Authenticate GitHub CLI

coderars · October 1, 2021, 11:28am

Dear Support!

I have my self hosted Drone on my VPS and I’m working with my private repo on GitHub. My step commands are running in my own docker image.

With clone disabled in my .drone.yml I can use git clone and the authentication to my private repo happens automatically, no problem here.

Now I also want to use the GitHub CLI and wondering how to authenticate it. AFAIK the suggested solution is to add my token (PAT) as a new secret to Drone, set it into an environment variable like this:

  environment:
    GITHUB_TOKEN:
      from_secret: github_token

…and then:

echo $GITHUB_TOKEN | gh auth login --with-token

So my question is that can I somehow use/access the “default” token that is used by the git commands to avoid storing a new secret in Drone? Or in other words: What is the best practice to auth GitHub CLI? Thank you!

edit:
From the Authentication docs:

If your repository is private or requires authentication to clone, Drone injects the credentials into your pipeline environment. Drone uses the oauth2 token associated with the repository owner as the clone credentials.

So the proper question is, how to use this “injected” auth info with gh auth ? Is it possible at all?

coderars · October 1, 2021, 8:29pm

I’ve just figured out that Drone injects a ~/.netrc file to my step container, containing the credentials I was looking for. Ugly, but seems working:

  commands:
    - awk '/github.com/{getline; print $4}' ~/.netrc | gh auth login --with-token
    - gh auth status

I’ve also found this old issue asking gh to support .netrc but seems it won’t be added:

We don’t yet respect the netrc file, but we appreciate the suggestion!

bradrydzewski · October 2, 2021, 2:05pm

The netrc file is considered an internal implementation detail and could change in future releases, so just something to keep in mind going forward.

http://discuss.harness.io/t/drone-netrc-username-documentation-usage/4485/2

coderars · October 3, 2021, 11:47am

Thank you for the warning! I don’t want to risk any surprise after an upgrade, so I ended up with adding a new organization secret (a new git token with minimal rights) to my Drone and using that instead.

Topic		Replies	Views
DRONE_NETRC_USERNAME documentation/usage Drone Support	4	1676	March 23, 2021
Pass OAuth Credentials to Drone CLI Drone Support	1	258	May 25, 2021
Replace netrc files with for authentication during the clone step Drone Support	0	349	January 1, 2023
Recommended method to access github credentials using SSH runner Drone Support	1	580	September 2, 2021
0.8 Private Github and Custom Pipeline Image Permissions Drone Support	4	740	October 24, 2017

Authenticate GitHub CLI

Related topics