Remove auth method only used in runner
This commit is contained in:
Henry Mercer
parent
b498c79130
commit
8c8a9b1231
6 changed files with 5 additions and 213 deletions
66
src/util.ts
66
src/util.ts
|
|
@ -1,7 +1,6 @@
|
|||
import * as fs from "fs";
|
||||
import * as os from "os";
|
||||
import * as path from "path";
|
||||
import { Readable } from "stream";
|
||||
import { promisify } from "util";
|
||||
|
||||
import * as core from "@actions/core";
|
||||
|
|
@ -397,71 +396,6 @@ export function apiVersionInRange(
|
|||
return undefined;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the github auth token for use with the runner. There are
|
||||
* three possible locations for the token:
|
||||
*
|
||||
* 1. from the cli (considered insecure)
|
||||
* 2. from stdin
|
||||
* 3. from the GITHUB_TOKEN environment variable
|
||||
*
|
||||
* If both 1 & 2 are specified, then an error is thrown.
|
||||
* If 1 & 3 or 2 & 3 are specified, then the environment variable is ignored.
|
||||
*
|
||||
* @param githubAuth a github app token or PAT
|
||||
* @param fromStdIn read the github app token or PAT from stdin up to, but excluding the first whitespace
|
||||
* @param readable the readable stream to use for getting the token (defaults to stdin)
|
||||
*
|
||||
* @return a promise resolving to the auth token.
|
||||
*/
|
||||
export async function getGitHubAuth(
|
||||
logger: Logger,
|
||||
githubAuth: string | undefined,
|
||||
fromStdIn: boolean | undefined,
|
||||
readable = process.stdin as Readable
|
||||
): Promise<string> {
|
||||
if (githubAuth && fromStdIn) {
|
||||
throw new Error(
|
||||
"Cannot specify both `--github-auth` and `--github-auth-stdin`. Please use `--github-auth-stdin`, which is more secure."
|
||||
);
|
||||
}
|
||||
|
||||
if (githubAuth) {
|
||||
logger.warning(
|
||||
"Using `--github-auth` via the CLI is insecure. Use `--github-auth-stdin` instead."
|
||||
);
|
||||
return githubAuth;
|
||||
}
|
||||
|
||||
if (fromStdIn) {
|
||||
return new Promise((resolve, reject) => {
|
||||
let token = "";
|
||||
readable.on("data", (data) => {
|
||||
token += data.toString("utf8");
|
||||
});
|
||||
readable.on("end", () => {
|
||||
token = token.split(/\s+/)[0].trim();
|
||||
if (token) {
|
||||
resolve(token);
|
||||
} else {
|
||||
reject(new Error("Standard input is empty"));
|
||||
}
|
||||
});
|
||||
readable.on("error", (err) => {
|
||||
reject(err);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
if (process.env.GITHUB_TOKEN) {
|
||||
return process.env.GITHUB_TOKEN;
|
||||
}
|
||||
|
||||
throw new Error(
|
||||
"No GitHub authentication token was specified. Please provide a token via the GITHUB_TOKEN environment variable, or by adding the `--github-auth-stdin` flag and passing the token via standard input."
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* This error is used to indicate a runtime failure of an exhaustivity check enforced at compile time.
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue