add global config option

pull/168/head
Jonathan Grimes 2020-02-28 10:40:17 -06:00
parent 096e927750
commit 72b08f7601
No known key found for this signature in database
GPG Key ID: 103F2E43AA0E4DF8
6 changed files with 89 additions and 36 deletions

View File

@ -56,6 +56,10 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
# Default: true
persist-credentials: ''
# Whether to use --local or --global scope when persisting the token.
# Default: false
global-credentials: ''
# Relative path under $GITHUB_WORKSPACE to place the repository
path: ''

View File

@ -19,6 +19,9 @@ inputs:
persist-credentials:
description: 'Whether to persist the token in the git config'
default: true
global-credentials:
description: 'Whether to use --local or --global scope when persisting the token.'
default: false
path:
description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
clean:

45
dist/index.js vendored
View File

@ -3169,7 +3169,7 @@ module.exports = require("https");
/***/ 215:
/***/ (function(module) {
module.exports = {"name":"@octokit/rest","version":"16.38.1","publishConfig":{"access":"public"},"description":"GitHub REST API client for Node.js","keywords":["octokit","github","rest","api-client"],"author":"Gregor Martynus (https://github.com/gr2m)","contributors":[{"name":"Mike de Boer","email":"info@mikedeboer.nl"},{"name":"Fabian Jakobs","email":"fabian@c9.io"},{"name":"Joe Gallo","email":"joe@brassafrax.com"},{"name":"Gregor Martynus","url":"https://github.com/gr2m"}],"repository":"https://github.com/octokit/rest.js","dependencies":{"@octokit/auth-token":"^2.4.0","@octokit/request":"^5.2.0","@octokit/request-error":"^1.0.2","atob-lite":"^2.0.0","before-after-hook":"^2.0.0","btoa-lite":"^1.0.0","deprecation":"^2.0.0","lodash.get":"^4.4.2","lodash.set":"^4.3.2","lodash.uniq":"^4.5.0","octokit-pagination-methods":"^1.1.0","once":"^1.4.0","universal-user-agent":"^4.0.0"},"devDependencies":{"@gimenete/type-writer":"^0.1.3","@octokit/auth":"^1.1.1","@octokit/fixtures-server":"^5.0.6","@octokit/graphql":"^4.2.0","@types/node":"^13.1.0","bundlesize":"^0.18.0","chai":"^4.1.2","compression-webpack-plugin":"^3.1.0","cypress":"^3.0.0","glob":"^7.1.2","http-proxy-agent":"^3.0.0","lodash.camelcase":"^4.3.0","lodash.merge":"^4.6.1","lodash.upperfirst":"^4.3.1","mkdirp":"^0.5.1","mocha":"^6.0.0","mustache":"^4.0.0","nock":"^11.3.3","npm-run-all":"^4.1.2","nyc":"^15.0.0","prettier":"^1.14.2","proxy":"^1.0.0","semantic-release":"^16.0.0","sinon":"^8.0.0","sinon-chai":"^3.0.0","sort-keys":"^4.0.0","string-to-arraybuffer":"^1.0.0","string-to-jsdoc-comment":"^1.0.0","typescript":"^3.3.1","webpack":"^4.0.0","webpack-bundle-analyzer":"^3.0.0","webpack-cli":"^3.0.0"},"types":"index.d.ts","scripts":{"coverage":"nyc report --reporter=html && open coverage/index.html","lint":"prettier --check '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json","lint:fix":"prettier --write '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json","pretest":"npm run -s lint","test":"nyc mocha test/mocha-node-setup.js \"test/*/**/*-test.js\"","test:browser":"cypress run --browser chrome","build":"npm-run-all build:*","build:ts":"npm run -s update-endpoints:typescript","prebuild:browser":"mkdirp dist/","build:browser":"npm-run-all build:browser:*","build:browser:development":"webpack --mode development --entry . --output-library=Octokit --output=./dist/octokit-rest.js --profile --json > dist/bundle-stats.json","build:browser:production":"webpack --mode production --entry . --plugin=compression-webpack-plugin --output-library=Octokit --output-path=./dist --output-filename=octokit-rest.min.js --devtool source-map","generate-bundle-report":"webpack-bundle-analyzer dist/bundle-stats.json --mode=static --no-open --report dist/bundle-report.html","update-endpoints":"npm-run-all update-endpoints:*","update-endpoints:fetch-json":"node scripts/update-endpoints/fetch-json","update-endpoints:code":"node scripts/update-endpoints/code","update-endpoints:typescript":"node scripts/update-endpoints/typescript","prevalidate:ts":"npm run -s build:ts","validate:ts":"tsc --target es6 --noImplicitAny index.d.ts","postvalidate:ts":"tsc --noEmit --target es6 test/typescript-validate.ts","start-fixtures-server":"octokit-fixtures-server"},"license":"MIT","files":["index.js","index.d.ts","lib","plugins"],"nyc":{"ignore":["test"]},"release":{"publish":["@semantic-release/npm",{"path":"@semantic-release/github","assets":["dist/*","!dist/*.map.gz"]}]},"bundlesize":[{"path":"./dist/octokit-rest.min.js.gz","maxSize":"33 kB"}],"_resolved":"https://registry.npmjs.org/@octokit/rest/-/rest-16.38.1.tgz","_integrity":"sha512-zyNFx+/Bd1EXt7LQjfrc6H4wryBQ/oDuZeZhGMBSFr1eMPFDmpEweFQR3R25zjKwBQpDY7L5GQO6A3XSaOfV1w==","_from":"@octokit/rest@16.38.1"};
module.exports = {"_args":[["@octokit/rest@16.38.1","/Users/jgrimes/Workspace/tools/checkout"]],"_from":"@octokit/rest@16.38.1","_id":"@octokit/rest@16.38.1","_inBundle":false,"_integrity":"sha512-zyNFx+/Bd1EXt7LQjfrc6H4wryBQ/oDuZeZhGMBSFr1eMPFDmpEweFQR3R25zjKwBQpDY7L5GQO6A3XSaOfV1w==","_location":"/@octokit/rest","_phantomChildren":{},"_requested":{"type":"version","registry":true,"raw":"@octokit/rest@16.38.1","name":"@octokit/rest","escapedName":"@octokit%2frest","scope":"@octokit","rawSpec":"16.38.1","saveSpec":null,"fetchSpec":"16.38.1"},"_requiredBy":["/@actions/github"],"_resolved":"https://registry.npmjs.org/@octokit/rest/-/rest-16.38.1.tgz","_spec":"16.38.1","_where":"/Users/jgrimes/Workspace/tools/checkout","author":{"name":"Gregor Martynus","url":"https://github.com/gr2m"},"bugs":{"url":"https://github.com/octokit/rest.js/issues"},"bundlesize":[{"path":"./dist/octokit-rest.min.js.gz","maxSize":"33 kB"}],"contributors":[{"name":"Mike de Boer","email":"info@mikedeboer.nl"},{"name":"Fabian Jakobs","email":"fabian@c9.io"},{"name":"Joe Gallo","email":"joe@brassafrax.com"},{"name":"Gregor Martynus","url":"https://github.com/gr2m"}],"dependencies":{"@octokit/auth-token":"^2.4.0","@octokit/request":"^5.2.0","@octokit/request-error":"^1.0.2","atob-lite":"^2.0.0","before-after-hook":"^2.0.0","btoa-lite":"^1.0.0","deprecation":"^2.0.0","lodash.get":"^4.4.2","lodash.set":"^4.3.2","lodash.uniq":"^4.5.0","octokit-pagination-methods":"^1.1.0","once":"^1.4.0","universal-user-agent":"^4.0.0"},"description":"GitHub REST API client for Node.js","devDependencies":{"@gimenete/type-writer":"^0.1.3","@octokit/auth":"^1.1.1","@octokit/fixtures-server":"^5.0.6","@octokit/graphql":"^4.2.0","@types/node":"^13.1.0","bundlesize":"^0.18.0","chai":"^4.1.2","compression-webpack-plugin":"^3.1.0","cypress":"^3.0.0","glob":"^7.1.2","http-proxy-agent":"^3.0.0","lodash.camelcase":"^4.3.0","lodash.merge":"^4.6.1","lodash.upperfirst":"^4.3.1","mkdirp":"^0.5.1","mocha":"^6.0.0","mustache":"^4.0.0","nock":"^11.3.3","npm-run-all":"^4.1.2","nyc":"^15.0.0","prettier":"^1.14.2","proxy":"^1.0.0","semantic-release":"^16.0.0","sinon":"^8.0.0","sinon-chai":"^3.0.0","sort-keys":"^4.0.0","string-to-arraybuffer":"^1.0.0","string-to-jsdoc-comment":"^1.0.0","typescript":"^3.3.1","webpack":"^4.0.0","webpack-bundle-analyzer":"^3.0.0","webpack-cli":"^3.0.0"},"files":["index.js","index.d.ts","lib","plugins"],"homepage":"https://github.com/octokit/rest.js#readme","keywords":["octokit","github","rest","api-client"],"license":"MIT","name":"@octokit/rest","nyc":{"ignore":["test"]},"publishConfig":{"access":"public"},"release":{"publish":["@semantic-release/npm",{"path":"@semantic-release/github","assets":["dist/*","!dist/*.map.gz"]}]},"repository":{"type":"git","url":"git+https://github.com/octokit/rest.js.git"},"scripts":{"build":"npm-run-all build:*","build:browser":"npm-run-all build:browser:*","build:browser:development":"webpack --mode development --entry . --output-library=Octokit --output=./dist/octokit-rest.js --profile --json > dist/bundle-stats.json","build:browser:production":"webpack --mode production --entry . --plugin=compression-webpack-plugin --output-library=Octokit --output-path=./dist --output-filename=octokit-rest.min.js --devtool source-map","build:ts":"npm run -s update-endpoints:typescript","coverage":"nyc report --reporter=html && open coverage/index.html","generate-bundle-report":"webpack-bundle-analyzer dist/bundle-stats.json --mode=static --no-open --report dist/bundle-report.html","lint":"prettier --check '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json","lint:fix":"prettier --write '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json","postvalidate:ts":"tsc --noEmit --target es6 test/typescript-validate.ts","prebuild:browser":"mkdirp dist/","pretest":"npm run -s lint","prevalidate:ts":"npm run -s build:ts","start-fixtures-server":"octokit-fixtures-server","test":"nyc mocha test/mocha-node-setup.js \"test/*/**/*-test.js\"","test:browser":"cypress run --browser chrome","update-endpoints":"npm-run-all update-endpoints:*","update-endpoints:code":"node scripts/update-endpoints/code","update-endpoints:fetch-json":"node scripts/update-endpoints/fetch-json","update-endpoints:typescript":"node scripts/update-endpoints/typescript","validate:ts":"tsc --target es6 --noImplicitAny index.d.ts"},"types":"index.d.ts","version":"16.38.1"};
/***/ }),
@ -5171,17 +5171,28 @@ class GitCommandManager {
yield this.execGit(args);
});
}
config(configKey, configValue) {
config(configKey, configValue, global) {
return __awaiter(this, void 0, void 0, function* () {
yield this.execGit(['config', '--local', configKey, configValue]);
yield this.execGit([
'config',
global ? '--global' : '--local',
configKey,
configValue
]);
});
}
configExists(configKey) {
configExists(configKey, global) {
return __awaiter(this, void 0, void 0, function* () {
const pattern = configKey.replace(/[^a-zA-Z0-9_]/g, x => {
return `\\${x}`;
});
const output = yield this.execGit(['config', '--local', '--name-only', '--get-regexp', pattern], true);
const output = yield this.execGit([
'config',
global ? '--global' : '--local',
'--name-only',
'--get-regexp',
pattern
], true);
return output.exitCode === 0;
});
}
@ -5263,9 +5274,9 @@ class GitCommandManager {
return output.exitCode === 0;
});
}
tryConfigUnset(configKey) {
tryConfigUnset(configKey, global) {
return __awaiter(this, void 0, void 0, function* () {
const output = yield this.execGit(['config', '--local', '--unset-all', configKey], true);
const output = yield this.execGit(['config', global ? '--global' : '--local', '--unset-all', configKey], true);
return output.exitCode === 0;
});
}
@ -5473,7 +5484,7 @@ function getSource(settings) {
yield removeGitConfig(git, authConfigKey);
try {
// Config extraheader
yield configureAuthToken(git, settings.authToken);
yield configureAuthToken(git, settings.authToken, settings.globalCredentials);
// LFS install
if (settings.lfs) {
yield git.lfsInstall();
@ -5525,7 +5536,7 @@ exports.cleanup = cleanup;
function getGitCommandManager(settings) {
return __awaiter(this, void 0, void 0, function* () {
core.info(`Working directory is '${settings.repositoryPath}'`);
let git = null;
// const git = (null as unknown) as IGitCommandManager
try {
return yield gitCommandManager.CreateCommandManager(settings.repositoryPath, settings.lfs);
}
@ -5609,13 +5620,13 @@ function prepareExistingDirectory(git, repositoryPath, repositoryUrl, clean) {
}
});
}
function configureAuthToken(git, authToken) {
function configureAuthToken(git, authToken, global) {
return __awaiter(this, void 0, void 0, function* () {
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const placeholder = `AUTHORIZATION: basic ***`;
yield git.config(authConfigKey, placeholder);
yield git.config(authConfigKey, placeholder, global);
// Determine the basic credential value
const basicCredential = Buffer.from(`x-access-token:${authToken}`, 'utf8').toString('base64');
core.setSecret(basicCredential);
@ -5624,7 +5635,7 @@ function configureAuthToken(git, authToken) {
let content = (yield fs.promises.readFile(configPath)).toString();
const placeholderIndex = content.indexOf(placeholder);
if (placeholderIndex < 0 ||
placeholderIndex != content.lastIndexOf(placeholder)) {
placeholderIndex !== content.lastIndexOf(placeholder)) {
throw new Error('Unable to replace auth placeholder in .git/config');
}
content = content.replace(placeholder, `AUTHORIZATION: basic ${basicCredential}`);
@ -5633,11 +5644,15 @@ function configureAuthToken(git, authToken) {
}
function removeGitConfig(git, configKey) {
return __awaiter(this, void 0, void 0, function* () {
if ((yield git.configExists(configKey)) &&
!(yield git.tryConfigUnset(configKey))) {
const LOCAL = false;
const GLOBAL = true;
for (const scope of [LOCAL, GLOBAL]) {
if ((yield git.configExists(configKey, scope)) &&
!(yield git.tryConfigUnset(configKey, scope))) {
// Load the config contents
core.warning(`Failed to remove '${configKey}' from the git config`);
}
}
});
}
@ -13653,6 +13668,8 @@ function getInputs() {
// Persist credentials
result.persistCredentials =
(core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE';
result.globalCredentials =
(core.getInput('global-credentials') || 'false').toUpperCase() === 'TRUE';
return result;
}
exports.getInputs = getInputs;

View File

@ -16,8 +16,8 @@ export interface IGitCommandManager {
branchList(remote: boolean): Promise<string[]>
checkout(ref: string, startPoint: string): Promise<void>
checkoutDetach(): Promise<void>
config(configKey: string, configValue: string): Promise<void>
configExists(configKey: string): Promise<boolean>
config(configKey: string, configValue: string, global: boolean): Promise<void>
configExists(configKey: string, global: boolean): Promise<boolean>
fetch(fetchDepth: number, refSpec: string[]): Promise<void>
getWorkingDirectory(): string
init(): Promise<void>
@ -28,7 +28,7 @@ export interface IGitCommandManager {
remoteAdd(remoteName: string, remoteUrl: string): Promise<void>
tagExists(pattern: string): Promise<boolean>
tryClean(): Promise<boolean>
tryConfigUnset(configKey: string): Promise<boolean>
tryConfigUnset(configKey: string, global: boolean): Promise<boolean>
tryDisableAutomaticGarbageCollection(): Promise<boolean>
tryGetFetchUrl(): Promise<string>
tryReset(): Promise<boolean>
@ -123,16 +123,31 @@ class GitCommandManager {
await this.execGit(args)
}
async config(configKey: string, configValue: string): Promise<void> {
await this.execGit(['config', '--local', configKey, configValue])
async config(
configKey: string,
configValue: string,
global: boolean
): Promise<void> {
await this.execGit([
'config',
global ? '--global' : '--local',
configKey,
configValue
])
}
async configExists(configKey: string): Promise<boolean> {
async configExists(configKey: string, global: boolean): Promise<boolean> {
const pattern = configKey.replace(/[^a-zA-Z0-9_]/g, x => {
return `\\${x}`
})
const output = await this.execGit(
['config', '--local', '--name-only', '--get-regexp', pattern],
[
'config',
global ? '--global' : '--local',
'--name-only',
'--get-regexp',
pattern
],
true
)
return output.exitCode === 0
@ -217,9 +232,9 @@ class GitCommandManager {
return output.exitCode === 0
}
async tryConfigUnset(configKey: string): Promise<boolean> {
async tryConfigUnset(configKey: string, global: boolean): Promise<boolean> {
const output = await this.execGit(
['config', '--local', '--unset-all', configKey],
['config', global ? '--global' : '--local', '--unset-all', configKey],
true
)
return output.exitCode === 0

View File

@ -23,6 +23,7 @@ export interface ISourceSettings {
lfs: boolean
authToken: string
persistCredentials: boolean
globalCredentials: boolean
}
export async function getSource(settings: ISourceSettings): Promise<void> {
@ -97,7 +98,11 @@ export async function getSource(settings: ISourceSettings): Promise<void> {
try {
// Config extraheader
await configureAuthToken(git, settings.authToken)
await configureAuthToken(
git,
settings.authToken,
settings.globalCredentials
)
// LFS install
if (settings.lfs) {
@ -159,7 +164,7 @@ async function getGitCommandManager(
settings: ISourceSettings
): Promise<IGitCommandManager> {
core.info(`Working directory is '${settings.repositoryPath}'`)
let git = (null as unknown) as IGitCommandManager
// const git = (null as unknown) as IGitCommandManager
try {
return await gitCommandManager.CreateCommandManager(
settings.repositoryPath,
@ -263,13 +268,14 @@ async function prepareExistingDirectory(
async function configureAuthToken(
git: IGitCommandManager,
authToken: string
authToken: string,
global: boolean
): Promise<void> {
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const placeholder = `AUTHORIZATION: basic ***`
await git.config(authConfigKey, placeholder)
await git.config(authConfigKey, placeholder, global)
// Determine the basic credential value
const basicCredential = Buffer.from(
@ -284,7 +290,7 @@ async function configureAuthToken(
const placeholderIndex = content.indexOf(placeholder)
if (
placeholderIndex < 0 ||
placeholderIndex != content.lastIndexOf(placeholder)
placeholderIndex !== content.lastIndexOf(placeholder)
) {
throw new Error('Unable to replace auth placeholder in .git/config')
}
@ -299,11 +305,16 @@ async function removeGitConfig(
git: IGitCommandManager,
configKey: string
): Promise<void> {
const LOCAL = false
const GLOBAL = true
for (const scope of [LOCAL, GLOBAL]) {
if (
(await git.configExists(configKey)) &&
!(await git.tryConfigUnset(configKey))
(await git.configExists(configKey, scope)) &&
!(await git.tryConfigUnset(configKey, scope))
) {
// Load the config contents
core.warning(`Failed to remove '${configKey}' from the git config`)
}
}
}

View File

@ -110,5 +110,8 @@ export function getInputs(): ISourceSettings {
result.persistCredentials =
(core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'
result.globalCredentials =
(core.getInput('global-credentials') || 'false').toUpperCase() === 'TRUE'
return result
}