Pass Netrc to normal steps with clone image

[anbraten]

Instead of having a separate clone steps list we could simply pass netrc to normal steps with a trusted clone image. This way a user could re-use the clone / git image in the middle of his pipeline and we could consider dropping the extra clone section just leaving the skip_clone keyword

woodpecker/pipeline/frontend/yaml/compiler/compiler.go

Line 162 in f2c33a0

for i, container := range conf.Clone.ContainerList {

- clone:
-    image: woodpeckerci/plugin-git:2.0.3
steps:
  debug:
    image: busybox
    commands:
      - echo something important
+  clone:
+    image: woodpeckerci/plugin-git:2.0.3
  build:
    # ...

[6543]

this will break the auto detection if a default clone should be added, and I'm not aware of a better impl, option

[anbraten]

Couldn't we always add a clone step and if a user wants to customize it he has to set skip_clone: true?

[6543]

Well that would work ... I'm personaly in fafour of keeping it seperated, i dont see any upside in merging it. I would rather make an option to expizite insert netrc and make like a secret

[6543]

I realy wont want to see that people just let inject there netrc into anything ...

They mostly are aware if they create a token, what the impakt is if it got stolen

But tell me how many pople know how netrc works and what an attacker can do with it if it gets extracted

[anbraten]

My suggestion is to just inject it into the clone plugin (so a step with the image=clone and no commands) not into normal steps.

[6543]

also clone would not run before services anymore ... so if services do depend on it ... they will fail and would have to add there own clone

[anbraten]

No, the normal clone would normally still be there. Its just about passing the Netrc to the clone plugin in the step list. This way I can clone other branches and tags later again. I might just open the PR to make it clear to you.

[6543]

☝️ ok :)

[lonix1]

My use case, originally asked on discord:

Is it possible to move the clone step into the pipeline itself? I tried various ways and syntax, e.g.

#clone      # <-----
steps:
  clone:    # <-----
    git:
      image: woodpeckerci/plugin-git:2.0.3
  build:
    # ...

Someone will ask "why?"... Because 1) it's more understandable, and 2) more importantly, so I can include a "debug" step as the first in the pipeline:

steps:
  debug:                                      # <-----
    image: busybox
    commands:
      - echo '$${CI_REPO_OWNER} = '"${CI_REPO_OWNER}"
      - echo something important
      - echo something else
      - echo something else
      - echo etc...
  clone:
    git:
      image: woodpeckerci/plugin-git:2.0.3
  build:
    # ...