Skip to content

fix(ci): disable persist-credentials in packagist job#669

Merged
vieiralucas merged 1 commit intomainfrom
fix/ci-packagist-credentials
Apr 22, 2026
Merged

fix(ci): disable persist-credentials in packagist job#669
vieiralucas merged 1 commit intomainfrom
fix/ci-packagist-credentials

Conversation

@vieiralucas
Copy link
Copy Markdown
Member

@vieiralucas vieiralucas commented Apr 22, 2026
edited by cubic-dev-ai Bot
Loading

Why

v0.10.0 release Packagist job failed with:

remote: Permission to faiscadev/fakecloud-php.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/faiscadev/fakecloud-php.git/': The requested URL returned error: 403

Even after refreshing PHP_MIRROR_TOKEN with write on the mirror.

Root cause: `actions/checkout@v4` default `persist-credentials: true` installs a git config extraheader that authenticates all github.com pushes as the built-in GITHUB_TOKEN (github-actions[bot]). That bot has no write on faiscadev/fakecloud-php, so git ignores the `x-access-token:${MIRROR_TOKEN}` in the remote URL and uses the bot token instead.

Fix: `persist-credentials: false` on this job's checkout. The PAT embedded in the remote URL is then used.

Test plan

  • CI green on this PR
  • After merge, re-run `Publish Packagist` on v0.10.0 run (id 24781286793) — expect success and `faiscadev/fakecloud-php` tagged `v0.10.0`

Summary by cubic

Disable persisted GitHub credentials in the Packagist publish job so mirror pushes use the PAT instead of the default GITHUB_TOKEN, fixing 403 failures on faiscadev/fakecloud-php.
This restores the v0.10.0 Packagist release flow.

  • Bug Fixes
    • In the Packagist job, set actions/checkout@v4 persist-credentials: false so git uses the PAT in the remote URL, resolving 403 on mirror pushes.

Written for commit 0f01b59. Summary will update on new commits.

@vieiralucas
fix(ci): disable persist-credentials in packagist job so PAT is used
0f01b59 
actions/checkout@v4 installs a git credential helper that authenticates
as the default GITHUB_TOKEN (github-actions[bot]) for all pushes to
github.com. That bot cannot push to faiscadev/fakecloud-php, so the
mirror push fails with 403 even when PHP_MIRROR_TOKEN is set — the
x-access-token userinfo in the remote URL is overridden by the
helper's extraheader.

Set persist-credentials: false on this job's checkout so git uses the
credentials embedded in the remote URL.
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 22, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

@vieiralucas vieiralucas merged commit eb85b9c into main Apr 22, 2026
42 checks passed
@vieiralucas vieiralucas deleted the fix/ci-packagist-credentials branch April 22, 2026 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vieiralucas