ahuston-0/create-pull-request
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: compatibility with actions/checkout@v6 (#4230)

Browse Source 
Temporarily hides checkout@v6 credential files to prevent duplicate Authorization headers.

Fixes #4228
This commit is contained in:
eric sciple
2025-11-22 11:59:34 -06:00
committed by GitHub
parent b4733b9419
commit 84ae59a2cd
2 changed files with 97 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
dist/index.js vendored
View File

@@ -1103,6 +1103,7 @@ class GitConfigHelper {
this.extraheaderConfigPlaceholderValue = 'AUTHORIZATION: basic ***'; this.extraheaderConfigPlaceholderValue = 'AUTHORIZATION: basic ***';
this.extraheaderConfigValueRegex = '^AUTHORIZATION:'; this.extraheaderConfigValueRegex = '^AUTHORIZATION:';
this.persistedExtraheaderConfigValue = ''; this.persistedExtraheaderConfigValue = '';
this.backedUpCredentialFiles = [];
this.git = git; this.git = git;
this.workingDirectory = this.git.getWorkingDirectory(); this.workingDirectory = this.git.getWorkingDirectory();
} }
@@ -1182,12 +1183,16 @@ class GitConfigHelper {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
const serverUrl = new url_1.URL(`https://${this.getGitRemote().hostname}`); const serverUrl = new url_1.URL(`https://${this.getGitRemote().hostname}`);
this.extraheaderConfigKey = `http.${serverUrl.origin}/.extraheader`; this.extraheaderConfigKey = `http.${serverUrl.origin}/.extraheader`;
// Backup checkout@v6 credential files if they exist
yield this.hideCredentialFiles();
// Save and unset persisted extraheader credential in git config if it exists // Save and unset persisted extraheader credential in git config if it exists
this.persistedExtraheaderConfigValue = yield this.getAndUnset(); this.persistedExtraheaderConfigValue = yield this.getAndUnset();
}); });
} }
restorePersistedAuth() { restorePersistedAuth() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
// Restore checkout@v6 credential files if they were backed up
yield this.unhideCredentialFiles();
if (this.persistedExtraheaderConfigValue) { if (this.persistedExtraheaderConfigValue) {
try { try {
yield this.setExtraheaderConfig(this.persistedExtraheaderConfigValue); yield this.setExtraheaderConfig(this.persistedExtraheaderConfigValue);
@@ -1224,6 +1229,48 @@ class GitConfigHelper {
yield this.gitConfigStringReplace(this.extraheaderConfigPlaceholderValue, extraheaderConfigValue); yield this.gitConfigStringReplace(this.extraheaderConfigPlaceholderValue, extraheaderConfigValue);
}); });
} }
hideCredentialFiles() {
return __awaiter(this, void 0, void 0, function* () {
// Temporarily hide checkout@v6 credential files to avoid duplicate auth headers
const runnerTemp = process.env['RUNNER_TEMP'];
if (!runnerTemp) {
return;
}
try {
const files = yield fs.promises.readdir(runnerTemp);
for (const file of files) {
if (file.startsWith('git-credentials-') && file.endsWith('.config')) {
const sourcePath = path.join(runnerTemp, file);
const backupPath = `${sourcePath}.bak`;
yield fs.promises.rename(sourcePath, backupPath);
this.backedUpCredentialFiles.push(backupPath);
core.info(`Temporarily hiding checkout credential file: ${file} (will be restored after)`);
}
}
}
catch (e) {
// If directory doesn't exist or we can't read it, just continue
core.debug(`Could not backup credential files: ${utils.getErrorMessage(e)}`);
}
});
}
unhideCredentialFiles() {
return __awaiter(this, void 0, void 0, function* () {
// Restore checkout@v6 credential files that were backed up
for (const backupPath of this.backedUpCredentialFiles) {
try {
const originalPath = backupPath.replace(/\.bak$/, '');
yield fs.promises.rename(backupPath, originalPath);
const fileName = path.basename(originalPath);
core.info(`Restored checkout credential file: ${fileName}`);
}
catch (e) {
core.warning(`Failed to restore credential file ${backupPath}: ${utils.getErrorMessage(e)}`);
}
}
this.backedUpCredentialFiles = [];
});
}
getAndUnset() { getAndUnset() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
let configValue = ''; let configValue = '';

50
src/git-config-helper.ts
View File

@@ -22,6 +22,7 @@ export class GitConfigHelper {
private extraheaderConfigPlaceholderValue = 'AUTHORIZATION: basic ***' private extraheaderConfigPlaceholderValue = 'AUTHORIZATION: basic ***'
private extraheaderConfigValueRegex = '^AUTHORIZATION:' private extraheaderConfigValueRegex = '^AUTHORIZATION:'
private persistedExtraheaderConfigValue = '' private persistedExtraheaderConfigValue = ''
private backedUpCredentialFiles: string[] = []
private constructor(git: GitCommandManager) { private constructor(git: GitCommandManager) {
this.git = git this.git = git
@@ -121,11 +122,15 @@ export class GitConfigHelper {
async savePersistedAuth(): Promise<void> { async savePersistedAuth(): Promise<void> {
const serverUrl = new URL(`https://${this.getGitRemote().hostname}`) const serverUrl = new URL(`https://${this.getGitRemote().hostname}`)
this.extraheaderConfigKey = `http.${serverUrl.origin}/.extraheader` this.extraheaderConfigKey = `http.${serverUrl.origin}/.extraheader`
// Backup checkout@v6 credential files if they exist
await this.hideCredentialFiles()
// Save and unset persisted extraheader credential in git config if it exists // Save and unset persisted extraheader credential in git config if it exists
this.persistedExtraheaderConfigValue = await this.getAndUnset() this.persistedExtraheaderConfigValue = await this.getAndUnset()
} }
async restorePersistedAuth(): Promise<void> { async restorePersistedAuth(): Promise<void> {
// Restore checkout@v6 credential files if they were backed up
await this.unhideCredentialFiles()
if (this.persistedExtraheaderConfigValue) { if (this.persistedExtraheaderConfigValue) {
try { try {
await this.setExtraheaderConfig(this.persistedExtraheaderConfigValue) await this.setExtraheaderConfig(this.persistedExtraheaderConfigValue)
@@ -169,6 +174,51 @@ export class GitConfigHelper {
) )
} }
private async hideCredentialFiles(): Promise<void> {
// Temporarily hide checkout@v6 credential files to avoid duplicate auth headers
const runnerTemp = process.env['RUNNER_TEMP']
if (!runnerTemp) {
return
}
try {
const files = await fs.promises.readdir(runnerTemp)
for (const file of files) {
if (file.startsWith('git-credentials-') && file.endsWith('.config')) {
const sourcePath = path.join(runnerTemp, file)
const backupPath = `${sourcePath}.bak`
await fs.promises.rename(sourcePath, backupPath)
this.backedUpCredentialFiles.push(backupPath)
core.info(
`Temporarily hiding checkout credential file: ${file} (will be restored after)`
)
}
}
} catch (e) {
// If directory doesn't exist or we can't read it, just continue
core.debug(
`Could not backup credential files: ${utils.getErrorMessage(e)}`
)
}
}
private async unhideCredentialFiles(): Promise<void> {
// Restore checkout@v6 credential files that were backed up
for (const backupPath of this.backedUpCredentialFiles) {
try {
const originalPath = backupPath.replace(/\.bak$/, '')
await fs.promises.rename(backupPath, originalPath)
const fileName = path.basename(originalPath)
core.info(`Restored checkout credential file: ${fileName}`)
} catch (e) {
core.warning(
`Failed to restore credential file ${backupPath}: ${utils.getErrorMessage(e)}`
)
}
}
this.backedUpCredentialFiles = []
}
private async getAndUnset(): Promise<string> { private async getAndUnset(): Promise<string> {
let configValue = '' let configValue = ''
// Save and unset persisted extraheader credential in git config if it exists // Save and unset persisted extraheader credential in git config if it exists