From 96002c7986c7e331d81302a1aed903ca097ebfbd Mon Sep 17 00:00:00 2001
From: Eric Kidd <git@randomhacks.net>
Date: Wed, 28 Feb 2018 06:59:21 -0500
Subject: [PATCH] Add support for accessing private GitHub repositories

Thank you to Faraday.
---
 Dockerfile             |  5 +++
 git-credential-ghtoken | 79 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+)
 create mode 100755 git-credential-ghtoken

diff --git a/Dockerfile b/Dockerfile
index 92b0a38..43bf2b6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -53,6 +53,11 @@ RUN curl https://sh.rustup.rs -sSf | \
     rustup target add x86_64-unknown-linux-musl
 ADD cargo-config.toml /home/rust/.cargo/config
 
+# Set up a `git credentials` helper for using GH_USER and GH_TOKEN to access
+# private repositories if desired.
+ADD git-credential-ghtoken /usr/local/bin
+RUN git config --global credential.https://github.com.helper ghtoken
+
 # Build a static library version of OpenSSL using musl-libc.  This is
 # needed by the popular Rust `hyper` crate.
 RUN echo "Building OpenSSL" && \
diff --git a/git-credential-ghtoken b/git-credential-ghtoken
new file mode 100755
index 0000000..20a8fd0
--- /dev/null
+++ b/git-credential-ghtoken
@@ -0,0 +1,79 @@
+#!/bin/bash
+#
+# Usage: git-credential-ghtoken <operation>
+#
+# Allows `git` to authenticate with GitHub using `GH_USER` and `GH_TOKEN`
+# environment variables.
+#
+# To install this:
+#
+#     git config --global credential.https://github.com.helper \
+#         "$(pwd)/scripts/git-credential-ghtoken"
+#
+# Or copy it into your path and run:
+#
+#     git config --global credential.https://github.com.helper ghtoken
+#
+#
+# Copyright (c) 2018 Faraday, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+# Standard paranoia.
+set -euo pipefail
+
+# Parse our command-line arguments.
+operation="$1"
+
+# Ignore all operations besides `get`.
+if [ "$operation" != get ]; then
+    exit 0
+fi
+
+# Quit now if we don't have the necessary environment variables.
+if [ ! -v GH_USER ] || [ ! -v GH_TOKEN ]; then
+    exit 0
+fi
+
+# Parse the input we receive from `git`.
+while read line; do
+    var="$(echo "$line" | sed 's/=.*$//')"
+    val="$(echo "$line" | sed 's/^.*=//')"
+    case "$var" in
+        # Only send credentials over HTTPS.
+        protocol)
+            if [ "$val" != https ]; then
+                exit 0
+            fi
+            ;;
+        # Only send credentials to GitHub (just extra paranoia; change as
+        # needed).
+        host)
+            if [ "$val" != github.com ]; then
+                exit 0
+            fi
+            ;;
+    esac
+done
+
+# Output our credentials.
+cat <<EOD
+username=$GH_USER
+password=$GH_TOKEN
+EOD