#!/usr/bin/env bash # # Install ~/.local/bin/git-credential-forge (copies both # git-credential-forge.py and its forge_auth.py companion module) and # wire `git config --global credential..*` so git # calls the helper for every matching URL. Idempotent. set -euo pipefail here="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" # shellcheck disable=SC1091 . "$here/common.sh" load_env require_env FORGE_GITEA_URL require_cmd git require_cmd python3 helper_src="$here/git-credential-forge.py" module_src="$here/forge_auth.py" [ -f "$helper_src" ] || die "missing helper source: $helper_src" [ -f "$module_src" ] || die "missing module source: $module_src" mkdir -p "$LOCAL_BIN" install -m 0755 "$helper_src" "$CRED_HELPER" install -m 0644 "$module_src" "$LOCAL_BIN/forge_auth.py" info "installed credential helper -> $CRED_HELPER" info "installed module -> $LOCAL_BIN/forge_auth.py" # Syntax check both installed artefacts before the first git invocation. python3 -c 'import sys; compile(open(sys.argv[1]).read(), sys.argv[1], "exec")' "$CRED_HELPER" python3 -c 'import sys; compile(open(sys.argv[1]).read(), sys.argv[1], "exec")' "$LOCAL_BIN/forge_auth.py" # Scope to FORGE_GITEA_URL only. git-config(1): credential..* # applies only when git's resolved credential URL matches. Other hosts # are not affected. key="credential.${FORGE_GITEA_URL}.helper" use_path_key="credential.${FORGE_GITEA_URL}.useHttpPath" # Remove previous helper entries to avoid stacking duplicate helpers. git config --global --unset-all "$key" 2>/dev/null || true git config --global --unset-all "$use_path_key" 2>/dev/null || true # Username is derived from the OAuth token at runtime by the helper. # credential..username remains unset to avoid pinning stale state. # The helper emits username= on every `get` request. git config --global --add "$key" "$CRED_HELPER" git config --global "$use_path_key" true info "git config --global $key -> $CRED_HELPER" info "git config --global $use_path_key -> true"