title | date | uuid | slug | draft | description | tags |
---|---|---|---|---|---|---|
Load Go modules from private repos |
2024-06-28 14:10:21 +0300 |
20240628141021 |
load-go-modules-from-private-repos |
false |
By default go get
uses HTTPS. In a continuous deployment scenario, specially if you have 2FA enabled with your Git provider, you will need to generate a PAT (Personal Access Token) in order to use HTTPS without a prompt, or use SSH instead of HTTPS.
If you're deploying with Netlify and have continuous deployment, you will likely use PAT instead of SSH.
- Generate an access token from Github settings. It should have read access to your code
add_github_token() {
# Add a PAT so that Go can fetch modules from private repos
GITHUB_USERNAME=""
GITHUB_PAT=""
FILE=${HOME}/.netrc
if [ ! -f ${FILE} ]; then
log "Creating file: ${FILE}"
touch ${FILE}
fi
echo -e >> "machine github.com login ${GITHUB_USERNAME} password ${GITHUB_PAT}"
}
add_github_token
- Save the PAT as an environment variable in Netlify
The value for $HOME
in Netlify build context is /opt/buildhome/
. If you create a file at $HOME/.netrc
it will end up at the location /opt/buildhome/.netrc
, and not ~/.netrc
or /home/FOO/.netrc
as you would normally expect
You can set git config --global
inside a Netlify build script. To access a private repo, you can pass your credentials as part of the repo URL. Git repo URLs with credentials look like this:
https://<TOKEN>@github.com/<REPO_OWNER>/<REPO_NAME>
https://<USERNAME>:<TOKEN>@github.com/<REPO_PATH>
https://<USERNAME>:<TOKEN>@<SELF_HOSTED_GITLAB_SERVER>/<PATH_TO_REPO>.git
You'll replace the values for TOKEN, USERNAME, REPO_NAME, REPO_PATH etc. and the use the final URL to set git config with a insteadOf
directive. The config command will look like this:
git config --global --add url.https://${USERNAME}:${TOKEN}@github.com/.insteadof https://github.com/
# or a more specific
git config --global --add url."https://${USERNAME}:${TOKEN}@github.com/${REPO_PATH}".insteadOf "https://github.com/${REPO_PATH}"
Note: Both insteadOf
and insteadof
(with lowercase 'o') work. Quoting the strings is optional but recommended.
# netlify.toml
[build]
command = "./netlify_build.sh"
# netlify_build.sh
settings_for_private_go_modules() {
REPO_PATH="blah_username/blah_repo"
# REPO_PATH is a Go module inside a private repo
# GITHUB_PAT is a Personal Access Token, set as Netlify env var, that has read access for that repo
# token will expire after the validity period
git config --global --add url."https://${GITHUB_USERNAME}:${GITHUB_PAT}@github.com/${REPO_PATH}".insteadOf "https://github.com/${REPO_PATH}"
}
settings_for_private_go_modules
Whether you clone a repo over HTTPS or SSH is determined by the repo URL.
# HTTPS
https://github.com/USER/BLAH.git
# SSH
[email protected]:USER/BLAH.git
In order to force Git to always get the repos over SSH, we can use the insteadOf
directive in our (global) git config.
# Force all URL to be SSH
git config --global --add url."[email protected]:".insteadOf "https://github.com/"
It will add code that looks like this to your ~/.gitconfig
[url "[email protected]:"]
insteadOf = https://github.com/
You should also set the GOPRIVATE
variable (go 1.13 onwards)
The new GOPRIVATE environment variable indicates module paths that are not publicly available. It serves as the default value for the lower-level GONOPROXY and GONOSUMDB variables, which provide finer-grained control over which modules are fetched via proxy and verified using the checksum database. ref
go env -w GOPRIVATE=github.com/{ORG_NAME/USER_NAME}/*
OR Add this to your ~/.bashrc
export GOPRIVATE="github.com/{ORG_NAME/USER_NAME}/*"
Multiple links can be provided as a comma separated list
export GOPRIVATE="gitlab.com/FOO,bitbucket.org/FOO,github.com/FOO"
You can verify your changes with go env