The old isEnterprise check no longer makes sense, given the prompter is
providing 'other', not 'GitHub Enterprise Server' as its non-GitHub.com
option. Additionally, there was an opportunity for cleaning up the code
via early returns and the removal of the default hostname lookup if we
don't need it.
The default authentication mode is a web-based browser flow. After completion, an
authentication token will be stored securely in the system credential store.
If a credential store is not found or there is an issue using it gh will fallback
to writing the token to a plain text file. See `gh auth status` for its
stored location.
Alternatively, use `--with-token` to pass in a token on standard input.
The minimum required scopes for the token are: `repo`, `read:org`, and `gist`.
Alternatively, gh will use the authentication token found in environment variables.
This method is most suitable for "headless" use of gh such as in automation. See
`gh help environment` for more info.
To use gh in GitHub Actions, add `GH_TOKEN: ${{ github.token }}` to `env`.
The git protocol to use for git operations on this host can be set with `--git-protocol`,
or during the interactive prompting. Although login is for a single account on a host, setting
the git protocol will take effect for all users on the host.
Specifying `ssh` for the git protocol will detect existing SSH keys to upload,
prompting to create and upload a new key if one is not found. This can be skipped with
`--skip-ssh-key` flag.
USAGE
gh auth login [flags]
FLAGS
-p, --git-protocol string The protocol to use for git operations on this host: {ssh|https}
-h, --hostname string The hostname of the GitHub instance to authenticate with
--insecure-storage Save authentication credentials in plain text instead of credential store
-s, --scopes strings Additional authentication scopes to request
--skip-ssh-key Skip generate/upload SSH key prompt
-w, --web Open a browser to authenticate
--with-token Read token from standard input
INHERITED FLAGS
--help Show help for command
EXAMPLES
# Start interactive setup
$ gh auth login
# Authenticate against github.com by reading the token from a file
$ gh auth login --with-token < mytoken.txt
# Authenticate with specific host
$ gh auth login --hostname enterprise.internal
LEARN MORE
Use `gh <command> <subcommand> --help` for more information about a command.
Read the manual at https://cli.github.com/manual
Learn about exit codes using `gh help exit-codes` around Tylers-GitHub-MacBook.local
This change is meant to better support the login flow for other customers
besides GitHub Enterprise Server customers that use the same login flow
as GHES.
Fixes non-interactive login flow and make sure "prompt" configuration is
respected by never prompting if it was explicitly disabled.
No longer asks to press Enter again after "Authentication complete"
message, since that didn't provide any value to the user.
This is to avoid hitting the filesystem and resolving symlinks
unnecessarily. The value of executable is just used conditionally by a
handful of commands.
This keeps git operations working even when PATH is modified, e.g. `brew
update` will work even though Homebrew runs the command explicitly
without `/usr/local/bin` in PATH.
Additionally, this inserts a blank value for `credential.*.helper` to
instruct git to ignore previously configured credential helpers, i.e.
those that might have been set up in system configuration files. We do
this because otherwise, git will store the credential obtained from gh
in every other credential helper in the chain, which we want to avoid.
Before:
git config --global credential.https://github.com.helper '!gh auth git-credential'
After:
git config --global credential.https://github.com.helper ''
git config --global --add credential.https://github.com.helper '!/path/to/gh auth git-credential'
