gradle/actions
1
0
Fork 0
mirror of https://github.com/gradle/actions.git synced 2025-04-19 01:09:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Ignore SSL certificate validation when fetching Develocity short-lived access token if develocity-allow-untrusted-server is enabled (#575)

Browse Source 
The request for a short lived access token fails if the server
certificate is self signed and `develocity-allow-untrusted-server` is
set to true.

I wasn't sure how to write a test for this since nock does not seem to
support mocking a ssl error response.
This commit is contained in:
Eric Haag 2025-03-13 09:54:21 -05:00 committed by GitHub
commit c1bdc4d73b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 32 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sources/src/develocity/build-scan.ts
View File

@ -28,7 +28,11 @@ export async function setup(config: BuildScanConfig): Promise<void> {
maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())
}
return setupToken(config.getDevelocityAccessKey(), config.getDevelocityTokenExpiry())
return setupToken(
config.getDevelocityAccessKey(),
config.getDevelocityAllowUntrustedServer(),
config.getDevelocityTokenExpiry()
)
}
function maybeExportVariable(variableName: string, value: unknown): void {

24
sources/src/develocity/short-lived-token.ts
View File

@ -3,11 +3,15 @@ import * as core from '@actions/core'
import {BuildScanConfig} from '../configuration'
import {recordDeprecation} from '../deprecation-collector'
export async function setupToken(develocityAccessKey: string, develocityTokenExpiry: string): Promise<void> {
export async function setupToken(
develocityAccessKey: string,
develocityAllowUntrustedServer: boolean | undefined,
develocityTokenExpiry: string
): Promise<void> {
if (develocityAccessKey) {
try {
core.debug('Fetching short-lived token...')
const tokens = await getToken(develocityAccessKey, develocityTokenExpiry)
const tokens = await getToken(develocityAccessKey, develocityAllowUntrustedServer, develocityTokenExpiry)
if (tokens != null && !tokens.isEmpty()) {
core.debug(`Got token(s), setting the access key env vars`)
const token = tokens.raw()
@ -41,10 +45,14 @@ function handleMissingAccessToken(): void {
}
}
export async function getToken(accessKey: string, expiry: string): Promise<DevelocityAccessCredentials | null> {
export async function getToken(
accessKey: string,
allowUntrustedServer: undefined | boolean,
expiry: string
): Promise<DevelocityAccessCredentials | null> {
const empty: Promise<DevelocityAccessCredentials | null> = new Promise(r => r(null))
const develocityAccessKey = DevelocityAccessCredentials.parse(accessKey)
const shortLivedTokenClient = new ShortLivedTokenClient()
const shortLivedTokenClient = new ShortLivedTokenClient(allowUntrustedServer)
if (develocityAccessKey == null) {
return empty
@ -67,10 +75,16 @@ export async function getToken(accessKey: string, expiry: string): Promise<Devel
}
class ShortLivedTokenClient {
httpc = new httpm.HttpClient('gradle/actions/setup-gradle')
httpc: httpm.HttpClient
maxRetries = 3
retryInterval = 1000
constructor(develocityAllowUntrustedServer: boolean | undefined) {
this.httpc = new httpm.HttpClient('gradle/actions/setup-gradle', undefined, {
ignoreSslError: develocityAllowUntrustedServer
})
}
async fetchToken(serverUrl: string, accessKey: HostnameAccessKey, expiry: string): Promise<HostnameAccessKey> {
const queryParams = expiry ? `?expiresInHours=${expiry}` : ''
const sanitizedServerUrl = !serverUrl.endsWith('/') ? `${serverUrl}/` : serverUrl

16
sources/test/jest/short-lived-token.test.ts
View File

@ -39,7 +39,7 @@ describe('short lived tokens', () => {
message: 'connect ECONNREFUSED 127.0.0.1:3333',
code: 'ECONNREFUSED'
})
await expect(getToken('localhost=key0', ''))
await expect(getToken('localhost=key0', false, ''))
.resolves
.toBeNull()
})
@ -50,14 +50,14 @@ describe('short lived tokens', () => {
.times(3)
.reply(500, 'Internal error')
expect.assertions(1)
await expect(getToken('dev=xyz', ''))
await expect(getToken('dev=xyz', false, ''))
.resolves
.toBeNull()
})
it('get short lived token returns null when access key is empty', async () => {
expect.assertions(1)
await expect(getToken('', ''))
await expect(getToken('', false, ''))
.resolves
.toBeNull()
})
@ -67,7 +67,7 @@ describe('short lived tokens', () => {
.post('/api/auth/token')
.reply(200, 'token')
expect.assertions(1)
await expect(getToken('dev=key1', ''))
await expect(getToken('dev=key1', false, ''))
.resolves
.toEqual({"keys": [{"hostname": "dev", "key": "token"}]})
})
@ -80,7 +80,7 @@ describe('short lived tokens', () => {
.post('/api/auth/token')
.reply(200, 'token2')
expect.assertions(1)
await expect(getToken('dev=key1;prod=key2', ''))
await expect(getToken('dev=key1;prod=key2', false, ''))
.resolves
.toEqual({"keys": [{"hostname": "dev", "key": "token1"}, {"hostname": "prod", "key": "token2"}]})
})
@ -97,7 +97,7 @@ describe('short lived tokens', () => {
.post('/api/auth/token')
.reply(200, 'token2')
expect.assertions(1)
await expect(getToken('dev=key1;bogus=key0;prod=key2', ''))
await expect(getToken('dev=key1;bogus=key0;prod=key2', false, ''))
.resolves
.toEqual({"keys": [{"hostname": "dev", "key": "token1"}, {"hostname": "prod", "key": "token2"}]})
})
@ -112,7 +112,7 @@ describe('short lived tokens', () => {
.times(3)
.reply(500, 'Internal Error')
expect.assertions(1)
await expect(getToken('dev=key1;bogus=key0', ''))
await expect(getToken('dev=key1;bogus=key0', false, ''))
.resolves
.toBeNull()
})
@ -122,7 +122,7 @@ describe('short lived tokens', () => {
.post('/api/auth/token?expiresInHours=4')
.reply(200, 'token')
expect.assertions(1)
await expect(getToken('dev=key1', '4'))
await expect(getToken('dev=key1', false, '4'))
.resolves
.toEqual({"keys": [{"hostname": "dev", "key": "token"}]})
})