git-credential-manager
git-credential-manager copied to clipboard
git-ecosystem
GCM won't work for go repo with private modules
Version
2.4.1
Operating system
Linux
OS version or distribution
Ubuntu 22.04
Git hosting provider(s)
Azure DevOps, GitHub
Other hosting provider
No response
(Azure DevOps only) What format is your remote URL?
https://{org}.visualstudio.com
Can you access the remote repository directly in the browser?
Yes, I can access the repository
Expected behavior
I've been using ssh key on linux (note: ssh won't work on windows with go get command), after configured git url.insteadOf, GOPRIVATE, etc, I can use git clone and go get.
I would expect GCM behave the same as SSH.
Actual behavior
- configured GOPRIVATE to include private repo (i.e. orgname.visualstudio.com/orgname/*)
- configured git to use credentialType=oauth and credentialStore=gpg
[credential]
helper = /usr/local/bin/git-credential-manager
azreposCredentialType = oauth
credentialStore = gpg
-
go getwon't authenticate against private repo
GIT_TRACE=1 go get -v orgname.visualstudio.com/orgname/projname/reponame.git/[email protected]
# cd /home/xd/goroot/pkg/mod; git ls-remote https://orgname.visualstudio.com/orgname/projname/reponame
23:11:09.952938 git.c:455 trace: built-in: git ls-remote https://orgname.visualstudio.com/orgname/projname/reponame
23:11:09.953007 run-command.c:668 trace: run_command: git remote-https https://orgname.visualstudio.com/orgname/projname/reponame https://orgname.visualstudio.com/orgname/projname/reponame
23:11:09.955273 git.c:742 trace: exec: git-remote-https https://orgname.visualstudio.com/orgname/projname/reponame https://orgname.visualstudio.com/orgname/projname/reponame
23:11:09.955312 run-command.c:668 trace: run_command: git-remote-https https://orgname.visualstudio.com/orgname/projname/reponame https://orgname.visualstudio.com/orgname/projname/reponame
fatal: repository 'https://orgname.visualstudio.com/orgname/projname/reponame/' not found
- i can use git to access dependent repo
Logs
No response
go-git does not currently support credential helper scripts or any other external authentication mechanism (that relies on interactivity).
Related:
- https://github.com/go-git/go-git/issues/28
- https://github.com/go-git/go-git/issues/490
There's an extensive discussion in https://github.com/golang/go/issues/26232 with a proposal and PoC that defines "GOAUTH plugins must return a HttpCredential object as JSON over stdout" as the protocol. There are reference implementations of GOAUTH plugins in golang/tools cmd/auth
I think go can download modules from dev.azure.com using git with git-credential-manager but it is sensitive to configuration. I expect the same would be true for orgname.visualstudio.com.
In .gitconfig try:
[credential]
helper = C:/Program\\ Files/Git/mingw64/bin/git-credential-manager.exe
azreposCredentialType = oauth
[credential "https://dev.azure.com"]
useHttpPath = true
Also check that the go module path is correct - in particular the path required for dev.azure.com seems to be:
dev.azure.com/orgname/projname/_git/reponame.git/subdir
(note the /_git/ part).
Suggested steps to check the go module path:
- Open the repo web page for the Azure DevOps project, click clone and copy the HTTPS URL.
- Check that the URL works with
git clone. - Check that the Go module has the same format as the HTTPS URL.
I think go can download modules from dev.azure.com using git with git-credential-manager but it is sensitive to configuration.
For the record: I also use the same configuration to go-get private dev.azure.com modules (with a different credential.helper path). It works well for me.
