Orb version:
2.1.0
What happened:
If you use a checkout step in your job, for example:
steps:
- checkout
- gh/setup
- run: gh repo clone MyOrg/MyRepo
It will fail with the following error if the repository requires the auth from the token configured in gh/setup:
ERROR: Repository not found.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
exit status 128
Omitting the checkout
step fixes the issue.
Investigation into the issue reveals that the checkout
step creates a ~/.gitconfig
that breaks usage of gh repo clone
by redirecting all https://github.com
git usage to ssh://[email protected]
. Here is the contents as created as a side-effect of checkout
:
[url "ssh://[email protected]"]
insteadOf = https://github.com
[gc]
auto = 0
Since the gh
CLI tool configures a git credential helper for https://github.com, the redirect configured by the checkout
step renders it useless as everything is redirected to SSH thus ends up using the repository specific SSH key configured by CircleCI.
Expected behavior:
Usage of checkout
command should not affect usage of the github-cli
orb.
I would argue checkout
should not make any modification to global git configuration.
If there is no way around modification of the global git configuration, it should at least be specific to the repository that checkout
will operate on instead of redirecting every github.com URL.
Additional Information:
Other workarounds include doing your gh repo
commands before the checkout
step or adding a rm ~/.gitconfig
immediately after the checkout
step.