[v12.0/forgejo] fix: use credentials helpers for git clones (#9068)

**Backport**: https://codeberg.org/forgejo/forgejo/pulls/9067 When performing a `git clone` that requires credentials, they are temporarily stored in files and used with [Git credential](https://git-scm.com/docs/gitcredentials/2.50.0#_requesting_credentials). They were previously included in the URL that were readable by a user with shell access to the host running the Forgejo instance when, for instance, they ask for the list of process (`ps`). Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9068
2025-10-10 19:32:02 +00:00 · 2025-08-30 18:45:56 +02:00 · 2025-08-30 18:45:56 +02:00 · b98109ee69
commit b98109ee69
parent 1bc42842ba
8 changed files with 291 additions and 15 deletions
--- a/tests/integration/pull_review_test.go
+++ b/tests/integration/pull_review_test.go
@ -791,6 +791,8 @@ func TestPullRequestStaleReview(t *testing.T) {
 		cloneURL.User = url.UserPassword("user2", userPassword)
 		require.NoError(t, git.CloneWithArgs(t.Context(), nil, cloneURL.String(), dstPath, git.CloneRepoOptions{}))

+		doGitSetRemoteURL(dstPath, "origin", cloneURL)(t)
+
 		// Create first commit.
 		require.NoError(t, os.WriteFile(path.Join(dstPath, "README.md"), []byte("## test content"), 0o600))
 		require.NoError(t, git.AddChanges(dstPath, true))