mirror of
https://github.com/actions/checkout.git
synced 2025-10-31 10:24:20 +08:00
Compare commits
3 Commits
bcc5319a0b
...
b13eccf351
| Author | SHA1 | Date | |
|---|---|---|---|
|
b13eccf351 | ||
|
|
82257b56c2 | ||
|
|
d9b320ec70 |
36
dist/index.js
vendored
36
dist/index.js
vendored
@ -270,11 +270,12 @@ class GitAuthHelper {
|
|||||||
// Remove possible previous HTTPS instead of SSH
|
// Remove possible previous HTTPS instead of SSH
|
||||||
yield this.removeGitConfig(this.insteadOfKey, true);
|
yield this.removeGitConfig(this.insteadOfKey, true);
|
||||||
if (this.settings.persistCredentials) {
|
if (this.settings.persistCredentials) {
|
||||||
|
// TODO: UPDATE THIS
|
||||||
// Configure a placeholder value. This approach avoids the credential being captured
|
// Configure a placeholder value. This approach avoids the credential being captured
|
||||||
// by process creation audit events, which are commonly logged. For more information,
|
// by process creation audit events, which are commonly logged. For more information,
|
||||||
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
||||||
const output = yield this.git.submoduleForeach(
|
const output = yield this.git.submoduleForeach(
|
||||||
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
|
// Wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
|
||||||
`sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules);
|
`sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules);
|
||||||
// Replace the placeholder
|
// Replace the placeholder
|
||||||
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
|
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
|
||||||
@ -380,31 +381,34 @@ class GitAuthHelper {
|
|||||||
yield this.replaceTokenPlaceholder(credentialsConfigPath);
|
yield this.replaceTokenPlaceholder(credentialsConfigPath);
|
||||||
// Add include or includeIf to reference the credentials config
|
// Add include or includeIf to reference the credentials config
|
||||||
if (globalConfig) {
|
if (globalConfig) {
|
||||||
// For global config, use unconditional include.
|
// Global config file is temporary
|
||||||
// No need to track for cleanup since the temp .gitconfig file (which contains
|
|
||||||
// this include.path entry) gets deleted by removeGlobalConfig().
|
|
||||||
yield this.git.config('include.path', credentialsConfigPath, true);
|
yield this.git.config('include.path', credentialsConfigPath, true);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// For local config, use includeIf.gitdir to match the .git directory.
|
// For local config, use includeIf.gitdir to match the .git directory.
|
||||||
// Configure for both host and container paths to support Docker container actions.
|
// Configure for both host and container paths to support Docker container actions.
|
||||||
const gitDir = path.join(this.git.getWorkingDirectory(), '.git');
|
let gitDir = path.join(this.git.getWorkingDirectory(), '.git');
|
||||||
|
console.log(`Git dir: ${gitDir}`);
|
||||||
|
core.info(`Git dir: ${gitDir}`);
|
||||||
|
// Use forward slashes for git config, even on Windows
|
||||||
|
gitDir = gitDir.replace(/\\/g, '/');
|
||||||
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`;
|
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`;
|
||||||
yield this.git.config(hostIncludeKey, credentialsConfigPath);
|
yield this.git.config(hostIncludeKey, credentialsConfigPath);
|
||||||
this.credentialsIncludeKeys.push(hostIncludeKey);
|
this.credentialsIncludeKeys.push(hostIncludeKey);
|
||||||
// Configure for container scenario where paths are mapped to fixed locations
|
// Configure for container scenario where paths are mapped to fixed locations
|
||||||
const githubWorkspace = process.env['GITHUB_WORKSPACE'];
|
const githubWorkspace = process.env['GITHUB_WORKSPACE'];
|
||||||
if (githubWorkspace) {
|
assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined');
|
||||||
// Calculate the relative path of the working directory from GITHUB_WORKSPACE
|
// Calculate the relative path of the working directory from GITHUB_WORKSPACE
|
||||||
const workingDirectory = this.git.getWorkingDirectory();
|
const workingDirectory = this.git.getWorkingDirectory();
|
||||||
const relativePath = path.relative(githubWorkspace, workingDirectory);
|
let relativePath = path.relative(githubWorkspace, workingDirectory);
|
||||||
// Container paths: GITHUB_WORKSPACE -> /github/workspace, RUNNER_TEMP -> /github/runner_temp
|
// Container paths: GITHUB_WORKSPACE -> /github/workspace, RUNNER_TEMP -> /github/runner_temp
|
||||||
const containerGitDir = path.posix.join('/github/workspace', relativePath, '.git');
|
// Use forward slashes for git config
|
||||||
const containerCredentialsPath = path.posix.join('/github/runner_temp', path.basename(credentialsConfigPath));
|
relativePath = relativePath.replace(/\\/g, '/');
|
||||||
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`;
|
const containerGitDir = path.posix.join('/github/workspace', relativePath, '.git');
|
||||||
yield this.git.config(containerIncludeKey, containerCredentialsPath);
|
const containerCredentialsPath = path.posix.join('/github/runner_temp', path.basename(credentialsConfigPath));
|
||||||
this.credentialsIncludeKeys.push(containerIncludeKey);
|
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`;
|
||||||
}
|
yield this.git.config(containerIncludeKey, containerCredentialsPath);
|
||||||
|
this.credentialsIncludeKeys.push(containerIncludeKey);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
@ -171,11 +171,13 @@ class GitAuthHelper {
|
|||||||
await this.removeGitConfig(this.insteadOfKey, true)
|
await this.removeGitConfig(this.insteadOfKey, true)
|
||||||
|
|
||||||
if (this.settings.persistCredentials) {
|
if (this.settings.persistCredentials) {
|
||||||
|
// TODO: UPDATE THIS
|
||||||
|
|
||||||
// Configure a placeholder value. This approach avoids the credential being captured
|
// Configure a placeholder value. This approach avoids the credential being captured
|
||||||
// by process creation audit events, which are commonly logged. For more information,
|
// by process creation audit events, which are commonly logged. For more information,
|
||||||
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
|
||||||
const output = await this.git.submoduleForeach(
|
const output = await this.git.submoduleForeach(
|
||||||
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
|
// Wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
|
||||||
`sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
|
`sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
|
||||||
this.settings.nestedSubmodules
|
this.settings.nestedSubmodules
|
||||||
)
|
)
|
||||||
@ -311,40 +313,44 @@ class GitAuthHelper {
|
|||||||
|
|
||||||
// Add include or includeIf to reference the credentials config
|
// Add include or includeIf to reference the credentials config
|
||||||
if (globalConfig) {
|
if (globalConfig) {
|
||||||
// For global config, use unconditional include.
|
// Global config file is temporary
|
||||||
// No need to track for cleanup since the temp .gitconfig file (which contains
|
|
||||||
// this include.path entry) gets deleted by removeGlobalConfig().
|
|
||||||
await this.git.config('include.path', credentialsConfigPath, true)
|
await this.git.config('include.path', credentialsConfigPath, true)
|
||||||
} else {
|
} else {
|
||||||
// For local config, use includeIf.gitdir to match the .git directory.
|
// For local config, use includeIf.gitdir to match the .git directory.
|
||||||
// Configure for both host and container paths to support Docker container actions.
|
// Configure for both host and container paths to support Docker container actions.
|
||||||
const gitDir = path.join(this.git.getWorkingDirectory(), '.git')
|
let gitDir = path.join(this.git.getWorkingDirectory(), '.git')
|
||||||
|
console.log(`Git dir: ${gitDir}`)
|
||||||
|
core.info(`Git dir: ${gitDir}`)
|
||||||
|
// Use forward slashes for git config, even on Windows
|
||||||
|
gitDir = gitDir.replace(/\\/g, '/')
|
||||||
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`
|
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`
|
||||||
await this.git.config(hostIncludeKey, credentialsConfigPath)
|
await this.git.config(hostIncludeKey, credentialsConfigPath)
|
||||||
this.credentialsIncludeKeys.push(hostIncludeKey)
|
this.credentialsIncludeKeys.push(hostIncludeKey)
|
||||||
|
|
||||||
// Configure for container scenario where paths are mapped to fixed locations
|
// Configure for container scenario where paths are mapped to fixed locations
|
||||||
const githubWorkspace = process.env['GITHUB_WORKSPACE']
|
const githubWorkspace = process.env['GITHUB_WORKSPACE']
|
||||||
if (githubWorkspace) {
|
assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined')
|
||||||
// Calculate the relative path of the working directory from GITHUB_WORKSPACE
|
|
||||||
const workingDirectory = this.git.getWorkingDirectory()
|
// Calculate the relative path of the working directory from GITHUB_WORKSPACE
|
||||||
const relativePath = path.relative(githubWorkspace, workingDirectory)
|
const workingDirectory = this.git.getWorkingDirectory()
|
||||||
|
let relativePath = path.relative(githubWorkspace, workingDirectory)
|
||||||
|
|
||||||
// Container paths: GITHUB_WORKSPACE -> /github/workspace, RUNNER_TEMP -> /github/runner_temp
|
// Container paths: GITHUB_WORKSPACE -> /github/workspace, RUNNER_TEMP -> /github/runner_temp
|
||||||
const containerGitDir = path.posix.join(
|
// Use forward slashes for git config
|
||||||
'/github/workspace',
|
relativePath = relativePath.replace(/\\/g, '/')
|
||||||
relativePath,
|
const containerGitDir = path.posix.join(
|
||||||
'.git'
|
'/github/workspace',
|
||||||
)
|
relativePath,
|
||||||
const containerCredentialsPath = path.posix.join(
|
'.git'
|
||||||
'/github/runner_temp',
|
)
|
||||||
path.basename(credentialsConfigPath)
|
const containerCredentialsPath = path.posix.join(
|
||||||
)
|
'/github/runner_temp',
|
||||||
|
path.basename(credentialsConfigPath)
|
||||||
|
)
|
||||||
|
|
||||||
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`
|
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`
|
||||||
await this.git.config(containerIncludeKey, containerCredentialsPath)
|
await this.git.config(containerIncludeKey, containerCredentialsPath)
|
||||||
this.credentialsIncludeKeys.push(containerIncludeKey)
|
this.credentialsIncludeKeys.push(containerIncludeKey)
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user