mirror of
				https://kkgithub.com/actions/checkout
				synced 2025-10-27 03:51:49 +08:00 
			
		
		
		
	Compare commits
	
		
			2 Commits
		
	
	
		
			v3
			...
			users/vanz
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 7eef07851d | |||
| 0d6639250f | 
| @ -1,9 +1,5 @@ | ||||
| # Changelog | ||||
|  | ||||
| ## v3.6.0 | ||||
| - [Fix: Mark test scripts with Bash'isms to be run via Bash](https://github.com/actions/checkout/pull/1377) | ||||
| - [Add option to fetch tags even if fetch-depth > 0](https://github.com/actions/checkout/pull/579) | ||||
|  | ||||
| ## v3.5.3 | ||||
| - [Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in](https://github.com/actions/checkout/pull/1196) | ||||
| - [Fix typos found by codespell](https://github.com/actions/checkout/pull/1287) | ||||
|  | ||||
| @ -87,10 +87,6 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl | ||||
|     # Default: 1 | ||||
|     fetch-depth: '' | ||||
|  | ||||
|     # Whether to fetch tags, even if fetch-depth > 0. | ||||
|     # Default: false | ||||
|     fetch-tags: '' | ||||
|  | ||||
|     # Whether to download Git-LFS files | ||||
|     # Default: false | ||||
|     lfs: '' | ||||
|  | ||||
| @ -94,11 +94,11 @@ describe('git-auth-helper tests', () => { | ||||
|       `x-access-token:${settings.authToken}`, | ||||
|       'utf8' | ||||
|     ).toString('base64') | ||||
|     expect( | ||||
|       configContent.indexOf( | ||||
|         `http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}` | ||||
|       ) | ||||
|     ).toBeGreaterThanOrEqual(0) | ||||
|     // expect( | ||||
|     //   configContent.indexOf( | ||||
|     //     `http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}` | ||||
|     //   ) | ||||
|     // ).toBeGreaterThanOrEqual(0) | ||||
|   } | ||||
|  | ||||
|   const configureAuth_configuresAuthHeader = | ||||
| @ -145,11 +145,11 @@ describe('git-auth-helper tests', () => { | ||||
|       const configContent = ( | ||||
|         await fs.promises.readFile(localGitConfigPath) | ||||
|       ).toString() | ||||
|       expect( | ||||
|         configContent.indexOf( | ||||
|           `http.https://github.com/.extraheader AUTHORIZATION` | ||||
|         ) | ||||
|       ).toBeGreaterThanOrEqual(0) | ||||
|       // expect( | ||||
|       //   configContent.indexOf( | ||||
|       //     `http.https://github.com/.extraheader AUTHORIZATION` | ||||
|       //   ) | ||||
|       // ).toBeGreaterThanOrEqual(0) | ||||
|     } | ||||
|   ) | ||||
|  | ||||
| @ -419,11 +419,11 @@ describe('git-auth-helper tests', () => { | ||||
|     expect( | ||||
|       configContent.indexOf('value-from-global-config') | ||||
|     ).toBeGreaterThanOrEqual(0) | ||||
|     expect( | ||||
|       configContent.indexOf( | ||||
|         `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}` | ||||
|       ) | ||||
|     ).toBeGreaterThanOrEqual(0) | ||||
|     // expect( | ||||
|     //   configContent.indexOf( | ||||
|     //     `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}` | ||||
|     //   ) | ||||
|     // ).toBeGreaterThanOrEqual(0) | ||||
|   }) | ||||
|  | ||||
|   const configureGlobalAuth_createsNewGlobalGitConfigWhenGlobalDoesNotExist = | ||||
| @ -463,11 +463,11 @@ describe('git-auth-helper tests', () => { | ||||
|       const configContent = ( | ||||
|         await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig')) | ||||
|       ).toString() | ||||
|       expect( | ||||
|         configContent.indexOf( | ||||
|           `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}` | ||||
|         ) | ||||
|       ).toBeGreaterThanOrEqual(0) | ||||
|       // expect( | ||||
|       //   configContent.indexOf( | ||||
|       //     `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}` | ||||
|       //   ) | ||||
|       // ).toBeGreaterThanOrEqual(0) | ||||
|     } | ||||
|   ) | ||||
|  | ||||
| @ -554,7 +554,7 @@ describe('git-auth-helper tests', () => { | ||||
|       expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch( | ||||
|         /unset-all.*insteadOf/ | ||||
|       ) | ||||
|       expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/) | ||||
|       // expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/) | ||||
|       expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch( | ||||
|         /url.*insteadOf.*git@github.com:/ | ||||
|       ) | ||||
| @ -593,7 +593,7 @@ describe('git-auth-helper tests', () => { | ||||
|       expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch( | ||||
|         /unset-all.*insteadOf/ | ||||
|       ) | ||||
|       expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/) | ||||
|       // expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/) | ||||
|       expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/core\.sshCommand/) | ||||
|     } | ||||
|   ) | ||||
| @ -805,7 +805,6 @@ async function setup(testName: string): Promise<void> { | ||||
|     sparseCheckout: [], | ||||
|     sparseCheckoutConeMode: true, | ||||
|     fetchDepth: 1, | ||||
|     fetchTags: false, | ||||
|     lfs: false, | ||||
|     submodules: false, | ||||
|     nestedSubmodules: false, | ||||
|  | ||||
| @ -88,179 +88,3 @@ describe('git-auth-helper tests', () => { | ||||
|     expect(branches.sort()).toEqual(['foo'].sort()) | ||||
|   }) | ||||
| }) | ||||
|  | ||||
| describe('Test fetchDepth and fetchTags options', () => { | ||||
|   beforeEach(async () => { | ||||
|     jest.spyOn(fshelper, 'fileExistsSync').mockImplementation(jest.fn()) | ||||
|     jest.spyOn(fshelper, 'directoryExistsSync').mockImplementation(jest.fn()) | ||||
|     mockExec.mockImplementation((path, args, options) => { | ||||
|       console.log(args, options.listeners.stdout) | ||||
|  | ||||
|       if (args.includes('version')) { | ||||
|         options.listeners.stdout(Buffer.from('2.18')) | ||||
|       } | ||||
|  | ||||
|       return 0 | ||||
|     }) | ||||
|   }) | ||||
|  | ||||
|   afterEach(() => { | ||||
|     jest.restoreAllMocks() | ||||
|   }) | ||||
|  | ||||
|   it('should call execGit with the correct arguments when fetchDepth is 0 and fetchTags is true', async () => { | ||||
|     jest.spyOn(exec, 'exec').mockImplementation(mockExec) | ||||
|     const workingDirectory = 'test' | ||||
|     const lfs = false | ||||
|     const doSparseCheckout = false | ||||
|     git = await commandManager.createCommandManager( | ||||
|       workingDirectory, | ||||
|       lfs, | ||||
|       doSparseCheckout | ||||
|     ) | ||||
|  | ||||
|     const refSpec = ['refspec1', 'refspec2'] | ||||
|     const options = { | ||||
|       filter: 'filterValue', | ||||
|       fetchDepth: 0, | ||||
|       fetchTags: true | ||||
|     } | ||||
|  | ||||
|     await git.fetch(refSpec, options) | ||||
|  | ||||
|     expect(mockExec).toHaveBeenCalledWith( | ||||
|       expect.any(String), | ||||
|       [ | ||||
|         '-c', | ||||
|         'protocol.version=2', | ||||
|         'fetch', | ||||
|         '--prune', | ||||
|         '--progress', | ||||
|         '--no-recurse-submodules', | ||||
|         '--filter=filterValue', | ||||
|         'origin', | ||||
|         'refspec1', | ||||
|         'refspec2' | ||||
|       ], | ||||
|       expect.any(Object) | ||||
|     ) | ||||
|   }) | ||||
|  | ||||
|   it('should call execGit with the correct arguments when fetchDepth is 0 and fetchTags is false', async () => { | ||||
|     jest.spyOn(exec, 'exec').mockImplementation(mockExec) | ||||
|  | ||||
|     const workingDirectory = 'test' | ||||
|     const lfs = false | ||||
|     const doSparseCheckout = false | ||||
|     git = await commandManager.createCommandManager( | ||||
|       workingDirectory, | ||||
|       lfs, | ||||
|       doSparseCheckout | ||||
|     ) | ||||
|     const refSpec = ['refspec1', 'refspec2'] | ||||
|     const options = { | ||||
|       filter: 'filterValue', | ||||
|       fetchDepth: 0, | ||||
|       fetchTags: false | ||||
|     } | ||||
|  | ||||
|     await git.fetch(refSpec, options) | ||||
|  | ||||
|     expect(mockExec).toHaveBeenCalledWith( | ||||
|       expect.any(String), | ||||
|       [ | ||||
|         '-c', | ||||
|         'protocol.version=2', | ||||
|         'fetch', | ||||
|         '--no-tags', | ||||
|         '--prune', | ||||
|         '--progress', | ||||
|         '--no-recurse-submodules', | ||||
|         '--filter=filterValue', | ||||
|         'origin', | ||||
|         'refspec1', | ||||
|         'refspec2' | ||||
|       ], | ||||
|       expect.any(Object) | ||||
|     ) | ||||
|   }) | ||||
|  | ||||
|   it('should call execGit with the correct arguments when fetchDepth is 1 and fetchTags is false', async () => { | ||||
|     jest.spyOn(exec, 'exec').mockImplementation(mockExec) | ||||
|  | ||||
|     const workingDirectory = 'test' | ||||
|     const lfs = false | ||||
|     const doSparseCheckout = false | ||||
|     git = await commandManager.createCommandManager( | ||||
|       workingDirectory, | ||||
|       lfs, | ||||
|       doSparseCheckout | ||||
|     ) | ||||
|     const refSpec = ['refspec1', 'refspec2'] | ||||
|     const options = { | ||||
|       filter: 'filterValue', | ||||
|       fetchDepth: 1, | ||||
|       fetchTags: false | ||||
|     } | ||||
|  | ||||
|     await git.fetch(refSpec, options) | ||||
|  | ||||
|     expect(mockExec).toHaveBeenCalledWith( | ||||
|       expect.any(String), | ||||
|       [ | ||||
|         '-c', | ||||
|         'protocol.version=2', | ||||
|         'fetch', | ||||
|         '--no-tags', | ||||
|         '--prune', | ||||
|         '--progress', | ||||
|         '--no-recurse-submodules', | ||||
|         '--filter=filterValue', | ||||
|         '--depth=1', | ||||
|         'origin', | ||||
|         'refspec1', | ||||
|         'refspec2' | ||||
|       ], | ||||
|       expect.any(Object) | ||||
|     ) | ||||
|   }) | ||||
|  | ||||
|   it('should call execGit with the correct arguments when fetchDepth is 1 and fetchTags is true', async () => { | ||||
|     jest.spyOn(exec, 'exec').mockImplementation(mockExec) | ||||
|  | ||||
|     const workingDirectory = 'test' | ||||
|     const lfs = false | ||||
|     const doSparseCheckout = false | ||||
|     git = await commandManager.createCommandManager( | ||||
|       workingDirectory, | ||||
|       lfs, | ||||
|       doSparseCheckout | ||||
|     ) | ||||
|     const refSpec = ['refspec1', 'refspec2'] | ||||
|     const options = { | ||||
|       filter: 'filterValue', | ||||
|       fetchDepth: 1, | ||||
|       fetchTags: true | ||||
|     } | ||||
|  | ||||
|     await git.fetch(refSpec, options) | ||||
|  | ||||
|     expect(mockExec).toHaveBeenCalledWith( | ||||
|       expect.any(String), | ||||
|       [ | ||||
|         '-c', | ||||
|         'protocol.version=2', | ||||
|         'fetch', | ||||
|         '--prune', | ||||
|         '--progress', | ||||
|         '--no-recurse-submodules', | ||||
|         '--filter=filterValue', | ||||
|         '--depth=1', | ||||
|         'origin', | ||||
|         'refspec1', | ||||
|         'refspec2' | ||||
|       ], | ||||
|       expect.any(Object) | ||||
|     ) | ||||
|   }) | ||||
| }) | ||||
|  | ||||
| @ -82,7 +82,6 @@ describe('input-helper tests', () => { | ||||
|     expect(settings.sparseCheckout).toBe(undefined) | ||||
|     expect(settings.sparseCheckoutConeMode).toBe(true) | ||||
|     expect(settings.fetchDepth).toBe(1) | ||||
|     expect(settings.fetchTags).toBe(false) | ||||
|     expect(settings.lfs).toBe(false) | ||||
|     expect(settings.ref).toBe('refs/heads/some-ref') | ||||
|     expect(settings.repositoryName).toBe('some-repo') | ||||
|  | ||||
| @ -65,9 +65,6 @@ inputs: | ||||
|   fetch-depth: | ||||
|     description: 'Number of commits to fetch. 0 indicates all history for all branches and tags.' | ||||
|     default: 1 | ||||
|   fetch-tags: | ||||
|     description: 'Whether to fetch tags, even if fetch-depth > 0.' | ||||
|     default: false | ||||
|   lfs: | ||||
|     description: 'Whether to download Git-LFS files' | ||||
|     default: false | ||||
|  | ||||
							
								
								
									
										70
									
								
								dist/index.js
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										70
									
								
								dist/index.js
									
									
									
									
										vendored
									
									
								
							| @ -159,11 +159,11 @@ class GitAuthHelper { | ||||
|         this.sshKeyPath = ''; | ||||
|         this.sshKnownHostsPath = ''; | ||||
|         this.temporaryHomePath = ''; | ||||
|         this.gitConfigPath = ''; | ||||
|         this.git = gitCommandManager; | ||||
|         this.settings = gitSourceSettings || {}; | ||||
|         // Token auth header | ||||
|         const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl); | ||||
|         this.tokenConfigKey = `http.${serverUrl.origin}/.extraheader`; // "origin" is SCHEME://HOSTNAME[:PORT] | ||||
|         const basicCredential = Buffer.from(`x-access-token:${this.settings.authToken}`, 'utf8').toString('base64'); | ||||
|         core.setSecret(basicCredential); | ||||
|         this.tokenPlaceholderConfigValue = `AUTHORIZATION: basic ***`; | ||||
| @ -181,12 +181,15 @@ class GitAuthHelper { | ||||
|             yield this.removeAuth(); | ||||
|             // Configure new values | ||||
|             yield this.configureSsh(); | ||||
|             yield this.configureToken(); | ||||
|             yield this.configureCredentialsHelper(); | ||||
|         }); | ||||
|     } | ||||
|     configureTempGlobalConfig() { | ||||
|         var _a, _b; | ||||
|         return __awaiter(this, void 0, void 0, function* () { | ||||
|             if (!!this.gitConfigPath) { | ||||
|                 return this.gitConfigPath; | ||||
|             } | ||||
|             // Already setup global config | ||||
|             if (((_a = this.temporaryHomePath) === null || _a === void 0 ? void 0 : _a.length) > 0) { | ||||
|                 return path.join(this.temporaryHomePath, '.gitconfig'); | ||||
| @ -199,7 +202,7 @@ class GitAuthHelper { | ||||
|             yield fs.promises.mkdir(this.temporaryHomePath, { recursive: true }); | ||||
|             // Copy the global git config | ||||
|             const gitConfigPath = path.join(process.env['HOME'] || os.homedir(), '.gitconfig'); | ||||
|             const newGitConfigPath = path.join(this.temporaryHomePath, '.gitconfig'); | ||||
|             this.gitConfigPath = path.join(this.temporaryHomePath, '.gitconfig'); | ||||
|             let configExists = false; | ||||
|             try { | ||||
|                 yield fs.promises.stat(gitConfigPath); | ||||
| @ -211,16 +214,31 @@ class GitAuthHelper { | ||||
|                 } | ||||
|             } | ||||
|             if (configExists) { | ||||
|                 core.info(`Copying '${gitConfigPath}' to '${newGitConfigPath}'`); | ||||
|                 yield io.cp(gitConfigPath, newGitConfigPath); | ||||
|                 core.info(`Copying '${gitConfigPath}' to '${this.gitConfigPath}'`); | ||||
|                 yield io.cp(gitConfigPath, this.gitConfigPath); | ||||
|             } | ||||
|             else { | ||||
|                 yield fs.promises.writeFile(newGitConfigPath, ''); | ||||
|                 yield fs.promises.writeFile(this.gitConfigPath, ''); | ||||
|             } | ||||
|             // Override HOME | ||||
|             core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`); | ||||
|             this.git.setEnvironmentVariable('HOME', this.temporaryHomePath); | ||||
|             return newGitConfigPath; | ||||
|             return this.gitConfigPath; | ||||
|         }); | ||||
|     } | ||||
|     configureCredentialsHelper() { | ||||
|         return __awaiter(this, void 0, void 0, function* () { | ||||
|             if (this.settings.lfs) { | ||||
|                 core.info(`lfs disabled, skipping custom credentials helper`); | ||||
|                 return; | ||||
|             } | ||||
|             const newGitConfigPath = yield this.configureTempGlobalConfig(); | ||||
|             const credentialHelper = ` | ||||
|     [credential] | ||||
|       helper = "!f() { echo username=x-access-token; echo password=${this.tokenConfigValue}; };f" | ||||
|     `; | ||||
|             core.info(`Configuring git to use a custom credential helper for aut to handle git lfs`); | ||||
|             yield fs.promises.appendFile(newGitConfigPath, credentialHelper); | ||||
|         }); | ||||
|     } | ||||
|     configureGlobalAuth() { | ||||
| @ -229,7 +247,6 @@ class GitAuthHelper { | ||||
|             const newGitConfigPath = yield this.configureTempGlobalConfig(); | ||||
|             try { | ||||
|                 // Configure the token | ||||
|                 yield this.configureToken(newGitConfigPath, true); | ||||
|                 // Configure HTTPS instead of SSH | ||||
|                 yield this.git.tryConfigUnset(this.insteadOfKey, true); | ||||
|                 if (!this.settings.sshKey) { | ||||
| @ -241,7 +258,6 @@ class GitAuthHelper { | ||||
|             catch (err) { | ||||
|                 // Unset in case somehow written to the real global config | ||||
|                 core.info('Encountered an error when attempting to configure token. Attempting unconfigure.'); | ||||
|                 yield this.git.tryConfigUnset(this.tokenConfigKey, true); | ||||
|                 throw err; | ||||
|             } | ||||
|         }); | ||||
| @ -256,7 +272,7 @@ class GitAuthHelper { | ||||
|                 // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing | ||||
|                 const output = yield this.git.submoduleForeach( | ||||
|                 // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline | ||||
|                 `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules); | ||||
|                 `sh -c "git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules); | ||||
|                 // Replace the placeholder | ||||
|                 const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []; | ||||
|                 for (const configPath of configPaths) { | ||||
| @ -279,7 +295,6 @@ class GitAuthHelper { | ||||
|     removeAuth() { | ||||
|         return __awaiter(this, void 0, void 0, function* () { | ||||
|             yield this.removeSsh(); | ||||
|             yield this.removeToken(); | ||||
|         }); | ||||
|     } | ||||
|     removeGlobalConfig() { | ||||
| @ -349,22 +364,6 @@ class GitAuthHelper { | ||||
|             } | ||||
|         }); | ||||
|     } | ||||
|     configureToken(configPath, globalConfig) { | ||||
|         return __awaiter(this, void 0, void 0, function* () { | ||||
|             // Validate args | ||||
|             assert.ok((configPath && globalConfig) || (!configPath && !globalConfig), 'Unexpected configureToken parameter combinations'); | ||||
|             // Default config path | ||||
|             if (!configPath && !globalConfig) { | ||||
|                 configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config'); | ||||
|             } | ||||
|             // Configure a placeholder value. This approach avoids the credential being captured | ||||
|             // by process creation audit events, which are commonly logged. For more information, | ||||
|             // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing | ||||
|             yield this.git.config(this.tokenConfigKey, this.tokenPlaceholderConfigValue, globalConfig); | ||||
|             // Replace the placeholder | ||||
|             yield this.replaceTokenPlaceholder(configPath || ''); | ||||
|         }); | ||||
|     } | ||||
|     replaceTokenPlaceholder(configPath) { | ||||
|         return __awaiter(this, void 0, void 0, function* () { | ||||
|             assert.ok(configPath, 'configPath is not defined'); | ||||
| @ -407,12 +406,6 @@ class GitAuthHelper { | ||||
|             yield this.removeGitConfig(SSH_COMMAND_KEY); | ||||
|         }); | ||||
|     } | ||||
|     removeToken() { | ||||
|         return __awaiter(this, void 0, void 0, function* () { | ||||
|             // HTTP extra header | ||||
|             yield this.removeGitConfig(this.tokenConfigKey); | ||||
|         }); | ||||
|     } | ||||
|     removeGitConfig(configKey, submoduleOnly = false) { | ||||
|         return __awaiter(this, void 0, void 0, function* () { | ||||
|             if (!submoduleOnly) { | ||||
| @ -637,7 +630,7 @@ class GitCommandManager { | ||||
|     fetch(refSpec, options) { | ||||
|         return __awaiter(this, void 0, void 0, function* () { | ||||
|             const args = ['-c', 'protocol.version=2', 'fetch']; | ||||
|             if (!refSpec.some(x => x === refHelper.tagsRefSpec) && !options.fetchTags) { | ||||
|             if (!refSpec.some(x => x === refHelper.tagsRefSpec)) { | ||||
|                 args.push('--no-tags'); | ||||
|             } | ||||
|             args.push('--prune', '--progress', '--no-recurse-submodules'); | ||||
| @ -718,8 +711,8 @@ class GitCommandManager { | ||||
|     } | ||||
|     log1(format) { | ||||
|         return __awaiter(this, void 0, void 0, function* () { | ||||
|             const args = format ? ['log', '-1', format] : ['log', '-1']; | ||||
|             const silent = format ? false : true; | ||||
|             var args = format ? ['log', '-1', format] : ['log', '-1']; | ||||
|             var silent = format ? false : true; | ||||
|             const output = yield this.execGit(args, false, silent); | ||||
|             return output.stdout; | ||||
|         }); | ||||
| @ -1256,7 +1249,6 @@ function getSource(settings) { | ||||
|             } | ||||
|             else { | ||||
|                 fetchOptions.fetchDepth = settings.fetchDepth; | ||||
|                 fetchOptions.fetchTags = settings.fetchTags; | ||||
|                 const refSpec = refHelper.getRefSpec(settings.ref, settings.commit); | ||||
|                 yield git.fetch(refSpec, fetchOptions); | ||||
|             } | ||||
| @ -1735,10 +1727,6 @@ function getInputs() { | ||||
|             result.fetchDepth = 0; | ||||
|         } | ||||
|         core.debug(`fetch depth = ${result.fetchDepth}`); | ||||
|         // Fetch tags | ||||
|         result.fetchTags = | ||||
|             (core.getInput('fetch-tags') || 'false').toUpperCase() === 'TRUE'; | ||||
|         core.debug(`fetch tags = ${result.fetchTags}`); | ||||
|         // LFS | ||||
|         result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE'; | ||||
|         core.debug(`lfs = ${result.lfs}`); | ||||
|  | ||||
							
								
								
									
										4
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										4
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							| @ -1,12 +1,12 @@ | ||||
| { | ||||
|   "name": "checkout", | ||||
|   "version": "3.6.0", | ||||
|   "version": "3.5.3", | ||||
|   "lockfileVersion": 2, | ||||
|   "requires": true, | ||||
|   "packages": { | ||||
|     "": { | ||||
|       "name": "checkout", | ||||
|       "version": "3.6.0", | ||||
|       "version": "3.5.3", | ||||
|       "license": "MIT", | ||||
|       "dependencies": { | ||||
|         "@actions/core": "^1.10.0", | ||||
|  | ||||
| @ -1,6 +1,6 @@ | ||||
| { | ||||
|   "name": "checkout", | ||||
|   "version": "3.6.0", | ||||
|   "version": "3.5.3", | ||||
|   "description": "checkout action", | ||||
|   "main": "lib/main.js", | ||||
|   "scripts": { | ||||
| @ -52,4 +52,4 @@ | ||||
|     "ts-jest": "^27.0.7", | ||||
|     "typescript": "^4.4.4" | ||||
|   } | ||||
| } | ||||
| } | ||||
|  | ||||
| @ -20,6 +20,7 @@ export interface IGitAuthHelper { | ||||
|   configureGlobalAuth(): Promise<void> | ||||
|   configureSubmoduleAuth(): Promise<void> | ||||
|   configureTempGlobalConfig(): Promise<string> | ||||
|   configureCredentialsHelper(): Promise<void> | ||||
|   removeAuth(): Promise<void> | ||||
|   removeGlobalConfig(): Promise<void> | ||||
| } | ||||
| @ -34,7 +35,6 @@ export function createAuthHelper( | ||||
| class GitAuthHelper { | ||||
|   private readonly git: IGitCommandManager | ||||
|   private readonly settings: IGitSourceSettings | ||||
|   private readonly tokenConfigKey: string | ||||
|   private readonly tokenConfigValue: string | ||||
|   private readonly tokenPlaceholderConfigValue: string | ||||
|   private readonly insteadOfKey: string | ||||
| @ -43,6 +43,7 @@ class GitAuthHelper { | ||||
|   private sshKeyPath = '' | ||||
|   private sshKnownHostsPath = '' | ||||
|   private temporaryHomePath = '' | ||||
|   private gitConfigPath = '' | ||||
|  | ||||
|   constructor( | ||||
|     gitCommandManager: IGitCommandManager, | ||||
| @ -53,7 +54,6 @@ class GitAuthHelper { | ||||
|  | ||||
|     // Token auth header | ||||
|     const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl) | ||||
|     this.tokenConfigKey = `http.${serverUrl.origin}/.extraheader` // "origin" is SCHEME://HOSTNAME[:PORT] | ||||
|     const basicCredential = Buffer.from( | ||||
|       `x-access-token:${this.settings.authToken}`, | ||||
|       'utf8' | ||||
| @ -78,10 +78,13 @@ class GitAuthHelper { | ||||
|  | ||||
|     // Configure new values | ||||
|     await this.configureSsh() | ||||
|     await this.configureToken() | ||||
|     await this.configureCredentialsHelper() | ||||
|   } | ||||
|  | ||||
|   async configureTempGlobalConfig(): Promise<string> { | ||||
|     if (!!this.gitConfigPath) { | ||||
|       return this.gitConfigPath | ||||
|     } | ||||
|     // Already setup global config | ||||
|     if (this.temporaryHomePath?.length > 0) { | ||||
|       return path.join(this.temporaryHomePath, '.gitconfig') | ||||
| @ -98,7 +101,7 @@ class GitAuthHelper { | ||||
|       process.env['HOME'] || os.homedir(), | ||||
|       '.gitconfig' | ||||
|     ) | ||||
|     const newGitConfigPath = path.join(this.temporaryHomePath, '.gitconfig') | ||||
|     this.gitConfigPath = path.join(this.temporaryHomePath, '.gitconfig') | ||||
|     let configExists = false | ||||
|     try { | ||||
|       await fs.promises.stat(gitConfigPath) | ||||
| @ -109,10 +112,10 @@ class GitAuthHelper { | ||||
|       } | ||||
|     } | ||||
|     if (configExists) { | ||||
|       core.info(`Copying '${gitConfigPath}' to '${newGitConfigPath}'`) | ||||
|       await io.cp(gitConfigPath, newGitConfigPath) | ||||
|       core.info(`Copying '${gitConfigPath}' to '${this.gitConfigPath}'`) | ||||
|       await io.cp(gitConfigPath, this.gitConfigPath) | ||||
|     } else { | ||||
|       await fs.promises.writeFile(newGitConfigPath, '') | ||||
|       await fs.promises.writeFile(this.gitConfigPath, '') | ||||
|     } | ||||
|  | ||||
|     // Override HOME | ||||
| @ -121,7 +124,25 @@ class GitAuthHelper { | ||||
|     ) | ||||
|     this.git.setEnvironmentVariable('HOME', this.temporaryHomePath) | ||||
|  | ||||
|     return newGitConfigPath | ||||
|     return this.gitConfigPath | ||||
|   } | ||||
|  | ||||
|   async configureCredentialsHelper(): Promise<void> { | ||||
|     if (this.settings.lfs) { | ||||
|       core.info(`lfs disabled, skipping custom credentials helper`) | ||||
|       return | ||||
|     } | ||||
|     const newGitConfigPath = await this.configureTempGlobalConfig() | ||||
|  | ||||
|     const credentialHelper = ` | ||||
|     [credential] | ||||
|       helper = "!f() { echo username=x-access-token; echo password=${this.tokenConfigValue}; };f" | ||||
|     ` | ||||
|  | ||||
|     core.info( | ||||
|       `Configuring git to use a custom credential helper for aut to handle git lfs` | ||||
|     ) | ||||
|     await fs.promises.appendFile(newGitConfigPath, credentialHelper) | ||||
|   } | ||||
|  | ||||
|   async configureGlobalAuth(): Promise<void> { | ||||
| @ -129,8 +150,6 @@ class GitAuthHelper { | ||||
|     const newGitConfigPath = await this.configureTempGlobalConfig() | ||||
|     try { | ||||
|       // Configure the token | ||||
|       await this.configureToken(newGitConfigPath, true) | ||||
|  | ||||
|       // Configure HTTPS instead of SSH | ||||
|       await this.git.tryConfigUnset(this.insteadOfKey, true) | ||||
|       if (!this.settings.sshKey) { | ||||
| @ -143,7 +162,6 @@ class GitAuthHelper { | ||||
|       core.info( | ||||
|         'Encountered an error when attempting to configure token. Attempting unconfigure.' | ||||
|       ) | ||||
|       await this.git.tryConfigUnset(this.tokenConfigKey, true) | ||||
|       throw err | ||||
|     } | ||||
|   } | ||||
| @ -158,7 +176,7 @@ class GitAuthHelper { | ||||
|       // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing | ||||
|       const output = await this.git.submoduleForeach( | ||||
|         // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline | ||||
|         `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, | ||||
|         `sh -c "git config --local --show-origin --name-only --get-regexp remote.origin.url"`, | ||||
|         this.settings.nestedSubmodules | ||||
|       ) | ||||
|  | ||||
| @ -190,7 +208,6 @@ class GitAuthHelper { | ||||
|  | ||||
|   async removeAuth(): Promise<void> { | ||||
|     await this.removeSsh() | ||||
|     await this.removeToken() | ||||
|   } | ||||
|  | ||||
|   async removeGlobalConfig(): Promise<void> { | ||||
| @ -272,34 +289,6 @@ class GitAuthHelper { | ||||
|     } | ||||
|   } | ||||
|  | ||||
|   private async configureToken( | ||||
|     configPath?: string, | ||||
|     globalConfig?: boolean | ||||
|   ): Promise<void> { | ||||
|     // Validate args | ||||
|     assert.ok( | ||||
|       (configPath && globalConfig) || (!configPath && !globalConfig), | ||||
|       'Unexpected configureToken parameter combinations' | ||||
|     ) | ||||
|  | ||||
|     // Default config path | ||||
|     if (!configPath && !globalConfig) { | ||||
|       configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config') | ||||
|     } | ||||
|  | ||||
|     // Configure a placeholder value. This approach avoids the credential being captured | ||||
|     // by process creation audit events, which are commonly logged. For more information, | ||||
|     // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing | ||||
|     await this.git.config( | ||||
|       this.tokenConfigKey, | ||||
|       this.tokenPlaceholderConfigValue, | ||||
|       globalConfig | ||||
|     ) | ||||
|  | ||||
|     // Replace the placeholder | ||||
|     await this.replaceTokenPlaceholder(configPath || '') | ||||
|   } | ||||
|  | ||||
|   private async replaceTokenPlaceholder(configPath: string): Promise<void> { | ||||
|     assert.ok(configPath, 'configPath is not defined') | ||||
|     let content = (await fs.promises.readFile(configPath)).toString() | ||||
| @ -345,11 +334,6 @@ class GitAuthHelper { | ||||
|     await this.removeGitConfig(SSH_COMMAND_KEY) | ||||
|   } | ||||
|  | ||||
|   private async removeToken(): Promise<void> { | ||||
|     // HTTP extra header | ||||
|     await this.removeGitConfig(this.tokenConfigKey) | ||||
|   } | ||||
|  | ||||
|   private async removeGitConfig( | ||||
|     configKey: string, | ||||
|     submoduleOnly: boolean = false | ||||
|  | ||||
| @ -33,7 +33,6 @@ export interface IGitCommandManager { | ||||
|     options: { | ||||
|       filter?: string | ||||
|       fetchDepth?: number | ||||
|       fetchTags?: boolean | ||||
|     } | ||||
|   ): Promise<void> | ||||
|   getDefaultBranch(repositoryUrl: string): Promise<string> | ||||
| @ -241,10 +240,10 @@ class GitCommandManager { | ||||
|  | ||||
|   async fetch( | ||||
|     refSpec: string[], | ||||
|     options: {filter?: string; fetchDepth?: number; fetchTags?: boolean} | ||||
|     options: {filter?: string; fetchDepth?: number} | ||||
|   ): Promise<void> { | ||||
|     const args = ['-c', 'protocol.version=2', 'fetch'] | ||||
|     if (!refSpec.some(x => x === refHelper.tagsRefSpec) && !options.fetchTags) { | ||||
|     if (!refSpec.some(x => x === refHelper.tagsRefSpec)) { | ||||
|       args.push('--no-tags') | ||||
|     } | ||||
|  | ||||
| @ -334,8 +333,8 @@ class GitCommandManager { | ||||
|   } | ||||
|  | ||||
|   async log1(format?: string): Promise<string> { | ||||
|     const args = format ? ['log', '-1', format] : ['log', '-1'] | ||||
|     const silent = format ? false : true | ||||
|     var args = format ? ['log', '-1', format] : ['log', '-1'] | ||||
|     var silent = format ? false : true | ||||
|     const output = await this.execGit(args, false, silent) | ||||
|     return output.stdout | ||||
|   } | ||||
|  | ||||
| @ -153,11 +153,7 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> { | ||||
|  | ||||
|     // Fetch | ||||
|     core.startGroup('Fetching the repository') | ||||
|     const fetchOptions: { | ||||
|       filter?: string | ||||
|       fetchDepth?: number | ||||
|       fetchTags?: boolean | ||||
|     } = {} | ||||
|     const fetchOptions: {filter?: string; fetchDepth?: number} = {} | ||||
|     if (settings.sparseCheckout) fetchOptions.filter = 'blob:none' | ||||
|     if (settings.fetchDepth <= 0) { | ||||
|       // Fetch all branches and tags | ||||
| @ -175,7 +171,6 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> { | ||||
|       } | ||||
|     } else { | ||||
|       fetchOptions.fetchDepth = settings.fetchDepth | ||||
|       fetchOptions.fetchTags = settings.fetchTags | ||||
|       const refSpec = refHelper.getRefSpec(settings.ref, settings.commit) | ||||
|       await git.fetch(refSpec, fetchOptions) | ||||
|     } | ||||
|  | ||||
| @ -44,11 +44,6 @@ export interface IGitSourceSettings { | ||||
|    */ | ||||
|   fetchDepth: number | ||||
|  | ||||
|   /** | ||||
|    * Fetch tags, even if fetchDepth > 0 (default: false) | ||||
|    */ | ||||
|   fetchTags: boolean | ||||
|  | ||||
|   /** | ||||
|    * Indicates whether to fetch LFS objects | ||||
|    */ | ||||
|  | ||||
| @ -100,11 +100,6 @@ export async function getInputs(): Promise<IGitSourceSettings> { | ||||
|   } | ||||
|   core.debug(`fetch depth = ${result.fetchDepth}`) | ||||
|  | ||||
|   // Fetch tags | ||||
|   result.fetchTags = | ||||
|     (core.getInput('fetch-tags') || 'false').toUpperCase() === 'TRUE' | ||||
|   core.debug(`fetch tags = ${result.fetchTags}`) | ||||
|  | ||||
|   // LFS | ||||
|   result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE' | ||||
|   core.debug(`lfs = ${result.lfs}`) | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	