Automatically tell git where to look for github creds

Removes a fiddly client-side config! This was particularly problematic when git was installed via conda, as it does not read the systemwide /etc/gitconfig file (conda-forge/git-feedstock#113) Ref #2
jupyterhub · Apr 18, 2022 · 2029390 · 2029390
1 parent 441933d
commit 2029390
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -75,35 +75,23 @@ pip install gh-scoped-creds
 
 ## Client configuration
 
-1. `gh-scoped-creds` uses `git-credentials-store` to provide appropriate authentication,
-    by writing to a `/tmp/gh-scoped-creds` file. This makes sure we don't override
-	the default `~/.git-credentials` file someone might be using. `git` will have to be configured to use
-	the new file.
-
-	You can put the following snippet in `/etc/gitconfig` (for containers) or in
-	`~/.gitconfig`:
-
-	```ini
-	[credential]
-        helper = store --file=/tmp/gh-scoped-creds
-	```
-
-	Or you can run the following command (this puts it in `~/.gitconfig`)
+1. `gh-scoped-creds` will need to know the "Client ID" of the created GitHub app to
+    perform authentication. This can be either set with the environment variable
+	`GH_SCOPED_CREDS_CLIENT_ID`, or be passed in as a commandline parameter `--client-id` to
+	the `gh-scoped-creds` script when users use it to authenticate.
 
-	```
-	git config --global credential.helper "store --file=/tmp/gh-scoped-creds"
-	```
+1. `gh-scoped-creds` uses [`git-credentials-store`](https://git-scm.com/docs/git-credential-store)
+   to provide appropriate authentication, by writing to a `/tmp/gh-scoped-creds`
+   file. This makes sure we don't override the default `~/.git-credentials` file
+   someone might be using. `git` will be automatically configured (via an entry
+   in `~/.gitconfig`) to use this file for github.com credentials.  the new
+   file.
 
    **Note for non-container uses**: If your users are on a HPC system or similar,
    where `/tmp` is not isolated for each user, you must set the file path to be
    under `$HOME`. The `gh-scoped-creds` commandline tool used by end users
    (documented below) accepts a `--git-credentials-path` that can be explicitly
-   set. The same path must be used in `gitconfig` here as well.
-
-2. `gh-scoped-creds` will need to know the "Client ID" of the created GitHub app to
-    perform authentication. This can be either set with the environment variable
-	`GH_SCOPED_CREDS_CLIENT_ID`, or be passed in as a commandline parameter `--client-id` to
-	the `gh-scoped-creds` script when users use it to authenticate.
+   set.
 
 ## Usage
 

diff --git a/gh_scoped_creds/__init__.py b/gh_scoped_creds/__init__.py
@@ -2,6 +2,7 @@
 import os
 import sys
 import time
+import subprocess
 
 import requests
 
@@ -93,6 +94,17 @@ def main(args=None, in_jupyter=False):
     ) as f:
         f.write(f"https://x-access-token:{access_token}@github.com\n")
 
+    # Tell git to use our new creds when talking to github
+    subprocess.check_call(
+        [
+            "git",
+            "config",
+            "--global", # Modifies ~/.gitconfig
+            "credential.https://github.aaakk.us.kg.helper",
+            f"store --file={args.git_credentials_path}",
+        ]
+    )
+
     expires_in_hours = expires_in / 60 / 60
     success = (
         f"Success! Authentication will expire in {expires_in_hours:0.1f} hours.\n"