Merge remote-tracking branch 'actions/main'

2025-06-15 14:50:45 -06:00 · 2022-12-31 11:55:15 +01:00 · 2022-12-31 11:55:15 +01:00 · c4fe551825
commit c4fe551825
parent d46e61f9c4 ac59398561
34 changed files with 22475 additions and 4493 deletions
--- a/src/git-source-provider.ts
+++ b/src/git-source-provider.ts
@ -36,68 +36,95 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
  const git = await getGitCommandManager(settings)
  core.endGroup()

-  // Prepare existing directory, otherwise recreate
-  if (isExisting) {
-    await gitDirectoryHelper.prepareExistingDirectory(
-      git,
-      settings.repositoryPath,
-      repositoryUrl,
-      settings.clean,
-      settings.ref
-    )
-  }
+  let authHelper: gitAuthHelper.IGitAuthHelper | null = null
+  try {
+    if (git) {
+      authHelper = gitAuthHelper.createAuthHelper(git, settings)
+      if (settings.setSafeDirectory) {
+        // Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail
+        // Otherwise all git commands we run in a container fail
+        await authHelper.configureTempGlobalConfig()
+        core.info(
+          `Adding repository directory to the temporary git global config as a safe directory`
+        )

-  if (!git) {
-    // Downloading using REST API
-    core.info(`The repository will be downloaded using the GitHub REST API`)
-    core.info(
-      `To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
-    )
-    if (settings.submodules) {
-      throw new Error(
-        `Input 'submodules' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
-      )
-    } else if (settings.sshKey) {
-      throw new Error(
-        `Input 'ssh-key' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
+        await git
+          .config('safe.directory', settings.repositoryPath, true, true)
+          .catch(error => {
+            core.info(
+              `Failed to initialize safe directory with error: ${error}`
+            )
+          })
+
+        stateHelper.setSafeDirectory()
+      }
+    }
+
+    // Prepare existing directory, otherwise recreate
+    if (isExisting) {
+      await gitDirectoryHelper.prepareExistingDirectory(
+        git,
+        settings.repositoryPath,
+        repositoryUrl,
+        settings.clean,
+        settings.ref
      )
    }

-    await githubApiHelper.downloadRepository(
-      settings.authToken,
-      settings.repositoryOwner,
-      settings.repositoryName,
-      settings.ref,
-      settings.commit,
-      settings.repositoryPath
-    )
-    return
-  }
+    if (!git) {
+      // Downloading using REST API
+      core.info(`The repository will be downloaded using the GitHub REST API`)
+      core.info(
+        `To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
+      )
+      if (settings.submodules) {
+        throw new Error(
+          `Input 'submodules' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
+        )
+      } else if (settings.sshKey) {
+        throw new Error(
+          `Input 'ssh-key' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
+        )
+      }

-  // Save state for POST action
-  stateHelper.setRepositoryPath(settings.repositoryPath)
+      await githubApiHelper.downloadRepository(
+        settings.authToken,
+        settings.repositoryOwner,
+        settings.repositoryName,
+        settings.ref,
+        settings.commit,
+        settings.repositoryPath,
+        settings.githubServerUrl
+      )
+      return
+    }

-  // Initialize the repository
-  if (
-    !fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
-  ) {
-    core.startGroup('Initializing the repository')
-    await git.init()
-    await git.remoteAdd('origin', repositoryUrl)
+    // Save state for POST action
+    stateHelper.setRepositoryPath(settings.repositoryPath)
+
+    // Initialize the repository
+    if (
+      !fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
+    ) {
+      core.startGroup('Initializing the repository')
+      await git.init()
+      await git.remoteAdd('origin', repositoryUrl)
+      core.endGroup()
+    }
+
+    // Disable automatic garbage collection
+    core.startGroup('Disabling automatic garbage collection')
+    if (!(await git.tryDisableAutomaticGarbageCollection())) {
+      core.warning(
+        `Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
+      )
+    }
    core.endGroup()
-  }

-  // Disable automatic garbage collection
-  core.startGroup('Disabling automatic garbage collection')
-  if (!(await git.tryDisableAutomaticGarbageCollection())) {
-    core.warning(
-      `Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
-    )
-  }
-  core.endGroup()
-
-  const authHelper = gitAuthHelper.createAuthHelper(git, settings)
-  try {
+    // If we didn't initialize it above, do it now
+    if (!authHelper) {
+      authHelper = gitAuthHelper.createAuthHelper(git, settings)
+    }
    // Configure auth
    core.startGroup('Setting up auth')
    await authHelper.configureAuth()
@ -112,7 +139,8 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
        settings.ref = await githubApiHelper.getDefaultBranch(
          settings.authToken,
          settings.repositoryOwner,
-          settings.repositoryName
+          settings.repositoryName,
+          settings.githubServerUrl
        )
      }
      core.endGroup()
@ -170,35 +198,30 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {

    // Submodules
    if (settings.submodules) {
-      try {
-        // Temporarily override global config
-        core.startGroup('Setting up auth for fetching submodules')
-        await authHelper.configureGlobalAuth()
-        core.endGroup()
+      // Temporarily override global config
+      core.startGroup('Setting up auth for fetching submodules')
+      await authHelper.configureGlobalAuth()
+      core.endGroup()

-        // Checkout submodules
-        core.startGroup('Fetching submodules')
-        await git.submoduleSync(settings.nestedSubmodules)
-        await git.submoduleUpdate(
-          settings.fetchDepth,
-          settings.nestedSubmodules,
-          settings.fetchJobs
-        )
-        await git.submoduleForeach(
-          'git config --local gc.auto 0',
-          settings.nestedSubmodules
-        )
-        core.endGroup()
+      // Checkout submodules
+      core.startGroup('Fetching submodules')
+      await git.submoduleSync(settings.nestedSubmodules)
+      await git.submoduleUpdate(
+        settings.fetchDepth,
+        settings.nestedSubmodules,
+        settings.fetchJobs
+      )
+      await git.submoduleForeach(
+        'git config --local gc.auto 0',
+        settings.nestedSubmodules
+      )
+      core.endGroup()

-        // Persist credentials
-        if (settings.persistCredentials) {
-          core.startGroup('Persisting credentials for submodules')
-          await authHelper.configureSubmoduleAuth()
-          core.endGroup()
-        }
-      } finally {
-        // Remove temporary global config override
-        await authHelper.removeGlobalAuth()
+      // Persist credentials
+      if (settings.persistCredentials) {
+        core.startGroup('Persisting credentials for submodules')
+        await authHelper.configureSubmoduleAuth()
+        core.endGroup()
      }
    }

@ -215,14 +238,18 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
      settings.repositoryOwner,
      settings.repositoryName,
      settings.ref,
-      settings.commit
+      settings.commit,
+      settings.githubServerUrl
    )
  } finally {
    // Remove auth
-    if (!settings.persistCredentials) {
-      core.startGroup('Removing auth')
-      await authHelper.removeAuth()
-      core.endGroup()
+    if (authHelper) {
+      if (!settings.persistCredentials) {
+        core.startGroup('Removing auth')
+        await authHelper.removeAuth()
+        core.endGroup()
+      }
+      authHelper.removeGlobalConfig()
    }
  }
 }
@ -245,7 +272,26 @@ export async function cleanup(repositoryPath: string): Promise<void> {

  // Remove auth
  const authHelper = gitAuthHelper.createAuthHelper(git)
-  await authHelper.removeAuth()
+  try {
+    if (stateHelper.PostSetSafeDirectory) {
+      // Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail
+      // Otherwise all git commands we run in a container fail
+      await authHelper.configureTempGlobalConfig()
+      core.info(
+        `Adding repository directory to the temporary git global config as a safe directory`
+      )
+
+      await git
+        .config('safe.directory', repositoryPath, true, true)
+        .catch(error => {
+          core.info(`Failed to initialize safe directory with error: ${error}`)
+        })
+    }
+
+    await authHelper.removeAuth()
+  } finally {
+    await authHelper.removeGlobalConfig()
+  }
 }

 async function getGitCommandManager(