Accessing (private) GitHub resources from a Codespace
If you want to access packages or repositories from another organization though, you're out of luck. Even though you can request access to repositories outside of your organization or account, GitHub won't grant you that access when the Codespace starts.
By default, your GitHub Codespace carries an authorization token for the repository the codespace was opened in as well as all public repositories your user has access to.
You can request access to other repositories in the same account or organization through the devcontainer.json
's customizations
section:
"customizations": {
// Configure properties specific to Codespaces.
"codespaces": {
"repositories": {
// List additional repositories you'll need access to:
"jessehouwing/demo": {
"permissions": {
"contents": "read",
"packages": "read"
}
}
}
}
}
If you want to access packages or repositories from another organization though, you're out of luck. Even though you can request access to repositories outside of your organization or account, GitHub won't grant you that access when the Codespace starts:
If this happens, and you do need access to other private repositories (or in my case public repositories that require SAML authentication of your identity), you'll need to do a little dance inside your codespace:
@jessehouwing ➜ /workspaces/jessehouwing (master) $ unset GITHUB_TOKEN
@jessehouwing ➜ /workspaces/jessehouwing (master) $ unset GH_TOKEN
@jessehouwing ➜ /workspaces/jessehouwing (master) $ docker logout ghcr.io
Removing login credentials for ghcr.io
@jessehouwing ➜ /workspaces/jessehouwing (master) $ gh auth login
? What account do you want to log into? GitHub.com
? What is your preferred protocol for Git operations? HTTPS
? Authenticate Git with your GitHub credentials? Yes
? How would you like to authenticate GitHub CLI? Login with a web browser
! First copy your one-time code: XXX-XXX
Press Enter to open github.com in your browser...
✓ Authentication complete.
- gh config set -h github.com git_protocol https
✓ Configured git protocol
✓ Logged in as jessehouwing
@jessehouwing ➜ /workspaces/jessehouwing (master) $ gh auth token | docker login ghcr.io
Authenticating with existing credentials...
Login Succeeded
@jessehouwing ➜ /workspaces/jessehouwing (master) $ gh extension install github/gh-actions-importer
✓ Installed extension github/gh-actions-importer
@jessehouwing ➜ /workspaces/jessehouwing (master) $ gh actions-importer update
Updating ghcr.io/actions-importer/cli:latest...
ghcr.io/actions-importer/cli:latest up-to-date
@jessehouwing ➜ /workspaces/jessehouwing (master) $
The dance goes as follows:
- First we unset the environment variables that hold the access tokens of the Codespace.
- Then we ensure we're logged out of the GitHub container registry.
- Then we reauthenticate to github using the github CLI
4. Outside of the codespace we perform the login and SAML authorization:
5. Then we can access the protected repositories.
Like I mentioned before, this dance is only needed if you require access to protected resources outside of the account or organization that hosts the GitHub Codespace.
I personally encounter this mostly because I'm a member of the GitHub organization and thus I need to authorize my tokens to access any repository hosted by the GitHub org.
You may be encountering this issue because your employer has more than one organization on GitHub and you need to access resources from one organization from a Codespace that's hosted by another.
Leave a comment.