use anyhow::{Context, Result};
use std::path::Path;
use tokio::process::Command;
use super::{build_clone_args, CloneOpts};
use crate::git::aws;
use crate::git::types::CredentialKind;
pub async fn clone_codecommit(opts: &CloneOpts, dest: &Path) -> Result<()> {
let (arn, external_id) = match &opts.credentials.as_ref().map(|c| &c.kind) {
Some(CredentialKind::AwsRole { arn, external_id }) => (arn.as_str(), external_id.as_str()),
_ => anyhow::bail!("expected AwsRole credentials for CodeCommit clone"),
};
let creds = aws::assume_role(arn, external_id, &opts.repo_url).await?;
let extra_config = vec!["-c".to_string(), "http.sslVerify=false".to_string()];
let args = build_clone_args(opts, &opts.repo_url, dest, &extra_config);
let status = Command::new("git")
.args(&args)
.env("AWS_ACCESS_KEY_ID", &creds.access_key)
.env("AWS_SECRET_ACCESS_KEY", &creds.secret_key)
.env("AWS_SESSION_TOKEN", &creds.session_token)
.env("AWS_DEFAULT_REGION", &creds.region)
.status()
.await
.context("running git clone (CodeCommit)")?;
if !status.success() {
anyhow::bail!("git clone (CodeCommit) failed with status {status}");
}
Ok(())
}