mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

build: migrate to new chromium git auth (#47254)

Browse source 
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
This commit is contained in:
trop[bot] 2025-05-27 12:50:03 -04:00 committed by GitHub
commit dd054ea748
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 75 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/actions/checkout/action.yml vendored
View file

@ -20,8 +20,8 @@ runs:
echo "GIT_CACHE_PATH=$(pwd)/git-cache" >> $GITHUB_ENV echo "GIT_CACHE_PATH=$(pwd)/git-cache" >> $GITHUB_ENV
- name: Install Dependencies - name: Install Dependencies
uses: ./src/electron/.github/actions/install-dependencies uses: ./src/electron/.github/actions/install-dependencies
- name: Set Chromium Git Cookie - name: Set Chromium Git Helper
uses: ./src/electron/.github/actions/set-chromium-cookie uses: ./src/electron/.github/actions/set-chromium-git-helper
- name: Install Build Tools - name: Install Build Tools
uses: ./src/electron/.github/actions/install-build-tools uses: ./src/electron/.github/actions/install-build-tools
- name: Generate DEPS Hash - name: Generate DEPS Hash

58
.github/actions/set-chromium-cookie/action.yml vendored
View file

@ -1,58 +0,0 @@
name: 'Set Chromium Git Cookie'
description: 'Sets an authenticated cookie from Chromium to allow for a higher request limit'
runs:
using: "composite"
steps:
- name: Set the git cookie from chromium.googlesource.com (Unix)
if: ${{ runner.os != 'Windows' }}
shell: bash
run: |
if [[ -z "${{ env.CHROMIUM_GIT_COOKIE }}" ]]; then
echo "CHROMIUM_GIT_COOKIE is not set - cannot authenticate."
exit 0
fi
eval 'set +o history' 2>/dev/null || setopt HIST_IGNORE_SPACE 2>/dev/null
touch ~/.gitcookies
chmod 0600 ~/.gitcookies
git config --global http.cookiefile ~/.gitcookies
tr , \\t <<\__END__ >>~/.gitcookies
${{ env.CHROMIUM_GIT_COOKIE }}
__END__
eval 'set -o history' 2>/dev/null || unsetopt HIST_IGNORE_SPACE 2>/dev/null
RESPONSE=$(curl -s -b ~/.gitcookies https://chromium-review.googlesource.com/a/accounts/self)
if [[ $RESPONSE == ")]}'"* ]]; then
# Extract account email for verification
EMAIL=$(echo "$RESPONSE" | tail -c +5 | jq -r '.email // "No email found"')
echo "Cookie authentication successful - authenticated as: $EMAIL"
else
echo "Cookie authentication failed - ensure CHROMIUM_GIT_COOKIE is set correctly"
echo $RESPONSE
fi
- name: Set the git cookie from chromium.googlesource.com (Windows)
if: ${{ runner.os == 'Windows' }}
shell: cmd
run: |
if "%CHROMIUM_GIT_COOKIE_WINDOWS_STRING%"=="" (
echo CHROMIUM_GIT_COOKIE_WINDOWS_STRING is not set - cannot authenticate.
exit /b 0
)
git config --global http.cookiefile "%USERPROFILE%\.gitcookies"
powershell -noprofile -nologo -command Write-Output "${{ env.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}" >>"%USERPROFILE%\.gitcookies"
curl -s -b "%USERPROFILE%\.gitcookies" https://chromium-review.googlesource.com/a/accounts/self > response.txt
findstr /B /C:")]}'" response.txt > nul
if %ERRORLEVEL% EQU 0 (
echo Cookie authentication successful
powershell -NoProfile -Command "& {$content = Get-Content -Raw response.txt; $content = $content.Substring(4); try { $json = ConvertFrom-Json $content; if($json.email) { Write-Host 'Authenticated as:' $json.email } else { Write-Host 'No email found in response' } } catch { Write-Host 'Error parsing JSON:' $_ }}"
) else (
echo Cookie authentication failed - ensure CHROMIUM_GIT_COOKIE_WINDOWS_STRING is set correctly
type response.txt
)
del response.txt

41
.github/actions/set-chromium-git-helper/action.yml vendored Normal file
View file

@ -0,0 +1,41 @@
name: 'Set Chromium Git Helper'
description: 'Sets Chromium Git Helper to allow for a higher request limit'
runs:
using: "composite"
steps:
- name: Save the chromium git credentials to a file
shell: bash
run: |
if [[ -z "${{ env.CHROMIUM_GIT_AUTH }}" ]]; then
echo "CHROMIUM_GIT_AUTH is not set - cannot authenticate."
exit 0
fi
if [[ "${{ runner.os }}" != "Windows" ]]; then
cd $HOME
fi
echo "${{ env.CHROMIUM_GIT_AUTH }}" > .chromium_git_auth
- name: Set the chromium git helper to use auth from a file
shell: bash
run: |
if [[ "${{ runner.os }}" == "Windows" ]]; then
if [[ ! -f "/c/actions-runner/_work/electron/electron/.chromium_git_auth" ]]; then
echo "File /c/actions-runner/_work/electron/electron/.chromium_git_auth does not exist - cannot authenticate."
exit 0
fi
else
if [[ ! -f "$HOME/.chromium_git_auth" ]]; then
echo "File $HOME/.chromium_git_auth does not exist - cannot authenticate."
exit 0
fi
fi
if [[ -z "${{ env.CHROMIUM_GIT_USER }}" ]]; then
echo "CHROMIUM_GIT_USER is not set - cannot authenticate."
exit 0
fi
git config --global credential.https://chromium.googlesource.com.username "${{ env.CHROMIUM_GIT_USER }}"
if [[ "${{ runner.os }}" == "Windows" ]]; then
git config --global credential.https://chromium.googlesource.com.helper '!f() { test "$1" = get && echo "password=$(cat /c/actions-runner/_work/electron/electron/.chromium_git_auth)"; }; f'
else
git config --global credential.https://chromium.googlesource.com.helper '!f() { test "$1" = get && echo "password=$(cat $HOME/.chromium_git_auth)"; }; f'
fi

10
.github/workflows/build.yml vendored
View file

@ -100,7 +100,8 @@ jobs:
- /mnt/cross-instance-cache:/mnt/cross-instance-cache - /mnt/cross-instance-cache:/mnt/cross-instance-cache
- /var/run/sas:/var/run/sas - /var/run/sas:/var/run/sas
env: env:
CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }} CHROMIUM_GIT_AUTH: ${{ secrets.CHROMIUM_GIT_AUTH }}
CHROMIUM_GIT_USER: ${{ secrets.CHROMIUM_GIT_USER }}
GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac' GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
outputs: outputs:
build-image-sha: ${{ needs.setup.outputs.build-image-sha }} build-image-sha: ${{ needs.setup.outputs.build-image-sha }}
@ -128,7 +129,8 @@ jobs:
- /mnt/cross-instance-cache:/mnt/cross-instance-cache - /mnt/cross-instance-cache:/mnt/cross-instance-cache
- /var/run/sas:/var/run/sas - /var/run/sas:/var/run/sas
env: env:
CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }} CHROMIUM_GIT_AUTH: ${{ secrets.CHROMIUM_GIT_AUTH }}
CHROMIUM_GIT_USER: ${{ secrets.CHROMIUM_GIT_USER }}
GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
PATCH_UP_APP_CREDS: ${{ secrets.PATCH_UP_APP_CREDS }} PATCH_UP_APP_CREDS: ${{ secrets.PATCH_UP_APP_CREDS }}
outputs: outputs:
@ -154,8 +156,8 @@ jobs:
- /mnt/win-cache:/mnt/win-cache - /mnt/win-cache:/mnt/win-cache
- /var/run/sas:/var/run/sas - /var/run/sas:/var/run/sas
env: env:
CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }} CHROMIUM_GIT_AUTH: ${{ secrets.CHROMIUM_GIT_AUTH }}
CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }} CHROMIUM_GIT_USER: ${{ secrets.CHROMIUM_GIT_USER }}
GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True' GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
TARGET_OS: 'win' TARGET_OS: 'win'
ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1' ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1'

3
.github/workflows/linux-publish.yml vendored
View file

@ -27,7 +27,8 @@ jobs:
- /mnt/cross-instance-cache:/mnt/cross-instance-cache - /mnt/cross-instance-cache:/mnt/cross-instance-cache
- /var/run/sas:/var/run/sas - /var/run/sas:/var/run/sas
env: env:
CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }} CHROMIUM_GIT_AUTH: ${{ secrets.CHROMIUM_GIT_AUTH }}
CHROMIUM_GIT_USER: ${{ secrets.CHROMIUM_GIT_USER }}
GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
steps: steps:
- name: Checkout Electron - name: Checkout Electron

3
.github/workflows/macos-publish.yml vendored
View file

@ -28,7 +28,8 @@ jobs:
- /mnt/cross-instance-cache:/mnt/cross-instance-cache - /mnt/cross-instance-cache:/mnt/cross-instance-cache
- /var/run/sas:/var/run/sas - /var/run/sas:/var/run/sas
env: env:
CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }} CHROMIUM_GIT_AUTH: ${{ secrets.CHROMIUM_GIT_AUTH }}
CHROMIUM_GIT_USER: ${{ secrets.CHROMIUM_GIT_USER }}
GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac' GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
steps: steps:
- name: Checkout Electron - name: Checkout Electron

7
.github/workflows/pipeline-electron-lint.yml vendored
View file

@ -13,7 +13,8 @@ concurrency:
cancel-in-progress: ${{ github.ref_protected != true }} cancel-in-progress: ${{ github.ref_protected != true }}
env: env:
CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }} CHROMIUM_GIT_AUTH: ${{ secrets.CHROMIUM_GIT_AUTH }}
CHROMIUM_GIT_USER: ${{ secrets.CHROMIUM_GIT_USER }}
jobs: jobs:
lint: lint:
@ -30,8 +31,8 @@ jobs:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
- name: Install Dependencies - name: Install Dependencies
uses: ./src/electron/.github/actions/install-dependencies uses: ./src/electron/.github/actions/install-dependencies
- name: Set Chromium Git Cookie - name: Set Chromium Git Helper
uses: ./src/electron/.github/actions/set-chromium-cookie uses: ./src/electron/.github/actions/set-chromium-git-helper
- name: Setup third_party Depot Tools - name: Setup third_party Depot Tools
shell: bash shell: bash
run: | run: |

8
.github/workflows/pipeline-segment-electron-build.yml vendored
View file

@ -65,8 +65,8 @@ concurrency:
cancel-in-progress: ${{ github.ref_protected != true }} cancel-in-progress: ${{ github.ref_protected != true }}
env: env:
CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }} CHROMIUM_GIT_AUTH: ${{ secrets.CHROMIUM_GIT_AUTH }}
CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }} CHROMIUM_GIT_USER: ${{ secrets.CHROMIUM_GIT_USER }}
ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }} ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }} ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }} SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
@ -127,8 +127,8 @@ jobs:
GN_EXTRA_ARGS='is_asan=true' GN_EXTRA_ARGS='is_asan=true'
fi fi
echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
- name: Set Chromium Git Cookie - name: Set Chromium Git Helper
uses: ./src/electron/.github/actions/set-chromium-cookie uses: ./src/electron/.github/actions/set-chromium-git-helper
- name: Install Build Tools - name: Install Build Tools
uses: ./src/electron/.github/actions/install-build-tools uses: ./src/electron/.github/actions/install-build-tools
- name: Generate DEPS Hash - name: Generate DEPS Hash

4
.github/workflows/pipeline-segment-electron-gn-check.yml vendored
View file

@ -66,8 +66,8 @@ jobs:
- name: Check disk space after freeing up space - name: Check disk space after freeing up space
if: ${{ inputs.target-platform == 'macos' }} if: ${{ inputs.target-platform == 'macos' }}
run: df -h run: df -h
- name: Set Chromium Git Cookie - name: Set Chromium Git Helper
uses: ./src/electron/.github/actions/set-chromium-cookie uses: ./src/electron/.github/actions/set-chromium-git-helper
- name: Install Build Tools - name: Install Build Tools
uses: ./src/electron/.github/actions/install-build-tools uses: ./src/electron/.github/actions/install-build-tools
- name: Enable windows toolchain - name: Enable windows toolchain

8
.github/workflows/pipeline-segment-electron-test.yml vendored
View file

@ -36,8 +36,8 @@ permissions:
pull-requests: read pull-requests: read
env: env:
CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }} CHROMIUM_GIT_AUTH: ${{ secrets.CHROMIUM_GIT_AUTH }}
CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }} CHROMIUM_GIT_USER: ${{ secrets.CHROMIUM_GIT_USER }}
ELECTRON_OUT_DIR: Default ELECTRON_OUT_DIR: Default
ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }} ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
@ -126,8 +126,8 @@ jobs:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
- name: Install Dependencies - name: Install Dependencies
uses: ./src/electron/.github/actions/install-dependencies uses: ./src/electron/.github/actions/install-dependencies
- name: Set Chromium Git Cookie - name: Set Chromium Git Helper
uses: ./src/electron/.github/actions/set-chromium-cookie uses: ./src/electron/.github/actions/set-chromium-git-helper
- name: Get Depot Tools - name: Get Depot Tools
timeout-minutes: 5 timeout-minutes: 5
run: | run: |

11
.github/workflows/pipeline-segment-node-nan-test.yml vendored
View file

@ -31,7 +31,8 @@ concurrency:
cancel-in-progress: ${{ github.ref_protected != true }} cancel-in-progress: ${{ github.ref_protected != true }}
env: env:
CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }} CHROMIUM_GIT_AUTH: ${{ secrets.CHROMIUM_GIT_AUTH }}
CHROMIUM_GIT_USER: ${{ secrets.CHROMIUM_GIT_USER }}
ELECTRON_OUT_DIR: Default ELECTRON_OUT_DIR: Default
ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }} ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
@ -51,8 +52,8 @@ jobs:
path: src/electron path: src/electron
fetch-depth: 0 fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
- name: Set Chromium Git Cookie - name: Set Chromium Git Helper
uses: ./src/electron/.github/actions/set-chromium-cookie uses: ./src/electron/.github/actions/set-chromium-git-helper
- name: Install Build Tools - name: Install Build Tools
uses: ./src/electron/.github/actions/install-build-tools uses: ./src/electron/.github/actions/install-build-tools
- name: Init Build Tools - name: Init Build Tools
@ -105,8 +106,8 @@ jobs:
path: src/electron path: src/electron
fetch-depth: 0 fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
- name: Set Chromium Git Cookie - name: Set Chromium Git Helper
uses: ./src/electron/.github/actions/set-chromium-cookie uses: ./src/electron/.github/actions/set-chromium-git-helper
- name: Install Build Tools - name: Install Build Tools
uses: ./src/electron/.github/actions/install-build-tools uses: ./src/electron/.github/actions/install-build-tools
- name: Init Build Tools - name: Init Build Tools

3
.github/workflows/windows-publish.yml vendored
View file

@ -28,7 +28,8 @@ jobs:
- /mnt/win-cache:/mnt/win-cache - /mnt/win-cache:/mnt/win-cache
- /var/run/sas:/var/run/sas - /var/run/sas:/var/run/sas
env: env:
CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }} CHROMIUM_GIT_AUTH: ${{ secrets.CHROMIUM_GIT_AUTH }}
CHROMIUM_GIT_USER: ${{ secrets.CHROMIUM_GIT_USER }}
GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True' GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
TARGET_OS: 'win' TARGET_OS: 'win'
ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1' ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1'