actions/setup-java
2
0
Fork 0
mirror of https://github.com/actions/setup-java.git synced 2025-04-18 00:46:45 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix(auth): Update authentication logic in settings.xml, unit tests (#1)

Browse source 
* fix(auth): Update authentication logic in settings.xml, unit tests

Enhanced the logic for reading authentication information in the settings.xml file to address an issue where attempts to configure a GitHub Action for fetching packages from a repository within the same organization resulted in authentication errors.
Despite the correct configuration, the process failed with a 401 Unauthorized status during dependency download from GitHub's Maven package repository.
The error was pinpointed to a non-resolvable parent POM due to authentication failure, with an incorrect 'parent.relativePath' exacerbating the issue.

To resolve this, I made significant updates to the logic within settings.xml for better handling of authentication information.
Additionally, unit tests have been updated to reflect these changes and ensure robust verification.

The documentation and examples have also been revised to provide clearer guidance on configuring and utilizing this updated process successfully.
This commit is contained in:
Parry 2024-03-01 16:16:24 +08:00 committed by GitHub
parent 9704b39bf2
commit c0786a2b6c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 58 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

20
.github/workflows/e2e-publishing.yml vendored
View file

@ -36,6 +36,10 @@ jobs:
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
env:
MAVEN_USERNAME: MAVEN_USERNAME
MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN
MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE
- name: Validate settings.xml
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@ -43,11 +47,11 @@ jobs:
[xml]$xml = Get-Content $xmlPath
$servers = $xml.settings.servers.server
if (($servers[0].id -ne 'maven') -or ($servers[0].username -ne '${env.MAVEN_USERNAME}') -or ($servers[0].password -ne '${env.MAVEN_CENTRAL_TOKEN}')) {
if (($servers[0].id -ne 'maven') -or ($servers[0].username -ne 'MAVEN_USERNAME') -or ($servers[0].password -ne 'MAVEN_CENTRAL_TOKEN')) {
throw "Generated XML file is incorrect"
}
if (($servers[1].id -ne 'gpg.passphrase') -or ($servers[1].passphrase -ne '${env.MAVEN_GPG_PASSPHRASE}')) {
if (($servers[1].id -ne 'gpg.passphrase') -or ($servers[1].passphrase -ne 'MAVEN_GPG_PASSPHRASE')) {
throw "Generated XML file is incorrect"
}
@ -77,6 +81,10 @@ jobs:
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
env:
MAVEN_USERNAME: MAVEN_USERNAME
MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN
MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE
- name: Validate settings.xml is overwritten
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@ -114,6 +122,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN
overwrite-settings: false
gpg-passphrase: MAVEN_GPG_PASSPHRASE
env:
MAVEN_USERNAME: MAVEN_USERNAME
MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN
MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE
- name: Validate that settings.xml is not overwritten
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@ -145,6 +157,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
settings-path: ${{ runner.temp }}
env:
MAVEN_USERNAME: MAVEN_USERNAME
MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN
MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE
- name: Validate settings.xml location
run: |
$path = Join-Path $env:RUNNER_TEMP "settings.xml"

37
__tests__/auth.test.ts
View file

@ -1,8 +1,8 @@
import * as io from '@actions/io';
import * as core from '@actions/core';
import * as io from '@actions/io';
import * as fs from 'fs';
import * as path from 'path';
import os from 'os';
import * as path from 'path';
import * as auth from '../src/auth';
import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants';
@ -10,6 +10,14 @@ import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants';
const m2Dir = path.join(__dirname, M2_DIR);
const settingsFile = path.join(m2Dir, MVN_SETTINGS_FILE);
// escape xml special characters
function escapeXml(unsafeStr: string) {
return unsafeStr
.replace(/&/g, '&')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;');
}
describe('auth tests', () => {
let spyOSHomedir: jest.SpyInstance;
let spyInfo: jest.SpyInstance;
@ -157,19 +165,22 @@ describe('auth tests', () => {
const username = 'USER';
const password = '&<>"\'\'"><&';
process.env['username'] = username;
process.env['password'] = password;
const expectedSettings = `<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>${id}</id>
<username>\${env.${username}}</username>
<password>\${env.&amp;&lt;&gt;"''"&gt;&lt;&amp;}</password>
<id>${escapeXml(id)}</id>
<username>${escapeXml(username)}</username>
<password>${escapeXml(password)}</password>
</server>
</servers>
</settings>`;
expect(auth.generate(id, username, password)).toEqual(expectedSettings);
expect(auth.generate(id, 'username', 'password')).toEqual(expectedSettings);
});
it('generates valid settings.xml with additional configuration', () => {
@ -178,23 +189,27 @@ describe('auth tests', () => {
const password = '&<>"\'\'"><&';
const gpgPassphrase = 'PASSPHRASE';
process.env['username'] = username;
process.env['password'] = password;
process.env['gpgPassphrase'] = gpgPassphrase;
const expectedSettings = `<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>${id}</id>
<username>\${env.${username}}</username>
<password>\${env.&amp;&lt;&gt;"''"&gt;&lt;&amp;}</password>
<id>${escapeXml(id)}</id>
<username>${escapeXml(username)}</username>
<password>${escapeXml(password)}</password>
</server>
<server>
<id>gpg.passphrase</id>
<passphrase>\${env.${gpgPassphrase}}</passphrase>
<passphrase>${escapeXml(gpgPassphrase)}</passphrase>
</server>
</servers>
</settings>`;
expect(auth.generate(id, username, password, gpgPassphrase)).toEqual(
expect(auth.generate(id, 'username', 'password', 'gpgPassphrase')).toEqual(
expectedSettings
);
});

8
dist/setup/index.js vendored
View file

@ -122463,9 +122463,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.generate = exports.createAuthenticationSettings = exports.configureAuthentication = void 0;
const path = __importStar(__nccwpck_require__(71017));
const core = __importStar(__nccwpck_require__(42186));
const io = __importStar(__nccwpck_require__(47351));
const path = __importStar(__nccwpck_require__(71017));
const fs = __importStar(__nccwpck_require__(57147));
const os = __importStar(__nccwpck_require__(22037));
const xmlbuilder2_1 = __nccwpck_require__(70151);
@ -122517,8 +122517,8 @@ function generate(id, username, password, gpgPassphrase) {
server: [
{
id: id,
username: `\${env.${username}}`,
password: `\${env.${password}}`
username: process.env[username],
password: process.env[password]
}
]
}
@ -122527,7 +122527,7 @@ function generate(id, username, password, gpgPassphrase) {
if (gpgPassphrase) {
const gpgServer = {
id: 'gpg.passphrase',
passphrase: `\${env.${gpgPassphrase}}`
passphrase: process.env[gpgPassphrase]
};
xmlObj.settings.servers.server.push(gpgServer);
}

9
docs/advanced-usage.md
View file

@ -182,7 +182,7 @@ steps:
jdkFile: ${{ runner.temp }}/java_package.tar.gz
java-version: '11.0.0'
architecture: x64
- run: java -cp java HelloWorldApp
```
@ -285,7 +285,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
env:
MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }} # set the env variable for username
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} # set the env variable for token
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # set the env variable for GPG private key passphrase
- name: Publish to Apache Maven Central
run: mvn deploy
env:
@ -527,7 +530,7 @@ steps:
## Java-version file
If the `java-version-file` input is specified, the action will try to extract the version from the file and install it.
Action is able to recognize all variants of the version description according to [jenv](https://github.com/jenv/jenv).
Action is able to recognize all variants of the version description according to [jenv](https://github.com/jenv/jenv).
Valid entry options:
```
major versions: 8, 11, 16, 17, 21

8
src/auth.ts
View file

@ -1,6 +1,6 @@
import * as path from 'path';
import * as core from '@actions/core';
import * as io from '@actions/io';
import * as path from 'path';
import * as fs from 'fs';
import * as os from 'os';
@ -84,8 +84,8 @@ export function generate(
server: [
{
id: id,
username: `\${env.${username}}`,
password: `\${env.${password}}`
username: process.env[username],
password: process.env[password]
}
]
}
@ -95,7 +95,7 @@ export function generate(
if (gpgPassphrase) {
const gpgServer = {
id: 'gpg.passphrase',
passphrase: `\${env.${gpgPassphrase}}`
passphrase: process.env[gpgPassphrase]
};
xmlObj.settings.servers.server.push(gpgServer);
}