Skip to content

[5294] Git Integration in a DevOps Pipeline#7435

Merged
n-lark merged 13 commits into
mainfrom
5294-generic-git
Jun 29, 2026
Merged

[5294] Git Integration in a DevOps Pipeline#7435
n-lark merged 13 commits into
mainfrom
5294-generic-git

Conversation

@n-lark

@n-lark n-lark commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Description

Adds a generic "Other" Git provider. push/pull snapshots to any HTTPS git server (GitLab, Bitbucket, Gitea, self-hosted) with an optional username and CA certificate, alongside the existing GitHub/Azure backends. Git commands hardened from shell exec to execFile.

  • Tests added: unit specs for the generic backend, the shared cloneRepository util, and the GitToken model.
  • Dev dependency added: proxyquire (mocks the git/fs boundaries in the backend unit test).

Changelog PR is here: FlowFuse/website#5260

Test plan

✅ All tests passed!

Generic Git Provider — Manual Test Plan (#5294)

Covers the generic Git provider (arbitrary HTTPS host, username + CA certificate), the execFile hardening, and regression of the existing GitHub/Azure providers.

Token creation (UI)

  • "Other" tile appears alongside GitHub / Azure DevOps (3 tiles, single row)
  • Username field shows only for "Other" (hidden for GitHub/Azure)
  • CA Certificate field shows only for "Other"
  • Token saves; username + caCertificate persisted to GitTokens

Push verified against live providers

  • GitHub (classic PAT, repo scope) — snapshot.json pushed
  • Bitbucket Cloud (API token, repo read+write) — snapshot.json pushed
  • GitLab (project token, write_repository, Maintainer) — snapshot.json pushed
  • Gitea self-hosted over HTTPS with a private CA — snapshot.json pushed

CA certificate (self-signed Gitea over HTTPS)

  • No CA cert → push fails the TLS handshake (surfaced as "Permission denied" via the unable-to-access catch)
  • Same credentials + CA cert pasted → push succeeds, proving GIT_SSL_CAINFO is applied
  • Negative-then-positive pair confirms success is due to the CA, not credentials

URL validation (pipeline stage form)

  • Generic token accepts any https:// URL
  • GitHub / Azure tokens still enforce their host-specific path formats
  • No false validation error while tokens are still loading (unknown type → HTTPS-only check)

Pull from repository (deploy from git)

  • Git stage as pipeline source → snapshot.json pulled, decrypted, and deployed to the target instance

Regression / shared code

  • GitHub push works after the execexecFile refactor of the shared cloneRepository
  • Generic push works after the execFile refactor
  • Git pipeline stage creation no longer 500s (nullable gitRepo fields in PipelineStage view)
  • Migration 20260626-01-EE-extend-gittoken-generic.js applies the username + caCertificate columns

Related Issue(s)

Resolves #5294

Checklist

  • I have read the contribution guidelines
  • Suitable unit/system level tests have been added and they pass
  • Documentation has been updated
    • Upgrade instructions
    • Configuration details
    • Concepts
  • Changes flowforge.yml?
    • Issue/PR raised on FlowFuse/helm to update ConfigMap Template
    • Issue/PR raised on FlowFuse/CloudProject to update values for Staging/Production
  • Link to Changelog Entry PR, or note why one is not needed.

Labels

  • Includes a DB migration? -> add the area:migration label

@n-lark n-lark self-assigned this Jun 11, 2026
@n-lark n-lark changed the title [5294] [5294] Git Integration in a DevOps Pipeline Jun 11, 2026
@codecov

codecov Bot commented Jun 11, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 91.52542% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 77.15%. Comparing base (64c84a9) to head (6aafe8b).
⚠️ Report is 15 commits behind head on main.

Files with missing lines Patch % Lines
forge/ee/lib/gitops/index.js 20.00% 4 Missing ⚠️
forge/ee/routes/gitops/index.js 0.00% 3 Missing ⚠️
forge/ee/lib/gitops/backends/generic.js 98.00% 2 Missing ⚠️
...grations/20260626-01-EE-extend-gittoken-generic.js 83.33% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #7435      +/-   ##
==========================================
+ Coverage   76.95%   77.15%   +0.19%     
==========================================
  Files         411      413       +2     
  Lines       21094    21207     +113     
  Branches     5141     5167      +26     
==========================================
+ Hits        16233    16362     +129     
+ Misses       4861     4845      -16     
Flag Coverage Δ
backend 77.15% <91.52%> (+0.19%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

…ecFile with argument arrays, add spec, fix validation form err
@n-lark

n-lark commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Closing to try a fresh build due to migration failure.

@n-lark n-lark closed this Jun 29, 2026
@n-lark

n-lark commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Reopening to retrigger build

Comment thread forge/ee/lib/gitops/backends/utils.js
@hardillb

Copy link
Copy Markdown
Contributor

NOTE: contains DB migrations, will need checking again #7580 to see which gets merged first

@hardillb hardillb left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested pushing to my private local Forgejo instance with a private CA and everything looks to work.

@n-lark n-lark merged commit 1d536ec into main Jun 29, 2026
36 of 38 checks passed
@n-lark n-lark deleted the 5294-generic-git branch June 29, 2026 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:migration Involves a database migration

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Git Integration in a DevOps Pipeline

2 participants