Photo by Richy Great on Unsplash
How to setup Github Actions to use a private repository as a dependency
A few weeks ago, I encountered a challenging situation, prompting me to write this article to assist others facing a similar issue.
Scenario
I maintained a private repository that hosted the code for my application. Additionally, I created a separate private repository for a new library I developed. My objective was to use this library as a dependency in my primary project.
Locally, everything functioned smoothly, primarily due to my SSH key setup. However, when it came to GitHub Actions, I ran into difficulties. The stumbling block was my use of a personal access token (PAT) from a machine user. Specifically, I encountered errors during the npm ci
step, primarily stemming from permission issues.
Solution
This is how I have managed to install dependencies from private GitHub repositories.
package.json
"dependencies": {
...
"pg": "8.6.0",
"myprivatelib": "orgName/myprivateRepo"
},
# Github Action
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: actions/setup-node@v1
with:
node-version: 16.x
- run: git config --global url."https://${{ secrets.PAT }}@github.com/".insteadOf ssh://git@github.com/
- run: npm ci
It is important to disable persisted credentials on actions/checkout
, otherwise they will override your PAT
.
Your GitHub action should run without any issues now!