Use GITHUB_SERVER_URL for authentication configuration (#926)

Signed-off-by: Christophe Bedard <[email protected]>

README.md

@@ -399,13 +399,16 @@ steps:
   - uses: ros-tooling/[email protected]
     with:
       package-name: my_package
-      # If there are no private dependencies, no need to create a PAT or add a secret
+      # If there are no private dependencies, use the default token, no need to create a PAT or add a secret
       import-token: ${{ secrets.GITHUB_TOKEN }}
       # If there are private dependencies (e.g., in a file provided through vcs-repo-file-url), a PAT is required
       import-token: ${{ secrets.REPO_TOKEN }}
       # ...
 ```
 
+Note that this currently only works for tokens for the GitHub server this action runs on.
+For example, it will not work with a token for a private repo on github.com when the action is running on an enterprise GitHub server.
+
 ### Skip `rosdep install`
 
 Include an option to bypass `rosdep install` for workflow that uses specific docker image and better control of dependencies. To check for missing dependencies within the workflow's image, user can run with `rosdep-check: true` flag.

action.yml

@@ -39,6 +39,7 @@ inputs:
       GitHub personal access token (PAT) to use to import the repository.
       Useful if the repo is private.
       The PAT should have the "repo" scope.
+      This currently only works for tokens for the GitHub server this action runs on.
     required: false
   package-name:
     description: |

dist/index.js

@@ -31084,32 +31084,35 @@ function run_throw() {
         if (isLinux) {
             options.env = Object.assign(Object.assign({}, options.env), { DEBIAN_FRONTEND: "noninteractive" });
         }
+        const githubServerUrl = process.env.GITHUB_SERVER_URL;
+        const gihubServerDomain = githubServerUrl.replace("https://", "");
         if (importToken !== "") {
             // Unset all local extraheader config entries possibly set by actions/checkout,
             // because local settings take precedence and the default token used by
             // actions/checkout might not have the right permissions for any/all repos
             yield execShellCommand([
-                `/usr/bin/git config --local --unset-all http.https://github.com/.extraheader || true`,
+                `/usr/bin/git config --local --unset-all http.https://${gihubServerDomain}/.extraheader || true`,
             ], options);
+            const gihubServerDomainRegex = gihubServerDomain.replace(".", String.raw `\.`);
             yield execShellCommand([
-                String.raw `/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader'` +
-                    ` && git config --local --unset-all 'http.https://github.com/.extraheader' || true`,
+                String.raw `/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/${gihubServerDomainRegex}\/\.extraheader'` +
+                    ` && git config --local --unset-all 'http.https://${gihubServerDomain}/.extraheader' || true`,
             ], options);
             // Use a global insteadof entry because local configs aren't observed by git clone
             yield execShellCommand([
-                `/usr/bin/git config --global url.https://x-access-token:${importToken}@github.com.insteadof 'https://github.com'`,
+                `/usr/bin/git config --global url.https://x-access-token:${importToken}@${gihubServerDomain}.insteadof 'https://${gihubServerDomain}'`,
             ], options);
             // same as last three comands but for ssh urls
             yield execShellCommand([
-                `/usr/bin/git config --local --unset-all git@github.com:.extraheader || true`,
+                `/usr/bin/git config --local --unset-all git@${gihubServerDomain}:.extraheader || true`,
             ], options);
             yield execShellCommand([
-                String.raw `/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'git@github\.com:.extraheader'` +
-                    ` && git config --local --unset-all 'git@github.com:.extraheader' || true`,
+                String.raw `/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'git@${gihubServerDomainRegex}:.extraheader'` +
+                    ` && git config --local --unset-all 'git@${gihubServerDomain}:.extraheader' || true`,
             ], options);
             // Use a global insteadof entry because local configs aren't observed by git clone (ssh)
             yield execShellCommand([
-                `/usr/bin/git config --global url.https://x-access-token:${importToken}@github.com/.insteadof 'git@github.com:'`,
+                `/usr/bin/git config --global url.https://x-access-token:${importToken}@${gihubServerDomain}/.insteadof 'git@${gihubServerDomain}:'`,
             ], options);
             if (core.isDebug()) {
                 yield execShellCommand([`/usr/bin/git config --list --show-origin || true`], options);
@@ -31159,7 +31162,6 @@ done`;
         // if ref is set this overrides anything calculated above
         commitRef = core.getInput("ref") || commitRef;
         const repoFilePath = path.join(rosWorkspaceDir, "package.repo");
-        const githubServerUrl = process.env.GITHUB_SERVER_URL;
         // Add a random string prefix to avoid naming collisions when checking out the test repository
         const randomStringPrefix = Math.random().toString(36).substring(2, 15);
         const repoFileContent = `repositories:
@@ -31275,7 +31277,7 @@ done`;
         if (importToken !== "") {
             // Unset config so that it doesn't leak to other actions
             yield execShellCommand([
-                `/usr/bin/git config --global --unset-all url.https://x-access-token:${importToken}@github.com.insteadof`,
+                `/usr/bin/git config --global --unset-all url.https://x-access-token:${importToken}@${gihubServerDomain}.insteadof`,
             ], options);
         }
     });

src/action-ros-ci.ts

@@ -519,48 +519,54 @@ async function run_throw(): Promise<void> {
 		};
 	}
 
+	const githubServerUrl = process.env.GITHUB_SERVER_URL as string;
+	const gihubServerDomain = githubServerUrl.replace("https://", "");
 	if (importToken !== "") {
 		// Unset all local extraheader config entries possibly set by actions/checkout,
 		// because local settings take precedence and the default token used by
 		// actions/checkout might not have the right permissions for any/all repos
 		await execShellCommand(
 			[
-				`/usr/bin/git config --local --unset-all http.https://github.com/.extraheader || true`,
+				`/usr/bin/git config --local --unset-all http.https://${gihubServerDomain}/.extraheader || true`,
 			],
 			options,
 		);
+		const gihubServerDomainRegex = gihubServerDomain.replace(
+			".",
+			String.raw`\.`,
+		);
 		await execShellCommand(
 			[
-				String.raw`/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader'` +
-					` && git config --local --unset-all 'http.https://github.com/.extraheader' || true`,
+				String.raw`/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/${gihubServerDomainRegex}\/\.extraheader'` +
+					` && git config --local --unset-all 'http.https://${gihubServerDomain}/.extraheader' || true`,
 			],
 			options,
 		);
 		// Use a global insteadof entry because local configs aren't observed by git clone
 		await execShellCommand(
 			[
-				`/usr/bin/git config --global url.https://x-access-token:${importToken}@github.com.insteadof 'https://github.com'`,
+				`/usr/bin/git config --global url.https://x-access-token:${importToken}@${gihubServerDomain}.insteadof 'https://${gihubServerDomain}'`,
 			],
 			options,
 		);
 		// same as last three comands but for ssh urls
 		await execShellCommand(
 			[
-				`/usr/bin/git config --local --unset-all git@github.com:.extraheader || true`,
+				`/usr/bin/git config --local --unset-all git@${gihubServerDomain}:.extraheader || true`,
 			],
 			options,
 		);
 		await execShellCommand(
 			[
-				String.raw`/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'git@github\.com:.extraheader'` +
-					` && git config --local --unset-all 'git@github.com:.extraheader' || true`,
+				String.raw`/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'git@${gihubServerDomainRegex}:.extraheader'` +
+					` && git config --local --unset-all 'git@${gihubServerDomain}:.extraheader' || true`,
 			],
 			options,
 		);
 		// Use a global insteadof entry because local configs aren't observed by git clone (ssh)
 		await execShellCommand(
 			[
-				`/usr/bin/git config --global url.https://x-access-token:${importToken}@github.com/.insteadof 'git@github.com:'`,
+				`/usr/bin/git config --global url.https://x-access-token:${importToken}@${gihubServerDomain}/.insteadof 'git@${gihubServerDomain}:'`,
 			],
 			options,
 		);
@@ -628,7 +634,6 @@ done`;
 	// if ref is set this overrides anything calculated above
 	commitRef = core.getInput("ref") || commitRef;
 	const repoFilePath = path.join(rosWorkspaceDir, "package.repo");
-	const githubServerUrl = process.env.GITHUB_SERVER_URL as string;
 	// Add a random string prefix to avoid naming collisions when checking out the test repository
 	const randomStringPrefix = Math.random().toString(36).substring(2, 15);
 	const repoFileContent = `repositories:
@@ -786,7 +791,7 @@ done`;
 		// Unset config so that it doesn't leak to other actions
 		await execShellCommand(
 			[
-				`/usr/bin/git config --global --unset-all url.https://x-access-token:${importToken}@github.com.insteadof`,
+				`/usr/bin/git config --global --unset-all url.https://x-access-token:${importToken}@${gihubServerDomain}.insteadof`,
 			],
 			options,
 		);