>"\'\'"><&'; const password = '&<>"\'\'"><&';
const gpgPassphrase = 'PASSPHRASE'; const gpgPassphrase = 'PASSPHRASE';
process.env['username'] = username;
process.env['password'] = password;
process.env['gpgPassphrase'] = gpgPassphrase;
const expectedSettings = `<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" const expectedSettings = `<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd"> xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers> <servers>
<server> <server>
<id>${id}</id> <id>${escapeXml(id)}</id>
<username>\${env.${username}}</username> <username>${escapeXml(username)}</username>
<password>\${env.&amp;&lt;&gt;"''"&gt;&lt;&amp;}</password> <password>${escapeXml(password)}</password>
</server> </server>
<server> <server>
<id>gpg.passphrase</id> <id>gpg.passphrase</id>
<passphrase>\${env.${gpgPassphrase}}</passphrase> <passphrase>${escapeXml(gpgPassphrase)}</passphrase>
</server> </server>
</servers> </servers>
</settings>`; </settings>`;

20
dist/setup/index.js vendored
View file

@ -122463,9 +122463,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
}; };
Object.defineProperty(exports, "__esModule", ({ value: true })); Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.generate = exports.createAuthenticationSettings = exports.configureAuthentication = void 0; exports.generate = exports.createAuthenticationSettings = exports.configureAuthentication = void 0;
const path = __importStar(__nccwpck_require__(71017));
const core = __importStar(__nccwpck_require__(42186)); const core = __importStar(__nccwpck_require__(42186));
const io = __importStar(__nccwpck_require__(47351)); const io = __importStar(__nccwpck_require__(47351));
const path = __importStar(__nccwpck_require__(71017));
const fs = __importStar(__nccwpck_require__(57147)); const fs = __importStar(__nccwpck_require__(57147));
const os = __importStar(__nccwpck_require__(22037)); const os = __importStar(__nccwpck_require__(22037));
const xmlbuilder2_1 = __nccwpck_require__(70151); const xmlbuilder2_1 = __nccwpck_require__(70151);
@ -122507,7 +122507,19 @@ function createAuthenticationSettings(id, username, password, settingsDirectory,
} }
exports.createAuthenticationSettings = createAuthenticationSettings; exports.createAuthenticationSettings = createAuthenticationSettings;
// only exported for testing purposes // only exported for testing purposes
function escapeXml(unsafeStr) {
return unsafeStr
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&apos;');
}
function generate(id, username, password, gpgPassphrase) { function generate(id, username, password, gpgPassphrase) {
const escapedUsername = escapeXml(username);
const escapedPassword = escapeXml(password);
let escapedGpgPassphrase = gpgPassphrase
? escapeXml(gpgPassphrase)
: undefined;
const xmlObj = { const xmlObj = {
settings: { settings: {
'@xmlns': 'http://maven.apache.org/SETTINGS/1.0.0', '@xmlns': 'http://maven.apache.org/SETTINGS/1.0.0',
@ -122517,8 +122529,8 @@ function generate(id, username, password, gpgPassphrase) {
server: [ server: [
{ {
id: id, id: id,
username: `\${env.${username}}`, username: escapedUsername,
password: `\${env.${password}}` password: escapedPassword
} }
] ]
} }
@ -122527,7 +122539,7 @@ function generate(id, username, password, gpgPassphrase) {
if (gpgPassphrase) { if (gpgPassphrase) {
const gpgServer = { const gpgServer = {
id: 'gpg.passphrase', id: 'gpg.passphrase',
passphrase: `\${env.${gpgPassphrase}}` passphrase: escapedGpgPassphrase
}; };
xmlObj.settings.servers.server.push(gpgServer); xmlObj.settings.servers.server.push(gpgServer);
} }

5
docs/advanced-usage.md
View file

@ -285,7 +285,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
env:
MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }} # set the env variable for username
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} # set the env variable for token
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # set the env variable for GPG private key passphrase
- name: Publish to Apache Maven Central - name: Publish to Apache Maven Central
run: mvn deploy run: mvn deploy
env: env:

8
src/auth.ts
View file

@ -1,6 +1,6 @@
import * as path from 'path';
import * as core from '@actions/core'; import * as core from '@actions/core';
import * as io from '@actions/io'; import * as io from '@actions/io';
import * as path from 'path';
import * as fs from 'fs'; import * as fs from 'fs';
import * as os from 'os'; import * as os from 'os';
@ -84,8 +84,8 @@ export function generate(
server: [ server: [
{ {
id: id, id: id,
username: `\${env.${username}}`, username: process.env['username'],
password: `\${env.${password}}` password: process.env['password']
} }
] ]
} }
@ -95,7 +95,7 @@ export function generate(
if (gpgPassphrase) { if (gpgPassphrase) {
const gpgServer = { const gpgServer = {
id: 'gpg.passphrase', id: 'gpg.passphrase',
passphrase: `\${env.${gpgPassphrase}}` passphrase: process.env['gpgPassphrase']
}; };
xmlObj.settings.servers.server.push(gpgServer); xmlObj.settings.servers.server.push(gpgServer);
} }