[PATCH 1/3] use .gitconfig in well-known CI systems
60 views
Skip to first unread message
Felix Moessbauer
May 8, 2024, 7:13:33 AM5/8/24
to kas-...@googlegroups.com, jan.k...@siemens.com, Frieder Schrempf, Felix Moessbauer
When running in a Github Action or in Gitlab CI, we automatically
forward the .gitconfig into the kas environment (both for kas repo
cloning, as well as for bitbake). By that, we keep the same semantics
both for Github Actions, as well as for the Gitlab CI.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
docs/command-line/environment-variables.inc | 7 ++++---
docs/userguide/credentials.rst | 6 ++++--
kas/libcmds.py | 20 +++++++++++++++++---
3 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
index 13255c9af..8b8d4a024 100644
--- a/docs/command-line/environment-variables.inc
+++ b/docs/command-line/environment-variables.inc
@@ -135,9 +135,10 @@ Variables Glossary
| | first one. The job url is added to the |
| | provenance attestation (if enabled). |
+--------------------------+--------------------------------------------------+
-| ``GITHUB_ACTIONS`` | Environment variables from github actions. If |
-| (K) | set to `true`, `.gitconfig` is automatically |
-| | imported. For details, see ``GITCONFIG_FILE``. |
+| ``GITHUB_ACTIONS`` | Environment variables from github actions or |
+| ``GITLAB_CI`` | Gitlab CI. If set to `true`, `.gitconfig` is |
+| (K) | automatically imported. |
+| | For details, see ``GITCONFIG_FILE``. |
+--------------------------+--------------------------------------------------+
| ``BB_NUMBER_THREADS`` | Environment variables to control the concurrency.|
| ``PARALLEL_MAKE`` | |
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index 42cc1f810..9faad67fe 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -34,11 +34,13 @@ an existing one. In addition, credential helpers can be used by
setting the corresponding environment variables. These are added to the
``.gitconfig`` file as well.
+When running in a Github Actions or Gitlab CI job, the ``.gitconfig`` file
+is automatically injected.
+
Github Actions
~~~~~~~~~~~~~~
-When running in a Github Action, the ``.gitconfig`` file is automatically
-injected. In combination with the
+In combination with the
`webfactory/ssh-agent <https://github.com/webfactory/ssh-agent>`_ action,
this automatically makes the required credentials available to kas and
bitbake.
diff --git a/kas/libcmds.py b/kas/libcmds.py
index c3d4cdca9..9cd739a00 100644
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@@ -180,6 +180,18 @@ class SetupHome(Command):
def __str__(self):
return 'setup_home'
+ @staticmethod
+ def _on_ci():
+ """
+ Detects if we are running on a CI system.
+ Returns the name of the CI system or None.
+ """
+ if os.environ.get('GITHUB_ACTIONS', False) == 'true':
+ return 'Github Actions'
+ elif os.environ.get('GITLAB_CI', False) == 'true':
+ return 'Gitlab CI'
+ return None
+
def _setup_netrc(self):
if os.environ.get('NETRC_FILE', False):
shutil.copy(os.environ['NETRC_FILE'],
@@ -222,9 +234,8 @@ class SetupHome(Command):
gitconfig_host = os.environ.get('GITCONFIG_FILE', False)
gitconfig_kas = self.tmpdirname + '/.gitconfig'
- # when running in the github ci, always try to read the gitconfig
- if not gitconfig_host and \
- os.environ.get('GITHUB_ACTIONS', False) == 'true':
+ # on supported CI systems, always try to read the gitconfig
+ if not gitconfig_host and self._on_ci():
gitconfig_host = os.path.expanduser('~/.gitconfig')
if gitconfig_host and os.path.exists(gitconfig_host):
@@ -246,6 +257,9 @@ class SetupHome(Command):
config.write()
def execute(self, ctx):
+ ci = self._on_ci()
+ if ci:
+ logging.info(f'Running on {ci}')
def_umask = os.umask(0o077)
self._setup_netrc()
self._setup_gitconfig()
--
2.39.2
forward the .gitconfig into the kas environment (both for kas repo
cloning, as well as for bitbake). By that, we keep the same semantics
both for Github Actions, as well as for the Gitlab CI.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
docs/command-line/environment-variables.inc | 7 ++++---
docs/userguide/credentials.rst | 6 ++++--
kas/libcmds.py | 20 +++++++++++++++++---
3 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
index 13255c9af..8b8d4a024 100644
--- a/docs/command-line/environment-variables.inc
+++ b/docs/command-line/environment-variables.inc
@@ -135,9 +135,10 @@ Variables Glossary
| | first one. The job url is added to the |
| | provenance attestation (if enabled). |
+--------------------------+--------------------------------------------------+
-| ``GITHUB_ACTIONS`` | Environment variables from github actions. If |
-| (K) | set to `true`, `.gitconfig` is automatically |
-| | imported. For details, see ``GITCONFIG_FILE``. |
+| ``GITHUB_ACTIONS`` | Environment variables from github actions or |
+| ``GITLAB_CI`` | Gitlab CI. If set to `true`, `.gitconfig` is |
+| (K) | automatically imported. |
+| | For details, see ``GITCONFIG_FILE``. |
+--------------------------+--------------------------------------------------+
| ``BB_NUMBER_THREADS`` | Environment variables to control the concurrency.|
| ``PARALLEL_MAKE`` | |
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index 42cc1f810..9faad67fe 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -34,11 +34,13 @@ an existing one. In addition, credential helpers can be used by
setting the corresponding environment variables. These are added to the
``.gitconfig`` file as well.
+When running in a Github Actions or Gitlab CI job, the ``.gitconfig`` file
+is automatically injected.
+
Github Actions
~~~~~~~~~~~~~~
-When running in a Github Action, the ``.gitconfig`` file is automatically
-injected. In combination with the
+In combination with the
`webfactory/ssh-agent <https://github.com/webfactory/ssh-agent>`_ action,
this automatically makes the required credentials available to kas and
bitbake.
diff --git a/kas/libcmds.py b/kas/libcmds.py
index c3d4cdca9..9cd739a00 100644
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@@ -180,6 +180,18 @@ class SetupHome(Command):
def __str__(self):
return 'setup_home'
+ @staticmethod
+ def _on_ci():
+ """
+ Detects if we are running on a CI system.
+ Returns the name of the CI system or None.
+ """
+ if os.environ.get('GITHUB_ACTIONS', False) == 'true':
+ return 'Github Actions'
+ elif os.environ.get('GITLAB_CI', False) == 'true':
+ return 'Gitlab CI'
+ return None
+
def _setup_netrc(self):
if os.environ.get('NETRC_FILE', False):
shutil.copy(os.environ['NETRC_FILE'],
@@ -222,9 +234,8 @@ class SetupHome(Command):
gitconfig_host = os.environ.get('GITCONFIG_FILE', False)
gitconfig_kas = self.tmpdirname + '/.gitconfig'
- # when running in the github ci, always try to read the gitconfig
- if not gitconfig_host and \
- os.environ.get('GITHUB_ACTIONS', False) == 'true':
+ # on supported CI systems, always try to read the gitconfig
+ if not gitconfig_host and self._on_ci():
gitconfig_host = os.path.expanduser('~/.gitconfig')
if gitconfig_host and os.path.exists(gitconfig_host):
@@ -246,6 +257,9 @@ class SetupHome(Command):
config.write()
def execute(self, ctx):
+ ci = self._on_ci()
+ if ci:
+ logging.info(f'Running on {ci}')
def_umask = os.umask(0o077)
self._setup_netrc()
self._setup_gitconfig()
--
2.39.2
Felix Moessbauer
May 8, 2024, 7:13:33 AM5/8/24
to kas-...@googlegroups.com, jan.k...@siemens.com, Frieder Schrempf, Felix Moessbauer
This series makes a kas project config "just work" on Gitlab CI.
It does so by automatically configuring the ssh->https git rewrite
logic (for both kas and bitbake) so that the CI_JOB_TOKEN can be used
to authenticate against the gitlab server.
It would be great, if more people could test this on their own
gitlab CI instances and provide feedback. A test container with
this series can be found on: ghcr.io/fmoessbauer/kas/kas:next
Best regards,
Felix Moessbauer
Siemens AG
Felix Moessbauer (3):
use .gitconfig in well-known CI systems
auto-inject git credentials on gitlab ci
add test for gitlab-ci git rewrite logic
docs/command-line/environment-variables.inc | 7 ++--
docs/userguide/credentials.rst | 21 ++++++----
kas/libcmds.py | 46 +++++++++++++++++++--
tests/conftest.py | 4 ++
tests/test_commands.py | 11 +++++
tests/test_commands/test-url-rewrite.yml | 9 ++++
6 files changed, 84 insertions(+), 14 deletions(-)
create mode 100644 tests/test_commands/test-url-rewrite.yml
--
2.39.2
It does so by automatically configuring the ssh->https git rewrite
logic (for both kas and bitbake) so that the CI_JOB_TOKEN can be used
to authenticate against the gitlab server.
It would be great, if more people could test this on their own
gitlab CI instances and provide feedback. A test container with
this series can be found on: ghcr.io/fmoessbauer/kas/kas:next
Best regards,
Felix Moessbauer
Siemens AG
Felix Moessbauer (3):
use .gitconfig in well-known CI systems
auto-inject git credentials on gitlab ci
add test for gitlab-ci git rewrite logic
docs/command-line/environment-variables.inc | 7 ++--
docs/userguide/credentials.rst | 21 ++++++----
kas/libcmds.py | 46 +++++++++++++++++++--
tests/conftest.py | 4 ++
tests/test_commands.py | 11 +++++
tests/test_commands/test-url-rewrite.yml | 9 ++++
6 files changed, 84 insertions(+), 14 deletions(-)
create mode 100644 tests/test_commands/test-url-rewrite.yml
--
2.39.2
Felix Moessbauer
May 8, 2024, 7:13:34 AM5/8/24
to kas-...@googlegroups.com, jan.k...@siemens.com, Frieder Schrempf, Felix Moessbauer
When running in the gitlab ci, we now automatically configure git to
clone the repositories on the CI server using https and the
CI_JOB_TOKEN. For backwards compatibility, this auto-injection is only
performed if no local git config or SSH config is provided.
This makes it easier for our users to use KAS in the Gitlab CI, as
things just work out of the box without any manual configuration needed.
For the Github CI this was already possible. By that, no change is
needed.
docs/userguide/credentials.rst | 14 +++++++-------
kas/libcmds.py | 26 ++++++++++++++++++++++++++
2 files changed, 33 insertions(+), 7 deletions(-)
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index 9faad67fe..53f3c72c1 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -50,14 +50,14 @@ Gitlab CI
When running in the Gitlab CI, the ``CI_JOB_TOKEN`` can be used to access
git repositories via https. kas automatically adds this token to the
-``.netrc`` file, where it is picked up by git. To be able to clone via ssh
-locally, but via https in the CI, a rewrite rule needs to be added to the
-``KAS_PREMIRRORS`` CI environment variable. Example:
+``.netrc`` file, where it is picked up by git. Further, kas configures git
+to automatically rewrite the urls of the repositories to clone via https
+for repos stored on the same server. Technically this is achieved by adding
+`insteadof` entries to the ``.gitconfig`` file.
-.. code-block:: yaml
-
- variables:
- KAS_PREMIRRORS: "git@${CI_SERVER_HOST}: https://${CI_SERVER_HOST}/"
+.. note::
+ For backwards compatibility, the git rewrite rules are only added if
+ ``.gitconfig`` does not exists and no SSH configuration is provided.
Netrc File
----------
diff --git a/kas/libcmds.py b/kas/libcmds.py
index 9cd739a00..15346869a 100644
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@@ -192,6 +192,23 @@ class SetupHome(Command):
return 'Gitlab CI'
return None
+ @staticmethod
+ def _ssh_config_present():
+ """
+ Checks if any file in the .ssh dir exists or
+ any manual ssh config option is set.
+ """
+ ssh_vars = ['SSH_PRIVATE_KEY', 'SSH_PRIVATE_KEY_FILE', 'SSH_AUTH_SOCK']
+ if any(e in os.environ for e in ssh_vars):
+ return True
+
+ ssh_path = os.path.expanduser('~/.ssh')
+ if os.path.isdir(ssh_path):
+ with os.scandir(ssh_path) as it:
+ if any(it):
+ return True
+ return False
if os.environ.get('GIT_CREDENTIAL_USEHTTPPATH', False):
config['credential']['useHttpPath'] = \
os.environ.get('GIT_CREDENTIAL_USEHTTPPATH')
+ # in gitlab CI, add ssh -> https rewrites if no config is present
+ ci_server = os.environ.get('CI_SERVER_HOST', False)
+ if self._on_ci() == 'Gitlab CI' and ci_server and \
+ not self._ssh_config_present() and \
+ not os.path.exists(gitconfig_host):
+ logging.debug('Adding Gitlab CI ssh -> https rewrites')
+ config[f'url "https://{ci_server}/"'] = {
+ 'insteadOf': f'git@{ci_server}:'
+ }
config.write()
def execute(self, ctx):
--
2.39.2
clone the repositories on the CI server using https and the
CI_JOB_TOKEN. For backwards compatibility, this auto-injection is only
performed if no local git config or SSH config is provided.
This makes it easier for our users to use KAS in the Gitlab CI, as
things just work out of the box without any manual configuration needed.
For the Github CI this was already possible. By that, no change is
needed.
docs/userguide/credentials.rst | 14 +++++++-------
kas/libcmds.py | 26 ++++++++++++++++++++++++++
2 files changed, 33 insertions(+), 7 deletions(-)
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index 9faad67fe..53f3c72c1 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -50,14 +50,14 @@ Gitlab CI
When running in the Gitlab CI, the ``CI_JOB_TOKEN`` can be used to access
git repositories via https. kas automatically adds this token to the
-``.netrc`` file, where it is picked up by git. To be able to clone via ssh
-locally, but via https in the CI, a rewrite rule needs to be added to the
-``KAS_PREMIRRORS`` CI environment variable. Example:
+``.netrc`` file, where it is picked up by git. Further, kas configures git
+to automatically rewrite the urls of the repositories to clone via https
+for repos stored on the same server. Technically this is achieved by adding
+`insteadof` entries to the ``.gitconfig`` file.
-.. code-block:: yaml
-
- variables:
- KAS_PREMIRRORS: "git@${CI_SERVER_HOST}: https://${CI_SERVER_HOST}/"
+.. note::
+ For backwards compatibility, the git rewrite rules are only added if
+ ``.gitconfig`` does not exists and no SSH configuration is provided.
Netrc File
----------
diff --git a/kas/libcmds.py b/kas/libcmds.py
index 9cd739a00..15346869a 100644
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@@ -192,6 +192,23 @@ class SetupHome(Command):
return 'Gitlab CI'
return None
+ @staticmethod
+ def _ssh_config_present():
+ """
+ Checks if any file in the .ssh dir exists or
+ any manual ssh config option is set.
+ """
+ ssh_vars = ['SSH_PRIVATE_KEY', 'SSH_PRIVATE_KEY_FILE', 'SSH_AUTH_SOCK']
+ if any(e in os.environ for e in ssh_vars):
+ return True
+
+ ssh_path = os.path.expanduser('~/.ssh')
+ if os.path.isdir(ssh_path):
+ with os.scandir(ssh_path) as it:
+ if any(it):
+ return True
+ return False
+
def _setup_netrc(self):
if os.environ.get('NETRC_FILE', False):
shutil.copy(os.environ['NETRC_FILE'],
@@ -254,6 +271,15 @@ class SetupHome(Command):
def _setup_netrc(self):
if os.environ.get('NETRC_FILE', False):
shutil.copy(os.environ['NETRC_FILE'],
if os.environ.get('GIT_CREDENTIAL_USEHTTPPATH', False):
config['credential']['useHttpPath'] = \
os.environ.get('GIT_CREDENTIAL_USEHTTPPATH')
+ # in gitlab CI, add ssh -> https rewrites if no config is present
+ ci_server = os.environ.get('CI_SERVER_HOST', False)
+ if self._on_ci() == 'Gitlab CI' and ci_server and \
+ not self._ssh_config_present() and \
+ not os.path.exists(gitconfig_host):
+ logging.debug('Adding Gitlab CI ssh -> https rewrites')
+ config[f'url "https://{ci_server}/"'] = {
+ 'insteadOf': f'git@{ci_server}:'
+ }
config.write()
def execute(self, ctx):
--
2.39.2
Felix Moessbauer
May 8, 2024, 7:13:39 AM5/8/24
to kas-...@googlegroups.com, jan.k...@siemens.com, Frieder Schrempf, Felix Moessbauer
This test creates a fake CI environment and tests if the ssh -> https
rewrite logic works.
docs/userguide/credentials.rst | 7 +++++--
tests/conftest.py | 4 ++++
tests/test_commands.py | 11 +++++++++++
tests/test_commands/test-url-rewrite.yml | 9 +++++++++
4 files changed, 29 insertions(+), 2 deletions(-)
create mode 100644 tests/test_commands/test-url-rewrite.yml
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index 53f3c72c1..2876b8043 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -55,9 +55,12 @@ to automatically rewrite the urls of the repositories to clone via https
.. note::
- For backwards compatibility, the git rewrite rules are only added if
- ``.gitconfig`` does not exists and no SSH configuration is provided.
+ Make sure to assign the correct permissions to the ``CI_JOB_TOKEN``.
+ For details, see `GitLab CI/CD job token <https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html>`_.
Netrc File
----------
diff --git a/tests/conftest.py b/tests/conftest.py
index 9823a8aa4..ef0dc9d10 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -35,6 +35,10 @@ ENVVARS_KAS = [
'SSH_PRIVATE_KEY',
'SSH_PRIVATE_KEY_FILE',
'SSH_AUTH_SOCK',
+ 'CI_SERVER_HOST',
+ 'CI_JOB_TOKEN',
+ 'GITLAB_CI',
+ 'GITHUB_ACTIONS'
]
ENVVARS_TOOLS = [
diff --git a/tests/test_commands.py b/tests/test_commands.py
index ac658d998..849882e6a 100644
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@@ -85,6 +85,17 @@ def test_invalid_checkout(monkeykas, tmpdir, capsys):
kas.kas(['checkout', 'test-invalid.yml'])
+def test_checkout_with_ci_rewrite(monkeykas, tmpdir):
+ tdir = str(tmpdir / 'test_commands')
+ shutil.copytree('tests/test_commands', tdir)
+ monkeykas.chdir(tdir)
+ with monkeykas.context() as mp:
+ mp.setenv('GITLAB_CI', 'true')
+ mp.setenv('CI_SERVER_HOST', 'github.com')
+ mp.setenv('CI_JOB_TOKEN', 'not-needed')
+ kas.kas(['checkout', 'test-url-rewrite.yml'])
+
+
def test_checkout_create_refs(monkeykas, tmpdir):
tdir = str(tmpdir / 'test_commands')
repo_cache = pathlib.Path(str(tmpdir.mkdir('repos')))
diff --git a/tests/test_commands/test-url-rewrite.yml b/tests/test_commands/test-url-rewrite.yml
new file mode 100644
index 000000000..ce192c550
--- /dev/null
+++ b/tests/test_commands/test-url-rewrite.yml
@@ -0,0 +1,9 @@
+header:
+ version: 14
+
+repos:
+ this:
+
+ kas:
+ url: g...@github.com:siemens/kas.git
+ commit: 907816a5c4094b59a36aec12226e71c461c05b77
--
2.39.2
rewrite logic works.
docs/userguide/credentials.rst | 7 +++++--
tests/conftest.py | 4 ++++
tests/test_commands.py | 11 +++++++++++
tests/test_commands/test-url-rewrite.yml | 9 +++++++++
4 files changed, 29 insertions(+), 2 deletions(-)
create mode 100644 tests/test_commands/test-url-rewrite.yml
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index 53f3c72c1..2876b8043 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -55,9 +55,12 @@ to automatically rewrite the urls of the repositories to clone via https
for repos stored on the same server. Technically this is achieved by adding
`insteadof` entries to the ``.gitconfig`` file.
+For backwards compatibility, the git rewrite rules are only added if
+``.gitconfig`` does not exists and no SSH configuration is provided.
+
.. note::
- For backwards compatibility, the git rewrite rules are only added if
- ``.gitconfig`` does not exists and no SSH configuration is provided.
+ Make sure to assign the correct permissions to the ``CI_JOB_TOKEN``.
+ For details, see `GitLab CI/CD job token <https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html>`_.
Netrc File
----------
diff --git a/tests/conftest.py b/tests/conftest.py
index 9823a8aa4..ef0dc9d10 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -35,6 +35,10 @@ ENVVARS_KAS = [
'SSH_PRIVATE_KEY',
'SSH_PRIVATE_KEY_FILE',
'SSH_AUTH_SOCK',
+ 'CI_SERVER_HOST',
+ 'CI_JOB_TOKEN',
+ 'GITLAB_CI',
+ 'GITHUB_ACTIONS'
]
ENVVARS_TOOLS = [
diff --git a/tests/test_commands.py b/tests/test_commands.py
index ac658d998..849882e6a 100644
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@@ -85,6 +85,17 @@ def test_invalid_checkout(monkeykas, tmpdir, capsys):
kas.kas(['checkout', 'test-invalid.yml'])
+def test_checkout_with_ci_rewrite(monkeykas, tmpdir):
+ tdir = str(tmpdir / 'test_commands')
+ shutil.copytree('tests/test_commands', tdir)
+ monkeykas.chdir(tdir)
+ with monkeykas.context() as mp:
+ mp.setenv('GITLAB_CI', 'true')
+ mp.setenv('CI_SERVER_HOST', 'github.com')
+ mp.setenv('CI_JOB_TOKEN', 'not-needed')
+ kas.kas(['checkout', 'test-url-rewrite.yml'])
+
+
def test_checkout_create_refs(monkeykas, tmpdir):
tdir = str(tmpdir / 'test_commands')
repo_cache = pathlib.Path(str(tmpdir.mkdir('repos')))
diff --git a/tests/test_commands/test-url-rewrite.yml b/tests/test_commands/test-url-rewrite.yml
new file mode 100644
index 000000000..ce192c550
--- /dev/null
+++ b/tests/test_commands/test-url-rewrite.yml
@@ -0,0 +1,9 @@
+header:
+ version: 14
+
+repos:
+ this:
+
+ kas:
+ url: g...@github.com:siemens/kas.git
+ commit: 907816a5c4094b59a36aec12226e71c461c05b77
--
2.39.2
Frieder Schrempf
May 8, 2024, 10:01:56 AM5/8/24
to Felix Moessbauer, kas-...@googlegroups.com, jan.k...@siemens.com
It seems like "git@{ci_server}:" is just an alternative short-form of
the latter.
With a resulting git config like the following it works fine for me:
[url "{ci_server}/"]
insteadOf = git@{ci_server}:
insteadOf = ssh://{ci_server}/
Frieder Schrempf
May 8, 2024, 10:07:02 AM5/8/24
to Felix Moessbauer, kas-...@googlegroups.com, jan.k...@siemens.com
Hi Felix,
On 08.05.24 13:13, Felix Moessbauer wrote:
for one change I needed for patch 2, everything seems to work nicely.
One nitpick: GitLab and GitHub are both spelled with capital letters in
the middle. I don't know if this is worth changing, but I noticed that
you spell it all lowercase after the first letter.
Thanks
Frieder
On 08.05.24 13:13, Felix Moessbauer wrote:
> This series makes a kas project config "just work" on Gitlab CI.
> It does so by automatically configuring the ssh->https git rewrite
> logic (for both kas and bitbake) so that the CI_JOB_TOKEN can be used
> to authenticate against the gitlab server.
>
> It would be great, if more people could test this on their own
> gitlab CI instances and provide feedback. A test container with
> this series can be found on: ghcr.io/fmoessbauer/kas/kas:next
Thanks for these useful changes! I tested on our GitLab instance. Except
> It does so by automatically configuring the ssh->https git rewrite
> logic (for both kas and bitbake) so that the CI_JOB_TOKEN can be used
> to authenticate against the gitlab server.
>
> It would be great, if more people could test this on their own
> gitlab CI instances and provide feedback. A test container with
> this series can be found on: ghcr.io/fmoessbauer/kas/kas:next
for one change I needed for patch 2, everything seems to work nicely.
One nitpick: GitLab and GitHub are both spelled with capital letters in
the middle. I don't know if this is worth changing, but I noticed that
you spell it all lowercase after the first letter.
Thanks
Frieder
Felix Moessbauer
May 8, 2024, 11:32:12 AM5/8/24
to kas-...@googlegroups.com, jan.k...@siemens.com, Frieder Schrempf, Felix Moessbauer
This series makes a kas project config "just work" on Gitlab CI.
It does so by automatically configuring the ssh->https git rewrite
logic (for both kas and bitbake) so that the CI_JOB_TOKEN can be used
to authenticate against the gitlab server.
It would be great, if more people could test this on their own
gitlab CI instances and provide feedback. A test container with
this series can be found on: ghcr.io/fmoessbauer/kas/kas:next
Changes since v1:
It does so by automatically configuring the ssh->https git rewrite
logic (for both kas and bitbake) so that the CI_JOB_TOKEN can be used
to authenticate against the gitlab server.
It would be great, if more people could test this on their own
gitlab CI instances and provide feedback. A test container with
this series can be found on: ghcr.io/fmoessbauer/kas/kas:next
- also add git rewrite for bitbake fetcher (thanks to Frieder Schrempf)
- correct spelling of GitHub and GitLab in the docs
- updated test container on ghcr.io
Best regards,
Felix Moessbauer
Siemens AG
use .gitconfig in well-known CI systems
auto-inject git credentials on gitlab ci
add test for gitlab-ci git rewrite logic
docs: correct spelling of GitHub and GitLab
auto-inject git credentials on gitlab ci
add test for gitlab-ci git rewrite logic
docs/command-line/environment-variables.inc | 11 ++---
docs/userguide/credentials.rst | 29 +++++++------
kas/libcmds.py | 48 +++++++++++++++++++--
tests/conftest.py | 4 ++
tests/test_commands.py | 11 +++++
tests/test_commands/test-url-rewrite.yml | 9 ++++
6 files changed, 92 insertions(+), 20 deletions(-)
tests/test_commands.py | 11 +++++
tests/test_commands/test-url-rewrite.yml | 9 ++++
create mode 100644 tests/test_commands/test-url-rewrite.yml
--
2.39.2
Felix Moessbauer
May 8, 2024, 11:32:12 AM5/8/24
to kas-...@googlegroups.com, jan.k...@siemens.com, Frieder Schrempf, Felix Moessbauer
When running in a Github Action or in Gitlab CI, we automatically
forward the .gitconfig into the kas environment (both for kas repo
cloning, as well as for bitbake). By that, we keep the same semantics
both for Github Actions, as well as for the Gitlab CI.
docs/command-line/environment-variables.inc | 7 ++++---
forward the .gitconfig into the kas environment (both for kas repo
cloning, as well as for bitbake). By that, we keep the same semantics
both for Github Actions, as well as for the Gitlab CI.
docs/userguide/credentials.rst | 8 +++++---
kas/libcmds.py | 20 +++++++++++++++++---
3 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
index 13255c9af..112936da8 100644
--- a/docs/command-line/environment-variables.inc
+++ b/docs/command-line/environment-variables.inc
@@ -135,9 +135,10 @@ Variables Glossary
| | first one. The job url is added to the |
| | provenance attestation (if enabled). |
+--------------------------+--------------------------------------------------+
-| ``GITHUB_ACTIONS`` | Environment variables from github actions. If |
-| (K) | set to `true`, `.gitconfig` is automatically |
-| | imported. For details, see ``GITCONFIG_FILE``. |
+| ``GITHUB_ACTIONS`` | Environment variables from GitHub actions or |
+++ b/docs/command-line/environment-variables.inc
@@ -135,9 +135,10 @@ Variables Glossary
| | first one. The job url is added to the |
| | provenance attestation (if enabled). |
+--------------------------+--------------------------------------------------+
-| ``GITHUB_ACTIONS`` | Environment variables from github actions. If |
-| (K) | set to `true`, `.gitconfig` is automatically |
-| | imported. For details, see ``GITCONFIG_FILE``. |
+| ``GITLAB_CI`` | GitLab CI. If set to `true`, `.gitconfig` is |
+| (K) | automatically imported. |
+| | For details, see ``GITCONFIG_FILE``. |
+--------------------------+--------------------------------------------------+
| ``BB_NUMBER_THREADS`` | Environment variables to control the concurrency.|
| ``PARALLEL_MAKE`` | |
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
+| | For details, see ``GITCONFIG_FILE``. |
+--------------------------+--------------------------------------------------+
| ``BB_NUMBER_THREADS`` | Environment variables to control the concurrency.|
| ``PARALLEL_MAKE`` | |
index 42cc1f810..cbf4fc8d6 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -34,11 +34,13 @@ an existing one. In addition, credential helpers can be used by
setting the corresponding environment variables. These are added to the
``.gitconfig`` file as well.
+When running in a GitHub Action or GitLab CI job, the ``.gitconfig`` file
setting the corresponding environment variables. These are added to the
``.gitconfig`` file as well.
+is automatically injected.
+
Github Actions
~~~~~~~~~~~~~~
-When running in a Github Action, the ``.gitconfig`` file is automatically
-injected. In combination with the
+In combination with the
`webfactory/ssh-agent <https://github.com/webfactory/ssh-agent>`_ action,
this automatically makes the required credentials available to kas and
bitbake.
@@ -46,7 +48,7 @@ bitbake.
+
Github Actions
~~~~~~~~~~~~~~
-When running in a Github Action, the ``.gitconfig`` file is automatically
-injected. In combination with the
+In combination with the
`webfactory/ssh-agent <https://github.com/webfactory/ssh-agent>`_ action,
this automatically makes the required credentials available to kas and
bitbake.
Gitlab CI
~~~~~~~~~
-When running in the Gitlab CI, the ``CI_JOB_TOKEN`` can be used to access
+When running in the GitLab CI, the ``CI_JOB_TOKEN`` can be used to access
git repositories via https. kas automatically adds this token to the
``.netrc`` file, where it is picked up by git. To be able to clone via ssh
locally, but via https in the CI, a rewrite rule needs to be added to the
diff --git a/kas/libcmds.py b/kas/libcmds.py
index c3d4cdca9..b5a79654c 100644
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@@ -180,6 +180,18 @@ class SetupHome(Command):
def __str__(self):
return 'setup_home'
+ @staticmethod
+ def _on_ci():
+ """
+ Detects if we are running on a CI system.
+ Returns the name of the CI system or None.
+ """
+ if os.environ.get('GITHUB_ACTIONS', False) == 'true':
+ return 'GitHub Actions'
def __str__(self):
return 'setup_home'
+ @staticmethod
+ def _on_ci():
+ """
+ Detects if we are running on a CI system.
+ Returns the name of the CI system or None.
+ """
+ if os.environ.get('GITHUB_ACTIONS', False) == 'true':
+ elif os.environ.get('GITLAB_CI', False) == 'true':
+ return 'GitLab CI'
+ return None
+
def _setup_netrc(self):
if os.environ.get('NETRC_FILE', False):
shutil.copy(os.environ['NETRC_FILE'],
def _setup_netrc(self):
if os.environ.get('NETRC_FILE', False):
shutil.copy(os.environ['NETRC_FILE'],
Felix Moessbauer
May 8, 2024, 11:32:13 AM5/8/24
to kas-...@googlegroups.com, jan.k...@siemens.com, Frieder Schrempf, Felix Moessbauer
When running in the gitlab ci, we now automatically configure git to
clone the repositories on the CI server using https and the
CI_JOB_TOKEN. For backwards compatibility, this auto-injection is only
performed if no local git config or SSH config is provided.
This makes it easier for our users to use KAS in the Gitlab CI, as
things just work out of the box without any manual configuration needed.
For the Github CI this was already possible. By that, no change is
needed.
docs/userguide/credentials.rst | 14 +++++++-------
clone the repositories on the CI server using https and the
CI_JOB_TOKEN. For backwards compatibility, this auto-injection is only
performed if no local git config or SSH config is provided.
This makes it easier for our users to use KAS in the Gitlab CI, as
things just work out of the box without any manual configuration needed.
For the Github CI this was already possible. By that, no change is
needed.
kas/libcmds.py | 28 ++++++++++++++++++++++++++++
2 files changed, 35 insertions(+), 7 deletions(-)
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index cbf4fc8d6..06028d2a4 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -50,14 +50,14 @@ Gitlab CI
When running in the GitLab CI, the ``CI_JOB_TOKEN`` can be used to access
git repositories via https. kas automatically adds this token to the
git repositories via https. kas automatically adds this token to the
-``.netrc`` file, where it is picked up by git. To be able to clone via ssh
-locally, but via https in the CI, a rewrite rule needs to be added to the
-``KAS_PREMIRRORS`` CI environment variable. Example:
+``.netrc`` file, where it is picked up by git. Further, kas configures git
+to automatically rewrite the urls of the repositories to clone via https
+for repos stored on the same server. Technically this is achieved by adding
+`insteadof` entries to the ``.gitconfig`` file.
-.. code-block:: yaml
-
- variables:
- KAS_PREMIRRORS: "git@${CI_SERVER_HOST}: https://${CI_SERVER_HOST}/"
+.. note::
+ For backwards compatibility, the git rewrite rules are only added if
+ ``.gitconfig`` does not exists and no SSH configuration is provided.
Netrc File
----------
diff --git a/kas/libcmds.py b/kas/libcmds.py
-locally, but via https in the CI, a rewrite rule needs to be added to the
-``KAS_PREMIRRORS`` CI environment variable. Example:
+``.netrc`` file, where it is picked up by git. Further, kas configures git
+to automatically rewrite the urls of the repositories to clone via https
+for repos stored on the same server. Technically this is achieved by adding
+`insteadof` entries to the ``.gitconfig`` file.
-.. code-block:: yaml
-
- variables:
- KAS_PREMIRRORS: "git@${CI_SERVER_HOST}: https://${CI_SERVER_HOST}/"
+.. note::
+ For backwards compatibility, the git rewrite rules are only added if
+ ``.gitconfig`` does not exists and no SSH configuration is provided.
Netrc File
----------
index b5a79654c..db28eef73 100644
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@@ -192,6 +192,23 @@ class SetupHome(Command):
return 'GitLab CI'
return None
+ @staticmethod
+ def _ssh_config_present():
+ """
+ Checks if any file in the .ssh dir exists or
+ any manual ssh config option is set.
+ """
+ ssh_vars = ['SSH_PRIVATE_KEY', 'SSH_PRIVATE_KEY_FILE', 'SSH_AUTH_SOCK']
+ if any(e in os.environ for e in ssh_vars):
+ return True
+
+ ssh_path = os.path.expanduser('~/.ssh')
+ if os.path.isdir(ssh_path):
+ with os.scandir(ssh_path) as it:
+ if any(it):
+ return True
+ return False
+ @staticmethod
+ def _ssh_config_present():
+ """
+ Checks if any file in the .ssh dir exists or
+ any manual ssh config option is set.
+ """
+ ssh_vars = ['SSH_PRIVATE_KEY', 'SSH_PRIVATE_KEY_FILE', 'SSH_AUTH_SOCK']
+ if any(e in os.environ for e in ssh_vars):
+ return True
+
+ ssh_path = os.path.expanduser('~/.ssh')
+ if os.path.isdir(ssh_path):
+ with os.scandir(ssh_path) as it:
+ if any(it):
+ return True
+ return False
+
def _setup_netrc(self):
if os.environ.get('NETRC_FILE', False):
shutil.copy(os.environ['NETRC_FILE'],
@@ -254,6 +271,17 @@ class SetupHome(Command):
def _setup_netrc(self):
if os.environ.get('NETRC_FILE', False):
shutil.copy(os.environ['NETRC_FILE'],
if os.environ.get('GIT_CREDENTIAL_USEHTTPPATH', False):
config['credential']['useHttpPath'] = \
os.environ.get('GIT_CREDENTIAL_USEHTTPPATH')
+ # in GitLab CI, add ssh -> https rewrites if no config is present
config['credential']['useHttpPath'] = \
os.environ.get('GIT_CREDENTIAL_USEHTTPPATH')
+ ci_server = os.environ.get('CI_SERVER_HOST', False)
+ if self._on_ci() == 'GitLab CI' and ci_server and \
+ not self._ssh_config_present() and \
+ not os.path.exists(gitconfig_host):
+ logging.debug('Adding GitLab CI ssh -> https rewrites')
+ not os.path.exists(gitconfig_host):
+ section = f'url "https://{ci_server}/"'
+ config.add_value(section, 'insteadOf',
+ f'git@{ci_server}:')
+ config.add_value(section, 'insteadOf',
+ f'ssh://git@{ci_server}/')
Felix Moessbauer
May 8, 2024, 11:32:21 AM5/8/24
to kas-...@googlegroups.com, jan.k...@siemens.com, Frieder Schrempf, Felix Moessbauer
This test creates a fake CI environment and tests if the ssh -> https
rewrite logic works.
rewrite logic works.
docs/userguide/credentials.rst | 7 +++++--
tests/conftest.py | 4 ++++
tests/test_commands.py | 11 +++++++++++
tests/test_commands/test-url-rewrite.yml | 9 +++++++++
4 files changed, 29 insertions(+), 2 deletions(-)
tests/conftest.py | 4 ++++
tests/test_commands.py | 11 +++++++++++
tests/test_commands/test-url-rewrite.yml | 9 +++++++++
create mode 100644 tests/test_commands/test-url-rewrite.yml
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index 06028d2a4..d1fcc2cc9 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -55,9 +55,12 @@ to automatically rewrite the urls of the repositories to clone via https
for repos stored on the same server. Technically this is achieved by adding
`insteadof` entries to the ``.gitconfig`` file.
+For backwards compatibility, the git rewrite rules are only added if
+``.gitconfig`` does not exists and no SSH configuration is provided.
+
.. note::
- For backwards compatibility, the git rewrite rules are only added if
- ``.gitconfig`` does not exists and no SSH configuration is provided.
+ Make sure to assign the correct permissions to the ``CI_JOB_TOKEN``.
+ For details, see `GitLab CI/CD job token <https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html>`_.
Netrc File
.. note::
- For backwards compatibility, the git rewrite rules are only added if
- ``.gitconfig`` does not exists and no SSH configuration is provided.
+ Make sure to assign the correct permissions to the ``CI_JOB_TOKEN``.
+ For details, see `GitLab CI/CD job token <https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html>`_.
----------
diff --git a/tests/conftest.py b/tests/conftest.py
index 9823a8aa4..ef0dc9d10 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -35,6 +35,10 @@ ENVVARS_KAS = [
index 9823a8aa4..ef0dc9d10 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
'SSH_PRIVATE_KEY',
'SSH_PRIVATE_KEY_FILE',
Felix Moessbauer
May 8, 2024, 11:32:22 AM5/8/24
to kas-...@googlegroups.com, jan.k...@siemens.com, Frieder Schrempf, Felix Moessbauer
Proposed-by: Frieder Schrempf <frieder....@kontron.de>
docs/command-line/environment-variables.inc | 4 ++--
docs/userguide/credentials.rst | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
index 112936da8..db1ac928a 100644
--- a/docs/command-line/environment-variables.inc
+++ b/docs/command-line/environment-variables.inc
@@ -126,9 +126,9 @@ Variables Glossary
| ``NETRC_FILE`` | Path to a .netrc file which will be copied to |
| (K,C) | the kas home dir as .netrc. |
+--------------------------+--------------------------------------------------+
-| ``CI_SERVER_HOST`` | Environment variables from gitlab CI, if set |
+| ``CI_SERVER_HOST`` | Environment variables from GitLab CI, if set |
| ``CI_JOB_TOKEN`` | .netrc is configured to allow fetching from |
-| ``CI_JOB_URL`` | the gitlab instance. An entry will be appended |
+| ``CI_JOB_URL`` | the GitLab instance. An entry will be appended |
| (K) | in case ``NETRC_FILE`` was given as well. Note |
| | that if the file already contains an entry for |
| | that host most tools would probably take that |
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index d1fcc2cc9..1ce84e7e4 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -37,7 +37,7 @@ setting the corresponding environment variables. These are added to the
-Github Actions
+GitHub Actions
~~~~~~~~~~~~~~
In combination with the
@@ -45,7 +45,7 @@ In combination with the
+GitLab CI
~~~~~~~~~
When running in the GitLab CI, the ``CI_JOB_TOKEN`` can be used to access
@@ -66,7 +66,7 @@ Netrc File
----------
A ``.netrc`` file can be used to provide credentials for git or the
-HTTP(S) / FTP fetcher. When running in the Gitlab CI, the ``CI_JOB_TOKEN``
+HTTP(S) / FTP fetcher. When running in the GitLab CI, the ``CI_JOB_TOKEN``
is appended to automatically grant access to repositories that can be
accessed by the user that triggered the CI pipeline.
--
2.39.2
docs/command-line/environment-variables.inc | 4 ++--
docs/userguide/credentials.rst | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/docs/command-line/environment-variables.inc b/docs/command-line/environment-variables.inc
index 112936da8..db1ac928a 100644
--- a/docs/command-line/environment-variables.inc
+++ b/docs/command-line/environment-variables.inc
@@ -126,9 +126,9 @@ Variables Glossary
| ``NETRC_FILE`` | Path to a .netrc file which will be copied to |
| (K,C) | the kas home dir as .netrc. |
+--------------------------+--------------------------------------------------+
-| ``CI_SERVER_HOST`` | Environment variables from gitlab CI, if set |
+| ``CI_SERVER_HOST`` | Environment variables from GitLab CI, if set |
| ``CI_JOB_TOKEN`` | .netrc is configured to allow fetching from |
-| ``CI_JOB_URL`` | the gitlab instance. An entry will be appended |
+| ``CI_JOB_URL`` | the GitLab instance. An entry will be appended |
| (K) | in case ``NETRC_FILE`` was given as well. Note |
| | that if the file already contains an entry for |
| | that host most tools would probably take that |
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index d1fcc2cc9..1ce84e7e4 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -37,7 +37,7 @@ setting the corresponding environment variables. These are added to the
When running in a GitHub Action or GitLab CI job, the ``.gitconfig`` file
is automatically injected.
-Github Actions
+GitHub Actions
~~~~~~~~~~~~~~
In combination with the
@@ -45,7 +45,7 @@ In combination with the
this automatically makes the required credentials available to kas and
bitbake.
-Gitlab CI
bitbake.
+GitLab CI
~~~~~~~~~
When running in the GitLab CI, the ``CI_JOB_TOKEN`` can be used to access
@@ -66,7 +66,7 @@ Netrc File
----------
A ``.netrc`` file can be used to provide credentials for git or the
-HTTP(S) / FTP fetcher. When running in the Gitlab CI, the ``CI_JOB_TOKEN``
+HTTP(S) / FTP fetcher. When running in the GitLab CI, the ``CI_JOB_TOKEN``
is appended to automatically grant access to repositories that can be
accessed by the user that triggered the CI pipeline.
--
2.39.2
MOESSBAUER, Felix
May 8, 2024, 11:36:24 AM5/8/24
to kas-...@googlegroups.com, frieder....@kontron.de, Kiszka, Jan
I added a second rewrite as you proposed, but for me I had to add
"ssh://git@{ci_server}/" (see v2 of this series). I hope this works for
you as well, otherwise I'll add a third line ;)
Felix
>
> > + }
> > config.write()
> >
> > def execute(self, ctx):
Siemens AG, Technology
Linux Expert Center
Frieder Schrempf
May 8, 2024, 1:23:18 PM5/8/24
to MOESSBAUER, Felix, kas-...@googlegroups.com, Kiszka, Jan
wrong. Writing mails in a hurry is never a good idea :)
Frieder Schrempf
May 8, 2024, 1:27:17 PM5/8/24
to Felix Moessbauer, kas-...@googlegroups.com, jan.k...@siemens.com
On 08.05.24 13:13, Felix Moessbauer wrote:
> When running in a Github Action or in Gitlab CI, we automatically
> forward the .gitconfig into the kas environment (both for kas repo
> cloning, as well as for bitbake). By that, we keep the same semantics
> both for Github Actions, as well as for the Gitlab CI.
>
> Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
Tested-by: Frieder Schrempf <frieder....@kontron.de>
> forward the .gitconfig into the kas environment (both for kas repo
> cloning, as well as for bitbake). By that, we keep the same semantics
> both for Github Actions, as well as for the Gitlab CI.
>
> Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
Reviewed-by: Frieder Schrempf <frieder....@kontron.de>
Frieder Schrempf
May 8, 2024, 1:28:52 PM5/8/24
to Felix Moessbauer, kas-...@googlegroups.com, jan.k...@siemens.com
On 08.05.24 17:31, Felix Moessbauer wrote:
> When running in a Github Action or in Gitlab CI, we automatically
> forward the .gitconfig into the kas environment (both for kas repo
> cloning, as well as for bitbake). By that, we keep the same semantics
> both for Github Actions, as well as for the Gitlab CI.
>
> Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com
> When running in a Github Action or in Gitlab CI, we automatically
> forward the .gitconfig into the kas environment (both for kas repo
> cloning, as well as for bitbake). By that, we keep the same semantics
> both for Github Actions, as well as for the Gitlab CI.
>
> Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com
Frieder Schrempf
May 8, 2024, 1:29:35 PM5/8/24
to Felix Moessbauer, kas-...@googlegroups.com, jan.k...@siemens.com
On 08.05.24 17:31, Felix Moessbauer wrote:
> When running in the gitlab ci, we now automatically configure git to
> clone the repositories on the CI server using https and the
> CI_JOB_TOKEN. For backwards compatibility, this auto-injection is only
> performed if no local git config or SSH config is provided.
> This makes it easier for our users to use KAS in the Gitlab CI, as
> things just work out of the box without any manual configuration needed.
>
> For the Github CI this was already possible. By that, no change is
> needed.
>
> Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
> clone the repositories on the CI server using https and the
> CI_JOB_TOKEN. For backwards compatibility, this auto-injection is only
> performed if no local git config or SSH config is provided.
> This makes it easier for our users to use KAS in the Gitlab CI, as
> things just work out of the box without any manual configuration needed.
>
> For the Github CI this was already possible. By that, no change is
> needed.
>
> Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
Frieder Schrempf
May 8, 2024, 1:30:23 PM5/8/24
to Felix Moessbauer, kas-...@googlegroups.com, jan.k...@siemens.com
Hi Felix,
On 08.05.24 17:31, Felix Moessbauer wrote:
Thanks
Frieder
On 08.05.24 17:31, Felix Moessbauer wrote:
> This series makes a kas project config "just work" on Gitlab CI.
> It does so by automatically configuring the ssh->https git rewrite
> logic (for both kas and bitbake) so that the CI_JOB_TOKEN can be used
> to authenticate against the gitlab server.
>
> It would be great, if more people could test this on their own
> gitlab CI instances and provide feedback. A test container with
> this series can be found on: ghcr.io/fmoessbauer/kas/kas:next
>
> Changes since v1:
> - also add git rewrite for bitbake fetcher (thanks to Frieder Schrempf)
> - correct spelling of GitHub and GitLab in the docs
> - updated test container on ghcr.io
Great stuff, thanks! Works just fine for me and looks very good.
> It does so by automatically configuring the ssh->https git rewrite
> logic (for both kas and bitbake) so that the CI_JOB_TOKEN can be used
> to authenticate against the gitlab server.
>
> It would be great, if more people could test this on their own
> gitlab CI instances and provide feedback. A test container with
> this series can be found on: ghcr.io/fmoessbauer/kas/kas:next
>
> Changes since v1:
> - also add git rewrite for bitbake fetcher (thanks to Frieder Schrempf)
> - correct spelling of GitHub and GitLab in the docs
> - updated test container on ghcr.io
Thanks
Frieder
Jan Kiszka
May 10, 2024, 4:41:28 AM5/10/24
to Felix Moessbauer, kas-...@googlegroups.com, Frieder Schrempf
On 08.05.24 17:31, Felix Moessbauer wrote:
Jan
Reply all
Reply to author
Forward
0 new messages