THRIFT-5989: Work around JWT-format GITHUB_TOKEN breaking composer install#3470
Closed
Jens-G wants to merge 1 commit into
Closed
THRIFT-5989: Work around JWT-format GITHUB_TOKEN breaking composer install#3470Jens-G wants to merge 1 commit into
Jens-G wants to merge 1 commit into
Conversation
…stall Client: php GitHub is rolling out a new GITHUB_TOKEN format (ghs_<id>_<jwt>) that contains dots. shivammathur/setup-php passes this token verbatim to composer config --global github-oauth.github.com. Composer's token validator (BaseIO.php:143) rejects any token containing characters outside [A-Za-z0-9-_], causing composer install to fail with: Your github oauth token for github.com contains invalid characters Explicitly unset the global github-oauth config before each composer install invocation (lib-php matrix and cross-test). This removes the invalid token that setup-php wrote without modifying the action pin. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Generated-by: Claude Sonnet 4.6 <noreply@anthropic.com>
mergeable
Bot
added
the
github_actions
Member
Author
|
Closing — replaced by a conflict-free branch. Reopening with correct head. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up to #3469: the
COMPOSER_AUTH='{}'env-var approach in that PR does not work because it only overrides Composer's local auth.json. The global auth.json written byshivammathur/setup-php(which holds the invalid JWT token) is read and validated independently, before the env var takes effect.This PR replaces the env-var workaround with an explicit
composer config --global --unset github-oauth.github.com || truebefore eachcomposer installcall, removing the bad token at the source.Affected steps:
lib-phpmatrix ("Install Dependencies") andcross-test("Install PHP dependencies").Test plan
lib-php (8.x)jobs passcross-testjob passes🤖 Generated with Claude Code