From a10c641413796435b62283e92717440c559ed4d5 Mon Sep 17 00:00:00 2001
From: Eric Anderson <eric@aryn.ai>
Date: Tue, 18 Feb 2025 23:21:41 -0800
Subject: [PATCH 1/4] Helper script for getting git credentials from the
 environment.

Useful for passing in fine-grained personal access tokens via environment variables when SSHing
into a node so that they don't have to be stored in a shared environment.
---
 apps/git/git-credential-from-env.py | 40 +++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100755 apps/git/git-credential-from-env.py

diff --git a/apps/git/git-credential-from-env.py b/apps/git/git-credential-from-env.py
new file mode 100755
index 000000000..5dbae333e
--- /dev/null
+++ b/apps/git/git-credential-from-env.py
@@ -0,0 +1,40 @@
+#!/aryn/.venv/bin/python
+import sys
+import logging
+import os
+
+if len(sys.argv) != 2 or sys.argv[1] != "get":
+    exit(0)
+
+d = {}
+
+for line in sys.stdin:
+    if line == "\n":
+        break
+    p = line.rstrip().split("=")  # Fix the missing split
+    if len(p) != 2:
+        logging.error(f"{__file__}: unable to parse {line}")
+        continue
+    d[p[0]] = p[1]
+
+if d["host"] == "github.com" and "aryn-ai" in d["path"]:
+    assert "ARYN_GITHUB_USER" in os.environ
+    assert "ARYN_GITHUB_KEY" in os.environ
+    print("protocol=https")
+    print("host=github.com")
+    print(f"username={os.environ['ARYN_GITHUB_USER']}")
+    print(f"password={os.environ['ARYN_GITHUB_KEY']}")
+    logging.error(f"git-credentials-from-env helper: Aryn github.com was used for {d['path']}")
+    exit(0)
+
+if "CUSTOMER_USER" in os.environ and "CUSTOMER_KEY" in os.environ:
+    print("protocol=https")
+    print("host=github.com")
+    print(f"username={os.environ['CUSTOMER_USER']}")
+    print(f"password={os.environ['CUSTOMER_KEY']}")
+    logging.error(f"git-credentials-from-env helper: Customer user was used for {d['path']}")
+    exit(0)
+
+logging.error(f"WARNING from {__file__}: Unable to find CUSTOMER_USER and CUSTOMER_KEY in environ.")
+logging.error(f"WARNING since the helper was enabled, this is probably an error.")
+exit(0)

From 4cea0f88c44016c8fcc6277197aece3aefd40569 Mon Sep 17 00:00:00 2001
From: Eric Anderson <eric@aryn.ai>
Date: Wed, 19 Feb 2025 00:40:28 -0800
Subject: [PATCH 2/4] add usage description and fix bug with things not in
 dictionary

---
 apps/git/git-credential-from-env.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/apps/git/git-credential-from-env.py b/apps/git/git-credential-from-env.py
index 5dbae333e..4660718c0 100755
--- a/apps/git/git-credential-from-env.py
+++ b/apps/git/git-credential-from-env.py
@@ -1,4 +1,10 @@
-#!/aryn/.venv/bin/python
+#!/usr/bin/env python3
+#
+# Credential helper to enable people to store fine grained access tokens in ssh environment
+# variables for use on a shared instance.
+# git config --global credential.helper ..../git-credentials-from-env.py
+# git config --global credential.useHttpPath true
+
 import sys
 import logging
 import os
@@ -17,7 +23,7 @@
         continue
     d[p[0]] = p[1]
 
-if d["host"] == "github.com" and "aryn-ai" in d["path"]:
+if d.get("host", "") == "github.com" and "aryn-ai" in d.get("path", ""):
     assert "ARYN_GITHUB_USER" in os.environ
     assert "ARYN_GITHUB_KEY" in os.environ
     print("protocol=https")

From aec42565dbe6e542b3fc8145cdf6c7523b27553d Mon Sep 17 00:00:00 2001
From: Eric Anderson <eric@aryn.ai>
Date: Wed, 19 Feb 2025 11:53:49 -0800
Subject: [PATCH 3/4] add more instructions

---
 apps/git/git-credential-from-env.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/apps/git/git-credential-from-env.py b/apps/git/git-credential-from-env.py
index 4660718c0..371eb31a2 100755
--- a/apps/git/git-credential-from-env.py
+++ b/apps/git/git-credential-from-env.py
@@ -4,6 +4,20 @@
 # variables for use on a shared instance.
 # git config --global credential.helper ..../git-credentials-from-env.py
 # git config --global credential.useHttpPath true
+#
+# To make a fine grained access token:
+# Github console upper right -> Settings -> Developer settings (lower left)
+#   -> Personal access tokens -> Fine-grained tokens -> Generate new token
+#
+# You will likely need to change the resource owner to your organization.
+# After selecting a repository, make sure to set the right repository permisisons
+# To push and pull you will need Contents = Read and write; and Metadata = Read-only
+#
+# Get the token to the remote machine, you can
+# 1. gpg encrypt it, mail it and decrypt it; or
+# 2. type it in manually. To verify correct typing, use a checksum.
+#    linux: sha256sum <file
+#    windows: certutil -hashfile file SHA256
 
 import sys
 import logging

From eb686fce3cd498dea4caa310e5d02ed891ea1405 Mon Sep 17 00:00:00 2001
From: Eric Anderson <eric@aryn.ai>
Date: Thu, 20 Feb 2025 13:04:27 -0800
Subject: [PATCH 4/4] reviewfix

---
 apps/git/git-credential-from-env.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/git/git-credential-from-env.py b/apps/git/git-credential-from-env.py
index 371eb31a2..748f2473f 100755
--- a/apps/git/git-credential-from-env.py
+++ b/apps/git/git-credential-from-env.py
@@ -56,5 +56,5 @@
     exit(0)
 
 logging.error(f"WARNING from {__file__}: Unable to find CUSTOMER_USER and CUSTOMER_KEY in environ.")
-logging.error(f"WARNING since the helper was enabled, this is probably an error.")
+logging.error("WARNING since the helper was enabled, this is probably an error.")
 exit(0)