问题
I am trying to install npm dependencies within a github workflow ci by running npm install. However i get the following error:
npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://git@github.com/private-org/private-repo.git
npm ERR!
npm ERR! Warning: Permanently added the RSA host key for IP address 'removed' to the list of known hosts.
npm ERR! git@github.com: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
ci.yml
name: CI
on:
push:
branches: [master ]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Use Node.js
uses: actions/setup-node@v1
with:
node-version: '12.x'
- run: node --version
- run: npm install
package.json
...
"dependencies": {
"some-pacakage": "git+ssh://git@github.com/private-org/private-repo.gitt",
},
...
This some-package is being installed via github by npm. The repo is within the same organization as which the workflow is running in. To solve this problem locally you setup ssh key on your github account tied to the organization.
But how can i solve this issue so that its able to install that package via github repo within the workfow ci where im not using my personal github account.
回答1:
The standard token doesn't have sufficient permissions:
The token's permissions are limited to the repository that contains your workflow. For more information, see "Permissions for the GITHUB_TOKEN".
You have to manually create a personal access token that gives access to packages:
If you need a token that requires permissions that aren't available in the
GITHUB_TOKEN, you can create a personal access token and set it as a secret in your repository:
- Use or create a token with the appropriate permissions for that repository. For more information, see "Creating a personal access token for the command line".
- Add the token as a secret in your workflow's repository, and refer to it using the
${{ secrets.SECRET_NAME }}syntax. For more information, see "Creating and using encrypted secrets".
Source: https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token
回答2:
The private repository is being installed via ssh. If you set an ssh key in the pipeline it will use that ssh key when attempting to install.
Fortunately there is a github action that allows us to do that https://github.com/webfactory/ssh-agent
Above npm install add the following:
- uses: webfactory/ssh-agent@v0.2.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
Setup / Pre-requisites
https://github.com/webfactory/ssh-agent#usage
Create an SSH key with sufficient access privileges. For security reasons, don't use your personal SSH key but set up a dedicated one for use in GitHub Actions. See below for a few hints if you are unsure about this step.
Make sure you don't have a passphrase set on the private key.
In your repository, go to the Settings > Secrets menu and create a new secret. In this example, we'll call it SSH_PRIVATE_KEY. Put the contents of the private SSH key file into the contents field. This key should start with -----BEGIN ... PRIVATE KEY-----, consist of many lines and ends with -----END ... PRIVATE KEY-----.
来源:https://stackoverflow.com/questions/61877681/how-to-install-private-github-repository-via-npm-in-github-actions-workflow-ci