npm - @aspruyt/xfg - Versions diffs - 3.1.0 → 3.1.2 - Mend

@aspruyt/xfg 3.1.0 → 3.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/strategies/graphql-commit-strategy.d.ts +14 -0
package/dist/strategies/graphql-commit-strategy.js +32 -7
package/package.json +1 -1

package/dist/strategies/graphql-commit-strategy.d.ts CHANGED Viewed

@@ -44,6 +44,20 @@ export declare class GraphQLCommitStrategy implements CommitStrategy {
      * Execute the createCommitOnBranch GraphQL mutation.
      */
     private executeGraphQLMutation;
+    /**
+     * Build a git command with optional token authentication override.
+     * When a token is provided, uses -c url.insteadOf to override the global
+     * git config and authenticate with the provided token instead.
+     *
+     * This is critical for GitHub App authentication where the global git config
+     * may have a PAT token embedded, but we need to use the GitHub App installation token.
+     *
+     * Uses a repo-specific URL pattern (including owner/repo) so it has a LONGER
+     * prefix match than the global config and takes precedence.
+     *
+     * Applies to all remote operations: push, fetch, ls-remote, etc.
+     */
+    private buildAuthenticatedGitCommand;
     /**
      * Ensure the branch exists on the remote and matches local HEAD.
      * createCommitOnBranch requires the branch to already exist.

package/dist/strategies/graphql-commit-strategy.js CHANGED Viewed

@@ -72,7 +72,7 @@ export class GraphQLCommitStrategy {
         // Ensure the branch exists on remote and is up-to-date with local HEAD
         // createCommitOnBranch requires the branch to already exist
         // For PR branches (force=true), we force-update to ensure fresh start from main
-        await this.ensureBranchExistsOnRemote(branchName, workDir, options.force);
+        await this.ensureBranchExistsOnRemote(branchName, workDir, options.force, token, githubInfo.host, githubInfo.owner, githubInfo.repo);
         // Retry loop for expectedHeadOid mismatch
         let lastError = null;
         for (let attempt = 0; attempt <= retries; attempt++) {
@@ -80,7 +80,7 @@ export class GraphQLCommitStrategy {
                 // Fetch from remote to ensure we have the latest HEAD
                 // This is critical for expectedHeadOid to match
                 const safeBranch = escapeShellArg(branchName);
-                await this.executor.exec(`git fetch origin ${safeBranch}:refs/remotes/origin/${safeBranch}`, workDir);
+                await this.executor.exec(this.buildAuthenticatedGitCommand(`fetch origin ${safeBranch}:refs/remotes/origin/${safeBranch}`, token, githubInfo.host, githubInfo.owner, githubInfo.repo), workDir);
                 // Get the remote HEAD SHA for this branch (not local HEAD)
                 const headSha = await this.executor.exec(`git rev-parse origin/${safeBranch}`, workDir);
                 // Build and execute the GraphQL mutation
@@ -171,6 +171,31 @@ export class GraphQLCommitStrategy {
             pushed: true, // GraphQL commits are pushed directly
         };
     }
+    /**
+     * Build a git command with optional token authentication override.
+     * When a token is provided, uses -c url.insteadOf to override the global
+     * git config and authenticate with the provided token instead.
+     *
+     * This is critical for GitHub App authentication where the global git config
+     * may have a PAT token embedded, but we need to use the GitHub App installation token.
+     *
+     * Uses a repo-specific URL pattern (including owner/repo) so it has a LONGER
+     * prefix match than the global config and takes precedence.
+     *
+     * Applies to all remote operations: push, fetch, ls-remote, etc.
+     */
+    buildAuthenticatedGitCommand(gitArgs, token, host = "github.com", owner, repo) {
+        if (!token) {
+            return `git ${gitArgs}`;
+        }
+        // Use repo-specific URL pattern for LONGER prefix match to override global config
+        // Global config: url."https://x-access-token:PAT@github.com/".insteadOf = "https://github.com/"
+        // Our config:    url."https://x-access-token:APP@github.com/owner/repo".insteadOf = "https://github.com/owner/repo"
+        // The longer prefix (owner/repo) takes precedence in git's URL matching
+        const repoPath = owner && repo ? `${owner}/${repo}` : "";
+        const urlOverride = `url."https://x-access-token:${token}@${host}/${repoPath}".insteadOf="https://${host}/${repoPath}"`;
+        return `git -c ${escapeShellArg(urlOverride)} ${gitArgs}`;
+    }
     /**
      * Ensure the branch exists on the remote and matches local HEAD.
      * createCommitOnBranch requires the branch to already exist.
@@ -180,23 +205,23 @@ export class GraphQLCommitStrategy {
      *
      * For direct mode (force=false): just ensure branch exists.
      */
-    async ensureBranchExistsOnRemote(branchName, workDir, force) {
+    async ensureBranchExistsOnRemote(branchName, workDir, force, token, host, owner, repo) {
         // Branch name was validated in commit(), safe for shell use
         try {
             // Check if the branch exists on remote
-            await this.executor.exec(`git ls-remote --exit-code --heads origin ${escapeShellArg(branchName)}`, workDir);
+            await this.executor.exec(this.buildAuthenticatedGitCommand(`ls-remote --exit-code --heads origin ${escapeShellArg(branchName)}`, token, host, owner, repo), workDir);
             // Branch exists - for PR branches, delete and recreate to ensure fresh from main
             if (force) {
-                await this.executor.exec(`git push origin --delete ${escapeShellArg(branchName)}`, workDir);
+                await this.executor.exec(this.buildAuthenticatedGitCommand(`push origin --delete ${escapeShellArg(branchName)}`, token, host, owner, repo), workDir);
                 // Now push fresh branch from local HEAD
-                await this.executor.exec(`git push -u origin HEAD:${escapeShellArg(branchName)}`, workDir);
+                await this.executor.exec(this.buildAuthenticatedGitCommand(`push -u origin HEAD:${escapeShellArg(branchName)}`, token, host, owner, repo), workDir);
             }
             // For direct mode (force=false), leave existing branch as-is
         }
         catch {
             // Branch doesn't exist on remote, push it
             // This pushes the current local branch to create it on remote
-            await this.executor.exec(`git push -u origin HEAD:${escapeShellArg(branchName)}`, workDir);
+            await this.executor.exec(this.buildAuthenticatedGitCommand(`push -u origin HEAD:${escapeShellArg(branchName)}`, token, host, owner, repo), workDir);
         }
     }
     /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aspruyt/xfg",
-  "version": "3.1.0",
+  "version": "3.1.2",
   "description": "CLI tool for repository-as-code",
   "type": "module",
   "main": "dist/index.js",