Skip to content

Commit

Permalink
Merge pull request #1991 from thaJeztah/0.8_backport_git_token_scope
Browse files Browse the repository at this point in the history
[v0.8 backport] git: set token only for main remote access
  • Loading branch information
tonistiigi authored Feb 22, 2021
2 parents 3da6bef + 99bc88e commit edd0a75
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion source/git/gitsource.go
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ func (gs *gitSourceHandler) getAuthToken(ctx context.Context, g session.Group) e
if s.token {
dt = []byte("basic " + base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("x-access-token:%s", dt))))
}
gs.auth = []string{"-c", "http.extraheader=Authorization: " + string(dt)}
gs.auth = []string{"-c", "http." + tokenScope(gs.src.Remote) + ".extraheader=Authorization: " + string(dt)}
break
}
return nil
Expand Down Expand Up @@ -631,3 +631,14 @@ func argsNoDepth(args []string) []string {
}
return out
}

func tokenScope(remote string) string {
// generally we can only use the token for fetching main remote but in case of github.com we do best effort
// to try reuse same token for all github.com remotes. This is the same behavior actions/checkout uses
for _, pfx := range []string{"https://github.com/", "https://www.github.com/"} {
if strings.HasPrefix(remote, pfx) {
return pfx
}
}
return remote
}

0 comments on commit edd0a75

Please sign in to comment.