-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failing to install node modules from private repos [using urls] #166
Comments
This comment has been minimized.
This comment has been minimized.
The token is persisted in the local git config so authenticated commands (fetch/push) will work. If you are running git clone, then git creates a separate .git folder on disk (now a different local git config). |
This comment has been minimized.
This comment has been minimized.
The token is added to the local git config using this code |
This comment has been minimized.
This comment has been minimized.
It needs to be global.
My action passes. |
assuming actions have an exclusive lock on a container (no other actions can run on it) while running... |
I've made a proposal PR. Thoughts? |
@jsg2021 a submodule input has been added now. I merged to master, try it out and let me know. Collecting feedback and will update the |
@ericsciple Sorry, master is not working for my action. My PR does work... but after reading your work on the submodule, is probably not secure? here is the error from my build:
|
Here is my action file: name: Tests
on:
push:
branches:
- master
pull_request:
branches:
- master
env:
CI: true
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
with:
token: ${{ secrets.actions_repo_access }}
- uses: actions/setup-node@v1
with:
node-version: "12.x"
- name: npm config
run: |
npm config set loglevel error
npm config set progress false
- run: npm install # <-- fails here, git commands to my repos do not have auth
- run: npm test |
Your changes would probably work for npm, but you remove the $HOME/global patch after checkout (and only even install it if submodules is true/recursive)... npm needs the auth globally configured to clone private repos during |
Maybe add an option to just do the global hack and persist it until the cleanup phase? |
Any thoughts on this? I really want to start using actions in my org but this is blocking me. I have a fork that works, but since you are trying so hard to prevent tokens from storing in the normal global space, I’m worried my solution is reckless. Are actions not given exclusive control of a container while running? |
@jsg2021 Global config is avoided due to self-hosted runners. Customers may run many concurrently on a single machine. Whether it's safe depends on whether consumers run multiple runners on a single machine (with same user login). |
Thanks for the reply. Any thoughts on my requests? (flag to force enable the global hack until cleanup) |
@ericsciple is the github_workspace the “global scope rewire”? and available even without sub modules? If so, this may solve my blocker! 😊 |
@ericsciple |
I'm hesitant to add a separate input. In the short term i would suggest adding a |
@ericsciple thanks. I'll have to wait for some solution. If this was just one or two projects I wouldn't mind, but because actions do not have a way to point to a central definition (that I know of) I'd have to add (and then update) 50+ projects. |
@jsg2021 same issue and I find this https://github.com/marketplace/actions/setup-git-token It can help you. |
Yeah, I'm trying to avoid setting things globally manually. Since these actions could run on self-hosted machines instead of single-use containers, I want to follow their lead here. What will probably need to happen is the HOME and TEMP/TMP vars will just have to be overwritten per workflow. |
@ericsciple what are your thoughts on this? I would love to start utilizing GH actions, but this is blocking me from doing so. I can still use my internal build system (so no pressure!), but I look forward to this! 😊 Maybe the solution to all this is a workspace action that privatizes the workflows “global”, “home” & “temp” such that any actions after read/write to a isolated workspace for the workflow. The we can safely run |
@jsg2021 have you considered SSH instead of PAT? Git supports the env var GIT_SSH_COMMAND. Whereas there isn't a way to set a PAT using an env var (afaik). If you write the SSH key to $RUNNER_TEMP, the runner will cleanup between jobs. |
@ericsciple I'd have to upload an ssh identity to the repo secrets? Is there a doc I can read up on? It would be nice if the actions of a repo inherited the owners/orgs access for which they are in... oh well. |
I just tested with setting |
@ericsciple any updates with actions accessing other org private repo? Any new ideas about this? |
Using webfactory/ssh-agent fixes my issue. |
I'm trying to setup a workflow that simply runs npm install/test. I'm having problems with projects that have private github urls. I tried settng
token
with a PAT that has full repo scopes... no luck. Any insight? npm issuesgit clone
commands... by the description w/ persisting the token, I'd expect this to work😕The text was updated successfully, but these errors were encountered: