Running locally, streamlit prompts to login to my git repo, how can I disable?

Hey, complete newbie here, but when I run
streamlit run myapp.py

it seems to boot the app, but then asks inside the terminal for me to login to my remote git repo. It also asks on every refresh of the page, This only happens from inside the repo folder.

I could setup tokens and what not, but I would prefer that streamlit was not accessing, or asking me to access my remote git repo. Is there a way to disable this, or am I doing something crazy? I searched around but could not find any config or any discussion of this anywhere, kind of makes me think this is something odd on my system, but thought I would ask just in case.

Streamlit, version 0.70.0
python 3.8
pip installed

Hey @quadebroadwell,

Welcome to the Streamlit Community! :partying_face::tada::partying_face::tada:

This doesn’t sound right, we have sent this to our engineering staff and we’ll get back to you as soon as we can!

Happy Streamlit-ing!
Marisa

2 Likes

Hey @quadebroadwell!

Thanks for bringing this up. We certainly do not want to access your GitHub repository. We currently check locally whether your script is in a git repo and whether it has a valid GitHub remote. I was one of the engineers who worked this functionality. These two checks should all be done locally and should not communicate with Github (thereby require credentials). To be extra transparent, this is what we do on run:

  1. We find out what branch you are on locally
  2. We check to see locally if that branch is tracking a remote branch
  3. We look at the url of that remote and see if it matches a pattern of a Github remote url.
  4. We parse that URL to obtain the repo name.
  5. We run git rev-parse --show-toplevel to find out the path to the root of your git repo. We then use that to build a relative path of the script that is running.
  6. We use the branch from step 2, the repo name from step 4, and the path to the file in step 5 to obtain all the info to be able to one-click deploy to Streamlit Sharing if you like. (this is true for both private and public repos, but we deny deployment if you have a private repo)

Once again, all of these steps are done locally and should in no way attempt to communicate with GitHub. We’ve tested a few scenarios to verify this:

  • Both HTTPS and SSH, clone remove credentials, and run streamlit app. No issue.
  • Both HTTPS and SSH, clone remove credentials, and run git commands. No issue

I cannot think of any more scenarios. Perhaps the scenario you have might be triggering the request for Github credentials.

OS: Mac/Windows/Linux?
Github Download Option: HTTPS/SSH/CLI?
Any Git hooks installed? Perhaps these checks we do trigger those?

Curious if you open the terminal on your repo and run the following commands if one triggers a request for credentials:

Get path to root of git repo

git rev-parse --show-toplevel

Get list of all your remotes

git remote -v

Get current branch (and their tracking branch if available)

git branch -vv

Hopefully, we can figure out why your machine is requiring credentials every time you refresh a streamlit app.
–Ken

2 Likes

Oh wow you guys are fast! Thanks for the quick response,

OS: Linux

git remote -v
% git remote -v
origin https://github… (fetch)
origin https://github… (push)

Note the … is just me trimming the details of the repo, this is not on github, but the corporate github

% git branch -vv

  • master c8385e5 [origin/master] missing checkins from previous

% git rev-parse --show-toplevel
Shows current working directory

In the .git folder, in the hooks folder, there is only the default samples
.git/hooks % ls
applypatch-msg.sample post-update.sample pre-commit.sample pre-push.sample update.sample
commit-msg.sample pre-applypatch.sample prepare-commit-msg.sample pre-rebase.sample

1 Like

If its helpful here is a list of all the pip packages

altair==4.1.0
ansiwrap==0.8.4
appdirs==1.4.4
argon2-cffi==20.1.0
astor==0.8.1
astroid @ file:///tmp/build/80754af9/astroid_1592495912941/work
async-generator==1.10
attrs @ file:///tmp/build/80754af9/attrs_1600298409949/work
backcall==0.2.0
base58==2.0.1
black==20.8b1
bleach==3.2.1
blinker==1.4
blis==0.4.1
boto3==1.16.8
botocore==1.19.8
brotlipy==0.7.0
cachetools==4.1.1
catalogue==1.0.0
certifi==2020.6.20
cffi @ file:///tmp/build/80754af9/cffi_1600699146221/work
chardet==3.0.4
click==7.1.2
colorama==0.4.4
cryptography @ file:///tmp/build/80754af9/cryptography_1601046815590/work
cycler==0.10.0
cymem==2.0.3
decorator==4.4.2
defusedxml==0.6.0
dexplot==0.1.4
dill==0.3.2
docopt==0.6.2
einops==0.3.0
entrypoints==0.3
enum-compat==0.0.3
fastai==2.0.15
fire==0.3.1
future==0.18.2
gitdb==4.0.5
GitPython==3.1.9
idna @ file:///tmp/build/80754af9/idna_1593446292537/work
importlib-metadata @ file:///tmp/build/80754af9/importlib-metadata_1602276842396/work
ipykernel==5.3.4
ipython==7.18.1
ipython-genutils==0.2.0
ipywidgets==7.5.1
isort @ file:///tmp/build/80754af9/isort_1602603989581/work
jedi==0.17.2
Jinja2==2.11.2
jmespath==0.10.0
joblib @ file:///tmp/build/80754af9/joblib_1601912903842/work
jsonpickle==1.4.1
jsonschema @ file:///tmp/build/80754af9/jsonschema_1594303806266/work
jupyter-client==6.1.7
jupyter-core==4.6.3
jupyter-utils==1.0.0
jupyterlab-pygments==0.1.2
kiwisolver==1.2.0
lazy-object-proxy==1.4.3
MarkupSafe==1.1.1
matplotlib @ file:///tmp/build/80754af9/matplotlib-base_1597876319132/work
mccabe==0.6.1
mistune==0.8.4
mkl-fft==1.2.0
mkl-random==1.1.1
mkl-service==2.3.0
mongo==0.2.0
munch==2.5.0
murmurhash==1.0.2
mypy-extensions==0.4.3
nbclient==0.5.1
nbconvert==6.0.7
nbformat==5.0.8
nest-asyncio==1.4.2
notebook==6.1.4
numpy @ file:///tmp/build/80754af9/numpy_and_numpy_base_1596233721170/work
olefile==0.46
packaging==20.4
pandarallel==1.5.1
pandas @ file:///tmp/build/80754af9/pandas_1602088120436/work
pandocfilters==1.4.3
papermill==2.2.0
parso==0.7.1
pathspec==0.8.0
pathtools==0.1.2
performer-pytorch==0.1.2
pexpect==4.8.0
pickleshare==0.7.5
Pillow @ file:///tmp/build/80754af9/pillow_1602788711040/work
plac @ file:///tmp/build/80754af9/plac_1594261900949/work
preshed==3.0.2
prometheus-client==0.8.0
prompt-toolkit==3.0.8
protobuf==3.13.0
ptyprocess==0.6.0
py-cpuinfo==7.0.0
pyarrow==2.0.0
pycparser @ file:///tmp/build/80754af9/pycparser_1594388511720/work
pydeck==0.5.0
Pygments==2.7.2
pylint @ file:///tmp/build/80754af9/pylint_1598623985952/work
pyminizip==0.2.4
pymongo==3.11.0
pyOpenSSL @ file:///tmp/build/80754af9/pyopenssl_1594392929924/work
pyparsing==2.4.7
pyrsistent @ file:///tmp/build/80754af9/pyrsistent_1600141720057/work
PySocks==1.7.1
python-dateutil==2.8.1
pytorch-fast-transformers==0.3.0
pytz==2020.1
PyYAML==5.3.1
pyzmq==19.0.2
regex==2020.10.28
requests @ file:///tmp/build/80754af9/requests_1592841827918/work
s3transfer==0.3.3
sacred==0.8.1
scikit-learn @ file:///tmp/build/80754af9/scikit-learn_1598376899566/work
scipy @ file:///tmp/build/80754af9/scipy_1597686649129/work
Send2Trash==1.5.0
sip==4.19.13
six==1.15.0
smmap==3.0.4
spacy @ file:///tmp/build/80754af9/spacy_1600554216329/work
srsly==1.0.2
streamlit==0.70.0
tenacity==6.2.0
termcolor==1.1.0
terminado==0.9.1
testpath==0.4.4
textwrap3==0.9.2
thinc @ file:///tmp/build/80754af9/thinc_1594251950817/work
threadpoolctl @ file:///tmp/tmp9twdgx9k/threadpoolctl-2.1.0-py3-none-any.whl
toml @ file:///tmp/build/80754af9/toml_1592853716807/work
toolz==0.11.1
torch==1.6.0
torchvision==0.7.0
tornado==6.0.4
tqdm @ file:///tmp/build/80754af9/tqdm_1602185206534/work
traitlets==5.0.5
typed-ast==1.4.1
typing-extensions==3.7.4.3
tzlocal==2.1
urllib3 @ file:///tmp/build/80754af9/urllib3_1597086586889/work
validators==0.18.1
wasabi @ file:///tmp/build/80754af9/wasabi_1599244993840/work
watchdog==0.10.3
wcwidth==0.2.5
webencodings==0.5.1
widgetsnbextension==3.5.1
wrapt==1.12.1
zipp @ file:///tmp/build/80754af9/zipp_1602002379921/work

Hmmmm @quadebroadwell. Everything seems okay. We did test on Linux with no issue.

The one thing that stands out is the use of the corporate github. It leads me to wonder whether there’s some security measure that’s forcing the login.

Any chance you can try with a standard GitHub repository (from github.com not the corporate github) and see if logins are required? I’m unable to repro from a corporate GitHub unfortunately.

Ok i tried with github, if its a public repo it doesn’t ask anything, but if its private it still tries to login

I’m starting to run out of ideas. I ran the following via Ubuntu.

kmcgrady@machine:~$ pip3 install streamlit
kmcgrady@machine:~$ git clone https://github.com/kmcgrady/sample-streamlit-private-repo.git
Cloning into 'sample-streamlit-private-repo'...
Username for 'https://github.com': kmcgrady
Password for 'https://kmcgrady@github.com': 
warning: You appear to have cloned an empty repository.
kmcgrady@machine:~$ cd sample-streamlit-private-repo/
kmcgrady@machine:~/sample-streamlit-private-repo$ vim app.py

# Prove that my credentials are not saved
kmcgrady@machine:~/sample-streamlit-private-repo$ cd ..
kmcgrady@machine:~$ mkdir test
kmcgrady@machine:~$ cd test
kmcgrady@machine:~/test$ git clone https://github.com/kmcgrady/sample-streamlit-private-repo.git
Cloning into 'sample-streamlit-private-repo'...
Username for 'https://github.com': ^C

# Run Streamlit app
kmcgrady@machine:~/test$ cd ..
kmcgrady@machine:~$ cd sample-streamlit-private-repo/
kmcgrady@machine:~/sample-streamlit-private-repo$ streamlit run app.py

  👋 Welcome to Streamlit!

  If you're one of our development partners or you're interested in getting
  personal technical support or Streamlit updates, please enter your email
  address below. Otherwise, you may leave the field blank.

  Email: 

  Privacy Policy:
  As an open source project, we collect usage statistics. We cannot see and do
  not store information contained in Streamlit apps. You can find out more by
  reading our privacy policy at: https://streamlit.io/privacy-policy

  If you'd like to opt out of usage statistics, add the following to
  ~/.streamlit/config.toml, creating that file if necessary:

    [browser]
    gatherUsageStats = false


  You can now view your Streamlit app in your browser.

  Local URL: http://localhost:8501
  Network URL: http://192.168.1.37:8501

^C  Stopping...
kmcgrady@machine:~/sample-streamlit-private-repo$ streamlit run app.py

  You can now view your Streamlit app in your browser.

  Local URL: http://localhost:8501
  Network URL: http://192.168.1.37:8501

My app is a simple st.write("Hello"). My only other assumptions are:

  • You are running this from a package and not from source (ie you ran pip install streamlit and not download and build from source.
  • You are running on the latest released package and not streamlit-nightly

Everything seems to work as expected. I don’t see any request to login on my terminal, nothing in the browser, and nothing popping up in the OS. I’m curious how the request to login is manifesting on your side?

Hmmm, ok i updated my app.py to match yours to make sure i didnt have any strange imports, this is what it looks like

(fastai) broadwea@nl002:~/mynotebooks/backup_repos/streamlit % streamlit run app.py

You can now view your Streamlit app in your browser.

Network URL: http://10.39.54.1:8501

Username for ‘https://github.com’:

Strangely I am not getting the privacy policy and whatnot that you have in your output, I tried to do a pip install upgrade streamlit as well to make sure its on most recent version.

I guess its not a big deal I can work around it for now, thanks for the help.

Hmmmm…so you do see it in the terminal. The privacy policy is the first time run. I tried running again to ensure that didn’t matter.

I wish I could figure out what’s going on. If you end up figuring out why, please let us know! I really don’t want us to be creating that experience for our users. Curious if other people are experiencing it.

1 Like

will do

You always figure things out when you quit trying lol, I had a thought maybe gitpython package was maybe causing something so I removed it,
pip uninstall gitpython
Now it runs as expected without login request. You guys may want to see why/how this package is doing weird things. Thanks again for your help debugging.

Haha. Perhaps we can narrow down to what line of code that we use from gitpython.

Would you mind reinstalling it and trying this out:

Open up a python interpreter from your repo directory, then run the following commands individually. Assuming it’s a git repo whose branch is tracking a remote, one of them should trigger the login request. We can then investigate what GitPython is doing for that command.

>>> import git
>>> repo = git.Repo(".", search_parent_directories=True)
>>> git_root = repo.git.rev_parse("--show-toplevel")
>>> tracking_branch = repo.active_branch.tracking_branch()
>>> remote_name, *branch = tracking_branch.name.split("/")
>>> remote = repo.remote(remote_name)

None of those triggered the login request…

Hmmm. I’ll investigate GitPython to see if there’s something they are doing. Thanks for trying it out.

Hey @quadebroadwell

Hope you are doing well and enjoying Streamlit. I wanted to let you know that I investigated GitPython, and was finally able to create a scenario requesting the credentials (although not in Streamlit). There’s one other thing to check that I’m curious if you can answer/try out.

What version of git are you are using? You can find this out using git --version.

Looking at git-python, there’s some interesting revelation here that I missed earlier: https://github.com/gitpython-developers/GitPython/blob/master/git/remote.py#L528 Essentially, it attempts to run git remote get-url --all (remote_name). In this case (remote_name) is likely origin for GitHub. However, a much older version of git didn’t have this, so it led to attempting to try git remote show (remote_name). I am able to confirm that this command definitely requests credentials. This would explain why this problem is not affecting many users. The easy solution here would be to simply upgrade git.

To explain how I missed it, I missed one line in the test python test:

>>> import git
>>> repo = git.Repo(".", search_parent_directories=True)
>>> git_root = repo.git.rev_parse("--show-toplevel")
>>> tracking_branch = repo.active_branch.tracking_branch()
>>> remote_name, *branch = tracking_branch.name.split("/")
>>> remote = repo.remote(remote_name)
>>> urls = [url for url in remote.urls] # This line should trigger credentials as urls is a property

I’m feeling pretty confident that this is the underlying problem and would love to hear a confirmation. In any case, while upgrading git would be easy, we are looking into creating a config setting to disable even trying to check the git repo to avoid this matter all together.

Thanks again for working with me to help make Streamlit better. I really appreciate it!

Hi @kmcgrady,

I’m running into the same problem. The app is always asking for my credentials (at startup and after each interaction with widgets). If I remove the .git directory from the repo (simulate a normal folder) everything runs fine :confused:

streamlit 0.70.0
gitdb 4.0.5
GitPython 3.1.8

Git version: git version 1.8.3.1

Hey @mibaumgartner!

Thanks for sharing!

Quickly, you can remove the .git folder or uninstall GitPython to avoid the issue. That is certainly a pain to manage.

Probably a better approach is to upgrade git. Based on that version, that release happened in 2013. I believe if you have 2.7 or higher (released in 2016), it should not have the issue. Of course, upgrading to the latest is good and probably best.

Is the upgrade something you can do? We’re looking into checking the version of git before performing our checks.

Hi @kmcgrady,

upgrading to git 2.26.0 resolved the problem. Thank you for your help!

1 Like

Just letting everyone know here. We created an issue for this: https://github.com/streamlit/streamlit/issues/2323
and hope to resolve it soon.

2 Likes