Skip to content

feat: route git push auth to the right token by GitHub org#11

Merged
MrChrisRodriguez merged 1 commit into
mainfrom
chore/git-credential-org-routing
Jun 4, 2026
Merged

feat: route git push auth to the right token by GitHub org#11
MrChrisRodriguez merged 1 commit into
mainfrom
chore/git-credential-org-routing

Conversation

@MrChrisRodriguez

Copy link
Copy Markdown
Owner

What

Adds a global git credential helper that hands git push the correct GitHub token based on the repo's org — so plain git push works in any repo built from this template, with no per-repo setup.

Org Token
Blueprint-Talent/* BTG_GITHUB_TOKEN
confiador/* CONFIADOR_GITHUB_TOKEN
everything else GITHUB_TOKEN (fallback)

Why

GITHUB_TOKEN (personal) is read-only on org repos, so pushes 403'd. Previously you had to override the token per push. Routing by org removes that entirely.

How

  • scripts/git-credential-org-router.sh — reads the org from the credential request (useHttpPath=true passes the path), emits the matching token from the env. Tokens are read at push time and never written to disk (not in .git/config, the remote URL, or output).
  • on-create/setup-git-credentials.sh — wires it into global git config. ~/.gitconfig isn't a persisted volume, so re-applying on each create is what makes it survive rebuilds.
  • Docs: new "GitHub push auth" section in AUTH-PERSISTENCE.md; tokens registered in secrets.example.

Adding an org later: one case line in the helper + the matching *_GITHUB_TOKEN in host secrets.

Descendants pick this up via scripts/sync-devcontainer.sh (new files auto-added; on-create.sh clean 3-way merge), then a devcontainer rebuild.

🤖 Generated with Claude Code

Add a global credential helper that picks a token based on the repo's
GitHub org (Blueprint-Talent→BTG_GITHUB_TOKEN, confiador→CONFIADOR_
GITHUB_TOKEN, else GITHUB_TOKEN), read from env at push time and never
stored. Wired into on-create so it survives rebuilds; documented in
AUTH-PERSISTENCE.md and secrets.example.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@MrChrisRodriguez MrChrisRodriguez merged commit 3f5fdbf into main Jun 4, 2026
1 check passed
@MrChrisRodriguez MrChrisRodriguez deleted the chore/git-credential-org-routing branch June 4, 2026 20:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant