Using GitHub CLI and Git in GitHub Codespaces

gh extension install jongio/gh-setup-git-credential-helper
gh setup-git-credential-helper

```csharp

That will do all of fixes I mention below and get you all setup with Git in your Codespace.

## Post

I work with [GitHub Codespaces](https://github.com/features/codespaces) quite a bit and discovered that there a few things that don’t work well with [GitHub CLI](https://cli.github.com/) and [Git](https://git-scm.com/).

To set some context:

1. GitHub CLI uses the GITHUB\_TOKEN environment variable to cache GitHub auth tokens after a user logs into the GitHub CLI.
2. Codespaces also uses GITHUB\_TOKEN, but the token it puts in there is very restrictive because they want to be careful about what they give the Codespace permission to do.
3. Git needs credentials in the Codespace to push to remotes and other privaleged operations. This works out of the box, but not after you login to the GitHub CLI.

The workflow that I want to be smooth is this:

1. Fork a repository and create a Codespace using the GitHub UI
2. From within the Codespace, use the GitHub CLI to create a GitHub Secret to be used by my GitHub Action
3. Use `git` to push code changes to my fork

Let’s start at the second step, creating a secret with GitHub CLI.

When you try to do that today you get this error message:

```bash

gh secret set AZURE_CREDENTIALS -b'"...."

```text
```bash

failed to fetch public key:
HTTP 403: Resource not accessible by integration

```csharp

What that error means is: “Your current authentication doesn’t have permissions to create a secret” - because you are using the limited permissions that the Codespace gave you.

I’ve filed an issue here to get a better error message: [https://github.com/cli/cli/issues/3797](https://github.com/cli/cli/issues/3797)

What you need to do is re-authenticate. You try with `gh auth login`, but when you do that you get this error:

```bash

The value of the GITHUB_TOKEN environment variable is being used for authentication.
To have GitHub CLI store credentials instead, first clear the value from the environment.

```csharp

Currently, the GitHub CLI doesn’t let you overwrite the GITHUB\_TOKEN env var when you run `gh auth login`, so what you need to do is clear that env var like this:

```bash

export GITHUB_TOKEN=

```sql

I’ve filed an issue here to allow us to overwrite GITHUB\_TOKEN: [https://github.com/cli/cli/issues/3799](https://github.com/cli/cli/issues/3799)

Then you can re-auth with the GitHub CLI with `gh auth login` and create your secret or do whatever you were trying to do with it.

Then, when you try to do something with git, like push code changes to your fork, you’ll likely get this error:

```bash

git push --set-upstream origin env-dev5
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/jongio/golang-sample-app/'

```text

I’ve filed an issue here to not put git in an invalid state after calling gh auth login: [https://github.com/cli/cli/issues/3798](https://github.com/cli/cli/issues/3798)

It doesn’t prompt you to enter username or password. So you are stuck.

But, it turns out that you can use the GitHub CLI as a git credential helper, so that when git needs to auth it will use the GitHub CLI to do so. Here’s how you set that up:

```bash

git config --global credential.https://github.com.helper ''
git config --global 'credential.https://github.com' '!gh auth git-credential'