Enhance Configure git CLI for an app's bot user action example #285
Conversation
Add checkout step demo to the example to demonstrate how you can use this token to checkout and push to a github repository in the same step.
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the "Configure git CLI for an app's bot user" example in the README by adding a crucial checkout step that demonstrates proper credential handling. The change addresses a common issue where users weren't aware of the need to prevent persisting default GITHUB_TOKEN credentials when using app tokens.
- Adds a checkout step with
persist-credentials: falseto prevent credential conflicts - Includes explanatory comment about preventing implicit use of default GITHUB_TOKEN
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
CannonLock changed the title Configure git CLI for an app's bot userConfigure git CLI for an app's bot user action example 
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| # Prevent implicit use of default GITHUB_TOKEN | ||
| persist-credentials: false |
There was a problem hiding this comment.
Alternatively, you can use the token from the app to checkout the code
- uses: actions/create-github-app-token@v2 id: app-token with: # required app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - name: Checkout code uses: actions/checkout@v4 with: token: ${{ steps.app-token.outputs.token }} Not sure which one is better. I think persist-credentials: false is a best practice either way when it's not needed for subsequent pulls or pushes.
| Closing in favor of #288 which provides a example closer to what I was looking for in the README. |
Enhances the current example with a checkout step for completeness and to demonstrate the important step of not persisting the credentials.
Other users have ran into this issue: #75