GitXplorerGitXplorer
d

setup-git-credentials

public
91 stars
20 forks
2 issues

Commits

List of commits on branch main.
Verified
29633dd3b53840e223461f06dd08b443991d01cd

Merge pull request #30 from de-vri-es/dependabot/npm_and_yarn/undici-5.28.4

dde-vri-es committed 9 months ago
Verified
3a5655527f087dfbb7279d9469b7c2946f6016cb

Bump undici from 5.28.3 to 5.28.4

ddependabot[bot] committed 9 months ago
Verified
b3d4212b85274f87fea3d81be197a2d2c6c14285

Merge pull request #29 from de-vri-es/dependabot/npm_and_yarn/undici-5.28.3

dde-vri-es committed a year ago
Verified
75559408dd8201044915ea0e97f19123b8e650f1

Bump undici from 5.28.2 to 5.28.3

ddependabot[bot] committed a year ago
Unverified
5e1f18da68b7039c7f824408d170811aaec93ca8

Bump version to 2.1.2.

dde-vri-es committed a year ago
Unverified
10d40416ec0ed36f269e1b75fe80de378e8bd370

Upgrade to node20 again.

dde-vri-es committed a year ago

README

The README file for this repository.

Configuring credentials

This action allows you to clone private git repositories using HTTP authentication. The credentials should be passed to the action through the credentials parameter. It is highly recommended to store the credentials in a secret and pass the secret to the action, rather than hard-coding the credentials in the configuration file.

Note that the checkout action already allows you to clone the main repository. This action is intended for downloading additional dependencies from private repositories.

The action stores the credentials in the file $XDG_CONFIG_HOME/git/credentials, and configures git to use it by calling git config --global credential.helper store/ The credentials should be list of URL patterns with authentication information. See man 7 git-credentials-store for more details.

Additionally, the action configures git to rewrite SSH URLs for GitHub repositories to HTTPS URLs. This allows dependencies to be specified using a SSH URLs for developers, while the CI system will automatically clone over HTTPS with the provided credentials.

It is advisable to generate an access token specifically for your workflow. Simply use the token in place of an account password in the credentials. Be sure to grant full access for the repo scope to the token, otherwise the token can not be used to clone private repositories. Without the right permissions, the clone will normally fail with a 404 error.

A sample configuration for a workflow is shown here:

name: Rust
on: [push]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: de-vri-es/setup-git-credentials@v2
      with:
        credentials: ${{secrets.GIT_CREDENTIALS}}
    - uses: actions/checkout@v1
    - name: Build
      run: cargo +stable build --color=always
    - name: Run tests
      run: cargo +stable test --color=always

The credentials secret would contain something like this:

https://$username:$token@github.com/

It is also possible to provide additional credentials for different domains in the credentials list.

Why not use a plain SSH key?

In general, a plain SSH key would be a good solution too. However, at the moment Cargo (the Rust package manager) does not support SSH authentication other than through an SSH agent. SSH agents are not meant to be used non-interactively, so HTTPS authentication is a simpler solution.

If you can use plain SSH keys that may be easier.

Compatibility with custom runners

The latest version of this action runs on node20. If your custom runner doesn't support node20 yet, you can pin the action to v2.0 which runs on node16.