Skip to content

PHP-106153: Recursively clone github repo #276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
june-hua merged 4 commits into from
Dec 3, 2025
Merged

PHP-106153: Recursively clone github repo #276

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ccebf11
PHP-106153: Recursively clone repo
june-hua Nov 25, 2025
59afa3b
use subshell
june-hua Dec 3, 2025
ff5c3ab
simplify git command error checking
june-hua Dec 3, 2025
c6d91f7
lint
june-hua Dec 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 40 additions & 35 deletions startupscript/butane/004-git-clone-devcontainer.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,19 @@ fi
source /home/core/service-utils.sh
source /home/core/metadata-utils.sh

# Run a git command with error handling
# Args:
# $1+: Git command and arguments
function run_git_command {
local response

if ! response=$(GIT_TERMINAL_PROMPT=0 "$@" 2>&1); then
set_metadata "startup_script/status" "ERROR"
set_metadata "startup_script/message" "Failed to clone devcontainer GitHub repo. ERROR: ${response}"
return 1
fi
}

# To accommodate the use of SSH URLs for public Git repositories, set the following Git configuration:
# Note: This script is to be run as root on Flatcar Linux. We need to set system config instead of global config because
# the latter requires $HOME to be set and root is $HOME-less.
Expand All @@ -34,16 +47,20 @@ if [[ -d "${LOCAL_REPO}/.git" ]]; then
exit 0
fi

# Remove devcontainer repo on error
trap 'rm -rf ${LOCAL_REPO}' ERR
# Remove git credentials file on exit
GIT_CREDENTIALS_FILE="/tmp/.git-credentials"
trap 'rm -f ${GIT_CREDENTIALS_FILE}' EXIT

PRIVATE_DEVCONTAINER_ENABLED="$(get_metadata_value "private-devcontainer-enabled" "")"
# Replace ssh URL with HTTPS URL
https_url="${REPO_SRC/[email protected]:/https://github.com/}"
# Replace GitHub SSH URL with HTTPS URL
HTTPS_URL="${REPO_SRC/[email protected]:/https://github.com/}"
# Create GitHub API URL
api_url="https://api.github.com/repos/${https_url/https:\/\/github.com\//}"
api_url="${api_url%.git}"
GITHUB_API_URL="https://api.github.com/repos/${HTTPS_URL/https:\/\/github.com\//}"
GITHUB_API_URL="${GITHUB_API_URL%.git}"
# Check if repo is private
private_status=$(curl --retry 5 -s "${api_url}" | jq -r ".status")
private_status=$(curl -s -o /dev/null -w "%{http_code}" "${GITHUB_API_URL}")
if [[ "${PRIVATE_DEVCONTAINER_ENABLED}" == "TRUE" && "${private_status}" == 404 ]]; then
# Get ECM service URL
SERVER="$(get_metadata_value "terra-cli-server" "prod")"
Expand All @@ -70,48 +87,36 @@ if [[ "${PRIVATE_DEVCONTAINER_ENABLED}" == "TRUE" && "${private_status}" == 404
exit 1
fi

token=$(echo "${response}" | head -n1)
# Insert token into url
repo_auth_url=$(echo "${https_url}" | sed "s/:\/\//:\/\/${token}@/")

# Clone the private repo
set +o errexit
response=$(git clone "${repo_auth_url}" "${LOCAL_REPO}" 2>&1)
git_status=$?
set -o errexit
if [[ ${git_status} -ne 0 ]]; then
set_metadata "startup_script/status" "ERROR"
set_metadata "startup_script/message" "Failed to clone the devcontainer GitHub repo. ERROR: ${response}"
exit 1
fi
TOKEN=$(echo "${response}" | head -n1)
USERNAME=$(curl -H "Authorization: Bearer ${TOKEN}" https://api.github.com/user | jq --raw-output ".login")
echo "https://${USERNAME}:${TOKEN}@github.com" > "${GIT_CREDENTIALS_FILE}"
git config --system credential.helper "store --file=${GIT_CREDENTIALS_FILE}"

# re-enable logs
set -o xtrace
else
# GitHub repo is public
set +o errexit
response=$(git clone "${REPO_SRC}" "${LOCAL_REPO}" 2>&1)
git_status=$?
set -o errexit
if [[ ${git_status} -ne 0 ]]; then
set_metadata "startup_script/status" "ERROR"
set_metadata "startup_script/message" "Failed to clone the devcontainer GitHub repo. ERROR: ${response}"
exit 1
fi
fi

# Clone the private or public repo
run_git_command git clone "${HTTPS_URL}" "${LOCAL_REPO}"

if [[ $# -eq 2 ]]; then
readonly GIT_REF="$2"
pushd "${LOCAL_REPO}"
if git show-ref --verify --quiet "refs/heads/${GIT_REF}"; then
# this is a local branch
git switch --detach "${GIT_REF}"
run_git_command git switch --detach "${GIT_REF}"
elif git show-ref --verify --quiet "refs/remotes/origin/${GIT_REF}"; then
# this is a remote branch
git switch --detach "origin/${GIT_REF}"
run_git_command git switch --detach "origin/${GIT_REF}"
else
# this is a commit hash
git switch --detach "${GIT_REF}"
# this is a commit hash or tag
run_git_command git switch --detach "${GIT_REF}"
fi
popd
fi
fi

# Init & update submodules
(
cd "${LOCAL_REPO}"
run_git_command git submodule update --init --recursive
)