I have a Github repo which I configure in git-sync to sync files with my Kubernetes airflow instance by specifying the repo URL with PAT token like below:
https://<PAT>@github.com/org/dag_repo.git`
(PAT token is inserted by CI/CD and not committed to github to the dag_repo)
This Github repo also has multiple other GitHub Repos added as git submodules using the command:
git submodule add https://<PAT>@github.com/org/test-git-sync.git
My .gitmodules file looks like the below:
[submodule "test-git-sync"]
path = test-git-sync
url = https://<PAT>@github.com/org/test-git-sync.git
So in the submodule file git is saving the PAT token which is sensitive - thus I cannot commit it to Github
I tried adding the submodule repo without a PAT token - but in this case, git-sync is not able to check out the submodule because the submodule repo is private and no auth is specified.
- Is there a way to configure git-sync to use the same PAT token used in main repo to checkout submodules also ?
- Is it possible to parametrize the PAT token in the
.gitmodulesfile and then git-sync can inject PAT during run-time?
It is possible to provide relative paths in the git submodule to use the same repo config as the parent. In my case the below config in
.gitmodulesfile made it work: