From 99bc88e1397ff808a01dbbfcfa3d07e7f4b85ad6 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Fri, 19 Feb 2021 00:22:02 -0800 Subject: [PATCH] git: set token only for main remote access Signed-off-by: Tonis Tiigi (cherry picked from commit 5bf64293f85a078ae21b5a1777ac7a6a81f39444) Signed-off-by: Sebastiaan van Stijn --- source/git/gitsource.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/source/git/gitsource.go b/source/git/gitsource.go index 7cef76464274..3d1bfe21f4d9 100644 --- a/source/git/gitsource.go +++ b/source/git/gitsource.go @@ -231,7 +231,7 @@ func (gs *gitSourceHandler) getAuthToken(ctx context.Context, g session.Group) e if s.token { dt = []byte("basic " + base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("x-access-token:%s", dt)))) } - gs.auth = []string{"-c", "http.extraheader=Authorization: " + string(dt)} + gs.auth = []string{"-c", "http." + tokenScope(gs.src.Remote) + ".extraheader=Authorization: " + string(dt)} break } return nil @@ -631,3 +631,14 @@ func argsNoDepth(args []string) []string { } return out } + +func tokenScope(remote string) string { + // generally we can only use the token for fetching main remote but in case of github.com we do best effort + // to try reuse same token for all github.com remotes. This is the same behavior actions/checkout uses + for _, pfx := range []string{"https://github.com/", "https://www.github.com/"} { + if strings.HasPrefix(remote, pfx) { + return pfx + } + } + return remote +}