Gitlab oauth2:token being written to .git/config file after cloning #126

ns-mkusper · 2024-04-15T15:45:25Z

I'm using envbuilder 0.2.9 and allowing my users to set the branch portion of the GIT_URL (by using a parameter in the #refs/heads/${data.coder_parameter.repo_branch.value} value) in new workspaces via the form parameters. This works, but when the repo gets cloned the credentials I set to GIT_USERNAME and GIT_PASSWORD for envbuilder to be able to pull the repo are written to .git/config (as explained in the readme ) which then overrides any token refreshing as the config takes priority over GIT_ASKPASS.

As a workaround I am just clearing this via a startup script, but this seems to be a bug.

The text was updated successfully, but these errors were encountered:

bpmct · 2024-04-18T23:39:13Z

related #91

coder-labeler bot added the bug label Apr 15, 2024

bpmct mentioned this issue Apr 18, 2024

Envbuilder v1.0 release #132

Closed

36 tasks

mtojek assigned johnstcn Apr 19, 2024

johnstcn mentioned this issue Apr 24, 2024

fix: do not inject GIT_USERNAME and GIT_PASSWORD into git clone URL #141

Merged

johnstcn closed this as completed in #141 Apr 25, 2024

matifali removed the bug label Oct 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Gitlab oauth2:token being written to .git/config file after cloning #126

Gitlab oauth2:token being written to .git/config file after cloning #126

ns-mkusper commented Apr 15, 2024

bpmct commented Apr 18, 2024

Gitlab oauth2:token being written to .git/config file after cloning #126

Gitlab oauth2:token being written to .git/config file after cloning #126

Comments

ns-mkusper commented Apr 15, 2024

bpmct commented Apr 18, 2024