Compare commits

..

4 Commits

Author SHA1 Message Date
89b2566bb0 Check github-token on enterprise
On GitHub enterprise we may get a Personal Access token or a default token generated by GitHub that maybe not have the permissions required to access public GitHub, so we check and add it only if it can authenticate with the public GitHub API
2025-08-02 12:12:58 +05:30
dcec1cf0b4 Override GITHUB_TOKEN if COMPOSER_TOKEN is set 2025-07-30 22:30:05 +05:30
ccf2c627fe Bump version to 2.35.2 2025-07-29 19:08:58 +05:30
2a597f617d Fix race condition 2025-07-29 02:08:56 +05:30
5 changed files with 51 additions and 19 deletions

View File

@ -465,6 +465,7 @@ Disable coverage for these reasons:
- Specify the GitHub token to use for authentication.
- Accepts a `string`.
- By default, `GITHUB_TOKEN` secret provided by GitHub Actions is used.
- For GitHub Enterprise users, it is recommended to use a Personal Access Token (PAT).
### Outputs
@ -797,8 +798,6 @@ restore-keys: ${{ runner.os }}-composer-${{ matrix.prefer }}-
By default, setup-php uses the `GITHUB_TOKEN` secret that is generated for each workflow run. In case you want to use a Personal Access Token (PAT) instead, you can set the `github-token` input.
The `COMPOSER_TOKEN` and `GITHUB_TOKEN` environment variables have been deprecated in favor of the `github-token` input and will be removed in the next major version.
```yaml
- name: Setup PHP
uses: shivammathur/setup-php@v2
@ -807,6 +806,10 @@ The `COMPOSER_TOKEN` and `GITHUB_TOKEN` environment variables have been deprecat
github-token: ${{ secrets.YOUR_PAT_TOKEN }}
```
The `COMPOSER_TOKEN` and `GITHUB_TOKEN` environment variables have been deprecated in favor of the `github-token` input and will be removed in the next major version.
For GitHub Enterprise users, the `github-token` input does not default to the `GITHUB_TOKEN` secret. Therefore, it's recommended to set the `github-token` input to a Personal Access Token (PAT).
### Private Packagist Authentication
If you use Private Packagist for your private composer dependencies, you can set the `PACKAGIST_TOKEN` environment variable to authenticate.

4
package-lock.json generated
View File

@ -1,12 +1,12 @@
{
"name": "setup-php",
"version": "2.35.1",
"version": "2.35.2",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "setup-php",
"version": "2.35.1",
"version": "2.35.2",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.11.1",

View File

@ -1,6 +1,6 @@
{
"name": "setup-php",
"version": "2.35.1",
"version": "2.35.2",
"private": false,
"description": "Setup PHP for use with GitHub Actions",
"main": "lib/install.js",

View File

@ -28,8 +28,8 @@ Function Edit-ComposerConfig() {
Set-ComposerAuth
}
# Function to merge auth.json fragments.
Function Get-MergedAuthJson {
# Function to update auth.json.
Function Update-AuthJson {
[CmdletBinding()]
param(
[Parameter(Mandatory)][string[]] $ComposerAuth
@ -58,7 +58,20 @@ Function Get-MergedAuthJson {
}
}
}
return $existing | ConvertTo-Json -Depth 5
Set-Content -Path $composer_home\auth.json -Value ($existing | ConvertTo-Json -Depth 5)
}
function Test-GitHubPublicAccess {
param(
[Parameter(Mandatory=$true)]
[string]$Token
)
try {
Invoke-RestMethod -Uri 'https://api.github.com/' -Headers @{ Authorization = "token $Token" } -ErrorAction Stop | Out-Null
return $true
} catch {
return $false
}
}
# Function to setup authentication in composer.
@ -74,14 +87,18 @@ Function Set-ComposerAuth() {
if(Test-Path env:PACKAGIST_TOKEN) {
$composer_auth += '"http-basic": {"repo.packagist.com": { "username": "token", "password": "' + $env:PACKAGIST_TOKEN + '"}}'
}
if(-not(Test-Path env:GITHUB_TOKEN) -and (Test-Path env:COMPOSER_TOKEN)) {
$env:GITHUB_TOKEN = $env:COMPOSER_TOKEN
}
if (Test-Path env:GITHUB_TOKEN) {
$composer_auth += '"github-oauth": {"github.com": "' + $env:GITHUB_TOKEN + '"}'
$write_token = $true
$token = if ($env:COMPOSER_TOKEN) { $env:COMPOSER_TOKEN } else { $env:GITHUB_TOKEN }
if ($token) {
if ($env:GITHUB_SERVER_URL -ne "https://github.com" -and -not(Test-GitHubPublicAccess $token)) {
$write_token = $false
}
if($write_token) {
$composer_auth += '"github-oauth": {"github.com": "' + $token + '"}'
}
}
if($composer_auth.length) {
Set-Content -Path $composer_home\auth.json -Value (Get-MergedAuthJson $composer_auth)
Update-AuthJson $composer_auth
}
}

View File

@ -47,7 +47,7 @@ configure_composer() {
}
# Function to merge auth.json fragments.
get_merged_auth_json() {
update_auth_json() {
local auth_file="$composer_home/auth.json"
local merged
[[ -f "$auth_file" ]] && merged=$(<"$auth_file") || merged='{}'
@ -62,7 +62,12 @@ get_merged_auth_json() {
end
')
done
printf '%s' "$merged"
printf '%s' "$merged" > "$composer_home/auth.json"
}
# Function to check if public GitHub token authentication is possible.
can_access_public_github() {
curl --fail -s -H "Authorization: token $1" 'https://api.github.com/' >/dev/null 2>&1
}
# Function to setup authentication in composer.
@ -78,11 +83,18 @@ set_composer_auth() {
if [ -n "$PACKAGIST_TOKEN" ]; then
composer_auth+=( '"http-basic": {"repo.packagist.com": { "username": "token", "password": "'"$PACKAGIST_TOKEN"'"}}' )
fi
if [ -n "${GITHUB_TOKEN:-$COMPOSER_TOKEN}" ]; then
composer_auth+=( '"github-oauth": {"github.com": "'"${GITHUB_TOKEN:-$COMPOSER_TOKEN}"'"}' )
token="${COMPOSER_TOKEN:-$GITHUB_TOKEN}"
if [ -n "$token" ]; then
write_token=true
if [ "$GITHUB_SERVER_URL" != "https://github.com" ]; then
can_access_public_github "$token" || write_token=false
fi
if [ "$write_token" = 'true' ]; then
composer_auth+=( '"github-oauth": {"github.com": "'"$token"'"}' )
fi
fi
if ((${#composer_auth[@]})); then
get_merged_auth_json "${composer_auth[@]}" | tee "$composer_home/auth.json" >/dev/null
update_auth_json "${composer_auth[@]}"
fi
}