S2i build command pass user name password in Azure Devops pipeline

Question

We are using S2i Build command in our Azure Devops pipeline and using the below command task.

`./s2i build http://azuredevopsrepos:8080/tfs/IT/_git/shoppingcart --ref=S2i registry.access.redhat.com/ubi8/dotnet-31 --copy  shopping-service`

The above command asks for user name and password when the task is executed, How could we provide the username and password of the git repository from the command we are trying to execute ?

score 0 · Answer 1 · answered Sep 09 '22 at 13:23

Git credential information can be put in a file .gitconfig on your home directory.

As I looked at the document*2 for s2i cli, I couldn't find any information for secured git.

I realized that OpenShift BuildConfig uses .gitconfig file while building a container image.*3 So, It could work.

*1: https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage

*2: https://github.com/openshift/source-to-image/blob/master/docs/cli.md#s2i-build

*3: https://docs.openshift.com/container-platform/4.11/cicd/builds/creating-build-inputs.html#builds-gitconfig-file-secured-git_creating-build-inputs

TedEllis · Answer 2 · 2022-09-21T17:12:35.277

I must admit I am unfamiliar with Azure Devops pipelines, however if this is running a build on OpenShift you can create a secret with your credentials using oc.

oc create secret generic azure-git-credentials --from-literal=username=<your-username> --from-literal=password=<PAT> --type=kubernetes.io/basic-auth

Link the secret we created above to the builder service account, this account is the one OpenShift uses by default behind the scenes when running a new build.

oc secrets link builder azure-git-credentials

Lastly, you will want to link this source-secret to the build config.

oc set build-secret --source bc/<your-build-config> azure-git-credentials

Next time you run your build the credentials should be picked up from the source-secret in the build config.

You can also do this from the UI on OpenShift, steps below are a copy of what is done above, choose one but not both.

Create a secret from YAML, modify the below where indicated:

kind: Secret
apiVersion: v1
metadata:
  name: azure-git-credentials
  namespace: <your-namespace>
data:
  password: <base64-encoded-password-or-PAT>
  username: <base64-encoded-username>
type: kubernetes.io/basic-auth

Then under the ServiceAccounts section on OpenShift, find and edit the 'builder' service account.

kind: ServiceAccount
apiVersion: v1
metadata:
  name: builder
  namespace: xxxxxx
secrets:
  - name: azure-git-credentials ### only add this line, do not edit anything else.

And finally, edit your build config for the build finding where the git entry is and adding the source-secret entry:

source:
git:
  uri: "https://github.com/user/app.git"
### Add the entries below ###
sourceSecret:
  name: "azure-git-credentials"

S2i build command pass user name password in Azure Devops pipeline

2 Answers2