Add git ls-remote to validate the remote GIT repository #5573
Conversation
| @@ -27,6 +26,10 @@ const ( | |||
| urlCheckTimeout = 16 * time.Second | |||
| ) | |||
|
|
|||
| var ( | |||
| GitAuthenticationError, GitNotFoundError error | |||
There was a problem hiding this comment.
yeah, should stop drinking
There was a problem hiding this comment.
These should be error types. See for example
|
Other than what Michalis already pointed out, looks good. |
mfojtik
force-pushed
the
fix-git-check
branch
from
2f72f01
to
480f286
Compare
|
[test] |
|
LGTM |
| succ := make(chan bool, 1) | ||
| go func() { | ||
| out, err = cmd.CombinedOutput() | ||
| succ <- true |
There was a problem hiding this comment.
We don't really care about this value so this should be an empty struct.
|
one more nit, LGTM otherwise |
|
Actually can you add a test case for this as well? |
|
if this works with proxies, you should remove the logic that skips this check when a proxy is set. |
mfojtik
force-pushed
the
fix-git-check
branch
from
480f286
to
92d12fd
Compare
|
i fixed everything, but do not merge this yet, need to test if the proxy stuff works as expected |
| // remote repository failed to authenticate. | ||
| // Since this is calling the 'git' binary, the proxy settings should be | ||
| // available for this command. | ||
| func checkRemoteGit(url string, timeout time.Duration) error { |
There was a problem hiding this comment.
I thought the original issue was a long hang when an invalid IP or host was specified... does this fail fast in cases like that?
There was a problem hiding this comment.
I see the timeout, but not a test exercising it... is that possible?
There was a problem hiding this comment.
@liggitt it hangs when it was asking for password in case you have private repos.... and yes, there is no test exercising this, something I have to follow up
There was a problem hiding this comment.
i can, also I think github is asking me for a password even if I request "https://github.com/openshift/foo"
There was a problem hiding this comment.
Per #3624 it would be good not to rely on external services, using Jordan's idea of httptest returning 401 is preferable, imho.
There was a problem hiding this comment.
@soltysh i would not be that optimistic, I might revert the github test to have positive case ;-)
|
@bparees tested with proxy/without proxy and by accident tested also the timeout... it all works, so this is mergeable now |
|
[test] again |
| if !testConnection { | ||
| return nil | ||
|
|
||
| if strings.Contains(string(out), "Authentication failed") { |
mfojtik
force-pushed
the
fix-git-check
branch
2 times, most recently
from
7e614a1
to
4724788
Compare
|
@mfojtik this works when going through a proxy? the scenario that was broken before that lead to reworking this was a git server that could only be reached via proxy. (the testing that was done which was insufficient was accessing a git server via a proxy, when that git server could also be reached w/o using the proxy) |
| if err != nil { | ||
| t.Errorf("expected no error, got %q", err) | ||
| } | ||
| err = checkRemoteGit("https://254.254.254.254/foo/bar", 10*time.Second) |
There was a problem hiding this comment.
lower the time limit, we don't want this test to take 30 seconds to run
There was a problem hiding this comment.
20 seconds. one of those tests won't normally hit the timeout.
There was a problem hiding this comment.
I didn't say it would take 30 seconds. I said I didn't want it to take 30 seconds, which I don't 😁
There was a problem hiding this comment.
well it won't, so desire met? :)
There was a problem hiding this comment.
there are two now :-) the first one should never hit the timeout, I will lower the second one :-) is that ok?
mfojtik
force-pushed
the
fix-git-check
branch
from
4724788
to
460e849
Compare
mfojtik
force-pushed
the
fix-git-check
branch
from
460e849
to
317425e
Compare
|
[test] |
bparees
changed the title
mfojtik
force-pushed
the
fix-git-check
branch
from
6dcf89e
to
a83fd22
Compare
| // ignored. This command will replace git:// with https:// in that case. | ||
| if strings.HasPrefix(gitSource.URI, "git://") { | ||
| glog.V(4).Infof("Using https:// instead of git:// prefix for %q", gitSource.URI) | ||
| out, err := exec.Command("git", "config", "--global", `url."https://".insteadOf git://`).CombinedOutput() |
There was a problem hiding this comment.
@bparees sanity check required
mfojtik
force-pushed
the
fix-git-check
branch
3 times, most recently
from
34c27af
to
611ad20
Compare
|
|
||
| // When the protocol is git:// the HTTPS_PROXY and HTTP_PROXY variables are | ||
| // ignored. This command will replace git:// with https:// in that case. | ||
| if strings.HasPrefix(gitSource.URI, "git://") { |
There was a problem hiding this comment.
this is wrong... the git:// protocol is not http/https-based, and should not be using http_proxy/https_proxy. It's over a completely different port, so switching to https:// could actually break the check (https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols#The-Git-Protocol)
There was a problem hiding this comment.
@liggitt the command bellow this will set it global, so the clone (if https succeed) will work normally.
|
continuous-integration/openshift-jenkins/test Waiting: Determining build queue position |
mfojtik
force-pushed
the
fix-git-check
branch
2 times, most recently
from
61e1ad0
to
d69b2b0
Compare
|
[testonlyextended][extended:core(s2i build with proxy)] |
mfojtik
force-pushed
the
fix-git-check
branch
from
d69b2b0
to
ebbbcc0
Compare
|
Evaluated for origin test up to ebbbcc0 |
|
Evaluated for origin testonlyextended up to ebbbcc0 |
|
continuous-integration/openshift-jenkins/test FAILURE (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/7212/) (Extended Tests: core(s2i build with proxy)) |
|
continuous-integration/openshift-jenkins/testonlyextended SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/7218/) (Extended Tests: core(s2i build with proxy)) |
|
@bparees ready for review/merge |
|
[merge] |
1 similar comment
|
[merge] |
|
[merge] ! |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_origin/4058/) (Image: devenv-rhel7_2742) |
|
@bparees @csrwng each merge failed with different flaky test :-) This time, new-app is the winner: Previously it was new-app again: And before it was timeout starting openshift server :-) |
|
The merge failure is an integration test flake: which is assigned to me: #5937 |
|
[merge] (an innocent chicken was sacrificed) |
|
Evaluated for origin merge up to ebbbcc0 |
Merged by openshift-bot
Fixes: #4564
Fixes: #5944
@bparees @soltysh this will use
git ls-remotecommand to check the source repository URL. It should pickup all credentials we have for the GIT in case the repo is private. It also perform check if the repository is reachable. Proxy vars should be picked up as well (I didn't tested this).