Open shivarammysore opened 3 years ago
I'm guessing that your secret is just the github token. It should instead be git credentials in the format specified by man 7 git-credential-store
(under STORAGE FORMAT
).
You can change the credentials settings to this (you'll have to fill-in the $username
bit):
- uses: fusion-engineering/setup-git-credentials@v2
with:
credentials: https://$username:${{ secrets.SNMIX_REPO_ACCESS_TOKEN }}@github.com/
- run: cat ~/.gitconfig
Alternatively, you can put that directly in a secret, which also allows you to add credentials for different URLs.
Does this solve your issue? :)
Thanks for the response. I did not understand your "alternate" suggestion. Can you give an example?
I tried your suggestion: ($username replaced with correct one)
- uses: fusion-engineering/setup-git-credentials@v2
with:
credentials: https://$username:${{ secrets.SNMIX_REPO_ACCESS_TOKEN }}@github.com/
- run: cat ~/.gitconfig
output:
Run fusion-engineering/setup-git-credentials@v2
with:
credentials: ***github.com/
env:
GOROOT: /opt/hostedtoolcache/go/1.15.5/x64
git config --global credential.helper store
git config --global url.https://github.com/.insteadOf ssh://git@github.com/
git config --global --add url.https://github.com/.insteadOf git@github.com:
Run cat ~/.gitconfig
[credential]
helper = store
[url "https://github.com/"]
insteadOf = ssh://git@github.com/
insteadOf = git@github.com:
....
Setting up auth
/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :
/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :
/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
Determining the default branch
Retrieving the default branch name
Not Found
Setting up auth /usr/bin/git config --local --name-only --get-regexp core\.sshCommand /usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || : /usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader /usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || : /usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
Where does this come from? It doesn't look like anything that git-setup-credentials
does. It may conflict with git-setup-credentials
.
Hello,
I have myorg/repo-a
in which this github action runs. Both repo-a
and repo-b
are Go lang programs. The corresponding workflow yaml is as below:
- uses: fusion-engineering/setup-git-credentials@v2
with:
credentials: https://$username:${{ secrets.MY_PAT }}@github.com/
- run: cat ~/.gitconfig
- name: Check out code into the Go module directory
uses: actions/checkout@v2
env:
GOPRIVATE: "github.com/myorg/*"
with:
fetch-depth: 1
path: src/github.com/myorg/repo-a
submodules: true
- name: Checkout myorg/repo-b
uses: actions/checkout@v2
with:
repository: switchnomix/repo-b
path: src/github.com/myorg/repo-b
The first checkout of repo-a
works. The second checkout of repo-b
fails. The details of the failure were posted previously.
Does this help?
I might've had a similar problem
I tried cloning a local repository. In CI repository was not found, but locally everything worked.
By default Github Actions (and Azure CI) adds an extra header to clone the repository
Git config file examples from ci workflows after running
actions/checkout
and de-vri-es/setup-git-credentials
:
# Run cat .git/config
> cat .git/config
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = https://github.com/octocat/Hello-World
fetch = +refs/heads/*:refs/remotes/origin/*
[gc]
auto = 0
[http "https://github.com/"]
extraheader = AUTHORIZATION: basic ***
[branch "main"]
remote = origin
merge = refs/heads/main
# Run cat ~/.gitconfig
> cat ~/.gitconfig
[credential]
helper = store
[url "https://github.com/"]
insteadOf = ssh://git@github.com/
insteadOf = git@github.com:
Running git config --local --unset http.https://github.com/.extraheader
to remove the extra header fixed the issue for me
CI workflow example:
steps:
- name: Checkout
uses: actions/checkout@v4
- name: remove default credentials
run: git config --local --unset http.https://github.com/.extraheader
- uses: de-vri-es/setup-git-credentials@v2
with:
credentials: ${{secrets.GIT_CREDENTIALS}}
Hmm, that seems odd. The extraheader
is configured in .git/config
, not the global git configuration. Why would it be used? :o
What command/tool is cloning the extra repositories?
I was trying to install a node module from a private git repository.
I think actions/checkout@v4
set the extraheader
to clone the local repository
Then npm ci
tried to check that a private repository on github exists with
git --no-replace-objects ls-remote ssh://git@github.com/octocat/private.git
I think git used both extraheader
from local config and global credentials, and that didn't work
Ah.. yeah.. It's kinda the fault of the checkout
action. The token it configures is only valid for that one specific repository, but they configure it for all github repositories.
They should really set it only for https://github.com/$owner/$repo
.
But I'm also hesitant to add a work-around for it here. At best, it would only work if you run this action after the checkout action.
But we could add your workaround to the README
.
Perhaps, adding the workaround to the README is the best option.
Then people will be aware that the checkout
action adds additional git credentials,
and they will be able to add a step to clear those if needed
I have an Organization setting for my repos. I am building go binary for one with another private module in a different repo. The token supplied has organization setting.
With the below action the repo itself is not found. Am I missing any settings?
Output when running the action: