CR-15471-insecure-git-providers (#640)

* send certFile to autopilot + git api calls
* updated autopilot dependency
removed applicationset dependency (it's inside argocd)
* increase lint timeout to 10m

Author: ATGardner

Makefile

@@ -1,4 +1,4 @@
-VERSION=v0.1.8
+VERSION=v0.1.9
 
 OUT_DIR=dist
 YEAR?=$(shell date +"%Y")
@@ -122,7 +122,7 @@ $(OUT_DIR)/$(CLI_NAME).image: $(CLI_SRCS)
 .PHONY: lint
 lint: $(GOBIN)/golangci-lint tidy
 	@echo linting go code...
-	@golangci-lint run --fix --timeout 6m
+	@golangci-lint run --fix --timeout 10m
 
 .PHONY: test
 test:

cmd/commands/git-source.go

@@ -200,7 +200,7 @@ func NewGitSourceCreateCommand() *cobra.Command {
 			insCloneOpts.Parse()
 			gsCloneOpts.Parse()
 
-			gitProvider, err = cfgit.GetProvider(cfgit.ProviderType(gsCloneOpts.Provider), gsCloneOpts.Repo)
+			gitProvider, err = cfgit.GetProvider(cfgit.ProviderType(gsCloneOpts.Provider), gsCloneOpts.Repo, gsCloneOpts.Auth.CertFile)
 			if err != nil {
 				log.G(ctx).Fatal("failed to infer git provider for git-source")
 			}

cmd/commands/runtime.go

@@ -43,7 +43,6 @@ import (
 	apgit "github.com/argoproj-labs/argocd-autopilot/pkg/git"
 	"github.com/argoproj-labs/argocd-autopilot/pkg/kube"
 	apstore "github.com/argoproj-labs/argocd-autopilot/pkg/store"
-	appset "github.com/argoproj/applicationset/api/v1alpha1"
 	argocdv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	argocdv1alpha1cs "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
 	platmodel "github.com/codefresh-io/go-sdk/pkg/codefresh/model"
@@ -1063,9 +1062,9 @@ func downloadFile(response *http.Response, fullFilename string) error {
 	return err
 }
 
-var getProjectInfoFromFile = func(repofs fs.FS, name string) (*argocdv1alpha1.AppProject, *appset.ApplicationSet, error) {
+var getProjectInfoFromFile = func(repofs fs.FS, name string) (*argocdv1alpha1.AppProject, *argocdv1alpha1.ApplicationSet, error) {
 	proj := &argocdv1alpha1.AppProject{}
-	appSet := &appset.ApplicationSet{}
+	appSet := &argocdv1alpha1.ApplicationSet{}
 	if err := repofs.ReadYamls(name, proj, appSet); err != nil {
 		return nil, nil, err
 	}

cmd/commands/runtime_install.go

@@ -51,8 +51,7 @@ import (
 	"github.com/argoproj-labs/argocd-autopilot/pkg/kube"
 	apstore "github.com/argoproj-labs/argocd-autopilot/pkg/store"
 	aputil "github.com/argoproj-labs/argocd-autopilot/pkg/util"
-	appset "github.com/argoproj/applicationset/api/v1alpha1"
-	argocd "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argocdv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	aev1alpha1 "github.com/argoproj/argo-events/pkg/apis/eventsource/v1alpha1"
 	"github.com/codefresh-io/go-sdk/pkg/codefresh"
 	platmodel "github.com/codefresh-io/go-sdk/pkg/codefresh/model"
@@ -410,7 +409,7 @@ func ensureGitData(cmd *cobra.Command, opts *RuntimeInstallOptions) error {
 	}
 
 	baseURL, _, _, _, _, _, _ := aputil.ParseGitUrl(opts.InsCloneOpts.Repo)
-	opts.gitProvider, err = cfgit.GetProvider(cfgit.ProviderType(opts.InsCloneOpts.Provider), baseURL)
+	opts.gitProvider, err = cfgit.GetProvider(cfgit.ProviderType(opts.InsCloneOpts.Provider), baseURL, opts.InsCloneOpts.Auth.CertFile)
 	if err != nil {
 		return err
 	}
@@ -1740,21 +1739,21 @@ func updateProject(repofs fs.FS, rt *runtime.Runtime) error {
 	// adding another gitGenerator to the project's ApplicationSet
 	// to support helm applications without adding the support in autopilot (TBD)
 	kustGenerator := appSet.Spec.Generators[0].Git
-	appSet.Spec.Generators = append(appSet.Spec.Generators, appset.ApplicationSetGenerator{
-		Git: &appset.GitGenerator{
-			Files: []appset.GitFileGeneratorItem{
+	appSet.Spec.Generators = append(appSet.Spec.Generators, argocdv1alpha1.ApplicationSetGenerator{
+		Git: &argocdv1alpha1.GitGenerator{
+			Files: []argocdv1alpha1.GitFileGeneratorItem{
 				{
 					Path: strings.Replace(kustGenerator.Files[0].Path, "config.json", "config_helm.json", 1),
 				},
 			},
 			RepoURL:             kustGenerator.RepoURL,
 			RequeueAfterSeconds: kustGenerator.RequeueAfterSeconds,
 			Revision:            kustGenerator.Revision,
-			Template: appset.ApplicationSetTemplate{
-				Spec: argocd.ApplicationSpec{
-					Source: argocd.ApplicationSource{
+			Template: argocdv1alpha1.ApplicationSetTemplate{
+				Spec: argocdv1alpha1.ApplicationSpec{
+					Source: argocdv1alpha1.ApplicationSource{
 						Chart: "{{ srcChart }}",
-						Helm: &argocd.ApplicationSourceHelm{
+						Helm: &argocdv1alpha1.ApplicationSourceHelm{
 							ReleaseName: fmt.Sprintf("%s-{{ appName }}", rt.Name),
 							Values:      "{{ values }}",
 						},

docs/commands/cli-v2_git-source_create.md

@@ -17,17 +17,19 @@ cli-v2 git-source create RUNTIME_NAME GITSOURCE_NAME [flags]
 ### Options
 
 ```
-      --create-repo                If true, will create the specified git-source repo in case it doesn't already exist
-      --exclude string             files to exclude. can be either filenames or a glob
-      --git-src-git-token string   Your git provider api token [GIT_SRC_GIT_TOKEN]
-      --git-src-git-user string    Your git provider user name [GIT_SRC_GIT_USER] (not required in GitHub)
-      --git-src-repo string        Repository URL [GIT_SRC_GIT_REPO]
-  -t, --git-token string           Your git provider api token [GIT_TOKEN]
-  -u, --git-user string            Your git provider user name [GIT_USER] (not required in GitHub)
-  -h, --help                       help for create
-      --include string             files to include. can be either filenames or a glob
-      --repo string                Repository URL [GIT_REPO]
-  -b, --upsert-branch              If true will try to checkout the specified branch and create it if it doesn't exist
+      --create-repo                     If true, will create the specified git-source repo in case it doesn't already exist
+      --exclude string                  files to exclude. can be either filenames or a glob
+      --git-server-crt string           Git Server certificate file
+      --git-src-git-server-crt string   Git Server certificate fileGIT_SRC_
+      --git-src-git-token string        Your git provider api token [GIT_SRC_GIT_TOKEN]
+      --git-src-git-user string         Your git provider user name [GIT_SRC_GIT_USER] (not required in GitHub)
+      --git-src-repo string             Repository URL [GIT_SRC_GIT_REPO]
+  -t, --git-token string                Your git provider api token [GIT_TOKEN]
+  -u, --git-user string                 Your git provider user name [GIT_USER] (not required in GitHub)
+  -h, --help                            help for create
+      --include string                  files to include. can be either filenames or a glob
+      --repo string                     Repository URL [GIT_REPO]
+  -b, --upsert-branch                   If true will try to checkout the specified branch and create it if it doesn't exist
 ```
 
 ### Options inherited from parent commands

docs/commands/cli-v2_git-source_delete.md

@@ -17,11 +17,12 @@ cli-v2 git-source delete RUNTIME_NAME GITSOURCE_NAME [flags]
 ### Options
 
 ```
-  -t, --git-token string   Your git provider api token [GIT_TOKEN]
-  -u, --git-user string    Your git provider user name [GIT_USER] (not required in GitHub)
-  -h, --help               help for delete
-      --repo string        Repository URL [GIT_REPO]
-  -b, --upsert-branch      If true will try to checkout the specified branch and create it if it doesn't exist
+      --git-server-crt string   Git Server certificate file
+  -t, --git-token string        Your git provider api token [GIT_TOKEN]
+  -u, --git-user string         Your git provider user name [GIT_USER] (not required in GitHub)
+  -h, --help                    help for delete
+      --repo string             Repository URL [GIT_REPO]
+  -b, --upsert-branch           If true will try to checkout the specified branch and create it if it doesn't exist
 ```
 
 ### Options inherited from parent commands

docs/commands/cli-v2_git-source_edit.md

@@ -17,18 +17,20 @@ cli-v2 git-source edit RUNTIME_NAME GITSOURCE_NAME [flags]
 ### Options
 
 ```
-      --exclude string             files to exclude. can be either filenames or a glob
-      --git-src-git-token string   Your git provider api token [GIT_SRC_GIT_TOKEN]
-      --git-src-git-user string    Your git provider user name [GIT_SRC_GIT_USER] (not required in GitHub)
-      --git-src-provider string    The git provider, one of: azure|bitbucket|bitbucket-server|gitea|github|gitlab
-      --git-src-repo string        Repository URL [GIT_SRC_GIT_REPO]
-  -t, --git-token string           Your git provider api token [GIT_TOKEN]
-  -u, --git-user string            Your git provider user name [GIT_USER] (not required in GitHub)
-  -h, --help                       help for edit
-      --include string             files to include. can be either filenames or a glob
-      --provider string            The git provider, one of: azure|bitbucket|bitbucket-server|gitea|github|gitlab
-      --repo string                Repository URL [GIT_REPO]
-  -b, --upsert-branch              If true will try to checkout the specified branch and create it if it doesn't exist
+      --exclude string                  files to exclude. can be either filenames or a glob
+      --git-server-crt string           Git Server certificate file
+      --git-src-git-server-crt string   Git Server certificate fileGIT_SRC_
+      --git-src-git-token string        Your git provider api token [GIT_SRC_GIT_TOKEN]
+      --git-src-git-user string         Your git provider user name [GIT_SRC_GIT_USER] (not required in GitHub)
+      --git-src-provider string         The git provider, one of: azure|bitbucket|bitbucket-server|gitea|github|gitlab
+      --git-src-repo string             Repository URL [GIT_SRC_GIT_REPO]
+  -t, --git-token string                Your git provider api token [GIT_TOKEN]
+  -u, --git-user string                 Your git provider user name [GIT_USER] (not required in GitHub)
+  -h, --help                            help for edit
+      --include string                  files to include. can be either filenames or a glob
+      --provider string                 The git provider, one of: azure|bitbucket|bitbucket-server|gitea|github|gitlab
+      --repo string                     Repository URL [GIT_REPO]
+  -b, --upsert-branch                   If true will try to checkout the specified branch and create it if it doesn't exist
 ```
 
 ### Options inherited from parent commands

docs/commands/cli-v2_runtime_install.md

@@ -36,6 +36,7 @@ cli-v2 runtime install [runtime_name] [flags]
       --from-repo                                    Installs a runtime from an existing repo. Used for recovery after cluster failure
       --gateway-name string                          The gateway name
       --gateway-namespace string                     The namespace of the gateway
+      --git-server-crt string                        Git Server certificate file
   -t, --git-token string                             Your git provider api token [GIT_TOKEN]
   -u, --git-user string                              Your git provider user name [GIT_USER] (not required in GitHub)
   -h, --help                                         help for install

docs/commands/cli-v2_runtime_uninstall.md

@@ -32,6 +32,7 @@ cli-v2 runtime uninstall [RUNTIME_NAME] [flags]
       --disable-telemetry       If true, will disable the analytics reporting for the uninstall process
       --fast-exit               If true, will not wait for deletion of cluster resources. This means that full resource deletion will not be verified
       --force                   If true, will guarantee the runtime is removed from the platform, even in case of errors while cleaning the repo and the cluster
+      --git-server-crt string   Git Server certificate file
   -t, --git-token string        Your git provider api token [GIT_TOKEN]
   -u, --git-user string         Your git provider user name [GIT_USER] (not required in GitHub)
   -h, --help                    help for uninstall

docs/commands/cli-v2_runtime_upgrade.md

@@ -29,6 +29,7 @@ cli-v2 runtime upgrade [RUNTIME_NAME] [flags]
 
 ```
       --disable-telemetry           If true, will disable analytics reporting for the upgrade process
+      --git-server-crt string       Git Server certificate file
   -t, --git-token string            Your git provider api token [GIT_TOKEN]
   -u, --git-user string             Your git provider user name [GIT_USER] (not required in GitHub)
   -h, --help                        help for upgrade

docs/releases/release_notes.md

@@ -23,7 +23,7 @@ cf version
 
 ```bash
 # download and extract the binary
-curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.8/cf-linux-amd64.tar.gz | tar zx
+curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.9/cf-linux-amd64.tar.gz | tar zx
 
 # move the binary to your $PATH
 mv ./cf-linux-amd64 /usr/local/bin/cf
@@ -36,7 +36,7 @@ cf version
 
 ```bash
 # download and extract the binary
-curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.8/cf-darwin-amd64.tar.gz | tar zx
+curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.1.9/cf-darwin-amd64.tar.gz | tar zx
 
 # move the binary to your $PATH
 mv ./cf-darwin-amd64 /usr/local/bin/cf