I would like to run rspec on a gem (call it priv_gem_a
) via github actions.
priv_gem_a
depends on another gem that's in a private repo (call it priv_gem_b
). However I cannot bundle install the priv_gem_b
due to invalid permissions.
Error:
Fetching gem metadata from https://rubygems.org/..........
Fetching [email protected]:myorg/priv_gem_b
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Host key verification failed.
Retrying `git clone '[email protected]:myorg/priv_gem_b' "/opt/hostedtoolcache/Ruby/2.6.3/x64/lib/ruby/gems/2.6.0/cache/bundler/git/priv_gem_b-886cdb130fe04681e92ab5365f7a1c690be8e62b" --bare --no-hardlinks --quiet` due to error (2/4): Bundler::Source::Git::GitCommandError Git error: command `git clone '[email protected]:myorg/priv_gem_b' "/opt/hostedtoolcache/Ruby/2.6.3/x64/lib/ruby/gems/2.6.0/cache/bundler/git/priv_gem_b-886cdb130fe04681e92ab5365f7a1c690be8e62b" --bare --no-hardlinks --quiet` in directory /home/runner/work/priv_gem_a/priv_gem_a has failed.
I assume this is something to do with the runner not having access to differing private repos in the same org.
So I tried adding environment vars to my workflow file includes GITHUB_TOKEN
s, but that doesn't work:
name: Test Code
on:
push:
branches:
- master
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Set up Ruby 2.6
uses: actions/setup-ruby@v1
with:
ruby-version: 2.6.x
- name: Install dependencies
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BUNDLE_GITHUB__COM: ${{ secrets.GITHUB_TOKEN }}:x-oauth-basic
run: |
gem install bundler
gem update bundler
bundle install --without development --jobs 4 --retry 3
- name: Test with RSpec
run: |
bundle exec rspec
Just a snippet from the Gemfile regarding this:
gem 'priv_gem_b', '>= 7.0.1', '< 8', git: '[email protected]:my_org/priv_gem_b', branch: :master
I'm fairly sure the default secret GITHUB_TOKEN
in a repository is only scoped to that repository. You cannot use it to access other repositories.
Try using a repo
scoped token instead. Create one at https://github.com/settings/tokens and then add it as a secret to the repository your workflow runs in. It will be under https://github.com/[username]/[repo]/settings/secrets
Use that secret in your workflow instead of GITHUB_TOKEN
.
BUNDLE_GITHUB__COM: ${{ secrets.REPO_SCOPED_TOKEN }}:x-oauth-basic
Or, use the x-access-token
method, which I think is preferable.
BUNDLE_GITHUB__COM: x-access-token:${{ secrets.REPO_SCOPED_TOKEN }}
Additionally, I think you need to change the reference to the private gem so that it uses HTTPS. The way that you are referencing it now means that it will try to use an SSH key instead of the token defined in BUNDLE_GITHUB__COM
.
gem 'my_private_repo', git: 'https://github.com/username/my_private_repo.git'
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With