Wanted to finally tackle #54, I sidestepped the problem of how to handle the volume of flags that might be required by instead specifying a sparsecheckout file.
The workflow as I've had has been...
- Do a local sparse checkout, add the files you want ignored (or included on if you did a cone pattern https://git-scm.com/docs/git-sparse-checkout#_cone_pattern_set)
- Grab your .git/info/sparecheckout file, and reserve it for later use with this new flag
It's not quite as easy as specifying it all from a CLI, but I think it's a reasonable first pass.
Here are some logs of it being run on https://github.com/SpencerMalone/logstash-output-prometheus:
```
test-repo % cat sparseconfig
!/*
!/*/
README.md
test-repo % docker run --rm -d \
-v $(pwd)/git-data:/tmp/git \
-v $(pwd):/test \
docker.io/registry/git-sync:tag__linux_amd64 \
--repo=https://github.com/SpencerMalone/logstash-output-prometheus.git \
--branch=master \
--sparse-checkout-file=/test/sparseconfig
41494548dd64caf0ff8f7b75e4d3a86014cfaefc40ff31b14ba19accf99aa82f
test-repo % ls git-data/db86200b1ab158ce9ad403d06de2301b15333601
README.md
```
As you can see, I ignored everything but the `README.md`, and sure enough only got that file in my final checkout.
The current git-sync process outputs the error information to standard
out, which is inaccessible from outside the container. Users have to
dump the logs using kubectl logs in order to check the error details in
the git-sync process. This commit exports the error details to a file,
which provides users the capability to check the errors directly from
other sidecar containers.
proposal: https://github.com/kubernetes/git-sync/issues/326
The current git-sync process outputs the error information to standard
out, which is inaccessible from outside the container. Users have to
dump the logs using kubectl logs in order to check the error details in
the git-sync process. This commit exports the error details to a file,
which provides users the capability to check the errors directly from
other sidecar containers.
proposal: https://github.com/kubernetes/git-sync/issues/326
This allows arbitrary git configs to be passed in. For example:
`git config --global http.postBuffer 1048576000`
`git config --global http.sslCAInfo /path/to/cert/file`
`git config --global http.sslVerify false`
This flag takes a comma-separated list of `key:val` pairs. The key part
is passed to `git config` and must be a valid gitconfig section header
and variable name. The val part can be either a quoted or unquoted
value. For all values the following escape sequences are supported:
* `\n` => [newline]
* `\t` => [tab]
* `\"` => `"`
* `\,` => `,`
* `\\` => `\`
Within unquoted values, commas MUST be escaped. Within quoted values,
commas MAY be escaped, but are not required to be. Any other escape
sequence is an error.
Example:
`--git-config=foo.one:val1,foo.two:"quoted val",foo.three:12345`
This commit exposed a bug in runCommand() which modified its args when
they had an embedded space.
Now that the worktree dirs are the same name as the hash, `git reset`
doesn't know if we are asking for reset-to-hash or reset-the-dir.
Adding "--" makes that unambiguous.
Tests pass now.
Start the process of encapsulating most of the flags and not using them
as global variables. This commit JUST does the git command flag, which
is now only accessed from main()
Add '--period' to replace '--wait', which is now obsolete.
Add '--sync-timeout' to replace '--timeout', which is now obsolete.
Both of these new flags take a Go-style time string, rather than a bare
number. For example "1s" for 1 second or "1m" for one minute.
The old flags have been kept and will take precedence if specified.
THIS IS A BREAKING CHANGE
Switch flags implementation to use pflag. This means that long flags
like `-username` must now use 2 dashes: `--username`.
The `-v` flag (verbose) used to accept `-v` or `--v`. Now it only
accepts `-v.
The `--help` and `-h` flags are new.
The `--man` flag is new (print a man-page like help message).
Several glog flags which used to be exposed (e.g. --logtostderr) are no
longer exposed. Logs always go to stderr.
* add option to NOT recursively clone submodules
* Add "shallow" and "off" modes to submodule clone
* update readme to reflect new flag
* wording and such feedback
1) Was calling Wait() on the child process, but also calling Wait4,
which would race, causing an occasional error or panic.
2) In testing (1), I observed occasional hangs. Tracing it down to a
SIGWINCH, which masked a SIGCHLD, causing it to hang. Both seem fixed.
Added a manual test script.
It specifies a HTTP URL which will return username&password which will
be used to authenticate access to the git repo.
This is mainly used for git repo accecpt dynamic password (for example
oauth bare token). Because the dynamic password might expire very soon,
so it's added to the main syncRepo loop.
Typical usage case is work with a sidecar called gce-node-auth on GKE,
it uses the GCE service account's oauth token as password to access
Cloud Source Repo.
Please see the repo below for how it worked.
https://github.com/cydu-cloud/gce-node-auth/blob/master/git-sync-with-gce-node-auth.yaml
This detects when it is running as pid 1, and becomes an init process.
Specifically this means handling SIGCHLD and reaping processes
(otherwise they become zombies) and forwarding signals to "real"
process.
We fork and re-exec ourselves so that we only get *this* SIGCHLD for
orphaned processes (re-parented to 1) and not the real events from
running things like git or ssh.
Old code used to exit at any error seen on first sync attempt. This
didn't prove useful in practice, so removing that special case.
This may make git-sync slower to recover after user fixes a
non-retryable error, as now flMaxSyncFailures are needed before the pod
fails. It may make sense in practice.
Fixes#161, in a different way than is proposed in PR #162.
* Create a git-sync user to run as, with an entry in /etc/passwd and
writable homedir
* Remove our own validation of key perms - let SSH do that.
* Update docs,
Tim Hockin
Nan Yu
Kubernetes Prow Robot
unknowingknow
alix.cook11
windayski
Kyle Zhu
Reuben Thomas-Davis
Chuanying Du
Michael Peick
Igor Zibarev
Michal Lula
Filip Filmar