Add ability to provide token for private repo for requirements_git in container build (#15831)

Add ability to provide auth to private repo for requirements_git

.github/actions/awx_devel_image/action.yml

@@ -4,6 +4,10 @@ inputs:
   github-token:
     description: GitHub Token for registry access
     required: true
+  private-github-token:
+    description: GitHub Token for private repositories
+    required: false
+    default: ''
 runs:
   using: composite
   steps:
@@ -22,6 +26,11 @@ runs:
       run: |
         echo "${{ inputs.github-token }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
 
+    - name: Add Private github token to requirements_git.credentials.txt
+      shell: bash
+      run: echo "https://x-access-token:${{ inputs.private-github-token }}@github.com" >> requirements/requirements_git.credentials.txt
+      if: ${{ inputs.private-github-token != '' }}
+
     - name: Pre-pull latest devel image to warm cache
       shell: bash
       run: |

.github/actions/run_awx_devel/action.yml

@@ -9,6 +9,10 @@ inputs:
     required: false
     default: false
     type: boolean
+  private-github-token:
+    description: GitHub Token for private repositories
+    required: false
+    default: ''
 outputs:
   ip:
     description: The IP of the tools_awx_1 container
@@ -28,6 +32,7 @@ runs:
       uses: ./.github/actions/awx_devel_image
       with:
         github-token: ${{ inputs.github-token }}
+        private-github-token: ${{ inputs.private-github-token}}
 
     - name: Upgrade ansible-core
       shell: bash
@@ -69,4 +74,4 @@ runs:
       shell: bash
       run: |
         AWX_IP=$(docker inspect -f '{{.NetworkSettings.Networks.awx.IPAddress}}' tools_awx_1)
-        echo "ip=$AWX_IP" >> $GITHUB_OUTPUT
+        echo "ip=$AWX_IP" >> $GITHUB_OUTPUT

.github/workflows/ci.yml

@@ -3,6 +3,7 @@ name: CI
 env:
   LC_ALL: "C.UTF-8" # prevent ERROR: Ansible could not initialize the preferred locale: unsupported locale setting
   CI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  CI_PRIVATE_GITHUB_TOKEN: ${{ secrets.PRIVATE_GITHUB_TOKEN }}
   DEV_DOCKER_OWNER: ${{ github.repository_owner }}
   COMPOSE_TAG: ${{ github.base_ref || 'devel' }}
   UPSTREAM_REPOSITORY_ID: 91594105
@@ -54,6 +55,7 @@ jobs:
         uses: ./.github/actions/awx_devel_image
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
+          private-github-token: ${{ secrets.PRIVATE_GITHUB_TOKEN }}
 
       - name: Run check ${{ matrix.tests.name }}
         id: make-run
@@ -138,6 +140,7 @@ jobs:
         with:
           build-ui: false
           github-token: ${{ secrets.GITHUB_TOKEN }}
+          private-github-token: ${{ secrets.PRIVATE_GITHUB_TOKEN }}
 
       - name: Run live dev env tests
         run: docker exec tools_awx_1 /bin/bash -c "make live_test"
@@ -179,6 +182,12 @@ jobs:
         run: |
           python3 -m pip install docker
 
+      - name: Add Private github token to requirements_git.credentials.txt
+        shell: bash
+        working-directory: awx
+        run: echo "https://x-access-token:${{ env.CI_PRIVATE_GITHUB_TOKEN }}@github.com" >> requirements/requirements_git.credentials.txt
+        if: ${{ env.CI_PRIVATE_GITHUB_TOKEN != '' }}
+
       - name: Build AWX image
         working-directory: awx
         run: |
@@ -286,6 +295,7 @@ jobs:
         with:
           build-ui: false
           github-token: ${{ secrets.GITHUB_TOKEN }}
+          private-github-token: ${{ secrets.PRIVATE_GITHUB_TOKEN }}
 
       - name: Install dependencies for running tests
         run: |

.github/workflows/devel_images.yml

@@ -3,6 +3,7 @@ name: Build/Push Development Images
 env:
   LC_ALL: "C.UTF-8" # prevent ERROR: Ansible could not initialize the preferred locale: unsupported locale setting
   DOCKER_CACHE: "--no-cache" # using the cache will not rebuild git requirements and other things
+  CI_PRIVATE_GITHUB_TOKEN: ${{ secrets.PRIVATE_GITHUB_TOKEN }}
 on:
   workflow_dispatch:
   push:
@@ -73,6 +74,11 @@ jobs:
           make ui
         if: matrix.build-targets.image-name == 'awx'
 
+      - name: Add private GitHub token to requirements_git.credentials.txt
+        shell: bash
+        run: echo "https://x-access-token:${{ secrets.PRIVATE_GITHUB_TOKEN }}@github.com"" >> requirements/requirements_git.credentials.txt
+        if: ${{ env.CI_PRIVATE_GITHUB_TOKEN != '' }}
+
       - name: Build and push AWX devel images
         run: |
           make ${{ matrix.build-targets.make-target }}

.gitignore

@@ -122,6 +122,7 @@ reports
 local/
 *.mo
 requirements/vendor
+requirements/requirements_git.credentials.txt
 .i18n_built
 .idea/*
 *credentials*.y*ml*

MANIFEST.in

@@ -28,3 +28,4 @@ include COPYING
 include Makefile
 prune awx/public
 prune awx/projects
+prune requirements/requirements_git.credentials.txt

requirements/requirements_git.credentials.txt

@@ -0,0 +1,2 @@
+# If sources in requirements_git.txt require authentication add git-credentials in this file, Example:
+# https://x-access-token:${PAT}@github.com"

tools/ansible/roles/dockerfile/templates/Dockerfile.j2

@@ -74,8 +74,10 @@ RUN mkdir /tmp/requirements
 ADD requirements/requirements.txt \
     requirements/requirements_tower_uninstall.txt \
     requirements/requirements_git.txt \
+    requirements/requirements_git.credentials.txt \
     /tmp/requirements/
 
+RUN git config --global credential.helper "store --file=/tmp/requirements/requirements_git.credentials.txt"
 RUN cd /tmp && make requirements_awx
 
 ARG VERSION
@@ -102,6 +104,8 @@ RUN DJANGO_SETTINGS_MODULE=awx.settings.defaults SKIP_SECRET_KEY_CHECK=yes SKIP_
 
 {% endif %}
 
+RUN rm /tmp/requirements/requirements_git.credentials.txt
+
 # Final container(s)
 FROM quay.io/centos/centos:stream9