How to install private github repository via npm in github actions workflow ci

血红的双手。 提交于 2020-08-05 08:06:47

问题


I am trying to install npm dependencies within a github workflow ci by running npm install. However i get the following error:

npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://git@github.com/private-org/private-repo.git
npm ERR! 
npm ERR! Warning: Permanently added the RSA host key for IP address 'removed' to the list of known hosts.
npm ERR! git@github.com: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.

ci.yml

name: CI

on:
  push:
    branches: [master ]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Use Node.js
      uses: actions/setup-node@v1
      with:
        node-version: '12.x'
    - run: node --version
    - run: npm install

package.json

  ...
  "dependencies": {
    "some-pacakage": "git+ssh://git@github.com/private-org/private-repo.gitt",
  },
  ...

This some-package is being installed via github by npm. The repo is within the same organization as which the workflow is running in. To solve this problem locally you setup ssh key on your github account tied to the organization.

But how can i solve this issue so that its able to install that package via github repo within the workfow ci where im not using my personal github account.


回答1:


The standard token doesn't have sufficient permissions:

The token's permissions are limited to the repository that contains your workflow. For more information, see "Permissions for the GITHUB_TOKEN".

You have to manually create a personal access token that gives access to packages:

If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, you can create a personal access token and set it as a secret in your repository:

  1. Use or create a token with the appropriate permissions for that repository. For more information, see "Creating a personal access token for the command line".
  2. Add the token as a secret in your workflow's repository, and refer to it using the ${{ secrets.SECRET_NAME }} syntax. For more information, see "Creating and using encrypted secrets".

Source: https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token




回答2:


The private repository is being installed via ssh. If you set an ssh key in the pipeline it will use that ssh key when attempting to install.

Fortunately there is a github action that allows us to do that https://github.com/webfactory/ssh-agent

Above npm install add the following:

  - uses: webfactory/ssh-agent@v0.2.0
  with:
    ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} 

Setup / Pre-requisites

https://github.com/webfactory/ssh-agent#usage

  1. Create an SSH key with sufficient access privileges. For security reasons, don't use your personal SSH key but set up a dedicated one for use in GitHub Actions. See below for a few hints if you are unsure about this step.

  2. Make sure you don't have a passphrase set on the private key.

  3. In your repository, go to the Settings > Secrets menu and create a new secret. In this example, we'll call it SSH_PRIVATE_KEY. Put the contents of the private SSH key file into the contents field. This key should start with -----BEGIN ... PRIVATE KEY-----, consist of many lines and ends with -----END ... PRIVATE KEY-----.



来源:https://stackoverflow.com/questions/61877681/how-to-install-private-github-repository-via-npm-in-github-actions-workflow-ci

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!