diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..8b18d47 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,22 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + groups: + minor-actions-dependencies: + update-types: [minor, patch] + + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + allow: + - dependency-type: direct + - dependency-type: production diff --git a/.github/workflows/close-inactive-issues.yml b/.github/workflows/close-inactive-issues.yml index aea77e9..fe6d19f 100644 --- a/.github/workflows/close-inactive-issues.yml +++ b/.github/workflows/close-inactive-issues.yml @@ -10,7 +10,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v3 + - uses: actions/stale@v9 with: days-before-issue-stale: 200 days-before-issue-close: 5 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f699c5f..5c352e3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -17,11 +17,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 # Override language selection by uncommenting this and choosing your languages # with: # languages: go, javascript, csharp, python, cpp, java, ruby @@ -29,7 +29,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -43,4 +43,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index 2a53c19..5fd1dab 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -20,9 +20,9 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Node.js 20.x - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: 20.x cache: npm @@ -43,7 +43,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Generate files in working directory shell: bash run: __tests__/create-cache-files.sh ${{ runner.os }} test-cache @@ -66,7 +66,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Restore cache uses: ./ with: @@ -96,7 +96,7 @@ jobs: https_proxy: http://squid-proxy:3128 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Generate files run: __tests__/create-cache-files.sh proxy test-cache - name: Save cache @@ -119,7 +119,7 @@ jobs: https_proxy: http://squid-proxy:3128 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Restore cache uses: ./ with: diff --git a/RELEASES.md b/RELEASES.md index b490d02..3188c6b 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -1,9 +1,16 @@ # Releases +### 4.1.2 + +- Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - [#1474](https://github.com/actions/cache/pull/1474) +- Security fix: Bump braces from 3.0.2 to 3.0.3 - [#1475](https://github.com/actions/cache/pull/1475) + ### 4.1.1 + - Restore original behavior of `cache-hit` output - [#1467](https://github.com/actions/cache/pull/1467) ### 4.1.0 + - Ensure `cache-hit` output is set when a cache is missed - [#1404](https://github.com/actions/cache/pull/1404) - Deprecate `save-always` input - [#1452](https://github.com/actions/cache/pull/1452) diff --git a/__tests__/actionUtils.test.ts b/__tests__/actionUtils.test.ts index f98a76e..c2e6823 100644 --- a/__tests__/actionUtils.test.ts +++ b/__tests__/actionUtils.test.ts @@ -8,17 +8,26 @@ import * as testUtils from "../src/utils/testUtils"; jest.mock("@actions/core"); jest.mock("@actions/cache"); +let pristineEnv: NodeJS.ProcessEnv; + beforeAll(() => { + pristineEnv = process.env; jest.spyOn(core, "getInput").mockImplementation((name, options) => { return jest.requireActual("@actions/core").getInput(name, options); }); }); -afterEach(() => { +beforeEach(() => { + jest.resetModules(); + process.env = pristineEnv; delete process.env[Events.Key]; delete process.env[RefKey]; }); +afterAll(() => { + process.env = pristineEnv; +}); + test("isGhes returns true if server url is not github.com", () => { try { process.env["GITHUB_SERVER_URL"] = "http://example.com"; @@ -231,3 +240,28 @@ test("isCacheFeatureAvailable for ac disabled on dotcom", () => { delete process.env["GITHUB_SERVER_URL"]; } }); + +test("isGhes returns false when the GITHUB_SERVER_URL environment variable is not defined", async () => { + delete process.env["GITHUB_SERVER_URL"]; + expect(actionUtils.isGhes()).toBeFalsy(); +}); + +test("isGhes returns false when the GITHUB_SERVER_URL environment variable is set to github.com", async () => { + process.env["GITHUB_SERVER_URL"] = "https://github.com"; + expect(actionUtils.isGhes()).toBeFalsy(); +}); + +test("isGhes returns false when the GITHUB_SERVER_URL environment variable is set to a GitHub Enterprise Cloud-style URL", async () => { + process.env["GITHUB_SERVER_URL"] = "https://contoso.ghe.com"; + expect(actionUtils.isGhes()).toBeFalsy(); +}); + +test("isGhes returns false when the GITHUB_SERVER_URL environment variable has a .localhost suffix", async () => { + process.env["GITHUB_SERVER_URL"] = "https://mock-github.localhost"; + expect(actionUtils.isGhes()).toBeFalsy(); +}); + +test("isGhes returns true when the GITHUB_SERVER_URL environment variable is set to some other URL", async () => { + process.env["GITHUB_SERVER_URL"] = "https://src.onpremise.fabrikam.com"; + expect(actionUtils.isGhes()).toBeTruthy(); +}); diff --git a/dist/restore-only/index.js b/dist/restore-only/index.js index 6260e57..ccb230a 100644 --- a/dist/restore-only/index.js +++ b/dist/restore-only/index.js @@ -96707,7 +96707,11 @@ const core = __importStar(__nccwpck_require__(6811)); const constants_1 = __nccwpck_require__(9042); function isGhes() { const ghUrl = new URL(process.env["GITHUB_SERVER_URL"] || "https://github.com"); - return ghUrl.hostname.toUpperCase() !== "GITHUB.COM"; + const hostname = ghUrl.hostname.trimEnd().toUpperCase(); + const isGitHubHost = hostname === "GITHUB.COM"; + const isGitHubEnterpriseCloudHost = hostname.endsWith(".GHE.COM"); + const isLocalHost = hostname.endsWith(".LOCALHOST"); + return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost; } exports.isGhes = isGhes; function isExactKeyMatch(key, cacheKey) { diff --git a/dist/restore/index.js b/dist/restore/index.js index 83aab63..626886e 100644 --- a/dist/restore/index.js +++ b/dist/restore/index.js @@ -96707,7 +96707,11 @@ const core = __importStar(__nccwpck_require__(6811)); const constants_1 = __nccwpck_require__(9042); function isGhes() { const ghUrl = new URL(process.env["GITHUB_SERVER_URL"] || "https://github.com"); - return ghUrl.hostname.toUpperCase() !== "GITHUB.COM"; + const hostname = ghUrl.hostname.trimEnd().toUpperCase(); + const isGitHubHost = hostname === "GITHUB.COM"; + const isGitHubEnterpriseCloudHost = hostname.endsWith(".GHE.COM"); + const isLocalHost = hostname.endsWith(".LOCALHOST"); + return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost; } exports.isGhes = isGhes; function isExactKeyMatch(key, cacheKey) { diff --git a/dist/save-only/index.js b/dist/save-only/index.js index f08272f..f2e2cd3 100644 --- a/dist/save-only/index.js +++ b/dist/save-only/index.js @@ -96720,7 +96720,11 @@ const core = __importStar(__nccwpck_require__(6811)); const constants_1 = __nccwpck_require__(9042); function isGhes() { const ghUrl = new URL(process.env["GITHUB_SERVER_URL"] || "https://github.com"); - return ghUrl.hostname.toUpperCase() !== "GITHUB.COM"; + const hostname = ghUrl.hostname.trimEnd().toUpperCase(); + const isGitHubHost = hostname === "GITHUB.COM"; + const isGitHubEnterpriseCloudHost = hostname.endsWith(".GHE.COM"); + const isLocalHost = hostname.endsWith(".LOCALHOST"); + return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost; } exports.isGhes = isGhes; function isExactKeyMatch(key, cacheKey) { diff --git a/dist/save/index.js b/dist/save/index.js index b8f15bc..971c96b 100644 --- a/dist/save/index.js +++ b/dist/save/index.js @@ -96720,7 +96720,11 @@ const core = __importStar(__nccwpck_require__(6811)); const constants_1 = __nccwpck_require__(9042); function isGhes() { const ghUrl = new URL(process.env["GITHUB_SERVER_URL"] || "https://github.com"); - return ghUrl.hostname.toUpperCase() !== "GITHUB.COM"; + const hostname = ghUrl.hostname.trimEnd().toUpperCase(); + const isGitHubHost = hostname === "GITHUB.COM"; + const isGitHubEnterpriseCloudHost = hostname.endsWith(".GHE.COM"); + const isLocalHost = hostname.endsWith(".LOCALHOST"); + return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost; } exports.isGhes = isGhes; function isExactKeyMatch(key, cacheKey) { diff --git a/package-lock.json b/package-lock.json index a54c70e..730f28f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3255,12 +3255,12 @@ } }, "node_modules/braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dev": true, "dependencies": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" }, "engines": { "node": ">=8" @@ -4322,9 +4322,9 @@ } }, "node_modules/fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dev": true, "dependencies": { "to-regex-range": "^5.0.1" @@ -11619,12 +11619,12 @@ } }, "braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dev": true, "requires": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" } }, "browserslist": { @@ -12422,9 +12422,9 @@ } }, "fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dev": true, "requires": { "to-regex-range": "^5.0.1" diff --git a/package.json b/package.json index ff4474c..740317d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cache", - "version": "4.1.1", + "version": "4.1.2", "private": true, "description": "Cache dependencies and build outputs", "main": "dist/restore/index.js", diff --git a/src/utils/actionUtils.ts b/src/utils/actionUtils.ts index dc18fa4..260d4fd 100644 --- a/src/utils/actionUtils.ts +++ b/src/utils/actionUtils.ts @@ -7,7 +7,13 @@ export function isGhes(): boolean { const ghUrl = new URL( process.env["GITHUB_SERVER_URL"] || "https://github.com" ); - return ghUrl.hostname.toUpperCase() !== "GITHUB.COM"; + + const hostname = ghUrl.hostname.trimEnd().toUpperCase(); + const isGitHubHost = hostname === "GITHUB.COM"; + const isGitHubEnterpriseCloudHost = hostname.endsWith(".GHE.COM"); + const isLocalHost = hostname.endsWith(".LOCALHOST"); + + return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost; } export function isExactKeyMatch(key: string, cacheKey?: string): boolean {