git: set token only for main remote access

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 5bf64293f8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
v0.8
Tonis Tiigi 2021-02-19 00:22:02 -08:00 committed by Sebastiaan van Stijn
parent 3da6befd7f
commit 99bc88e139
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
1 changed files with 12 additions and 1 deletions

View File

@ -231,7 +231,7 @@ func (gs *gitSourceHandler) getAuthToken(ctx context.Context, g session.Group) e
if s.token {
dt = []byte("basic " + base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("x-access-token:%s", dt))))
}
gs.auth = []string{"-c", "http.extraheader=Authorization: " + string(dt)}
gs.auth = []string{"-c", "http." + tokenScope(gs.src.Remote) + ".extraheader=Authorization: " + string(dt)}
break
}
return nil
@ -631,3 +631,14 @@ func argsNoDepth(args []string) []string {
}
return out
}
func tokenScope(remote string) string {
// generally we can only use the token for fetching main remote but in case of github.com we do best effort
// to try reuse same token for all github.com remotes. This is the same behavior actions/checkout uses
for _, pfx := range []string{"https://github.com/", "https://www.github.com/"} {
if strings.HasPrefix(remote, pfx) {
return pfx
}
}
return remote
}