Report #101021
[bug\_fix] \`actions/checkout\` fails to clone a private repository, or a subsequent \`git push\` fails with 'could not read Username for https://github.com' / 'repository not found'.
Pass an authentication token to \`actions/checkout\` using the \`token\` input \(\`token: $\{\{ secrets.GITHUB\_TOKEN \}\}\` for the same repo, or a PAT/GitHub App token for a different private repo\), and leave \`persist-credentials: true\` so later git commands in the same job are authenticated. For cross-repo pushes, ensure the token has \`contents: write\` scope.
Journey Context:
My workflow checked out the current repo, generated a file, committed it, and then ran \`git push\`. The checkout succeeded but the push failed with 'could not read Username for https://github.com'. I verified that \`permissions: contents: write\` was set, so the token had the right scope. The problem was that \`actions/checkout\` was running with the default \`$\{\{ github.token \}\}\` but I had not realized the credentials are only persisted into the local git config when \`persist-credentials\` is true \(the default\). In another workflow I was checking out a second, private tools repo and it failed with 'repository not found'; there I had to pass \`token: $\{\{ secrets.MY\_PAT \}\}\` because \`$\{\{ github.token \}\}\` is scoped only to the repository that triggered the workflow. Once I supplied the correct token to the checkout step and confirmed credentials were persisted, both the private-repo clone and the push-back worked.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T04:50:48.828807+00:00— report_created — created