Fix passing of netrc credentials to clone step

pipeline/frontend/yaml/compiler/compiler.go

@@ -42,6 +42,7 @@ type Compiler struct {
 	volumes    []string
 	networks   []string
 	env        map[string]string
+	cloneEnv   map[string]string
 	base       string
 	path       string
 	metadata   frontend.Metadata
@@ -54,8 +55,9 @@ type Compiler struct {
 // New creates a new Compiler with options.
 func New(opts ...Option) *Compiler {
 	compiler := &Compiler{
-		env:     map[string]string{},
-		secrets: map[string]Secret{},
+		env:      map[string]string{},
+		cloneEnv: map[string]string{},
+		secrets:  map[string]Secret{},
 	}
 	for _, opt := range opts {
 		opt(compiler)
@@ -108,17 +110,19 @@ func (c *Compiler) Compile(conf *yaml.Config) *backend.Config {
 	// add default clone step
 	if !c.local && len(conf.Clone.Containers) == 0 && !conf.SkipClone {
 		container := &yaml.Container{
-			Name:  "clone",
-			Image: "woodpeckerci/plugin-git:latest",
-			Vargs: map[string]interface{}{"depth": "0"},
-		}
-		// TODO: migrate to woodpeckerci/plugin-git:latest (multi arch)
-		switch c.metadata.Sys.Arch {
-		case "linux/arm":
-			container.Image = "plugins/git:linux-arm"
-		case "linux/arm64":
-			container.Image = "plugins/git:linux-arm64"
+			Name: "clone",
+			// Image:       "woodpeckerci/plugin-git:latest",
+			Image:       "woodpeckerci/plugin-git:next",
+			Vargs:       map[string]interface{}{"depth": "0"},
+			Environment: c.cloneEnv,
 		}
+		// // TODO: migrate to woodpeckerci/plugin-git:latest (multi arch)
+		// switch c.metadata.Sys.Arch {
+		// case "linux/arm":
+		// 	container.Image = "plugins/git:linux-arm"
+		// case "linux/arm64":
+		// 	container.Image = "plugins/git:linux-arm64"
+		// }
 		name := fmt.Sprintf("%s_clone", c.prefix)
 		step := c.createProcess(name, container, "clone")
 
@@ -139,6 +143,9 @@ func (c *Compiler) Compile(conf *yaml.Config) *backend.Config {
 
 			name := fmt.Sprintf("%s_clone_%d", c.prefix, i)
 			step := c.createProcess(name, container, "clone")
+			for k, v := range c.cloneEnv {
+				step.Environment[k] = v
+			}
 			stage.Steps = append(stage.Steps, step)
 
 			config.Stages = append(config.Stages, stage)

pipeline/frontend/yaml/compiler/option.go

@@ -71,19 +71,11 @@ func WithMetadata(metadata frontend.Metadata) Option {
 // WithNetrc configures the compiler with netrc authentication
 // credentials added by default to every container in the pipeline.
 func WithNetrc(username, password, machine string) Option {
-	return WithEnviron(
-		map[string]string{
-			"CI_NETRC_USERNAME": username,
-			"CI_NETRC_PASSWORD": password,
-			"CI_NETRC_MACHINE":  machine,
-
-			// TODO: This is present for backward compatibility and should
-			// be removed in a future version.
-			"DRONE_NETRC_USERNAME": username,
-			"DRONE_NETRC_PASSWORD": password,
-			"DRONE_NETRC_MACHINE":  machine,
-		},
-	)
+	return func(compiler *Compiler) {
+		compiler.cloneEnv["CI_NETRC_USERNAME"] = username
+		compiler.cloneEnv["CI_NETRC_PASSWORD"] = password
+		compiler.cloneEnv["CI_NETRC_MACHINE"] = machine
+	}
 }
 
 // WithWorkspace configures the compiler with the workspace base

pipeline/frontend/yaml/compiler/option_test.go

@@ -139,13 +139,13 @@ func TestWithNetrc(t *testing.T) {
 			"github.com",
 		),
 	)
-	if compiler.env["CI_NETRC_USERNAME"] != "octocat" {
+	if compiler.cloneEnv["CI_NETRC_USERNAME"] != "octocat" {
 		t.Errorf("WithNetrc should set CI_NETRC_USERNAME")
 	}
-	if compiler.env["CI_NETRC_PASSWORD"] != "password" {
+	if compiler.cloneEnv["CI_NETRC_PASSWORD"] != "password" {
 		t.Errorf("WithNetrc should set CI_NETRC_PASSWORD")
 	}
-	if compiler.env["CI_NETRC_MACHINE"] != "github.com" {
+	if compiler.cloneEnv["CI_NETRC_MACHINE"] != "github.com" {
 		t.Errorf("WithNetrc should set CI_NETRC_MACHINE")
 	}
 }