.

2025-11-04 15:58:09 +08:00 · 2025-10-14 19:07:14 +00:00 · 2025-10-14 18:55:51 +00:00 · 2025-10-14 18:39:36 +00:00 · 2025-10-13 21:50:24 +00:00
4 changed files with 284 additions and 65 deletions
--- a/test/git-auth-helper.test.ts
+++ b/test/git-auth-helper.test.ts
@@ -86,16 +86,29 @@ describe('git-auth-helper tests', () => {
    // Act
    await authHelper.configureAuth()

-    // Assert config
-    const configContent = (
+    // Assert config - check that .git/config contains includeIf entries
+    const localConfigContent = (
      await fs.promises.readFile(localGitConfigPath)
    ).toString()
+    expect(
+      localConfigContent.indexOf('includeIf.gitdir:')
+    ).toBeGreaterThanOrEqual(0)
+
+    // Assert credentials config file contains the actual credentials
+    const credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
+      f => f.startsWith('git-credentials-') && f.endsWith('.config')
+    )
+    expect(credentialsFiles.length).toBe(1)
+    const credentialsConfigPath = path.join(runnerTemp, credentialsFiles[0])
+    const credentialsContent = (
+      await fs.promises.readFile(credentialsConfigPath)
+    ).toString()
    const basicCredential = Buffer.from(
      `x-access-token:${settings.authToken}`,
      'utf8'
    ).toString('base64')
    expect(
-      configContent.indexOf(
+      credentialsContent.indexOf(
        `http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}`
      )
    ).toBeGreaterThanOrEqual(0)
@@ -120,7 +133,7 @@ describe('git-auth-helper tests', () => {
    'inject https://github.com as github server url'
  it(configureAuth_AcceptsGitHubServerUrlSetToGHEC, async () => {
    await testAuthHeader(
-      configureAuth_AcceptsGitHubServerUrl,
+      configureAuth_AcceptsGitHubServerUrlSetToGHEC,
      'https://github.com'
    )
  })
@@ -141,12 +154,17 @@ describe('git-auth-helper tests', () => {
      // Act
      await authHelper.configureAuth()

-      // Assert config
-      const configContent = (
-        await fs.promises.readFile(localGitConfigPath)
+      // Assert config - check credentials config file (not local .git/config)
+      const credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
+        f => f.startsWith('git-credentials-') && f.endsWith('.config')
+      )
+      expect(credentialsFiles.length).toBe(1)
+      const credentialsConfigPath = path.join(runnerTemp, credentialsFiles[0])
+      const credentialsContent = (
+        await fs.promises.readFile(credentialsConfigPath)
      ).toString()
      expect(
-        configContent.indexOf(
+        credentialsContent.indexOf(
          `http.https://github.com/.extraheader AUTHORIZATION`
        )
      ).toBeGreaterThanOrEqual(0)
@@ -251,13 +269,16 @@ describe('git-auth-helper tests', () => {
      expectedSshCommand
    )

-    // Asserty git config
+    // Assert git config
    const gitConfigLines = (await fs.promises.readFile(localGitConfigPath))
      .toString()
      .split('\n')
      .filter(x => x)
-    expect(gitConfigLines).toHaveLength(1)
-    expect(gitConfigLines[0]).toMatch(/^http\./)
+    // Should have includeIf entries pointing to credentials file
+    expect(gitConfigLines.length).toBeGreaterThan(0)
+    expect(
+      gitConfigLines.some(line => line.indexOf('includeIf.gitdir:') >= 0)
+    ).toBeTruthy()
  })

  const configureAuth_setsSshCommandWhenPersistCredentialsTrue =
@@ -419,8 +440,20 @@ describe('git-auth-helper tests', () => {
    expect(
      configContent.indexOf('value-from-global-config')
    ).toBeGreaterThanOrEqual(0)
+    // Global config should have include.path pointing to credentials file
+    expect(configContent.indexOf('include.path')).toBeGreaterThanOrEqual(0)
+
+    // Check credentials in the separate config file
+    const credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
+      f => f.startsWith('git-credentials-') && f.endsWith('.config')
+    )
+    expect(credentialsFiles.length).toBeGreaterThan(0)
+    const credentialsConfigPath = path.join(runnerTemp, credentialsFiles[0])
+    const credentialsContent = (
+      await fs.promises.readFile(credentialsConfigPath)
+    ).toString()
    expect(
-      configContent.indexOf(
+      credentialsContent.indexOf(
        `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
      )
    ).toBeGreaterThanOrEqual(0)
@@ -463,8 +496,20 @@ describe('git-auth-helper tests', () => {
      const configContent = (
        await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig'))
      ).toString()
+      // Global config should have include.path pointing to credentials file
+      expect(configContent.indexOf('include.path')).toBeGreaterThanOrEqual(0)
+
+      // Check credentials in the separate config file
+      const credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
+        f => f.startsWith('git-credentials-') && f.endsWith('.config')
+      )
+      expect(credentialsFiles.length).toBeGreaterThan(0)
+      const credentialsConfigPath = path.join(runnerTemp, credentialsFiles[0])
+      const credentialsContent = (
+        await fs.promises.readFile(credentialsConfigPath)
+      ).toString()
      expect(
-        configContent.indexOf(
+        credentialsContent.indexOf(
          `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
        )
      ).toBeGreaterThanOrEqual(0)
@@ -660,19 +705,35 @@ describe('git-auth-helper tests', () => {
    await setup(removeAuth_removesToken)
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    await authHelper.configureAuth()
-    let gitConfigContent = (
+
+    // Sanity check - verify includeIf entries exist in local config
+    let localConfigContent = (
      await fs.promises.readFile(localGitConfigPath)
    ).toString()
-    expect(gitConfigContent.indexOf('http.')).toBeGreaterThanOrEqual(0) // sanity check
+    expect(
+      localConfigContent.indexOf('includeIf.gitdir:')
+    ).toBeGreaterThanOrEqual(0)
+
+    // Sanity check - verify credentials file exists
+    let credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
+      f => f.startsWith('git-credentials-') && f.endsWith('.config')
+    )
+    expect(credentialsFiles.length).toBe(1)

    // Act
    await authHelper.removeAuth()

-    // Assert git config
-    gitConfigContent = (
+    // Assert includeIf entries removed from local git config
+    localConfigContent = (
      await fs.promises.readFile(localGitConfigPath)
    ).toString()
-    expect(gitConfigContent.indexOf('http.')).toBeLessThan(0)
+    expect(localConfigContent.indexOf('includeIf.gitdir:')).toBeLessThan(0)
+
+    // Assert credentials config file deleted
+    credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
+      f => f.startsWith('git-credentials-') && f.endsWith('.config')
+    )
+    expect(credentialsFiles.length).toBe(0)
  })

  const removeGlobalConfig_removesOverride =
@@ -733,10 +794,20 @@ async function setup(testName: string): Promise<void> {
    checkout: jest.fn(),
    checkoutDetach: jest.fn(),
    config: jest.fn(
-      async (key: string, value: string, globalConfig?: boolean) => {
-        const configPath = globalConfig
-          ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
-          : localGitConfigPath
+      async (
+        key: string,
+        value: string,
+        globalConfig?: boolean,
+        add?: boolean,
+        configFile?: string
+      ) => {
+        const configPath =
+          configFile ||
+          (globalConfig
+            ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
+            : localGitConfigPath)
+        // Ensure directory exists
+        await fs.promises.mkdir(path.dirname(configPath), {recursive: true})
        await fs.promises.appendFile(configPath, `\n${key} ${value}`)
      }
    ),
@@ -830,6 +901,7 @@ async function setup(testName: string): Promise<void> {

 async function getActualSshKeyPath(): Promise<string> {
  let actualTempFiles = (await fs.promises.readdir(runnerTemp))
+    .filter(x => !x.startsWith('git-credentials-')) // Exclude credentials config file
    .sort()
    .map(x => path.join(runnerTemp, x))
  if (actualTempFiles.length === 0) {
@@ -843,6 +915,7 @@ async function getActualSshKeyPath(): Promise<string> {

 async function getActualSshKnownHostsPath(): Promise<string> {
  let actualTempFiles = (await fs.promises.readdir(runnerTemp))
+    .filter(x => !x.startsWith('git-credentials-')) // Exclude credentials config file
    .sort()
    .map(x => path.join(runnerTemp, x))
  if (actualTempFiles.length === 0) {
--- a/dist/index.js
+++ b/dist/index.js
@@ -162,6 +162,8 @@ class GitAuthHelper {
        this.sshKeyPath = '';
        this.sshKnownHostsPath = '';
        this.temporaryHomePath = '';
+        this.credentialsConfigPath = ''; // Path to separate credentials config file in RUNNER_TEMP
+        this.credentialsIncludeKeys = []; // Track includeIf/include config keys for cleanup
        this.git = gitCommandManager;
        this.settings = gitSourceSettings || {};
        // Token auth header
@@ -187,6 +189,20 @@ class GitAuthHelper {
            yield this.configureToken();
        });
    }
+    getCredentialsConfigPath() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.credentialsConfigPath) {
+                return this.credentialsConfigPath;
+            }
+            const runnerTemp = process.env['RUNNER_TEMP'] || '';
+            assert.ok(runnerTemp, 'RUNNER_TEMP is not defined');
+            // Create a unique filename for this checkout instance
+            const configFileName = `git-credentials-${(0, uuid_1.v4)()}.config`;
+            this.credentialsConfigPath = path.join(runnerTemp, configFileName);
+            core.debug(`Credentials config path: ${this.credentialsConfigPath}`);
+            return this.credentialsConfigPath;
+        });
+    }
    configureTempGlobalConfig() {
        return __awaiter(this, void 0, void 0, function* () {
            var _a;
@@ -229,10 +245,10 @@ class GitAuthHelper {
    configureGlobalAuth() {
        return __awaiter(this, void 0, void 0, function* () {
            // 'configureTempGlobalConfig' noops if already set, just returns the path
-            const newGitConfigPath = yield this.configureTempGlobalConfig();
+            yield this.configureTempGlobalConfig();
            try {
                // Configure the token
-                yield this.configureToken(newGitConfigPath, true);
+                yield this.configureToken(true);
                // Configure HTTPS instead of SSH
                yield this.git.tryConfigUnset(this.insteadOfKey, true);
                if (!this.settings.sshKey) {
@@ -254,11 +270,12 @@ class GitAuthHelper {
            // Remove possible previous HTTPS instead of SSH
            yield this.removeGitConfig(this.insteadOfKey, true);
            if (this.settings.persistCredentials) {
+                // TODO: UPDATE THIS
                // Configure a placeholder value. This approach avoids the credential being captured
                // by process creation audit events, which are commonly logged. For more information,
                // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
                const output = yield this.git.submoduleForeach(
-                // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+                // Wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
                `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules);
                // Replace the placeholder
                const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
@@ -351,20 +368,48 @@ class GitAuthHelper {
            }
        });
    }
-    configureToken(configPath, globalConfig) {
+    configureToken(globalConfig) {
        return __awaiter(this, void 0, void 0, function* () {
-            // Validate args
-            assert.ok((configPath && globalConfig) || (!configPath && !globalConfig), 'Unexpected configureToken parameter combinations');
-            // Default config path
-            if (!configPath && !globalConfig) {
-                configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config');
+            // Get the credentials config file path in RUNNER_TEMP
+            const credentialsConfigPath = yield this.getCredentialsConfigPath();
+            // Write placeholder to the separate credentials config file using git config.
+            // This approach avoids the credential being captured by process creation audit events,
+            // which are commonly logged. For more information, refer to
+            // https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
+            yield this.git.config(this.tokenConfigKey, this.tokenPlaceholderConfigValue, false, false, credentialsConfigPath);
+            // Replace the placeholder in the credentials config file
+            yield this.replaceTokenPlaceholder(credentialsConfigPath);
+            // Add include or includeIf to reference the credentials config
+            if (globalConfig) {
+                // Global config file is temporary
+                yield this.git.config('include.path', credentialsConfigPath, true);
+            }
+            else {
+                // For local config, use includeIf.gitdir to match the .git directory.
+                // Configure for both host and container paths to support Docker container actions.
+                let gitDir = path.join(this.git.getWorkingDirectory(), '.git');
+                console.log(`Git dir: ${gitDir}`);
+                core.info(`Git dir: ${gitDir}`);
+                // Use forward slashes for git config, even on Windows
+                gitDir = gitDir.replace(/\\/g, '/');
+                const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`;
+                yield this.git.config(hostIncludeKey, credentialsConfigPath);
+                this.credentialsIncludeKeys.push(hostIncludeKey);
+                // Configure for container scenario where paths are mapped to fixed locations
+                const githubWorkspace = process.env['GITHUB_WORKSPACE'];
+                assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined');
+                // Calculate the relative path of the working directory from GITHUB_WORKSPACE
+                const workingDirectory = this.git.getWorkingDirectory();
+                let relativePath = path.relative(githubWorkspace, workingDirectory);
+                // Container paths: GITHUB_WORKSPACE -> /github/workspace, RUNNER_TEMP -> /github/runner_temp
+                // Use forward slashes for git config
+                relativePath = relativePath.replace(/\\/g, '/');
+                const containerGitDir = path.posix.join('/github/workspace', relativePath, '.git');
+                const containerCredentialsPath = path.posix.join('/github/runner_temp', path.basename(credentialsConfigPath));
+                const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`;
+                yield this.git.config(containerIncludeKey, containerCredentialsPath);
+                this.credentialsIncludeKeys.push(containerIncludeKey);
            }
-            // Configure a placeholder value. This approach avoids the credential being captured
-            // by process creation audit events, which are commonly logged. For more information,
-            // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
-            yield this.git.config(this.tokenConfigKey, this.tokenPlaceholderConfigValue, globalConfig);
-            // Replace the placeholder
-            yield this.replaceTokenPlaceholder(configPath || '');
        });
    }
    replaceTokenPlaceholder(configPath) {
@@ -411,8 +456,24 @@ class GitAuthHelper {
    }
    removeToken() {
        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
            // HTTP extra header
            yield this.removeGitConfig(this.tokenConfigKey);
+            // Remove include/includeIf config entries
+            for (const includeKey of this.credentialsIncludeKeys) {
+                yield this.removeGitConfig(includeKey);
+            }
+            this.credentialsIncludeKeys = [];
+            // Remove credentials config file
+            if (this.credentialsConfigPath) {
+                try {
+                    yield io.rmRF(this.credentialsConfigPath);
+                }
+                catch (err) {
+                    core.debug(`${(_a = err === null || err === void 0 ? void 0 : err.message) !== null && _a !== void 0 ? _a : err}`);
+                    core.warning(`Failed to remove credentials config '${this.credentialsConfigPath}'`);
+                }
+            }
        });
    }
    removeGitConfig(configKey_1) {
@@ -627,9 +688,15 @@ class GitCommandManager {
            yield this.execGit(args);
        });
    }
-    config(configKey, configValue, globalConfig, add) {
+    config(configKey, configValue, globalConfig, add, configFile) {
        return __awaiter(this, void 0, void 0, function* () {
-            const args = ['config', globalConfig ? '--global' : '--local'];
+            const args = ['config'];
+            if (configFile) {
+                args.push('--file', configFile);
+            }
+            else {
+                args.push(globalConfig ? '--global' : '--local');
+            }
            if (add) {
                args.push('--add');
            }
--- a/src/git-auth-helper.ts
+++ b/src/git-auth-helper.ts
@@ -43,6 +43,8 @@ class GitAuthHelper {
  private sshKeyPath = ''
  private sshKnownHostsPath = ''
  private temporaryHomePath = ''
+  private credentialsConfigPath = '' // Path to separate credentials config file in RUNNER_TEMP
+  private credentialsIncludeKeys: string[] = [] // Track includeIf/include config keys for cleanup

  constructor(
    gitCommandManager: IGitCommandManager,
@@ -81,6 +83,22 @@ class GitAuthHelper {
    await this.configureToken()
  }

+  private async getCredentialsConfigPath(): Promise<string> {
+    if (this.credentialsConfigPath) {
+      return this.credentialsConfigPath
+    }
+
+    const runnerTemp = process.env['RUNNER_TEMP'] || ''
+    assert.ok(runnerTemp, 'RUNNER_TEMP is not defined')
+
+    // Create a unique filename for this checkout instance
+    const configFileName = `git-credentials-${uuid()}.config`
+    this.credentialsConfigPath = path.join(runnerTemp, configFileName)
+
+    core.debug(`Credentials config path: ${this.credentialsConfigPath}`)
+    return this.credentialsConfigPath
+  }
+
  async configureTempGlobalConfig(): Promise<string> {
    // Already setup global config
    if (this.temporaryHomePath?.length > 0) {
@@ -126,10 +144,10 @@ class GitAuthHelper {

  async configureGlobalAuth(): Promise<void> {
    // 'configureTempGlobalConfig' noops if already set, just returns the path
-    const newGitConfigPath = await this.configureTempGlobalConfig()
+    await this.configureTempGlobalConfig()
    try {
      // Configure the token
-      await this.configureToken(newGitConfigPath, true)
+      await this.configureToken(true)

      // Configure HTTPS instead of SSH
      await this.git.tryConfigUnset(this.insteadOfKey, true)
@@ -153,11 +171,13 @@ class GitAuthHelper {
    await this.removeGitConfig(this.insteadOfKey, true)

    if (this.settings.persistCredentials) {
+      // TODO: UPDATE THIS
+
      // Configure a placeholder value. This approach avoids the credential being captured
      // by process creation audit events, which are commonly logged. For more information,
      // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
      const output = await this.git.submoduleForeach(
-        // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+        // Wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
        `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
        this.settings.nestedSubmodules
      )
@@ -272,32 +292,66 @@ class GitAuthHelper {
    }
  }

-  private async configureToken(
-    configPath?: string,
-    globalConfig?: boolean
-  ): Promise<void> {
-    // Validate args
-    assert.ok(
-      (configPath && globalConfig) || (!configPath && !globalConfig),
-      'Unexpected configureToken parameter combinations'
-    )
+  private async configureToken(globalConfig?: boolean): Promise<void> {
+    // Get the credentials config file path in RUNNER_TEMP
+    const credentialsConfigPath = await this.getCredentialsConfigPath()

-    // Default config path
-    if (!configPath && !globalConfig) {
-      configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config')
-    }
-
-    // Configure a placeholder value. This approach avoids the credential being captured
-    // by process creation audit events, which are commonly logged. For more information,
-    // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
+    // Write placeholder to the separate credentials config file using git config.
+    // This approach avoids the credential being captured by process creation audit events,
+    // which are commonly logged. For more information, refer to
+    // https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
    await this.git.config(
      this.tokenConfigKey,
      this.tokenPlaceholderConfigValue,
-      globalConfig
+      false,
+      false,
+      credentialsConfigPath
    )

-    // Replace the placeholder
-    await this.replaceTokenPlaceholder(configPath || '')
+    // Replace the placeholder in the credentials config file
+    await this.replaceTokenPlaceholder(credentialsConfigPath)
+
+    // Add include or includeIf to reference the credentials config
+    if (globalConfig) {
+      // Global config file is temporary
+      await this.git.config('include.path', credentialsConfigPath, true)
+    } else {
+      // For local config, use includeIf.gitdir to match the .git directory.
+      // Configure for both host and container paths to support Docker container actions.
+      let gitDir = path.join(this.git.getWorkingDirectory(), '.git')
+      console.log(`Git dir: ${gitDir}`)
+      core.info(`Git dir: ${gitDir}`)
+      // Use forward slashes for git config, even on Windows
+      gitDir = gitDir.replace(/\\/g, '/')
+      const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`
+      await this.git.config(hostIncludeKey, credentialsConfigPath)
+      this.credentialsIncludeKeys.push(hostIncludeKey)
+
+      // Configure for container scenario where paths are mapped to fixed locations
+      const githubWorkspace = process.env['GITHUB_WORKSPACE']
+      assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined')
+      
+      // Calculate the relative path of the working directory from GITHUB_WORKSPACE
+      const workingDirectory = this.git.getWorkingDirectory()
+      let relativePath = path.relative(githubWorkspace, workingDirectory)
+
+      // Container paths: GITHUB_WORKSPACE -> /github/workspace, RUNNER_TEMP -> /github/runner_temp
+      // Use forward slashes for git config
+      relativePath = relativePath.replace(/\\/g, '/')
+      const containerGitDir = path.posix.join(
+        '/github/workspace',
+        relativePath,
+        '.git'
+      )
+      const containerCredentialsPath = path.posix.join(
+        '/github/runner_temp',
+        path.basename(credentialsConfigPath)
+      )
+
+      const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`
+      await this.git.config(containerIncludeKey, containerCredentialsPath)
+      this.credentialsIncludeKeys.push(containerIncludeKey)
+    }
  }

  private async replaceTokenPlaceholder(configPath: string): Promise<void> {
@@ -348,6 +402,24 @@ class GitAuthHelper {
  private async removeToken(): Promise<void> {
    // HTTP extra header
    await this.removeGitConfig(this.tokenConfigKey)
+
+    // Remove include/includeIf config entries
+    for (const includeKey of this.credentialsIncludeKeys) {
+      await this.removeGitConfig(includeKey)
+    }
+    this.credentialsIncludeKeys = []
+
+    // Remove credentials config file
+    if (this.credentialsConfigPath) {
+      try {
+        await io.rmRF(this.credentialsConfigPath)
+      } catch (err) {
+        core.debug(`${(err as any)?.message ?? err}`)
+        core.warning(
+          `Failed to remove credentials config '${this.credentialsConfigPath}'`
+        )
+      }
+    }
  }

  private async removeGitConfig(
--- a/src/git-command-manager.ts
+++ b/src/git-command-manager.ts
@@ -28,7 +28,8 @@ export interface IGitCommandManager {
    configKey: string,
    configValue: string,
    globalConfig?: boolean,
-    add?: boolean
+    add?: boolean,
+    configFile?: string
  ): Promise<void>
  configExists(configKey: string, globalConfig?: boolean): Promise<boolean>
  fetch(
@@ -223,9 +224,15 @@ class GitCommandManager {
    configKey: string,
    configValue: string,
    globalConfig?: boolean,
-    add?: boolean
+    add?: boolean,
+    configFile?: string
  ): Promise<void> {
-    const args: string[] = ['config', globalConfig ? '--global' : '--local']
+    const args: string[] = ['config']
+    if (configFile) {
+      args.push('--file', configFile)
+    } else {
+      args.push(globalConfig ? '--global' : '--local')
+    }
    if (add) {
      args.push('--add')
    }
Author	SHA1	Message	Date
eric sciple	b13eccf351	.	2025-10-14 19:07:14 +00:00
eric sciple	82257b56c2	.	2025-10-14 18:55:51 +00:00
eric sciple	d9b320ec70	.	2025-10-14 18:39:36 +00:00
eric sciple	bcc5319a0b	Persist creds to a separate file	2025-10-13 21:50:24 +00:00