mirror of
https://github.com/actions/checkout.git
synced 2026-07-08 19:03:47 +08:00
Compare commits
9 Commits
v6
...
ce8654db7e
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
ce8654db7e | ||
|
|
14150cf66c | ||
|
|
8f2d56a328 | ||
|
|
7bbc85187c | ||
|
|
94b4159221 | ||
|
|
84bd6b238a | ||
|
|
93a0983ecb | ||
|
|
4b4c83ea7a | ||
|
|
2272602ba7 |
121
.github/copilot-instructions.md
vendored
Normal file
121
.github/copilot-instructions.md
vendored
Normal file
@@ -0,0 +1,121 @@
|
||||
# GitHub Actions Checkout - AI Coding Instructions
|
||||
|
||||
## Project Overview
|
||||
|
||||
This is the official `actions/checkout` GitHub Action for checking out repositories in workflows. It's a TypeScript project that compiles to a single bundled JavaScript file (`dist/index.js`) and supports both git-based and REST API-based repository downloads.
|
||||
|
||||
## Architecture & Key Components
|
||||
|
||||
### Core Entry Points
|
||||
- **`src/main.ts`**: Main entry point with `run()` and `cleanup()` functions, determined by `stateHelper.IsPost`
|
||||
- **`src/git-source-provider.ts`**: Primary orchestrator for repository acquisition (git vs REST API fallback)
|
||||
- **`src/input-helper.ts`**: Input validation and GitHub Actions input processing
|
||||
- **`action.yml`**: Defines the action interface with comprehensive input/output schema
|
||||
|
||||
### Critical Data Flow
|
||||
1. `main.ts` → `inputHelper.getInputs()` → validates and transforms action inputs
|
||||
2. `main.ts` → `gitSourceProvider.getSource(settings)` → orchestrates repository download
|
||||
3. `git-source-provider.ts` decides: use Git CLI or fallback to GitHub REST API
|
||||
4. State management via `state-helper.ts` for POST action cleanup
|
||||
|
||||
### Authentication & Security Patterns
|
||||
- **Token-based auth**: Uses `@actions/core` to handle GitHub tokens securely
|
||||
- **SSH key management**: Configures temporary SSH keys in `git-auth-helper.ts`
|
||||
- **Safe directory**: Automatically configures `git config safe.directory` for container compatibility
|
||||
|
||||
## Development Workflow
|
||||
|
||||
### Essential Commands
|
||||
```bash
|
||||
npm ci # Install dependencies
|
||||
npm run build # TypeScript → JavaScript + bundle with ncc + generate docs
|
||||
npm run format # Prettier formatting
|
||||
npm run lint # ESLint validation
|
||||
npm test # Jest test suite
|
||||
```
|
||||
|
||||
### Build Process (Critical!)
|
||||
- **`npm run build`** runs: `tsc && ncc build && node lib/misc/generate-docs.js`
|
||||
- **Documentation sync**: `src/misc/generate-docs.ts` auto-updates README.md usage section from `action.yml`
|
||||
- **Bundling**: Uses `@vercel/ncc` to create single `dist/index.js` file
|
||||
- **Always run `npm run build` before commits** - the `dist/` directory must be up-to-date
|
||||
|
||||
### Testing Strategy
|
||||
- **Unit tests**: Jest tests in `__test__/` for all core modules
|
||||
- **Integration tests**: Shell scripts (`__test__/verify-*.sh`) test real git operations
|
||||
- **E2E tests**: `.github/workflows/test.yml` tests across OS matrix with actual GitHub repos
|
||||
|
||||
## Project-Specific Conventions
|
||||
|
||||
### TypeScript Patterns
|
||||
- **Interface-driven**: `IGitSourceSettings` centralizes all configuration
|
||||
- **Async/await**: All I/O operations use async patterns, not promises
|
||||
- **Error handling**: Use `core.setFailed()` for action failures, `core.warning()` for non-critical issues
|
||||
|
||||
### Git Operation Patterns
|
||||
```typescript
|
||||
// Check Git version and fallback pattern
|
||||
const git = await getGitCommandManager(settings)
|
||||
if (git) {
|
||||
// Use Git CLI
|
||||
await git.fetch(refSpec, fetchDepth)
|
||||
} else {
|
||||
// Fallback to REST API
|
||||
await githubApiHelper.downloadRepository(...)
|
||||
}
|
||||
```
|
||||
|
||||
### State Management (Unique Pattern!)
|
||||
- **Dual-phase execution**: Same script runs twice (MAIN + POST) determined by `stateHelper.IsPost`
|
||||
- **State persistence**: Use `core.saveState()` / `core.getState()` to pass data between phases
|
||||
- **Cleanup responsibility**: POST phase cleans up auth tokens, SSH keys, etc.
|
||||
|
||||
### Input Validation Approach
|
||||
- **GitHub context integration**: Defaults repository from `github.context.repo`
|
||||
- **Path safety**: Validates paths are within `GITHUB_WORKSPACE`
|
||||
- **Flexible refs**: Handles branches, tags, SHAs, and PR refs uniformly
|
||||
|
||||
## Integration Points
|
||||
|
||||
### GitHub Actions SDK Usage
|
||||
- **`@actions/core`**: Input/output, logging, state management
|
||||
- **`@actions/github`**: GitHub context and API access
|
||||
- **`@actions/exec`**: Git command execution
|
||||
- **`@actions/io`**: File system operations
|
||||
|
||||
### Git Integration
|
||||
- **Version compatibility**: Minimum Git 2.18, with feature detection for sparse-checkout
|
||||
- **Authentication modes**: Token-based (default) or SSH key-based
|
||||
- **Advanced features**: LFS, submodules, sparse-checkout, partial clones
|
||||
|
||||
### Container Support
|
||||
- **Safe directory**: Critical for container workflows - auto-configures git safe.directory
|
||||
- **Credential persistence**: Configures git credential helper for authenticated operations
|
||||
|
||||
## Common Debugging Patterns
|
||||
|
||||
### Enable Debug Logging
|
||||
```yaml
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
env:
|
||||
ACTIONS_STEP_DEBUG: true
|
||||
```
|
||||
|
||||
### REST API Fallback Testing
|
||||
```bash
|
||||
# Force REST API mode by overriding Git version
|
||||
__test__/override-git-version.sh
|
||||
```
|
||||
|
||||
### Authentication Issues
|
||||
- Check `GITHUB_TOKEN` permissions: needs `contents: read`
|
||||
- For private repos: requires PAT with repo access
|
||||
- Container issues: verify safe.directory configuration
|
||||
|
||||
## Key Files for Understanding
|
||||
- `src/git-source-provider.ts` - Main orchestration logic
|
||||
- `src/input-helper.ts` - Action interface and validation
|
||||
- `src/git-auth-helper.ts` - Authentication and credential management
|
||||
- `action.yml` - Complete input/output specification
|
||||
- `.github/workflows/test.yml` - Comprehensive test scenarios
|
||||
41
.github/workflows/deno.yml
vendored
Normal file
41
.github/workflows/deno.yml
vendored
Normal file
@@ -0,0 +1,41 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow will install Deno then run `deno lint` and `deno test`.
|
||||
# For more information see: https://github.com/denoland/setup-deno
|
||||
|
||||
name: Deno
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: ["main"]
|
||||
pull_request:
|
||||
branches: ["main"]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Setup repo
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Deno
|
||||
uses: denoland/setup-deno@v1.1.2
|
||||
with:
|
||||
deno-version: v1.x
|
||||
|
||||
# Uncomment this step to verify the use of 'deno fmt' on each commit.
|
||||
# - name: Verify formatting
|
||||
# run: deno fmt --check
|
||||
|
||||
- name: Run linter
|
||||
run: deno lint
|
||||
|
||||
- name: Run tests
|
||||
run: deno test -A
|
||||
@@ -1,9 +1,5 @@
|
||||
# Changelog
|
||||
|
||||
## v6.0.3
|
||||
* Fix checkout init for SHA-256 repositories by @yaananth in https://github.com/actions/checkout/pull/2439
|
||||
* fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in https://github.com/actions/checkout/pull/2414
|
||||
|
||||
## v6.0.2
|
||||
* Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in https://github.com/actions/checkout/pull/2356
|
||||
|
||||
|
||||
213
LICENSE
213
LICENSE
@@ -1,22 +1,201 @@
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
The MIT License (MIT)
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
Copyright (c) 2018 GitHub, Inc. and contributors
|
||||
1. Definitions.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
@@ -378,59 +378,6 @@ describe('Test fetchDepth and fetchTags options', () => {
|
||||
})
|
||||
})
|
||||
|
||||
describe('repository initialization object format', () => {
|
||||
beforeEach(async () => {
|
||||
jest.spyOn(fshelper, 'fileExistsSync').mockImplementation(jest.fn())
|
||||
jest.spyOn(fshelper, 'directoryExistsSync').mockImplementation(jest.fn())
|
||||
})
|
||||
|
||||
afterEach(() => {
|
||||
jest.restoreAllMocks()
|
||||
})
|
||||
|
||||
it('initializes SHA-256 repositories with the matching object format', async () => {
|
||||
mockExec.mockImplementation((path, args, options) => {
|
||||
if (args.includes('version')) {
|
||||
options.listeners.stdout(Buffer.from('git version 2.50.1'))
|
||||
}
|
||||
|
||||
return 0
|
||||
})
|
||||
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
||||
|
||||
git = await commandManager.createCommandManager('test', false, false)
|
||||
|
||||
await git.init('sha256')
|
||||
|
||||
expect(mockExec).toHaveBeenCalledWith(
|
||||
expect.any(String),
|
||||
['init', '--object-format=sha256', 'test'],
|
||||
expect.any(Object)
|
||||
)
|
||||
})
|
||||
|
||||
it('initializes SHA-1 repositories with existing default arguments', async () => {
|
||||
mockExec.mockImplementation((path, args, options) => {
|
||||
if (args.includes('version')) {
|
||||
options.listeners.stdout(Buffer.from('git version 2.50.1'))
|
||||
}
|
||||
|
||||
return 0
|
||||
})
|
||||
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
||||
|
||||
git = await commandManager.createCommandManager('test', false, false)
|
||||
|
||||
await git.init('sha1')
|
||||
|
||||
expect(mockExec).toHaveBeenCalledWith(
|
||||
expect.any(String),
|
||||
['init', 'test'],
|
||||
expect.any(Object)
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe('git user-agent with orchestration ID', () => {
|
||||
beforeEach(async () => {
|
||||
jest.spyOn(fshelper, 'fileExistsSync').mockImplementation(jest.fn())
|
||||
|
||||
@@ -1,98 +0,0 @@
|
||||
import * as core from '@actions/core'
|
||||
import * as github from '@actions/github'
|
||||
import * as githubApiHelper from '../lib/github-api-helper'
|
||||
|
||||
describe('github-api-helper object format', () => {
|
||||
let getOctokitSpy: jest.SpyInstance
|
||||
let debugSpy: jest.SpyInstance
|
||||
let request: jest.Mock
|
||||
|
||||
function mockHashAlgorithmApi(hashAlgorithm: string): void {
|
||||
request = jest.fn(async () => ({
|
||||
data: {
|
||||
hash_algorithm: hashAlgorithm
|
||||
}
|
||||
}))
|
||||
getOctokitSpy = jest.spyOn(github, 'getOctokit').mockReturnValue({
|
||||
request
|
||||
} as any)
|
||||
}
|
||||
|
||||
beforeEach(() => {
|
||||
debugSpy = jest.spyOn(core, 'debug').mockImplementation(jest.fn())
|
||||
})
|
||||
|
||||
afterEach(() => {
|
||||
jest.restoreAllMocks()
|
||||
})
|
||||
|
||||
it('detects SHA-256 from the repository hash algorithm endpoint', async () => {
|
||||
mockHashAlgorithmApi('sha256')
|
||||
|
||||
await expect(
|
||||
githubApiHelper.tryGetRepositoryObjectFormat('token', 'owner', 'repo')
|
||||
).resolves.toEqual({format: 'sha256', succeeded: true})
|
||||
|
||||
expect(getOctokitSpy).toHaveBeenCalledWith(
|
||||
'token',
|
||||
expect.objectContaining({baseUrl: 'https://api.github.com'})
|
||||
)
|
||||
expect(request).toHaveBeenCalledWith(
|
||||
'GET /repos/{owner}/{repo}/hash-algorithm',
|
||||
{owner: 'owner', repo: 'repo'}
|
||||
)
|
||||
})
|
||||
|
||||
it('detects SHA-1 from the repository hash algorithm endpoint', async () => {
|
||||
mockHashAlgorithmApi('sha1')
|
||||
|
||||
await expect(
|
||||
githubApiHelper.tryGetRepositoryObjectFormat('token', 'owner', 'repo')
|
||||
).resolves.toEqual({format: 'sha1', succeeded: true})
|
||||
})
|
||||
|
||||
it('detects object format from an existing commit without API calls', async () => {
|
||||
const commitSha =
|
||||
'9422233ca7ee1b17f1e905d0e141faf0c401556c41cdc6acd71c6bd685da2e92'
|
||||
getOctokitSpy = jest.spyOn(github, 'getOctokit')
|
||||
|
||||
await expect(
|
||||
githubApiHelper.tryGetRepositoryObjectFormat(
|
||||
'token',
|
||||
'owner',
|
||||
'repo',
|
||||
undefined,
|
||||
commitSha
|
||||
)
|
||||
).resolves.toEqual({format: 'sha256', succeeded: true})
|
||||
|
||||
expect(getOctokitSpy).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('returns unsuccessful when the hash algorithm endpoint value is not recognized', async () => {
|
||||
mockHashAlgorithmApi('unknown')
|
||||
|
||||
await expect(
|
||||
githubApiHelper.tryGetRepositoryObjectFormat('token', 'owner', 'repo')
|
||||
).resolves.toEqual({format: '', succeeded: false})
|
||||
expect(debugSpy).toHaveBeenCalledWith(
|
||||
'Unable to determine repository object format from hash-algorithm endpoint'
|
||||
)
|
||||
})
|
||||
|
||||
it('returns unsuccessful when the hash algorithm API lookup fails', async () => {
|
||||
request = jest.fn(async () => {
|
||||
throw new Error('not found')
|
||||
})
|
||||
jest.spyOn(github, 'getOctokit').mockReturnValue({
|
||||
request
|
||||
} as any)
|
||||
|
||||
await expect(
|
||||
githubApiHelper.tryGetRepositoryObjectFormat('token', 'owner', 'repo')
|
||||
).resolves.toEqual({format: '', succeeded: false})
|
||||
expect(debugSpy).toHaveBeenCalledWith(
|
||||
'Unable to determine repository object format from hash-algorithm endpoint: not found'
|
||||
)
|
||||
})
|
||||
})
|
||||
@@ -133,16 +133,6 @@ describe('input-helper tests', () => {
|
||||
expect(settings.commit).toBe('1111111111222222222233333333334444444444')
|
||||
})
|
||||
|
||||
it('sets ref to empty when explicit sha-256', async () => {
|
||||
inputs.ref =
|
||||
'1111111111222222222233333333334444444444555555555566666666667777'
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings.ref).toBeFalsy()
|
||||
expect(settings.commit).toBe(
|
||||
'1111111111222222222233333333334444444444555555555566666666667777'
|
||||
)
|
||||
})
|
||||
|
||||
it('sets sha to empty when explicit ref', async () => {
|
||||
inputs.ref = 'refs/heads/some-other-ref'
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
|
||||
@@ -1,12 +1,8 @@
|
||||
import * as assert from 'assert'
|
||||
import * as core from '@actions/core'
|
||||
import * as github from '@actions/github'
|
||||
import * as refHelper from '../lib/ref-helper'
|
||||
import {IGitCommandManager} from '../lib/git-command-manager'
|
||||
|
||||
const commit = '1234567890123456789012345678901234567890'
|
||||
const sha256Commit =
|
||||
'1234567890123456789012345678901234567890123456789012345678901234'
|
||||
let git: IGitCommandManager
|
||||
|
||||
describe('ref-helper tests', () => {
|
||||
@@ -41,12 +37,6 @@ describe('ref-helper tests', () => {
|
||||
expect(checkoutInfo.startPoint).toBeFalsy()
|
||||
})
|
||||
|
||||
it('getCheckoutInfo sha-256 only', async () => {
|
||||
const checkoutInfo = await refHelper.getCheckoutInfo(git, '', sha256Commit)
|
||||
expect(checkoutInfo.ref).toBe(sha256Commit)
|
||||
expect(checkoutInfo.startPoint).toBeFalsy()
|
||||
})
|
||||
|
||||
it('getCheckoutInfo refs/heads/', async () => {
|
||||
const checkoutInfo = await refHelper.getCheckoutInfo(
|
||||
git,
|
||||
@@ -237,142 +227,4 @@ describe('ref-helper tests', () => {
|
||||
'+refs/heads/my/branch:refs/remotes/origin/my/branch'
|
||||
)
|
||||
})
|
||||
|
||||
describe('checkCommitInfo', () => {
|
||||
const repositoryOwner = 'some-owner'
|
||||
const repositoryName = 'some-repo'
|
||||
const ref = 'refs/pull/123/merge'
|
||||
const sha1Head = '1111111111222222222233333333334444444444'
|
||||
const sha1Base = 'aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd'
|
||||
const sha256Head =
|
||||
'1111111111222222222233333333334444444444555555555566666666667777'
|
||||
const sha256Base =
|
||||
'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeeeffffffffff0000'
|
||||
let debugSpy: jest.SpyInstance
|
||||
let getOctokitSpy: jest.SpyInstance
|
||||
let repoGetSpy: jest.Mock
|
||||
let originalEventName: string
|
||||
let originalPayload: unknown
|
||||
let originalRef: string
|
||||
let originalSha: string
|
||||
|
||||
function setPullRequestContext(
|
||||
expectedHeadSha: string,
|
||||
expectedBaseSha: string,
|
||||
mergeCommit: string
|
||||
): void {
|
||||
;(github.context as any).eventName = 'pull_request'
|
||||
github.context.ref = ref
|
||||
github.context.sha = mergeCommit
|
||||
;(github.context as any).payload = {
|
||||
action: 'synchronize',
|
||||
after: expectedHeadSha,
|
||||
number: 123,
|
||||
pull_request: {
|
||||
base: {
|
||||
sha: expectedBaseSha
|
||||
}
|
||||
},
|
||||
repository: {
|
||||
private: false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
beforeEach(() => {
|
||||
originalEventName = github.context.eventName
|
||||
originalPayload = github.context.payload
|
||||
originalRef = github.context.ref
|
||||
originalSha = github.context.sha
|
||||
|
||||
jest.spyOn(github.context, 'repo', 'get').mockReturnValue({
|
||||
owner: repositoryOwner,
|
||||
repo: repositoryName
|
||||
})
|
||||
debugSpy = jest.spyOn(core, 'debug').mockImplementation(jest.fn())
|
||||
repoGetSpy = jest.fn(async () => ({}))
|
||||
getOctokitSpy = jest.spyOn(github, 'getOctokit').mockReturnValue({
|
||||
rest: {
|
||||
repos: {
|
||||
get: repoGetSpy
|
||||
}
|
||||
}
|
||||
} as any)
|
||||
})
|
||||
|
||||
afterEach(() => {
|
||||
;(github.context as any).eventName = originalEventName
|
||||
;(github.context as any).payload = originalPayload
|
||||
github.context.ref = originalRef
|
||||
github.context.sha = originalSha
|
||||
jest.restoreAllMocks()
|
||||
})
|
||||
|
||||
it('returns early for SHA-1 merge commit', async () => {
|
||||
setPullRequestContext(sha1Head, sha1Base, commit)
|
||||
|
||||
await refHelper.checkCommitInfo(
|
||||
'token',
|
||||
`Merge ${sha1Head} into ${sha1Base}`,
|
||||
repositoryOwner,
|
||||
repositoryName,
|
||||
ref,
|
||||
commit
|
||||
)
|
||||
|
||||
expect(getOctokitSpy).not.toHaveBeenCalled()
|
||||
expect(repoGetSpy).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('matches SHA-256 merge commit info', async () => {
|
||||
const actualHeadSha =
|
||||
'9999999999888888888877777777776666666666555555555544444444443333'
|
||||
setPullRequestContext(sha256Head, sha256Base, sha256Commit)
|
||||
|
||||
await refHelper.checkCommitInfo(
|
||||
'token',
|
||||
`Merge ${actualHeadSha} into ${sha256Base}`,
|
||||
repositoryOwner,
|
||||
repositoryName,
|
||||
ref,
|
||||
sha256Commit
|
||||
)
|
||||
|
||||
expect(getOctokitSpy).toHaveBeenCalledWith(
|
||||
'token',
|
||||
expect.objectContaining({
|
||||
userAgent: expect.stringContaining(
|
||||
`expected_head_sha=${sha256Head};actual_head_sha=${actualHeadSha}`
|
||||
)
|
||||
})
|
||||
)
|
||||
expect(repoGetSpy).toHaveBeenCalledWith({
|
||||
owner: repositoryOwner,
|
||||
repo: repositoryName
|
||||
})
|
||||
expect(debugSpy).toHaveBeenCalledWith(
|
||||
`Expected head sha ${sha256Head}; actual head sha ${actualHeadSha}`
|
||||
)
|
||||
expect(debugSpy).not.toHaveBeenCalledWith('Unexpected message format')
|
||||
})
|
||||
|
||||
it('does not match 50-char hex as a valid merge', async () => {
|
||||
const invalidHeadSha =
|
||||
'99999999998888888888777777777766666666665555555555'
|
||||
setPullRequestContext(sha1Head, sha1Base, commit)
|
||||
|
||||
await refHelper.checkCommitInfo(
|
||||
'token',
|
||||
`Merge ${invalidHeadSha} into ${sha1Base}`,
|
||||
repositoryOwner,
|
||||
repositoryName,
|
||||
ref,
|
||||
commit
|
||||
)
|
||||
|
||||
expect(getOctokitSpy).not.toHaveBeenCalled()
|
||||
expect(repoGetSpy).not.toHaveBeenCalled()
|
||||
expect(debugSpy).toHaveBeenCalledWith('Unexpected message format')
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
59
dist/index.js
vendored
59
dist/index.js
vendored
@@ -896,14 +896,9 @@ class GitCommandManager {
|
||||
getWorkingDirectory() {
|
||||
return this.workingDirectory;
|
||||
}
|
||||
init(objectFormat) {
|
||||
init() {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
const args = ['init'];
|
||||
if (objectFormat === 'sha256') {
|
||||
args.push('--object-format=sha256');
|
||||
}
|
||||
args.push(this.workingDirectory);
|
||||
yield this.execGit(args);
|
||||
yield this.execGit(['init', this.workingDirectory]);
|
||||
});
|
||||
}
|
||||
isDetached() {
|
||||
@@ -1491,17 +1486,8 @@ function getSource(settings) {
|
||||
stateHelper.setRepositoryPath(settings.repositoryPath);
|
||||
// Initialize the repository
|
||||
if (!fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))) {
|
||||
core.startGroup('Determining repository object format');
|
||||
const objectFormatResult = yield githubApiHelper.tryGetRepositoryObjectFormat(settings.authToken, settings.repositoryOwner, settings.repositoryName, settings.githubServerUrl, settings.commit);
|
||||
const objectFormat = objectFormatResult.succeeded
|
||||
? objectFormatResult.format
|
||||
: '';
|
||||
if (objectFormat === 'sha256') {
|
||||
core.info('Detected SHA-256 repository object format');
|
||||
}
|
||||
core.endGroup();
|
||||
core.startGroup('Initializing the repository');
|
||||
yield git.init(objectFormat);
|
||||
yield git.init();
|
||||
yield git.remoteAdd('origin', repositoryUrl);
|
||||
core.endGroup();
|
||||
}
|
||||
@@ -1824,7 +1810,6 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.downloadRepository = downloadRepository;
|
||||
exports.getDefaultBranch = getDefaultBranch;
|
||||
exports.tryGetRepositoryObjectFormat = tryGetRepositoryObjectFormat;
|
||||
const assert = __importStar(__nccwpck_require__(9491));
|
||||
const core = __importStar(__nccwpck_require__(2186));
|
||||
const fs = __importStar(__nccwpck_require__(7147));
|
||||
@@ -1926,40 +1911,6 @@ function getDefaultBranch(authToken, owner, repo, baseUrl) {
|
||||
}));
|
||||
});
|
||||
}
|
||||
function tryGetRepositoryObjectFormat(authToken, owner, repo, baseUrl, commit) {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
var _a;
|
||||
const commitFormat = getObjectFormat(commit);
|
||||
if (commitFormat) {
|
||||
return { format: commitFormat, succeeded: true };
|
||||
}
|
||||
try {
|
||||
const octokit = github.getOctokit(authToken, {
|
||||
baseUrl: (0, url_helper_1.getServerApiUrl)(baseUrl)
|
||||
});
|
||||
const response = yield octokit.request('GET /repos/{owner}/{repo}/hash-algorithm', { owner, repo });
|
||||
const hashAlgorithm = response.data.hash_algorithm;
|
||||
if (hashAlgorithm === 'sha256' || hashAlgorithm === 'sha1') {
|
||||
return { format: hashAlgorithm, succeeded: true };
|
||||
}
|
||||
core.debug('Unable to determine repository object format from hash-algorithm endpoint');
|
||||
return { format: '', succeeded: false };
|
||||
}
|
||||
catch (err) {
|
||||
core.debug(`Unable to determine repository object format from hash-algorithm endpoint: ${(_a = err === null || err === void 0 ? void 0 : err.message) !== null && _a !== void 0 ? _a : err}`);
|
||||
return { format: '', succeeded: false };
|
||||
}
|
||||
});
|
||||
}
|
||||
function getObjectFormat(sha) {
|
||||
if (/^[0-9a-fA-F]{64}$/.test(sha || '')) {
|
||||
return 'sha256';
|
||||
}
|
||||
if (/^[0-9a-fA-F]{40}$/.test(sha || '')) {
|
||||
return 'sha1';
|
||||
}
|
||||
return '';
|
||||
}
|
||||
function downloadArchive(authToken, owner, repo, ref, commit, baseUrl) {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
const octokit = github.getOctokit(authToken, {
|
||||
@@ -2070,7 +2021,7 @@ function getInputs() {
|
||||
}
|
||||
}
|
||||
// SHA?
|
||||
else if (result.ref.match(/^(?:[0-9a-fA-F]{40}|[0-9a-fA-F]{64})$/)) {
|
||||
else if (result.ref.match(/^[0-9a-fA-F]{40}$/)) {
|
||||
result.commit = result.ref;
|
||||
result.ref = '';
|
||||
}
|
||||
@@ -2493,7 +2444,7 @@ function checkCommitInfo(token, commitInfo, repositoryOwner, repositoryName, ref
|
||||
return;
|
||||
}
|
||||
// Extract details from message
|
||||
const match = commitInfo.match(/Merge ([0-9a-f]{40}|[0-9a-f]{64}) into ([0-9a-f]{40}|[0-9a-f]{64})/);
|
||||
const match = commitInfo.match(/Merge ([0-9a-f]{40}) into ([0-9a-f]{40})/);
|
||||
if (!match) {
|
||||
core.debug('Unexpected message format');
|
||||
return;
|
||||
|
||||
@@ -43,7 +43,7 @@ export interface IGitCommandManager {
|
||||
getDefaultBranch(repositoryUrl: string): Promise<string>
|
||||
getSubmoduleConfigPaths(recursive: boolean): Promise<string[]>
|
||||
getWorkingDirectory(): string
|
||||
init(objectFormat?: string): Promise<void>
|
||||
init(): Promise<void>
|
||||
isDetached(): Promise<boolean>
|
||||
lfsFetch(ref: string): Promise<void>
|
||||
lfsInstall(): Promise<void>
|
||||
@@ -364,14 +364,8 @@ class GitCommandManager {
|
||||
return this.workingDirectory
|
||||
}
|
||||
|
||||
async init(objectFormat?: string): Promise<void> {
|
||||
const args = ['init']
|
||||
if (objectFormat === 'sha256') {
|
||||
args.push('--object-format=sha256')
|
||||
}
|
||||
args.push(this.workingDirectory)
|
||||
|
||||
await this.execGit(args)
|
||||
async init(): Promise<void> {
|
||||
await this.execGit(['init', this.workingDirectory])
|
||||
}
|
||||
|
||||
async isDetached(): Promise<boolean> {
|
||||
|
||||
@@ -109,25 +109,8 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
|
||||
if (
|
||||
!fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
|
||||
) {
|
||||
core.startGroup('Determining repository object format')
|
||||
const objectFormatResult =
|
||||
await githubApiHelper.tryGetRepositoryObjectFormat(
|
||||
settings.authToken,
|
||||
settings.repositoryOwner,
|
||||
settings.repositoryName,
|
||||
settings.githubServerUrl,
|
||||
settings.commit
|
||||
)
|
||||
const objectFormat = objectFormatResult.succeeded
|
||||
? objectFormatResult.format
|
||||
: ''
|
||||
if (objectFormat === 'sha256') {
|
||||
core.info('Detected SHA-256 repository object format')
|
||||
}
|
||||
core.endGroup()
|
||||
|
||||
core.startGroup('Initializing the repository')
|
||||
await git.init(objectFormat)
|
||||
await git.init()
|
||||
await git.remoteAdd('origin', repositoryUrl)
|
||||
core.endGroup()
|
||||
}
|
||||
|
||||
@@ -11,11 +11,6 @@ import {getServerApiUrl} from './url-helper'
|
||||
|
||||
const IS_WINDOWS = process.platform === 'win32'
|
||||
|
||||
export interface RepositoryObjectFormatResult {
|
||||
format: string
|
||||
succeeded: boolean
|
||||
}
|
||||
|
||||
export async function downloadRepository(
|
||||
authToken: string,
|
||||
owner: string,
|
||||
@@ -127,53 +122,6 @@ export async function getDefaultBranch(
|
||||
})
|
||||
}
|
||||
|
||||
export async function tryGetRepositoryObjectFormat(
|
||||
authToken: string,
|
||||
owner: string,
|
||||
repo: string,
|
||||
baseUrl?: string,
|
||||
commit?: string
|
||||
): Promise<RepositoryObjectFormatResult> {
|
||||
const commitFormat = getObjectFormat(commit)
|
||||
if (commitFormat) {
|
||||
return {format: commitFormat, succeeded: true}
|
||||
}
|
||||
|
||||
try {
|
||||
const octokit = github.getOctokit(authToken, {
|
||||
baseUrl: getServerApiUrl(baseUrl)
|
||||
})
|
||||
const response = await octokit.request(
|
||||
'GET /repos/{owner}/{repo}/hash-algorithm',
|
||||
{owner, repo}
|
||||
)
|
||||
const hashAlgorithm = response.data.hash_algorithm
|
||||
if (hashAlgorithm === 'sha256' || hashAlgorithm === 'sha1') {
|
||||
return {format: hashAlgorithm, succeeded: true}
|
||||
}
|
||||
|
||||
core.debug(
|
||||
'Unable to determine repository object format from hash-algorithm endpoint'
|
||||
)
|
||||
return {format: '', succeeded: false}
|
||||
} catch (err) {
|
||||
core.debug(
|
||||
`Unable to determine repository object format from hash-algorithm endpoint: ${(err as any)?.message ?? err}`
|
||||
)
|
||||
return {format: '', succeeded: false}
|
||||
}
|
||||
}
|
||||
|
||||
function getObjectFormat(sha?: string): string {
|
||||
if (/^[0-9a-fA-F]{64}$/.test(sha || '')) {
|
||||
return 'sha256'
|
||||
}
|
||||
if (/^[0-9a-fA-F]{40}$/.test(sha || '')) {
|
||||
return 'sha1'
|
||||
}
|
||||
return ''
|
||||
}
|
||||
|
||||
async function downloadArchive(
|
||||
authToken: string,
|
||||
owner: string,
|
||||
|
||||
@@ -71,7 +71,7 @@ export async function getInputs(): Promise<IGitSourceSettings> {
|
||||
}
|
||||
}
|
||||
// SHA?
|
||||
else if (result.ref.match(/^(?:[0-9a-fA-F]{40}|[0-9a-fA-F]{64})$/)) {
|
||||
else if (result.ref.match(/^[0-9a-fA-F]{40}$/)) {
|
||||
result.commit = result.ref
|
||||
result.ref = ''
|
||||
}
|
||||
|
||||
@@ -258,9 +258,7 @@ export async function checkCommitInfo(
|
||||
}
|
||||
|
||||
// Extract details from message
|
||||
const match = commitInfo.match(
|
||||
/Merge ([0-9a-f]{40}|[0-9a-f]{64}) into ([0-9a-f]{40}|[0-9a-f]{64})/
|
||||
)
|
||||
const match = commitInfo.match(/Merge ([0-9a-f]{40}) into ([0-9a-f]{40})/)
|
||||
if (!match) {
|
||||
core.debug('Unexpected message format')
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user