func icon indicating copy to clipboard operation
func copied to clipboard

Published 20 hours ago verified publisher icon knative

On-cluster build: Code from private Git repository

Open lance opened this issue 3 years ago • 14 comments

git-clone supports credentials, auth: https://hub.tekton.dev/tekton/task/git-clone

There should be a user friendly way how to add credentials that will be used by pipeline. Users shouldn't create additinonal resources themselves, all of it should be handled by func cli.

lance avatar Feb 22 '22 17:02 lance

This issue is stale because it has been open for 90 days with no activity. It will automatically close after 30 more days of inactivity. Reopen the issue with /reopen. Mark the issue as fresh by adding the comment /remove-lifecycle stale.

github-actions[bot] avatar Jul 21 '22 01:07 github-actions[bot]

/remove-lifecycle stale

@Shashankft9 any update on this please?

zroubalik avatar Jul 21 '22 08:07 zroubalik

I can take this on if you'd like @Shashankft9

Couple of questions:

  • Should we be adding support for ssh credentials, basic auth or both?

Users shouldn't create additinonal resources themselves, all of it should be handled by func cli

I assumed the user should still create a Secret with the ssh credentials (or basic auth creds). And maybe the name of the Secret can be a part of func.yaml and/or cli option?

gab-satchi avatar Aug 31 '22 11:08 gab-satchi

sure Gab, and thanks /unassign /assign @gab-satchi

Shashankft9 avatar Aug 31 '22 12:08 Shashankft9

@gab-satchi I'd prefer if we can actually create the secret for user. Or try to think about the best solution from users perspective.

Image that the user does have very limited knowledge of k8s.

zroubalik avatar Sep 01 '22 11:09 zroubalik

This issue is stale because it has been open for 90 days with no activity. It will automatically close after 30 more days of inactivity. Reopen the issue with /reopen. Mark the issue as fresh by adding the comment /remove-lifecycle stale.

github-actions[bot] avatar Jan 04 '23 01:01 github-actions[bot]

/remove-lifecycle stale

zroubalik avatar Jan 04 '23 08:01 zroubalik

@zroubalik I tried something and I wanted to share if it would be good for upstream as well - let me know what you think:

(only tested with basic auth right now, but should in principle work with ssh as well)

User will have to create a secret like this:

kind: Secret
apiVersion: v1
metadata:
  name: my-basic-auth-secret
type: Opaque
stringData:
  .gitconfig: |
    [credential "https://gitlab.com"]
      helper = store
  .git-credentials: |
    https://username:[email protected]

Change the func.yaml to include secretName under git.

Following changes are to be done to a functions pipeline and pipelinerun only if the above git.secretName is specified, otherwise it stays the same. The secretName is reflected in the pipelinerun.

Change the pipeline that gets created for every function to look something like this:

  tasks:
  - name: fetch-sources
    params:
    - name: url
      value: $(params.gitRepository)
    - name: revision
      value: $(params.gitRevision)
    taskRef:
      kind: Task
      name: git-clone
    workspaces:
    - name: output
      workspace: source-workspace
    - name: basic-auth
      workspace: basic-auth-workspace
...
  workspaces:
  - description: Directory where function source is located.
    name: source-workspace
  - description: Directory containing image registry credentials stored in `config.json`
      file.
    name: dockerconfig-workspace
    optional: true
  - description: Directory where Buildpacks cache is stored.
    name: cache-workspace
  - name: basic-auth-workspace

Change the pipeline that gets created to something like this:

  workspaces:
  - name: source-workspace
    persistentVolumeClaim:
      claimName: test-pack-git-pipeline-pvc
    subPath: source
  - name: dockerconfig-workspace
    secret:
      secretName: test-pack-git-pipeline-secret
  - name: cache-workspace
    persistentVolumeClaim:
      claimName: test-pack-git-pipeline-pvc
    subPath: cache
  - name: basic-auth-workspace
    secret:
      secretName: my-basic-auth-secret

Shashankft9 avatar May 11 '23 13:05 Shashankft9

Unassigning due to inactivity Please feel free to re-assign yourself if you're still working on it @gab-satchi !

lkingland avatar Aug 15 '23 12:08 lkingland

This issue is stale because it has been open for 90 days with no activity. It will automatically close after 30 more days of inactivity. Reopen the issue with /reopen. Mark the issue as fresh by adding the comment /remove-lifecycle stale.

github-actions[bot] avatar Mar 08 '24 01:03 github-actions[bot]

/remove-lifecycle stale

Shashankft9 avatar Mar 11 '24 05:03 Shashankft9

This issue is stale because it has been open for 90 days with no activity. It will automatically close after 30 more days of inactivity. Reopen the issue with /reopen. Mark the issue as fresh by adding the comment /remove-lifecycle stale.

github-actions[bot] avatar Jun 10 '24 01:06 github-actions[bot]

remove-lifecycle stale

Shashankft9 avatar Jun 10 '24 15:06 Shashankft9

This issue is stale because it has been open for 90 days with no activity. It will automatically close after 30 more days of inactivity. Reopen the issue with /reopen. Mark the issue as fresh by adding the comment /remove-lifecycle stale.

github-actions[bot] avatar Sep 12 '24 01:09 github-actions[bot]