export async function configureGitCredentials()

in src/github/operations/auth.ts [130:212]

• 64 lines of code
• 11 McCabe index (conditional complexity)

export async function configureGitCredentials(parsedContext: JunieExecutionContext, tokenConfig: GitHubTokenConfig) {
    console.log("Configuring git authentication...");

    const serverUrl = new URL(GITHUB_SERVER_URL);
    let gitUser: GitUser;
    const tokenOwner = parsedContext.tokenOwner;

    // Determine which credentials to use for git commits
    // Bots/Apps should commit as themselves, not as the human actor
    if (tokenOwner.type === "Bot") {
        console.log(`Using token owner (bot) credentials for git authentication: ${tokenOwner.login}`);

        // Generate GitHub noreply email address for bots
        // Format: {id}+{login}@users.noreply.github.com
        // Example: 41898282+github-actions[bot]@users.noreply.github.com
        const noreplyDomain =
            serverUrl.hostname === "github.com"
                ? "users.noreply.github.com"
                : `users.noreply.${serverUrl.hostname}`; // For GitHub Enterprise

        const email = `${tokenOwner.id}+${tokenOwner.login}@${noreplyDomain}`;
        gitUser = {
            login: tokenOwner.login,
            email: email,
        };
    } else {
        // For human users with custom PATs, use their actual credentials
        console.log("Using actor credentials for git authentication");
        gitUser = {
            login: parsedContext.actor,
            email: parsedContext.actorEmail,
        };
    }

    // Configure git user for commits (required for both default and custom tokens)
    try {
        await $`git config user.name "${gitUser.login}"`;
        await $`git config user.email "${gitUser.email}"`;
        console.log(`✓ Git user configured: ${gitUser.login} <${gitUser.email}>`);
    } catch (error) {
        throw new Error(
            `❌ Failed to configure git user credentials. ` +
            `This could be due to:\n` +
            `• Git is not installed or not in PATH\n` +
            `• Insufficient permissions to modify git config\n` +
            `Original error: ${error instanceof Error ? error.message : String(error)}`
        );
    }

    // Default token: actions/checkout already configured remote auth, skip remote URL setup
    if (tokenConfig.isDefaultToken()) {
        console.log("Using default token - remote authentication already configured by actions/checkout");
        return;
    }

    // For custom tokens: configure remote authentication
    // Remove the authorization header that actions/checkout sets
    console.log("Removing existing git authentication headers...");
    try {
        await $`git config --unset-all http.${GITHUB_SERVER_URL}/.extraheader`;
        console.log("✓ Removed existing authentication headers");
    } catch (e) {
        console.log("No existing authentication headers to remove");
    }

    const owner = parsedContext.payload.repository.owner.login;
    const repo = parsedContext.payload.repository.name;
    const remoteUrl = `https://x-access-token:${tokenConfig.workingToken}@${serverUrl.host}/${owner}/${repo}.git`;

    try {
        await $`git remote set-url origin ${remoteUrl}`;
        console.log("✓ Git authentication configured successfully");
    } catch (error) {
        throw new Error(
            `❌ Failed to configure git remote URL for authentication. ` +
            `This could be due to:\n` +
            `• Git remote 'origin' does not exist\n` +
            `• Insufficient permissions to modify git config\n` +
            `• Invalid repository URL format\n` +
            `Original error: ${error instanceof Error ? error.message : String(error)}`
        );
    }
}