-
-
Notifications
You must be signed in to change notification settings - Fork 802
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow GIT_ASKPASS as a pass through env var #2564
Conversation
pre_commit/git.py
Outdated
@@ -43,6 +43,7 @@ def no_git_env(_env: Mapping[str, str] | None = None) -> dict[str, str]: | |||
'GIT_SSL_NO_VERIFY', 'GIT_CONFIG_COUNT', | |||
'GIT_HTTP_PROXY_AUTHMETHOD', | |||
'GIT_ALLOW_PROTOCOL', | |||
'SSH_ASKPASS', 'GIT_ASKPASS', 'GIT_USERNAME', 'GIT_PASSWORD', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SSH_ASKPASS
doesn't start withGIT_
so it's not relevantGIT_USERNAME
isn't a variable supported bygit
GIT_PASSWORD
isn't a variable supported bygit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oops, good point; removed ssh_askpass. although git_username/git_password isn't directly, it is the default used by jenkins git plugin; so there is no way to provide creds down to git from jenkins as a caller without it. is there any harm in adding it ? I don't think you can use jenkins credential store to execute precommit otherwise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
jenkins shouldn't be setting environment variables in other tools' namespaces -- I'm fine adding GIT_ASKPASS
but not the other ones
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fair enough; removed in latest force push. commit is just GIT_ASKPASS now
documented via man gitcredentials, it is used to provide a script/input for git to fetch creds in a no-tty usecase. used among other things by jenkins to pass credentials down to git for authentication. https://github.com/jenkinsci/git-plugin/blob/1e3488a730a169778ba0863dd4edbb1dc29154a1/README.adoc#git-bindings https://github.com/jenkinsci/git-plugin/blob/9429e7d05df3dbb4060ac6ab4da6538bb0eb50ba/src/main/java/jenkins/plugins/git/GitUsernamePasswordBinding.java#L130
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in case anyone ever stumbles onto this from google, i was mistaken on GIT_USERNAME/GIT_PASSWORD, those aren't actually passed down by that plugin as env vars at all; just me failing to read java code properly. thanks for the merge 👍 |
documented via man gitcredentials, it is used to provide a script/input for git to fetch creds in a no-tty usecase. used among other things by jenkins to pass credentials down to git for authentication.
https://github.com/jenkinsci/git-plugin/blob/1e3488a730a169778ba0863dd4edbb1dc29154a1/README.adoc#git-bindings https://github.com/jenkinsci/git-plugin/blob/9429e7d05df3dbb4060ac6ab4da6538bb0eb50ba/src/main/java/jenkins/plugins/git/GitUsernamePasswordBinding.java#L130