Adds a new command `gh auth setup-git [<hostname>]` that sets up git to
use the GitHub CLI as a credential helper.
The gist is that it runs these two git commands for each hostname the
user is authenticated with.
```
git config --global --replace-all 'credential.https://github.com.helper' ''
git config --global --add 'credential.https://github.com.helper' '!gh auth git-credential'
```
If a hostname flag is given, it'll setup GH CLI as a credential helper
for only that hostname.
If the user is not authenticated with any git hostnames, or the user is
not authenticated with the hostname given as a flag, it'll print an
error.
Co-authored-by: Mislav Marohnić <mislav@github.com>
When there was a previously valid token that was granted some scopes,
ensure all those scopes will be re-requested when doing the
authentication flow for the new token.
This is to avoid hitting the filesystem and resolving symlinks
unnecessarily. The value of executable is just used conditionally by a
handful of commands.
There was a bug where if git was not installed then gh would do its
authentication and try to configure git but would then find out that the
git executable was not in PATH.
Now gh checks to see if the git executable is in PATH before
authenticating the user. If the git executable is in PATH the
authentication continues as normal, if it is not in PATH then it prints
out an error to the console:
$ git executable not found in $PATH
Resolves: #3818
This keeps git operations working even when PATH is modified, e.g. `brew
update` will work even though Homebrew runs the command explicitly
without `/usr/local/bin` in PATH.
Additionally, this inserts a blank value for `credential.*.helper` to
instruct git to ignore previously configured credential helpers, i.e.
those that might have been set up in system configuration files. We do
this because otherwise, git will store the credential obtained from gh
in every other credential helper in the chain, which we want to avoid.
Before:
git config --global credential.https://github.com.helper '!gh auth git-credential'
After:
git config --global credential.https://github.com.helper ''
git config --global --add credential.https://github.com.helper '!/path/to/gh auth git-credential'
When a token such as GH_TOKEN is set through environment variables and
`~/.config/gh/hosts.yml` is non-existent, the `auth git-credential get`
command used to fail due to missing username.
Since GitHub username isn't at all required for token authentication,
use the `x-access-token` faux username instead of trying to obtain one
from a config file.
Old message:
read-only token in GH_TOKEN cannot be modified
This message was vague and some users did not understand that this
refers to the value that is read from environment variables.
New message:
$ GH_TOKEN=123 ghd auth login -h github.com
The value of the GH_TOKEN environment variable is being used for authentication.
To have GitHub CLI store credentials instead, first clear the value from the environment.
