diff --git a/gitlab/commodore-compile.jsonnet b/gitlab/commodore-compile.jsonnet index 0ccc732..2e39269 100644 --- a/gitlab/commodore-compile.jsonnet +++ b/gitlab/commodore-compile.jsonnet @@ -46,10 +46,28 @@ local gitInsteadOf(cluster) = else if https_catalog != null then // set an insteadOf which injects credentials if we have a catalog URL // that's already HTTPS in Lieutenant. + local replacement = 'https://%(catalog_user)s:%(access_token)s@%(https_catalog)s' % { + catalog_user: cluster_access_user, + access_token: cluster_access_token, + https_catalog: https_catalog, + }; [ - 'git config --global url."https://%(catalog_user)s:%(access_token)s@%(https_catalog)s".insteadOf https://%(https_catalog)s' % { - catalog_user: cluster_access_user, - access_token: cluster_access_token, + // Overide the original https:// URL for fetch and clone. Note that we + // use `git config --add` here so we can configure two `insteadOf` for + // the same replacement URL. + 'git config --add --global url."%(replacement)s".insteadOf https://%(https_catalog)s' % { + replacement: replacement, + https_catalog: https_catalog, + }, + // We need to configure an additional insteadOf for the ssh://git@ + // variant of a HTTPS catalog URL since Commodore will optimistically + // rewrite all HTTPS Git URLs to have their ssh://git@ equivalent as + // the push URL to make local component development easier. + // Note that we can't use `pushInsteadOf` here, since Git ignores + // `pushInsteadOf` configs for remotes that have an explicit + // `pushurl`. + 'git config --add --global url."%(replacement)s".insteadOf ssh://git@%(https_catalog)s' % { + replacement: replacement, https_catalog: https_catalog, }, ] diff --git a/gitlab/tests/golden/external-catalog.yml b/gitlab/tests/golden/external-catalog.yml index dfe5f1c..f064511 100644 --- a/gitlab/tests/golden/external-catalog.yml +++ b/gitlab/tests/golden/external-catalog.yml @@ -21,7 +21,8 @@ ], "script": [ "git config --global url.\"https://gitlab-ci-token:${CI_JOB_TOKEN}@git.vshn.net:80\".insteadOf ssh://git@${CI_SERVER_SHELL_SSH_HOST}", - "git config --global url.\"https://${ACCESS_USER_c_cluster_id_1111:-token}:${ACCESS_TOKEN_c_cluster_id_1111}@git.vshn.net/cluster-catalogs/c-cluster-id-1111.git\".insteadOf https://git.vshn.net/cluster-catalogs/c-cluster-id-1111.git", + "git config --add --global url.\"https://${ACCESS_USER_c_cluster_id_1111:-token}:${ACCESS_TOKEN_c_cluster_id_1111}@git.vshn.net/cluster-catalogs/c-cluster-id-1111.git\".insteadOf https://git.vshn.net/cluster-catalogs/c-cluster-id-1111.git", + "git config --add --global url.\"https://${ACCESS_USER_c_cluster_id_1111:-token}:${ACCESS_TOKEN_c_cluster_id_1111}@git.vshn.net/cluster-catalogs/c-cluster-id-1111.git\".insteadOf ssh://git@git.vshn.net/cluster-catalogs/c-cluster-id-1111.git", "/usr/local/bin/entrypoint.sh commodore catalog compile --tenant-repo-revision-override $CI_COMMIT_SHA c-cluster-id-1111", "(cd catalog/ && git --no-pager diff --staged --output ../diff.txt)" ], @@ -48,7 +49,8 @@ ], "script": [ "git config --global url.\"https://gitlab-ci-token:${CI_JOB_TOKEN}@git.vshn.net:80\".insteadOf ssh://git@${CI_SERVER_SHELL_SSH_HOST}", - "git config --global url.\"https://${ACCESS_USER_c_cluster_id_1111:-token}:${ACCESS_TOKEN_c_cluster_id_1111}@git.vshn.net/cluster-catalogs/c-cluster-id-1111.git\".insteadOf https://git.vshn.net/cluster-catalogs/c-cluster-id-1111.git", + "git config --add --global url.\"https://${ACCESS_USER_c_cluster_id_1111:-token}:${ACCESS_TOKEN_c_cluster_id_1111}@git.vshn.net/cluster-catalogs/c-cluster-id-1111.git\".insteadOf https://git.vshn.net/cluster-catalogs/c-cluster-id-1111.git", + "git config --add --global url.\"https://${ACCESS_USER_c_cluster_id_1111:-token}:${ACCESS_TOKEN_c_cluster_id_1111}@git.vshn.net/cluster-catalogs/c-cluster-id-1111.git\".insteadOf ssh://git@git.vshn.net/cluster-catalogs/c-cluster-id-1111.git", "/usr/local/bin/entrypoint.sh commodore catalog compile --push c-cluster-id-1111" ], "stage": "deploy",