fix: prevent git prompt before permissions verification
This commit is contained in:
Pierre Vanduynslager
parent
3c46455929
commit
30ee231116
9
index.js
9
index.js
@ -11,8 +11,10 @@ const getNextVersion = require('./lib/get-next-version');
|
||||
const getCommits = require('./lib/get-commits');
|
||||
const getLastRelease = require('./lib/get-last-release');
|
||||
const {extractErrors} = require('./lib/utils');
|
||||
const getGitAuthUrl = require('./lib/get-git-auth-url');
|
||||
const logger = require('./lib/logger');
|
||||
const {unshallow, gitHead: getGitHead, tag, push} = require('./lib/git');
|
||||
const {unshallow, verifyAuth, gitHead: getGitHead, tag, push} = require('./lib/git');
|
||||
const getError = require('./lib/get-error');
|
||||
|
||||
marked.setOptions({renderer: new TerminalRenderer()});
|
||||
|
||||
@ -44,6 +46,11 @@ async function run(options, plugins) {
|
||||
|
||||
await verify(options);
|
||||
|
||||
options.repositoryUrl = await getGitAuthUrl(options);
|
||||
if (!await verifyAuth(options.repositoryUrl, options.branch)) {
|
||||
throw getError('EGITNOPERMISSION', {options});
|
||||
}
|
||||
|
||||
logger.log('Run automated release from branch %s', options.branch);
|
||||
|
||||
logger.log('Call plugin %s', 'verify-conditions');
|
||||
|
||||
@ -6,7 +6,6 @@ const debug = require('debug')('semantic-release:config');
|
||||
const {repoUrl} = require('./git');
|
||||
const PLUGINS_DEFINITIONS = require('./definitions/plugins');
|
||||
const plugins = require('./plugins');
|
||||
const getGitAuthUrl = require('./get-git-auth-url');
|
||||
|
||||
module.exports = async (opts, logger) => {
|
||||
const {config} = (await cosmiconfig('release', {rcExtensions: true}).load(process.cwd())) || {};
|
||||
@ -51,8 +50,6 @@ module.exports = async (opts, logger) => {
|
||||
...pickBy(options, option => !isUndefined(option) && !isNull(option)),
|
||||
};
|
||||
|
||||
options.repositoryUrl = await getGitAuthUrl(options);
|
||||
|
||||
debug('options values: %O', options);
|
||||
|
||||
return {options, plugins: await plugins(options, pluginsPath, logger)};
|
||||
|
||||
@ -17,38 +17,36 @@ const GIT_TOKENS = ['GIT_CREDENTIALS', 'GH_TOKEN', 'GITHUB_TOKEN', 'GL_TOKEN', '
|
||||
* @return {String} The formatted Git repository URL.
|
||||
*/
|
||||
module.exports = async ({repositoryUrl, branch}) => {
|
||||
if (repositoryUrl) {
|
||||
const info = hostedGitInfo.fromUrl(repositoryUrl, {noGitPlus: true});
|
||||
const info = hostedGitInfo.fromUrl(repositoryUrl, {noGitPlus: true});
|
||||
|
||||
if (info && info.getDefaultRepresentation() === 'shortcut') {
|
||||
// Expand shorthand URLs (such as `owner/repo` or `gitlab:owner/repo`)
|
||||
repositoryUrl = info.https();
|
||||
} else {
|
||||
const {protocols} = gitUrlParse(repositoryUrl);
|
||||
if (info && info.getDefaultRepresentation() === 'shortcut') {
|
||||
// Expand shorthand URLs (such as `owner/repo` or `gitlab:owner/repo`)
|
||||
repositoryUrl = info.https();
|
||||
} else {
|
||||
const {protocols} = gitUrlParse(repositoryUrl);
|
||||
|
||||
// Replace `git+https` and `git+http` with `https` or `http`
|
||||
if (protocols.includes('http') || protocols.includes('https')) {
|
||||
repositoryUrl = format({
|
||||
...parse(repositoryUrl),
|
||||
...{protocol: protocols.includes('https') ? 'https' : 'http'},
|
||||
});
|
||||
}
|
||||
// Replace `git+https` and `git+http` with `https` or `http`
|
||||
if (protocols.includes('http') || protocols.includes('https')) {
|
||||
repositoryUrl = format({
|
||||
...parse(repositoryUrl),
|
||||
...{protocol: protocols.includes('https') ? 'https' : 'http'},
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
// Test if push is allowed without transforming the URL (e.g. is ssh keys are set up)
|
||||
if (!await verifyAuth(repositoryUrl, branch)) {
|
||||
const envVar = GIT_TOKENS.find(envVar => !isUndefined(process.env[envVar]));
|
||||
const gitCredentials = ['GL_TOKEN', 'GITLAB_TOKEN'].includes(envVar)
|
||||
? `gitlab-ci-token:${process.env[envVar]}`
|
||||
: process.env[envVar];
|
||||
const {protocols} = gitUrlParse(repositoryUrl);
|
||||
const protocol = protocols.includes('https') ? 'https' : protocols.includes('http') ? 'http' : 'https';
|
||||
// Test if push is allowed without transforming the URL (e.g. is ssh keys are set up)
|
||||
if (!await verifyAuth(repositoryUrl, branch)) {
|
||||
const envVar = GIT_TOKENS.find(envVar => !isUndefined(process.env[envVar]));
|
||||
const gitCredentials = ['GL_TOKEN', 'GITLAB_TOKEN'].includes(envVar)
|
||||
? `gitlab-ci-token:${process.env[envVar]}`
|
||||
: process.env[envVar];
|
||||
const {protocols} = gitUrlParse(repositoryUrl);
|
||||
const protocol = protocols.includes('https') ? 'https' : protocols.includes('http') ? 'http' : 'https';
|
||||
|
||||
// If credentials are set via anvironment variables, convert the URL to http/https and add basic auth, otherwise return `repositoryUrl` as is
|
||||
return gitCredentials
|
||||
? format({...parse(`${gitUrlParse(repositoryUrl).toString(protocol)}.git`), ...{auth: gitCredentials}})
|
||||
: repositoryUrl;
|
||||
}
|
||||
// If credentials are set via anvironment variables, convert the URL to http/https and add basic auth, otherwise return `repositoryUrl` as is
|
||||
return gitCredentials
|
||||
? format({...parse(`${gitUrlParse(repositoryUrl).toString(protocol)}.git`), ...{auth: gitCredentials}})
|
||||
: repositoryUrl;
|
||||
}
|
||||
return repositoryUrl;
|
||||
};
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
const {template} = require('lodash');
|
||||
const AggregateError = require('aggregate-error');
|
||||
const {isGitRepo, verifyAuth, verifyTagName} = require('./git');
|
||||
const {isGitRepo, verifyTagName} = require('./git');
|
||||
const getError = require('./get-error');
|
||||
|
||||
module.exports = async options => {
|
||||
@ -10,8 +10,6 @@ module.exports = async options => {
|
||||
errors.push(getError('ENOGITREPO'));
|
||||
} else if (!options.repositoryUrl) {
|
||||
errors.push(getError('ENOREPOURL'));
|
||||
} else if (!await verifyAuth(options.repositoryUrl, options.branch)) {
|
||||
errors.push(getError('EGITNOPERMISSION', {options}));
|
||||
}
|
||||
|
||||
// Verify that compiling the `tagFormat` produce a valid Git tag
|
||||
|
||||
@ -31,7 +31,6 @@ test.afterEach.always(() => {
|
||||
});
|
||||
|
||||
test.serial('Default values, reading repositoryUrl from package.json', async t => {
|
||||
process.env.GIT_CREDENTIALS = 'user:pass';
|
||||
const pkg = {repository: 'https://host.null/owner/package.git'};
|
||||
// Create a git repository, set the current working directory at the root of the repo
|
||||
await gitRepo();
|
||||
@ -45,12 +44,11 @@ test.serial('Default values, reading repositoryUrl from package.json', async t =
|
||||
|
||||
// Verify the default options are set
|
||||
t.is(options.branch, 'master');
|
||||
t.is(options.repositoryUrl, 'https://user:pass@host.null/owner/package.git');
|
||||
t.is(options.repositoryUrl, 'https://host.null/owner/package.git');
|
||||
t.is(options.tagFormat, `v\${version}`);
|
||||
});
|
||||
|
||||
test.serial('Default values, reading repositoryUrl from repo if not set in package.json', async t => {
|
||||
process.env.GIT_CREDENTIALS = 'user:pass';
|
||||
// Create a git repository, set the current working directory at the root of the repo
|
||||
await gitRepo();
|
||||
// Add remote.origin.url config
|
||||
@ -60,12 +58,11 @@ test.serial('Default values, reading repositoryUrl from repo if not set in packa
|
||||
|
||||
// Verify the default options are set
|
||||
t.is(options.branch, 'master');
|
||||
t.is(options.repositoryUrl, 'https://user:pass@host.null/owner/module.git');
|
||||
t.is(options.repositoryUrl, 'https://host.null/owner/module.git');
|
||||
t.is(options.tagFormat, `v\${version}`);
|
||||
});
|
||||
|
||||
test.serial('Default values, reading repositoryUrl (http url) from package.json if not set in repo', async t => {
|
||||
process.env.GIT_CREDENTIALS = 'user:pass';
|
||||
const pkg = {repository: 'https://host.null/owner/module.git'};
|
||||
// Create a git repository, set the current working directory at the root of the repo
|
||||
await gitRepo();
|
||||
@ -76,58 +73,10 @@ test.serial('Default values, reading repositoryUrl (http url) from package.json
|
||||
|
||||
// Verify the default options are set
|
||||
t.is(options.branch, 'master');
|
||||
t.is(options.repositoryUrl, 'https://user:pass@host.null/owner/module.git');
|
||||
t.is(options.repositoryUrl, 'https://host.null/owner/module.git');
|
||||
t.is(options.tagFormat, `v\${version}`);
|
||||
});
|
||||
|
||||
test.serial('Default values, reading repositoryUrl (shorthand url) from package.json if not set in repo', async t => {
|
||||
process.env.GIT_CREDENTIALS = 'user:pass';
|
||||
const pkg = {repository: 'owner/module'};
|
||||
// Create a git repository, set the current working directory at the root of the repo
|
||||
await gitRepo();
|
||||
// Create package.json in repository root
|
||||
await outputJson('./package.json', pkg);
|
||||
|
||||
const {options} = await t.context.getConfig();
|
||||
|
||||
// Verify the default options are set
|
||||
t.is(options.branch, 'master');
|
||||
t.is(options.repositoryUrl, 'https://user:pass@github.com/owner/module.git');
|
||||
t.is(options.tagFormat, `v\${version}`);
|
||||
});
|
||||
|
||||
test.serial(
|
||||
'Default values, reading repositoryUrl (gitlab shorthand url) from package.json if not set in repo',
|
||||
async t => {
|
||||
process.env.GIT_CREDENTIALS = 'user:pass';
|
||||
const pkg = {repository: 'gitlab:owner/module'};
|
||||
// Create a git repository, set the current working directory at the root of the repo
|
||||
await gitRepo();
|
||||
// Create package.json in repository root
|
||||
await outputJson('./package.json', pkg);
|
||||
|
||||
const {options} = await t.context.getConfig();
|
||||
|
||||
// Verify the default options are set
|
||||
t.is(options.branch, 'master');
|
||||
t.is(options.repositoryUrl, 'https://user:pass@gitlab.com/owner/module.git');
|
||||
t.is(options.tagFormat, `v\${version}`);
|
||||
}
|
||||
);
|
||||
|
||||
test.serial('Do not add git credential to repositoryUrl if push is allowed', async t => {
|
||||
process.env.GIT_CREDENTIALS = 'user:pass';
|
||||
// Create a git repository, set the current working directory at the root of the repo
|
||||
const repositoryUrl = await gitRepo(true);
|
||||
const pkg = {repository: repositoryUrl};
|
||||
// Create package.json in repository root
|
||||
await outputJson('./package.json', pkg);
|
||||
|
||||
const {options} = await t.context.getConfig();
|
||||
|
||||
t.is(options.repositoryUrl, repositoryUrl);
|
||||
});
|
||||
|
||||
test.serial('Read options from package.json', async t => {
|
||||
const release = {
|
||||
analyzeCommits: {path: 'analyzeCommits', param: 'analyzeCommits_param'},
|
||||
|
||||
@ -51,6 +51,20 @@ test.serial('Handle "git" URL with group and subgroup', async t => {
|
||||
);
|
||||
});
|
||||
|
||||
test.serial('Convert shorthand URL', async t => {
|
||||
t.is(
|
||||
await getAuthUrl({repositoryUrl: 'semanitc-release/semanitc-release'}),
|
||||
'https://github.com/semanitc-release/semanitc-release.git'
|
||||
);
|
||||
});
|
||||
|
||||
test.serial('Convert GitLab shorthand URL', async t => {
|
||||
t.is(
|
||||
await getAuthUrl({repositoryUrl: 'gitlab:semanitc-release/semanitc-release'}),
|
||||
'https://gitlab.com/semanitc-release/semanitc-release.git'
|
||||
);
|
||||
});
|
||||
|
||||
test.serial(
|
||||
'Return the "https" formatted URL if "gitCredentials" is defined and repositoryUrl is a "git" URL',
|
||||
async t => {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user