Skip to content

Commit 6b685ce

Browse files
eloycotoeloycoto
authored
feat(x2a): git auth credentials (#2839)
The e62d73d added a way to use auth url, but when the token has any illegal character for the URL, it fails to se the auth URL. This change get the Auth Token, set the username (by backstage) and the token and it uses credentials helper for setting the commit. Signed-off-by: Eloy Coto <eloy.coto@acalustra.com>
1 parent 4eafd59 commit 6b685ce

1 file changed

Lines changed: 13 additions & 10 deletions

File tree

workspaces/x2a/plugins/x2a-backend/templates/x2a-job-script.sh

Lines changed: 13 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -110,20 +110,23 @@ run_x2a() {
110110
ERROR_MESSAGE=""
111111
}
112112

113-
# Authenticated git wrappers.
114-
# Use url.<auth>.insteadOf to inject the token at the transport layer only.
115-
# The -c flag is transient (applies only to that git invocation), so the
116-
# token never appears in remote URLs, git config, or generated files like
117-
# Policyfile.lock.json. This works across GitHub, GitLab, and Bitbucket
118-
# because git natively handles the https://token@host URL format.
113+
# Authenticated git wrappers using credential helper.
114+
# Backstage provides tokens in format "username:password" where:
115+
# - GitHub: "git:token" (username is ignored, token is used)
116+
# - GitLab: "oauth2:token" (username oauth2, token is the actual token)
117+
# - Bitbucket: "x-token-auth:token" (username x-token-auth, token is the actual token)
119118
git_source_repo() {
120-
local auth_url="https://${SOURCE_REPO_TOKEN}@${SOURCE_REPO_URL#https://}"
121-
git -c "url.${auth_url}.insteadOf=${SOURCE_REPO_URL}" "$@"
119+
local username="${SOURCE_REPO_TOKEN%%:*}"
120+
local password="${SOURCE_REPO_TOKEN#*:}"
121+
122+
git -c "credential.helper=!f() { test \"\$1\" = get && printf 'username=${username}\\npassword=${password}\\n'; }; f" "$@"
122123
}
123124

124125
git_target_repo() {
125-
local auth_url="https://${TARGET_REPO_TOKEN}@${TARGET_REPO_URL#https://}"
126-
git -c "url.${auth_url}.insteadOf=${TARGET_REPO_URL}" "$@"
126+
local username="${TARGET_REPO_TOKEN%%:*}"
127+
local password="${TARGET_REPO_TOKEN#*:}"
128+
129+
git -c "credential.helper=!f() { test \"\$1\" = get && printf 'username=${username}\\npassword=${password}\\n'; }; f" "$@"
127130
}
128131

129132
# Cleanup trap: fires on every exit (success or failure).

0 commit comments

Comments
 (0)