-
-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use git credential helper #1871
base: main
Are you sure you want to change the base?
Use git credential helper #1871
Conversation
Ideally I would like to do something like to scope it to a repository, can we somehow hand the repository down?
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
According to gh-auth-login
doc, the token could be stored in a system credential store, it only fallbacks if it's not available.
I suggest to fallback to git, if gh-auth-token fails
@NobodyXu thanks, makes sense. Do you see a way to scope the token per repository, that's what we're doing in CI for security reason. Or does cargo-binstall need a token valid for all repositories it attempts to download? |
Yes, it currently just reuses the same github-token for every repository of the crates to install. |
I also want to say that on my system, using |
Hum that's interesting. But your I don't use |
Yes, I can push to git, because that uses ssh keys. |
Ah got it |
Pinging @ChrisBr do you want to continue this PR or do you want me to take over? |
Please take over but let me know if you run into any issues. |
Signed-off-by: Jiahao XU <[email protected]>
Signed-off-by: Jiahao XU <[email protected]>
4372849
to
4a01320
Compare
Signed-off-by: Jiahao XU <[email protected]>
4a01320
to
6e46f66
Compare
Instead of using
gh
we should use the built ingit
credential helper to get a valid token. I think we could even get rid of reading the credentials files manually as git should be able to just do this for us.What we're essentially doing is
Ideally we would even hand down a path so the token could be scoped to a single repository.
https://git-scm.com/docs/gitcredentials