Draft: Add private git repo hack script

[blairdrummond]

NOTE: PR still in draft, looking for feedback on whether to continue

Changes

I noticed this issue #689 to create tests for pulling from private repos. I had recently done something similar, so thought I might take a look, and threw together this little hack/ script. I wondered if it might be useful

Instead of doing all the plumbing with private github/gitlab repos, this just deploys an ssh-key based git server (with a copy of sample-nodejs) into kind at svc/gitserver and it creates a one-off ssh key, loading the pubkey into the git server and the private key into a k8s secret.

This is definitely not as comprehensive as having a dedicated github and gitlab repo all plumbed up... However it means that you can test the functionality without having a private repo on-hand and in a pretty "passwordless" way. Plus collaborators will be able to run the e2e tests themselves with this route.

If you're interested in this as a possible solution for #689 , I can try to do the github-actions plumbing to run the hack script and cherry-pick the e2e tests from here https://github.com/shipwright-io/build/pull/757/files , probably this weekend

TODO

Submitter Checklist

• Includes tests if functionality changed/was added
• Includes docs if changes are user-facing
• Set a kind label on this PR
• Release notes block has been filled in, or marked NONE

See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.

Release Notes

NONE

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign adambkaplan after the PR has been reviewed.
You can assign the PR to them by writing /assign @adambkaplan in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sbose78]

Thank you, let me try this out!

[adambkaplan]

@gabemontero I recall back in the day (3+ years ago) we had a similar test set up for OpenShift builds, and we ultimately disabled those tests due to its flakiness. Do you remember why we turned off those tests?

[gabemontero]

@gabemontero I recall back in the day (3+ years ago) we had a similar test set up for OpenShift builds, and we ultimately disabled those tests due to its flakiness. Do you remember why we turned off those tests?

the flakiness stemmed @adambkaplan from using a prototype git server that was available on openshift

in fact, didn't you recently for openshift v1 set up some creds with DPTP so we could start adding some of those test back, using an "official" private repo?

[gabemontero]

Hey @blairdrummond !

We discussed this topic some today, and at the moment, we think you progress here is the best we have.

So we wanted to check on the status. Did you want to make more changes to this draft before it merges? If so, any outlook on when you will have cycles?

Or perhaps we merge this as is (we don't think it breaks anything), and then when anyone in the community has cycles, they take the next steps with this?

thanks!

[blairdrummond]

Ok sounds good! If you guys like this approach I can keep working on it, and might see if I can add the CI. Sorry that I missed the meeting! Conflicting meetings this morning.

Doing some big migration stuff at work this week/weekend but can try to tidy this up more next week/weekend (weekend of October 9th might be a target)

[gabemontero]

Ok sounds good! If you guys like this approach I can keep working on it, and might see if I can add the CI. Sorry that I missed the meeting! Conflicting meetings this morning.

OK great thanks! And no worries wrt today's meeting. To be honest, we were afraid we hadn't invited you. But if you have the cal invite and call creds, perfect. If not, let @adambkaplan and he can make sure you get an invite.

But for now at least, we'll sit tight and give you some runway to progress more on this.

Doing some big migration stuff at work this week/weekend but can try to tidy this up more next week/weekend (weekend of October 9th might be a target)

Oct 9 would be sooner most likely than any of us could get to it and get up to speed. Let's track to that and checkpoint at that time.

Thanks again!

[gabemontero]

fixed the release note section in the description for @blairdrummond :)

[gabemontero]

Not super optimistic, but sometime this week I'm going to try to checkout this PR, and add an e2e that uses the private repo @blairdrummond 's new script here introduces

[gabemontero]

Hey @blairdrummond .... so I got a chance to try this today, but got a permission denied on the git clone.

I'll attach log out put as files here in a sec, but to recount the steps:

• ran ./hack/install-private-repo.sh
• kubectl get secrets private-git-repo-test-secret -o json | jq -r '.data[]' | base64 -d > sshkey
• chmod 600 sshkey
• kubectl port-forward svc/gitserver 2222:22
• then in another window, GIT_SSH_COMMAND='ssh -i sshkey -o IdentitiesOnly=yes -o StrictHostKeyChecking=no'
• and git clone ssh://git@localhost:2222/git-server/repos/sample-private-repo.git

I'm combing through some git ssh key internet searches now to see if I can figure out how to bypass the error, but certainly if you have any insight back when you tried this, do let me know. Thanks!

git-clone.log
port-forward.log
install-private-repo.log
private-git-repo-secret.yaml.log
sshkey.txt

[adambkaplan]

/lifecycle stale

[qu1queee]

Closing per the stale status, please feel free to re-open if needed.