Github Actions - git command `ls-remote` fails for private repo when on runner (works locally)

I’m using this command to check and see if a remote private repo exists and the user has access to it:

git ls-remote https://<user name>:<token>@github.com/<repo owner>/<repo name>.git

Also checking for a branch on the remote repo:

git ls-remote <same url> <branch name>

These should be able to access the private repo using the access token passed into the action, and I should get an actual read on the remote repo and its refs. However, I receive a git error:

remote: Repository not found. fatal: repository 'https://github.com/aoAppDev/upstream-sync-test-remote.git/' not found

Notably, this output doesn’t include the classic *** to hide the token in the output URL because, well… it isn’t in this error URL at all.

It’s not an issue with the token or URL because the action successfully clones the private repo immediately after these commands fail. (Also, it works as expected on my local machine.)

So why would this command fail on the runner?
Is there some config I’m missing?
Something blocking the use of ls-remote with a secret token??

I’m at a loss here.

I figured out the problem! I was using the GH checkout action as a first step, and the GITHUB_TOKEN credentials were automatically persisting through the entire workflow. So anytime I tried to run a command requiring the auth token for the second remote repo, it was using the persisted credentials. I set persist-credentials to false, and my commands work as expected.

Some odd things about this, though –

  • If I have the auth token in the remote URL, I don’t see why the action would even try to use the persisted auth token.
  • Why did the clone work while the other commands didn’t? Super strange.

Anyway, I hope this helps someone down the line. Happy coding!