Updating git configuration at build time to add token to URL

merwan · May 12, 2023, 5:30pm

Hello,

We are building documentation for a private Rust project A hosted on GitHub which depends on another private GitHub repository B. We don’t want to leak tokens in our source code, so the project A references the project B with a URL which has no GitHub token in it. This is what can be found in the Cargo.toml file:

project-B = { git = "https://GITHUB_TOKEN@github.com/company/project-B.git", tag = "v0.14.0" }

On our local machine and in continuous integration (CircleCI), we change the git configuration to replace the URL with the content of the token with the following command:

MY_GITHUB_TOKEN=abc1234                                                                                                                                                                                        
git config --global url."https://$MY_GITHUB_TOKEN@github.com/".insteadOf "https://GITHUB_TOKEN@github.com/"

Unfortunately, when we build the project in Netlify we don’t know how to do such substitution. We end up with a failed build with (redacted) logs such as:

6:36:33 PM:     Updating git repository `https://GITHUB_TOKEN@github.com/company/project-B.git`
6:36:33 PM: fatal: could not read Password for 'https://GITHUB_TOKEN@github.com': No such device or address
6:36:33 PM: error: failed to get `project-B` as a dependency of package `project-A v1.26.9 (/opt/build/repo/project-A)`
6:36:33 PM: Caused by:
6:36:33 PM:   failed to load source for dependency `project-B`
6:36:33 PM: Caused by:
6:36:33 PM:   Unable to update https://GITHUB_TOKEN@github.com/company/project-B.git?tag=v0.14.0#d1cbfed2
6:36:33 PM: Caused by:
6:36:33 PM:   failed to clone into: /opt/buildhome/.cargo/git/db/project-B-0d086a1f25ee6870
6:36:33 PM: Caused by:
6:36:33 PM:   process didn't exit successfully: `git fetch --force --update-head-ok 'https://GITHUB_TOKEN@github.com/company/project-B.git' '+refs/tags/v0.14.0:refs/remotes/origin/tags/v0.14.0'` (exit status: 128)

Could you help us find a way to update the git configuration during build process?

I suppose we could create a build script in the repository that would fetch the token through an environment variable and run the git config command but some help would be appreciated to avoid going around in circles.

Thank you!

hrishikesh · May 14, 2023, 11:00am

There’s no way to change git config yet, at least not before the build stage. So, you might have rely on generating a build script to either change the git config, or clone the repo without changing git config.

merwan · May 15, 2023, 3:07pm

The build script solution works perfectly. Here is the content of the build script netlify-build-doc.sh we added to the GitHub repository:

#!/usr/bin/env bash

git config --global url."https://$NETLIFY_GITHUB_TOKEN@github.com/".insteadOf "https://GITHUB_TOKEN@github.com/"
cargo doc --no-deps --workspace

Where NETLIFY_GITHUB_TOKEN is an environment variable defined in Netlify with a valid GitHub token.

The build command is then ./netlify-build-doc.sh (make sure to make the file executable).

SamO · May 16, 2023, 6:41pm

thank you for sharing your solution! This is definitely helpful for other users :