Cloning private github repository within organisation in actions

Question

I have 2 private GitHub repositories (say A and B) in the organization (say ORG). Repository A has repository B in requirements.txt:

-e [email protected]:ORG/B.git#egg=B 

And I have the following workflow for A (in .github/workflows/test.yml):

name: Python package  on: push  jobs:   build:      runs-on: ubuntu-latest      steps:     - uses: actions/checkout@v1      - name: Install requirements       run: |         pip install -r requirements.txt      - name: Test with pytest       run: |         pytest ./tests 

As B is private, it fails on installing it.

Is it possible to install B while testing A in this workflow if they are in the same organization? How?

Answer 1

I did this way!

- uses: actions/checkout@v1     with:     repository: organization_name/repo_name     token: ${{ secrets.ACCESS_TOKEN }} 

You need to provide a valid token, you can generate it following this guide

Answer 2

Since access tokens are bound to an account and have write access to all its private repos, it's a very bad solution.

Instead, use deploy keys.

Deploy keys are simply SSH keys that you can use to clone a repo.

1. Create a new SSH key pair on your computer
2. Put the public key in the private dependency repo's Deploy keys
3. Put the private key in the app repo's Actions secrets
4. Delete the keys from your computer

Once it's set, you can set the private key in the GitHub Action's SSH Agent. There's no need to import a third-party GitHub Action, a 2-liner will suffice.

eval `ssh-agent -s` ssh-add - <<< '${{ secrets.PRIVATE_SSH_KEY }}' pip install -r requirements.txt 

---

I found that ssh-add command here.