SetupRepoAuth determines the desired AuthMethod based on options.GitURL: | Git URL format | GIT_USERNAME | GIT_PASSWORD | Auth Method | | ------------------------|--------------|--------------|-------------| | https?://host.tld/repo | Not Set | Not Set | None | | https?:/
(logf func(string, ...any), options *options.Options)
| 247 | // 2. An SCP-like URL (e.g. git@host.tld:path/to/repo.git) |
| 248 | // 3. Local filesystem paths (require `git` executable) |
| 249 | func SetupRepoAuth(logf func(string, ...any), options *options.Options) transport.AuthMethod { |
| 250 | if options.GitURL == "" { |
| 251 | logf("❔ No Git URL supplied!") |
| 252 | return nil |
| 253 | } |
| 254 | parsedURL, err := ebutil.ParseRepoURL(options.GitURL) |
| 255 | if err != nil { |
| 256 | logf("❌ Failed to parse Git URL: %s", err.Error()) |
| 257 | return nil |
| 258 | } |
| 259 | |
| 260 | if parsedURL.Protocol == "http" || parsedURL.Protocol == "https" { |
| 261 | // Special case: no auth |
| 262 | if options.GitUsername == "" && options.GitPassword == "" { |
| 263 | logf("👤 Using no authentication!") |
| 264 | return nil |
| 265 | } |
| 266 | // Basic Auth |
| 267 | // NOTE: we previously inserted the credentials into the repo URL. |
| 268 | // This was removed in https://github.com/coder/envbuilder/pull/141 |
| 269 | logf("🔒 Using HTTP basic authentication!") |
| 270 | return &githttp.BasicAuth{ |
| 271 | Username: options.GitUsername, |
| 272 | Password: options.GitPassword, |
| 273 | } |
| 274 | } |
| 275 | |
| 276 | if parsedURL.Protocol == "file" { |
| 277 | // go-git will try to fallback to using the `git` command for local |
| 278 | // filesystem clones. However, it's more likely than not that the |
| 279 | // `git` command is not present in the container image. Log a warning |
| 280 | // but continue. Also, no auth. |
| 281 | logf("🚧 Using local filesystem clone! This requires the git executable to be present!") |
| 282 | return nil |
| 283 | } |
| 284 | |
| 285 | // Generally git clones over SSH use the 'git' user, but respect |
| 286 | // GIT_USERNAME if set. |
| 287 | if options.GitUsername == "" { |
| 288 | options.GitUsername = "git" |
| 289 | } |
| 290 | |
| 291 | // Assume SSH auth for all other formats. |
| 292 | logf("🔑 Using SSH authentication!") |
| 293 | |
| 294 | var signer ssh.Signer |
| 295 | if options.GitSSHPrivateKeyPath != "" { |
| 296 | s, err := ReadPrivateKey(options.GitSSHPrivateKeyPath) |
| 297 | if err != nil { |
| 298 | logf("❌ Failed to read private key from %s: %s", options.GitSSHPrivateKeyPath, err.Error()) |
| 299 | } else { |
| 300 | logf("🔑 Using %s key!", s.PublicKey().Type()) |
| 301 | signer = s |
| 302 | } |
| 303 | } |
| 304 | |
| 305 | // If no path was provided, fall back to the environment variable |
| 306 | if options.GitSSHPrivateKeyBase64 != "" { |