Regression: gitToken and gitTokenKey not working with git resolver #8940
Description
The following PipelineRun will fail at the resolution, failing to clone the private repository, with an error that says authentication required.
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
generateName: git-resolver-
spec:
workspaces:
- name: output # this workspace name must be declared in the Pipeline
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce # access mode may affect how you can use this volume in parallel tasks
resources:
requests:
storage: 1Gi
pipelineSpec:
workspaces:
- name: output
tasks:
- name: task1
workspaces:
- name: output
taskRef:
resolver: git
params:
- name: url
value: https://git@github.com/vdemeester/private-tasks.git
- name: pathInRepo
value: /task/git-clone/0.10/git-clone.yaml
- name: revision
value: main
# my-secret-token should be created in the namespace where the
# pipelinerun is created and contain a GitHub personal access
# token in the token key of the secret.
- name: gitToken
value: github-token
- name: gitTokenKey
value: token
params:
- name: url
value: https://github.com/tektoncd/catalog
- name: deleteExisting
value: "true"
The value from the secret (from gitToken and gitTokenKey) are valid and correctly passed to the git clone command the resolver will do.
The following command is what gets executed (token redacted). It fails as it seems git doesn't take into account http.ExtraHeader.
env GIT_TERMINAL_PROMPT=false GIT_AUTH_HEADER="Authorization=Basic XXXXXX" git -C /tmp/foo --config-env http.extraHeader=GIT_AUTH_HEADER clone https://github.com/vdemeester/private-tasks.git /tmp/foo --depth=1 --no-checkout
It should succeed and it used to succeed before we switch from go-git to doing the git clone ourselves.
Metadata
Metadata
Assignees
Labels
Type
Projects
Status