Skip to content

fix(ci): add GITHUB_TOKEN to checkout action for self-hosted runner#7

Merged
AnnatarHe merged 2 commits intomainfrom
ci/fix-checkout-auth-token
Jan 6, 2026
Merged

fix(ci): add GITHUB_TOKEN to checkout action for self-hosted runner#7
AnnatarHe merged 2 commits intomainfrom
ci/fix-checkout-auth-token

Conversation

@AnnatarHe
Copy link
Copy Markdown
Collaborator

@AnnatarHe AnnatarHe commented Jan 6, 2026

Summary

  • Adds explicit token: ${{ secrets.GITHUB_TOKEN }} to checkout actions in release.yml and testing.yml
  • Fixes authentication error "could not read Username for 'https://github.com': terminal prompts disabled" on self-hosted runner

Test plan

  • Verify testing workflow passes on self-hosted runner
  • Verify release workflow passes on self-hosted runner

🤖 Generated with Claude Code

@AnnatarHe @claude
fix(ci): add GITHUB_TOKEN to checkout action for self-hosted runner
aacb473 
The checkout action was failing on self-hosted runner with "could not
read Username for 'https://github.com': terminal prompts disabled".
Adding explicit token parameter resolves authentication issues.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@gemini-code-assist
Copy link
Copy Markdown

gemini-code-assist Bot commented Jan 6, 2026

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

@claude
Copy link
Copy Markdown

claude Bot commented Jan 6, 2026

Code Review

Overview

This PR addresses a specific authentication issue with the actions/checkout@v6 action on self-hosted runners. The fix is simple, targeted, and correct.

✅ Strengths

  1. Correct Fix: Adding token: ${{ secrets.GITHUB_TOKEN }} explicitly resolves the authentication issue on self-hosted runners where the token isn't automatically inferred
  2. Consistent Application: Applied to both workflow files that need it (release.yml and testing.yml)
  3. Good Commit Message: Follows the Conventional Commits format specified in CLAUDE.md with proper scope and clear description
  4. Well-Documented: PR description clearly explains the problem and the fix

🔍 Technical Analysis

Security: ✅ Safe

  • Using GITHUB_TOKEN is the standard and secure approach
  • The token is automatically provided by GitHub Actions with appropriate scoped permissions
  • The workflow already has permissions: block in release.yml (lines 8-10) which limits token scope

Best Practices: ✅ Follows conventions

  • Explicitly passing the token is actually a best practice for self-hosted runners
  • GitHub's own documentation recommends this for private repositories and self-hosted environments
  • Makes the authentication mechanism explicit rather than implicit

Performance: ✅ No impact

  • No performance implications
  • Token is already available in the context; just being passed explicitly now

Testing: ⚠️ Minor suggestion

  • The test plan checklist in the PR body is empty
  • Consider adding a comment after the workflows run successfully to confirm the fix works

🔎 Additional Observations

I checked the other workflow files in the repository:

  • .github/workflows/claude-code-review.yml
  • .github/workflows/claude.yml

These may also benefit from the same fix if they run on the same self-hosted runner (jp-arm-oracle). You might want to verify whether they experience similar authentication issues.

📝 Recommendations

Optional Enhancements (not blocking):

  1. Check other workflows: Verify if claude-code-review.yml and claude.yml need the same treatment
  2. Document the pattern: Consider adding a note in the repository documentation about self-hosted runner requirements
  3. Update test plan: Mark the checkboxes in the PR description once workflows pass successfully

✅ Verdict

LGTM (Looks Good To Me) - This is a clean, minimal fix that directly addresses the stated problem. No bugs, security concerns, or quality issues identified.

The change is already merged, and this is the correct solution for the self-hosted runner authentication issue. Nice work! 🚀

@AnnatarHe @claude
fix(ci): add persist-credentials false to checkout action
a0e7da7 
Prevents stale git credentials from interfering with checkout
on self-hosted runner.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@codecov
Copy link
Copy Markdown

codecov Bot commented Jan 6, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

❌ Your project status has failed because the head coverage (14.49%) is below the target coverage (60.00%). You can increase the head coverage or adjust the target coverage.

Impacted file tree graph

@@           Coverage Diff           @@
##             main       #7   +/-   ##
=======================================
  Coverage   14.49%   14.49%           
=======================================
  Files          19       19           
  Lines         690      690           
  Branches      160      160           
=======================================
  Hits          100      100           
  Misses        558      558           
  Partials       32       32

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6a0b692...a0e7da7. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@AnnatarHe AnnatarHe merged commit 669ea22 into main Jan 6, 2026
3 of 5 checks passed
@AnnatarHe AnnatarHe deleted the ci/fix-checkout-auth-token branch January 6, 2026 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AnnatarHe