diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6741fed..945f290 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -766,3 +766,112 @@ jobs: git push --force --delete origin "${TO_DELETE}" env: TO_DELETE: ${{ steps.setup-test-branch.outputs.branch-name }} + test-persist-credentials-false-branch-on-remote: + runs-on: ubuntu-latest + needs: [check-not-fork] + permissions: + contents: write + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Setup test branch + id: setup-test-branch + run: | + BRANCH_NAME="test-creds-false-branch-on-remote-$(date +%s)" + + git config --global user.name 'github-actions[bot]' + git config --global user.email 'github-actions[bot]@users.noreply.github.com' + + git checkout -b $BRANCH_NAME + git push --set-upstream https://x-access-token:${{ github.token }}@github.com/${{ github.repository }}.git $BRANCH_NAME + + # output status here to manually verify file changes + git status --porcelain=v2 --branch --untracked-files=no + + echo $BRANCH_NAME > "test-file.txt" + echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT + - uses: ./ + id: test-action + continue-on-error: true + with: + token: ${{ github.token }} + stage-all-files: true + commit-message: ${{ steps.setup-test-branch.outputs.branch-name }} + - name: Delete test branch + if: ${{ always() }} + run: | + git push --force --delete https://x-access-token:${{ github.token }}@github.com/${{ github.repository }}.git "${TO_DELETE}" + env: + TO_DELETE: ${{ steps.setup-test-branch.outputs.branch-name }} + - name: Check output + run: | + changedFilesIfAvailable=$(echo ${RESPONSE} | jq -r '.data.createCommitOnBranch.commit.changedFilesIfAvailable') + + if [[ -z "$changedFilesIfAvailable" || "$changedFilesIfAvailable" == "null" ]]; then + echo "Error: changedFilesIfAvailable is empty or null. Verify the output from test-action." + exit 1 + fi + + if [[ "$changedFilesIfAvailable" -ne 1 ]]; then + echo "Error: changedFilesIfAvailable is expected to be 1 but got $changedFilesIfAvailable." + exit 1 + fi + + echo "Validation passed: changedFilesIfAvailable is $changedFilesIfAvailable." + env: + RESPONSE: ${{ steps.test-action.outputs.commit-response }} + + test-persist-credentials-false-branch-not-on-remote: # make sure the action works on a clean machine without building + runs-on: ubuntu-latest + needs: [check-not-fork] + permissions: + contents: write + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Setup test branch + id: setup-test-branch + run: | + BRANCH_NAME="test-creds-false-branch-not-on-remote-$(date +%s)" + + git config --global user.name 'github-actions[bot]' + git config --global user.email 'github-actions[bot]@users.noreply.github.com' + + git checkout -b $BRANCH_NAME + + git status --porcelain=v2 --branch --untracked-files=no + + echo $BRANCH_NAME > "test-file.txt" + echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT + - uses: ./ + id: test-action + with: + token: ${{ github.token }} + stage-all-files: true + create-branch-on-remote: true + commit-message: ${{ steps.setup-test-branch.outputs.branch-name }} + - name: Delete test branch + if: ${{ always() }} + run: | + git push --force --delete https://x-access-token:${{ github.token }}@github.com/${{ github.repository }}.git "${TO_DELETE}" + env: + TO_DELETE: ${{ steps.setup-test-branch.outputs.branch-name }} + - name: Check output + run: | + changedFilesIfAvailable=$(echo ${RESPONSE} | jq -r '.data.createCommitOnBranch.commit.changedFilesIfAvailable') + + if [[ -z "$changedFilesIfAvailable" || "$changedFilesIfAvailable" == "null" ]]; then + echo "Error: changedFilesIfAvailable is empty or null. Verify the output from test-action." + exit 1 + fi + + if [[ "$changedFilesIfAvailable" -ne 1 ]]; then + echo "Error: changedFilesIfAvailable is expected to be 1 but got $changedFilesIfAvailable." + exit 1 + fi + + echo "Validation passed: changedFilesIfAvailable is $changedFilesIfAvailable." + env: + RESPONSE: ${{ steps.test-action.outputs.commit-response }} \ No newline at end of file diff --git a/action.yml b/action.yml index bb29859..a5f7932 100644 --- a/action.yml +++ b/action.yml @@ -47,8 +47,6 @@ runs: echo "ERROR: Invalid GitHub remote URL" exit 1 fi - env: - GH_TOKEN: ${{ inputs.token }} - name: Stage all files if: inputs.stage-all-files == 'true' @@ -59,12 +57,14 @@ runs: if: inputs.create-branch-on-remote == 'true' shell: bash run: | - onRemote=$(git ls-remote --heads origin ${BRANCH}) + onRemote=$(git ls-remote --heads https://x-access-token:${GH_TOKEN}@github.com/${REPO}.git ${BRANCH}) if [[ -z "$onRemote" ]]; then - git push --set-upstream origin ${BRANCH} + git push --set-upstream https://x-access-token:${GH_TOKEN}@github.com/${REPO}.git ${BRANCH} fi env: BRANCH: ${{ steps.commit-context.outputs.branch }} + REPO: ${{ steps.commit-context.outputs.repo }} + GH_TOKEN: ${{ inputs.token }} - name: Get file additions and deletions id: additions-and-deletions @@ -159,12 +159,12 @@ runs: shell: bash id: commit-changes run: | - branch_oid=$(git ls-remote origin refs/heads/${BRANCH} | awk '{ print $1 }') + branch_oid=$(git ls-remote https://x-access-token:${GH_TOKEN}@github.com/${REPO}.git refs/heads/${BRANCH} | awk '{ print $1 }') if [ -n "$branch_oid" ]; then head_oid=$branch_oid # Use remote OID of the current branch else - head_oid=$(git ls-remote origin HEAD | awk '{ print $1 }') # Fallback to HEAD + head_oid=$(git ls-remote https://x-access-token:${GH_TOKEN}@github.com/${REPO}.git HEAD | awk '{ print $1 }') # Fallback to HEAD fi graphql_query='mutation( @@ -205,4 +205,4 @@ runs: BRANCH: ${{ steps.commit-context.outputs.branch }} REPO: ${{ steps.commit-context.outputs.repo }} COMMIT_MESSAGE: ${{ inputs.commit-message }} - TEMP_CONTENTS_DIR: ${{ steps.additions-and-deletions.outputs.contents_dir }} + TEMP_CONTENTS_DIR: ${{ steps.additions-and-deletions.outputs.contents_dir }} \ No newline at end of file