Git steps: implement auth by user/password #7543
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implement user/password authentication for the Git and GitPush steps (first part of #7384).
Authentication is handled with the builtin git credential flow using the git-credential-store backend.
Credentials are stored using
git credential approve
.An alternative implementation could directly write the credential file that git-credential-store would read, but it's not supposed to be user facing (see doc: "Do not view or edit the file with editors") so might be subject to change in the future.
Whereas the git credential IOFormat is defined and should be stable.
Also, it allow to implement auth through another git-credential backend in the future if needed.
Credentials can be provided to the steps as a simple user/password tuple with
auth_credentials
, in which case, it will complete the auth form with therepourl
the step is supposed to clone.It's also possible to directly provide the
git credential
form throughgit_credentials
(GitCredentialOptions
). This might be needed for repositories that have submodule which are private and require a different set of credentials.GitCredentialOptions
also has ause_http_path
member to override the config value of the same name. This is needed in case multiple credentials are needed for the same host (eg. GIthub repositories owner by different org/user). See doc.I'll implement the same mechanism in
GitPoller
in another PR once this one is accepted as it require some more code change to provide a way forGitServiceAuth
to run commands.PS: Thanks for the
async_to_deferred
helper!Contributor Checklist:
newsfragments
directory (and read theREADME.txt
in that directory)