diff --git a/README.md b/README.md index e74500d..a4f4c7f 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,6 @@ See also [download-artifact](https://github.com/actions/download-artifact). - [Breaking Changes](#breaking-changes) - [Usage](#usage) - [Inputs](#inputs) - - [Uploading the `.git` directory](#uploading-the-git-directory) - [Outputs](#outputs) - [Examples](#examples) - [Upload an Individual File](#upload-an-individual-file) @@ -65,7 +64,6 @@ There is also a new sub-action, `actions/upload-artifact/merge`. For more info, Due to how Artifacts are created in this new version, it is no longer possible to upload to the same named Artifact multiple times. You must either split the uploads into multiple Artifacts with different names, or only upload once. Otherwise you _will_ encounter an error. 3. Limit of Artifacts for an individual job. Each job in a workflow run now has a limit of 500 artifacts. -4. With `v4.4` and later, the `.git` directory is excluded by default. For assistance with breaking changes, see [MIGRATION.md](docs/MIGRATION.md). @@ -111,30 +109,6 @@ For assistance with breaking changes, see [MIGRATION.md](docs/MIGRATION.md). overwrite: ``` -#### Uploading the `.git` directory - -By default, files in a `.git` directory are ignored in the uploaded artifact. -This is intended to prevent accidentally uploading Git credentials into an artifact that could then -be extracted. -If files in the `.git` directory are needed, ensure that `actions/checkout` is being used with -`persist-credentials: false`. - -```yaml -jobs: - upload: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false # Ensure credentials are not saved in `.git/config` - - - uses: actions/upload-artifact@v4 - with: - path: . - include-git-directory: true -``` - ### Outputs | Name | Description | Example | diff --git a/__tests__/search.test.ts b/__tests__/search.test.ts index dd87efe..e0ab26d 100644 --- a/__tests__/search.test.ts +++ b/__tests__/search.test.ts @@ -61,12 +61,6 @@ const lonelyFilePath = path.join( 'lonely-file.txt' ) -const gitConfigPath = path.join(root, '.git', 'config') -const gitHeadPath = path.join(root, '.git', 'HEAD') - -const nestedGitConfigPath = path.join(root, 'repository-name', '.git', 'config') -const nestedGitHeadPath = path.join(root, 'repository-name', '.git', 'HEAD') - describe('Search', () => { beforeAll(async () => { // mock all output so that there is less noise when running tests @@ -99,11 +93,6 @@ describe('Search', () => { recursive: true }) - await fs.mkdir(path.join(root, '.git')) - await fs.mkdir(path.join(root, 'repository-name', '.git'), { - recursive: true - }) - await fs.writeFile(searchItem1Path, 'search item1 file') await fs.writeFile(searchItem2Path, 'search item2 file') await fs.writeFile(searchItem3Path, 'search item3 file') @@ -121,17 +110,9 @@ describe('Search', () => { await fs.writeFile(amazingFileInFolderHPath, 'amazing file') await fs.writeFile(lonelyFilePath, 'all by itself') - - await fs.writeFile(gitConfigPath, 'git config file') - await fs.writeFile(gitHeadPath, 'git head file') - await fs.writeFile(nestedGitConfigPath, 'nested git config file') - await fs.writeFile(nestedGitHeadPath, 'nested git head file') /* Directory structure of files that get created: root/ - .git/ - config - HEAD folder-a/ folder-b/ folder-c/ @@ -155,10 +136,6 @@ describe('Search', () => { folder-j/ folder-k/ lonely-file.txt - repository-name/ - .git/ - config - HEAD search-item5.txt */ }) @@ -375,18 +352,4 @@ describe('Search', () => { ) expect(searchResult.filesToUpload.includes(lonelyFilePath)).toEqual(true) }) - - it('Excludes .git directory by default', async () => { - const searchResult = await findFilesToUpload(root) - expect(searchResult.filesToUpload.length).toEqual(13) - expect(searchResult.filesToUpload).not.toContain(gitConfigPath) - }) - - it('Includes .git directory when includeGitDirectory is true', async () => { - const searchResult = await findFilesToUpload(root, { - includeGitDirectory: true - }) - expect(searchResult.filesToUpload.length).toEqual(17) - expect(searchResult.filesToUpload).toContain(gitConfigPath) - }) }) diff --git a/action.yml b/action.yml index 5108415..38d4fdc 100644 --- a/action.yml +++ b/action.yml @@ -40,9 +40,6 @@ inputs: If false, the action will fail if an artifact for the given name already exists. Does not fail if the artifact does not exist. default: 'false' - include-git-directory: - description: 'Include files in the .git directory in the artifact.' - default: 'false' outputs: artifact-id: diff --git a/dist/merge/index.js b/dist/merge/index.js index 0bb8ce1..c09bb45 100644 --- a/dist/merge/index.js +++ b/dist/merge/index.js @@ -125727,7 +125727,6 @@ var Inputs; Inputs["RetentionDays"] = "retention-days"; Inputs["CompressionLevel"] = "compression-level"; Inputs["DeleteMerged"] = "delete-merged"; - Inputs["IncludeGitDirectory"] = "include-git-directory"; })(Inputs = exports.Inputs || (exports.Inputs = {})); @@ -125811,15 +125810,13 @@ function getInputs() { const pattern = core.getInput(constants_1.Inputs.Pattern, { required: true }); const separateDirectories = core.getBooleanInput(constants_1.Inputs.SeparateDirectories); const deleteMerged = core.getBooleanInput(constants_1.Inputs.DeleteMerged); - const includeGitDirectory = core.getBooleanInput(constants_1.Inputs.IncludeGitDirectory); const inputs = { name, pattern, separateDirectories, deleteMerged, retentionDays: 0, - compressionLevel: 6, - includeGitDirectory + compressionLevel: 6 }; const retentionDaysStr = core.getInput(constants_1.Inputs.RetentionDays); if (retentionDaysStr) { @@ -125935,9 +125932,7 @@ function run() { if (typeof inputs.compressionLevel !== 'undefined') { options.compressionLevel = inputs.compressionLevel; } - const searchResult = yield (0, search_1.findFilesToUpload)(tmpDir, { - includeGitDirectory: inputs.includeGitDirectory - }); + const searchResult = yield (0, search_1.findFilesToUpload)(tmpDir); yield (0, upload_artifact_1.uploadArtifact)(inputs.name, searchResult.filesToUpload, searchResult.rootDirectory, options); core.info(`The ${artifacts.length} artifact(s) have been successfully merged!`); if (inputs.deleteMerged) { @@ -126062,10 +126057,10 @@ function getMultiPathLCA(searchPaths) { } return path.join(...commonPaths); } -function findFilesToUpload(searchPath, searchOptions) { +function findFilesToUpload(searchPath, globOptions) { return __awaiter(this, void 0, void 0, function* () { const searchResults = []; - const globber = yield glob.create(searchPath, getDefaultGlobOptions()); + const globber = yield glob.create(searchPath, globOptions || getDefaultGlobOptions()); const rawSearchResults = yield globber.glob(); /* Files are saved with case insensitivity. Uploading both a.txt and A.txt will files to be overwritten @@ -126081,10 +126076,6 @@ function findFilesToUpload(searchPath, searchOptions) { // isDirectory() returns false for symlinks if using fs.lstat(), make sure to use fs.stat() instead if (!fileStats.isDirectory()) { (0, core_1.debug)(`File:${searchResult} was found using the provided searchPath`); - if (!(searchOptions === null || searchOptions === void 0 ? void 0 : searchOptions.includeGitDirectory) && inGitDirectory(searchResult)) { - (0, core_1.debug)(`Ignoring ${searchResult} because it is in the .git directory`); - continue; - } searchResults.push(searchResult); // detect any files that would be overwritten because of case insensitivity if (set.has(searchResult.toLowerCase())) { @@ -126126,16 +126117,6 @@ function findFilesToUpload(searchPath, searchOptions) { }); } exports.findFilesToUpload = findFilesToUpload; -function inGitDirectory(filePath) { - // The .git directory is a directory, so we need to check if the file path is a directory - // and if it is a .git directory - for (const part of filePath.split(path.sep)) { - if (part === '.git') { - return true; - } - } - return false; -} /***/ }), diff --git a/dist/upload/index.js b/dist/upload/index.js index 2a457be..b28794f 100644 --- a/dist/upload/index.js +++ b/dist/upload/index.js @@ -125815,10 +125815,10 @@ function getMultiPathLCA(searchPaths) { } return path.join(...commonPaths); } -function findFilesToUpload(searchPath, searchOptions) { +function findFilesToUpload(searchPath, globOptions) { return __awaiter(this, void 0, void 0, function* () { const searchResults = []; - const globber = yield glob.create(searchPath, getDefaultGlobOptions()); + const globber = yield glob.create(searchPath, globOptions || getDefaultGlobOptions()); const rawSearchResults = yield globber.glob(); /* Files are saved with case insensitivity. Uploading both a.txt and A.txt will files to be overwritten @@ -125834,10 +125834,6 @@ function findFilesToUpload(searchPath, searchOptions) { // isDirectory() returns false for symlinks if using fs.lstat(), make sure to use fs.stat() instead if (!fileStats.isDirectory()) { (0, core_1.debug)(`File:${searchResult} was found using the provided searchPath`); - if (!(searchOptions === null || searchOptions === void 0 ? void 0 : searchOptions.includeGitDirectory) && inGitDirectory(searchResult)) { - (0, core_1.debug)(`Ignoring ${searchResult} because it is in the .git directory`); - continue; - } searchResults.push(searchResult); // detect any files that would be overwritten because of case insensitivity if (set.has(searchResult.toLowerCase())) { @@ -125879,16 +125875,6 @@ function findFilesToUpload(searchPath, searchOptions) { }); } exports.findFilesToUpload = findFilesToUpload; -function inGitDirectory(filePath) { - // The .git directory is a directory, so we need to check if the file path is a directory - // and if it is a .git directory - for (const part of filePath.split(path.sep)) { - if (part === '.git') { - return true; - } - } - return false; -} /***/ }), @@ -125970,7 +125956,6 @@ var Inputs; Inputs["RetentionDays"] = "retention-days"; Inputs["CompressionLevel"] = "compression-level"; Inputs["Overwrite"] = "overwrite"; - Inputs["IncludeGitDirectory"] = "include-git-directory"; })(Inputs = exports.Inputs || (exports.Inputs = {})); var NoFileOptions; (function (NoFileOptions) { @@ -126068,7 +126053,6 @@ function getInputs() { const name = core.getInput(constants_1.Inputs.Name); const path = core.getInput(constants_1.Inputs.Path, { required: true }); const overwrite = core.getBooleanInput(constants_1.Inputs.Overwrite); - const includeGitDirectory = core.getBooleanInput(constants_1.Inputs.IncludeGitDirectory); const ifNoFilesFound = core.getInput(constants_1.Inputs.IfNoFilesFound); const noFileBehavior = constants_1.NoFileOptions[ifNoFilesFound]; if (!noFileBehavior) { @@ -126078,8 +126062,7 @@ function getInputs() { artifactName: name, searchPath: path, ifNoFilesFound: noFileBehavior, - overwrite: overwrite, - includeGitDirectory: includeGitDirectory + overwrite: overwrite }; const retentionDaysStr = core.getInput(constants_1.Inputs.RetentionDays); if (retentionDaysStr) { @@ -126168,9 +126151,7 @@ function deleteArtifactIfExists(artifactName) { function run() { return __awaiter(this, void 0, void 0, function* () { const inputs = (0, input_helper_1.getInputs)(); - const searchResult = yield (0, search_1.findFilesToUpload)(inputs.searchPath, { - includeGitDirectory: inputs.includeGitDirectory - }); + const searchResult = yield (0, search_1.findFilesToUpload)(inputs.searchPath); if (searchResult.filesToUpload.length === 0) { // No files were found, different use cases warrant different types of behavior if nothing is found switch (inputs.ifNoFilesFound) { diff --git a/docs/MIGRATION.md b/docs/MIGRATION.md index 8a68a50..1c656fc 100644 --- a/docs/MIGRATION.md +++ b/docs/MIGRATION.md @@ -207,41 +207,3 @@ jobs: ``` Note that this will download all artifacts to a temporary directory and reupload them as a single artifact. For more information on inputs and other use cases for `actions/upload-artifact/merge@v4`, see [the action documentation](../merge/README.md). - -## `.git` Directory - -By default, files in the `.git` directory are ignored to avoid unintentionally uploading -credentials. - -In versions of this action before `v4.4.0`, files in the `.git` directory were included by default. -If this directory is required, ensure credentials are not saved in `.git/config` and then -enable the `include-git-directory` input. - -```yaml -jobs: - upload: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Upload Artifact - uses: actions/upload-artifact@v3 - with: - path: . -``` - - -```diff -jobs: - upload: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 -+ with: -+ persist-credentials: false - - name: Upload Artifact -- uses: actions/upload-artifact@v3 -+ uses: actions/upload-artifact@v4 - with: - path: . -+ include-git-directory: true -``` \ No newline at end of file diff --git a/merge/README.md b/merge/README.md index a60ca2c..b2f390e 100644 --- a/merge/README.md +++ b/merge/README.md @@ -5,7 +5,6 @@ Merge multiple [Actions Artifacts](https://docs.github.com/en/actions/using-work - [`@actions/upload-artifact/merge`](#actionsupload-artifactmerge) - [Usage](#usage) - [Inputs](#inputs) - - [Uploading the `.git` directory](#uploading-the-git-directory) - [Outputs](#outputs) - [Examples](#examples) - [Combining all artifacts in a workflow run](#combining-all-artifacts-in-a-workflow-run) @@ -60,44 +59,6 @@ For most cases, this may not be the most efficient solution. See [the migration compression-level: ``` -#### Uploading the `.git` directory - -By default, files in a `.git` directory are ignored in the merged artifact. -This is intended to prevent accidentally uploading Git credentials into an artifact that could then -be extracted. -If files in the `.git` directory are needed, ensure that `actions/checkout` is being used with -`persist-credentials: false`. - -```yaml -jobs: - upload: - runs-on: ubuntu-latest - - strategy: - matrix: - foo: [a, b, c] - - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false # Ensure credentials are not saved in `.git/config` - - - name: Upload - uses: actions/upload-artifact@v4 - with: - name: my-artifact-${{ matrix.foo }} - path: . - include-git-directory: true - - merge: - runs-on: ubuntu-latest - - steps: - - uses: actions/upload-artifact/merge@v4 - with: - include-git-directory: true -``` - ### Outputs | Name | Description | Example | diff --git a/merge/action.yml b/merge/action.yml index eb25765..8d85864 100644 --- a/merge/action.yml +++ b/merge/action.yml @@ -36,9 +36,6 @@ inputs: If true, the artifacts that were merged will be deleted. If false, the artifacts will still exist. default: 'false' - include-git-directory: - description: 'Include files in the .git directory in the merged artifact.' - default: 'false' outputs: artifact-id: diff --git a/package.json b/package.json index 7219abe..8f51092 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "upload-artifact", - "version": "4.4.0", + "version": "4.3.6", "description": "Upload an Actions Artifact in a workflow run", "main": "dist/upload/index.js", "scripts": { diff --git a/src/merge/constants.ts b/src/merge/constants.ts index 1586f1c..8bc9539 100644 --- a/src/merge/constants.ts +++ b/src/merge/constants.ts @@ -5,6 +5,5 @@ export enum Inputs { SeparateDirectories = 'separate-directories', RetentionDays = 'retention-days', CompressionLevel = 'compression-level', - DeleteMerged = 'delete-merged', - IncludeGitDirectory = 'include-git-directory' + DeleteMerged = 'delete-merged' } diff --git a/src/merge/input-helper.ts b/src/merge/input-helper.ts index 521dd22..de53a2f 100644 --- a/src/merge/input-helper.ts +++ b/src/merge/input-helper.ts @@ -10,7 +10,6 @@ export function getInputs(): MergeInputs { const pattern = core.getInput(Inputs.Pattern, {required: true}) const separateDirectories = core.getBooleanInput(Inputs.SeparateDirectories) const deleteMerged = core.getBooleanInput(Inputs.DeleteMerged) - const includeGitDirectory = core.getBooleanInput(Inputs.IncludeGitDirectory) const inputs = { name, @@ -18,8 +17,7 @@ export function getInputs(): MergeInputs { separateDirectories, deleteMerged, retentionDays: 0, - compressionLevel: 6, - includeGitDirectory + compressionLevel: 6 } as MergeInputs const retentionDaysStr = core.getInput(Inputs.RetentionDays) diff --git a/src/merge/merge-artifacts.ts b/src/merge/merge-artifacts.ts index 768ebb3..b45ef9c 100644 --- a/src/merge/merge-artifacts.ts +++ b/src/merge/merge-artifacts.ts @@ -62,9 +62,7 @@ export async function run(): Promise { options.compressionLevel = inputs.compressionLevel } - const searchResult = await findFilesToUpload(tmpDir, { - includeGitDirectory: inputs.includeGitDirectory - }) + const searchResult = await findFilesToUpload(tmpDir) await uploadArtifact( inputs.name, diff --git a/src/merge/merge-inputs.ts b/src/merge/merge-inputs.ts index 5c0653c..def507a 100644 --- a/src/merge/merge-inputs.ts +++ b/src/merge/merge-inputs.ts @@ -30,9 +30,4 @@ export interface MergeInputs { * If false, the artifacts will be merged into the root of the destination. */ separateDirectories: boolean - - /** - * Include files in the `.git` directory in the artifact - */ - includeGitDirectory: boolean } diff --git a/src/shared/search.ts b/src/shared/search.ts index 5f8989c..bd80164 100644 --- a/src/shared/search.ts +++ b/src/shared/search.ts @@ -78,21 +78,15 @@ function getMultiPathLCA(searchPaths: string[]): string { return path.join(...commonPaths) } -export interface SearchOptions { - /** - * Indicates whether files in the .git directory should be included in the artifact - * - * @default false - */ - includeGitDirectory: boolean -} - export async function findFilesToUpload( searchPath: string, - searchOptions?: SearchOptions + globOptions?: glob.GlobOptions ): Promise { const searchResults: string[] = [] - const globber = await glob.create(searchPath, getDefaultGlobOptions()) + const globber = await glob.create( + searchPath, + globOptions || getDefaultGlobOptions() + ) const rawSearchResults: string[] = await globber.glob() /* @@ -110,12 +104,6 @@ export async function findFilesToUpload( // isDirectory() returns false for symlinks if using fs.lstat(), make sure to use fs.stat() instead if (!fileStats.isDirectory()) { debug(`File:${searchResult} was found using the provided searchPath`) - - if (!searchOptions?.includeGitDirectory && inGitDirectory(searchResult)) { - debug(`Ignoring ${searchResult} because it is in the .git directory`) - continue - } - searchResults.push(searchResult) // detect any files that would be overwritten because of case insensitivity @@ -167,15 +155,3 @@ export async function findFilesToUpload( rootDirectory: searchPaths[0] } } - -function inGitDirectory(filePath: string): boolean { - // The .git directory is a directory, so we need to check if the file path is a directory - // and if it is a .git directory - for (const part of filePath.split(path.sep)) { - if (part === '.git') { - return true - } - } - - return false -} diff --git a/src/upload/constants.ts b/src/upload/constants.ts index 71ec176..272f842 100644 --- a/src/upload/constants.ts +++ b/src/upload/constants.ts @@ -5,8 +5,7 @@ export enum Inputs { IfNoFilesFound = 'if-no-files-found', RetentionDays = 'retention-days', CompressionLevel = 'compression-level', - Overwrite = 'overwrite', - IncludeGitDirectory = 'include-git-directory' + Overwrite = 'overwrite' } export enum NoFileOptions { diff --git a/src/upload/input-helper.ts b/src/upload/input-helper.ts index d43c97f..3e24f25 100644 --- a/src/upload/input-helper.ts +++ b/src/upload/input-helper.ts @@ -9,7 +9,6 @@ export function getInputs(): UploadInputs { const name = core.getInput(Inputs.Name) const path = core.getInput(Inputs.Path, {required: true}) const overwrite = core.getBooleanInput(Inputs.Overwrite) - const includeGitDirectory = core.getBooleanInput(Inputs.IncludeGitDirectory) const ifNoFilesFound = core.getInput(Inputs.IfNoFilesFound) const noFileBehavior: NoFileOptions = NoFileOptions[ifNoFilesFound] @@ -28,8 +27,7 @@ export function getInputs(): UploadInputs { artifactName: name, searchPath: path, ifNoFilesFound: noFileBehavior, - overwrite: overwrite, - includeGitDirectory: includeGitDirectory + overwrite: overwrite } as UploadInputs const retentionDaysStr = core.getInput(Inputs.RetentionDays) diff --git a/src/upload/upload-artifact.ts b/src/upload/upload-artifact.ts index 045dd45..8c77543 100644 --- a/src/upload/upload-artifact.ts +++ b/src/upload/upload-artifact.ts @@ -24,9 +24,7 @@ async function deleteArtifactIfExists(artifactName: string): Promise { export async function run(): Promise { const inputs = getInputs() - const searchResult = await findFilesToUpload(inputs.searchPath, { - includeGitDirectory: inputs.includeGitDirectory - }) + const searchResult = await findFilesToUpload(inputs.searchPath) if (searchResult.filesToUpload.length === 0) { // No files were found, different use cases warrant different types of behavior if nothing is found switch (inputs.ifNoFilesFound) { diff --git a/src/upload/upload-inputs.ts b/src/upload/upload-inputs.ts index 9a60bb5..1e7a46f 100644 --- a/src/upload/upload-inputs.ts +++ b/src/upload/upload-inputs.ts @@ -30,9 +30,4 @@ export interface UploadInputs { * Whether or not to replace an existing artifact with the same name */ overwrite: boolean - - /** - * Include files in the `.git` directory in the artifact - */ - includeGitDirectory: boolean }