Add optional token parameter

adangel · adangel · commit ea15b9a48833 · 2021-12-03T12:16:15.000+01:00
The token is used for querying GitHub Releases API to determine the
latest PMD version and the download URL for PMD.

This allows to use `@actions/github` to get a octokit.

Error handling is improved as well - util doesn't catch the errors anymore,
so any exceptions bubble up to the main function.
diff --git a/README.md b/README.md
@@ -70,7 +70,8 @@ See also [Uploading a SARIF file to GitHub](https://docs.github.com/en/code-secu
 
 |input       |required|default|description|
 |------------|---|--------|---------------|
-|`version`   |no |"latest"|PMD version to use. Using "latest" automatically downloads the latest version. Available versions: https://github.com/pmd/pmd/releases|
+|`token`     |no |"github.token"|Personal access token (PAT) used to query the latest PMD release and the download URL for PMD.<br>By default the automatic token for GitHub Actions is used.<br>[Learn more about automatic token authentication](https://docs.github.com/en/actions/security-guides/automatic-token-authentication)<br>[Learn more about creating and using encrypted secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets)|
+|`version`   |no |"latest"|PMD version to use. Using "latest" automatically downloads the latest version.<br>Available versions: https://github.com/pmd/pmd/releases|
 |`sourcePath`|no |"."     |Root directory for sources. Uses by default the current directory|
 |`rulesets`  |yes|        |Comma separated list of ruleset names to use.|
 
diff --git a/action.yml b/action.yml
@@ -1,10 +1,25 @@
 name: PMD
 description: Execute PMD static code analysis.
 inputs:
+  token:
+    description: >-
+      Personal access token (PAT) used to query the latest PMD release and the
+      download URL for PMD.
+
+      By default the automatic token for GitHub Actions is used. [Learn more
+      about automatic token
+      authentication](https://docs.github.com/en/actions/security-guides/automatic-token-authentication)
+
+      [Learn more about creating and using encrypted
+      secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets)
+    required: false
+    default: '${{ github.token }}'
   version:
     description: >-
       PMD version to use. Using "latest" automatically downloads the latest
-      version. Available versions: https://github.com/pmd/pmd/releases
+      version.
+
+      Available versions: https://github.com/pmd/pmd/releases
     required: false
     default: latest
   sourcePath:
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/licenses.txt b/dist/licenses.txt
@@ -34,6 +34,18 @@ The above copyright notice and this permission notice shall be included in all c
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+@actions/github
+MIT
+The MIT License (MIT)
+
+Copyright 2019 GitHub
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
 @actions/http-client
 MIT
 Actions Http Client for Node.js
@@ -194,17 +206,6 @@ The above copyright notice and this permission notice (including the next paragr
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 
-@octokit/plugin-request-log
-MIT
-MIT License Copyright (c) 2020 Octokit contributors
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-
 @octokit/plugin-rest-endpoint-methods
 MIT
 MIT License Copyright (c) 2019 Octokit contributors
@@ -266,32 +267,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 
 
-@octokit/rest
-MIT
-The MIT License
-
-Copyright (c) 2012 Cloud9 IDE, Inc. (Mike de Boer)
-Copyright (c) 2017-2018 Octokit contributors
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
-
-
 @vercel/ncc
 MIT
 Copyright 2018 ZEIT, Inc.
diff --git a/lib/index.js b/lib/index.js
@@ -9,9 +9,12 @@ const reportFile = 'pmd-report.sarif'
 
 let pmdPath, exitCode, violations;
 
-async function run() {
+async function main() {
   try {
-    pmdPath = await util.downloadPmd(validator.validateVersion(core.getInput('version'), { required: true }));
+    pmdPath = await util.downloadPmd(
+      validator.validateVersion(core.getInput('version', { required: true })),
+      core.getInput('token', { required: true })
+    );
     exitCode = await util.executePmd(pmdPath,
       validator.validateSourcePath(core.getInput('sourcePath', { required: true })),
       validator.validateRulesets(core.getInput('rulesets', { required: true })),
@@ -32,4 +35,4 @@ async function run() {
   }
 }
 
-run();
+main();
diff --git a/lib/util.js b/lib/util.js
@@ -1,54 +1,46 @@
 const core = require('@actions/core');
-const { Octokit } = require("@octokit/rest");
+const github = require('@actions/github');
 const tc = require('@actions/tool-cache');
 const exec = require('@actions/exec');
 
-const downloadPmd = async function(version) {
-    try {
-        let pmdVersion = version;
-        let cachedPmdPath = tc.find('pmd', version);
-        core.debug(`cached path result: ${cachedPmdPath}`);
-        if (cachedPmdPath === '') {
-            const pmdRelease = await determinePmdRelease(version);
-            pmdVersion = getPmdVersionFromRelease(pmdRelease);
-            const pathToZipDistribution = await tc.downloadTool(await getDownloadURL(pmdRelease));
-            const pmdExtractedFolder = await tc.extractZip(pathToZipDistribution);
-            cachedPmdPath = await tc.cacheDir(pmdExtractedFolder, 'pmd', pmdVersion);
-        }
-
-        core.info(`Using PMD ${pmdVersion} from cached path ${cachedPmdPath}`);
-        return `${cachedPmdPath}/pmd-bin-${pmdVersion}`;
-    } catch (error) {
-        core.setFailed(error.message || error);
+const downloadPmd = async function(version, token) {
+    let pmdVersion = version;
+    let cachedPmdPath = tc.find('pmd', version);
+    core.debug(`cached path result: ${cachedPmdPath}`);
+    if (cachedPmdPath === '') {
+        const pmdRelease = await determinePmdRelease(version, token);
+        pmdVersion = getPmdVersionFromRelease(pmdRelease);
+        const pathToZipDistribution = await tc.downloadTool(await getDownloadURL(pmdRelease));
+        const pmdExtractedFolder = await tc.extractZip(pathToZipDistribution);
+        cachedPmdPath = await tc.cacheDir(pmdExtractedFolder, 'pmd', pmdVersion);
     }
+
+    core.info(`Using PMD ${pmdVersion} from cached path ${cachedPmdPath}`);
+    return `${cachedPmdPath}/pmd-bin-${pmdVersion}`;
 }
 
 const executePmd = async function(pmdPath, sourcePath, ruleset, reportFormat, reportFile) {
-    try {
-        const { exitCode, stdout, stderr } = await exec.getExecOutput(`${pmdPath}/bin/run.sh`,
-            [
-                'pmd',
-                '-no-cache',
-                '-d', sourcePath,
-                '-f', reportFormat,
-                '-R', ruleset,
-                '-r', reportFile,
-            ],
-            {
-                ignoreReturnCode: true
-            });
-        core.debug(`stdout: ${stdout}`);
-        core.debug(`stderr: ${stderr}`);
-        core.debug(`exitCode: ${exitCode}`);
-        return exitCode;
-    } catch (error) {
-        core.setFailed(error.message || error);
-    }
+    const { exitCode, stdout, stderr } = await exec.getExecOutput(`${pmdPath}/bin/run.sh`,
+        [
+            'pmd',
+            '-no-cache',
+            '-d', sourcePath,
+            '-f', reportFormat,
+            '-R', ruleset,
+            '-r', reportFile,
+        ],
+        {
+            ignoreReturnCode: true
+        });
+    core.debug(`stdout: ${stdout}`);
+    core.debug(`stderr: ${stderr}`);
+    core.debug(`exitCode: ${exitCode}`);
+    return exitCode;
 }
 
-async function determinePmdRelease(pmdVersion) {
-    core.debug(`determine release info for ${pmdVersion}`);
-    const octokit = new Octokit({baseUrl: getGithubBaseUrl()});
+async function determinePmdRelease(pmdVersion, token) {
+    core.debug(`Determine release info for ${pmdVersion}`);
+    const octokit = github.getOctokit(token);
     let release;
     if (pmdVersion === 'latest') {
         release = await octokit.rest.repos.getLatestRelease({
@@ -76,9 +68,5 @@ async function getDownloadURL(release) {
     return asset.browser_download_url;
 }
 
-function getGithubBaseUrl() {
-    return process.env['GITHUB_API_URL'] || 'https://api.github.com';
-}
-
 module.exports.downloadPmd = downloadPmd;
 module.exports.executePmd = executePmd;
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -27,6 +27,7 @@
     "@actions/artifact": "^0.5.2",
     "@actions/core": "^1.6.0",
     "@actions/exec": "^1.1.0",
+    "@actions/github": "^5.0.0",
     "@actions/tool-cache": "^1.7.1",
     "@octokit/rest": "^18.12.0"
   },
diff --git a/tests/util.test.js b/tests/util.test.js
@@ -45,7 +45,7 @@ describe('pmd-github-action-util', function() {
       .get('/pmd/pmd/releases/download/pmd_releases/6.40.0/pmd-bin-6.40.0.zip')
       .replyWithFile(200, __dirname + '/data/pmd-bin-6.40.0.zip')
 
-    const cachedPmdPath = await util.downloadPmd('latest');
+    const cachedPmdPath = await util.downloadPmd('latest', 'my_test_token');
 
     const toolCache = path.join(cachePath, 'pmd', '6.40.0', os.arch(), 'pmd-bin-6.40.0');
     expect(cachedPmdPath).toBe(toolCache);
@@ -61,13 +61,33 @@ describe('pmd-github-action-util', function() {
     nock('https://github.com')
       .get('/pmd/pmd/releases/download/pmd_releases/6.39.0/pmd-bin-6.39.0.zip')
       .replyWithFile(200, __dirname + '/data/pmd-bin-6.39.0.zip');
-    const cachedPmdPath = await util.downloadPmd('6.39.0');
+    const cachedPmdPath = await util.downloadPmd('6.39.0', 'my_test_token');
 
     const toolCache = path.join(cachePath, 'pmd', '6.39.0', os.arch(), 'pmd-bin-6.39.0');
     expect(cachedPmdPath).toBe(toolCache);
     expect(fs.existsSync(toolCache)).toBeTruthy();
   })
 
+  it('use cached PMD version', async () => {
+    nock('https://api.github.com')
+      .get('/repos/pmd/pmd/releases/tags/pmd_releases%2F6.39.0')
+        .once()
+        .replyWithFile(200, __dirname + '/data/releases-6.39.0.json', {
+          'Content-Type': 'application/json',
+        })
+    nock('https://github.com')
+      .get('/pmd/pmd/releases/download/pmd_releases/6.39.0/pmd-bin-6.39.0.zip')
+      .once()
+      .replyWithFile(200, __dirname + '/data/pmd-bin-6.39.0.zip');
+    const cachedPmdPath = await util.downloadPmd('6.39.0', 'my_test_token');
+    const cachedPmdPath2 = await util.downloadPmd('6.39.0', 'my_test_token');
+
+    const toolCache = path.join(cachePath, 'pmd', '6.39.0', os.arch(), 'pmd-bin-6.39.0');
+    expect(cachedPmdPath).toBe(toolCache);
+    expect(cachedPmdPath2).toBe(cachedPmdPath);
+    expect(fs.existsSync(toolCache)).toBeTruthy();
+  })
+
   it('can execute PMD', async () => {
     nock('https://api.github.com')
       .get('/repos/pmd/pmd/releases/latest')
@@ -78,14 +98,26 @@ describe('pmd-github-action-util', function() {
       .get('/pmd/pmd/releases/download/pmd_releases/6.40.0/pmd-bin-6.40.0.zip')
       .replyWithFile(200, __dirname + '/data/pmd-bin-6.40.0.zip')
 
-    const cachedPmdPath = await util.downloadPmd('latest');
+    const cachedPmdPath = await util.downloadPmd('latest', 'my_test_token');
     await util.executePmd(cachedPmdPath, '.', 'ruleset.xml', 'sarif', 'pmd-report.sarif');
     const reportFile = path.join('.', 'pmd-report.sarif');
     expect(fs.existsSync(reportFile)).toBeTruthy();
     const report = JSON.parse(fs.readFileSync(reportFile));
     expect(report.runs[0].tool.driver.version).toBe('6.40.0');
     await io.rmRF(reportFile)
   })
+
+  it('failure while downloading PMD', async () => {
+    nock('https://api.github.com')
+      .get('/repos/pmd/pmd/releases/latest')
+        .reply(503, 'Test Internal Server Error');
+
+    expect(() => util.downloadPmd('latest', 'my_test_token')).rejects.toThrow();
+  });
+
+  it('failure while executing PMD', async () => {
+    expect(() => util.executePmd('non-existing-pmd-path', '.', 'ruleset.xml', 'sarif', 'pmd-report.sarif')).rejects.toThrow();
+  });
 });
 
 function setGlobal(key, value) {
