dependency-change-report 1.3.4 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/git/repository.mjs +23 -3
- package/package.json +1 -1
package/lib/git/repository.mjs
CHANGED
|
@@ -14,16 +14,26 @@ import { registerTempDir, unregisterTempDir } from '../utils/cleanup-manager.mjs
|
|
|
14
14
|
export const cloneRepo = async (repoUrl, ref, targetDir, enablePeriodicLogging = false) => {
|
|
15
15
|
const repoName = basename(repoUrl, '.git');
|
|
16
16
|
|
|
17
|
+
// Apply GitHub token authentication if in GitHub Actions
|
|
18
|
+
let authenticatedRepoUrl = repoUrl;
|
|
19
|
+
const isGitHubActions = process.env.GITHUB_ACTIONS === 'true';
|
|
20
|
+
if (isGitHubActions && repoUrl.includes('github.com')) {
|
|
21
|
+
const token = process.env.GITHUB_TOKEN;
|
|
22
|
+
if (token) {
|
|
23
|
+
authenticatedRepoUrl = repoUrl.replace('https://github.com/', `https://${token}:x-oauth-basic@github.com/`);
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
|
|
17
27
|
try {
|
|
18
28
|
// Use shallow clone with depth=1 and single-branch for faster cloning
|
|
19
29
|
// Use --quiet to avoid printing credentials in logs
|
|
20
30
|
// 2 minute timeout for very large repositories
|
|
21
|
-
await executeCommand('git', ['clone', '--quiet', '--depth=1', '--single-branch', '--branch', ref,
|
|
31
|
+
await executeCommand('git', ['clone', '--quiet', '--depth=1', '--single-branch', '--branch', ref, authenticatedRepoUrl, targetDir], undefined, time_2min, `git clone of ${repoName} (${ref})`, enablePeriodicLogging);
|
|
22
32
|
} catch (error) {
|
|
23
33
|
// If shallow clone with specific branch fails, try traditional approach
|
|
24
34
|
try {
|
|
25
35
|
// Full clone with 5 minute timeout for very large repos
|
|
26
|
-
await executeCommand('git', ['clone', '--quiet',
|
|
36
|
+
await executeCommand('git', ['clone', '--quiet', authenticatedRepoUrl, targetDir], undefined, time_5min, `git clone of ${repoName} (full)`, enablePeriodicLogging);
|
|
27
37
|
await executeCommand('git', ['checkout', ref], targetDir, time_1min, `git checkout ${ref}`, enablePeriodicLogging);
|
|
28
38
|
} catch (fallbackError) {
|
|
29
39
|
throw fallbackError;
|
|
@@ -51,12 +61,22 @@ export const getCommitHistory = async (repoUrl, oldVersion, newVersion, reposDir
|
|
|
51
61
|
// Register this temp directory for cleanup
|
|
52
62
|
registerTempDir(tempDir);
|
|
53
63
|
|
|
64
|
+
// Apply GitHub token authentication if in GitHub Actions
|
|
65
|
+
let authenticatedRepoUrl = repoUrl;
|
|
66
|
+
const isGitHubActions = process.env.GITHUB_ACTIONS === 'true';
|
|
67
|
+
if (isGitHubActions && repoUrl.includes('github.com')) {
|
|
68
|
+
const token = process.env.GITHUB_TOKEN;
|
|
69
|
+
if (token) {
|
|
70
|
+
authenticatedRepoUrl = repoUrl.replace('https://github.com/', `https://${token}:x-oauth-basic@github.com/`);
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
|
|
54
74
|
// Clone the repository with optimizations for faster cloning
|
|
55
75
|
// Use --quiet to avoid printing credentials in logs
|
|
56
76
|
// Use --depth=1 and --single-branch for faster cloning, then fetch what we need
|
|
57
77
|
try {
|
|
58
78
|
// 2 minute timeout for very large repositories
|
|
59
|
-
await executeCommand('git', ['clone', '--quiet', '--depth=1', '--single-branch',
|
|
79
|
+
await executeCommand('git', ['clone', '--quiet', '--depth=1', '--single-branch', authenticatedRepoUrl, tempDir], undefined, time_2min, `git clone of ${packageName} for history`, false);
|
|
60
80
|
} catch (error) {
|
|
61
81
|
// If the repository doesn't exist or can't be accessed, throw a more specific error
|
|
62
82
|
if (error.message.includes("Repository not found") ||
|