From c0786a2b6c25315fbf21be778adba4366f666b2c Mon Sep 17 00:00:00 2001 From: Parry Date: Fri, 1 Mar 2024 16:16:24 +0800 Subject: [PATCH] fix(auth): Update authentication logic in settings.xml, unit tests (#1) * fix(auth): Update authentication logic in settings.xml, unit tests Enhanced the logic for reading authentication information in the settings.xml file to address an issue where attempts to configure a GitHub Action for fetching packages from a repository within the same organization resulted in authentication errors. Despite the correct configuration, the process failed with a 401 Unauthorized status during dependency download from GitHub's Maven package repository. The error was pinpointed to a non-resolvable parent POM due to authentication failure, with an incorrect 'parent.relativePath' exacerbating the issue. To resolve this, I made significant updates to the logic within settings.xml for better handling of authentication information. Additionally, unit tests have been updated to reflect these changes and ensure robust verification. The documentation and examples have also been revised to provide clearer guidance on configuring and utilizing this updated process successfully. --- .github/workflows/e2e-publishing.yml | 20 +++++++++++++-- __tests__/auth.test.ts | 37 +++++++++++++++++++--------- dist/setup/index.js | 8 +++--- docs/advanced-usage.md | 9 ++++--- src/auth.ts | 8 +++--- 5 files changed, 58 insertions(+), 24 deletions(-) diff --git a/.github/workflows/e2e-publishing.yml b/.github/workflows/e2e-publishing.yml index dd7bd4351..57596fa7d 100644 --- a/.github/workflows/e2e-publishing.yml +++ b/.github/workflows/e2e-publishing.yml @@ -36,6 +36,10 @@ jobs: server-username: MAVEN_USERNAME server-password: MAVEN_CENTRAL_TOKEN gpg-passphrase: MAVEN_GPG_PASSPHRASE + env: + MAVEN_USERNAME: MAVEN_USERNAME + MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN + MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE - name: Validate settings.xml run: | $xmlPath = Join-Path $HOME ".m2" "settings.xml" @@ -43,11 +47,11 @@ jobs: [xml]$xml = Get-Content $xmlPath $servers = $xml.settings.servers.server - if (($servers[0].id -ne 'maven') -or ($servers[0].username -ne '${env.MAVEN_USERNAME}') -or ($servers[0].password -ne '${env.MAVEN_CENTRAL_TOKEN}')) { + if (($servers[0].id -ne 'maven') -or ($servers[0].username -ne 'MAVEN_USERNAME') -or ($servers[0].password -ne 'MAVEN_CENTRAL_TOKEN')) { throw "Generated XML file is incorrect" } - if (($servers[1].id -ne 'gpg.passphrase') -or ($servers[1].passphrase -ne '${env.MAVEN_GPG_PASSPHRASE}')) { + if (($servers[1].id -ne 'gpg.passphrase') -or ($servers[1].passphrase -ne 'MAVEN_GPG_PASSPHRASE')) { throw "Generated XML file is incorrect" } @@ -77,6 +81,10 @@ jobs: server-username: MAVEN_USERNAME server-password: MAVEN_CENTRAL_TOKEN gpg-passphrase: MAVEN_GPG_PASSPHRASE + env: + MAVEN_USERNAME: MAVEN_USERNAME + MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN + MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE - name: Validate settings.xml is overwritten run: | $xmlPath = Join-Path $HOME ".m2" "settings.xml" @@ -114,6 +122,10 @@ jobs: server-password: MAVEN_CENTRAL_TOKEN overwrite-settings: false gpg-passphrase: MAVEN_GPG_PASSPHRASE + env: + MAVEN_USERNAME: MAVEN_USERNAME + MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN + MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE - name: Validate that settings.xml is not overwritten run: | $xmlPath = Join-Path $HOME ".m2" "settings.xml" @@ -145,6 +157,10 @@ jobs: server-password: MAVEN_CENTRAL_TOKEN gpg-passphrase: MAVEN_GPG_PASSPHRASE settings-path: ${{ runner.temp }} + env: + MAVEN_USERNAME: MAVEN_USERNAME + MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN + MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE - name: Validate settings.xml location run: | $path = Join-Path $env:RUNNER_TEMP "settings.xml" diff --git a/__tests__/auth.test.ts b/__tests__/auth.test.ts index 06591da7a..bf5a8fcec 100644 --- a/__tests__/auth.test.ts +++ b/__tests__/auth.test.ts @@ -1,8 +1,8 @@ -import * as io from '@actions/io'; import * as core from '@actions/core'; +import * as io from '@actions/io'; import * as fs from 'fs'; -import * as path from 'path'; import os from 'os'; +import * as path from 'path'; import * as auth from '../src/auth'; import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants'; @@ -10,6 +10,14 @@ import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants'; const m2Dir = path.join(__dirname, M2_DIR); const settingsFile = path.join(m2Dir, MVN_SETTINGS_FILE); +// escape xml special characters +function escapeXml(unsafeStr: string) { + return unsafeStr + .replace(/&/g, '&') + .replace(//g, '>'); +} + describe('auth tests', () => { let spyOSHomedir: jest.SpyInstance; let spyInfo: jest.SpyInstance; @@ -157,19 +165,22 @@ describe('auth tests', () => { const username = 'USER'; const password = '&<>"\'\'"><&'; + process.env['username'] = username; + process.env['password'] = password; + const expectedSettings = ` - ${id} - \${env.${username}} - \${env.&<>"''"><&} + ${escapeXml(id)} + ${escapeXml(username)} + ${escapeXml(password)} `; - expect(auth.generate(id, username, password)).toEqual(expectedSettings); + expect(auth.generate(id, 'username', 'password')).toEqual(expectedSettings); }); it('generates valid settings.xml with additional configuration', () => { @@ -178,23 +189,27 @@ describe('auth tests', () => { const password = '&<>"\'\'"><&'; const gpgPassphrase = 'PASSPHRASE'; + process.env['username'] = username; + process.env['password'] = password; + process.env['gpgPassphrase'] = gpgPassphrase; + const expectedSettings = ` - ${id} - \${env.${username}} - \${env.&<>"''"><&} + ${escapeXml(id)} + ${escapeXml(username)} + ${escapeXml(password)} gpg.passphrase - \${env.${gpgPassphrase}} + ${escapeXml(gpgPassphrase)} `; - expect(auth.generate(id, username, password, gpgPassphrase)).toEqual( + expect(auth.generate(id, 'username', 'password', 'gpgPassphrase')).toEqual( expectedSettings ); }); diff --git a/dist/setup/index.js b/dist/setup/index.js index f8c70dab2..edd7b3735 100644 --- a/dist/setup/index.js +++ b/dist/setup/index.js @@ -122463,9 +122463,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.generate = exports.createAuthenticationSettings = exports.configureAuthentication = void 0; -const path = __importStar(__nccwpck_require__(71017)); const core = __importStar(__nccwpck_require__(42186)); const io = __importStar(__nccwpck_require__(47351)); +const path = __importStar(__nccwpck_require__(71017)); const fs = __importStar(__nccwpck_require__(57147)); const os = __importStar(__nccwpck_require__(22037)); const xmlbuilder2_1 = __nccwpck_require__(70151); @@ -122517,8 +122517,8 @@ function generate(id, username, password, gpgPassphrase) { server: [ { id: id, - username: `\${env.${username}}`, - password: `\${env.${password}}` + username: process.env[username], + password: process.env[password] } ] } @@ -122527,7 +122527,7 @@ function generate(id, username, password, gpgPassphrase) { if (gpgPassphrase) { const gpgServer = { id: 'gpg.passphrase', - passphrase: `\${env.${gpgPassphrase}}` + passphrase: process.env[gpgPassphrase] }; xmlObj.settings.servers.server.push(gpgServer); } diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index ede356f93..8686a2fa6 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -182,7 +182,7 @@ steps: jdkFile: ${{ runner.temp }}/java_package.tar.gz java-version: '11.0.0' architecture: x64 - + - run: java -cp java HelloWorldApp ``` @@ -285,7 +285,10 @@ jobs: server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase - + env: + MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }} # set the env variable for username + MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} # set the env variable for token + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # set the env variable for GPG private key passphrase - name: Publish to Apache Maven Central run: mvn deploy env: @@ -527,7 +530,7 @@ steps: ## Java-version file If the `java-version-file` input is specified, the action will try to extract the version from the file and install it. -Action is able to recognize all variants of the version description according to [jenv](https://github.com/jenv/jenv). +Action is able to recognize all variants of the version description according to [jenv](https://github.com/jenv/jenv). Valid entry options: ``` major versions: 8, 11, 16, 17, 21 diff --git a/src/auth.ts b/src/auth.ts index c8ea6291c..46d1bf7cd 100644 --- a/src/auth.ts +++ b/src/auth.ts @@ -1,6 +1,6 @@ -import * as path from 'path'; import * as core from '@actions/core'; import * as io from '@actions/io'; +import * as path from 'path'; import * as fs from 'fs'; import * as os from 'os'; @@ -84,8 +84,8 @@ export function generate( server: [ { id: id, - username: `\${env.${username}}`, - password: `\${env.${password}}` + username: process.env[username], + password: process.env[password] } ] } @@ -95,7 +95,7 @@ export function generate( if (gpgPassphrase) { const gpgServer = { id: 'gpg.passphrase', - passphrase: `\${env.${gpgPassphrase}}` + passphrase: process.env[gpgPassphrase] }; xmlObj.settings.servers.server.push(gpgServer); }