diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index f30c61fa8a..e263ce0fdd 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -28,7 +28,7 @@ Object.defineProperty(exports, "__esModule", { value: true }); * It will run after the all steps in this job, in reverse order in relation to * other `post:` hooks. */ -const fs = __importStar(require("fs")); +const artifact = __importStar(require("@actions/artifact")); const core = __importStar(require("@actions/core")); const actionsUtil = __importStar(require("./actions-util")); const configUtils = __importStar(require("./config-utils")); @@ -46,9 +46,18 @@ async function runWrapper() { const config = await configUtils.getConfig(actionsUtil.getTemporaryDirectory(), core); if ((config && config.debugMode) || core.isDebug()) { const logFilePath = core.getState("proxy-log-file"); - if (logFilePath) { - const readStream = fs.createReadStream(logFilePath); - readStream.pipe(process.stdout, { end: true }); + core.info("Debug mode is on. Uploading proxy log as Actions debugging artifact..."); + try { + await artifact + .create() + .uploadArtifact("proxy-log-file", [logFilePath], actionsUtil.getTemporaryDirectory(), { + continueOnError: true, + retentionDays: 7, + }); + } + catch (e) { + // A failure to upload debug artifacts should not fail the entire action. + core.warning(`Failed to upload debug artifacts: ${e}`); } } } diff --git a/lib/start-proxy-action-post.js.map b/lib/start-proxy-action-post.js.map index 83a05cb4e4..843ab52d08 100644 --- a/lib/start-proxy-action-post.js.map +++ b/lib/start-proxy-action-post.js.map @@ -1 +1 @@ -{"version":3,"file":"start-proxy-action-post.js","sourceRoot":"","sources":["../src/start-proxy-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,uCAAyB;AAEzB,oDAAsC;AAEtC,4DAA8C;AAC9C,4DAA8C;AAC9C,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAC/C,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,wCAAwC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CACnE,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CACxC,WAAW,CAAC,qBAAqB,EAAE,EACnC,IAAI,CACL,CAAC;IAEF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;QACnD,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QACpD,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,UAAU,GAAG,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YACpD,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"} \ No newline at end of file +{"version":3,"file":"start-proxy-action-post.js","sourceRoot":"","sources":["../src/start-proxy-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,4DAA8C;AAC9C,oDAAsC;AAEtC,4DAA8C;AAC9C,4DAA8C;AAC9C,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAC/C,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,wCAAwC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CACnE,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CACxC,WAAW,CAAC,qBAAqB,EAAE,EACnC,IAAI,CACL,CAAC;IAEF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;QACnD,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI,CACP,wEAAwE,CACzE,CAAC;QACF,IAAI,CAAC;YACH,MAAM,QAAQ;iBACX,MAAM,EAAE;iBACR,cAAc,CACb,gBAAgB,EAChB,CAAC,WAAW,CAAC,EACb,WAAW,CAAC,qBAAqB,EAAE,EACnC;gBACE,eAAe,EAAE,IAAI;gBACrB,aAAa,EAAE,CAAC;aACjB,CACF,CAAC;QACN,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,yEAAyE;YACzE,IAAI,CAAC,OAAO,CAAC,qCAAqC,CAAC,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"} \ No newline at end of file diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 43d0a49106..787d4864c9 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -29,6 +29,7 @@ const core = __importStar(require("@actions/core")); const toolcache = __importStar(require("@actions/tool-cache")); const node_forge_1 = require("node-forge"); const actionsUtil = __importStar(require("./actions-util")); +const logging_1 = require("./logging"); const util = __importStar(require("./util")); const UPDATEJOB_PROXY = "update-job-proxy"; const UPDATEJOB_PROXY_VERSION = "v2.0.20240722180912"; @@ -79,40 +80,36 @@ function generateCertificateAuthority() { return { cert: pem, key }; } async function runWrapper() { + const logger = (0, logging_1.getActionsLogger)(); + // Setup logging for the proxy const tempDir = actionsUtil.getTemporaryDirectory(); - const logFilePath = path.resolve(tempDir, "proxy.log"); - const input = actionsUtil.getOptionalInput("registry_secrets") || "[]"; - const credentials = JSON.parse(input); + const proxyLogFilePath = path.resolve(tempDir, "proxy.log"); + core.saveState("proxy-log-file", proxyLogFilePath); + // Get the configuration options + const credentials = getCredentials(logger); + logger.info(`Credentials loaded for the following registries:\n ${credentials + .map((c) => credentialToStr(c)) + .join("\n")}`); const ca = generateCertificateAuthority(); - const proxy_password = actionsUtil.getOptionalInput("proxy_password"); - core.saveState("proxy-log-file", logFilePath); - let proxy_auth = undefined; - if (proxy_password) { - proxy_auth = { - username: PROXY_USER, - password: proxy_password, - }; - } + const proxyAuth = getProxyAuth(); const proxyConfig = { all_credentials: credentials, ca, - proxy_auth, + proxy_auth: proxyAuth, }; + // Start the Proxy + const proxyBin = await getProxyBinaryPath(); + await startProxy(proxyBin, proxyConfig, proxyLogFilePath, logger); +} +async function startProxy(binPath, config, logFilePath, logger) { const host = "127.0.0.1"; - let proxyBin = toolcache.find(UPDATEJOB_PROXY, UPDATEJOB_PROXY_VERSION); - if (!proxyBin) { - const temp = await toolcache.downloadTool(UPDATEJOB_PROXY_URL); - const extracted = await toolcache.extractTar(temp); - proxyBin = await toolcache.cacheDir(extracted, UPDATEJOB_PROXY, UPDATEJOB_PROXY_VERSION); - } - proxyBin = path.join(proxyBin, UPDATEJOB_PROXY); let port = 49152; try { let subprocess = undefined; let tries = 5; let subprocessError = undefined; while (tries-- > 0 && !subprocess && !subprocessError) { - subprocess = (0, child_process_1.spawn)(proxyBin, ["-addr", `${host}:${port}`, "-config", "-", "-logfile", logFilePath], { + subprocess = (0, child_process_1.spawn)(binPath, ["-addr", `${host}:${port}`, "-config", "-", "-logfile", logFilePath], { detached: true, stdio: ["pipe", "ignore", "ignore"], }); @@ -130,7 +127,7 @@ async function runWrapper() { subprocess = undefined; } }); - subprocess.stdin?.write(JSON.stringify(proxyConfig)); + subprocess.stdin?.write(JSON.stringify(config)); subprocess.stdin?.end(); // Wait a little to allow the proxy to start await util.delay(1000); @@ -139,14 +136,75 @@ async function runWrapper() { // eslint-disable-next-line @typescript-eslint/only-throw-error throw subprocessError; } - core.info(`Proxy started on ${host}:${port}`); + logger.info(`Proxy started on ${host}:${port}`); core.setOutput("proxy_host", host); core.setOutput("proxy_port", port.toString()); - core.setOutput("proxy_ca_certificate", ca.cert); + core.setOutput("proxy_ca_certificate", config.ca.cert); } catch (error) { core.setFailed(`start-proxy action failed: ${util.wrapError(error).message}`); } } +// getCredentials returns registry credentials from action inputs. +// It prefers `registries_credentials` over `registry_secrets`. +// If neither is set, it returns an empty array. +function getCredentials(logger) { + const registriesCredentials = actionsUtil.getOptionalInput("registries_credentials"); + const registrySecrets = actionsUtil.getOptionalInput("registry_secrets"); + let credentialsStr; + if (registriesCredentials !== undefined) { + logger.info(`Using registries_credentials input.`); + credentialsStr = Buffer.from(registriesCredentials, "base64").toString(); + } + else if (registrySecrets !== undefined) { + logger.info(`Using registry_secrets input.`); + credentialsStr = registrySecrets; + } + else { + logger.info(`No credentials defined.`); + return []; + } + // Parse and validate the credentials + const parsed = JSON.parse(credentialsStr); + const out = []; + for (const e of parsed) { + if (e.url === undefined && e.host === undefined) { + throw new Error("Invalid credentials - must specify host or url"); + } + out.push({ + type: e.type, + host: e.host, + url: e.url, + username: e.username, + password: e.password, + token: e.token, + }); + } + return out; +} +// getProxyAuth returns the authentication information for the proxy itself. +function getProxyAuth() { + const proxy_password = actionsUtil.getOptionalInput("proxy_password"); + if (proxy_password) { + return { + username: PROXY_USER, + password: proxy_password, + }; + } + return; +} +async function getProxyBinaryPath() { + let proxyBin = toolcache.find(UPDATEJOB_PROXY, UPDATEJOB_PROXY_VERSION); + if (!proxyBin) { + const temp = await toolcache.downloadTool(UPDATEJOB_PROXY_URL); + const extracted = await toolcache.extractTar(temp); + proxyBin = await toolcache.cacheDir(extracted, UPDATEJOB_PROXY, UPDATEJOB_PROXY_VERSION); + } + proxyBin = path.join(proxyBin, UPDATEJOB_PROXY); + return proxyBin; +} +function credentialToStr(c) { + return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${c.username}; Password: ${c.password !== undefined}; Token: ${c.token !== undefined}`; +} void runWrapper(); //# sourceMappingURL=start-proxy-action.js.map \ No newline at end of file diff --git a/lib/start-proxy-action.js.map b/lib/start-proxy-action.js.map index 00cfd13f25..1069d6b46f 100644 --- a/lib/start-proxy-action.js.map +++ b/lib/start-proxy-action.js.map @@ -1 +1 @@ -{"version":3,"file":"start-proxy-action.js","sourceRoot":"","sources":["../src/start-proxy-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAoD;AACpD,2CAA6B;AAE7B,oDAAsC;AACtC,+DAAiD;AACjD,2CAAiC;AAEjC,4DAA8C;AAC9C,6CAA+B;AAE/B,MAAM,eAAe,GAAG,kBAAkB,CAAC;AAC3C,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AACtD,MAAM,mBAAmB,GACvB,yGAAyG,CAAC;AAC5G,MAAM,UAAU,GAAG,YAAY,CAAC;AAChC,MAAM,QAAQ,GAAG,IAAI,CAAC;AACtB,MAAM,gBAAgB,GAAG,CAAC,CAAC;AA0B3B,MAAM,YAAY,GAAG;IACnB;QACE,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,wBAAwB;KAChC;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE,aAAa;KACrB;IACD;QACE,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,YAAY;KACpB;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,IAAI;KACZ;IACD;QACE,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,YAAY;KACpB;IACD;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,eAAe;KACvB;CACF,CAAC;AAEF,SAAS,4BAA4B;IACnC,MAAM,IAAI,GAAG,gBAAG,CAAC,GAAG,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,gBAAG,CAAC,iBAAiB,EAAE,CAAC;IACrC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IAChC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IACzB,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAChC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,gBAAgB,CACzD,CAAC;IAEF,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IAC9B,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC7B,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAE3B,MAAM,GAAG,GAAG,gBAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,gBAAG,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,MAAM,OAAO,GAAG,WAAW,CAAC,qBAAqB,EAAE,CAAC;IACpD,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,WAAW,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,IAAI,IAAI,CAAC;IACvE,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAiB,CAAC;IACtD,MAAM,EAAE,GAAG,4BAA4B,EAAE,CAAC;IAC1C,MAAM,cAAc,GAAG,WAAW,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,CAAC;IACtE,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;IAE9C,IAAI,UAAU,GAAqC,SAAS,CAAC;IAC7D,IAAI,cAAc,EAAE,CAAC;QACnB,UAAU,GAAG;YACX,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,cAAc;SACzB,CAAC;IACJ,CAAC;IACD,MAAM,WAAW,GAAgB;QAC/B,eAAe,EAAE,WAAW;QAC5B,EAAE;QACF,UAAU;KACX,CAAC;IACF,MAAM,IAAI,GAAG,WAAW,CAAC;IACzB,IAAI,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,eAAe,EAAE,uBAAuB,CAAC,CAAC;IACxE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACnD,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CACjC,SAAS,EACT,eAAe,EACf,uBAAuB,CACxB,CAAC;IACJ,CAAC;IACD,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAChD,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,UAAU,GAA6B,SAAS,CAAC;QACrD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,eAAe,GAAsB,SAAS,CAAC;QACnD,OAAO,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,eAAe,EAAE,CAAC;YACtD,UAAU,GAAG,IAAA,qBAAK,EAChB,QAAQ,EACR,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,WAAW,CAAC,EACrE;gBACE,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC;aACpC,CACF,CAAC;YACF,UAAU,CAAC,KAAK,EAAE,CAAC;YACnB,IAAI,UAAU,CAAC,GAAG,EAAE,CAAC;gBACnB,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;YAC3D,CAAC;YACD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC/B,eAAe,GAAG,KAAK,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC7B,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,6FAA6F;oBAC7F,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC;oBAC3D,UAAU,GAAG,SAAS,CAAC;gBACzB,CAAC;YACH,CAAC,CAAC,CAAC;YACH,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;YACrD,UAAU,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC;YACxB,4CAA4C;YAC5C,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,eAAe,EAAE,CAAC;YACpB,+DAA+D;YAC/D,MAAM,eAAe,CAAC;QACxB,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,oBAAoB,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,8BAA8B,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC9D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"} \ No newline at end of file +{"version":3,"file":"start-proxy-action.js","sourceRoot":"","sources":["../src/start-proxy-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAoD;AACpD,2CAA6B;AAE7B,oDAAsC;AACtC,+DAAiD;AACjD,2CAAiC;AAEjC,4DAA8C;AAC9C,uCAAqD;AACrD,6CAA+B;AAE/B,MAAM,eAAe,GAAG,kBAAkB,CAAC;AAC3C,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AACtD,MAAM,mBAAmB,GACvB,yGAAyG,CAAC;AAC5G,MAAM,UAAU,GAAG,YAAY,CAAC;AAChC,MAAM,QAAQ,GAAG,IAAI,CAAC;AACtB,MAAM,gBAAgB,GAAG,CAAC,CAAC;AA2B3B,MAAM,YAAY,GAAG;IACnB;QACE,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,wBAAwB;KAChC;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE,aAAa;KACrB;IACD;QACE,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,YAAY;KACpB;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,IAAI;KACZ;IACD;QACE,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,YAAY;KACpB;IACD;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,eAAe;KACvB;CACF,CAAC;AAEF,SAAS,4BAA4B;IACnC,MAAM,IAAI,GAAG,gBAAG,CAAC,GAAG,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,gBAAG,CAAC,iBAAiB,EAAE,CAAC;IACrC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IAChC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IACzB,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAChC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,gBAAgB,CACzD,CAAC;IAEF,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IAC9B,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC7B,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAE3B,MAAM,GAAG,GAAG,gBAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,gBAAG,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,8BAA8B;IAC9B,MAAM,OAAO,GAAG,WAAW,CAAC,qBAAqB,EAAE,CAAC;IACpD,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAC5D,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAC;IAEnD,gCAAgC;IAChC,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,CAAC,IAAI,CACT,sDAAsD,WAAW;SAC9D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;SAC9B,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;IAEF,MAAM,EAAE,GAAG,4BAA4B,EAAE,CAAC;IAC1C,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IAEjC,MAAM,WAAW,GAAgB;QAC/B,eAAe,EAAE,WAAW;QAC5B,EAAE;QACF,UAAU,EAAE,SAAS;KACtB,CAAC;IAEF,kBAAkB;IAClB,MAAM,QAAQ,GAAG,MAAM,kBAAkB,EAAE,CAAC;IAC5C,MAAM,UAAU,CAAC,QAAQ,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC;AACpE,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,OAAe,EACf,MAAmB,EACnB,WAAmB,EACnB,MAAc;IAEd,MAAM,IAAI,GAAG,WAAW,CAAC;IACzB,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,UAAU,GAA6B,SAAS,CAAC;QACrD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,eAAe,GAAsB,SAAS,CAAC;QACnD,OAAO,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,eAAe,EAAE,CAAC;YACtD,UAAU,GAAG,IAAA,qBAAK,EAChB,OAAO,EACP,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,WAAW,CAAC,EACrE;gBACE,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC;aACpC,CACF,CAAC;YACF,UAAU,CAAC,KAAK,EAAE,CAAC;YACnB,IAAI,UAAU,CAAC,GAAG,EAAE,CAAC;gBACnB,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;YAC3D,CAAC;YACD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC/B,eAAe,GAAG,KAAK,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC7B,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,6FAA6F;oBAC7F,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC;oBAC3D,UAAU,GAAG,SAAS,CAAC;gBACzB,CAAC;YACH,CAAC,CAAC,CAAC;YACH,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;YAChD,UAAU,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC;YACxB,4CAA4C;YAC5C,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,eAAe,EAAE,CAAC;YACpB,+DAA+D;YAC/D,MAAM,eAAe,CAAC;QACxB,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oBAAoB,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,8BAA8B,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC9D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAS,cAAc,CAAC,MAAc;IACpC,MAAM,qBAAqB,GAAG,WAAW,CAAC,gBAAgB,CACxD,wBAAwB,CACzB,CAAC;IACF,MAAM,eAAe,GAAG,WAAW,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IAEzE,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IAC1D,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QACD,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,4EAA4E;AAC5E,SAAS,YAAY;IACnB,MAAM,cAAc,GAAG,WAAW,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,CAAC;IACtE,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,cAAc;SACzB,CAAC;IACJ,CAAC;IACD,OAAO;AACT,CAAC;AAED,KAAK,UAAU,kBAAkB;IAC/B,IAAI,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,eAAe,EAAE,uBAAuB,CAAC,CAAC;IACxE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACnD,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CACjC,SAAS,EACT,eAAe,EACf,uBAAuB,CACxB,CAAC;IACJ,CAAC;IACD,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAChD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,CAAa;IACpC,OAAO,SAAS,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,GAAG,cACpD,CAAC,CAAC,QACJ,eAAe,CAAC,CAAC,QAAQ,KAAK,SAAS,YAAY,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;AAC7E,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"} \ No newline at end of file diff --git a/src/start-proxy-action-post.ts b/src/start-proxy-action-post.ts index f9e68819b7..1fe601e7d4 100644 --- a/src/start-proxy-action-post.ts +++ b/src/start-proxy-action-post.ts @@ -3,8 +3,7 @@ * It will run after the all steps in this job, in reverse order in relation to * other `post:` hooks. */ -import * as fs from "fs"; - +import * as artifact from "@actions/artifact"; import * as core from "@actions/core"; import * as actionsUtil from "./actions-util"; @@ -29,9 +28,24 @@ async function runWrapper() { if ((config && config.debugMode) || core.isDebug()) { const logFilePath = core.getState("proxy-log-file"); - if (logFilePath) { - const readStream = fs.createReadStream(logFilePath); - readStream.pipe(process.stdout, { end: true }); + core.info( + "Debug mode is on. Uploading proxy log as Actions debugging artifact...", + ); + try { + await artifact + .create() + .uploadArtifact( + "proxy-log-file", + [logFilePath], + actionsUtil.getTemporaryDirectory(), + { + continueOnError: true, + retentionDays: 7, + }, + ); + } catch (e) { + // A failure to upload debug artifacts should not fail the entire action. + core.warning(`Failed to upload debug artifacts: ${e}`); } } } diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index b494432541..f2ff5efc93 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -6,6 +6,7 @@ import * as toolcache from "@actions/tool-cache"; import { pki } from "node-forge"; import * as actionsUtil from "./actions-util"; +import { getActionsLogger, Logger } from "./logging"; import * as util from "./util"; const UPDATEJOB_PROXY = "update-job-proxy"; @@ -16,25 +17,26 @@ const PROXY_USER = "proxy_user"; const KEY_SIZE = 2048; const KEY_EXPIRY_YEARS = 2; -export type CertificateAuthority = { +type CertificateAuthority = { cert: string; key: string; }; -export type Credential = { +type Credential = { type: string; - host: string; + host?: string; + url?: string; username?: string; password?: string; token?: string; }; -export type BasicAuthCredentials = { +type BasicAuthCredentials = { username: string; password: string; }; -export type ProxyConfig = { +type ProxyConfig = { all_credentials: Credential[]; ca: CertificateAuthority; proxy_auth?: BasicAuthCredentials; @@ -89,38 +91,42 @@ function generateCertificateAuthority(): CertificateAuthority { } async function runWrapper() { + const logger = getActionsLogger(); + + // Setup logging for the proxy const tempDir = actionsUtil.getTemporaryDirectory(); - const logFilePath = path.resolve(tempDir, "proxy.log"); - const input = actionsUtil.getOptionalInput("registry_secrets") || "[]"; - const credentials = JSON.parse(input) as Credential[]; + const proxyLogFilePath = path.resolve(tempDir, "proxy.log"); + core.saveState("proxy-log-file", proxyLogFilePath); + + // Get the configuration options + const credentials = getCredentials(logger); + logger.info( + `Credentials loaded for the following registries:\n ${credentials + .map((c) => credentialToStr(c)) + .join("\n")}`, + ); + const ca = generateCertificateAuthority(); - const proxy_password = actionsUtil.getOptionalInput("proxy_password"); - core.saveState("proxy-log-file", logFilePath); + const proxyAuth = getProxyAuth(); - let proxy_auth: BasicAuthCredentials | undefined = undefined; - if (proxy_password) { - proxy_auth = { - username: PROXY_USER, - password: proxy_password, - }; - } const proxyConfig: ProxyConfig = { all_credentials: credentials, ca, - proxy_auth, + proxy_auth: proxyAuth, }; + + // Start the Proxy + const proxyBin = await getProxyBinaryPath(); + await startProxy(proxyBin, proxyConfig, proxyLogFilePath, logger); +} + +async function startProxy( + binPath: string, + config: ProxyConfig, + logFilePath: string, + logger: Logger, +) { const host = "127.0.0.1"; - let proxyBin = toolcache.find(UPDATEJOB_PROXY, UPDATEJOB_PROXY_VERSION); - if (!proxyBin) { - const temp = await toolcache.downloadTool(UPDATEJOB_PROXY_URL); - const extracted = await toolcache.extractTar(temp); - proxyBin = await toolcache.cacheDir( - extracted, - UPDATEJOB_PROXY, - UPDATEJOB_PROXY_VERSION, - ); - } - proxyBin = path.join(proxyBin, UPDATEJOB_PROXY); let port = 49152; try { let subprocess: ChildProcess | undefined = undefined; @@ -128,7 +134,7 @@ async function runWrapper() { let subprocessError: Error | undefined = undefined; while (tries-- > 0 && !subprocess && !subprocessError) { subprocess = spawn( - proxyBin, + binPath, ["-addr", `${host}:${port}`, "-config", "-", "-logfile", logFilePath], { detached: true, @@ -149,7 +155,7 @@ async function runWrapper() { subprocess = undefined; } }); - subprocess.stdin?.write(JSON.stringify(proxyConfig)); + subprocess.stdin?.write(JSON.stringify(config)); subprocess.stdin?.end(); // Wait a little to allow the proxy to start await util.delay(1000); @@ -158,10 +164,10 @@ async function runWrapper() { // eslint-disable-next-line @typescript-eslint/only-throw-error throw subprocessError; } - core.info(`Proxy started on ${host}:${port}`); + logger.info(`Proxy started on ${host}:${port}`); core.setOutput("proxy_host", host); core.setOutput("proxy_port", port.toString()); - core.setOutput("proxy_ca_certificate", ca.cert); + core.setOutput("proxy_ca_certificate", config.ca.cert); } catch (error) { core.setFailed( `start-proxy action failed: ${util.wrapError(error).message}`, @@ -169,4 +175,77 @@ async function runWrapper() { } } +// getCredentials returns registry credentials from action inputs. +// It prefers `registries_credentials` over `registry_secrets`. +// If neither is set, it returns an empty array. +function getCredentials(logger: Logger): Credential[] { + const registriesCredentials = actionsUtil.getOptionalInput( + "registries_credentials", + ); + const registrySecrets = actionsUtil.getOptionalInput("registry_secrets"); + + let credentialsStr: string; + if (registriesCredentials !== undefined) { + logger.info(`Using registries_credentials input.`); + credentialsStr = Buffer.from(registriesCredentials, "base64").toString(); + } else if (registrySecrets !== undefined) { + logger.info(`Using registry_secrets input.`); + credentialsStr = registrySecrets; + } else { + logger.info(`No credentials defined.`); + return []; + } + + // Parse and validate the credentials + const parsed = JSON.parse(credentialsStr) as Credential[]; + const out: Credential[] = []; + for (const e of parsed) { + if (e.url === undefined && e.host === undefined) { + throw new Error("Invalid credentials - must specify host or url"); + } + out.push({ + type: e.type, + host: e.host, + url: e.url, + username: e.username, + password: e.password, + token: e.token, + }); + } + return out; +} + +// getProxyAuth returns the authentication information for the proxy itself. +function getProxyAuth(): BasicAuthCredentials | undefined { + const proxy_password = actionsUtil.getOptionalInput("proxy_password"); + if (proxy_password) { + return { + username: PROXY_USER, + password: proxy_password, + }; + } + return; +} + +async function getProxyBinaryPath(): Promise { + let proxyBin = toolcache.find(UPDATEJOB_PROXY, UPDATEJOB_PROXY_VERSION); + if (!proxyBin) { + const temp = await toolcache.downloadTool(UPDATEJOB_PROXY_URL); + const extracted = await toolcache.extractTar(temp); + proxyBin = await toolcache.cacheDir( + extracted, + UPDATEJOB_PROXY, + UPDATEJOB_PROXY_VERSION, + ); + } + proxyBin = path.join(proxyBin, UPDATEJOB_PROXY); + return proxyBin; +} + +function credentialToStr(c: Credential): string { + return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${ + c.username + }; Password: ${c.password !== undefined}; Token: ${c.token !== undefined}`; +} + void runWrapper(); diff --git a/start-proxy/action.yml b/start-proxy/action.yml index bbebeeb5a5..5756bba479 100644 --- a/start-proxy/action.yml +++ b/start-proxy/action.yml @@ -1,11 +1,14 @@ name: "CodeQL: Start proxy" -description: "[Experimental] Start HTTP proxy server" +description: "[Experimental] Start HTTP proxy server. This action is for internal GitHub used only and will change without notice." author: "GitHub" inputs: registry_secrets: description: The URLs and credentials of package registries required: false default: "[]" + registries_credentials: + description: Base64 encoded JSON configuration for the URLs and credentials of the package registries + required: false proxy_password: required: false description: The password of the proxy