[PATCH 1/1] document how to inject git credentials in common CI systems
12 views
Skip to first unread message
Felix Moessbauer
May 7, 2024, 11:24:48 AMMay 7
to kas-...@googlegroups.com, jan.k...@siemens.com, Felix Moessbauer
This patch documents how to easily inject git credentials
in the Github Actions CI, as well as in Gitlab CI.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
docs/userguide/credentials.rst | 26 ++++++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index 1bad160d6..42cc1f810 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -30,11 +30,33 @@ Git Configuration
A ``.gitconfig`` file can be used to provide credentials as well as
url rewrites of git repositories (``insteadof``). To support the patching
of git repositories, kas injects a ``[user]`` section, possibly overwriting
-an existing one. When running in the Github CI, the ``.gitconfig`` file is
-automatically injected. In addition, credential helpers can be used by
+an existing one. In addition, credential helpers can be used by
setting the corresponding environment variables. These are added to the
``.gitconfig`` file as well.
+Github Actions
+~~~~~~~~~~~~~~
+
+When running in a Github Action, the ``.gitconfig`` file is automatically
+injected. In combination with the
+`webfactory/ssh-agent <https://github.com/webfactory/ssh-agent>`_ action,
+this automatically makes the required credentials available to kas and
+bitbake.
+
+Gitlab CI
+~~~~~~~~~
+
+When running in the Gitlab CI, the ``CI_JOB_TOKEN`` can be used to access
+git repositories via https. kas automatically adds this token to the
+``.netrc`` file, where it is picked up by git. To be able to clone via ssh
+locally, but via https in the CI, a rewrite rule needs to be added to the
+``KAS_PREMIRRORS`` CI environment variable. Example:
+
+.. code-block:: yaml
+
+ variables:
+ KAS_PREMIRRORS: "git@${CI_SERVER_HOST}: https://${CI_SERVER_HOST}/"
+
Netrc File
----------
--
2.39.2
in the Github Actions CI, as well as in Gitlab CI.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
docs/userguide/credentials.rst | 26 ++++++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/docs/userguide/credentials.rst b/docs/userguide/credentials.rst
index 1bad160d6..42cc1f810 100644
--- a/docs/userguide/credentials.rst
+++ b/docs/userguide/credentials.rst
@@ -30,11 +30,33 @@ Git Configuration
A ``.gitconfig`` file can be used to provide credentials as well as
url rewrites of git repositories (``insteadof``). To support the patching
of git repositories, kas injects a ``[user]`` section, possibly overwriting
-an existing one. When running in the Github CI, the ``.gitconfig`` file is
-automatically injected. In addition, credential helpers can be used by
+an existing one. In addition, credential helpers can be used by
setting the corresponding environment variables. These are added to the
``.gitconfig`` file as well.
+Github Actions
+~~~~~~~~~~~~~~
+
+When running in a Github Action, the ``.gitconfig`` file is automatically
+injected. In combination with the
+`webfactory/ssh-agent <https://github.com/webfactory/ssh-agent>`_ action,
+this automatically makes the required credentials available to kas and
+bitbake.
+
+Gitlab CI
+~~~~~~~~~
+
+When running in the Gitlab CI, the ``CI_JOB_TOKEN`` can be used to access
+git repositories via https. kas automatically adds this token to the
+``.netrc`` file, where it is picked up by git. To be able to clone via ssh
+locally, but via https in the CI, a rewrite rule needs to be added to the
+``KAS_PREMIRRORS`` CI environment variable. Example:
+
+.. code-block:: yaml
+
+ variables:
+ KAS_PREMIRRORS: "git@${CI_SERVER_HOST}: https://${CI_SERVER_HOST}/"
+
Netrc File
----------
--
2.39.2
Jan Kiszka
May 7, 2024, 11:51:48 AMMay 7
to Felix Moessbauer, kas-...@googlegroups.com
Jan
--
Siemens AG, Technology
Linux Expert Center
Frieder Schrempf
May 7, 2024, 12:00:05 PMMay 7
to Felix Moessbauer, kas-...@googlegroups.com, jan.k...@siemens.com
set in order for kas to forward the git configuration?
I mention this because just today I stumbled over this issue when
bitbake tried to clone a private repo within our GitLab CI pipeline. We
have rewrite rules set up in .gitconfig on the host but they are not
available in kas by default. Adding 'export
GITCONFIG_FILE="~/.gitconfig"' resolves this.
MOESSBAUER, Felix
May 7, 2024, 12:04:47 PMMay 7
to kas-...@googlegroups.com, frieder....@kontron.de, Kiszka, Jan
the only thing needed is the KAS_PREMIRRORS line. Kas then internally
does the rewrite BEFORE passing these commands down to git.
>
> I mention this because just today I stumbled over this issue when
> bitbake tried to clone a private repo within our GitLab CI pipeline.
> We
> have rewrite rules set up in .gitconfig on the host but they are not
> available in kas by default. Adding 'export
> GITCONFIG_FILE="~/.gitconfig"' resolves this.
the Github Actions CI. Is there a particular reason, why you need to
hand-craft the rewrites?
PS: This topic came up in https://github.com/siemens/kas/issues/117
Felix
Frieder Schrempf
May 7, 2024, 12:15:39 PMMay 7
to MOESSBAUER, Felix, kas-...@googlegroups.com, Kiszka, Jan
for the repos cloned by bitbake. Is it supposed to cover both cases?
For using CI_JOB_TOKEN in bitbake clones, I need to add a rewrite to the
git config. Or maybe I'm missing something...
MOESSBAUER, Felix
May 7, 2024, 12:28:39 PMMay 7
to kas-...@googlegroups.com, frieder....@kontron.de, Kiszka, Jan
- indeed - need the .gitconfig file. I'll add a statement about this in
the docs as well. Thanks for bringing this up.
Do you think, it makes sense to automatically make the .gitconfig file
available in the Gitlab CI? We already have that logic for the Github
CI.
Frieder Schrempf
May 8, 2024, 2:43:10 AMMay 8
to MOESSBAUER, Felix, kas-...@googlegroups.com, Kiszka, Jan
> Do you think, it makes sense to automatically make the .gitconfig file
> available in the Gitlab CI? We already have that logic for the Github
> CI.
a similar way and also it would make it easier to migrate non-kas
bitbake pipelines to kas. So yes, would be nice to have this in GitLab
CI as well.
Reply all
Reply to author
Forward
0 new messages