Secure Source Manager supports all Git SCM client commands and has built in pull requests and issue tracking. Both HTTPS and SSH authentication are supported.
Required roles
To get the permissions that you need to use Git to interact with a Secure Source Manager repository, ask your administrator to grant you the following IAM roles:
-
Secure Source Manager Instance Accessor (
roles/securesourcemanager.instanceAccessor
) on the Secure Source Manager instance -
To clone a repository:
Secure Source Manager Repo Reader (
roles/securesourcemanager.repoReader
) on the repository -
To push to a repository:
Secure Source Manager Repo Writer (
roles/securesourcemanager.repoWriter
) on the repository
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
For information on granting Secure Source Manager roles, see Access control with IAM and Grant users instance access.
Install Git and Google Cloud CLI
- Install Git.
- Install the gcloud CLI.
The gcloud CLI version
395.0.0
or later is required to use Git with HTTPS. To check your gcloud CLI version run the following command:gcloud --version
To update the gcloud CLI run the following command.
gcloud components update
After updating, run
gcloud init
to initialize the gcloud CLI.See the gcloud CLI documentation on updating components for more information.
Set up your credentials
If you authenticate to Secure Source Manager using a third-party identity provider and Workforce Identity Federation, you don't need to complete this section—instead, you must create a workforce identity pool login configuration.
Add the Secure Source Manager authentication helper to your global Git config by running the following command:
Linux
git config --global credential.'https://*.*.sourcemanager.dev'.helper gcloud.sh
Earlier versions of Git might not support wildcards. To add the authentication helper without wildcards, run the following command:
git config --global credential.'https://INSTANCE_ID-PROJECT_NUMBER-git.LOCATION.sourcemanager.dev'.helper gcloud.sh
Replace the following:
INSTANCE_ID
with the name of your Secure Source Manager instance.PROJECT_NUMBER
with your project number. For help finding your project number, see Identifying projects.LOCATION
with the instance's region. For more information on regions, see Locations.
Windows
git config --global credential.https://*.*.sourcemanager.dev.helper gcloud.cmd
Earlier versions of Git might not support wildcards. To add the authentication helper without wildcards, run the following command:
git config --global credential.https://INSTANCE_ID-PROJECT_NUMBER-git.LOCATION.sourcemanager.dev.helper gcloud.cmd
Replace the following:
INSTANCE_ID
with the name of your Secure Source Manager instance.PROJECT_NUMBER
with your project number. For help finding your project number, see Identifying projects.LOCATION
with the instance's region. For more information on regions, see Locations.
The authentication helper uses the gcloud CLI to fetch your Google Cloud credentials when using Git commands with Secure Source Manager.
To re-authenticate after the initial credential setup, run the following gcloud CLI command:
gcloud auth login
Create a workforce identity pool login configuration
You don't need to complete this section unless you're using Workforce Identity Federation to authenticate to Secure Source Manager with a third-party identity provider.
To authenticate with your workforce identity pool credentials to your Secure Source Manager instance using gcloud CLI commands or Git commands, you must create a login configuration with your workforce identity pool.
To create a workforce identity pool login configuration, follow the instructions in Obtain short-lived tokens for Workforce Identity Federation to create a browser-based sign-in with the gcloud CLI.
After you have authenticated, you can use Git commands to interact with your Secure Source Manager instance. You must re-authenticate when the session duration for your workforce identity pool expires.
Clone a repository
Clone a repository by running the following command:
git clone REPOSITORY_URL
Where REPOSITORY_URL
is the HTTPS or SSH URL displayed at the top
of the repository page you want to clone.
Push an existing repository to Secure Source Manager
You must create a Secure Source Manager repository to act as a remote before you can push to it.
To push your existing Git repository to an empty Secure Source Manager repository you need to add the Secure Source Manager repository as a remote and push to it.
To set the Secure Source Manager repository as a remote run the following command:
git remote add origin REPOSITORY_URL
Where
REPOSITORY_URL
is the HTTPS or SSH URL displayed at the top of the repository page.To push to the repository run the following command:
git push -u origin main
For more information on Git source code management, read the Git documentation.
What's next
- Learn more about Git source code management
- List and view repositories.