Supply authorization parameter to toolcache.downloadTool()
Previously we supplied the authorization information via the 'headers' parameter. This works fine, except in some cases when the request is retried.
This commit is contained in:
Arthur Baars
parent
0b2a40fa4a
commit
2fed02cbe2
3 changed files with 7 additions and 5 deletions
5
lib/setup-codeql.js
generated
5
lib/setup-codeql.js
generated
|
|
@ -411,12 +411,13 @@ async function downloadCodeQL(codeqlURL, maybeCliVersion, apiDetails, variant, t
|
||||||
// from the same GitHub instance the Action is running on.
|
// from the same GitHub instance the Action is running on.
|
||||||
// This avoids leaking Enterprise tokens to dotcom.
|
// This avoids leaking Enterprise tokens to dotcom.
|
||||||
// We also don't want to send an authorization header if there's already a token provided in the URL.
|
// We also don't want to send an authorization header if there's already a token provided in the URL.
|
||||||
|
let authorization = undefined;
|
||||||
if (searchParams.has("token")) {
|
if (searchParams.has("token")) {
|
||||||
logger.debug("CodeQL tools URL contains an authorization token.");
|
logger.debug("CodeQL tools URL contains an authorization token.");
|
||||||
}
|
}
|
||||||
else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
|
else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
|
||||||
logger.debug("Providing an authorization token to download CodeQL tools.");
|
logger.debug("Providing an authorization token to download CodeQL tools.");
|
||||||
headers.authorization = `token ${apiDetails.auth}`;
|
authorization = `token ${apiDetails.auth}`;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
logger.debug("Downloading CodeQL tools without an authorization token.");
|
logger.debug("Downloading CodeQL tools without an authorization token.");
|
||||||
|
|
@ -425,7 +426,7 @@ async function downloadCodeQL(codeqlURL, maybeCliVersion, apiDetails, variant, t
|
||||||
const dest = path.join(tempDir, (0, uuid_1.v4)());
|
const dest = path.join(tempDir, (0, uuid_1.v4)());
|
||||||
const finalHeaders = Object.assign({ "User-Agent": "CodeQL Action" }, headers);
|
const finalHeaders = Object.assign({ "User-Agent": "CodeQL Action" }, headers);
|
||||||
const toolsDownloadStart = perf_hooks_1.performance.now();
|
const toolsDownloadStart = perf_hooks_1.performance.now();
|
||||||
const codeqlPath = await toolcache.downloadTool(codeqlURL, dest, undefined, finalHeaders);
|
const codeqlPath = await toolcache.downloadTool(codeqlURL, dest, authorization, finalHeaders);
|
||||||
const toolsDownloadDurationMs = Math.round(perf_hooks_1.performance.now() - toolsDownloadStart);
|
const toolsDownloadDurationMs = Math.round(perf_hooks_1.performance.now() - toolsDownloadStart);
|
||||||
logger.debug(`CodeQL bundle download to ${codeqlPath} complete.`);
|
logger.debug(`CodeQL bundle download to ${codeqlPath} complete.`);
|
||||||
const codeqlExtracted = await toolcache.extractTar(codeqlPath);
|
const codeqlExtracted = await toolcache.extractTar(codeqlPath);
|
||||||
|
|
|
||||||
File diff suppressed because one or more lines are too long
|
|
@ -543,11 +543,12 @@ export async function downloadCodeQL(
|
||||||
// from the same GitHub instance the Action is running on.
|
// from the same GitHub instance the Action is running on.
|
||||||
// This avoids leaking Enterprise tokens to dotcom.
|
// This avoids leaking Enterprise tokens to dotcom.
|
||||||
// We also don't want to send an authorization header if there's already a token provided in the URL.
|
// We also don't want to send an authorization header if there's already a token provided in the URL.
|
||||||
|
let authorization: string | undefined = undefined;
|
||||||
if (searchParams.has("token")) {
|
if (searchParams.has("token")) {
|
||||||
logger.debug("CodeQL tools URL contains an authorization token.");
|
logger.debug("CodeQL tools URL contains an authorization token.");
|
||||||
} else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
|
} else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
|
||||||
logger.debug("Providing an authorization token to download CodeQL tools.");
|
logger.debug("Providing an authorization token to download CodeQL tools.");
|
||||||
headers.authorization = `token ${apiDetails.auth}`;
|
authorization = `token ${apiDetails.auth}`;
|
||||||
} else {
|
} else {
|
||||||
logger.debug("Downloading CodeQL tools without an authorization token.");
|
logger.debug("Downloading CodeQL tools without an authorization token.");
|
||||||
}
|
}
|
||||||
|
|
@ -565,7 +566,7 @@ export async function downloadCodeQL(
|
||||||
const codeqlPath = await toolcache.downloadTool(
|
const codeqlPath = await toolcache.downloadTool(
|
||||||
codeqlURL,
|
codeqlURL,
|
||||||
dest,
|
dest,
|
||||||
undefined,
|
authorization,
|
||||||
finalHeaders
|
finalHeaders
|
||||||
);
|
);
|
||||||
const toolsDownloadDurationMs = Math.round(
|
const toolsDownloadDurationMs = Math.round(
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue