remote: Duplicate header: "Authorization"
fatal: unable to access 'https://github.com/yonatangross/orchestkit/':
The requested URL returned error: 400
##[error]The process '/usr/bin/git' failed with exit code 128
peter-evans/create-pull-request configures its own git
authentication via http.https://github.com/.extraheader =
AUTHORIZATION: basic ***. When GH_TOKEN is also
in the env (e.g., set at job-level), git ALSO uses it via the credential
helper. Result: two Authorization headers go out, GitHub
rejects with HTTP 400.
I introduced this in PR #1595 by hoisting GH_TOKEN to
job-level alongside CLAUDE_CODE_OAUTH_TOKEN. The latter
MUST be at job-level because it's read in a step-level if:.
The former does NOT have to be — it's only used by gh issue
create and gh issue list.
Move GH_TOKEN back to step-level for the two steps that
need it; keep CLAUDE_CODE_OAUTH_TOKEN at job-level for
the if: gate.
jobs:
watch:
env:
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
# GH_TOKEN intentionally NOT here — collides with peter-evans
# internal git auth (HTTP 400 "Duplicate header").
steps:
...
- name: File adoption issues
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
...
- name: Fallback manual-triage issue
if: steps.triage.outcome == 'skipped'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
...
- name: Open snapshot PR
# No env: here. peter-evans manages its own auth.
uses: peter-evans/create-pull-request@...
gh workflow run "Claude Release Watch".Open snapshot PR finish ✓ success.