Reputation: 186
Accessing another repository with GitHub CLI in GitHub Actions
I'm trying to access another github repo with gh cli as a part of a workflow.
I am using the gh release view command as below
run: |
echo "::set-output name=description::$(gh release view --repo <owner/repo>)"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
The workflow is failing with 404, I understand it's because the repo is private, even though both repositories have the same owner. When authenticated locally, the command works just fine.
Is there any way to access that repo in the workflow?
Upvotes: 7
Views: 18256
Answers (2)
Reputation: 79
Just in case someone still needs it.
I came up with a similar problem and I was able to solve it with the help of the webfactory/ssh-agent action which can be found on the GitHub actions marketplace.
I only needed to configure a new SSH key without a passphrase, and then follow the instructions in the action's description, which are pretty straightforward. That action even allows you to pull content from multiple private repositories.
Upvotes: 0
Reputation: 114641
The GITHUB_TOKEN is scoped only to the triggering repository. If you need to access any resources in other repositories or in other accounts then you need to pass a token with a wider scope to the checkout step. This can be a GitHub App token, a Personal Access Token etc.
Store the token in the Secrets/Actions and pass it to the checkout task's token parameter.
Alternatively you can pass in an ssh key through the ssh-key parameter.
- uses: actions/checkout@v2
with:
# Repository name with owner. For example, actions/checkout
# Default: ${{ github.repository }}
repository: ''
# Personal access token (PAT) used to fetch the repository. The PAT is configured
# with the local git config, which enables your scripts to run authenticated git
# commands. The post-job step removes the PAT.
#
# We recommend using a service account with the least permissions necessary. Also
# when generating a new PAT, select the least scopes necessary.
#
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
#
# Default: ${{ github.token }}
token: ''
# SSH key used to fetch the repository. The SSH key is configured with the local
# git config, which enables your scripts to run authenticated git commands. The
# post-job step removes the SSH key.
#
# We recommend using a service account with the least permissions necessary.
#
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
ssh-key: ''
The same applies to calling resources in other repositories through an API or GitHub CLI.
Upvotes: 14
Related Questions
- Access another repo in organization in github action
- GitHub actions get SSH link of repository
- How to push to another repository in github actions?
- github action to copy a file from one repo to another
- Is it possible to trigger a GitHub action to a different repository?
- Github Actions remote repo issues
- Add a remote to a GitHub repository
- How to make GitHub Actions communicate with each other
- How to mirror a GitHub repo using Github actions?
- Install GitHub repo within GitHub Action Workflow