Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot access private repository with github-token #312

Open
3 tasks done
aliphys opened this issue Aug 21, 2024 · 1 comment
Open
3 tasks done

Cannot access private repository with github-token #312

aliphys opened this issue Aug 21, 2024 · 1 comment
Assignees
@per1234
Labels
topic: documentation Related to documentation for the project type: imperfection Perceived defect in any part of project

Comments

@aliphys
Copy link

aliphys commented Aug 21, 2024

Describe the problem

GitHub Runner does not have access to private repositories, even when the github-token field is set.

To reproduce

As part of a compile-examples workflow, I have a private repository that I want to include in the libraries field.

      - name: Compile examples
        uses: arduino/compile-sketches@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          fqbn: ${{ matrix.board.fqbn }}
          platforms: ${{ matrix.board.platforms }}
          libraries: |
            - source-path: ./
            - name: Arduino_PF1550
            - name: Arduino_LowPowerPortentaH7
            - source-url: https://github.com/arduino-libraries/Arduino_LowPowerPortentaC33.git
            - source-url: https://github.com/bcmi-labs/Arduino_LowPowerNiclaVision.git
          sketch-paths: |
            ${{ env.UNIVERSAL_SKETCH_PATHS }}
            ${{ matrix.board.additional-sketch-paths }}
          enable-deltas-report: true
          sketches-report-path: ${{ env.SKETCHES_REPORTS_PATH }}

As stated in the README section the token is provided to the GitHub API: github-token: ${{ secrets.GITHUB_TOKEN }}

compile-sketches/README.md

Lines 210 to 214 in 8ac27e9

### `github-token`
GitHub access token used to get information from the GitHub API. Only needed for private repositories with [`enable-deltas-report`](#enable-deltas-report) set to `true`. It will be convenient to use [`${{ secrets.GITHUB_TOKEN }}`](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token).
**Default**: `""`

However, the internal library is not accessible to the GitHub Runner according to the logs.

git.exc.GitCommandError: Cmd('git') failed due to: exit code(128)
  cmdline: git clone -v --depth=1 --recurse-submodules -- https://github.com/bcmi-labs/Arduino_LowPowerNiclaVision.git /tmp/compilesketches-205fms1c/install_from_repository-iu_c__ge
  stderr: 'Cloning into '/tmp/compilesketches-205fms1c/install_from_repository-iu_c__ge'...
fatal: could not read Username for 'https://github.com/': No such device or address
'
Error: Process completed with exit code 1.

Expected behavior

If I enter a private GitHub repository for the source-url key, and I have access to it, then the GitHub Runner should also have access to it and load the library.

'arduino/compile-sketches' version

arduino/compile-sketches@v1

Additional context

No response

Issue checklist

  • I searched for previous reports in the issue tracker
  • I verified the problem still occurs when using the latest version
  • My report contains all necessary details
@aliphys aliphys added the type: imperfection Perceived defect in any part of project label Aug 21, 2024
@per1234 per1234 self-assigned this Aug 21, 2024
@per1234
Copy link
Collaborator

per1234 commented Aug 21, 2024

Hi @aliphys. The token is only used for GitHub API requests. The operation that is failing is just a standard git clone, which doesn't use the GitHub API at all.

I documented how to do this in the FAQ after the last time you reported it (#167):

https://github.com/arduino/compile-sketches/blob/main/docs/FAQ.md#how-can-i-install-a-platform-or-library-dependency-from-an-external-private-repository

Alternatively, you could use a dedicated step in the workflow to checkout the private repository to the runner workspace prior to the step that runs the arduino/compile-sketches action. You would use the actions/checkout action in this step. actions/checkout has support specifically for checking out private repositories using a PAT:

https://github.com/actions/checkout#checkout-multiple-repos-private

Then instead of using a "repository" source for the private library dependency in the arduino/compile-sketches action step, you would use the "local path" source for the library dependency, which will now be possible since the actions/checkout step has placed it in the local path under the runner workspace.

Using actions/checkout might be superior to the source-url: https://<PAT>@<URL> approach described in the FAQ since programmatically cloning private repositories with a PAT via actions/checkout is explicitly supported by GitHub, whereas I just did some searching and was not able to find any authoritative reference for git clone https://<PAT>@<URL> (even though I'm sure I learned about this from the official GitHub documentation at some point in the past).

@per1234 per1234 added the topic: documentation Related to documentation for the project label Aug 21, 2024
@aliphys aliphys mentioned this issue Aug 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@per1234 per1234

Labels
topic: documentation Related to documentation for the project type: imperfection Perceived defect in any part of project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@per1234 @aliphys