github-auth
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseGitHub Authentication
GitHub身份验证
This skill provides secure access to GitHub credentials for API operations, repository management, and git commands.
本技能为API操作、仓库管理和Git命令提供安全的GitHub凭据访问方式。
Instructions
使用说明
When helping with GitHub operations that require authentication:
当协助处理需要身份验证的GitHub操作时:
Credential Location
凭据位置
-
Credentials are stored in the project rootfile
.env -
Cross-platform path examples:
- Linux/macOS: or use relative path:
~/apps/your_claude_skills/.env./.env - Windows: or relative:
%USERPROFILE%\apps\your_claude_skills\.env.\.env
- Linux/macOS:
-
Load credentials:bash
# Linux/macOS: source ./.env # Windows PowerShell: # Get-Content .\.env | ForEach-Object { if ($_ -match '^([^=]+)=(.*)$') { [Environment]::SetEnvironmentVariable($matches[1], $matches[2]) } } -
Access in scripts:bash
# Linux/macOS: GITHUB_USERNAME=$(grep GITHUB_USERNAME ./.env | cut -d= -f2) GITHUB_PAT=$(grep GITHUB_PAT ./.env | cut -d= -f2) # Windows PowerShell: # $GITHUB_USERNAME = (Get-Content .\.env | Select-String "GITHUB_USERNAME").Line.Split("=")[1] # $GITHUB_PAT = (Get-Content .\.env | Select-String "GITHUB_PAT").Line.Split("=")[1]
-
凭据存储在项目根目录的文件中
.env -
跨平台路径示例:
- Linux/macOS:或使用相对路径:
~/apps/your_claude_skills/.env./.env - Windows:或相对路径:
%USERPROFILE%\apps\your_claude_skills\.env.\.env
- Linux/macOS:
-
加载凭据:bash
# Linux/macOS: source ./.env # Windows PowerShell: # Get-Content .\.env | ForEach-Object { if ($_ -match '^([^=]+)=(.*)$') { [Environment]::SetEnvironmentVariable($matches[1], $matches[2]) } } -
在脚本中访问:bash
# Linux/macOS: GITHUB_USERNAME=$(grep GITHUB_USERNAME ./.env | cut -d= -f2) GITHUB_PAT=$(grep GITHUB_PAT ./.env | cut -d= -f2) # Windows PowerShell: # $GITHUB_USERNAME = (Get-Content .\.env | Select-String "GITHUB_USERNAME").Line.Split("=")[1] # $GITHUB_PAT = (Get-Content .\.env | Select-String "GITHUB_PAT").Line.Split("=")[1]
GitHub API Operations
GitHub API操作
Use the GitHub CLI (gh) for authenticated operations:
bash
undefined使用GitHub CLI(gh)执行需身份验证的操作:
bash
undefinedAuthenticate gh with stored PAT
使用存储的PAT验证gh身份
echo "$GITHUB_PAT" | gh auth login --with-token
echo "$GITHUB_PAT" | gh auth login --with-token
Or use API directly with curl
或直接使用curl调用API
curl -H "Authorization: token $GITHUB_PAT" https://api.github.com/user/repos
undefinedcurl -H "Authorization: token $GITHUB_PAT" https://api.github.com/user/repos
undefinedGit Operations with Authentication
带身份验证的Git操作
⚠️ SECURITY WARNING: Embedding credentials in URLs is a security risk. Use SSH keys or git credential helper instead.
RECOMMENDED: Use SSH Keys
bash
undefined⚠️ 安全警告:在URL中嵌入凭据存在安全风险。请改用SSH密钥或Git凭据助手。
推荐:使用SSH密钥
bash
undefinedSetup SSH key for GitHub (one-time setup)
为GitHub设置SSH密钥(一次性设置)
ssh-keygen -t ed25519 -C "your_email@example.com"
cat ~/.ssh/id_ed25519.pub # Add this to GitHub Settings > SSH Keys
ssh-keygen -t ed25519 -C "your_email@example.com"
cat ~/.ssh/id_ed25519.pub # 将此内容添加到GitHub设置 > SSH密钥中
Clone with SSH (RECOMMENDED)
使用SSH克隆(推荐)
git clone git@github.com:owner/repo.git
git clone git@github.com:owner/repo.git
Add SSH remote
添加SSH远程仓库
git remote add origin git@github.com:owner/repo.git
**ALTERNATIVE: Use Git Credential Helper**
```bashgit remote add origin git@github.com:owner/repo.git
**替代方案:使用Git凭据助手**
```bashConfigure git credential helper (stores credentials securely)
配置Git凭据助手(安全存储凭据)
git config --global credential.helper store
git config --global credential.helper store
First time will prompt for credentials, then stores them securely
首次操作会提示输入凭据,之后将安全存储
git clone https://github.com/owner/repo.git
**NOT RECOMMENDED: Credentials in URL** (only for automation/CI)
```bashgit clone https://github.com/owner/repo.git
**不推荐:URL中包含凭据**(仅用于自动化/CI环境)
```bashWARNING: Credentials in URLs can leak in logs/history
警告:URL中的凭据可能会在日志/历史记录中泄露
Only use in secure, automated environments
仅在安全的自动化环境中使用
git clone https://$GITHUB_USERNAME:$GITHUB_PAT@github.com/owner/repo.git
undefinedgit clone https://$GITHUB_USERNAME:$GITHUB_PAT@github.com/owner/repo.git
undefinedCommon GitHub Operations
常见GitHub操作
-
Create Repositorybash
gh repo create owner/repo --private --description "Description" -
List Repositoriesbash
gh repo list -
Create Pull Requestbash
gh pr create --title "Title" --body "Description" -
Manage Issuesbash
gh issue create --title "Issue" --body "Description" gh issue list -
Release Managementbash
gh release create v1.0.0 --title "Release 1.0.0" --notes "Release notes"
-
创建仓库bash
gh repo create owner/repo --private --description "Description" -
列出仓库bash
gh repo list -
创建拉取请求bash
gh pr create --title "Title" --body "Description" -
管理Issuebash
gh issue create --title "Issue" --body "Description" gh issue list -
版本发布管理bash
gh release create v1.0.0 --title "Release 1.0.0" --notes "Release notes"
Security Best Practices
安全最佳实践
-
Never Echo or Display PAT
- Never use or display the token
echo $GITHUB_PAT - Use it directly in commands or pipe to stdin
- Keep .env file permissions restricted (chmod 600)
- Never use
-
Use gh CLI When Possible
- Prefer commands over raw API calls
gh - gh stores credentials securely
- Better error handling and user-friendly output
- Prefer
-
Never Put Credentials in Git URLs
- Credentials in URLs can leak in git history, logs, and error messages
- Use SSH keys or git credential helper instead
- Only use URL credentials in secure CI/CD environments
-
Verify .env is Gitignored
- Always check .gitignore includes .env
- Never commit credentials to git
- Use .env.example for documentation
-
Rotate Tokens Regularly
- GitHub PATs should be rotated periodically
- Revoke old tokens after rotation
- Update .env file with new token
-
切勿回显或显示PAT
- 切勿使用或显示令牌
echo $GITHUB_PAT - 直接在命令中使用或通过标准输入传递
- 限制.env文件的权限(chmod 600)
- 切勿使用
-
尽可能使用gh CLI
- 优先使用命令而非直接调用API
gh - gh会安全存储凭据
- 更好的错误处理和用户友好的输出
- 优先使用
-
切勿在Git URL中放入凭据
- URL中的凭据可能会在Git历史、日志和错误信息中泄露
- 改用SSH密钥或Git凭据助手
- 仅在安全的CI/CD环境中使用URL凭据
-
验证.env已被Git忽略
- 始终检查.gitignore是否包含.env
- 切勿将凭据提交到Git
- 使用.env.example作为文档模板
-
定期轮换令牌
- GitHub PAT应定期轮换
- 轮换后撤销旧令牌
- 使用新令牌更新.env文件
Error Handling
错误处理
If authentication fails:
- Verify PAT is valid in .env file
- Check PAT has required scopes (repo, workflow, etc.)
- Verify PAT hasn't expired
- Test with:
gh auth status
如果身份验证失败:
- 验证.env文件中的PAT是否有效
- 检查PAT是否具有所需的权限范围(repo、workflow等)
- 验证PAT是否未过期
- 使用以下命令测试:
gh auth status
Examples
示例
Example 1: Create and Push to New Repo
示例1:创建并推送到新仓库
bash
undefinedbash
undefinedLoad credentials (Linux/macOS):
加载凭据(Linux/macOS):
source ./.env
source ./.env
Load credentials (Windows PowerShell):
加载凭据(Windows PowerShell):
Get-Content ..env | ForEach-Object { if ($_ -match '^([^=]+)=(.*)$') { [Environment]::SetEnvironmentVariable($matches[1], $matches[2]) } }
Get-Content ..env | ForEach-Object { if ($_ -match '^([^=]+)=(.*)$') { [Environment]::SetEnvironmentVariable($matches[1], $matches[2]) } }
Create private repository
创建私有仓库
gh repo create yourusername/my-new-repo --private --description "My new project"
gh repo create yourusername/my-new-repo --private --description "My new project"
Initialize local repo and push
初始化本地仓库并推送
git init
git add .
git commit -m "Initial commit"
git branch -M main
git remote add origin https://github.com/yourusername/my-new-repo.git
git push -u origin main
undefinedgit init
git add .
git commit -m "Initial commit"
git branch -M main
git remote add origin https://github.com/yourusername/my-new-repo.git
git push -u origin main
undefinedExample 2: Clone Private Repo (SSH - RECOMMENDED)
示例2:克隆私有仓库(SSH - 推荐)
bash
undefinedbash
undefinedClone with SSH (most secure)
使用SSH克隆(最安全)
git clone git@github.com:yourusername/private-repo.git
undefinedgit clone git@github.com:yourusername/private-repo.git
undefinedExample 2b: Clone with Credential Helper
示例2b:使用凭据助手克隆
bash
undefinedbash
undefinedFirst time setup (one-time)
首次设置(一次性)
git config --global credential.helper store
git config --global credential.helper store
Clone - will prompt for credentials first time, then cache
克隆 - 首次会提示输入凭据,之后将缓存
undefinedundefinedExample 3: API Request
示例3:API请求
bash
undefinedbash
undefinedLoad credentials (Linux/macOS):
加载凭据(Linux/macOS):
source ./.env
source ./.env
Load credentials (Windows PowerShell):
加载凭据(Windows PowerShell):
Get-Content ..env | ForEach-Object { if ($_ -match '^([^=]+)=(.*)$') { [Environment]::SetEnvironmentVariable($matches[1], $matches[2]) } }
Get-Content ..env | ForEach-Object { if ($_ -match '^([^=]+)=(.*)$') { [Environment]::SetEnvironmentVariable($matches[1], $matches[2]) } }
List user's repositories (Linux/macOS):
列出用户的仓库(Linux/macOS):
curl -s -H "Authorization: token $GITHUB_PAT"
https://api.github.com/user/repos | jq -r '.[].full_name'
https://api.github.com/user/repos | jq -r '.[].full_name'
curl -s -H "Authorization: token $GITHUB_PAT"
https://api.github.com/user/repos | jq -r '.[].full_name'
https://api.github.com/user/repos | jq -r '.[].full_name'
Windows PowerShell:
Windows PowerShell:
$headers = @{ Authorization = "token $env:GITHUB_PAT" }
$headers = @{ Authorization = "token $env:GITHUB_PAT" }
(Invoke-RestMethod -Uri "https://api.github.com/user/repos" -Headers $headers).full_name
(Invoke-RestMethod -Uri "https://api.github.com/user/repos" -Headers $headers).full_name
undefinedundefinedNotes
注意事项
- GitHub CLI (gh) is the recommended method for GitHub operations
- The PAT should have appropriate scopes based on operations needed
- Credentials file is protected by .gitignore
- For CI/CD, use GitHub Actions secrets instead of .env file
- Consider using SSH keys for git operations as an alternative to HTTPS with PAT
- GitHub CLI(gh)是执行GitHub操作的推荐方式
- PAT应根据所需操作拥有适当的权限范围
- 凭据文件受.gitignore保护
- 对于CI/CD,使用GitHub Actions密钥而非.env文件
- 考虑使用SSH密钥作为HTTPS+PAT的替代方案进行Git操作