From 71151beedd346ee82e1d4a7cd1674e7509a248e2 Mon Sep 17 00:00:00 2001
From: eric sciple <ericsciple@users.noreply.github.com>
Date: Fri, 6 Mar 2020 16:18:58 -0500
Subject: [PATCH] convert SSH URL to HTTPS
---
.github/workflows/test.yml | 30 +++++++++++++++---------------
dist/index.js | 15 +++++++++++++--
src/git-auth-helper.ts | 17 +++++++++++++++--
3 files changed, 43 insertions(+), 19 deletions(-)
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 3121c41..9515999 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -35,7 +35,7 @@ jobs:
uses: actions/checkout@v2
# Basic checkout
- - name: Basic checkout
+ - name: Checkout basic
uses: ./
with:
ref: test-data/v2/basic
@@ -48,7 +48,7 @@ jobs:
- name: Modify work tree
shell: bash
run: __test__/modify-work-tree.sh
- - name: Clean checkout
+ - name: Checkout clean
uses: ./
with:
ref: test-data/v2/basic
@@ -58,12 +58,12 @@ jobs:
run: __test__/verify-clean.sh
# Side by side
- - name: Side by side checkout 1
+ - name: Checkout side by side 1
uses: ./
with:
ref: test-data/v2/side-by-side-1
path: side-by-side-1
- - name: Side by side checkout 2
+ - name: Checkout side by side 2
uses: ./
with:
ref: test-data/v2/side-by-side-2
@@ -73,7 +73,7 @@ jobs:
run: __test__/verify-side-by-side.sh
# LFS
- - name: LFS checkout
+ - name: Checkout LFS
uses: ./
with:
repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
@@ -85,29 +85,29 @@ jobs:
run: __test__/verify-lfs.sh
# Submodules false
- - name: Submodules false checkout
+ - name: Checkout submodules false
uses: ./
with:
- ref: test-data/v2/submodule
+ ref: test-data/v2/submodule-ssh-url
path: submodules-false
- name: Verify submodules false
run: __test__/verify-submodules-false.sh
# Submodules one level
- - name: Submodules true checkout
+ - name: Checkout submodules true
uses: ./
with:
- ref: test-data/v2/submodule
+ ref: test-data/v2/submodule-ssh-url
path: submodules-true
submodules: true
- name: Verify submodules true
run: __test__/verify-submodules-true.sh
# Submodules recursive
- - name: Submodules recursive checkout
+ - name: Checkout submodules recursive
uses: ./
with:
- ref: test-data/v2/submodule
+ ref: test-data/v2/submodule-ssh-url
path: submodules-recursive
submodules: recursive
- name: Verify submodules recursive
@@ -127,7 +127,7 @@ jobs:
- name: Override git version (Windows)
if: runner.os == 'windows'
run: __test__\\override-git-version.cmd
- - name: Basic checkout using REST API
+ - name: Checkout basic using REST API
uses: ./
with:
ref: test-data/v2/basic
@@ -153,7 +153,7 @@ jobs:
uses: actions/checkout@v2
# Basic checkout using git
- - name: Basic checkout
+ - name: Checkout basic
uses: ./
with:
ref: test-data/v2/basic
@@ -185,7 +185,7 @@ jobs:
uses: actions/checkout@v2
# Basic checkout using git
- - name: Basic checkout
+ - name: Checkout basic
uses: ./
with:
ref: test-data/v2/basic
@@ -198,7 +198,7 @@ jobs:
# Basic checkout using REST API
- name: Override git version
run: __test__/override-git-version.sh
- - name: Basic checkout using REST API
+ - name: Checkout basic using REST API
uses: ./
with:
ref: test-data/v2/basic
diff --git a/dist/index.js b/dist/index.js
index 3a29067..3082946 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -5095,6 +5095,8 @@ exports.createAuthHelper = createAuthHelper;
class GitAuthHelper {
constructor(gitCommandManager, gitSourceSettings) {
this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`;
+ this.insteadOfKey = `url.https://${HOSTNAME}/.insteadOf`;
+ this.insteadOfValue = `git@${HOSTNAME}:`;
this.temporaryHomePath = '';
this.git = gitCommandManager;
this.settings = gitSourceSettings || {};
@@ -5140,11 +5142,15 @@ class GitAuthHelper {
else {
yield fs.promises.writeFile(newGitConfigPath, '');
}
- // Configure the token
try {
+ // Override HOME
core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
+ // Configure the token
yield this.configureToken(newGitConfigPath, true);
+ // Configure HTTPS instead of SSH
+ yield this.git.tryConfigUnset(this.insteadOfKey, true);
+ yield this.git.config(this.insteadOfKey, this.insteadOfValue, true);
}
catch (err) {
// Unset in case somehow written to the real global config
@@ -5160,7 +5166,12 @@ class GitAuthHelper {
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
- const output = yield this.git.submoduleForeach(`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules);
+ const commands = [
+ `git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
+ `git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
+ `git config --local --show-origin --name-only --get-regexp remote.origin.url`
+ ];
+ const output = yield this.git.submoduleForeach(commands.join(' && '), this.settings.nestedSubmodules);
// Replace the placeholder
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
for (const configPath of configPaths) {
diff --git a/src/git-auth-helper.ts b/src/git-auth-helper.ts
index dd76fe9..3f36ff8 100644
--- a/src/git-auth-helper.ts
+++ b/src/git-auth-helper.ts
@@ -34,6 +34,8 @@ class GitAuthHelper {
private readonly settings: IGitSourceSettings
private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader`
private readonly tokenPlaceholderConfigValue: string
+ private readonly insteadOfKey: string = `url.https://${HOSTNAME}/.insteadOf`
+ private readonly insteadOfValue: string = `git@${HOSTNAME}:`
private temporaryHomePath = ''
private tokenConfigValue: string
@@ -92,13 +94,19 @@ class GitAuthHelper {
await fs.promises.writeFile(newGitConfigPath, '')
}
- // Configure the token
try {
+ // Override HOME
core.info(
`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
)
this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
+
+ // Configure the token
await this.configureToken(newGitConfigPath, true)
+
+ // Configure HTTPS instead of SSH
+ await this.git.tryConfigUnset(this.insteadOfKey, true)
+ await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
} catch (err) {
// Unset in case somehow written to the real global config
core.info(
@@ -114,8 +122,13 @@ class GitAuthHelper {
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
+ const commands = [
+ `git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
+ `git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
+ `git config --local --show-origin --name-only --get-regexp remote.origin.url`
+ ]
const output = await this.git.submoduleForeach(
- `git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
+ commands.join(' && '),
this.settings.nestedSubmodules
)