Add flag to always authenticate when cloning public repositories (#760)

As a developer using an custom git server (e.g. Github Enterprise) I would like to be able to authenticate the user on repositories which are marked as public. See issue: https://github.com/woodpecker-ci/woodpecker/issues/473 Ref: https://github.com/woodpecker-ci/woodpecker/pull/693#issuecomment-1025771162
2024-05-20 17:28:51 +00:00 · 2022-02-08 11:55:08 -05:00 · 2022-02-08 11:55:08 -05:00 · f16525fae5
parent 8ce41788e8
commit f16525fae5
5 changed files with 19 additions and 5 deletions
--- a/cmd/server/flags.go
+++ b/cmd/server/flags.go
@ -91,6 +91,11 @@ var flags = []cli.Flag{
 		Name:    "open",
 		Usage:   "enable open user registration",
 	},
+	&cli.BoolFlag{
+		EnvVars: []string{"WOODPECKER_AUTHENTICATE_PUBLIC_REPOS"},
+		Name:    "authenticate-public-repos",
+		Usage:   "Always use authentication to clone repositories even if they are public. Needed if the SCM requires to always authenticate as used by many companies.",
+	},
 	&cli.StringFlag{
 		EnvVars: []string{"WOODPECKER_DOCS"},
 		Name:    "docs",
--- a/cmd/server/server.go
+++ b/cmd/server/server.go
@ -271,6 +271,9 @@ func setupEvilGlobals(c *cli.Context, v store.Store, r remote.Remote) {
 		server.Config.Services.Senders = sender.NewRemote(endpoint)
 	}

+	// authentication
+	server.Config.Pipeline.AuthenticatePublicRepos = c.Bool("authenticate-public-repos")
+
 	// limits
 	server.Config.Pipeline.Limits.MemSwapLimit = c.Int64("limit-mem-swap")
 	server.Config.Pipeline.Limits.MemLimit = c.Int64("limit-mem")
--- a/docs/docs/30-administration/10-server-config.md
+++ b/docs/docs/30-administration/10-server-config.md
@ -159,6 +159,11 @@ Enable to allow user registration.

 Link to documentation in the UI.

+### `WOODPECKER_AUTHENTICATE_PUBLIC_REPOS`
+> Default: `false`
+
+Always use authentication to clone repositories even if they are public. Needed if the SCM requires to always authenticate as used by many companies.
+
 ### `WOODPECKER_SESSION_EXPIRES`
 > Default: `72h`

--- a/server/config.go
+++ b/server/config.go
@ -66,10 +66,11 @@ var Config = struct {
 		AuthToken string
 	}
 	Pipeline struct {
-		Limits     model.ResourceLimit
-		Volumes    []string
-		Networks   []string
-		Privileged []string
+		AuthenticatePublicRepos bool
+		Limits                  model.ResourceLimit
+		Volumes                 []string
+		Networks                []string
+		Privileged              []string
 	}
 	FlatPermissions bool // TODO(485) temporary workaround to not hit api rate limits
 }{}
--- a/server/shared/procBuilder.go
+++ b/server/shared/procBuilder.go
@ -244,7 +244,7 @@ func (b *ProcBuilder) toInternalRepresentation(parsed *yaml.Config, environ map[
 				b.Netrc.Password,
 				b.Netrc.Machine,
 			),
-			b.Repo.IsSCMPrivate,
+			b.Repo.IsSCMPrivate || server.Config.Pipeline.AuthenticatePublicRepos,
 		),
 		compiler.WithRegistry(registries...),
 		compiler.WithSecret(secrets...),