Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

source.json interpolation with environment variables #321

Open
yaitskov opened this issue May 23, 2021 · 4 comments
Open

source.json interpolation with environment variables #321

yaitskov opened this issue May 23, 2021 · 4 comments
Labels
enhancement New feature or request

Comments

@yaitskov
Copy link

I spent a few days of integrating a cascade of CI for several projects on gitlab.

The issue is ssh authentication. Every git repo is private.
gitlab has a hack - special user with token.

so if sources.json instead of:

{
 "private-dep": {
   "branch": "master",
   "repo": "ssh://git@gitlab.com/company/private-dep.git",
   "rev": "ed73d970fd13b009ca5829f6b8c1c936c7221032",
   "type": "git"
 },

would contain following:

"repo": "ssh://gitlab-ci-token:$CI_JOB_TOKEN@gitlab.com/company/private-dep.git",

then there is no hassle with ssh keys at all.

Some expression language (mustache?) supporting environment variables would help here a lot.

"repo": "ssh://git$([ -n "$CI_JOB_TOKEN ] && echo "lab-ci-token:$CI_JOB_TOKEN)@gitlab.com/company/private-dep.git",
@nmattia
Copy link
Owner

nmattia commented Jun 4, 2021

That sounds like a good idea. Maybe we can even unify this with the "template" feature used in e.g. URL templates (where <foo> in a string is replaced with the value of the foo attribute).

@refnil refnil added the enhancement New feature or request label Aug 14, 2021
@refnil
Copy link
Collaborator

refnil commented Aug 14, 2021

Some expression language (mustache?) supporting environment variables would help here a lot.

I would be hesitant to bring any expression language during the nix evaluation. It would add that language as a dependency to every niv user.

Then the next idea is implement the interpreter for the expression language in nix itself. That seems like a project in itself.

My proposal to solve this problem would be to add a system of mirror to niv and upgrade the template feature to support environment variable.
In you case, the first mirror would be the regular url ssh://git@gitlab.com/company/private-dep.git and the second would be to modified url for the gitlab-ci ssh://gitlab-ci-token:<CI_JOB_TOKEN>@gitlab.com/company/private-dep.git.
The biggest uncertainty of this approach is that we need to change each fetchers to support mirrors since I don't think we can do it generically in nix.

@zimbatm
Copy link
Contributor

zimbatm commented Aug 14, 2021

Specifically for HTTP fetches, libcurl reads the user's ~/.netcrc file for basic auth type credentials. Maybe Git is also respecting that file?

I'm thinking in terms of addressing the underlying issue.

@adrian-gierakowski
Copy link

adrian-gierakowski commented Aug 15, 2021 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@zimbatm @adrian-gierakowski @refnil @yaitskov @nmattia