| Message ID | 20241006222630.278007-1-git@oliver-kaestner.de |
|---|---|
| State | New |
| Headers | show |
| Series | fetch2: add GitHub Codespaces support | expand |
On Mon, 7 Oct 2024 at 00:27, Oliver Kästner via lists.openembedded.org <git=oliver-kaestner.de@lists.openembedded.org> wrote: > > GitHub Codespaces use a Git credential helper that provides access to > authorized private GitHub repos. To do this, it requires access to the > `GITHUB_TOKEN` env var, so add it to FETCH_EXPORT_VARS. Which fetcher would be using this environment variable? Presumably it would be picked up by some external executable run by one of the fetchers, which one is that? Alex
On Mon, Oct 7, 2024 at 12:24 PM, Alexander Kanavin wrote: > > On Mon, 7 Oct 2024 at 00:27, Oliver Kästner via lists.openembedded.org > <git=oliver-kaestner.de@lists.openembedded.org> wrote: > >> GitHub Codespaces use a Git credential helper that provides access to >> authorized private GitHub repos. To do this, it requires access to the >> `GITHUB_TOKEN` env var, so add it to FETCH_EXPORT_VARS. > > Which fetcher would be using this environment variable? Presumably it > would be picked up by some external executable run by one of the > fetchers, which one is that? > > Alex You're right, it's the git fetcher calling the host system's git executable, which uses the configured `credential.helper=/.codespaces/bin/gitcredential_github.sh`. This script only contains: #!/bin/sh echo protocol=https echo host=github.com echo path= echo username=PersonalAccessToken echo password=$GITHUB_TOKEN That's why we need to retain the GITHUB_TOKEN env var. Oliver
On Mon, 7 Oct 2024 at 23:44, Oliver Kästner via lists.openembedded.org <git=oliver-kaestner.de@lists.openembedded.org> wrote: > GitHub Codespaces use a Git credential helper that provides access to > authorized private GitHub repos. To do this, it requires access to the > `GITHUB_TOKEN` env var, so add it to FETCH_EXPORT_VARS. > > Which fetcher would be using this environment variable? Presumably it > would be picked up by some external executable run by one of the > fetchers, which one is that? > > Alex > > You're right, it's the git fetcher calling the host system's git executable, which uses the configured `credential.helper=/.codespaces/bin/gitcredential_github.sh`. This script only contains: > > #!/bin/sh > echo protocol=https > echo host=github.com > echo path= > echo username=PersonalAccessToken > echo password=$GITHUB_TOKEN > > That's why we need to retain the GITHUB_TOKEN env var. Thanks, where is this gitcredential_github.sh coming from though? Is it an official script maintained by github? Where? I don't see it in I don't see it in https://git-scm.com/doc/credential-helpers If you can find the link, and place it into the commit message and/or comment in the code, then we'd be able to track down actual usage of the variable in the future when needed. Alex
On 08.10.24 11:01, Alexander Kanavin wrote: > On Mon, 7 Oct 2024 at 23:44, Oliver Kästner via lists.openembedded.org > <git=oliver-kaestner.de@lists.openembedded.org> wrote: >> GitHub Codespaces use a Git credential helper that provides access to >> authorized private GitHub repos. To do this, it requires access to the >> `GITHUB_TOKEN` env var, so add it to FETCH_EXPORT_VARS. >> >> Which fetcher would be using this environment variable? Presumably it >> would be picked up by some external executable run by one of the >> fetchers, which one is that? >> >> Alex >> >> You're right, it's the git fetcher calling the host system's git executable, which uses the configured `credential.helper=/.codespaces/bin/gitcredential_github.sh`. This script only contains: >> >> #!/bin/sh >> echo protocol=https >> echo host=github.com >> echo path= >> echo username=PersonalAccessToken >> echo password=$GITHUB_TOKEN >> >> That's why we need to retain the GITHUB_TOKEN env var. > Thanks, where is this gitcredential_github.sh coming from though? Is > it an official script maintained by github? Where? I don't see it in I > don't see it in https://git-scm.com/doc/credential-helpers > > If you can find the link, and place it into the commit message and/or > comment in the code, then we'd be able to track down actual usage of > the variable in the future when needed. > > Alex I couldn't find a source for this script. I assume it is injected into the Codespaces container at creation time. However, the script is mentioned in the GitHub docs: https://docs.github.com/en/codespaces/troubleshooting/troubleshooting-gpg-verification-for-github-codespaces#checking-for-conflicting-configuration Please let me know if you think that this reference should be part of the commit. Oliver
On Sat, 12 Oct 2024 at 17:29, Oliver Kästner via lists.openembedded.org <git=oliver-kaestner.de@lists.openembedded.org> wrote: > I couldn't find a source for this script. I assume it is injected into the Codespaces container at creation time. However, the script is mentioned in the GitHub docs: https://docs.github.com/en/codespaces/troubleshooting/troubleshooting-gpg-verification-for-github-codespaces#checking-for-conflicting-configuration > > Please let me know if you think that this reference should be part of the commit. How is this environment set up in the first place? Is it on your local machine, or is it something that github magically creates and lets you access remotely? Alex
On 12.10.24 18:06, Alexander Kanavin wrote: > On Sat, 12 Oct 2024 at 17:29, Oliver Kästner via > lists.openembedded.org <git=oliver-kaestner.de@lists.openembedded.org> > wrote: > >> I couldn't find a source for this script. I assume it is injected into the Codespaces container at creation time. However, the script is mentioned in the GitHub docs: https://docs.github.com/en/codespaces/troubleshooting/troubleshooting-gpg-verification-for-github-codespaces#checking-for-conflicting-configuration >> >> Please let me know if you think that this reference should be part of the commit. > > How is this environment set up in the first place? Is it on your local > machine, or is it something that github magically creates and lets you > access remotely? > > Alex > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#16674): https://lists.openembedded.org/g/bitbake-devel/message/16674 > Mute This Topic: https://lists.openembedded.org/mt/108858120/9002280 > Group Owner: bitbake-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/bitbake-devel/unsub [git@oliver-kaestner.de] > -=-=-=-=-=-=-=-=-=-=-=- > Simply put, GitHub Codespaces are Docker containers with a VS Code server that run on GitHub's infrastructure. You can launch a Codespace directly from the GitHub web UI and use VS Code in the browser or connect to it with a VS Code instance running locally. It checks out the selected repo and lets you work inside the container as you like. You can use an own container image (e.g. crops/poky) and thus get a pre-configured development system that you can use from any client system, even Chromebooks. In the free tier, users have free 120 "CPU hours" each month, and enterprise users on a pay-as-you-go basis. Oliver
On Sat, 12 Oct 2024 at 18:38, Oliver Kästner <git@oliver-kaestner.de> wrote: > Simply put, GitHub Codespaces are Docker containers with a VS Code > server that run on GitHub's infrastructure. You can launch a Codespace > directly from the GitHub web UI and use VS Code in the browser or > connect to it with a VS Code instance running locally. It checks out the > selected repo and lets you work inside the container as you like. You > can use an own container image (e.g. crops/poky) and thus get a > pre-configured development system that you can use from any client > system, even Chromebooks. > In the free tier, users have free 120 "CPU hours" each month, and > enterprise users on a pay-as-you-go basis. Thank you, now I understand what it's for. Please put any relevant links and additional information (e.g. location and content of the script helper) into the commit message and resend. Alex
diff --git a/lib/bb/fetch2/__init__.py b/lib/bb/fetch2/__init__.py index 33a8086f2..06687b018 100644 --- a/lib/bb/fetch2/__init__.py +++ b/lib/bb/fetch2/__init__.py @@ -878,6 +878,7 @@ FETCH_EXPORT_VARS = ['HOME', 'PATH', 'AWS_SESSION_TOKEN', 'GIT_CACHE_PATH', 'REMOTE_CONTAINERS_IPC', + 'GITHUB_TOKEN', 'SSL_CERT_DIR'] def get_fetcher_environment(d):
GitHub Codespaces use a Git credential helper that provides access to authorized private GitHub repos. To do this, it requires access to the `GITHUB_TOKEN` env var, so add it to FETCH_EXPORT_VARS. Signed-off-by: Oliver Kästner <git@oliver-kaestner.de> --- lib/bb/fetch2/__init__.py | 1 + 1 file changed, 1 insertion(+)