Filter registry credentials by language

2025-01-10 11:06:57 +00:00 · 2025-01-10 11:06:57 +00:00 · e02d65ac18
commit e02d65ac18
parent e83e0a4f58
4 changed files with 27 additions and 1 deletions
--- a/lib/start-proxy-action.js
+++ b/lib/start-proxy-action.js
@ -47,6 +47,10 @@ const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/rele
 const PROXY_USER = "proxy_user";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;
+const LANGUAGE_TO_REGISTRY_TYPE = {
+    "java-kotlin": "maven_repository",
+    csharp: "nuget_feed",
+};
 const CERT_SUBJECT = [
    {
        name: "commonName",
@ -170,6 +174,7 @@ async function startProxy(binPath, config, logFilePath, logger) {
 function getCredentials(logger) {
    const registriesCredentials = actionsUtil.getOptionalInput("registries_credentials");
    const registrySecrets = actionsUtil.getOptionalInput("registry_secrets");
+    const language = actionsUtil.getOptionalInput("language");
    let credentialsStr;
    if (registriesCredentials !== undefined) {
        logger.info(`Using registries_credentials input.`);
@ -190,6 +195,11 @@ function getCredentials(logger) {
        if (e.url === undefined && e.host === undefined) {
            throw new Error("Invalid credentials - must specify host or url");
        }
+        // Filter credentials based on language if specified. `type` is the registry type.
+        // E.g., "maven_feed" for Java/Kotlin, "nuget_repository" for C#.
+        if (language && LANGUAGE_TO_REGISTRY_TYPE[language] !== e.type) {
+            continue;
+        }
        out.push({
            type: e.type,
            host: e.host,
--- a/lib/start-proxy-action.js.map
+++ b/lib/start-proxy-action.js.map
--- a/src/start-proxy-action.ts
+++ b/src/start-proxy-action.ts
@ -17,6 +17,11 @@ const PROXY_USER = "proxy_user";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;

+const LANGUAGE_TO_REGISTRY_TYPE = {
+  "java-kotlin": "maven_repository",
+  csharp: "nuget_feed",
+} as const;
+
 type CertificateAuthority = {
  cert: string;
  key: string;
@ -192,6 +197,7 @@ function getCredentials(logger: Logger): Credential[] {
    "registries_credentials",
  );
  const registrySecrets = actionsUtil.getOptionalInput("registry_secrets");
+  const language = actionsUtil.getOptionalInput("language");

  let credentialsStr: string;
  if (registriesCredentials !== undefined) {
@ -212,6 +218,13 @@ function getCredentials(logger: Logger): Credential[] {
    if (e.url === undefined && e.host === undefined) {
      throw new Error("Invalid credentials - must specify host or url");
    }
+
+    // Filter credentials based on language if specified. `type` is the registry type.
+    // E.g., "maven_feed" for Java/Kotlin, "nuget_repository" for C#.
+    if (language && LANGUAGE_TO_REGISTRY_TYPE[language] !== e.type) {
+      continue;
+    }
+
    out.push({
      type: e.type,
      host: e.host,
--- a/start-proxy/action.yml
+++ b/start-proxy/action.yml
@ -16,6 +16,9 @@ inputs:
    description: GitHub token to use for authenticating with this instance of GitHub, used to upload debug artifacts.
    default: ${{ github.token }}
    required: false
+  language:
+    description: The programming language to setup the proxy for the correct ecosystem
+    required: false
 outputs:
  proxy_host:
    description: The IP address of the proxy