I’m running into a weird issue that I can’t quite nail down the cause of.
My repository has a dependency in its package.json
file that links to a specific tag in a public repository on GitHub (this specific version isn’t published to npm, which is why we have to do this).
{
"dependencies": {
"Select2": "select2/select2#3.5.4"
}
}
It’s a public repository and we’ve never had any issue with it when running npm install
in any context (locally, CI, etc) before.
I wanted to make an action that uses preactjs/compressed-size-action@v2 to report our bundle size on PRs.
This is the workflow:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: preactjs/compressed-size-action@v2
with:
build-script: build
compression: gzip
exclude: '{**/*.map,**/node_modules/**}'
pattern: '{public/css/**/*,public/js/**/*}'
repo-token: ${{ secrets.GITHUB_TOKEN }}
strip-hash: "\\b\\w{20}\\."
When preactjs/compressed-size-action
tries to install dependencies I get this error:
npm WARN prepare removing existing node_modules/ before installation
npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://git@github.com/select2/select2.git
npm ERR!
npm ERR! Warning: Permanently added the RSA host key for IP address '140.82.112.3' to the list of known hosts.
npm ERR! git@github.com: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm seems to be trying to connect to GitHub via SSH, which presumably doesn’t work because there are no SSH keys in my workflow. I don’t think it’s a bug with npm because I tried to reproduce it and can’t. I suppose it could be a bug with this specific action but I’ve looked through the code and there’s nothing out of the ordinary in it that would seem like it would cause npm/Git to try to connect to GitHub via SSH.
It feels like there’s an issue with my workflow or maybe Github Actions but it’s such a simple workflow I can’t imagine what it might be.
Does anyone know what I’m missing or have any ideas of what I could try?