[英]Cloning private github repository within organisation in actions
I have 2 private GitHub repositories (say A and B) in the organization (say ORG).我在组织(比如 ORG)中有 2 个私有 GitHub 存储库(比如 A 和 B)。 Repository A has repository B in
requirements.txt
:存储库 A 在
requirements.txt
中有存储库 B:
-e git+git@github.com:ORG/B.git#egg=B
And I have the following workflow for A (in .github/workflows/test.yml
):我对 A 有以下工作流程(在
.github/workflows/test.yml
):
name: Python package
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Install requirements
run: |
pip install -r requirements.txt
- name: Test with pytest
run: |
pytest ./tests
As B is private, it fails on installing it.由于 B 是私有的,因此安装它失败。
Is it possible to install B while testing A in this workflow if they are in the same organization?如果他们在同一个组织中,是否可以在此工作流程中测试 A 时安装 B? How?
如何?
Since access tokens are bound to an account and have write access to all its private repos, it's a very bad solution.由于访问令牌绑定到一个帐户并对其所有私有存储库具有写入权限,因此这是一个非常糟糕的解决方案。
Instead, use deploy keys .相反,使用部署密钥。
Deploy keys are simply SSH keys that you can use to clone a repo.部署密钥只是可用于克隆存储库的 SSH 密钥。
Once it's set, you can set the private key in the GitHub Action's SSH Agent.设置好后,您可以在 GitHub Action 的 SSH 代理中设置私钥。 There's no need to import a third-party GitHub Action, a 2-liner will suffice.
无需导入第三方 GitHub Action,2-liner 就足够了。
eval `ssh-agent -s`
ssh-add - <<< '${{ secrets.PRIVATE_SSH_KEY }}'
pip install -r requirements.txt
I did this way!我是这样做的!
- uses: actions/checkout@v1
with:
repository: organization_name/repo_name
token: ${{ secrets.ACCESS_TOKEN }}
You need to provide a valid token, you can generate it following this guide您需要提供一个有效的令牌,您可以按照本指南生成它
使用不带密码的 SSH 密钥访问存储库 B,或为该存储库创建访问令牌,然后使用访问令牌作为密码通过 HTTPS 访问该存储库: https://USERNAME:TOKEN@github.com/ORG/B.git
。
Instead of check out twice, all you need is provided the TOKEN for pip
to access repo B.无需检查两次,您只需提供用于
pip
访问 repo B 的 TOKEN。
- name: Install requirements
run: |
git config --global url."https://${{ secrets.ACESS_TOKEN }}@github".insteadOf https://github
pip install -r requirements.txt
I added this line我添加了这一行
git+https://YOUR_TOKEN_HERE@github.com/ORG/REPO_NAME.git@master#egg=REPO_NAME
to my requirements.txt
and it worked.到我的
requirements.txt
并且它有效。 But as other people mentioned, your token will be exposed to anyone having access to this repository.但正如其他人提到的,您的令牌将暴露给任何有权访问此存储库的人。 It is probably best to use a secret in your repository.
最好在您的存储库中使用秘密。
Complementing Philippe Remy's response ...补充菲利普雷米的回应......
Note that #egg is not necessarily the name of the github repository.请注意,#egg 不一定是 github 存储库的名称。 You will need to see this in
setup.py
or setup.cfg
您需要在
setup.py
或setup.cfg
看到这setup.cfg
Using deployment keys you can do使用部署密钥,您可以做到
- uses: actions/checkout@v2
with:
ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
repository: organization_name/repo_name
For this to work you need to为此,您需要
SSH_PRIVATE_KEY
SSH_PRIVATE_KEY
的秘密
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.