Simplify auto-generated pac-gitauth secret URL

openshift-pipelines · Jun 26, 2023 · 0c393f1 · 0c393f1
1 parent 0e4cddb
commit 0c393f1
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 1 deletion.
diff --git a/docs/content/docs/guide/privaterepo.md b/docs/content/docs/guide/privaterepo.md
@@ -18,6 +18,12 @@ This secret contains a [Git Config](https://git-scm.com/docs/git-config) file:
 file: .git-credentials, which includes the https URL using the token obtained
 from the GitHub application or secret attached to the repo CR.
 
+{{< hint info >}} For compatibility, the [Git
+Config](https://git-scm.com/docs/git-config) file uses the detected repository's
+base URL instead of the full URL. For more information, see [this
+issue](https://github.com/openshift-pipelines/pipelines-as-code/issues/1307) {{<
+/hint >}}
+
 The secret includes a key referencing the token as a key to let you easily use it in your task for
 other provider operations. See the documentation with example on how to use it
 [here](../authoringprs/#using-the-temporary-github-app-token-for-github-api-operations)

diff --git a/pkg/secrets/basic_auth.go b/pkg/secrets/basic_auth.go
@@ -54,9 +54,10 @@ func MakeBasicAuthSecret(runevent *info.Event, secretName string) (*corev1.Secre
 	// in the *** to do it in shell.
 	token := url.QueryEscape(runevent.Provider.Token)
 
+	baseCloneURL := fmt.Sprintf("%s://%s", repoURL.Scheme, repoURL.Host)
 	urlWithToken := fmt.Sprintf("%s://%s:%s@%s%s", repoURL.Scheme, gitUser, token, repoURL.Host, repoURL.Path)
 	secretData := map[string]string{
-		".gitconfig":       fmt.Sprintf(basicAuthGitConfigData, cloneURL),
+		".gitconfig":       fmt.Sprintf(basicAuthGitConfigData, baseCloneURL),
 		".git-credentials": urlWithToken,
 		// With the GitHub APP method the token is available for 8h if you have
 		// the user to server token expiration.  the token is scoped to the

diff --git a/pkg/secrets/basic_auth_test.go b/pkg/secrets/basic_auth_test.go
@@ -1,6 +1,8 @@
 package secrets
 
 import (
+	"fmt"
+	"regexp"
 	"strings"
 	"testing"
 
@@ -25,6 +27,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
 		name                    string
 		targetNS                string
 		event                   info.Event
+		expectedGitConfigURL    string
 		expectedGitCredentials  string
 		expectedStartSecretName string
 		expectedError           bool
@@ -34,6 +37,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
 			name:                    "Target secret not there",
 			targetNS:                nsNotThere,
 			event:                   event,
+			expectedGitConfigURL:    "https://forge",
 			expectedGitCredentials:  "https://git:verysecrete@forge/owner/repo",
 			expectedStartSecretName: "pac-gitauth-owner-repo",
 			expectedLabels: map[string]string{
@@ -50,6 +54,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
 				Repository:   "yoyo",
 				URL:          "https://forge/owner/yoyo/foo/bar/linux/kernel",
 			},
+			expectedGitConfigURL:    "https://forge",
 			expectedGitCredentials:  "https://git:verysecrete@forge/owner/yoyo/foo/bar/linux/kernel",
 			expectedStartSecretName: "pac-gitauth-owner-repo",
 			expectedLabels: map[string]string{
@@ -62,13 +67,15 @@ func TestCreateBasicAuthSecret(t *testing.T) {
 			name:                    "Use clone URL",
 			targetNS:                nsNotThere,
 			event:                   event,
+			expectedGitConfigURL:    "https://forge",
 			expectedGitCredentials:  "https://git:verysecrete@forge/owner/repo",
 			expectedStartSecretName: "pac-gitauth-owner-repo",
 		},
 		{
 			name:                    "Target secret already there",
 			targetNS:                nsthere,
 			event:                   event,
+			expectedGitConfigURL:    "https://forge",
 			expectedGitCredentials:  "https://git:verysecrete@forge/owner/repo",
 			expectedStartSecretName: "pac-gitauth-owner-repo",
 		},
@@ -80,6 +87,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
 				Repository:   "CASE",
 				URL:          "https://forge/UPPER/CASE",
 			},
+			expectedGitConfigURL:    "https://forge",
 			expectedGitCredentials:  "https://git:verysecrete@forge/UPPER/CASE",
 			expectedStartSecretName: "pac-gitauth-upper-case",
 		},
@@ -92,6 +100,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
 				URL:          "https://forge/hello/moto",
 				CloneURL:     "https://forge/miss/robinson",
 			},
+			expectedGitConfigURL:    "https://forge",
 			expectedGitCredentials:  "https://git:verysecrete@forge/miss/robinson",
 			expectedStartSecretName: "pac-gitauth-upper-case",
 		},
@@ -107,6 +116,7 @@ func TestCreateBasicAuthSecret(t *testing.T) {
 					Token: "supersecrete",
 				},
 			},
+			expectedGitConfigURL:    "https://forge",
 			expectedGitCredentials:  "https://superman:supersecrete@forge/bat/cave",
 			expectedStartSecretName: "pac-gitauth-upper-case",
 		},
@@ -126,6 +136,11 @@ func TestCreateBasicAuthSecret(t *testing.T) {
 				}
 			}
 			assert.Assert(t, strings.HasPrefix(secret.GetName(), tt.expectedStartSecretName))
+			gitConfig := secret.StringData[".gitconfig"]
+			regPattern := fmt.Sprintf("\\[credential\\s+\\\"%s\\\"\\]", tt.expectedGitConfigURL)
+			match, err := regexp.MatchString(regPattern, gitConfig)
+			assert.NilError(t, err)
+			assert.Assert(t, match, ".gitconfig URL should not have path component: %s", gitConfig)
 			assert.Equal(t, secret.StringData[".git-credentials"], tt.expectedGitCredentials)
 		})
 	}