glab-setup-git-identity 0.6.0 → 0.6.2

package/CHANGELOG.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## 0.6.2
+
+### Patch Changes
+
+- 9f3ac16: Fix --version showing 'unknown' and fix auth flow for unauthenticated users
+  - Fix --version to explicitly read version from package.json (yargs auto-detection fails when installed globally with bun)
+  - Fix isGlabAuthenticated to detect invalid/missing tokens even when glab auth status exits with code 0
+  - Suppress noisy glab auth status output by using mirror: false with capture: true in command-stream
+  - Add mirror: false to all captured command executions to prevent output leaking to terminal
+
+## 0.6.1
+
+### Patch Changes
+
+- 006215b: Fix Docker/server support and glab --jq compatibility
+  - Fix README.md manual commands to use pipe to jq instead of --jq flag
+  - Add "Authentication in Docker/Server Environments" section to README
+  - Enhance CLI with helpful headless auth instructions
+  - Fix src/index.js to parse JSON in JavaScript for better glab version compatibility
+  - Optimize getGitLabUserInfo to use a single API call
+
 ## 0.6.0
 
 ### Minor Changes

package/README.md

@@ -13,16 +13,24 @@ A tool to setup git identity based on current GitLab user.
 Instead of manually running:
 
 ```bash
-glab auth login --hostname gitlab.com --git-protocol https
+# Authenticate with GitLab (interactive mode - no extra flags)
+glab auth login
+
+# Or for non-interactive mode with a token:
+# glab auth login --hostname gitlab.com --git-protocol https --token YOUR_TOKEN
+
 glab auth git-credential # For HTTPS authentication helper
 
-USERNAME=$(glab api user --jq '.username')
-EMAIL=$(glab api user --jq '.email')
+# Get user info (requires jq to be installed)
+USERNAME=$(glab api user | jq -r '.username')
+EMAIL=$(glab api user | jq -r '.email')
 
 git config --global user.name "$USERNAME"
 git config --global user.email "$EMAIL"
 ```
 
+> **Note for manual commands**: The commands above require `jq` to be installed (`apt install jq` or `brew install jq`). The `glab api` command does not have a built-in `--jq` flag - you must pipe output to the external `jq` tool.
+
 You can simply run:
 
 ```bash
@@ -163,7 +171,61 @@ The tool runs `glab auth login` automatically, followed by configuring git to us
 If automatic authentication fails, you can run the commands manually:
 
 ```bash
-glab auth login --hostname gitlab.com --git-protocol https
+glab auth login
+```
+
+### Authentication in Docker/Server Environments (Headless)
+
+When running in Docker containers or on remote servers without a browser, `glab auth login` will display a URL to open but fail to launch a browser:
+
+```
+Failed opening a browser at https://gitlab.com/oauth/authorize?...
+Encountered error: exec: "xdg-open": executable file not found in $PATH
+Try entering the URL in your browser manually.
+```
+
+**To complete authentication in headless environments:**
+
+1. **Copy the authorization URL** displayed by glab and open it in your local browser
+2. Complete the GitLab OAuth flow in your browser
+3. You'll be redirected to a URL like: `http://localhost:7171/auth/redirect?code=...&state=...`
+4. **Use `curl` to send the redirect URL back to glab**:
+
+```bash
+# Method 1: Using screen (recommended for Docker)
+# Terminal 1: Start glab auth in screen
+screen -S glab-auth
+glab auth login
+# Press Ctrl+A, D to detach from screen
+
+# Terminal 2: After completing OAuth in browser, send the redirect URL
+curl -L "http://localhost:7171/auth/redirect?code=YOUR_CODE&state=YOUR_STATE"
+
+# Return to screen to see auth completion
+screen -r glab-auth
+```
+
+```bash
+# Method 2: Using SSH port forwarding (for remote servers)
+# On your local machine, forward the callback port:
+ssh -L 7171:localhost:7171 user@remote-server
+
+# Then on the server, run glab auth login
+# The OAuth redirect will go through the SSH tunnel to your local machine
+```
+
+**Alternatively, use token-based authentication** (recommended for CI/CD and automation):
+
+```bash
+# Generate a Personal Access Token at:
+# https://gitlab.com/-/profile/personal_access_tokens
+# Required scopes: api, write_repository
+
+# Then authenticate non-interactively:
+glab auth login --hostname gitlab.com --token YOUR_TOKEN
+
+# Or with this tool:
+glab-setup-git-identity --token YOUR_TOKEN
 ```
 
 ### Successful Run

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "glab-setup-git-identity",
-  "version": "0.6.0",
+  "version": "0.6.2",
   "description": "A tool to setup git identity based on current GitLab user",
   "type": "module",
   "main": "src/index.js",

package/src/cli.js

@@ -6,6 +6,7 @@
  * Command-line interface for setting up git identity based on GitLab user
  */
 
+import { createRequire } from 'node:module';
 import { makeConfig } from 'lino-arguments';
 import {
   setupGitIdentity,
@@ -17,6 +18,11 @@ import {
 } from './index.js';
 import { $ } from 'command-stream';
 
+// Read version from package.json explicitly (yargs auto-detection may fail when installed globally)
+const require = createRequire(import.meta.url);
+const packageJson = require('../package.json');
+const packageVersion = packageJson.version;
+
 // Parse command-line arguments with environment variable and .lenv support
 const config = makeConfig({
   yargs: ({ yargs, getenv }) =>
@@ -145,7 +151,7 @@ const config = makeConfig({
       )
       .help('h')
       .alias('h', 'help')
-      .version()
+      .version(packageVersion)
       .strict(),
 });
 
@@ -260,6 +266,40 @@ async function handleAlreadyAuthenticated() {
   return true;
 }
 
+/**
+ * Print headless authentication instructions
+ */
+function printHeadlessAuthInstructions() {
+  console.log('');
+  console.log('=== Authentication in Docker/Server Environments ===');
+  console.log('');
+  console.log(
+    'If you see a browser URL but cannot open it, follow these steps:'
+  );
+  console.log('');
+  console.log('1. Copy the authorization URL displayed above');
+  console.log('2. Open it in your local browser and complete the OAuth flow');
+  console.log(
+    '3. You will be redirected to: http://localhost:7171/auth/redirect?code=...&state=...'
+  );
+  console.log('4. Use curl to send that redirect URL back to glab:');
+  console.log('');
+  console.log(
+    '   curl -L "http://localhost:7171/auth/redirect?code=YOUR_CODE&state=YOUR_STATE"'
+  );
+  console.log('');
+  console.log('Alternatively, use token-based authentication:');
+  console.log('');
+  console.log('1. Generate a Personal Access Token at:');
+  console.log(`   https://${config.hostname}/-/profile/personal_access_tokens`);
+  console.log('   Required scopes: api, write_repository');
+  console.log('');
+  console.log('2. Re-run with your token:');
+  console.log(`   glab-setup-git-identity --token YOUR_TOKEN`);
+  console.log('');
+  console.log('================================================');
+}
+
 /**
  * Handle case when not authenticated
  * @returns {Promise<boolean>} True if login succeeded
@@ -268,14 +308,27 @@ async function handleNotAuthenticated() {
   console.log('GitLab CLI is not authenticated. Starting authentication...');
   console.log('');
 
+  // Print headless instructions before attempting auth
+  // This helps users in Docker/server environments know what to do
+  printHeadlessAuthInstructions();
+  console.log('');
+
   const loginSuccess = await runGlabAuthLogin(getAuthOptions());
 
   if (!loginSuccess) {
     console.log('');
-    console.log('Authentication failed. Please try running manually:');
+    console.log('Authentication failed. Please try one of the following:');
+    console.log('');
+    console.log('Option 1: Interactive login');
+    console.log('  glab auth login');
+    console.log('');
+    console.log('Option 2: Token-based login (recommended for headless)');
     console.log(
-      `  glab auth login --hostname ${config.hostname} --git-protocol ${config.gitProtocol}`
+      `  glab auth login --hostname ${config.hostname} --token YOUR_TOKEN`
     );
+    console.log('');
+    console.log('Option 3: Use this tool with a token');
+    console.log(`  glab-setup-git-identity --token YOUR_TOKEN`);
     return false;
   }
 

package/src/index.js

@@ -62,7 +62,10 @@ export async function getGlabPath(options = {}) {
   const command = process.platform === 'win32' ? 'where' : 'which';
 
   try {
-    const result = await $`${command} glab`.run({ capture: true });
+    const result = await $`${command} glab`.run({
+      capture: true,
+      mirror: false,
+    });
 
     if (result.code !== 0 || !result.stdout) {
       throw new Error(
@@ -238,7 +241,7 @@ export async function runGlabAuthSetupGit(options = {}) {
     try {
       const existingResult =
         await $`git config --global --get credential.${credentialUrl}.helper`.run(
-          { capture: true }
+          { capture: true, mirror: false }
         );
 
       if (existingResult.code === 0 && existingResult.stdout && !force) {
@@ -262,6 +265,7 @@ export async function runGlabAuthSetupGit(options = {}) {
     try {
       await $`git config --global credential.${credentialUrl}.helper ""`.run({
         capture: true,
+        mirror: false,
       });
     } catch {
       // Ignore errors if not set
@@ -272,7 +276,7 @@ export async function runGlabAuthSetupGit(options = {}) {
 
     const result =
       await $`git config --global --add credential.${credentialUrl}.helper ${credentialHelper}`.run(
-        { capture: true }
+        { capture: true, mirror: false }
       );
 
     if (result.code !== 0) {
@@ -312,13 +316,29 @@ export async function isGlabAuthenticated(options = {}) {
   }
 
   try {
-    const result = await $`glab ${args}`.run({ capture: true });
+    const result = await $`glab ${args}`.run({
+      capture: true,
+      mirror: false,
+    });
 
     if (result.code !== 0) {
       log.debug(`GitLab CLI is not authenticated: ${result.stderr}`);
       return false;
     }
 
+    // glab auth status may exit with code 0 even when not properly authenticated.
+    // Check stderr for indicators of auth failure (e.g., "No token provided", "401 Unauthorized").
+    const output = (result.stderr || '') + (result.stdout || '');
+    if (
+      /no token provided/i.test(output) ||
+      /401\s*unauthorized/i.test(output)
+    ) {
+      log.debug(
+        `GitLab CLI reports success but token is missing or invalid: ${output.trim()}`
+      );
+      return false;
+    }
+
     log.debug('GitLab CLI is authenticated');
     return true;
   } catch (error) {
@@ -330,6 +350,9 @@ export async function isGlabAuthenticated(options = {}) {
 /**
  * Get GitLab username from authenticated user
  *
+ * Note: This function parses the JSON response in JavaScript rather than using
+ * glab's --jq flag, as the --jq flag is not available in all glab versions.
+ *
  * @param {Object} options - Options
  * @param {string} options.hostname - GitLab hostname (optional)
  * @param {boolean} options.verbose - Enable verbose logging
@@ -342,18 +365,34 @@ export async function getGitLabUsername(options = {}) {
 
   log.debug('Getting GitLab username...');
 
-  const args = ['api', 'user', '--jq', '.username'];
+  const args = ['api', 'user'];
   if (hostname) {
     args.push('--hostname', hostname);
   }
 
-  const result = await $`glab ${args}`.run({ capture: true });
+  const result = await $`glab ${args}`.run({ capture: true, mirror: false });
 
   if (result.code !== 0) {
     throw new Error(`Failed to get GitLab username: ${result.stderr}`);
   }
 
-  const username = result.stdout.trim();
+  // Parse JSON response in JavaScript (glab's --jq flag is not available in all versions)
+  let userData;
+  try {
+    userData = JSON.parse(result.stdout.trim());
+  } catch (parseError) {
+    throw new Error(
+      `Failed to parse GitLab user data: ${parseError.message}. Raw output: ${result.stdout}`
+    );
+  }
+
+  const username = userData.username;
+  if (!username) {
+    throw new Error(
+      'No username found in GitLab user data. Please ensure your GitLab account has a username.'
+    );
+  }
+
   log.debug(`GitLab username: ${username}`);
 
   return username;
@@ -362,6 +401,9 @@ export async function getGitLabUsername(options = {}) {
 /**
  * Get primary email from GitLab user
  *
+ * Note: This function parses the JSON response in JavaScript rather than using
+ * glab's --jq flag, as the --jq flag is not available in all glab versions.
+ *
  * @param {Object} options - Options
  * @param {string} options.hostname - GitLab hostname (optional)
  * @param {boolean} options.verbose - Enable verbose logging
@@ -374,18 +416,28 @@ export async function getGitLabEmail(options = {}) {
 
   log.debug('Getting GitLab primary email...');
 
-  const args = ['api', 'user', '--jq', '.email'];
+  const args = ['api', 'user'];
   if (hostname) {
     args.push('--hostname', hostname);
   }
 
-  const result = await $`glab ${args}`.run({ capture: true });
+  const result = await $`glab ${args}`.run({ capture: true, mirror: false });
 
   if (result.code !== 0) {
     throw new Error(`Failed to get GitLab email: ${result.stderr}`);
   }
 
-  const email = result.stdout.trim();
+  // Parse JSON response in JavaScript (glab's --jq flag is not available in all versions)
+  let userData;
+  try {
+    userData = JSON.parse(result.stdout.trim());
+  } catch (parseError) {
+    throw new Error(
+      `Failed to parse GitLab user data: ${parseError.message}. Raw output: ${result.stdout}`
+    );
+  }
+
+  const email = userData.email;
 
   if (!email) {
     throw new Error(
@@ -401,6 +453,10 @@ export async function getGitLabEmail(options = {}) {
 /**
  * Get GitLab user information (username and primary email)
  *
+ * Note: This function makes a single API call and parses both username and email
+ * from the response, which is more efficient than calling getGitLabUsername and
+ * getGitLabEmail separately.
+ *
  * @param {Object} options - Options
  * @param {string} options.hostname - GitLab hostname (optional)
  * @param {boolean} options.verbose - Enable verbose logging
@@ -408,10 +464,49 @@ export async function getGitLabEmail(options = {}) {
  * @returns {Promise<{username: string, email: string}>} User information
  */
 export async function getGitLabUserInfo(options = {}) {
-  const [username, email] = await Promise.all([
-    getGitLabUsername(options),
-    getGitLabEmail(options),
-  ]);
+  const { hostname, verbose = false, logger = console } = options;
+  const log = createDefaultLogger({ verbose, logger });
+
+  log.debug('Getting GitLab user information...');
+
+  const args = ['api', 'user'];
+  if (hostname) {
+    args.push('--hostname', hostname);
+  }
+
+  const result = await $`glab ${args}`.run({ capture: true, mirror: false });
+
+  if (result.code !== 0) {
+    throw new Error(`Failed to get GitLab user info: ${result.stderr}`);
+  }
+
+  // Parse JSON response in JavaScript (glab's --jq flag is not available in all versions)
+  let userData;
+  try {
+    userData = JSON.parse(result.stdout.trim());
+  } catch (parseError) {
+    throw new Error(
+      `Failed to parse GitLab user data: ${parseError.message}. Raw output: ${result.stdout}`
+    );
+  }
+
+  const username = userData.username;
+  const email = userData.email;
+
+  if (!username) {
+    throw new Error(
+      'No username found in GitLab user data. Please ensure your GitLab account has a username.'
+    );
+  }
+
+  if (!email) {
+    throw new Error(
+      'No email found on GitLab account. Please set a primary email in your GitLab settings.'
+    );
+  }
+
+  log.debug(`GitLab username: ${username}`);
+  log.debug(`GitLab primary email: ${email}`);
 
   return { username, email };
 }
@@ -437,6 +532,7 @@ export async function setGitConfig(key, value, options = {}) {
 
   const result = await $`git config ${scopeFlag} ${key} ${value}`.run({
     capture: true,
+    mirror: false,
   });
 
   if (result.code !== 0) {
@@ -464,7 +560,10 @@ export async function getGitConfig(key, options = {}) {
 
   log.debug(`Getting git config ${key} (${scope})`);
 
-  const result = await $`git config ${scopeFlag} ${key}`.run({ capture: true });
+  const result = await $`git config ${scopeFlag} ${key}`.run({
+    capture: true,
+    mirror: false,
+  });
 
   if (result.code !== 0) {
     log.debug(`Git config ${key} not set`);

package/tests/index.test.js

@@ -4,15 +4,19 @@
  */
 
 import { describe, it, expect } from 'test-anywhere';
+import { createRequire } from 'node:module';
 import {
   defaultAuthOptions,
   getGitConfig,
   setGitConfig,
   verifyGitIdentity,
   getGlabPath,
+  isGlabAuthenticated,
   runGlabAuthSetupGit,
 } from '../src/index.js';
 
+const require = createRequire(import.meta.url);
+
 describe('defaultAuthOptions', () => {
   it('should have correct default hostname', () => {
     expect(defaultAuthOptions.hostname).toBe('gitlab.com');
@@ -131,7 +135,65 @@ describe('runGlabAuthSetupGit', () => {
   });
 });
 
-// Note: Tests for isGlabAuthenticated, getGitLabUsername, getGitLabEmail,
+describe('CLI --version', () => {
+  it('should output the version from package.json', async () => {
+    const pkg = require('../package.json');
+    const { execSync } = await import('node:child_process');
+    const output = execSync('node src/cli.js --version', {
+      encoding: 'utf8',
+    }).trim();
+    expect(output).toBe(pkg.version);
+  });
+});
+
+describe('isGlabAuthenticated', () => {
+  it('should be a function', () => {
+    expect(typeof isGlabAuthenticated).toBe('function');
+  });
+
+  it('should return false when glab has no valid token', async () => {
+    // In this test environment, glab is not properly authenticated
+    // so isGlabAuthenticated should return false
+    try {
+      const result = await isGlabAuthenticated();
+      expect(typeof result).toBe('boolean');
+    } catch {
+      // If glab is not installed, it should handle gracefully
+      expect(true).toBe(true);
+    }
+  });
+
+  it('should not produce visible output when checking auth status', async () => {
+    // Ensure isGlabAuthenticated does not leak glab output to the console
+    const originalStdoutWrite = process.stdout.write;
+    const originalStderrWrite = process.stderr.write;
+    let capturedOutput = '';
+
+    process.stdout.write = (chunk) => {
+      capturedOutput += chunk.toString();
+      return true;
+    };
+    process.stderr.write = (chunk) => {
+      capturedOutput += chunk.toString();
+      return true;
+    };
+
+    try {
+      await isGlabAuthenticated({ verbose: false });
+    } catch {
+      // ignore errors
+    } finally {
+      process.stdout.write = originalStdoutWrite;
+      process.stderr.write = originalStderrWrite;
+    }
+
+    // Should not contain glab auth status output
+    expect(capturedOutput.includes('No token provided')).toBe(false);
+    expect(capturedOutput.includes('401 Unauthorized')).toBe(false);
+  });
+});
+
+// Note: Tests for getGitLabUsername, getGitLabEmail,
 // getGitLabUserInfo, runGlabAuthLogin, and setupGitIdentity require
 // an authenticated glab CLI environment and are better suited for
 // integration tests or manual testing.