Files
wehub-resource-sync bf9395e022
CI / license-header (push) Has been skipped
CI / e2e-dry-run (push) Has been skipped
CI / fast-gate (push) Failing after 0s
Test PR Label Logic / test-pr-labels (push) Failing after 1s
Skill Format Check / check-format (push) Failing after 2s
CI / security (push) Failing after 5s
CI / unit-test (push) Has been skipped
CI / lint (push) Has been skipped
CI / script-test (push) Has been skipped
CI / deterministic-gate (push) Has been skipped
CI / coverage (push) Has been skipped
CI / results (push) Has been cancelled
CI / deadcode (push) Has been cancelled
CI / e2e-live (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:22:54 +08:00

49 lines
1.7 KiB
Go

// Copyright (c) 2026 Lark Technologies Pte. Ltd.
// SPDX-License-Identifier: MIT
package apps
import (
"bytes"
"context"
"os/exec"
"regexp"
)
// commandRunner abstracts external process execution so apps +init's
// orchestration can be unit-tested without a real git binary or network.
// dir == "" runs in the current working directory; a non-empty dir runs the
// command with that working directory (git -C semantics).
type commandRunner interface {
Run(ctx context.Context, dir, name string, args ...string) (stdout, stderr string, err error)
}
// execCommandRunner is the production commandRunner backed by os/exec.
type execCommandRunner struct{}
func (execCommandRunner) Run(ctx context.Context, dir, name string, args ...string) (string, string, error) {
cmd := exec.CommandContext(ctx, name, args...)
if dir != "" {
cmd.Dir = dir
}
var stdout, stderr bytes.Buffer
cmd.Stdout = &stdout
cmd.Stderr = &stderr
err := cmd.Run()
return stdout.String(), stderr.String(), err
}
// credentialURLRe matches the userinfo segment of an http(s) URL (the
// "user:token@" part) so it can be redacted before any output or logging. The
// negated class excludes only "/" and whitespace (not "@"), so the match
// greedily consumes up to the LAST "@" before the host/path — this ensures a
// literal "@" inside the userinfo (e.g. "user:p@ss@host") is fully redacted.
var credentialURLRe = regexp.MustCompile(`(?i)(https?://)[^/\s]+@`)
// redactURLCredentials replaces the userinfo segment of any http(s) URL in s
// with "***". Safe to call on both a bare repo_url and free-form text such as
// git stderr (which echoes the full remote URL on failure).
func redactURLCredentials(s string) string {
return credentialURLRe.ReplaceAllString(s, "${1}***@")
}