I have my self hosted Drone on my VPS and I’m working with my private repo on GitHub. My step commands are running in my own docker image.
With clone disabled in my .drone.yml I can use git clone and the authentication to my private repo happens automatically, no problem here.
Now I also want to use the GitHub CLI and wondering how to authenticate it. AFAIK the suggested solution is to add my token (PAT) as a new secret to Drone, set it into an environment variable like this:
So my question is that can I somehow use/access the “default” token that is used by the git commands to avoid storing a new secret in Drone? Or in other words: What is the best practice to auth GitHub CLI? Thank you!
If your repository is private or requires authentication to clone, Drone injects the credentials into your pipeline environment. Drone uses the oauth2 token associated with the repository owner as the clone credentials.
So the proper question is, how to use this “injected” auth info with gh auth ? Is it possible at all?
Thank you for the warning! I don’t want to risk any surprise after an upgrade, so I ended up with adding a new organization secret (a new git token with minimal rights) to my Drone and using that instead.