How Does Cloning Private HTTPS Repo's Work?

I am able to clone private repo’s via HTTPs in Drone without providing authentication. It is working well.

I am hoping to understand by what mechanism this works.

I’ve ran printenv looking for some sort of environment variable git might be picking up and found nothing?

I’ve checked git config --list as well as globally and found nothing.

How does this work? Is there some sort of custom git command? Are you hijacking my network traffic? Or is there something else at play?

I’m really curious to understand how this works!

drone injects a .netrc file into the container which is what git (more precisely curl) uses.
if you cat ~/.netrc (do not remember the exact location )
you should see something like this

machine git.server.com
login x-token-auth
password thetoken 
1 Like

Awesome! That even works for me on my local machine. I am so pleased to know how this works.

The format however is just a pinch different

machine github.com
login {token}
password x-oauth-basic

Also note that the exact login and password values are vendor-specific


machine gitlab.com
login oauth2
password {token}

github / gogs / gitea:

machine github.com
login {token}
password x-oauth-basic


machine bitbucket.org
login x-token-auth
password {token}
1 Like

Dumb question: How do I CHANGE the token injected here?

(engineer who setup drone left the company. Every setting I can find in Drone points to the github enterprise service account which should do this. But SOMETHING is magically tied to their github enterprise user, and I’m trying to find/change/override it so our CI/CD system works again)

You likely need to chown the non functional repositories to recreate the drone webhooks under a valid user.

Thank you! I’ve been beating my head on this for a week…

For future reference, the major symptom we saw was “Your account has been suspended” in the drone server logs (docker logs) after the account was suspended.

Hmm I simply cannot find where this is injected…! It’s not documented anywhere, we are working with a custom Alpine docker plugin. Attempting to clone a private repo using the same credentials that we assume are inside .netrc? But cant find it inside the plugin container.