Skip to content

Enhance Configure git CLI for an app's bot user action example#285

Closed
CannonLock wants to merge 1 commit intoactions:mainfrom
CannonLock:patch-1
Closed

Enhance Configure git CLI for an app's bot user action example#285
CannonLock wants to merge 1 commit intoactions:mainfrom
CannonLock:patch-1

Conversation

@CannonLock
Copy link

@CannonLock CannonLock commented Sep 12, 2025
edited
Loading

Enhances the current example with a checkout step for completeness and to demonstrate the important step of not persisting the credentials.

Other users have ran into this issue: #75

@CannonLock
Add checkout step to auto-format job
9967fc7 
Add checkout step demo to the example to demonstrate how you can use this token to checkout and push to a github repository in the same step.
Copilot AI review requested due to automatic review settings September 12, 2025 15:00
@CannonLock CannonLock requested a review from a team as a code owner September 12, 2025 15:00
Copilot AI reviewed Sep 12, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances the "Configure git CLI for an app's bot user" example in the README by adding a crucial checkout step that demonstrates proper credential handling. The change addresses a common issue where users weren't aware of the need to prevent persisting default GITHUB_TOKEN credentials when using app tokens.

  • Adds a checkout step with persist-credentials: false to prevent credential conflicts
  • Includes explanatory comment about preventing implicit use of default GITHUB_TOKEN

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@CannonLock CannonLock changed the title Enhance Configure git CLI for an app's bot user Enhance Configure git CLI for an app's bot user action example Sep 12, 2025
gr2m
gr2m reviewed Sep 12, 2025
View reviewed changes
README.md
Comment on lines +101 to +105
- name: Checkout code
uses: actions/checkout@v4
with:
# Prevent implicit use of default GITHUB_TOKEN
persist-credentials: false
Copy link
Contributor

@gr2m gr2m Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternatively, you can use the token from the app to checkout the code

     - uses: actions/create-github-app-token@v2
       id: app-token
       with:
         # required
         app-id: ${{ vars.APP_ID }}
         private-key: ${{ secrets.PRIVATE_KEY }}
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          token: ${{ steps.app-token.outputs.token }}

Not sure which one is better. I think persist-credentials: false is a best practice either way when it's not needed for subsequent pulls or pushes.

@ymmt2005 ymmt2005 mentioned this pull request Sep 18, 2025
Open
@CannonLock
Copy link
Author

CannonLock commented Sep 18, 2025

Closing in favor of #288 which provides a example closer to what I was looking for in the README.

@CannonLock CannonLock closed this Sep 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@gr2m gr2m gr2m left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CannonLock @gr2m