Skip to content

ACM-37051: fix: prevent duplicate Authorization header in merge workflow#150

Merged
coleenquadros merged 1 commit into
rhobs:mainfrom
coleenquadros:fix/duplicate-auth-header
Jul 2, 2026
Merged

ACM-37051: fix: prevent duplicate Authorization header in merge workflow#150
coleenquadros merged 1 commit into
rhobs:mainfrom
coleenquadros:fix/duplicate-auth-header

Conversation

@coleenquadros

Copy link
Copy Markdown
Contributor

Summary

  • Add persist-credentials: false to actions/checkout@v7 in the merge workflow
  • Fixes Duplicate header: "Authorization" HTTP 400 error when the create-pull-request action pushes to the sandbox fork

Root cause

actions/checkout@v7 persists its GITHUB_TOKEN credential via includeIf.gitdir in the git config. When rhobs/acm-create-pull-request@push-to-fork-token later sets its own GitHub App token credential, both resolve for github.com, causing git to send two Authorization headers. GitHub rejects this with HTTP 400.

Why now

This started after actions/checkout was bumped from v6 to v7 in #146. Checkout v7 changed how credentials are persisted — it now uses a separate credentials file included via includeIf.gitdir, which stacks with (rather than being overwritten by) the create-pull-request action's local config credential.

Test plan

🤖 Generated with Claude Code

…Authorization headers

The create-pull-request action sets its own git credential for pushing
to the fork repo. With actions/checkout@v7 persisting its GITHUB_TOKEN
credential via includeIf.gitdir, both resolve when contacting github.com,
causing a "Duplicate header: Authorization" HTTP 400 error.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@coleenquadros coleenquadros requested a review from a team as a code owner July 2, 2026 12:42

@jacobbaungard jacobbaungard left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@coleenquadros coleenquadros merged commit c99823e into rhobs:main Jul 2, 2026
8 of 9 checks passed
@coleenquadros coleenquadros changed the title fix: prevent duplicate Authorization header in merge workflow ACM-37051: fix: prevent duplicate Authorization header in merge workflow Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants