actions/checkout
1
0
Fork 0
mirror of https://github.com/actions/checkout.git synced 2025-10-14 22:36:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Persist creds to a separate file

Browse Source
This commit is contained in:
eric sciple
2025-10-13 21:48:22 +00:00
parent ff7abcd0c3
commit bcc5319a0b
4 changed files with 272 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
__test__/git-auth-helper.test.ts
View File

@@ -86,16 +86,29 @@ describe('git-auth-helper tests', () => {
// Act // Act
await authHelper.configureAuth() await authHelper.configureAuth()
// Assert config // Assert config - check that .git/config contains includeIf entries
const configContent = ( const localConfigContent = (
await fs.promises.readFile(localGitConfigPath) await fs.promises.readFile(localGitConfigPath)
).toString() ).toString()
expect(
localConfigContent.indexOf('includeIf.gitdir:')
).toBeGreaterThanOrEqual(0)
// Assert credentials config file contains the actual credentials
const credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
f => f.startsWith('git-credentials-') && f.endsWith('.config')
)
expect(credentialsFiles.length).toBe(1)
const credentialsConfigPath = path.join(runnerTemp, credentialsFiles[0])
const credentialsContent = (
await fs.promises.readFile(credentialsConfigPath)
).toString()
const basicCredential = Buffer.from( const basicCredential = Buffer.from(
`x-access-token:${settings.authToken}`, `x-access-token:${settings.authToken}`,
'utf8' 'utf8'
).toString('base64') ).toString('base64')
expect( expect(
configContent.indexOf( credentialsContent.indexOf(
`http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}` `http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}`
) )
).toBeGreaterThanOrEqual(0) ).toBeGreaterThanOrEqual(0)
@@ -120,7 +133,7 @@ describe('git-auth-helper tests', () => {
'inject https://github.com as github server url' 'inject https://github.com as github server url'
it(configureAuth_AcceptsGitHubServerUrlSetToGHEC, async () => { it(configureAuth_AcceptsGitHubServerUrlSetToGHEC, async () => {
await testAuthHeader( await testAuthHeader(
configureAuth_AcceptsGitHubServerUrl, configureAuth_AcceptsGitHubServerUrlSetToGHEC,
'https://github.com' 'https://github.com'
) )
}) })
@@ -141,12 +154,17 @@ describe('git-auth-helper tests', () => {
// Act // Act
await authHelper.configureAuth() await authHelper.configureAuth()
// Assert config // Assert config - check credentials config file (not local .git/config)
const configContent = ( const credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
await fs.promises.readFile(localGitConfigPath) f => f.startsWith('git-credentials-') && f.endsWith('.config')
)
expect(credentialsFiles.length).toBe(1)
const credentialsConfigPath = path.join(runnerTemp, credentialsFiles[0])
const credentialsContent = (
await fs.promises.readFile(credentialsConfigPath)
).toString() ).toString()
expect( expect(
configContent.indexOf( credentialsContent.indexOf(
`http.https://github.com/.extraheader AUTHORIZATION` `http.https://github.com/.extraheader AUTHORIZATION`
) )
).toBeGreaterThanOrEqual(0) ).toBeGreaterThanOrEqual(0)
@@ -251,13 +269,16 @@ describe('git-auth-helper tests', () => {
expectedSshCommand expectedSshCommand
) )
// Asserty git config // Assert git config
const gitConfigLines = (await fs.promises.readFile(localGitConfigPath)) const gitConfigLines = (await fs.promises.readFile(localGitConfigPath))
.toString() .toString()
.split('\n') .split('\n')
.filter(x => x) .filter(x => x)
expect(gitConfigLines).toHaveLength(1) // Should have includeIf entries pointing to credentials file
expect(gitConfigLines[0]).toMatch(/^http\./) expect(gitConfigLines.length).toBeGreaterThan(0)
expect(
gitConfigLines.some(line => line.indexOf('includeIf.gitdir:') >= 0)
).toBeTruthy()
}) })
const configureAuth_setsSshCommandWhenPersistCredentialsTrue = const configureAuth_setsSshCommandWhenPersistCredentialsTrue =
@@ -419,8 +440,20 @@ describe('git-auth-helper tests', () => {
expect( expect(
configContent.indexOf('value-from-global-config') configContent.indexOf('value-from-global-config')
).toBeGreaterThanOrEqual(0) ).toBeGreaterThanOrEqual(0)
// Global config should have include.path pointing to credentials file
expect(configContent.indexOf('include.path')).toBeGreaterThanOrEqual(0)
// Check credentials in the separate config file
const credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
f => f.startsWith('git-credentials-') && f.endsWith('.config')
)
expect(credentialsFiles.length).toBeGreaterThan(0)
const credentialsConfigPath = path.join(runnerTemp, credentialsFiles[0])
const credentialsContent = (
await fs.promises.readFile(credentialsConfigPath)
).toString()
expect( expect(
configContent.indexOf( credentialsContent.indexOf(
`http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}` `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
) )
).toBeGreaterThanOrEqual(0) ).toBeGreaterThanOrEqual(0)
@@ -463,8 +496,20 @@ describe('git-auth-helper tests', () => {
const configContent = ( const configContent = (
await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig')) await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig'))
).toString() ).toString()
// Global config should have include.path pointing to credentials file
expect(configContent.indexOf('include.path')).toBeGreaterThanOrEqual(0)
// Check credentials in the separate config file
const credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
f => f.startsWith('git-credentials-') && f.endsWith('.config')
)
expect(credentialsFiles.length).toBeGreaterThan(0)
const credentialsConfigPath = path.join(runnerTemp, credentialsFiles[0])
const credentialsContent = (
await fs.promises.readFile(credentialsConfigPath)
).toString()
expect( expect(
configContent.indexOf( credentialsContent.indexOf(
`http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}` `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
) )
).toBeGreaterThanOrEqual(0) ).toBeGreaterThanOrEqual(0)
@@ -660,19 +705,35 @@ describe('git-auth-helper tests', () => {
await setup(removeAuth_removesToken) await setup(removeAuth_removesToken)
const authHelper = gitAuthHelper.createAuthHelper(git, settings) const authHelper = gitAuthHelper.createAuthHelper(git, settings)
await authHelper.configureAuth() await authHelper.configureAuth()
let gitConfigContent = (
// Sanity check - verify includeIf entries exist in local config
let localConfigContent = (
await fs.promises.readFile(localGitConfigPath) await fs.promises.readFile(localGitConfigPath)
).toString() ).toString()
expect(gitConfigContent.indexOf('http.')).toBeGreaterThanOrEqual(0) // sanity check expect(
localConfigContent.indexOf('includeIf.gitdir:')
).toBeGreaterThanOrEqual(0)
// Sanity check - verify credentials file exists
let credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
f => f.startsWith('git-credentials-') && f.endsWith('.config')
)
expect(credentialsFiles.length).toBe(1)
// Act // Act
await authHelper.removeAuth() await authHelper.removeAuth()
// Assert git config // Assert includeIf entries removed from local git config
gitConfigContent = ( localConfigContent = (
await fs.promises.readFile(localGitConfigPath) await fs.promises.readFile(localGitConfigPath)
).toString() ).toString()
expect(gitConfigContent.indexOf('http.')).toBeLessThan(0) expect(localConfigContent.indexOf('includeIf.gitdir:')).toBeLessThan(0)
// Assert credentials config file deleted
credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
f => f.startsWith('git-credentials-') && f.endsWith('.config')
)
expect(credentialsFiles.length).toBe(0)
}) })
const removeGlobalConfig_removesOverride = const removeGlobalConfig_removesOverride =
@@ -733,10 +794,20 @@ async function setup(testName: string): Promise<void> {
checkout: jest.fn(), checkout: jest.fn(),
checkoutDetach: jest.fn(), checkoutDetach: jest.fn(),
config: jest.fn( config: jest.fn(
async (key: string, value: string, globalConfig?: boolean) => { async (
const configPath = globalConfig key: string,
value: string,
globalConfig?: boolean,
add?: boolean,
configFile?: string
) => {
const configPath =
configFile ||
(globalConfig
? path.join(git.env['HOME'] || tempHomedir, '.gitconfig') ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
: localGitConfigPath : localGitConfigPath)
// Ensure directory exists
await fs.promises.mkdir(path.dirname(configPath), {recursive: true})
await fs.promises.appendFile(configPath, `\n${key} ${value}`) await fs.promises.appendFile(configPath, `\n${key} ${value}`)
} }
), ),
@@ -830,6 +901,7 @@ async function setup(testName: string): Promise<void> {
async function getActualSshKeyPath(): Promise<string> { async function getActualSshKeyPath(): Promise<string> {
let actualTempFiles = (await fs.promises.readdir(runnerTemp)) let actualTempFiles = (await fs.promises.readdir(runnerTemp))
.filter(x => !x.startsWith('git-credentials-')) // Exclude credentials config file
.sort() .sort()
.map(x => path.join(runnerTemp, x)) .map(x => path.join(runnerTemp, x))
if (actualTempFiles.length === 0) { if (actualTempFiles.length === 0) {
@@ -843,6 +915,7 @@ async function getActualSshKeyPath(): Promise<string> {
async function getActualSshKnownHostsPath(): Promise<string> { async function getActualSshKnownHostsPath(): Promise<string> {
let actualTempFiles = (await fs.promises.readdir(runnerTemp)) let actualTempFiles = (await fs.promises.readdir(runnerTemp))
.filter(x => !x.startsWith('git-credentials-')) // Exclude credentials config file
.sort() .sort()
.map(x => path.join(runnerTemp, x)) .map(x => path.join(runnerTemp, x))
if (actualTempFiles.length === 0) { if (actualTempFiles.length === 0) {

95
dist/index.js vendored
View File

@@ -162,6 +162,8 @@ class GitAuthHelper {
this.sshKeyPath = ''; this.sshKeyPath = '';
this.sshKnownHostsPath = ''; this.sshKnownHostsPath = '';
this.temporaryHomePath = ''; this.temporaryHomePath = '';
this.credentialsConfigPath = ''; // Path to separate credentials config file in RUNNER_TEMP
this.credentialsIncludeKeys = []; // Track includeIf/include config keys for cleanup
this.git = gitCommandManager; this.git = gitCommandManager;
this.settings = gitSourceSettings || {}; this.settings = gitSourceSettings || {};
// Token auth header // Token auth header
@@ -187,6 +189,20 @@ class GitAuthHelper {
yield this.configureToken(); yield this.configureToken();
}); });
} }
getCredentialsConfigPath() {
return __awaiter(this, void 0, void 0, function* () {
if (this.credentialsConfigPath) {
return this.credentialsConfigPath;
}
const runnerTemp = process.env['RUNNER_TEMP'] || '';
assert.ok(runnerTemp, 'RUNNER_TEMP is not defined');
// Create a unique filename for this checkout instance
const configFileName = `git-credentials-${(0, uuid_1.v4)()}.config`;
this.credentialsConfigPath = path.join(runnerTemp, configFileName);
core.debug(`Credentials config path: ${this.credentialsConfigPath}`);
return this.credentialsConfigPath;
});
}
configureTempGlobalConfig() { configureTempGlobalConfig() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
var _a; var _a;
@@ -229,10 +245,10 @@ class GitAuthHelper {
configureGlobalAuth() { configureGlobalAuth() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
// 'configureTempGlobalConfig' noops if already set, just returns the path // 'configureTempGlobalConfig' noops if already set, just returns the path
const newGitConfigPath = yield this.configureTempGlobalConfig(); yield this.configureTempGlobalConfig();
try { try {
// Configure the token // Configure the token
yield this.configureToken(newGitConfigPath, true); yield this.configureToken(true);
// Configure HTTPS instead of SSH // Configure HTTPS instead of SSH
yield this.git.tryConfigUnset(this.insteadOfKey, true); yield this.git.tryConfigUnset(this.insteadOfKey, true);
if (!this.settings.sshKey) { if (!this.settings.sshKey) {
@@ -351,20 +367,45 @@ class GitAuthHelper {
} }
}); });
} }
configureToken(configPath, globalConfig) { configureToken(globalConfig) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
// Validate args // Get the credentials config file path in RUNNER_TEMP
assert.ok((configPath && globalConfig) || (!configPath && !globalConfig), 'Unexpected configureToken parameter combinations'); const credentialsConfigPath = yield this.getCredentialsConfigPath();
// Default config path // Write placeholder to the separate credentials config file using git config.
if (!configPath && !globalConfig) { // This approach avoids the credential being captured by process creation audit events,
configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config'); // which are commonly logged. For more information, refer to
// https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
yield this.git.config(this.tokenConfigKey, this.tokenPlaceholderConfigValue, false, false, credentialsConfigPath);
// Replace the placeholder in the credentials config file
yield this.replaceTokenPlaceholder(credentialsConfigPath);
// Add include or includeIf to reference the credentials config
if (globalConfig) {
// For global config, use unconditional include.
// No need to track for cleanup since the temp .gitconfig file (which contains
// this include.path entry) gets deleted by removeGlobalConfig().
yield this.git.config('include.path', credentialsConfigPath, true);
}
else {
// For local config, use includeIf.gitdir to match the .git directory.
// Configure for both host and container paths to support Docker container actions.
const gitDir = path.join(this.git.getWorkingDirectory(), '.git');
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`;
yield this.git.config(hostIncludeKey, credentialsConfigPath);
this.credentialsIncludeKeys.push(hostIncludeKey);
// Configure for container scenario where paths are mapped to fixed locations
const githubWorkspace = process.env['GITHUB_WORKSPACE'];
if (githubWorkspace) {
// Calculate the relative path of the working directory from GITHUB_WORKSPACE
const workingDirectory = this.git.getWorkingDirectory();
const relativePath = path.relative(githubWorkspace, workingDirectory);
// Container paths: GITHUB_WORKSPACE -> /github/workspace, RUNNER_TEMP -> /github/runner_temp
const containerGitDir = path.posix.join('/github/workspace', relativePath, '.git');
const containerCredentialsPath = path.posix.join('/github/runner_temp', path.basename(credentialsConfigPath));
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`;
yield this.git.config(containerIncludeKey, containerCredentialsPath);
this.credentialsIncludeKeys.push(containerIncludeKey);
}
} }
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
yield this.git.config(this.tokenConfigKey, this.tokenPlaceholderConfigValue, globalConfig);
// Replace the placeholder
yield this.replaceTokenPlaceholder(configPath || '');
}); });
} }
replaceTokenPlaceholder(configPath) { replaceTokenPlaceholder(configPath) {
@@ -411,8 +452,24 @@ class GitAuthHelper {
} }
removeToken() { removeToken() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
var _a;
// HTTP extra header // HTTP extra header
yield this.removeGitConfig(this.tokenConfigKey); yield this.removeGitConfig(this.tokenConfigKey);
// Remove include/includeIf config entries
for (const includeKey of this.credentialsIncludeKeys) {
yield this.removeGitConfig(includeKey);
}
this.credentialsIncludeKeys = [];
// Remove credentials config file
if (this.credentialsConfigPath) {
try {
yield io.rmRF(this.credentialsConfigPath);
}
catch (err) {
core.debug(`${(_a = err === null || err === void 0 ? void 0 : err.message) !== null && _a !== void 0 ? _a : err}`);
core.warning(`Failed to remove credentials config '${this.credentialsConfigPath}'`);
}
}
}); });
} }
removeGitConfig(configKey_1) { removeGitConfig(configKey_1) {
@@ -627,9 +684,15 @@ class GitCommandManager {
yield this.execGit(args); yield this.execGit(args);
}); });
} }
config(configKey, configValue, globalConfig, add) { config(configKey, configValue, globalConfig, add, configFile) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
const args = ['config', globalConfig ? '--global' : '--local']; const args = ['config'];
if (configFile) {
args.push('--file', configFile);
}
else {
args.push(globalConfig ? '--global' : '--local');
}
if (add) { if (add) {
args.push('--add'); args.push('--add');
} }

110
src/git-auth-helper.ts
View File

@@ -43,6 +43,8 @@ class GitAuthHelper {
private sshKeyPath = '' private sshKeyPath = ''
private sshKnownHostsPath = '' private sshKnownHostsPath = ''
private temporaryHomePath = '' private temporaryHomePath = ''
private credentialsConfigPath = '' // Path to separate credentials config file in RUNNER_TEMP
private credentialsIncludeKeys: string[] = [] // Track includeIf/include config keys for cleanup
constructor( constructor(
gitCommandManager: IGitCommandManager, gitCommandManager: IGitCommandManager,
@@ -81,6 +83,22 @@ class GitAuthHelper {
await this.configureToken() await this.configureToken()
} }
private async getCredentialsConfigPath(): Promise<string> {
if (this.credentialsConfigPath) {
return this.credentialsConfigPath
}
const runnerTemp = process.env['RUNNER_TEMP'] || ''
assert.ok(runnerTemp, 'RUNNER_TEMP is not defined')
// Create a unique filename for this checkout instance
const configFileName = `git-credentials-${uuid()}.config`
this.credentialsConfigPath = path.join(runnerTemp, configFileName)
core.debug(`Credentials config path: ${this.credentialsConfigPath}`)
return this.credentialsConfigPath
}
async configureTempGlobalConfig(): Promise<string> { async configureTempGlobalConfig(): Promise<string> {
// Already setup global config // Already setup global config
if (this.temporaryHomePath?.length > 0) { if (this.temporaryHomePath?.length > 0) {
@@ -126,10 +144,10 @@ class GitAuthHelper {
async configureGlobalAuth(): Promise<void> { async configureGlobalAuth(): Promise<void> {
// 'configureTempGlobalConfig' noops if already set, just returns the path // 'configureTempGlobalConfig' noops if already set, just returns the path
const newGitConfigPath = await this.configureTempGlobalConfig() await this.configureTempGlobalConfig()
try { try {
// Configure the token // Configure the token
await this.configureToken(newGitConfigPath, true) await this.configureToken(true)
// Configure HTTPS instead of SSH // Configure HTTPS instead of SSH
await this.git.tryConfigUnset(this.insteadOfKey, true) await this.git.tryConfigUnset(this.insteadOfKey, true)
@@ -272,32 +290,62 @@ class GitAuthHelper {
} }
} }
private async configureToken( private async configureToken(globalConfig?: boolean): Promise<void> {
configPath?: string, // Get the credentials config file path in RUNNER_TEMP
globalConfig?: boolean const credentialsConfigPath = await this.getCredentialsConfigPath()
): Promise<void> {
// Validate args
assert.ok(
(configPath && globalConfig) || (!configPath && !globalConfig),
'Unexpected configureToken parameter combinations'
)
// Default config path // Write placeholder to the separate credentials config file using git config.
if (!configPath && !globalConfig) { // This approach avoids the credential being captured by process creation audit events,
configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config') // which are commonly logged. For more information, refer to
} // https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
await this.git.config( await this.git.config(
this.tokenConfigKey, this.tokenConfigKey,
this.tokenPlaceholderConfigValue, this.tokenPlaceholderConfigValue,
globalConfig false,
false,
credentialsConfigPath
) )
// Replace the placeholder // Replace the placeholder in the credentials config file
await this.replaceTokenPlaceholder(configPath || '') await this.replaceTokenPlaceholder(credentialsConfigPath)
// Add include or includeIf to reference the credentials config
if (globalConfig) {
// For global config, use unconditional include.
// No need to track for cleanup since the temp .gitconfig file (which contains
// this include.path entry) gets deleted by removeGlobalConfig().
await this.git.config('include.path', credentialsConfigPath, true)
} else {
// For local config, use includeIf.gitdir to match the .git directory.
// Configure for both host and container paths to support Docker container actions.
const gitDir = path.join(this.git.getWorkingDirectory(), '.git')
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`
await this.git.config(hostIncludeKey, credentialsConfigPath)
this.credentialsIncludeKeys.push(hostIncludeKey)
// Configure for container scenario where paths are mapped to fixed locations
const githubWorkspace = process.env['GITHUB_WORKSPACE']
if (githubWorkspace) {
// Calculate the relative path of the working directory from GITHUB_WORKSPACE
const workingDirectory = this.git.getWorkingDirectory()
const relativePath = path.relative(githubWorkspace, workingDirectory)
// Container paths: GITHUB_WORKSPACE -> /github/workspace, RUNNER_TEMP -> /github/runner_temp
const containerGitDir = path.posix.join(
'/github/workspace',
relativePath,
'.git'
)
const containerCredentialsPath = path.posix.join(
'/github/runner_temp',
path.basename(credentialsConfigPath)
)
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`
await this.git.config(containerIncludeKey, containerCredentialsPath)
this.credentialsIncludeKeys.push(containerIncludeKey)
}
}
} }
private async replaceTokenPlaceholder(configPath: string): Promise<void> { private async replaceTokenPlaceholder(configPath: string): Promise<void> {
@@ -348,6 +396,24 @@ class GitAuthHelper {
private async removeToken(): Promise<void> { private async removeToken(): Promise<void> {
// HTTP extra header // HTTP extra header
await this.removeGitConfig(this.tokenConfigKey) await this.removeGitConfig(this.tokenConfigKey)
// Remove include/includeIf config entries
for (const includeKey of this.credentialsIncludeKeys) {
await this.removeGitConfig(includeKey)
}
this.credentialsIncludeKeys = []
// Remove credentials config file
if (this.credentialsConfigPath) {
try {
await io.rmRF(this.credentialsConfigPath)
} catch (err) {
core.debug(`${(err as any)?.message ?? err}`)
core.warning(
`Failed to remove credentials config '${this.credentialsConfigPath}'`
)
}
}
} }
private async removeGitConfig( private async removeGitConfig(

13
src/git-command-manager.ts
View File

@@ -28,7 +28,8 @@ export interface IGitCommandManager {
configKey: string, configKey: string,
configValue: string, configValue: string,
globalConfig?: boolean, globalConfig?: boolean,
add?: boolean add?: boolean,
configFile?: string
): Promise<void> ): Promise<void>
configExists(configKey: string, globalConfig?: boolean): Promise<boolean> configExists(configKey: string, globalConfig?: boolean): Promise<boolean>
fetch( fetch(
@@ -223,9 +224,15 @@ class GitCommandManager {
configKey: string, configKey: string,
configValue: string, configValue: string,
globalConfig?: boolean, globalConfig?: boolean,
add?: boolean add?: boolean,
configFile?: string
): Promise<void> { ): Promise<void> {
const args: string[] = ['config', globalConfig ? '--global' : '--local'] const args: string[] = ['config']
if (configFile) {
args.push('--file', configFile)
} else {
args.push(globalConfig ? '--global' : '--local')
}
if (add) { if (add) {
args.push('--add') args.push('--add')
} }