convert SSH URL to HTTPS (#179)

Author: ericsciple

.github/workflows/test.yml

@@ -35,7 +35,7 @@ jobs:
         uses: actions/checkout@v2
 
       # Basic checkout
-      - name: Basic checkout
+      - name: Checkout basic
         uses: ./
         with:
           ref: test-data/v2/basic
@@ -48,7 +48,7 @@ jobs:
       - name: Modify work tree
         shell: bash
         run: __test__/modify-work-tree.sh
-      - name: Clean checkout
+      - name: Checkout clean
         uses: ./
         with:
           ref: test-data/v2/basic
@@ -58,12 +58,12 @@ jobs:
         run: __test__/verify-clean.sh
 
       # Side by side
-      - name: Side by side checkout 1
+      - name: Checkout side by side 1
         uses: ./
         with:
           ref: test-data/v2/side-by-side-1
           path: side-by-side-1
-      - name: Side by side checkout 2
+      - name: Checkout side by side 2
         uses: ./
         with:
           ref: test-data/v2/side-by-side-2
@@ -73,7 +73,7 @@ jobs:
         run: __test__/verify-side-by-side.sh
 
       # LFS
-      - name: LFS checkout
+      - name: Checkout LFS
         uses: ./
         with:
           repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
@@ -85,29 +85,29 @@ jobs:
         run: __test__/verify-lfs.sh
 
       # Submodules false
-      - name: Submodules false checkout
+      - name: Checkout submodules false
         uses: ./
         with:
-          ref: test-data/v2/submodule
+          ref: test-data/v2/submodule-ssh-url
           path: submodules-false
       - name: Verify submodules false
         run: __test__/verify-submodules-false.sh
 
       # Submodules one level
-      - name: Submodules true checkout
+      - name: Checkout submodules true
         uses: ./
         with:
-          ref: test-data/v2/submodule
+          ref: test-data/v2/submodule-ssh-url
           path: submodules-true
           submodules: true
       - name: Verify submodules true
         run: __test__/verify-submodules-true.sh
 
       # Submodules recursive
-      - name: Submodules recursive checkout
+      - name: Checkout submodules recursive
         uses: ./
         with:
-          ref: test-data/v2/submodule
+          ref: test-data/v2/submodule-ssh-url
           path: submodules-recursive
           submodules: recursive
       - name: Verify submodules recursive
@@ -127,7 +127,7 @@ jobs:
       - name: Override git version (Windows)
         if: runner.os == 'windows'
         run: __test__\\override-git-version.cmd
-      - name: Basic checkout using REST API
+      - name: Checkout basic using REST API
         uses: ./
         with:
           ref: test-data/v2/basic
@@ -153,7 +153,7 @@ jobs:
         uses: actions/checkout@v2
 
       # Basic checkout using git
-      - name: Basic checkout
+      - name: Checkout basic
         uses: ./
         with:
           ref: test-data/v2/basic
@@ -185,7 +185,7 @@ jobs:
         uses: actions/checkout@v2
 
       # Basic checkout using git
-      - name: Basic checkout
+      - name: Checkout basic
         uses: ./
         with:
           ref: test-data/v2/basic
@@ -198,7 +198,7 @@ jobs:
       # Basic checkout using REST API
       - name: Override git version
         run: __test__/override-git-version.sh
-      - name: Basic checkout using REST API
+      - name: Checkout basic using REST API
         uses: ./
         with:
           ref: test-data/v2/basic

dist/index.js

@@ -5095,6 +5095,8 @@ exports.createAuthHelper = createAuthHelper;
 class GitAuthHelper {
     constructor(gitCommandManager, gitSourceSettings) {
         this.tokenConfigKey = `http.https://${HOSTNAME}/.extraheader`;
+        this.insteadOfKey = `url.https://${HOSTNAME}/.insteadOf`;
+        this.insteadOfValue = `git@${HOSTNAME}:`;
         this.temporaryHomePath = '';
         this.git = gitCommandManager;
         this.settings = gitSourceSettings || {};
@@ -5140,11 +5142,15 @@ class GitAuthHelper {
             else {
                 yield fs.promises.writeFile(newGitConfigPath, '');
             }
-            // Configure the token
             try {
+                // Override HOME
                 core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
                 this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
+                // Configure the token
                 yield this.configureToken(newGitConfigPath, true);
+                // Configure HTTPS instead of SSH
+                yield this.git.tryConfigUnset(this.insteadOfKey, true);
+                yield this.git.config(this.insteadOfKey, this.insteadOfValue, true);
             }
             catch (err) {
                 // Unset in case somehow written to the real global config
@@ -5160,7 +5166,12 @@ class GitAuthHelper {
                 // Configure a placeholder value. This approach avoids the credential being captured
                 // by process creation audit events, which are commonly logged. For more information,
                 // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
-                const output = yield this.git.submoduleForeach(`git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules);
+                const commands = [
+                    `git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
+                    `git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
+                    `git config --local --show-origin --name-only --get-regexp remote.origin.url`
+                ];
+                const output = yield this.git.submoduleForeach(commands.join(' && '), this.settings.nestedSubmodules);
                 // Replace the placeholder
                 const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
                 for (const configPath of configPaths) {

src/git-auth-helper.ts

@@ -34,6 +34,8 @@ class GitAuthHelper {
   private readonly settings: IGitSourceSettings
   private readonly tokenConfigKey: string = `http.https://${HOSTNAME}/.extraheader`
   private readonly tokenPlaceholderConfigValue: string
+  private readonly insteadOfKey: string = `url.https://${HOSTNAME}/.insteadOf`
+  private readonly insteadOfValue: string = `git@${HOSTNAME}:`
   private temporaryHomePath = ''
   private tokenConfigValue: string
 
@@ -92,13 +94,19 @@ class GitAuthHelper {
       await fs.promises.writeFile(newGitConfigPath, '')
     }
 
-    // Configure the token
     try {
+      // Override HOME
       core.info(
         `Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
       )
       this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
+
+      // Configure the token
       await this.configureToken(newGitConfigPath, true)
+
+      // Configure HTTPS instead of SSH
+      await this.git.tryConfigUnset(this.insteadOfKey, true)
+      await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
     } catch (err) {
       // Unset in case somehow written to the real global config
       core.info(
@@ -114,8 +122,13 @@ class GitAuthHelper {
       // Configure a placeholder value. This approach avoids the credential being captured
       // by process creation audit events, which are commonly logged. For more information,
       // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
+      const commands = [
+        `git config --local "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}"`,
+        `git config --local "${this.insteadOfKey}" "${this.insteadOfValue}"`,
+        `git config --local --show-origin --name-only --get-regexp remote.origin.url`
+      ]
       const output = await this.git.submoduleForeach(
-        `git config "${this.tokenConfigKey}" "${this.tokenPlaceholderConfigValue}" && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
+        commands.join(' && '),
         this.settings.nestedSubmodules
       )