git-file-fetch supports multiple configuration methods to make it easy to manage file dependencies across different projects and environments.
The simplest way to configure the tool is through command line arguments:
npx git-file-fetch "https://github.com/user/repo.git@main:src/file.ts"For multiple files or complex setups, use the --config option with a JSON file:
npx git-file-fetch --config refs.json --out vendorConfigure behavior through environment variables:
export FETCH_GIT_FILE_MAX_BYTES=5000000 # 5MB limit
export FETCH_GIT_FILE_TIMEOUT_MS=30000 # 30 second timeout
npx git-file-fetch "https://github.com/user/repo.git@main:file.txt"The simplest configuration is an array of strings:
[
"https://github.com/user/repo.git@main:src/utils/logger.ts",
"https://github.com/user/[email protected]:LICENSE",
"https://github.com/another/repo.git@develop:config/settings.json"
]For more control, use objects with explicit properties:
[
{
"repo": "https://github.com/user/repo.git",
"ref": "main",
"path": "src/utils/logger.ts"
},
{
"repo": "https://github.com/user/repo.git",
"ref": "v1.2.3",
"path": "LICENSE",
"dest": "third_party/LICENSE"
},
{
"repo": "https://github.com/another/repo.git",
"ref": "develop",
"path": "config/settings.json",
"dest": "config/external-settings.json"
}
]- repo (required): The Git repository URL
- ref (optional): Branch, tag, or commit (defaults to
main) - path (required): Path to the file within the repository
- dest (optional): Custom destination path (defaults to the same path as source)
The tool automatically creates and maintains a manifest file (.git-remote-files.json by default) that tracks all fetched files:
[
{
"repo": "https://github.com/user/repo.git",
"ref": "main",
"filePath": "src/utils/logger.ts",
"destPath": "src/utils/logger.ts",
"commitSha": "abc123def4567890abcdef1234567890abcdef12"
}
]You have two options for managing the manifest file:
# Add to version control
git add .git-remote-files.json
git commit -m "Add external file manifest"This ensures reproducible builds in CI/CD environments.
# Add to .gitignore
echo ".git-remote-files.json" >> .gitignoreThis keeps the manifest local to your development environment.
Override the default manifest location:
npx git-file-fetch \
--manifest ./config/external-files.json \
"https://github.com/user/repo.git@main:file.txt"Specify where fetched files should be placed:
npx git-file-fetch \
--out ./third_party \
"https://github.com/user/repo.git@main:src/file.ts"Change the working directory before running:
npx git-file-fetch \
--cwd ./subproject \
--out ./deps \
"https://github.com/user/repo.git@main:file.txt"Configure network behavior:
npx git-file-fetch \
--timeout-ms 30000 \
--retries 3 \
--retry-backoff-ms 1000 \
"https://github.com/user/repo.git@main:file.txt"Set defaults via environment variables:
# .env file or shell configuration
FETCH_GIT_FILE_TIMEOUT_MS=30000
FETCH_GIT_FILE_RETRIES=3
FETCH_GIT_FILE_RETRY_BACKOFF_MS=1000
FETCH_GIT_FILE_MAX_BYTES=5000000name: Fetch Dependencies
on: [push, pull_request]
jobs:
fetch:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- run: |
npx git-file-fetch \
--config deps.json \
--out third_party \
--json \
--quietfetch-deps:
image: node:22
script:
- npx git-file-fetch --config deps.json --out third_party --json
artifacts:
paths:
- third_party/[
"https://github.com/prettier/prettier.git@main:package.json",
"https://github.com/eslint/eslint.git@main:lib/rules/index.js"
][
{
"repo": "https://github.com/user/templates.git",
"ref": "v2.0.0",
"path": "README.md",
"dest": "docs/README-template.md"
}
][
{
"repo": "https://github.com/user/build-tools.git",
"ref": "main",
"path": "scripts/build.sh",
"dest": "tools/build.sh"
}
]For private GitHub repositories, use one of these authentication methods:
# Option 1: Personal Access Token (PAT)
export GITHUB_TOKEN=ghp_your_token_here
npx git-file-fetch "https://github.com/org/private-repo.git@main:src/config.json"
# Option 2: SSH with SSH agent
npx git-file-fetch "[email protected]:org/private-repo.git@main:src/config.json"
# Option 3: GitHub CLI authentication
gh auth login
npx git-file-fetch "https://github.com/org/private-repo.git@main:src/config.json"# Option 1: Personal Access Token
export GITLAB_TOKEN=glpat_your_token_here
npx git-file-fetch "https://gitlab.com/group/private-repo.git@main:src/config.json"
# Option 2: SSH
npx git-file-fetch "[email protected]:group/private-repo.git@main:src/config.json"# Personal Access Token
export AZURE_DEVOPS_TOKEN=your_token_here
npx git-file-fetch "https://dev.azure.com/org/project/_git/repo@main:src/config.json"In CI environments, use appropriate secrets:
# GitHub Actions
- name: Fetch private dependencies
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
npx git-file-fetch "https://github.com/org/private-repo.git@main:src/config.json"
# GitLab CI
fetch-private:
variables:
GITLAB_TOKEN: $GITLAB_TOKEN
script:
- npx git-file-fetch "https://gitlab.com/group/private-repo.git@main:src/config.json"Important: Never commit authentication tokens to your repository. Use environment variables or CI secrets.
- Use Configuration Files: For multiple files or team projects
- Version Control Manifests: Commit
.git-remote-files.jsonfor reproducibility - Environment-Specific Configs: Use different config files for dev/staging/prod
- Document Dependencies: Keep configuration files well-documented
- Regular Updates: Periodically review and update external dependencies
- Secure Authentication: Use environment variables or CI secrets for private repos
- Validate Sources: Only fetch from trusted repositories and branches