Reputation: 1843
How to config git to use PAT token in GitHub actions checkout
I need to check out a private repo during a GitHub Actions workflow. I am using the checkout action, and following its README:
- I created a service account, i.e. a separate GitHub account just for GitHub Actions workflow.
- I created a PAT (Personal Access Token) for the service account, with permission to access the private repo and the current workflow repo.
- I created a secret to store the PAT token.
Now, when I just do the following, it does not work:
- name: Checkout
uses: actions/checkout@v2
with:
token: ${{secrets.MY_TOKEN}}
it seems that I did not config git properly to allow it use the token. My question is: should I or how do I configure git config to use token in the above step?
The private repo is a dependency of the main repo. Both repos are Rust programs, using Cargo, so I am trying to use the same service account to check out the main repo first. Then cargo will check out the private repo.
Upvotes: 9
Views: 28074
Answers (3)
Reputation: 4600
With GitHub App managed access:
Support gneral ssh and token authorization:
steps:
- uses: actions/checkout@v4
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.SSH_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Set github url and credentials
run: |
git config --global credential.helper store
echo "https://x-access-token:${{ steps.app-token.outputs.token }}@github.com" > ~/.git-credentials
# Only needed if one wants to rewrite all ssh requests to GitHub to be used with http(s) credentials:
#git config --global url.https://github.com/.insteadOf ssh://[email protected]:
#git config --global url.https://github.com/.insteadOf [email protected]:
Upvotes: 1
Reputation: 540
If it's about rust cargo accessing github using token, then a working option could be to add a step for setting token and force https access:
- name: Set github url and credentials
run: |
/usr/bin/git config --global --add url."https://${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}:x-oauth-basic@github".insteadOf ssh://git@github
/usr/bin/git config --global --add url."https://${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}:x-oauth-basic@github".insteadOf https://github
/usr/bin/git config --global --add url."https://${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}:x-oauth-basic@github".insteadOf git@github
Upvotes: 5
Reputation: 23150
According to the actions/checkout documentation, you need to add the repository input as well for private repositories:
It should look like the following on your workflow .yml file:
- name: Checkout
uses: actions/checkout@v2
with:
path: main
- name: Checkout private repo
uses: actions/checkout@v2
with:
repository: your-private/repo_name
token: ${{ secrets.MY_TOKEN }}
You shouldn't need to configure anything else regarding git
Except if you need a specific path, in that case you need to inform it as input as well:
- name: Checkout private repo
uses: actions/checkout@v2
with:
repository: your-private/repo_name
token: ${{ secrets.MY_TOKEN }}
path: path-to-directory
Upvotes: 5
Related Questions
- Stuck at using PAT (Personal Access Token) in GitHub Actions
- Git clone from private github repository with Github Actions token
- how to store git personal authentication token (PAT) in Arch linux using command line
- Git push with PAT(Personal access Token)
- Error 403 when trying authentication with PAT in github
- How to use a token alternative to GITHUB_TOKEN for a Github action?
- Update command-line Git credential.helper for Personal Access Tokens (PAT) on GitHub
- Github Actions + private repository doensn't work well
- Push to Gitlab with access token using Github Actions
- How to attach token to git command?