The --ssh-key-file flag can be specified more than once and the
GITSYNC_SSH_KEY_FILE env var will be parsed like PATH.
Also adds e2e coverage for wrong-key and for multiple keys.
Adapted the "strict" settings, but removed a few exclusions that
aren't relevant here (e.g. zz_generated), and removed the custom
logcheck linter (as we aren't currently using structured logging).
These fix the issues identified by the k/k inspired linter
configuration that we will be adding:
```
pkg/pid1/pid1.go:72:14: ST1005: error strings should not end with punctuation or newlines (stylecheck)
return 0, fmt.Errorf("unhandled exit status: 0x%x\n", status)
^
pkg/pid1/pid1.go:86:21: ST1005: error strings should not end with punctuation or newlines (stylecheck)
return false, 0, fmt.Errorf("wait4(): %w\n", err)
^
main.go:480:34: Error return value of `pflag.CommandLine.MarkDeprecated` is not checked (errcheck)
pflag.CommandLine.MarkDeprecated("branch", "use --ref instead")
^
main.go:483:34: Error return value of `pflag.CommandLine.MarkDeprecated` is not checked (errcheck)
pflag.CommandLine.MarkDeprecated("change-permissions", "use --group-write instead")
^
main.go:486:34: Error return value of `pflag.CommandLine.MarkDeprecated` is not checked (errcheck)
pflag.CommandLine.MarkDeprecated("dest", "use --link instead")
^
main.go:1897:16: Error return value of `io.WriteString` is not checked (errcheck)
io.WriteString(h, s)
^
main.go:555:2: ifElseChain: rewrite if-else to switch statement (gocritic)
if *flDeprecatedBranch != "" && (*flDeprecatedRev == "" || *flDeprecatedRev == "HEAD") {
^
```
Otherwise got:
```
test root is /tmp/git-sync-e2e.228068759
Author identity unknown
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
to set your account's default identity.
```
I believe we print a new line anyway from e.g. envInt, which calls fmt.Fprintln.
Found by staticcheck:
main.go:127:17: error strings should not end with punctuation or newlines (ST1005)
main.go:157:13: error strings should not end with punctuation or newlines (ST1005)
main.go:187:13: error strings should not end with punctuation or newlines (ST1005)
main.go:217:13: error strings should not end with punctuation or newlines (ST1005)
Fix a few misc linter issues:
main_test.go:750:7: Error return value is not checked (errcheck)
touch(dirPath)
^
main_test.go:759:7: Error return value is not checked (errcheck)
touch(filePath)
^
main_test.go:768:7: Error return value is not checked (errcheck)
touch(newfilePath)
^
main.go:2089:3: S1023: redundant `return` statement (gosimple)
return
^
main.go:1935:13: S1039: unnecessary use of fmt.Sprintf (gosimple)
sshCmd += fmt.Sprintf(" -o StrictHostKeyChecking=no")
^
main.go:1152:33: SA1016: os.Kill cannot be trapped (did you mean syscall.SIGTERM?) (staticcheck)
signal.Notify(c, os.Interrupt, os.Kill)
Distroless is stuck on debian 11 - we can do the same thing, more or
less in our own script. Sad that we have to, but here we are.
The net result is a about 8MB smaller and passes e2e and passes trivy.
Previously, errors from askpass and credential storage were being
ignored, causing git clone/fetch to later error with hard-to-read
errors.
Now the error indicates the credential refresh as the problem, and
does not try to sync.
The "origin" remote is implicitly used as the basis for relative-paths
in submodules. It's very subtly documented, and I have no idea if there
are other places where it is used. It seems git really expects it to
exist, so let's just do that.
For each package and binary we need, this pulls in all the files and
deps (shared libs, mostly). The build is slower but the final image is
85 MB (versus 157 MB before). e2e passes. Hopefully less CVE surface.
This is based on scripts used in kubernetes and KinD.
Tim Hockin
Kubernetes Prow Robot
dependabot[bot]
Jiwon Park
justinsb
Karl Isenberg
Ofek Buchnik