A few weeks ago, I encountered a challenging situation, prompting me to write this article to assist others facing a similar issue.

Scenario

I maintained a private repository that hosted the code for my application. Additionally, I created a separate private repository for a new library I developed. My objective was to use this library as a dependency in my primary project.

Locally, everything functioned smoothly, primarily due to my SSH key setup. However, when it came to GitHub Actions, I ran into difficulties. The stumbling block was my use of a personal access token (PAT) from a machine user. Specifically, I encountered errors during the npm ci step, primarily stemming from permission issues.

Solution

This is how I have managed to install dependencies from private GitHub repositories.

package.json

 "dependencies": {
        ...
        "pg": "8.6.0",
        "myprivatelib": "orgName/myprivateRepo"
    },

# Github Action

- uses: actions/checkout@v3
   with:
       persist-credentials: false
- uses: actions/setup-node@v1
  with:
      node-version: 16.x
- run: git config --global url."https://${{ secrets.PAT }}@github.com/".insteadOf ssh://git@github.com/
- run: npm ci

It is important to disable persisted credentials on actions/checkout, otherwise they will override your PAT.

Your GitHub action should run without any issues now!