Unable to checkout child imports with github actions

[matthewmucker-vizio]

I am creating a 'documentation' repo in github which hosts a stub mkdocs.yml file under which mkdocs-multirepo-plugin should build documentation from other repos. The .yml is:

site_name: MyOrg Docs
theme: readthedocs
plugins:
  - multirepo
  - search

nav:
  - Home: 'index.md'
  - Included Services:
    - Service1: '!import https://github.com/myOrg/myRepo1?docs_dir=mydocs/*?multi_docs=True?config=mydocs/mkdocs.yml'
    - Service2: '!import https://github.com/myOrg/myRepo2?docs_dir=mydocs/*?multi_docs=True?config=mydocs/mkdocs.yml'

When I run mkdocs build from my machine, it works.

I want to trigger the build of docs from a github action. Per the documentation, I added github personal access token (PAT) to the repo secrets and included that in my workflow. The workflow .yml is:

name: Build and Publish Docs 


on:
  push:
    branches: ['develop']

env:
  AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}

jobs:

  build_and_publish:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Install Python
        uses: actions/setup-python@v3
        with:
          python-version: 3.8

      - name: Install pip requirements
        run: |
          python -m pip install --upgrade pip
          pip install -r requirements.txt

      - name: Run mkdocs
        run: mkdocs build
        working-directory: docs-root
        env:
          AccessToken: ${{ secrets.MY_PAT }}

      #- name: Publish to S3

The output of the 'Run mkdocs' step is:

Run mkdocs build
  mkdocs build
  shell: /usr/bin/bash -e {0}
  env:
    AWS_DEFAULT_REGION: 
    AWS_SECRET_ACCESS_KEY: 
    AWS_ACCESS_KEY_ID: 
    pythonLocation: /opt/hostedtoolcache/Python/3.8.1[2](https://github.com/BuddyTV/papyrus/runs/6177823965?check_suite_focus=true#step:5:2)/x64
    LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/[3](https://github.com/BuddyTV/papyrus/runs/6177823965?check_suite_focus=true#step:5:3).8.12/x6[4](https://github.com/BuddyTV/papyrus/runs/6177823965?check_suite_focus=true#step:5:4)/lib
    AccessToken: ***
INFO     -  Multirepo plugin importing docs...

                      :   0%|          | 0/2 [00:00<?, ?it/s]Traceback (most recent call last):
  File "/opt/hostedtoolcache/Python/3.8.12/x64/bin/mkdocs", line 8, in <module>
    sys.exit(cli())
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  
<<snip>>

    stdout = await execute_bash_script("sparse_clone.sh", args, self.temp_dir)
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/mkdocs_multirepo_plugin/util.py", line 109, in execute_bash_script
    raise GitException(f"\n{stderr}\n")
mkdocs_multirepo_plugin.util.GitException: 
Cloning into 'PIN Service'...
fatal: could not read Username for 'https://github.com': No such device or address


Exception ignored in: <function BaseSubprocessTransport.__del__ at 0x7fe74cd8e280>
Traceback (most recent call last):
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/asyncio/base_subprocess.py", line 1[26](https://github.com/BuddyTV/papyrus/runs/6177823965?check_suite_focus=true#step:5:26), in __del__
    self.close()
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/asyncio/base_subprocess.py", line 104, in close
    proto.pipe.close()
  
<<snip>>

  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/asyncio/base_events.py", line [50](https://github.com/BuddyTV/papyrus/runs/6177823965?check_suite_focus=true#step:5:50)8, in _check_closed
Error:     raise RuntimeError('Event loop is closed')
RuntimeError: Event loop is closed

                      :   0%|          | 0/2 [00:00<?, ?it/s]
Error: Process completed with exit code 1.

What am I doing wrong?

[jdoiro3]

There's something going on with how GitHub does authentication for private repos. My company has an instance of Azure Devops for remotes and passing the access token in the header of the git clone works in our pipeline (action) but apparently doesn't for GitHub. I'll need to look into this to see if I can fix this on my end.

The traceroute line that is helpful for you is the one Git sent to stderr.

fatal: could not read Username for 'https://github.com': No such device or address

[jdoiro3]

@matthewmucker-vizio, you might be able to use gha-git-credentials with the mkdocs build command in your action. This will set the git configuration for authentication. I'll probably add this logic to my plugin soon so it works without the gha-git-credentials. I'm busy this week but should be able to fix this sometime next week.

[jdoiro3]

@matthewmucker-vizio, could you try to use the GITHUB_TOKEN that GitHub provides for workflows? I can see that it's used here. That might work. I don't have enough knowledge on the topic to be sure.

[matthewmucker-vizio]

From the page you linked: " The token's permissions are limited to the repository that contains your workflow."

Since the purpose of mkdocs-multirepo-plugin is to use documentation in other repositories, I don't think this is the answer.

I'm still reading up on this, but I think I somehow need to specify a user name along with the PAT I'm trying to use for authentication. I haven't done much experimenting since I opened this issue.

[matthewmucker-vizio]

Did some testing. If the url in the git clone command in script/sparse_clone.sh could be changed from:

git clone https://github.com/org/repo

to:

git clone https://<-PAT from environment variable->@github.com/org/repo

That should work. It would mean, I suppose, checking for the presence of an environment variable and if found, splitting the url after the protocol specifier and inserting the PAT. I don't know the best place in the code to do that though.

[jdoiro3]

fixed with pull request #22.