Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add ssh support #163

Merged
merged 1 commit into from
Mar 11, 2020
Merged

add ssh support #163

merged 1 commit into from
Mar 11, 2020

Conversation

ericsciple
Copy link
Contributor

@ericsciple ericsciple commented Feb 25, 2020

related to ADR #156

@@ -12,6 +11,17 @@ export const IsPost = !!process.env['STATE_isPost']
export const RepositoryPath =
(process.env['STATE_repositoryPath'] as string) || ''

/**
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

used during POST to cleanup the files on disk

src/git-auth-helper.ts Outdated Show resolved Hide resolved
sshCommand += ` -o "UserKnownHostsFile=$RUNNER_TEMP/${path.basename(
this.sshKnownHostsPath
)}"`
this.git.setEnvironmentVariable('GIT_SSH_COMMAND', sshCommand)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GIT_SSH_COMMAND takes precedence over git config core.sshCommand


// Configure core.sshCommand
if (this.settings.persistCredentials) {
await this.git.config(SSH_COMMAND_KEY, sshCommand)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this runs git config --local core.sshCommand "ssh -i path-to-key -o etc"

src/git-auth-helper.ts Outdated Show resolved Hide resolved
Copy link
Contributor

@thboop thboop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

__test__/git-auth-helper.test.ts Outdated Show resolved Hide resolved
src/git-auth-helper.ts Outdated Show resolved Hide resolved
src/input-helper.ts Show resolved Hide resolved
@ericsciple ericsciple force-pushed the users/ericsciple/m166sshkey branch from 7ccce3d to 90142f5 Compare February 27, 2020 00:16
@ericsciple ericsciple force-pushed the users/ericsciple/m166sshkey branch from 90142f5 to ba318a1 Compare March 10, 2020 18:38
@ericsciple ericsciple force-pushed the users/ericsciple/m166sshkey branch 2 times, most recently from db05968 to 8020685 Compare March 11, 2020 05:28
# with the local git config, which enables your scripts to run authenticated git
# commands. The post-job step removes the PAT.
#
# We recommend creating a service account with the least permissions necessary.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: We recommend generating the PAT from a service account with only the necessary permissions.

may read a little better

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will follow up on next pr

# Default: ${{ github.token }}
token: ''

# Whether to persist the token in the git config
# SSH key used to fetch the repository. SSH key is configured with the local git
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: The SSH Key is configured...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will fix in next pr

# config, which enables your scripts to run authenticated git commands. The
# post-job step removes the SSH key.
#
# We recommend creating a service account with the least permissions necessary.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Same as above

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will follow up on next pr

@@ -73,6 +99,10 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous

# Whether to checkout submodules: `true` to checkout submodules or `recursive` to
# recursively checkout submodules.
#
# When the `ssh-key` input is not provided, SSH URLs beginning with
# `[email protected]:` are converted to HTTPS.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🏅

@ericsciple ericsciple force-pushed the users/ericsciple/m166sshkey branch from 7b6365b to d5e7ec5 Compare March 11, 2020 18:13
const configureAuth_copiesUserKnownHosts =
'configureAuth copies user known hosts'
it(configureAuth_copiesUserKnownHosts, async () => {
if (!sshPath) {
Copy link
Contributor

@thboop thboop Mar 11, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: consider a helper function for this

).toString()
expect(actualSshKeyContent).toBe(settings.sshKey + '\n')
if (!isWindows) {
expect((await fs.promises.stat(actualSshKeyPath)).mode & 0o777).toBe(
Copy link
Contributor

@thboop thboop Mar 11, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: Comment what this is or create a constant with a clear name

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will follow up on next pr

}
)

const configureSubmoduleAuth_doesNotConfigureUrlInsteadOfWhenPersistCredentialsTrueAndSshKeySet =
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great coverage across all of these different scenarios!

Copy link
Contributor

@thboop thboop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ericsciple ericsciple force-pushed the users/ericsciple/m166sshkey branch from 8e1d16e to f393882 Compare March 11, 2020 19:48
This was referenced Mar 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants