Merge release 1.14.0 into 1.15.x

CHANGELOG.md

@@ -3,6 +3,7 @@
 All notable changes to this project will be documented in this file, in reverse chronological order by release.
 
 
+=======
 ## 1.15.0 - TBD
 
 ### Added
@@ -25,7 +26,7 @@ All notable changes to this project will be documented in this file, in reverse
 
 - Nothing.
 
-## 1.14.0 - 2022-07-25
+## 1.14.0 - 2022-07-26
 
 
 -----
@@ -67,6 +68,51 @@ Feature release (minor)
 
  - [172: add continuous integration action](https://github.com/laminas/automatic-releases/pull/172) thanks to @ghostwriter
 
+
+-----
+
+### Release Notes for [1.14.0](https://github.com/laminas/automatic-releases/milestone/37)
+
+Feature release (minor)
+
+### 1.14.0
+
+- Total issues resolved: **2**
+- Total pull requests resolved: **17**
+- Total contributors: **5**
+
+#### Bug
+
+ - [200: Fix #198 - make GIT's `safe.directory` `'*'` by default on repository fetch](https://github.com/laminas/automatic-releases/pull/200) thanks to @Ocramius
+ - [199: Use `git config credential.helper 'store --file=/tmp/file' for `git push`](https://github.com/laminas/automatic-releases/pull/199) thanks to @Ocramius
+
+#### renovate
+
+ - [197: chore(deps): lock file maintenance](https://github.com/laminas/automatic-releases/pull/197) thanks to @renovate[bot]
+ - [196: chore(deps): update docker/setup-qemu-action action to v2](https://github.com/laminas/automatic-releases/pull/196) thanks to @renovate[bot]
+ - [195: chore(deps): update docker/setup-buildx-action action to v2](https://github.com/laminas/automatic-releases/pull/195) thanks to @renovate[bot]
+ - [194: chore(deps): update docker/login-action action to v2](https://github.com/laminas/automatic-releases/pull/194) thanks to @renovate[bot]
+ - [193: chore(deps): update docker/build-push-action action to v3](https://github.com/laminas/automatic-releases/pull/193) thanks to @renovate[bot]
+ - [190: chore(deps): update dependency monolog/monolog to v3](https://github.com/laminas/automatic-releases/pull/190) thanks to @renovate[bot]
+ - [189: chore(deps): update dependency azjezz/psl to v2](https://github.com/laminas/automatic-releases/pull/189) thanks to @renovate[bot]
+ - [188: chore(deps): update actions/checkout action to v3](https://github.com/laminas/automatic-releases/pull/188) thanks to @renovate[bot]
+ - [185: Configure Renovate](https://github.com/laminas/automatic-releases/pull/185) thanks to @renovate[bot]
+
+#### dependencies
+
+ - [184: build(deps): Bump guzzlehttp/guzzle from 7.4.4 to 7.4.5](https://github.com/laminas/automatic-releases/pull/184) thanks to @dependabot[bot]
+ - [183: build(deps): Bump guzzlehttp/guzzle from 7.4.3 to 7.4.4](https://github.com/laminas/automatic-releases/pull/183) thanks to @dependabot[bot]
+ - [182: build(deps): Bump guzzlehttp/guzzle from 7.3.0 to 7.4.3](https://github.com/laminas/automatic-releases/pull/182) thanks to @dependabot[bot]
+
+#### Enhancement
+
+ - [180: Add support for Git LFS](https://github.com/laminas/automatic-releases/pull/180) thanks to @snapshotpl
+ - [178: Prepare for Renovate with reusable workflows](https://github.com/laminas/automatic-releases/pull/178) thanks to @ghostwriter
+
+#### Enhancement,dependencies
+
+ - [172: add continuous integration action](https://github.com/laminas/automatic-releases/pull/172) thanks to @ghostwriter
+
 ## 1.13.0 - 2021-10-03
 
 

src/Application/Command/BumpChangelogForReleaseBranch.php

@@ -44,12 +44,15 @@ public function execute(InputInterface $input, OutputInterface $output): int
     {
         $milestoneClosedEvent = ($this->loadEvent)();
         $repositoryName       = $milestoneClosedEvent->repository();
-        $repositoryCloneUri   = $repositoryName->uriWithTokenAuthentication($this->environment->githubToken());
         $repositoryPath       = $this->environment->githubWorkspacePath();
 
         Psl\invariant(Filesystem\is_directory($repositoryPath . '/.git'), 'Workspace is not a GIT repository.');
 
-        ($this->fetch)($repositoryCloneUri, $repositoryPath);
+        ($this->fetch)(
+            $repositoryName->uri(),
+            $repositoryName->uriWithTokenAuthentication($this->environment->githubToken()),
+            $repositoryPath
+        );
 
         $mergeCandidates = ($this->getMergeTargets)($repositoryPath);
         $releaseVersion  = $milestoneClosedEvent->version();

src/Application/Command/CreateMergeUpPullRequest.php

@@ -58,12 +58,13 @@ public function execute(InputInterface $input, OutputInterface $output): int
     {
         $event          = $this->loadGithubEvent->__invoke();
         $repositoryPath = $this->variables->githubWorkspacePath();
+        $repositoryName = $event->repository();
 
         Psl\invariant(Filesystem\is_directory($repositoryPath . '/.git'), 'Workspace is not a GIT repository.');
 
         $this->fetch->__invoke(
-            $event->repository()
-                ->uriWithTokenAuthentication($this->variables->githubToken()),
+            $repositoryName->uri(),
+            $repositoryName->uriWithTokenAuthentication($this->variables->githubToken()),
             $repositoryPath
         );
 

src/Application/Command/ReleaseCommand.php

@@ -64,12 +64,15 @@ public function execute(InputInterface $input, OutputInterface $output): int
     {
         $milestoneClosedEvent = ($this->loadEvent)();
         $repositoryName       = $milestoneClosedEvent->repository();
-        $repositoryCloneUri   = $repositoryName->uriWithTokenAuthentication($this->environment->githubToken());
         $repositoryPath       = $this->environment->githubWorkspacePath();
 
         Psl\invariant(Filesystem\is_directory($repositoryPath . '/.git'), 'Workspace is not a GIT repository.');
 
-        ($this->fetch)($repositoryCloneUri, $repositoryPath);
+        ($this->fetch)(
+            $repositoryName->uri(),
+            $repositoryName->uriWithTokenAuthentication($this->environment->githubToken()),
+            $repositoryPath
+        );
 
         $mergeCandidates = ($this->getMergeTargets)($repositoryPath);
         $releaseVersion  = $milestoneClosedEvent->version();

src/Application/Command/SwitchDefaultBranchToNextMinor.php

@@ -51,12 +51,13 @@ public function execute(InputInterface $input, OutputInterface $output): int
     {
         $event          = $this->loadGithubEvent->__invoke();
         $repositoryPath = $this->variables->githubWorkspacePath();
+        $repositoryName = $event->repository();
 
         Psl\invariant(Filesystem\is_directory($repositoryPath . '/.git'), 'Workspace is not a GIT repository.');
 
         $this->fetch->__invoke(
-            $event->repository()
-                ->uriWithTokenAuthentication($this->variables->githubToken()),
+            $repositoryName->uri(),
+            $repositoryName->uriWithTokenAuthentication($this->variables->githubToken()),
             $repositoryPath
         );
 

src/Git/Fetch.php

@@ -11,6 +11,7 @@ interface Fetch
     /** @psalm-param non-empty-string $repositoryRootDirectory */
     public function __invoke(
         UriInterface $repositoryUri,
+        UriInterface $uriWithCredentials,
         string $repositoryRootDirectory
     ): void;
 }

src/Git/FetchAndSetCurrentUserByReplacingCurrentOriginRemote.php

@@ -5,6 +5,8 @@
 namespace Laminas\AutomaticReleases\Git;
 
 use Laminas\AutomaticReleases\Environment\EnvironmentVariables;
+use Psl\File;
+use Psl\Filesystem;
 use Psl\Shell;
 use Psr\Http\Message\UriInterface;
 
@@ -19,13 +21,19 @@ public function __construct(EnvironmentVariables $variables)
 
     public function __invoke(
         UriInterface $repositoryUri,
+        UriInterface $uriWithCredentials,
         string $repositoryRootDirectory
     ): void {
         try {
             Shell\execute('git', ['remote', 'rm', 'origin'], $repositoryRootDirectory);
         } catch (Shell\Exception\FailedExecutionException) {
         }
 
+        $credentialStore = Filesystem\create_temporary_file();
+
+        Shell\execute('git', ['config', '--global', '--add', 'safe.directory', '*'], $repositoryRootDirectory);
+        Shell\execute('git', ['config', 'credential.helper', 'store --file=' . $credentialStore], $repositoryRootDirectory);
+        File\write($credentialStore, $uriWithCredentials->__toString());
         Shell\execute('git', ['remote', 'add', 'origin', $repositoryUri->__toString()], $repositoryRootDirectory);
         Shell\execute('git', ['fetch', 'origin'], $repositoryRootDirectory);
         Shell\execute('git', ['config', 'user.email', $this->variables->gitAuthorEmail()], $repositoryRootDirectory);

src/Github/Value/RepositoryName.php

@@ -52,6 +52,11 @@ public function assertMatchesOwner(string $owner): void
         Psl\invariant(Str\lowercase($owner) === Str\lowercase($this->owner), 'Failed asserting that "%s" matches repository name owner.', $owner);
     }
 
+    public function uri(): UriInterface
+    {
+        return new Uri('https://@github.com/' . $this->owner . '/' . $this->name . '.git');
+    }
+
     /** @psalm-param non-empty-string $token */
     public function uriWithTokenAuthentication(string $token): UriInterface
     {

test/unit/Application/BumpChangelogForReleaseBranchTest.php

@@ -94,6 +94,7 @@ public function testWillBumpChangelogVersion(): void
         $this->fetch->expects(self::once())
             ->method('__invoke')
             ->with(
+                'https://github.com/foo/bar.git',
                 'https://github-auth-token:[email protected]/foo/bar.git',
                 $workspace
             );

test/unit/Application/CreateMergeUpPullRequestTest.php

@@ -142,7 +142,11 @@ public function testWillCreateMergeUpPullRequest(): void
 
         $this->fetch->expects(self::once())
             ->method('__invoke')
-            ->with('https://github-auth-token:[email protected]/foo/bar.git', $workspace);
+            ->with(
+                'https://github.com/foo/bar.git',
+                'https://github-auth-token:[email protected]/foo/bar.git',
+                $workspace
+            );
 
         $this->getMergeTargets->method('__invoke')
             ->with($workspace)
@@ -208,7 +212,11 @@ public function testWillSkipMergeUpPullRequestOnNoMergeUpCandidate(): void
 
         $this->fetch->expects(self::once())
             ->method('__invoke')
-            ->with('https://github-auth-token:[email protected]/foo/bar.git', $workspace);
+            ->with(
+                'https://github.com/foo/bar.git',
+                'https://github-auth-token:[email protected]/foo/bar.git',
+                $workspace
+            );
 
         $this->getMergeTargets->method('__invoke')
             ->with($workspace)

test/unit/Application/ReleaseCommandTest.php

@@ -152,7 +152,11 @@ public function testWillRelease(): void
 
         $this->fetch->expects(self::once())
             ->method('__invoke')
-            ->with('https://github-auth-token:[email protected]/foo/bar.git', $workspace);
+            ->with(
+                'https://github.com/foo/bar.git',
+                'https://github-auth-token:[email protected]/foo/bar.git',
+                $workspace
+            );
 
         $this->getMergeTargets->method('__invoke')
             ->with($workspace)

test/unit/Application/SwitchDefaultBranchToNextMinorTest.php

@@ -113,7 +113,11 @@ public function testWillSwitchToExistingNewestDefaultBranch(): void
 
         $this->fetch->expects(self::once())
             ->method('__invoke')
-            ->with('https://github-auth-token:[email protected]/foo/bar.git', $workspace);
+            ->with(
+                'https://github.com/foo/bar.git',
+                'https://github-auth-token:[email protected]/foo/bar.git',
+                $workspace
+            );
 
         $this->getMergeTargets->method('__invoke')
             ->with($workspace)
@@ -156,7 +160,11 @@ public function testWillSwitchToNewlyCreatedDefaultBranchWhenNoNewerReleaseBranc
 
         $this->fetch->expects(self::once())
             ->method('__invoke')
-            ->with('https://github-auth-token:[email protected]/foo/bar.git', $workspace);
+            ->with(
+                'https://github.com/foo/bar.git',
+                'https://github-auth-token:[email protected]/foo/bar.git',
+                $workspace
+            );
 
         $this->getMergeTargets->method('__invoke')
             ->with($workspace)
@@ -205,7 +213,11 @@ public function testWillNotSwitchDefaultBranchIfNoBranchesExist(): void
 
         $this->fetch->expects(self::once())
             ->method('__invoke')
-            ->with('https://github-auth-token:[email protected]/foo/bar.git', $workspace);
+            ->with(
+                'https://github.com/foo/bar.git',
+                'https://github-auth-token:[email protected]/foo/bar.git',
+                $workspace
+            );
 
         $this->getMergeTargets->method('__invoke')
             ->with($workspace)

test/unit/Git/FetchAndSetCurrentUserByReplacingCurrentOriginRemoteTest.php

@@ -13,6 +13,7 @@
 use Psl\Shell;
 use Psl\Str;
 use Psr\Http\Message\UriInterface;
+use Throwable;
 
 /** @covers \Laminas\AutomaticReleases\Git\FetchAndSetCurrentUserByReplacingCurrentOriginRemote */
 final class FetchAndSetCurrentUserByReplacingCurrentOriginRemoteTest extends TestCase
@@ -62,7 +63,7 @@ public function testFetchesAndSetsCurrentUser(): void
             ->willReturn($this->source);
 
         (new FetchAndSetCurrentUserByReplacingCurrentOriginRemote($this->variables))
-            ->__invoke($sourceUri, $this->destination);
+            ->__invoke($sourceUri, $sourceUri, $this->destination);
 
         self::assertSame(
             'Mr. Magoo Set',
@@ -89,7 +90,7 @@ public function testFetchesAndSetsCurrentUserWithoutOrigin(): void
         Shell\execute('git', ['remote', 'rm', 'origin'], $this->destination);
 
         (new FetchAndSetCurrentUserByReplacingCurrentOriginRemote($this->variables))
-            ->__invoke($sourceUri, $this->destination);
+            ->__invoke($sourceUri, $sourceUri, $this->destination);
 
         self::assertSame(
             'Mr. Magoo Set',
@@ -105,4 +106,43 @@ public function testFetchesAndSetsCurrentUserWithoutOrigin(): void
         self::assertStringContainsString('origin/initial-branch', $fetchedBranches);
         self::assertStringContainsString('origin/new-branch', $fetchedBranches);
     }
+
+    public function testFailingToSetARemoteWillNotLeadToSecretExfiltration(): void
+    {
+        $sourceUri            = $this->createMock(UriInterface::class);
+        $sourceUriWithSecrets = $this->createMock(UriInterface::class);
+
+        $sourceUri->method('__toString')
+            ->willReturn('https://github.com/laminas/this-repository-does-not-exist.git');
+        $sourceUriWithSecrets->method('__toString')
+            ->willReturn('https://SUPERSECRET:[email protected]/laminas/this-repository-does-not-exist.git');
+
+        $notAGitDirectory = Filesystem\create_temporary_file();
+
+        Filesystem\delete_file($notAGitDirectory);
+        Filesystem\create_directory($notAGitDirectory);
+
+        try {
+            (new FetchAndSetCurrentUserByReplacingCurrentOriginRemote($this->variables))
+                ->__invoke($sourceUri, $sourceUriWithSecrets, $notAGitDirectory);
+        } catch (Throwable $failure) {
+            self::assertDoesNotMatchRegularExpression('/SUPERSECRET/m', $failure->getMessage());
+        }
+    }
+
+    public function testGlobalGitConfigurationIsAdaptedToAllowCheckedOutRepositoryUsage(): void
+    {
+        $sourceUri = $this->createMock(UriInterface::class);
+
+        $sourceUri->method('__toString')
+            ->willReturn($this->source);
+
+        (new FetchAndSetCurrentUserByReplacingCurrentOriginRemote($this->variables))
+            ->__invoke($sourceUri, $sourceUri, $this->destination);
+
+        self::assertSame(
+            '*',
+            Str\trim(Shell\execute('git', ['config', '--get', 'safe.directory'], $this->destination))
+        );
+    }
 }

test/unit/Github/Value/RepositoryNameTest.php

@@ -16,6 +16,12 @@ public function test(): void
 
         self::assertSame('foo', $repositoryName->owner());
         self::assertSame('bar', $repositoryName->name());
+        self::assertSame(
+            'https://github.com/foo/bar.git',
+            $repositoryName
+                ->uri()
+                ->__toString()
+        );
         self::assertSame(
             'https://token:[email protected]/foo/bar.git',
             $repositoryName