Merge pull request #46 from actions/bug-fixing

Fix hardcoded api endpoint and artifact name lookup

.github/release-drafter.yml

@@ -4,7 +4,7 @@ tag-template: 'v$RESOLVED_VERSION'
 template: |
   # Changelog
   $CHANGES
-  See details of [all code changes](https://github.com/actions/jekyll-build-pages/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION) since previous release
+  See details of [all code changes](https://github.com/actions/deploy-pages/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION) since previous release
 categories:
   - title: '🚀 Features'
     labels:

.github/workflows/test.yml

@@ -15,7 +15,7 @@ jobs:
     - name: Set Node.JS
       uses: actions/setup-node@v2
       with:
-        node-version: 12.x
+        node-version: 16.x
 
     - name: Install dependencies
       run: npm install

README.md

@@ -1,17 +1,73 @@
 # Deploy-Pages
 
-This deploys artifacts to GitHub Pages.
+This action is used to deploy [Actions artifacts][artifacts] to GitHub Pages.
 
-# Scope
+## Scope
 
-⚠️ Official support for building Pages with Actions is in public beta at the moment. The scope is currently limited to **public repositories only**.
+⚠️ Official support for building Pages with Actions is in public beta at the moment.
 
-# Usage
+## Usage
 
-See [action.yml](action.yml)
+See [action.yml](action.yml) for the various `inputs` this action supports.
 
-<!-- TODO: document custom workflow -->
+For examples that make use of this action, check out our [starter-workflows][starter-workflows] in a variety of frameworks.
 
-# License
+This action expects an artifact named `github-pages` to have been created prior to execution. This is done automatically using [`actions/upload-pages-artifact`][upload-pages-artifact].
+
+We recommend this action to be used in a dedicated job:
+
+```yaml
+jobs:
+  # Build job
+  build:
+    # <Not provided for brevity>
+    # At a minimum this job should upload artifacts using actions/upload-pages-artifact
+
+  # Deploy job
+  deploy:
+    # Add a dependency to the build job
+    needs: build
+
+    # Grant GITHUB_TOKEN the permissions required to make a Pages deployment
+    permissions:
+      pages: write      # to deploy to Pages
+      id-token: write   # to verify the deployment originates from an appropriate source
+
+    # Deploy to the github-pages environment
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    # Specify runner + deployment step
+    runs-on: ubuntu-latest
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v1
+```
+
+## Security considerations
+
+There are a few important considerations to be aware of:
+
+1. The artifact being deployed must have been uploaded in a previous step, either in the same job or a separate job that doesn't execute until the upload is complete.
+
+2. The job that executes the deployment must at minimum have the following permissions:
+   - `pages: write`
+   - `id-token: write`
+
+3. The deployment should target the `github-pages` environment (you may use a different environment name if needed, but this is not recommended.)
+
+4. If your Pages site is using a source branch, the deployment must originate from this source branch unless [your environment is protected][environment-protection] in which case the environment protection rules take precedence over the source branch rule
+
+5. If your Pages site is using GitHub Actions as the source, while not required we highly recommend you also [protect your environment][environment-protection] (we do it by default for you)
+
+## License
 
 The scripts and documentation in this project are released under the [MIT License](LICENSE).
+
+<!-- references -->
+[starter-workflows]: https://github.com/actions/starter-workflows/tree/main/pages
+[upload-pages-artifact]: https://github.com/actions/upload-pages-artifact
+[artifacts]: https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts
+[environment-protection]: https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-protection-rules

action.yml

@@ -24,6 +24,10 @@ inputs:
     description: 'Time in milliseconds between two deployment status report (default: 5 seconds)'
     required: false
     default: "5000"
+  artifact_name:
+    description: 'Name of the artifact to deploy'
+    required: false
+    default: "github-pages"
 outputs:
   page_url:
     description: 'URL to deployed GitHub Pages'

dist/index.js

@@ -7057,7 +7057,9 @@ function getRequiredVars() {
     buildVersion: process.env.GITHUB_SHA,
     buildActor: process.env.GITHUB_ACTOR,
     actionsId: process.env.GITHUB_ACTION,
-    githubToken: core.getInput('token')
+    githubToken: core.getInput('token'),
+    githubApiUrl: process.env.GITHUB_API_URL ?? 'https://api.github.com',
+    artifactName: core.getInput('artifact_name') ?? 'github-pages'
   }
 }
 
@@ -7105,6 +7107,8 @@ class Deployment {
       this.workflowRun = context.workflowRun
       this.requestedDeployment = false
       this.deploymentInfo = null
+      this.githubApiUrl = context.githubApiUrl
+      this.artifactName = context.artifactName
     }
 
     // Ask the runtime for the unsigned artifact URL and deploy to GitHub Pages
@@ -7113,7 +7117,7 @@ class Deployment {
       try {
         core.info(`Actor: ${this.buildActor}`)
         core.info(`Action ID: ${this.actionsId}`)
-        const pagesDeployEndpoint = `https://api.github.com/repos/${this.repositoryNwo}/pages/deployment`
+        const pagesDeployEndpoint = `${this.githubApiUrl}/repos/${this.repositoryNwo}/pages/deployment`
         const artifactExgUrl = `${this.runTimeUrl}_apis/pipelines/workflows/${this.workflowRun}/artifacts?api-version=6.0-preview`
         core.info(`Artifact URL: ${artifactExgUrl}`)
         const {data} = await axios.get(artifactExgUrl, {
@@ -7123,10 +7127,12 @@ class Deployment {
           }
         })
         core.info(JSON.stringify(data))
-        if (data.value.length == 0) {
-          throw new Error('No uploaded artifact was found! Please check if there are any errors at build step.')
+        const artifactRawUrl = data?.value?.find(artifact => artifact.name === this.artifactName)?.url
+        if (!artifactRawUrl) {
+            throw new Error('No uploaded artifact was found! Please check if there are any errors at build step, or uploaded artifact name is correct.')
         }
-        const artifactUrl = `${data.value[0].url}&%24expand=SignedContent`
+
+        const artifactUrl = `${artifactRawUrl}&%24expand=SignedContent`
         const payload = {
           artifact_url: artifactUrl,
           pages_build_version: this.buildVersion,
@@ -7185,7 +7191,7 @@ class Deployment {
       try {
         const statusUrl = this.deploymentInfo != null ?
           this.deploymentInfo["status_url"] :
-          `https://api.github.com/repos/${this.repositoryNwo}/pages/deployment/status/${process.env['GITHUB_SHA']}`
+          `${this.githubApiUrl}/repos/${this.repositoryNwo}/pages/deployment/status/${process.env['GITHUB_SHA']}`
         core.setOutput('page_url', this.deploymentInfo != null ? this.deploymentInfo["page_url"] : "")
         const timeout = Number(core.getInput('timeout'))
         const reportingInterval = Number(core.getInput('reporting_interval'))
@@ -7290,7 +7296,7 @@ const {Deployment} = __nccwpck_require__(2877)
 async function emitTelemetry() {
   // All variables we need from the runtime are set in the Deployment constructor
   const deployment = new Deployment()
-  const telemetryUrl = `https://api.github.com/repos/${deployment.repositoryNwo}/pages/telemetry`
+  const telemetryUrl = `${deployment.githubApiUrl}/repos/${deployment.repositoryNwo}/pages/telemetry`
   core.info(`Sending telemetry for run id ${deployment.workflowRun}`)
   await axios
     .post(
@@ -7500,7 +7506,7 @@ const deployment = new Deployment()
 async function cancelHandler(evtOrExitCodeOrError) {
   try {
     if (deployment.requestedDeployment) {
-      const pagesCancelDeployEndpoint = `https://api.github.com/repos/${process.env.GITHUB_REPOSITORY}/pages/deployment/cancel/${process.env.GITHUB_SHA}`
+      const pagesCancelDeployEndpoint = `${deployment.githubApiUrl}/repos/${process.env.GITHUB_REPOSITORY}/pages/deployment/cancel/${process.env.GITHUB_SHA}`
       await axios.put(
         pagesCancelDeployEndpoint,
         {},

pre/index.js

@@ -7057,7 +7057,9 @@ function getRequiredVars() {
     buildVersion: process.env.GITHUB_SHA,
     buildActor: process.env.GITHUB_ACTOR,
     actionsId: process.env.GITHUB_ACTION,
-    githubToken: core.getInput('token')
+    githubToken: core.getInput('token'),
+    githubApiUrl: process.env.GITHUB_API_URL ?? 'https://api.github.com',
+    artifactName: core.getInput('artifact_name') ?? 'github-pages'
   }
 }
 
@@ -7105,6 +7107,8 @@ class Deployment {
       this.workflowRun = context.workflowRun
       this.requestedDeployment = false
       this.deploymentInfo = null
+      this.githubApiUrl = context.githubApiUrl
+      this.artifactName = context.artifactName
     }
 
     // Ask the runtime for the unsigned artifact URL and deploy to GitHub Pages
@@ -7113,7 +7117,7 @@ class Deployment {
       try {
         core.info(`Actor: ${this.buildActor}`)
         core.info(`Action ID: ${this.actionsId}`)
-        const pagesDeployEndpoint = `https://api.github.com/repos/${this.repositoryNwo}/pages/deployment`
+        const pagesDeployEndpoint = `${this.githubApiUrl}/repos/${this.repositoryNwo}/pages/deployment`
         const artifactExgUrl = `${this.runTimeUrl}_apis/pipelines/workflows/${this.workflowRun}/artifacts?api-version=6.0-preview`
         core.info(`Artifact URL: ${artifactExgUrl}`)
         const {data} = await axios.get(artifactExgUrl, {
@@ -7123,10 +7127,12 @@ class Deployment {
           }
         })
         core.info(JSON.stringify(data))
-        if (data.value.length == 0) {
-          throw new Error('No uploaded artifact was found! Please check if there are any errors at build step.')
+        const artifactRawUrl = data?.value?.find(artifact => artifact.name === this.artifactName)?.url
+        if (!artifactRawUrl) {
+            throw new Error('No uploaded artifact was found! Please check if there are any errors at build step, or uploaded artifact name is correct.')
         }
-        const artifactUrl = `${data.value[0].url}&%24expand=SignedContent`
+
+        const artifactUrl = `${artifactRawUrl}&%24expand=SignedContent`
         const payload = {
           artifact_url: artifactUrl,
           pages_build_version: this.buildVersion,
@@ -7185,7 +7191,7 @@ class Deployment {
       try {
         const statusUrl = this.deploymentInfo != null ?
           this.deploymentInfo["status_url"] :
-          `https://api.github.com/repos/${this.repositoryNwo}/pages/deployment/status/${process.env['GITHUB_SHA']}`
+          `${this.githubApiUrl}/repos/${this.repositoryNwo}/pages/deployment/status/${process.env['GITHUB_SHA']}`
         core.setOutput('page_url', this.deploymentInfo != null ? this.deploymentInfo["page_url"] : "")
         const timeout = Number(core.getInput('timeout'))
         const reportingInterval = Number(core.getInput('reporting_interval'))
@@ -7290,7 +7296,7 @@ const {Deployment} = __nccwpck_require__(2877)
 async function emitTelemetry() {
   // All variables we need from the runtime are set in the Deployment constructor
   const deployment = new Deployment()
-  const telemetryUrl = `https://api.github.com/repos/${deployment.repositoryNwo}/pages/telemetry`
+  const telemetryUrl = `${deployment.githubApiUrl}/repos/${deployment.repositoryNwo}/pages/telemetry`
   core.info(`Sending telemetry for run id ${deployment.workflowRun}`)
   await axios
     .post(

src/context.js

@@ -10,7 +10,9 @@ function getRequiredVars() {
     buildVersion: process.env.GITHUB_SHA,
     buildActor: process.env.GITHUB_ACTOR,
     actionsId: process.env.GITHUB_ACTION,
-    githubToken: core.getInput('token')
+    githubToken: core.getInput('token'),
+    githubApiUrl: process.env.GITHUB_API_URL ?? 'https://api.github.com',
+    artifactName: core.getInput('artifact_name') ?? 'github-pages'
   }
 }
 

src/deployment.js

@@ -25,6 +25,8 @@ class Deployment {
       this.workflowRun = context.workflowRun
       this.requestedDeployment = false
       this.deploymentInfo = null
+      this.githubApiUrl = context.githubApiUrl
+      this.artifactName = context.artifactName
     }
 
     // Ask the runtime for the unsigned artifact URL and deploy to GitHub Pages
@@ -33,7 +35,7 @@ class Deployment {
       try {
         core.info(`Actor: ${this.buildActor}`)
         core.info(`Action ID: ${this.actionsId}`)
-        const pagesDeployEndpoint = `https://api.github.com/repos/${this.repositoryNwo}/pages/deployment`
+        const pagesDeployEndpoint = `${this.githubApiUrl}/repos/${this.repositoryNwo}/pages/deployment`
         const artifactExgUrl = `${this.runTimeUrl}_apis/pipelines/workflows/${this.workflowRun}/artifacts?api-version=6.0-preview`
         core.info(`Artifact URL: ${artifactExgUrl}`)
         const {data} = await axios.get(artifactExgUrl, {
@@ -43,10 +45,12 @@ class Deployment {
           }
         })
         core.info(JSON.stringify(data))
-        if (data.value.length == 0) {
-          throw new Error('No uploaded artifact was found! Please check if there are any errors at build step.')
+        const artifactRawUrl = data?.value?.find(artifact => artifact.name === this.artifactName)?.url
+        if (!artifactRawUrl) {
+            throw new Error('No uploaded artifact was found! Please check if there are any errors at build step, or uploaded artifact name is correct.')
         }
-        const artifactUrl = `${data.value[0].url}&%24expand=SignedContent`
+
+        const artifactUrl = `${artifactRawUrl}&%24expand=SignedContent`
         const payload = {
           artifact_url: artifactUrl,
           pages_build_version: this.buildVersion,
@@ -105,7 +109,7 @@ class Deployment {
       try {
         const statusUrl = this.deploymentInfo != null ?
           this.deploymentInfo["status_url"] :
-          `https://api.github.com/repos/${this.repositoryNwo}/pages/deployment/status/${process.env['GITHUB_SHA']}`
+          `${this.githubApiUrl}/repos/${this.repositoryNwo}/pages/deployment/status/${process.env['GITHUB_SHA']}`
         core.setOutput('page_url', this.deploymentInfo != null ? this.deploymentInfo["page_url"] : "")
         const timeout = Number(core.getInput('timeout'))
         const reportingInterval = Number(core.getInput('reporting_interval'))

src/index.js

@@ -17,7 +17,7 @@ const deployment = new Deployment()
 async function cancelHandler(evtOrExitCodeOrError) {
   try {
     if (deployment.requestedDeployment) {
-      const pagesCancelDeployEndpoint = `https://api.github.com/repos/${process.env.GITHUB_REPOSITORY}/pages/deployment/cancel/${process.env.GITHUB_SHA}`
+      const pagesCancelDeployEndpoint = `${deployment.githubApiUrl}/repos/${process.env.GITHUB_REPOSITORY}/pages/deployment/cancel/${process.env.GITHUB_SHA}`
       await axios.put(
         pagesCancelDeployEndpoint,
         {},

src/index.test.js

@@ -55,6 +55,14 @@ describe('create', () => {
     process.env.GITHUB_ACTOR = 'monalisa'
     process.env.GITHUB_ACTION = '__monalisa/octocat'
     process.env.GITHUB_ACTION_PATH = 'something'
+    jest.spyOn(core, 'getInput').mockImplementation(param => {
+      switch (param) {
+        case 'artifact_name':
+          return 'github-pages'
+        case 'token':
+          return process.env.GITHUB_TOKEN
+      }
+    })
 
     jest.spyOn(core, 'setOutput').mockImplementation(param => {
       return param
@@ -75,7 +83,7 @@ describe('create', () => {
     const fakeJwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJiNjllMWIxOC1jOGFiLTRhZGQtOGYxOC03MzVlMzVjZGJhZjAiLCJzdWIiOiJyZXBvOnBhcGVyLXNwYS9taW55aTplbnZpcm9ubWVudDpQcm9kdWN0aW9uIiwiYXVkIjoiaHR0cHM6Ly9naXRodWIuY29tL3BhcGVyLXNwYSIsInJlZiI6InJlZnMvaGVhZHMvbWFpbiIsInNoYSI6ImEyODU1MWJmODdiZDk3NTFiMzdiMmM0YjM3M2MxZjU3NjFmYWM2MjYiLCJyZXBvc2l0b3J5IjoicGFwZXItc3BhL21pbnlpIiwicmVwb3NpdG9yeV9vd25lciI6InBhcGVyLXNwYSIsInJ1bl9pZCI6IjE1NDY0NTkzNjQiLCJydW5fbnVtYmVyIjoiMzQiLCJydW5fYXR0ZW1wdCI6IjIiLCJhY3RvciI6IllpTXlzdHkiLCJ3b3JrZmxvdyI6IkNJIiwiaGVhZF9yZWYiOiIiLCJiYXNlX3JlZiI6IiIsImV2ZW50X25hbWUiOiJwdXNoIiwicmVmX3R5cGUiOiJicmFuY2giLCJlbnZpcm9ubWVudCI6IlByb2R1Y3Rpb24iLCJqb2Jfd29ya2Zsb3dfcmVmIjoicGFwZXItc3BhL21pbnlpLy5naXRodWIvd29ya2Zsb3dzL2JsYW5rLnltbEByZWZzL2hlYWRzL21haW4iLCJpc3MiOiJodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwibmJmIjoxNjM4ODI4MDI4LCJleHAiOjE2Mzg4Mjg5MjgsImlhdCI6MTYzODgyODYyOH0.1wyupfxu1HGoTyIqatYg0hIxy2-0bMO-yVlmLSMuu2w'
     const scope = nock(`http://my-url`)
       .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-      .reply(200, { value: [{ url: 'https://fake-artifact.com' }] })
+      .reply(200, { value: [ {url: 'https://another-artifact.com', name: 'another-artifact'}, { url: 'https://fake-artifact.com', name: 'github-pages' }] })
 
     core.getIDToken = jest.fn().mockResolvedValue(fakeJwt)
     axios.post = jest.fn().mockResolvedValue('test')
@@ -94,7 +102,7 @@ describe('create', () => {
       {
         headers: {
           Accept: 'application/vnd.github.v3+json',
-          Authorization: 'Bearer ',
+          Authorization: `Bearer gha-token`,
           'Content-type': 'application/json'
         }
       }
@@ -112,7 +120,7 @@ describe('create', () => {
     process.env.GITHUB_SHA = 'invalid-build-version'
     const scope = nock(`http://my-url`)
       .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-      .reply(200, { value: [{ url: 'https://invalid-artifact.com' }] })
+      .reply(200, { value: [{ url: 'https://invalid-artifact.com', name: 'github-pages' }] })
 
     axios.post = jest.fn().mockRejectedValue({
       status: 400
@@ -161,6 +169,7 @@ describe('check', () => {
     process.env.GITHUB_ACTOR = 'monalisa'
     process.env.GITHUB_ACTION = '__monalisa/octocat'
     process.env.GITHUB_ACTION_PATH = 'something'
+    process.env.ARTIFACT_NAME = 'github-pages'
 
     jest.spyOn(core, 'setOutput').mockImplementation(param => {
       return param
@@ -209,7 +218,7 @@ describe('check', () => {
       `https://api.github.com/repos/${repositoryNwo}/pages/deployment/status/${buildVersion}`,
       {
         headers: {
-          Authorization: 'token '
+          Authorization: 'token gha-token'
         }
       }
     )

src/pre.js

@@ -21,7 +21,7 @@ const {Deployment} = require('./deployment')
 async function emitTelemetry() {
   // All variables we need from the runtime are set in the Deployment constructor
   const deployment = new Deployment()
-  const telemetryUrl = `https://api.github.com/repos/${deployment.repositoryNwo}/pages/telemetry`
+  const telemetryUrl = `${deployment.githubApiUrl}/repos/${deployment.repositoryNwo}/pages/telemetry`
   core.info(`Sending telemetry for run id ${deployment.workflowRun}`)
   await axios
     .post(