convert SSH URL to HTTPS (#179)
This commit is contained in:
parent
b4626ce19c
commit
80602fafba
3 changed files with 43 additions and 19 deletions
30
.github/workflows/test.yml
vendored
30
.github/workflows/test.yml
vendored
|
@ -35,7 +35,7 @@ jobs:
|
|||
uses: actions/checkout@v2
|
||||
|
||||
# Basic checkout
|
||||
- name: Basic checkout
|
||||
- name: Checkout basic
|
||||
uses: ./
|
||||
with:
|
||||
ref: test-data/v2/basic
|
||||
|
@ -48,7 +48,7 @@ jobs:
|
|||
- name: Modify work tree
|
||||
shell: bash
|
||||
run: __test__/modify-work-tree.sh
|
||||
- name: Clean checkout
|
||||
- name: Checkout clean
|
||||
uses: ./
|
||||
with:
|
||||
ref: test-data/v2/basic
|
||||
|
@ -58,12 +58,12 @@ jobs:
|
|||
run: __test__/verify-clean.sh
|
||||
|
||||
# Side by side
|
||||
- name: Side by side checkout 1
|
||||
- name: Checkout side by side 1
|
||||
uses: ./
|
||||
with:
|
||||
ref: test-data/v2/side-by-side-1
|
||||
path: side-by-side-1
|
||||
- name: Side by side checkout 2
|
||||
- name: Checkout side by side 2
|
||||
uses: ./
|
||||
with:
|
||||
ref: test-data/v2/side-by-side-2
|
||||
|
@ -73,7 +73,7 @@ jobs:
|
|||
run: __test__/verify-side-by-side.sh
|
||||
|
||||
# LFS
|
||||
- name: LFS checkout
|
||||
- name: Checkout LFS
|
||||
uses: ./
|
||||
with:
|
||||
repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
|
||||
|
@ -85,29 +85,29 @@ jobs:
|
|||
run: __test__/verify-lfs.sh
|
||||
|
||||
# Submodules false
|
||||
- name: Submodules false checkout
|
||||
- name: Checkout submodules false
|
||||
uses: ./
|
||||
with:
|
||||
ref: test-data/v2/submodule
|
||||
ref: test-data/v2/submodule-ssh-url
|
||||
path: submodules-false
|
||||
- name: Verify submodules false
|
||||
run: __test__/verify-submodules-false.sh
|
||||
|
||||
# Submodules one level
|
||||
- name: Submodules true checkout
|
||||
- name: Checkout submodules true
|
||||
uses: ./
|
||||
with:
|
||||
ref: test-data/v2/submodule
|
||||
ref: test-data/v2/submodule-ssh-url
|
||||
path: submodules-true
|
||||
submodules: true
|
||||
- name: Verify submodules true
|
||||
run: __test__/verify-submodules-true.sh
|
||||
|
||||
# Submodules recursive
|
||||
- name: Submodules recursive checkout
|
||||
- name: Checkout submodules recursive
|
||||
uses: ./
|
||||
with:
|
||||
ref: test-data/v2/submodule
|
||||
ref: test-data/v2/submodule-ssh-url
|
||||
path: submodules-recursive
|
||||
submodules: recursive
|
||||
- name: Verify submodules recursive
|
||||
|
@ -127,7 +127,7 @@ jobs:
|
|||
- name: Override git version (Windows)
|
||||
if: runner.os == 'windows'
|
||||
run: __test__\\override-git-version.cmd
|
||||
- name: Basic checkout using REST API
|
||||
- name: Checkout basic using REST API
|
||||
uses: ./
|
||||
with:
|
||||
ref: test-data/v2/basic
|
||||
|
@ -153,7 +153,7 @@ jobs:
|
|||
uses: actions/checkout@v2
|
||||
|
||||
# Basic checkout using git
|
||||
- name: Basic checkout
|
||||
- name: Checkout basic
|
||||
uses: ./
|
||||
with:
|
||||
ref: test-data/v2/basic
|
||||
|
@ -185,7 +185,7 @@ jobs:
|
|||
uses: actions/checkout@v2
|
||||
|
||||
# Basic checkout using git
|
||||
- name: Basic checkout
|
||||
- name: Checkout basic
|
||||
uses: ./
|
||||
with:
|
||||
ref: test-data/v2/basic
|
||||
|
@ -198,7 +198,7 @@ jobs:
|
|||
# Basic checkout using REST API
|
||||
- name: Override git version
|
||||
run: __test__/override-git-version.sh
|
||||
- name: Basic checkout using REST API
|
||||
- name: Checkout basic using REST API
|
||||
uses: ./
|
||||
with:
|
||||
ref: test-data/v2/basic
|
||||
|
|
15
dist/index.js
vendored
15
dist/index.js
vendored
|
@ -5095,6 +5095,8 @@ exports.createAuthHelper = createAuthHelper;
|
|||
class GitAuthHelper {
|
||||
constructor(gitCommandManager, gitSourceSettings) {
|
||||
this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`;
|
||||
this.insteadOfKey = `url.https://${HOSTNAME}/.insteadOf`;
|
||||
this.insteadOfValue = `git@${HOSTNAME}:`;
|
||||
this.temporaryHomePath = '';
|
||||
this.git = gitCommandManager;
|
||||
this.settings = gitSourceSettings || {};
|
||||
|
@ -5140,11 +5142,15 @@ class GitAuthHelper {
|
|||
else {
|
||||
yield fs.promises.writeFile(newGitConfigPath, '');
|
||||
}
|
||||
// Configure the token
|
||||
try {
|
||||
// Override HOME
|
||||
core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
|
||||
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
|
||||
// Configure the token
|
||||
yield this.configureToken(newGitConfigPath, true);
|
||||
// Configure HTTPS instead of SSH
|
||||
yield this.git.tryConfigUnset(this.insteadOfKey, true);
|
||||
yield this.git.config(this.insteadOfKey, this.insteadOfValue, true);
|
||||
}
|
||||
catch (err) {
|
||||
// Unset in case somehow written to the real global config
|
||||
|
@ -5160,7 +5166,12 @@ class GitAuthHelper {
|
|||
// Configure a placeholder value. This approach avoids the credential being captured
|
||||
// by process creation audit events, which are commonly logged. For more information,
|
||||
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
||||
const output = yield this.git.submoduleForeach(`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules);
|
||||
const commands = [
|
||||
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
|
||||
`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
|
||||
`git config --local --show-origin --name-only --get-regexp remote.origin.url`
|
||||
];
|
||||
const output = yield this.git.submoduleForeach(commands.join(' && '), this.settings.nestedSubmodules);
|
||||
// Replace the placeholder
|
||||
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
|
||||
for (const configPath of configPaths) {
|
||||
|
|
|
@ -34,6 +34,8 @@ class GitAuthHelper {
|
|||
private readonly settings: IGitSourceSettings
|
||||
private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader`
|
||||
private readonly tokenPlaceholderConfigValue: string
|
||||
private readonly insteadOfKey: string = `url.https://${HOSTNAME}/.insteadOf`
|
||||
private readonly insteadOfValue: string = `git@${HOSTNAME}:`
|
||||
private temporaryHomePath = ''
|
||||
private tokenConfigValue: string
|
||||
|
||||
|
@ -92,13 +94,19 @@ class GitAuthHelper {
|
|||
await fs.promises.writeFile(newGitConfigPath, '')
|
||||
}
|
||||
|
||||
// Configure the token
|
||||
try {
|
||||
// Override HOME
|
||||
core.info(
|
||||
`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
|
||||
)
|
||||
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
|
||||
|
||||
// Configure the token
|
||||
await this.configureToken(newGitConfigPath, true)
|
||||
|
||||
// Configure HTTPS instead of SSH
|
||||
await this.git.tryConfigUnset(this.insteadOfKey, true)
|
||||
await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
|
||||
} catch (err) {
|
||||
// Unset in case somehow written to the real global config
|
||||
core.info(
|
||||
|
@ -114,8 +122,13 @@ class GitAuthHelper {
|
|||
// Configure a placeholder value. This approach avoids the credential being captured
|
||||
// by process creation audit events, which are commonly logged. For more information,
|
||||
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
||||
const commands = [
|
||||
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
|
||||
`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
|
||||
`git config --local --show-origin --name-only --get-regexp remote.origin.url`
|
||||
]
|
||||
const output = await this.git.submoduleForeach(
|
||||
`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
|
||||
commands.join(' && '),
|
||||
this.settings.nestedSubmodules
|
||||
)
|
||||
|
||||
|
|
Loading…
Reference in a new issue