Files
local-ci-cd-system/scripts
Simone eb6fdfb2ca feat(§3.3): Implement Gitea PAT auth for guest-side git clone
Credential Manager target 'GiteaPAT' (default) read on host, passed
securely to guest WinRM session. Token never appears in argv, URL, or logs.

Guest auth flow (§1.5 compliant):
1. Host reads PAT via Get-StoredCredential -Target GiteaPAT
2. Username + password passed as ArgumentList to Invoke-Command
3. Guest writes temp .git-credentials file (https://user:token@host)
4. git clone uses: -c 'credential.helper=store --file <tmp>'
5. finally{} deletes credentials file regardless of clone success/fail

Setup (one-time on host):
  New-StoredCredential -Target 'GiteaPAT' -UserName '<user>' `
      -Password '<pat>' -Persist LocalMachine

Invoke-CIJob.ps1: added -GiteaCredentialTarget param (default: 'GiteaPAT'),
passed through to Invoke-RemoteBuild when -UseGitClone is set.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-10 22:03:36 +02:00
..