You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added support for authenticated git cloning using `gitToken` and `gitTokenKey`
parameters. Updated documentation to reflect the new parameters and their
usage. Modified resolver functions to handle authentication when cloning
repositories. Added tests to verify the functionality of authenticated git
cloning.
The differences between the two modes are:
- The `git clone` method support anonymous cloning and authenticated cloning.
- Depending of the Git provider `git clone` has a lower rate limit (if none)
than the authenticated API.
- The authenticated API supports private repositories and fetches only the file
at the specified path rather than doing a full clone.
Signed-off-by: Chmouel Boudjnah <[email protected]>
|`url`| URL of the repo to fetch and clone anonymously. Either `url`, or `repo` (with `org`) must be specified, but not both. |`https://github.com/tektoncd/catalog.git`|
19
-
|`repo`| The repository to find the resource in. Either `url`, or `repo` (with `org`) must be specified, but not both. |`pipeline`, `test-infra`|
20
-
|`org`| The organization to find the repository in. Default can be set in [configuration](#configuration). |`tektoncd`, `kubernetes`|
21
-
|`token`| An optional secret name in the `PipelineRun` namespace to fetch the token from. Defaults to empty, meaning it will try to use the configuration from the global configmap. |`secret-name`, (empty) |
22
-
|`tokenKey`| An optional key in the token secret name in the `PipelineRun` namespace to fetch the token from. Defaults to `token`. |`token`|
23
-
|`revision`| Git revision to checkout a file from. This can be commit SHA, branch or tag. |`aeb957601cf41c012be462827053a21a420befca``main``v0.38.2`|
24
-
|`pathInRepo`| Where to find the file in the repo. |`task/golang-build/0.3/golang-build.yaml`|
25
-
|`serverURL`| An optional server URL (that includes the https:// prefix) to connect for API operations |`https:/github.mycompany.com`|
26
-
|`scmType`| An optional SCM type to use for API operations |`github`, `gitlab`, `gitea`|
|`url`| URL of the repo to fetch and clone anonymously. Either `url`, or `repo` (with `org`) must be specified, but not both. |`https://github.com/tektoncd/catalog.git`|
19
+
|`repo`| The repository to find the resource in. Either `url`, or `repo` (with `org`) must be specified, but not both. |`pipeline`, `test-infra`|
20
+
|`org`| The organization to find the repository in. Default can be set in [configuration](#configuration). |`tektoncd`, `kubernetes`|
21
+
|`token`| An optional secret name in the `PipelineRun` namespace to fetch the token from. Defaults to empty, meaning it will try to use the configuration from the global configmap. |`secret-name`, (empty) |
22
+
|`tokenKey`| An optional key in the token secret name in the `PipelineRun` namespace to fetch the token from. Defaults to `token`. |`token`|
23
+
|`gitToken`| An optional secret name in the `PipelineRun` namespace to fetch the token from when doing opration with the `git clone`. When empty it will use anonymous cloning. |`secret-gitauth-token`|
24
+
|`gitTokenKey`| An optional key in the token secret name in the `PipelineRun` namespace to fetch the token from when using the `git clone`. Defaults to `token`. |`token`|
25
+
|`revision`| Git revision to checkout a file from. This can be commit SHA, branch or tag. |`aeb957601cf41c012be462827053a21a420befca``main``v0.38.2`|
26
+
|`pathInRepo`| Where to find the file in the repo. |`task/golang-build/0.3/golang-build.yaml`|
27
+
|`serverURL`| An optional server URL (that includes the https:// prefix) to connect for API operations |`https:/github.mycompany.com`|
28
+
|`scmType`| An optional SCM type to use for API operations |`github`, `gitlab`, `gitea`|
27
29
28
30
## Requirements
29
31
@@ -55,11 +57,25 @@ for the name, namespace and defaults that the resolver ships with.
55
57
56
58
## Usage
57
59
58
-
The `git` resolver has two modes: cloning a repository anonymously, or fetching individual files via an SCM provider's API using an API token.
60
+
The `git` resolver has two modes: cloning a repository with `git clone` (with
61
+
the `go-git` library), or fetching individual files via an SCM provider's API
62
+
using an API token.
59
63
60
-
### Anonymous Cloning
64
+
The differences between the two modes are:
61
65
62
-
Anonymous cloning is supported only for public repositories. This mode clones the full git repo.
66
+
- The `git clone` method support anonymous cloning and authenticated cloning.
67
+
- When it comes to throughput, `git clone` is a more efficient option because
68
+
it is not subject to the same rate limits as API calls. This is a key
69
+
difference between the two modes: `git clone` supports both anonymous and
70
+
authenticated cloning, and depending on the Git provider, it often has a
71
+
higher rate limit compared to authenticated API calls.
72
+
- The `git clone` method is inefficient for larger repositories, as it clones the
73
+
entire repository in memory, whereas the authenticated API fetches only the
74
+
files at the specified path.
75
+
76
+
### Git Clone with git clone
77
+
78
+
Git clone with `git clone` is supported for anonymous and authenticated cloning.
63
79
64
80
#### Task Resolution
65
81
@@ -78,6 +94,11 @@ spec:
78
94
value: main
79
95
- name: pathInRepo
80
96
value: task/git-clone/0.6/git-clone.yaml
97
+
# Uncomment the following lines to use a secret with a token
98
+
# - name: gitToken
99
+
# value: "secret-with-token"
100
+
# - name: gitTokenKey (optional, defaults to "token")
101
+
# value: "token"
81
102
```
82
103
83
104
#### Pipeline resolution
@@ -97,6 +118,11 @@ spec:
97
118
value: main
98
119
- name: pathInRepo
99
120
value: pipeline/simple/0.1/simple.yaml
121
+
# Uncomment the following lines to use a secret with a token
122
+
# - name: gitToken
123
+
# value: "secret-with-token"
124
+
# - name: gitTokenKey (optional, defaults to "token")
125
+
# value: "token"
100
126
params:
101
127
- name: name
102
128
value: Ranni
@@ -108,11 +134,12 @@ The authenticated API supports private repositories, and fetches only the file a
108
134
109
135
When using the authenticated API, [providers with implementations in `go-scm`](https://github.com/jenkins-x/go-scm/tree/main/scm/driver) can be used.
110
136
Note that not all `go-scm` implementations have been tested with the `git` resolver, but it is known to work with:
111
-
* github.com and GitHub Enterprise
112
-
* gitlab.com and self-hosted Gitlab
113
-
* Gitea
114
-
* BitBucket Server
115
-
* BitBucket Cloud
137
+
138
+
- github.com and GitHub Enterprise
139
+
- gitlab.com and self-hosted Gitlab
140
+
- Gitea
141
+
- BitBucket Server
142
+
- BitBucket Cloud
116
143
117
144
#### Task Resolution
118
145
@@ -193,11 +220,11 @@ spec:
193
220
194
221
### Specifying Configuration for Multiple Git Providers
195
222
196
-
It is possible to specify configurations for multiple providers and even multiple configurations for same provider to use in
223
+
It is possible to specify configurations for multiple providers and even multiple configurations for same provider to use in
197
224
different tekton resources. Firstly, details need to be added in configmap with the unique identifier key prefix.
198
-
To use them in tekton resources, pass the unique key mentioned in configmap as an extra param to resolver with key
199
-
`configKey`and value will be the unique key. If no `configKey` param is passed, `default` will be used. Default
200
-
configuration to be used for git resolver can be specified in configmap by either mentioning no unique identifier or
225
+
To use them in tekton resources, pass the unique key mentioned in configmap as an extra param to resolver with key
226
+
`configKey`and value will be the unique key. If no `configKey` param is passed, `default` will be used. Default
227
+
configuration to be used for git resolver can be specified in configmap by either mentioning no unique identifier or
201
228
using identifier `default`
202
229
203
230
**Note**: `configKey` should not contain `.` while specifying configurations in configmap
@@ -253,7 +280,7 @@ data:
253
280
254
281
#### Task Resolution
255
282
256
-
A specific configurations from the configMap can be selected by passing the parameter `configKey` with the value
283
+
A specific configurations from the configMap can be selected by passing the parameter `configKey` with the value
257
284
matching one of the configuration keys used in the configMap.
258
285
259
286
```yaml
@@ -304,17 +331,21 @@ spec:
304
331
```
305
332
306
333
## `ResolutionRequest` Status
334
+
307
335
`ResolutionRequest.Status.RefSource` field captures the source where the remote resource came from. It includes the 3 subfields: `url`, `digest` and `entrypoint`.
336
+
308
337
- `url`
309
338
- If users choose to use anonymous cloning, the url is just user-provided value for the `url` param in the [SPDX download format](https://spdx.github.io/spdx-spec/package-information/#77-package-download-location-field).
310
339
- If scm api is used, it would be the clone URL of the repo fetched from scm repository service in the [SPDX download format](https://spdx.github.io/spdx-spec/package-information/#77-package-download-location-field).
311
340
- `digest`
312
-
- The algorithm name is fixed "sha1", but subject to be changed to "sha256" once Git eventually uses SHA256 at some point later. See https://git-scm.com/docs/hash-function-transition for more details.
341
+
- The algorithm name is fixed "sha1", but subject to be changed to "sha256" once Git eventually uses SHA256 at some point later. See <https://git-scm.com/docs/hash-function-transition> for more details.
313
342
- The value is the actual commit sha at the moment of resolving the resource even if a user provides a tag/branch name for the param `revision`.
314
343
- `entrypoint`: the user-provided value for the `path` param.
0 commit comments