Skip to content

feat(operations.git): support port and ssh://, https:// URLs#1785

Open
maisim wants to merge 2 commits into
pyinfra-dev:3.xfrom
maisim:3.x-keyscan-port-support
Open

feat(operations.git): support port and ssh://, https:// URLs#1785
maisim wants to merge 2 commits into
pyinfra-dev:3.xfrom
maisim:3.x-keyscan-port-support

Conversation

@maisim

@maisim maisim commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

The regex in git.repo only parsed SCP-like URLs (user@host), failing on ssh://user@host:port/path and https://host/path formats. Extend parsing to cover these variants and pass the detected port to ssh.keyscan instead of defaulting to 22.

  • Pull request is based on the default branch (3.x at this time)
  • Pull request includes tests for any new/updated operations/facts
  • Pull request includes documentation for any new/updated operations/facts
  • Tests pass (see scripts/dev-test.sh)
  • Type checking & code style passes (see scripts/dev-lint.sh)
  • Pull request title follows the
    conventional commits format

@maisim maisim force-pushed the 3.x-keyscan-port-support branch from c792fc5 to 845e1ea Compare June 2, 2026 12:16
…eyscan

The regex in git.repo only parsed SCP-like URLs (user@host),
failing on ssh://user@host:port/path and https://host/path formats.
Extend parsing to cover these variants and pass the detected port
to ssh.keyscan instead of defaulting to 22.
@maisim maisim force-pushed the 3.x-keyscan-port-support branch from 845e1ea to 0ff3930 Compare June 2, 2026 12:19
@wowi42 wowi42 added facts Issues with facts. new feature operations Issues with operations. and removed facts Issues with facts. labels Jun 5, 2026
@maisim maisim changed the title feat(operations.git): support port and ssh://, https:// URLs in SSH keyscan feat(operations.git): support port and ssh://, https:// URLs Jun 16, 2026
@wowi42

wowi42 commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

Sorry for the late review.

Needs discussion before merge.

The PR extends git.repo URL parsing so ssh_keyscan=True extracts host and port from ssh:// and https:// URLs. The change is focused and CI passes, but the interaction between ssh_keyscan and HTTPS URLs is unclear.

Issue: when src is https://host/path, the PR runs ssh-keyscan against that host. ssh-keyscan is for SSH host keys, not HTTPS. For HTTPS clones the keyscan is irrelevant, and defaulting to port 22 instead of 443 is confusing. Either keyscan should be limited to SSH-family URLs (git@host, ssh://), or the PR body should explain why HTTPS triggers an SSH scan.

Also, the PR branch is based on 410d5f92, which is well behind current 3.x. It will need a rebase before merge.

Minor notes:

  • src/pyinfra/operations/git.py:149: m.lastindex and m.lastindex >= 2 can be simplified to if m.group(2):.
  • The \[? ... \]? in the SSH regex does not actually parse IPv6 addresses.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

new feature operations Issues with operations.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants