search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.69k stars 5.39k forks source link

Support for git remote helpers #4072

Open phyrog opened 4 years ago

phyrog commented 4 years ago

Summary

I would like to use a git remote helper (https://git-scm.com/docs/gitremote-helpers) with ArgoCD. Specifically I would like to use the remote helper for AWS CodeCommit: https://github.com/aws/git-remote-codecommit

This allows to clone a CodeCommit repository with a command like git clone codecommit://repository-name. Internally the remote helper would request the git auth information from AWS using AWS credentials (similar to the CodeCommit credential helper), rewrite it all to https and then perform git operations using https.

Motivation

In our environment, we can't use SSH keys for authenticating with CodeCommit. Using the git remote helper would be the most convenient way for us to interact with the repository.

Proposal

Since the URI format for remote helpers is very open (to quote the docs: "it is usually of the form <transport>://<address>, but any arbitrary string is possible"), I would propose to fall back to using the passed repoURL as is (however it may look), if the repoURL matches neither the SSH, nor the HTTPS regex.

Users would be responsible themselves to add the necessary git remote helper executables to the image.

sbose78 commented 4 years ago

This is interesting! Could you share how an end-to-end scenario might look like?

Are you suggesting we support using something://repository-name-like repositories in the Application CR's spec.source?

Users would be responsible themselves to add the necessary git remote helper executables to the image.

Which image would be this?

phyrog commented 4 years ago

Are you suggesting we support using something://repository-name-like repositories in the Application CR's spec.source?

Exactly, the spec.source.repoURL field would allow for more than just SSH and HTTPS URLs. Anything that is not a SSH or HTTPS URL would be passed to the git clone call as-is.

Which image would be this?

The argocd container image, as described here for other custom tooling: https://argoproj.github.io/argo-cd/operator-manual/custom_tools/

sbose78 commented 4 years ago

Gotcha!

( for my notes ) At a low-level, these interactions would need to be graceful:

Our APIs/UI themselves should be able to provide feedback in the most simplistic way.

I wonder if there could be a better way to support extensibility without needing to rebuild and maintain images with added dependencies.

phyrog commented 4 years ago

I'm not totally sure, but I fear this issue might have the same problem as #3291: The go-git parts may not support custom remote helpers. On the other hand, maybe a solution can benefit both scenarios.

Nintorac commented 2 years ago

Looks like it's nearly there in go git https://github.com/go-git/go-git/pull/434