From cb2c506d8b6545b90587b6b5b7bf979c3f2b40b6 Mon Sep 17 00:00:00 2001
From: Scott Willeke <scott@willeke.com>
Date: Tue, 20 Aug 2019 23:33:32 -0700
Subject: [PATCH] fix: prefix git auth url with "x-access-token:" when run in a
 GitHub Action

---
 lib/get-git-auth-url.js       | 22 ++++++++++++----------
 test/get-git-auth-url.test.js | 13 +++++++++++++
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/lib/get-git-auth-url.js b/lib/get-git-auth-url.js
index 5206db02..baa4aa2b 100644
--- a/lib/get-git-auth-url.js
+++ b/lib/get-git-auth-url.js
@@ -3,16 +3,6 @@ const {isNil} = require('lodash');
 const hostedGitInfo = require('hosted-git-info');
 const {verifyAuth} = require('./git');
 
-const GIT_TOKENS = {
-  GIT_CREDENTIALS: undefined,
-  GH_TOKEN: undefined,
-  GITHUB_TOKEN: undefined,
-  GL_TOKEN: 'gitlab-ci-token:',
-  GITLAB_TOKEN: 'gitlab-ci-token:',
-  BB_TOKEN: 'x-token-auth:',
-  BITBUCKET_TOKEN: 'x-token-auth:',
-};
-
 /**
  * Determine the the git repository URL to use to push, either:
  * - The `repositoryUrl` as is if allowed to push
@@ -25,6 +15,18 @@ const GIT_TOKENS = {
  * @return {String} The formatted Git repository URL.
  */
 module.exports = async ({cwd, env, branch, options: {repositoryUrl}}) => {
+  const GIT_TOKENS = {
+    GIT_CREDENTIALS: undefined,
+    GH_TOKEN: undefined,
+    // GitHub Actions require the "x-access-token:" prefix for git access
+    // https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#http-based-git-access-by-an-installation
+    GITHUB_TOKEN: isNil(env.GITHUB_ACTION) ? undefined : 'x-access-token:',
+    GL_TOKEN: 'gitlab-ci-token:',
+    GITLAB_TOKEN: 'gitlab-ci-token:',
+    BB_TOKEN: 'x-token-auth:',
+    BITBUCKET_TOKEN: 'x-token-auth:',
+  };
+
   const info = hostedGitInfo.fromUrl(repositoryUrl, {noGitPlus: true});
   const {protocol, ...parsed} = parse(repositoryUrl);
 
diff --git a/test/get-git-auth-url.test.js b/test/get-git-auth-url.test.js
index f4b26336..aa2c2ce3 100644
--- a/test/get-git-auth-url.test.js
+++ b/test/get-git-auth-url.test.js
@@ -273,6 +273,19 @@ test('Return the "https" formatted URL if "gitCredentials" is defined with "BITB
   );
 });
 
+test('Return the "https" formatted URL if "GITHUB_ACTION" is set', async t => {
+  const {cwd} = await gitRepo();
+
+  t.is(
+    await getAuthUrl({
+      cwd,
+      env: {...env, GITHUB_ACTION: 'foo', GITHUB_TOKEN: 'token'},
+      options: {branch: 'master', repositoryUrl: 'git@host.null:owner/repo.git'},
+    }),
+    'https://x-access-token:token@host.null/owner/repo.git'
+  );
+});
+
 test('Handle "https" URL with group and subgroup, with "GIT_CREDENTIALS"', async t => {
   const {cwd} = await gitRepo();