eth0izzle
Adding support for GHE
This adds support for GHE by allowing to add a GHE url in the config. We also have to add the token as auth on the clone url.
I'm pretty new to go so feedback is much appreciated.
I think it would be good to have Github username and password also included, as quite often it's required to interact with repos in GHE. Like in https://github.com/0xtavian/shhgit (just handling the URL and credentials as settings and not hardcoded to compiled code)
You don't actually need the username, only the token. The differences is that on Github.com you don't need credentials to clone a a public repository over https, on GHE you do. At least by default.
So in this PR I've added the token to the git clone url like so: https://<your_token>@mygithubenterprise.com/org/repo
Or am I missing a case where you need both?
You don't actually need the username, only the token. The differences is that on Github.com you don't need credentials to clone a a public repository over https, on GHE you do. At least by default.
So in this PR I've added the token to the git clone url like so:
https://<your_token>@mygithubenterprise.com/org/repoOr am I missing a case where you need both?
I see. Then I think there should be mention about that in documentation, because with rate-limiting token doesn't need to have any rights (and shouldn't have any rights).
I don't have access to GHE but the code looks sound. @Hi-Fi @pradeepkusingh have you merged/tested locally?
I don't have access to GHE but the code looks sound. @Hi-Fi @pradeepkusingh have you merged/tested locally?
I haven't check this (we had solution based on @0xtavian solution), but I can check this after PR is rebased with master and doesn't have conflicts.
I'm out and about so I had to resolve the conflicts in the browser, but should be fine as there was just minor stuff.
@eth0izzle @Hi-Fi @brujoand GitHub enterprises require the username and API key AFAIK. I have tested a few before and they all require username + API key. Has anyone expirenced issues with this new build? I will try it and let you know if it works. Do we have someone confirming its working as intended?
I know this only has one upvote but I've encountered many GHE that simply use the API key as a password, so only supplying the key to the API will fail to auth. Its expecting a username + password (aka API KEY) https://stackoverflow.com/questions/51751828/clone-a-repository-from-github-enterprise-with-go-git
https://developer.github.com/v3/auth/#via-oauth-and-personal-access-tokens I guess it possibly specific to the authentication scheme.
curl -u username:token https://api.github.com/user
In my fork it wasn't possible to auth without the username. I tried a few times until finding out missing the username was the issue
Alright, I just tested this again, to make sure.
$ git clone https://our.github.com/org/repo.git
Cloning into 'repo'...
Username for 'https://our.github.com': ^C
$ git clone https://${GITHUB_TOKEN}@our.github.com/org/repo.git
Cloning into 'repo'...
remote: Enumerating objects: 21, done.
remote: Counting objects: 100% (21/21), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 324 (delta 11), reused 15 (delta 6), pack-reused 303
Receiving objects: 100% (324/324), 81.38 KiB | 3.25 MiB/s, done.
Resolving deltas: 100% (174/174), done.
$ git clone https://potatoesaregreat:${GITHUB_TOKEN}@our.github.com/org/repo.git
Cloning into 'repo'...
remote: Enumerating objects: 21, done.
remote: Counting objects: 100% (21/21), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 324 (delta 11), reused 15 (delta 6), pack-reused 303
Receiving objects: 100% (324/324), 81.38 KiB | 3.25 MiB/s, done.
Resolving deltas: 100% (174/174), done.
So basically, it does not matter what you put in the username, the point is to use basic auth and Github Enterprise will use the token only.
In my fork it wasn't possible to auth without the username. I tried a few times until finding out missing the username was the issue
What version of Github Enterprise were you using? And the code in this PR failed? If so does your token have the permission to access
Hi,
This seems to work fine on GHE 2.19.15 for me. Thank you @brujoand for putting this together, so I didn't need to 👍
@brujoand can you update your branch to the latest and I'll merge this in. Thanks!
Tried to fix through the web ui, will have to get some time later on a proper machine.
Hi @brujoand ,
This is working fine on GHE and 1 issue i noticed is it doesn't work if we configure more than 2 GHE tokens.
This adds support for GHE by allowing to add a GHE url in the config. We also have to add the token as auth on the clone url.
I'm pretty new to go so feedback is much appreciated.
Hi @brujoand ,
This is working fine on GHE and 1 issue i noticed is it doesn't work if we configure more than 2 GHE tokens.
@jeffa17 hi, it was actually my intention that this should only be a single token. Bypassing your own company's rate limit sounds like a good way to meet HR. But jokes aside, I guess an error message should have been printed or support multiple tokens for GHE like with Github.
@jeffa17 hi, it was actually my intention that this should only be a single token. Bypassing your own company's rate limit sounds like a good way to meet HR. But jokes aside, I guess an error message should have been printed or support multiple tokens for GHE like with Github.
@brujoand i need to help IT team monitoring internal repos for accidental secret commits and i'm completely new to this. i'm using a windows machine and when we execute with more than 2 tokens, it is just displaying blank screen.(may be i can share screenshot if needed)
Could you help if this supports gitlab (hosted) by modifying config or urls?
@brujoand I'm going to refrain merging this in for now. I've been working on v2 (see the branch I've pushed) and the "sources" will be modular, making it a lot easier to support GHE.
@jeffa17 Could you run shhgit with the --local flag? Perhaps on a scheduled cron or you could trigger after commiting via GHE pipelines.
This method doesn't work for cloud hosted GHE. For cloud hosted GHE we should be only looking for https://api.github.com/orgname/
