From 09786ee6e05875c44aacd75fcbb130aa4e71196d Mon Sep 17 00:00:00 2001 From: "jason.woltje" Date: Tue, 24 Feb 2026 22:11:44 +0000 Subject: [PATCH] fix: use Mosaic credential loader for Gitea API token resolution (#7) --- tools/git/ci-queue-wait.sh | 36 +------------------ tools/git/detect-platform.sh | 69 ++++++++++++++++++++++++++++++++++++ tools/git/issue-create.sh | 35 +----------------- tools/git/issue-view.sh | 35 +----------------- tools/git/pr-ci-wait.sh | 36 +------------------ tools/git/pr-diff.sh | 7 ++-- tools/git/pr-metadata.sh | 7 ++-- 7 files changed, 79 insertions(+), 146 deletions(-) diff --git a/tools/git/ci-queue-wait.sh b/tools/git/ci-queue-wait.sh index e6ea7c9..c75de5d 100755 --- a/tools/git/ci-queue-wait.sh +++ b/tools/git/ci-queue-wait.sh @@ -31,41 +31,7 @@ Examples: EOF } -get_remote_host() { - local remote_url - remote_url=$(git remote get-url origin 2>/dev/null || true) - if [[ -z "$remote_url" ]]; then - return 1 - fi - if [[ "$remote_url" =~ ^https?://([^/]+)/ ]]; then - echo "${BASH_REMATCH[1]}" - return 0 - fi - if [[ "$remote_url" =~ ^git@([^:]+): ]]; then - echo "${BASH_REMATCH[1]}" - return 0 - fi - return 1 -} - -get_gitea_token() { - local host="$1" - if [[ -n "${GITEA_TOKEN:-}" ]]; then - echo "$GITEA_TOKEN" - return 0 - fi - - local creds="$HOME/.git-credentials" - if [[ -f "$creds" ]]; then - local token - token=$(grep -F "$host" "$creds" 2>/dev/null | sed -n 's#https\?://[^@]*:\([^@/]*\)@.*#\1#p' | head -n 1) - if [[ -n "$token" ]]; then - echo "$token" - return 0 - fi - fi - return 1 -} +# get_remote_host and get_gitea_token are provided by detect-platform.sh get_state_from_status_json() { python3 - <<'PY' diff --git a/tools/git/detect-platform.sh b/tools/git/detect-platform.sh index 874f22e..c53e0af 100755 --- a/tools/git/detect-platform.sh +++ b/tools/git/detect-platform.sh @@ -74,6 +74,75 @@ get_repo_name() { echo "${repo_info##*/}" } +get_remote_host() { + local remote_url + remote_url=$(git remote get-url origin 2>/dev/null || true) + if [[ -z "$remote_url" ]]; then + return 1 + fi + if [[ "$remote_url" =~ ^https?://([^/]+)/ ]]; then + echo "${BASH_REMATCH[1]}" + return 0 + fi + if [[ "$remote_url" =~ ^git@([^:]+): ]]; then + echo "${BASH_REMATCH[1]}" + return 0 + fi + return 1 +} + +# Resolve a Gitea API token for the given host. +# Priority: Mosaic credential loader → GITEA_TOKEN env → ~/.git-credentials +get_gitea_token() { + local host="$1" + local script_dir + script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + local cred_loader="$script_dir/../_lib/credentials.sh" + + # 1. Mosaic credential loader (host → service mapping, run in subshell to avoid polluting env) + if [[ -f "$cred_loader" ]]; then + local token + token=$( + source "$cred_loader" + case "$host" in + git.mosaicstack.dev) load_credentials gitea-mosaicstack 2>/dev/null ;; + git.uscllc.com) load_credentials gitea-usc 2>/dev/null ;; + *) + for svc in gitea-mosaicstack gitea-usc; do + load_credentials "$svc" 2>/dev/null || continue + [[ "${GITEA_URL:-}" == *"$host"* ]] && break + unset GITEA_TOKEN GITEA_URL + done + ;; + esac + echo "${GITEA_TOKEN:-}" + ) + if [[ -n "$token" ]]; then + echo "$token" + return 0 + fi + fi + + # 2. GITEA_TOKEN env var (may be set by caller) + if [[ -n "${GITEA_TOKEN:-}" ]]; then + echo "$GITEA_TOKEN" + return 0 + fi + + # 3. ~/.git-credentials file + local creds="$HOME/.git-credentials" + if [[ -f "$creds" ]]; then + local token + token=$(grep -F "$host" "$creds" 2>/dev/null | sed -n 's#https\?://[^@]*:\([^@/]*\)@.*#\1#p' | head -n 1) + if [[ -n "$token" ]]; then + echo "$token" + return 0 + fi + fi + + return 1 +} + # If script is run directly (not sourced), output the platform if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then detect_platform diff --git a/tools/git/issue-create.sh b/tools/git/issue-create.sh index f976302..c658506 100755 --- a/tools/git/issue-create.sh +++ b/tools/git/issue-create.sh @@ -13,40 +13,7 @@ BODY="" LABELS="" MILESTONE="" -get_remote_host() { - local remote_url - remote_url=$(git remote get-url origin 2>/dev/null || true) - if [[ -z "$remote_url" ]]; then - return 1 - fi - if [[ "$remote_url" =~ ^https?://([^/]+)/ ]]; then - echo "${BASH_REMATCH[1]}" - return 0 - fi - if [[ "$remote_url" =~ ^git@([^:]+): ]]; then - echo "${BASH_REMATCH[1]}" - return 0 - fi - return 1 -} - -get_gitea_token() { - local host="$1" - if [[ -n "${GITEA_TOKEN:-}" ]]; then - echo "$GITEA_TOKEN" - return 0 - fi - local creds="$HOME/.git-credentials" - if [[ -f "$creds" ]]; then - local token - token=$(grep -F "$host" "$creds" 2>/dev/null | sed -n 's#https\?://[^@]*:\([^@/]*\)@.*#\1#p' | head -n 1) - if [[ -n "$token" ]]; then - echo "$token" - return 0 - fi - fi - return 1 -} +# get_remote_host and get_gitea_token are provided by detect-platform.sh gitea_issue_create_api() { local host repo token url payload diff --git a/tools/git/issue-view.sh b/tools/git/issue-view.sh index 57d08f4..419107d 100755 --- a/tools/git/issue-view.sh +++ b/tools/git/issue-view.sh @@ -10,40 +10,7 @@ source "$SCRIPT_DIR/detect-platform.sh" # Parse arguments ISSUE_NUMBER="" -get_remote_host() { - local remote_url - remote_url=$(git remote get-url origin 2>/dev/null || true) - if [[ -z "$remote_url" ]]; then - return 1 - fi - if [[ "$remote_url" =~ ^https?://([^/]+)/ ]]; then - echo "${BASH_REMATCH[1]}" - return 0 - fi - if [[ "$remote_url" =~ ^git@([^:]+): ]]; then - echo "${BASH_REMATCH[1]}" - return 0 - fi - return 1 -} - -get_gitea_token() { - local host="$1" - if [[ -n "${GITEA_TOKEN:-}" ]]; then - echo "$GITEA_TOKEN" - return 0 - fi - local creds="$HOME/.git-credentials" - if [[ -f "$creds" ]]; then - local token - token=$(grep -F "$host" "$creds" 2>/dev/null | sed -n 's#https\?://[^@]*:\([^@/]*\)@.*#\1#p' | head -n 1) - if [[ -n "$token" ]]; then - echo "$token" - return 0 - fi - fi - return 1 -} +# get_remote_host and get_gitea_token are provided by detect-platform.sh gitea_issue_view_api() { local host repo token url diff --git a/tools/git/pr-ci-wait.sh b/tools/git/pr-ci-wait.sh index 38e9162..4844a21 100755 --- a/tools/git/pr-ci-wait.sh +++ b/tools/git/pr-ci-wait.sh @@ -27,41 +27,7 @@ Examples: EOF } -get_remote_host() { - local remote_url - remote_url=$(git remote get-url origin 2>/dev/null || true) - if [[ -z "$remote_url" ]]; then - return 1 - fi - if [[ "$remote_url" =~ ^https?://([^/]+)/ ]]; then - echo "${BASH_REMATCH[1]}" - return 0 - fi - if [[ "$remote_url" =~ ^git@([^:]+): ]]; then - echo "${BASH_REMATCH[1]}" - return 0 - fi - return 1 -} - -get_gitea_token() { - local host="$1" - if [[ -n "${GITEA_TOKEN:-}" ]]; then - echo "$GITEA_TOKEN" - return 0 - fi - - local creds="$HOME/.git-credentials" - if [[ -f "$creds" ]]; then - local token - token=$(grep -F "$host" "$creds" 2>/dev/null | sed -n 's#https\?://[^@]*:\([^@/]*\)@.*#\1#p' | head -n 1) - if [[ -n "$token" ]]; then - echo "$token" - return 0 - fi - fi - return 1 -} +# get_remote_host and get_gitea_token are provided by detect-platform.sh extract_state_from_status_json() { python3 - <<'PY' diff --git a/tools/git/pr-diff.sh b/tools/git/pr-diff.sh index 74c0294..0fdafd6 100755 --- a/tools/git/pr-diff.sh +++ b/tools/git/pr-diff.sh @@ -68,11 +68,10 @@ elif [[ "$PLATFORM" == "gitea" ]]; then DIFF_URL="https://${HOST}/api/v1/repos/${OWNER}/${REPO}/pulls/${PR_NUMBER}.diff" - # Use tea's auth token if available - TEA_TOKEN=$(tea login list 2>/dev/null | grep "$HOST" | awk '{print $NF}' || true) + GITEA_API_TOKEN=$(get_gitea_token "$HOST" || true) - if [[ -n "$TEA_TOKEN" ]]; then - DIFF_CONTENT=$(curl -sS -H "Authorization: token $TEA_TOKEN" "$DIFF_URL") + if [[ -n "$GITEA_API_TOKEN" ]]; then + DIFF_CONTENT=$(curl -sS -H "Authorization: token $GITEA_API_TOKEN" "$DIFF_URL") else DIFF_CONTENT=$(curl -sS "$DIFF_URL") fi diff --git a/tools/git/pr-metadata.sh b/tools/git/pr-metadata.sh index 420ec46..82344a9 100755 --- a/tools/git/pr-metadata.sh +++ b/tools/git/pr-metadata.sh @@ -69,11 +69,10 @@ elif [[ "$PLATFORM" == "gitea" ]]; then API_URL="https://${HOST}/api/v1/repos/${OWNER}/${REPO}/pulls/${PR_NUMBER}" - # Use tea's auth token if available - TEA_TOKEN=$(tea login list 2>/dev/null | grep "$HOST" | awk '{print $NF}' || true) + GITEA_API_TOKEN=$(get_gitea_token "$HOST" || true) - if [[ -n "$TEA_TOKEN" ]]; then - RAW=$(curl -sS -H "Authorization: token $TEA_TOKEN" "$API_URL") + if [[ -n "$GITEA_API_TOKEN" ]]; then + RAW=$(curl -sS -H "Authorization: token $GITEA_API_TOKEN" "$API_URL") else RAW=$(curl -sS "$API_URL") fi