You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While investigating #40, I noticed that WriteToken in plugin.go doesn't actually do anything. It appears that it should be transforming a URL like https://example.com/path.git into https://user:pass@example.com/path.git based on the contents of DRONE_NETRC_USERNAME and DRONE_NETRC_PASSWORD.
But that doesn't happen, because WriteToken is a value receiver rather than a pointer receiver:
So WriteToken is just updating a copy of the config.
But just turning WriteToken into a pointer receiver would be worse. The DRONE_NETRC_* credentials are for the server you're cloning from. If you're pushing to a different server, then you're going to send the credentials for your source repo, which is probably not what you want.
I'm not that familiar with how git uses .netrc, but maybe adding the user/pass to the URL is unnecessary, since drone-git-push also writes .netrc? And .netrc has a machine name that prevents us from sending credentials to an unintended server.
The text was updated successfully, but these errors were encountered:
While investigating #40, I noticed that
WriteToken
inplugin.go
doesn't actually do anything. It appears that it should be transforming a URL likehttps://example.com/path.git
intohttps://user:pass@example.com/path.git
based on the contents ofDRONE_NETRC_USERNAME
andDRONE_NETRC_PASSWORD
.But that doesn't happen, because WriteToken is a value receiver rather than a pointer receiver:
So
WriteToken
is just updating a copy of the config.But just turning
WriteToken
into a pointer receiver would be worse. TheDRONE_NETRC_*
credentials are for the server you're cloning from. If you're pushing to a different server, then you're going to send the credentials for your source repo, which is probably not what you want.I'm not that familiar with how git uses
.netrc
, but maybe adding the user/pass to the URL is unnecessary, since drone-git-push also writes.netrc
? And.netrc
has a machine name that prevents us from sending credentials to an unintended server.The text was updated successfully, but these errors were encountered: