github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-02 09:42:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix warning for PAT-like token with username

Browse Source
This commit is contained in:
Michael B. Gale
2026-03-16 19:34:00 +00:00
parent 28f515d9ad
commit f88d49ee5d
2 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/start-proxy-action.js generated
View File

@@ -121817,7 +121817,10 @@ function getCredentials(logger, registrySecrets, registriesCredentials, language
);
}
}
if ((!hasUsername(authConfig) || !isDefined2(authConfig.username)) && isUsernamePassword(authConfig) && isDefined2(authConfig.password) && isPAT(authConfig.password) || isToken(authConfig) && isDefined2(authConfig.token) && isPAT(authConfig.token)) {
const noUsername = !hasUsername(authConfig) || !isDefined2(authConfig.username);
const passwordIsPAT = isUsernamePassword(authConfig) && isDefined2(authConfig.password) && isPAT(authConfig.password);
const tokenIsPAT = isToken(authConfig) && isDefined2(authConfig.token) && isPAT(authConfig.token);
if (noUsername && (passwordIsPAT || tokenIsPAT)) {
logger.warning(
`A ${e.type} private registry is configured for ${e.host || e.url} using a GitHub Personal Access Token (PAT), but no username was provided. This may not work correctly. When configuring a private registry using a PAT, select "Username and password" and enter the username of the user who generated the PAT.`
);

21
src/start-proxy.ts
View File

@@ -447,15 +447,18 @@ export function getCredentials(
}
// If the password or token looks like a GitHub PAT, warn if no username is configured.
if (
((!hasUsername(authConfig) || !isDefined(authConfig.username)) &&
isUsernamePassword(authConfig) &&
isDefined(authConfig.password) &&
isPAT(authConfig.password)) ||
(isToken(authConfig) &&
isDefined(authConfig.token) &&
isPAT(authConfig.token))
) {
const noUsername =
!hasUsername(authConfig) || !isDefined(authConfig.username);
const passwordIsPAT =
isUsernamePassword(authConfig) &&
isDefined(authConfig.password) &&
isPAT(authConfig.password);
const tokenIsPAT =
isToken(authConfig) &&
isDefined(authConfig.token) &&
isPAT(authConfig.token);
if (noUsername && (passwordIsPAT || tokenIsPAT)) {
logger.warning(
`A ${e.type} private registry is configured for ${e.host || e.url} using a GitHub Personal Access Token (PAT), but no username was provided. ` +
`This may not work correctly. When configuring a private registry using a PAT, select "Username and password" and enter the username of the user ` +