update Git and GitHub Actions docs to mention gh auth login#13850
Merged
oconnor663 merged 2 commits intomainfrom Jun 5, 2025
Merged
update Git and GitHub Actions docs to mention gh auth login#13850oconnor663 merged 2 commits intomainfrom
gh auth login#13850oconnor663 merged 2 commits intomainfrom
Conversation
Gankra
approved these changes
Jun 4, 2025
Contributor
Gankra
left a comment
Gankra
left a comment
There was a problem hiding this comment.
Can't speak to the precise wording but this is a big improvement, great job figuring this wizardry out!
docs/configuration/authentication.md
Outdated
| _not_ be saved in `pyproject.toml` or `uv.lock`, because those files are often checked-in and | ||
| published. In that case, uv will probably fail with authentication errors the next time it tries | ||
| to fetch the new dependency, for example if you delete the lockfile or clone your project on a | ||
| new machine. It's better to configure Git to use your credential automatically as follows. |
Contributor
There was a problem hiding this comment.
...It seems weird to have a sidebar that then says "as follows"
Contributor
There was a problem hiding this comment.
...should we be recommending these formats above if they're kinda broken like this?
Member
There was a problem hiding this comment.
...should we be recommending these formats above if they're kinda broken like this?
We talked about this in Discord, those formats are totally valid for uv pip install and other local usage.
zanieb
reviewed
Jun 5, 2025
docs/configuration/authentication.md
Outdated
| @@ -25,8 +25,32 @@ When using a GitHub personal access token, the username is arbitrary. GitHub doe | |||
| logging in with password directly, although other hosts may. If a username is provided without | |||
Member
There was a problem hiding this comment.
Aside
If a username is provided without credentials, you will be prompted to enter them.
This isn't even true anymore? Should we remove that in a separate pull request?
oconnor663
pushed a commit
that referenced
this pull request
Jun 5, 2025
oconnor663
commented
Jun 5, 2025
| These files are often included in source control and distributions, so it is generally unsafe | ||
| to include credentials in them. | ||
|
|
||
| If you have a Git credential helper configured, your credentials may be automatically persisted, |
Contributor
Author
There was a problem hiding this comment.
@zanieb this doesn't seem to happen when I try it with a test user on my machine (this is a demo PAT that I don't care about leaking):
$ gh auth setup-git --force --hostname github.com
$ cat ~/.gitconfig
[credential "https://github.com"]
helper =
helper = !/usr/bin/gh auth git-credential
[credential "https://gist.github.com"]
helper =
helper = !/usr/bin/gh auth git-credential
$ ls ~/.config/gh
ls: cannot access '/home/test/.config/gh': No such file or directory
$ uv add 'git+https://git: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@github.com/oconnor663/private_a'
...
Installed 1 package in 1ms
+ foo==0.1.0 (from git+https://github.com/oconnor663/private_a@16a893d62cbf0d58546b3440cc8a78f1e49de01f)
$ rm uv.lock
$ uv sync
Updating https://github.com/oconnor663/private_a (HEAD)
× Failed to download and build `foo @ git+https://github.com/oconnor663/private_a`
├─▶ Git operation failed
├─▶ failed to fetch into: /home/test/.cache/uv/git-v0/db/8d5a0ce3cccf1bae
╰─▶ process didn't exit successfully: `/usr/bin/git fetch --force --update-head-ok 'https://github.com/oconnor663/private_a'
'+HEAD:refs/remotes/origin/HEAD'` (exit status: 128)
--- stderr
fatal: could not read Username for 'https://github.com': terminal prompts disabled
$ ls ~/.config/gh
ls: cannot access '/home/test/.config/gh': No such file or directory
Is that expected?
Member
There was a problem hiding this comment.
That's the gh credential helper, something like git-credential-osxkeychain will automatically persist used credentials into the keychain.
Contributor
Author
There was a problem hiding this comment.
(this is a demo PAT that I don't care about leaking)
ARG
I get it, but ARG.
oconnor663
force-pushed
the
jack/github_auth_docs
branch
from
0d4b4d9 to
2aab9a7
Compare
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Jun 13, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.7.7` -> `0.7.13` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.7.13`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0713) [Compare Source](astral-sh/uv@0.7.12...0.7.13) ##### Python - Add Python 3.14.0b2 - Add Python 3.13.5 - Fix stability of `uuid.getnode` on 3.13 See the [`python-build-standalone` release notes](https://github.com/astral-sh/python-build-standalone/releases/tag/20250612) for more details. ##### Enhancements - Download versions in `uv python pin` if not found ([#​13946](astral-sh/uv#13946)) - Use TTY detection to determine if SIGINT forwarding is enabled ([#​13925](astral-sh/uv#13925)) - Avoid fetching an exact, cached Git commit, even if it isn't locked ([#​13748](astral-sh/uv#13748)) - Add `zstd` and `deflate` to `Accept-Encoding` ([#​13982](astral-sh/uv#13982)) - Build binaries for riscv64 ([#​12688](astral-sh/uv#12688)) ##### Bug fixes - Check if relative URL is valid directory before treating as index ([#​13917](astral-sh/uv#13917)) - Ignore Python discovery errors during `uv python pin` ([#​13944](astral-sh/uv#13944)) - Do not allow `uv add --group ... --script` ([#​13997](astral-sh/uv#13997)) ##### Preview changes - Build backend: Support namespace packages ([#​13833](astral-sh/uv#13833)) ##### Documentation - Add 3.14 to the supported platform reference ([#​13990](astral-sh/uv#13990)) - Add an `llms.txt` to uv ([#​13929](astral-sh/uv#13929)) - Add supported macOS version to the platform reference ([#​13993](astral-sh/uv#13993)) - Update platform support reference to include Python implementation list ([#​13991](astral-sh/uv#13991)) - Update pytorch.md ([#​13899](astral-sh/uv#13899)) - Update the CLI help and reference to include references to the Python bin directory ([#​13978](astral-sh/uv#13978)) ### [`v0.7.12`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0712) [Compare Source](astral-sh/uv@0.7.11...0.7.12) ##### Enhancements - Add `uv python pin --rm` to remove `.python-version` pins ([#​13860](astral-sh/uv#13860)) - Don't hint at versions removed by `excluded-newer` ([#​13884](astral-sh/uv#13884)) - Add hint to use `tool.uv.environments` on resolution error ([#​13455](astral-sh/uv#13455)) - Add hint to use `tool.uv.required-environments` on resolution error ([#​13575](astral-sh/uv#13575)) - Improve `python pin` error messages ([#​13862](astral-sh/uv#13862)) ##### Bug fixes - Lock environments during `uv sync`, `uv add` and `uv remove` to prevent race conditions ([#​13869](astral-sh/uv#13869)) - Add `--no-editable` to `uv export` for `pylock.toml` ([#​13852](astral-sh/uv#13852)) ##### Documentation - List `.gitignore` in project init files ([#​13855](astral-sh/uv#13855)) - Move the pip interface documentation into the concepts section ([#​13841](astral-sh/uv#13841)) - Remove the configuration section in favor of concepts / reference ([#​13842](astral-sh/uv#13842)) - Update Git and GitHub Actions docs to mention `gh auth login` ([#​13850](astral-sh/uv#13850)) ##### Preview - Fix directory glob traversal fallback preventing exclusion of all files ([#​13882](astral-sh/uv#13882)) ### [`v0.7.11`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0711) [Compare Source](astral-sh/uv@0.7.10...0.7.11) ##### Python - Add Python 3.14.0b1 - Add Python 3.13.4 - Add Python 3.12.11 - Add Python 3.11.13 - Add Python 3.10.18 - Add Python 3.9.23 ##### Enhancements - Add Pyodide support ([#​12731](astral-sh/uv#12731)) - Better error message for version specifier with missing operator ([#​13803](astral-sh/uv#13803)) ##### Bug fixes - Downgrade `reqwest` and `hyper-util` to resolve connection reset errors over IPv6 ([#​13835](astral-sh/uv#13835)) - Prefer `uv`'s binary's version when checking if it's up to date ([#​13840](astral-sh/uv#13840)) ##### Documentation - Use "terminal driver" instead of "shell" in `SIGINT` docs ([#​13787](astral-sh/uv#13787)) ### [`v0.7.10`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0710) [Compare Source](astral-sh/uv@0.7.9...0.7.10) ##### Enhancements - Add `--show-extras` to `uv tool list` ([#​13783](astral-sh/uv#13783)) - Add dynamically generated sysconfig replacement mappings ([#​13441](astral-sh/uv#13441)) - Add data locations to install wheel logs ([#​13797](astral-sh/uv#13797)) ##### Bug fixes - Avoid redaction of placeholder `git` username when using SSH authentication ([#​13799](astral-sh/uv#13799)) - Propagate credentials to files on devpi indexes ending in `/+simple` ([#​13743](astral-sh/uv#13743)) - Restore retention of credentials for direct URLs in `uv export` ([#​13809](astral-sh/uv#13809)) ### [`v0.7.9`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#079) [Compare Source](astral-sh/uv@0.7.8...0.7.9) ##### Python The changes reverted in [0.7.8](#​078) have been restored. See the [`python-build-standalone` release notes](https://github.com/astral-sh/python-build-standalone/releases/tag/20250529) for more details. ##### Enhancements - Improve obfuscation of credentials in URLs ([#​13560](astral-sh/uv#13560)) - Allow running non-default Python implementations via `uvx` ([#​13583](astral-sh/uv#13583)) - Add `uvw` as alias for `uv` without console window on Windows ([#​11786](astral-sh/uv#11786)) - Allow discovery of x86-64 managed Python builds on macOS ([#​13722](astral-sh/uv#13722)) - Differentiate between implicit vs explicit architecture requests ([#​13723](astral-sh/uv#13723)) - Implement ordering for Python architectures to prefer native installations ([#​13709](astral-sh/uv#13709)) - Only show the first match per platform (and architecture) by default in `uv python list` ([#​13721](astral-sh/uv#13721)) - Write the path of the parent environment to an `extends-environment` key in the `pyvenv.cfg` file of an ephemeral environment ([#​13598](astral-sh/uv#13598)) - Improve the error message when libc cannot be found, e.g., when using the distroless containers ([#​13549](astral-sh/uv#13549)) ##### Performance - Avoid rendering info log level ([#​13642](astral-sh/uv#13642)) - Improve performance of `uv-python` crate's manylinux submodule ([#​11131](astral-sh/uv#11131)) - Optimize `Version` display ([#​13643](astral-sh/uv#13643)) - Reduce number of reference-checks for `uv cache clean` ([#​13669](astral-sh/uv#13669)) ##### Bug fixes - Avoid reinstalling dependency group members with `--all-packages` ([#​13678](astral-sh/uv#13678)) - Don't fail direct URL hash checking with dependency metadata ([#​13736](astral-sh/uv#13736)) - Exit early on `self update` if global `--offline` is set ([#​13663](astral-sh/uv#13663)) - Fix cases where the uv lock is incorrectly marked as out of date ([#​13635](astral-sh/uv#13635)) - Include pre-release versions in `uv python install --reinstall` ([#​13645](astral-sh/uv#13645)) - Set `LC_ALL=C` for git when checking git worktree ([#​13637](astral-sh/uv#13637)) - Avoid rejecting Windows paths for remote Python download JSON targets ([#​13625](astral-sh/uv#13625)) ##### Preview - Add `uv add --bounds` to configure version constraints ([#​12946](astral-sh/uv#12946)) ##### Documentation - Add documentation about Python versions to Tools concept page ([#​7673](astral-sh/uv#7673)) - Add example of enabling Dependabot ([#​13692](astral-sh/uv#13692)) - Fix `exclude-newer` date format for persistent configuration files ([#​13706](astral-sh/uv#13706)) - Quote versions variables in GitLab documentation ([#​13679](astral-sh/uv#13679)) - Update Dependabot support status ([#​13690](astral-sh/uv#13690)) - Explicitly specify to add a new repo entry to the repos list item in the `.pre-commit-config.yaml` ([#​10243](astral-sh/uv#10243)) - Add integration with marimo guide ([#​13691](astral-sh/uv#13691)) - Add pronunciation to README ([#​5336](astral-sh/uv#5336)) ### [`v0.7.8`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#078) [Compare Source](astral-sh/uv@0.7.7...0.7.8) ##### Python We are reverting most of our Python changes from `uv 0.7.6` and `uv 0.7.7` due to a miscompilation that makes the Python interpreter behave incorrectly, resulting in spurious type-errors involving str. This issue seems to be isolated to x86\_64 Linux, and affected at least Python 3.12, 3.13, and 3.14. The following changes that were introduced in those versions of uv are temporarily being reverted while we test and deploy a proper fix for the miscompilation: - Add Python 3.14 on musl - free-threaded Python on musl - Add Python 3.14.0a7 - Statically link `libpython` into the interpreter on Linux for a significant performance boost See [the issue for details](astral-sh/uv#13610). ##### Documentation - Remove misleading line in pin documentation ([#​13611](astral-sh/uv#13611)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4yNi4xIiwidXBkYXRlZEluVmVyIjoiNDAuNTEuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This came up in #11342 (comment) and #12368 (comment). I'm leaving out the maximally complicated
GIT_CONFIG_COUNT-based approach that I mentioned in #11342 (comment), but let me know if anyone things it would be more helpful than confusing to mention it. (In any case, all of this might change in the future if we add more support for Git credentials?)