在操作中克隆组织内的私有 github 存储库
[英]Cloning private github repository within organisation in actions
问题描述
I have 2 private GitHub repositories (say A and B) in the organization (say ORG).
我在组织(比如 ORG)中有 2 个私有 GitHub 存储库(比如 A 和 B)。 Repository A has repository B in requirements.txt :存储库 A 在requirements.txt中有存储库 B:
-e git+git@github.com:ORG/B.git#egg=B
And I have the following workflow for A (in .github/workflows/test.yml ):我对 A 有以下工作流程(在.github/workflows/test.yml ):
name: Python package
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Install requirements
run: |
pip install -r requirements.txt
- name: Test with pytest
run: |
pytest ./tests
As B is private, it fails on installing it.由于 B 是私有的,因此安装它失败。
Is it possible to install B while testing A in this workflow if they are in the same organization?如果他们在同一个组织中,是否可以在此工作流程中测试 A 时安装 B? How?如何?
6 个解决方案
解决方案1
28 2021-12-09 00:01:40
Since access tokens are bound to an account and have write access to all its private repos, it's a very bad solution.由于访问令牌绑定到一个帐户并对其所有私有存储库具有写入权限,因此这是一个非常糟糕的解决方案。
Instead, use deploy keys .相反,使用部署密钥。
Deploy keys are simply SSH keys that you can use to clone a repo.部署密钥只是可用于克隆存储库的 SSH 密钥。
- Create a new SSH key pair on your computer在您的计算机上创建一个新的 SSH 密钥对
- Put the public key in the private dependency repo's Deploy keys将公钥放在私有依赖仓库的部署密钥中
- Put the private key in the app repo's Actions secrets将私钥放入应用程序仓库的Actions 机密中
- Delete the keys from your computer从计算机中删除密钥
Once it's set, you can set the private key in the GitHub Action's SSH Agent.设置好后,您可以在 GitHub Action 的 SSH 代理中设置私钥。 There's no need to import a third-party GitHub Action, a 2-liner will suffice.无需导入第三方 GitHub Action,2-liner 就足够了。
eval `ssh-agent -s`
ssh-add - <<< '${{ secrets.PRIVATE_SSH_KEY }}'
pip install -r requirements.txt
解决方案2
16 已采纳 2019-11-26 21:43:45
I did this way!我是这样做的!
- uses: actions/checkout@v1
with:
repository: organization_name/repo_name
token: ${{ secrets.ACCESS_TOKEN }}
You need to provide a valid token, you can generate it following this guide您需要提供一个有效的令牌,您可以按照本指南生成它
解决方案3
3 2019-08-23 01:37:34
使用不带密码的 SSH 密钥访问存储库 B,或为该存储库创建访问令牌,然后使用访问令牌作为密码通过 HTTPS 访问该存储库: https://USERNAME:TOKEN@github.com/ORG/B.git 。
解决方案4
2 2021-02-08 00:28:11
Instead of check out twice, all you need is provided the TOKEN for pip to access repo B.无需检查两次,您只需提供用于pip访问 repo B 的 TOKEN。
- name: Install requirements
run: |
git config --global url."https://${{ secrets.ACESS_TOKEN }}@github".insteadOf https://github
pip install -r requirements.txt
解决方案5
1 2021-01-09 09:25:28
I added this line我添加了这一行
git+https://YOUR_TOKEN_HERE@github.com/ORG/REPO_NAME.git@master#egg=REPO_NAME
to my requirements.txt and it worked.到我的requirements.txt并且它有效。 But as other people mentioned, your token will be exposed to anyone having access to this repository.但正如其他人提到的,您的令牌将暴露给任何有权访问此存储库的人。 It is probably best to use a secret in your repository.最好在您的存储库中使用秘密。
解决方案6
0 2021-11-17 18:31:27
Complementing Philippe Remy's response ...补充菲利普雷米的回应......
Note that #egg is not necessarily the name of the github repository.请注意,#egg 不一定是 github 存储库的名称。 You will need to see this in setup.py or setup.cfg您需要在setup.py或setup.cfg看到这setup.cfg
解决方案7
0 2022-07-06 12:08:05
Using deployment keys you can do使用部署密钥,您可以做到
- uses: actions/checkout@v2
with:
ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
repository: organization_name/repo_name
For this to work you need to为此,您需要
- generate ssh keys locally在本地生成 ssh 密钥
- add pub key as deployment key to the private repo将发布密钥作为部署密钥添加到私有仓库
- add private key as a secret named
SSH_PRIVATE_KEY将私钥添加为名为SSH_PRIVATE_KEY的秘密
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.