actions/checkout
1
0
Fork 0
mirror of https://github.com/actions/checkout.git synced 2025-10-15 23:55:08 +07:00
Code Issues Packages Projects Releases Wiki Activity

Split removeGitConfig, improve comments, fix tests, and set GITHUB_WORKSPACE in tests

Browse Source
This commit is contained in:
eric sciple
2025-10-14 23:15:53 +00:00
parent a60fb6cabe
commit 0f2eb6b146
3 changed files with 85 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
__test__/git-auth-helper.test.ts
View File

@ -595,11 +595,14 @@ describe('git-auth-helper tests', () => {
await authHelper.configureSubmoduleAuth() await authHelper.configureSubmoduleAuth()
// Assert // Assert
// Should get submodule config paths (1 call) and configure insteadOf (2 calls for two values)
expect(mockSubmoduleForeach).toHaveBeenCalledTimes(4) expect(mockSubmoduleForeach).toHaveBeenCalledTimes(4)
expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch( expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
/unset-all.*insteadOf/ /unset-all.*insteadOf/
) )
expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/) expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(
/show-origin.*remote\.origin\.url/
)
expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch( expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(
/url.*insteadOf.*git@github.com:/ /url.*insteadOf.*git@github.com:/
) )
@ -634,11 +637,14 @@ describe('git-auth-helper tests', () => {
await authHelper.configureSubmoduleAuth() await authHelper.configureSubmoduleAuth()
// Assert // Assert
// Should get submodule config paths (1 call) and configure sshCommand (1 call)
expect(mockSubmoduleForeach).toHaveBeenCalledTimes(3) expect(mockSubmoduleForeach).toHaveBeenCalledTimes(3)
expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch( expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
/unset-all.*insteadOf/ /unset-all.*insteadOf/
) )
expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/) expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(
/show-origin.*remote\.origin\.url/
)
expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/core\.sshCommand/) expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/core\.sshCommand/)
} }
) )
@ -776,6 +782,7 @@ async function setup(testName: string): Promise<void> {
await fs.promises.mkdir(tempHomedir, {recursive: true}) await fs.promises.mkdir(tempHomedir, {recursive: true})
process.env['RUNNER_TEMP'] = runnerTemp process.env['RUNNER_TEMP'] = runnerTemp
process.env['HOME'] = tempHomedir process.env['HOME'] = tempHomedir
process.env['GITHUB_WORKSPACE'] = workspace
// Create git config // Create git config
globalGitConfigPath = path.join(tempHomedir, '.gitconfig') globalGitConfigPath = path.join(tempHomedir, '.gitconfig')

73
dist/index.js vendored
View File

@ -163,7 +163,7 @@ class GitAuthHelper {
this.sshKnownHostsPath = ''; this.sshKnownHostsPath = '';
this.temporaryHomePath = ''; this.temporaryHomePath = '';
this.credentialsConfigPath = ''; // Path to separate credentials config file in RUNNER_TEMP this.credentialsConfigPath = ''; // Path to separate credentials config file in RUNNER_TEMP
this.credentialsIncludeKeys = []; // Track includeIf/include config keys for cleanup this.credentialsIncludeKeys = []; // Track includeIf config keys for cleanup
this.git = gitCommandManager; this.git = gitCommandManager;
this.settings = gitSourceSettings || {}; this.settings = gitSourceSettings || {};
// Token auth header // Token auth header
@ -268,18 +268,19 @@ class GitAuthHelper {
configureSubmoduleAuth() { configureSubmoduleAuth() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
// Remove possible previous HTTPS instead of SSH // Remove possible previous HTTPS instead of SSH
yield this.removeGitConfig(this.insteadOfKey, true); yield this.removeSubmoduleGitConfig(this.insteadOfKey);
if (this.settings.persistCredentials) { if (this.settings.persistCredentials) {
// Use the same credentials config file created for the main repo // Credentials config path
const credentialsConfigPath = yield this.getCredentialsConfigPath(); const credentialsConfigPath = yield this.getCredentialsConfigPath();
// Container credentials config path
const containerCredentialsPath = path.posix.join('/github/runner_temp', path.basename(credentialsConfigPath));
// Container repo path
const workingDirectory = this.git.getWorkingDirectory();
const githubWorkspace = process.env['GITHUB_WORKSPACE']; const githubWorkspace = process.env['GITHUB_WORKSPACE'];
assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined'); assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined');
const containerCredentialsPath = path.posix.join('/github/runner_temp', path.basename(credentialsConfigPath));
// Calculate container git directory base path
const workingDirectory = this.git.getWorkingDirectory();
let relativePath = path.relative(githubWorkspace, workingDirectory); let relativePath = path.relative(githubWorkspace, workingDirectory);
relativePath = relativePath.replace(/\\/g, '/'); relativePath = relativePath.replace(/\\/g, '/');
const containerWorkspaceBase = path.posix.join('/github/workspace', relativePath); const containerRepoPath = path.posix.join('/github/workspace', relativePath);
// Get submodule config file paths. // Get submodule config file paths.
// Use `--show-origin` to get the config file path for each submodule. // Use `--show-origin` to get the config file path for each submodule.
const output = yield this.git.submoduleForeach(`git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules); const output = yield this.git.submoduleForeach(`git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules);
@ -288,18 +289,16 @@ class GitAuthHelper {
// For each submodule, configure includeIf entries pointing to the shared credentials file. // For each submodule, configure includeIf entries pointing to the shared credentials file.
// Configure both host and container paths to support Docker container actions. // Configure both host and container paths to support Docker container actions.
for (const configPath of configPaths) { for (const configPath of configPaths) {
// Get the submodule path from its config file path. // Submodule path
const submodulePath = path.dirname(path.dirname(configPath)); const submodulePath = path.dirname(path.dirname(configPath));
// Configure host path includeIf. // Configure host includeIf
// Use forward slashes for git config, even on Windows.
let submoduleGitDir = path.join(submodulePath, '.git'); let submoduleGitDir = path.join(submodulePath, '.git');
submoduleGitDir = submoduleGitDir.replace(/\\/g, '/'); submoduleGitDir = submoduleGitDir.replace(/\\/g, '/'); // Use forward slashes, even on Windows
yield this.git.config(`includeIf.gitdir:${submoduleGitDir}.path`, credentialsConfigPath, false, false, configPath); yield this.git.config(`includeIf.gitdir:${submoduleGitDir}.path`, credentialsConfigPath, false, false, configPath);
// Configure container path includeIf. // Configure container includeIf
// Use forward slashes for git config, even on Windows.
let submoduleRelativePath = path.relative(workingDirectory, submodulePath); let submoduleRelativePath = path.relative(workingDirectory, submodulePath);
submoduleRelativePath = submoduleRelativePath.replace(/\\/g, '/'); submoduleRelativePath = submoduleRelativePath.replace(/\\/g, '/'); // Use forward slashes, even on Windows
const containerSubmoduleGitDir = path.posix.join(containerWorkspaceBase, submoduleRelativePath, '.git'); const containerSubmoduleGitDir = path.posix.join(containerRepoPath, submoduleRelativePath, '.git');
yield this.git.config(`includeIf.gitdir:${containerSubmoduleGitDir}.path`, containerCredentialsPath, false, false, configPath); yield this.git.config(`includeIf.gitdir:${containerSubmoduleGitDir}.path`, containerCredentialsPath, false, false, configPath);
} }
if (this.settings.sshKey) { if (this.settings.sshKey) {
@ -404,25 +403,23 @@ class GitAuthHelper {
yield this.git.config('include.path', credentialsConfigPath, true); yield this.git.config('include.path', credentialsConfigPath, true);
} }
else { else {
// For local config, use includeIf.gitdir to match the .git directory. // Host git directory
// Configure for both host and container paths to support Docker container actions.
let gitDir = path.join(this.git.getWorkingDirectory(), '.git'); let gitDir = path.join(this.git.getWorkingDirectory(), '.git');
// Use forward slashes for git config, even on Windows gitDir = gitDir.replace(/\\/g, '/'); // Use forward slashes, even on Windows
gitDir = gitDir.replace(/\\/g, '/'); // Configure host includeIf
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`; const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`;
yield this.git.config(hostIncludeKey, credentialsConfigPath); yield this.git.config(hostIncludeKey, credentialsConfigPath);
this.credentialsIncludeKeys.push(hostIncludeKey); this.credentialsIncludeKeys.push(hostIncludeKey);
// Configure for container scenario where paths are mapped to fixed locations // Container git directory
const githubWorkspace = process.env['GITHUB_WORKSPACE']; const githubWorkspace = process.env['GITHUB_WORKSPACE'];
assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined'); assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined');
// Calculate the relative path of the working directory from GITHUB_WORKSPACE
const workingDirectory = this.git.getWorkingDirectory(); const workingDirectory = this.git.getWorkingDirectory();
let relativePath = path.relative(githubWorkspace, workingDirectory); let relativePath = path.relative(githubWorkspace, workingDirectory);
// Container paths: GITHUB_WORKSPACE -> /github/workspace, RUNNER_TEMP -> /github/runner_temp relativePath = relativePath.replace(/\\/g, '/'); // Use forward slashes, even on Windows
// Use forward slashes for git config
relativePath = relativePath.replace(/\\/g, '/');
const containerGitDir = path.posix.join('/github/workspace', relativePath, '.git'); const containerGitDir = path.posix.join('/github/workspace', relativePath, '.git');
// Container credentials config path
const containerCredentialsPath = path.posix.join('/github/runner_temp', path.basename(credentialsConfigPath)); const containerCredentialsPath = path.posix.join('/github/runner_temp', path.basename(credentialsConfigPath));
// Configure container includeIf
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`; const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`;
yield this.git.config(containerIncludeKey, containerCredentialsPath); yield this.git.config(containerIncludeKey, containerCredentialsPath);
this.credentialsIncludeKeys.push(containerIncludeKey); this.credentialsIncludeKeys.push(containerIncludeKey);
@ -469,19 +466,21 @@ class GitAuthHelper {
} }
// SSH command // SSH command
yield this.removeGitConfig(SSH_COMMAND_KEY); yield this.removeGitConfig(SSH_COMMAND_KEY);
yield this.removeSubmoduleGitConfig(SSH_COMMAND_KEY);
}); });
} }
removeToken() { removeToken() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
var _a; var _a;
// HTTP extra header // Remove HTTP extra header
yield this.removeGitConfig(this.tokenConfigKey); yield this.removeGitConfig(this.tokenConfigKey);
// Remove include/includeIf config entries yield this.removeSubmoduleGitConfig(this.tokenConfigKey);
// Remove includeIf
for (const includeKey of this.credentialsIncludeKeys) { for (const includeKey of this.credentialsIncludeKeys) {
yield this.removeGitConfig(includeKey); yield this.removeGitConfig(includeKey);
} }
this.credentialsIncludeKeys = []; this.credentialsIncludeKeys = [];
// Remove includeIf entries from submodules // Remove submodule includeIf
yield this.git.submoduleForeach(`sh -c "git config --local --get-regexp '^includeIf\\.' && git config --local --remove-section includeIf || :"`, true); yield this.git.submoduleForeach(`sh -c "git config --local --get-regexp '^includeIf\\.' && git config --local --remove-section includeIf || :"`, true);
// Remove credentials config file // Remove credentials config file
if (this.credentialsConfigPath) { if (this.credentialsConfigPath) {
@ -495,18 +494,20 @@ class GitAuthHelper {
} }
}); });
} }
removeGitConfig(configKey_1) { removeGitConfig(configKey) {
return __awaiter(this, arguments, void 0, function* (configKey, submoduleOnly = false) { return __awaiter(this, void 0, void 0, function* () {
if (!submoduleOnly) { if ((yield this.git.configExists(configKey)) &&
if ((yield this.git.configExists(configKey)) && !(yield this.git.tryConfigUnset(configKey))) {
!(yield this.git.tryConfigUnset(configKey))) { // Load the config contents
// Load the config contents core.warning(`Failed to remove '${configKey}' from the git config`);
core.warning(`Failed to remove '${configKey}' from the git config`);
}
} }
});
}
removeSubmoduleGitConfig(configKey) {
return __awaiter(this, void 0, void 0, function* () {
const pattern = regexpHelper.escape(configKey); const pattern = regexpHelper.escape(configKey);
yield this.git.submoduleForeach( yield this.git.submoduleForeach(
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline // Wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline.
`sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, true); `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, true);
}); });
} }

81
src/git-auth-helper.ts
View File

@ -44,7 +44,7 @@ class GitAuthHelper {
private sshKnownHostsPath = '' private sshKnownHostsPath = ''
private temporaryHomePath = '' private temporaryHomePath = ''
private credentialsConfigPath = '' // Path to separate credentials config file in RUNNER_TEMP private credentialsConfigPath = '' // Path to separate credentials config file in RUNNER_TEMP
private credentialsIncludeKeys: string[] = [] // Track includeIf/include config keys for cleanup private credentialsIncludeKeys: string[] = [] // Track includeIf config keys for cleanup
constructor( constructor(
gitCommandManager: IGitCommandManager, gitCommandManager: IGitCommandManager,
@ -168,24 +168,25 @@ class GitAuthHelper {
async configureSubmoduleAuth(): Promise<void> { async configureSubmoduleAuth(): Promise<void> {
// Remove possible previous HTTPS instead of SSH // Remove possible previous HTTPS instead of SSH
await this.removeGitConfig(this.insteadOfKey, true) await this.removeSubmoduleGitConfig(this.insteadOfKey)
if (this.settings.persistCredentials) { if (this.settings.persistCredentials) {
// Use the same credentials config file created for the main repo // Credentials config path
const credentialsConfigPath = await this.getCredentialsConfigPath() const credentialsConfigPath = await this.getCredentialsConfigPath()
const githubWorkspace = process.env['GITHUB_WORKSPACE']
assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined')
// Container credentials config path
const containerCredentialsPath = path.posix.join( const containerCredentialsPath = path.posix.join(
'/github/runner_temp', '/github/runner_temp',
path.basename(credentialsConfigPath) path.basename(credentialsConfigPath)
) )
// Calculate container git directory base path // Container repo path
const workingDirectory = this.git.getWorkingDirectory() const workingDirectory = this.git.getWorkingDirectory()
const githubWorkspace = process.env['GITHUB_WORKSPACE']
assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined')
let relativePath = path.relative(githubWorkspace, workingDirectory) let relativePath = path.relative(githubWorkspace, workingDirectory)
relativePath = relativePath.replace(/\\/g, '/') relativePath = relativePath.replace(/\\/g, '/')
const containerWorkspaceBase = path.posix.join( const containerRepoPath = path.posix.join(
'/github/workspace', '/github/workspace',
relativePath relativePath
) )
@ -204,12 +205,12 @@ class GitAuthHelper {
// For each submodule, configure includeIf entries pointing to the shared credentials file. // For each submodule, configure includeIf entries pointing to the shared credentials file.
// Configure both host and container paths to support Docker container actions. // Configure both host and container paths to support Docker container actions.
for (const configPath of configPaths) { for (const configPath of configPaths) {
// Get the submodule path from its config file path. // Submodule path
const submodulePath = path.dirname(path.dirname(configPath)) const submodulePath = path.dirname(path.dirname(configPath))
// Configure host path includeIf.
// Use forward slashes for git config, even on Windows. // Configure host includeIf
let submoduleGitDir = path.join(submodulePath, '.git') let submoduleGitDir = path.join(submodulePath, '.git')
submoduleGitDir = submoduleGitDir.replace(/\\/g, '/') submoduleGitDir = submoduleGitDir.replace(/\\/g, '/') // Use forward slashes, even on Windows
await this.git.config( await this.git.config(
`includeIf.gitdir:${submoduleGitDir}.path`, `includeIf.gitdir:${submoduleGitDir}.path`,
credentialsConfigPath, credentialsConfigPath,
@ -218,15 +219,14 @@ class GitAuthHelper {
configPath configPath
) )
// Configure container path includeIf. // Configure container includeIf
// Use forward slashes for git config, even on Windows.
let submoduleRelativePath = path.relative( let submoduleRelativePath = path.relative(
workingDirectory, workingDirectory,
submodulePath submodulePath
) )
submoduleRelativePath = submoduleRelativePath.replace(/\\/g, '/') submoduleRelativePath = submoduleRelativePath.replace(/\\/g, '/') // Use forward slashes, even on Windows
const containerSubmoduleGitDir = path.posix.join( const containerSubmoduleGitDir = path.posix.join(
containerWorkspaceBase, containerRepoPath,
submoduleRelativePath, submoduleRelativePath,
'.git' '.git'
) )
@ -365,36 +365,34 @@ class GitAuthHelper {
// Global config file is temporary // Global config file is temporary
await this.git.config('include.path', credentialsConfigPath, true) await this.git.config('include.path', credentialsConfigPath, true)
} else { } else {
// For local config, use includeIf.gitdir to match the .git directory. // Host git directory
// Configure for both host and container paths to support Docker container actions.
let gitDir = path.join(this.git.getWorkingDirectory(), '.git') let gitDir = path.join(this.git.getWorkingDirectory(), '.git')
// Use forward slashes for git config, even on Windows gitDir = gitDir.replace(/\\/g, '/') // Use forward slashes, even on Windows
gitDir = gitDir.replace(/\\/g, '/')
// Configure host includeIf
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path` const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`
await this.git.config(hostIncludeKey, credentialsConfigPath) await this.git.config(hostIncludeKey, credentialsConfigPath)
this.credentialsIncludeKeys.push(hostIncludeKey) this.credentialsIncludeKeys.push(hostIncludeKey)
// Configure for container scenario where paths are mapped to fixed locations // Container git directory
const githubWorkspace = process.env['GITHUB_WORKSPACE'] const githubWorkspace = process.env['GITHUB_WORKSPACE']
assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined') assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined')
// Calculate the relative path of the working directory from GITHUB_WORKSPACE
const workingDirectory = this.git.getWorkingDirectory() const workingDirectory = this.git.getWorkingDirectory()
let relativePath = path.relative(githubWorkspace, workingDirectory) let relativePath = path.relative(githubWorkspace, workingDirectory)
relativePath = relativePath.replace(/\\/g, '/') // Use forward slashes, even on Windows
// Container paths: GITHUB_WORKSPACE -> /github/workspace, RUNNER_TEMP -> /github/runner_temp
// Use forward slashes for git config
relativePath = relativePath.replace(/\\/g, '/')
const containerGitDir = path.posix.join( const containerGitDir = path.posix.join(
'/github/workspace', '/github/workspace',
relativePath, relativePath,
'.git' '.git'
) )
// Container credentials config path
const containerCredentialsPath = path.posix.join( const containerCredentialsPath = path.posix.join(
'/github/runner_temp', '/github/runner_temp',
path.basename(credentialsConfigPath) path.basename(credentialsConfigPath)
) )
// Configure container includeIf
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path` const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`
await this.git.config(containerIncludeKey, containerCredentialsPath) await this.git.config(containerIncludeKey, containerCredentialsPath)
this.credentialsIncludeKeys.push(containerIncludeKey) this.credentialsIncludeKeys.push(containerIncludeKey)
@ -444,19 +442,21 @@ class GitAuthHelper {
// SSH command // SSH command
await this.removeGitConfig(SSH_COMMAND_KEY) await this.removeGitConfig(SSH_COMMAND_KEY)
await this.removeSubmoduleGitConfig(SSH_COMMAND_KEY)
} }
private async removeToken(): Promise<void> { private async removeToken(): Promise<void> {
// HTTP extra header // Remove HTTP extra header
await this.removeGitConfig(this.tokenConfigKey) await this.removeGitConfig(this.tokenConfigKey)
await this.removeSubmoduleGitConfig(this.tokenConfigKey)
// Remove include/includeIf config entries // Remove includeIf
for (const includeKey of this.credentialsIncludeKeys) { for (const includeKey of this.credentialsIncludeKeys) {
await this.removeGitConfig(includeKey) await this.removeGitConfig(includeKey)
} }
this.credentialsIncludeKeys = [] this.credentialsIncludeKeys = []
// Remove includeIf entries from submodules // Remove submodule includeIf
await this.git.submoduleForeach( await this.git.submoduleForeach(
`sh -c "git config --local --get-regexp '^includeIf\\.' && git config --local --remove-section includeIf || :"`, `sh -c "git config --local --get-regexp '^includeIf\\.' && git config --local --remove-section includeIf || :"`,
true true
@ -475,23 +475,20 @@ class GitAuthHelper {
} }
} }
private async removeGitConfig( private async removeGitConfig(configKey: string): Promise<void> {
configKey: string, if (
submoduleOnly: boolean = false (await this.git.configExists(configKey)) &&
): Promise<void> { !(await this.git.tryConfigUnset(configKey))
if (!submoduleOnly) { ) {
if ( // Load the config contents
(await this.git.configExists(configKey)) && core.warning(`Failed to remove '${configKey}' from the git config`)
!(await this.git.tryConfigUnset(configKey))
) {
// Load the config contents
core.warning(`Failed to remove '${configKey}' from the git config`)
}
} }
}
private async removeSubmoduleGitConfig(configKey: string): Promise<void> {
const pattern = regexpHelper.escape(configKey) const pattern = regexpHelper.escape(configKey)
await this.git.submoduleForeach( await this.git.submoduleForeach(
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline // Wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline.
`sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`,
true true
) )