Issues when trying to get golang private dependencies on CircleCI

Question

I am using CircleCI as my tool to build my images to publish on Kubernetes.

My projects are using Golang, and I am using Go Modules.

It turns out, I am having issues when, after checking out my code, the step go get -v -t -d ./... runs.

At some point, for some dependencies (which are internal dependencies from my company, and they are under my company's github project), I receive unknown revision message.

I already configured the Machine Account, as I have my own github account set.

I have tried to add the following lines

- run: echo -e "Host github.com\n\tStrictHostKeyChecking no\n" > ~/.ssh/config
- run: cp key ~/.ssh/id_rsa
- run: git config --global url."ssh://git@github.com".insteadOf "https://github.com" || true
- run: git config --global gc.auto 0 || true
- run: go get -v -t -d ./...

The command cp key ~/.ssh/id_rsa copies a ssh key which has access to github projects, and I can use it locally to do the same steps above.

Any help would be very welcome, because I have read tons of documentations / comments over the internet, but nothing seems to work.

Thanks.

Answer 1

The well known replace workaround may not always work. If you have a tree of dependencies and private module is a nested one, the mod checksum validation will fail. In order to workaround this issue it is required to have an entry in a go.mod. Additionally, the entry should survive the go mod tidy. Otherwise, it may be accidentally removed.

So in addition to the replace solution similar to below:

git config --global url."https://<token>:x-oauth-basic@github.com/<org-slug>".insteadOf "https://github.com/<org-slug>"

(where <token> is your GH token that can at least read)

It is required to use a tools approach to have go.mod keeping the entry.

Example:

$ cat tools.go
// +build tools

package tools

import (
    _ "github.com/<org-slug>/<dependency-name>/tools" // this is your private dependency
)

Make sure to have the tools package in the dependency repo as well.

Answer 2

Answering my own question:

• Github blocks users to get go get private repositories, even if the user which is running is owner (on docker - because circleCI is using docker containers to run the build)
• To overcome this problem, I have generated a developer token: https://github.com/settings/tokens
• And used the token to allow access to private repositories: git config --global url."https://<my-dev-token>:x-oauth-basic@github.com/<company-slug>".insteadOf "https://github.com/<company-slug>" || true

I have tested other solutions, but that was the only one which worked just fine.