Merge pull request #231 from pmd/dependabot/npm_and_yarn/actions/gith…

…ub-6.0.0

Bump @actions/github from 5.1.1 to 6.0.0

lib/util.js

@@ -1,6 +1,6 @@
 const core = require('@actions/core');
 const github = require('@actions/github');
-const github_defaults = require('@actions/github/lib/utils').defaults;
+const github_utils = require('@actions/github/lib/utils');
 const tc = require('@actions/tool-cache');
 const exec = require('@actions/exec');
 const semver = require('semver');
@@ -111,16 +111,36 @@ async function determinePmdRelease(pmdVersion, token) {
 
 
  const PUBLIC_GITHUB_API_URL = 'https://api.github.com';
+ // the configured GitHubToken can only be used for the public GitHub instance.
+ // If the action is used on a on-premise GHES instance, then the given token is
+ // not valid for the public instance.
+ const canUseToken = github_utils.defaults.baseUrl === PUBLIC_GITHUB_API_URL;
+
  let octokit;
- if (github_defaults.baseUrl === PUBLIC_GITHUB_API_URL) {
+ if (canUseToken) {
+ core.debug(`Using token to access repos/pmd/pmd/releases/latest on ${github_utils.defaults.baseUrl}`);
  // only use authenticated token, if on public github and not on a custom GHES instance
- octokit = github.getOctokit(token);
- core.debug(`Using token to access repos/pmd/pmd/releases/latest on ${github_defaults.baseUrl}`);
+ octokit = new github_utils.GitHub({ auth: token });
  } else {
+ core.debug(`Not using token to access repos/pmd/pmd/releases/latest on ${PUBLIC_GITHUB_API_URL}, as token is for ${github_utils.defaults.baseUrl}`);
  // explicitly overwrite base url to be public github api, as pmd/pmd is only available there
  // not using the token, as that would only be valid for GHES
- octokit = new Octokit({ baseUrl: PUBLIC_GITHUB_API_URL });
- core.debug(`Not using token to access repos/pmd/pmd/releases/latest on ${PUBLIC_GITHUB_API_URL}, as token is for ${github_defaults.baseUrl}`);
+ octokit = new github_utils.GitHub({ baseUrl: PUBLIC_GITHUB_API_URL });
+ }
+
+ if (process.env['JEST_WORKER_ID']) {
+ core.debug('Detected unit test - directly using Octokit without proxy configuration');
+ // during unit test, we use Octokit directly. This uses then fetch to do the requests,
+ // which can be mocked with fetch-mock(-jest). The octokit instance retrieved via @actions/github
+ // uses under the hood undici, which uses a raw socket (node:tls), which can neither be mocked
+ // by nock nor by fetch-mock.
+ // Using @actions/github to get the octokit instance would also make sure, that the proxy configuration
+ // is respected - which is ignored now in unit tests.
+ if (canUseToken) {
+ octokit = new Octokit({ baseUrl: PUBLIC_GITHUB_API_URL, auth: token });
+ } else {
+ octokit = new Octokit({ baseUrl: PUBLIC_GITHUB_API_URL });
+ }
  }
 
  let release;
@@ -162,7 +182,18 @@ const determineModifiedFiles = async function(token, sourcePath) {
  // creating new context instead of using "github.context" to reinitialize for unit testing
  const context = new github.context.constructor();
  const eventData = context.payload;
- const octokit = github.getOctokit(token);
+ let octokit = github.getOctokit(token);
+ if (process.env['JEST_WORKER_ID']) {
+ core.debug('Detected unit test - directly using Octokit without proxy configuration');
+ // during unit test, we use Octokit directly. This uses then fetch to do the requests,
+ // which can be mocked with fetch-mock(-jest). The octokit instance retrieved via @actions/github
+ // uses under the hood undici, which uses a raw socket (node:tls), which can neither be mocked
+ // by nock nor by fetch-mock.
+ // Using @actions/github to get the octokit instance would also make sure, that the proxy configuration
+ // is respected - which is ignored now in unit tests.
+ octokit = new Octokit({ baseUrl: github_utils.defaults.baseUrl, auth: token });
+ }
+
  if (context.eventName === 'pull_request') {
  core.debug(`Pull request ${eventData.number}: ${eventData.pull_request.html_url}`);