Merge pull request #123 from peter-evans/dev

Authenticate with git extraheader

dist/src/create_pull_request.py

@@ -1,5 +1,6 @@
 #!/usr/bin/env python3
 """ Create Pull Request """
+import base64
 import common as cmn
 import create_or_update_branch as coub
 import create_or_update_pull_request as coupr
@@ -31,7 +32,7 @@ def get_git_config_value(repo, name):
         return None
 
 
-def get_repository_detail():
+def get_repository_detail(repo):
     remote_origin_url = get_git_config_value(repo, "remote.origin.url")
     if remote_origin_url is None:
         raise ValueError("Failed to fetch 'remote.origin.url' from git config")
@@ -116,9 +117,21 @@ repo = Repo(path)
 
 # Determine the GitHub repository from git config
 # This will be the target repository for the pull request
-repo_url, protocol, github_repository = get_repository_detail()
+repo_url, protocol, github_repository = get_repository_detail(repo)
 print(f"Target repository set to {github_repository}")
 
+if protocol == "HTTPS":
+    print(f"::debug::Using HTTPS protocol")
+    # Encode and configure the basic credential for HTTPS access
+    basic_credential = base64.b64encode(
+        f"x-access-token:{github_token}".encode("utf-8")
+    ).decode("utf-8")
+    # Mask the basic credential in logs and debug output
+    print(f"::add-mask::{basic_credential}")
+    repo.git.set_persistent_git_options(
+        c=f"http.https://github.com/.extraheader=AUTHORIZATION: basic {basic_credential}"
+    )
+
 # Determine if the checked out ref is a valid base for a pull request
 # The action needs the checked out HEAD ref to be a branch
 # This check will fail in the following cases:
@@ -174,11 +187,6 @@ except ValueError as e:
     print(f"::error::{e} " + "Unable to continue. Exiting.")
     sys.exit(1)
 
-# Set the auth token in the repo URL
-# This supports checkout@v1. From v2 the auth token is saved for further use.
-if protocol == "HTTPS":
-    repo_url = f"https://x-access-token:{github_token}@github.com/{github_repository}"
-
 # Create or update the pull request branch
 result = coub.create_or_update_branch(repo, repo_url, commit_message, base, branch)
 

dist/src/requirements.txt

@@ -1,2 +1,2 @@
-GitPython==3.0.7
+GitPython==3.0.8
 PyGithub==1.46

docs/concepts-guidelines.md

@@ -13,7 +13,7 @@ This document covers terminology, how the action works, general usage guidelines
 - [Advanced usage](#advanced-usage)
   - [Creating pull requests in a remote repository](#creating-pull-requests-in-a-remote-repository)
   - [Push using SSH (deploy keys)](#push-using-ssh-deploy-keys)
-  - [Using in an alpine linux container](#using-in-an-alpine-linux-container)
+  - [Running in a container](#running-in-a-container)
   - [Creating pull requests on tag push](#creating-pull-requests-on-tag-push)
 
 ## Terminology
@@ -158,7 +158,7 @@ Allowing the action to push with a configured deploy key will trigger `on: push`
 
 How to use SSH (deploy keys) with create-pull-request action:
 
-1. [Create an new SSH key pair](https://help.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key) for your repository. Do not set a passphrase.
+1. [Create a new SSH key pair](https://help.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key) for your repository. Do not set a passphrase.
 2. Copy the contents of the public key (.pub file) to a new repository [deploy key](https://developer.github.com/v3/guides/managing-deploy-keys/#deploy-keys) and check the box to "Allow write access."
 3. Add a secret to the repository containing the entire contents of the private key.
 4. As shown in the example steps below, use the [`webfactory/ssh-agent`](https://github.com/webfactory/ssh-agent) action to install the private key and clone your repository. Remember to checkout the `base` of your pull request if it's not the default branch, e.g. `git checkout my-branch`.
@@ -180,24 +180,49 @@ How to use SSH (deploy keys) with create-pull-request action:
           token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
-### Using in an alpine linux container
+### Running in a container
 
-This action can be run inside an Alpine Linux container by pre-installing the correct binaries for the action's dependencies.
+This action can be run inside a container by installing the action's dependencies either in the Docker image itself, or during the workflow.
 
-The following example workflow installs git and Python dependencies at the start of the job. You can also bake these dependencies into your own Alpine Docker image if you prefer. Note that git must be installed *before* running `actions/checkout`, otherwise it will just download the source of the repository instead of cloning it.
+The action requires `python3`, `pip3` and `git` to be installed and on the `PATH`.
 
+Note that `actions/checkout` requires Git 2.18 or higher to be installed, otherwise it will just download the source of the repository instead of cloning it.
+
+**Alpine container example:**
 ```yml
 jobs:
   createPullRequestAlpine:
     runs-on: ubuntu-latest
     container:
       image: alpine
+    steps:
+      - name: Install dependencies
+        run: apk --no-cache add git python3
+
+      - uses: actions/checkout@v2
+
+      # Make changes to pull request here
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+**Ubuntu container example:**
+```yml
+jobs:
+  createPullRequestAlpine:
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu
     steps:
       - name: Install dependencies
         run: |
-          apk --no-cache add git python3
-          ln -sf python3 /usr/bin/python
-          ln -sf pip3 /usr/bin/pip
+          apt-get update
+          apt-get install -y software-properties-common
+          add-apt-repository -y ppa:git-core/ppa
+          apt-get install -y python3 python3-pip git
 
       - uses: actions/checkout@v2
 

src/create_pull_request.py

@@ -1,5 +1,6 @@
 #!/usr/bin/env python3
 """ Create Pull Request """
+import base64
 import common as cmn
 import create_or_update_branch as coub
 import create_or_update_pull_request as coupr
@@ -31,7 +32,7 @@ def get_git_config_value(repo, name):
         return None
 
 
-def get_repository_detail():
+def get_repository_detail(repo):
     remote_origin_url = get_git_config_value(repo, "remote.origin.url")
     if remote_origin_url is None:
         raise ValueError("Failed to fetch 'remote.origin.url' from git config")
@@ -116,9 +117,21 @@ repo = Repo(path)
 
 # Determine the GitHub repository from git config
 # This will be the target repository for the pull request
-repo_url, protocol, github_repository = get_repository_detail()
+repo_url, protocol, github_repository = get_repository_detail(repo)
 print(f"Target repository set to {github_repository}")
 
+if protocol == "HTTPS":
+    print(f"::debug::Using HTTPS protocol")
+    # Encode and configure the basic credential for HTTPS access
+    basic_credential = base64.b64encode(
+        f"x-access-token:{github_token}".encode("utf-8")
+    ).decode("utf-8")
+    # Mask the basic credential in logs and debug output
+    print(f"::add-mask::{basic_credential}")
+    repo.git.set_persistent_git_options(
+        c=f"http.https://github.com/.extraheader=AUTHORIZATION: basic {basic_credential}"
+    )
+
 # Determine if the checked out ref is a valid base for a pull request
 # The action needs the checked out HEAD ref to be a branch
 # This check will fail in the following cases:
@@ -174,11 +187,6 @@ except ValueError as e:
     print(f"::error::{e} " + "Unable to continue. Exiting.")
     sys.exit(1)
 
-# Set the auth token in the repo URL
-# This supports checkout@v1. From v2 the auth token is saved for further use.
-if protocol == "HTTPS":
-    repo_url = f"https://x-access-token:{github_token}@github.com/{github_repository}"
-
 # Create or update the pull request branch
 result = coub.create_or_update_branch(repo, repo_url, commit_message, base, branch)
 

src/requirements.txt

@@ -1,2 +1,2 @@
-GitPython==3.0.7
+GitPython==3.0.8
 PyGithub==1.46