Set up additional git env variables for workload

Sebastian Rehmrequested to merge
bastirehm-remove-dependency-on-run-git-command into master

What does this MR do and why?

Rather than relying on special handling of special "DUO_WORKFLOW_*" env variables in the Duo CLI's run_git_command this MR sets up the git environment in advance so that any git command which is run as a normal bash command works correctly.

Special considerations:

  1. A git credential-helper approach does not work since Runners overwrite any git remote urls and injects the CI_JOB_TOKEN into those.
  2. Instead we directly set up a URL with the oAuth token, which then does not get overwritten.
  3. The old "DUO_WORKFLOW_*" variables are still used, for flows that still use run_git_command specifically right now.

References

Related to #586973 (closed)

Screenshots or screen recordings

Before After
Screenshot_2026-03-10_at_21.13.36 Screenshot_2026-03-10_at_21.12.09

How to set up and validate locally

  1. Set up small issue. The goal is that the agent gets to pushing changes quickly.
  2. Run "Generate MR with Duo" on it -> observe it still works and commands in the session look like in the "Before" screenshot.
  3. Verify that changes are shown in result MR
  4. In your local AI gateway change any occurence of run_git_command in duo_workflow_service/agent_platform/v1/flows/configs/developer.yml to run_command
  5. Run "Generate MR with Duo" on it -> observe it still works and commands in the session look like in the "Before" screenshot
  6. Verify that changes are shown in result MR

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Sebastian Rehm

Merge request reports