Disable git-crypt integration

dsabeti · geofffranks · geofffranks · commit afcaf839a29a · 2023-06-07T16:26:00.000Z
Signed-off-by: Geoff Franks &lt;gfranks@vmware.com&gt;
Co-authored-by: Geoff Franks &lt;gfranks@vmware.com&gt;
diff --git a/Dockerfile b/Dockerfile
@@ -15,8 +15,6 @@ RUN apk add --update --no-cache \
     openssh
 
 COPY scripts/askpass.sh /usr/local/bin/askpass.sh
-ADD scripts/install_git_crypt.sh install_git_crypt.sh
-RUN ./install_git_crypt.sh && rm ./install_git_crypt.sh
 
 COPY --from=builder /go/src/github.com/cloudfoundry-community/github-pr-instances-resource/build /opt/resource
 
diff --git a/README.md b/README.md
@@ -101,7 +101,6 @@ for a single PR.
 | `paths`                     | No       | `["terraform/*/*.tf"]`           | Only produce new versions for commits that include changes to files that match one or more glob patterns or prefixes. Note: this differs from `source.paths` when listing PRs in that it applies on a commit-by-commit basis, whereas the former applies for the full PR.                   |
 | `ignore_paths`              | No       | `[".ci/"]`                       | Inverse of the above. Pattern syntax is documented in [filepath.Match](https://golang.org/pkg/path/filepath/#Match), or a path prefix can be specified (e.g. `.ci/` will match everything in the `.ci` directory).                                                                          |
 | `disable_ci_skip`           | No       | `true`                           | Disable ability to skip builds with `[ci skip]` and `[skip ci]` in the commit message.                                                                                                                                                                                                      |
-| `git_crypt_key`             | No       | `AEdJVENSWVBUS0VZAAAAA...`       | Base64 encoded git-crypt key. Setting this will unlock / decrypt the repository with git-crypt. To get the key simply execute `git-crypt export-key -- - | base64` in an encrypted repository.                                                                                             |
 | `disable_git_lfs`           | No       | `true`                           | Disable Git LFS, skipping an attempt to convert pointers of files tracked into their corresponding objects when checked out into a working copy.                                                                                                                                           |
 | `skip_ssl_verification`     | No       | `true`                           | Disable SSL/TLS certificate validation on API clients. Use with care!                                                                                                                                                                                                                       |
 
@@ -186,7 +185,7 @@ params:
 get_params: {skip_download: true}
 ```
 
-git-crypt encrypted repositories will automatically be decrypted when the `git_crypt_key` is set in the source configuration.
+**NOTE:** git-crypt encrypted repositories are currently unsupported.
 
 Note that, should you retrigger a build in the hopes of testing the last commit to a PR against a newer version of
 the base, Concourse will reuse the volume (i.e. not trigger a new `get`) if it still exists, which can produce
diff --git a/models/git.go b/models/git.go
@@ -1,14 +1,12 @@
 package models
 
 import (
-	"encoding/base64"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/url"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"strconv"
 	"strings"
 )
@@ -282,23 +280,7 @@ func (g *GitClient) Rebase(baseRef string, headSha string, submodules bool) erro
 
 // GitCryptUnlock unlocks the repository using git-crypt
 func (g *GitClient) GitCryptUnlock(base64key string) error {
-	keyDir, err := ioutil.TempDir("", "")
-	if err != nil {
-		return fmt.Errorf("failed to create temporary directory")
-	}
-	defer os.RemoveAll(keyDir)
-	decodedKey, err := base64.StdEncoding.DecodeString(base64key)
-	if err != nil {
-		return fmt.Errorf("failed to decode git-crypt key")
-	}
-	keyPath := filepath.Join(keyDir, "git-crypt-key")
-	if err := ioutil.WriteFile(keyPath, decodedKey, os.FileMode(0600)); err != nil {
-		return fmt.Errorf("failed to write git-crypt key to file: %s", err)
-	}
-	if err := g.command("git-crypt", "unlock", keyPath).Run(); err != nil {
-		return fmt.Errorf("git-crypt unlock failed: %s", err)
-	}
-	return nil
+	return fmt.Errorf("GitCrypt Unsupported")
 }
 
 // Endpoint takes an uri and produces an endpoint with the login information baked in.
