[VS Code] Read gitlab token from a file to configure the extension
MR: feat: read PAT from file (!1622 - merged)
Context
We are looking to integrate GitLab Workflow extension out of the box when creating a workspace as part of Integrate Duo Chat and Code Suggestions into a ... (&12780 - closed) . When a workspace is created, a new PAT is generated. We plan to add api
scope into this token so that it can be used directly to configure the extension. However, this token is stored in a file in a workspace and not as an environment variable. There are reasons why we prefer to have the token in a file over an environment variable.
Solution
Support reading a token from a file instead of reading the token from an environment variable.
We introduce a new environment variable called GITLAB_WORKFLOW_TOKEN_FILE
. This environment variable contains the path to a file whose only content is the token text in UTF-8.
Current use of env variables:
GITLAB_WORKFLOW_INSTANCE_URL=https://gitlab.com GITLAB_WORKFLOW_TOKEN="glab-actual-token" code .
Newly supported option:
GITLAB_WORKFLOW_INSTANCE_URL=https://gitlab.com GITLAB_WORKFLOW_TOKEN_FILE=~/.shared-gitlab-token code .
and the ~/.shared-gitlab-token
file would be this:
glab-actual-token-on-line-1
If both GITLAB_WORKFLOW_TOKEN
and GITLAB_WORKFLOW_TOKEN_FILE
env variables are present, GITLAB_WORKFLOW_TOKEN
has priority (GITLAB_WORKFLOW_TOKEN_FILE
will be ignored).
Technical details
- We now read the authentication environment variables here https://gitlab.com/gitlab-org/gitlab-vscode-extension/blob/7f4a3eb0168693c9671c595bf9725e4ec66eeca3/src/desktop/accounts/account_service.ts#L49-58
- Since reading environment variables is sync operation and reading file is async, we need to find a good spot when to read the file. Maybe we could use the
init
method that is called when the account service is created https://gitlab.com/gitlab-org/gitlab-vscode-extension/blob/7f4a3eb0168693c9671c595bf9725e4ec66eeca3/src/desktop/accounts/account_service.ts#L88-98. - the precedence should take environment variables (
GITLAB_WORKFLOW_INSTANCE_URL
,GITLAB_WORKFLOW_TOKEN)
first to prevent breaking the existing setup - if the loading credentials from
GITLAB_WORKFLOW_CREDENTIALS_FILE
fails, we log the error but otherwise ignore it - the new logic should be tested