Closed 6543 closed 2 years ago
6543
commented
2 years ago workaround: add clone step to your pipeline if not already there and use secrets to pass netrc to git:
clone:
git:
image: woodpeckerci/plugin-git:next
+ secrets: [ ci_netrc_username, ci_netrc_password, ci_netrc_machine ]
anbraten
commented
2 years ago @6543 Why would other steps then clone need netrc creds at all? Isn't that a security risk?
6543
commented
2 years ago it would - I'm aware of that :)
s00500
commented
2 years ago Well... it would if it needs to access different repositories... seems like the secrets: [ ci_netrc_username, ci_netrc_password, ci_netrc_machine ] Is not working anymore.... or should it?
Any other way to do this ? (I also see why this is not a nice solution though... seems like in drone these where always available to the containers...)
My current usecase is pulling private go dependencies....
s00500
commented
2 years ago (of course I can always add the data as a secret myself and am happy to go that route if necessary... but would be interesting if there are other ways too...)
6543
commented
2 years ago we could add some special "secret" that injects netrc ... - so it's handled like the normal secrets from permission perspective but the outcome would be a netrc - but that's for a new issue
feel free to open a feature request
s00500
commented
2 years ago we could add some special "secret" that injects netrc ... - so it's handled like the normal secrets from permission perspective but the outcome would be a netrc - but that's for a new issue
feel free to open a feature request
thanks for the update :-)
the first step of a pipeline is the close step, if not set by pipeline config it will be added by default.
this environment should have access to Netrc variables: https://github.com/woodpecker-ci/woodpecker/blob/3c5827f08a9b42851c118cf1ab1254f68d66f0dd/pipeline/frontend/yaml/compiler/option.go#L71-L87
but that's not the case!
block #473 (-> https://github.com/woodpecker-ci/plugin-git/issues/4)