Skip to content

Include gitConfigAuthArgs on git checkout when filter is set#3707

Merged
doriable merged 5 commits into
bufbuild:mainfrom
CGA1123:cga1123/git-auth-checkout-filtered
Mar 24, 2025
Merged

Include gitConfigAuthArgs on git checkout when filter is set#3707
doriable merged 5 commits into
bufbuild:mainfrom
CGA1123:cga1123/git-auth-checkout-filtered

Conversation

@CGA1123

@CGA1123 CGA1123 commented Mar 24, 2025

Copy link
Copy Markdown
Contributor

When using filter buf will fail to run git checkout as the credentials aren't passed to git.

This results in failures such as:

Failure: could not clone https://github.com/foo/bar.git: exit status 128
fatal: could not read Username for 'https://github.com': No such device or address
fatal: could not fetch <SHA> from promisor remote

I noticed this while testing bufbuild/buf-action#142 which relies on overriding credential.helper for authentication in GitHub Actions.

When using `filter` `buf` will fail to run `git checkout` as the
credentials aren't passed to `git`.

This results in failures such as:

```
Failure: could not clone https://github.com/foo/bar.git: exit status 128
fatal: could not read Username for 'https://github.com': No such device or address
fatal: could not fetch <SHA> from promisor remote
```

I noticed this while testing bufbuild/buf-action#142 which relies on
overriding `credential.helper` for authentication in GitHub Actions.
Comment thread private/pkg/git/cloner.go Outdated
Comment on lines +197 to +202
// Include auth when using git-filters, so git can pull the required
// objects from the origin.
checkoutArgs := []string{"checkout", "--force", "FETCH_HEAD"}
if options.Filter != "" {
checkoutArgs = append(gitConfigAuthArgs, checkoutArgs...)
}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This approach seems overall reasonable -- we could address this alongside the sparse-checkout, for example:

if options.Filter != "" {
  checkoutArgs = append(gitConfigAuthArgs, checkoutArgs...)
  if options.SubDir != "" {
    // The sparse checkout of the subdir...
  }
}

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good to me, addressed in 0f4188b

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies, I should've commented this earlier -- going through it, it actually makes sense to prepend gitConfigAuthArgs to all invocations (since this is how we are fetching). So instead of checking this against options.Filter != "", it should be prepended to all the checkout and sparse-checkout calls (similar to how we're prepending to the submodules call).

@doriable doriable merged commit fe53231 into bufbuild:main Mar 24, 2025
@CGA1123 CGA1123 deleted the cga1123/git-auth-checkout-filtered branch March 24, 2025 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants