janpeter/scrum4me-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
scrum4me-docker/bin/repo-bootstrap.sh
janpeter visser 6408706800 fix(bootstrap): require GitHub-linked GIT_AUTHOR_EMAIL — Vercel deploy block 
Vercel rejected the smoke-test deploy with "The deployment was blocked
because the commit author email (agent@scrum4me.local) is not valid.
Ensure your git email matches your GitHub account."

The default `agent@scrum4me.local` in repo-bootstrap.sh was a phony
local domain not tied to any GitHub account. Vercel's deploy-protection
checks the latest commit's author email and blocks unknown ones.

Fix: error out with a helpful message if GIT_AUTHOR_EMAIL is unset, and
document the GitHub noreply form (`<user-id>+<username>@users.noreply.github.com`)
in `.env.example` as the recommended choice.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-02 20:14:28 +02:00

79 lines
2.9 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# repo-bootstrap.sh — pre-clone repos into ~agent/Projects so that
# scrum4me-mcp's `wait_for_job` finds a working repoRoot via the
# convention-fallback `~/Projects/<name>/.git`.
#
# Idempotent:
# - Sets up git credential helper using GH_TOKEN (HTTPS auth)
# - For each entry in GH_PRECLONE_REPOS (comma-separated owner/name list):
# * If ~/Projects/<name> exists → `git fetch origin --prune`
# * Otherwise → fresh `git clone`
#
# Runs as the agent user (called from entrypoint.sh after `gosu agent …`).
set -uo pipefail
source /opt/agent/bin/_lib.sh
: "${GH_TOKEN:=}"
: "${GH_PRECLONE_REPOS:=}"
if [[ -z "$GH_TOKEN" ]]; then
log "GH_TOKEN not set — skipping clone bootstrap. wait_for_job will fail until repos exist."
return 0 2>/dev/null || exit 0
fi
if [[ -z "$GH_PRECLONE_REPOS" ]]; then
log "GH_PRECLONE_REPOS empty — nothing to clone."
return 0 2>/dev/null || exit 0
fi
# ----- 1. configure git credential helper for HTTPS clone/push -----------
mkdir -p "$HOME"
git config --global credential.helper store
CREDS_FILE="$HOME/.git-credentials"
if [[ ! -f "$CREDS_FILE" ]] || ! grep -q "oauth2:${GH_TOKEN}@github.com" "$CREDS_FILE" 2>/dev/null; then
printf 'https://oauth2:%s@github.com\n' "$GH_TOKEN" > "$CREDS_FILE"
chmod 600 "$CREDS_FILE"
log "git credentials helper configured at ${CREDS_FILE}"
fi
# Commit-author identity. GIT_AUTHOR_EMAIL MUST be a valid GitHub-linked
# address — Vercel rejects deployments whose latest commit has an
# unknown author email ("commit author email is not valid"). Easiest
# choice: the no-reply form `<id>+<username>@users.noreply.github.com`
# (find it on github.com → Settings → Emails → "Keep my email private").
if [[ -z "${GIT_AUTHOR_EMAIL:-}" ]]; then
log "ERROR: GIT_AUTHOR_EMAIL not set. Vercel will reject deploys whose"
log " commit author email isn't tied to a GitHub account."
log " Use the noreply form, e.g.:"
log " GIT_AUTHOR_EMAIL=12345678+madhura68@users.noreply.github.com"
exit 2
fi
git config --global user.name "${GIT_AUTHOR_NAME:-Scrum4Me Agent}"
git config --global user.email "${GIT_AUTHOR_EMAIL}"
# ----- 2. clone-or-fetch each repo --------------------------------------
mkdir -p "$HOME/Projects"
IFS=',' read -ra REPOS <<< "$GH_PRECLONE_REPOS"
for repo in "${REPOS[@]}"; do
repo=$(echo "$repo" | tr -d '[:space:]')
[[ -z "$repo" ]] && continue
name=$(basename "$repo")
target="$HOME/Projects/$name"
if [[ -d "$target/.git" ]]; then
log "fetching ${repo} into ${target}"
git -C "$target" fetch origin --prune --quiet \
|| log "WARN: fetch failed for ${repo} (continuing)"
else
log "cloning ${repo} into ${target}"
rm -rf "$target"
git clone --quiet "https://github.com/${repo}.git" "$target" \
|| { log "ERROR: clone failed for ${repo}"; continue; }
fi
done
log "repo-bootstrap done"
Reference in a new issue View git blame Copy permalink