Git source

[blampe]

Open questions:

• I'm currently passing auth information via env vars to the workspace init container. Do we want to provide them a different way?
• The current API is allows auth to be specified via literals, env vars or on-disk files but these don't make sense in an agent/server model. I'm inclined to say we should only support secret refs for these fields, but this is technically a breaking change for anyone currently specifying literals/vars/files. Otherwise I think we'll need to mirror the flexible types in the workspace and add some logic to the agent to resolve them at runtime (might need Setup an "in-cluster" kubeconfig within the workspace pod #652?). What do you guys think?

Summary of changes so far:

• Fetch latest git commit using an in-memory object store.
• Agent's init now uses automation API to clone the repo. Seems like a natural place to dogfood.
• Removed code for gitAuthSecret since it was marked deprecated in v1.
• Exposed a "shallow" option to the stack API for controlling shallowness. We don't currently perform shallow clones so this is backwards compatible.

Fixes #655

[codecov]

Codecov Report

Attention: Patch coverage is 70.02967% with 101 lines in your changes missing coverage. Please review.

Project coverage is 26.17%. Comparing base (3f0a0b4) to head (be32ff2).
Report is 1 commits behind head on v2.

Files with missing lines	Patch %	Lines
...r/internal/controller/auto/workspace_controller.go	28.30%	32 Missing and 6 partials ⚠️
...tor/internal/controller/pulumi/stack_controller.go	34.21%	22 Missing and 3 partials ⚠️
agent/cmd/init.go	69.44%	19 Missing and 3 partials ⚠️
operator/internal/controller/pulumi/git.go	90.80%	12 Missing and 4 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##               v2     #658      +/-   ##
==========================================
+ Coverage   20.66%   26.17%   +5.50%     
==========================================
  Files          25       25              
  Lines        3769     3947     +178     
==========================================
+ Hits          779     1033     +254     
+ Misses       2867     2772      -95     
- Partials      123      142      +19     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[EronWright]

Looking great, and thanks for using GIT_ vars.

On the topic of SSH known hosts, what's the minimum we need to do? Keep in mind that the user can customize the pu/pu docker image.

I too encountered the "breaking change" you mentioned, when porting the stack configuration code. The "local file" or "local env variable" reference makes little sense now, and would it be interpreted as a reference to the operator pod or to the workspace pod? I think we should flag it as a migration issue, and eventually add validation logic to reject it.

[EronWright]

Hopefully we can remove this method, and defer resolution of the value to the workspace pod. In other words the operator shouldn't see the resolved value.

[blampe]

Discussed offline - operator needs to resolve these in order to poll the remote for latest commit.

[blampe]

On the topic of SSH known hosts, what's the minimum we need to do? Keep in mind that the user can customize the pu/pu docker image.

I removed this TODO. Instead of accepting whatever the host's key is currently, we should encourage the user to customize the workspace with a custom mount containing the expected keys.

[EronWright]

Odd to see auto imported here. Would have expected the autov1alpha package.
(are these tests obsolete?)