How is the GitHub token injected into git? #25255

gaborcsardi · 2022-03-15T16:25:12Z

gaborcsardi
Mar 15, 2022

As I understand, within a run command line git has access to the GitHub token that was created specifically for the run.

How is the token injected into git here? Is it added to the git credential store? Or some other way?

Answered by jsoref

Mar 16, 2022

No it isn’t done w/ the git credential store, it’s done w/ the .git/config file:

  <a href="https://github.com/actions/checkout/blob/ec3a7ce113134d7a93b817d10a8272cb61118579/src/git-auth-helper.ts#L55-L65" target="_blank" rel="noopener">github.com</a>

actions/checkout/blob/ec3a7ce113134d7a93b817d10a8272cb61118579/src/git-auth-helper.ts#L55-L65

<pre class="onebox">      <code class="lang-ts">
    <ol class="start lines" start="55" style="counter-reset: li-counter 54 ;">
        <li>this.tokenConfigKey = `http.${serverUrl.origin}/.extraheader` // "origin" is SCHEME://HOSTNAME[:PORT]</li>
        <li>const basicCredential = Buffer.from(</li>
        <li>  `x-access-token:${this.settings.aut…

View full answer

airtower-luna · 2022-03-15T18:53:50Z

airtower-luna
Mar 15, 2022

Check the output of the actions/checkout step in your workflow log. Assuming it’s using Git to retrieve the repository (as opposed to the API if Git isn’t available on the runner) you’ll see it setting up an Authorization header in the “Setting up auth” section.

0 replies

jsoref · 2022-03-16T04:33:13Z

jsoref
Mar 16, 2022

No it isn’t done w/ the git credential store, it’s done w/ the .git/config file:

  <a href="https://github.com/actions/checkout/blob/ec3a7ce113134d7a93b817d10a8272cb61118579/src/git-auth-helper.ts#L55-L65" target="_blank" rel="noopener">github.com</a>

actions/checkout/blob/ec3a7ce113134d7a93b817d10a8272cb61118579/src/git-auth-helper.ts#L55-L65

<pre class="onebox">      <code class="lang-ts">
    <ol class="start lines" start="55" style="counter-reset: li-counter 54 ;">
        <li>this.tokenConfigKey = `http.${serverUrl.origin}/.extraheader` // "origin" is SCHEME://HOSTNAME[:PORT]</li>
        <li>const basicCredential = Buffer.from(</li>
        <li>  `x-access-token:${this.settings.authToken}`,</li>
        <li>  'utf8'</li>
        <li>).toString('base64')</li>
        <li>core.setSecret(basicCredential)</li>
        <li>this.tokenPlaceholderConfigValue = `AUTHORIZATION: basic ***`</li>
        <li>this.tokenConfigValue = `AUTHORIZATION: basic ${basicCredential}`</li>
        <li>
        </li>

// Instead of SSH URL

this.insteadOfKey = `url.${serverUrl.origin}/.insteadOf` // "origin" is SCHEME://HOSTNAME[:PORT]

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

How is the GitHub token injected into git? #25255

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

Navigation Menu

GitHub Community

How is the GitHub token injected into git? #25255

gaborcsardi Mar 15, 2022

actions/checkout/blob/ec3a7ce113134d7a93b817d10a8272cb61118579/src/git-auth-helper.ts#L55-L65

Replies: 2 comments

airtower-luna Mar 15, 2022

jsoref Mar 16, 2022

actions/checkout/blob/ec3a7ce113134d7a93b817d10a8272cb61118579/src/git-auth-helper.ts#L55-L65

gaborcsardi
Mar 15, 2022

airtower-luna
Mar 15, 2022

jsoref
Mar 16, 2022