141 lines
5.1 KiB
Bash
Executable File
141 lines
5.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Git setup script
|
|
# Sets up user info, email, and credential helpers with Gitea access token
|
|
|
|
set -e
|
|
|
|
echo "Setting up Git configuration..."
|
|
|
|
# Check if required environment variables are set
|
|
if [ -z "$GIT_USER" ]; then
|
|
echo "Error: GIT_USER environment variable is not set"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "$GIT_EMAIL" ]; then
|
|
echo "Error: GIT_EMAIL environment variable is not set"
|
|
exit 1
|
|
fi
|
|
|
|
# Set user name and email from environment variables
|
|
git config --global user.name "$GIT_USER"
|
|
git config --global user.email "$GIT_EMAIL"
|
|
|
|
# Set up credential helper for HTTPS authentication
|
|
git config --global credential.helper store
|
|
|
|
# Check if GITEA_ACCESS_TOKEN is set
|
|
if [ -z "$GITEA_ACCESS_TOKEN" ]; then
|
|
echo "Warning: GITEA_ACCESS_TOKEN environment variable is not set"
|
|
echo "You'll need to set this environment variable for automatic authentication"
|
|
exit 1
|
|
fi
|
|
|
|
# Set up credential store with the access token
|
|
# This assumes your Gitea instance is accessible via HTTPS
|
|
# Adjust the URL pattern to match your Gitea instance
|
|
echo "Setting up credential store..."
|
|
|
|
# Create credentials file if it doesn't exist
|
|
CREDENTIAL_FILE="$HOME/.git-credentials"
|
|
touch "$CREDENTIAL_FILE"
|
|
chmod 600 "$CREDENTIAL_FILE"
|
|
|
|
# Add Gitea credentials (adjust URL to match your Gitea instance)
|
|
# Format: https://username:token@gitea.example.com
|
|
# Using the token as both username and password is common for API tokens
|
|
echo "https://$GITEA_ACCESS_TOKEN:$GITEA_ACCESS_TOKEN@gitea.nym.sh" >> "$CREDENTIAL_FILE"
|
|
|
|
# Additional Git configurations for better experience
|
|
git config --global init.defaultBranch main
|
|
git config --global pull.rebase false
|
|
git config --global push.default simple
|
|
git config --global core.autocrlf input
|
|
|
|
echo "Git configuration completed successfully!"
|
|
echo "User: $(git config --global user.name)"
|
|
echo "Email: $(git config --global user.email)"
|
|
echo "Credential helper: $(git config --global credential.helper)"
|
|
|
|
# Verify setup by testing credential access (optional)
|
|
echo "Git setup complete. Credentials are stored for automatic authentication."
|
|
|
|
# GPG key setup
|
|
echo ""
|
|
echo "Setting up GPG key for commit signing..."
|
|
|
|
if [ -n "$GPG_PRIVATE_KEY" ]; then
|
|
echo "Importing GPG private key from environment variable..."
|
|
|
|
# Import the private key with passphrase if provided
|
|
if [ -n "$GPG_PRIVATE_KEY_PASSPHRASE" ]; then
|
|
echo "Using provided passphrase for key import..."
|
|
echo "$GPG_PRIVATE_KEY" | gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PRIVATE_KEY_PASSPHRASE" --import
|
|
else
|
|
echo "No passphrase provided, importing key..."
|
|
echo "$GPG_PRIVATE_KEY" | gpg --batch --import
|
|
fi
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo "GPG key imported successfully!"
|
|
|
|
# Get the key ID
|
|
KEY_ID=$(gpg --list-secret-keys --keyid-format=long "$GIT_EMAIL" | grep 'sec' | cut -d'/' -f2 | cut -d' ' -f1)
|
|
|
|
if [ -n "$KEY_ID" ]; then
|
|
# Configure Git to use the imported key
|
|
git config --global user.signingkey "$KEY_ID"
|
|
git config --global commit.gpgsign true
|
|
git config --global gpg.program gpg
|
|
|
|
echo "Git configured to use GPG key: $KEY_ID"
|
|
|
|
# Set ultimate trust for the imported key (since it's our own key)
|
|
if [ -n "$GPG_PRIVATE_KEY_PASSPHRASE" ]; then
|
|
echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --pinentry-mode loopback --passphrase "$GPG_PRIVATE_KEY_PASSPHRASE" --edit-key "$KEY_ID" trust quit 2>/dev/null
|
|
else
|
|
echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key "$KEY_ID" trust quit 2>/dev/null
|
|
fi
|
|
|
|
# Configure GPG agent for passphrase caching if passphrase is provided
|
|
if [ -n "$GPG_PRIVATE_KEY_PASSPHRASE" ]; then
|
|
echo "Configuring GPG agent for passphrase caching..."
|
|
mkdir -p ~/.gnupg
|
|
cat > ~/.gnupg/gpg-agent.conf << EOF
|
|
default-cache-ttl 28800
|
|
max-cache-ttl 28800
|
|
pinentry-program /usr/bin/pinentry-curses
|
|
EOF
|
|
# Restart GPG agent
|
|
gpg-connect-agent reloadagent /bye 2>/dev/null || true
|
|
fi
|
|
|
|
echo "GPG key setup complete!"
|
|
else
|
|
echo "Warning: Could not find key ID for $GIT_EMAIL"
|
|
fi
|
|
else
|
|
echo "Error: Failed to import GPG key"
|
|
fi
|
|
else
|
|
echo "GPG_PRIVATE_KEY environment variable not set."
|
|
echo "To generate a new GPG key for commit signing, run:"
|
|
echo "gpg --batch --full-generate-key <<EOF"
|
|
echo "%echo Generating GPG key for $GIT_USER"
|
|
echo "Key-Type: RSA"
|
|
echo "Key-Length: 4096"
|
|
echo "Subkey-Type: RSA"
|
|
echo "Subkey-Length: 4096"
|
|
echo "Name-Real: $GIT_USER"
|
|
echo "Name-Email: $GIT_EMAIL"
|
|
echo "Expire-Date: 2y"
|
|
echo "Passphrase: "
|
|
echo "%commit"
|
|
echo "%echo GPG key generation complete"
|
|
echo "EOF"
|
|
echo ""
|
|
echo "After generating the key, configure Git to use it:"
|
|
echo "git config --global user.signingkey \$(gpg --list-secret-keys --keyid-format=long $GIT_EMAIL | grep 'sec' | cut -d'/' -f2 | cut -d' ' -f1)"
|
|
echo "git config --global commit.gpgsign true"
|
|
fi |