Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

convert SSH URL to HTTPS #179

Merged
merged 1 commit into from Mar 10, 2020
Merged

convert SSH URL to HTTPS #179

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
30 changes: 15 additions & 15 deletions .github/workflows/test.yml
View file
Open in desktop
Expand Up @@ -35,7 +35,7 @@ jobs:
uses: actions/checkout@v2

# Basic checkout
- name: Basic checkout
- name: Checkout basic
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check status reads better like this - skim easier since lines up with Verify ___ steps

uses: ./
with:
ref: test-data/v2/basic
Expand All @@ -48,7 +48,7 @@ jobs:
- name: Modify work tree
shell: bash
run: __test__/modify-work-tree.sh
- name: Clean checkout
- name: Checkout clean
uses: ./
with:
ref: test-data/v2/basic
Expand All @@ -58,12 +58,12 @@ jobs:
run: __test__/verify-clean.sh

# Side by side
- name: Side by side checkout 1
- name: Checkout side by side 1
uses: ./
with:
ref: test-data/v2/side-by-side-1
path: side-by-side-1
- name: Side by side checkout 2
- name: Checkout side by side 2
uses: ./
with:
ref: test-data/v2/side-by-side-2
Expand All @@ -73,7 +73,7 @@ jobs:
run: __test__/verify-side-by-side.sh

# LFS
- name: LFS checkout
- name: Checkout LFS
uses: ./
with:
repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
Expand All @@ -85,29 +85,29 @@ jobs:
run: __test__/verify-lfs.sh

# Submodules false
- name: Submodules false checkout
- name: Checkout submodules false
uses: ./
with:
ref: test-data/v2/submodule
ref: test-data/v2/submodule-ssh-url
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This E2E tests the behavior url.https://github.com/.insteadOf git@github.com:

path: submodules-false
- name: Verify submodules false
run: __test__/verify-submodules-false.sh

# Submodules one level
- name: Submodules true checkout
- name: Checkout submodules true
uses: ./
with:
ref: test-data/v2/submodule
ref: test-data/v2/submodule-ssh-url
path: submodules-true
submodules: true
- name: Verify submodules true
run: __test__/verify-submodules-true.sh

# Submodules recursive
- name: Submodules recursive checkout
- name: Checkout submodules recursive
uses: ./
with:
ref: test-data/v2/submodule
ref: test-data/v2/submodule-ssh-url
path: submodules-recursive
submodules: recursive
- name: Verify submodules recursive
Expand All @@ -127,7 +127,7 @@ jobs:
- name: Override git version (Windows)
if: runner.os == 'windows'
run: __test__\\override-git-version.cmd
- name: Basic checkout using REST API
- name: Checkout basic using REST API
uses: ./
with:
ref: test-data/v2/basic
Expand All @@ -153,7 +153,7 @@ jobs:
uses: actions/checkout@v2

# Basic checkout using git
- name: Basic checkout
- name: Checkout basic
uses: ./
with:
ref: test-data/v2/basic
Expand Down Expand Up @@ -185,7 +185,7 @@ jobs:
uses: actions/checkout@v2

# Basic checkout using git
- name: Basic checkout
- name: Checkout basic
uses: ./
with:
ref: test-data/v2/basic
Expand All @@ -198,7 +198,7 @@ jobs:
# Basic checkout using REST API
- name: Override git version
run: __test__/override-git-version.sh
- name: Basic checkout using REST API
- name: Checkout basic using REST API
uses: ./
with:
ref: test-data/v2/basic
Expand Down
15 changes: 13 additions & 2 deletions dist/index.js
View file
Open in desktop
Expand Up @@ -5095,6 +5095,8 @@ exports.createAuthHelper = createAuthHelper;
class GitAuthHelper {
constructor(gitCommandManager, gitSourceSettings) {
this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`;
this.insteadOfKey = `url.https://${HOSTNAME}/.insteadOf`;
ericsciple marked this conversation as resolved.
Show resolved Hide resolved
this.insteadOfValue = `git@${HOSTNAME}:`;
this.temporaryHomePath = '';
this.git = gitCommandManager;
this.settings = gitSourceSettings || {};
Expand Down Expand Up @@ -5140,11 +5142,15 @@ class GitAuthHelper {
else {
yield fs.promises.writeFile(newGitConfigPath, '');
}
// Configure the token
try {
// Override HOME
core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
// Configure the token
yield this.configureToken(newGitConfigPath, true);
// Configure HTTPS instead of SSH
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

during the submodule update

yield this.git.tryConfigUnset(this.insteadOfKey, true);
yield this.git.config(this.insteadOfKey, this.insteadOfValue, true);
}
catch (err) {
// Unset in case somehow written to the real global config
Expand All @@ -5160,7 +5166,12 @@ class GitAuthHelper {
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const output = yield this.git.submoduleForeach(`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules);
const commands = [
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
Copy link
Contributor Author

@ericsciple ericsciple Mar 9, 2020
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the diff is hard to read here, but basically the git config insteadOf is new

`git config --local --show-origin --name-only --get-regexp remote.origin.url`
];
const output = yield this.git.submoduleForeach(commands.join(' && '), this.settings.nestedSubmodules);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when persisting creds for submodules

// Replace the placeholder
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
for (const configPath of configPaths) {
Expand Down
17 changes: 15 additions & 2 deletions src/git-auth-helper.ts
View file
Open in desktop
Expand Up @@ -34,6 +34,8 @@ class GitAuthHelper {
private readonly settings: IGitSourceSettings
private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader`
private readonly tokenPlaceholderConfigValue: string
private readonly insteadOfKey: string = `url.https://${HOSTNAME}/.insteadOf`
private readonly insteadOfValue: string = `git@${HOSTNAME}:`
private temporaryHomePath = ''
private tokenConfigValue: string

Expand Down Expand Up @@ -92,13 +94,19 @@ class GitAuthHelper {
await fs.promises.writeFile(newGitConfigPath, '')
}

// Configure the token
try {
// Override HOME
core.info(
`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
)
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)

// Configure the token
await this.configureToken(newGitConfigPath, true)

// Configure HTTPS instead of SSH
await this.git.tryConfigUnset(this.insteadOfKey, true)
await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
} catch (err) {
// Unset in case somehow written to the real global config
core.info(
Expand All @@ -114,8 +122,13 @@ class GitAuthHelper {
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const commands = [
`git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very Clean 👍

`git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
`git config --local --show-origin --name-only --get-regexp remote.origin.url`
]
const output = await this.git.submoduleForeach(
`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
commands.join(' && '),
this.settings.nestedSubmodules
)

Expand Down