git

package
v1.149.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2026 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	MaxEntriesChannelSize     = 100000
	ValidationParallelisation = 32
)

Functions

func CheckAccess added in v1.148.0 

func CheckAccess(ctx context.Context, gitOptions *GitActionConfig) error

CheckAccess verifies that the repository at gitOptions.URL is reachable and that the credentials in gitOptions authenticate successfully, without performing a clone. It does so by listing remote references, which requires only network access and valid auth.

func CloneWithLimits 

func CloneWithLimits(ctx context.Context, dir string, limits ILimits, gitOptions *GitActionConfig) (err error)

CloneWithLimits clones a repository with limits on the max tree depth, the max repository size, the max file count, the max individual file size, and the max entries

Types

type CloneObject 

type CloneObject struct {
	// contains filtered or unexported fields
}

func NewCloneObject 

func NewCloneObject() *CloneObject

func (*CloneObject) Checkout 

func (c *CloneObject) Checkout(gitOptions *GitActionConfig) (err error)

func (*CloneObject) Clone 

func (c *CloneObject) Clone(ctx context.Context, path string, cfg *GitActionConfig) (err error)

Clone without checkout or validation

func (*CloneObject) SetupLimits 

func (c *CloneObject) SetupLimits(cfg ILimits) (err error)

func (*CloneObject) ValidateRepository 

func (c *CloneObject) ValidateRepository(ctx context.Context) (err error)

After cloning without checkout, valdiate the repository to check for git bombs

type Entry 

type Entry struct {
	TreeEntry object.TreeEntry
	TreeDepth int64
	Seen      string
}

type GitActionConfig 

type GitActionConfig struct {
	// The (possibly remote) repository URL to clone from.
	URL string `mapstructure:"url"`
	// Auth credentials, if required, to use with the remote repository (HTTP/HTTPS).
	// Mutually exclusive with SSH.
	Auth http.BasicAuth `mapstructure:"auth"`
	// SSH holds SSH-specific authentication configuration.
	// Takes precedence over Auth when configured.
	SSH SSHAuthConfig `mapstructure:"ssh"`
	// Limit fetching to the specified number of commits.
	Depth int `mapstructure:"depth"`
	// Regerence can be a hash, a branch, or a tag
	Reference string `mapstructure:"ref"`
	// RecurseSubmodules after the clone is created, initialise all submodules
	// within, using their default settings. This option is ignored if the
	// cloned repository does not have a worktree.
	RecurseSubmodules bool `mapstructure:"recursive_submodules"`
	// Tags describe how the tags will be fetched from the remote repository,
	// by default is AllTags.
	Tags git.TagMode `mapstructure:"tags"`
	// CreateBranch a new branch named Branch and start it at Hash.
	CreateBranch bool `mapstructure:"create_branch"`
	// No checkout of HEAD after clone if true.
	NoCheckout bool
}

GitActionConfig describes how a clone or checkout should be performed.

func NewGitActionConfig 

func NewGitActionConfig(url string) GitActionConfig

func NewSSHAgentGitActionConfig added in v1.148.0 

func NewSSHAgentGitActionConfig(url string) GitActionConfig

NewSSHAgentGitActionConfig creates a GitActionConfig pre-populated for SSH agent authentication.

func NewSSHGitActionConfig added in v1.148.0 

func NewSSHGitActionConfig(url, privateKeyPath, privateKeyPassword, knownHostsFile string) GitActionConfig

NewSSHGitActionConfig creates a GitActionConfig pre-populated for SSH authentication using a private key file. Pass an empty knownHostsFile to use the system default known_hosts.

func (*GitActionConfig) GetAuth 

func (c *GitActionConfig) GetAuth() transport.AuthMethod

GetAuth returns the HTTP basic-auth credentials as a transport.AuthMethod. For SSH-based authentication use GetSSHAuth or ResolveAuth.

func (*GitActionConfig) GetCreate 

func (c *GitActionConfig) GetCreate() bool

func (*GitActionConfig) GetDepth 

func (c *GitActionConfig) GetDepth() int

func (*GitActionConfig) GetNoCheckout 

func (c *GitActionConfig) GetNoCheckout() bool

func (*GitActionConfig) GetRecursiveSubModules 

func (c *GitActionConfig) GetRecursiveSubModules() bool

func (*GitActionConfig) GetReference added in v1.17.1 

func (c *GitActionConfig) GetReference() string

func (*GitActionConfig) GetSSHAuth added in v1.148.0 

func (c *GitActionConfig) GetSSHAuth() (transport.AuthMethod, error)

GetSSHAuth returns an SSH transport.AuthMethod built from the SSH field. Returns (nil, nil) when no SSH configuration is present.

func (*GitActionConfig) GetTags 

func (c *GitActionConfig) GetTags() git.TagMode

func (*GitActionConfig) GetURL 

func (c *GitActionConfig) GetURL() string

func (*GitActionConfig) ResolveAuth added in v1.148.0 

func (c *GitActionConfig) ResolveAuth() (transport.AuthMethod, error)

ResolveAuth returns the appropriate transport.AuthMethod for this config. SSH auth takes precedence when the SSH field is populated; otherwise HTTP basic auth is returned (nil when no credentials are set).

func (*GitActionConfig) Validate 

func (c *GitActionConfig) Validate() error

type IGitActionConfig 

type IGitActionConfig interface {
	config.IServiceConfiguration
	GetUrl() string
	// GetAuth returns the HTTP basic-auth transport.AuthMethod.
	GetAuth() transport.AuthMethod
	// GetSSHAuth returns the SSH transport.AuthMethod, or (nil, nil) when SSH is not configured.
	GetSSHAuth() (transport.AuthMethod, error)
	// ResolveAuth returns whichever auth method is appropriate (SSH takes precedence over HTTP).
	ResolveAuth() (transport.AuthMethod, error)
	GetDepth() int
	GetReference() string
	GetRecursiveSubModules() git.SubmoduleRescursivity
	GetTags() git.TagMode
	GetCreate() bool
	GetNoCheckout() bool
}

type ILimits 

type ILimits interface {
	config.IServiceConfiguration
	// Apply states whether the limit should be applied
	Apply() bool
	// GetMaxFileSize returns the maximum size in byte a file can have on a file system
	GetMaxFileSize() int64
	// GetMaxTotalSize returns the maximum size in byte a location can have on a file system (whether it is a file or a folder)
	GetMaxTotalSize() int64
	// GetMaxFileCount returns the maximum number of files allowed in a reposittory
	GetMaxFileCount() int64
	// GetMaxTreeDepth returns the maximum tree depth for a repository
	GetMaxTreeDepth() int64
	// GetMaxEntries returns the maximum total entries allowed in the it repo
	GetMaxEntries() int64
	// GetMaxTrueSize returns the maximum true size of the repo based on blobs
	GetMaxTrueSize() int64
}

ILimits defines general GitLimits for actions performed during a git clone

func DefaultLimits 

func DefaultLimits() ILimits

DefaultLimits defines default file system FileSystemLimits

func NewLimits 

func NewLimits(maxFileSize, maxTotalSize, maxFileCount, maxTreeDepth, maxEntries, maxTrueSize int64) ILimits

NewLimits defines file system FileSystemLimits.

func NoLimits 

func NoLimits() ILimits

NoLimits defines no file system FileSystemLimits

type Limits 

type Limits struct {
	MaxFileSize  int64 `mapstructure:"max_file_size"`
	MaxTotalSize int64 `mapstructure:"max_total_size"`
	MaxFileCount int64 `mapstructure:"max_file_count"`
	MaxTreeDepth int64 `mapstructure:"max_tree_depth"`
	MaxEntries   int64 `mapstructure:"max_entries"`
	MaxTrueSize  int64 `mapstructure:"max_true_size"`
}

Limits defines file system limits

func (*Limits) Apply 

func (l *Limits) Apply() bool

func (*Limits) GetMaxEntries 

func (l *Limits) GetMaxEntries() int64

func (*Limits) GetMaxFileCount 

func (l *Limits) GetMaxFileCount() int64

func (*Limits) GetMaxFileSize 

func (l *Limits) GetMaxFileSize() int64

func (*Limits) GetMaxTotalSize 

func (l *Limits) GetMaxTotalSize() int64

func (*Limits) GetMaxTreeDepth 

func (l *Limits) GetMaxTreeDepth() int64

func (*Limits) GetMaxTrueSize added in v1.20.0 

func (l *Limits) GetMaxTrueSize() int64

func (*Limits) Validate 

func (l *Limits) Validate() error

type SSHAuthConfig added in v1.148.0 

type SSHAuthConfig struct {
	// PrivateKeyPath is the path to the PEM-encoded SSH private key file.
	// Required when UseAgent is false.
	PrivateKeyPath string `mapstructure:"private_key_path"`
	// PrivateKeyPassword is an optional passphrase protecting the private key.
	PrivateKeyPassword string `mapstructure:"private_key_password"`
	// KnownHostsFile is a path to a known_hosts file used for host key
	// verification. When empty, the system default (~/.ssh/known_hosts) is
	// used unless UseInsecureHostKey is true.
	KnownHostsFile string `mapstructure:"known_hosts_file"`
	// UseInsecureHostKey disables host key verification.
	// WARNING: this makes the connection vulnerable to MITM attacks.
	UseInsecureHostKey bool `mapstructure:"insecure_ignore_host_key"`
	// UseAgent authenticates via the running SSH agent instead of a key file.
	UseAgent bool `mapstructure:"use_agent"`
	// Username is the SSH user. Defaults to "git" when empty.
	Username string `mapstructure:"username"`
}

SSHAuthConfig holds SSH-specific authentication configuration. It is mutually exclusive with the HTTP basic auth (Auth field).

func (*SSHAuthConfig) ToAuthMethod added in v1.148.0 

func (s *SSHAuthConfig) ToAuthMethod() (transport.AuthMethod, error)

ToAuthMethod builds the go-git transport.AuthMethod for the SSH config.

func (*SSHAuthConfig) Validate added in v1.148.0 

func (s *SSHAuthConfig) Validate() error

Validate validates the SSHAuthConfig using ozzo-validation rules.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.