feat: add skip tls flag for private git context (#2854)

If git clone context is a private self-signed repository, we allow user to add --git insecure-skip-tls=true flag in the option. The value is default to false, this behavior is in accordance with the go-git package.
2024-02-29 15:18:41 +08:00 · 2024-02-29 15:18:41 +08:00 · 20a6ab560e
parent d5c36a6210
commit 20a6ab560e
6 changed files with 13 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -897,7 +897,7 @@ Force building outside of a container
 #### Flag `--git`

 Branch to clone if build context is a git repository (default
-branch=,single-branch=false,recurse-submodules=false)
+branch=,single-branch=false,recurse-submodules=false,insecure-skip-tls=false)

 #### Flag `--image-name-with-digest-file`

--- a/cmd/executor/cmd/root.go
+++ b/cmd/executor/cmd/root.go
@ -424,6 +424,7 @@ func resolveSourceContext() error {
 		GitBranch:            opts.Git.Branch,
 		GitSingleBranch:      opts.Git.SingleBranch,
 		GitRecurseSubmodules: opts.Git.RecurseSubmodules,
+		InsecureSkipTLS:      opts.Git.InsecureSkipTLS,
 	})
 	if err != nil {
 		return err
--- a/pkg/buildcontext/buildcontext.go
+++ b/pkg/buildcontext/buildcontext.go
@ -32,6 +32,7 @@ type BuildOptions struct {
 	GitBranch            string
 	GitSingleBranch      bool
 	GitRecurseSubmodules bool
+	InsecureSkipTLS      bool
 }

 // BuildContext unifies calls to download and unpack the build context.
--- a/pkg/buildcontext/git.go
+++ b/pkg/buildcontext/git.go
@ -65,6 +65,7 @@ func (g *Git) UnpackTarFromBuildContext() (string, error) {
 		Progress:          os.Stdout,
 		SingleBranch:      g.opts.GitSingleBranch,
 		RecurseSubmodules: getRecurseSubmodules(g.opts.GitRecurseSubmodules),
+		InsecureSkipTLS:   g.opts.InsecureSkipTLS,
 	}
 	var fetchRef string
 	var checkoutRef string
--- a/pkg/config/options.go
+++ b/pkg/config/options.go
@ -96,6 +96,7 @@ type KanikoGitOptions struct {
 	Branch            string
 	SingleBranch      bool
 	RecurseSubmodules bool
+	InsecureSkipTLS   bool
 }

 var ErrInvalidGitFlag = errors.New("invalid git flag, must be in the key=value format")
@ -128,6 +129,12 @@ func (k *KanikoGitOptions) Set(s string) error {
 			return err
 		}
 		k.RecurseSubmodules = v
+	case "insecure-skip-tls":
+		v, err := strconv.ParseBool(parts[1])
+		if err != nil {
+			return err
+		}
+		k.InsecureSkipTLS = v
 	}
 	return nil
 }
--- a/pkg/config/options_test.go
+++ b/pkg/config/options_test.go
@ -33,10 +33,12 @@ func TestKanikoGitOptions(t *testing.T) {
 		testutil.CheckNoError(t, g.Set("branch=foo"))
 		testutil.CheckNoError(t, g.Set("recurse-submodules=true"))
 		testutil.CheckNoError(t, g.Set("single-branch=true"))
+		testutil.CheckNoError(t, g.Set("insecure-skip-tls=false"))
 		testutil.CheckDeepEqual(t, KanikoGitOptions{
 			Branch:            "foo",
 			SingleBranch:      true,
 			RecurseSubmodules: true,
+			InsecureSkipTLS:   false,
 		}, *g)
 	})