DEV Community

Cover image for Accessing (private) GitHub resources from a Codespace
Jesse Houwing for Xebia Microsoft Services

Posted on • Originally published at jessehouwing.net on

Accessing (private) GitHub resources from a Codespace

Photo by Tawheed Manzoor, used under Creative Commons

By default, your GitHub Codespace carries an authorization token for the repository the codespace was opened in as well as all public repositories your user has access to.

You can request access to other repositories in the same account or organization through the devcontainer.json 's customizations section:

"customizations": {
    // Configure properties specific to Codespaces.
    "codespaces": {
        "repositories": {
            // List additional repositories you'll need access to:
            "jessehouwing/demo": {
                "permissions": {
                    "contents": "read",
                    "packages": "read"
                }
            }
        }
    }
}
Enter fullscreen mode Exit fullscreen mode

If you want to access packages or repositories from another organization though, you're out of luck. Even though you can request access to repositories outside of your organization or account, GitHub won't grant you that access when the Codespace starts:

Accessing (private) GitHub resources from a Codespace
"The following permissions were also requested, but are not available"

If this happens, and you do need access to other private repositories (or in my case public repositories that require SAML authentication of your identity), you'll need to do a little dance inside your codespace:

@jessehouwing ➜ /workspaces/jessehouwing (master) $ unset GITHUB_TOKEN
@jessehouwing ➜ /workspaces/jessehouwing (master) $ unset GH_TOKEN
@jessehouwing ➜ /workspaces/jessehouwing (master) $ docker logout grcr.io
Removing login credentials for grcr.io
@jessehouwing ➜ /workspaces/jessehouwing (master) $ gh auth login
? What account do you want to log into? GitHub.com
? What is your preferred protocol for Git operations? HTTPS
? Authenticate Git with your GitHub credentials? Yes
? How would you like to authenticate GitHub CLI? Login with a web browser

! First copy your one-time code: XXX-XXX
Press Enter to open github.com in your browser... 
✓ Authentication complete.
- gh config set -h github.com git_protocol https
✓ Configured git protocol
✓ Logged in as jessehouwing
@jessehouwing ➜ /workspaces/jessehouwing (master) $ gh extension install github/gh-actions-importer
✓ Installed extension github/gh-actions-importer
@jessehouwing ➜ /workspaces/jessehouwing (master) $ gh actions-importer update
Updating ghcr.io/actions-importer/cli:latest...
ghcr.io/actions-importer/cli:latest up-to-date
@jessehouwing ➜ /workspaces/jessehouwing (master) $ 
Enter fullscreen mode Exit fullscreen mode

The dance goes as follows:

  1. First we unset the environment variables that hold the access tokens of the Codespace.
  2. Then we ensure we're logged out of the GitHub container registry.
  3. Then we reauthenticate to github using the github CLI

Accessing (private) GitHub resources from a Codespace

  1. Outside of the codespace we perform the login and SAML authorization:

Accessing (private) GitHub resources from a Codespace

  1. Then we can access the protected repositories.

Like I mentioned before, this dance is only needed if you require access to protected resources outside of the account or organization that hosts the GitHub Codespace.

I personally encounter this mostly because I'm a member of the GitHub organization and thus I need to authorize my tokens to access any repository hosted by the GitHub org.

You may be encountering this issue because your employer has more than one organization on GitHub and you need to access resources from one organization from a Codespace that's hosted by another.

Top comments (0)