Add new public key for known_hosts (#1237 ) (#1238 )

* Add new public key for known_hosts (#1237) * Add new public key for known_hosts * Fix the build! * fix build. --------- Co-authored-by: Cameron Booth <cdb@github.com>
Add backports to v2 branch (#1040 )
2023-03-24 02:04:47 -04:00 · 2022-12-13 10:14:06 -05:00 · 2022-10-13 16:50:56 +01:00 · 2022-10-13 16:49:13 +01:00
18 changed files with 3238 additions and 4296 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -142,7 +142,7 @@ jobs:
      options: --dns 127.0.0.1
    services:
      squid-proxy:
-        image: datadog/squid:latest
+        image: ubuntu/squid:latest
        ports:
          - 3128:3128
    env:
--- a/.licenses/npm/@actions/core.dep.yml
+++ b/.licenses/npm/@actions/core.dep.yml
--- a/.licenses/npm/@actions/http-client-1.0.8.dep.yml
+++ b/.licenses/npm/@actions/http-client-1.0.8.dep.yml
--- a/.licenses/npm/@actions/http-client-2.0.1.dep.yml
+++ b/.licenses/npm/@actions/http-client-2.0.1.dep.yml
--- a/.licenses/npm/@actions/io.dep.yml
+++ b/.licenses/npm/@actions/io.dep.yml
--- a/.licenses/npm/node-fetch.dep.yml
+++ b/.licenses/npm/node-fetch.dep.yml
--- a/.licenses/npm/qs.dep.yml
+++ b/.licenses/npm/qs.dep.yml
--- a/.licenses/npm/uuid-3.3.3.dep.yml
+++ b/.licenses/npm/uuid-3.3.3.dep.yml
--- a/.licenses/npm/uuid-8.3.2.dep.yml
+++ b/.licenses/npm/uuid-8.3.2.dep.yml
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,8 @@
 # Changelog

+## v2.5.0
+- [Bump @actions/core to v1.10.0](https://github.com/actions/checkout/pull/962)
+
 ## v2.4.2
 - [Add input `set-safe-directory`](https://github.com/actions/checkout/pull/776)

--- a/dist/index.js
+++ b/dist/index.js
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "checkout",
-  "version": "2.0.2",
+  "version": "2.6.0",
  "description": "checkout action",
  "main": "lib/main.js",
  "scripts": {
@ -28,10 +28,10 @@
  },
  "homepage": "https://github.com/actions/checkout#readme",
  "dependencies": {
-    "@actions/core": "^1.2.6",
+    "@actions/core": "^1.10.0",
    "@actions/exec": "^1.0.1",
    "@actions/github": "^2.2.0",
-    "@actions/io": "^1.0.1",
+    "@actions/io": "^1.1.2",
    "@actions/tool-cache": "^1.1.2",
    "uuid": "^3.3.3"
  },
@ -39,11 +39,12 @@
    "@types/jest": "^27.0.2",
    "@types/node": "^12.7.12",
    "@types/uuid": "^3.4.6",
-    "@typescript-eslint/parser": "^5.1.0",
+    "@typescript-eslint/eslint-plugin": "^5.45.0",
+    "@typescript-eslint/parser": "^5.45.0",
    "@zeit/ncc": "^0.20.5",
    "eslint": "^7.32.0",
    "eslint-plugin-github": "^4.3.2",
-    "eslint-plugin-jest": "^25.2.2",
+    "eslint-plugin-jest": "^25.7.0",
    "jest": "^27.3.0",
    "jest-circus": "^27.3.0",
    "js-yaml": "^3.13.1",
--- a/src/git-auth-helper.ts
+++ b/src/git-auth-helper.ts
@ -157,7 +157,8 @@ class GitAuthHelper {
      // by process creation audit events, which are commonly logged. For more information,
      // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
      const output = await this.git.submoduleForeach(
-        `git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
+        // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+        `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
        this.settings.nestedSubmodules
      )

@ -246,7 +247,7 @@ class GitAuthHelper {
    if (this.settings.sshKnownHosts) {
      knownHosts += `# Begin from input known hosts\n${this.settings.sshKnownHosts}\n# end from input known hosts\n`
    }
-    knownHosts += `# Begin implicitly added github.com\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n# End implicitly added github.com\n`
+    knownHosts += `# Begin implicitly added github.com\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=\n# End implicitly added github.com\n`
    this.sshKnownHostsPath = path.join(runnerTemp, `${uniqueId}_known_hosts`)
    stateHelper.setSshKnownHostsPath(this.sshKnownHostsPath)
    await fs.promises.writeFile(this.sshKnownHostsPath, knownHosts)
@ -365,7 +366,8 @@ class GitAuthHelper {

    const pattern = regexpHelper.escape(configKey)
    await this.git.submoduleForeach(
-      `git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`,
+      // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+      `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`,
      true
    )
  }
--- a/src/misc/licensed-check.sh
+++ b/src/misc/licensed-check.sh
@ -5,4 +5,4 @@ set -e
 src/misc/licensed-download.sh

 echo 'Running: licensed cached'
-_temp/licensed-3.3.1/licensed status
+_temp/licensed-3.6.0/licensed status
--- a/src/misc/licensed-download.sh
+++ b/src/misc/licensed-download.sh
@ -2,23 +2,23 @@

 set -e

-if [ ! -f _temp/licensed-3.3.1.done ]; then
+if [ ! -f _temp/licensed-3.6.0.done ]; then
  echo 'Clearing temp'
-  rm -rf _temp/licensed-3.3.1 || true
+  rm -rf _temp/licensed-3.6.0 || true

  echo 'Downloading licensed'
-  mkdir -p _temp/licensed-3.3.1
-  pushd _temp/licensed-3.3.1
+  mkdir -p _temp/licensed-3.6.0
+  pushd _temp/licensed-3.6.0
  if [[ "$OSTYPE" == "darwin"* ]]; then
-    curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.3.1/licensed-3.3.1-darwin-x64.tar.gz
+    curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.6.0/licensed-3.6.0-darwin-x64.tar.gz
  else
-    curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.3.1/licensed-3.3.1-linux-x64.tar.gz
+    curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.6.0/licensed-3.6.0-linux-x64.tar.gz
  fi

  echo 'Extracting licenesed'
  tar -xzf licensed.tar.gz
  popd
-  touch _temp/licensed-3.3.1.done
+  touch _temp/licensed-3.6.0.done
 else
  echo 'Licensed already downloaded'
 fi
--- a/src/misc/licensed-generate.sh
+++ b/src/misc/licensed-generate.sh
@ -5,4 +5,4 @@ set -e
 src/misc/licensed-download.sh

 echo 'Running: licensed cached'
-_temp/licensed-3.3.1/licensed cache
+_temp/licensed-3.6.0/licensed cache
--- a/src/state-helper.ts
+++ b/src/state-helper.ts
@ -1,71 +1,60 @@
-import * as coreCommand from '@actions/core/lib/command'
+import * as core from '@actions/core'

 /**
 * Indicates whether the POST action is running
 */
-export const IsPost = !!process.env['STATE_isPost']
+export const IsPost = !!core.getState('isPost')

 /**
 * The repository path for the POST action. The value is empty during the MAIN action.
 */
-export const RepositoryPath =
-  (process.env['STATE_repositoryPath'] as string) || ''
+export const RepositoryPath = core.getState('repositoryPath')

 /**
 * The set-safe-directory for the POST action. The value is set if input: 'safe-directory' is set during the MAIN action.
 */
-export const PostSetSafeDirectory =
-  (process.env['STATE_setSafeDirectory'] as string) === 'true'
+export const PostSetSafeDirectory = core.getState('setSafeDirectory') === 'true'

 /**
 * The SSH key path for the POST action. The value is empty during the MAIN action.
 */
-export const SshKeyPath = (process.env['STATE_sshKeyPath'] as string) || ''
+export const SshKeyPath = core.getState('sshKeyPath')

 /**
 * The SSH known hosts path for the POST action. The value is empty during the MAIN action.
 */
-export const SshKnownHostsPath =
-  (process.env['STATE_sshKnownHostsPath'] as string) || ''
+export const SshKnownHostsPath = core.getState('sshKnownHostsPath')

 /**
 * Save the repository path so the POST action can retrieve the value.
 */
 export function setRepositoryPath(repositoryPath: string) {
-  coreCommand.issueCommand(
-    'save-state',
-    {name: 'repositoryPath'},
-    repositoryPath
-  )
+  core.saveState('repositoryPath', repositoryPath)
 }

 /**
 * Save the SSH key path so the POST action can retrieve the value.
 */
 export function setSshKeyPath(sshKeyPath: string) {
-  coreCommand.issueCommand('save-state', {name: 'sshKeyPath'}, sshKeyPath)
+  core.saveState('sshKeyPath', sshKeyPath)
 }

 /**
 * Save the SSH known hosts path so the POST action can retrieve the value.
 */
 export function setSshKnownHostsPath(sshKnownHostsPath: string) {
-  coreCommand.issueCommand(
-    'save-state',
-    {name: 'sshKnownHostsPath'},
-    sshKnownHostsPath
-  )
+  core.saveState('sshKnownHostsPath', sshKnownHostsPath)
 }

 /**
 * Save the sef-safe-directory input so the POST action can retrieve the value.
 */
 export function setSafeDirectory() {
-  coreCommand.issueCommand('save-state', {name: 'setSafeDirectory'}, 'true')
+  core.saveState('setSafeDirectory', 'true')
 }

 // Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
 // This is necessary since we don't have a separate entry point.
 if (!IsPost) {
-  coreCommand.issueCommand('save-state', {name: 'isPost'}, 'true')
+  core.saveState('isPost', 'true')
 }
Author	SHA1	Message	Date
Tingluo Huang	ee0669bd1c	Add new public key for known_hosts (#1237 ) (#1238 ) * Add new public key for known_hosts (#1237) * Add new public key for known_hosts * Fix the build! * fix build. --------- Co-authored-by: Cameron Booth <cdb@github.com>	2023-03-24 02:04:47 -04:00
Cory Miller	dc323e67f1	Add backports to v2 branch (#1040 ) * Update licensed version * Backport for submodule command wrapping * Update NPM packages * Update dist/index.js * Rebuild using Node 12 * Rebuild after a more aggressive cleanup of local files * Backport change to replace datadog/squid with ubuntu/squid	2022-12-13 10:14:06 -05:00
Francesco Renzi	e2f20e631a	Update CHANGELOG.md	2022-10-13 16:50:56 +01:00
Francesco Renzi	b2eb13baee	Update @actions/core to 1.10.0 (#962 ) * Update @actions/core to 1.10.0 * Backport state-helper updates	2022-10-13 16:49:13 +01:00