feat(artifacts): add git https insecure option

Signed-off-by: Zadkiel AHARONIAN <hello@zadkiel.fr>
argoproj · Oct 22, 2024 · aa668b1 · aa668b1
1 parent d7b19d7
commit aa668b1
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/pkg/apis/workflow/v1alpha1/workflow_types.go b/pkg/apis/workflow/v1alpha1/workflow_types.go
@@ -2616,6 +2616,9 @@ type GitArtifact struct {
 
 	// Branch is the branch to fetch when `SingleBranch` is enabled
 	Branch string `json:"branch,omitempty" protobuf:"bytes,11,opt,name=branch"`
+
+	// InsecureSkipTLS disables server certificate verification resulting in insecure HTTPS connections
+	InsecureSkipTLS bool `json:"insecureSkipTLS,omitempty" protobuf:"varint,12,opt,name=insecureSkipTLS"`
 }
 
 func (g *GitArtifact) HasLocation() bool {

diff --git a/workflow/artifacts/artifacts.go b/workflow/artifacts/artifacts.go
@@ -163,6 +163,7 @@ func newDriver(ctx context.Context, art *wfv1.Artifact, ri resource.Interface) (
 	if art.Git != nil {
 		gitDriver := git.ArtifactDriver{
 			InsecureIgnoreHostKey: art.Git.InsecureIgnoreHostKey,
+			InsecureSkipTLS:       art.Git.InsecureSkipTLS,
 			DisableSubmodules:     art.Git.DisableSubmodules,
 		}
 		if art.Git.UsernameSecret != nil {

diff --git a/workflow/artifacts/git/git.go b/workflow/artifacts/git/git.go
@@ -27,6 +27,7 @@ type ArtifactDriver struct {
 	Password              string
 	SSHPrivateKey         string
 	InsecureIgnoreHostKey bool
+	InsecureSkipTLS       bool
 	DisableSubmodules     bool
 }
 
@@ -92,10 +93,11 @@ func (g *ArtifactDriver) Load(inputArtifact *wfv1.Artifact, path string) error {
 	defer closer()
 	depth := a.GetDepth()
 	cloneOptions := &git.CloneOptions{
-		URL:          a.Repo,
-		Auth:         auth,
-		Depth:        depth,
-		SingleBranch: a.SingleBranch,
+		URL:             a.Repo,
+		Auth:            auth,
+		Depth:           depth,
+		SingleBranch:    a.SingleBranch,
+		InsecureSkipTLS: g.InsecureSkipTLS,
 	}
 	if a.SingleBranch && a.Branch == "" {
 		return errors.New("single branch mode without a branch specified")
@@ -133,7 +135,7 @@ func (g *ArtifactDriver) Load(inputArtifact *wfv1.Artifact, path string) error {
 		for i, spec := range a.Fetch {
 			refSpecs[i] = config.RefSpec(spec)
 		}
-		opts := &git.FetchOptions{Auth: auth, RefSpecs: refSpecs, Depth: depth}
+		opts := &git.FetchOptions{Auth: auth, RefSpecs: refSpecs, Depth: depth, InsecureSkipTLS: g.InsecureSkipTLS}
 		if err := opts.Validate(); err != nil {
 			return fmt.Errorf("failed to validate fetch %v: %w", refSpecs, err)
 		}
@@ -151,7 +153,7 @@ func (g *ArtifactDriver) Load(inputArtifact *wfv1.Artifact, path string) error {
 		if a.SingleBranch {
 			refSpecs = []config.RefSpec{config.RefSpec(fmt.Sprintf("refs/heads/%s:refs/heads/%s", a.Branch, a.Branch))}
 		}
-		opts := &git.FetchOptions{Auth: auth, RefSpecs: refSpecs}
+		opts := &git.FetchOptions{Auth: auth, RefSpecs: refSpecs, InsecureSkipTLS: g.InsecureSkipTLS}
 		if err := opts.Validate(); err != nil {
 			return fmt.Errorf("failed to validate fetch %v: %w", refSpecs, err)
 		}