bake: git auth support for remote definitions

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-07-09 21:17:09 +08:00 · 2024-03-28 08:38:35 +01:00
parent 38fbd9a85c
commit 4d39259f8e
3 changed files with 101 additions and 7 deletions
--- a/util/gitutil/testutilserve.go
+++ b/util/gitutil/testutilserve.go
@ -10,11 +10,28 @@ import (
 	"github.com/stretchr/testify/require"
 )

-func GitServeHTTP(c *Git, t testing.TB) (url string) {
+type gitServe struct {
+	token string
+}
+
+type GitServeOpt func(*gitServe)
+
+func WithAccessToken(token string) GitServeOpt {
+	return func(s *gitServe) {
+		s.token = token
+	}
+}
+
+func GitServeHTTP(c *Git, t testing.TB, opts ...GitServeOpt) (url string) {
 	t.Helper()
 	gitUpdateServerInfo(c, t)
 	ctx, cancel := context.WithCancel(context.TODO())

+	gs := &gitServe{}
+	for _, opt := range opts {
+		opt(gs)
+	}
+
 	ready := make(chan struct{})
 	done := make(chan struct{})

@ -28,7 +45,25 @@ func GitServeHTTP(c *Git, t testing.TB) (url string) {
 	go func() {
 		mux := http.NewServeMux()
 		prefix := fmt.Sprintf("/%s/", name)
-		mux.Handle(prefix, http.StripPrefix(prefix, http.FileServer(http.Dir(dir))))
+
+		handler := func(next http.Handler) http.Handler {
+			var tokenChecked bool
+			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				if gs.token != "" && !tokenChecked {
+					t.Logf("git access token to check: %q", gs.token)
+					user, pass, _ := r.BasicAuth()
+					t.Logf("basic auth: user=%q pass=%q", user, pass)
+					if pass != gs.token {
+						http.Error(w, "Unauthorized", http.StatusUnauthorized)
+						return
+					}
+					tokenChecked = true
+				}
+				next.ServeHTTP(w, r)
+			})
+		}
+
+		mux.Handle(prefix, handler(http.StripPrefix(prefix, http.FileServer(http.Dir(dir)))))
 		l, err := net.Listen("tcp", "localhost:0")
 		if err != nil {
 			panic(err)