From: garciadeblas Date: Tue, 22 Jul 2025 12:48:17 +0000 (+0200) Subject: Update git workflow template to perform user auth via script X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=9e75037b9b9abf6e6e08db89b25174007d325edc;p=osm%2Fdevops.git Update git workflow template to perform user auth via script Change-Id: Ic04d2dd5bd713db599696a759361839391eaa19c Signed-off-by: garciadeblas --- diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/git-wft.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/git-wft.yaml index 568a2dd9..01b19e1a 100644 --- a/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/git-wft.yaml +++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/git-wft.yaml @@ -55,34 +55,30 @@ spec: source: | FULL_URL="{{inputs.parameters.repo_url}}" DESTINATION="{{inputs.parameters.destination_folder}}" - CLONE_URL="" echo "Cloning: ${FULL_URL} . . ." [[ -n "${DESTINATION}" ]] && mkdir -p "${DESTINATION}" - # Determine final clone URL - if [[ -z "${GIT_USER}" ]]; then - CLONE_URL="${FULL_URL}" - elif [[ -n "${GIT_PASS}" ]]; then - PROTOCOL=$(echo "${FULL_URL}" | awk -F '://' '{print $1}') - BASE_URL=$(echo "${FULL_URL}" | awk -F '://' '{print $2}') - CLONE_URL="${PROTOCOL}://${GIT_USER}@${BASE_URL}" + # Follow recommendation for user auth with git using a script git-creds.sh + cat << "EOF" > "${HOME}/git-creds.sh" + #!/bin/sh + if echo "$1" | grep -q '^Password'; then + echo "${GIT_PASS}" else - echo "ERROR: Malformed invocation." - echo " FULL_URL=${FULL_URL}" - echo " GIT_USER=${GIT_USER}" - echo " DESTINATION=${DESTINATION}" - exit 1 + echo "${GIT_USER}" fi + exit 0 + EOF + chmod +x "${HOME}/git-creds.sh" # Clone mkdir -p /repos cd /repos if [[ -z "${DESTINATION}" ]]; then - echo -e "${GIT_PASS}\n" | git clone "${CLONE_URL}" + TTY=$(tty) GIT_USERNAME="${GIT_USER}" GIT_ASKPASS=~/git-creds.sh git clone "${FULL_URL}" else - echo -e "${GIT_PASS}\n" | git clone "${CLONE_URL}" "${DESTINATION}" + TTY=$(tty) GIT_USERNAME="${GIT_USER}" GIT_ASKPASS=~/git-creds.sh git clone "${FULL_URL}" "${DESTINATION}" fi - name: git-commit-merge-push @@ -127,6 +123,18 @@ spec: MAIN_BRANCH="{{inputs.parameters.main_branch}}" DRY_RUN="{{inputs.parameters.dry_run}}" + # Follow recommendation for user auth with git using a script git-creds.sh + cat << "EOF" > "${HOME}/git-creds.sh" + #!/bin/sh + if echo "$1" | grep -q '^Password'; then + echo "${GIT_PASS}" + else + echo "${GIT_USER}" + fi + exit 0 + EOF + chmod +x "${HOME}/git-creds.sh" + # Go to the repo folder cd "${DESTINATION}" @@ -147,7 +155,7 @@ spec: # Pull and merge branch git checkout ${MAIN_BRANCH} echo "Pulling latest commits from ${MAIN_BRANCH} branch (if any)..." - echo -e "${GIT_PASS}\n" | git pull + TTY=$(tty) GIT_USERNAME="${GIT_USER}" GIT_ASKPASS=~/git-creds.sh git pull echo "Merging branch ${CONTRIB_BRANCH} onto ${MAIN_BRANCH}..." git merge --no-ff "${CONTRIB_BRANCH}" @@ -155,19 +163,7 @@ spec: if [[ "${DRY_RUN}" != "true" ]] then echo "Pushing..." - cat << "EOF" > "${HOME}/git-creds.sh" - #!/bin/sh - if echo "$1" | grep -q '^Password'; then - echo "${GIT_PASS}" - else - echo "${GIT_USER}" - fi - exit 0 - EOF - - chmod +x "${HOME}/git-creds.sh" TTY=$(tty) GIT_USERNAME="${GIT_USER}" GIT_ASKPASS=~/git-creds.sh git push origin "${MAIN_BRANCH}" - else echo "DRY RUN - NO PUSH" fi