Fix bug in getCredentials + tests

2025-01-24 16:22:28 +00:00 · 2025-01-24 16:22:28 +00:00 · 51bb5eb99a
commit 51bb5eb99a
parent 01f0019310
9 changed files with 314 additions and 140 deletions
--- a/src/start-proxy-action.ts
+++ b/src/start-proxy-action.ts
@ -6,8 +6,8 @@ import * as toolcache from "@actions/tool-cache";
 import { pki } from "node-forge";

 import * as actionsUtil from "./actions-util";
-import { Language, parseLanguage } from "./languages";
 import { getActionsLogger, Logger } from "./logging";
+import { Credential, getCredentials } from "./start-proxy";
 import * as util from "./util";

 const UPDATEJOB_PROXY = "update-job-proxy";
@ -18,34 +18,11 @@ const PROXY_USER = "proxy_user";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;

-const LANGUAGE_TO_REGISTRY_TYPE: Record<Language, string> = {
-  java: "maven_repository",
-  csharp: "nuget_feed",
-  javascript: "npm_registry",
-  python: "python_index",
-  ruby: "rubygems_server",
-  rust: "cargo_registry",
-  // We do not have an established proxy type for these languages, thus leaving empty.
-  actions: "",
-  cpp: "",
-  go: "",
-  swift: "",
-} as const;
-
 type CertificateAuthority = {
  cert: string;
  key: string;
 };

-type Credential = {
-  type: string;
-  host?: string;
-  url?: string;
-  username?: string;
-  password?: string;
-  token?: string;
-};
-
 type BasicAuthCredentials = {
  username: string;
  password: string;
@ -117,7 +94,12 @@ async function runWrapper() {
  core.saveState("proxy-log-file", proxyLogFilePath);

  // Get the configuration options
-  const credentials = getCredentials(logger);
+  const credentials = getCredentials(
+    logger,
+    actionsUtil.getOptionalInput("registry_secrets"),
+    actionsUtil.getOptionalInput("registries_credentials"),
+    actionsUtil.getOptionalInput("language"),
+  );
  logger.info(
    `Credentials loaded for the following registries:\n ${credentials
      .map((c) => credentialToStr(c))
@ -199,58 +181,6 @@ async function startProxy(
  }
 }

-// getCredentials returns registry credentials from action inputs.
-// It prefers `registries_credentials` over `registry_secrets`.
-// If neither is set, it returns an empty array.
-function getCredentials(logger: Logger): Credential[] {
-  const registriesCredentials = actionsUtil.getOptionalInput(
-    "registries_credentials",
-  );
-  const registrySecrets = actionsUtil.getOptionalInput("registry_secrets");
-  const languageString = actionsUtil.getOptionalInput("language");
-  const language = languageString ? parseLanguage(languageString) : undefined;
-  const registryTypeForLanguage = language
-    ? LANGUAGE_TO_REGISTRY_TYPE[language]
-    : undefined;
-
-  let credentialsStr: string;
-  if (registriesCredentials !== undefined) {
-    logger.info(`Using registries_credentials input.`);
-    credentialsStr = Buffer.from(registriesCredentials, "base64").toString();
-  } else if (registrySecrets !== undefined) {
-    logger.info(`Using registry_secrets input.`);
-    credentialsStr = registrySecrets;
-  } else {
-    logger.info(`No credentials defined.`);
-    return [];
-  }
-
-  // Parse and validate the credentials
-  const parsed = JSON.parse(credentialsStr) as Credential[];
-  const out: Credential[] = [];
-  for (const e of parsed) {
-    if (e.url === undefined && e.host === undefined) {
-      throw new Error("Invalid credentials - must specify host or url");
-    }
-
-    // Filter credentials based on language if specified. `type` is the registry type.
-    // E.g., "maven_feed" for Java/Kotlin, "nuget_repository" for C#.
-    if (e.type !== registryTypeForLanguage) {
-      continue;
-    }
-
-    out.push({
-      type: e.type,
-      host: e.host,
-      url: e.url,
-      username: e.username,
-      password: e.password,
-      token: e.token,
-    });
-  }
-  return out;
-}
-
 // getProxyAuth returns the authentication information for the proxy itself.
 function getProxyAuth(): BasicAuthCredentials | undefined {
  const proxy_password = actionsUtil.getOptionalInput("proxy_password");
--- a/src/start-proxy.test.ts
+++ b/src/start-proxy.test.ts
@ -0,0 +1,82 @@
+import test from "ava";
+
+import { getRunnerLogger } from "./logging";
+import * as startProxyExports from "./start-proxy";
+import { setupTests } from "./testing-utils";
+
+setupTests(test);
+
+test("getCredentials prefers registriesCredentials over registrySecrets", async (t) => {
+  const registryCredentials = Buffer.from(
+    JSON.stringify([
+      { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" },
+    ]),
+  ).toString("base64");
+  const registrySecrets = JSON.stringify([
+    { type: "npm_registry", host: "registry.npmjs.org", token: "def" },
+  ]);
+
+  const credentials = startProxyExports.getCredentials(
+    getRunnerLogger(true),
+    registrySecrets,
+    registryCredentials,
+    undefined,
+  );
+  t.is(credentials.length, 1);
+  t.is(credentials[0].host, "npm.pkg.github.com");
+});
+
+test("getCredentials throws error when credential missing host and url", async (t) => {
+  const registryCredentials = Buffer.from(
+    JSON.stringify([{ type: "npm_registry", token: "abc" }]),
+  ).toString("base64");
+
+  t.throws(
+    () =>
+      startProxyExports.getCredentials(
+        getRunnerLogger(true),
+        undefined,
+        registryCredentials,
+        undefined,
+      ),
+    {
+      message: "Invalid credentials - must specify host or url",
+    },
+  );
+});
+
+test("getCredentials filters by language when specified", async (t) => {
+  const mixedCredentials = [
+    { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" },
+    { type: "maven_repository", host: "maven.pkg.github.com", token: "def" },
+    { type: "nuget_feed", host: "nuget.pkg.github.com", token: "ghi" },
+  ];
+
+  const credentials = startProxyExports.getCredentials(
+    getRunnerLogger(true),
+    undefined,
+    Buffer.from(JSON.stringify(mixedCredentials)).toString("base64"),
+    "java",
+  );
+  t.is(credentials.length, 1);
+  t.is(credentials[0].type, "maven_repository");
+});
+
+test("getCredentials returns all credentials when no language specified", async (t) => {
+  const mixedCredentials = [
+    { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" },
+    { type: "maven_repository", host: "maven.pkg.github.com", token: "def" },
+    { type: "nuget_feed", host: "nuget.pkg.github.com", token: "ghi" },
+  ];
+  const credentialsInput = Buffer.from(
+    JSON.stringify(mixedCredentials),
+  ).toString("base64");
+
+  const credentials = startProxyExports.getCredentials(
+    getRunnerLogger(true),
+    undefined,
+    credentialsInput,
+    undefined,
+  );
+  t.is(credentials.length, 3);
+});
--- a/src/start-proxy.ts
+++ b/src/start-proxy.ts
@ -0,0 +1,77 @@
+import { parseLanguage, Language } from "./languages";
+import { Logger } from "./logging";
+
+export type Credential = {
+  type: string;
+  host?: string;
+  url?: string;
+  username?: string;
+  password?: string;
+  token?: string;
+};
+
+const LANGUAGE_TO_REGISTRY_TYPE: Record<Language, string> = {
+  java: "maven_repository",
+  csharp: "nuget_feed",
+  javascript: "npm_registry",
+  python: "python_index",
+  ruby: "rubygems_server",
+  rust: "cargo_registry",
+  // We do not have an established proxy type for these languages, thus leaving empty.
+  actions: "",
+  cpp: "",
+  go: "",
+  swift: "",
+} as const;
+
+// getCredentials returns registry credentials from action inputs.
+// It prefers `registries_credentials` over `registry_secrets`.
+// If neither is set, it returns an empty array.
+export function getCredentials(
+  logger: Logger,
+  registrySecrets: string | undefined,
+  registriesCredentials: string | undefined,
+  languageString: string | undefined,
+): Credential[] {
+  const language = languageString ? parseLanguage(languageString) : undefined;
+  const registryTypeForLanguage = language
+    ? LANGUAGE_TO_REGISTRY_TYPE[language]
+    : undefined;
+
+  let credentialsStr: string;
+  if (registriesCredentials !== undefined) {
+    logger.info(`Using registries_credentials input.`);
+    credentialsStr = Buffer.from(registriesCredentials, "base64").toString();
+  } else if (registrySecrets !== undefined) {
+    logger.info(`Using registry_secrets input.`);
+    credentialsStr = registrySecrets;
+  } else {
+    logger.info(`No credentials defined.`);
+    return [];
+  }
+
+  // Parse and validate the credentials
+  const parsed = JSON.parse(credentialsStr) as Credential[];
+  const out: Credential[] = [];
+  for (const e of parsed) {
+    if (e.url === undefined && e.host === undefined) {
+      throw new Error("Invalid credentials - must specify host or url");
+    }
+
+    // Filter credentials based on language if specified. `type` is the registry type.
+    // E.g., "maven_feed" for Java/Kotlin, "nuget_repository" for C#.
+    if (registryTypeForLanguage && e.type !== registryTypeForLanguage) {
+      continue;
+    }
+
+    out.push({
+      type: e.type,
+      host: e.host,
+      url: e.url,
+      username: e.username,
+      password: e.password,
+      token: e.token,
+    });
+  }
+  return out;
+}