mirror of
				https://github.com/actions/checkout.git
				synced 2025-10-25 03:49:20 +00:00 
			
		
		
		
	convert SSH URL to HTTPS (#179)
This commit is contained in:
		
							
								
								
									
										30
									
								
								.github/workflows/test.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										30
									
								
								.github/workflows/test.yml
									
									
									
									
										vendored
									
									
								
							| @ -35,7 +35,7 @@ jobs: | |||||||
|         uses: actions/checkout@v2 |         uses: actions/checkout@v2 | ||||||
|  |  | ||||||
|       # Basic checkout |       # Basic checkout | ||||||
|       - name: Basic checkout |       - name: Checkout basic | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           ref: test-data/v2/basic |           ref: test-data/v2/basic | ||||||
| @ -48,7 +48,7 @@ jobs: | |||||||
|       - name: Modify work tree |       - name: Modify work tree | ||||||
|         shell: bash |         shell: bash | ||||||
|         run: __test__/modify-work-tree.sh |         run: __test__/modify-work-tree.sh | ||||||
|       - name: Clean checkout |       - name: Checkout clean | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           ref: test-data/v2/basic |           ref: test-data/v2/basic | ||||||
| @ -58,12 +58,12 @@ jobs: | |||||||
|         run: __test__/verify-clean.sh |         run: __test__/verify-clean.sh | ||||||
|  |  | ||||||
|       # Side by side |       # Side by side | ||||||
|       - name: Side by side checkout 1 |       - name: Checkout side by side 1 | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           ref: test-data/v2/side-by-side-1 |           ref: test-data/v2/side-by-side-1 | ||||||
|           path: side-by-side-1 |           path: side-by-side-1 | ||||||
|       - name: Side by side checkout 2 |       - name: Checkout side by side 2 | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           ref: test-data/v2/side-by-side-2 |           ref: test-data/v2/side-by-side-2 | ||||||
| @ -73,7 +73,7 @@ jobs: | |||||||
|         run: __test__/verify-side-by-side.sh |         run: __test__/verify-side-by-side.sh | ||||||
|  |  | ||||||
|       # LFS |       # LFS | ||||||
|       - name: LFS checkout |       - name: Checkout LFS | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           repository: actions/checkout # hardcoded, otherwise doesn't work from a fork |           repository: actions/checkout # hardcoded, otherwise doesn't work from a fork | ||||||
| @ -85,29 +85,29 @@ jobs: | |||||||
|         run: __test__/verify-lfs.sh |         run: __test__/verify-lfs.sh | ||||||
|  |  | ||||||
|       # Submodules false |       # Submodules false | ||||||
|       - name: Submodules false checkout |       - name: Checkout submodules false | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           ref: test-data/v2/submodule |           ref: test-data/v2/submodule-ssh-url | ||||||
|           path: submodules-false |           path: submodules-false | ||||||
|       - name: Verify submodules false |       - name: Verify submodules false | ||||||
|         run: __test__/verify-submodules-false.sh |         run: __test__/verify-submodules-false.sh | ||||||
|  |  | ||||||
|       # Submodules one level |       # Submodules one level | ||||||
|       - name: Submodules true checkout |       - name: Checkout submodules true | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           ref: test-data/v2/submodule |           ref: test-data/v2/submodule-ssh-url | ||||||
|           path: submodules-true |           path: submodules-true | ||||||
|           submodules: true |           submodules: true | ||||||
|       - name: Verify submodules true |       - name: Verify submodules true | ||||||
|         run: __test__/verify-submodules-true.sh |         run: __test__/verify-submodules-true.sh | ||||||
|  |  | ||||||
|       # Submodules recursive |       # Submodules recursive | ||||||
|       - name: Submodules recursive checkout |       - name: Checkout submodules recursive | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           ref: test-data/v2/submodule |           ref: test-data/v2/submodule-ssh-url | ||||||
|           path: submodules-recursive |           path: submodules-recursive | ||||||
|           submodules: recursive |           submodules: recursive | ||||||
|       - name: Verify submodules recursive |       - name: Verify submodules recursive | ||||||
| @ -127,7 +127,7 @@ jobs: | |||||||
|       - name: Override git version (Windows) |       - name: Override git version (Windows) | ||||||
|         if: runner.os == 'windows' |         if: runner.os == 'windows' | ||||||
|         run: __test__\\override-git-version.cmd |         run: __test__\\override-git-version.cmd | ||||||
|       - name: Basic checkout using REST API |       - name: Checkout basic using REST API | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           ref: test-data/v2/basic |           ref: test-data/v2/basic | ||||||
| @ -153,7 +153,7 @@ jobs: | |||||||
|         uses: actions/checkout@v2 |         uses: actions/checkout@v2 | ||||||
|  |  | ||||||
|       # Basic checkout using git |       # Basic checkout using git | ||||||
|       - name: Basic checkout |       - name: Checkout basic | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           ref: test-data/v2/basic |           ref: test-data/v2/basic | ||||||
| @ -185,7 +185,7 @@ jobs: | |||||||
|         uses: actions/checkout@v2 |         uses: actions/checkout@v2 | ||||||
|  |  | ||||||
|       # Basic checkout using git |       # Basic checkout using git | ||||||
|       - name: Basic checkout |       - name: Checkout basic | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           ref: test-data/v2/basic |           ref: test-data/v2/basic | ||||||
| @ -198,7 +198,7 @@ jobs: | |||||||
|       # Basic checkout using REST API |       # Basic checkout using REST API | ||||||
|       - name: Override git version |       - name: Override git version | ||||||
|         run: __test__/override-git-version.sh |         run: __test__/override-git-version.sh | ||||||
|       - name: Basic checkout using REST API |       - name: Checkout basic using REST API | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           ref: test-data/v2/basic |           ref: test-data/v2/basic | ||||||
|  | |||||||
							
								
								
									
										15
									
								
								dist/index.js
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										15
									
								
								dist/index.js
									
									
									
									
										vendored
									
									
								
							| @ -5095,6 +5095,8 @@ exports.createAuthHelper = createAuthHelper; | |||||||
| class GitAuthHelper { | class GitAuthHelper { | ||||||
|     constructor(gitCommandManager, gitSourceSettings) { |     constructor(gitCommandManager, gitSourceSettings) { | ||||||
|         this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`; |         this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`; | ||||||
|  |         this.insteadOfKey = `url.https://${HOSTNAME}/.insteadOf`; | ||||||
|  |         this.insteadOfValue = `git@${HOSTNAME}:`; | ||||||
|         this.temporaryHomePath = ''; |         this.temporaryHomePath = ''; | ||||||
|         this.git = gitCommandManager; |         this.git = gitCommandManager; | ||||||
|         this.settings = gitSourceSettings || {}; |         this.settings = gitSourceSettings || {}; | ||||||
| @ -5140,11 +5142,15 @@ class GitAuthHelper { | |||||||
|             else { |             else { | ||||||
|                 yield fs.promises.writeFile(newGitConfigPath, ''); |                 yield fs.promises.writeFile(newGitConfigPath, ''); | ||||||
|             } |             } | ||||||
|             // Configure the token |  | ||||||
|             try { |             try { | ||||||
|  |                 // Override HOME | ||||||
|                 core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`); |                 core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`); | ||||||
|                 this.git.setEnvironmentVariable('HOME', this.temporaryHomePath); |                 this.git.setEnvironmentVariable('HOME', this.temporaryHomePath); | ||||||
|  |                 // Configure the token | ||||||
|                 yield this.configureToken(newGitConfigPath, true); |                 yield this.configureToken(newGitConfigPath, true); | ||||||
|  |                 // Configure HTTPS instead of SSH | ||||||
|  |                 yield this.git.tryConfigUnset(this.insteadOfKey, true); | ||||||
|  |                 yield this.git.config(this.insteadOfKey, this.insteadOfValue, true); | ||||||
|             } |             } | ||||||
|             catch (err) { |             catch (err) { | ||||||
|                 // Unset in case somehow written to the real global config |                 // Unset in case somehow written to the real global config | ||||||
| @ -5160,7 +5166,12 @@ class GitAuthHelper { | |||||||
|                 // Configure a placeholder value. This approach avoids the credential being captured |                 // Configure a placeholder value. This approach avoids the credential being captured | ||||||
|                 // by process creation audit events, which are commonly logged. For more information, |                 // by process creation audit events, which are commonly logged. For more information, | ||||||
|                 // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing |                 // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing | ||||||
|                 const output = yield this.git.submoduleForeach(`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules); |                 const commands = [ | ||||||
|  |                     `git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`, | ||||||
|  |                     `git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`, | ||||||
|  |                     `git config --local --show-origin --name-only --get-regexp remote.origin.url` | ||||||
|  |                 ]; | ||||||
|  |                 const output = yield this.git.submoduleForeach(commands.join(' && '), this.settings.nestedSubmodules); | ||||||
|                 // Replace the placeholder |                 // Replace the placeholder | ||||||
|                 const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []; |                 const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []; | ||||||
|                 for (const configPath of configPaths) { |                 for (const configPath of configPaths) { | ||||||
|  | |||||||
| @ -34,6 +34,8 @@ class GitAuthHelper { | |||||||
|   private readonly settings: IGitSourceSettings |   private readonly settings: IGitSourceSettings | ||||||
|   private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader` |   private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader` | ||||||
|   private readonly tokenPlaceholderConfigValue: string |   private readonly tokenPlaceholderConfigValue: string | ||||||
|  |   private readonly insteadOfKey: string = `url.https://${HOSTNAME}/.insteadOf` | ||||||
|  |   private readonly insteadOfValue: string = `git@${HOSTNAME}:` | ||||||
|   private temporaryHomePath = '' |   private temporaryHomePath = '' | ||||||
|   private tokenConfigValue: string |   private tokenConfigValue: string | ||||||
|  |  | ||||||
| @ -92,13 +94,19 @@ class GitAuthHelper { | |||||||
|       await fs.promises.writeFile(newGitConfigPath, '') |       await fs.promises.writeFile(newGitConfigPath, '') | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     // Configure the token |  | ||||||
|     try { |     try { | ||||||
|  |       // Override HOME | ||||||
|       core.info( |       core.info( | ||||||
|         `Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes` |         `Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes` | ||||||
|       ) |       ) | ||||||
|       this.git.setEnvironmentVariable('HOME', this.temporaryHomePath) |       this.git.setEnvironmentVariable('HOME', this.temporaryHomePath) | ||||||
|  |  | ||||||
|  |       // Configure the token | ||||||
|       await this.configureToken(newGitConfigPath, true) |       await this.configureToken(newGitConfigPath, true) | ||||||
|  |  | ||||||
|  |       // Configure HTTPS instead of SSH | ||||||
|  |       await this.git.tryConfigUnset(this.insteadOfKey, true) | ||||||
|  |       await this.git.config(this.insteadOfKey, this.insteadOfValue, true) | ||||||
|     } catch (err) { |     } catch (err) { | ||||||
|       // Unset in case somehow written to the real global config |       // Unset in case somehow written to the real global config | ||||||
|       core.info( |       core.info( | ||||||
| @ -114,8 +122,13 @@ class GitAuthHelper { | |||||||
|       // Configure a placeholder value. This approach avoids the credential being captured |       // Configure a placeholder value. This approach avoids the credential being captured | ||||||
|       // by process creation audit events, which are commonly logged. For more information, |       // by process creation audit events, which are commonly logged. For more information, | ||||||
|       // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing |       // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing | ||||||
|  |       const commands = [ | ||||||
|  |         `git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`, | ||||||
|  |         `git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`, | ||||||
|  |         `git config --local --show-origin --name-only --get-regexp remote.origin.url` | ||||||
|  |       ] | ||||||
|       const output = await this.git.submoduleForeach( |       const output = await this.git.submoduleForeach( | ||||||
|         `git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`, |         commands.join(' && '), | ||||||
|         this.settings.nestedSubmodules |         this.settings.nestedSubmodules | ||||||
|       ) |       ) | ||||||
|  |  | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user
	 eric sciple
					eric sciple