stackoom
  简体   繁体   中英

How to install private github repository via npm in github actions workflow ci

 原文  2020-05-18 19:39:39       node.js/ git/ github/ github-actions

Question

I am trying to install npm dependencies within a github workflow ci by running npm install . However i get the following error:

npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://git@github.com/private-org/private-repo.git
npm ERR! 
npm ERR! Warning: Permanently added the RSA host key for IP address 'removed' to the list of known hosts.
npm ERR! git@github.com: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.

ci.yml 

name: CI

on:
  push:
    branches: [master ]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Use Node.js
      uses: actions/setup-node@v1
      with:
        node-version: '12.x'
    - run: node --version
    - run: npm install

package.json 

  ...
  "dependencies": {
    "some-pacakage": "git+ssh://git@github.com/private-org/private-repo.gitt",
  },
  ...

This some-package is being installed via github by npm. The repo is within the same organization as which the workflow is running in. To solve this problem locally you setup ssh key on your github account tied to the organization.

But how can i solve this issue so that its able to install that package via github repo within the workfow ci where im not using my personal github account.

4 answers

solution1
 3  2020-05-20 22:32:25

The standard token doesn't have sufficient permissions:

The token's permissions are limited to the repository that contains your workflow. For more information, see "Permissions for the GITHUB_TOKEN " .

You have to manually create a personal access token that gives access to packages:

If you need a token that requires permissions that aren't available in the GITHUB_TOKEN , you can create a personal access token and set it as a secret in your repository:

  1. Use or create a token with the appropriate permissions for that repository. For more information, see "Creating a personal access token for the command line" .
  2. Add the token as a secret in your workflow's repository, and refer to it using the ${{ secrets.SECRET_NAME }} syntax. For more information, see "Creating and using encrypted secrets" .

Source: https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token

solution2
 2 ACCPTED  2020-06-01 12:57:37

The private repository is being installed via ssh. If you set an ssh key in the pipeline it will use that ssh key when attempting to install.

Fortunately there is a github action that allows us to do that https://github.com/webfactory/ssh-agent

Above npm install add the following:

  - uses: webfactory/ssh-agent@v0.2.0
  with:
    ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

Setup / Pre-requisites

https://github.com/webfactory/ssh-agent#usage

  1. Create an SSH key with sufficient access privileges. For security reasons, don't use your personal SSH key but set up a dedicated one for use in GitHub Actions. See below for a few hints if you are unsure about this step.

  2. Make sure you don't have a passphrase set on the private key.

  3. In your repository, go to the Settings > Secrets menu and create a new secret. In this example, we'll call it SSH_PRIVATE_KEY. Put the contents of the private SSH key file into the contents field. This key should start with -----BEGIN... PRIVATE KEY-----, consist of many lines and ends with -----END... PRIVATE KEY-----.

solution3
 0  2021-06-06 08:39:46

I faced similar issue while migrating to GitHub Actions from Travis .

What you need to do basically is how Git is fetching your remote repository. In package.json , "git+ssh://git@github.com/private-org/private-repo.gitt" is used. So its trying to fetch the repo using ssh access keys. and If you dont add access keys, it will fail.

Instead what we have do is reconfigure Git to use HTTP authentication.

Here is how I am using it in my GitHub Actions workflow . I have added my GitHub PAT token as secret in GitHub Actions as GA_TOKEN .

  - name: Reconfigure git to use HTTP authentication
    run: |
      git config --global url.https://${{ secrets.GA_TOKEN }}@github.com/.insteadOf ssh://git@github.com/

solution4
 0  2021-12-13 06:42:43

If you are using docker containers / docker-compose I recently wrote a cli wrapper for npm install that uses stdin or auth.json file

Currently it is only tested within docker-containers

GitHub: https://github.com/with-shrey/gitpm-node

Npm: https://www.npmjs.com/package/gitpm-node

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Install an npm module from a private GitHub repository using GitHub Actions npm install private github repo github actions how to access a private npm package via github actions? .env files in Github Actions CI/CD workflows: how to provide these into the workflow How to install npm pckage from private git repoistory using a token in github actions install npm package from private github repository npm ERR! code ENOENT Private github repo as dependency is extraneous on npm install npm install from github repository not installing devDependencies How to install npm to work on github AWS Beanstalk Install Private Github Module via NPM Results In Authentication Issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM