Authentication for HTTPS cloning about gitman HOT 7 CLOSED

@jacebrowning I think this would be valuable to add if you are considering having some documentation on CI implementations. The documentation only describes the local development which, I would say, is only half of the work.

You could of course simply redirect the user to the official documentation page from the different CI providers but it would be cool if you could have a small compact guide for how to implement the tool in the different systems.

I can help draft such a documentation for Azure DevOps at least.

from gitman.

Gitman calls git as a subprocess. You emulate this in a Python shell:

python
>>> import subprocess
>>> subprocess.run(["git", "clone", "https://dev.azure.com/***/***/***/"])

Does that work?

Here are the setup docs in case you missed them: https://gitman.readthedocs.io/en/latest/setup/git/

from gitman.

As mentioned try at first to clone the repository via calling git as subprocess to investigate the problem without gitman.
Have found some tipps that are dealing with this issue, may this help: https://stackoverflow.com/questions/35834117/authentication-failed-for-https-xxx-visualstudio-com-defaultcollection-git-pr

from gitman.

I am currently investigating this as I would like to find a solution that works both for local development and CI. I would prefer to configure git using command line for automatic build to be authenticated as well. FYI I am working with Azure Pipelines.

It seems like if you would like to use the System.AccessToken for authenticating using the identity of the pipeline. This will be done using the folllowing git command git clone -c http.extraheader="AUTHORIZATION: bearer <System_AccessToken>" [some-repo-url]. Is it possible to somehow inject this header into the git command invoked by the Python subprocess implemented in Gitman?

from gitman.

You could try passing the extra parameter using the params setting in the Gitman configuration file: https://gitman.readthedocs.io/en/latest/setup/configuration/#gitman.models.source.Source--params

Unfortunately that will mean keeping your secret in Git, but let's see if it clones first, then work on alternative approaches.

from gitman.

I manage to authenticate to the repository using the system token in Azure DevOps like so.
git config --global http.extraheader "AUTHORIZATION: bearer $(System.AccessToken)". This command was executed before any Gitman commands. Alternatively I could've executed the Gitman command using the params configuration but this would imply that I use a system token for authenticating locally.

In addition I had to disable Protect access to repositories in YAML pipelines in Azure DevOps. After this I could clone the repositories in Azure Pipelines using HTTPS. In Azure DevOps it is not possible to clone other repositories using command line git if this setting is enabled. More information can found here.

Locally I simply used the Git credential manager.

This setup allows me to have the same Gitman configuration file for both local development and automated builds in Azure DevOps using HTTPS.

from gitman.

@SebastianBalle thanks for sharing!

Would that be worth adding to the setup docs or do you think it's mostly specific to your situation?

from gitman.