Open phyrog opened 4 years ago
This is interesting! Could you share how an end-to-end scenario might look like?
Are you suggesting we support using something://repository-name
-like repositories in the Application
CR's spec.source?
Users would be responsible themselves to add the necessary git remote helper executables to the image.
Which image would be this?
Are you suggesting we support using something://repository-name-like repositories in the Application CR's spec.source?
Exactly, the spec.source.repoURL
field would allow for more than just SSH and HTTPS URLs. Anything that is not a SSH or HTTPS URL would be passed to the git clone
call as-is.
Which image would be this?
The argocd container image, as described here for other custom tooling: https://argoproj.github.io/argo-cd/operator-manual/custom_tools/
Gotcha!
( for my notes ) At a low-level, these interactions would need to be graceful:
m.runCmd("checkout"...)
way.Our APIs/UI themselves should be able to provide feedback in the most simplistic way.
I wonder if there could be a better way to support extensibility without needing to rebuild and maintain images with added dependencies.
I'm not totally sure, but I fear this issue might have the same problem as #3291: The go-git parts may not support custom remote helpers. On the other hand, maybe a solution can benefit both scenarios.
Looks like it's nearly there in go git https://github.com/go-git/go-git/pull/434
Summary
I would like to use a git remote helper (https://git-scm.com/docs/gitremote-helpers) with ArgoCD. Specifically I would like to use the remote helper for AWS CodeCommit: https://github.com/aws/git-remote-codecommit
This allows to clone a CodeCommit repository with a command like
git clone codecommit://repository-name
. Internally the remote helper would request the git auth information from AWS using AWS credentials (similar to the CodeCommit credential helper), rewrite it all to https and then perform git operations using https.Motivation
In our environment, we can't use SSH keys for authenticating with CodeCommit. Using the git remote helper would be the most convenient way for us to interact with the repository.
Proposal
Since the URI format for remote helpers is very open (to quote the docs: "it is usually of the form
<transport>://<address>
, but any arbitrary string is possible"), I would propose to fall back to using the passed repoURL as is (however it may look), if the repoURL matches neither the SSH, nor the HTTPS regex.Users would be responsible themselves to add the necessary git remote helper executables to the image.