Overriding credentials in Github Actions

[jbnjohnathan]

I am troubleshooting an application (https://github.com/python-semantic-release/python-semantic-release) that uses gitpython, and trying to figure out if the issue is in gitpython or elsewhere.

When running this application as a GitHub action the workflow is very simple

1. Use actions/checkout to checkout a branch from a repository
2. Run the github action docker container against the folder where the repository was checked out to.

It uses the methods git.push(server, branch) where server is in the form of f"https://{user}:{token}@{domain}/{owner}/{name}.git"
But I have noticed that gitpython seem to cntinue to use the credentials that were supplied when the actions/checkout action run.

[Byron]

If I remember correctly, GitPython doesn't involve itself with authentication at all, but invokes the git binary to perform all operations. Thus it should be git deciding what to do with URLs that contain username and password, or with the passed in environment variables.

I can imagine that GitPython alters the runtime environment variables of the spawned process, and that this action affects what happens in regards to authentication, but it's something you can validate by looking at the code of git.push(…) or by adding debug output.

Once it's a bit clearer that GitPython should change to accommodate this case, we can create an issue from this conversation.