Skip to content

Commit

Permalink
convert SSH URL to HTTPS
Browse files Browse the repository at this point in the history
  • Loading branch information
@ericsciple
ericsciple committed Mar 6, 2020
1 parent b4626ce commit 71151be
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 19 deletions.
30 changes: 15 additions & 15 deletions .github/workflows/test.yml
View file
Expand Up @@ -35,7 +35,7 @@ jobs:
uses: actions/checkout@v2

# Basic checkout
- name: Basic checkout
- name: Checkout basic
uses: ./
with:
ref: test-data/v2/basic
Expand All @@ -48,7 +48,7 @@ jobs:
- name: Modify work tree
shell: bash
run: __test__/modify-work-tree.sh
- name: Clean checkout
- name: Checkout clean
uses: ./
with:
ref: test-data/v2/basic
Expand All @@ -58,12 +58,12 @@ jobs:
run: __test__/verify-clean.sh

# Side by side
- name: Side by side checkout 1
- name: Checkout side by side 1
uses: ./
with:
ref: test-data/v2/side-by-side-1
path: side-by-side-1
- name: Side by side checkout 2
- name: Checkout side by side 2
uses: ./
with:
ref: test-data/v2/side-by-side-2
Expand All @@ -73,7 +73,7 @@ jobs:
run: __test__/verify-side-by-side.sh

# LFS
- name: LFS checkout
- name: Checkout LFS
uses: ./
with:
repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
Expand All @@ -85,29 +85,29 @@ jobs:
run: __test__/verify-lfs.sh

# Submodules false
- name: Submodules false checkout
- name: Checkout submodules false
uses: ./
with:
ref: test-data/v2/submodule
ref: test-data/v2/submodule-ssh-url
path: submodules-false
- name: Verify submodules false
run: __test__/verify-submodules-false.sh

# Submodules one level
- name: Submodules true checkout
- name: Checkout submodules true
uses: ./
with:
ref: test-data/v2/submodule
ref: test-data/v2/submodule-ssh-url
path: submodules-true
submodules: true
- name: Verify submodules true
run: __test__/verify-submodules-true.sh

# Submodules recursive
- name: Submodules recursive checkout
- name: Checkout submodules recursive
uses: ./
with:
ref: test-data/v2/submodule
ref: test-data/v2/submodule-ssh-url
path: submodules-recursive
submodules: recursive
- name: Verify submodules recursive
Expand All @@ -127,7 +127,7 @@ jobs:
- name: Override git version (Windows)
if: runner.os == 'windows'
run: __test__\\override-git-version.cmd
- name: Basic checkout using REST API
- name: Checkout basic using REST API
uses: ./
with:
ref: test-data/v2/basic
Expand All @@ -153,7 +153,7 @@ jobs:
uses: actions/checkout@v2

# Basic checkout using git
- name: Basic checkout
- name: Checkout basic
uses: ./
with:
ref: test-data/v2/basic
Expand Down Expand Up @@ -185,7 +185,7 @@ jobs:
uses: actions/checkout@v2

# Basic checkout using git
- name: Basic checkout
- name: Checkout basic
uses: ./
with:
ref: test-data/v2/basic
Expand All @@ -198,7 +198,7 @@ jobs:
# Basic checkout using REST API
- name: Override git version
run: __test__/override-git-version.sh
- name: Basic checkout using REST API
- name: Checkout basic using REST API
uses: ./
with:
ref: test-data/v2/basic
Expand Down
15 changes: 13 additions & 2 deletions dist/index.js
View file
Expand Up @@ -5095,6 +5095,8 @@ exports.createAuthHelper = createAuthHelper;
class GitAuthHelper {
constructor(gitCommandManager, gitSourceSettings) {
this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`;
this.insteadOfKey = `url.https://${HOSTNAME}/.insteadOf`;
this.insteadOfValue = `git@${HOSTNAME}:`;
this.temporaryHomePath = '';
this.git = gitCommandManager;
this.settings = gitSourceSettings || {};
Expand Down Expand Up @@ -5140,11 +5142,15 @@ class GitAuthHelper {
else {
yield fs.promises.writeFile(newGitConfigPath, '');
}
// Configure the token
try {
// Override HOME
core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
// Configure the token
yield this.configureToken(newGitConfigPath, true);
// Configure HTTPS instead of SSH
yield this.git.tryConfigUnset(this.insteadOfKey, true);
yield this.git.config(this.insteadOfKey, this.insteadOfValue, true);
}
catch (err) {
// Unset in case somehow written to the real global config
Expand All @@ -5160,7 +5166,12 @@ class GitAuthHelper {
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const output = yield this.git.submoduleForeach(`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules);
const commands = [
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
`git config --local --show-origin --name-only --get-regexp remote.origin.url`
];
const output = yield this.git.submoduleForeach(commands.join(' && '), this.settings.nestedSubmodules);
// Replace the placeholder
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
for (const configPath of configPaths) {
Expand Down
17 changes: 15 additions & 2 deletions src/git-auth-helper.ts
View file
Expand Up @@ -34,6 +34,8 @@ class GitAuthHelper {
private readonly settings: IGitSourceSettings
private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader`
private readonly tokenPlaceholderConfigValue: string
private readonly insteadOfKey: string = `url.https://${HOSTNAME}/.insteadOf`
private readonly insteadOfValue: string = `git@${HOSTNAME}:`
private temporaryHomePath = ''
private tokenConfigValue: string

Expand Down Expand Up @@ -92,13 +94,19 @@ class GitAuthHelper {
await fs.promises.writeFile(newGitConfigPath, '')
}

// Configure the token
try {
// Override HOME
core.info(
`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
)
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)

// Configure the token
await this.configureToken(newGitConfigPath, true)

// Configure HTTPS instead of SSH
await this.git.tryConfigUnset(this.insteadOfKey, true)
await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
} catch (err) {
// Unset in case somehow written to the real global config
core.info(
Expand All @@ -114,8 +122,13 @@ class GitAuthHelper {
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const commands = [
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
`git config --local --show-origin --name-only --get-regexp remote.origin.url`
]
const output = await this.git.submoduleForeach(
`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
commands.join(' && '),
this.settings.nestedSubmodules
)

Expand Down

0 comments on commit 71151be

Please sign in to comment.