报错原因
因为你的代码里面包含了github token明文信息,github担心你的token会泄漏,所以就不允许你推送这些内容。
解决办法
需要先把代码里面的github token信息删除掉,并且删掉之前的历史提交,只要包含token的提交,都要删除掉。
或者按照官方给的解决办法:
Working with push protection from the command line - GitHub Docs
然后再次提交,就可以了。
双语版本解决办法:
About push protection from the command line关于从命令行推送保护
Push protection prevents you from accidentally committing secrets to a repository by blocking pushes containing supported secrets.推送保护通过阻止包含受支持密钥的推送来防止您意外地将密钥提交到存储库。
When you attempt to push a supported secret from the command line to a repository secured by push protection, GitHub will block the push.当您尝试将支持的密钥从命令行推送到受推送保护的仓库时,GitHub 将阻止推送。
You should either: 您应该:
- Remove the secret from your branch. For more information, see Resolving a blocked push.从分支中删除密钥。有关更多信息,请参阅解决阻止的推送。
- Follow a provided URL to allow the push. For more information, see "Bypassing push protection.按照提供的 URL 允许推送。有关详细信息,请参阅“绕过推送保护。
Up to five detected secrets will be displayed at a time on the command line. If a particular secret has already been detected in the repository and an alert already exists, GitHub will not block that secret.命令行上一次最多会显示五个检测到的密钥。如果已在存储库中检测到特定密钥,并且已存在警报,则 GitHub 不会阻止该密钥。
If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible. For example, you might revoke the secret and remove the secret from the repository's commit history. Real secrets that have been exposed must be revoked to avoid unauthorized access. You might consider first rotating the secret before revoking it. For more information, see Removing sensitive data from a repository.如果您确认密钥是真实的,并且您打算稍后修复它,则应尽快修复该密钥。例如,您可以撤销密钥并从存储库的提交历史记录中删除密钥。必须撤销已泄露的真实机密,以避免未经授权的访问。您可以考虑先轮换密钥,然后再撤销密钥。有关更多信息,请参阅从存储库中删除敏感数据。
Note注
- If your Git configuration supports pushes to multiple branches, and not only to the current branch, your push may be blocked due to additional and unintended refs being pushed. For more information, see the push.default options in the Git documentation.如果您的 Git 配置支持推送到多个分支,而不仅仅是当前分支,则您的推送可能会因推送了额外的意外 ref 而被阻止。有关更多信息,请参阅 Git 文档中的 push.default 选项。
- If secret scanning upon a push times out, GitHub will still scan your commits for secrets after the push.如果推送时的秘密扫描超时,GitHub仍会在推送后扫描您的提交以查找秘密。
Resolving a blocked push 解决被阻止的推送
To resolve a blocked push, you must remove the secret from all of the commits it appears in.要解决被阻止的推送,您必须从它出现的所有提交中删除该秘密。
- If the secret was introduced by your latest commit, see Removing a secret introduced by the latest commit on your branch.如果秘密是由您的最新提交引入的,请参阅删除分支上最新提交引入的秘密。
- If the secret appears in earlier commits, see Removing a secret introduced by an earlier commit on your branch.如果秘密出现在较早的提交中,请参阅删除分支上较早提交引入的秘密。
Note注
To learn how to resolved a blocked commit in the GitHub UI, see Working with push protection in the GitHub UI.要了解如何在GitHub UI中解析被阻止的提交,请参阅在GitHub UI中使用推送保护。
Removing a secret introduced by the latest commit on your branch删除分支上最新提交引入的秘密
If the blocked secret was introduced by the latest commit on your branch, you can follow the guidance below.如果阻止的秘密是由分支上的最新提交引入的,您可以按照以下指南进行操作。
- Remove the secret from your code. 从您的代码中删除秘密。
- To commit the changes, run
git commit --amend --all. This updates the original commit that introduced the secret instead of creating a new commit.要提交更改,请运行git commit --amend --all。这会更新引入秘密的原始提交,而不是创建新的提交。 - Push your changes with
git push. 使用git push推送您的更改。
Removing a secret introduced by an earlier commit on your branch删除分支上先前提交引入的秘密
You can also remove the secret if the secret appears in an earlier commit in the Git history. To do so, you will need to identify which commit first introduced the secret and modify the commit history with an interactive rebase.如果秘密出现在Git历史记录中的早期提交中,您也可以删除该秘密。为此,您需要确定是哪个提交首先引入了秘密,并使用交互式rebase修改提交历史记录。
-
Examine the error message that displayed when you tried to push your branch, which lists all of the commits that contain the secret.检查尝试推送分支时显示的错误消息,其中列出了包含该秘密的所有提交。
<pre>remote: —— GitHub Personal Access Token —————————————————————— remote: locations: remote: - commit: 8728dbe67 remote: path: README.md:4 remote: - commit: 03d69e5d3 remote: path: README.md:4 remote: - commit: 8053f7b27 remote: path: README.md:4 -
Next, run
git logto see a full history of all the commits on your branch, along with their corresponding timestamps.接下来,运行git log以查看分支上所有提交的完整历史记录,以及它们对应的时间戳。<pre>test-repo (test-branch)]$ git log commit 8053f7b27 (HEAD -> main) Author: Octocat <1000+octocat@users.noreply.github.com Date: Tue Jan 30 13:03:37 2024 +0100my fourth commit message
commit 03d69e5d3 Author: Octocat <1000+octocat@users.noreply.github.com> Date: Tue Jan 30 13:02:59 2024 +0100
my third commit message
commit 8728dbe67 Author: Octocat <1000+octocat@users.noreply.github.com Date: Tue Jan 30 13:01:36 2024 +0100
my second commit message
commit 6057cbe51 Author: Octocat <1000+octocat@users.noreply.github.com Date: Tue Jan 30 12:58:24 2024 +0100
my first commit message
-
Focusing only on the commits that contain the secret, use the output of
git logto identify which commit comes earliest in your Git history.仅关注包含 secret 的提交,使用git log的输出来确定 Git 历史记录中最早的提交。<ul> <li>In the example, commit <code>8728dbe67</code> was the first commit to contain the secret.在示例中,提交 <code>8728dbe67</code> 是包含密钥的第一个提交。</li> </ul> </li> <li> <p>Start an interactive rebase with <code>git rebase -i <COMMIT-ID>~1</code>.使用 <code>git rebase -i <COMMIT-ID>~1</code> 启动交互式变基。</p> <ul> <li>For <code><COMMIT-ID></code>, use the commit identified in step 3. For example, <code>git rebase -i 8728dbe67~1</code>.对于 <code><COMMIT-ID></code>,请使用步骤 3 中标识的提交。例如,<code>git rebase -i 8728dbe67~1</code>。</li> </ul> </li> <li> <p>In the editor, choose to edit the commit identified in step 3 by changing <code>pick</code> to <code>edit</code> on the first line of the text.在编辑器中,通过将文本第一行的 <code>pick</code> 更改为 <code>edit</code>,选择编辑步骤 3 中标识的提交。</p> <pre>edit 8728dbe67 my second commit message pick 03d69e5d3 my third commit message pick 8053f7b27 my fourth commit message -
Save and close the editor to start the interactive rebase.保存并关闭编辑器以启动交互式变基。
-
Remove the secret from your code. 从您的代码中删除秘密。
-
Add your changes to the staging area using
git add ..使用git add .将更改添加到暂存区域 ..<div style="margin-left:0; margin-right:0"> <p><span style="color:var(--fgColor-accent,var(--color-accent-fg))">Note注</span></p> <p>The full command is <code>git add .</code>: 完整的命令是 <code>git add .</code>:</p> <ul> <li>There is a space between <code>add</code> and <code>.</code>.<code>add</code> 和 <code>.</code>. 之间有一个空格。</li> <li>The period following the space is part of the command.空格后面的句点是命令的一部分。</li> </ul> </div> </li> <li> <p>Commit your changes using <code>git commit --amend</code>.使用 <code>git commit --amend</code> 提交更改。</p> </li> <li> <p>Run <code>git rebase --continue</code> to finish the rebase.运行 <code>git rebase --continue</code> 完成 rebase。</p> </li> <li> <p>Push your changes with <code>git push</code>. 使用<code>git push</code>推送您的更改。</p> </li>
Bypassing push protection 绕过推送保护
If GitHub blocks a secret that you believe is safe to push, you can bypass the block by specifying a reason for allowing the secret to be pushed.如果 GitHub 阻止了您认为可以安全推送的密钥,您可以通过指定允许推送该密钥的原因来绕过该阻止。
When you allow a secret to be pushed, an alert is created in the Security tab. GitHub closes the alert and doesn't send a notification if you specify that the secret is a false positive or used only in tests. If you specify that the secret is real and that you will fix it later, GitHub keeps the security alert open and sends notifications to the author of the commit, as well as to repository administrators. For more information, see Managing alerts from secret scanning.当您允许推送密钥时,将在 Security (安全) 选项卡中创建警报。GitHub 会关闭警报,如果您指定密钥是误报或仅在测试中使用,则不会发送通知。如果您指定密钥是真实的,并且稍后会修复它,则 GitHub 会保持安全警报处于打开状态,并向提交作者和存储库管理员发送通知。有关更多信息,请参阅管理来自 秘密扫描 的警报。
When a contributor bypasses a push protection block for a secret, GitHub also sends an email alert to the organization owners, security managers, and repository administrators who have opted in for email notifications.当贡献者绕过密钥的推送保护阻止时,GitHub 还会向选择接收电子邮件通知的组织所有者、安全管理员和仓库管理员发送电子邮件提醒。
If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit, or submit a request for "bypass privileges" in order to push the blocked secret. For more information, see Requesting bypass privileges in the GitHub Enterprise Cloud documentation.如果您没有看到绕过阻止的选项,则存储库管理员或组织所有者已围绕推送保护配置了更严格的控制。相反,您应该从提交中删除密钥,或提交 “绕过权限” 请求,以便推送被阻止的密钥。有关详细信息,请参阅 GitHub Enterprise Cloud 文档中的请求绕过权限。
-
Visit the URL returned by GitHub when your push was blocked.访问推送被阻止时 GitHub 返回的 URL。
-
Choose the option that best describes why you should be able to push the secret.选择最能描述您为何应该能够推送密钥的选项。
<ul> <li> <p>If the secret is only used in tests and poses no threat, click <strong>It's used in tests</strong>.如果密钥仅用于测试且不构成威胁,请单击 <strong>It's used in tests(用于测试</strong>)。</p> </li> <li> <p>If the detected string is not a secret, click <strong>It's a false positive</strong>.如果检测到的字符串不是密钥,请单击 <strong>It's a false positive</strong>。</p> </li> <li> <p>If the secret is real but you intend to fix it later, click <strong>I'll fix it later</strong>.如果密钥是真实的,但您打算稍后修复它,请单击 <strong>I'll fix it later(稍后修复</strong>)。</p> </li> </ul> <div style="margin-left:0; margin-right:0"> <p><span style="color:var(--fgColor-accent,var(--color-accent-fg))">Note注</span></p> <p>You are required to specify a reason for bypassing push protection if the repository has secret scanning enabled.如果存储库启用了 秘密扫描,则需要指定绕过推送保护的原因。</p> <p>When pushing to a <em>public</em> repository that doesn't have secret scanning enabled, you are still protected from accidentally pushing secrets thanks to <em>push protection for users</em>, which is on by default for your user account.当推送到未启用秘密扫描的<em>公共</em>存储库时,由于<em>对用户的推送保护</em>,您仍然可以免受意外推送秘密的影响,该保护默认为您的用户帐户打开。</p> <p>With push protection for users, GitHub will automatically block pushes to public repositories if these pushes contain supported secrets, but you won't need to specify a reason for allowing the secret, and GitHub won't generate an alert. For more information, see <a data-link-icon="https://csdnimg.cn/release/blog_editor_html/release2.3.7/ckeditor/plugins/CsdnLink/icons/icon-default.png?t=O83A" data-link-title="Push protection for users" href="https://docs.github.com/en/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users" title="Push protection for users">Push protection for users</a>.通过对用户的推送保护,如果这些推送包含支持的机密,GitHub将自动阻止向公共存储库的推送,但您无需指定允许该机密的原因,GitHub也不会生成警报。有关详细信息,请参阅<a data-link-icon="https://csdnimg.cn/release/blog_editor_html/release2.3.7/ckeditor/plugins/CsdnLink/icons/icon-default.png?t=O83A" data-link-title="用户推送保护" href="https://docs.github.com/en/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users" title="用户推送保护">用户推送保护</a>。</p> </div> </li> <li> <p>Click <strong>Allow me to push this secret</strong>.点击<strong>允许我推送这个秘密</strong>。</p> </li> <li> <p>Reattempt the push on the command line within three hours. If you have not pushed within three hours, you will need to repeat this process.三小时内在命令行上重新尝试推送。如果您在三小时内没有推送,则需要重复此过程。</p> </li>
详细的报错
git push
Enumerating objects: 40, done.
Counting objects: 100% (40/40), done.
Delta compression using up to 8 threads
Compressing objects: 100% (26/26), done.
Writing objects: 100% (28/28), 8.67 KiB | 4.33 MiB/s, done.
Total 28 (delta 16), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (16/16), completed with 9 local objects.
remote: error: GH013: Repository rule violations found for refs/heads/main.
remote:
remote: - GITHUB PUSH PROTECTION
remote: —————————————————————————————————————————
remote: Resolve the following violations before pushing again
remote:
remote: - Push cannot contain secrets
remote:
remote:
remote: (?) Learn how to resolve a blocked push
remote: https://docs.github.com/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#resolving-a-blocked-push
remote:
remote:
remote: —— GitHub Personal Access Token ——————————————————————
remote: locations:
remote: - commit: 28e55de0d31e3a863b7e252ef802230b56b13092
remote: path: src/apis/common.ts:8
remote: - commit: 28e55de0d31e3a863b7e252ef802230b56b13092
remote: path: src/utils/http.ts:56
remote:
remote: (?) To push, remove secret from commit(s) or follow this URL to allow the secret.
remote: https://github.com/Sjj1024/PakePlus/security/secret-scanning/unblock-secret/2mDtj7K5gyE4MfiZ7e8IyJqZfaK
remote:
remote:
remote:
To github.com:Sjj1024/PakePlus.git
! [remote rejected] main -> main (push declined due to repository rule violations)
error: failed to push some refs to 'github.com:Sjj1024/PakePlus.git'
