Skip to content

Running Code from Private Repo and Publishing Output to Pulic Repo Help #25614

Running Code from Private Repo and Publishing Output to Pulic Repo Help #25614
Sep 16, 2021 · 3 answers

Background: I have a private code repo that generates a CSV and I would like to publish/push that CSV to a public code repo using Workflows/Actions on a schedule.

Problem: Once I get the CSV generated and into the public repository and try to push. I am getting a error of unable to access “repo” denied to github-actions[bot]. Any help will be appreciated, I tried to google a solution or work around.

Below is the sample code:

# This is a basic workflow to help you get started with Actions

name: FooBar

Controls when the workflow will run

on:

Triggers the workflow on push

[push]

A workflow run is made up of one or more jobs that can run sequentially or in parallel

jobs:

This workflow contains a single job called "foo"

foo:
# The type of runner that the job will run on
runs-on: ubuntu-latest

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
  - name: Checkout Private Repo
    uses: actions/checkout@v2
    with:
      path: main

  - name: Checkout Public Repo
    uses: actions/checkout@v2
    with:
      repository: public-repo
      path: data

  - name: Run CSV Script and Move File to Data Path
    run: |
      cd main
      python -m pip install -r requirements.txt
      python main.py

  - name: Checkin Public Repo
    run: |
      cd data
      git config user.name github-actions
      git config user.email github-actions@github.com
      git add .
      git commit -m "generated"
      git push     

albert-marrero:
      - name: Checkout Public Repo
        uses: actions/checkout@v2
        with:
          repository: public-repo
          path: data

This means you’re using the GITHUB_TOKEN for authorization when accessing the public repository. For fetching that’s no problem (because a public repo can be fetched by anyone), but pushing won’t work because the GITHUB_TOKEN is scoped to your private repository.

To push to the public repository you’ll have to create a PAT that grants access for pushing to your public repository (repo scope), store it as a secret for your private repository, and provide that secret to actions/checkout as its token option.

Replies

3 suggested answers
albert-marrero:
      - name: Checkout Public Repo
        uses: actions/checkout@v2
        with:
          repository: public-repo
          path: data

This means you’re using the GITHUB_TOKEN for authorization when accessing the public repository. For fetching that’s no problem (because a public repo can be fetched by anyone), but pushing won’t work because the GITHUB_TOKEN is scoped to your private repository.

To push to the public repository you’ll have to create a PAT that grants access for pushing to your public repository (repo scope), store it as a secret for your private repository, and provide that secret to actions/checkout as its token option.

0 replies
Answer selected

As much I don’t like to create a PAT that allows access to all my public repositories, this works greatly. Just to lock it down, I need to look into how to repo scope.

0 replies

I meant the repo scope for tokens, see: Scopes for OAuth Apps - GitHub Docs

I don’t think there’s a way to limit it to a specific repository, unfortunately.

0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants