HTTP basic auth via HTTP_BASIC_AUTH=user:password. Mutually
exclusive with HTTP_TOKEN (basic takes precedence if both set).
Implementation note: busybox httpd strips Authorization: Basic
headers before invoking CGI scripts (it expects to handle basic
auth itself), so a CGI-side check for Basic doesn't work. We let
busybox handle Basic via its -c httpd.conf rule (`/cgi-bin/:user:pass`)
and keep the CGI-side Bearer check for HTTP_TOKEN. httpd.conf is
chowned to the agent user because httpd drops privileges before
reading -c.
Image additions for canonical deploy.sh patterns:
- git (apk add git) — for git pull/tag/push.
- openssh-client (apk add openssh-client) — provides /usr/bin/ssh,
which git invokes for ssh:// remote transports. Without it
`git push origin` fails with 'error: cannot run ssh: No such
file or directory'.
- HOME=/home/agent exported in the force-command wrapper — busybox
httpd doesn't set HOME for CGI, leaving git/ssh/xdg lookups
pointing at /root and producing 'Permission denied' warnings.
README updated with HTTP_BASIC_AUTH env var, URL syntax examples,
and the mutual-exclusion note.
Fabian @ Blax Software
58492c80ec