Refactor gogetter utility for better testability (#1146)

* Update atmos schema init

* updated schema

* refactor schema name

* fixed test case

* processSchemas updated

* fix golangci lint

* fix the downloadSchemaFromURL lint

* lint fix validate stacks

* lint fix

* fixed lints

* fix lint

* fix lint

* fix lint

* fixed the processCommandLineArgs lint

* fix lint

* fix lint

* Update internal/exec/validate_stacks.go

Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <[email protected]>

* Update pkg/config/utils.go

Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <[email protected]>

* Update pkg/config/utils.go

Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <[email protected]>

* Update pkg/config/utils.go

Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <[email protected]>

* Update pkg/config/utils.go

Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <[email protected]>

* Update pkg/config/utils.go

Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <[email protected]>

* Update pkg/config/utils.go

Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <[email protected]>

* Update pkg/config/utils.go

Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <[email protected]>

* fix tests

* fixed log messages

* add new interface based downloader package

* update the usage and remove old gogetter usage

* [autofix.ci] apply automated fixes

* add unit test cases

* [autofix.ci] apply automated fixes

* fix golangci lint

* fix golangci-lint

* fixed logging

* fix vendor test case

* [autofix.ci] apply automated fixes

* added unit test cases to have more coverage

* Update pkg/downloader/custom_github_detector.go

Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <[email protected]>

* fix test

* [autofix.ci] apply automated fixes

* golangci-lint fix

* fix golangci-lint

* ignore mock files in the test

* fix rebase

* lint test

* [autofix.ci] apply automated fixes

* remove old unwanted test

* fix merge issues

* update file name

* custom git detector

* fix golangci lint

* updated parsing logic

* fix test case

* fix test case

* reduce complexity

* updated describe_config test

* fix snapshots

* fix test case

* updated snapshot

* fix tests

* config inject bitbucket and inject gitlab

* fix tests

---------

Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <[email protected]>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Author: 3 people

codecov.yml

@@ -8,6 +8,8 @@ coverage:
         target: 80% # Require at least 80% test coverage on new/changed lines
         threshold: 2% # Allow a small drop in coverage
         base: auto
+  ignore:
+    - "mock_*.go"  # Adjust this pattern based on your project structure
 
 comment:
   layout: "reach,diff,flags,tree"  # Display different coverage views

internal/exec/utils.go

@@ -12,6 +12,7 @@ import (
 	"github.com/spf13/pflag"
 
 	cfg "github.com/cloudposse/atmos/pkg/config"
+	"github.com/cloudposse/atmos/pkg/filetype"
 	"github.com/cloudposse/atmos/pkg/schema"
 	u "github.com/cloudposse/atmos/pkg/utils"
 )
@@ -1206,7 +1207,7 @@ func getCliVars(args []string) (map[string]any, error) {
 				varName := parts[0]
 				part2 := parts[1]
 				var varValue any
-				if u.IsJSON(part2) {
+				if filetype.IsJSON(part2) {
 					v, err := u.ConvertFromJSON(part2)
 					if err != nil {
 						return nil, err

internal/exec/validate_stacks.go

@@ -12,11 +12,11 @@ import (
 	"time"
 
 	log "github.com/charmbracelet/log"
-	"github.com/hashicorp/go-getter"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 
 	cfg "github.com/cloudposse/atmos/pkg/config"
+	"github.com/cloudposse/atmos/pkg/downloader"
 	"github.com/cloudposse/atmos/pkg/schema"
 	u "github.com/cloudposse/atmos/pkg/utils"
 )
@@ -408,7 +408,7 @@ func downloadSchemaFromURL(atmosConfig *schema.AtmosConfiguration) (string, erro
 
 	atmosManifestJsonSchemaFilePath := filepath.Join(tempDir, fileName)
 
-	if err = u.GoGetterGet(*atmosConfig, manifestURL, atmosManifestJsonSchemaFilePath, getter.ClientModeFile, time.Second*30); err != nil {
+	if err = downloader.NewGoGetterDownloader(atmosConfig).Fetch(manifestURL, atmosManifestJsonSchemaFilePath, downloader.ClientModeFile, 30*time.Second); err != nil {
 		return "", fmt.Errorf("failed to download the Atmos JSON Schema file '%s' from the URL '%s': %w", fileName, manifestURL, err)
 	}
 

internal/exec/vendor_component_utils.go

@@ -15,11 +15,11 @@ import (
 	"github.com/Masterminds/sprig/v3"
 	tea "github.com/charmbracelet/bubbletea"
 	"github.com/hairyhenderson/gomplate/v3"
-	"github.com/hashicorp/go-getter"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	cp "github.com/otiai10/copy"
 
 	cfg "github.com/cloudposse/atmos/pkg/config"
+	"github.com/cloudposse/atmos/pkg/downloader"
 	"github.com/cloudposse/atmos/pkg/schema"
 	u "github.com/cloudposse/atmos/pkg/utils"
 )
@@ -388,7 +388,7 @@ func downloadComponentAndInstall(p *pkgComponentVendor, dryRun bool, atmosConfig
 		if dryRun {
 			if needsCustomDetection(p.uri) {
 				log.Debug("Dry-run mode: custom detection required for component (or mixin) URI", "component", p.name, "uri", p.uri)
-				detector := &u.CustomGitDetector{AtmosConfig: *atmosConfig, Source: ""}
+				detector := downloader.NewCustomGitDetector(atmosConfig, "")
 				_, _, err := detector.Detect(p.uri, "")
 				if err != nil {
 					return installedPkgMsg{
@@ -455,7 +455,7 @@ func installComponent(p *pkgComponentVendor, atmosConfig *schema.AtmosConfigurat
 	case pkgTypeRemote:
 		tempDir = filepath.Join(tempDir, SanitizeFileName(p.uri))
 
-		if err := u.GoGetterGet(*atmosConfig, p.uri, tempDir, getter.ClientModeAny, 10*time.Minute); err != nil {
+		if err := downloader.NewGoGetterDownloader(atmosConfig).Fetch(p.uri, tempDir, downloader.ClientModeAny, 10*time.Minute); err != nil {
 			return fmt.Errorf("failed to download package %s error %w", p.name, err)
 		}
 
@@ -511,7 +511,7 @@ func installMixin(p *pkgComponentVendor, atmosConfig *schema.AtmosConfiguration)
 
 	switch p.pkgType {
 	case pkgTypeRemote:
-		if err = u.GoGetterGet(*atmosConfig, p.uri, filepath.Join(tempDir, p.mixinFilename), getter.ClientModeFile, 10*time.Minute); err != nil {
+		if err = downloader.NewGoGetterDownloader(atmosConfig).Fetch(p.uri, filepath.Join(tempDir, p.mixinFilename), downloader.ClientModeFile, 10*time.Minute); err != nil {
 			return fmt.Errorf("failed to download package %s error %w", p.name, err)
 		}
 

internal/exec/vendor_model.go

@@ -17,6 +17,7 @@ import (
 	cp "github.com/otiai10/copy"
 
 	"github.com/cloudposse/atmos/internal/tui/templates/term"
+	"github.com/cloudposse/atmos/pkg/downloader"
 	"github.com/cloudposse/atmos/pkg/schema"
 	"github.com/cloudposse/atmos/pkg/ui/theme"
 	u "github.com/cloudposse/atmos/pkg/utils"
@@ -359,7 +360,8 @@ func (p *pkgAtmosVendor) installer(tempDir *string, atmosConfig *schema.AtmosCon
 	switch p.pkgType {
 	case pkgTypeRemote:
 		// Use go-getter to download remote packages
-		if err := u.GoGetterGet(*atmosConfig, p.uri, *tempDir, getter.ClientModeAny, 10*time.Minute); err != nil {
+
+		if err := downloader.NewGoGetterDownloader(atmosConfig).Fetch(p.uri, *tempDir, downloader.ClientModeAny, 10*time.Minute); err != nil {
 			return fmt.Errorf("failed to download package: %w", err)
 		}
 
@@ -393,7 +395,7 @@ func handleDryRunInstall(p *pkgAtmosVendor, atmosConfig *schema.AtmosConfigurati
 
 	if needsCustomDetection(p.uri) {
 		log.Debug("Custom detection required for URI", "uri", p.uri)
-		detector := &u.CustomGitDetector{AtmosConfig: *atmosConfig, Source: ""}
+		detector := downloader.NewCustomGitDetector(atmosConfig, "")
 		_, _, err := detector.Detect(p.uri, "")
 		if err != nil {
 			return installedPkgMsg{

pkg/config/load.go

@@ -58,6 +58,7 @@ func LoadConfig(configAndStacksInfo *schema.ConfigAndStacksInfo) (schema.AtmosCo
 			atmosConfig.CliConfigPath = absPath
 		}
 	}
+	setEnv(v)
 	// We want the editorconfig color by default to be true
 	atmosConfig.Validate.EditorConfig.Color = true
 	// https://gist.github.com/chazcheadle/45bf85b793dea2b71bd05ebaa3c28644
@@ -69,6 +70,27 @@ func LoadConfig(configAndStacksInfo *schema.ConfigAndStacksInfo) (schema.AtmosCo
 	return atmosConfig, nil
 }
 
+func setEnv(v *viper.Viper) {
+	bindEnv(v, "settings.github_token", "GITHUB_TOKEN")
+	bindEnv(v, "settings.inject_github_token", "ATMOS_INJECT_GITHUB_TOKEN")
+	bindEnv(v, "settings.atmos_github_token", "ATMOS_GITHUB_TOKEN")
+
+	bindEnv(v, "settings.bitbucket_token", "BITBUCKET_TOKEN")
+	bindEnv(v, "settings.atmos_bitbucket_token", "ATMOS_BITBUCKET_TOKEN")
+	bindEnv(v, "settings.inject_bitbucket_token", "ATMOS_INJECT_BITBUCKET_TOKEN")
+	bindEnv(v, "settings.bitbucket_username", "BITBUCKET_USERNAME")
+
+	bindEnv(v, "settings.gitlab_token", "GITLAB_TOKEN")
+	bindEnv(v, "settings.inject_gitlab_token", "ATMOS_INJECT_GITLAB_TOKEN")
+	bindEnv(v, "settings.atmos_gitlab_token", "ATMOS_GITLAB_TOKEN")
+}
+
+func bindEnv(v *viper.Viper, key ...string) {
+	if err := v.BindEnv(key...); err != nil {
+		panic(err)
+	}
+}
+
 // setDefaultConfiguration set default configuration for the viper instance.
 func setDefaultConfiguration(v *viper.Viper) {
 	v.SetDefault("components.helmfile.use_eks", true)

pkg/downloader/custom_git_detector.go

@@ -0,0 +1,229 @@
+package downloader
+
+import (
+	"fmt"
+	"net/url"
+	"path/filepath"
+	"regexp"
+	"strings"
+
+	log "github.com/charmbracelet/log"
+	"github.com/cloudposse/atmos/pkg/schema"
+)
+
+var ErrInvalidURL = fmt.Errorf("invalid URL")
+
+const schemeSeparator = "://"
+
+// CustomGitDetector intercepts Git URLs (for GitHub, Bitbucket, GitLab, etc.)
+// and transforms them into a proper URL for cloning, optionally injecting tokens.
+type CustomGitDetector struct {
+	atmosConfig *schema.AtmosConfiguration
+	source      string
+}
+
+func NewCustomGitDetector(atmosConfig *schema.AtmosConfiguration, source string) *CustomGitDetector {
+	return &CustomGitDetector{
+		atmosConfig: atmosConfig,
+		source:      source,
+	}
+}
+
+// Detect implements the getter.Detector interface for go-getter v1.
+func (d *CustomGitDetector) Detect(src, _ string) (string, bool, error) {
+	log.Debug("CustomGitDetector.Detect called")
+
+	if len(src) == 0 {
+		return "", false, nil
+	}
+
+	// Ensure the URL has an explicit scheme.
+	src = d.ensureScheme(src)
+
+	// Parse the URL to extract the host and path.
+	parsedURL, err := url.Parse(src)
+	if err != nil {
+		maskedSrc, _ := maskBasicAuth(src)
+		log.Debug("Failed to parse URL", keyURL, maskedSrc, "error", err)
+		return "", false, fmt.Errorf("failed to parse URL %q: %w", maskedSrc, err)
+	}
+
+	// If no host is detected, this is likely a local file path.
+	// Skip custom processing so that go getter handles it as is.
+	if parsedURL.Host == "" {
+		log.Debug("No host detected in URL, skipping custom git detection", keyURL, src)
+		return "", false, nil
+	}
+
+	// Normalize the path.
+	d.normalizePath(parsedURL)
+
+	// Adjust host check to support GitHub, Bitbucket, GitLab, etc.
+	host := strings.ToLower(parsedURL.Host)
+	if host != hostGitHub && host != hostBitbucket && host != hostGitLab {
+		log.Debug("Skipping token injection for an unsupported host", "host", parsedURL.Host)
+		return "", false, nil
+	}
+
+	log.Debug("Reading config param", "InjectGithubToken", d.atmosConfig.Settings.InjectGithubToken)
+	// Inject token if available.
+	d.injectToken(parsedURL, host)
+
+	// Adjust subdirectory if needed.
+	d.adjustSubdir(parsedURL, d.source)
+
+	// Set "depth=1" for a shallow clone if not specified.
+	q := parsedURL.Query()
+	if _, exists := q["depth"]; !exists {
+		q.Set("depth", "1")
+	}
+	parsedURL.RawQuery = q.Encode()
+
+	finalURL := "git::" + parsedURL.String()
+	maskedFinal, err := maskBasicAuth(strings.TrimPrefix(finalURL, "git::"))
+	if err != nil {
+		log.Debug("Masking failed", "error", err)
+	} else {
+		log.Debug("Final transformation", "url", "git::"+maskedFinal)
+	}
+
+	return finalURL, true, nil
+}
+
+const (
+	// Named constants for regex match indices.
+	matchIndexUser   = 1
+	matchIndexHost   = 3
+	matchIndexPath   = 4
+	matchIndexSuffix = 5
+	matchIndexExtra  = 6
+
+	keyURL = "url"
+
+	hostGitHub    = "github.com"
+	hostGitLab    = "gitlab.com"
+	hostBitbucket = "bitbucket.org"
+)
+
+const GitPrefix = "git::"
+
+// ensureScheme checks for an explicit scheme and rewrites SCP-style URLs if needed.
+// Also removes any existing "git::" prefix (required for the dry-run mode to operate correctly).
+func (d *CustomGitDetector) ensureScheme(src string) string {
+	// Strip any existing "git::" prefix
+	src = strings.TrimPrefix(src, GitPrefix)
+
+	if !strings.Contains(src, schemeSeparator) {
+		if newSrc, rewritten := rewriteSCPURL(src); rewritten {
+			maskedOld, _ := maskBasicAuth(src)
+			maskedNew, _ := maskBasicAuth(newSrc)
+			log.Debug("Rewriting SCP-style SSH URL", "old_url", maskedOld, "new_url", maskedNew)
+			return newSrc
+		}
+		src = "https://" + src
+		maskedSrc, _ := maskBasicAuth(src)
+		log.Debug("Defaulting to https scheme", keyURL, maskedSrc)
+	}
+	return src
+}
+
+func rewriteSCPURL(src string) (string, bool) {
+	scpPattern := regexp.MustCompile(`^(([\w.-]+)@)?([\w.-]+\.[\w.-]+):([\w./-]+)(\.git)?(.*)$`)
+	if scpPattern.MatchString(src) {
+		matches := scpPattern.FindStringSubmatch(src)
+		newSrc := "ssh://"
+		user := matches[matchIndexUser] // This includes the "@" if present.
+		host := matches[matchIndexHost]
+		// Only for SSH vendoring (i.e. when rewriting an SCP URL), inject default username (git) for known hosts.
+		if user == "" && (strings.EqualFold(host, hostGitHub) ||
+			strings.EqualFold(host, hostGitLab) ||
+			strings.EqualFold(host, hostBitbucket)) {
+			user = "git@"
+		}
+		newSrc += user + host + "/" + matches[matchIndexPath]
+		if matches[matchIndexSuffix] != "" {
+			newSrc += matches[matchIndexSuffix]
+		}
+		if matches[matchIndexExtra] != "" {
+			newSrc += matches[matchIndexExtra]
+		}
+		return newSrc, true
+	}
+	return "", false
+}
+
+// normalizePath converts the URL path to use forward slashes.
+func (d *CustomGitDetector) normalizePath(parsedURL *url.URL) {
+	unescapedPath, err := url.PathUnescape(parsedURL.Path)
+	if err == nil {
+		parsedURL.Path = filepath.ToSlash(unescapedPath)
+	} else {
+		parsedURL.Path = filepath.ToSlash(parsedURL.Path)
+	}
+}
+
+// injectToken injects a token into the URL if available.
+func (d *CustomGitDetector) injectToken(parsedURL *url.URL, host string) {
+	token, tokenSource := d.resolveToken(host)
+	if token != "" {
+		defaultUsername := d.getDefaultUsername(host)
+		parsedURL.User = url.UserPassword(defaultUsername, token)
+		maskedURL, _ := maskBasicAuth(parsedURL.String())
+		log.Debug("Injected token", "env", tokenSource, keyURL, maskedURL)
+	} else {
+		log.Debug("No token found for injection")
+	}
+}
+
+// resolveToken returns the token and its source based on the host.
+func (d *CustomGitDetector) resolveToken(host string) (string, string) {
+	switch host {
+	case hostGitHub:
+		if d.atmosConfig.Settings.InjectGithubToken {
+			return d.atmosConfig.Settings.AtmosGithubToken, "ATMOS_GITHUB_TOKEN"
+		}
+		return d.atmosConfig.Settings.GithubToken, "GITHUB_TOKEN"
+	case hostBitbucket:
+		if d.atmosConfig.Settings.InjectBitbucketToken {
+			return d.atmosConfig.Settings.AtmosBitbucketToken, "ATMOS_BITBUCKET_TOKEN"
+		}
+		return d.atmosConfig.Settings.BitbucketToken, "BITBUCKET_TOKEN"
+	case hostGitLab:
+		if d.atmosConfig.Settings.InjectGitlabToken {
+			return d.atmosConfig.Settings.AtmosGitlabToken, "ATMOS_GITLAB_TOKEN"
+		}
+		return d.atmosConfig.Settings.GitlabToken, "GITLAB_TOKEN"
+	}
+	return "", ""
+}
+
+// getDefaultUsername returns the default username for token injection based on the host.
+func (d *CustomGitDetector) getDefaultUsername(host string) string {
+	switch host {
+	case hostGitHub:
+		return "x-access-token"
+	case hostGitLab:
+		return "oauth2"
+	case hostBitbucket:
+		defaultUsername := d.atmosConfig.Settings.BitbucketUsername
+		if defaultUsername == "" {
+			return "x-token-auth"
+		}
+		return defaultUsername
+	default:
+		return "x-access-token"
+	}
+}
+
+// adjustSubdir appends "//." to the path if no subdirectory is specified.
+func (d *CustomGitDetector) adjustSubdir(parsedURL *url.URL, source string) {
+	normalizedSource := filepath.ToSlash(source)
+	if normalizedSource != "" && !strings.Contains(normalizedSource, "//") {
+		parts := strings.SplitN(parsedURL.Path, "/", 4)
+		if strings.HasSuffix(parsedURL.Path, ".git") || len(parts) == 3 {
+			maskedSrc, _ := maskBasicAuth(source)
+			log.Debug("Detected top-level repo with no subdir: appending '//.'", keyURL, maskedSrc)
+			parsedURL.Path += "//."
+		}
+	}
+}