gha-git-credentials
gha-git-credentials copied to clipboard
OleksiyRudenko
`fatal: could not read Username for 'https://github.com': No such device or address`
Trying to use this action to authenticate git so it can push to main on a remote branch:
- name: Setup git
uses: oleksiyrudenko/[email protected]
with:
token: ${{ secrets.GH_TOKEN }}
global: true
name: Tester testy
email: [email protected]
actor: paw-lu
- name: Commit
working-directory: ./Dash-User-Contributions
run: |
git add --all
git commit --message="Change!"
- name: Push
working-directory: ./Dash-User-Contributions
run: |
git push --set-upstream origin ${{ github.run_id }}-${{ github.run_attempt }}
But on step Push I get fatal: could not read Username for 'https://github.com': No such device or address
Example repo has been set up to provide a minimal example.
Thanks for the action!
Hi @paw-lu, Thank you for pinging me and apologies for not reverting to you any time sooner. Looking into this.
Normally, this class of errors happens when authorization fails on remote operations. I, apparently, cannot see your profile and your repo security settings.
Hence a question:
Is secrets.GH_TOKEN a PAT generated on your profile and associated with your GitHub username?
(1) If no, then probably you wanted to use secrets.GITHUB_TOKEN instead, which is provided to actions by default. Then actor would be GITHUB_ACTOR, also set on the runner environment. This action's actor parameter defaults to GITHUB_ACTOR, hence no need to specify it explicitly.
(I may be wrong as I've seen somewhere GH_TOKEN referred to on multiple docs outside github actions official documentation. Might be an alias).
(2) If yes, then you may want to check your PAT permissions and expiration date.
Feel free to reflecting on the above.
I will fork your test repo and run a couple of experiments to test hypotheses I have.
Absolutely nothing to be sorry about!
Is secrets.GH_TOKEN a PAT generated on your profile and associated with your GitHub username?
Yes. It's not an alias though, it was a token I generated.
Why use it instead of GITHUB_TOKEN? Apparently the generated token has more permissions than the defautl GITHUB_TOKEN. And there were some actions that I wanted to take that needed it.
(2) If yes, then you may want to check your PAT permissions and expiration date.
Checked!
-
I tried with all permission enabled on a freshly generated token
-
Am able to successfully get what I want done if I use the token manually (without the action). For example, for the push action I can successfully run:
% git push https://${{ secrets.GH_TOKEN }}@github.com/user/repo.git
Actually the only way I could figure out to use the token for authentication for push actions was to modify origin to explicitly include the token in the url.
I will fork your test repo and run a couple of experiments to test hypotheses I have.
Yeah go for it! Just be aware that the repo has changed quite a bit since then, and I linked to a specific hash: 75de3623b91773c2dc0a3da091913b1fc695edbb
@paw-lu looks like I am failing at resolving this. This is above my qualifications and knowledge of git and github fundamentals.
What I did: I set, iteratively, git credentials explicitly (using custom secrets.GH_TOKEN) via (a) env variables (GIT_* and GITHUB_ACTOR) and (b) git credentials helper (git credentials store; I thought that git might have been looking up for a user associated with https://github.com and expected to find it somewhere in a persistent credentials store). I had that custom token also listed among secrets on the fork that is being created by the workflow.
No combination worked.
Interestingly, as soon as I am trying to push changes to the main repo (i.e. the one that hosts the workflow) it goes smoothly.
I am run out of the ideas. I could use some help here.
In case you have any interest in what's been done code-wise:
-
issues-with-tokenbranch that corresponds to 75de3623b91773c2dc0a3da091913b1fc695edbb -
test-gha-221106branch -- multiple commits in attempt to debug/pin-point the problem and solve it. Multiple failed attemps (ignore 2 latest runs; they come from the item 3 below). -
test-gha-221106-no-forkbranch -- push changes to the repo that hosts the workflow. Works fine. - earlier
test-gha-221101branch, essentially same conclusions as under item 3 above.
Interestingly, as soon as I am trying to push changes to the main repo (i.e. the one that hosts the workflow) it goes smoothly.
Yeah this is consistent with my own testing.
To be clear, I was able to eventually get it to work by adjusting the remote address for origin to be https://${{ secrets.GH_TOKEN }}@github.com/user/repo.git. Then you are able to push to a repo that isn't the one associated with the running action.
But this is the only solution I was able to come up with.
Hi there, I'm facing the same problem.
As far as I have tested locally, setting git config user.password to the personal access token no longer works now.
I don't know exactly when it stopped working, but maybe this announcement is related to this issue.
I think there are two solutions.
- Replace all remote URLs of GitHub (as @paw-lu said above)
git config --global url."https://${INPUT_TOKEN}@github.com".insteadOf "https://github.com"
- Set Authorization header for all remote URLs of GitHub
git config --global http.https://github.com.extraheader "Authorization: Basic $(base64 <<< "${INPUT_TOKEN}:")"
