chore: rework credential

2025-04-07 11:58:23 +02:00 · 2025-04-07 11:58:23 +02:00 · fe98ca754a
commit fe98ca754a
parent 193fdb5d99
2 changed files with 10 additions and 4 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -24,7 +24,7 @@ steps:
    - mkdir /build
    - chown -R build:build . /build
    - sudo -u build --preserve-env=PGP_KEY,PGP_PWD,PGP_ID sh -c 'mkdir ~/.gnupg && echo -e "default-cache-ttl 3600\nallow-preset-passphrase" > ~/.gnupg/gpg-agent.conf && echo "$PGP_KEY" | gpg --import --no-tty --batch --yes && echo "$PGP_PWD" | /usr/lib/gnupg/gpg-preset-passphrase --preset $PGP_ID'
-    - sudo -u build --preserve-env=CI_REPO_CLONE_URL,CI_COMMIT_BRANCH,CI_PREV_COMMIT_SHA,GIT_USER,GIT_TOKEN,BUILD_DIR,REPO_DIR,GIT_USER_NAME,GIT_USER_EMAIL sh -c './build.sh'
+    - sudo -u build --preserve-env=CI_FORGE_URL,CI_REPO_CLONE_URL,CI_COMMIT_BRANCH,CI_PREV_COMMIT_SHA,GIT_USER,GIT_TOKEN,BUILD_DIR,REPO_DIR,GIT_USER_NAME,GIT_USER_EMAIL sh -c './build.sh'
    environment:
      PGP_ID:
        from_secret: pgp_id
--- a/build.sh
+++ b/build.sh
@ -3,7 +3,7 @@
 set -euo pipefail

 # Constants
-readonly REQUIRED_ENV_VARS=(BUILD_DIR REPO_DIR GIT_USER_EMAIL GIT_USER_NAME CI_REPO_CLONE_URL GIT_USER GIT_TOKEN)
+readonly REQUIRED_ENV_VARS=(BUILD_DIR REPO_DIR GIT_USER_EMAIL GIT_USER_NAME CI_FORGE_URL CI_REPO_CLONE_URL GIT_USER GIT_TOKEN)
 readonly REQUIRED_COMMANDS=(makepkg repo-add git pacman)

 # Colors for logging
@ -199,8 +199,14 @@ setup_git() {
  git config --global user.name "${GIT_USER_NAME}"
  git config --global init.defaultBranch master
  git remote set-url origin "${CI_REPO_CLONE_URL}"
-  # shellcheck disable=SC2016
-  git config credential.helper '!f() { sleep 1; echo "username=${GIT_USER}"; echo "password=${GIT_TOKEN}"; }; f'
+
+  local forge_url="${CI_FORGE_URL#https://}"
+  cat > "${HOME}/.netrc" <<EOF
+machine ${forge_url}
+login ${GIT_USER}
+password ${GIT_TOKEN}
+EOF
+  chmod 600 "${HOME}/.netrc"
 }

 process_aur_packages() {