Compare commits
	
		
			4 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | 7884fcad6b | ||
|   | f67ee5d622 | ||
|   | f25a3a9f25 | ||
|   | 230611dbd0 | 
							
								
								
									
										38
									
								
								.github/workflows/test.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										38
									
								
								.github/workflows/test.yml
									
									
									
									
										vendored
									
									
								
							| @@ -205,3 +205,41 @@ jobs: | |||||||
|           path: basic |           path: basic | ||||||
|       - name: Verify basic |       - name: Verify basic | ||||||
|         run: __test__/verify-basic.sh --archive |         run: __test__/verify-basic.sh --archive | ||||||
|  |      | ||||||
|  |   test-git-container: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     container: bitnami/git:latest | ||||||
|  |     steps: | ||||||
|  |       # Clone this repo | ||||||
|  |       - name: Checkout | ||||||
|  |         uses: actions/checkout@v3 | ||||||
|  |         with: | ||||||
|  |           path: v3 | ||||||
|  |  | ||||||
|  |       # Basic checkout using git | ||||||
|  |       - name: Checkout basic | ||||||
|  |         uses: ./v3 | ||||||
|  |         with: | ||||||
|  |           ref: test-data/v2/basic | ||||||
|  |       - name: Verify basic | ||||||
|  |         run: | | ||||||
|  |           if [ ! -f "./basic-file.txt" ]; then | ||||||
|  |               echo "Expected basic file does not exist" | ||||||
|  |               exit 1 | ||||||
|  |           fi | ||||||
|  |  | ||||||
|  |           # Verify .git folder | ||||||
|  |           if [ ! -d "./.git" ]; then | ||||||
|  |             echo "Expected ./.git folder to exist" | ||||||
|  |             exit 1 | ||||||
|  |           fi | ||||||
|  |  | ||||||
|  |           # Verify auth token | ||||||
|  |           git config --global --add safe.directory "*" | ||||||
|  |           git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main | ||||||
|  |  | ||||||
|  |       # needed to make checkout post cleanup succeed | ||||||
|  |       - name: Fix Checkout v3 | ||||||
|  |         uses: actions/checkout@v3 | ||||||
|  |         with: | ||||||
|  |           path: v3 | ||||||
| @@ -1,5 +1,11 @@ | |||||||
| # Changelog | # Changelog | ||||||
|  |  | ||||||
|  | ## v2.4.2 | ||||||
|  | - [Add input `set-safe-directory`](https://github.com/actions/checkout/pull/776) | ||||||
|  |  | ||||||
|  | ## v2.4.1 | ||||||
|  | - [Set the safe directory option on git to prevent git commands failing when running in containers](https://github.com/actions/checkout/pull/762) | ||||||
|  |  | ||||||
| ## v2.3.1 | ## v2.3.1 | ||||||
|  |  | ||||||
| - [Fix default branch resolution for .wiki and when using SSH](https://github.com/actions/checkout/pull/284) | - [Fix default branch resolution for .wiki and when using SSH](https://github.com/actions/checkout/pull/284) | ||||||
|   | |||||||
| @@ -105,6 +105,11 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous | |||||||
|     # |     # | ||||||
|     # Default: false |     # Default: false | ||||||
|     submodules: '' |     submodules: '' | ||||||
|  |  | ||||||
|  |     # Add repository path as safe.directory for Git global config by running `git | ||||||
|  |     # config --global --add safe.directory <path>` | ||||||
|  |     # Default: true | ||||||
|  |     set-safe-directory: '' | ||||||
| ``` | ``` | ||||||
| <!-- end usage --> | <!-- end usage --> | ||||||
|  |  | ||||||
| @@ -185,7 +190,7 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous | |||||||
|   uses: actions/checkout@v2 |   uses: actions/checkout@v2 | ||||||
|   with: |   with: | ||||||
|     repository: my-org/my-private-tools |     repository: my-org/my-private-tools | ||||||
|     token: ${{ secrets.GitHub_PAT }} # `GitHub_PAT` is a secret that contains your PAT |     token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT | ||||||
|     path: my-tools |     path: my-tools | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|   | |||||||
| @@ -643,10 +643,11 @@ describe('git-auth-helper tests', () => { | |||||||
|     expect(gitConfigContent.indexOf('http.')).toBeLessThan(0) |     expect(gitConfigContent.indexOf('http.')).toBeLessThan(0) | ||||||
|   }) |   }) | ||||||
|  |  | ||||||
|   const removeGlobalAuth_removesOverride = 'removeGlobalAuth removes override' |   const removeGlobalConfig_removesOverride = | ||||||
|   it(removeGlobalAuth_removesOverride, async () => { |     'removeGlobalConfig removes override' | ||||||
|  |   it(removeGlobalConfig_removesOverride, async () => { | ||||||
|     // Arrange |     // Arrange | ||||||
|     await setup(removeGlobalAuth_removesOverride) |     await setup(removeGlobalConfig_removesOverride) | ||||||
|     const authHelper = gitAuthHelper.createAuthHelper(git, settings) |     const authHelper = gitAuthHelper.createAuthHelper(git, settings) | ||||||
|     await authHelper.configureAuth() |     await authHelper.configureAuth() | ||||||
|     await authHelper.configureGlobalAuth() |     await authHelper.configureGlobalAuth() | ||||||
| @@ -655,7 +656,7 @@ describe('git-auth-helper tests', () => { | |||||||
|     await fs.promises.stat(path.join(git.env['HOME'], '.gitconfig')) |     await fs.promises.stat(path.join(git.env['HOME'], '.gitconfig')) | ||||||
|  |  | ||||||
|     // Act |     // Act | ||||||
|     await authHelper.removeGlobalAuth() |     await authHelper.removeGlobalConfig() | ||||||
|  |  | ||||||
|     // Assert |     // Assert | ||||||
|     expect(git.env['HOME']).toBeUndefined() |     expect(git.env['HOME']).toBeUndefined() | ||||||
| @@ -776,7 +777,8 @@ async function setup(testName: string): Promise<void> { | |||||||
|     sshKey: sshPath ? 'some ssh private key' : '', |     sshKey: sshPath ? 'some ssh private key' : '', | ||||||
|     sshKnownHosts: '', |     sshKnownHosts: '', | ||||||
|     sshStrict: true, |     sshStrict: true, | ||||||
|     workflowOrganizationId: 123456 |     workflowOrganizationId: 123456, | ||||||
|  |     setSafeDirectory: true | ||||||
|   } |   } | ||||||
| } | } | ||||||
|  |  | ||||||
|   | |||||||
| @@ -85,6 +85,7 @@ describe('input-helper tests', () => { | |||||||
|     expect(settings.repositoryName).toBe('some-repo') |     expect(settings.repositoryName).toBe('some-repo') | ||||||
|     expect(settings.repositoryOwner).toBe('some-owner') |     expect(settings.repositoryOwner).toBe('some-owner') | ||||||
|     expect(settings.repositoryPath).toBe(gitHubWorkspace) |     expect(settings.repositoryPath).toBe(gitHubWorkspace) | ||||||
|  |     expect(settings.setSafeDirectory).toBe(true) | ||||||
|   }) |   }) | ||||||
|  |  | ||||||
|   it('qualifies ref', async () => { |   it('qualifies ref', async () => { | ||||||
|   | |||||||
| @@ -68,6 +68,9 @@ inputs: | |||||||
|       When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are |       When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are | ||||||
|       converted to HTTPS. |       converted to HTTPS. | ||||||
|     default: false |     default: false | ||||||
|  |   set-safe-directory: | ||||||
|  |     description: Add repository path as safe.directory for Git global config by running `git config --global --add safe.directory <path>` | ||||||
|  |     default: true | ||||||
| runs: | runs: | ||||||
|   using: node12 |   using: node12 | ||||||
|   main: dist/index.js |   main: dist/index.js | ||||||
|   | |||||||
							
								
								
									
										88
									
								
								dist/index.js
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										88
									
								
								dist/index.js
									
									
									
									
										vendored
									
									
								
							| @@ -3592,7 +3592,7 @@ var __importStar = (this && this.__importStar) || function (mod) { | |||||||
|     return result; |     return result; | ||||||
| }; | }; | ||||||
| Object.defineProperty(exports, "__esModule", { value: true }); | Object.defineProperty(exports, "__esModule", { value: true }); | ||||||
| exports.setSshKnownHostsPath = exports.setSshKeyPath = exports.setRepositoryPath = exports.SshKnownHostsPath = exports.SshKeyPath = exports.RepositoryPath = exports.IsPost = void 0; | exports.setSafeDirectory = exports.setSshKnownHostsPath = exports.setSshKeyPath = exports.setRepositoryPath = exports.SshKnownHostsPath = exports.SshKeyPath = exports.PostSetSafeDirectory = exports.RepositoryPath = exports.IsPost = void 0; | ||||||
| const coreCommand = __importStar(__webpack_require__(431)); | const coreCommand = __importStar(__webpack_require__(431)); | ||||||
| /** | /** | ||||||
|  * Indicates whether the POST action is running |  * Indicates whether the POST action is running | ||||||
| @@ -3602,6 +3602,10 @@ exports.IsPost = !!process.env['STATE_isPost']; | |||||||
|  * The repository path for the POST action. The value is empty during the MAIN action. |  * The repository path for the POST action. The value is empty during the MAIN action. | ||||||
|  */ |  */ | ||||||
| exports.RepositoryPath = process.env['STATE_repositoryPath'] || ''; | exports.RepositoryPath = process.env['STATE_repositoryPath'] || ''; | ||||||
|  | /** | ||||||
|  |  * The set-safe-directory for the POST action. The value is set if input: 'safe-directory' is set during the MAIN action. | ||||||
|  |  */ | ||||||
|  | exports.PostSetSafeDirectory = process.env['STATE_setSafeDirectory'] === 'true'; | ||||||
| /** | /** | ||||||
|  * The SSH key path for the POST action. The value is empty during the MAIN action. |  * The SSH key path for the POST action. The value is empty during the MAIN action. | ||||||
|  */ |  */ | ||||||
| @@ -3631,6 +3635,13 @@ function setSshKnownHostsPath(sshKnownHostsPath) { | |||||||
|     coreCommand.issueCommand('save-state', { name: 'sshKnownHostsPath' }, sshKnownHostsPath); |     coreCommand.issueCommand('save-state', { name: 'sshKnownHostsPath' }, sshKnownHostsPath); | ||||||
| } | } | ||||||
| exports.setSshKnownHostsPath = setSshKnownHostsPath; | exports.setSshKnownHostsPath = setSshKnownHostsPath; | ||||||
|  | /** | ||||||
|  |  * Save the sef-safe-directory input so the POST action can retrieve the value. | ||||||
|  |  */ | ||||||
|  | function setSafeDirectory() { | ||||||
|  |     coreCommand.issueCommand('save-state', { name: 'setSafeDirectory' }, 'true'); | ||||||
|  | } | ||||||
|  | exports.setSafeDirectory = setSafeDirectory; | ||||||
| // Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
 | // Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
 | ||||||
| // This is necessary since we don't have a separate entry point.
 | // This is necessary since we don't have a separate entry point.
 | ||||||
| if (!exports.IsPost) { | if (!exports.IsPost) { | ||||||
| @@ -6572,9 +6583,13 @@ class GitAuthHelper { | |||||||
|             yield this.configureToken(); |             yield this.configureToken(); | ||||||
|         }); |         }); | ||||||
|     } |     } | ||||||
|     configureGlobalAuth() { |     configureTempGlobalConfig() { | ||||||
|         var _a; |         var _a, _b; | ||||||
|         return __awaiter(this, void 0, void 0, function* () { |         return __awaiter(this, void 0, void 0, function* () { | ||||||
|  |             // Already setup global config
 | ||||||
|  |             if (((_a = this.temporaryHomePath) === null || _a === void 0 ? void 0 : _a.length) > 0) { | ||||||
|  |                 return path.join(this.temporaryHomePath, '.gitconfig'); | ||||||
|  |             } | ||||||
|             // Create a temp home directory
 |             // Create a temp home directory
 | ||||||
|             const runnerTemp = process.env['RUNNER_TEMP'] || ''; |             const runnerTemp = process.env['RUNNER_TEMP'] || ''; | ||||||
|             assert.ok(runnerTemp, 'RUNNER_TEMP is not defined'); |             assert.ok(runnerTemp, 'RUNNER_TEMP is not defined'); | ||||||
| @@ -6590,7 +6605,7 @@ class GitAuthHelper { | |||||||
|                 configExists = true; |                 configExists = true; | ||||||
|             } |             } | ||||||
|             catch (err) { |             catch (err) { | ||||||
|                 if (((_a = err) === null || _a === void 0 ? void 0 : _a.code) !== 'ENOENT') { |                 if (((_b = err) === null || _b === void 0 ? void 0 : _b.code) !== 'ENOENT') { | ||||||
|                     throw err; |                     throw err; | ||||||
|                 } |                 } | ||||||
|             } |             } | ||||||
| @@ -6601,10 +6616,17 @@ class GitAuthHelper { | |||||||
|             else { |             else { | ||||||
|                 yield fs.promises.writeFile(newGitConfigPath, ''); |                 yield fs.promises.writeFile(newGitConfigPath, ''); | ||||||
|             } |             } | ||||||
|             try { |  | ||||||
|             // Override HOME
 |             // Override HOME
 | ||||||
|             core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`); |             core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`); | ||||||
|             this.git.setEnvironmentVariable('HOME', this.temporaryHomePath); |             this.git.setEnvironmentVariable('HOME', this.temporaryHomePath); | ||||||
|  |             return newGitConfigPath; | ||||||
|  |         }); | ||||||
|  |     } | ||||||
|  |     configureGlobalAuth() { | ||||||
|  |         return __awaiter(this, void 0, void 0, function* () { | ||||||
|  |             // 'configureTempGlobalConfig' noops if already set, just returns the path
 | ||||||
|  |             const newGitConfigPath = yield this.configureTempGlobalConfig(); | ||||||
|  |             try { | ||||||
|                 // Configure the token
 |                 // Configure the token
 | ||||||
|                 yield this.configureToken(newGitConfigPath, true); |                 yield this.configureToken(newGitConfigPath, true); | ||||||
|                 // Configure HTTPS instead of SSH
 |                 // Configure HTTPS instead of SSH
 | ||||||
| @@ -6657,11 +6679,14 @@ class GitAuthHelper { | |||||||
|             yield this.removeToken(); |             yield this.removeToken(); | ||||||
|         }); |         }); | ||||||
|     } |     } | ||||||
|     removeGlobalAuth() { |     removeGlobalConfig() { | ||||||
|  |         var _a; | ||||||
|         return __awaiter(this, void 0, void 0, function* () { |         return __awaiter(this, void 0, void 0, function* () { | ||||||
|  |             if (((_a = this.temporaryHomePath) === null || _a === void 0 ? void 0 : _a.length) > 0) { | ||||||
|                 core.debug(`Unsetting HOME override`); |                 core.debug(`Unsetting HOME override`); | ||||||
|                 this.git.removeEnvironmentVariable('HOME'); |                 this.git.removeEnvironmentVariable('HOME'); | ||||||
|                 yield io.rmRF(this.temporaryHomePath); |                 yield io.rmRF(this.temporaryHomePath); | ||||||
|  |             } | ||||||
|         }); |         }); | ||||||
|     } |     } | ||||||
|     configureSsh() { |     configureSsh() { | ||||||
| @@ -7326,6 +7351,23 @@ function getSource(settings) { | |||||||
|         core.startGroup('Getting Git version info'); |         core.startGroup('Getting Git version info'); | ||||||
|         const git = yield getGitCommandManager(settings); |         const git = yield getGitCommandManager(settings); | ||||||
|         core.endGroup(); |         core.endGroup(); | ||||||
|  |         let authHelper = null; | ||||||
|  |         try { | ||||||
|  |             if (git) { | ||||||
|  |                 authHelper = gitAuthHelper.createAuthHelper(git, settings); | ||||||
|  |                 if (settings.setSafeDirectory) { | ||||||
|  |                     // Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail
 | ||||||
|  |                     // Otherwise all git commands we run in a container fail
 | ||||||
|  |                     yield authHelper.configureTempGlobalConfig(); | ||||||
|  |                     core.info(`Adding repository directory to the temporary git global config as a safe directory`); | ||||||
|  |                     yield git | ||||||
|  |                         .config('safe.directory', settings.repositoryPath, true, true) | ||||||
|  |                         .catch(error => { | ||||||
|  |                         core.info(`Failed to initialize safe directory with error: ${error}`); | ||||||
|  |                     }); | ||||||
|  |                     stateHelper.setSafeDirectory(); | ||||||
|  |                 } | ||||||
|  |             } | ||||||
|             // Prepare existing directory, otherwise recreate
 |             // Prepare existing directory, otherwise recreate
 | ||||||
|             if (isExisting) { |             if (isExisting) { | ||||||
|                 yield gitDirectoryHelper.prepareExistingDirectory(git, settings.repositoryPath, repositoryUrl, settings.clean, settings.ref); |                 yield gitDirectoryHelper.prepareExistingDirectory(git, settings.repositoryPath, repositoryUrl, settings.clean, settings.ref); | ||||||
| @@ -7358,8 +7400,10 @@ function getSource(settings) { | |||||||
|                 core.warning(`Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`); |                 core.warning(`Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`); | ||||||
|             } |             } | ||||||
|             core.endGroup(); |             core.endGroup(); | ||||||
|         const authHelper = gitAuthHelper.createAuthHelper(git, settings); |             // If we didn't initialize it above, do it now
 | ||||||
|         try { |             if (!authHelper) { | ||||||
|  |                 authHelper = gitAuthHelper.createAuthHelper(git, settings); | ||||||
|  |             } | ||||||
|             // Configure auth
 |             // Configure auth
 | ||||||
|             core.startGroup('Setting up auth'); |             core.startGroup('Setting up auth'); | ||||||
|             yield authHelper.configureAuth(); |             yield authHelper.configureAuth(); | ||||||
| @@ -7415,7 +7459,6 @@ function getSource(settings) { | |||||||
|             core.endGroup(); |             core.endGroup(); | ||||||
|             // Submodules
 |             // Submodules
 | ||||||
|             if (settings.submodules) { |             if (settings.submodules) { | ||||||
|                 try { |  | ||||||
|                 // Temporarily override global config
 |                 // Temporarily override global config
 | ||||||
|                 core.startGroup('Setting up auth for fetching submodules'); |                 core.startGroup('Setting up auth for fetching submodules'); | ||||||
|                 yield authHelper.configureGlobalAuth(); |                 yield authHelper.configureGlobalAuth(); | ||||||
| @@ -7433,11 +7476,6 @@ function getSource(settings) { | |||||||
|                     core.endGroup(); |                     core.endGroup(); | ||||||
|                 } |                 } | ||||||
|             } |             } | ||||||
|                 finally { |  | ||||||
|                     // Remove temporary global config override
 |  | ||||||
|                     yield authHelper.removeGlobalAuth(); |  | ||||||
|                 } |  | ||||||
|             } |  | ||||||
|             // Get commit information
 |             // Get commit information
 | ||||||
|             const commitInfo = yield git.log1(); |             const commitInfo = yield git.log1(); | ||||||
|             // Log commit sha
 |             // Log commit sha
 | ||||||
| @@ -7447,11 +7485,14 @@ function getSource(settings) { | |||||||
|         } |         } | ||||||
|         finally { |         finally { | ||||||
|             // Remove auth
 |             // Remove auth
 | ||||||
|  |             if (authHelper) { | ||||||
|                 if (!settings.persistCredentials) { |                 if (!settings.persistCredentials) { | ||||||
|                     core.startGroup('Removing auth'); |                     core.startGroup('Removing auth'); | ||||||
|                     yield authHelper.removeAuth(); |                     yield authHelper.removeAuth(); | ||||||
|                     core.endGroup(); |                     core.endGroup(); | ||||||
|                 } |                 } | ||||||
|  |                 authHelper.removeGlobalConfig(); | ||||||
|  |             } | ||||||
|         } |         } | ||||||
|     }); |     }); | ||||||
| } | } | ||||||
| @@ -7472,7 +7513,23 @@ function cleanup(repositoryPath) { | |||||||
|         } |         } | ||||||
|         // Remove auth
 |         // Remove auth
 | ||||||
|         const authHelper = gitAuthHelper.createAuthHelper(git); |         const authHelper = gitAuthHelper.createAuthHelper(git); | ||||||
|  |         try { | ||||||
|  |             if (stateHelper.PostSetSafeDirectory) { | ||||||
|  |                 // Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail
 | ||||||
|  |                 // Otherwise all git commands we run in a container fail
 | ||||||
|  |                 yield authHelper.configureTempGlobalConfig(); | ||||||
|  |                 core.info(`Adding repository directory to the temporary git global config as a safe directory`); | ||||||
|  |                 yield git | ||||||
|  |                     .config('safe.directory', repositoryPath, true, true) | ||||||
|  |                     .catch(error => { | ||||||
|  |                     core.info(`Failed to initialize safe directory with error: ${error}`); | ||||||
|  |                 }); | ||||||
|  |             } | ||||||
|             yield authHelper.removeAuth(); |             yield authHelper.removeAuth(); | ||||||
|  |         } | ||||||
|  |         finally { | ||||||
|  |             yield authHelper.removeGlobalConfig(); | ||||||
|  |         } | ||||||
|     }); |     }); | ||||||
| } | } | ||||||
| exports.cleanup = cleanup; | exports.cleanup = cleanup; | ||||||
| @@ -17244,6 +17301,9 @@ function getInputs() { | |||||||
|             (core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'; |             (core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'; | ||||||
|         // Workflow organization ID
 |         // Workflow organization ID
 | ||||||
|         result.workflowOrganizationId = yield workflowContextHelper.getOrganizationId(); |         result.workflowOrganizationId = yield workflowContextHelper.getOrganizationId(); | ||||||
|  |         // Set safe.directory in git global config.
 | ||||||
|  |         result.setSafeDirectory = | ||||||
|  |             (core.getInput('set-safe-directory') || 'true').toUpperCase() === 'TRUE'; | ||||||
|         return result; |         return result; | ||||||
|     }); |     }); | ||||||
| } | } | ||||||
|   | |||||||
| @@ -19,8 +19,9 @@ export interface IGitAuthHelper { | |||||||
|   configureAuth(): Promise<void> |   configureAuth(): Promise<void> | ||||||
|   configureGlobalAuth(): Promise<void> |   configureGlobalAuth(): Promise<void> | ||||||
|   configureSubmoduleAuth(): Promise<void> |   configureSubmoduleAuth(): Promise<void> | ||||||
|  |   configureTempGlobalConfig(): Promise<string> | ||||||
|   removeAuth(): Promise<void> |   removeAuth(): Promise<void> | ||||||
|   removeGlobalAuth(): Promise<void> |   removeGlobalConfig(): Promise<void> | ||||||
| } | } | ||||||
|  |  | ||||||
| export function createAuthHelper( | export function createAuthHelper( | ||||||
| @@ -80,7 +81,11 @@ class GitAuthHelper { | |||||||
|     await this.configureToken() |     await this.configureToken() | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   async configureGlobalAuth(): Promise<void> { |   async configureTempGlobalConfig(): Promise<string> { | ||||||
|  |     // Already setup global config | ||||||
|  |     if (this.temporaryHomePath?.length > 0) { | ||||||
|  |       return path.join(this.temporaryHomePath, '.gitconfig') | ||||||
|  |     } | ||||||
|     // Create a temp home directory |     // Create a temp home directory | ||||||
|     const runnerTemp = process.env['RUNNER_TEMP'] || '' |     const runnerTemp = process.env['RUNNER_TEMP'] || '' | ||||||
|     assert.ok(runnerTemp, 'RUNNER_TEMP is not defined') |     assert.ok(runnerTemp, 'RUNNER_TEMP is not defined') | ||||||
| @@ -110,13 +115,19 @@ class GitAuthHelper { | |||||||
|       await fs.promises.writeFile(newGitConfigPath, '') |       await fs.promises.writeFile(newGitConfigPath, '') | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     try { |  | ||||||
|     // Override HOME |     // Override HOME | ||||||
|     core.info( |     core.info( | ||||||
|       `Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes` |       `Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes` | ||||||
|     ) |     ) | ||||||
|     this.git.setEnvironmentVariable('HOME', this.temporaryHomePath) |     this.git.setEnvironmentVariable('HOME', this.temporaryHomePath) | ||||||
|  |  | ||||||
|  |     return newGitConfigPath | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   async configureGlobalAuth(): Promise<void> { | ||||||
|  |     // 'configureTempGlobalConfig' noops if already set, just returns the path | ||||||
|  |     const newGitConfigPath = await this.configureTempGlobalConfig() | ||||||
|  |     try { | ||||||
|       // Configure the token |       // Configure the token | ||||||
|       await this.configureToken(newGitConfigPath, true) |       await this.configureToken(newGitConfigPath, true) | ||||||
|  |  | ||||||
| @@ -181,11 +192,13 @@ class GitAuthHelper { | |||||||
|     await this.removeToken() |     await this.removeToken() | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   async removeGlobalAuth(): Promise<void> { |   async removeGlobalConfig(): Promise<void> { | ||||||
|  |     if (this.temporaryHomePath?.length > 0) { | ||||||
|       core.debug(`Unsetting HOME override`) |       core.debug(`Unsetting HOME override`) | ||||||
|       this.git.removeEnvironmentVariable('HOME') |       this.git.removeEnvironmentVariable('HOME') | ||||||
|       await io.rmRF(this.temporaryHomePath) |       await io.rmRF(this.temporaryHomePath) | ||||||
|     } |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|   private async configureSsh(): Promise<void> { |   private async configureSsh(): Promise<void> { | ||||||
|     if (!this.settings.sshKey) { |     if (!this.settings.sshKey) { | ||||||
|   | |||||||
| @@ -36,6 +36,30 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> { | |||||||
|   const git = await getGitCommandManager(settings) |   const git = await getGitCommandManager(settings) | ||||||
|   core.endGroup() |   core.endGroup() | ||||||
|  |  | ||||||
|  |   let authHelper: gitAuthHelper.IGitAuthHelper | null = null | ||||||
|  |   try { | ||||||
|  |     if (git) { | ||||||
|  |       authHelper = gitAuthHelper.createAuthHelper(git, settings) | ||||||
|  |       if (settings.setSafeDirectory) { | ||||||
|  |         // Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail | ||||||
|  |         // Otherwise all git commands we run in a container fail | ||||||
|  |         await authHelper.configureTempGlobalConfig() | ||||||
|  |         core.info( | ||||||
|  |           `Adding repository directory to the temporary git global config as a safe directory` | ||||||
|  |         ) | ||||||
|  |  | ||||||
|  |         await git | ||||||
|  |           .config('safe.directory', settings.repositoryPath, true, true) | ||||||
|  |           .catch(error => { | ||||||
|  |             core.info( | ||||||
|  |               `Failed to initialize safe directory with error: ${error}` | ||||||
|  |             ) | ||||||
|  |           }) | ||||||
|  |  | ||||||
|  |         stateHelper.setSafeDirectory() | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |  | ||||||
|     // Prepare existing directory, otherwise recreate |     // Prepare existing directory, otherwise recreate | ||||||
|     if (isExisting) { |     if (isExisting) { | ||||||
|       await gitDirectoryHelper.prepareExistingDirectory( |       await gitDirectoryHelper.prepareExistingDirectory( | ||||||
| @@ -96,8 +120,10 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> { | |||||||
|     } |     } | ||||||
|     core.endGroup() |     core.endGroup() | ||||||
|  |  | ||||||
|   const authHelper = gitAuthHelper.createAuthHelper(git, settings) |     // If we didn't initialize it above, do it now | ||||||
|   try { |     if (!authHelper) { | ||||||
|  |       authHelper = gitAuthHelper.createAuthHelper(git, settings) | ||||||
|  |     } | ||||||
|     // Configure auth |     // Configure auth | ||||||
|     core.startGroup('Setting up auth') |     core.startGroup('Setting up auth') | ||||||
|     await authHelper.configureAuth() |     await authHelper.configureAuth() | ||||||
| @@ -170,7 +196,6 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> { | |||||||
|  |  | ||||||
|     // Submodules |     // Submodules | ||||||
|     if (settings.submodules) { |     if (settings.submodules) { | ||||||
|       try { |  | ||||||
|       // Temporarily override global config |       // Temporarily override global config | ||||||
|       core.startGroup('Setting up auth for fetching submodules') |       core.startGroup('Setting up auth for fetching submodules') | ||||||
|       await authHelper.configureGlobalAuth() |       await authHelper.configureGlobalAuth() | ||||||
| @@ -179,10 +204,7 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> { | |||||||
|       // Checkout submodules |       // Checkout submodules | ||||||
|       core.startGroup('Fetching submodules') |       core.startGroup('Fetching submodules') | ||||||
|       await git.submoduleSync(settings.nestedSubmodules) |       await git.submoduleSync(settings.nestedSubmodules) | ||||||
|         await git.submoduleUpdate( |       await git.submoduleUpdate(settings.fetchDepth, settings.nestedSubmodules) | ||||||
|           settings.fetchDepth, |  | ||||||
|           settings.nestedSubmodules |  | ||||||
|         ) |  | ||||||
|       await git.submoduleForeach( |       await git.submoduleForeach( | ||||||
|         'git config --local gc.auto 0', |         'git config --local gc.auto 0', | ||||||
|         settings.nestedSubmodules |         settings.nestedSubmodules | ||||||
| @@ -195,10 +217,6 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> { | |||||||
|         await authHelper.configureSubmoduleAuth() |         await authHelper.configureSubmoduleAuth() | ||||||
|         core.endGroup() |         core.endGroup() | ||||||
|       } |       } | ||||||
|       } finally { |  | ||||||
|         // Remove temporary global config override |  | ||||||
|         await authHelper.removeGlobalAuth() |  | ||||||
|       } |  | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     // Get commit information |     // Get commit information | ||||||
| @@ -218,11 +236,14 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> { | |||||||
|     ) |     ) | ||||||
|   } finally { |   } finally { | ||||||
|     // Remove auth |     // Remove auth | ||||||
|  |     if (authHelper) { | ||||||
|       if (!settings.persistCredentials) { |       if (!settings.persistCredentials) { | ||||||
|         core.startGroup('Removing auth') |         core.startGroup('Removing auth') | ||||||
|         await authHelper.removeAuth() |         await authHelper.removeAuth() | ||||||
|         core.endGroup() |         core.endGroup() | ||||||
|       } |       } | ||||||
|  |       authHelper.removeGlobalConfig() | ||||||
|  |     } | ||||||
|   } |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -244,7 +265,26 @@ export async function cleanup(repositoryPath: string): Promise<void> { | |||||||
|  |  | ||||||
|   // Remove auth |   // Remove auth | ||||||
|   const authHelper = gitAuthHelper.createAuthHelper(git) |   const authHelper = gitAuthHelper.createAuthHelper(git) | ||||||
|  |   try { | ||||||
|  |     if (stateHelper.PostSetSafeDirectory) { | ||||||
|  |       // Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail | ||||||
|  |       // Otherwise all git commands we run in a container fail | ||||||
|  |       await authHelper.configureTempGlobalConfig() | ||||||
|  |       core.info( | ||||||
|  |         `Adding repository directory to the temporary git global config as a safe directory` | ||||||
|  |       ) | ||||||
|  |  | ||||||
|  |       await git | ||||||
|  |         .config('safe.directory', repositoryPath, true, true) | ||||||
|  |         .catch(error => { | ||||||
|  |           core.info(`Failed to initialize safe directory with error: ${error}`) | ||||||
|  |         }) | ||||||
|  |     } | ||||||
|  |  | ||||||
|     await authHelper.removeAuth() |     await authHelper.removeAuth() | ||||||
|  |   } finally { | ||||||
|  |     await authHelper.removeGlobalConfig() | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| async function getGitCommandManager( | async function getGitCommandManager( | ||||||
|   | |||||||
| @@ -78,4 +78,9 @@ export interface IGitSourceSettings { | |||||||
|    * Organization ID for the currently running workflow (used for auth settings) |    * Organization ID for the currently running workflow (used for auth settings) | ||||||
|    */ |    */ | ||||||
|   workflowOrganizationId: number | undefined |   workflowOrganizationId: number | undefined | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Indicates whether to add repositoryPath as safe.directory in git global config | ||||||
|  |    */ | ||||||
|  |   setSafeDirectory: boolean | ||||||
| } | } | ||||||
|   | |||||||
| @@ -122,5 +122,8 @@ export async function getInputs(): Promise<IGitSourceSettings> { | |||||||
|   // Workflow organization ID |   // Workflow organization ID | ||||||
|   result.workflowOrganizationId = await workflowContextHelper.getOrganizationId() |   result.workflowOrganizationId = await workflowContextHelper.getOrganizationId() | ||||||
|  |  | ||||||
|  |   // Set safe.directory in git global config. | ||||||
|  |   result.setSafeDirectory = | ||||||
|  |     (core.getInput('set-safe-directory') || 'true').toUpperCase() === 'TRUE' | ||||||
|   return result |   return result | ||||||
| } | } | ||||||
|   | |||||||
| @@ -11,6 +11,12 @@ export const IsPost = !!process.env['STATE_isPost'] | |||||||
| export const RepositoryPath = | export const RepositoryPath = | ||||||
|   (process.env['STATE_repositoryPath'] as string) || '' |   (process.env['STATE_repositoryPath'] as string) || '' | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * The set-safe-directory for the POST action. The value is set if input: 'safe-directory' is set during the MAIN action. | ||||||
|  |  */ | ||||||
|  | export const PostSetSafeDirectory = | ||||||
|  |   (process.env['STATE_setSafeDirectory'] as string) === 'true' | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * The SSH key path for the POST action. The value is empty during the MAIN action. |  * The SSH key path for the POST action. The value is empty during the MAIN action. | ||||||
|  */ |  */ | ||||||
| @@ -51,6 +57,13 @@ export function setSshKnownHostsPath(sshKnownHostsPath: string) { | |||||||
|   ) |   ) | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Save the sef-safe-directory input so the POST action can retrieve the value. | ||||||
|  |  */ | ||||||
|  | export function setSafeDirectory() { | ||||||
|  |   coreCommand.issueCommand('save-state', {name: 'setSafeDirectory'}, 'true') | ||||||
|  | } | ||||||
|  |  | ||||||
| // Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic. | // Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic. | ||||||
| // This is necessary since we don't have a separate entry point. | // This is necessary since we don't have a separate entry point. | ||||||
| if (!IsPost) { | if (!IsPost) { | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user