I am trying to install npm dependencies within a github workflow ci by running npm install
. However i get the following error:
npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://git@github.com/private-org/private-repo.git
npm ERR!
npm ERR! Warning: Permanently added the RSA host key for IP address 'removed' to the list of known hosts.
npm ERR! git@github.com: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
ci.yml
name: CI
on:
push:
branches: [master ]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Use Node.js
uses: actions/setup-node@v1
with:
node-version: '12.x'
- run: node --version
- run: npm install
package.json
...
"dependencies": {
"some-pacakage": "git+ssh://git@github.com/private-org/private-repo.gitt",
},
...
This some-package
is being installed via github by npm. The repo is within the same organization as which the workflow is running in. To solve this problem locally you setup ssh key on your github account tied to the organization.
But how can i solve this issue so that its able to install that package via github repo within the workfow ci where im not using my personal github account.
The standard token doesn't have sufficient permissions:
The token's permissions are limited to the repository that contains your workflow. For more information, see "Permissions for the
GITHUB_TOKEN
" .
You have to manually create a personal access token that gives access to packages:
If you need a token that requires permissions that aren't available in the
GITHUB_TOKEN
, you can create a personal access token and set it as a secret in your repository:
- Use or create a token with the appropriate permissions for that repository. For more information, see "Creating a personal access token for the command line" .
- Add the token as a secret in your workflow's repository, and refer to it using the
${{ secrets.SECRET_NAME }}
syntax. For more information, see "Creating and using encrypted secrets" .
The private repository is being installed via ssh. If you set an ssh key in the pipeline it will use that ssh key when attempting to install.
Fortunately there is a github action that allows us to do that https://github.com/webfactory/ssh-agent
Above npm install add the following:
- uses: webfactory/ssh-agent@v0.2.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
Setup / Pre-requisites
https://github.com/webfactory/ssh-agent#usage
Create an SSH key with sufficient access privileges. For security reasons, don't use your personal SSH key but set up a dedicated one for use in GitHub Actions. See below for a few hints if you are unsure about this step.
Make sure you don't have a passphrase set on the private key.
In your repository, go to the Settings > Secrets menu and create a new secret. In this example, we'll call it SSH_PRIVATE_KEY. Put the contents of the private SSH key file into the contents field. This key should start with -----BEGIN... PRIVATE KEY-----, consist of many lines and ends with -----END... PRIVATE KEY-----.
I faced similar issue while migrating to GitHub Actions
from Travis
.
What you need to do basically is how Git
is fetching your remote repository. In package.json
, "git+ssh://git@github.com/private-org/private-repo.gitt"
is used. So its trying to fetch the repo using ssh access keys. and If you dont add access keys, it will fail.
Instead what we have do is reconfigure Git
to use HTTP authentication.
Here is how I am using it in my GitHub Actions workflow
. I have added my GitHub PAT token
as secret in GitHub Actions as GA_TOKEN
.
- name: Reconfigure git to use HTTP authentication
run: |
git config --global url.https://${{ secrets.GA_TOKEN }}@github.com/.insteadOf ssh://git@github.com/
If you are using docker containers / docker-compose I recently wrote a cli wrapper for npm install that uses stdin or auth.json file
Currently it is only tested within docker-containers
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.