mirror of
https://github.com/actions/checkout.git
synced 2026-06-16 22:14:13 +02:00
dependabot[bot]
537c7ef99c
* Bump uuid, @actions/core and @actions/tool-cache Bumps [uuid](https://github.com/uuidjs/uuid), [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) and [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache). These dependencies needed to be updated together. Updates `uuid` from 9.0.1 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](https://github.com/uuidjs/uuid/compare/v9.0.1...v14.0.0) Updates `@actions/core` from 1.10.1 to 1.11.1 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core) Updates `@actions/tool-cache` from 2.0.1 to 2.0.2 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache) --- updated-dependencies: - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production - dependency-name: "@actions/core" dependency-version: 1.11.1 dependency-type: direct:production - dependency-name: "@actions/tool-cache" dependency-version: 2.0.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * switch to use crpto.randomUUID * update license --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aiqiao Yan <55104035+aiqiaoy@users.noreply.github.com>
198 lines
5.5 KiB
TypeScript
198 lines
5.5 KiB
TypeScript
import * as assert from 'assert'
|
|
import * as core from '@actions/core'
|
|
import * as fs from 'fs'
|
|
import * as github from '@actions/github'
|
|
import * as io from '@actions/io'
|
|
import * as path from 'path'
|
|
import * as retryHelper from './retry-helper'
|
|
import * as toolCache from '@actions/tool-cache'
|
|
import {randomUUID} from 'crypto'
|
|
import {getServerApiUrl} from './url-helper'
|
|
|
|
const IS_WINDOWS = process.platform === 'win32'
|
|
|
|
export interface RepositoryObjectFormatResult {
|
|
format: string
|
|
succeeded: boolean
|
|
}
|
|
|
|
export async function downloadRepository(
|
|
authToken: string,
|
|
owner: string,
|
|
repo: string,
|
|
ref: string,
|
|
commit: string,
|
|
repositoryPath: string,
|
|
baseUrl?: string
|
|
): Promise<void> {
|
|
// Determine the default branch
|
|
if (!ref && !commit) {
|
|
core.info('Determining the default branch')
|
|
ref = await getDefaultBranch(authToken, owner, repo, baseUrl)
|
|
}
|
|
|
|
// Download the archive
|
|
let archiveData = await retryHelper.execute(async () => {
|
|
core.info('Downloading the archive')
|
|
return await downloadArchive(authToken, owner, repo, ref, commit, baseUrl)
|
|
})
|
|
|
|
// Write archive to disk
|
|
core.info('Writing archive to disk')
|
|
const uniqueId = randomUUID()
|
|
const archivePath = IS_WINDOWS
|
|
? path.join(repositoryPath, `${uniqueId}.zip`)
|
|
: path.join(repositoryPath, `${uniqueId}.tar.gz`)
|
|
await fs.promises.writeFile(archivePath, archiveData)
|
|
archiveData = Buffer.from('') // Free memory
|
|
|
|
// Extract archive
|
|
core.info('Extracting the archive')
|
|
const extractPath = path.join(repositoryPath, uniqueId)
|
|
await io.mkdirP(extractPath)
|
|
if (IS_WINDOWS) {
|
|
await toolCache.extractZip(archivePath, extractPath)
|
|
} else {
|
|
await toolCache.extractTar(archivePath, extractPath)
|
|
}
|
|
await io.rmRF(archivePath)
|
|
|
|
// Determine the path of the repository content. The archive contains
|
|
// a top-level folder and the repository content is inside.
|
|
const archiveFileNames = await fs.promises.readdir(extractPath)
|
|
assert.ok(
|
|
archiveFileNames.length == 1,
|
|
'Expected exactly one directory inside archive'
|
|
)
|
|
const archiveVersion = archiveFileNames[0] // The top-level folder name includes the short SHA
|
|
core.info(`Resolved version ${archiveVersion}`)
|
|
const tempRepositoryPath = path.join(extractPath, archiveVersion)
|
|
|
|
// Move the files
|
|
for (const fileName of await fs.promises.readdir(tempRepositoryPath)) {
|
|
const sourcePath = path.join(tempRepositoryPath, fileName)
|
|
const targetPath = path.join(repositoryPath, fileName)
|
|
if (IS_WINDOWS) {
|
|
await io.cp(sourcePath, targetPath, {recursive: true}) // Copy on Windows (Windows Defender may have a lock)
|
|
} else {
|
|
await io.mv(sourcePath, targetPath)
|
|
}
|
|
}
|
|
await io.rmRF(extractPath)
|
|
}
|
|
|
|
/**
|
|
* Looks up the default branch name
|
|
*/
|
|
export async function getDefaultBranch(
|
|
authToken: string,
|
|
owner: string,
|
|
repo: string,
|
|
baseUrl?: string
|
|
): Promise<string> {
|
|
return await retryHelper.execute(async () => {
|
|
core.info('Retrieving the default branch name')
|
|
const octokit = github.getOctokit(authToken, {
|
|
baseUrl: getServerApiUrl(baseUrl)
|
|
})
|
|
let result: string
|
|
try {
|
|
// Get the default branch from the repo info
|
|
const response = await octokit.rest.repos.get({owner, repo})
|
|
result = response.data.default_branch
|
|
assert.ok(result, 'default_branch cannot be empty')
|
|
} catch (err) {
|
|
// Handle .wiki repo
|
|
if (
|
|
(err as any)?.status === 404 &&
|
|
repo.toUpperCase().endsWith('.WIKI')
|
|
) {
|
|
result = 'master'
|
|
}
|
|
// Otherwise error
|
|
else {
|
|
throw err
|
|
}
|
|
}
|
|
|
|
// Print the default branch
|
|
core.info(`Default branch '${result}'`)
|
|
|
|
// Prefix with 'refs/heads'
|
|
if (!result.startsWith('refs/')) {
|
|
result = `refs/heads/${result}`
|
|
}
|
|
|
|
return result
|
|
})
|
|
}
|
|
|
|
export async function tryGetRepositoryObjectFormat(
|
|
authToken: string,
|
|
owner: string,
|
|
repo: string,
|
|
baseUrl?: string,
|
|
commit?: string
|
|
): Promise<RepositoryObjectFormatResult> {
|
|
const commitFormat = getObjectFormat(commit)
|
|
if (commitFormat) {
|
|
return {format: commitFormat, succeeded: true}
|
|
}
|
|
|
|
try {
|
|
const octokit = github.getOctokit(authToken, {
|
|
baseUrl: getServerApiUrl(baseUrl)
|
|
})
|
|
const response = await octokit.request(
|
|
'GET /repos/{owner}/{repo}/hash-algorithm',
|
|
{owner, repo}
|
|
)
|
|
const hashAlgorithm = response.data.hash_algorithm
|
|
if (hashAlgorithm === 'sha256' || hashAlgorithm === 'sha1') {
|
|
return {format: hashAlgorithm, succeeded: true}
|
|
}
|
|
|
|
core.debug(
|
|
'Unable to determine repository object format from hash-algorithm endpoint'
|
|
)
|
|
return {format: '', succeeded: false}
|
|
} catch (err) {
|
|
core.debug(
|
|
`Unable to determine repository object format from hash-algorithm endpoint: ${(err as any)?.message ?? err}`
|
|
)
|
|
return {format: '', succeeded: false}
|
|
}
|
|
}
|
|
|
|
function getObjectFormat(sha?: string): string {
|
|
if (/^[0-9a-fA-F]{64}$/.test(sha || '')) {
|
|
return 'sha256'
|
|
}
|
|
if (/^[0-9a-fA-F]{40}$/.test(sha || '')) {
|
|
return 'sha1'
|
|
}
|
|
return ''
|
|
}
|
|
|
|
async function downloadArchive(
|
|
authToken: string,
|
|
owner: string,
|
|
repo: string,
|
|
ref: string,
|
|
commit: string,
|
|
baseUrl?: string
|
|
): Promise<Buffer> {
|
|
const octokit = github.getOctokit(authToken, {
|
|
baseUrl: getServerApiUrl(baseUrl)
|
|
})
|
|
const download = IS_WINDOWS
|
|
? octokit.rest.repos.downloadZipballArchive
|
|
: octokit.rest.repos.downloadTarballArchive
|
|
const response = await download({
|
|
owner: owner,
|
|
repo: repo,
|
|
ref: commit || ref
|
|
})
|
|
return Buffer.from(response.data as ArrayBuffer) // response.data is ArrayBuffer
|
|
}
|