Do not source system- and user- Git settings / Fix GitMirrorAuthTest

[trustin]

Motivation:

We can't test Git-over-HTTPS authentication with GitMirrorAuthTest because of the following:

• JGit silently sources the custom configurations, breaking our expected behaviors:
  • ~/.gitconfig
  • ~/.config/jgit
  • ~/.jgitconfig
  • /etc/gitconfig
• It's not convenient to pass Git username and password via system properties.

Modifications:

• Added IsolatedSystemReader that prevents reading the system- and user- Git settings so that Central Dogma doesn't behave differently between environments.
• Revamped GitMirrorAuthTest so that it always uses github.com/line/centraldogma-authtest.git as its test repository.
  • The Git-over-SSH test now always runs as a part of the build.
  • The Git-over-HTTPS test requires sensitive information, so it still has to run manually, although we could at least run it as a part of GitHub action (but not in a PR build).
• Updated GitMirrorAuthTest so that it pulls GitHub username and password via environment variables rather than system properties.

Result:

• Central Dogma doesn't behave differently between environments.
• GitMirrorAuthTest now always runs the Git-over-SSH test.
• GitMirrorAuthTest now uses environment variables rather than JVM system properties to retrieve GitHub username and password.

[taiga-nada]

LGTM. Thank you.

[codecov]

Codecov Report

Patch coverage: 95.00% and project coverage change: +0.08 🎉

Comparison is base (79221af) 65.50% compared to head (deaf2f5) 65.59%.

Additional details and impacted files

@@             Coverage Diff              @@
##             master     #816      +/-   ##
============================================
+ Coverage     65.50%   65.59%   +0.08%     
- Complexity     3294     3308      +14     
============================================
  Files           353      354       +1     
  Lines         13796    13816      +20     
  Branches       1492     1492              
============================================
+ Hits           9037     9062      +25     
+ Misses         3911     3908       -3     
+ Partials        848      846       -2     

Impacted Files	Coverage Δ
...raldogma/server/internal/IsolatedSystemReader.java	94.44% <94.44%> (ø)
...ntraldogma/server/internal/mirror/GitWithAuth.java	64.04% <100.00%> (+0.40%)	⬆️
...internal/storage/repository/git/GitRepository.java	76.31% <100.00%> (+0.02%)	⬆️
...centraldogma/server/internal/api/WatchService.java	76.27% <0.00%> (-3.39%)	⬇️
...centraldogma/server/internal/mirror/GitMirror.java	80.88% <0.00%> (+0.29%)	⬆️
...r/internal/admin/auth/FileBasedSessionManager.java	77.69% <0.00%> (+1.43%)	⬆️
.../linecorp/centraldogma/client/AbstractWatcher.java	80.00% <0.00%> (+2.66%)	⬆️
...ient/armeria/legacy/LegacyCentralDogmaBuilder.java	85.18% <0.00%> (+3.70%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[jrhee17]

Left two super minor nits. Thanks @trustin 👍 🙇 👍

[jrhee17]

As-is is also fine, but I'm wondering why we don't fallback to user.password for symmetry

Suggested change

	System.getenv("GITHUB_CD_AUTHTEST_PASSWORD");
	System.getenv("GITHUB_CD_AUTHTEST_PASSWORD"),
	System.getProperty("user.password"))

[trustin]

user.name is JDK standard property which is always given, whereas user.password is not. 😉 Let me leave it as it is.

[jrhee17]

Question) Just to make sure, is this a read-only deploy key?

[trustin]

Yes, it's read-only.

[ikhoon]

Thanks, @trustin! 🙇‍♂️

[minwoox]

Much simplified. Thanks!