Add new public key for known_hosts (#1237) (#1238)

* Add new public key for known_hosts (#1237)

* Add new public key for known_hosts

* Fix the build!

* fix build.

---------

Co-authored-by: Cameron Booth <cdb@github.com>

.github/workflows/test.yml

@@ -142,7 +142,7 @@ jobs:
       options: --dns 127.0.0.1
     services:
       squid-proxy:
-        image: datadog/squid:latest
+        image: ubuntu/squid:latest
         ports:
           - 3128:3128
     env:

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## v2.5.0
+- [Bump @actions/core to v1.10.0](https://github.com/actions/checkout/pull/962)
+
 ## v2.4.2
 - [Add input `set-safe-directory`](https://github.com/actions/checkout/pull/776)
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "checkout",
-  "version": "2.0.2",
+  "version": "2.6.0",
   "description": "checkout action",
   "main": "lib/main.js",
   "scripts": {
@@ -28,10 +28,10 @@
   },
   "homepage": "https://github.com/actions/checkout#readme",
   "dependencies": {
-    "@actions/core": "^1.2.6",
+    "@actions/core": "^1.10.0",
     "@actions/exec": "^1.0.1",
     "@actions/github": "^2.2.0",
-    "@actions/io": "^1.0.1",
+    "@actions/io": "^1.1.2",
     "@actions/tool-cache": "^1.1.2",
     "uuid": "^3.3.3"
   },
@@ -39,11 +39,12 @@
     "@types/jest": "^27.0.2",
     "@types/node": "^12.7.12",
     "@types/uuid": "^3.4.6",
-    "@typescript-eslint/parser": "^5.1.0",
+    "@typescript-eslint/eslint-plugin": "^5.45.0",
+    "@typescript-eslint/parser": "^5.45.0",
     "@zeit/ncc": "^0.20.5",
     "eslint": "^7.32.0",
     "eslint-plugin-github": "^4.3.2",
-    "eslint-plugin-jest": "^25.2.2",
+    "eslint-plugin-jest": "^25.7.0",
     "jest": "^27.3.0",
     "jest-circus": "^27.3.0",
     "js-yaml": "^3.13.1",

src/git-auth-helper.ts

@@ -157,7 +157,8 @@ class GitAuthHelper {
       // by process creation audit events, which are commonly logged. For more information,
       // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
       const output = await this.git.submoduleForeach(
-        `git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
+        // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+        `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
         this.settings.nestedSubmodules
       )
 
@@ -246,7 +247,7 @@ class GitAuthHelper {
     if (this.settings.sshKnownHosts) {
       knownHosts += `# Begin from input known hosts\n${this.settings.sshKnownHosts}\n# end from input known hosts\n`
     }
-    knownHosts += `# Begin implicitly added github.com\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n# End implicitly added github.com\n`
+    knownHosts += `# Begin implicitly added github.com\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=\n# End implicitly added github.com\n`
     this.sshKnownHostsPath = path.join(runnerTemp, `${uniqueId}_known_hosts`)
     stateHelper.setSshKnownHostsPath(this.sshKnownHostsPath)
     await fs.promises.writeFile(this.sshKnownHostsPath, knownHosts)
@@ -365,7 +366,8 @@ class GitAuthHelper {
 
     const pattern = regexpHelper.escape(configKey)
     await this.git.submoduleForeach(
-      `git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`,
+      // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+      `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`,
       true
     )
   }

src/misc/licensed-check.sh

@@ -5,4 +5,4 @@ set -e
 src/misc/licensed-download.sh
 
 echo 'Running: licensed cached'
-_temp/licensed-3.3.1/licensed status
+_temp/licensed-3.6.0/licensed status

src/misc/licensed-download.sh

@@ -2,23 +2,23 @@
 
 set -e
 
-if [ ! -f _temp/licensed-3.3.1.done ]; then
+if [ ! -f _temp/licensed-3.6.0.done ]; then
   echo 'Clearing temp'
-  rm -rf _temp/licensed-3.3.1 || true
+  rm -rf _temp/licensed-3.6.0 || true
 
   echo 'Downloading licensed'
-  mkdir -p _temp/licensed-3.3.1
+  mkdir -p _temp/licensed-3.6.0
-  pushd _temp/licensed-3.3.1
+  pushd _temp/licensed-3.6.0
   if [[ "$OSTYPE" == "darwin"* ]]; then
-    curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.3.1/licensed-3.3.1-darwin-x64.tar.gz
+    curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.6.0/licensed-3.6.0-darwin-x64.tar.gz
   else
-    curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.3.1/licensed-3.3.1-linux-x64.tar.gz
+    curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.6.0/licensed-3.6.0-linux-x64.tar.gz
   fi
 
   echo 'Extracting licenesed'
   tar -xzf licensed.tar.gz
   popd
-  touch _temp/licensed-3.3.1.done
+  touch _temp/licensed-3.6.0.done
 else
   echo 'Licensed already downloaded'
 fi

src/misc/licensed-generate.sh

@@ -5,4 +5,4 @@ set -e
 src/misc/licensed-download.sh
 
 echo 'Running: licensed cached'
-_temp/licensed-3.3.1/licensed cache
+_temp/licensed-3.6.0/licensed cache

src/state-helper.ts

@@ -1,71 +1,60 @@
-import * as coreCommand from '@actions/core/lib/command'
+import * as core from '@actions/core'
 
 /**
  * Indicates whether the POST action is running
  */
-export const IsPost = !!process.env['STATE_isPost']
+export const IsPost = !!core.getState('isPost')
 
 /**
  * The repository path for the POST action. The value is empty during the MAIN action.
  */
-export const RepositoryPath =
+export const RepositoryPath = core.getState('repositoryPath')
-  (process.env['STATE_repositoryPath'] as string) || ''
 
 /**
  * The set-safe-directory for the POST action. The value is set if input: 'safe-directory' is set during the MAIN action.
  */
-export const PostSetSafeDirectory =
+export const PostSetSafeDirectory = core.getState('setSafeDirectory') === 'true'
-  (process.env['STATE_setSafeDirectory'] as string) === 'true'
 
 /**
  * The SSH key path for the POST action. The value is empty during the MAIN action.
  */
-export const SshKeyPath = (process.env['STATE_sshKeyPath'] as string) || ''
+export const SshKeyPath = core.getState('sshKeyPath')
 
 /**
  * The SSH known hosts path for the POST action. The value is empty during the MAIN action.
  */
-export const SshKnownHostsPath =
+export const SshKnownHostsPath = core.getState('sshKnownHostsPath')
-  (process.env['STATE_sshKnownHostsPath'] as string) || ''
 
 /**
  * Save the repository path so the POST action can retrieve the value.
  */
 export function setRepositoryPath(repositoryPath: string) {
-  coreCommand.issueCommand(
+  core.saveState('repositoryPath', repositoryPath)
-    'save-state',
-    {name: 'repositoryPath'},
-    repositoryPath
-  )
 }
 
 /**
  * Save the SSH key path so the POST action can retrieve the value.
  */
 export function setSshKeyPath(sshKeyPath: string) {
-  coreCommand.issueCommand('save-state', {name: 'sshKeyPath'}, sshKeyPath)
+  core.saveState('sshKeyPath', sshKeyPath)
 }
 
 /**
  * Save the SSH known hosts path so the POST action can retrieve the value.
  */
 export function setSshKnownHostsPath(sshKnownHostsPath: string) {
-  coreCommand.issueCommand(
+  core.saveState('sshKnownHostsPath', sshKnownHostsPath)
-    'save-state',
-    {name: 'sshKnownHostsPath'},
-    sshKnownHostsPath
-  )
 }
 
 /**
  * Save the sef-safe-directory input so the POST action can retrieve the value.
  */
 export function setSafeDirectory() {
-  coreCommand.issueCommand('save-state', {name: 'setSafeDirectory'}, 'true')
+  core.saveState('setSafeDirectory', 'true')
 }
 
 // Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
 // This is necessary since we don't have a separate entry point.
 if (!IsPost) {
-  coreCommand.issueCommand('save-state', {name: 'isPost'}, 'true')
+  core.saveState('isPost', 'true')
 }