def get_credentials(args):
if args.password:
credentials = UserPass(args.username, args.password)
else:
credentials = Keypair(args.ssh_user, args.ssh_key + ".pub",
args.ssh_key, "")
return RemoteCallbacks(credentials=credentials)
def test_user_pass(self):
credentials = UserPass("libgit2", "libgit2")
callbacks = pygit2.RemoteCallbacks(credentials=credentials)
url = 'https://github.com/libgit2/TestGitRepository'
remote = self.repo.create_remote("bb", url)
remote.fetch(callbacks=callbacks)
def test_proxy(testrepo):
credentials = UserPass("libgit2", "libgit2")
callbacks = pygit2.RemoteCallbacks(credentials=credentials)
url = 'https://github.com/libgit2/TestGitRepository'
remote = testrepo.remotes.create("bb", url)
remote.fetch(callbacks=callbacks, proxy='http://localhost:8888')
def __init__(self, settings):
self.repo = "https://github.com/" + settings[
'nixbot.hydra_jobsets_repo']
self.repo_path = settings['nixbot.repo_dir']
self.user = settings['nixbot.bot_name']
self.token = settings['nixbot.github_token']
self.creds = RemoteCallbacks(UserPass(self.user, self.token))
def test_user_pass(self):
credentials = UserPass("libgit2", "libgit2")
callbacks = pygit2.RemoteCallbacks(credentials=credentials)
url = "https://bitbucket.org/libgit2/testgitrepository.git"
remote = self.repo.create_remote("bb", url)
remote.fetch(callbacks=callbacks)
def push_changes(repo_path: Path):
"""Push the repository at repo_path to the remote named origin."""
repo = Repository(repo_path)
remote = repo.remotes['origin']
creds = UserPass('Technical27', GITHUB_TOKEN)
callback = RemoteCallbacks(credentials=creds)
remote.connect(callbacks=callback)
remote.push(['refs/heads/master:refs/heads/master'], callbacks=callback)
def get_credentials(args):
if args.password:
credentials = UserPass(args.username, args.password)
elif args.ssh_agent:
log.info('Using SSH agent with remote user: %s', args.ssh_user)
credentials = KeypairFromAgent(args.ssh_user)
else:
log.info('Using SSH user: %s, key: %s', args.ssh_user, args.ssh_key)
credentials = Keypair(args.ssh_user, args.ssh_key + ".pub",
args.ssh_key, "")
return RemoteCallbacks(credentials=credentials)
def credentials(self, url, username_from_url, allowed_types):
"""
The callback to return a suitable authentication method.
it supports GIT_CREDTYPE_SSH_KEY and GIT_CREDTYPE_USERPASS_PLAINTEXT
GIT_CREDTYPE_SSH_KEY with an ssh agent configured in the env variable SSH_AUTH_SOCK
or with id_rsa and id_rsa.pub in ~/.ssh (password must be the empty string)
GIT_CREDTYPE_USERPASS_PLAINTEXT from the env variables GIT_USERNAME and GIT_PASSWORD
"""
if credentials.GIT_CREDTYPE_SSH_KEY & allowed_types:
if "SSH_AUTH_SOCK" in environ:
# Use ssh agent for authentication
return KeypairFromAgent(username_from_url)
else:
ssh = join(expanduser('~'), '.ssh')
if "QUIT_SSH_KEY_HOME" in environ:
ssh = environ["QUIT_SSH_KEY_HOME"]
# public key is still needed because:
# _pygit2.GitError: Failed to authenticate SSH session:
# Unable to extract public key from private key file:
# Method unimplemented in libgcrypt backend
pubkey = join(ssh, 'id_rsa.pub')
privkey = join(ssh, 'id_rsa')
# check if ssh key is available in the directory
if isfile(pubkey) and isfile(privkey):
return Keypair(username_from_url, pubkey, privkey, "")
else:
raise Exception(
"No SSH keys could be found, please specify SSH_AUTH_SOCK or add keys to "
+ "your ~/.ssh/")
elif credentials.GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types:
if "GIT_USERNAME" in environ and "GIT_PASSWORD" in environ:
return UserPass(environ["GIT_USERNAME"],
environ["GIT_PASSWORD"])
else:
raise Exception(
"Remote requested plaintext username and password authentication but "
+ "GIT_USERNAME or GIT_PASSWORD are not set.")
else:
raise Exception(
"Only unsupported credential types allowed by remote end")
def test_userpass():
username = "******"
password = "******"
cred = UserPass(username, password)
assert (username, password) == cred.credential_tuple
def __init__(self):
self.credentials = UserPass("libgit2", "libgit2")
def test_userpass(self):
username = "******"
password = "******"
cred = UserPass(username, password)
self.assertEqual((username, password), cred.credential_tuple)
def create(event, context):
"""
Place your code to handle Create events here
"""
logger.info(event)
physical_resource_id = 'myResourceId'
response_data = {}
source_url = event['ResourceProperties']['SourceRepoUrl']
source_branch = event['ResourceProperties']['SourceRepoBranch']
source_bucket = event['ResourceProperties']['SourceS3Bucket']
source_key = event['ResourceProperties']['SourceS3Key']
s3_zip_filename = source_key.split('/')[-1]
dest_url = event['ResourceProperties']['DestRepoUrl']
repo_name = event['ResourceProperties']['DestRepoName']
username = event['ResourceProperties']['DestRepoName']
if len(username) >= 64:
raise Exception('Username is longer than 64 chars')
user_id, codecommit_username, password = get_codecommit_credentials(
username, repo_name)
try:
creds = RemoteCallbacks(
credentials=UserPass(codecommit_username, password))
if source_url != "":
repo = pull_repo(source_url, source_branch)
# Uncomment the next line if you want to update your ci files to a minimal default
# setup_ci_config(repo)
else:
# Fetch source from S3
repo = create_repo('/tmp/s3source')
r = requests.get('https://' + s3_region_url() + '/' +
source_bucket + '/' + source_key,
stream=True)
if r.status_code == 200:
with open('/tmp/' + s3_zip_filename, 'wb') as f:
for chunk in r:
f.write(chunk)
else:
raise Exception("cannot fetch zip, s3 returned %s: %s" %
(r.status_code, r.reason))
zip = zipfile.ZipFile('/tmp/' + s3_zip_filename)
zip.extractall(path='/tmp/s3source')
author = Signature('Template Validation Pipeline Clone',
'*****@*****.**')
tree = repo.TreeBuilder().write()
repo.create_commit('HEAD', author, author, 'initial commit', tree,
[])
index = repo.index
index.add_all()
index.write()
tree = index.write_tree()
repo.create_commit('refs/heads/%s' % source_branch, author, author,
'initial commit', tree,
[repo.head.get_object().hex])
while not push_repo(repo, dest_url, creds, source_branch):
logger.info("waiting for git credential propagation...")
sleep(5)
except Exception:
logger.error("Unhandled exception: ", exc_info=1)
raise
delete_codecommit_credentials(user_id, username)
return physical_resource_id, response_data
def credentials(self, url, username_from_url, allowed_types):
global credential_lock
credential_lock.acquire()
msg("@{cf}Fetching@|: %s\n" % escape(textify(url)))
try:
if url not in self.urls:
retry = 0
else:
retry = self.urls[url]
u = urlsplit(url)
query = "protocol=%s\nhost=%s\n" % (u[0], u[1])
while True:
retry += 1
self.urls[url] = retry
if retry == 1:
if allowed_types & GIT_CREDTYPE_SSH_KEY:
return KeypairFromAgent(username_from_url)
if allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT:
private_token = self.get_private_token(url)
if private_token:
return UserPass("rosrepo", private_token)
if retry == 2:
if allowed_types & GIT_CREDTYPE_SSH_KEY:
self.record_permanent_failure(
query, "SSH agent has no acceptable key")
if allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT:
username, password = self.get_cached_credentials(query)
if username is None:
exitcode, stdout, _ = call_process(
["git", "credential", "fill"],
input_data=query,
stdin=PIPE,
stdout=PIPE)
if exitcode != 0:
self.record_permanent_failure(
query, "git credential helper failed")
for line in stdout.split("\n"):
if "=" in line:
key, value = line.split("=", 1)
if key == "username":
username = value
if key == "password":
password = value
if username is not None and password is not None:
exitcode, stdout, _ = call_process(
["git", "credential", "approve"],
input_data=stdout,
stdin=PIPE,
stdout=PIPE)
if username is not None and password is not None:
self.save_working_credentials(
query, username, password)
return UserPass(username, password)
if retry == 3:
if allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT:
exitcode, stdout, _ = call_process(
["git", "credential", "reject"],
input_data=query,
stdin=PIPE,
stdout=PIPE)
self.record_permanent_failure(
query, "invalid username or password")
if retry > 3:
self.record_permanent_failure(
query,
"cannot handle requested authorization credentials")
finally:
credential_lock.release()
def test_user_pass(self):
remote = self.repo.create_remote(
"bb", "https://bitbucket.org/libgit2/testgitrepository.git")
remote.credentials = UserPass("libgit2", "libgit2")
remote.fetch()
def get_credentials(args):
if args.password:
return UserPass(args.username, args.password)
else:
return Keypair(args.ssh_user, args.ssh_key + ".pub", args.ssh_key, "")
def merge_push(pr, base, settings):
MAIN_REPO = "https://github.com/" + settings['nixbot.repo']
PR_REPO = "https://github.com/" + settings['nixbot.pr_repo']
REPO_PATH = settings['nixbot.repo_dir']
user = settings['nixbot.bot_name']
token = settings['nixbot.github_token']
creds = RemoteCallbacks(UserPass(user, token))
path = os.path.join(REPO_PATH, "nixpkgs.git")
try:
log.info('Cloning {} to {}'.format(MAIN_REPO, path))
repo = pygit2.clone_repository(MAIN_REPO,
path,
bare=False,
callbacks=creds)
except ValueError:
repo = pygit2.Repository(path)
log.info('Fetching base repository including PRs')
repo.remotes.add_fetch('origin',
"+refs/pull/*/head:refs/remotes/origin/pr/*")
repo.remotes['origin'].fetch(callbacks=creds)
try:
repo.create_remote('pr', PR_REPO)
except:
pass
log.info('Checking out and resetting to PR base branch')
repo.checkout('refs/heads/{}'.format(base))
repo.reset(
repo.lookup_reference('refs/remotes/origin/{}'.format(base)).target,
pygit2.GIT_RESET_HARD)
base = repo.lookup_branch(base)
log.info('Merging PR {} to base branch'.format(pr))
origin_pr = repo.lookup_reference('refs/remotes/origin/pr/{}'.format(pr))
repo.merge(origin_pr.target)
log.info('Commiting merge')
author = Signature(settings['nixbot.bot_name'], '*****@*****.**')
tree = repo.index.write_tree()
repo.create_commit(base.name, author, author, 'Merge PR #{}'.format(pr),
tree, [repo.head.target, origin_pr.target])
repo.state_cleanup()
remote = repo.remotes['pr']
pr_branch = 'pr-{}'.format(pr)
log.info('Pushing merge to {} branch at {}'.format(pr_branch, PR_REPO))
repo.create_branch(pr_branch, repo.head.get_object(), True)
repo.checkout('refs/heads/{}'.format(pr_branch))
remote.push(['+refs/heads/{b}:refs/heads/{b}'.format(b=pr_branch)],
callbacks=creds)
repo.state_cleanup()
return repo
