{"id":17209317,"url":"https://github.com/de-vri-es/setup-git-credentials","last_synced_at":"2026-03-17T21:34:51.933Z","repository":{"id":37859043,"uuid":"208498827","full_name":"de-vri-es/setup-git-credentials","owner":"de-vri-es","description":"GitHub action to enable cloning private respositories.","archived":false,"fork":false,"pushed_at":"2025-05-26T06:48:50.000Z","size":9644,"stargazers_count":97,"open_issues_count":2,"forks_count":24,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-03-07T12:58:41.232Z","etag":null,"topics":["actions","credentials","dependencies","git","hacktoberfest","private"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/de-vri-es.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-14T20:20:06.000Z","updated_at":"2026-02-17T11:02:38.000Z","dependencies_parsed_at":"2024-01-30T10:30:44.298Z","dependency_job_id":"48d76bac-0c49-49da-ae95-5b67b15c994d","html_url":"https://github.com/de-vri-es/setup-git-credentials","commit_stats":{"total_commits":38,"total_committers":7,"mean_commits":5.428571428571429,"dds":0.3421052631578947,"last_synced_commit":"437c089dfafbbb421688162bf56d6613ca17c9d4"},"previous_names":["fusion-engineering/setup-git-credentials"],"tags_count":19,"template":false,"template_full_name":"actions/typescript-action","purl":"pkg:github/de-vri-es/setup-git-credentials","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/de-vri-es%2Fsetup-git-credentials","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/de-vri-es%2Fsetup-git-credentials/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/de-vri-es%2Fsetup-git-credentials/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/de-vri-es%2Fsetup-git-credentials/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/de-vri-es","download_url":"https://codeload.github.com/de-vri-es/setup-git-credentials/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/de-vri-es%2Fsetup-git-credentials/sbom","scorecard":{"id":330572,"data":{"date":"2025-08-11","repo":{"name":"github.com/de-vri-es/setup-git-credentials","commit":"c1eccdaff9d261d18f25077f4265c97237c1f779"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Code-Review","score":2,"reason":"Found 3/11 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Maintained","score":0,"reason":"1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/checkin.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 2-Clause \"Simplified\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":8,"reason":"binaries present in source code","details":["Warn: binary detected: node_modules/undici/lib/llhttp/llhttp.wasm:1","Warn: binary detected: node_modules/undici/lib/llhttp/llhttp_simd.wasm:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checkin.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/de-vri-es/setup-git-credentials/checkin.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checkin.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/de-vri-es/setup-git-credentials/checkin.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checkin.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/de-vri-es/setup-git-credentials/checkin.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checkin.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/de-vri-es/setup-git-credentials/checkin.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checkin.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/de-vri-es/setup-git-credentials/checkin.yml/main?enable=pin","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 24 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T03:29:00.678Z","repository_id":37859043,"created_at":"2025-08-18T03:29:00.678Z","updated_at":"2025-08-18T03:29:00.678Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30632017,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-17T17:32:55.572Z","status":"ssl_error","status_checked_at":"2026-03-17T17:32:38.732Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","credentials","dependencies","git","hacktoberfest","private"],"created_at":"2024-10-15T02:51:18.212Z","updated_at":"2026-03-17T21:34:51.901Z","avatar_url":"https://github.com/de-vri-es.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Configuring credentials\n\nThis action allows you to clone private git repositories using HTTP authentication.\nThe credentials should be passed to the action through the `credentials` parameter.\nIt is highly recommended to store the credentials in a secret and pass the secret to the action,\nrather than hard-coding the credentials in the configuration file.\n\nNote that the `checkout` action already allows you to clone the main repository.\nThis action is intended for downloading additional dependencies from private repositories.\n\nThe action stores the credentials in the file `$XDG_CONFIG_HOME/git/credentials`,\nand configures git to use it by calling `git config --global credential.helper store`/\nThe credentials should be list of URL patterns with authentication information.\nSee `man 7 git-credentials-store` for more details.\n\nAdditionally, the action configures git to rewrite SSH URLs for GitHub repositories to HTTPS URLs.\nThis allows dependencies to be specified using a SSH URLs for developers,\nwhile the CI system will automatically clone over HTTPS with the provided credentials.\n\nIt is advisable to generate an access token specifically for your workflow.\nSimply use the token in place of an account password in the credentials.\nBe sure to grant full access for the `repo` scope to the token,\notherwise the token can not be used to clone private repositories.\nWithout the right permissions, the clone will normally fail with a 404 error.\n\nA sample configuration for a workflow is shown here:\n```yaml\nname: Rust\non: [push]\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n    - uses: de-vri-es/setup-git-credentials@v2\n      with:\n        credentials: ${{secrets.GIT_CREDENTIALS}}\n    - uses: actions/checkout@v1\n    - name: Build\n      run: cargo +stable build --color=always\n    - name: Run tests\n      run: cargo +stable test --color=always\n```\n\nThe credentials secret would contain something like this:\n```\nhttps://$username:$token@github.com/\n```\n\nIt is also possible to provide additional credentials for different domains in the credentials list.\n\n# Why not use a plain SSH key?\nIn general, a plain SSH key would be a good solution too.\nHowever, at the moment Cargo (the Rust package manager) does not support SSH authentication other than through an SSH agent.\nSSH agents are not meant to be used non-interactively, so HTTPS authentication is a simpler solution.\n\nIf you can use plain SSH keys that may be easier.\n\n# Compatibility with custom runners\n\nThe latest version of this action runs on `node20`.\nIf your custom runner doesn't support `node20` yet, you can pin the action to `v2.0` which runs on `node16`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fde-vri-es%2Fsetup-git-credentials","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fde-vri-es%2Fsetup-git-credentials","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fde-vri-es%2Fsetup-git-credentials/lists"}