codecov/codecov-action
1
0
Fork 0
mirror of https://github.com/codecov/codecov-action.git synced 2026-02-11 12:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: allow for authentication via OIDC token (#1330)

Browse Source 
* fix: allow for oidc token

* chore(docs): update docs with use_oidc argument

* Update action.yml

Co-authored-by: Cristian Le <github@lecris.me>

* chore(release): 4.2.0

---------

Co-authored-by: Cristian Le <github@lecris.me>
This commit is contained in:
Tom Hu
2024-04-03 15:41:48 -07:00
committed by GitHub
parent 3a20752bdd
commit d820d60619
10 changed files with 351 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/buildExec.test.ts
View File

@@ -10,7 +10,7 @@ import {
const context = github.context;
test('general args', () => {
test('general args', async () => {
const envs = {
codecov_yml_path: 'dev/codecov.yml',
url: 'https://codecov.enterprise.com',
@@ -20,7 +20,7 @@ test('general args', () => {
process.env['INPUT_' + env.toUpperCase()] = envs[env];
}
const {args, verbose} = buildGeneralExec();
const {args, verbose} = await buildGeneralExec();
expect(args).toEqual(
expect.arrayContaining([
@@ -36,13 +36,12 @@ test('general args', () => {
}
});
test('upload args using context', () => {
test('upload args using context', async () => {
const expectedArgs = [
'--git-service',
'github',
];
const {uploadExecArgs, uploadCommand} = buildUploadExec();
const {uploadExecArgs, uploadCommand} = await buildUploadExec();
if (context.eventName == 'pull_request') {
expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
}
@@ -54,7 +53,7 @@ test('upload args using context', () => {
expect(uploadCommand).toEqual('do-upload');
});
test('upload args', () => {
test('upload args', async () => {
const envs = {
'codecov_yml_path': 'dev/codecov.yml',
'commit_parent': 'fakeparentcommit',
@@ -94,7 +93,7 @@ test('upload args', () => {
process.env['INPUT_' + env.toUpperCase()] = envs[env];
}
const {uploadExecArgs, uploadCommand} = buildUploadExec();
const {uploadExecArgs, uploadCommand} = await buildUploadExec();
const expectedArgs = [
'--disable-file-fixes',
'--disable-search',
@@ -156,7 +155,7 @@ test('upload args', () => {
});
test('report args', () => {
test('report args', async () => {
const envs = {
git_service: 'github_enterprise',
override_commit: '9caabca5474b49de74ef5667deabaf74cdacc244',
@@ -169,7 +168,7 @@ test('report args', () => {
process.env['INPUT_' + env.toUpperCase()] = envs[env];
}
const {reportExecArgs, reportCommand} = buildReportExec();
const {reportExecArgs, reportCommand} = await buildReportExec();
const expectedArgs = [
'--git-service',
@@ -191,7 +190,7 @@ test('report args', () => {
});
test('report args using context', () => {
test('report args using context', async () => {
const envs = {
token: 'd3859757-ab80-4664-924d-aef22fa7557b',
};
@@ -206,7 +205,7 @@ test('report args using context', () => {
expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
}
const {reportExecArgs, reportCommand} = buildReportExec();
const {reportExecArgs, reportCommand} = await buildReportExec();
expect(reportExecArgs).toEqual(expectedArgs);
expect(reportCommand).toEqual('create-report');
@@ -216,7 +215,7 @@ test('report args using context', () => {
});
test('commit args', () => {
test('commit args', async () => {
const envs = {
git_service: 'github_enterprise',
commit_parent: '83231650328f11695dfb754ca0f540516f188d27',
@@ -231,7 +230,7 @@ test('commit args', () => {
process.env['INPUT_' + env.toUpperCase()] = envs[env];
}
const {commitExecArgs, commitCommand} = buildCommitExec();
const {commitExecArgs, commitCommand} = await buildCommitExec();
const expectedArgs = [
'--parent-sha',
'83231650328f11695dfb754ca0f540516f188d27',
@@ -255,13 +254,13 @@ test('commit args', () => {
}
});
test('commit args using context', () => {
test('commit args using context', async () => {
const expectedArgs :string[] = [
'--git-service',
'github',
];
const {commitExecArgs, commitCommand} = buildCommitExec();
const {commitExecArgs, commitCommand} = await buildCommitExec();
if (context.eventName == 'pull_request') {
expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
}

34
src/buildExec.ts
View File

@@ -3,6 +3,7 @@
import * as core from '@actions/core';
import * as github from '@actions/github';
import {setFailure} from './helpers';
const context = github.context;
@@ -17,15 +18,36 @@ const isTrue = (variable) => {
);
};
const getToken = async () => {
let token = core.getInput('token');
let url = core.getInput('url');
const useOIDC = isTrue(core.getInput('use_oidc'));
const buildCommitExec = () => {
if (useOIDC) {
if (!url) {
url = 'https://codecov.io';
}
try {
token = await core.getIDToken(url);
return token;
} catch (err) {
setFailure(
`Codecov: Failed to get OIDC token with url: ${url}. ${err.message}`,
true,
);
}
}
return token;
};
const buildCommitExec = async () => {
const commitParent = core.getInput('commit_parent');
const gitService = core.getInput('git_service');
const overrideBranch = core.getInput('override_branch');
const overrideCommit = core.getInput('override_commit');
const overridePr = core.getInput('override_pr');
const slug = core.getInput('slug');
const token = core.getInput('token');
const token = await getToken();
const failCi = isTrue(core.getInput('fail_ci_if_error'));
const workingDir = core.getInput('working-directory');
@@ -101,12 +123,12 @@ const buildGeneralExec = () => {
return {args, verbose};
};
const buildReportExec = () => {
const buildReportExec = async () => {
const gitService = core.getInput('git_service');
const overrideCommit = core.getInput('override_commit');
const overridePr = core.getInput('override_pr');
const slug = core.getInput('slug');
const token = core.getInput('token');
const token = await getToken();
const failCi = isTrue(core.getInput('fail_ci_if_error'));
const workingDir = core.getInput('working-directory');
@@ -158,7 +180,7 @@ const buildReportExec = () => {
return {reportExecArgs, reportOptions, reportCommand};
};
const buildUploadExec = () => {
const buildUploadExec = async () => {
const disableFileFixes = isTrue(core.getInput('disable_file_fixes'));
const disableSafeDirectory = isTrue(core.getInput('disable_safe_directory'));
const disableSearch = isTrue(core.getInput('disable_search'));
@@ -185,7 +207,7 @@ const buildUploadExec = () => {
const rootDir = core.getInput('root_dir');
const searchDir = core.getInput('directory');
const slug = core.getInput('slug');
const token = core.getInput('token');
const token = await getToken();
let uploaderVersion = core.getInput('version');
const useLegacyUploadEndpoint = isTrue(
core.getInput('use_legacy_upload_endpoint'),

170
src/index.ts
View File

@@ -24,102 +24,106 @@ import versionInfo from './version';
let failCi;
try {
const {commitExecArgs, commitOptions, commitCommand} = buildCommitExec();
const {reportExecArgs, reportOptions, reportCommand} = buildReportExec();
const {
uploadExecArgs,
uploadOptions,
disableSafeDirectory,
failCi,
os,
uploaderVersion,
uploadCommand,
} = buildUploadExec();
const {args, verbose} = buildGeneralExec();
const run = async () => {
try {
const {commitExecArgs, commitOptions, commitCommand} = await buildCommitExec();
const {reportExecArgs, reportOptions, reportCommand} = await buildReportExec();
const {
uploadExecArgs,
uploadOptions,
disableSafeDirectory,
failCi,
os,
uploaderVersion,
uploadCommand,
} = await buildUploadExec();
const {args, verbose} = buildGeneralExec();
const platform = getPlatform(os);
const platform = getPlatform(os);
const filename = path.join( __dirname, getUploaderName(platform));
https.get(getBaseUrl(platform, uploaderVersion), (res) => {
// Image will be stored at this path
const filePath = fs.createWriteStream(filename);
res.pipe(filePath);
filePath
.on('error', (err) => {
setFailure(
`Codecov: Failed to write uploader binary: ${err.message}`,
true,
);
}).on('finish', async () => {
filePath.close();
const filename = path.join( __dirname, getUploaderName(platform));
https.get(getBaseUrl(platform, uploaderVersion), (res) => {
// Image will be stored at this path
const filePath = fs.createWriteStream(filename);
res.pipe(filePath);
filePath
.on('error', (err) => {
setFailure(
`Codecov: Failed to write uploader binary: ${err.message}`,
true,
);
}).on('finish', async () => {
filePath.close();
await verify(filename, platform, uploaderVersion, verbose, failCi);
await versionInfo(platform, uploaderVersion);
await fs.chmodSync(filename, '777');
if (!disableSafeDirectory) {
await setSafeDirectory();
}
await verify(filename, platform, uploaderVersion, verbose, failCi);
await versionInfo(platform, uploaderVersion);
await fs.chmodSync(filename, '777');
if (!disableSafeDirectory) {
await setSafeDirectory();
}
const unlink = () => {
fs.unlink(filename, (err) => {
if (err) {
setFailure(
`Codecov: Could not unlink uploader: ${err.message}`,
failCi,
);
}
});
};
const doUpload = async () => {
await exec.exec(getCommand(filename, args, uploadCommand).join(' '),
uploadExecArgs,
uploadOptions)
.catch((err) => {
const unlink = () => {
fs.unlink(filename, (err) => {
if (err) {
setFailure(
`Codecov:
Failed to properly upload report: ${err.message}`,
`Codecov: Could not unlink uploader: ${err.message}`,
failCi,
);
});
};
const createReport = async () => {
}
});
};
const doUpload = async () => {
await exec.exec(getCommand(filename, args, uploadCommand).join(' '),
uploadExecArgs,
uploadOptions)
.catch((err) => {
setFailure(
`Codecov:
Failed to properly upload report: ${err.message}`,
failCi,
);
});
};
const createReport = async () => {
await exec.exec(
getCommand(filename, args, reportCommand).join(' '),
reportExecArgs,
reportOptions)
.then(async (exitCode) => {
if (exitCode == 0) {
await doUpload();
}
}).catch((err) => {
setFailure(
`Codecov:
Failed to properly create report: ${err.message}`,
failCi,
);
});
};
await exec.exec(
getCommand(filename, args, reportCommand).join(' '),
reportExecArgs,
reportOptions)
getCommand(
filename,
args,
commitCommand,
).join(' '),
commitExecArgs, commitOptions)
.then(async (exitCode) => {
if (exitCode == 0) {
await doUpload();
await createReport();
}
unlink();
}).catch((err) => {
setFailure(
`Codecov:
Failed to properly create report: ${err.message}`,
`Codecov: Failed to properly create commit: ${err.message}`,
failCi,
);
});
};
await exec.exec(
getCommand(
filename,
args,
commitCommand,
).join(' '),
commitExecArgs, commitOptions)
.then(async (exitCode) => {
if (exitCode == 0) {
await createReport();
}
unlink();
}).catch((err) => {
setFailure(
`Codecov: Failed to properly create commit: ${err.message}`,
failCi,
);
});
});
});
} catch (err) {
setFailure(`Codecov: Encountered an unexpected error ${err.message}`, failCi);
}
});
});
} catch (err) {
setFailure(`Codecov: Encountered an unexpected error ${err.message}`, failCi);
}
};
run();