From b207ec6de20d9a6b62ee94f794566b0ce4b0229b Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sat, 14 Oct 2023 18:00:02 +0200 Subject: [PATCH] store the tokens in files and never display them --- action.yml | 9 +++++++-- cascading-pr.sh | 24 +++++++++++++++++++++--- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/action.yml b/action.yml index 3cab5a9..33b6f63 100644 --- a/action.yml +++ b/action.yml @@ -81,14 +81,19 @@ runs: verbosity="$verbosity --debug" fi + origin_token=$(pwd)/origin.token + echo -n ${{ inputs.origin-token }} > $origin_token + destination_token=$(pwd)/destination.token + echo -n ${{ inputs.destination-token }} > $destination_token + cascading-pr.sh $verbosity \ --origin-url "${{ inputs.origin-url }}" \ --origin-repo "${{ inputs.origin-repo }}" \ - --origin-token "${{ inputs.origin-token }}" \ + --origin-token "@$origin_token" \ --origin-pr "${{ inputs.origin-pr }}" \ --destination-url "${{ inputs.destination-url }}" \ --destination-repo "${{ inputs.destination-repo }}" \ - --destination-token "${{ inputs.destination-token }}" \ + --destination-token "@$destination_token" \ --destination-branch "${{ inputs.destination-branch }}" \ --update "${{ inputs.update }}" \ --prefix "${{ inputs.prefix }}" \ diff --git a/cascading-pr.sh b/cascading-pr.sh index b003370..420cc78 100755 --- a/cascading-pr.sh +++ b/cascading-pr.sh @@ -117,11 +117,12 @@ function upsert_clone() { local fetch=true if ! test -d $TMPDIR/$direction; then - git clone $clone -b $branch $TMPDIR/$direction + git -c credential.helper="store --file=$TMPDIR/$direction.git-credentials" clone $clone -b $branch $TMPDIR/$direction fetch=false fi ( cd $TMPDIR/$direction + git config credential.helper "store --file=$TMPDIR/$direction.git-credentials" if $fetch; then git fetch $direction fi @@ -163,16 +164,33 @@ function update() { push destination ${options[destination_head]} ${options[destination_clone]} } +function set_clone() { + local direction=$1 + local token=${options[${direction}_token]} + + if [[ "$token" =~ ^@ ]] ; then + local file=${token##@} + ( + echo -n ${options[${direction}_scheme]}://any: + cat $file + echo @${options[${direction}_host_port]}/${options[${direction}_repo]} + ) > $TMPDIR/$direction.git-credentials + else + echo ${options[${direction}_scheme]}://any:${options[${direction}_token]}@${options[${direction}_host_port]}/${options[${direction}_repo]} > $TMPDIR/$direction.git-credentials + fi + options[${direction}_clone]=${options[${direction}_scheme]}://${options[${direction}_host_port]}/${options[${direction}_repo]} +} + function finalize_options() { options[origin_api]=${options[origin_url]}/api/v1/repos/${options[origin_repo]} options[origin_scheme]=$(scheme ${options[origin_url]}) options[origin_host_port]=$(host_port ${options[origin_url]}) - options[origin_clone]=${options[origin_scheme]}://any:${options[origin_token]}@${options[origin_host_port]}/${options[origin_repo]} + set_clone origin options[origin_head]=$(pr_head origin) options[destination_api]=${options[destination_url]}/api/v1/repos/${options[destination_repo]} options[destination_scheme]=$(scheme ${options[destination_url]}) options[destination_host_port]=$(host_port ${options[destination_url]}) - options[destination_clone]=${options[destination_scheme]}://any:${options[destination_token]}@${options[destination_host_port]}/${options[destination_repo]} + set_clone destination options[destination_base]=${options[destination_branch]} : ${options[prefix]:=${options[origin_repo]}} options[destination_head]=${options[prefix]}-${options[origin_pr]}