Github-action: action in private repository

Chiming in here for our organization.  This is a pretty crucial feature for Enterprise customers, and it’s somewhat disheartening to see it missing since GitHub actions as a whole is, in my opinion, a game-changer.

7 Likes

In theory, using the checkout action to clone the private repo into the workspace where you want to use it should work or?

It does. Now that there are preview APIs for managing secrets, you can wire up a secret for cloning the private action repo, but it is still a hack.

github/checkout@master recently got updated to include submodules. I have been doing it this way. Definitely a “hack” still, but very workable.

3 Likes

+1 for use within organizations. Without this, we need to repeat code in a lot of places.

5 Likes

this worked for me…  hope it helps!

name: Awesome Action

on:
  pull_request:
    types: ['opened', 'edited', 'reopened', 'synchronize']

jobs:
  awesome:
    name: Awesome Action
    runs-on: ubuntu-latest
    steps:
      # checkout this repo
      - name: Checkout Repo
        uses: actions/checkout@v2
      # checkout the private repo containing the action to run
      - name: Checkout GitHub Action Repo
        uses: actions/checkout@v2
        with:
          repository: MyOrg/my-action
          ref: v0.1.2
          token: ${{ secrets.GIT_HUB_TOKEN }} # stored in GitHub secrets
          path: .github/actions/my-action
      - name: Run My Action
        uses: ./.github/actions/my-action
27 Likes

Works like a charm :slight_smile:

Hey, but a good workaround.

oh perfect thanks Patrick. I wonder if this is actually the intended usage, but it does sound like Github haven’t thought about it. This is and submodules are a very good workaround, but it’d be nice if you could add tokens to uses part.

2 Likes

Works perfectly! Thank you! So much better than submodules.

workaround works, but more interested to see native support for private actions (aka, actions in private repo) to able to share in the org or even cross orgs.

1 Like

+1 for having private actions built-in support. This is definitely a must have for organisations like the one I currently work for that has hundreds of repos, most of them with the same CI/CD workflows. Copy and paste the same code is one of the worst code smells ever!

As we could not wait for the built-in support to start using GitHub Actions professionally, I’ve created a (public / published) custom action to solve the problem the way we think it’s good for our currently needs. I hope it can help someone:

2 Likes

@andreagriffiths11
Any news on this? It’s been a year :slight_smile:
Many here don’t understand why this issue is not implemented.

Edit: The workaround from @patrickraco is simple enough, atleast for my requirements. Cheers!

1 Like

GitHub, please share updates on this. This is a basic requirement for any enterprise organization - having to copy paste actions is not fun. While others have given workarounds, they don’t work because all repos have to do a lot more than required (and are basically manually running a script)

1 Like

This task is on the roadmap for Q1 2021:

3 Likes

Nice :partying_face: Passing parameters just via “with:” ?

I have a small issue where I’m using checkout on a repo with multiple actions. when I specify the path it doesn’t find the correct path to the action for some reason :thinking:
Anyone had a similar issue with this or some advice?

I haven’t ran into this issue, but here is another example:

# --snip--
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2                            # 1
      - uses: actions/checkout@v2                            # 2
        with:
          repository: your-organization/private-actions-repo # 3
          token: ${{ secrets.YOUR_BOTS_PAT }}                # 4
          path: .github/actions                              # 5
      - name: Private Action
        uses: ./.github/actions/some/private/action          # 6

You may already know this information, but I’m going to break it down in a few steps so that others can follow in the future.

  • The first checkout (1) is for the repository you’re working in.
  • The second checkout (2) is for your private actions.
  • This is the location of where the private actions repository lives (3)
  • In this case, ${{ secrets.YOUR_BOTS_PAT }} (4) is a personal access token that has access to your org’s repository.
  • The naming of path .github/actions (5) doesn’t really matter, just ensure wherever clone the repository, you reference it when you use it in a step (6).
3 Likes

Amazing!
Super helpful broken down tips!

1 Like

@jef I am trying your example implementation and am getting a strange error: ##[error]Top level 'runs:' section is required for /home/runner/work/#####/./.github/actions/service-deploy/action.yml. I simply copied my working action from the repo it was running in into a github-actions private org repo and am referencing it like you are in your example. Any ideas why that error would be popping up?