Hugging Face's logo

Spaces:
HuggingAI4Engineering
/
CADGenBench
Running

App Files Community
Michael Rabinovich Cursor commited on
Commit
12c3a54
·
1 Parent(s): 818fd28

Dockerfile: use actual GH username in classic-PAT URL, not x-access-token

Browse files

Previous push tried 'https://x-access-token:TOKEN@github.com/...'
(GitHub-Actions placeholder convention). GitHub rejected it:
'Invalid username or token. Password authentication is not supported
for Git operations.' Classic PATs over HTTPS Basic Auth need a real
GitHub username as the user half of the URL, even though the username
is ignored once GitHub validates the PAT as the credential.

Switching to 'https://michaelr27:TOKEN@github.com/...' which is the
form GitHub's docs themselves recommend. Hardcoding 'michaelr27' is
acceptable temporary debt: this whole URL goes away when we either
swap GH_PAT for the read-only deploy key (URL becomes git+ssh://) or
when huggingface/cadgenbench flips Public (URL drops auth entirely).

Co-authored-by: Cursor <cursoragent@cursor.com>

Files changed (1) hide show
  1. Dockerfile +11 -7
Dockerfile CHANGED
@@ -60,15 +60,19 @@ RUN pip install --no-cache-dir playwright \
60
  # not exposed as env, not written to disk after the layer commits. Bumping
61
  # CADGENBENCH_SHA is the one-line path to picking up a new cadgenbench.
62
  ARG CADGENBENCH_SHA=d7e0468
63
- # URL form `https://x-access-token:<token>@github.com/...` (GitHub Actions
64
- # convention) rather than the bare `https://<token>@github.com/...` form:
65
- # the bare form works only for fine-grained PATs (GitHub special-cases the
66
- # single-value username), while classic PATs need explicit
67
- # `username:token` Basic Auth or git prompts for a password and fails in
68
- # the non-interactive container build.
 
 
 
 
69
  RUN --mount=type=secret,id=GH_PAT,mode=0400,required=true \
70
  pip install --no-cache-dir \
71
- "cadgenbench @ git+https://x-access-token:$(cat /run/secrets/GH_PAT)@github.com/huggingface/cadgenbench.git@${CADGENBENCH_SHA}"
72
 
73
  # Drop privileges. HF Spaces conventionally run as uid 1000 with
74
  # WORKDIR /home/user/app.
 
60
  # not exposed as env, not written to disk after the layer commits. Bumping
61
  # CADGENBENCH_SHA is the one-line path to picking up a new cadgenbench.
62
  ARG CADGENBENCH_SHA=d7e0468
63
+ # URL form `https://<USERNAME>:<TOKEN>@github.com/...` per GitHub's own
64
+ # PAT docs. The bare form `https://<TOKEN>@github.com/...` works only for
65
+ # fine-grained PATs (GitHub special-cases the single-value username), and
66
+ # the GitHub-Actions placeholder `x-access-token` is rejected as a
67
+ # non-existent user. The username here is the actual PAT owner
68
+ # (`michaelr27`); the value is just an HTTP Basic Auth label, GitHub
69
+ # ignores it during auth and uses the PAT as the credential. Hardcoding
70
+ # it is acceptable temporary debt: this whole URL goes away when we swap
71
+ # GH_PAT for a deploy key (URL becomes `git+ssh://`) or when
72
+ # huggingface/cadgenbench flips Public (URL drops auth entirely).
73
  RUN --mount=type=secret,id=GH_PAT,mode=0400,required=true \
74
  pip install --no-cache-dir \
75
+ "cadgenbench @ git+https://michaelr27:$(cat /run/secrets/GH_PAT)@github.com/huggingface/cadgenbench.git@${CADGENBENCH_SHA}"
76
 
77
  # Drop privileges. HF Spaces conventionally run as uid 1000 with
78
  # WORKDIR /home/user/app.