Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use git credential helper #1871

Open
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

ChrisBr
Copy link

@ChrisBr ChrisBr commented Aug 8, 2024

Instead of using gh we should use the built in git credential helper to get a valid token. I think we could even get rid of reading the credentials files manually as git should be able to just do this for us.

What we're essentially doing is

> printf "host=github.com\nprotocol=https" | git credential fill
protocol=https
host=github.com
username=3799140
password=TOKEN

Ideally we would even hand down a path so the token could be scoped to a single repository.

https://git-scm.com/docs/gitcredentials

@ChrisBr
Copy link
Author

ChrisBr commented Aug 8, 2024

Ideally I would like to do something like to scope it to a repository, can we somehow hand the repository down?

printf "host=github.com\nprotocol=https\npath=cargo-bins/cargo-binstall" | git credential fill

Copy link
Member

@NobodyXu NobodyXu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

According to gh-auth-login doc, the token could be stored in a system credential store, it only fallbacks if it's not available.

I suggest to fallback to git, if gh-auth-token fails

@ChrisBr
Copy link
Author

ChrisBr commented Aug 8, 2024

@NobodyXu thanks, makes sense.

Do you see a way to scope the token per repository, that's what we're doing in CI for security reason. Or does cargo-binstall need a token valid for all repositories it attempts to download?

@NobodyXu
Copy link
Member

NobodyXu commented Aug 8, 2024

Or does cargo-binstall need a token valid for all repositories it attempts to download?

Yes, it currently just reuses the same github-token for every repository of the crates to install.

@passcod
Copy link
Member

passcod commented Aug 8, 2024

I also want to say that on my system, using printf "host=github.com\nprotocol=https" | git credential fill does not return anything useful, while gh is currently logged in and binstall uses its token.

@ChrisBr
Copy link
Author

ChrisBr commented Aug 8, 2024

I also want to say that on my system, using printf "host=github.com\nprotocol=https" | git credential fill does not return anything useful

Hum that's interesting. But your git client is authenticated and can push to Github? Or do you use gh for this?

I don't use gh myself and only use plain old git.

@passcod
Copy link
Member

passcod commented Aug 9, 2024

Yes, I can push to git, because that uses ssh keys.

@ChrisBr
Copy link
Author

ChrisBr commented Aug 9, 2024

Yes, I can push to git, because that uses ssh keys.

Ah got it

@NobodyXu
Copy link
Member

NobodyXu commented Nov 9, 2024

Pinging @ChrisBr

do you want to continue this PR or do you want me to take over?

@ChrisBr
Copy link
Author

ChrisBr commented Nov 12, 2024

do you want to continue this PR or do you want me to take over?

Please take over but let me know if you run into any issues.

@NobodyXu NobodyXu force-pushed the cbruckmayer/use-git-credential-helper branch from 4372849 to 4a01320 Compare November 13, 2024 14:15
Signed-off-by: Jiahao XU <[email protected]>
@NobodyXu NobodyXu force-pushed the cbruckmayer/use-git-credential-helper branch from 4a01320 to 6e46f66 Compare November 13, 2024 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants