actions/code-review
2
0
Fork 0
Code Pull Requests Actions Releases Activity

fix: update askpass script to securely read token from env var

Browse Source
This commit is contained in:
Jeffery
2026-05-12 01:12:32 +00:00
parent 3fef7df7a5
commit e22223e501
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/git.js
+4 -3
View File
@@ -21,11 +21,12 @@ export async function commitAndPush(workspace, _spawnSync = spawnSync) {
const remoteUrl = `${baseUrl}/${GITEA_REPOSITORY}.git`;
const repoDir = path.join(workspace, 'repo');
// Write a temporary askpass script so the token never appears in the URL or process list
// Write a temporary askpass script that reads the token from an env var,
// so the token value never appears in the script file itself
const askpassScript = path.join(workspace, '.git-askpass.sh');
fs.writeFileSync(askpassScript, `#!/bin/sh\necho "${GITEA_TOKEN}"\n`, { mode: 0o700 });
fs.writeFileSync(askpassScript, '#!/bin/sh\necho "$GIT_TOKEN"\n', { mode: 0o700 });
const credEnv = { ...process.env, GIT_ASKPASS: askpassScript, GIT_USERNAME: 'x-token' };
const credEnv = { ...process.env, GIT_ASKPASS: askpassScript, GIT_USERNAME: 'x-token', GIT_TOKEN: GITEA_TOKEN };
try {
if (!fs.existsSync(repoDir)) {