-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use GITHUB_ACCESS_TOKEN as auth for cloning github.com private repos in HTTPS #834
Conversation
In reference of #815 The problem was actually at the time Carthage tries to resolve the dependencies with https:// urls that was failing. With private repos it is possible to skip the login phase normally required with inserting the GITHUB_ACCESS_TOKEN for all github.com URLs. |
@@ -157,7 +157,7 @@ public func cloneRepository(cloneURL: GitURL, _ destinationURL: NSURL, bare: Boo | |||
arguments.append("--bare") | |||
} | |||
|
|||
return launchGitTask(arguments + [ "--quiet", cloneURL.URLString, destinationURL.path! ]) | |||
return launchGitTask(arguments + [ "--quiet", cloneURL.URLStringWithGithubAccessToken, destinationURL.path! ]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'd be nice to bake this in earlier if possible, so that Git.swift
can know as little as possible about GitHub.swift
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So rename add another environment variable that could serve as the identity for the the git URL?
Is this still an El Capitan-specific issue? Access tokens were working correctly before, right? What changed? |
I can't say if it was working before but the token wasn't used to actually fetch/clone the repo. It was supposedly using the keychain to pick up the credentials. Now that's not working for me, on El Capitan. I realized while trying to fix the issue that it works while setting the params in the run scheme options, but not from the terminal. How should one specify creds for https github urls? |
Maybe the credential helper was affected by System Integrity Protection? Step 3 of this GitHub help article instructs to put the helper executable in the same directory as the git executable. Try Maybe also check if the git config --get --global credential.helper |
|
@jdhealy after investigation it seems that the error was related to improper configuration on my dev machine. I never use HTTPS but SSH based clones. However, in the context of CI, one may want to build the carthage framework with it's dependencies so this fix could prove helpful (once added with all domains) in those scenarios. |
Would you mind clarifying the current state of this and the bug that it's fixing? I'm a little confused based on some of the recent comments. |
The bug I experienced with HTTPS git update was not a bug but a 'wrong' config on my machine. I never use HTTPS, rather git+ssh The intended feature that it adds: GIT_AUTH=token In order to provide proper authentication to the private repository instead of adding keychain username and passwords |
let host = url.host, | ||
let auth = gitAuth[host] { | ||
return _URLString.stringByReplacingOccurrencesOfString("\(host)", withString: "\(auth)@\(host)") | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I wasn't clearer before, but I think the appropriate place to add this logic is inside GitHubRepository.HTTPSURL
. Then all the logic about GitHub authentication tokens can stay inside GitHub.swift
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll move it around then :)
Thanks for the explanation! That helped a lot. 😄 |
49b00ac
to
6363bcc
Compare
@mdiep I rebased in 1 commit and updated the commit to reflect the simple change to add auth in |
|
||
var serverAuth:String = "" | ||
if let auth = gitAuth[server.hostname] { | ||
serverAuth = "\(auth)@" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The indentation looks off on this line. Otherwise this looks great! ✨
6363bcc
to
d8ca5cf
Compare
d8ca5cf
to
cde1a54
Compare
rebased and pushed should the PR be on the master instead? |
Minor concern: could the modified URL (specifically, including the token) show up in any files written to disk? Mainly, |
@jdhealy I don't believe we should store the token anywhere, and that it should be per environment basis. I just checked and when using --use-submodules the token doesn't get stored locally in .git/config is that the behaviour you'd expect? |
Yeah, that would probably be a good idea. 👍 |
@flovilmart Cool, seems like LGTM 👍 |
@jdhealy I unfortunately started this branch out of the swift-2 branch. This branch also seems fully functional now. Any plan / schedule to merge swift-2 to master? |
We're waiting on our upstream dependencies to create Swift 2 releases. So I think it will be another week or two yet. |
I had no problems with Xcode 7 to build :) |
+1 |
Swift 2 is on master now if you want to retarget this PR. |
@mdiep I need to close and reopen? |
See #891 |
When specifying GIT_AUTH environment variable in the form of either "domain.com=token" or "domain.com=username:pass" the value will be injected into the git url to provide headless authentication for build servers.
The default "token" or "username:password" will be applied to all github.com requests.