Old way:
- ls-remote $ref $ref^{} and parse
- compare to current
- if changed, fetch
- update worktree
New way:
- fetch $ref
- compare to current
- if change, update worktree
The --ssh-key-file flag can be specified more than once and the
GITSYNC_SSH_KEY_FILE env var will be parsed like PATH.
Also adds e2e coverage for wrong-key and for multiple keys.
Otherwise got:
```
test root is /tmp/git-sync-e2e.228068759
Author identity unknown
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
to set your account's default identity.
```
Distroless is stuck on debian 11 - we can do the same thing, more or
less in our own script. Sad that we have to, but here we are.
The net result is a about 8MB smaller and passes e2e and passes trivy.
Previously, errors from askpass and credential storage were being
ignored, causing git clone/fetch to later error with hard-to-read
errors.
Now the error indicates the credential refresh as the problem, and
does not try to sync.
The "origin" remote is implicitly used as the basis for relative-paths
in submodules. It's very subtly documented, and I have no idea if there
are other places where it is used. It seems git really expects it to
exist, so let's just do that.
This ensures we do not miss events. E.g.
before:
t0: hash changes to X
t1: send webhook(X), waiting for response
t2: hash changes to Y
t3: queue next webhook(Y) but can't send because previous is not done
t4: crash
t5: restart
t6: find repo at hash Y
no webhook(Y) was sent.
after:
t0: hash changes to X
t1: send webhook(X), waiting for response
t2: hash changes to Y
t3: queue next webhook(Y) but can't send because previous is not done
t4: crash
t5: restart
t6: find repo at hash Y
t7: send webhook(Y), waiting for response
To do this, we run the e2e test as a different user. To do that, we
need git-sync to make sure that everything is group accessible. To
clean up after the test, we need everything to be group writable. To do
that, we add a new flag: `--group-write`.
The previous (v3) sync loop betrays my lack of understanding about git.
It tried to codify my archaic mental model (e.g. --branch and --rev
being disting things) and was ultimately a patchwork of corner-cases
evolved over a few years.
This commit is less of a "diff" and more of a "rewrite".
The new logic is simpler and more efficient. It does not `git clone`
ever. It does not differentiate the first sync from subsequent syncs.
It uses `git fetch` to get the exact SHA and then makes a worktree from
that.
The new `--ref` flag replaces both `--rev` and `--branch`, though it
will use those if specified. In fact, almost all of the e2e tests
passed without change - using --ref and --branch!
I will follow this commit up with more cleanups and e2es.
Thanks, bash, for supporting `<` and `>` and making them NOT mean the
obvious thing.
This shows up when you set RUNS=10:
`[[ 2 < 10 ]]` is false
`(( 2 < 10 ))` is true
Tim Hockin
Aleksandar Markovski
justinsb
Karl Isenberg
Sacha Viscaino