Go: Support private registries via GOPROXY
#19248
Conversation
| cmd.Env = append(cmd.Env, fmt.Sprintf("HTTP_PROXY=%s", proxy_address)) | ||
| cmd.Env = append(cmd.Env, fmt.Sprintf("HTTPS_PROXY=%s", proxy_address)) |
There was a problem hiding this comment.
You can append two things at once. append is variadic.
| cmd.Env = append(cmd.Env, fmt.Sprintf("HTTP_PROXY=%s", proxy_address)) | |
| cmd.Env = append(cmd.Env, fmt.Sprintf("HTTPS_PROXY=%s", proxy_address)) | |
| cmd.Env = append(cmd.Env, fmt.Sprintf("HTTP_PROXY=%s", proxy_address), fmt.Sprintf("HTTPS_PROXY=%s", proxy_address)) |
| if proxy_port, proxy_port_set := os.LookupEnv(PROXY_PORT); proxy_port_set { | ||
| proxy_address = fmt.Sprintf("http://%s:%s", proxy_host, proxy_port) | ||
| slog.Info("Found private registry proxy", slog.String("proxy_address", proxy_address)) | ||
| } |
There was a problem hiding this comment.
Is it the desired behaviour that if the host is set but not the port then the host isn't used? Is there some kind of default port that could be tried? Or should there be some logging in this case, so that when it doesn't work the user can easily see what has happened?
There was a problem hiding this comment.
We wouldn't expect users to set any of these. These environment variables are set in the default setup workflow and we would only ever expect both to be set at the same time. In particular, the proxy uses a random, available port on the runner.
| } else { | ||
| // We only care about private registry configurations that are relevant to Go and | ||
| // filter others out at this point. | ||
| proxy_configs = make([]RegistryConfig, 0) |
There was a problem hiding this comment.
You could use the length of val as a third argument to make, which specifies the capacity of the underlying array. Or maybe it isn't worth it if you only ever expect very few.
There was a problem hiding this comment.
We only expect a few (indeed, the UI only supports configuring one at the moment). That said, I have noticed since that calling make to initialise the array isn't necessary since append will apparently do this if it is nil anyway.
| cmd.Env = append(cmd.Env, fmt.Sprintf("GOPROXY=%s", goproxy_val)) | ||
| cmd.Env = append(cmd.Env, "GOPRIVATE=") | ||
| cmd.Env = append(cmd.Env, "GONOPROXY=") |
There was a problem hiding this comment.
As above, you can append them all at once.
This PR is part of work to enable private package registries to be used in Default Setup. See prior work for C#: #18029 and #18850
The existing Default Setup workflow will initialise the Dependabot package proxy, if a private package registry configuration is set. The host, port, certificate, and configurations used by the proxy are then passed to CodeQL in the
analyzestep. For Go, we will likely need to modify this to make these environment variables available to theautobuildstep as well.The changes in this PR modify the Go extractor to recognise when the corresponding environment variables are set. If so, we use the data from those environment variables to:
govia theHTTP_PROXYandHTTPS_PROXYenvironment variables.goviaSSL_CERT_FILE.goproxy_serverconfigurations and use them to set an appropriate value for theGOPROXYenvironment variable.This has the effect that
gowill attempt to make requests to obtain packages to theGOPROXYservers. These will go via the Dependabot proxy configured byHTTP_PROXYandHTTPS_PROXY, which handles the needed authentication for theGOPROXYservers.