actions/create-pull-request
1
0
Fork 0
mirror of https://forgejo.stefka.eu/jiriks74/create-pull-request.git synced 2025-01-18 16:01:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: signed commits (v7) (#3057)

Browse source 
* Add support for signed commits (#3055)

* formatting

* fix eslint and lint errors

* shift setting the base to before the push

* sign commits by default for testing

* add debug lines

* read to buffer not string and use non-legacy method to base64

* debug payload without contents

* disable linter for debug code

* fix filepath when using path input

* try to fix head repo

* remove commented code

* Try refactor of file changes

* add tests for building file changes

* add build file changes test for binary files

* refactor graphql code into github helper class

* build file changes even when there is no diff

* add function to get commit detail

* fix format

* build branch commits

* use source mode for deleted files

* try rest api route

* fix check for branch existence

* force push

* try fix base tree

* debug commit verification

* debug commit verification

* fix format and cleanup

* add executable mode file to test

* limit blob creation concurrency

* only build commits when feature enabled

* remove unused code

* update readme link

* update docs for commit signing

* fix capital letter

* update docs

* add throttling

* set default back to false

* output head sha and verified status

* log outputs

* fix head sha output

* default the operation output to none

* output retryafter for secondary rate limit

* use separate client for branch and pull operations

* add maintainer-can-modify input

* rename git-token to branch-token

* fix branch token input

* remove deprecated env output

* update docs

* fix doc

* update docs

* build branch commits when there is a diff with the base

* check verification status of head commit when not known

* fix verified output when no commit signing is being used

* draft always-true

* convert to draft on branch updates when there is a diff with base

* update docs with blob size limit

* catch errors during blob creation for debugging

* parse empty commits

* pass base commit to push signed commits

* use parent commit details in create commit

* use parent tree for base_tree

* multipart tree creation

* update docs

* update readme about the permissions of the default token

* fix edge case where changes are partially merged

* add updating documentation

* fix typo

* update major version

---------

Co-authored-by: Ravi <1299606+rustycl0ck@users.noreply.github.com>
This commit is contained in:
Peter Evans 2024-09-03 08:54:12 +01:00 committed by GitHub
parent 0c2a66fe4a
commit 4320041ed3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
20 changed files with 32759 additions and 8594 deletions
Download patch file Download diff file Expand all files Collapse all files

215
src/github-helper.ts
View file

@ -1,10 +1,16 @@
import * as core from '@actions/core'
import {Inputs} from './create-pull-request'
import {Octokit, OctokitOptions} from './octokit-client'
import {Commit} from './git-command-manager'
import {Octokit, OctokitOptions, throttleOptions} from './octokit-client'
import pLimit from 'p-limit'
import * as utils from './utils'
const ERROR_PR_ALREADY_EXISTS = 'A pull request already exists for'
const ERROR_PR_REVIEW_TOKEN_SCOPE =
'Validation Failed: "Could not resolve to a node with the global id of'
const ERROR_PR_FORK_COLLAB = `Fork collab can't be granted by someone without permission`
const blobCreationLimit = pLimit(8)
interface Repository {
owner: string
@ -14,9 +20,24 @@ interface Repository {
interface Pull {
number: number
html_url: string
node_id: string
draft?: boolean
created: boolean
}
interface CommitResponse {
sha: string
tree: string
verified: boolean
}
type TreeObject = {
path: string
mode: '100644' | '100755' | '040000' | '160000' | '120000'
sha: string | null
type: 'blob'
}
export class GitHubHelper {
private octokit: InstanceType<typeof Octokit>
@ -30,6 +51,7 @@ export class GitHubHelper {
} else {
options.baseUrl = 'https://api.github.com'
}
options.throttle = throttleOptions
this.octokit = new Octokit(options)
}
@ -59,7 +81,8 @@ export class GitHubHelper {
head_repo: headRepository,
base: inputs.base,
body: inputs.body,
draft: inputs.draft
draft: inputs.draft.value,
maintainer_can_modify: inputs.maintainerCanModify
})
core.info(
`Created pull request #${pull.number} (${headBranch} => ${inputs.base})`
@ -67,13 +90,22 @@ export class GitHubHelper {
return {
number: pull.number,
html_url: pull.html_url,
node_id: pull.node_id,
draft: pull.draft,
created: true
}
} catch (e) {
if (
utils.getErrorMessage(e).includes(`A pull request already exists for`)
) {
const errorMessage = utils.getErrorMessage(e)
if (errorMessage.includes(ERROR_PR_ALREADY_EXISTS)) {
core.info(`A pull request already exists for ${headBranch}`)
} else if (errorMessage.includes(ERROR_PR_FORK_COLLAB)) {
core.warning(
'An attempt was made to create a pull request using a token that does not have write access to the head branch.'
)
core.warning(
`For this case, set input 'maintainer-can-modify' to 'false' to allow pull request creation.`
)
throw e
} else {
throw e
}
@ -100,6 +132,8 @@ export class GitHubHelper {
return {
number: pull.number,
html_url: pull.html_url,
node_id: pull.node_id,
draft: pull.draft,
created: false
}
}
@ -184,4 +218,175 @@ export class GitHubHelper {
return pull
}
async pushSignedCommits(
branchCommits: Commit[],
baseCommit: Commit,
repoPath: string,
branchRepository: string,
branch: string
): Promise<CommitResponse> {
let headCommit: CommitResponse = {
sha: baseCommit.sha,
tree: baseCommit.tree,
verified: false
}
for (const commit of branchCommits) {
headCommit = await this.createCommit(
commit,
headCommit,
repoPath,
branchRepository
)
}
await this.createOrUpdateRef(branchRepository, branch, headCommit.sha)
return headCommit
}
private async createCommit(
commit: Commit,
parentCommit: CommitResponse,
repoPath: string,
branchRepository: string
): Promise<CommitResponse> {
const repository = this.parseRepository(branchRepository)
// In the case of an empty commit, the tree references the parent's tree
let treeSha = parentCommit.tree
if (commit.changes.length > 0) {
core.info(`Creating tree objects for local commit ${commit.sha}`)
const treeObjects = await Promise.all(
commit.changes.map(async ({path, mode, status}) => {
let sha: string | null = null
if (status === 'A' || status === 'M') {
try {
const {data: blob} = await blobCreationLimit(() =>
this.octokit.rest.git.createBlob({
...repository,
content: utils.readFileBase64([repoPath, path]),
encoding: 'base64'
})
)
sha = blob.sha
} catch (error) {
core.error(
`Error creating blob for file '${path}': ${utils.getErrorMessage(error)}`
)
throw error
}
}
core.info(`Created blob for file '${path}'`)
return <TreeObject>{
path,
mode,
sha,
type: 'blob'
}
})
)
const chunkSize = 100
const chunkedTreeObjects: TreeObject[][] = Array.from(
{length: Math.ceil(treeObjects.length / chunkSize)},
(_, i) => treeObjects.slice(i * chunkSize, i * chunkSize + chunkSize)
)
core.info(`Creating tree for local commit ${commit.sha}`)
for (let i = 0; i < chunkedTreeObjects.length; i++) {
const {data: tree} = await this.octokit.rest.git.createTree({
...repository,
base_tree: treeSha,
tree: chunkedTreeObjects[i]
})
treeSha = tree.sha
if (chunkedTreeObjects.length > 1) {
core.info(
`Created tree ${treeSha} of multipart tree (${i + 1} of ${chunkedTreeObjects.length})`
)
}
}
core.info(`Created tree ${treeSha} for local commit ${commit.sha}`)
}
const {data: remoteCommit} = await this.octokit.rest.git.createCommit({
...repository,
parents: [parentCommit.sha],
tree: treeSha,
message: `${commit.subject}\n\n${commit.body}`
})
core.info(
`Created commit ${remoteCommit.sha} for local commit ${commit.sha}`
)
core.info(
`Commit verified: ${remoteCommit.verification.verified}; reason: ${remoteCommit.verification.reason}`
)
return {
sha: remoteCommit.sha,
tree: remoteCommit.tree.sha,
verified: remoteCommit.verification.verified
}
}
async getCommit(
sha: string,
branchRepository: string
): Promise<CommitResponse> {
const repository = this.parseRepository(branchRepository)
const {data: remoteCommit} = await this.octokit.rest.git.getCommit({
...repository,
commit_sha: sha
})
return {
sha: remoteCommit.sha,
tree: remoteCommit.tree.sha,
verified: remoteCommit.verification.verified
}
}
private async createOrUpdateRef(
branchRepository: string,
branch: string,
newHead: string
) {
const repository = this.parseRepository(branchRepository)
const branchExists = await this.octokit.rest.repos
.getBranch({
...repository,
branch: branch
})
.then(
() => true,
() => false
)
if (branchExists) {
core.info(`Branch ${branch} exists; Updating ref`)
await this.octokit.rest.git.updateRef({
...repository,
sha: newHead,
ref: `heads/${branch}`,
force: true
})
} else {
core.info(`Branch ${branch} does not exist; Creating ref`)
await this.octokit.rest.git.createRef({
...repository,
sha: newHead,
ref: `refs/heads/${branch}`
})
}
}
async convertToDraft(id: string): Promise<void> {
core.info(`Converting pull request to draft`)
await this.octokit.graphql({
query: `mutation($pullRequestId: ID!) {
convertPullRequestToDraft(input: {pullRequestId: $pullRequestId}) {
pullRequest {
isDraft
}
}
}`,
pullRequestId: id
})
}
}