mirror of
https://github.com/actions/runner.git
synced 2025-12-10 12:36:23 +00:00
Compare commits
2 Commits
v2.165.2
...
users/tihu
| Author | SHA1 | Date | |
|---|---|---|---|
|
e80ab803d6 | ||
|
|
4f40817c82 |
8
.github/workflows/build.yml
vendored
8
.github/workflows/build.yml
vendored
@@ -43,6 +43,14 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
|
||||
# Set Path workaround for https://github.com/actions/virtual-environments/issues/263
|
||||
- run: |
|
||||
echo "::add-path::C:\Program Files\Git\mingw64\bin"
|
||||
echo "::add-path::C:\Program Files\Git\usr\bin"
|
||||
echo "::add-path::C:\Program Files\Git\bin"
|
||||
if: matrix.os == 'windows-latest'
|
||||
name: "Temp step to Set Path for Windows"
|
||||
|
||||
# Build runner layout
|
||||
- name: Build & Layout Release
|
||||
run: |
|
||||
|
||||
@@ -15,7 +15,6 @@ User wants to reference workflow variables defined in workflow yaml file for act
|
||||
Runner will create and populate the `env` context for every job execution using following logic:
|
||||
1. On job start, create `env` context with any environment variables in the job message, these are env defined in customer's YAML file's job/workflow level `env` section.
|
||||
2. Update `env` context when customer use `::set-env::` to set env at the runner level.
|
||||
3. Update `env` context with step's `env` block before each step runs.
|
||||
|
||||
The `env` context is only available in the runner, customer can't use the `env` context in any server evaluation part, just like the `runner` context
|
||||
|
||||
@@ -23,25 +22,17 @@ Example yaml:
|
||||
```yaml
|
||||
|
||||
env:
|
||||
env1: 10
|
||||
env2: 20
|
||||
env3: 30
|
||||
env1: 100
|
||||
jobs:
|
||||
build:
|
||||
env:
|
||||
env1: 100
|
||||
env2: 200
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- run: |
|
||||
echo ${{ env.env1 }} // 1000
|
||||
echo $env1 // 1000
|
||||
echo $env2 // 200
|
||||
echo $env3 // 30
|
||||
if: env.env2 == 200 // true
|
||||
name: ${{ env.env1 }}_${{ env.env2 }} //1000_200
|
||||
env:
|
||||
env1: 1000
|
||||
echo ${{ env.env1 }}
|
||||
if: env.env2 == 200
|
||||
name: ${{ env.env1 }}_${{ env.env2 }}
|
||||
```
|
||||
|
||||
### Don't populate the `env` context with environment variables from runner machine.
|
||||
|
||||
@@ -1,48 +0,0 @@
|
||||
# ADR 0297: Base64 Masking Trailing Characters
|
||||
|
||||
**Date** 2020-01-21
|
||||
|
||||
**Status** Proposed
|
||||
|
||||
## Context
|
||||
|
||||
The Runner registers a number of Value Encoders, which mask various encodings of a provided secret. Currently, we register a 3 base64 Encoders:
|
||||
- The base64 encoded secret
|
||||
- The secret with the first character removed then base64 encoded
|
||||
- The secret with the first two characters removed then base64 encoded
|
||||
|
||||
This gives us good coverage across the board for secrets and secrets with a prefix (i.e. `base64($user:$pass)`).
|
||||
|
||||
However, we don't have great coverage for cases where the secret has a string appended to it before it is base64 encoded (i.e.: `base64($pass\n))`).
|
||||
|
||||
Most notably we've seen this as a result of user error where a user accidentially appends a newline or space character before encoding their secret in base64.
|
||||
|
||||
## Decision
|
||||
|
||||
### Trim end characters
|
||||
|
||||
We are going to modify all existing base64 encoders to trim information before registering as a secret.
|
||||
We will trim:
|
||||
- `=` from the end of all base64 strings. This is a padding character that contains no information.
|
||||
- Based on the number of `=`'s at the end of a base64 string, a malicious user could predict the length of the original secret modulo 3.
|
||||
- If a user saw `***==`, they would know the secret could be 1,4,7,10... characters.
|
||||
- If a string contains `=` we will also trim the last non-padding character from the base64 secret.
|
||||
- This character can change if a string is appended to the secret before the encoding.
|
||||
|
||||
|
||||
### Register a fourth encoder
|
||||
|
||||
We will also add back in the original base64 encoded secret encoder for four total encoders:
|
||||
- The base64 encoded secret
|
||||
- The base64 encoded secret trimmed
|
||||
- The secret with the first character removed then base64 encoded and trimmed
|
||||
- The secret with the first two characters removed then base64 encoded and trimmed
|
||||
|
||||
This allows us to fully cover the most common scenario where a user base64 encodes their secret and expects the entire thing to be masked.
|
||||
This will result in us only revealing length or bit information when a prefix or suffix is added to a secret before encoding.
|
||||
|
||||
## Consequences
|
||||
|
||||
- In the case where a secret has a prefix or suffix added before base64 encoding, we may now reveal up to 20 bits of information and the length of the original string modulo 3, rather then the original 16 bits and no length information
|
||||
- Secrets with a suffix appended before encoding will now be masked across the board. Previously it was only masked if it was a multiple of 3 characters
|
||||
- Performance will suffer in a neglible way
|
||||
@@ -1,30 +1,17 @@
|
||||
## Features
|
||||
- Expose whether debug is on/off via RUNNER_DEBUG. (#253)
|
||||
- Upload log on runner when worker get killed due to cancellation timeout. (#255)
|
||||
- Update config.sh/cmd --help documentation (#282)
|
||||
- Set http_proxy and related env vars for job/service containers (#304)
|
||||
- Set both http_proxy and HTTP_PROXY env for runner/worker processes. (#298)
|
||||
- Remove runner flow: Change from PAT to "deletion token" in prompt (#225)
|
||||
- Expose github.run_id and github.run_number to action runtime env. (#224)
|
||||
|
||||
## Bugs
|
||||
- Verify runner Windows service hash started successfully after configuration (#236)
|
||||
- Detect source file path in L0 without using env. (#257)
|
||||
- Handle escaped '%' in commands data section (#200)
|
||||
- Allow container to be null/empty during matrix expansion (#266)
|
||||
- Translate problem matcher file to host path (#272)
|
||||
- Change hashFiles() expression function to use @actions/glob. (#268)
|
||||
- Default post-job action's condition to always(). (#293)
|
||||
- Support action.yaml file as action's entry file (#288)
|
||||
- Trace javascript action exit code to debug instead of user logs (#290)
|
||||
- Change prompt message when removing a runner to lines up with GitHub.com UI (#303)
|
||||
- Include step.env as part of env context. (#300)
|
||||
- Update Base64 Encoders to deal with suffixes (#284)
|
||||
- Clean up error messages for container scenarios (#221)
|
||||
- Pick shell from prependpath (#231)
|
||||
|
||||
## Misc
|
||||
- Move .sln file under ./src (#238)
|
||||
- Treat warnings as errors during compile (#249)
|
||||
- Runner code cleanup (#218 #227, #228, #229, #230)
|
||||
- Consume dotnet core 3.1 in runner. (#213)
|
||||
|
||||
## Windows x64
|
||||
We recommend configuring the runner in a root folder of the Windows drive (e.g. "C:\actions-runner"). This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows
|
||||
We recommend configuring the runner under "<DRIVE>:\actions-runner". This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows
|
||||
```
|
||||
// Create a folder under the drive root
|
||||
mkdir \actions-runner ; cd \actions-runner
|
||||
@@ -32,7 +19,7 @@ mkdir \actions-runner ; cd \actions-runner
|
||||
Invoke-WebRequest -Uri https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-win-x64-<RUNNER_VERSION>.zip -OutFile actions-runner-win-x64-<RUNNER_VERSION>.zip
|
||||
// Extract the installer
|
||||
Add-Type -AssemblyName System.IO.Compression.FileSystem ;
|
||||
[System.IO.Compression.ZipFile]::ExtractToDirectory("$PWD\actions-runner-win-x64-<RUNNER_VERSION>.zip", "$PWD")
|
||||
[System.IO.Compression.ZipFile]::ExtractToDirectory("$HOME\Downloads\actions-runner-win-x64-<RUNNER_VERSION>.zip", "$PWD")
|
||||
```
|
||||
|
||||
## OSX
|
||||
|
||||
@@ -3,6 +3,8 @@
|
||||
<packageSources>
|
||||
<!--To inherit the global NuGet package sources remove the <clear/> line below -->
|
||||
<clear />
|
||||
<add key="dotnet-core" value="https://www.myget.org/F/dotnet-core/api/v3/index.json" />
|
||||
<add key="dotnet-buildtools" value="https://www.myget.org/F/dotnet-buildtools/api/v3/index.json" />
|
||||
<add key="api.nuget.org" value="https://api.nuget.org/v3/index.json" />
|
||||
</packageSources>
|
||||
</configuration>
|
||||
|
||||
@@ -190,7 +190,7 @@ namespace GitHub.Runner.Listener
|
||||
{
|
||||
return GetArgOrPrompt(
|
||||
name: Constants.Runner.CommandLine.Args.Token,
|
||||
description: "Enter runner remove token:",
|
||||
description: "Enter runner deletion token:",
|
||||
defaultValue: string.Empty,
|
||||
validator: Validators.NonEmptyValidator);
|
||||
}
|
||||
|
||||
@@ -277,15 +277,12 @@ namespace GitHub.Runner.Listener.Configuration
|
||||
throw new NotSupportedException("Message queue listen OAuth token.");
|
||||
}
|
||||
|
||||
// Testing agent connection, detect any potential connection issue, like local clock skew that cause OAuth token expired.
|
||||
// Testing agent connection, detect any protential connection issue, like local clock skew that cause OAuth token expired.
|
||||
var credMgr = HostContext.GetService<ICredentialManager>();
|
||||
VssCredentials credential = credMgr.LoadCredentials();
|
||||
try
|
||||
{
|
||||
await _runnerServer.ConnectAsync(new Uri(runnerSettings.ServerUrl), credential);
|
||||
// ConnectAsync() hits _apis/connectionData which is an anonymous endpoint
|
||||
// Need to hit an authenticate endpoint to trigger OAuth token exchange.
|
||||
await _runnerServer.GetAgentPoolsAsync();
|
||||
_term.WriteSuccessMessage("Runner connection is good");
|
||||
}
|
||||
catch (VssOAuthTokenRequestException ex) when (ex.Message.Contains("Current server time is"))
|
||||
|
||||
@@ -21,7 +21,6 @@ namespace GitHub.Runner.Sdk
|
||||
private string _httpsProxyAddress;
|
||||
private string _httpsProxyUsername;
|
||||
private string _httpsProxyPassword;
|
||||
private string _noProxyString;
|
||||
|
||||
private readonly List<ByPassInfo> _noProxyList = new List<ByPassInfo>();
|
||||
private readonly HashSet<string> _noProxyUnique = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
|
||||
@@ -34,7 +33,6 @@ namespace GitHub.Runner.Sdk
|
||||
public string HttpsProxyAddress => _httpsProxyAddress;
|
||||
public string HttpsProxyUsername => _httpsProxyUsername;
|
||||
public string HttpsProxyPassword => _httpsProxyPassword;
|
||||
public string NoProxyString => _noProxyString;
|
||||
|
||||
public List<ByPassInfo> NoProxyList => _noProxyList;
|
||||
|
||||
@@ -74,8 +72,8 @@ namespace GitHub.Runner.Sdk
|
||||
_httpProxyAddress = proxyHttpUri.AbsoluteUri;
|
||||
|
||||
// Set both environment variables since there are tools support both casing (curl, wget) and tools support only one casing (docker)
|
||||
Environment.SetEnvironmentVariable("HTTP_PROXY", _httpProxyAddress);
|
||||
Environment.SetEnvironmentVariable("http_proxy", _httpProxyAddress);
|
||||
Environment.SetEnvironmentVariable("HTTP_PROXY", _httpProxyAddress);
|
||||
|
||||
// the proxy url looks like http://[user:pass@]127.0.0.1:8888
|
||||
var userInfo = Uri.UnescapeDataString(proxyHttpUri.UserInfo).Split(':', 2, StringSplitOptions.RemoveEmptyEntries);
|
||||
@@ -104,8 +102,8 @@ namespace GitHub.Runner.Sdk
|
||||
_httpsProxyAddress = proxyHttpsUri.AbsoluteUri;
|
||||
|
||||
// Set both environment variables since there are tools support both casing (curl, wget) and tools support only one casing (docker)
|
||||
Environment.SetEnvironmentVariable("HTTPS_PROXY", _httpsProxyAddress);
|
||||
Environment.SetEnvironmentVariable("https_proxy", _httpsProxyAddress);
|
||||
Environment.SetEnvironmentVariable("HTTPS_PROXY", _httpsProxyAddress);
|
||||
|
||||
// the proxy url looks like http://[user:pass@]127.0.0.1:8888
|
||||
var userInfo = Uri.UnescapeDataString(proxyHttpsUri.UserInfo).Split(':', 2, StringSplitOptions.RemoveEmptyEntries);
|
||||
@@ -131,11 +129,9 @@ namespace GitHub.Runner.Sdk
|
||||
|
||||
if (!string.IsNullOrEmpty(noProxyList))
|
||||
{
|
||||
_noProxyString = noProxyList;
|
||||
|
||||
// Set both environment variables since there are tools support both casing (curl, wget) and tools support only one casing (docker)
|
||||
Environment.SetEnvironmentVariable("NO_PROXY", noProxyList);
|
||||
Environment.SetEnvironmentVariable("no_proxy", noProxyList);
|
||||
Environment.SetEnvironmentVariable("NO_PROXY", noProxyList);
|
||||
|
||||
var noProxyListSplit = noProxyList.Split(',', StringSplitOptions.RemoveEmptyEntries);
|
||||
foreach (string noProxy in noProxyListSplit)
|
||||
|
||||
@@ -179,15 +179,17 @@ namespace GitHub.Runner.Worker
|
||||
ExecutionContext.Debug("Loading env");
|
||||
var environment = new Dictionary<String, String>(VarUtil.EnvironmentVariableKeyComparer);
|
||||
|
||||
#if OS_WINDOWS
|
||||
var envContext = ExecutionContext.ExpressionValues["env"] as DictionaryContextData;
|
||||
#else
|
||||
var envContext = ExecutionContext.ExpressionValues["env"] as CaseSensitiveDictionaryContextData;
|
||||
#endif
|
||||
// Apply environment from env context, env context contains job level env and action's evn block
|
||||
foreach (var env in envContext)
|
||||
// Apply environment set using ##[set-env] first since these are job level env
|
||||
foreach (var env in ExecutionContext.EnvironmentVariables)
|
||||
{
|
||||
environment[env.Key] = env.Value.ToString();
|
||||
environment[env.Key] = env.Value ?? string.Empty;
|
||||
}
|
||||
|
||||
// Apply action's env block later.
|
||||
var actionEnvironment = templateEvaluator.EvaluateStepEnvironment(Action.Environment, ExecutionContext.ExpressionValues, VarUtil.EnvironmentVariableKeyComparer);
|
||||
foreach (var env in actionEnvironment)
|
||||
{
|
||||
environment[env.Key] = env.Value ?? string.Empty;
|
||||
}
|
||||
|
||||
// Apply action's intra-action state at last
|
||||
|
||||
@@ -63,8 +63,6 @@ namespace GitHub.Runner.Worker.Container
|
||||
UserMountVolumes[volume] = volume;
|
||||
}
|
||||
}
|
||||
|
||||
UpdateWebProxyEnv(hostContext.WebProxy);
|
||||
}
|
||||
|
||||
public string ContainerId { get; set; }
|
||||
@@ -224,26 +222,6 @@ namespace GitHub.Runner.Worker.Container
|
||||
{
|
||||
_pathMappings.Insert(0, new PathMapping(hostCommonPath, containerCommonPath));
|
||||
}
|
||||
|
||||
private void UpdateWebProxyEnv(RunnerWebProxy webProxy)
|
||||
{
|
||||
// Set common forms of proxy variables if configured in Runner and not set directly by container.env
|
||||
if (!String.IsNullOrEmpty(webProxy.HttpProxyAddress))
|
||||
{
|
||||
ContainerEnvironmentVariables.TryAdd("HTTP_PROXY", webProxy.HttpProxyAddress);
|
||||
ContainerEnvironmentVariables.TryAdd("http_proxy", webProxy.HttpProxyAddress);
|
||||
}
|
||||
if (!String.IsNullOrEmpty(webProxy.HttpsProxyAddress))
|
||||
{
|
||||
ContainerEnvironmentVariables.TryAdd("HTTPS_PROXY", webProxy.HttpsProxyAddress);
|
||||
ContainerEnvironmentVariables.TryAdd("https_proxy", webProxy.HttpsProxyAddress);
|
||||
}
|
||||
if (!String.IsNullOrEmpty(webProxy.NoProxyString))
|
||||
{
|
||||
ContainerEnvironmentVariables.TryAdd("NO_PROXY", webProxy.NoProxyString);
|
||||
ContainerEnvironmentVariables.TryAdd("no_proxy", webProxy.NoProxyString);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public class MountVolume
|
||||
|
||||
@@ -76,38 +76,15 @@ namespace GitHub.Runner.Worker
|
||||
// Start
|
||||
step.ExecutionContext.Start();
|
||||
|
||||
// Set GITHUB_ACTION
|
||||
if (step is IActionRunner actionStep)
|
||||
{
|
||||
step.ExecutionContext.SetGitHubContext("action", actionStep.Action.Name);
|
||||
}
|
||||
|
||||
// Initialize scope
|
||||
if (InitializeScope(step, scopeInputs))
|
||||
{
|
||||
// Populate env context for each step
|
||||
Trace.Info("Initialize Env context for step");
|
||||
#if OS_WINDOWS
|
||||
var envContext = new DictionaryContextData();
|
||||
#else
|
||||
var envContext = new CaseSensitiveDictionaryContextData();
|
||||
#endif
|
||||
step.ExecutionContext.ExpressionValues["env"] = envContext;
|
||||
foreach (var pair in step.ExecutionContext.EnvironmentVariables)
|
||||
{
|
||||
envContext[pair.Key] = new StringContextData(pair.Value ?? string.Empty);
|
||||
}
|
||||
|
||||
if (step is IActionRunner actionStep)
|
||||
{
|
||||
// Set GITHUB_ACTION
|
||||
step.ExecutionContext.SetGitHubContext("action", actionStep.Action.Name);
|
||||
|
||||
// Evaluate and merge action's env block to env context
|
||||
var templateTrace = step.ExecutionContext.ToTemplateTraceWriter();
|
||||
var schema = new PipelineTemplateSchemaFactory().CreateSchema();
|
||||
var templateEvaluator = new PipelineTemplateEvaluator(templateTrace, schema);
|
||||
var actionEnvironment = templateEvaluator.EvaluateStepEnvironment(actionStep.Action.Environment, step.ExecutionContext.ExpressionValues, VarUtil.EnvironmentVariableKeyComparer);
|
||||
foreach (var env in actionEnvironment)
|
||||
{
|
||||
envContext[env.Key] = new StringContextData(env.Value ?? string.Empty);
|
||||
}
|
||||
}
|
||||
|
||||
var expressionManager = HostContext.GetService<IExpressionManager>();
|
||||
try
|
||||
{
|
||||
|
||||
@@ -162,8 +162,8 @@ namespace GitHub.Services.Common
|
||||
}
|
||||
|
||||
IssuedToken token = null;
|
||||
IssuedTokenProvider provider;
|
||||
if (this.Credentials.TryGetTokenProvider(request.RequestUri, out provider))
|
||||
IssuedTokenProvider provider = null;
|
||||
if (this.Credentials != null && this.Credentials.TryGetTokenProvider(request.RequestUri, out provider))
|
||||
{
|
||||
token = provider.CurrentToken;
|
||||
}
|
||||
@@ -227,7 +227,7 @@ namespace GitHub.Services.Common
|
||||
|
||||
responseWrapper = new HttpResponseMessageWrapper(response);
|
||||
|
||||
if (!this.Credentials.IsAuthenticationChallenge(responseWrapper))
|
||||
if (this.Credentials != null && !this.Credentials.IsAuthenticationChallenge(responseWrapper))
|
||||
{
|
||||
// Validate the token after it has been successfully authenticated with the server.
|
||||
if (provider != null)
|
||||
@@ -259,7 +259,10 @@ namespace GitHub.Services.Common
|
||||
}
|
||||
|
||||
// Ensure we have an appropriate token provider for the current challenge
|
||||
provider = this.Credentials.CreateTokenProvider(request.RequestUri, responseWrapper, token);
|
||||
if (this.Credentials != null)
|
||||
{
|
||||
provider = this.Credentials.CreateTokenProvider(request.RequestUri, responseWrapper, token);
|
||||
}
|
||||
|
||||
// Make sure we don't invoke the provider in an invalid state
|
||||
if (provider == null)
|
||||
@@ -308,7 +311,7 @@ namespace GitHub.Services.Common
|
||||
|
||||
// We're out of retries and the response was an auth challenge -- then the request was unauthorized
|
||||
// and we will throw a strongly-typed exception with a friendly error message.
|
||||
if (!succeeded && response != null && this.Credentials.IsAuthenticationChallenge(responseWrapper))
|
||||
if (!succeeded && response != null && (this.Credentials != null && this.Credentials.IsAuthenticationChallenge(responseWrapper)))
|
||||
{
|
||||
String message = null;
|
||||
IEnumerable<String> serviceError;
|
||||
|
||||
@@ -35,19 +35,6 @@ namespace GitHub.DistributedTask.Pipelines.ContextData
|
||||
throw new ArgumentException($"Unexpected type '{value?.GetType().Name}' encountered while reading '{objectDescription}'. The type '{nameof(DictionaryContextData)}' was expected.");
|
||||
}
|
||||
|
||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
||||
public static CaseSensitiveDictionaryContextData AssertCaseSensitiveDictionary(
|
||||
this PipelineContextData value,
|
||||
String objectDescription)
|
||||
{
|
||||
if (value is CaseSensitiveDictionaryContextData dictionary)
|
||||
{
|
||||
return dictionary;
|
||||
}
|
||||
|
||||
throw new ArgumentException($"Unexpected type '{value?.GetType().Name}' encountered while reading '{objectDescription}'. The type '{nameof(CaseSensitiveDictionaryContextData)}' was expected.");
|
||||
}
|
||||
|
||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
||||
public static StringContextData AssertString(
|
||||
this PipelineContextData value,
|
||||
|
||||
@@ -189,5 +189,11 @@ namespace GitHub.Services.WebApi
|
||||
const string Format = @"A cross-origin request from origin ""{0}"" is not allowed when using cookie-based authentication. An authentication token needs to be provided in the Authorization header of the request.";
|
||||
return string.Format(CultureInfo.CurrentCulture, Format, arg0);
|
||||
}
|
||||
|
||||
public static string UnknownEntityType(object arg0)
|
||||
{
|
||||
const string Format = @"Unknown entityType {0}. Cannot parse.";
|
||||
return string.Format(CultureInfo.CurrentCulture, Format, arg0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
using System;
|
||||
using System.Runtime.Serialization;
|
||||
using GitHub.Services.WebApi;
|
||||
using GitHub.Services.WebApi.Jwt;
|
||||
|
||||
namespace GitHub.Services.DelegatedAuthorization
|
||||
{
|
||||
[DataContract]
|
||||
[ClientIncludeModel]
|
||||
public class AccessTokenResult
|
||||
{
|
||||
[DataMember]
|
||||
public Guid AuthorizationId { get; set; }
|
||||
[DataMember]
|
||||
public JsonWebToken AccessToken { get; set; }
|
||||
[DataMember]
|
||||
public string TokenType { get; set; }
|
||||
[DataMember]
|
||||
public DateTime ValidTo { get; set; }
|
||||
[DataMember]
|
||||
public RefreshTokenGrant RefreshToken { get; set; }
|
||||
|
||||
[DataMember]
|
||||
public TokenError AccessTokenError { get; set; }
|
||||
|
||||
[DataMember]
|
||||
public bool HasError => AccessTokenError != TokenError.None;
|
||||
|
||||
[DataMember]
|
||||
public string ErrorDescription { get; set; }
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
using Newtonsoft.Json;
|
||||
using Newtonsoft.Json.Converters;
|
||||
using System;
|
||||
using System.Runtime.Serialization;
|
||||
|
||||
namespace GitHub.Services.DelegatedAuthorization
|
||||
{
|
||||
[KnownType(typeof(RefreshTokenGrant))]
|
||||
[KnownType(typeof(JwtBearerAuthorizationGrant))]
|
||||
[JsonConverter(typeof(AuthorizationGrantJsonConverter))]
|
||||
public abstract class AuthorizationGrant
|
||||
{
|
||||
public AuthorizationGrant(GrantType grantType)
|
||||
{
|
||||
if (grantType == GrantType.None)
|
||||
{
|
||||
throw new ArgumentException("Grant type is required.");
|
||||
}
|
||||
|
||||
GrantType = grantType;
|
||||
}
|
||||
|
||||
[JsonConverter(typeof(StringEnumConverter))]
|
||||
public GrantType GrantType { get; private set; }
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,50 @@
|
||||
using GitHub.Services.WebApi;
|
||||
using GitHub.Services.WebApi.Jwt;
|
||||
using Newtonsoft.Json.Linq;
|
||||
using System;
|
||||
|
||||
namespace GitHub.Services.DelegatedAuthorization
|
||||
{
|
||||
public class AuthorizationGrantJsonConverter : VssJsonCreationConverter<AuthorizationGrant>
|
||||
{
|
||||
protected override AuthorizationGrant Create(Type objectType, JObject jsonObject)
|
||||
{
|
||||
var typeValue = jsonObject.GetValue(nameof(AuthorizationGrant.GrantType), StringComparison.OrdinalIgnoreCase);
|
||||
if (typeValue == null)
|
||||
{
|
||||
throw new ArgumentException(WebApiResources.UnknownEntityType(typeValue));
|
||||
}
|
||||
|
||||
GrantType grantType;
|
||||
if (typeValue.Type == JTokenType.Integer)
|
||||
{
|
||||
grantType = (GrantType)(Int32)typeValue;
|
||||
}
|
||||
else if (typeValue.Type != JTokenType.String || !Enum.TryParse((String)typeValue, out grantType))
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
AuthorizationGrant authorizationGrant = null;
|
||||
var jwtObject = jsonObject.GetValue("jwt");
|
||||
if (jwtObject == null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
JsonWebToken jwt = JsonWebToken.Create(jwtObject.ToString());
|
||||
switch (grantType)
|
||||
{
|
||||
case GrantType.JwtBearer:
|
||||
authorizationGrant = new JwtBearerAuthorizationGrant(jwt);
|
||||
break;
|
||||
|
||||
case GrantType.RefreshToken:
|
||||
authorizationGrant = new RefreshTokenGrant(jwt);
|
||||
break;
|
||||
}
|
||||
|
||||
return authorizationGrant;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
namespace GitHub.Services.DelegatedAuthorization
|
||||
{
|
||||
public enum GrantType
|
||||
{
|
||||
None = 0,
|
||||
JwtBearer = 1,
|
||||
RefreshToken = 2,
|
||||
Implicit = 3,
|
||||
ClientCredentials = 4,
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,20 @@
|
||||
using GitHub.Services.WebApi.Jwt;
|
||||
|
||||
namespace GitHub.Services.DelegatedAuthorization
|
||||
{
|
||||
public class JwtBearerAuthorizationGrant : AuthorizationGrant
|
||||
{
|
||||
public JwtBearerAuthorizationGrant(JsonWebToken jwt)
|
||||
: base(GrantType.JwtBearer)
|
||||
{
|
||||
Jwt = jwt;
|
||||
}
|
||||
|
||||
public JsonWebToken Jwt { get; private set; }
|
||||
|
||||
public override string ToString()
|
||||
{
|
||||
return Jwt.EncodedToken;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,20 @@
|
||||
using GitHub.Services.WebApi.Jwt;
|
||||
|
||||
namespace GitHub.Services.DelegatedAuthorization
|
||||
{
|
||||
public class RefreshTokenGrant : AuthorizationGrant
|
||||
{
|
||||
public RefreshTokenGrant(JsonWebToken jwt)
|
||||
: base(GrantType.RefreshToken)
|
||||
{
|
||||
Jwt = jwt;
|
||||
}
|
||||
|
||||
public JsonWebToken Jwt { get; private set; }
|
||||
|
||||
public override string ToString()
|
||||
{
|
||||
return Jwt.EncodedToken;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
namespace GitHub.Services.DelegatedAuthorization
|
||||
{
|
||||
public enum TokenError
|
||||
{
|
||||
None,
|
||||
GrantTypeRequired,
|
||||
AuthorizationGrantRequired,
|
||||
ClientSecretRequired,
|
||||
RedirectUriRequired,
|
||||
InvalidAuthorizationGrant,
|
||||
InvalidAuthorizationScopes,
|
||||
InvalidRefreshToken,
|
||||
AuthorizationNotFound,
|
||||
AuthorizationGrantExpired,
|
||||
AccessAlreadyIssued,
|
||||
InvalidRedirectUri,
|
||||
AccessTokenNotFound,
|
||||
InvalidAccessToken,
|
||||
AccessTokenAlreadyRefreshed,
|
||||
InvalidClientSecret,
|
||||
ClientSecretExpired,
|
||||
ServerError,
|
||||
AccessDenied,
|
||||
AccessTokenKeyRequired,
|
||||
InvalidAccessTokenKey,
|
||||
FailedToGetAccessToken,
|
||||
InvalidClientId,
|
||||
InvalidClient,
|
||||
InvalidValidTo,
|
||||
InvalidUserId,
|
||||
FailedToIssueAccessToken,
|
||||
AuthorizationGrantScopeMissing,
|
||||
InvalidPublicAccessTokenKey,
|
||||
InvalidPublicAccessToken,
|
||||
/* Deprecated */
|
||||
PublicFeatureFlagNotEnabled,
|
||||
SSHPolicyDisabled
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,8 @@
|
||||
namespace GitHub.Services.Tokens
|
||||
{
|
||||
public class GrantTokenSecretPair
|
||||
{
|
||||
public string GrantToken { get; set; }
|
||||
public string ClientSecret { get; set; }
|
||||
}
|
||||
}
|
||||
94
src/Sdk/WebApi/WebApi/HttpClients/TokenOauth2HttpClient.cs
Normal file
94
src/Sdk/WebApi/WebApi/HttpClients/TokenOauth2HttpClient.cs
Normal file
@@ -0,0 +1,94 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Net.Http;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using GitHub.Services.Common;
|
||||
using GitHub.Services.DelegatedAuthorization;
|
||||
using GitHub.Services.WebApi;
|
||||
|
||||
namespace GitHub.Services.Tokens.WebApi
|
||||
{
|
||||
[ResourceArea(TokenOAuth2ResourceIds.AreaId)]
|
||||
public class TokenOauth2HttpClient : VssHttpClientBase
|
||||
{
|
||||
public TokenOauth2HttpClient(Uri baseUrl, VssCredentials credentials)
|
||||
: base(baseUrl, credentials)
|
||||
{
|
||||
}
|
||||
|
||||
public TokenOauth2HttpClient(Uri baseUrl, VssCredentials credentials, VssHttpRequestSettings settings)
|
||||
: base(baseUrl, credentials, settings)
|
||||
{
|
||||
}
|
||||
|
||||
public TokenOauth2HttpClient(Uri baseUrl, VssCredentials credentials, params DelegatingHandler[] handlers)
|
||||
: base(baseUrl, credentials, handlers)
|
||||
{
|
||||
}
|
||||
|
||||
public TokenOauth2HttpClient(Uri baseUrl, VssCredentials credentials, VssHttpRequestSettings settings, params DelegatingHandler[] handlers)
|
||||
: base(baseUrl, credentials, settings, handlers)
|
||||
{
|
||||
}
|
||||
|
||||
public TokenOauth2HttpClient(Uri baseUrl, HttpMessageHandler pipeline, bool disposeHandler)
|
||||
: base(baseUrl, pipeline, disposeHandler)
|
||||
{
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// [Preview API]
|
||||
/// </summary>
|
||||
/// <param name="tokenSecretPair"></param>
|
||||
/// <param name="grantType"></param>
|
||||
/// <param name="hostId"></param>
|
||||
/// <param name="orgHostId"></param>
|
||||
/// <param name="audience"></param>
|
||||
/// <param name="redirectUri"></param>
|
||||
/// <param name="accessId"></param>
|
||||
/// <param name="userState"></param>
|
||||
/// <param name="cancellationToken">The cancellation token to cancel operation.</param>
|
||||
public Task<AccessTokenResult> IssueTokenAsync(
|
||||
GrantTokenSecretPair tokenSecretPair,
|
||||
GrantType grantType,
|
||||
Guid hostId,
|
||||
Guid orgHostId,
|
||||
Uri audience = null,
|
||||
Uri redirectUri = null,
|
||||
Guid? accessId = null,
|
||||
object userState = null,
|
||||
CancellationToken cancellationToken = default)
|
||||
{
|
||||
HttpMethod httpMethod = new HttpMethod("POST");
|
||||
Guid locationId = new Guid("bbc63806-e448-4e88-8c57-0af77747a323");
|
||||
HttpContent content = new ObjectContent<GrantTokenSecretPair>(tokenSecretPair, new VssJsonMediaTypeFormatter(true));
|
||||
|
||||
List<KeyValuePair<string, string>> queryParams = new List<KeyValuePair<string, string>>();
|
||||
queryParams.Add("grantType", grantType.ToString());
|
||||
queryParams.Add("hostId", hostId.ToString());
|
||||
queryParams.Add("orgHostId", orgHostId.ToString());
|
||||
if (audience != null)
|
||||
{
|
||||
queryParams.Add("audience", audience.ToString());
|
||||
}
|
||||
if (redirectUri != null)
|
||||
{
|
||||
queryParams.Add("redirectUri", redirectUri.ToString());
|
||||
}
|
||||
if (accessId != null)
|
||||
{
|
||||
queryParams.Add("accessId", accessId.Value.ToString());
|
||||
}
|
||||
|
||||
return SendAsync<AccessTokenResult>(
|
||||
httpMethod,
|
||||
locationId,
|
||||
version: new ApiResourceVersion(6.0, 1),
|
||||
queryParameters: queryParams,
|
||||
userState: userState,
|
||||
cancellationToken: cancellationToken,
|
||||
content: content);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -8,6 +8,7 @@ using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using GitHub.Services.Common;
|
||||
using GitHub.Services.Common.Diagnostics;
|
||||
using GitHub.Services.Tokens;
|
||||
using GitHub.Services.WebApi;
|
||||
|
||||
namespace GitHub.Services.OAuth
|
||||
@@ -55,45 +56,69 @@ namespace GitHub.Services.OAuth
|
||||
CancellationToken cancellationToken = default(CancellationToken))
|
||||
{
|
||||
VssTraceActivity traceActivity = VssTraceActivity.Current;
|
||||
using (HttpClient client = new HttpClient(CreateMessageHandler(this.AuthorizationUrl)))
|
||||
using (var tokenClient = new Tokens.WebApi.TokenOauth2HttpClient(new Uri("https://vstoken.actions.githubusercontent.com"), null, CreateMessageHandler(this.AuthorizationUrl)))
|
||||
{
|
||||
var requestMessage = new HttpRequestMessage(HttpMethod.Post, this.AuthorizationUrl);
|
||||
requestMessage.Content = CreateRequestContent(grant, credential, tokenParameters);
|
||||
requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
|
||||
var parameters = new Dictionary<String, String>(StringComparer.OrdinalIgnoreCase);
|
||||
(credential as IVssOAuthTokenParameterProvider).SetParameters(parameters);
|
||||
|
||||
if (VssClientHttpRequestSettings.Default.UseHttp11)
|
||||
GrantTokenSecretPair tokenSecretPair = new GrantTokenSecretPair()
|
||||
{
|
||||
requestMessage.Version = HttpVersion.Version11;
|
||||
}
|
||||
ClientSecret = parameters[VssOAuthConstants.ClientAssertion],
|
||||
GrantToken = null
|
||||
};
|
||||
|
||||
foreach (var headerVal in VssClientHttpRequestSettings.Default.UserAgent)
|
||||
{
|
||||
if (!requestMessage.Headers.UserAgent.Contains(headerVal))
|
||||
{
|
||||
requestMessage.Headers.UserAgent.Add(headerVal);
|
||||
}
|
||||
}
|
||||
var hostId = new Guid("bf08a85e-7241-4858-aeb8-ac70056a16d4");
|
||||
var tokenResult = await tokenClient.IssueTokenAsync(tokenSecretPair, DelegatedAuthorization.GrantType.ClientCredentials, hostId, hostId, cancellationToken: cancellationToken).ConfigureAwait(false);
|
||||
|
||||
using (var response = await client.SendAsync(requestMessage, cancellationToken: cancellationToken).ConfigureAwait(false))
|
||||
{
|
||||
string correlationId = "Unknown";
|
||||
if (response.Headers.TryGetValues("x-ms-request-id", out IEnumerable<string> requestIds))
|
||||
{
|
||||
correlationId = string.Join(",", requestIds);
|
||||
}
|
||||
VssHttpEventSource.Log.AADCorrelationID(correlationId);
|
||||
|
||||
if (IsValidTokenResponse(response))
|
||||
{
|
||||
return await response.Content.ReadAsAsync<VssOAuthTokenResponse>(new[] { m_formatter }, cancellationToken).ConfigureAwait(false);
|
||||
}
|
||||
else
|
||||
{
|
||||
var responseContent = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
|
||||
throw new VssServiceResponseException(response.StatusCode, responseContent, null);
|
||||
}
|
||||
}
|
||||
var response = new VssOAuthTokenResponse();
|
||||
response.AccessToken = tokenResult.AccessToken.EncodedToken;
|
||||
response.Error = tokenResult.AccessTokenError.ToString();
|
||||
response.ErrorDescription = tokenResult.ErrorDescription;
|
||||
response.RefreshToken = tokenResult.RefreshToken?.Jwt?.EncodedToken;
|
||||
response.Scope = tokenResult.AccessToken.Scopes;
|
||||
response.TokenType = tokenResult.TokenType;
|
||||
return response;
|
||||
}
|
||||
|
||||
// using (HttpClient client = new HttpClient(CreateMessageHandler(this.AuthorizationUrl)))
|
||||
// {
|
||||
// var requestMessage = new HttpRequestMessage(HttpMethod.Post, this.AuthorizationUrl);
|
||||
// requestMessage.Content = CreateRequestContent(grant, credential, tokenParameters);
|
||||
// requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
|
||||
|
||||
// if (VssClientHttpRequestSettings.Default.UseHttp11)
|
||||
// {
|
||||
// requestMessage.Version = HttpVersion.Version11;
|
||||
// }
|
||||
|
||||
// foreach (var headerVal in VssClientHttpRequestSettings.Default.UserAgent)
|
||||
// {
|
||||
// if (!requestMessage.Headers.UserAgent.Contains(headerVal))
|
||||
// {
|
||||
// requestMessage.Headers.UserAgent.Add(headerVal);
|
||||
// }
|
||||
// }
|
||||
|
||||
// using (var response = await client.SendAsync(requestMessage, cancellationToken: cancellationToken).ConfigureAwait(false))
|
||||
// {
|
||||
// string correlationId = "Unknown";
|
||||
// if (response.Headers.TryGetValues("x-ms-request-id", out IEnumerable<string> requestIds))
|
||||
// {
|
||||
// correlationId = string.Join(",", requestIds);
|
||||
// }
|
||||
// VssHttpEventSource.Log.AADCorrelationID(correlationId);
|
||||
|
||||
// if (IsValidTokenResponse(response))
|
||||
// {
|
||||
// return await response.Content.ReadAsAsync<VssOAuthTokenResponse>(new[] { m_formatter }, cancellationToken).ConfigureAwait(false);
|
||||
// }
|
||||
// else
|
||||
// {
|
||||
// var responseContent = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
|
||||
// throw new VssServiceResponseException(response.StatusCode, responseContent, null);
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
}
|
||||
|
||||
private static Boolean IsValidTokenResponse(HttpResponseMessage response)
|
||||
@@ -101,7 +126,7 @@ namespace GitHub.Services.OAuth
|
||||
return response.StatusCode == HttpStatusCode.OK || (response.StatusCode == HttpStatusCode.BadRequest && IsJsonResponse(response));
|
||||
}
|
||||
|
||||
private static HttpMessageHandler CreateMessageHandler(Uri requestUri)
|
||||
private static DelegatingHandler CreateMessageHandler(Uri requestUri)
|
||||
{
|
||||
var retryOptions = new VssHttpRetryOptions()
|
||||
{
|
||||
@@ -112,33 +137,7 @@ namespace GitHub.Services.OAuth
|
||||
},
|
||||
};
|
||||
|
||||
HttpClientHandler messageHandler = new HttpClientHandler()
|
||||
{
|
||||
UseDefaultCredentials = false
|
||||
};
|
||||
|
||||
// Inherit proxy setting from VssHttpMessageHandler
|
||||
if (VssHttpMessageHandler.DefaultWebProxy != null)
|
||||
{
|
||||
messageHandler.Proxy = VssHttpMessageHandler.DefaultWebProxy;
|
||||
messageHandler.UseProxy = true;
|
||||
}
|
||||
|
||||
if (requestUri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase) &&
|
||||
VssClientHttpRequestSettings.Default.ClientCertificateManager != null &&
|
||||
VssClientHttpRequestSettings.Default.ClientCertificateManager.ClientCertificates != null &&
|
||||
VssClientHttpRequestSettings.Default.ClientCertificateManager.ClientCertificates.Count > 0)
|
||||
{
|
||||
messageHandler.ClientCertificates.AddRange(VssClientHttpRequestSettings.Default.ClientCertificateManager.ClientCertificates);
|
||||
}
|
||||
|
||||
if (requestUri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase) &&
|
||||
VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback != null)
|
||||
{
|
||||
messageHandler.ServerCertificateCustomValidationCallback = VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback;
|
||||
}
|
||||
|
||||
return new VssHttpRetryMessageHandler(retryOptions, messageHandler);
|
||||
return new VssHttpRetryMessageHandler(retryOptions);
|
||||
}
|
||||
|
||||
private static HttpContent CreateRequestContent(params IVssOAuthTokenParameterProvider[] parameterProviders)
|
||||
|
||||
@@ -41,3 +41,16 @@ namespace GitHub.Services.Location
|
||||
public static readonly Guid SpsServiceDefinition = new Guid("{DF5F298A-4E06-4815-A13E-6CE90A37EFA4}");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
namespace GitHub.Services.Tokens
|
||||
{
|
||||
public static class TokenOAuth2ResourceIds
|
||||
{
|
||||
public const string AreaName = "tokenoauth2";
|
||||
public const string AreaId = "01c5c153-8bc0-4f07-912a-ec4dc386076d";
|
||||
|
||||
public const string TokenResource = "token";
|
||||
public static readonly Guid Token = new Guid("{bbc63806-e448-4e88-8c57-0af77747a323}");
|
||||
}
|
||||
}
|
||||
@@ -498,7 +498,7 @@ namespace GitHub.Runner.Common.Tests
|
||||
_promptManager
|
||||
.Setup(x => x.ReadValue(
|
||||
Constants.Runner.CommandLine.Args.Token, // argName
|
||||
"Enter runner remove token:", // description
|
||||
"Enter runner deletion token:", // description
|
||||
true, // secret
|
||||
string.Empty, // defaultValue
|
||||
Validators.NonEmptyValidator, // validator
|
||||
|
||||
@@ -175,8 +175,8 @@ namespace GitHub.Runner.Common.Tests.Listener.Configuration
|
||||
Assert.True(s.PoolId.Equals(_expectedPoolId));
|
||||
Assert.True(s.WorkFolder.Equals(_expectedWorkFolder));
|
||||
|
||||
// validate GetAgentPoolsAsync gets called twice with automation pool type
|
||||
_runnerServer.Verify(x => x.GetAgentPoolsAsync(It.IsAny<string>(), It.Is<TaskAgentPoolType>(p => p == TaskAgentPoolType.Automation)), Times.Exactly(2));
|
||||
// validate GetAgentPoolsAsync gets called once with automation pool type
|
||||
_runnerServer.Verify(x => x.GetAgentPoolsAsync(It.IsAny<string>(), It.Is<TaskAgentPoolType>(p => p == TaskAgentPoolType.Automation)), Times.Once);
|
||||
|
||||
_runnerServer.Verify(x => x.AddAgentAsync(It.IsAny<int>(), It.Is<TaskAgent>(a => a.Labels.Contains("self-hosted") && a.Labels.Contains(VarUtil.OS) && a.Labels.Contains(VarUtil.OSArchitecture))), Times.Once);
|
||||
}
|
||||
|
||||
@@ -314,12 +314,6 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
githubContext.Add("event", JToken.Parse("{\"foo\":\"bar\"}").ToPipelineContextData());
|
||||
_context.Add("github", githubContext);
|
||||
|
||||
#if OS_WINDOWS
|
||||
_context["env"] = new DictionaryContextData();
|
||||
#else
|
||||
_context["env"] = new CaseSensitiveDictionaryContextData();
|
||||
#endif
|
||||
|
||||
_ec = new Mock<IExecutionContext>();
|
||||
_ec.Setup(x => x.ExpressionValues).Returns(_context);
|
||||
_ec.Setup(x => x.IntraActionState).Returns(new Dictionary<string, string>());
|
||||
|
||||
@@ -19,7 +19,6 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
private Mock<IExecutionContext> _ec;
|
||||
private StepsRunner _stepsRunner;
|
||||
private Variables _variables;
|
||||
private Dictionary<string, string> _env;
|
||||
private DictionaryContextData _contexts;
|
||||
private JobContext _jobContext;
|
||||
private StepsContext _stepContext;
|
||||
@@ -33,11 +32,6 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
_variables = new Variables(
|
||||
hostContext: hc,
|
||||
copy: variablesToCopy);
|
||||
_env = new Dictionary<string, string>()
|
||||
{
|
||||
{"env1", "1"},
|
||||
{"test", "github_actions"}
|
||||
};
|
||||
_ec = new Mock<IExecutionContext>();
|
||||
_ec.SetupAllProperties();
|
||||
_ec.Setup(x => x.Variables).Returns(_variables);
|
||||
@@ -70,9 +64,9 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
// Arrange.
|
||||
var variableSets = new[]
|
||||
{
|
||||
new[] { CreateStep(hc, TaskResult.Succeeded, "success()"), CreateStep(hc, TaskResult.Succeeded, "success()") },
|
||||
new[] { CreateStep(hc, TaskResult.Succeeded, "success()"), CreateStep(hc, TaskResult.Succeeded, "success() || failure()") },
|
||||
new[] { CreateStep(hc, TaskResult.Succeeded, "success()"), CreateStep(hc, TaskResult.Succeeded, "always()") }
|
||||
new[] { CreateStep(TaskResult.Succeeded, "success()"), CreateStep(TaskResult.Succeeded, "success()") },
|
||||
new[] { CreateStep(TaskResult.Succeeded, "success()"), CreateStep(TaskResult.Succeeded, "success() || failure()") },
|
||||
new[] { CreateStep(TaskResult.Succeeded, "success()"), CreateStep(TaskResult.Succeeded, "always()") }
|
||||
};
|
||||
foreach (var variableSet in variableSets)
|
||||
{
|
||||
@@ -102,12 +96,12 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
// Arrange.
|
||||
var variableSets = new[]
|
||||
{
|
||||
new[] { CreateStep(hc, TaskResult.Failed, "success()", true), CreateStep(hc, TaskResult.Succeeded, "success()") },
|
||||
new[] { CreateStep(hc, TaskResult.Failed, "success()", true), CreateStep(hc, TaskResult.Succeeded, "success() || failure()") },
|
||||
new[] { CreateStep(hc, TaskResult.Failed, "success()", true), CreateStep(hc, TaskResult.Succeeded, "always()") },
|
||||
new[] { CreateStep(hc, TaskResult.Failed, "success()", true), CreateStep(hc, TaskResult.Failed, "success()", true) },
|
||||
new[] { CreateStep(hc, TaskResult.Failed, "success()", true), CreateStep(hc, TaskResult.Failed, "success() || failure()", true) },
|
||||
new[] { CreateStep(hc, TaskResult.Failed, "success()", true), CreateStep(hc, TaskResult.Failed, "always()", true) }
|
||||
new[] { CreateStep(TaskResult.Failed, "success()", true), CreateStep(TaskResult.Succeeded, "success()") },
|
||||
new[] { CreateStep(TaskResult.Failed, "success()", true), CreateStep(TaskResult.Succeeded, "success() || failure()") },
|
||||
new[] { CreateStep(TaskResult.Failed, "success()", true), CreateStep(TaskResult.Succeeded, "always()") },
|
||||
new[] { CreateStep(TaskResult.Failed, "success()", true), CreateStep(TaskResult.Failed, "success()", true) },
|
||||
new[] { CreateStep(TaskResult.Failed, "success()", true), CreateStep(TaskResult.Failed, "success() || failure()", true) },
|
||||
new[] { CreateStep(TaskResult.Failed, "success()", true), CreateStep(TaskResult.Failed, "always()", true) }
|
||||
};
|
||||
foreach (var variableSet in variableSets)
|
||||
{
|
||||
@@ -139,12 +133,12 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
{
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Failed, "success()"), CreateStep(hc, TaskResult.Succeeded, "success()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Failed, "success()"), CreateStep(TaskResult.Succeeded, "success()") },
|
||||
Expected = false,
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Failed, "success()"), CreateStep(hc, TaskResult.Succeeded, "success() || failure()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Failed, "success()"), CreateStep(TaskResult.Succeeded, "success() || failure()") },
|
||||
Expected = true,
|
||||
},
|
||||
};
|
||||
@@ -178,27 +172,27 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
{
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Succeeded, "success()"), CreateStep(hc, TaskResult.Succeeded, "always()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Succeeded, "success()"), CreateStep(TaskResult.Succeeded, "always()") },
|
||||
Expected = TaskResult.Succeeded,
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Failed, "success()"), CreateStep(hc, TaskResult.Succeeded, "always()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Failed, "success()"), CreateStep(TaskResult.Succeeded, "always()") },
|
||||
Expected = TaskResult.Failed,
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Failed, "success()"), CreateStep(hc, TaskResult.Succeeded, "always()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Failed, "success()"), CreateStep(TaskResult.Succeeded, "always()") },
|
||||
Expected = TaskResult.Failed,
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Succeeded, "success()"), CreateStep(hc, TaskResult.Failed, "always()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Succeeded, "success()"), CreateStep(TaskResult.Failed, "always()") },
|
||||
Expected = TaskResult.Failed,
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Succeeded, "success()"), CreateStep(hc, TaskResult.Failed, "always()", true) },
|
||||
Steps = new[] { CreateStep(TaskResult.Succeeded, "success()"), CreateStep(TaskResult.Failed, "always()", true) },
|
||||
Expected = TaskResult.Succeeded,
|
||||
},
|
||||
};
|
||||
@@ -232,47 +226,47 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
{
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Failed, "success()"), CreateStep(hc, TaskResult.Succeeded, "success()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Failed, "success()"), CreateStep(TaskResult.Succeeded, "success()") },
|
||||
Expected = TaskResult.Failed
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Failed, "success()"), CreateStep(hc, TaskResult.Succeeded, "success() || failure()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Failed, "success()"), CreateStep(TaskResult.Succeeded, "success() || failure()") },
|
||||
Expected = TaskResult.Failed
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Failed, "success()"), CreateStep(hc, TaskResult.Succeeded, "always()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Failed, "success()"), CreateStep(TaskResult.Succeeded, "always()") },
|
||||
Expected = TaskResult.Failed
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Failed, "success()", continueOnError: true), CreateStep(hc, TaskResult.Failed, "success()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Failed, "success()", continueOnError: true), CreateStep(TaskResult.Failed, "success()") },
|
||||
Expected = TaskResult.Failed
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Failed, "success()", continueOnError: true), CreateStep(hc, TaskResult.Succeeded, "success()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Failed, "success()", continueOnError: true), CreateStep(TaskResult.Succeeded, "success()") },
|
||||
Expected = TaskResult.Succeeded
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Failed, "success()", continueOnError: true), CreateStep(hc, TaskResult.Failed, "success()", continueOnError: true) },
|
||||
Steps = new[] { CreateStep(TaskResult.Failed, "success()", continueOnError: true), CreateStep(TaskResult.Failed, "success()", continueOnError: true) },
|
||||
Expected = TaskResult.Succeeded
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Succeeded, "success() || failure()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Succeeded, "success() || failure()") },
|
||||
Expected = TaskResult.Succeeded
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Succeeded, "success()"), CreateStep(hc, TaskResult.Failed, "success()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Succeeded, "success()"), CreateStep(TaskResult.Failed, "success()") },
|
||||
Expected = TaskResult.Failed
|
||||
},
|
||||
new
|
||||
{
|
||||
Steps = new[] { CreateStep(hc, TaskResult.Succeeded, "success()"), CreateStep(hc, TaskResult.Succeeded, "success()") },
|
||||
Steps = new[] { CreateStep(TaskResult.Succeeded, "success()"), CreateStep(TaskResult.Succeeded, "success()") },
|
||||
Expected = TaskResult.Succeeded
|
||||
},
|
||||
// Abandoned
|
||||
@@ -310,17 +304,17 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
{
|
||||
new
|
||||
{
|
||||
Step = new[] { CreateStep(hc, TaskResult.Failed, "success()"), CreateStep(hc, TaskResult.Succeeded, "success()") },
|
||||
Step = new[] { CreateStep(TaskResult.Failed, "success()"), CreateStep(TaskResult.Succeeded, "success()") },
|
||||
Expected = false
|
||||
},
|
||||
new
|
||||
{
|
||||
Step = new[] { CreateStep(hc, TaskResult.Failed, "success()"), CreateStep(hc, TaskResult.Succeeded, "success() || failure()") },
|
||||
Step = new[] { CreateStep(TaskResult.Failed, "success()"), CreateStep(TaskResult.Succeeded, "success() || failure()") },
|
||||
Expected = true
|
||||
},
|
||||
new
|
||||
{
|
||||
Step = new[] { CreateStep(hc, TaskResult.Failed, "success()"), CreateStep(hc, TaskResult.Succeeded, "always()") },
|
||||
Step = new[] { CreateStep(TaskResult.Failed, "success()"), CreateStep(TaskResult.Succeeded, "always()") },
|
||||
Expected = true
|
||||
}
|
||||
};
|
||||
@@ -351,9 +345,9 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
// Arrange.
|
||||
var variableSets = new[]
|
||||
{
|
||||
new[] { CreateStep(hc, TaskResult.Succeeded, "success()"), CreateStep(hc, TaskResult.Succeeded, "always()") },
|
||||
new[] { CreateStep(hc, TaskResult.Failed, "success()"), CreateStep(hc, TaskResult.Succeeded, "always()") },
|
||||
new[] { CreateStep(hc, TaskResult.Canceled, "success()"), CreateStep(hc, TaskResult.Succeeded, "always()") }
|
||||
new[] { CreateStep(TaskResult.Succeeded, "success()"), CreateStep(TaskResult.Succeeded, "always()") },
|
||||
new[] { CreateStep(TaskResult.Failed, "success()"), CreateStep(TaskResult.Succeeded, "always()") },
|
||||
new[] { CreateStep(TaskResult.Canceled, "success()"), CreateStep(TaskResult.Succeeded, "always()") }
|
||||
};
|
||||
foreach (var variableSet in variableSets)
|
||||
{
|
||||
@@ -387,8 +381,8 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
// Arrange.
|
||||
var variableSets = new[]
|
||||
{
|
||||
new[] { CreateStep(hc, TaskResult.Succeeded, "success()") },
|
||||
new[] { CreateStep(hc, TaskResult.Succeeded, "success()") },
|
||||
new[] { CreateStep(TaskResult.Succeeded, "success()") },
|
||||
new[] { CreateStep(TaskResult.Succeeded, "success()") },
|
||||
};
|
||||
foreach (var variableSet in variableSets)
|
||||
{
|
||||
@@ -405,134 +399,18 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
[Trait("Level", "L0")]
|
||||
[Trait("Category", "Worker")]
|
||||
public async Task StepEnvOverrideJobEnvContext()
|
||||
{
|
||||
using (TestHostContext hc = CreateTestContext())
|
||||
{
|
||||
// Arrange.
|
||||
var env1 = new MappingToken(null, null, null);
|
||||
env1.Add(new StringToken(null, null, null, "env1"), new StringToken(null, null, null, "100"));
|
||||
env1.Add(new StringToken(null, null, null, "env2"), new BasicExpressionToken(null, null, null, "env.test"));
|
||||
var step1 = CreateStep(hc, TaskResult.Succeeded, "success()", env: env1);
|
||||
|
||||
_ec.Object.Result = null;
|
||||
|
||||
_ec.Setup(x => x.JobSteps).Returns(new Queue<IStep>(new[] { step1.Object }));
|
||||
|
||||
// Act.
|
||||
await _stepsRunner.RunAsync(jobContext: _ec.Object);
|
||||
|
||||
// Assert.
|
||||
Assert.Equal(TaskResult.Succeeded, _ec.Object.Result ?? TaskResult.Succeeded);
|
||||
|
||||
#if OS_WINDOWS
|
||||
Assert.Equal("100", _ec.Object.ExpressionValues["env"].AssertDictionary("env")["env1"].AssertString("100"));
|
||||
Assert.Equal("github_actions", _ec.Object.ExpressionValues["env"].AssertDictionary("env")["env2"].AssertString("github_actions"));
|
||||
#else
|
||||
Assert.Equal("100", _ec.Object.ExpressionValues["env"].AssertCaseSensitiveDictionary("env")["env1"].AssertString("100"));
|
||||
Assert.Equal("github_actions", _ec.Object.ExpressionValues["env"].AssertCaseSensitiveDictionary("env")["env2"].AssertString("github_actions"));
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
[Trait("Level", "L0")]
|
||||
[Trait("Category", "Worker")]
|
||||
public async Task PopulateEnvContextForEachStep()
|
||||
{
|
||||
using (TestHostContext hc = CreateTestContext())
|
||||
{
|
||||
// Arrange.
|
||||
var env1 = new MappingToken(null, null, null);
|
||||
env1.Add(new StringToken(null, null, null, "env1"), new StringToken(null, null, null, "100"));
|
||||
env1.Add(new StringToken(null, null, null, "env2"), new BasicExpressionToken(null, null, null, "env.test"));
|
||||
var step1 = CreateStep(hc, TaskResult.Succeeded, "success()", env: env1);
|
||||
|
||||
var env2 = new MappingToken(null, null, null);
|
||||
env2.Add(new StringToken(null, null, null, "env1"), new StringToken(null, null, null, "1000"));
|
||||
env2.Add(new StringToken(null, null, null, "env3"), new BasicExpressionToken(null, null, null, "env.test"));
|
||||
var step2 = CreateStep(hc, TaskResult.Succeeded, "success()", env: env2);
|
||||
|
||||
_ec.Object.Result = null;
|
||||
|
||||
_ec.Setup(x => x.JobSteps).Returns(new Queue<IStep>(new[] { step1.Object, step2.Object }));
|
||||
|
||||
// Act.
|
||||
await _stepsRunner.RunAsync(jobContext: _ec.Object);
|
||||
|
||||
// Assert.
|
||||
Assert.Equal(TaskResult.Succeeded, _ec.Object.Result ?? TaskResult.Succeeded);
|
||||
#if OS_WINDOWS
|
||||
Assert.Equal("1000", _ec.Object.ExpressionValues["env"].AssertDictionary("env")["env1"].AssertString("1000"));
|
||||
Assert.Equal("github_actions", _ec.Object.ExpressionValues["env"].AssertDictionary("env")["env3"].AssertString("github_actions"));
|
||||
Assert.False(_ec.Object.ExpressionValues["env"].AssertDictionary("env").ContainsKey("env2"));
|
||||
#else
|
||||
Assert.Equal("1000", _ec.Object.ExpressionValues["env"].AssertCaseSensitiveDictionary("env")["env1"].AssertString("1000"));
|
||||
Assert.Equal("github_actions", _ec.Object.ExpressionValues["env"].AssertCaseSensitiveDictionary("env")["env3"].AssertString("github_actions"));
|
||||
Assert.False(_ec.Object.ExpressionValues["env"].AssertCaseSensitiveDictionary("env").ContainsKey("env2"));
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
[Trait("Level", "L0")]
|
||||
[Trait("Category", "Worker")]
|
||||
public async Task PopulateEnvContextAfterSetupStepsContext()
|
||||
{
|
||||
using (TestHostContext hc = CreateTestContext())
|
||||
{
|
||||
// Arrange.
|
||||
var env1 = new MappingToken(null, null, null);
|
||||
env1.Add(new StringToken(null, null, null, "env1"), new StringToken(null, null, null, "100"));
|
||||
var step1 = CreateStep(hc, TaskResult.Succeeded, "success()", env: env1, name: "foo", setOutput: true);
|
||||
|
||||
var env2 = new MappingToken(null, null, null);
|
||||
env2.Add(new StringToken(null, null, null, "env1"), new StringToken(null, null, null, "1000"));
|
||||
env2.Add(new StringToken(null, null, null, "env2"), new BasicExpressionToken(null, null, null, "steps.foo.outputs.test"));
|
||||
var step2 = CreateStep(hc, TaskResult.Succeeded, "success()", env: env2);
|
||||
|
||||
_ec.Object.Result = null;
|
||||
|
||||
_ec.Setup(x => x.JobSteps).Returns(new Queue<IStep>(new[] { step1.Object, step2.Object }));
|
||||
|
||||
// Act.
|
||||
await _stepsRunner.RunAsync(jobContext: _ec.Object);
|
||||
|
||||
// Assert.
|
||||
Assert.Equal(TaskResult.Succeeded, _ec.Object.Result ?? TaskResult.Succeeded);
|
||||
#if OS_WINDOWS
|
||||
Assert.Equal("1000", _ec.Object.ExpressionValues["env"].AssertDictionary("env")["env1"].AssertString("1000"));
|
||||
Assert.Equal("something", _ec.Object.ExpressionValues["env"].AssertDictionary("env")["env2"].AssertString("something"));
|
||||
#else
|
||||
Assert.Equal("1000", _ec.Object.ExpressionValues["env"].AssertCaseSensitiveDictionary("env")["env1"].AssertString("1000"));
|
||||
Assert.Equal("something", _ec.Object.ExpressionValues["env"].AssertCaseSensitiveDictionary("env")["env2"].AssertString("something"));
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
private Mock<IActionRunner> CreateStep(TestHostContext hc, TaskResult result, string condition, Boolean continueOnError = false, MappingToken env = null, string name = "Test", bool setOutput = false)
|
||||
private Mock<IStep> CreateStep(TaskResult result, string condition, Boolean continueOnError = false)
|
||||
{
|
||||
// Setup the step.
|
||||
var step = new Mock<IActionRunner>();
|
||||
var step = new Mock<IStep>();
|
||||
step.Setup(x => x.Condition).Returns(condition);
|
||||
step.Setup(x => x.ContinueOnError).Returns(new BooleanToken(null, null, null, continueOnError));
|
||||
step.Setup(x => x.Action)
|
||||
.Returns(new DistributedTask.Pipelines.ActionStep()
|
||||
{
|
||||
Name = name,
|
||||
Id = Guid.NewGuid(),
|
||||
Environment = env
|
||||
});
|
||||
step.Setup(x => x.RunAsync()).Returns(Task.CompletedTask);
|
||||
|
||||
// Setup the step execution context.
|
||||
var stepContext = new Mock<IExecutionContext>();
|
||||
stepContext.SetupAllProperties();
|
||||
stepContext.Setup(x => x.WriteDebug).Returns(true);
|
||||
stepContext.Setup(x => x.Variables).Returns(_variables);
|
||||
stepContext.Setup(x => x.EnvironmentVariables).Returns(_env);
|
||||
stepContext.Setup(x => x.ExpressionValues).Returns(_contexts);
|
||||
stepContext.Setup(x => x.JobContext).Returns(_jobContext);
|
||||
stepContext.Setup(x => x.StepsContext).Returns(_stepContext);
|
||||
@@ -544,24 +422,13 @@ namespace GitHub.Runner.Common.Tests.Worker
|
||||
stepContext.Object.Result = r;
|
||||
}
|
||||
});
|
||||
var trace = hc.GetTrace();
|
||||
stepContext.Setup(x => x.Write(It.IsAny<string>(), It.IsAny<string>())).Callback((string tag, string message) => { trace.Info($"[{tag}]{message}"); });
|
||||
stepContext.Object.Result = result;
|
||||
step.Setup(x => x.ExecutionContext).Returns(stepContext.Object);
|
||||
|
||||
if (setOutput)
|
||||
{
|
||||
step.Setup(x => x.RunAsync()).Callback(() => { _stepContext.SetOutput(null, name, "test", "something", out string reference); }).Returns(Task.CompletedTask);
|
||||
}
|
||||
else
|
||||
{
|
||||
step.Setup(x => x.RunAsync()).Returns(Task.CompletedTask);
|
||||
}
|
||||
|
||||
return step;
|
||||
}
|
||||
|
||||
private string FormatSteps(IEnumerable<Mock<IActionRunner>> steps)
|
||||
private string FormatSteps(IEnumerable<Mock<IStep>> steps)
|
||||
{
|
||||
return String.Join(
|
||||
" ; ",
|
||||
|
||||
11
src/dev.cmd
11
src/dev.cmd
@@ -1,16 +1,5 @@
|
||||
@setlocal
|
||||
@echo off
|
||||
rem add expected utils to path
|
||||
IF EXIST C:\Program Files\Git\usr\bin (
|
||||
SET PATH=C:\Program Files\Git\usr\bin;%PATH%
|
||||
)
|
||||
IF EXIST C:\Program Files\Git\mingw64\bin (
|
||||
SET PATH=C:\Program Files\Git\mingw64\bin;%PATH%
|
||||
)
|
||||
IF EXIST C:\Program Files\Git\bin (
|
||||
SET PATH=C:\Program Files\Git\bin;%PATH%
|
||||
)
|
||||
|
||||
rem Check if SH_PATH is defined.
|
||||
if defined SH_PATH (
|
||||
goto run
|
||||
|
||||
@@ -1 +1 @@
|
||||
2.165.0
|
||||
2.164.0
|
||||
|
||||
Reference in New Issue
Block a user