checkout submodules#173
Conversation
ericsciple
force-pushed
the
users/ericsciple/m166submodule_impl
branch
from
744fdac to
dbba4e3
Compare
| await git.remoteAdd('origin', repositoryUrl) | ||
| } | ||
| return | ||
| } |
There was a problem hiding this comment.
The diff looks pretty bad right here, even though mostly indention just changed.
I made the above if-block return to short circuit.
Since this function is basically a long sequence of git commands, i wanted to de-indent the below code one level so this overall function is a little bit easier to follow.
There was a problem hiding this comment.
I'll leave comments to call out what actually changed
| // Checkout | ||
| await git.checkout(checkoutInfo.ref, checkoutInfo.startPoint) | ||
|
|
||
| // Submodules |
There was a problem hiding this comment.
These additional submodule commands are the only thing that changed
| shell: bash | ||
| run: __test__/verify-lfs.sh | ||
|
|
||
| # Submodules false |
There was a problem hiding this comment.
i really love being able to e2e validate :)
| ).toBeGreaterThanOrEqual(0) | ||
| }) | ||
|
|
||
| const configuresAuthHeaderEvenWhenPersistCredentialsFalse = |
There was a problem hiding this comment.
this test got renamed to configureAuth_blahblah
| } | ||
| ) | ||
|
|
||
| const registersBasicCredentialAsSecret = |
There was a problem hiding this comment.
again, this test got renamed (prefixed)
| if (settings.submodules) { | ||
| try { | ||
| // Temporarily override global config | ||
| await authHelper.configureGlobalAuth() |
There was a problem hiding this comment.
Here's the trick for auth:
- Copy global git config to runner_temp
- Temporarily override $HOME to point to the temp folder (just during submodule commands)
- Add auth token to the global git config (under runner temp)
Spent forever trying to figure out how to do this securely. Here's the problems involved:
- Avoid passing creds on the command line due to customers commonly logging process audit events (dont want creds written to security event log).
- Avoid cred helper due to issue w/ apple git caching and not calling cred helper
- Submodules do not use the main repository's local git config, they have their own
- A submodule's local git config does not exist until
submodule updateis run (the fetch). So the trick we use when cloning the main repo isnt possible (git init, git remote add, git config auth, then finally git fetch).
| await this.execGit(args) | ||
| } | ||
|
|
||
| async submoduleUpdate(fetchDepth: number, recursive: boolean): Promise<void> { |
There was a problem hiding this comment.
add retry for submoduleUpdate
|
Hi. Is this PR targeting only the usecase from #166 or is it trying to bring more general submodule support back into checkout@v2? |
|
@timsnyder-siv the goal is to add general submodule support to checkout@v2 |
|
|
||
| // Persist credentials | ||
| if (settings.persistCredentials) { | ||
| await authHelper.configureSubmoduleAuth() |
There was a problem hiding this comment.
do we remove the cred during post-job cleanup?
There was a problem hiding this comment.
git-auth-helper.removeAuth() removes it
ericsciple
force-pushed
the
users/ericsciple/m166submodule_impl
branch
from
14250c9 to
3577377
Compare
Checkout action introduced number of improvements simplifying checkout of submodules and fetch of all history for all tags and branches: - actions/checkout#258 - actions/checkout#173
Checkout action introduced number of improvements simplifying checkout of submodules and fetch of all history for all tags and branches: - actions/checkout#258 - actions/checkout#173
3 participants
Add input to control whether to checkout submodules.
Related to ADR #157