From 6d24d4a7e6b5c665aa3b8947bf366764c4b36c13 Mon Sep 17 00:00:00 2001
From: David Boreham <david@bozemanpass.com>
Date: Fri, 5 Jul 2024 12:27:22 +0000
Subject: [PATCH] Set github auth token if present (#868)

Reviewed-on: https://git.vdb.to/cerc-io/stack-orchestrator/pulls/868
Co-authored-by: David Boreham <david@bozemanpass.com>
Co-committed-by: David Boreham <david@bozemanpass.com>
---
 stack_orchestrator/deploy/webapp/util.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/stack_orchestrator/deploy/webapp/util.py b/stack_orchestrator/deploy/webapp/util.py
index 8179f4cd..416ee2f2 100644
--- a/stack_orchestrator/deploy/webapp/util.py
+++ b/stack_orchestrator/deploy/webapp/util.py
@@ -242,6 +242,7 @@ def determine_base_container(clone_dir, app_type="webapp"):
 def build_container_image(app_record, tag, extra_build_args=[], logger=None):
     tmpdir = tempfile.mkdtemp()
 
+    # TODO: determine if this code could be calling into the Python git library like setup-repositories
     try:
         record_id = app_record["id"]
         ref = app_record.attributes.repository_ref
@@ -249,6 +250,16 @@ def build_container_image(app_record, tag, extra_build_args=[], logger=None):
         clone_dir = os.path.join(tmpdir, record_id)
 
         logger.log(f"Cloning repository {repo} to {clone_dir} ...")
+        # Set github credentials if present running a command like:
+        # git config --global url."https://${TOKEN}:@github.com/".insteadOf "https://github.com/"
+        github_token = os.environ.get("DEPLOYER_GITHUB_TOKEN")
+        if github_token:
+            logger.log("Github token detected, setting it in the git environment")
+            git_config_args = [
+                "git", "config", "--global", f"url.\"https://{github_token}:@github.com/\".insteadOf", "https://github.com/"
+                ]
+            result = subprocess.run(git_config_args, stdout=logger.file, stderr=logger.file)
+            result.check_returncode()
         if ref:
             # TODO: Determing branch or hash, and use depth 1 if we can.
             git_env = dict(os.environ.copy())
@@ -265,6 +276,7 @@ def build_container_image(app_record, tag, extra_build_args=[], logger=None):
                 logger.log(f"git checkout failed.  Does ref {ref} exist?")
                 raise e
         else:
+            # TODO: why is this code different vs the branch above (run vs check_call, and no prompt disable)?
             result = subprocess.run(["git", "clone", "--depth", "1", repo, clone_dir], stdout=logger.file, stderr=logger.file)
             result.check_returncode()