GitHub Action with private Swift Package

Hi community,

What’s the preferred way to access a private Swift Package (in the same org) from within a GitHub Action? The action doesn’t have access to this repo/package and so the run fails with the following message:

xcodebuild: error: Could not resolve package dependencies:
  Authentication failed because no credentials were provided.

Thanks!

– Flo

2 Likes

To access the packages from GitHub Packages, you should login to GitHub Packages at first.

For example:

  • If Docker package, you can execute the following command to login: docker login -u USERNAME -p TOKEN docker.pkg.github.com.
  • If npm package, you can execute the following command to login: npm-cli-login -r https://npm.pkg.github.com -u USERNAME -p TOKEN -e EMAIL (if npm-cli-login is not installed, execute npm install -g npm-cli-login to install it).

When the packages are published on the same repository where the workflow is hosted, you can use the GITHUB_TOKEN to authenticate. If on different repository, you need to add a PAT with more scopes and set it as a secret in the workflow repository.

More details about GitHub Packages, you can reference here: https://help.github.com/en/github/managing-packages-with-github-packages

Thanks for your reply. We don’t use GitHub Packages. It’s just a simple repo containing a Swift Package (as in Swift Package Manager or SPM). And from what I see on the GitHub Packages website, this doesn’t even support Swift Packages, does it?

Maybe you can try to checkout/clone the resource of your Swift Package from the repository when you want to use the package in the workflow on another repository.

In the workflow, you can use the checkout action or git clone command to checkout/clone your Swift Package repository into the specific directory under the workspace of the workflow.

And if the Swift Package is a dependence of the main project repository where the workflow is hosted, you also can consider to set the Swift Package repository as a submodule of the main project repository, and every time after you checkout the main project repository to the workspace, you can run the git commands to checkout the submodule to workspace.

Hey, did you happen to find an answer to this question?

We have a github action setup for our swift package and the action is failing because it cannot clone the second swift package that the first swift package depends on.

1 Like

I faced the same issue and tried to set up a custom ssh key on a runner using https://github.com/marketplace/actions/install-ssh-key but unfortunately, it didn’t work.

For anyone who wondering SPM (Swift Package Manager) can deal with private packages (in our case private git repositories) by setting local .ssh directory with the proper key and config. For some reason, it doesn’t work when running from a GitHub workflow. I always get error

Permission denied (publickey). Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

2 Likes

This can be achieved via an SSH key:

  • Add SSH key (with access to all private packages) as a secret to the repo running the action.

  • Run the following command prior to swift build:

ssh-add - <<< "${{ inputs.<secret_named> }}"

1 Like

Has anyone managed to get this working? Github Actions are very frustrating to use with iOS projects.

EDIT:

I finally managed to fix this problem with a combination of @johnmorrell response above and another solution I found in this thread: Please provide `ssh_known_hosts` for GH services in Actions - #7 by BrentMifsud

Here was my solution (ugly but effective):

    env:
      # Used to access private repos
      GITHUB_ACCESS_TOKEN: ${{ secrets.CICD_GITHUB_TOKEN }} 
      ...

    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Fix Up Private Github URLs
        # Add github token to all private repo URLs 
        run: find . -type f \( -name '*.pbxproj' -o -name 'Package.swift' -o -name 'Package.resolved' \) -exec sed -i '' "s/https:\/\/github.com\/${GITHUB_REPOSITORY_OWNER}/https:\/\/${GITHUB_ACCESS_TOKEN}@github.com\/${GITHUB_REPOSITORY_OWNER}/g" {} \;
      - name: Test
        run: fastlane test
        ...
3 Likes

Hey all,
I was able to get around this by using https://<personal_access_token>@github.com/repo/project.git for my private swift package in Xcode.

I hope this approach helps others who got stuck with the ssh keys.

not sure if it works but a good post about how xcode works with ssh git - How to use Swift Package Manager with private repos? - Stack Overflow

Basically xcode uses its own folder of known hosts. But you can tell the system to use the default location by running on CI the command

sudo defaults write com.apple.dt.Xcode IDEPackageSupportUseBuiltinSCM YES

This solution stopped working in some cases when we switched to macos-11 particularly with transitive dependencies. Came up with this solution which works better using git config to rewrite all of our private repo urls to include an access token. This only works if you also ensure that xcodebuild is using the system scm – for fastlane that means setting GYM_USE_SYSTEM_SCM and SCAN_USE_SYSTEM_SCM. If you are using xcodebuild directly, add -scmProvider system (see Apple Developer Documentation)

Here is snippet from a solution using fastlane:

    env:
      # Used to access private repos
      GITHUB_ACCESS_TOKEN: ${{ secrets.CICD_GITHUB_TOKEN }} 
      # Important: ensure we use the system scm so private repo access works
      GYM_USE_SYSTEM_SCM: true
      # Important: ensure we use the system scm so private repo access works
      SCAN_USE_SYSTEM_SCM: true
    ...
    steps:
     ...
      - name: Add Private Repo Auth
        # Important: along with env vars `GYM_USE_SYSTEM_SCM: true` and `SCAN_USE_SYSTEM_SCM: true` this insures spm can resolve dependencies for our private repos
        run: git config --global --add url."https://${GITHUB_ACCESS_TOKEN}@github.com/${GITHUB_REPOSITORY_OWNER}".insteadOf "https://github.com/${GITHUB_REPOSITORY_OWNER}"
      - name: Test
        run: fastlane test
    ...