Move @actions/http-client into the toolkit (#1062)

💡 See #1064 for a better diff!

https://github.com/actions/toolkit contains a variety of packages used for building actions.  https://github.com/actions/http-client is one such package, but lives outside of the toolkit.  Moving it inside of the toolkit will improve discoverability and reduce the number of repos we have to keep track of for maintenance tasks (such as github/c2c-actions-service#2937).

I checked with @bryanmacfarlane on the historical decision here.  Apparently it was just inertia from before we released the toolkit as multiple packages.

The benefits here are:
- Have one fewer repo to keep track of
- Signal that this is an HTTP client meant for building actions, not for general use.

## Notes
- `@actions/http-client` will continue to be released as its own package.
- Bumping the package version to **2.0.0**.  Since we're compiling in strict mode now, there are some breaking changes to the exported types.  This is an improvement because the null-unsafe version of`http-client` is currently breaking the safety of null-safe consumers.
- I'm not updating the other packages to use the new version in this PR.  I plan to do that in a follow-up.  We'll hold off on publishing `http-client` v2 to NPM until that's done just in case other changes shake out of it.

.github/workflows/releases.yml

@@ -5,8 +5,8 @@ on:
     inputs:
       package:
         required: true
-        description: 'core, artifact, cache, exec, github, glob, io, tool-cache'
- 
+        description: 'core, artifact, cache, exec, github, glob, http-client, io, tool-cache'
+
 jobs:
   test:
     runs-on: macos-latest
@@ -17,48 +17,48 @@ jobs:
 
       - name: verify package exists
         run: ls packages/${{ github.event.inputs.package }}
-        
+
       - name: Set Node.js 12.x
         uses: actions/setup-node@v1
         with:
           node-version: 12.x
-        
+
       - name: npm install
         run: npm install
-        
+
       - name: bootstrap
         run: npm run bootstrap
-        
+
       - name: build
         run: npm run build
-        
+
       - name: test
         run: npm run test
 
       - name: pack
         run: npm pack
         working-directory: packages/${{ github.event.inputs.package }}
-        
+
       - name: upload artifact
         uses: actions/upload-artifact@v2
         with:
           name: ${{ github.event.inputs.package }}
           path: packages/${{ github.event.inputs.package }}/*.tgz
-        
+
   publish:
     runs-on: macos-latest
     needs: test
     environment: npm-publish
     steps:
-        
+
       - name: download artifact
         uses: actions/download-artifact@v2
         with:
           name: ${{ github.event.inputs.package }}
 
       - name: setup authentication
         run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc
-        env: 
+        env:
           NPM_TOKEN: ${{ secrets.TOKEN }}
 
       - name: publish
@@ -68,13 +68,13 @@ jobs:
         if: failure()
         run: |
           curl -X POST -H 'Content-type: application/json' --data '{"text":":pb__failed: Failed to publish a new version of ${{ github.event.inputs.package }}"}' $SLACK_WEBHOOK
-        env: 
+        env:
           SLACK_WEBHOOK: ${{ secrets.SLACK }}
-        
+
       - name: notify slack on success
         if: success()
         run: |
           curl -X POST -H 'Content-type: application/json' --data '{"text":":dance: Successfully published a new version of ${{ github.event.inputs.package }}"}' $SLACK_WEBHOOK
-        env: 
+        env:
           SLACK_WEBHOOK: ${{ secrets.SLACK }}
-        
+

README.md

@@ -46,6 +46,15 @@ $ npm install @actions/glob
 ```
 <br/>
 
+:phone: [@actions/http-client](packages/http-client)
+
+A lightweight HTTP client optimized for building actions. Read more [here](packages/http-client)
+
+```bash
+$ npm install @actions/http-client
+```
+<br/>
+
 :pencil2: [@actions/io](packages/io)
 
 Provides disk i/o functions like cp, mv, rmRF, which etc. Read more [here](packages/io)

packages/http-client/.gitignore

@@ -0,0 +1,2 @@
+testoutput.txt
+npm-debug.log

packages/http-client/LICENSE

@@ -0,0 +1,21 @@
+Actions Http Client for Node.js
+
+Copyright (c) GitHub, Inc.
+
+All rights reserved.
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

packages/http-client/README.md

@@ -0,0 +1,73 @@
+# `@actions/http-client`
+
+A lightweight HTTP client optimized for building actions.
+
+## Features
+
+  - HTTP client with TypeScript generics and async/await/Promises
+  - Typings included!
+  - [Proxy support](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners#using-a-proxy-server-with-self-hosted-runners) just works with actions and the runner
+  - Targets ES2019 (runner runs actions with node 12+).  Only supported on node 12+.
+  - Basic, Bearer and PAT Support out of the box.  Extensible handlers for others.
+  - Redirects supported
+
+Features and releases [here](./RELEASES.md)
+
+## Install
+
+```
+npm install @actions/http-client --save
+```
+
+## Samples
+
+See the [tests](./__tests__) for detailed examples.
+
+## Errors
+
+### HTTP
+
+The HTTP client does not throw unless truly exceptional.
+
+* A request that successfully executes resulting in a 404, 500 etc... will return a response object with a status code and a body.
+* Redirects (3xx) will be followed by default.
+
+See the [tests](./__tests__) for detailed examples.
+
+## Debugging
+
+To enable detailed console logging of all HTTP requests and responses, set the NODE_DEBUG environment varible:
+
+```shell
+export NODE_DEBUG=http
+```
+
+## Node support
+
+The http-client is built using the latest LTS version of Node 12. It may work on previous node LTS versions but it's tested and officially supported on Node12+.
+
+## Support and Versioning
+
+We follow semver and will hold compatibility between major versions and increment the minor version with new features and capabilities (while holding compat).
+
+## Contributing
+
+We welcome PRs.  Please create an issue and if applicable, a design before proceeding with code.
+
+once:
+
+```
+npm install
+```
+
+To build:
+
+```
+npm run build
+```
+
+To run all tests:
+
+```
+npm test
+```

packages/http-client/RELEASES.md

@@ -0,0 +1,36 @@
+## Releases
+
+## 2.0.0
+- The package is now compiled with TypeScript's [`strict` compiler setting](https://www.typescriptlang.org/tsconfig#strict). To comply with stricter rules:
+  - Some exported types now include `| null` or `| undefined`, matching their actual behavior.
+  - Types implementing the method `RequestHandler.handleAuthentication()` now throw an `Error` rather than returning `null` if they do not support handling an HTTP 401 response. Callers can still use `canHandleAuthentication()` to determine if this handling is supported or not.
+  - Types using `any` have been scoped to more specific types.
+- Following TypeScript's naming conventions, exported interfaces no longer begin with the prefix `I-`.
+- Delete the `IHttpClientResponse` interface in favor of the `HttpClientResponse` class.
+- Delete the `IHeaders` interface in favor of `http.OutgoingHttpHeaders`.
+- The source code of the package was moved to build with [actions/toolkit](https://github.com/actions/toolkit).
+
+## 1.0.11
+
+Contains a bug fix where proxy is defined without a user and password. see [PR here](https://github.com/actions/http-client/pull/42)   
+
+## 1.0.9
+Throw HttpClientError instead of a generic Error from the \<verb>Json() helper methods when the server responds with a non-successful status code. 
+
+## 1.0.8
+Fixed security issue where a redirect (e.g. 302) to another domain would pass headers.  The fix was to strip the authorization header if the hostname was different.  More [details in PR #27](https://github.com/actions/http-client/pull/27)
+
+## 1.0.7
+Update NPM dependencies and add 429 to the list of HttpCodes
+
+## 1.0.6
+Automatically sends Content-Type and Accept application/json headers for \<verb>Json() helper methods if not set in the client or parameters.
+
+## 1.0.5
+Adds \<verb>Json() helper methods for json over http scenarios.
+
+## 1.0.4
+Started to add \<verb>Json() helper methods.  Do not use this release for that.  Use >= 1.0.5 since there was an issue with types.
+
+## 1.0.1 to 1.0.3
+Adds proxy support.

packages/http-client/__tests__/auth.test.ts

@@ -0,0 +1,73 @@
+import * as httpm from '../lib'
+import * as am from '../lib/auth'
+
+describe('auth', () => {
+  beforeEach(() => {})
+
+  afterEach(() => {})
+
+  it('does basic http get request with basic auth', async () => {
+    const bh: am.BasicCredentialHandler = new am.BasicCredentialHandler(
+      'johndoe',
+      'password'
+    )
+    const http: httpm.HttpClient = new httpm.HttpClient('http-client-tests', [
+      bh
+    ])
+    const res: httpm.HttpClientResponse = await http.get(
+      'http://httpbin.org/get'
+    )
+    expect(res.message.statusCode).toBe(200)
+    const body: string = await res.readBody()
+    const obj = JSON.parse(body)
+    const auth: string = obj.headers.Authorization
+    const creds: string = Buffer.from(
+      auth.substring('Basic '.length),
+      'base64'
+    ).toString()
+    expect(creds).toBe('johndoe:password')
+    expect(obj.url).toBe('http://httpbin.org/get')
+  })
+
+  it('does basic http get request with pat token auth', async () => {
+    const token = 'scbfb44vxzku5l4xgc3qfazn3lpk4awflfryc76esaiq7aypcbhs'
+    const ph: am.PersonalAccessTokenCredentialHandler = new am.PersonalAccessTokenCredentialHandler(
+      token
+    )
+
+    const http: httpm.HttpClient = new httpm.HttpClient('http-client-tests', [
+      ph
+    ])
+    const res: httpm.HttpClientResponse = await http.get(
+      'http://httpbin.org/get'
+    )
+    expect(res.message.statusCode).toBe(200)
+    const body: string = await res.readBody()
+    const obj = JSON.parse(body)
+    const auth: string = obj.headers.Authorization
+    const creds: string = Buffer.from(
+      auth.substring('Basic '.length),
+      'base64'
+    ).toString()
+    expect(creds).toBe(`PAT:${token}`)
+    expect(obj.url).toBe('http://httpbin.org/get')
+  })
+
+  it('does basic http get request with pat token auth', async () => {
+    const token = 'scbfb44vxzku5l4xgc3qfazn3lpk4awflfryc76esaiq7aypcbhs'
+    const ph: am.BearerCredentialHandler = new am.BearerCredentialHandler(token)
+
+    const http: httpm.HttpClient = new httpm.HttpClient('http-client-tests', [
+      ph
+    ])
+    const res: httpm.HttpClientResponse = await http.get(
+      'http://httpbin.org/get'
+    )
+    expect(res.message.statusCode).toBe(200)
+    const body: string = await res.readBody()
+    const obj = JSON.parse(body)
+    const auth: string = obj.headers.Authorization
+    expect(auth).toBe(`Bearer ${token}`)
+    expect(obj.url).toBe('http://httpbin.org/get')
+  })
+})