From 96002c7986c7e331d81302a1aed903ca097ebfbd Mon Sep 17 00:00:00 2001 From: Eric Kidd Date: Wed, 28 Feb 2018 06:59:21 -0500 Subject: [PATCH] Add support for accessing private GitHub repositories Thank you to Faraday. --- Dockerfile | 5 +++ git-credential-ghtoken | 79 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100755 git-credential-ghtoken diff --git a/Dockerfile b/Dockerfile index 92b0a38..43bf2b6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,6 +53,11 @@ RUN curl https://sh.rustup.rs -sSf | \ rustup target add x86_64-unknown-linux-musl ADD cargo-config.toml /home/rust/.cargo/config +# Set up a `git credentials` helper for using GH_USER and GH_TOKEN to access +# private repositories if desired. +ADD git-credential-ghtoken /usr/local/bin +RUN git config --global credential.https://github.com.helper ghtoken + # Build a static library version of OpenSSL using musl-libc. This is # needed by the popular Rust `hyper` crate. RUN echo "Building OpenSSL" && \ diff --git a/git-credential-ghtoken b/git-credential-ghtoken new file mode 100755 index 0000000..20a8fd0 --- /dev/null +++ b/git-credential-ghtoken @@ -0,0 +1,79 @@ +#!/bin/bash +# +# Usage: git-credential-ghtoken +# +# Allows `git` to authenticate with GitHub using `GH_USER` and `GH_TOKEN` +# environment variables. +# +# To install this: +# +# git config --global credential.https://github.com.helper \ +# "$(pwd)/scripts/git-credential-ghtoken" +# +# Or copy it into your path and run: +# +# git config --global credential.https://github.com.helper ghtoken +# +# +# Copyright (c) 2018 Faraday, Inc. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +# Standard paranoia. +set -euo pipefail + +# Parse our command-line arguments. +operation="$1" + +# Ignore all operations besides `get`. +if [ "$operation" != get ]; then + exit 0 +fi + +# Quit now if we don't have the necessary environment variables. +if [ ! -v GH_USER ] || [ ! -v GH_TOKEN ]; then + exit 0 +fi + +# Parse the input we receive from `git`. +while read line; do + var="$(echo "$line" | sed 's/=.*$//')" + val="$(echo "$line" | sed 's/^.*=//')" + case "$var" in + # Only send credentials over HTTPS. + protocol) + if [ "$val" != https ]; then + exit 0 + fi + ;; + # Only send credentials to GitHub (just extra paranoia; change as + # needed). + host) + if [ "$val" != github.com ]; then + exit 0 + fi + ;; + esac +done + +# Output our credentials. +cat <