From b3405be5e89615cb614ce1fa8af7c6a2e459c137 Mon Sep 17 00:00:00 2001
From: Alban Bedel <alban.bedel@aerq.com>
Date: Thu, 21 Apr 2022 13:08:22 +0200
Subject: [PATCH] libcmds: Add support for authentication with gitlab CI

Gitlab CI predefine many variables in its environment, among them the
sever hostname and a token that can be used to authenticate with the
server. If we find these variables in the environment add the
credentials to .netrc which in turn allow git and other tools to
access resources found on the CI server.

Signed-off-by: Alban Bedel <alban.bedel@aerq.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 docs/command-line.rst | 4 ++++
 kas/libcmds.py        | 9 ++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/docs/command-line.rst b/docs/command-line.rst
index 5f3aa18..aea93e2 100644
--- a/docs/command-line.rst
+++ b/docs/command-line.rst
@@ -83,6 +83,10 @@ Environment variables
 | |git_cred|               | Allows to set the git credential helper in the   |
 |                          | `.gitconfig` of the kas user.                    |
 +--------------------------+--------------------------------------------------+
+| ``CI_SERVER_HOST``       | Environment variables from gitlab CI, if set     |
+| ``CI_JOB_TOKEN``         | .netrc is configured to allow fetching from      |
+|                          | the gitlab instance.                             |
++--------------------------+--------------------------------------------------+
 
 .. |aws_cred| replace:: ``AWS_SHARED_CREDENTIALS_FILE``
 .. |git_cred| replace:: ``GIT_CREDENTIAL_HELPER``
diff --git a/kas/libcmds.py b/kas/libcmds.py
index 4a646f3..98507f7 100644
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@@ -170,7 +170,14 @@ class SetupHome(Command):
         with open(self.tmpdirname + '/.wgetrc', 'w') as fds:
             fds.write('\n')
         with open(self.tmpdirname + '/.netrc', 'w') as fds:
-            fds.write('\n')
+            # Configure the gitlab CI authentification token
+            if os.environ.get('CI_SERVER_HOST', False) \
+                    and os.environ.get('CI_JOB_TOKEN', False):
+                fds.write('machine ' + os.environ['CI_SERVER_HOST'] + '\n'
+                          'login gitlab-ci-token\n'
+                          'password ' + os.environ['CI_JOB_TOKEN'] + '\n')
+            else:
+                fds.write('\n')
         with open(self.tmpdirname + '/.gitconfig', 'w') as fds:
             fds.write('[User]\n'
                       '\temail = kas@example.com\n'