-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not source system- and user- Git settings / Fix GitMirrorAuthTest
#816
Conversation
Motivation: We can't test Git-over-HTTPS authentication with `GitMirrorAuthTest` because of the following: - JGit silently sources the custom configurations, breaking our expected behaviors: - `~/.gitconfig` - `~/.config/jgit` - `~/.jgitconfig` - `/etc/gitconfig` - It's not convenient to pass Git username and password via system properties. Modifications: - Added `IsolatedSystemReader` that prevents reading the system- and user- Git settings so that Central Dogma doesn't behave differently between environments. - Revamped `GitMirrorAuthTest` so that it always uses `github.com/line/centraldogma-authtest.git` as its test repository. - The Git-over-SSH test now always runs as a part of the build. - The Git-over-HTTPS test requires sensitive information, so it still has to run manually, although we could at least run it as a part of GitHub action (but not in a PR build). - Updated `GitMirrorAuthTest` so that it pulls GitHub username and password via environment variables rather than system properties. Result: - Central Dogma doesn't behave differently between environments. - `GitMirrorAuthTest` now always runs the Git-over-SSH test. - `GitMirrorAuthTest` now uses environment variables rather than JVM system properties to retrieve GitHub username and password.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thank you.
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## master #816 +/- ##
============================================
+ Coverage 65.50% 65.59% +0.08%
- Complexity 3294 3308 +14
============================================
Files 353 354 +1
Lines 13796 13816 +20
Branches 1492 1492
============================================
+ Hits 9037 9062 +25
+ Misses 3911 3908 -3
+ Partials 848 846 -2
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left two super minor nits. Thanks @trustin 👍 🙇 👍
*/ | ||
private static final String GIT_PASSPHRASE = System.getProperty("git.passphrase"); | ||
private static final String GITHUB_PASSWORD = | ||
System.getenv("GITHUB_CD_AUTHTEST_PASSWORD"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As-is is also fine, but I'm wondering why we don't fallback to user.password
for symmetry
System.getenv("GITHUB_CD_AUTHTEST_PASSWORD"); | |
System.getenv("GITHUB_CD_AUTHTEST_PASSWORD"), | |
System.getProperty("user.password")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
user.name
is JDK standard property which is always given, whereas user.password
is not. 😉 Let me leave it as it is.
@@ -0,0 +1,20 @@ | |||
-----BEGIN EC PRIVATE KEY----- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question) Just to make sure, is this a read-only deploy key?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it's read-only.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, @trustin! 🙇♂️
server/src/main/java/com/linecorp/centraldogma/server/internal/IsolatedSystemReader.java
Show resolved
Hide resolved
…/IsolatedSystemReader.java
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Much simplified. Thanks!
Motivation:
We can't test Git-over-HTTPS authentication with
GitMirrorAuthTest
because of the following:~/.gitconfig
~/.config/jgit
~/.jgitconfig
/etc/gitconfig
Modifications:
IsolatedSystemReader
that prevents reading the system- and user- Git settings so that Central Dogma doesn't behave differently between environments.GitMirrorAuthTest
so that it always usesgithub.com/line/centraldogma-authtest.git
as its test repository.GitMirrorAuthTest
so that it pulls GitHub username and password via environment variables rather than system properties.Result:
GitMirrorAuthTest
now always runs the Git-over-SSH test.GitMirrorAuthTest
now uses environment variables rather than JVM system properties to retrieve GitHub username and password.