Fork me on GitHub
#tools-deps
<
2022-06-23
>
cjohansen11:06:14

Can tools deps check out private github repos with a personal access token? Specifically, deps.edn has <mailto:[email protected]|[email protected]>:… dependencies, how can I use a personal access token in github actions for tools deps to find the dependencies?

Alex Miller (Clojure team)12:06:33

If you can use git clone outside the Clojure CLI, then it should work

Alex Miller (Clojure team)12:06:47

So solve that problem first

Alex Miller (Clojure team)12:06:04

The CLI is just shelling out to git

cjohansen12:06:08

Right, thanks

cjohansen12:06:20

I’ll try to use an SSH key instead, I think that’s easier

Alex Miller (Clojure team)12:06:54

Some of that stuff is set up for you in gh actions

cjohansen12:06:50

The checkout thing works with a token, but I’m not sure how to combine it with the tools deps step

cjohansen12:06:59

(I’m rather new at github actions…)

Alex Miller (Clojure team)12:06:35

been a while since i used a token - what does that look like? does it get passed on the command line or is it ambient somehow

cjohansen12:06:07

I’m not entirely sure 😅 With the checkout action you just specify the token. I think you can use it as a password with your username. Anyway, I got my action pipeline working with an ssh key 👍

practicalli-johnny14:06:53

Are you sure a token is needed? If an action is within the scope of the current repository, a GITHUB_TOKEN is automatically created for the GitHub action by GitHub. Or you can set a GITHUB_TOKEN environment variable in the repository or the organisation that repository belongs too, usually if you need to update or otherwise affect another repository/ organisation or user.

jjttjj12:09:34

"Bumping" this because I see it was already discussed but I'm not quite sure I'm clear on an answer, at least for my situation. I'm trying to use clj from a github action in a private repo that has a dependency on another private repo in the same organization. I'm using an oldish version of https://github.com/DeLaGuardo/setup-clojure (v3.5). Getting the following error:

Unable to clone /home/runner/.gitlibs/_repos/github.com/my/proj
fatal: could not read Username for '': terminal prompts disabled
Is there something I need to do with the GITHUB_TOKEN (that github actions set)? Do I need to clone a repo using the token as the password, and possibly set git to use caching? (Just wondering if there's a quick fix I'm missing before I start spamming changes to my workflow yml since I don't currently it setup to run locally)

dharrigan12:09:19

Would this be a case of using clojure, not clj as clj uses rlwrap which expects a terminal?

jjttjj12:09:03

Nope, I'm using clojure

jjttjj12:09:04

I think I might need to use the configure_git option with https://github.com/marketplace/actions/private-actions-checkout, attempting that now

jjttjj13:09:10

Ah, didn't seem to work

dharrigan13:09:32

Let me DM you

jjttjj14:09:26

Ok I got it working, this is what worked for me. After creating a secret for the organization that has a read-only personal access token, I put this in the github hactions yaml:

...
jobs:
  build:
    ...
    - name: Use github personal access token to authenticate private repos
      run: git config --global --add url.":${{ secrets.ORG_PERSONAL_ACCESS_TOKEN }}@github.com/".insteadOf ""

practicalli-johnny14:09:55

The github_token that GitHub automatically creates can only be used for the current repository, so as you rightly have done an org (or user) token is required to access other repositories (that are not public)

practicalli-johnny14:06:16

I assume to access a private repo you can create a token on the private repo and set that as the GITHUB_TOKEN value from the GitHub action that is accessing it (in theory)

jjttjj12:09:34

"Bumping" this because I see it was already discussed but I'm not quite sure I'm clear on an answer, at least for my situation. I'm trying to use clj from a github action in a private repo that has a dependency on another private repo in the same organization. I'm using an oldish version of https://github.com/DeLaGuardo/setup-clojure (v3.5). Getting the following error:

Unable to clone /home/runner/.gitlibs/_repos/github.com/my/proj
fatal: could not read Username for '': terminal prompts disabled
Is there something I need to do with the GITHUB_TOKEN (that github actions set)? Do I need to clone a repo using the token as the password, and possibly set git to use caching? (Just wondering if there's a quick fix I'm missing before I start spamming changes to my workflow yml since I don't currently it setup to run locally)