feat: add proxy support via child process spawning

When proxy environment variables (https_proxy, HTTPS_PROXY, http_proxy,
HTTP_PROXY) are detected and NODE_USE_ENV_PROXY is not already set to
"1", the action spawns a child process with NODE_USE_ENV_PROXY=1 to
enable Node.js native proxy support.

- Add lib/run-with-proxy.js shared utility for both main.js and post.js
- Update main.js and post.js to use runWithProxy() wrapper
- Add tests for proxy spawning, child error handling, and already-enabled path
- 100% code coverage maintained

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Parker Brown
2026-03-12 20:33:29 -07:00
parent 29824e69f5
commit e715b04a11
13 changed files with 442 additions and 118 deletions
+115 -83
View File
@@ -43492,11 +43492,11 @@ function createOAuthAppAuth(options) {
} }
// node_modules/universal-github-app-jwt/lib/utils.js // node_modules/universal-github-app-jwt/lib/utils.js
function isPkcs1(privateKey2) { function isPkcs1(privateKey) {
return privateKey2.includes("-----BEGIN RSA PRIVATE KEY-----"); return privateKey.includes("-----BEGIN RSA PRIVATE KEY-----");
} }
function isOpenSsh(privateKey2) { function isOpenSsh(privateKey) {
return privateKey2.includes("-----BEGIN OPENSSH PRIVATE KEY-----"); return privateKey.includes("-----BEGIN OPENSSH PRIVATE KEY-----");
} }
function string2ArrayBuffer(str) { function string2ArrayBuffer(str) {
const buf = new ArrayBuffer(str.length); const buf = new ArrayBuffer(str.length);
@@ -43537,17 +43537,17 @@ __export(crypto_node_exports, {
}); });
__reExport(crypto_node_exports, require("node:crypto")); __reExport(crypto_node_exports, require("node:crypto"));
var import_node_crypto = require("node:crypto"); var import_node_crypto = require("node:crypto");
function convertPrivateKey(privateKey2) { function convertPrivateKey(privateKey) {
if (!isPkcs1(privateKey2)) return privateKey2; if (!isPkcs1(privateKey)) return privateKey;
return (0, import_node_crypto.createPrivateKey)(privateKey2).export({ return (0, import_node_crypto.createPrivateKey)(privateKey).export({
type: "pkcs8", type: "pkcs8",
format: "pem" format: "pem"
}); });
} }
// node_modules/universal-github-app-jwt/lib/get-token.js // node_modules/universal-github-app-jwt/lib/get-token.js
async function getToken({ privateKey: privateKey2, payload }) { async function getToken({ privateKey, payload }) {
const convertedPrivateKey = convertPrivateKey(privateKey2); const convertedPrivateKey = convertPrivateKey(privateKey);
if (isPkcs1(convertedPrivateKey)) { if (isPkcs1(convertedPrivateKey)) {
throw new Error( throw new Error(
"[universal-github-app-jwt] Private Key is in PKCS#1 format, but only PKCS#8 is supported. See https://github.com/gr2m/universal-github-app-jwt#private-key-formats" "[universal-github-app-jwt] Private Key is in PKCS#1 format, but only PKCS#8 is supported. See https://github.com/gr2m/universal-github-app-jwt#private-key-formats"
@@ -43585,10 +43585,10 @@ async function getToken({ privateKey: privateKey2, payload }) {
// node_modules/universal-github-app-jwt/index.js // node_modules/universal-github-app-jwt/index.js
async function githubAppJwt({ async function githubAppJwt({
id, id,
privateKey: privateKey2, privateKey,
now = Math.floor(Date.now() / 1e3) now = Math.floor(Date.now() / 1e3)
}) { }) {
const privateKeyWithNewlines = privateKey2.replace(/\\n/g, "\n"); const privateKeyWithNewlines = privateKey.replace(/\\n/g, "\n");
const nowWithSafetyMargin = now - 30; const nowWithSafetyMargin = now - 30;
const expiration = nowWithSafetyMargin + 60 * 10; const expiration = nowWithSafetyMargin + 60 * 10;
const payload = { const payload = {
@@ -43746,24 +43746,24 @@ var LruObject = class {
// node_modules/@octokit/auth-app/dist-node/index.js // node_modules/@octokit/auth-app/dist-node/index.js
async function getAppAuthentication({ async function getAppAuthentication({
appId: appId2, appId,
privateKey: privateKey2, privateKey,
timeDifference, timeDifference,
createJwt createJwt
}) { }) {
try { try {
if (createJwt) { if (createJwt) {
const { jwt, expiresAt } = await createJwt(appId2, timeDifference); const { jwt, expiresAt } = await createJwt(appId, timeDifference);
return { return {
type: "app", type: "app",
token: jwt, token: jwt,
appId: appId2, appId,
expiresAt expiresAt
}; };
} }
const authOptions = { const authOptions = {
id: appId2, id: appId,
privateKey: privateKey2 privateKey
}; };
if (timeDifference) { if (timeDifference) {
Object.assign(authOptions, { Object.assign(authOptions, {
@@ -43778,7 +43778,7 @@ async function getAppAuthentication({
expiresAt: new Date(appAuthentication.expiration * 1e3).toISOString() expiresAt: new Date(appAuthentication.expiration * 1e3).toISOString()
}; };
} catch (error) { } catch (error) {
if (privateKey2 === "-----BEGIN RSA PRIVATE KEY-----") { if (privateKey === "-----BEGIN RSA PRIVATE KEY-----") {
throw new Error( throw new Error(
"The 'privateKey` option contains only the first line '-----BEGIN RSA PRIVATE KEY-----'. If you are setting it using a `.env` file, make sure it is set on a single line with newlines replaced by '\n'" "The 'privateKey` option contains only the first line '-----BEGIN RSA PRIVATE KEY-----'. If you are setting it using a `.env` file, make sure it is set on a single line with newlines replaced by '\n'"
); );
@@ -43809,19 +43809,19 @@ async function get(cache, options) {
permissionsString, permissionsString,
singleFileName singleFileName
] = result.split("|"); ] = result.split("|");
const permissions2 = options.permissions || permissionsString.split(/,/).reduce((permissions22, string) => { const permissions = options.permissions || permissionsString.split(/,/).reduce((permissions2, string) => {
if (/!$/.test(string)) { if (/!$/.test(string)) {
permissions22[string.slice(0, -1)] = "write"; permissions2[string.slice(0, -1)] = "write";
} else { } else {
permissions22[string] = "read"; permissions2[string] = "read";
} }
return permissions22; return permissions2;
}, {}); }, {});
return { return {
token, token,
createdAt, createdAt,
expiresAt, expiresAt,
permissions: permissions2, permissions,
repositoryIds: options.repositoryIds, repositoryIds: options.repositoryIds,
repositoryNames: options.repositoryNames, repositoryNames: options.repositoryNames,
singleFileName, singleFileName,
@@ -43845,11 +43845,11 @@ async function set(cache, options, data) {
} }
function optionsToCacheKey({ function optionsToCacheKey({
installationId, installationId,
permissions: permissions2 = {}, permissions = {},
repositoryIds = [], repositoryIds = [],
repositoryNames = [] repositoryNames = []
}) { }) {
const permissionsString = Object.keys(permissions2).sort().map((name) => permissions2[name] === "read" ? name : `${name}!`).join(","); const permissionsString = Object.keys(permissions).sort().map((name) => permissions[name] === "read" ? name : `${name}!`).join(",");
const repositoryIdsString = repositoryIds.sort().join(","); const repositoryIdsString = repositoryIds.sort().join(",");
const repositoryNamesString = repositoryNames.join(","); const repositoryNamesString = repositoryNames.join(",");
return [ return [
@@ -43865,7 +43865,7 @@ function toTokenAuthentication({
createdAt, createdAt,
expiresAt, expiresAt,
repositorySelection, repositorySelection,
permissions: permissions2, permissions,
repositoryIds, repositoryIds,
repositoryNames, repositoryNames,
singleFileName singleFileName
@@ -43876,7 +43876,7 @@ function toTokenAuthentication({
tokenType: "installation", tokenType: "installation",
token, token,
installationId, installationId,
permissions: permissions2, permissions,
createdAt, createdAt,
expiresAt, expiresAt,
repositorySelection repositorySelection
@@ -43929,7 +43929,7 @@ async function getInstallationAuthenticationImpl(state, options, request2) {
token: token2, token: token2,
createdAt: createdAt2, createdAt: createdAt2,
expiresAt: expiresAt2, expiresAt: expiresAt2,
permissions: permissions22, permissions: permissions2,
repositoryIds: repositoryIds2, repositoryIds: repositoryIds2,
repositoryNames: repositoryNames2, repositoryNames: repositoryNames2,
singleFileName: singleFileName2, singleFileName: singleFileName2,
@@ -43940,7 +43940,7 @@ async function getInstallationAuthenticationImpl(state, options, request2) {
token: token2, token: token2,
createdAt: createdAt2, createdAt: createdAt2,
expiresAt: expiresAt2, expiresAt: expiresAt2,
permissions: permissions22, permissions: permissions2,
repositorySelection: repositorySelection2, repositorySelection: repositorySelection2,
repositoryIds: repositoryIds2, repositoryIds: repositoryIds2,
repositoryNames: repositoryNames2, repositoryNames: repositoryNames2,
@@ -43973,7 +43973,7 @@ async function getInstallationAuthenticationImpl(state, options, request2) {
data: { data: {
token, token,
expires_at: expiresAt, expires_at: expiresAt,
repositories: repositories2, repositories,
permissions: permissionsOptional, permissions: permissionsOptional,
repository_selection: repositorySelectionOptional, repository_selection: repositorySelectionOptional,
single_file: singleFileName single_file: singleFileName
@@ -43982,17 +43982,17 @@ async function getInstallationAuthenticationImpl(state, options, request2) {
"POST /app/installations/{installation_id}/access_tokens", "POST /app/installations/{installation_id}/access_tokens",
payload payload
); );
const permissions2 = permissionsOptional || {}; const permissions = permissionsOptional || {};
const repositorySelection = repositorySelectionOptional || "all"; const repositorySelection = repositorySelectionOptional || "all";
const repositoryIds = repositories2 ? repositories2.map((r) => r.id) : void 0; const repositoryIds = repositories ? repositories.map((r) => r.id) : void 0;
const repositoryNames = repositories2 ? repositories2.map((repo) => repo.name) : void 0; const repositoryNames = repositories ? repositories.map((repo) => repo.name) : void 0;
const createdAt = (/* @__PURE__ */ new Date()).toISOString(); const createdAt = (/* @__PURE__ */ new Date()).toISOString();
const cacheOptions = { const cacheOptions = {
token, token,
createdAt, createdAt,
expiresAt, expiresAt,
repositorySelection, repositorySelection,
permissions: permissions2, permissions,
repositoryIds, repositoryIds,
repositoryNames repositoryNames
}; };
@@ -44006,7 +44006,7 @@ async function getInstallationAuthenticationImpl(state, options, request2) {
createdAt, createdAt,
expiresAt, expiresAt,
repositorySelection, repositorySelection,
permissions: permissions2, permissions,
repositoryIds, repositoryIds,
repositoryNames repositoryNames
}; };
@@ -44202,16 +44202,16 @@ function createAppAuth(options) {
// lib/get-permissions-from-inputs.js // lib/get-permissions-from-inputs.js
function getPermissionsFromInputs(env) { function getPermissionsFromInputs(env) {
return Object.entries(env).reduce((permissions2, [key, value]) => { return Object.entries(env).reduce((permissions, [key, value]) => {
if (!key.startsWith("INPUT_PERMISSION-")) return permissions2; if (!key.startsWith("INPUT_PERMISSION-")) return permissions;
if (!value) return permissions2; if (!value) return permissions;
const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase().replaceAll(/-/g, "_"); const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase().replaceAll(/-/g, "_");
if (permissions2 === void 0) { if (permissions === void 0) {
return { [permission]: value }; return { [permission]: value };
} }
return { return {
// @ts-expect-error - needs to be typed correctly // @ts-expect-error - needs to be typed correctly
...permissions2, ...permissions,
[permission]: value [permission]: value
}; };
}, void 0); }, void 0);
@@ -44411,43 +44411,43 @@ async function pRetry(input, options = {}) {
} }
// lib/main.js // lib/main.js
async function main(appId2, privateKey2, owner2, repositories2, permissions2, core3, createAppAuth2, request2, skipTokenRevoke2) { async function main(appId, privateKey, owner, repositories, permissions, core3, createAppAuth2, request2, skipTokenRevoke) {
let parsedOwner = ""; let parsedOwner = "";
let parsedRepositoryNames = []; let parsedRepositoryNames = [];
if (!owner2 && repositories2.length === 0) { if (!owner && repositories.length === 0) {
const [owner3, repo] = String(process.env.GITHUB_REPOSITORY).split("/"); const [owner2, repo] = String(process.env.GITHUB_REPOSITORY).split("/");
parsedOwner = owner3; parsedOwner = owner2;
parsedRepositoryNames = [repo]; parsedRepositoryNames = [repo];
core3.info( core3.info(
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (${owner3}/${repo}).` `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (${owner2}/${repo}).`
); );
} }
if (owner2 && repositories2.length === 0) { if (owner && repositories.length === 0) {
parsedOwner = owner2; parsedOwner = owner;
core3.info( core3.info(
`Input 'repositories' is not set. Creating token for all repositories owned by ${owner2}.` `Input 'repositories' is not set. Creating token for all repositories owned by ${owner}.`
); );
} }
if (!owner2 && repositories2.length > 0) { if (!owner && repositories.length > 0) {
parsedOwner = String(process.env.GITHUB_REPOSITORY_OWNER); parsedOwner = String(process.env.GITHUB_REPOSITORY_OWNER);
parsedRepositoryNames = repositories2; parsedRepositoryNames = repositories;
core3.info( core3.info(
`No 'owner' input provided. Using default owner '${parsedOwner}' to create token for the following repositories:${repositories2.map((repo) => ` `No 'owner' input provided. Using default owner '${parsedOwner}' to create token for the following repositories:${repositories.map((repo) => `
- ${parsedOwner}/${repo}`).join("")}` - ${parsedOwner}/${repo}`).join("")}`
); );
} }
if (owner2 && repositories2.length > 0) { if (owner && repositories.length > 0) {
parsedOwner = owner2; parsedOwner = owner;
parsedRepositoryNames = repositories2; parsedRepositoryNames = repositories;
core3.info( core3.info(
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories: `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
${repositories2.map((repo) => ` ${repositories.map((repo) => `
- ${parsedOwner}/${repo}`).join("")}` - ${parsedOwner}/${repo}`).join("")}`
); );
} }
const auth5 = createAppAuth2({ const auth5 = createAppAuth2({
appId: appId2, appId,
privateKey: privateKey2, privateKey,
request: request2 request: request2
}); });
let authentication, installationId, appSlug; let authentication, installationId, appSlug;
@@ -44458,7 +44458,7 @@ async function main(appId2, privateKey2, owner2, repositories2, permissions2, co
auth5, auth5,
parsedOwner, parsedOwner,
parsedRepositoryNames, parsedRepositoryNames,
permissions2 permissions
), ),
{ {
shouldRetry: ({ error }) => error.status >= 500, shouldRetry: ({ error }) => error.status >= 500,
@@ -44474,7 +44474,7 @@ async function main(appId2, privateKey2, owner2, repositories2, permissions2, co
)); ));
} else { } else {
({ authentication, installationId, appSlug } = await pRetry( ({ authentication, installationId, appSlug } = await pRetry(
() => getTokenFromOwner(request2, auth5, parsedOwner, permissions2), () => getTokenFromOwner(request2, auth5, parsedOwner, permissions),
{ {
onFailedAttempt: (context) => { onFailedAttempt: (context) => {
core3.info( core3.info(
@@ -44489,12 +44489,12 @@ async function main(appId2, privateKey2, owner2, repositories2, permissions2, co
core3.setOutput("token", authentication.token); core3.setOutput("token", authentication.token);
core3.setOutput("installation-id", installationId); core3.setOutput("installation-id", installationId);
core3.setOutput("app-slug", appSlug); core3.setOutput("app-slug", appSlug);
if (!skipTokenRevoke2) { if (!skipTokenRevoke) {
core3.saveState("token", authentication.token); core3.saveState("token", authentication.token);
core3.saveState("expiresAt", authentication.expiresAt); core3.saveState("expiresAt", authentication.expiresAt);
} }
} }
async function getTokenFromOwner(request2, auth5, parsedOwner, permissions2) { async function getTokenFromOwner(request2, auth5, parsedOwner, permissions) {
const response = await request2("GET /users/{username}/installation", { const response = await request2("GET /users/{username}/installation", {
username: parsedOwner, username: parsedOwner,
request: { request: {
@@ -44504,13 +44504,13 @@ async function getTokenFromOwner(request2, auth5, parsedOwner, permissions2) {
const authentication = await auth5({ const authentication = await auth5({
type: "installation", type: "installation",
installationId: response.data.id, installationId: response.data.id,
permissions: permissions2 permissions
}); });
const installationId = response.data.id; const installationId = response.data.id;
const appSlug = response.data["app_slug"]; const appSlug = response.data["app_slug"];
return { authentication, installationId, appSlug }; return { authentication, installationId, appSlug };
} }
async function getTokenFromRepository(request2, auth5, parsedOwner, parsedRepositoryNames, permissions2) { async function getTokenFromRepository(request2, auth5, parsedOwner, parsedRepositoryNames, permissions) {
const response = await request2("GET /repos/{owner}/{repo}/installation", { const response = await request2("GET /repos/{owner}/{repo}/installation", {
owner: parsedOwner, owner: parsedOwner,
repo: parsedRepositoryNames[0], repo: parsedRepositoryNames[0],
@@ -44522,7 +44522,7 @@ async function getTokenFromRepository(request2, auth5, parsedOwner, parsedReposi
type: "installation", type: "installation",
installationId: response.data.id, installationId: response.data.id,
repositoryNames: parsedRepositoryNames, repositoryNames: parsedRepositoryNames,
permissions: permissions2 permissions
}); });
const installationId = response.data.id; const installationId = response.data.id;
const appSlug = response.data["app_slug"]; const appSlug = response.data["app_slug"];
@@ -44556,6 +44556,36 @@ var request_default = request.defaults({
request: proxyUrl ? { fetch: proxyFetch } : {} request: proxyUrl ? { fetch: proxyFetch } : {}
}); });
// lib/run-with-proxy.js
var import_node_child_process = require("node:child_process");
async function runWithProxy(run) {
const httpProxyEnvVars = [
"https_proxy",
"HTTPS_PROXY",
"http_proxy",
"HTTP_PROXY"
];
const nodeHasProxySupportEnabled = process.env.NODE_USE_ENV_PROXY === "1";
const shouldUseProxy = httpProxyEnvVars.some((v) => process.env[v]);
if (!nodeHasProxySupportEnabled && shouldUseProxy) {
return new Promise((resolve, reject) => {
const child = (0, import_node_child_process.spawn)(process.execPath, process.argv.slice(1), {
env: { ...process.env, NODE_USE_ENV_PROXY: "1" },
stdio: "inherit"
});
child.on("exit", (code) => {
process.exitCode = code;
if (code !== 0) {
reject(new Error(`Child process exited with code ${code}`));
} else {
resolve();
}
});
});
}
return run();
}
// main.js // main.js
if (!process.env.GITHUB_REPOSITORY) { if (!process.env.GITHUB_REPOSITORY) {
throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'"); throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'");
@@ -44563,25 +44593,27 @@ if (!process.env.GITHUB_REPOSITORY) {
if (!process.env.GITHUB_REPOSITORY_OWNER) { if (!process.env.GITHUB_REPOSITORY_OWNER) {
throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'"); throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'");
} }
var appId = import_core2.default.getInput("app-id"); var main_default = runWithProxy(async () => {
var privateKey = import_core2.default.getInput("private-key"); const appId = import_core2.default.getInput("app-id");
var owner = import_core2.default.getInput("owner"); const privateKey = import_core2.default.getInput("private-key");
var repositories = import_core2.default.getInput("repositories").split(/[\n,]+/).map((s) => s.trim()).filter((x) => x !== ""); const owner = import_core2.default.getInput("owner");
var skipTokenRevoke = import_core2.default.getBooleanInput("skip-token-revoke"); const repositories = import_core2.default.getInput("repositories").split(/[\n,]+/).map((s) => s.trim()).filter((x) => x !== "");
var permissions = getPermissionsFromInputs(process.env); const skipTokenRevoke = import_core2.default.getBooleanInput("skip-token-revoke");
var main_default = main( const permissions = getPermissionsFromInputs(process.env);
appId, return main(
privateKey, appId,
owner, privateKey,
repositories, owner,
permissions, repositories,
import_core2.default, permissions,
createAppAuth, import_core2.default,
request_default, createAppAuth,
skipTokenRevoke request_default,
).catch((error) => { skipTokenRevoke
console.error(error); ).catch((error) => {
import_core2.default.setFailed(error.message); console.error(error);
import_core2.default.setFailed(error.message);
});
}); });
/*! Bundled license information: /*! Bundled license information:
+45 -3
View File
@@ -7,6 +7,10 @@ var __hasOwnProp = Object.prototype.hasOwnProperty;
var __commonJS = (cb, mod) => function __require() { var __commonJS = (cb, mod) => function __require() {
return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports; return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
}; };
var __export = (target, all) => {
for (var name in all)
__defProp(target, name, { get: all[name], enumerable: true });
};
var __copyProps = (to, from, except, desc) => { var __copyProps = (to, from, except, desc) => {
if (from && typeof from === "object" || typeof from === "function") { if (from && typeof from === "object" || typeof from === "function") {
for (let key of __getOwnPropNames(from)) for (let key of __getOwnPropNames(from))
@@ -23,6 +27,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
mod mod
)); ));
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
// node_modules/@actions/core/lib/utils.js // node_modules/@actions/core/lib/utils.js
var require_utils = __commonJS({ var require_utils = __commonJS({
@@ -42325,6 +42330,11 @@ var require_undici2 = __commonJS({
}); });
// post.js // post.js
var post_exports = {};
__export(post_exports, {
default: () => post_default
});
module.exports = __toCommonJS(post_exports);
var import_core2 = __toESM(require_core(), 1); var import_core2 = __toESM(require_core(), 1);
// lib/post.js // lib/post.js
@@ -42934,10 +42944,42 @@ var request_default = request.defaults({
request: proxyUrl ? { fetch: proxyFetch } : {} request: proxyUrl ? { fetch: proxyFetch } : {}
}); });
// lib/run-with-proxy.js
var import_node_child_process = require("node:child_process");
async function runWithProxy(run) {
const httpProxyEnvVars = [
"https_proxy",
"HTTPS_PROXY",
"http_proxy",
"HTTP_PROXY"
];
const nodeHasProxySupportEnabled = process.env.NODE_USE_ENV_PROXY === "1";
const shouldUseProxy = httpProxyEnvVars.some((v) => process.env[v]);
if (!nodeHasProxySupportEnabled && shouldUseProxy) {
return new Promise((resolve, reject) => {
const child = (0, import_node_child_process.spawn)(process.execPath, process.argv.slice(1), {
env: { ...process.env, NODE_USE_ENV_PROXY: "1" },
stdio: "inherit"
});
child.on("exit", (code) => {
process.exitCode = code;
if (code !== 0) {
reject(new Error(`Child process exited with code ${code}`));
} else {
resolve();
}
});
});
}
return run();
}
// post.js // post.js
post(import_core2.default, request_default).catch((error) => { var post_default = runWithProxy(async () => {
console.error(error); return post(import_core2.default, request_default).catch((error) => {
import_core2.default.setFailed(error.message); console.error(error);
import_core2.default.setFailed(error.message);
});
}); });
/*! Bundled license information: /*! Bundled license information:
+44
View File
@@ -0,0 +1,44 @@
// @ts-check
import { spawn } from "node:child_process";
/**
* Wraps a function to automatically enable Node.js proxy support when proxy
* environment variables are detected. If proxy env vars are set but
* `NODE_USE_ENV_PROXY` is not `"1"`, spawns a child process with
* `NODE_USE_ENV_PROXY=1` to enable native proxy support.
*
* @param {() => Promise<void>} run
* @returns {Promise<void>}
*
* @see https://github.com/nodejs/node/blob/4612c793cb9007a91cb3fd82afe518440473826e/lib/internal/process/pre_execution.js#L168-L187
*/
export async function runWithProxy(run) {
const httpProxyEnvVars = [
"https_proxy",
"HTTPS_PROXY",
"http_proxy",
"HTTP_PROXY",
];
const nodeHasProxySupportEnabled = process.env.NODE_USE_ENV_PROXY === "1";
const shouldUseProxy = httpProxyEnvVars.some((v) => process.env[v]);
if (!nodeHasProxySupportEnabled && shouldUseProxy) {
return new Promise((resolve, reject) => {
const child = spawn(process.execPath, process.argv.slice(1), {
env: { ...process.env, NODE_USE_ENV_PROXY: "1" },
stdio: "inherit",
});
child.on("exit", (code) => {
process.exitCode = code;
if (code !== 0) {
reject(new Error(`Child process exited with code ${code}`));
} else {
resolve();
}
});
});
}
return run();
}
+30 -27
View File
@@ -6,6 +6,7 @@ import { createAppAuth } from "@octokit/auth-app";
import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js"; import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
import { main } from "./lib/main.js"; import { main } from "./lib/main.js";
import request from "./lib/request.js"; import request from "./lib/request.js";
import { runWithProxy } from "./lib/run-with-proxy.js";
if (!process.env.GITHUB_REPOSITORY) { if (!process.env.GITHUB_REPOSITORY) {
throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'"); throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'");
@@ -15,32 +16,34 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'"); throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'");
} }
const appId = core.getInput("app-id");
const privateKey = core.getInput("private-key");
const owner = core.getInput("owner");
const repositories = core
.getInput("repositories")
.split(/[\n,]+/)
.map((s) => s.trim())
.filter((x) => x !== "");
const skipTokenRevoke = core.getBooleanInput("skip-token-revoke");
const permissions = getPermissionsFromInputs(process.env);
// Export promise for testing // Export promise for testing
export default main( export default runWithProxy(async () => {
appId, const appId = core.getInput("app-id");
privateKey, const privateKey = core.getInput("private-key");
owner, const owner = core.getInput("owner");
repositories, const repositories = core
permissions, .getInput("repositories")
core, .split(/[\n,]+/)
createAppAuth, .map((s) => s.trim())
request, .filter((x) => x !== "");
skipTokenRevoke,
).catch((error) => { const skipTokenRevoke = core.getBooleanInput("skip-token-revoke");
/* c8 ignore next 3 */
console.error(error); const permissions = getPermissionsFromInputs(process.env);
core.setFailed(error.message);
return main(
appId,
privateKey,
owner,
repositories,
permissions,
core,
createAppAuth,
request,
skipTokenRevoke,
).catch((error) => {
/* c8 ignore next 3 */
console.error(error);
core.setFailed(error.message);
});
}); });
+8 -4
View File
@@ -4,9 +4,13 @@ import core from "@actions/core";
import { post } from "./lib/post.js"; import { post } from "./lib/post.js";
import request from "./lib/request.js"; import request from "./lib/request.js";
import { runWithProxy } from "./lib/run-with-proxy.js";
post(core, request).catch((error) => { // Export promise for testing
/* c8 ignore next 3 */ export default runWithProxy(async () => {
console.error(error); return post(core, request).catch((error) => {
core.setFailed(error.message); /* c8 ignore next 3 */
console.error(error);
core.setFailed(error.message);
});
}); });
+9 -1
View File
@@ -22,7 +22,15 @@ for (const file of testFiles) {
GITHUB_OUTPUT: undefined, GITHUB_OUTPUT: undefined,
GITHUB_STATE: undefined, GITHUB_STATE: undefined,
}; };
const { stderr, stdout } = await execa("node", [`tests/${file}`], { env }); const { stderr, stdout } = await execa(
"node",
[
"--experimental-test-module-mocks",
"--disable-warning=ExperimentalWarning",
`tests/${file}`,
],
{ env },
);
t.snapshot(stderr, "stderr"); t.snapshot(stderr, "stderr");
t.snapshot(stdout, "stdout"); t.snapshot(stdout, "stdout");
}); });
+20
View File
@@ -0,0 +1,20 @@
// Verify that `runWithProxy()` calls the callback directly (no child process)
// when `NODE_USE_ENV_PROXY` is already set to `"1"`, even with proxy env vars set.
import assert from "node:assert";
import { runWithProxy } from "../lib/run-with-proxy.js";
process.env.https_proxy = "http://proxy.example.com";
process.env.NODE_USE_ENV_PROXY = "1";
let callbackCalled = false;
await runWithProxy(async () => {
callbackCalled = true;
});
assert(callbackCalled, "callback was called directly without spawning");
delete process.env.NODE_USE_ENV_PROXY;
delete process.env.https_proxy;
+30
View File
@@ -0,0 +1,30 @@
// Verify that `main.js` rejects when the child process exits with a non-zero code.
import assert from "node:assert";
import { mock } from "node:test";
mock.module("node:child_process", {
namedExports: {
spawn() {
return {
on(event, callback) {
if (event === "exit") callback(1);
},
};
},
},
});
process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
process.env.GITHUB_REPOSITORY_OWNER = "actions";
process.env.https_proxy = "http://proxy.example.com";
delete process.env.NODE_USE_ENV_PROXY;
const { default: runPromise } = await import("../main.js");
await assert.rejects(runPromise, {
message: "Child process exited with code 1",
});
assert.equal(process.exitCode, 1, "process exit code is 1");
// Reset for other tests
process.exitCode = 0;
+36
View File
@@ -0,0 +1,36 @@
// Verify that `main.js` spawns a child process when a proxy env var is set
// and `NODE_USE_ENV_PROXY` is not set.
import assert from "node:assert";
import { mock } from "node:test";
let spawnArgs;
mock.module("node:child_process", {
namedExports: {
spawn(command, args, options) {
spawnArgs = { command, args, options };
return {
on(event, callback) {
if (event === "exit") callback(0);
},
};
},
},
});
process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
process.env.GITHUB_REPOSITORY_OWNER = "actions";
process.env.https_proxy = "http://proxy.example.com";
delete process.env.NODE_USE_ENV_PROXY;
const { default: runPromise } = await import("../main.js");
await runPromise;
assert(spawnArgs, "spawn was called");
assert.equal(
spawnArgs.options.env.NODE_USE_ENV_PROXY,
"1",
"NODE_USE_ENV_PROXY is set to '1' in child env",
);
assert.equal(spawnArgs.options.stdio, "inherit", "stdio is inherited");
assert.equal(process.exitCode, 0, "process exit code is 0");
+21
View File
@@ -0,0 +1,21 @@
// Verify that `runWithProxy()` calls the callback directly (no child process)
// when `NODE_USE_ENV_PROXY` is already set to `"1"`, even with proxy env vars set.
// This ensures post.js would also follow the callback path.
import assert from "node:assert";
import { runWithProxy } from "../lib/run-with-proxy.js";
process.env.HTTP_PROXY = "http://proxy.example.com";
process.env.NODE_USE_ENV_PROXY = "1";
let callbackCalled = false;
await runWithProxy(async () => {
callbackCalled = true;
});
assert(callbackCalled, "callback was called directly without spawning");
delete process.env.NODE_USE_ENV_PROXY;
delete process.env.HTTP_PROXY;
+34
View File
@@ -0,0 +1,34 @@
// Verify that `post.js` spawns a child process when a proxy env var is set
// and `NODE_USE_ENV_PROXY` is not set.
import assert from "node:assert";
import { mock } from "node:test";
let spawnArgs;
mock.module("node:child_process", {
namedExports: {
spawn(command, args, options) {
spawnArgs = { command, args, options };
return {
on(event, callback) {
if (event === "exit") callback(0);
},
};
},
},
});
process.env.https_proxy = "http://proxy.example.com";
delete process.env.NODE_USE_ENV_PROXY;
const { default: runPromise } = await import("../post.js");
await runPromise;
assert(spawnArgs, "spawn was called");
assert.equal(
spawnArgs.options.env.NODE_USE_ENV_PROXY,
"1",
"NODE_USE_ENV_PROXY is set to '1' in child env",
);
assert.equal(spawnArgs.options.stdio, "inherit", "stdio is inherited");
assert.equal(process.exitCode, 0, "process exit code is 0");
+50
View File
@@ -82,6 +82,36 @@ Generated by [AVA](https://avajs.dev).
POST /app/installations/123456/access_tokens␊ POST /app/installations/123456/access_tokens␊
{"repositories":["create-github-app-token"]}` {"repositories":["create-github-app-token"]}`
## main-proxy-already-enabled.test.js
> stderr
''
> stdout
''
## main-proxy-child-error.test.js
> stderr
''
> stdout
''
## main-proxy-spawns-child.test.js
> stderr
''
> stdout
''
## main-repo-skew.test.js ## main-repo-skew.test.js
> stderr > stderr
@@ -333,6 +363,26 @@ Generated by [AVA](https://avajs.dev).
POST /app/installations/123456/access_tokens␊ POST /app/installations/123456/access_tokens␊
{"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}` {"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}`
## post-proxy-already-enabled.test.js
> stderr
''
> stdout
''
## post-proxy-spawns-child.test.js
> stderr
''
> stdout
''
## post-revoke-token-fail-response.test.js ## post-revoke-token-fail-response.test.js
> stderr > stderr
Binary file not shown.