From 744fdac09f195fa4c1dd0a150078b0465bbd2de6 Mon Sep 17 00:00:00 2001 From: eric sciple Date: Mon, 2 Mar 2020 10:59:27 -0500 Subject: [PATCH] . --- __test__/git-auth-helper.test.ts | 306 +------------------------------ dist/index.js | 103 +---------- src/git-auth-helper.ts | 116 ------------ src/git-source-provider.ts | 10 +- src/git-source-settings.ts | 3 - src/input-helper.ts | 6 - 6 files changed, 5 insertions(+), 539 deletions(-) diff --git a/__test__/git-auth-helper.test.ts b/__test__/git-auth-helper.test.ts index 92b491d9b..68926f29f 100644 --- a/__test__/git-auth-helper.test.ts +++ b/__test__/git-auth-helper.test.ts @@ -3,11 +3,9 @@ import * as fs from 'fs' import * as gitAuthHelper from '../lib/git-auth-helper' import * as io from '@actions/io' import * as path from 'path' -import * as stateHelper from '../lib/state-helper' import {IGitCommandManager} from '../lib/git-command-manager' import {IGitSourceSettings} from '../lib/git-source-settings' -const isWindows = process.platform === 'win32' const testWorkspace = path.join(__dirname, '_temp', 'git-auth-helper') const originalRunnerTemp = process.env['RUNNER_TEMP'] const originalHome = process.env['HOME'] @@ -18,24 +16,14 @@ let runnerTemp: string let tempHomedir: string let git: IGitCommandManager & {env: {[key: string]: string}} let settings: IGitSourceSettings -let sshPath: string describe('git-auth-helper tests', () => { beforeAll(async () => { - // SSH - sshPath = await io.which('ssh') - // Clear test workspace await io.rmRF(testWorkspace) }) beforeEach(() => { - // Mock state-helper - jest.spyOn(stateHelper, 'setSshKeyPath').mockImplementation(jest.fn()) - jest - .spyOn(stateHelper, 'setSshKnownHostsPath') - .mockImplementation(jest.fn()) - // Mock setSecret jest.spyOn(core, 'setSecret').mockImplementation((secret: string) => {}) @@ -120,40 +108,6 @@ describe('git-auth-helper tests', () => { } ) - const configureAuth_copiesUserKnownHosts = - 'configureAuth copies user known hosts' - it(configureAuth_copiesUserKnownHosts, async () => { - if (!sshPath) { - process.stdout.write( - `Skipped test "${configureAuth_copiesUserKnownHosts}". Executable 'ssh' not found in the PATH.\n` - ) - return - } - - // Arange - await setup(configureAuth_copiesUserKnownHosts) - expect(settings.sshKey).toBeTruthy() // sanity check - await fs.promises.mkdir(path.join(tempHomedir, '.ssh')) - await fs.promises.writeFile( - path.join(tempHomedir, '.ssh', 'known_hosts'), - 'some-domain.com ssh-rsa ABCDEF' - ) - - // Act - const authHelper = gitAuthHelper.createAuthHelper(git, settings) - await authHelper.configureAuth() - - // Assert known hosts - const actualSshKnownHostsPath = await getActualSshKnownHostsPath() - const actualSshKnownHostsContent = ( - await fs.promises.readFile(actualSshKnownHostsPath) - ).toString() - expect(actualSshKnownHostsContent).toMatch( - /some-domain\.com ssh-rsa ABCDEF/ - ) - expect(actualSshKnownHostsContent).toMatch(/github\.com ssh-rsa AAAAB3N/) - }) - const configureAuth_registersBasicCredentialAsSecret = 'configureAuth registers basic credential as secret' it(configureAuth_registersBasicCredentialAsSecret, async () => { @@ -175,149 +129,6 @@ describe('git-auth-helper tests', () => { expect(setSecretSpy).toHaveBeenCalledWith(expectedSecret) }) - const configureAuth_setsSshCommandEnvVarWhenPersistCredentialsFalse = - 'configureAuth sets SSH command env var when persist-credentials false' - it( - configureAuth_setsSshCommandEnvVarWhenPersistCredentialsFalse, - async () => { - if (!sshPath) { - process.stdout.write( - `Skipped test "${configureAuth_setsSshCommandEnvVarWhenPersistCredentialsFalse}". Executable 'ssh' not found in the PATH.\n` - ) - return - } - - // Arrange - await setup(configureAuth_setsSshCommandEnvVarWhenPersistCredentialsFalse) - settings.persistCredentials = false - const authHelper = gitAuthHelper.createAuthHelper(git, settings) - - // Act - await authHelper.configureAuth() - - // Assert git env var - const actualKeyPath = await getActualSshKeyPath() - const actualKnownHostsPath = await getActualSshKnownHostsPath() - const expectedSshCommand = `"${sshPath}" -i "$RUNNER_TEMP/${path.basename( - actualKeyPath - )}" -o StrictHostKeyChecking=yes -o CheckHostIP=no -o "UserKnownHostsFile=$RUNNER_TEMP/${path.basename( - actualKnownHostsPath - )}"` - expect(git.env['GIT_SSH_COMMAND']).toBe(expectedSshCommand) - - // Asserty git config - const gitConfigLines = (await fs.promises.readFile(localGitConfigPath)) - .toString() - .split('\n') - .filter(x => x) - expect(gitConfigLines).toHaveLength(1) - expect(gitConfigLines[0]).toMatch(/^http\./) - } - ) - - const configureAuth_setsSshCommandWhenPersistCredentialsTrue = - 'configureAuth sets SSH command when persist-credentials true' - it(configureAuth_setsSshCommandWhenPersistCredentialsTrue, async () => { - if (!sshPath) { - process.stdout.write( - `Skipped test "${configureAuth_setsSshCommandWhenPersistCredentialsTrue}". Executable 'ssh' not found in the PATH.\n` - ) - return - } - - // Arrange - await setup(configureAuth_setsSshCommandWhenPersistCredentialsTrue) - const authHelper = gitAuthHelper.createAuthHelper(git, settings) - - // Act - await authHelper.configureAuth() - - // Assert git env var - const actualKeyPath = await getActualSshKeyPath() - const actualKnownHostsPath = await getActualSshKnownHostsPath() - const expectedSshCommand = `"${sshPath}" -i "$RUNNER_TEMP/${path.basename( - actualKeyPath - )}" -o StrictHostKeyChecking=yes -o CheckHostIP=no -o "UserKnownHostsFile=$RUNNER_TEMP/${path.basename( - actualKnownHostsPath - )}"` - expect(git.env['GIT_SSH_COMMAND']).toBe(expectedSshCommand) - - // Asserty git config - expect(git.config).toHaveBeenCalledWith( - 'core.sshCommand', - expectedSshCommand - ) - }) - - const configureAuth_writesExplicitKnownHosts = - 'configureAuth writes explicit known hosts' - it(configureAuth_writesExplicitKnownHosts, async () => { - if (!sshPath) { - process.stdout.write( - `Skipped test "${configureAuth_writesExplicitKnownHosts}". Executable 'ssh' not found in the PATH.\n` - ) - return - } - - // Arrange - await setup(configureAuth_writesExplicitKnownHosts) - expect(settings.sshKey).toBeTruthy() // sanity check - settings.sshKnownHosts = 'my-custom-host.com ssh-rsa ABC123' - const authHelper = gitAuthHelper.createAuthHelper(git, settings) - - // Act - await authHelper.configureAuth() - - // Assert known hosts - const actualSshKnownHostsPath = await getActualSshKnownHostsPath() - const actualSshKnownHostsContent = ( - await fs.promises.readFile(actualSshKnownHostsPath) - ).toString() - expect(actualSshKnownHostsContent).toMatch( - /my-custom-host\.com ssh-rsa ABC123/ - ) - expect(actualSshKnownHostsContent).toMatch(/github\.com ssh-rsa AAAAB3N/) - }) - - const configureAuth_writesSshKeyAndImplicitKnownHosts = - 'configureAuth writes SSH key and implicit known hosts' - it(configureAuth_writesSshKeyAndImplicitKnownHosts, async () => { - if (!sshPath) { - process.stdout.write( - `Skipped test "${configureAuth_writesSshKeyAndImplicitKnownHosts}". Executable 'ssh' not found in the PATH.\n` - ) - return - } - - // Arrange - await setup(configureAuth_writesSshKeyAndImplicitKnownHosts) - expect(settings.sshKey).toBeTruthy() // sanity check - const authHelper = gitAuthHelper.createAuthHelper(git, settings) - - // Act - await authHelper.configureAuth() - - // Assert SSH key - const actualSshKeyPath = await getActualSshKeyPath() - expect(actualSshKeyPath).toBeTruthy() - const actualSshKeyContent = ( - await fs.promises.readFile(actualSshKeyPath) - ).toString() - expect(actualSshKeyContent).toBe(settings.sshKey + '\n') - if (!isWindows) { - expect((await fs.promises.stat(actualSshKeyPath)).mode & 0o777).toBe( - 0o600 - ) - } - - // Assert known hosts - const actualSshKnownHostsPath = await getActualSshKnownHostsPath() - const actualSshKnownHostsContent = ( - await fs.promises.readFile(actualSshKnownHostsPath) - ).toString() - expect(actualSshKnownHostsContent).toMatch(/github\.com ssh-rsa AAAAB3N/) - }) - const configureGlobalAuth_copiesGlobalGitConfig = 'configureGlobalAuth copies global git config' it(configureGlobalAuth_copiesGlobalGitConfig, async () => { @@ -431,7 +242,6 @@ describe('git-auth-helper tests', () => { await setup( configureSubmoduleAuth_configuresTokenWhenPersistCredentialsTrue ) - settings.sshKey = '' const authHelper = gitAuthHelper.createAuthHelper(git, settings) await authHelper.configureAuth() ;(git.submoduleForeach as jest.Mock).mockClear() // reset calls @@ -444,90 +254,6 @@ describe('git-auth-helper tests', () => { } ) - const configureSubmoduleAuth_configuresSshCommandWhenPersistCredentialsTrue = - 'configureSubmoduleAuth configures SSH command when persist credentials true' - it( - configureSubmoduleAuth_configuresSshCommandWhenPersistCredentialsTrue, - async () => { - if (!sshPath) { - process.stdout.write( - `Skipped test "${configureSubmoduleAuth_configuresSshCommandWhenPersistCredentialsTrue}". Executable 'ssh' not found in the PATH.\n` - ) - return - } - - // Arrange - await setup( - configureSubmoduleAuth_configuresSshCommandWhenPersistCredentialsTrue - ) - const authHelper = gitAuthHelper.createAuthHelper(git, settings) - await authHelper.configureAuth() - ;(git.submoduleForeach as jest.Mock).mockClear() // reset calls - - // Act - await authHelper.configureSubmoduleAuth() - - // Assert - expect(git.submoduleForeach).toHaveBeenCalledTimes(2) - } - ) - - const removeAuth_removesSsh = 'removeAuth removes SSH' - it(removeAuth_removesSsh, async () => { - if (!sshPath) { - process.stdout.write( - `Skipped test "${removeAuth_removesSsh}". Executable 'ssh' not found in the PATH.\n` - ) - return - } - - // Arrange - await setup(removeAuth_removesSsh) - const authHelper = gitAuthHelper.createAuthHelper(git, settings) - await authHelper.configureAuth() - let gitConfigContent = ( - await fs.promises.readFile(localGitConfigPath) - ).toString() - expect(gitConfigContent.indexOf('core.sshCommand')).toBeGreaterThanOrEqual( - 0 - ) // sanity check - const actualKeyPath = await getActualSshKeyPath() - expect(actualKeyPath).toBeTruthy() - await fs.promises.stat(actualKeyPath) - const actualKnownHostsPath = await getActualSshKnownHostsPath() - expect(actualKnownHostsPath).toBeTruthy() - await fs.promises.stat(actualKnownHostsPath) - - // Act - await authHelper.removeAuth() - - // Assert git config - gitConfigContent = ( - await fs.promises.readFile(localGitConfigPath) - ).toString() - expect(gitConfigContent.indexOf('core.sshCommand')).toBeLessThan(0) - - // Assert SSH key file - try { - await fs.promises.stat(actualKeyPath) - throw new Error('SSH key should have been deleted') - } catch (err) { - if (err.code !== 'ENOENT') { - throw err - } - } - - // Assert known hosts file - try { - await fs.promises.stat(actualKnownHostsPath) - throw new Error('SSH known hosts should have been deleted') - } catch (err) { - if (err.code !== 'ENOENT') { - throw err - } - } - }) - const removeAuth_removesToken = 'removeAuth removes token' it(removeAuth_removesToken, async () => { // Arrange @@ -675,36 +401,6 @@ async function setup(testName: string): Promise { ref: 'refs/heads/master', repositoryName: 'my-repo', repositoryOwner: 'my-org', - repositoryPath: '', - sshKey: sshPath ? 'some ssh private key' : '', - sshKnownHosts: '', - sshStrict: true + repositoryPath: '' } } - -async function getActualSshKeyPath(): Promise { - let actualTempFiles = (await fs.promises.readdir(runnerTemp)) - .sort() - .map(x => path.join(runnerTemp, x)) - if (actualTempFiles.length === 0) { - return '' - } - - expect(actualTempFiles).toHaveLength(2) - expect(actualTempFiles[0].endsWith('_known_hosts')).toBeFalsy() - return actualTempFiles[0] -} - -async function getActualSshKnownHostsPath(): Promise { - let actualTempFiles = (await fs.promises.readdir(runnerTemp)) - .sort() - .map(x => path.join(runnerTemp, x)) - if (actualTempFiles.length === 0) { - return '' - } - - expect(actualTempFiles).toHaveLength(2) - expect(actualTempFiles[1].endsWith('_known_hosts')).toBeTruthy() - expect(actualTempFiles[1].startsWith(actualTempFiles[0])).toBeTruthy() - return actualTempFiles[1] -} diff --git a/dist/index.js b/dist/index.js index 13f64ecb0..36d3d75a7 100644 --- a/dist/index.js +++ b/dist/index.js @@ -5102,13 +5102,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) { Object.defineProperty(exports, "__esModule", { value: true }); const assert = __importStar(__webpack_require__(357)); const core = __importStar(__webpack_require__(470)); -const exec = __importStar(__webpack_require__(986)); const fs = __importStar(__webpack_require__(747)); const io = __importStar(__webpack_require__(1)); const os = __importStar(__webpack_require__(87)); const path = __importStar(__webpack_require__(622)); const regexpHelper = __importStar(__webpack_require__(528)); -const stateHelper = __importStar(__webpack_require__(153)); const v4_1 = __importDefault(__webpack_require__(826)); const IS_WINDOWS = process.platform === 'win32'; const HOSTNAME = 'github.com'; @@ -5118,11 +5116,7 @@ function createAuthHelper(git, settings) { exports.createAuthHelper = createAuthHelper; class GitAuthHelper { constructor(gitCommandManager, gitSourceSettings) { - this.sshCommandConfigKey = 'core.sshCommand'; this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`; - this.sshCommand = ''; - this.sshKeyPath = ''; - this.sshKnownHostsPath = ''; this.temporaryHomePath = ''; this.git = gitCommandManager; this.settings = gitSourceSettings || {}; @@ -5137,7 +5131,6 @@ class GitAuthHelper { // Remove possible previous values yield this.removeAuth(); // Configure new values - yield this.configureSsh(); yield this.configureToken(); }); } @@ -5196,15 +5189,11 @@ class GitAuthHelper { core.debug(`Replacing token placeholder in '${configPath}'`); this.replaceTokenPlaceholder(configPath); } - if (this.sshCommand) { - yield this.git.submoduleForeach(`git config "${this.sshCommandConfigKey}" '${this.sshCommand.replace(/'/g, "'\\''")}'`, this.settings.nestedSubmodules); - } } }); } removeAuth() { return __awaiter(this, void 0, void 0, function* () { - yield this.removeSsh(); yield this.removeToken(); }); } @@ -5215,63 +5204,6 @@ class GitAuthHelper { yield io.rmRF(this.temporaryHomePath); }); } - configureSsh() { - return __awaiter(this, void 0, void 0, function* () { - if (!this.settings.sshKey) { - return; - } - // Write key - const runnerTemp = process.env['RUNNER_TEMP'] || ''; - assert.ok(runnerTemp, 'RUNNER_TEMP is not defined'); - const uniqueId = v4_1.default(); - this.sshKeyPath = path.join(runnerTemp, uniqueId); - stateHelper.setSshKeyPath(this.sshKeyPath); - yield fs.promises.mkdir(runnerTemp, { recursive: true }); - yield fs.promises.writeFile(this.sshKeyPath, this.settings.sshKey.trim() + '\n', { mode: 0o600 }); - // Remove inherited permissions on Windows - if (IS_WINDOWS) { - const icacls = yield io.which('icacls.exe'); - yield exec.exec(`"${icacls}" "${this.sshKeyPath}" /inheritance:r`); - } - // Write known hosts - const userKnownHostsPath = path.join(process.env['HOME'] || os.homedir(), '.ssh', 'known_hosts'); - core.debug(`Checking whether exists '${userKnownHostsPath}'`); - let userKnownHosts = ''; - try { - userKnownHosts = (yield fs.promises.readFile(userKnownHostsPath)).toString(); - core.debug(`User known hosts exists '${userKnownHostsPath}'`); - } - catch (err) { - if (err.code !== 'ENOENT') { - throw err; - } - core.debug(`User known hosts does not exist '${userKnownHostsPath}'`); - } - let knownHosts = ''; - if (userKnownHosts) { - knownHosts += `# Begin from ${userKnownHostsPath}\n${userKnownHosts}\n# End from ${userKnownHostsPath}\n`; - } - if (this.settings.sshKnownHosts) { - knownHosts += `# Begin from input known hosts\n${this.settings.sshKnownHosts}\n# end from input known hosts\n`; - } - knownHosts += `# Begin implicitly added github.com\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n# End implicitly added github.com\n`; - this.sshKnownHostsPath = path.join(runnerTemp, `${uniqueId}_known_hosts`); - stateHelper.setSshKnownHostsPath(this.sshKnownHostsPath); - yield fs.promises.writeFile(this.sshKnownHostsPath, knownHosts); - // Configure GIT_SSH_COMMAND - const sshPath = yield io.which('ssh', true); - this.sshCommand = `"${sshPath}" -i "$RUNNER_TEMP/${path.basename(this.sshKeyPath)}"`; - if (this.settings.sshStrict) { - this.sshCommand += ' -o StrictHostKeyChecking=yes -o CheckHostIP=no'; - } - this.sshCommand += ` -o "UserKnownHostsFile=$RUNNER_TEMP/${path.basename(this.sshKnownHostsPath)}"`; - this.git.setEnvironmentVariable('GIT_SSH_COMMAND', this.sshCommand); - // Configure core.sshCommand - if (this.settings.persistCredentials) { - yield this.git.config(this.sshCommandConfigKey, this.sshCommand); - } - }); - } configureToken(configPath, globalConfig) { return __awaiter(this, void 0, void 0, function* () { // Validate args @@ -5302,32 +5234,6 @@ class GitAuthHelper { yield fs.promises.writeFile(configPath, content); }); } - removeSsh() { - return __awaiter(this, void 0, void 0, function* () { - // SSH key - const keyPath = this.sshKeyPath || stateHelper.SshKeyPath; - if (keyPath) { - try { - yield io.rmRF(keyPath); - } - catch (err) { - core.warning(`Failed to remove SSH key '${keyPath}'`); - } - } - // SSH known hosts - const knownHostsPath = this.sshKnownHostsPath || stateHelper.SshKnownHostsPath; - if (knownHostsPath) { - try { - yield io.rmRF(knownHostsPath); - } - catch (_a) { - // Intentionally empty - } - } - // SSH command - yield this.removeGitConfig(this.sshCommandConfigKey); - }); - } removeToken() { return __awaiter(this, void 0, void 0, function* () { // HTTP extra header @@ -5785,9 +5691,7 @@ function getSource(settings) { return __awaiter(this, void 0, void 0, function* () { // Repository URL core.info(`Syncing repository: ${settings.repositoryOwner}/${settings.repositoryName}`); - const repositoryUrl = settings.sshKey - ? `ssh://git@${hostname}/${encodeURIComponent(settings.repositoryOwner)}/${encodeURIComponent(settings.repositoryName)}.git` - : `https://${hostname}/${encodeURIComponent(settings.repositoryOwner)}/${encodeURIComponent(settings.repositoryName)}`; + const repositoryUrl = `https://${hostname}/${encodeURIComponent(settings.repositoryOwner)}/${encodeURIComponent(settings.repositoryName)}`; // Remove conflicting file path if (fsHelper.fileExistsSync(settings.repositoryPath)) { yield io.rmRF(settings.repositoryPath); @@ -14047,11 +13951,6 @@ function getInputs() { core.debug(`recursive submodules = ${result.nestedSubmodules}`); // Auth token result.authToken = core.getInput('token'); - // SSH - result.sshKey = core.getInput('ssh-key'); - result.sshKnownHosts = core.getInput('ssh-known-hosts'); - result.sshStrict = - (core.getInput('ssh-strict') || 'true').toUpperCase() === 'TRUE'; // Persist credentials result.persistCredentials = (core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'; diff --git a/src/git-auth-helper.ts b/src/git-auth-helper.ts index c080da3f5..dd76fe90b 100644 --- a/src/git-auth-helper.ts +++ b/src/git-auth-helper.ts @@ -32,12 +32,8 @@ export function createAuthHelper( class GitAuthHelper { private readonly git: IGitCommandManager private readonly settings: IGitSourceSettings - private readonly sshCommandConfigKey = 'core.sshCommand' private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader` private readonly tokenPlaceholderConfigValue: string - private sshCommand = '' - private sshKeyPath = '' - private sshKnownHostsPath = '' private temporaryHomePath = '' private tokenConfigValue: string @@ -63,7 +59,6 @@ class GitAuthHelper { await this.removeAuth() // Configure new values - await this.configureSsh() await this.configureToken() } @@ -131,21 +126,10 @@ class GitAuthHelper { core.debug(`Replacing token placeholder in '${configPath}'`) this.replaceTokenPlaceholder(configPath) } - - if (this.sshCommand) { - await this.git.submoduleForeach( - `git config "${this.sshCommandConfigKey}" '${this.sshCommand.replace( - /'/g, - "'\\''" - )}'`, - this.settings.nestedSubmodules - ) - } } } async removeAuth(): Promise { - await this.removeSsh() await this.removeToken() } @@ -155,80 +139,6 @@ class GitAuthHelper { await io.rmRF(this.temporaryHomePath) } - private async configureSsh(): Promise { - if (!this.settings.sshKey) { - return - } - - // Write key - const runnerTemp = process.env['RUNNER_TEMP'] || '' - assert.ok(runnerTemp, 'RUNNER_TEMP is not defined') - const uniqueId = uuid() - this.sshKeyPath = path.join(runnerTemp, uniqueId) - stateHelper.setSshKeyPath(this.sshKeyPath) - await fs.promises.mkdir(runnerTemp, {recursive: true}) - await fs.promises.writeFile( - this.sshKeyPath, - this.settings.sshKey.trim() + '\n', - {mode: 0o600} - ) - - // Remove inherited permissions on Windows - if (IS_WINDOWS) { - const icacls = await io.which('icacls.exe') - await exec.exec(`"${icacls}" "${this.sshKeyPath}" /inheritance:r`) - } - - // Write known hosts - const userKnownHostsPath = path.join( - process.env['HOME'] || os.homedir(), - '.ssh', - 'known_hosts' - ) - core.debug(`Checking whether exists '${userKnownHostsPath}'`) - let userKnownHosts = '' - try { - userKnownHosts = ( - await fs.promises.readFile(userKnownHostsPath) - ).toString() - core.debug(`User known hosts exists '${userKnownHostsPath}'`) - } catch (err) { - if (err.code !== 'ENOENT') { - throw err - } - core.debug(`User known hosts does not exist '${userKnownHostsPath}'`) - } - let knownHosts = '' - if (userKnownHosts) { - knownHosts += `# Begin from ${userKnownHostsPath}\n${userKnownHosts}\n# End from ${userKnownHostsPath}\n` - } - if (this.settings.sshKnownHosts) { - knownHosts += `# Begin from input known hosts\n${this.settings.sshKnownHosts}\n# end from input known hosts\n` - } - knownHosts += `# Begin implicitly added github.com\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n# End implicitly added github.com\n` - this.sshKnownHostsPath = path.join(runnerTemp, `${uniqueId}_known_hosts`) - stateHelper.setSshKnownHostsPath(this.sshKnownHostsPath) - await fs.promises.writeFile(this.sshKnownHostsPath, knownHosts) - - // Configure GIT_SSH_COMMAND - const sshPath = await io.which('ssh', true) - this.sshCommand = `"${sshPath}" -i "$RUNNER_TEMP/${path.basename( - this.sshKeyPath - )}"` - if (this.settings.sshStrict) { - this.sshCommand += ' -o StrictHostKeyChecking=yes -o CheckHostIP=no' - } - this.sshCommand += ` -o "UserKnownHostsFile=$RUNNER_TEMP/${path.basename( - this.sshKnownHostsPath - )}"` - this.git.setEnvironmentVariable('GIT_SSH_COMMAND', this.sshCommand) - - // Configure core.sshCommand - if (this.settings.persistCredentials) { - await this.git.config(this.sshCommandConfigKey, this.sshCommand) - } - } - private async configureToken( configPath?: string, globalConfig?: boolean @@ -275,32 +185,6 @@ class GitAuthHelper { await fs.promises.writeFile(configPath, content) } - private async removeSsh(): Promise { - // SSH key - const keyPath = this.sshKeyPath || stateHelper.SshKeyPath - if (keyPath) { - try { - await io.rmRF(keyPath) - } catch (err) { - core.warning(`Failed to remove SSH key '${keyPath}'`) - } - } - - // SSH known hosts - const knownHostsPath = - this.sshKnownHostsPath || stateHelper.SshKnownHostsPath - if (knownHostsPath) { - try { - await io.rmRF(knownHostsPath) - } catch { - // Intentionally empty - } - } - - // SSH command - await this.removeGitConfig(this.sshCommandConfigKey) - } - private async removeToken(): Promise { // HTTP extra header await this.removeGitConfig(this.tokenConfigKey) diff --git a/src/git-source-provider.ts b/src/git-source-provider.ts index 8dc14bcfd..90f97c961 100644 --- a/src/git-source-provider.ts +++ b/src/git-source-provider.ts @@ -18,13 +18,9 @@ export async function getSource(settings: IGitSourceSettings): Promise { core.info( `Syncing repository: ${settings.repositoryOwner}/${settings.repositoryName}` ) - const repositoryUrl = settings.sshKey - ? `ssh://git@${hostname}/${encodeURIComponent( - settings.repositoryOwner - )}/${encodeURIComponent(settings.repositoryName)}.git` - : `https://${hostname}/${encodeURIComponent( - settings.repositoryOwner - )}/${encodeURIComponent(settings.repositoryName)}` + const repositoryUrl = `https://${hostname}/${encodeURIComponent( + settings.repositoryOwner + )}/${encodeURIComponent(settings.repositoryName)}` // Remove conflicting file path if (fsHelper.fileExistsSync(settings.repositoryPath)) { diff --git a/src/git-source-settings.ts b/src/git-source-settings.ts index 04d548c0c..e411fadbc 100644 --- a/src/git-source-settings.ts +++ b/src/git-source-settings.ts @@ -10,8 +10,5 @@ export interface IGitSourceSettings { submodules: boolean nestedSubmodules: boolean authToken: string - sshKey: string - sshKnownHosts: string - sshStrict: boolean persistCredentials: boolean } diff --git a/src/input-helper.ts b/src/input-helper.ts index 11a1ab672..376935014 100644 --- a/src/input-helper.ts +++ b/src/input-helper.ts @@ -112,12 +112,6 @@ export function getInputs(): IGitSourceSettings { // Auth token result.authToken = core.getInput('token') - // SSH - result.sshKey = core.getInput('ssh-key') - result.sshKnownHosts = core.getInput('ssh-known-hosts') - result.sshStrict = - (core.getInput('ssh-strict') || 'true').toUpperCase() === 'TRUE' - // Persist credentials result.persistCredentials = (core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'