github
/
checkout
mirror of https://github.com/actions/checkout.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:9b6f4a6bf28dc3d1a23f62d38fda92232a1d17e2
Branches Tags
github:main
github:users/ericsciple/25-10-cred
github:dependabot/github_actions/minor-actions-dependencies-ad3029623a
github:dependabot/npm_and_yarn/minor-npm-dependencies-14ee30afef
github:dependabot/npm_and_yarn/types/node-22.5.4
github:dependabot/npm_and_yarn/typescript-eslint/parser-7.18.0
github:dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-8.4.0
github:dependabot/npm_and_yarn/multi-87b2ad6fb3
github:jww3-patch-1
github:jww3-minversion-v5
github:releases/v4.0.0
github:takost/test-package-update
github:test-show-progress
github:releases/v3
github:users/vanzeben/lfs-credentials-helper
github:luketomlinson/tags
github:fhammerl/releasev3.6.0
github:releases/v2
github:users/vmjoseph/checkout-upgrade-1.1.3
github:fhammerl/bump-gh-package-versions
github:users/vmjoseph/no-proxy
github:vmjoseph/toolkit-windows-exec
github:vmjoseph/silent-rev-parse
github:ericsciple-patch-1
github:hross-zeit-vercel
github:master
github:users/ericsciple/m167workflow
github:users/ericsciple/m167sub
github:test-data/v2/submodule-ssh-url-level-2
github:test-data/v2/submodule-ssh-url
github:test-data/v2/submodule-ssh-url-level-1
github:test-data/v2/submodule
github:users/ericsciple/m166refs
github:users/tihuang/proxysupport
github:users/ericsciple/m164submodule
github:users/ericsciple/m163tarball_temp
github:users/ericsciple/m163tarball_efficient_download
github:users/ericsciple/m162pr
github:users/ericsciple/test-pr
github:test-data/v2/basic
github:test-data/v2/submodule-level-1
github:test-data/v2/submodule-level-2
github:test-data/v2/lfs
github:test-data/v2/side-by-side-2
github:test-data/v2/side-by-side-1
github:revert-56-users/tihuang/checkoutV1_1
github:releases/v1
github:Update-description
github:v5
github:v5.0.0
github:v4.3.0
github:v4.2.2
github:v4
github:v4.2.1
github:v4.2.0
github:v4.1.7
github:v4.1.6
github:v4.1.5
github:v4.1.4
github:v4.1.3
github:v4.1.2
github:v4.1.1
github:v4.0.0
github:v4.1.0
github:v3.6.0
github:v3
github:v3.5.3
github:v3.5.2
github:v3.5.1
github:v2
github:v2.7.0
github:v3.5.0
github:v3.4.0
github:v3.3.0
github:v2.6.0
github:v3.2.0
github:v2.5.0
github:v3.1.0
github:v2.4.2
github:v3.0.2
github:v3.0.1
github:v2.4.1
github:v3.0.0
github:v2.4.0
github:v2.3.5
github:v2.3.4
github:v2.3.3
github:v2.3.2
github:v2.3.1
github:v2.3.0
github:v2.2.0
github:v2.1.1
github:v2.1.0
github:v2.0.0
github:v2-beta
github:v1
github:v1.2.0
github:v1.1.0
github:1.0.0
github:v1.0.0
..
compare: github:8b396d5a81917c98b642d236cff1834f348c374f
Branches Tags
github:users/ericsciple/25-10-cred
github:main
github:dependabot/github_actions/minor-actions-dependencies-ad3029623a
github:dependabot/npm_and_yarn/minor-npm-dependencies-14ee30afef
github:dependabot/npm_and_yarn/types/node-22.5.4
github:dependabot/npm_and_yarn/typescript-eslint/parser-7.18.0
github:dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-8.4.0
github:dependabot/npm_and_yarn/multi-87b2ad6fb3
github:jww3-patch-1
github:jww3-minversion-v5
github:releases/v4.0.0
github:takost/test-package-update
github:test-show-progress
github:releases/v3
github:users/vanzeben/lfs-credentials-helper
github:luketomlinson/tags
github:fhammerl/releasev3.6.0
github:releases/v2
github:users/vmjoseph/checkout-upgrade-1.1.3
github:fhammerl/bump-gh-package-versions
github:users/vmjoseph/no-proxy
github:vmjoseph/toolkit-windows-exec
github:vmjoseph/silent-rev-parse
github:ericsciple-patch-1
github:hross-zeit-vercel
github:master
github:users/ericsciple/m167workflow
github:users/ericsciple/m167sub
github:test-data/v2/submodule-ssh-url-level-2
github:test-data/v2/submodule-ssh-url
github:test-data/v2/submodule-ssh-url-level-1
github:test-data/v2/submodule
github:users/ericsciple/m166refs
github:users/tihuang/proxysupport
github:users/ericsciple/m164submodule
github:users/ericsciple/m163tarball_temp
github:users/ericsciple/m163tarball_efficient_download
github:users/ericsciple/m162pr
github:users/ericsciple/test-pr
github:test-data/v2/basic
github:test-data/v2/submodule-level-1
github:test-data/v2/submodule-level-2
github:test-data/v2/lfs
github:test-data/v2/side-by-side-2
github:test-data/v2/side-by-side-1
github:revert-56-users/tihuang/checkoutV1_1
github:releases/v1
github:Update-description
github:v5
github:v5.0.0
github:v4.3.0
github:v4.2.2
github:v4
github:v4.2.1
github:v4.2.0
github:v4.1.7
github:v4.1.6
github:v4.1.5
github:v4.1.4
github:v4.1.3
github:v4.1.2
github:v4.1.1
github:v4.0.0
github:v4.1.0
github:v3.6.0
github:v3
github:v3.5.3
github:v3.5.2
github:v3.5.1
github:v2
github:v2.7.0
github:v3.5.0
github:v3.4.0
github:v3.3.0
github:v2.6.0
github:v3.2.0
github:v2.5.0
github:v3.1.0
github:v2.4.2
github:v3.0.2
github:v3.0.1
github:v2.4.1
github:v3.0.0
github:v2.4.0
github:v2.3.5
github:v2.3.4
github:v2.3.3
github:v2.3.2
github:v2.3.1
github:v2.3.0
github:v2.2.0
github:v2.1.1
github:v2.1.0
github:v2.0.0
github:v2-beta
github:v1
github:v1.2.0
github:v1.1.0
github:1.0.0
github:v1.0.0

2 Commits
9b6f4a6bf2 ... 8b396d5a81

Author SHA1 Message Date
eric sciple 8b396d5a81
Merge eddff1118c into ff7abcd0c3 2025-10-17 19:00:14 +00:00
eric sciple eddff1118c Persist creds to a separate file 2025-10-17 19:00:01 +00:00
1 changed files with 19 additions and 200 deletions
Show Stats Expand all files Collapse all files

219
__test__/git-auth-helper.test.ts
View File

@ -706,7 +706,7 @@ describe('git-auth-helper tests', () => {
const authHelper = gitAuthHelper.createAuthHelper(git, settings) const authHelper = gitAuthHelper.createAuthHelper(git, settings)
await authHelper.configureAuth() await authHelper.configureAuth()
// Verify includeIf entries exist in local config // Sanity check - verify includeIf entries exist in local config
let localConfigContent = ( let localConfigContent = (
await fs.promises.readFile(localGitConfigPath) await fs.promises.readFile(localGitConfigPath)
).toString() ).toString()
@ -714,192 +714,26 @@ describe('git-auth-helper tests', () => {
localConfigContent.indexOf('includeIf.gitdir:') localConfigContent.indexOf('includeIf.gitdir:')
).toBeGreaterThanOrEqual(0) ).toBeGreaterThanOrEqual(0)
// Verify both host and container includeIf entries are present // Sanity check - verify credentials file exists
const hostGitDir = path.join(workspace, '.git').replace(/\\/g, '/')
expect(
localConfigContent.indexOf(`includeIf.gitdir:${hostGitDir}.path`)
).toBeGreaterThanOrEqual(0)
expect(
localConfigContent.indexOf('includeIf.gitdir:/github/workspace/.git.path')
).toBeGreaterThanOrEqual(0)
// Verify credentials file exists
let credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter( let credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
f => f.startsWith('git-credentials-') && f.endsWith('.config') f => f.startsWith('git-credentials-') && f.endsWith('.config')
) )
expect(credentialsFiles.length).toBe(1) expect(credentialsFiles.length).toBe(1)
const credentialsFilePath = path.join(runnerTemp, credentialsFiles[0])
// Verify credentials file contains the auth token
let credentialsContent = (
await fs.promises.readFile(credentialsFilePath)
).toString()
const basicCredential = Buffer.from(
`x-access-token:${settings.authToken}`,
'utf8'
).toString('base64')
expect(
credentialsContent.indexOf(
`http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
)
).toBeGreaterThanOrEqual(0)
// Verify the includeIf entries point to the credentials file
const containerCredentialsPath = path.posix.join(
'/github/runner_temp',
path.basename(credentialsFilePath)
)
expect(
localConfigContent.indexOf(credentialsFilePath)
).toBeGreaterThanOrEqual(0)
expect(
localConfigContent.indexOf(containerCredentialsPath)
).toBeGreaterThanOrEqual(0)
// Act // Act
await authHelper.removeAuth() await authHelper.removeAuth()
// Assert all includeIf entries removed from local git config // Assert includeIf entries removed from local git config
localConfigContent = ( localConfigContent = (
await fs.promises.readFile(localGitConfigPath) await fs.promises.readFile(localGitConfigPath)
).toString() ).toString()
expect(localConfigContent.indexOf('includeIf.gitdir:')).toBeLessThan(0) expect(localConfigContent.indexOf('includeIf.gitdir:')).toBeLessThan(0)
expect(
localConfigContent.indexOf(`includeIf.gitdir:${hostGitDir}.path`)
).toBeLessThan(0)
expect(
localConfigContent.indexOf('includeIf.gitdir:/github/workspace/.git.path')
).toBeLessThan(0)
expect(localConfigContent.indexOf(credentialsFilePath)).toBeLessThan(0)
expect(localConfigContent.indexOf(containerCredentialsPath)).toBeLessThan(0)
// Assert credentials config file deleted // Assert credentials config file deleted
credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter( credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
f => f.startsWith('git-credentials-') && f.endsWith('.config') f => f.startsWith('git-credentials-') && f.endsWith('.config')
) )
expect(credentialsFiles.length).toBe(0) expect(credentialsFiles.length).toBe(0)
// Verify credentials file no longer exists on disk
try {
await fs.promises.stat(credentialsFilePath)
throw new Error('Credentials file should have been deleted')
} catch (err) {
if ((err as any)?.code !== 'ENOENT') {
throw err
}
}
})
const removeAuth_removesTokenFromSubmodules =
'removeAuth removes token from submodules'
it(removeAuth_removesTokenFromSubmodules, async () => {
// Arrange
await setup(removeAuth_removesTokenFromSubmodules)
// Create fake submodule config paths
const submodule1Dir = path.join(workspace, '.git', 'modules', 'submodule-1')
const submodule2Dir = path.join(workspace, '.git', 'modules', 'submodule-2')
const submodule1ConfigPath = path.join(submodule1Dir, 'config')
const submodule2ConfigPath = path.join(submodule2Dir, 'config')
await fs.promises.mkdir(submodule1Dir, {recursive: true})
await fs.promises.mkdir(submodule2Dir, {recursive: true})
await fs.promises.writeFile(submodule1ConfigPath, '')
await fs.promises.writeFile(submodule2ConfigPath, '')
// Mock getSubmoduleConfigPaths to return our fake submodules (for both configure and remove)
const mockGetSubmoduleConfigPaths =
git.getSubmoduleConfigPaths as jest.Mock<any, any>
mockGetSubmoduleConfigPaths.mockResolvedValue([
submodule1ConfigPath,
submodule2ConfigPath
])
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
await authHelper.configureAuth()
await authHelper.configureSubmoduleAuth()
// Verify credentials file exists
let credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
f => f.startsWith('git-credentials-') && f.endsWith('.config')
)
expect(credentialsFiles.length).toBe(1)
const credentialsFilePath = path.join(runnerTemp, credentialsFiles[0])
// Verify submodule 1 config has includeIf entries
let submodule1Content = (
await fs.promises.readFile(submodule1ConfigPath)
).toString()
const submodule1GitDir = submodule1Dir.replace(/\\/g, '/')
expect(
submodule1Content.indexOf(`includeIf.gitdir:${submodule1GitDir}.path`)
).toBeGreaterThanOrEqual(0)
expect(
submodule1Content.indexOf(credentialsFilePath)
).toBeGreaterThanOrEqual(0)
// Verify submodule 2 config has includeIf entries
let submodule2Content = (
await fs.promises.readFile(submodule2ConfigPath)
).toString()
const submodule2GitDir = submodule2Dir.replace(/\\/g, '/')
expect(
submodule2Content.indexOf(`includeIf.gitdir:${submodule2GitDir}.path`)
).toBeGreaterThanOrEqual(0)
expect(
submodule2Content.indexOf(credentialsFilePath)
).toBeGreaterThanOrEqual(0)
// Verify both host and container paths are in each submodule config
const containerCredentialsPath = path.posix.join(
'/github/runner_temp',
path.basename(credentialsFilePath)
)
expect(
submodule1Content.indexOf(containerCredentialsPath)
).toBeGreaterThanOrEqual(0)
expect(
submodule2Content.indexOf(containerCredentialsPath)
).toBeGreaterThanOrEqual(0)
// Act - ensure mock persists for removeAuth
mockGetSubmoduleConfigPaths.mockResolvedValue([
submodule1ConfigPath,
submodule2ConfigPath
])
await authHelper.removeAuth()
// Assert submodule 1 includeIf entries removed
submodule1Content = (
await fs.promises.readFile(submodule1ConfigPath)
).toString()
expect(submodule1Content.indexOf('includeIf.gitdir:')).toBeLessThan(0)
expect(submodule1Content.indexOf(credentialsFilePath)).toBeLessThan(0)
expect(submodule1Content.indexOf(containerCredentialsPath)).toBeLessThan(0)
// Assert submodule 2 includeIf entries removed
submodule2Content = (
await fs.promises.readFile(submodule2ConfigPath)
).toString()
expect(submodule2Content.indexOf('includeIf.gitdir:')).toBeLessThan(0)
expect(submodule2Content.indexOf(credentialsFilePath)).toBeLessThan(0)
expect(submodule2Content.indexOf(containerCredentialsPath)).toBeLessThan(0)
// Assert credentials config file deleted
credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
f => f.startsWith('git-credentials-') && f.endsWith('.config')
)
expect(credentialsFiles.length).toBe(0)
// Verify credentials file no longer exists on disk
try {
await fs.promises.stat(credentialsFilePath)
throw new Error('Credentials file should have been deleted')
} catch (err) {
if ((err as any)?.code !== 'ENOENT') {
throw err
}
}
}) })
const removeGlobalConfig_removesOverride = const removeGlobalConfig_removesOverride =
@ -1083,38 +917,29 @@ async function setup(testName: string): Promise<void> {
async ( async (
key: string, key: string,
value: string, value: string,
globalConfig?: boolean, globalConfig?: boolean
configPath?: string
): Promise<boolean> => { ): Promise<boolean> => {
const targetConfigPath = const configPath = globalConfig
configPath || ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
(globalConfig : localGitConfigPath
? path.join(git.env['HOME'] || tempHomedir, '.gitconfig') let content = await fs.promises.readFile(configPath)
: localGitConfigPath)
let content = await fs.promises.readFile(targetConfigPath)
let lines = content let lines = content
.toString() .toString()
.split('\n') .split('\n')
.filter(x => x) .filter(x => x)
.filter(x => !(x.startsWith(key) && x.includes(value))) .filter(x => !(x.startsWith(key) && x.includes(value)))
await fs.promises.writeFile(targetConfigPath, lines.join('\n')) await fs.promises.writeFile(configPath, lines.join('\n'))
return true return true
} }
), ),
tryDisableAutomaticGarbageCollection: jest.fn(), tryDisableAutomaticGarbageCollection: jest.fn(),
tryGetFetchUrl: jest.fn(), tryGetFetchUrl: jest.fn(),
tryGetConfigValues: jest.fn( tryGetConfigValues: jest.fn(
async ( async (key: string, globalConfig?: boolean): Promise<string[]> => {
key: string, const configPath = globalConfig
globalConfig?: boolean, ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
configPath?: string : localGitConfigPath
): Promise<string[]> => { const content = await fs.promises.readFile(configPath)
const targetConfigPath =
configPath ||
(globalConfig
? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
: localGitConfigPath)
const content = await fs.promises.readFile(targetConfigPath)
const lines = content const lines = content
.toString() .toString()
.split('\n') .split('\n')
@ -1124,17 +949,11 @@ async function setup(testName: string): Promise<void> {
} }
), ),
tryGetConfigKeys: jest.fn( tryGetConfigKeys: jest.fn(
async ( async (pattern: string, globalConfig?: boolean): Promise<string[]> => {
pattern: string, const configPath = globalConfig
globalConfig?: boolean, ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
configPath?: string : localGitConfigPath
): Promise<string[]> => { const content = await fs.promises.readFile(configPath)
const targetConfigPath =
configPath ||
(globalConfig
? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
: localGitConfigPath)
const content = await fs.promises.readFile(targetConfigPath)
const lines = content const lines = content
.toString() .toString()
.split('\n') .split('\n')