Get a private repository from AWS codecommit using HTTPS GRC - go

I'm trying to import a module located in AWS codecommit. To clone the repository I'm using HTTPS GRC (Git Remote Codecommit) method, which uses Google Suite credentials to access AWS console.
The command I use to clone the repository is:
git clone codecommit::us-west-2://my-module
The remote module's go.mod file contains this:
module git-codecommit.us-west-2.amazonaws.com/my-module.git
I tried to achieve my goal configuring Git like this:
git config --global url."codecommit::us-west-2://".insteadOf "https://git-codecommit.us-west-2.amazonaws.com/"
Setted GOPRIVATE:
go env -w GOPRIVATE=git-codecommit.us-west-2.amazonaws.com/my-module.git
And then getting the repository:
go get -x git-codecommit.us-west-2.amazonaws.com/my-module.git
but I get this output (and the execution gets stuck):
cd.
git ls-remote https://git-codecommit.us-west-2.amazonaws.com/my-module
I would like to mention that when I execute the git ls-remote https://git-codecommit.us-west-2.amazonaws.com/my-module command manually I get the information of the branches and tags without problems.
I checked this topic but in that case SSH protocol is used instead of HTTP GRC. Maybe the only way to import a module from a private repository is via SSH?

Finally found the solution:
Set Git credential helper:
git config --global credential.helper '!aws codecommit credential-helper $#'
git config --global credential.UseHttpPath true
Set GOPRIVATE env var:
go env -w GOPRIVATE=git-codecommit.us-west-2.amazonaws.com
In MacOS, disable keychain for Git:
Comment helper = osxkeychain in the file containing that value (run git config -l --show-origin | grep credential to find the target file)
Run go get:
go get git-codecommit.us-west-2.amazonaws.com/v1/repos/my-module.git

Related

commit and push generically with Jenkins in a Freestyle project

I'm trying to commit and push the changes to Bitbucket using a Jenkins Job
The job is a Freestsyle Project with "Execute Shell" as a build step.
What I currently did inside the build step of "Execute Shell" is the following:
python run.py
git config --global user.email "name#gmail.com"
git config --global user.name "name"
git add .
git commit -m 'jenkins.job : update...'
Then I push the changes with Git Publisher.
This works as expected in my local computer but is there a way to retrieve the credentials that I used in Source Code Management with Jenkins variables instead of using git config (because I'm not allowed to use git config error: could not lock config file //.gitconfig: Permission denied)
I fixed it using git -c user.name=".." -c user.email="..#.." commit -m ".."
This way I can set temporary configuration data.

unable to get go package from private github repository

Had this working perfectly before I had my computer refreshed, now I now am unable to pull packages from my orgs private github repository. At this time I only need an ssh private key to clone the repository, i am not aware of any 2fA requirement. I have spent hours already trying to resolve this, from what i read this is what I think should work, omitting sensitive variable values.
Error i was getting was unknown versions, but I changed some stuff and now i am getting "ssh: Could not resolve hostname".
#!/bin/bash
export GOPATH="$HOME/go"
export GOBIN="$HOME/go/bin"
export GOPRIVATE="github.com/${GITHUB_ORG}"
go env -w GO111MODULE="on"
go env -w GOPRIVATE="github.com/${GITHUB_ORG}"
git config --global url."git#github.com:".insteadOf "https://github.com/"
pushd ~/.ssh
eval $(ssh-agent);
ssh-add "${GITHUB_PRIVATE_KEY_PATH}"
popd
go get package "github.com/${GITHUB_ORG}/${GITHUB_REPO}/${GO_PACKAGE}"
The command you posted is missing the url.ssh in the git config.
You can try by changing git to use ssh instead of https so that you can fetch private go repositories using go get.
Suggestion -
git config --global url.ssh://git#github.com/.insteadOf https://github.com/

git credential.helper instead of .netrc to get go dependencies

To cashing go dependencies I use nexus(as goproxy) which connect to goproxy servers (because nexus can't get dependencies directly from GitHub) outside of private network.
nexus.some.repo.com:4443/repository/go-nexus-proxy ➡️ gonexus.dev
nexus.some.repo.com:4443/repository/go-proxy ➡️ proxy.golang.org
...
GOPROXY="nexus.some.repo.com:4443/repository/go-proxy,nexus.some.repo.com:4443/repository/go-nexus-proxy"
and I use .netrc file to connect to nexus
machine nexus.some.repo.com:4443
login SOME_LOGIN
password SOME_PASS
protocol https
Could I use git credential.helper instead of .netrc❓
If yes 👉🏻 How can I config git credential.helper❓
If you are already using netrc, you could simply configure the credential helper to use netrc
You can download and put in your PATH git-credential-netrc.perl
And then:
git config --global credential.helper netrc

Permission denied (publickey) error when trying to clone from GitHub

I want to clone a repository and I ran into permission issues,
I tried to set up my username and email but keep getting errors
I used
git config --global user.name "yusuf-uthman"
git config --global user.email "yusufuthman57#gmail.com"
but didnt get any notification wether its accepted or not.
Uthman#DESKTOP-30QGK3L MINGW64 ~/Desktop/Scripts/hng_internship5.0
$ git config --global user.name "Uthman Yusuf"
Uthman#DESKTOP-30QGK3L MINGW64 ~/Desktop/Scripts/hng_internship5.0
$ git config --global user.email "yusufuthman57#gmail.com"
Uthman#DESKTOP-30QGK3L MINGW64 ~/Desktop/Scripts/hng_internship5.0
$ git clone git#github.com:yusuf-uthman/hng-internship.git
Cloning into 'hng-internship'...
Warning: Permanently added the RSA host key for IP address '192.30.253.113' to the list of known hosts.
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
How do I clone the repository without getting the error?
The failure comes from cloning your GitHub repo via SSH URLs. To use that process, one needs to add your public SSH key in your repository.
Instead use HTTP URL method to clone which will most likely circumvent that error.
Use:
HTTP URLs: https://github.com/yusuf-uthman/hng-internship.git
instead of:
SSH URLs: git clone git#github.com:yusuf-uthman/hng-internship.git
but didnt get any notification wether its accepted or not.
Username and Email are just settings in you git config file, no one will accept or decline it. If you commit, the value of the settings will be used to determine the commits author and committer.
Access rights to a repository are usually managed via ssh keys. See Connecting to GitHub with SSH.

How can I use private gems(GemFury) in a docker container?

I'm trying to run some ruby scripts for automating exports. Since these run remotely we build them in a Docker container and push them to iron worker.
We use GemFury for hosting some essential private gems for these scripts.
To keep the credentials for GemFury out of Git we use a global bundle config bundle config gem.fury.io MY_SECRET_TOKEN.
How can I set the config for bundle so it will pull in gems from GemFury without having them show in source control?
Set the global bundle config property as an application specific property. Push the changes to the public repository. Update the SECRET_TOKEN value in the bundle-config file ($APP_DIR/.bundle/config) and run the $ git update-index --assume-unchanged <file> command to remove the file from git tracking and prevent updating the actual SECRET_TOKEN value in the public repository.
$ bundle config --local gem.fury.io SECRET_TOKEN
$ git commit -a -m "adding application bundle config properties"
$ git push origin master
$ bundle config --local gem.fury.io d1320f07ac50d1033e8ef5fbd56adf360ec103b2
$ git update-index --assume-unchanged $APP_DIR/.bundle/config
This creates a template file on the public repository. Provide instructions to repository contributors to add the secret token and execute the same --assume-unchanged command.
Example Files
$APP_DIR/.bundle/config file on public github repo:
---
BUNDLE_GEM__FURY__IO: MY_SECRET_TOKEN
$APP_DIR/.bundle/config file a local machine
---
BUNDLE_GEM__FURY__IO: d1320f07ac50d1033e8ef5fbd56adf360ec103b2
See bundle-cofig documentation for clarification and more detail
NOTE: The disadvantage to this approach is two fold:
Developers who clone the repository and need the SECRET_TOKEN value will have to obtain it by some external manual process (good security practices, but a pain to set up)
If you need to add more bundle-config properties, you will have to run git update-index --no-assume-unchanged <file> to enable tracking, and revert all of the private values to their pseudo values. This template method, also risks that contributors forget to disable tracking on the file and push their private values to the public repo (but at least they won't be your secret values)
The advantage of this template approach is that you are giving the developers as much as possible to be able to start contributing to the repository.

Resources