From 422f89cec19b6e0fb8dfd75a33a8c59b5465f72d Mon Sep 17 00:00:00 2001 From: Scott Little Date: Fri, 9 Sep 2022 11:03:14 -0400 Subject: [PATCH] Add access-token option to branching tools Github now requires the use of an access token for the automated push of branches and tags. The alternative is a password prompt for each git in the middle of the tool run. Closes-bug: 1997483 Signed-off-by: Scott Little Change-Id: Ife396dfed48a941df4c1e82eef7860017a4ff213 --- build-tools/branching/push_branches_tags.sh | 31 +++++++++++++++++++-- build-tools/branching/push_tags.sh | 27 ++++++++++++++++-- build-tools/git-utils.sh | 13 +++++++++ 3 files changed, 66 insertions(+), 5 deletions(-) diff --git a/build-tools/branching/push_branches_tags.sh b/build-tools/branching/push_branches_tags.sh index 3d73bec3..4597cf6d 100755 --- a/build-tools/branching/push_branches_tags.sh +++ b/build-tools/branching/push_branches_tags.sh @@ -25,7 +25,7 @@ usage () { echo " [ --exclude-projects= ]" echo " [ --manifest [ --manifest-file= ] ]" echo " [ --bypass-gerrit] [--safe-gerrit-host=]" - echo " [ --dry-run ]" + echo " [ --access-token=: ] [ --dry-run ]" echo "" echo "Push a pre-existing branch and tag into all listed projects, and all" echo "projects hosted by all listed remotes, minus excluded projects." @@ -42,10 +42,13 @@ usage () { echo "--safe-gerrit-host allows one to specify host names of gerrit servers" echo "that are safe to push reviews to." echo "" + echo "--access-token can be used to supply an access token for direct (non-gerrit) push attempts" + echo " to specific remotes. e.g. github now requires this" + echo "" echo "--dry-run will print out git push commands without executing them" } -TEMP=$(getopt -o h,n --long remotes:,projects:,exclude-projects:,branch:,tag:,bypass-gerrit,manifest,manifest-file:,safe-gerrit-host:,help,dry-run -n 'push_branches_tags.sh' -- "$@") +TEMP=$(getopt -o h,n --long remotes:,projects:,exclude-projects:,branch:,tag:,bypass-gerrit,manifest,manifest-file:,safe-gerrit-host:,help,access-token:,dry-run -n 'push_branches_tags.sh' -- "$@") if [ $? -ne 0 ]; then echo_stderr "ERROR: getopt failure" usage @@ -64,6 +67,7 @@ branch="" tag="" manifest="" repo_root_dir="" +declare -A access_token safe_gerrit_hosts=() while true ; do @@ -79,6 +83,15 @@ while true ; do --manifest) MANIFEST=1 ; shift ;; --manifest-file) repo_set_manifest_file "$2" ; shift 2;; --safe-gerrit-host) safe_gerrit_hosts+=("$2") ; shift 2;; + --access-token) val=$2 + at_remote=$(echo "$val" | cut -d ':' -f 1) + at_token=$(echo "$val" | cut -d ':' -f 2) + if [ -z "$at_token" ]; then + usage + exit 1 + fi + access_token["$at_remote"]="$at_token" + shift 2 ;; --) shift ; break ;; *) usage; exit 1 ;; esac @@ -252,12 +265,26 @@ for subgit in $SUBGITS; do echo "git review --topic=${branch/\//.}" && \ $DRY_RUN_CMD with_retries -d 45 -t 15 -k 5 5 git review --topic="${branch/\//.}" else + if [ "${access_token[${review_remote}]}" != "" ]; then + git_set_push_url_with_access_token "${review_remote}" "${access_token[${review_remote}]}" + if [ $? != 0 ]; then + echo_stderr "ERROR: Failed to set url with access token for remote '${review_remote}' in ${subgit}" + exit 1 + fi + fi echo "git push ${review_remote} ${branch}:${branch} $DRY_RUN" && \ with_retries -d 45 -t 15 -k 5 5 git push ${review_remote} ${branch}:${branch} $DRY_RUN && \ echo "git push ${review_remote} ${tag}:${tag} $DRY_RUN" && \ with_retries -d 45 -t 15 -k 5 5 git push ${review_remote} ${tag}:${tag} $DRY_RUN fi else + if [ "${access_token[${remote}]}" != "" ]; then + git_set_push_url_with_access_token "${remote}" "${access_token[${remote}]}" + if [ $? != 0 ]; then + echo_stderr "ERROR: Failed to set url with access token for remote '${remote}' in ${subgit}" + exit 1 + fi + fi echo "git push ${remote} ${branch}:${branch} $DRY_RUN" && \ with_retries -d 45 -t 15 -k 5 5 git push ${remote} ${branch}:${branch} $DRY_RUN && \ echo "git push ${remote} ${tag}:${tag} $DRY_RUN" && \ diff --git a/build-tools/branching/push_tags.sh b/build-tools/branching/push_tags.sh index f2deb9be..0902bdd6 100755 --- a/build-tools/branching/push_tags.sh +++ b/build-tools/branching/push_tags.sh @@ -23,12 +23,15 @@ usage () { echo " [ --exclude-projects= ]" echo " [ --manifest [ --manifest-file= ] [--manifest-prefix ]]" echo " [ --bypass-gerrit ] [--safe-gerrit-host=]" - echo " [ --dry-run ]" + echo " [ --access-token=: ] [ --dry-run ]" echo " " echo "Push a pre-existing git tag into all listed projects, and all projects" echo "hosted by all listed remotes, minus excluded projects." echo "Lists are comma separated." echo "" + echo "--access-token can be used to supply an access token for direct (non-gerrit) push attempts" + echo " to specific remotes. e.g. github now requires this" + echo "" echo "A manifest push can also be requested." echo "" echo "--manifest-file may be used to override the manifest file to be updated." @@ -38,7 +41,7 @@ usage () { } -TEMP=$(getopt -o h,n --long remotes:,projects:,exclude-projects:,tag:,manifest,manifest-file:,manifest-prefix:,bypass-gerrit,safe-gerrit-host:,help,dry-run -n 'push_tags.sh' -- "$@") +TEMP=$(getopt -o h,n --long remotes:,projects:,exclude-projects:,tag:,manifest,manifest-file:,manifest-prefix:,bypass-gerrit,safe-gerrit-host:,access-token:,help,dry-run -n 'push_tags.sh' -- "$@") if [ $? -ne 0 ]; then echo_stderr "ERROR: getopt failure" usage @@ -58,6 +61,7 @@ manifest="" manifest_prefix="" new_manifest="" repo_root_dir="" +declare -A access_token safe_gerrit_hosts=() while true ; do @@ -73,6 +77,15 @@ while true ; do --manifest-file) repo_set_manifest_file "$2"; shift 2;; --manifest-prefix) manifest_prefix=$2; shift 2;; --safe-gerrit-host) safe_gerrit_hosts+=("$2") ; shift 2 ;; + --access-token) val=$2 + at_remote=$(echo "$val" | cut -d ':' -f 1) + at_token=$(echo "$val" | cut -d ':' -f 2) + if [ -z "$at_token" ]; then + usage + exit 1 + fi + access_token["$at_remote"]="$at_token" + shift 2 ;; --) shift ; break ;; *) usage; exit 1 ;; esac @@ -202,8 +215,16 @@ for subgit in $SUBGITS; do echo "git push ${review_remote} ${tag}" with_retries -d 45 -t 15 -k 5 5 git push ${review_remote} ${tag} ${DRY_RUN} else + if [ "${access_token[${remote}]}" != "" ]; then + echo "Trying remote '${remote}' with access token" + git_set_push_url_with_access_token "${remote}" "${access_token[${remote}]}" + if [ $? != 0 ]; then + echo_stderr "ERROR: Failed to set url with access token for remote '${remote}' in ${subgit}" + exit 1 + fi + fi echo "git push ${remote} ${tag}" - with_retries -d 45 -t 15 -k 5 5 git push ${remote} ${tag} ${DRY_RUN} + with_retries -d 45 -t 15 -k 5 2 git push ${remote} ${tag} ${DRY_RUN} fi if [ $? != 0 ] ; then diff --git a/build-tools/git-utils.sh b/build-tools/git-utils.sh index 68319a42..4e22035a 100755 --- a/build-tools/git-utils.sh +++ b/build-tools/git-utils.sh @@ -585,3 +585,16 @@ git_review_remote () { git_remote fi } + +git_set_push_url_with_access_token () { + local remote="$1" + local access_token="$2" + local push_url="" + + # Get url of remote. Insert 'access_token@ into the url + push_url=$(git remote get-url ${remote} | sed "s#://#://${access_token}@#") + if [ $? != 0 ] || [ "$push_url" == "" ] ; then + return 1 + fi + git remote set-url --push ${remote} ${push_url} +}