forked from argoproj/argo-workflows
-
Notifications
You must be signed in to change notification settings - Fork 0
/
git.go
77 lines (72 loc) · 2.38 KB
/
git.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package git
import (
"fmt"
"io/ioutil"
"net/url"
"os"
"strings"
wfv1 "github.com/argoproj/argo/api/workflow/v1alpha1"
"github.com/argoproj/argo/errors"
"github.com/argoproj/argo/workflow/common"
)
// GitArtifactDriver is the artifact driver for a git repo
type GitArtifactDriver struct {
Username string
Password string
}
// Load download artifacts from an git URL
// Credentials are temporarily stored in a git-credentials file during the clone
// and deleted before returning. This is to prevent credentials from inadvertently
// leaking such as in the repo_dir/.git/config or logging an insecure url.
func (g *GitArtifactDriver) Load(inputArtifact *wfv1.Artifact, path string) error {
if g.Username != "" || g.Password != "" {
// Formulate an insecure repo URL which incorporates the credentials which
// we temporarily store it to a git-credentials file during the clone.
insecureURL, err := url.Parse(inputArtifact.Git.Repo)
if err != nil {
return errors.InternalWrapError(err)
}
insecureURL.User = url.UserPassword(g.Username, g.Password)
tmpfile, err := ioutil.TempFile("", "git-cred-")
if err != nil {
return errors.InternalWrapError(err)
}
defer func() {
_ = os.Remove(tmpfile.Name())
}()
content := []byte(insecureURL.String() + "\n")
if _, err := tmpfile.Write(content); err != nil {
return errors.InternalWrapError(err)
}
if err := tmpfile.Close(); err != nil {
return errors.InternalWrapError(err)
}
err = common.RunCommand("git", "config", "--global", "credential.helper", fmt.Sprintf("store --file=%s", tmpfile.Name()))
if err != nil {
return err
}
defer func() {
_ = common.RunCommand("git", "config", "--global", "--remove-section", "credential")
}()
}
err := common.RunCommand("git", "clone", inputArtifact.Git.Repo, path)
if err != nil {
lines := strings.Split(err.Error(), "\n")
if len(lines) > 1 {
// give only the last, most-useful error line from git
return errors.New(errors.CodeBadRequest, lines[len(lines)-1])
}
return err
}
if inputArtifact.Git.Revision != "" {
err := common.RunCommand("git", "-C", path, "checkout", inputArtifact.Git.Revision)
if err != nil {
return err
}
}
return nil
}
// Save is unsupported for git output artifacts
func (g *GitArtifactDriver) Save(path string, outputArtifact *wfv1.Artifact) error {
return errors.Errorf(errors.CodeBadRequest, "Git output artifacts unsupported")
}