Merge pull request #231 from pmd/dependabot/npm_and_yarn/actions/gith…

…ub-6.0.0 Bump @actions/github from 5.1.1 to 6.0.0
pmd · Mar 17, 2024 · a8026da · a8026da
2 parents 2f4fec3 + 6c4c7ab
commit a8026da
Show file tree

Hide file tree

Showing 5 changed files with 1,060 additions and 5,308 deletions.
diff --git a/dist/index.js b/dist/index.js
diff --git a/lib/util.js b/lib/util.js
@@ -1,6 +1,6 @@
 const core = require('@actions/core');
 const github = require('@actions/github');
-const github_defaults = require('@actions/github/lib/utils').defaults;
+const github_utils = require('@actions/github/lib/utils');
 const tc = require('@actions/tool-cache');
 const exec = require('@actions/exec');
 const semver = require('semver');
@@ -111,16 +111,36 @@ async function determinePmdRelease(pmdVersion, token) {
 
 
     const PUBLIC_GITHUB_API_URL = 'https://api.github.com';
+    // the configured GitHubToken can only be used for the public GitHub instance.
+    // If the action is used on a on-premise GHES instance, then the given token is
+    // not valid for the public instance.
+    const canUseToken = github_utils.defaults.baseUrl === PUBLIC_GITHUB_API_URL;
+
     let octokit;
-    if (github_defaults.baseUrl === PUBLIC_GITHUB_API_URL) {
+    if (canUseToken) {
+        core.debug(`Using token to access repos/pmd/pmd/releases/latest on ${github_utils.defaults.baseUrl}`);
         // only use authenticated token, if on public github and not on a custom GHES instance
-        octokit = github.getOctokit(token);
-        core.debug(`Using token to access repos/pmd/pmd/releases/latest on ${github_defaults.baseUrl}`);
+        octokit = new github_utils.GitHub({ auth: token });
     } else {
+        core.debug(`Not using token to access repos/pmd/pmd/releases/latest on ${PUBLIC_GITHUB_API_URL}, as token is for ${github_utils.defaults.baseUrl}`);
         // explicitly overwrite base url to be public github api, as pmd/pmd is only available there
         // not using the token, as that would only be valid for GHES
-        octokit = new Octokit({ baseUrl: PUBLIC_GITHUB_API_URL });
-        core.debug(`Not using token to access repos/pmd/pmd/releases/latest on ${PUBLIC_GITHUB_API_URL}, as token is for ${github_defaults.baseUrl}`);
+        octokit = new github_utils.GitHub({ baseUrl: PUBLIC_GITHUB_API_URL });
+    }
+
+    if (process.env['JEST_WORKER_ID']) {
+        core.debug('Detected unit test - directly using Octokit without proxy configuration');
+        // during unit test, we use Octokit directly. This uses then fetch to do the requests,
+        // which can be mocked with fetch-mock(-jest). The octokit instance retrieved via @actions/github
+        // uses under the hood undici, which uses a raw socket (node:tls), which can neither be mocked
+        // by nock nor by fetch-mock.
+        // Using @actions/github to get the octokit instance would also make sure, that the proxy configuration
+        // is respected - which is ignored now in unit tests.
+        if (canUseToken) {
+            octokit = new Octokit({ baseUrl: PUBLIC_GITHUB_API_URL, auth: token });
+        } else {
+            octokit = new Octokit({ baseUrl: PUBLIC_GITHUB_API_URL });
+        }
     }
 
     let release;
@@ -162,7 +182,18 @@ const determineModifiedFiles = async function(token, sourcePath) {
     // creating new context instead of using "github.context" to reinitialize for unit testing
     const context = new github.context.constructor();
     const eventData = context.payload;
-    const octokit = github.getOctokit(token);
+    let octokit = github.getOctokit(token);
+    if (process.env['JEST_WORKER_ID']) {
+        core.debug('Detected unit test - directly using Octokit without proxy configuration');
+        // during unit test, we use Octokit directly. This uses then fetch to do the requests,
+        // which can be mocked with fetch-mock(-jest). The octokit instance retrieved via @actions/github
+        // uses under the hood undici, which uses a raw socket (node:tls), which can neither be mocked
+        // by nock nor by fetch-mock.
+        // Using @actions/github to get the octokit instance would also make sure, that the proxy configuration
+        // is respected - which is ignored now in unit tests.
+        octokit = new Octokit({ baseUrl: github_utils.defaults.baseUrl, auth: token });
+    }
+
     if (context.eventName === 'pull_request') {
         core.debug(`Pull request ${eventData.number}: ${eventData.pull_request.html_url}`);