* Copy gitconfig and configure gh CLI credential helper in container. * Called for both new containers and reused forked containers.
(
containerName: string,
env?: Record<string, string>
)
| 632 | * Called for both new containers and reused forked containers. |
| 633 | */ |
| 634 | private async setupCredentials( |
| 635 | containerName: string, |
| 636 | env?: Record<string, string> |
| 637 | ): Promise<void> { |
| 638 | if (!this.config.shareCredentials) return; |
| 639 | |
| 640 | // Copy host gitconfig into container (not mounted, so gh can modify it). |
| 641 | // Use argv-based Docker calls so credential paths/tokens never go through a host shell. |
| 642 | if (hasHostGitconfig()) { |
| 643 | await runSpawnCommand( |
| 644 | "docker", |
| 645 | ["cp", getHostGitconfigPath(), `${containerName}:/root/.gitconfig`], |
| 646 | 10000 |
| 647 | ); |
| 648 | } |
| 649 | |
| 650 | // Configure gh CLI as git credential helper if GH_TOKEN is available |
| 651 | // GH_TOKEN can come from project secrets (env) or host environment (buildCredentialArgs) |
| 652 | const ghToken = resolveGhToken(env); |
| 653 | if (ghToken) { |
| 654 | await runSpawnCommand( |
| 655 | "docker", |
| 656 | [ |
| 657 | "exec", |
| 658 | "-e", |
| 659 | `GH_TOKEN=${ghToken}`, |
| 660 | containerName, |
| 661 | "sh", |
| 662 | "-c", |
| 663 | "command -v gh >/dev/null && gh auth setup-git || true", |
| 664 | ], |
| 665 | 10000 |
| 666 | ); |
| 667 | } |
| 668 | } |
| 669 | |
| 670 | /** |
| 671 | * Provision container: create, sync project, checkout branch. |
no test coverage detected