actions/astral-sh-setup-uv
2
0
Fork 0
mirror of https://github.com/astral-sh/setup-uv.git synced 2026-05-13 13:25:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Limit GitHub tokens to github.com download URLs (#878)
Some checks are pending
CodeQL / Analyze (push) Waiting to run
Details
test / test-default-version (macos-latest) (push) Waiting to run
Details
test / test-default-version (ubuntu-latest) (push) Waiting to run
Details
Release Drafter / ✏️ Draft release (push) Waiting to run
Details
test / lint (push) Waiting to run
Details
test / test-default-version (macos-14) (push) Waiting to run
Details
test / test-specific-version (map[expected-version:0.3.0 version-input:0.3.0]) (push) Waiting to run
Details
test / test-specific-version (map[expected-version:0.3.5 version-input:0.3.x]) (push) Waiting to run
Details
test / test-specific-version (map[expected-version:0.3.5 version-input:0.3]) (push) Waiting to run
Details
test / test-default-version (windows-latest) (push) Waiting to run
Details
test / test-uv-no-modify-path (push) Waiting to run
Details
test / test-specific-version (map[expected-version:0.1.0 resolution-strategy:lowest version-input:>=0.1.0,<0.2]) (push) Waiting to run
Details
test / test-specific-version (map[expected-version:0.1.45 resolution-strategy:highest version-input:>=0.1,<0.2]) (push) Waiting to run
Details
test / test-with-explicit-token (push) Waiting to run
Details
test / test-uvx (push) Waiting to run
Details
test / test-tool-install (macos-14) (push) Waiting to run
Details
test / test-specific-version (map[expected-version:0.3.2 version-input:0.3.2]) (push) Waiting to run
Details
test / test-from-working-directory-version (map[expected-version:0.5.15 working-directory:__tests__/fixtures/uv-toml-project]) (push) Waiting to run
Details
test / test-specific-version (map[expected-version:0.4.25 resolution-strategy:lowest version-input:>=0.4.25,<0.5]) (push) Waiting to run
Details
test / test-specific-version (map[expected-version:0.4.25 resolution-strategy:lowest version-input:>=0.4.25]) (push) Waiting to run
Details
test / test-specific-version (map[expected-version:0.4.30 version-input:>=0.4.25,<0.5]) (push) Waiting to run
Details
test / test-latest-version (>=0.8) (push) Waiting to run
Details
test / test-latest-version (latest) (push) Waiting to run
Details
test / test-from-working-directory-version (map[expected-version:0.5.14 working-directory:__tests__/fixtures/pyproject-toml-project]) (push) Waiting to run
Details
test / test-version-file-version (map[expected-version:0.5.15 version-file:__tests__/fixtures/.tool-versions]) (push) Waiting to run
Details
test / test-version-file-version (map[expected-version:0.6.17 version-file:__tests__/fixtures/uv-in-requirements-txt-project/requirements.txt]) (push) Waiting to run
Details
test / test-version-file-version (map[expected-version:0.8.3 version-file:__tests__/fixtures/uv-in-requirements-hash-txt-project/requirements.txt]) (push) Waiting to run
Details
test / test-malformed-pyproject-file-fallback (push) Waiting to run
Details
test / test-checksum (map[checksum:4d9279ad5ca596b1e2d703901d508430eb07564dc4d8837de9e2fca9c90f8ecd os:ubuntu-latest]) (push) Waiting to run
Details
test / test-checksum (map[checksum:a70cbfbf3bb5c08b2f84963b4f12c94e08fbb2468ba418a3bfe1066fbe9e7218 os:macos-latest]) (push) Waiting to run
Details
test / test-tool-install (macos-latest) (push) Waiting to run
Details
test / test-tool-install (ubuntu-latest) (push) Waiting to run
Details
test / test-tool-install (windows-latest) (push) Waiting to run
Details
test / test-python-version (macos-latest) (push) Waiting to run
Details
test / test-python-version (ubuntu-latest) (push) Waiting to run
Details
test / test-python-version (windows-latest) (push) Waiting to run
Details
test / test-activate-environment (macos-latest) (push) Waiting to run
Details
test / test-restore-cache (auto, windows-latest) (push) Blocked by required conditions
Details
test / test-activate-environment (ubuntu-latest) (push) Waiting to run
Details
test / test-activate-environment (windows-latest) (push) Waiting to run
Details
test / test-musl (push) Waiting to run
Details
test / test-restore-cache-restore-cache-false (push) Blocked by required conditions
Details
test / test-cache-local (map[expected-cache-dir:/home/runner/work/_temp/setup-uv-cache os:ubuntu-latest]) (push) Waiting to run
Details
test / test-cache-local (map[expected-cache-dir:D:\a\_temp\setup-uv-cache os:windows-latest]) (push) Waiting to run
Details
test / test-activate-environment-custom-path (macos-latest) (push) Waiting to run
Details
test / test-activate-environment-custom-path (ubuntu-latest) (push) Waiting to run
Details
test / test-activate-environment-custom-path (windows-latest) (push) Waiting to run
Details
test / test-activate-environment-no-project (push) Waiting to run
Details
test / test-debian-unstable (push) Waiting to run
Details
test / test-cache-key-os-version (macos-14, macos-14) (push) Waiting to run
Details
test / test-cache-key-os-version (macos-15, macos-15) (push) Waiting to run
Details
test / test-cache-key-os-version (ubuntu-22.04, ubuntu-22.04) (push) Waiting to run
Details
test / test-cache-key-os-version (ubuntu-24.04, ubuntu-24.04) (push) Waiting to run
Details
test / test-cache-key-os-version (windows-2022, windows-2022) (push) Waiting to run
Details
test / test-cache-key-os-version (windows-2025, windows-2025) (push) Waiting to run
Details
test / test-setup-cache (auto, ubuntu-latest) (push) Waiting to run
Details
test / test-setup-cache (auto, windows-latest) (push) Waiting to run
Details
test / test-setup-cache (false, ubuntu-latest) (push) Waiting to run
Details
test / test-setup-cache (false, windows-latest) (push) Waiting to run
Details
test / test-setup-cache (true, ubuntu-latest) (push) Waiting to run
Details
test / test-setup-cache (true, windows-latest) (push) Waiting to run
Details
test / test-restore-cache (auto, ubuntu-latest) (push) Blocked by required conditions
Details
test / test-restore-cache (false, ubuntu-latest) (push) Blocked by required conditions
Details
test / test-restore-cache (false, windows-latest) (push) Blocked by required conditions
Details
test / test-restore-cache (true, ubuntu-latest) (push) Blocked by required conditions
Details
test / test-setup-cache-requirements-txt (push) Waiting to run
Details
test / test-restore-cache-requirements-txt (push) Blocked by required conditions
Details
test / test-setup-cache-dependency-glob (push) Waiting to run
Details
test / test-restore-cache (true, windows-latest) (push) Blocked by required conditions
Details
test / test-restore-cache-dependency-glob (push) Blocked by required conditions
Details
test / test-setup-cache-save-cache-false (push) Waiting to run
Details
test / test-restore-cache-save-cache-false (push) Blocked by required conditions
Details
test / test-setup-cache-restore-cache-false (push) Waiting to run
Details
test / test-cache-local-cache-disabled (push) Waiting to run
Details
test / test-cache-local-cache-disabled-but-explicit-path (push) Waiting to run
Details
test / test-no-python-version (push) Waiting to run
Details
test / test-custom-manifest-file (push) Waiting to run
Details
test / test-absolute-path (push) Waiting to run
Details
test / test-relative-path (push) Waiting to run
Details
test / test-cache-prune-force (push) Waiting to run
Details
test / test-act (push) Waiting to run
Details
test / validate-typings (push) Waiting to run
Details
test / all-tests-passed (push) Blocked by required conditions
Details
test / test-cache-dir-from-file (push) Waiting to run
Details
test / test-cache-python-missing-managed-install-dir (push) Waiting to run
Details
test / test-cache-python-installs (push) Waiting to run
Details
test / test-restore-python-installs (push) Blocked by required conditions
Details
test / test-python-install-dir (map[expected-python-dir:/home/runner/work/_temp/uv-python-dir os:ubuntu-latest]) (push) Waiting to run
Details
test / test-python-install-dir (map[expected-python-dir:D:\a\_temp\uv-python-dir os:windows-latest]) (push) Waiting to run
Details

Browse source 
This makes the Astral mirror slightly less special.
This commit is contained in:
Zsolt Dollenstein 2026-05-13 12:26:05 +01:00 committed by GitHub
parent 7568f55a9a
commit 853401723d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 47 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

24
__tests__/download/download-version.test.ts
View file

@ -223,7 +223,7 @@ describe("download-version", () => {
);
});
it("does not rewrite non-GitHub URLs", async () => {
it("does not send the token to non-GitHub URLs from the default manifest", async () => {
mockGetArtifact.mockResolvedValue({
archiveFormat: "tar.gz",
checksum: "abc123",
@ -241,8 +241,30 @@ describe("download-version", () => {
expect(mockDownloadTool).toHaveBeenCalledWith(
"https://example.com/uv.tar.gz",
undefined,
undefined,
);
});
it("does not send the token to GitHub lookalike hosts", async () => {
mockGetArtifact.mockResolvedValue({
archiveFormat: "tar.gz",
checksum: "abc123",
downloadUrl: "https://github.com.evil.test/uv.tar.gz",
});
await downloadVersion(
"unknown-linux-gnu",
"x86_64",
"0.9.26",
undefined,
"token",
);
expect(mockDownloadTool).toHaveBeenCalledWith(
"https://github.com.evil.test/uv.tar.gz",
undefined,
undefined,
);
});
it("falls back to GitHub Releases when the mirror fails", async () => {

12
dist/setup/index.cjs generated vendored
View file

@ -97007,7 +97007,6 @@ async function downloadVersion(platform2, arch3, version3, checksum, githubToken
const resolvedChecksum = manifestUrl === void 0 ? checksum : resolveChecksum(checksum, artifact.checksum);
const mirrorUrl = rewriteToMirror(artifact.downloadUrl);
const downloadUrl = mirrorUrl ?? artifact.downloadUrl;
const downloadToken = mirrorUrl !== void 0 ? void 0 : githubToken;
try {
return await downloadArtifact(
downloadUrl,
@ -97016,7 +97015,7 @@ async function downloadVersion(platform2, arch3, version3, checksum, githubToken
arch3,
version3,
resolvedChecksum,
downloadToken
githubTokenForUrl(downloadUrl, githubToken)
);
} catch (err) {
if (mirrorUrl === void 0) {
@ -97032,7 +97031,7 @@ async function downloadVersion(platform2, arch3, version3, checksum, githubToken
arch3,
version3,
resolvedChecksum,
githubToken
githubTokenForUrl(artifact.downloadUrl, githubToken)
);
}
}
@ -97042,6 +97041,13 @@ function rewriteToMirror(url2) {
}
return ASTRAL_MIRROR_PREFIX + url2.slice(GITHUB_RELEASES_PREFIX.length);
}
function githubTokenForUrl(downloadUrl, githubToken) {
try {
return new URL(downloadUrl).origin === "https://github.com" ? githubToken : void 0;
} catch {
return void 0;
}
}
async function downloadArtifact(downloadUrl, artifactName, platform2, arch3, version3, checksum, githubToken) {
info(`Downloading uv from "${downloadUrl}" ...`);
const downloadPath = await downloadTool(

19
src/download/download-version.ts
View file

@ -54,8 +54,6 @@ export async function downloadVersion(
const mirrorUrl = rewriteToMirror(artifact.downloadUrl);
const downloadUrl = mirrorUrl ?? artifact.downloadUrl;
// Don't send the GitHub token to the Astral mirror.
const downloadToken = mirrorUrl !== undefined ? undefined : githubToken;
try {
return await downloadArtifact(
@ -65,7 +63,7 @@ export async function downloadVersion(
arch,
version,
resolvedChecksum,
downloadToken,
githubTokenForUrl(downloadUrl, githubToken),
);
} catch (err) {
if (mirrorUrl === undefined) {
@ -83,7 +81,7 @@ export async function downloadVersion(
arch,
version,
resolvedChecksum,
githubToken,
githubTokenForUrl(artifact.downloadUrl, githubToken),
);
}
}
@ -100,6 +98,19 @@ export function rewriteToMirror(url: string): string | undefined {
return ASTRAL_MIRROR_PREFIX + url.slice(GITHUB_RELEASES_PREFIX.length);
}
function githubTokenForUrl(
downloadUrl: string,
githubToken: string,
): string | undefined {
try {
return new URL(downloadUrl).origin === "https://github.com"
? githubToken
: undefined;
} catch {
return undefined;
}
}
async function downloadArtifact(
downloadUrl: string,
artifactName: string,