Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Project clone init container cannot checkout revisions when auth is required. #913

Closed
Tracked by #21864
amisevsk opened this issue Sep 1, 2022 · 0 comments · Fixed by #997
Closed
Tracked by #21864

Project clone init container cannot checkout revisions when auth is required. #913

amisevsk opened this issue Sep 1, 2022 · 0 comments · Fixed by #997
Assignees
@amisevsk
Milestone
v0.18.x

Comments

@amisevsk
Copy link
Collaborator

amisevsk commented Sep 1, 2022

Description

When working with git repositories that require authentication, the project-clone container can successfully clone and read the repo, but will fail to checkout any revision specified in the devfile.

This is because the checkout step relies on the go-git library, which does not automatically import the global gitconfig.

How To Reproduce

  1. Set up either a PAT or SSH key for your account in the cluster
  2. Start a workspace that uses a private project and specifies a checkoutFrom: 
        projects:
      - name: private-project
        git: 
          remotes:
            origin: 'https://your-private-repo'
          checkoutFrom:
            revision: main

As a result, the project clone container will log something like

2022/09/01 17:00:03 Using temporary directory /projects/project-clone-2774327822
2022/09/01 17:00:03 Read DevWorkspace at /devworkspace-metadata/flattened.devworkspace.yaml
2022/09/01 17:00:03 Processing project private-project
2022/09/01 17:00:03 Cloning project private-project to /projects/project-clone-2774327822/private-project
Cloning into '/projects/project-clone-2774327822/private-project'...
fatal: unable to get credential storage lock in 1000 ms: Read-only file system
2022/09/01 17:00:05 Cloned project private-project to /projects/project-clone-2774327822/private-project
2022/09/01 17:00:05 Setting up remotes for project private-project
fatal: unable to get credential storage lock in 1000 ms: Read-only file system
2022/09/01 17:00:05 Fetched remote origin at https://your-private-repo
2022/09/01 17:00:05 Encountered error while setting up project private-project: failed to checkout revision: failed to read remote origin: authentication required

and the project will not be set up correctly; the cloned project will be present in a temporary directory named project-clone-<random-chars>.

Note the messages fatal: unable to get credential storage lock in 1000 ms: Read-only file system are expected at the moment as the credentials file is mounted to from a configmap and results in a read-only filesystem in that directory.

Expected behavior

Since the auth required to clone the project is set up, project-clone should be able to checkout any revision as required.

Workaround

  1. Do not specify checkoutFrom for private repos
  2. Change to the desired revision after the project is cloned
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amisevsk amisevsk

Labels
None yet
Projects
None yet
Milestone
v0.18.x
Development

Successfully merging a pull request may close this issue.

Fix issues specifying checkoutFrom revision with private projects amisevsk/devworkspace-operator
1 participant
@amisevsk