feat: accept GIT_TOKEN

Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
2020-06-15 11:16:50 -03:00 · 2020-06-15 11:16:50 -03:00 · 8322cbe3b6
parent aeaea502e9
commit 8322cbe3b6
3 changed files with 37 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -176,7 +176,9 @@ If you are using Azure Blob Storage for context file, you will need to pass [Azu
 You can use `Personal Access Tokens` for Build Contexts from Private Repositories from [GitHub](https://blog.github.com/2012-09-21-easier-builds-and-deployments-using-git-over-https-and-oauth/).

 You can either pass this in as part of the git URL (e.g., `git://TOKEN@github.com/acme/myproject.git#refs/heads/mybranch`)
-or using the environment variable `GIT_USERNAME`.
+or using the environment variable `GIT_TOKEN`.
+
+You can also pass `GIT_USERNAME` and `GIT_PASSWORD` (password being the token) if you want to be explicit about the username.

 ### Using Standard Input
 If running kaniko and using Standard Input build context, you will need to add the docker or kubernetes `-i, --interactive` flag.
@ -197,7 +199,7 @@ Complete example of how to interactively run kaniko with `.tar.gz` Standard Inpu
 echo -e 'FROM alpine \nRUN echo "created from standard input"' > Dockerfile | tar -cf - Dockerfile | gzip -9 | kubectl run kaniko \
 --rm --stdin=true \
 --image=gcr.io/kaniko-project/executor:latest --restart=Never \
--overrides='{ 
+--overrides='{
  "apiVersion": "v1",
  "spec": {
    "containers": [
@ -211,12 +213,12 @@ echo -e 'FROM alpine \nRUN echo "created from standard input"' > Dockerfile | ta
  	"--context=tar://stdin",
  	"--destination=gcr.io/my-repo/my-image" ],
      "volumeMounts": [
-        { 
+        {
          "name": "cabundle",
          "mountPath": "/kaniko/ssl/certs/"
        },
-        { 
-          "name": "docker-config", 
+        {
+          "name": "docker-config",
          "mountPath": "/kaniko/.docker/"
      }]
    }],
@ -225,9 +227,9 @@ echo -e 'FROM alpine \nRUN echo "created from standard input"' > Dockerfile | ta
      "name": "cabundle",
      "configMap": {
        "name": "cabundle"}},
-    { 
+    {
      "name": "docker-config",
-      "configMap": { 
+      "configMap": {
        "name": "docker-config" }}
    ]
  }
--- a/pkg/buildcontext/git.go
+++ b/pkg/buildcontext/git.go
@ -34,6 +34,7 @@ const (

 	gitAuthUsernameEnvKey = "GIT_USERNAME"
 	gitAuthPasswordEnvKey = "GIT_PASSWORD"
+	gitAuthTokenEnvKey    = "GIT_TOKEN"
 )

 var (
@ -64,6 +65,11 @@ func (g *Git) UnpackTarFromBuildContext() (string, error) {
 func getGitAuth() transport.AuthMethod {
 	username := os.Getenv(gitAuthUsernameEnvKey)
 	password := os.Getenv(gitAuthPasswordEnvKey)
+	token := os.Getenv(gitAuthTokenEnvKey)
+	if token != "" {
+		username = token
+		password = ""
+	}
 	if username != "" || password != "" {
 		return &http.BasicAuth{
 			Username: username,
--- a/pkg/buildcontext/git_test.go
+++ b/pkg/buildcontext/git_test.go
@ -149,6 +149,28 @@ func TestGetGitAuth(t *testing.T) {
 				return
 			},
 		},
+		{
+			testName: "withToken",
+			setEnv: func() (expectedValue transport.AuthMethod) {
+				token := "super-secret-password-1234"
+				_ = os.Setenv(gitAuthTokenEnvKey, token)
+				expectedValue = &http.BasicAuth{Username: token}
+				return
+			},
+		},
+		{
+			testName: "withTokenUsernamePassword",
+			setEnv: func() (expectedValue transport.AuthMethod) {
+				token := "super-secret-password-1234"
+				username := "foo"
+				pass := "super-secret-password-1234"
+				_ = os.Setenv(gitAuthUsernameEnvKey, username)
+				_ = os.Setenv(gitAuthPasswordEnvKey, pass)
+				_ = os.Setenv(gitAuthTokenEnvKey, token)
+				expectedValue = &http.BasicAuth{Username: token}
+				return
+			},
+		},
 	}

 	for _, tt := range tests {