Skip to content

Access private Git repositories using HTTP Basic authentication#127

Open
rdctmeconomou wants to merge 1 commit into
docker-library:masterfrom
ResearchDataCom:http-basic-auth
Open

Access private Git repositories using HTTP Basic authentication#127
rdctmeconomou wants to merge 1 commit into
docker-library:masterfrom
ResearchDataCom:http-basic-auth

Conversation

@rdctmeconomou
Copy link
Copy Markdown

@rdctmeconomou rdctmeconomou commented May 12, 2026

This was adapted from #41.

Unfortunately, work on go-git/go-git#490 and go-git/go-git#491 has been abandoned, so I would like to propose adding HTTP Basic authentication support back into bashbrew. Compared to the original pull request, I corrected the imports, created missing environment variable mappings (BASHBREW_GIT_USERNAME and BASHBREW_GIT_PASSWORD), and patched code added since the original pull request.

You can test this locally by setting BASHBREW_GIT_USERNAME to your GitHub username and BASHBREW_GIT_PASSWORD to an access token, e.g., the output of the gh auth token command. I recommend against specifying any password/token on the command line given how visible that is to other unprivileged processes or to attackers with access to one's shell history.

To test these changes in a GitHub Actions workflow:

  1. Create a private GitHub repository containing a copy of docker-library/hello-world.
  2. Register an app in the organization, disable webhook functionality, and grant read-only repository permissions for “Contents”. After completing app registration, generate a private key and install the app in the organization, giving it access to the private repository created in step 1.
  3. Create a private GitHub repository containing a copy of the file library/hello-world from the Docker Official Images library, changing GitRepo to that of the private repository created in step 1, and .github/workflows/ci.yaml (attached), altering the bashbrew fork reference on line 42 as needed. In the GitHub Actions configuration of the second repository, set the variable PRIVATE_REPOSITORY_ACCESS_APP_ID to the ID of the app created in step 2 and the secret PRIVATE_REPOSITORY_ACCESS_KEY to the app's private key.

When the workflow runs, you should see in the output something similar to the following:

+ bashbrew cat ./library/hello-world
Maintainers: Tianon Gravi <admwiggin@gmail.com> (@tianon), Joseph Ferguson <yosifkit@gmail.com> (@yosifkit)
GitRepo: https://github.com/ResearchDataCom/hello-world.git
GitCommit: 0b0efba82b82ace81ab2fb42d25116f9488e6cb4

Note the private repository listed on the third line.

(The reference to the de-vri-es/setup-git-credentials action is unnecessary and only included to show the more customary Git credential store configuration.)

@rdctmeconomou
Copy link
Copy Markdown
Author

rdctmeconomou commented May 12, 2026

@Mazgis47, I would be grateful for your review, as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tianon tianon Awaiting requested review from tianon tianon is a code owner

@yosifkit yosifkit Awaiting requested review from yosifkit yosifkit is a code owner

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rdctmeconomou