Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Netrc not passed to clone container #479

Closed
6543 opened this issue Oct 26, 2021 · 7 comments · Fixed by #492
Closed

Netrc not passed to clone container #479

6543 opened this issue Oct 26, 2021 · 7 comments · Fixed by #492
Labels
bug Something isn't working
Milestone
0.15.0

Comments

@6543
Copy link
Member

6543 commented Oct 26, 2021

the first step of a pipeline is the close step, if not set by pipeline config it will be added by default.

this environment should have access to Netrc variables:

woodpecker/pipeline/frontend/yaml/compiler/option.go

Lines 71 to 87 in 3c5827f

// WithNetrc configures the compiler with netrc authentication
// credentials added by default to every container in the pipeline.
func WithNetrc(username, password, machine string) Option {
return WithEnviron(
map[string]string{
"CI_NETRC_USERNAME": username,
"CI_NETRC_PASSWORD": password,
"CI_NETRC_MACHINE": machine,
// TODO: This is present for backward compatibility and should
// be removed in a future version.
"DRONE_NETRC_USERNAME": username,
"DRONE_NETRC_PASSWORD": password,
"DRONE_NETRC_MACHINE": machine,
},
)
}

but that's not the case!

block #473 (-> woodpecker-ci/plugin-git#4)
@6543 6543 added the bug Something isn't working label Oct 26, 2021
@6543 6543 added this to the 0.15.0 milestone Oct 26, 2021
@6543
Copy link
Member Author

6543 commented Oct 28, 2021

workaround: add clone step to your pipeline if not already there and use secrets to pass netrc to git:

 clone:
   git:
     image: woodpeckerci/plugin-git:next
+    secrets: [ ci_netrc_username, ci_netrc_password, ci_netrc_machine ]

@anbraten
Copy link
Member

@6543 Why would other steps then clone need netrc creds at all? Isn't that a security risk?

@6543
Copy link
Member Author

6543 commented Oct 28, 2021

it would - I'm aware of that :)

@anbraten anbraten mentioned this issue Oct 28, 2021
Merged
@6543 6543 mentioned this issue Oct 29, 2021
Closed
4 tasks
@6543 6543 closed this as completed in #492 Nov 25, 2021
6543 pushed a commit that referenced this issue Nov 25, 2021
@anbraten
Fix passing of netrc credentials to clone step (#492)
f2b6a5c 
closes #479
@s00500
Copy link
Contributor

s00500 commented Jun 2, 2022

Well... it would if it needs to access different repositories... seems like the
secrets: [ ci_netrc_username, ci_netrc_password, ci_netrc_machine ]
Is not working anymore.... or should it?

Any other way to do this ? (I also see why this is not a nice solution though... seems like in drone these where always available to the containers...)

My current usecase is pulling private go dependencies....

@s00500
Copy link
Contributor

s00500 commented Jun 2, 2022

(of course I can always add the data as a secret myself and am happy to go that route if necessary... but would be interesting if there are other ways too...)

@6543
Copy link
Member Author

6543 commented Jun 2, 2022

we could add some special "secret" that injects netrc ... - so it's handled like the normal secrets from permission perspective but the outcome would be a netrc - but that's for a new issue

feel free to open a feature request

@s00500
Copy link
Contributor

s00500 commented Jun 4, 2022

we could add some special "secret" that injects netrc ... - so it's handled like the normal secrets from permission perspective but the outcome would be a netrc - but that's for a new issue

feel free to open a feature request

thanks for the update :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
0.15.0
Development

Successfully merging a pull request may close this issue.

Fix passing of netrc credentials to clone step anbraten/woodpecker
3 participants
@s00500 @anbraten @6543