Initial commit

Author: de-vri-es

.github/workflows/checkin.yml

@@ -0,0 +1,22 @@
+name: "PR Checks"
+on: [pull_request, push]
+
+jobs:
+  check_pr:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+
+    - name: "npm ci"
+      run: npm ci
+
+    - name: "npm run build"
+      run: npm run build
+
+    - name: "check for uncommitted changes"
+      # Ensure no changes, but ignore node_modules dir since dev/fresh ci deps installed.
+      run: |
+        git diff --exit-code --stat -- . ':!node_modules' \
+        || (echo "##[error] found changed files after build. please 'npm run build && npm run format'" \
+                 "and check in all changes" \
+            && exit 1)

.gitignore

@@ -0,0 +1,91 @@
+__tests__/runner/*
+
+# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/

LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2019, Fusion Engineering <oss@fusion.engineering>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -0,0 +1,23 @@
+# Configuring credentials
+
+This action allows you to clone private repositories from GitHub by providing a `GIT_CREDENTIALS` secret.
+
+The contents of `GIT_CREDENTIALTS` will be saved in the `$XDG_CONFIG_HOME/git/credentials` file,
+and git will be configured to use these credentials.
+The credentials file contains a list of URL patterns with authentication information.
+See `man 7 git-credentials-store` for more details.
+
+Additionally, `ssh` URLs for github repositories will be rewritten to `https`, so the credentials can be used.
+
+It is advisable to generate an access token specifically for your workflow / actions.
+Simply use the token in place of the password in the `GIT_CREDENTIALS`:
+
+```
+https://$username:$token@github.com/
+```
+
+# Why not use an SSH key?
+Currently, Cargo (the Rust package manager) does not support SSH authentication other than through an SSH agent.
+SSH agents are not meant to be used non-interactively, so HTTPS authentication is a simpler solution.
+
+If you can use plain SSH keys, that would be a good solution too.

action.yml

@@ -0,0 +1,11 @@
+name: setup-git-credentials
+description: Allow cloning of private repositories from GitHub
+author: Fusion Engineering
+inputs:
+  secret:
+    description: secret containing the git credentials
+    default: GIT_CREDENTIALS
+
+runs:
+  using: node12
+  main: lib/main.js

package-lock.json

@@ -0,0 +1,29 @@
+{
+  "name": "setup-git-credentials",
+  "version": "0.0.0",
+  "private": true,
+  "description": "Allow cloning private repositories from GitHub",
+  "main": "lib/main.js",
+  "scripts": {
+    "build": "tsc"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/fusion-engineering/setup-git-credentials.git"
+  },
+  "keywords": [
+    "git",
+    "private",
+    "clone"
+  ],
+  "author": "Fusion Engineering",
+  "license": "BSD-2-Clause",
+  "dependencies": {
+    "@actions/core": "^1.0.0",
+    "@actions/exec": "^1.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^12.0.4",
+    "typescript": "^3.5.1"
+  }
+}

package.json

@@ -0,0 +1,35 @@
+import * as core from '@actions/core';
+import { exec } from '@actions/exec';
+
+import { promises as fs } from 'fs';
+import * as process from 'process';
+import * as os from 'os';
+
+function xdg_config_home() {
+	const xdg_config_home = process.env['XGD_CONFIG_HOME'];
+	if (xdg_config_home) return xdg_config_home;
+	return `${os.homedir()}/.config`
+}
+
+async function run() {
+	const secret = core.getInput('secret');
+	const credentials = process.env[secret];
+	if (!credentials) {
+		throw new Error(`Credentials environment variable '${secret}' is not set`);
+	}
+
+	// Write credentials.
+	await fs.mkdir(`${xdg_config_home()}/git`, { recursive: true });
+	await fs.writeFile(`${xdg_config_home()}/git/credentials`, credentials, { flag: 'a', mode: 0o600 });
+
+	// Add git configuration.
+	await exec('git', ['config', '--global', 'credential.helper', 'store']);
+	await exec('git', ['config', '--global', 'url.https://github.com/.insteadOf', 'ssh://git@github.com/']);
+	await exec('git', ['config', '--global', 'url.https://github.com/.insteadOf', 'git@github.com:']);
+}
+
+try {
+	run();
+} catch (error) {
+	core.setFailed(error.message);
+}

src/main.ts

@@ -0,0 +1,29 @@
+{
+  "compilerOptions": {
+    "incremental": true,
+    "target": "es6",
+    "module": "commonjs",
+    "outDir": "./lib",
+    "rootDir": "./src",
+
+    "strict": true,
+    "noImplicitAny": true,
+    "strictNullChecks": true,
+    "strictFunctionTypes": true,
+    "strictBindCallApply": true,
+    "strictPropertyInitialization": true,
+    "noImplicitThis": true,
+    "alwaysStrict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": true,
+
+    "esModuleInterop": true,
+
+    "inlineSourceMap": true,
+    "inlineSources": true
+  },
+
+  "exclude": ["node_modules"]
+}