actions
/
setup-java
mirror of https://gitea.com/actions/setup-java.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

bugfix(auth): Update authentication logic in settings.xml, unit tests, and documentation examples 

To resolve this, we've made significant updates to the logic within settings.xml for better handling of authentication information. Additionally, unit tests have been updated to reflect these changes and ensure robust verification. The documentation and examples have also been revised to provide clearer guidance on configuring and utilizing this updated process successfully.
This commit is contained in:
Parry 2024-03-01 12:43:13 +08:00
parent 9704b39bf2
commit c6b8c532e9
No known key found for this signature in database
GPG Key ID: 20538D47AB369515
5 changed files with 66 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/e2e-publishing.yml vendored
View File

@ -36,6 +36,10 @@ jobs:
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
env:
MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate settings.xml
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@ -77,6 +81,10 @@ jobs:
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
env:
MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate settings.xml is overwritten
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@ -114,6 +122,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN
overwrite-settings: false
gpg-passphrase: MAVEN_GPG_PASSPHRASE
env:
MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate that settings.xml is not overwritten
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@ -145,6 +157,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
settings-path: ${{ runner.temp }}
env:
MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate settings.xml location
run: |
$path = Join-Path $env:RUNNER_TEMP "settings.xml"

33
__tests__/auth.test.ts
View File

@ -1,8 +1,8 @@
import * as io from '@actions/io';
import * as core from '@actions/core';
import * as io from '@actions/io';
import * as fs from 'fs';
import * as path from 'path';
import os from 'os';
import * as path from 'path';
import * as auth from '../src/auth';
import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants';
@ -10,6 +10,14 @@ import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants';
const m2Dir = path.join(__dirname, M2_DIR);
const settingsFile = path.join(m2Dir, MVN_SETTINGS_FILE);
// escape xml special characters
function escapeXml(unsafeStr: string) {
return unsafeStr
.replace(/&/g, '&')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;');
}
describe('auth tests', () => {
let spyOSHomedir: jest.SpyInstance;
let spyInfo: jest.SpyInstance;
@ -157,14 +165,17 @@ describe('auth tests', () => {
const username = 'USER';
const password = '&<>"\'\'"><&';
process.env['username'] = username;
process.env['password'] = password;
const expectedSettings = `<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>${id}</id>
<username>\${env.${username}}</username>
<password>\${env.&amp;&lt;&gt;"''"&gt;&lt;&amp;}</password>
<id>${escapeXml(id)}</id>
<username>${escapeXml(username)}</username>
<password>${escapeXml(password)}</password>
</server>
</servers>
</settings>`;
@ -178,18 +189,22 @@ describe('auth tests', () => {
const password = '&<>"\'\'"><&';
const gpgPassphrase = 'PASSPHRASE';
process.env['username'] = username;
process.env['password'] = password;
process.env['gpgPassphrase'] = gpgPassphrase;
const expectedSettings = `<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>${id}</id>
<username>\${env.${username}}</username>
<password>\${env.&amp;&lt;&gt;"''"&gt;&lt;&amp;}</password>
<id>${escapeXml(id)}</id>
<username>${escapeXml(username)}</username>
<password>${escapeXml(password)}</password>
</server>
<server>
<id>gpg.passphrase</id>
<passphrase>\${env.${gpgPassphrase}}</passphrase>
<passphrase>${escapeXml(gpgPassphrase)}</passphrase>
</server>
</servers>
</settings>`;

20
dist/setup/index.js vendored
View File

@ -122463,9 +122463,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.generate = exports.createAuthenticationSettings = exports.configureAuthentication = void 0;
const path = __importStar(__nccwpck_require__(71017));
const core = __importStar(__nccwpck_require__(42186));
const io = __importStar(__nccwpck_require__(47351));
const path = __importStar(__nccwpck_require__(71017));
const fs = __importStar(__nccwpck_require__(57147));
const os = __importStar(__nccwpck_require__(22037));
const xmlbuilder2_1 = __nccwpck_require__(70151);
@ -122507,7 +122507,19 @@ function createAuthenticationSettings(id, username, password, settingsDirectory,
}
exports.createAuthenticationSettings = createAuthenticationSettings;
// only exported for testing purposes
function escapeXml(unsafeStr) {
return unsafeStr
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&apos;');
}
function generate(id, username, password, gpgPassphrase) {
const escapedUsername = escapeXml(username);
const escapedPassword = escapeXml(password);
let escapedGpgPassphrase = gpgPassphrase
? escapeXml(gpgPassphrase)
: undefined;
const xmlObj = {
settings: {
'@xmlns': 'http://maven.apache.org/SETTINGS/1.0.0',
@ -122517,8 +122529,8 @@ function generate(id, username, password, gpgPassphrase) {
server: [
{
id: id,
username: `\${env.${username}}`,
password: `\${env.${password}}`
username: escapedUsername,
password: escapedPassword
}
]
}
@ -122527,7 +122539,7 @@ function generate(id, username, password, gpgPassphrase) {
if (gpgPassphrase) {
const gpgServer = {
id: 'gpg.passphrase',
passphrase: `\${env.${gpgPassphrase}}`
passphrase: escapedGpgPassphrase
};
xmlObj.settings.servers.server.push(gpgServer);
}

9
docs/advanced-usage.md
View File

@ -182,7 +182,7 @@ steps:
jdkFile: ${{ runner.temp }}/java_package.tar.gz
java-version: '11.0.0'
architecture: x64
- run: java -cp java HelloWorldApp
```
@ -285,7 +285,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
env:
MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }} # set the env variable for username
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} # set the env variable for token
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # set the env variable for GPG private key passphrase
- name: Publish to Apache Maven Central
run: mvn deploy
env:
@ -527,7 +530,7 @@ steps:
## Java-version file
If the `java-version-file` input is specified, the action will try to extract the version from the file and install it.
Action is able to recognize all variants of the version description according to [jenv](https://github.com/jenv/jenv).
Action is able to recognize all variants of the version description according to [jenv](https://github.com/jenv/jenv).
Valid entry options:
```
major versions: 8, 11, 16, 17, 21

8
src/auth.ts
View File

@ -1,6 +1,6 @@
import * as path from 'path';
import * as core from '@actions/core';
import * as io from '@actions/io';
import * as path from 'path';
import * as fs from 'fs';
import * as os from 'os';
@ -84,8 +84,8 @@ export function generate(
server: [
{
id: id,
username: `\${env.${username}}`,
password: `\${env.${password}}`
username: process.env['username'],
password: process.env['password']
}
]
}
@ -95,7 +95,7 @@ export function generate(
if (gpgPassphrase) {
const gpgServer = {
id: 'gpg.passphrase',
passphrase: `\${env.${gpgPassphrase}}`
passphrase: process.env['gpgPassphrase']
};
xmlObj.settings.servers.server.push(gpgServer);
}