From 72b08f76017d6038673c6300bdfe8a0868b5b943 Mon Sep 17 00:00:00 2001 From: Jonathan Grimes Date: Fri, 28 Feb 2020 10:40:17 -0600 Subject: [PATCH] add global config option --- README.md | 4 ++++ action.yml | 3 +++ dist/index.js | 49 +++++++++++++++++++++++++------------- src/git-command-manager.ts | 33 ++++++++++++++++++------- src/git-source-provider.ts | 33 ++++++++++++++++--------- src/input-helper.ts | 3 +++ 6 files changed, 89 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 54b3429..84e8ac6 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,10 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous # Default: true persist-credentials: '' + # Whether to use --local or --global scope when persisting the token. + # Default: false + global-credentials: '' + # Relative path under $GITHUB_WORKSPACE to place the repository path: '' diff --git a/action.yml b/action.yml index 9650409..62dec4a 100644 --- a/action.yml +++ b/action.yml @@ -19,6 +19,9 @@ inputs: persist-credentials: description: 'Whether to persist the token in the git config' default: true + global-credentials: + description: 'Whether to use --local or --global scope when persisting the token.' + default: false path: description: 'Relative path under $GITHUB_WORKSPACE to place the repository' clean: diff --git a/dist/index.js b/dist/index.js index 36e9e00..fd631eb 100644 --- a/dist/index.js +++ b/dist/index.js @@ -3169,7 +3169,7 @@ module.exports = require("https"); /***/ 215: /***/ (function(module) { -module.exports = {"name":"@octokit/rest","version":"16.38.1","publishConfig":{"access":"public"},"description":"GitHub REST API client for Node.js","keywords":["octokit","github","rest","api-client"],"author":"Gregor Martynus (https://github.com/gr2m)","contributors":[{"name":"Mike de Boer","email":"info@mikedeboer.nl"},{"name":"Fabian Jakobs","email":"fabian@c9.io"},{"name":"Joe Gallo","email":"joe@brassafrax.com"},{"name":"Gregor Martynus","url":"https://github.com/gr2m"}],"repository":"https://github.com/octokit/rest.js","dependencies":{"@octokit/auth-token":"^2.4.0","@octokit/request":"^5.2.0","@octokit/request-error":"^1.0.2","atob-lite":"^2.0.0","before-after-hook":"^2.0.0","btoa-lite":"^1.0.0","deprecation":"^2.0.0","lodash.get":"^4.4.2","lodash.set":"^4.3.2","lodash.uniq":"^4.5.0","octokit-pagination-methods":"^1.1.0","once":"^1.4.0","universal-user-agent":"^4.0.0"},"devDependencies":{"@gimenete/type-writer":"^0.1.3","@octokit/auth":"^1.1.1","@octokit/fixtures-server":"^5.0.6","@octokit/graphql":"^4.2.0","@types/node":"^13.1.0","bundlesize":"^0.18.0","chai":"^4.1.2","compression-webpack-plugin":"^3.1.0","cypress":"^3.0.0","glob":"^7.1.2","http-proxy-agent":"^3.0.0","lodash.camelcase":"^4.3.0","lodash.merge":"^4.6.1","lodash.upperfirst":"^4.3.1","mkdirp":"^0.5.1","mocha":"^6.0.0","mustache":"^4.0.0","nock":"^11.3.3","npm-run-all":"^4.1.2","nyc":"^15.0.0","prettier":"^1.14.2","proxy":"^1.0.0","semantic-release":"^16.0.0","sinon":"^8.0.0","sinon-chai":"^3.0.0","sort-keys":"^4.0.0","string-to-arraybuffer":"^1.0.0","string-to-jsdoc-comment":"^1.0.0","typescript":"^3.3.1","webpack":"^4.0.0","webpack-bundle-analyzer":"^3.0.0","webpack-cli":"^3.0.0"},"types":"index.d.ts","scripts":{"coverage":"nyc report --reporter=html && open coverage/index.html","lint":"prettier --check '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json","lint:fix":"prettier --write '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json","pretest":"npm run -s lint","test":"nyc mocha test/mocha-node-setup.js \"test/*/**/*-test.js\"","test:browser":"cypress run --browser chrome","build":"npm-run-all build:*","build:ts":"npm run -s update-endpoints:typescript","prebuild:browser":"mkdirp dist/","build:browser":"npm-run-all build:browser:*","build:browser:development":"webpack --mode development --entry . --output-library=Octokit --output=./dist/octokit-rest.js --profile --json > dist/bundle-stats.json","build:browser:production":"webpack --mode production --entry . --plugin=compression-webpack-plugin --output-library=Octokit --output-path=./dist --output-filename=octokit-rest.min.js --devtool source-map","generate-bundle-report":"webpack-bundle-analyzer dist/bundle-stats.json --mode=static --no-open --report dist/bundle-report.html","update-endpoints":"npm-run-all update-endpoints:*","update-endpoints:fetch-json":"node scripts/update-endpoints/fetch-json","update-endpoints:code":"node scripts/update-endpoints/code","update-endpoints:typescript":"node scripts/update-endpoints/typescript","prevalidate:ts":"npm run -s build:ts","validate:ts":"tsc --target es6 --noImplicitAny index.d.ts","postvalidate:ts":"tsc --noEmit --target es6 test/typescript-validate.ts","start-fixtures-server":"octokit-fixtures-server"},"license":"MIT","files":["index.js","index.d.ts","lib","plugins"],"nyc":{"ignore":["test"]},"release":{"publish":["@semantic-release/npm",{"path":"@semantic-release/github","assets":["dist/*","!dist/*.map.gz"]}]},"bundlesize":[{"path":"./dist/octokit-rest.min.js.gz","maxSize":"33 kB"}],"_resolved":"https://registry.npmjs.org/@octokit/rest/-/rest-16.38.1.tgz","_integrity":"sha512-zyNFx+/Bd1EXt7LQjfrc6H4wryBQ/oDuZeZhGMBSFr1eMPFDmpEweFQR3R25zjKwBQpDY7L5GQO6A3XSaOfV1w==","_from":"@octokit/rest@16.38.1"}; +module.exports = {"_args":[["@octokit/rest@16.38.1","/Users/jgrimes/Workspace/tools/checkout"]],"_from":"@octokit/rest@16.38.1","_id":"@octokit/rest@16.38.1","_inBundle":false,"_integrity":"sha512-zyNFx+/Bd1EXt7LQjfrc6H4wryBQ/oDuZeZhGMBSFr1eMPFDmpEweFQR3R25zjKwBQpDY7L5GQO6A3XSaOfV1w==","_location":"/@octokit/rest","_phantomChildren":{},"_requested":{"type":"version","registry":true,"raw":"@octokit/rest@16.38.1","name":"@octokit/rest","escapedName":"@octokit%2frest","scope":"@octokit","rawSpec":"16.38.1","saveSpec":null,"fetchSpec":"16.38.1"},"_requiredBy":["/@actions/github"],"_resolved":"https://registry.npmjs.org/@octokit/rest/-/rest-16.38.1.tgz","_spec":"16.38.1","_where":"/Users/jgrimes/Workspace/tools/checkout","author":{"name":"Gregor Martynus","url":"https://github.com/gr2m"},"bugs":{"url":"https://github.com/octokit/rest.js/issues"},"bundlesize":[{"path":"./dist/octokit-rest.min.js.gz","maxSize":"33 kB"}],"contributors":[{"name":"Mike de Boer","email":"info@mikedeboer.nl"},{"name":"Fabian Jakobs","email":"fabian@c9.io"},{"name":"Joe Gallo","email":"joe@brassafrax.com"},{"name":"Gregor Martynus","url":"https://github.com/gr2m"}],"dependencies":{"@octokit/auth-token":"^2.4.0","@octokit/request":"^5.2.0","@octokit/request-error":"^1.0.2","atob-lite":"^2.0.0","before-after-hook":"^2.0.0","btoa-lite":"^1.0.0","deprecation":"^2.0.0","lodash.get":"^4.4.2","lodash.set":"^4.3.2","lodash.uniq":"^4.5.0","octokit-pagination-methods":"^1.1.0","once":"^1.4.0","universal-user-agent":"^4.0.0"},"description":"GitHub REST API client for Node.js","devDependencies":{"@gimenete/type-writer":"^0.1.3","@octokit/auth":"^1.1.1","@octokit/fixtures-server":"^5.0.6","@octokit/graphql":"^4.2.0","@types/node":"^13.1.0","bundlesize":"^0.18.0","chai":"^4.1.2","compression-webpack-plugin":"^3.1.0","cypress":"^3.0.0","glob":"^7.1.2","http-proxy-agent":"^3.0.0","lodash.camelcase":"^4.3.0","lodash.merge":"^4.6.1","lodash.upperfirst":"^4.3.1","mkdirp":"^0.5.1","mocha":"^6.0.0","mustache":"^4.0.0","nock":"^11.3.3","npm-run-all":"^4.1.2","nyc":"^15.0.0","prettier":"^1.14.2","proxy":"^1.0.0","semantic-release":"^16.0.0","sinon":"^8.0.0","sinon-chai":"^3.0.0","sort-keys":"^4.0.0","string-to-arraybuffer":"^1.0.0","string-to-jsdoc-comment":"^1.0.0","typescript":"^3.3.1","webpack":"^4.0.0","webpack-bundle-analyzer":"^3.0.0","webpack-cli":"^3.0.0"},"files":["index.js","index.d.ts","lib","plugins"],"homepage":"https://github.com/octokit/rest.js#readme","keywords":["octokit","github","rest","api-client"],"license":"MIT","name":"@octokit/rest","nyc":{"ignore":["test"]},"publishConfig":{"access":"public"},"release":{"publish":["@semantic-release/npm",{"path":"@semantic-release/github","assets":["dist/*","!dist/*.map.gz"]}]},"repository":{"type":"git","url":"git+https://github.com/octokit/rest.js.git"},"scripts":{"build":"npm-run-all build:*","build:browser":"npm-run-all build:browser:*","build:browser:development":"webpack --mode development --entry . --output-library=Octokit --output=./dist/octokit-rest.js --profile --json > dist/bundle-stats.json","build:browser:production":"webpack --mode production --entry . --plugin=compression-webpack-plugin --output-library=Octokit --output-path=./dist --output-filename=octokit-rest.min.js --devtool source-map","build:ts":"npm run -s update-endpoints:typescript","coverage":"nyc report --reporter=html && open coverage/index.html","generate-bundle-report":"webpack-bundle-analyzer dist/bundle-stats.json --mode=static --no-open --report dist/bundle-report.html","lint":"prettier --check '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json","lint:fix":"prettier --write '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json","postvalidate:ts":"tsc --noEmit --target es6 test/typescript-validate.ts","prebuild:browser":"mkdirp dist/","pretest":"npm run -s lint","prevalidate:ts":"npm run -s build:ts","start-fixtures-server":"octokit-fixtures-server","test":"nyc mocha test/mocha-node-setup.js \"test/*/**/*-test.js\"","test:browser":"cypress run --browser chrome","update-endpoints":"npm-run-all update-endpoints:*","update-endpoints:code":"node scripts/update-endpoints/code","update-endpoints:fetch-json":"node scripts/update-endpoints/fetch-json","update-endpoints:typescript":"node scripts/update-endpoints/typescript","validate:ts":"tsc --target es6 --noImplicitAny index.d.ts"},"types":"index.d.ts","version":"16.38.1"}; /***/ }), @@ -5171,17 +5171,28 @@ class GitCommandManager { yield this.execGit(args); }); } - config(configKey, configValue) { + config(configKey, configValue, global) { return __awaiter(this, void 0, void 0, function* () { - yield this.execGit(['config', '--local', configKey, configValue]); + yield this.execGit([ + 'config', + global ? '--global' : '--local', + configKey, + configValue + ]); }); } - configExists(configKey) { + configExists(configKey, global) { return __awaiter(this, void 0, void 0, function* () { const pattern = configKey.replace(/[^a-zA-Z0-9_]/g, x => { return `\\${x}`; }); - const output = yield this.execGit(['config', '--local', '--name-only', '--get-regexp', pattern], true); + const output = yield this.execGit([ + 'config', + global ? '--global' : '--local', + '--name-only', + '--get-regexp', + pattern + ], true); return output.exitCode === 0; }); } @@ -5263,9 +5274,9 @@ class GitCommandManager { return output.exitCode === 0; }); } - tryConfigUnset(configKey) { + tryConfigUnset(configKey, global) { return __awaiter(this, void 0, void 0, function* () { - const output = yield this.execGit(['config', '--local', '--unset-all', configKey], true); + const output = yield this.execGit(['config', global ? '--global' : '--local', '--unset-all', configKey], true); return output.exitCode === 0; }); } @@ -5473,7 +5484,7 @@ function getSource(settings) { yield removeGitConfig(git, authConfigKey); try { // Config extraheader - yield configureAuthToken(git, settings.authToken); + yield configureAuthToken(git, settings.authToken, settings.globalCredentials); // LFS install if (settings.lfs) { yield git.lfsInstall(); @@ -5525,7 +5536,7 @@ exports.cleanup = cleanup; function getGitCommandManager(settings) { return __awaiter(this, void 0, void 0, function* () { core.info(`Working directory is '${settings.repositoryPath}'`); - let git = null; + // const git = (null as unknown) as IGitCommandManager try { return yield gitCommandManager.CreateCommandManager(settings.repositoryPath, settings.lfs); } @@ -5609,13 +5620,13 @@ function prepareExistingDirectory(git, repositoryPath, repositoryUrl, clean) { } }); } -function configureAuthToken(git, authToken) { +function configureAuthToken(git, authToken, global) { return __awaiter(this, void 0, void 0, function* () { // Configure a placeholder value. This approach avoids the credential being captured // by process creation audit events, which are commonly logged. For more information, // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing const placeholder = `AUTHORIZATION: basic ***`; - yield git.config(authConfigKey, placeholder); + yield git.config(authConfigKey, placeholder, global); // Determine the basic credential value const basicCredential = Buffer.from(`x-access-token:${authToken}`, 'utf8').toString('base64'); core.setSecret(basicCredential); @@ -5624,7 +5635,7 @@ function configureAuthToken(git, authToken) { let content = (yield fs.promises.readFile(configPath)).toString(); const placeholderIndex = content.indexOf(placeholder); if (placeholderIndex < 0 || - placeholderIndex != content.lastIndexOf(placeholder)) { + placeholderIndex !== content.lastIndexOf(placeholder)) { throw new Error('Unable to replace auth placeholder in .git/config'); } content = content.replace(placeholder, `AUTHORIZATION: basic ${basicCredential}`); @@ -5633,10 +5644,14 @@ function configureAuthToken(git, authToken) { } function removeGitConfig(git, configKey) { return __awaiter(this, void 0, void 0, function* () { - if ((yield git.configExists(configKey)) && - !(yield git.tryConfigUnset(configKey))) { - // Load the config contents - core.warning(`Failed to remove '${configKey}' from the git config`); + const LOCAL = false; + const GLOBAL = true; + for (const scope of [LOCAL, GLOBAL]) { + if ((yield git.configExists(configKey, scope)) && + !(yield git.tryConfigUnset(configKey, scope))) { + // Load the config contents + core.warning(`Failed to remove '${configKey}' from the git config`); + } } }); } @@ -13653,6 +13668,8 @@ function getInputs() { // Persist credentials result.persistCredentials = (core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'; + result.globalCredentials = + (core.getInput('global-credentials') || 'false').toUpperCase() === 'TRUE'; return result; } exports.getInputs = getInputs; diff --git a/src/git-command-manager.ts b/src/git-command-manager.ts index 74489c2..2e9131b 100644 --- a/src/git-command-manager.ts +++ b/src/git-command-manager.ts @@ -16,8 +16,8 @@ export interface IGitCommandManager { branchList(remote: boolean): Promise checkout(ref: string, startPoint: string): Promise checkoutDetach(): Promise - config(configKey: string, configValue: string): Promise - configExists(configKey: string): Promise + config(configKey: string, configValue: string, global: boolean): Promise + configExists(configKey: string, global: boolean): Promise fetch(fetchDepth: number, refSpec: string[]): Promise getWorkingDirectory(): string init(): Promise @@ -28,7 +28,7 @@ export interface IGitCommandManager { remoteAdd(remoteName: string, remoteUrl: string): Promise tagExists(pattern: string): Promise tryClean(): Promise - tryConfigUnset(configKey: string): Promise + tryConfigUnset(configKey: string, global: boolean): Promise tryDisableAutomaticGarbageCollection(): Promise tryGetFetchUrl(): Promise tryReset(): Promise @@ -123,16 +123,31 @@ class GitCommandManager { await this.execGit(args) } - async config(configKey: string, configValue: string): Promise { - await this.execGit(['config', '--local', configKey, configValue]) + async config( + configKey: string, + configValue: string, + global: boolean + ): Promise { + await this.execGit([ + 'config', + global ? '--global' : '--local', + configKey, + configValue + ]) } - async configExists(configKey: string): Promise { + async configExists(configKey: string, global: boolean): Promise { const pattern = configKey.replace(/[^a-zA-Z0-9_]/g, x => { return `\\${x}` }) const output = await this.execGit( - ['config', '--local', '--name-only', '--get-regexp', pattern], + [ + 'config', + global ? '--global' : '--local', + '--name-only', + '--get-regexp', + pattern + ], true ) return output.exitCode === 0 @@ -217,9 +232,9 @@ class GitCommandManager { return output.exitCode === 0 } - async tryConfigUnset(configKey: string): Promise { + async tryConfigUnset(configKey: string, global: boolean): Promise { const output = await this.execGit( - ['config', '--local', '--unset-all', configKey], + ['config', global ? '--global' : '--local', '--unset-all', configKey], true ) return output.exitCode === 0 diff --git a/src/git-source-provider.ts b/src/git-source-provider.ts index e0dd58e..bd11743 100644 --- a/src/git-source-provider.ts +++ b/src/git-source-provider.ts @@ -23,6 +23,7 @@ export interface ISourceSettings { lfs: boolean authToken: string persistCredentials: boolean + globalCredentials: boolean } export async function getSource(settings: ISourceSettings): Promise { @@ -97,7 +98,11 @@ export async function getSource(settings: ISourceSettings): Promise { try { // Config extraheader - await configureAuthToken(git, settings.authToken) + await configureAuthToken( + git, + settings.authToken, + settings.globalCredentials + ) // LFS install if (settings.lfs) { @@ -159,7 +164,7 @@ async function getGitCommandManager( settings: ISourceSettings ): Promise { core.info(`Working directory is '${settings.repositoryPath}'`) - let git = (null as unknown) as IGitCommandManager + // const git = (null as unknown) as IGitCommandManager try { return await gitCommandManager.CreateCommandManager( settings.repositoryPath, @@ -263,13 +268,14 @@ async function prepareExistingDirectory( async function configureAuthToken( git: IGitCommandManager, - authToken: string + authToken: string, + global: boolean ): Promise { // Configure a placeholder value. This approach avoids the credential being captured // by process creation audit events, which are commonly logged. For more information, // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing const placeholder = `AUTHORIZATION: basic ***` - await git.config(authConfigKey, placeholder) + await git.config(authConfigKey, placeholder, global) // Determine the basic credential value const basicCredential = Buffer.from( @@ -284,7 +290,7 @@ async function configureAuthToken( const placeholderIndex = content.indexOf(placeholder) if ( placeholderIndex < 0 || - placeholderIndex != content.lastIndexOf(placeholder) + placeholderIndex !== content.lastIndexOf(placeholder) ) { throw new Error('Unable to replace auth placeholder in .git/config') } @@ -299,11 +305,16 @@ async function removeGitConfig( git: IGitCommandManager, configKey: string ): Promise { - if ( - (await git.configExists(configKey)) && - !(await git.tryConfigUnset(configKey)) - ) { - // Load the config contents - core.warning(`Failed to remove '${configKey}' from the git config`) + const LOCAL = false + const GLOBAL = true + + for (const scope of [LOCAL, GLOBAL]) { + if ( + (await git.configExists(configKey, scope)) && + !(await git.tryConfigUnset(configKey, scope)) + ) { + // Load the config contents + core.warning(`Failed to remove '${configKey}' from the git config`) + } } } diff --git a/src/input-helper.ts b/src/input-helper.ts index 54339da..5b91e62 100644 --- a/src/input-helper.ts +++ b/src/input-helper.ts @@ -110,5 +110,8 @@ export function getInputs(): ISourceSettings { result.persistCredentials = (core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE' + result.globalCredentials = + (core.getInput('global-credentials') || 'false').toUpperCase() === 'TRUE' + return result }