Lines 1-26javascript
1// GitHub credential handling for the SDK's child git/gh processes.
2// - Write ~/.git-credentials (https://x-access-token:TOKEN@github.com)
3// - Ensure `credential.helper store` in the global gitconfig
4// - Track GH_TOKEN so it can be injected into the SDK `env` for child processes
5// - Optionally clone the configured repo into /workspace/repo
6import { promises as fs } from "node:fs";
7import { spawn } from "node:child_process";
8import os from "node:os";
HighChild Process
Package source references child process execution.
dist/git.jsView on unpkg · L6 9import path from "node:path";
10import { log } from "./log.js";
11const HOME = process.env.HOME ?? os.homedir();
12// Portability (self-hosted): the repo clones inside the workspace (not a hardcoded /workspace), and
13// the credential store is redirectable via JUNGLE_GIT_CREDENTIALS. On a user's own machine the
14// daemon points JUNGLE_GIT_CREDENTIALS + GIT_CONFIG_GLOBAL into the agent's private state dir so the
15// agent never clobbers the person's real ~/.gitconfig / ~/.git-credentials. In a container both are
16// unset and this stays exactly as before (~/.git-credentials, global gitconfig).
17const WORKSPACE = process.env.JUNGLE_WORKSPACE ?? "/workspace";
18const CREDENTIALS_FILE = process.env.JUNGLE_GIT_CREDENTIALS ?? path.join(HOME, ".git-credentials");
19const REPO_DIR = path.join(WORKSPACE, "repo");
20// Latest known token, injected into the SDK env option (see runner.ts).
21let currentToken = null;
22export function getGhToken() {
25function run(cmd, args, opts = {}) {
26 return new Promise((resolve) => {