diff --git a/entry b/entry index 89363e3..87a70cd 100755 --- a/entry +++ b/entry @@ -98180,8 +98180,7 @@ function buildPullfrogFooter(params) { parts.push(`Using [${params.agent.displayName}](${params.agent.url})`); } if (params.workflowRun) { - const { owner, repo, runId } = params.workflowRun; - parts.push(`[View workflow run](https://github.com/${owner}/${repo}/actions/runs/${runId})`); + parts.push(`[View workflow run](https://github.com/${params.workflowRun.owner}/${params.workflowRun.repo}/actions/runs/${params.workflowRun.runId})`); } if (params.customParts) { parts.push(...params.customParts); @@ -123859,9 +123858,8 @@ function setupGitConfig() { } } function setupGit(ctx) { - const { githubInstallationToken: githubInstallationToken2, payload } = ctx; const repoDir = process.cwd(); - log.info("\u{1F527} Setting up git configuration..."); + log.info("\u{1F527} Setting up git authentication..."); try { execSync("git config --local --unset-all http.https://github.com/.extraheader", { cwd: repoDir, @@ -123871,26 +123869,30 @@ function setupGit(ctx) { } catch { log.debug("No existing authentication headers to remove"); } - process.env.GH_TOKEN = githubInstallationToken2; - $("git", ["config", "--local", "credential.helper", ""], { cwd: repoDir }); - $("git", ["config", "--local", "--add", "credential.helper", "!gh auth git-credential"], { - cwd: repoDir - }); - log.info("\u2713 Configured gh as credential helper"); - if (payload.event.is_pr !== true || !payload.event.issue_number) { + const originUrl = `https://x-access-token:${ctx.githubInstallationToken}@github.com/${ctx.owner}/${ctx.name}.git`; + $("git", ["remote", "set-url", "origin", originUrl], { cwd: repoDir }); + log.info("\u2713 Updated origin URL with authentication token"); + if (ctx.payload.event.is_pr !== true || !ctx.payload.event.issue_number) { log.debug("Not a PR event, staying on default branch"); return { pushRemote: "origin" }; } - const prNumber = payload.event.issue_number; + const prNumber = ctx.payload.event.issue_number; log.info(`\u{1F33F} Checking out PR #${prNumber}...`); $("gh", ["pr", "checkout", prNumber.toString()], { cwd: repoDir, - env: { GH_TOKEN: githubInstallationToken2 } + env: { GH_TOKEN: ctx.githubInstallationToken } }); log.info(`\u2713 Successfully checked out PR #${prNumber}`); const pushRemote = detectPushRemote(); if (pushRemote !== "origin") { log.info(`\u{1F374} Fork PR detected, will push to remote: ${pushRemote}`); + const forkUrl = $("git", ["remote", "get-url", pushRemote], { cwd: repoDir, log: false }); + const authedForkUrl = forkUrl.replace( + "https://github.com/", + `https://x-access-token:${ctx.githubInstallationToken}@github.com/` + ); + $("git", ["remote", "set-url", pushRemote, authedForkUrl], { cwd: repoDir }); + log.info(`\u2713 Updated ${pushRemote} URL with authentication token`); } return { pushRemote }; } diff --git a/utils/buildPullfrogFooter.ts b/utils/buildPullfrogFooter.ts index d8cef95..895586b 100644 --- a/utils/buildPullfrogFooter.ts +++ b/utils/buildPullfrogFooter.ts @@ -40,8 +40,9 @@ export function buildPullfrogFooter(params: BuildPullfrogFooterParams): string { } if (params.workflowRun) { - const { owner, repo, runId } = params.workflowRun; - parts.push(`[View workflow run](https://github.com/${owner}/${repo}/actions/runs/${runId})`); + parts.push( + `[View workflow run](https://github.com/${params.workflowRun.owner}/${params.workflowRun.repo}/actions/runs/${params.workflowRun.runId})` + ); } if (params.customParts) { diff --git a/utils/setup.ts b/utils/setup.ts index 7818de1..c60eca4 100644 --- a/utils/setup.ts +++ b/utils/setup.ts @@ -73,10 +73,9 @@ export type SetupGitResult = { * Returns the remote to push to (detected from branch tracking after checkout). */ export function setupGit(ctx: Context): SetupGitResult { - const { githubInstallationToken, payload } = ctx; const repoDir = process.cwd(); - log.info("🔧 Setting up git configuration..."); + log.info("🔧 Setting up git authentication..."); // remove existing git auth headers that actions/checkout might have set try { @@ -89,29 +88,23 @@ export function setupGit(ctx: Context): SetupGitResult { log.debug("No existing authentication headers to remove"); } - // set GH_TOKEN in process.env so gh auth git-credential uses the installation token - // (not the default GITHUB_TOKEN which has different permissions) - process.env.GH_TOKEN = githubInstallationToken; - - // set up gh as credential helper - this makes git use GH_TOKEN for any remote - $("git", ["config", "--local", "credential.helper", ""], { cwd: repoDir }); - $("git", ["config", "--local", "--add", "credential.helper", "!gh auth git-credential"], { - cwd: repoDir, - }); - log.info("✓ Configured gh as credential helper"); + // embed token directly in origin URL - simple and doesn't expose token in env + const originUrl = `https://x-access-token:${ctx.githubInstallationToken}@github.com/${ctx.owner}/${ctx.name}.git`; + $("git", ["remote", "set-url", "origin", originUrl], { cwd: repoDir }); + log.info("✓ Updated origin URL with authentication token"); // non-PR events: stay on default branch, push to origin - if (payload.event.is_pr !== true || !payload.event.issue_number) { + if (ctx.payload.event.is_pr !== true || !ctx.payload.event.issue_number) { log.debug("Not a PR event, staying on default branch"); return { pushRemote: "origin" }; } // checkout PR branch - gh pr checkout handles fork remotes and tracking automatically - const prNumber = payload.event.issue_number; + const prNumber = ctx.payload.event.issue_number; log.info(`🌿 Checking out PR #${prNumber}...`); $("gh", ["pr", "checkout", prNumber.toString()], { cwd: repoDir, - env: { GH_TOKEN: githubInstallationToken }, + env: { GH_TOKEN: ctx.githubInstallationToken }, }); log.info(`✓ Successfully checked out PR #${prNumber}`); @@ -119,6 +112,14 @@ export function setupGit(ctx: Context): SetupGitResult { const pushRemote = detectPushRemote(); if (pushRemote !== "origin") { log.info(`🍴 Fork PR detected, will push to remote: ${pushRemote}`); + // embed token in fork remote URL too + const forkUrl = $("git", ["remote", "get-url", pushRemote], { cwd: repoDir, log: false }); + const authedForkUrl = forkUrl.replace( + "https://github.com/", + `https://x-access-token:${ctx.githubInstallationToken}@github.com/` + ); + $("git", ["remote", "set-url", pushRemote, authedForkUrl], { cwd: repoDir }); + log.info(`✓ Updated ${pushRemote} URL with authentication token`); } return { pushRemote }; }