Merge branch 'main' of github.com:coder/envbuilder into bq/docs

Author: BrunoQuaresma

devcontainer/devcontainer_test.go

@@ -12,7 +12,7 @@ import (
 
 	"github.com/coder/envbuilder/devcontainer"
 	"github.com/coder/envbuilder/devcontainer/features"
-	"github.com/coder/envbuilder/registrytest"
+	"github.com/coder/envbuilder/testutil/registrytest"
 	"github.com/go-git/go-billy/v5/memfs"
 	"github.com/google/go-containerregistry/pkg/name"
 	v1 "github.com/google/go-containerregistry/pkg/v1"

devcontainer/features/features_test.go

@@ -5,7 +5,7 @@ import (
 	"testing"
 
 	"github.com/coder/envbuilder/devcontainer/features"
-	"github.com/coder/envbuilder/registrytest"
+	"github.com/coder/envbuilder/testutil/registrytest"
 	"github.com/go-git/go-billy/v5/memfs"
 	"github.com/stretchr/testify/require"
 )

envbuilder.go

@@ -198,13 +198,8 @@ func Run(ctx context.Context, c *Config, fs billy.Filesystem, logger Logger) err
 		}
 
 		if c.GitUsername != "" || c.GitPassword != "" {
-			gitURL, err := url.Parse(c.GitURL)
-			if err != nil {
-				return fmt.Errorf("parse git url: %w", err)
-			}
-			gitURL.User = url.UserPassword(c.GitUsername, c.GitPassword)
-			c.GitURL = gitURL.String()
-
+			// NOTE: we previously inserted the credentials into the repo URL.
+			// This was removed in https://github.com/coder/envbuilder/pull/141
 			cloneOpts.RepoAuth = &githttp.BasicAuth{
 				Username: c.GitUsername,
 				Password: c.GitPassword,

git_test.go

@@ -2,74 +2,168 @@ package envbuilder_test
 
 import (
 	"context"
+	"fmt"
 	"io"
 	"net/http/httptest"
+	"net/url"
 	"os"
+	"regexp"
 	"testing"
-	"time"
 
 	"github.com/coder/envbuilder"
-	"github.com/coder/envbuilder/gittest"
+	"github.com/coder/envbuilder/testutil/gittest"
+	"github.com/go-git/go-billy/v5"
 	"github.com/go-git/go-billy/v5/memfs"
-	"github.com/go-git/go-git/v5"
-	"github.com/go-git/go-git/v5/plumbing/object"
+	githttp "github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/stretchr/testify/require"
 )
 
 func TestCloneRepo(t *testing.T) {
 	t.Parallel()
 
-	t.Run("Clones", func(t *testing.T) {
-		t.Parallel()
+	for _, tc := range []struct {
+		name        string
+		srvUsername string
+		srvPassword string
+		username    string
+		password    string
+		mungeURL    func(*string)
+		expectError string
+		expectClone bool
+	}{
+		{
+			name:        "no auth",
+			expectClone: true,
+		},
+		{
+			name:        "auth",
+			srvUsername: "user",
+			srvPassword: "password",
+			username:    "user",
+			password:    "password",
+			expectClone: true,
+		},
+		{
+			name:        "auth but no creds",
+			srvUsername: "user",
+			srvPassword: "password",
+			expectClone: false,
+			expectError: "authentication required",
+		},
+		{
+			name:        "invalid auth",
+			srvUsername: "user",
+			srvPassword: "password",
+			username:    "notuser",
+			password:    "notpassword",
+			expectClone: false,
+			expectError: "authentication required",
+		},
+		{
+			name:        "tokenish username",
+			srvUsername: "tokentokentoken",
+			srvPassword: "",
+			username:    "tokentokentoken",
+			password:    "",
+			expectClone: true,
+		},
+	} {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
 
-		serverFS := memfs.New()
-		repo := gittest.NewRepo(t, serverFS)
-		tree, err := repo.Worktree()
-		require.NoError(t, err)
+			// We do not overwrite a repo if one is already present.
+			t.Run("AlreadyCloned", func(t *testing.T) {
+				srvFS := memfs.New()
+				_ = gittest.NewRepo(t, srvFS, gittest.Commit(t, "README.md", "Hello, world!", "Wow!"))
+				authMW := gittest.BasicAuthMW(tc.srvUsername, tc.srvPassword)
+				srv := httptest.NewServer(authMW(gittest.NewServer(srvFS)))
+				clientFS := memfs.New()
+				// A repo already exists!
+				_ = gittest.NewRepo(t, clientFS)
+				cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+					Path:    "/",
+					RepoURL: srv.URL,
+					Storage: clientFS,
+				})
+				require.NoError(t, err)
+				require.False(t, cloned)
+			})
 
-		gittest.WriteFile(t, serverFS, "README.md", "Hello, world!")
-		_, err = tree.Add("README.md")
-		require.NoError(t, err)
-		commit, err := tree.Commit("Wow!", &git.CommitOptions{
-			Author: &object.Signature{
-				Name:  "Example",
-				Email: "[email protected]",
-				When:  time.Now(),
-			},
-		})
-		require.NoError(t, err)
-		_, err = repo.CommitObject(commit)
-		require.NoError(t, err)
+			// Basic Auth
+			t.Run("BasicAuth", func(t *testing.T) {
+				t.Parallel()
+				srvFS := memfs.New()
+				_ = gittest.NewRepo(t, srvFS, gittest.Commit(t, "README.md", "Hello, world!", "Wow!"))
+				authMW := gittest.BasicAuthMW(tc.srvUsername, tc.srvPassword)
+				srv := httptest.NewServer(authMW(gittest.NewServer(srvFS)))
+				clientFS := memfs.New()
 
-		srv := httptest.NewServer(gittest.NewServer(serverFS))
+				cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+					Path:    "/workspace",
+					RepoURL: srv.URL,
+					Storage: clientFS,
+					RepoAuth: &githttp.BasicAuth{
+						Username: tc.username,
+						Password: tc.password,
+					},
+				})
+				require.Equal(t, tc.expectClone, cloned)
+				if tc.expectError != "" {
+					require.ErrorContains(t, err, tc.expectError)
+					return
+				}
+				require.NoError(t, err)
+				require.True(t, cloned)
 
-		clientFS := memfs.New()
-		cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
-			Path:    "/workspace",
-			RepoURL: srv.URL,
-			Storage: clientFS,
-		})
-		require.NoError(t, err)
-		require.True(t, cloned)
+				readme := mustRead(t, clientFS, "/workspace/README.md")
+				require.Equal(t, "Hello, world!", readme)
+				gitConfig := mustRead(t, clientFS, "/workspace/.git/config")
+				// Ensure we do not modify the git URL that folks pass in.
+				require.Regexp(t, fmt.Sprintf(`(?m)^\s+url\s+=\s+%s\s*$`, regexp.QuoteMeta(srv.URL)), gitConfig)
+			})
+
+			// In-URL-style auth e.g. http://user:password@host:port
+			t.Run("InURL", func(t *testing.T) {
+				t.Parallel()
+				srvFS := memfs.New()
+				_ = gittest.NewRepo(t, srvFS, gittest.Commit(t, "README.md", "Hello, world!", "Wow!"))
+				authMW := gittest.BasicAuthMW(tc.srvUsername, tc.srvPassword)
+				srv := httptest.NewServer(authMW(gittest.NewServer(srvFS)))
 
-		file, err := clientFS.OpenFile("/workspace/README.md", os.O_RDONLY, 0644)
-		require.NoError(t, err)
-		defer file.Close()
-		content, err := io.ReadAll(file)
-		require.NoError(t, err)
-		require.Equal(t, "Hello, world!", string(content))
-	})
+				authURL, err := url.Parse(srv.URL)
+				require.NoError(t, err)
+				authURL.User = url.UserPassword(tc.username, tc.password)
+				clientFS := memfs.New()
 
-	t.Run("DoesntCloneIfRepoExists", func(t *testing.T) {
-		t.Parallel()
-		clientFS := memfs.New()
-		gittest.NewRepo(t, clientFS)
-		cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
-			Path:    "/",
-			RepoURL: "https://example.com",
-			Storage: clientFS,
+				cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+					Path:    "/workspace",
+					RepoURL: authURL.String(),
+					Storage: clientFS,
+				})
+				require.Equal(t, tc.expectClone, cloned)
+				if tc.expectError != "" {
+					require.ErrorContains(t, err, tc.expectError)
+					return
+				}
+				require.NoError(t, err)
+				require.True(t, cloned)
+
+				readme := mustRead(t, clientFS, "/workspace/README.md")
+				require.Equal(t, "Hello, world!", readme)
+				gitConfig := mustRead(t, clientFS, "/workspace/.git/config")
+				// Ensure we do not modify the git URL that folks pass in.
+				require.Regexp(t, fmt.Sprintf(`(?m)^\s+url\s+=\s+%s\s*$`, regexp.QuoteMeta(authURL.String())), gitConfig)
+			})
 		})
-		require.NoError(t, err)
-		require.False(t, cloned)
-	})
+	}
+}
+
+func mustRead(t *testing.T, fs billy.Filesystem, path string) string {
+	t.Helper()
+	f, err := fs.OpenFile(path, os.O_RDONLY, 0644)
+	require.NoError(t, err)
+	content, err := io.ReadAll(f)
+	require.NoError(t, err)
+	return string(content)
 }