test-infra icon indicating copy to clipboard operation
test-infra copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

Prow - Allow passing of Personal Access Tokens for http based git clone

Open Abhinand-Gokul opened this issue 2 years ago • 5 comments

What would you like to be added: We have a private Github Enterprise which has ssh disabled for cloning in our organisation. It would be great if we can add a mechanism for allow clonrefs pod-utilities to have a mechanism to use personal access tokens to do https git clone.

Why is this needed: We currently have a workaround where we are hardcoding the PAT as part of the URI in clone_uri directive like below :

clone_uri: "https://e7657da3da4a852521ca4224a206a4cf061ba269:[email protected]/foo/bar.git" where e7657da3da4a852521ca4224a206a4cf061ba269 is a (fake) github enterprise personal access token.

I would not like this personal access token to be persisted in git at all but maybe passed as an env variable to our container which would then run our presubmit or postsubmit jobs.

Abhinand-Gokul avatar May 23 '22 14:05 Abhinand-Gokul

/sig testing

Abhinand-Gokul avatar May 23 '22 14:05 Abhinand-Gokul

Hi, I have the same problem. are you working on adding this? is there a timeline?

YoniRomm avatar Jul 07 '22 07:07 YoniRomm

I'm wondering if it is possible that the prow-controller-manager can use it's Github App access tokens to inject it into the cloneref container?

erichorwath avatar Jul 07 '22 17:07 erichorwath

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Oct 05 '22 17:10 k8s-triage-robot

/remove-lifecycle stale

Abhinand-Gokul avatar Oct 06 '22 08:10 Abhinand-Gokul

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jan 04 '23 09:01 k8s-triage-robot

This is already implemented in Prow. Please check https://github.com/kubernetes/test-infra/blob/master/prow/apis/prowjobs/v1/types.go#L496-L498

Example:

      decoration_config:
        oauth_token_secret:
          key: oauth # The key of the secret
          name: github-cloner  # Secret name

droslean avatar Feb 02 '23 10:02 droslean

/close

droslean avatar Feb 02 '23 10:02 droslean

@droslean: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Feb 02 '23 10:02 k8s-ci-robot