Previously, errors from askpass and credential storage were being
ignored, causing git clone/fetch to later error with hard-to-read
errors.
Now the error indicates the credential refresh as the problem, and
either does not try to sync (if no creds) or tries to use previous creds
(if they were fetched at some point).
To do this, we run the e2e test as a different user. To do that, we
need git-sync to make sure that everything is group accessible. To
clean up after the test, we need everything to be group writable. To do
that, we add a new flag: `--group-write`.
Prior to this, it would fail if the 2nd SHA wasn't in the local repo.
Now it doesn't care what the local SHA for rev is, it only cares what is
checked out at HEAD.
Also deref tags on ls-remote
The short story: `ls-remote` for a tag gets us the SHA of the tag, but
`rev-parse HEAD` gets us the SHA of the commit to which that tag is
attached. Those are never equal, so we detect "update needed" every
loop.
Now we ask `ls-remote` for the rev and the dereferenced rev. If that
rev is a branch, the deref does nothing. If that rev is a tag it
produces both results. ls-remote does its own sort, so the deref (if
found) comes after the non-deref. This means that, in both cases, the
last line is the one we want.
Values:
* "auto" - run `git gc --auto` (default, respects git gc.* configs)
* "always" - run `git gc`
* "aggressive" - run `git gc --aggressive` (may require a longer timeout)
* "off" - do not run `git gc` on each sync (good for --one-time use)
When git-sync fails to clone the git project, the ssh diagnostic message
is suppressed. It is sometimes helpful for debugging the cloning issue.
One example of the ssh dianostic message is
```
ssh: Could not resolve hostname ${REPO_HOST}: Name or service not known
```
This commit removes the `-q` flag from the ssh command to expose such
message.
* Avoid writing to /etc/password unless needed
Signed-off-by: Mac Chaffee <me@macchaffee.com>
* Use user.LookupId to check /etc/passwd
Signed-off-by: Mac Chaffee <me@macchaffee.com>
* Remove unused variables
Signed-off-by: Mac Chaffee <me@macchaffee.com>
This is a port of #431.
A new flag `--password-file` is added. This allows git-sync to read
password from file and this is considered as safer than reading from
env or flag directly.
Few more checks are added as well:
1. `--password` and `--password-file` can't be specified at the same
time.
2. If `--username` is specified, then one of `--password` or
`--password-file` must be specified.
When we fetch expecting a rev/hash to be present, defensively check and fail gracefully so that a subsequent sync would get it. Check for missing hash after a git fetch with shallow depth
This is to avoid wedge cases where the worktree was created but this function error'd without cleaning the worktree.
Next timearound, the sync loop fails to create the worktree and bails out.
We observed a case where due to #412, the next sync loop failed with this error:
" Run(git worktree add /repo/root/rev-nnnn origin/develop): exit status 128: { stdout: \"Preparing worktree (detached HEAD nnnn)\\n\", stderr: \"fatal: '/repo/root/rev-nnnn' already exists\\n\" }"
When endpoint returns non-200 status, include the body in the error
message since it can contain useful information for debugging. Also
defer closing the response body ReadCloser as this may have leaked in
the past.
The `git clone` command will create the root directory if it doesn't
exist, but if `git clone` fails, the root directory needs to be present
so that we can write the error to a file under the directory.
The current git-sync process outputs the error information to standard
out, which is inaccessible from outside the container. Users have to
dump the logs using kubectl logs in order to check the error details in
the git-sync process. This commit exports the error details to a file,
which provides users the capability to check the errors directly from
other sidecar containers.
proposal: https://github.com/kubernetes/git-sync/issues/326
Karl Isenberg
Tim Hockin
Kubernetes Prow Robot
sed-i
Nan Yu
Mac Chaffee
yedamo
and-1
Natalie Baker
ugurkenar
barney-s
Brian Kennedy
Spencer Malone