Context:
Was checking out multiple private repos and was copying a file from a private repos to a public repos in the workspace, then committing and pushing. The push would fail with a 403.
Error:
remote: Permission to my-repos denied to github-actions[bot].
fatal: unable to access 'https://github.com/.../my-repos.git/': The requested URL returned error: 403
By running this command we can see any of config settings being used for our repos:
We discovered the checkout action is executing a command like this:
git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
Reference:
https://github.com/actions/checkout/blob/master/adrs/0153-checkout-v2.md#pat
The fix is to do this:
git config --local --unset-all "http.https://github.com/.extraheader"
It's seems unlikely that this could lead to side effects but it may be desirable to re-set this value after the push is completed.
Sorry for lack of PR, we ended up not using your action and just incorporated what we ended into our workflow file.
Context:
Was checking out multiple private repos and was copying a file from a private repos to a public repos in the workspace, then committing and pushing. The push would fail with a 403.
Error:
By running this command we can see any of config settings being used for our repos:
We discovered the checkout action is executing a command like this:
Reference:
https://github.com/actions/checkout/blob/master/adrs/0153-checkout-v2.md#pat
The fix is to do this:
It's seems unlikely that this could lead to side effects but it may be desirable to re-set this value after the push is completed.
Sorry for lack of PR, we ended up not using your action and just incorporated what we ended into our workflow file.