From cef17760de240af6d67fc59739c2be585e090037 Mon Sep 17 00:00:00 2001 From: Marco Ferrari Date: Fri, 21 Jun 2024 08:54:19 +0200 Subject: [PATCH] feat: configure github server url (#5792) Allow the configuration of the GitHub server URL, and add some validation rules that check for common misconfigurations. Close #5572 --- README.md | 3 +- lib/functions/githubDomain.sh | 20 ++++++++ lib/functions/validation.sh | 31 ++++++++++++ lib/linter.sh | 14 +++--- test/lib/validationTest.sh | 93 +++++++++++++++++++++++++++++++++++ 5 files changed, 152 insertions(+), 9 deletions(-) create mode 100755 lib/functions/githubDomain.sh diff --git a/README.md b/README.md index e68b193c..0910dac7 100644 --- a/README.md +++ b/README.md @@ -210,7 +210,8 @@ You can configure super-linter using the following environment variables: | **GITHUB_ACTIONS_CONFIG_FILE** | `actionlint.yml` | Filename for [Actionlint configuration](https://github.com/rhysd/actionlint/blob/main/docs/config.md) (ex: `actionlint.yml`) | | **GITHUB_ACTIONS_COMMAND_ARGS** | `null` | Additional arguments passed to `actionlint` command. Useful to [ignore some errors](https://github.com/rhysd/actionlint/blob/main/docs/usage.md#ignore-some-errors) | | **GITHUB_CUSTOM_API_URL** | `https://api.${GITHUB_DOMAIN}` | Specify a custom GitHub API URL in case GitHub Enterprise is used: e.g. `https://github.myenterprise.com/api/v3` | -| **GITHUB_DOMAIN** | `github.com` | Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. `github.myenterprise.com` | +| **GITHUB_CUSTOM_SERVER_URL** | `https://${GITHUB_DOMAIN}"` | Specify a custom GitHub server URL. Useful for GitHub Enterprise instances. | +| **GITHUB_DOMAIN** | `github.com` | Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. `github.myenterprise.com`. `GITHUB_DOMAIN` is a convenience configuration variable to automatically build `GITHUB_CUSTOM_API_URL` and `GITHUB_CUSTOM_SERVER_URL`. | | **GITLEAKS_CONFIG_FILE** | `.gitleaks.toml` | Filename for [GitLeaks configuration](https://github.com/zricethezav/gitleaks#configuration) (ex: `.gitleaks.toml`) | | **IGNORE_GENERATED_FILES** | `false` | If set to `true`, super-linter will ignore all the files with `@generated` marker but without `@not-generated` marker. | | **IGNORE_GITIGNORED_FILES** | `false` | If set to `true`, super-linter will ignore all the files that are ignored by Git. | diff --git a/lib/functions/githubDomain.sh b/lib/functions/githubDomain.sh new file mode 100755 index 00000000..10d62c48 --- /dev/null +++ b/lib/functions/githubDomain.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +DEFAULT_GITHUB_DOMAIN="github.com" +GITHUB_DOMAIN="${GITHUB_DOMAIN:-${DEFAULT_GITHUB_DOMAIN}}" +GITHUB_DOMAIN="${GITHUB_DOMAIN%/}" # Remove trailing slash if present + +# GitHub API root url +GITHUB_API_URL="${GITHUB_CUSTOM_API_URL:-"https://api.${GITHUB_DOMAIN}"}" +GITHUB_API_URL="${GITHUB_API_URL%/}" # Remove trailing slash if present + +# shellcheck disable=SC2034 # Variable is referenced indirectly +GITHUB_SERVER_URL="${GITHUB_CUSTOM_SERVER_URL:-"https://${GITHUB_DOMAIN}"}" +GITHUB_SERVER_URL="${GITHUB_SERVER_URL%/}" # Remove trailing slash if present + +# shellcheck disable=SC2034 # Variable is referenced indirectly +GITHUB_META_URL="${GITHUB_API_URL}/meta" + +debug "GitHub server URL: ${GITHUB_SERVER_URL}" +debug "GitHub API URL: ${GITHUB_API_URL}" +debug "GitHub meta URL: ${GITHUB_META_URL}" diff --git a/lib/functions/validation.sh b/lib/functions/validation.sh index 33c4f04b..1f68c52c 100755 --- a/lib/functions/validation.sh +++ b/lib/functions/validation.sh @@ -261,6 +261,37 @@ function CheckovConfigurationFileContainsDirectoryOption() { } export -f CheckovConfigurationFileContainsDirectoryOption +function ValidateGitHubUrls() { + if [[ -z "${DEFAULT_GITHUB_DOMAIN:-}" ]]; then + error "DEFAULT_GITHUB_DOMAIN is empty." + return 1 + fi + debug "Default GitHub domain: ${DEFAULT_GITHUB_DOMAIN}" + + if [[ -z "${GITHUB_DOMAIN:-}" ]]; then + error "GITHUB_DOMAIN is empty." + return 1 + fi + debug "GitHub domain: ${GITHUB_DOMAIN}" + + if [[ "${GITHUB_DOMAIN}" != "${DEFAULT_GITHUB_DOMAIN}" ]]; then + debug "GITHUB_DOMAIN (${GITHUB_DOMAIN}) is not set to the default GitHub domain (${DEFAULT_GITHUB_DOMAIN})" + + if [[ -n "${GITHUB_CUSTOM_API_URL:-}" || -n "${GITHUB_CUSTOM_SERVER_URL:-}" ]]; then + error "Cannot set GITHUB_DOMAIN (${GITHUB_DOMAIN}) along with GITHUB_CUSTOM_API_URL (${GITHUB_CUSTOM_API_URL:-}) or with GITHUB_CUSTOM_SERVER_URL (${GITHUB_CUSTOM_SERVER_URL:-})." + return 1 + fi + else + debug "GITHUB_DOMAIN (${GITHUB_DOMAIN}) is set to the default GitHub domain (${DEFAULT_GITHUB_DOMAIN})" + + if [[ -n "${GITHUB_CUSTOM_API_URL:-}" && -z "${GITHUB_CUSTOM_SERVER_URL:-}" ]] || + [[ -z "${GITHUB_CUSTOM_API_URL:-}" && -n "${GITHUB_CUSTOM_SERVER_URL:-}" ]]; then + error "Configure both GITHUB_CUSTOM_API_URL and GITHUB_CUSTOM_SERVER_URL. Current values: GITHUB_CUSTOM_API_URL: ${GITHUB_CUSTOM_API_URL:-}, GITHUB_CUSTOM_SERVER_URL: ${GITHUB_CUSTOM_SERVER_URL:-}" + return 1 + fi + fi +} + function WarnIfVariableIsSet() { local INPUT_VARIABLE="${1}" shift diff --git a/lib/linter.sh b/lib/linter.sh index 5a645716..56fdab46 100755 --- a/lib/linter.sh +++ b/lib/linter.sh @@ -29,6 +29,12 @@ source /action/lib/functions/worker.sh # Source the function script(s) source /action/lib/functions/setupSSH.sh # Source the function script(s) # shellcheck source=/dev/null source /action/lib/functions/githubEvent.sh +# shellcheck source=/dev/null +source /action/lib/functions/githubDomain.sh + +if ! ValidateGitHubUrls; then + fatal "GitHub URLs failed validation" +fi # We want a lowercase value declare -l RUN_LOCAL @@ -119,14 +125,6 @@ FILTER_REGEX_INCLUDE="${FILTER_REGEX_INCLUDE:-""}" export FILTER_REGEX_INCLUDE FILTER_REGEX_EXCLUDE="${FILTER_REGEX_EXCLUDE:-""}" export FILTER_REGEX_EXCLUDE -GITHUB_DOMAIN="${GITHUB_DOMAIN:-"github.com"}" -GITHUB_DOMAIN="${GITHUB_DOMAIN%/}" # Remove trailing slash if present -# GitHub API root url -GITHUB_API_URL="${GITHUB_CUSTOM_API_URL:-"https://api.${GITHUB_DOMAIN}"}" -GITHUB_API_URL="${GITHUB_API_URL%/}" # Remove trailing slash if present -GITHUB_SERVER_URL="https://${GITHUB_DOMAIN}" -# shellcheck disable=SC2034 # Variable is referenced indirectly -GITHUB_META_URL="${GITHUB_API_URL}/meta" LINTER_RULES_PATH="${LINTER_RULES_PATH:-.github/linters}" # Linter rules directory # shellcheck disable=SC2034 # Variable is referenced in other scripts RAW_FILE_ARRAY=() # Array of all files that were changed diff --git a/test/lib/validationTest.sh b/test/lib/validationTest.sh index ad3d8ce7..5fc6f52c 100755 --- a/test/lib/validationTest.sh +++ b/test/lib/validationTest.sh @@ -56,6 +56,99 @@ function ValidateDeprecatedVariablesTest() { notice "${FUNCTION_NAME} PASS" } +function ValidateGitHubUrlsTest() { + FUNCTION_NAME="${FUNCNAME[0]}" + + # shellcheck disable=SC2034 + DEFAULT_GITHUB_DOMAIN="github.com" + + # shellcheck disable=SC2034 + GITHUB_DOMAIN= + if ValidateGitHubUrls; then + fatal "Empty GITHUB_DOMAIN should have failed validation" + else + info "Empty GITHUB_DOMAIN passed validation" + fi + + # shellcheck disable=SC2034 + GITHUB_DOMAIN="github.example.com" + if ! ValidateGitHubUrls; then + fatal "${GITHUB_DOMAIN} should have passed validation" + else + info "${GITHUB_DOMAIN} passed validation" + fi + unset GITHUB_DOMAIN + + # shellcheck disable=SC2034 + GITHUB_DOMAIN="${DEFAULT_GITHUB_DOMAIN}" + if ! ValidateGitHubUrls; then + fatal "${GITHUB_DOMAIN} should have passed validation" + else + info "${GITHUB_DOMAIN} passed validation" + fi + unset GITHUB_DOMAIN + + GITHUB_DOMAIN="github.example.com" + # shellcheck disable=SC2034 + GITHUB_CUSTOM_API_URL="github.custom.api.url" + if ValidateGitHubUrls; then + fatal "${GITHUB_DOMAIN} and ${GITHUB_CUSTOM_API_URL} should have failed validation" + else + info "${GITHUB_DOMAIN} and ${GITHUB_CUSTOM_API_URL} failed validation as expected" + fi + unset GITHUB_DOMAIN + unset GITHUB_CUSTOM_API_URL + + # shellcheck disable=SC2034 + GITHUB_DOMAIN="github.example.com" + GITHUB_CUSTOM_SERVER_URL="github.custom.server.url" + if ValidateGitHubUrls; then + fatal "${GITHUB_DOMAIN} and ${GITHUB_CUSTOM_SERVER_URL} should have failed validation" + else + info "${GITHUB_DOMAIN} and ${GITHUB_CUSTOM_SERVER_URL} failed validation as expected" + fi + unset GITHUB_DOMAIN + unset GITHUB_CUSTOM_SERVER_URL + + # shellcheck disable=SC2034 + GITHUB_DOMAIN="${DEFAULT_GITHUB_DOMAIN}" + GITHUB_CUSTOM_API_URL="github.custom.api.url" + if ValidateGitHubUrls; then + fatal "${GITHUB_DOMAIN} and ${GITHUB_CUSTOM_API_URL} should have failed validation" + else + info "${GITHUB_DOMAIN} and ${GITHUB_CUSTOM_API_URL} failed validation as expected" + fi + unset GITHUB_DOMAIN + unset GITHUB_CUSTOM_API_URL + + # shellcheck disable=SC2034 + GITHUB_DOMAIN="${DEFAULT_GITHUB_DOMAIN}" + GITHUB_CUSTOM_SERVER_URL="github.custom.server.url" + if ValidateGitHubUrls; then + fatal "${GITHUB_DOMAIN} and ${GITHUB_CUSTOM_SERVER_URL} should have failed validation" + else + info "${GITHUB_DOMAIN} and ${GITHUB_CUSTOM_SERVER_URL} failed validation as expected" + fi + unset GITHUB_DOMAIN + unset GITHUB_CUSTOM_SERVER_URL + + # shellcheck disable=SC2034 + GITHUB_DOMAIN="${DEFAULT_GITHUB_DOMAIN}" + GITHUB_CUSTOM_API_URL="github.custom.api.url" + GITHUB_CUSTOM_SERVER_URL="github.custom.server.url" + if ! ValidateGitHubUrls; then + fatal "${GITHUB_DOMAIN}, ${GITHUB_CUSTOM_API_URL}, and ${GITHUB_CUSTOM_SERVER_URL} should have passed validation" + else + info "${GITHUB_DOMAIN}, ${GITHUB_CUSTOM_API_URL}, and ${GITHUB_CUSTOM_SERVER_URL} passed validation as expected" + fi + unset GITHUB_DOMAIN + unset GITHUB_CUSTOM_API_URL + unset GITHUB_CUSTOM_SERVER_URL + + notice "${FUNCTION_NAME} PASS" +} + IsUnsignedIntegerSuccessTest IsUnsignedIntegerFailureTest ValidateDeprecatedVariablesTest +ValidateGitHubUrlsTest