Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds documentation for configuring Git to use GitHub App tokens for authentication, addressing issue #270. The addition provides guidance for scenarios where tools use Git directly but cannot accept GitHub API tokens.
- Adds a new documentation section explaining Git's
insteadofconfiguration option - Provides a complete workflow example for Python projects with private Git dependencies
- Includes additional configuration examples for repository and organization-specific authentication
| # required | ||
| app-id: ${{ vars.APP_ID }} | ||
| private-key: ${{ secrets.PRIVATE_KEY }} | ||
| - name: Configure git to use the app token |
There was a problem hiding this comment.
The placeholder 'USERNAME' in the Git URL is not explained. Consider clarifying what value should be used here or if it's a literal placeholder that Git ignores for token-based authentication.
| - name: Configure git to use the app token | |
| - name: Configure git to use the app token | |
| # The USERNAME part of the URL can be any non-empty string (e.g., 'x-access-token'), as GitHub ignores it when a token is used. |
| The above example will use the same token for all `git` operations on GitHub via `https`, but you can configure it on a per repository or per-organisation basis by changing the prefix: | ||
|
|
||
| ```bash | ||
| git config --global url."https://USERNAME:${GITHUB_TOKEN}@github.com/MyOrg/MyRepo".insteadOf "https://github.com/MyOrg/MyRepo" |
There was a problem hiding this comment.
This example uses the same unexplained 'USERNAME' placeholder. For consistency and clarity, this should match the explanation provided for the main example above.
| git config --global url."https://USERNAME:${GITHUB_TOKEN}@github.com/MyOrg/MyRepo".insteadOf "https://github.com/MyOrg/MyRepo" | |
| git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/MyOrg/MyRepo".insteadOf "https://github.com/MyOrg/MyRepo" |
|
This pull request has been marked stale because it has been open for 180 days with no activity. Please close this pull request if it is no longer needed. If this pull request is still relevant and you would like it to remain open, simply update it within the next 60 days. |
|
Hi @multimeric, thanks for your patience. After reviewing this, I think there's a simpler solution: - uses: actions/create-github-app-token@v3
id: app-token
with:
client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
- name: Configure git to use the app token
run: gh auth setup-git
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}This uses the GitHub CLI (pre-installed on GitHub-hosted runners) to configure Git's credential helper. When subsequent steps run git operations, they'll authenticate via Do you think this would work for your use case? Looks like #287 proposes something very close to this. |
Closes #270.