From c6b8c532e9fe671ec9ed1e2a3aa636604987430c Mon Sep 17 00:00:00 2001 From: Parry Date: Fri, 1 Mar 2024 12:43:13 +0800 Subject: [PATCH] bugfix(auth): Update authentication logic in settings.xml, unit tests, and documentation examples To resolve this, we've made significant updates to the logic within settings.xml for better handling of authentication information. Additionally, unit tests have been updated to reflect these changes and ensure robust verification. The documentation and examples have also been revised to provide clearer guidance on configuring and utilizing this updated process successfully. --- .github/workflows/e2e-publishing.yml | 16 ++++++++++++++ __tests__/auth.test.ts | 33 ++++++++++++++++++++-------- dist/setup/index.js | 20 +++++++++++++---- docs/advanced-usage.md | 9 +++++--- src/auth.ts | 8 +++---- 5 files changed, 66 insertions(+), 20 deletions(-) diff --git a/.github/workflows/e2e-publishing.yml b/.github/workflows/e2e-publishing.yml index dd7bd435..c22e22bc 100644 --- a/.github/workflows/e2e-publishing.yml +++ b/.github/workflows/e2e-publishing.yml @@ -36,6 +36,10 @@ jobs: server-username: MAVEN_USERNAME server-password: MAVEN_CENTRAL_TOKEN gpg-passphrase: MAVEN_GPG_PASSPHRASE + env: + MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }} + MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - name: Validate settings.xml run: | $xmlPath = Join-Path $HOME ".m2" "settings.xml" @@ -77,6 +81,10 @@ jobs: server-username: MAVEN_USERNAME server-password: MAVEN_CENTRAL_TOKEN gpg-passphrase: MAVEN_GPG_PASSPHRASE + env: + MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }} + MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - name: Validate settings.xml is overwritten run: | $xmlPath = Join-Path $HOME ".m2" "settings.xml" @@ -114,6 +122,10 @@ jobs: server-password: MAVEN_CENTRAL_TOKEN overwrite-settings: false gpg-passphrase: MAVEN_GPG_PASSPHRASE + env: + MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }} + MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - name: Validate that settings.xml is not overwritten run: | $xmlPath = Join-Path $HOME ".m2" "settings.xml" @@ -145,6 +157,10 @@ jobs: server-password: MAVEN_CENTRAL_TOKEN gpg-passphrase: MAVEN_GPG_PASSPHRASE settings-path: ${{ runner.temp }} + env: + MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }} + MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - name: Validate settings.xml location run: | $path = Join-Path $env:RUNNER_TEMP "settings.xml" diff --git a/__tests__/auth.test.ts b/__tests__/auth.test.ts index 06591da7..0d8e6c7e 100644 --- a/__tests__/auth.test.ts +++ b/__tests__/auth.test.ts @@ -1,8 +1,8 @@ -import * as io from '@actions/io'; import * as core from '@actions/core'; +import * as io from '@actions/io'; import * as fs from 'fs'; -import * as path from 'path'; import os from 'os'; +import * as path from 'path'; import * as auth from '../src/auth'; import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants'; @@ -10,6 +10,14 @@ import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants'; const m2Dir = path.join(__dirname, M2_DIR); const settingsFile = path.join(m2Dir, MVN_SETTINGS_FILE); +// escape xml special characters +function escapeXml(unsafeStr: string) { + return unsafeStr + .replace(/&/g, '&') + .replace(//g, '>'); +} + describe('auth tests', () => { let spyOSHomedir: jest.SpyInstance; let spyInfo: jest.SpyInstance; @@ -157,14 +165,17 @@ describe('auth tests', () => { const username = 'USER'; const password = '&<>"\'\'"><&'; + process.env['username'] = username; + process.env['password'] = password; + const expectedSettings = ` - ${id} - \${env.${username}} - \${env.&<>"''"><&} + ${escapeXml(id)} + ${escapeXml(username)} + ${escapeXml(password)} `; @@ -178,18 +189,22 @@ describe('auth tests', () => { const password = '&<>"\'\'"><&'; const gpgPassphrase = 'PASSPHRASE'; + process.env['username'] = username; + process.env['password'] = password; + process.env['gpgPassphrase'] = gpgPassphrase; + const expectedSettings = ` - ${id} - \${env.${username}} - \${env.&<>"''"><&} + ${escapeXml(id)} + ${escapeXml(username)} + ${escapeXml(password)} gpg.passphrase - \${env.${gpgPassphrase}} + ${escapeXml(gpgPassphrase)} `; diff --git a/dist/setup/index.js b/dist/setup/index.js index f8c70dab..3001e296 100644 --- a/dist/setup/index.js +++ b/dist/setup/index.js @@ -122463,9 +122463,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.generate = exports.createAuthenticationSettings = exports.configureAuthentication = void 0; -const path = __importStar(__nccwpck_require__(71017)); const core = __importStar(__nccwpck_require__(42186)); const io = __importStar(__nccwpck_require__(47351)); +const path = __importStar(__nccwpck_require__(71017)); const fs = __importStar(__nccwpck_require__(57147)); const os = __importStar(__nccwpck_require__(22037)); const xmlbuilder2_1 = __nccwpck_require__(70151); @@ -122507,7 +122507,19 @@ function createAuthenticationSettings(id, username, password, settingsDirectory, } exports.createAuthenticationSettings = createAuthenticationSettings; // only exported for testing purposes +function escapeXml(unsafeStr) { + return unsafeStr + .replace(//g, '>') + .replace(/"/g, '"') + .replace(/'/g, '''); +} function generate(id, username, password, gpgPassphrase) { + const escapedUsername = escapeXml(username); + const escapedPassword = escapeXml(password); + let escapedGpgPassphrase = gpgPassphrase + ? escapeXml(gpgPassphrase) + : undefined; const xmlObj = { settings: { '@xmlns': 'http://maven.apache.org/SETTINGS/1.0.0', @@ -122517,8 +122529,8 @@ function generate(id, username, password, gpgPassphrase) { server: [ { id: id, - username: `\${env.${username}}`, - password: `\${env.${password}}` + username: escapedUsername, + password: escapedPassword } ] } @@ -122527,7 +122539,7 @@ function generate(id, username, password, gpgPassphrase) { if (gpgPassphrase) { const gpgServer = { id: 'gpg.passphrase', - passphrase: `\${env.${gpgPassphrase}}` + passphrase: escapedGpgPassphrase }; xmlObj.settings.servers.server.push(gpgServer); } diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index ede356f9..8686a2fa 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -182,7 +182,7 @@ steps: jdkFile: ${{ runner.temp }}/java_package.tar.gz java-version: '11.0.0' architecture: x64 - + - run: java -cp java HelloWorldApp ``` @@ -285,7 +285,10 @@ jobs: server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase - + env: + MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }} # set the env variable for username + MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} # set the env variable for token + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # set the env variable for GPG private key passphrase - name: Publish to Apache Maven Central run: mvn deploy env: @@ -527,7 +530,7 @@ steps: ## Java-version file If the `java-version-file` input is specified, the action will try to extract the version from the file and install it. -Action is able to recognize all variants of the version description according to [jenv](https://github.com/jenv/jenv). +Action is able to recognize all variants of the version description according to [jenv](https://github.com/jenv/jenv). Valid entry options: ``` major versions: 8, 11, 16, 17, 21 diff --git a/src/auth.ts b/src/auth.ts index c8ea6291..7356e9ee 100644 --- a/src/auth.ts +++ b/src/auth.ts @@ -1,6 +1,6 @@ -import * as path from 'path'; import * as core from '@actions/core'; import * as io from '@actions/io'; +import * as path from 'path'; import * as fs from 'fs'; import * as os from 'os'; @@ -84,8 +84,8 @@ export function generate( server: [ { id: id, - username: `\${env.${username}}`, - password: `\${env.${password}}` + username: process.env['username'], + password: process.env['password'] } ] } @@ -95,7 +95,7 @@ export function generate( if (gpgPassphrase) { const gpgServer = { id: 'gpg.passphrase', - passphrase: `\${env.${gpgPassphrase}}` + passphrase: process.env['gpgPassphrase'] }; xmlObj.settings.servers.server.push(gpgServer); }