CLI script includes Github Access Tokens

[Eugene Boman]

Hi,

My apologies if this is the wrong place to post this. In that case please let me know where it should go and I'll go away.

I host my books on Github using the deploy option on the CLI. I recently received an email from Github with the following message:

I was able to ascertain that the problem is that when I deploy a document using: $ pretext deploy -u

the following line goes into the log file on Github:

Attempting to connect to remote repository at `https://ecb5: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@github.com/ecb5/ASORA-SecondEd.git`

Apparently the folks at Github routinely search accounts for security breaches and this is one. The characters I've boldfaced above are the Access Token that allows me to do the upload.

I made a new token and I'm able to deploy again, but I expect that it will also be revoked when the security sweep at Github comes round to me again, so I'm wondering if the deployment script could be modified to not include the Access Code? 

Maybe replace it with: https://ecb5:<YourPersonalAccessToken>@github.com/ecb5/ASORA-SecondEd.git`

I'm running Linux, Ubuntu 24.04.3 LTS, and PreText version 2.29.2 in case it matters.

Thank you,

-- Bud

[Mitch Keller]

Two thoughts:

1. I would not commit my logs to my repository. It appears I currently have *.log in my .gitignore files, which is keeping them out.

2. The log I get when I deploy says 'Attempting to connect to remote repository at `https://github.com/mitchkeller/active-calculus-vector.git`…', so I think there might be something unusual about your configuration that’s getting that written into your logs in the first place.

On Oct 20, 2025, at 3:19 PM, Eugene Boman <budb...@gmail.com> wrote:

Hi,

My apologies if this is the wrong place to post this. In that case please let me know where it should go and I'll go away.

I host my books on Github using the deploy option on the CLI. I recently received an email from Github with the following message:

<WUhhcaLMYvef0fLU.png>

I was able to ascertain that the problem is that when I deploy a document using: $ pretext deploy -u

the following line goes into the log file on Github:

Attempting to connect to remote repository at `https://ecb5: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@github.com/ecb5/ASORA-SecondEd.git`

Apparently the folks at Github routinely search accounts for security breaches and this is one. The characters I've boldfaced above are the Access Token that allows me to do the upload.

I made a new token and I'm able to deploy again, but I expect that it will also be revoked when the security sweep at Github comes round to me again, so I'm wondering if the deployment script could be modified to not include the Access Code? 

Maybe replace it with: https://ecb5:<YourPersonalAccessToken>@github.com/ecb5/ASORA-SecondEd.git`

I'm running Linux, Ubuntu 24.04.3 LTS, and PreText version 2.29.2 in case it matters.

Thank you,

-- Bud

--
You received this message because you are subscribed to the Google Groups "PreTeXt support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pretext-suppo...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/pretext-support/4aef39de-386f-46f5-9847-9134fae34bb3%40gmail.com.

-- 
Mitch Keller
mi...@rellek.net

http://www.rellek.net/

[Eugene Boman]

Thanks Mitch,

It appears that I didn't have a .gitignore file at all, so I've just created one with the single line: *.log. Hopefully that will do the trick.

As to there being something unusual in my configuration, I wouldn't be a bit surprised :-) (I assume you mean my github configuration, not PreTeXt, right?)

I have only the most rudimentary understanding of what happens when I run "pretext deploy", and most of my understanding of Github comes from chasing down errors and warnings from past deployments.

So given that, would you like to take a guess what the unusual configuration might be? Or how I might find it myself? Or fix it? Obviously you'll have to explain it to me like I'm and eight-year-old, so I understand if you don't wanna do it. 

Any help would be appreciated though.

-- Bud

To view this discussion visit https://groups.google.com/d/msgid/pretext-support/0C32C8C0-D781-4006-BE53-628DD0C72DCA%40rellek.net.

[Oscar Levin]

Hi Bud,

To get yourself back on track with this, I'd suggest the following steps:

1. Delete the log folder entirely.  Also delete your new .gitignore file (we will add it back in step 3)

2. In a terminal, run `git add .` and then `git commit -m "clean up logs"`

3. In a terminal, run `pretext update`.  This will create our recommended .gitignore file, which includes ensuring that the log folder is not tracked.

4. In a terminal, run `git add .` and then `git commit -m "add default pretext files"

5. Push your changes by running `git push`

As for your git authentication setup, I have trouble keeping up with github's changing suggestions.  I authenticate using VS Code and my password, not a access token.  I believe this ends up using the git credential manager (https://github.com/git-ecosystem/git-credential-manager/blob/main/README.md).

I might also be worth running `git remote -v` to see what the format of your remote repositories are.  When I do that, I see something like:

origin  https://github.com/oscarlevin/math321-fall25.git (fetch)
origin  https://github.com/oscarlevin/math321-fall25.git (push)

I'm not saying that you should stop using the personal access tokens.  If that is working, you should be good now that you are not exposing your token in the logs.  I'll look into hiding that in the CLI, but I don't know if it is something we produce or if it is the library that does the gh-pages deploy.

[Eugene Boman]

Thank you Oscar. I'll give this a shot later (right now my wife is calling me). 

I'll follow up after to report success or to ask for more help. 

Thanks again,

-- Bud

To view this discussion visit https://groups.google.com/d/msgid/pretext-support/9468e69b-ce0b-4fe1-b7fc-062f03e18743n%40googlegroups.com.

[Eugene Boman]

Hi Oscar,

It took me some time to get back to this. I followed the steps you gave me. All appeared to go well until the last step. When I executed step 5 (git push) I got the following error:

fatal: The current branch main has no upstream branch.
To push the current branch and set the remote as upstream, use

    git push --set-upstream origin main

To have this happen automatically for branches without a tracking
upstream, see 'push.autoSetupRemote' in 'git help config'.

I tried running "git push --set-upstream origin main" as directed but that got me more error messages and instructions, the upshot of which seems to be that there is a "blocked push". This is at the outer edge of my understanding. Do you have any ideas?

If you're willing to hold my hand a little longer I'm willing to have it held, but I don't want to waste your time. It begins to look to me as if in my ignorance I've buggered something I don't understand. The most efficient course might be to run "pretext new book", move my PreTeXt files into there and start again.

But before I do that I'd like to hear your opinion. Any thoughts?

-- Bud

On 10/21/25 10:53, Oscar Levin wrote:

To view this discussion visit https://groups.google.com/d/msgid/pretext-support/9468e69b-ce0b-4fe1-b7fc-062f03e18743n%40googlegroups.com.

[Oscar Levin]

Hi Bud,

Very odd.  I am guessing that github has a permissions problem for your current authentication setup.  If you are using a personal access token, is it set to allow pushes?  

Not sure if you are available Mondays for our drop-in zoom office hours (see https://prose.runestone.academy/), but that might be our best bet for getting this sorted out.

Oscar.