add git cloning

Author: mafredri

go.mod

@@ -10,9 +10,11 @@ replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240702054557-aa55
 
 require (
 	github.com/GoogleContainerTools/kaniko v1.9.2
-	github.com/coder/envbuilder v1.0.0-rc.0.0.20240731115920-cacbcb8fef6c
+	github.com/coder/envbuilder v1.0.0-rc.0.0.20240802153943-5063d1b2ffa0
 	github.com/docker/docker v26.1.4+incompatible
+	github.com/docker/go-connections v0.5.0
 	github.com/go-git/go-billy/v5 v5.5.0
+	github.com/go-git/go-git/v5 v5.12.0
 	github.com/google/go-containerregistry v0.19.1
 	github.com/hashicorp/terraform-plugin-docs v0.19.4
 	github.com/hashicorp/terraform-plugin-framework v1.10.0
@@ -115,7 +117,6 @@ require (
 	github.com/docker/cli v26.1.0+incompatible // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.1 // indirect
-	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
@@ -128,7 +129,6 @@ require (
 	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
 	github.com/go-chi/chi/v5 v5.0.10 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-git/v5 v5.12.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect

go.sum

@@ -186,8 +186,8 @@ github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoC
 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
 github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352 h1:L/EjCuZxs5tOcqqCaASj/nu65TRYEFcTt8qRQfHZXX0=
 github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352/go.mod h1:P1KoQSgnKEAG6Mnd3YlGzAophty+yKA9VV48LpfNRvo=
-github.com/coder/envbuilder v1.0.0-rc.0.0.20240731115920-cacbcb8fef6c h1:wb+i7vP0pl4R4r66dDRK7no86hFfPY+G/tCq8R9M+Cw=
-github.com/coder/envbuilder v1.0.0-rc.0.0.20240731115920-cacbcb8fef6c/go.mod h1:APdfhjDHEF5gkAyhn+9MoCem+qKS84iRkNQ5mBZsajQ=
+github.com/coder/envbuilder v1.0.0-rc.0.0.20240802153943-5063d1b2ffa0 h1:u38vVzEjaFq0or5ooaymKGPlmLH316kePJk/QL4J2bs=
+github.com/coder/envbuilder v1.0.0-rc.0.0.20240802153943-5063d1b2ffa0/go.mod h1:Ta/kWidN9AfB6bCB/1Cx0q+uQqCqFKgzKF2YXj+aGAg=
 github.com/coder/kaniko v0.0.0-20240717115058-0ba2908ca4d3 h1:Q7L6cjKfw3DIyhKIcgCJEmgxnUTBajmMDrHxXvxgBZs=
 github.com/coder/kaniko v0.0.0-20240717115058-0ba2908ca4d3/go.mod h1:YMK7BlxerzLlMwihGxNWUaFoN9LXCij4P+w/8/fNlcM=
 github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs=

internal/provider/cached_image_data_source.go

@@ -13,7 +13,6 @@ import (
 	kconfig "github.com/GoogleContainerTools/kaniko/pkg/config"
 	"github.com/coder/envbuilder"
 	"github.com/coder/envbuilder/constants"
-	ebgit "github.com/coder/envbuilder/git"
 	eblog "github.com/coder/envbuilder/log"
 	eboptions "github.com/coder/envbuilder/options"
 	"github.com/go-git/go-billy/v5/osfs"
@@ -269,13 +268,14 @@ func (d *CachedImageDataSource) Read(ctx context.Context, req datasource.ReadReq
 	// This may require changing this to be a resource instead of a data source.
 	opts := eboptions.Options{
 		// These options are always required
-		CacheRepo:       data.CacheRepo.ValueString(),
-		Filesystem:      osfs.New("/"),
-		ForceSafe:       false, // This should never be set to true, as this may be running outside of a container!
-		GetCachedImage:  true,  // always!
-		Logger:          tfLogFunc(ctx),
-		Verbose:         data.Verbose.ValueBool(),
-		WorkspaceFolder: tmpDir,
+		CacheRepo:           data.CacheRepo.ValueString(),
+		Filesystem:          osfs.New("/"),
+		ForceSafe:           false, // This should never be set to true, as this may be running outside of a container!
+		GetCachedImage:      true,  // always!
+		Logger:              tfLogFunc(ctx),
+		Verbose:             data.Verbose.ValueBool(),
+		WorkspaceFolder:     tmpDir,
+		RemoteRepoBuildMode: true,
 
 		// Options related to compiling the devcontainer
 		BuildContextPath:     data.BuildContextPath.ValueString(),
@@ -316,22 +316,6 @@ func (d *CachedImageDataSource) Read(ctx context.Context, req datasource.ReadReq
 		SkipRebuild:         false,
 	}
 
-	cloneOpts, err := ebgit.CloneOptionsFromOptions(opts)
-	if err != nil {
-		resp.Diagnostics.AddError("Failed to create git clone options", err.Error())
-		return
-	}
-
-	w := ebgit.ProgressWriter(func(line string) { tflog.Info(ctx, line) })
-	defer w.Close()
-	cloneOpts.Progress = w
-
-	err = ebgit.ShallowCloneRepo(ctx, cloneOpts)
-	if err != nil {
-		resp.Diagnostics.AddError("Failed to clone git repository", err.Error())
-		return
-	}
-
 	image, err := envbuilder.RunCacheProbe(ctx, opts)
 	data.Exists = types.BoolValue(err == nil)
 	if err != nil {

internal/provider/provider_test.go

@@ -6,6 +6,7 @@ package provider
 import (
 	"bufio"
 	"context"
+	"fmt"
 	"io"
 	"os"
 	"path/filepath"
@@ -14,19 +15,45 @@ import (
 	"testing"
 
 	"github.com/coder/terraform-provider-envbuilder/testutil/registrytest"
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing"
+	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/hashicorp/terraform-plugin-framework/providerserver"
 	"github.com/hashicorp/terraform-plugin-go/tfprotov6"
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/client"
+	"github.com/docker/go-connections/nat"
 	"github.com/stretchr/testify/require"
 )
 
 const (
 	testContainerLabel = "terraform-provider-envbuilder-test"
 )
 
+// nolint:gosec // Throw-away key for testing. DO NOT REUSE.
+const (
+	testSSHHostKey = `-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDBC7DRHALRN3JJrkDQETyL2Vg5O6QsWTE2YWAt9bIZiAAAAKj5O8yU+TvM
+lAAAAAtzc2gtZWQyNTUxOQAAACDBC7DRHALRN3JJrkDQETyL2Vg5O6QsWTE2YWAt9bIZiA
+AAAED9b0qGgjoDx9YiyCHGBE6ogdnD6IbQsgfaFDI0aE+x3cELsNEcAtE3ckmuQNARPIvZ
+WDk7pCxZMTZhYC31shmIAAAAInRlcnJhZm9ybS1wcm92aWRlci1lbnZidWlsZGVyLXRlc3
+QBAgM=
+-----END OPENSSH PRIVATE KEY-----`
+	testSSHHostPubKey = `ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMELsNEcAtE3ckmuQNARPIvZWDk7pCxZMTZhYC31shmI terraform-provider-envbuilder-test`
+	testSSHUserKey    = `-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCtxz9h0yXzi/HqZBpSkA2xFo28v5W8O4HimI0ZzNpQkwAAAKhv/+X2b//l
+9gAAAAtzc2gtZWQyNTUxOQAAACCtxz9h0yXzi/HqZBpSkA2xFo28v5W8O4HimI0ZzNpQkw
+AAAED/G0HuohvSa8q6NzkZ+wRPW0PhPpo9Th8fvcBQDaxCia3HP2HTJfOL8epkGlKQDbEW
+jby/lbw7geKYjRnM2lCTAAAAInRlcnJhZm9ybS1wcm92aWRlci1lbnZidWlsZGVyLXRlc3
+QBAgM=
+-----END OPENSSH PRIVATE KEY-----`
+	testSSHUserPubKey = `ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3HP2HTJfOL8epkGlKQDbEWjby/lbw7geKYjRnM2lCT terraform-provider-envbuilder-test`
+)
+
 // testAccProtoV6ProviderFactories are used to instantiate a provider during
 // acceptance testing. The factory function will be invoked for every Terraform
 // CLI command executed to create a provider server to which the CLI can
@@ -45,6 +72,8 @@ type testDependencies struct {
 	BuilderImage string
 	RepoDir      string
 	CacheRepo    string
+	GitImage     string
+	SSHDir       string
 }
 
 func setup(t testing.TB, files map[string]string) testDependencies {
@@ -53,44 +82,93 @@ func setup(t testing.TB, files map[string]string) testDependencies {
 	envbuilderImage := getEnvOrDefault("ENVBUILDER_IMAGE", "ghcr.io/coder/envbuilder-preview")
 	envbuilderVersion := getEnvOrDefault("ENVBUILDER_VERSION", "latest")
 	envbuilderImageRef := envbuilderImage + ":" + envbuilderVersion
+	gitImageRef := "rockstorm/git-server:2.45"
 
 	// TODO: envbuilder creates /.envbuilder/bin/envbuilder owned by root:root which we are unable to clean up.
 	// This causes tests to fail.
 	repoDir := t.TempDir()
 	regDir := t.TempDir()
 	reg := registrytest.New(t, regDir)
 	writeFiles(t, files, repoDir)
+	initGitRepo(t, repoDir)
+
+	sshDir := t.TempDir()
+	writeFiles(t, map[string]string{
+		"id_ed25516":      testSSHUserKey,
+		"authorized_keys": testSSHUserPubKey,
+	}, sshDir)
+
 	return testDependencies{
 		BuilderImage: envbuilderImageRef,
 		CacheRepo:    reg + "/test",
 		RepoDir:      repoDir,
+		GitImage:     gitImageRef,
+		SSHDir:       sshDir,
 	}
 }
 
 func seedCache(ctx context.Context, t testing.TB, deps testDependencies) {
 	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
 	require.NoError(t, err, "init docker client")
 	t.Cleanup(func() { _ = cli.Close() })
+
+	ensureImage(ctx, t, cli, deps.GitImage)
 	ensureImage(ctx, t, cli, deps.BuilderImage)
+
+	// TODO(mafredri): Use a dynamic port?
+	sshPort := "2222"
+
+	gitCtr, err := cli.ContainerCreate(ctx, &container.Config{
+		Image: deps.GitImage,
+		Env: []string{
+			"SSH_AUTH_METHODS=publickey",
+		},
+		Labels: map[string]string{
+			testContainerLabel: "true",
+		},
+	}, &container.HostConfig{
+		PortBindings: nat.PortMap{
+			"22/tcp": []nat.PortBinding{{HostIP: "localhost", HostPort: sshPort}},
+		},
+		Binds: []string{
+			deps.RepoDir + ":/srv/git/repo.git",
+			deps.SSHDir + ":/home/git/.ssh",
+		},
+	}, nil, nil, "")
+	require.NoError(t, err, "failed to run git server")
+	t.Cleanup(func() {
+		_ = cli.ContainerRemove(ctx, gitCtr.ID, container.RemoveOptions{
+			RemoveVolumes: true,
+			Force:         true,
+		})
+	})
+	err = cli.ContainerStart(ctx, gitCtr.ID, container.StartOptions{})
+	require.NoError(t, err)
+
 	// Run envbuilder using this dir as a local layer cache
 	ctr, err := cli.ContainerCreate(ctx, &container.Config{
 		Image: deps.BuilderImage,
 		Env: []string{
 			"ENVBUILDER_CACHE_REPO=" + deps.CacheRepo,
-			"ENVBUILDER_DEVCONTAINER_DIR=" + deps.RepoDir,
 			"ENVBUILDER_EXIT_ON_BUILD_FAILURE=true",
 			"ENVBUILDER_INIT_SCRIPT=exit",
+			fmt.Sprintf("ENVBUILDER_GIT_URL=ssh://git@localhost:%s/srv/git/repo.git", sshPort),
+			"ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH=/tmp/ssh/id_ed25516",
 			// FIXME: Enabling this options causes envbuilder to add its binary to the image under the path
 			// /.envbuilder/bin/envbuilder. This file will have ownership root:root and permissions 0o755.
 			// Because of this, t.Cleanup() will be unable to delete the temp dir, causing the test to fail.
 			// "ENVBUILDER_PUSH_IMAGE=true",
 		},
 		Labels: map[string]string{
 			testContainerLabel: "true",
-		}}, &container.HostConfig{
+		},
+	}, &container.HostConfig{
 		NetworkMode: container.NetworkMode("host"),
-		Binds:       []string{deps.RepoDir + ":" + deps.RepoDir},
+		Binds: []string{
+			deps.SSHDir + ":/tmp/ssh",
+		},
 	}, nil, nil, "")
+
 	require.NoError(t, err, "failed to run envbuilder to seed cache")
 	t.Cleanup(func() {
 		_ = cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{
@@ -126,7 +204,6 @@ SCANLOGS:
 			}
 		}
 	}
-
 }
 
 func getEnvOrDefault(env, defVal string) string {
@@ -137,6 +214,8 @@ func getEnvOrDefault(env, defVal string) string {
 }
 
 func writeFiles(t testing.TB, files map[string]string, destPath string) {
+	t.Helper()
+
 	for relPath, content := range files {
 		absPath := filepath.Join(destPath, relPath)
 		d := filepath.Dir(absPath)
@@ -165,3 +244,26 @@ func ensureImage(ctx context.Context, t testing.TB, cli *client.Client, ref stri
 	_, err = io.ReadAll(resp)
 	require.NoError(t, err)
 }
+
+func initGitRepo(t testing.TB, dir string) {
+	t.Helper()
+
+	repo, err := git.PlainInitWithOptions(dir, &git.PlainInitOptions{
+		InitOptions: git.InitOptions{
+			DefaultBranch: plumbing.ReferenceName("refs/heads/main"),
+		},
+	})
+	require.NoError(t, err, "init git repo")
+	wt, err := repo.Worktree()
+	require.NoError(t, err, "get worktree")
+	_, err = wt.Add(".")
+	require.NoError(t, err, "add files")
+	_, err = wt.Commit("initial commit", &git.CommitOptions{
+		Author: &object.Signature{
+			Name:  "test",
+			Email: "[email protected]",
+		},
+	})
+	require.NoError(t, err, "commit files")
+	t.Logf("initialized git repo at %s", dir)
+}