Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Install GitHub repo within GitHub Action Workflow

I'm trying to build a GitHub action workflow that involves installing dependencies that exist within other private reps. I've tried all sorts of permutations (I've kinda lost track now) and I can't get any of them working.

I've created a secret, stored within TOKEN_GITHUB that grants access to other repositories, so I can install correctly, as I believe the provided one is scoped to just the current rep.

Here's an example GitHub workflow file, that ultimately deploys multiple Lambdas via CDK, but I've excluded that for simplicity:
deploy.yml

name: Lint, Audit, Test & Deploy

on:
    push:
        branches: [master]

jobs:
    build:
        runs-on: ubuntu-latest
        if: "!contains(github.event.head_commit.message, 'ci skip')"

        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v1
              with:
                  node-version: 12
            - name: getList Lambda
              run: |
                  cd lambdas
                  cd getList
                  npm ci
                  npm audit --production --audit-level=moderate
            - name: getItem Lambda
              run: |
                  cd lambdas
                  cd getItem
                  npm ci
                  npm audit --production --audit-level=moderate
            - name: saveItem Lambda
              run: |
                  cd lambdas
                  cd saveItem
                  npm ci
                  npm audit --production --audit-level=moderate


So basically this fails during the npm ci for the getList lambda. I've had various errors such as:

npm ERR! [email protected]: Permission denied (publickey). npm ERR! fatal: Could not read from remote repository.

The package.json for my getList lambda looks like:

{
    "name": "getList",
    "version": "1.0.0",
    "description": "",
    "main": "index.js",
    "scripts": {
        "test": "jest"
    },
    "dependencies": {
        "dotenv": "^8.2.0",
        "mongodb": "^3.5.7",
        "get-db": "MyUsername/getDB"
    },
    "devDependencies": {
        "jest": "^26.0.1"
    }
}

I've also tried including the username:token in the package.json file although I'm not comfortable having my token in their rather than a secret, but this didn't work anyway. I've also tried npm installing using an https path:

https://[email protected]/MyUsername/getDB.git

with a gitconfig line of git config --global url."https://${{secrets.TOKEN_GITHUB}}:[email protected]/".insteadOf https://[email protected]/

Can anyone see what I might be doing wrong here? The only thing that jumps to mind is maybe setting the gitconfig isn't shared across steps?

It is worth noting all my steps need a private dependency install which is why I split it up this way. Also pretty much everything I tried worked fine locally, it's just in actions it failed.

like image 578
Ian Avatar asked May 31 '20 21:05

Ian


People also ask

Can you deploy with GitHub Actions?

GitHub Actions offers features that let you control deployments. You can: Trigger workflows with a variety of events. Configure environments to set rules before a job can proceed and to limit access to secrets.

How do I link a repository to GitHub?

In the top right corner of GitHub.com, click your profile photo, then click Your profile. On your profile page, in the top right, click Packages. Under your package versions, click Connect repository. Select a repository, then click Connect repository.

Is GitHub Actions the same as Jenkins?

Jenkins creates workflows using Declarative Pipelines, which are similar to GitHub Actions workflow files. Jenkins uses stages to run a collection of steps, while GitHub Actions uses jobs to group one or more steps or individual commands.


1 Answers

The reason that your git config line doesn't work is because of the way authentication works with actions/checkout. Your attempt to change the authentication is being overridden by the credentials persisted by the action. I've bumped into other issues related to this before and you can read a bit about what I discovered here if you are interested.

You'll be glad to know there is an easy fix here. Just disable authentication being persisted in git config by actions/checkout.

      - uses: actions/checkout@v2
        with:
          persist-credentials: false

Your package.json dependencies are fine as they are.

    "dependencies": {
        ...
        "get-db": "MyUsername/getDB"
    },

Here is an example workflow. PAT is a repo scoped Personal Access Token. Note that the git config change persists between steps so you only need to run it once per job.

      - uses: actions/checkout@v2
        with:
          persist-credentials: false
      - uses: actions/setup-node@v1
        with:
          node-version: 12.x
      - run: git config --global url."https://${{ secrets.PAT }}@github.com/".insteadOf ssh://[email protected]/
      - run: npm ci
      ...
like image 67
peterevans Avatar answered Oct 22 '22 00:10

peterevans