Refactor authentication in git client

pipe-cd · Apr 18, 2024 · 0546cb7 · 0546cb7
1 parent 80c773d
commit 0546cb7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 30 deletions.
diff --git a/pkg/git/client.go b/pkg/git/client.go
@@ -143,16 +143,12 @@ func (c *client) Clone(ctx context.Context, repoID, remote, branch, destination
 		)
 	)
 
-	// remote, err := includePasswordRemote(remote, c.username, c.password)
-	// if err != nil {
-	// 	return nil, err
-	// }
-
 	authArgs := []string{}
 	if c.username != "" && c.password != "" {
 		token := fmt.Sprintf("%s:%s", c.username, c.password)
 		encodedToken := base64.StdEncoding.EncodeToString([]byte(token))
-		authArgs = append(authArgs, "--config-env", fmt.Sprintf("http.extraHeader=%s", encodedToken))
+		header := fmt.Sprintf("Authorization: Basic %s", encodedToken)
+		authArgs = append(authArgs, "-c", fmt.Sprintf("http.extraHeader=%s", header))
 	}
 
 	c.lockRepo(repoID)
@@ -171,7 +167,7 @@ func (c *client) Clone(ctx context.Context, repoID, remote, branch, destination
 		}
 		out, err := retryCommand(3, time.Second, logger, func() ([]byte, error) {
 			args := []string{"clone", "--mirror", remote, repoCachePath}
-			args = append(args, authArgs...)
+			args = append(authArgs, args...)
 			return runGitCommand(ctx, c.gitPath, "", c.envsForRepo(remote), args...)
 		})
 		if err != nil {
@@ -186,7 +182,7 @@ func (c *client) Clone(ctx context.Context, repoID, remote, branch, destination
 		c.logger.Info(fmt.Sprintf("fetching %s to update the cache", repoID))
 		out, err := retryCommand(3, time.Second, c.logger, func() ([]byte, error) {
 			args := []string{"fetch"}
-			args = append(args, authArgs...)
+			args = append(authArgs, args...)
 			return runGitCommand(ctx, c.gitPath, repoCachePath, c.envsForRepo(remote), args...)
 		})
 		if err != nil {
@@ -298,22 +294,6 @@ func (c *client) envsForRepo(remote string) []string {
 	return append(envs, c.gitEnvs...)
 }
 
-// func includePasswordRemote(remote, username, password string) (string, error) {
-// 	if username == "" || password == "" {
-// 		return remote, nil
-// 	}
-// 	u, err := parseGitURL(remote)
-// 	if err != nil {
-// 		return "", fmt.Errorf("failed to include password: %v", err)
-// 	}
-// 	decodedPassword, err := base64.StdEncoding.DecodeString(password)
-// 	if err != nil {
-// 		return "", fmt.Errorf("failed to decode password: %v", err)
-// 	}
-// 	u.User = url.UserPassword(username, string(decodedPassword))
-// 	return u.String(), nil
-// }
-
 func runGitCommand(ctx context.Context, execPath, dir string, envs []string, args ...string) ([]byte, error) {
 	cmd := exec.CommandContext(ctx, execPath, args...)
 	cmd.Dir = dir

diff --git a/pkg/git/client_test.go b/pkg/git/client_test.go
@@ -177,12 +177,6 @@ func (g gitCommander) addCommit(filename string, content string) error {
 	})
 }
 
-// func TestCloneUsingPassword(t *testing.T) {
-// 	// url, err := includePasswordRemote("https://example.com/org/repo", "test-user", "dGVzdC1wYXNzd29yZA==")
-// 	require.NoError(t, err)
-// 	assert.Equal(t, "https://test-user:test-password@example.com/org/repo", url)
-// }
-
 func TestRetryCommand(t *testing.T) {
 	var (
 		ranCount   = 0