Permission denied on yarn install

So I forked a repository and tried to push it my own remote, but one of the actions fails because of permission denied on yarn install:

Run yarn install
yarn install v1.22.10
[1/4] Resolving packages...
[2/4] Fetching packages...
error Command failed.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
Exit code: 128
Command: git
Arguments: ls-remote --tags --heads ssh://git@github.com/boringcrypto/BoringSolidity.git
Directory: /home/runner/work/joe-core/joe-core
Output:
Warning: Permanently added the RSA host key for IP address '140.82.112.3' to the list of known hosts.
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Error: Process completed with exit code 128.

The workflow pipeline is pretty straightforward:

#  workflow pipeline
name: sushiswap

on: ["push", "pull_request"]

jobs:
  build:
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:
        node: ["14.x", "12.x"]
        os: ["ubuntu-latest"]

    steps:
      - uses: actions/checkout@v2
        with:
         ref: ${{github.event.pull_request.head.ref}}
         repository: ${{github.event.pull_request.head.repo.full_name}}

      - name: Nodejs  ${{ matrix.node-version }}
        uses: actions/setup-node@v2
        with:
          node-version: ${{ matrix.node-version }}
          check-latest: true

      - name: Install and Compile
        run: |
          yarn install
          yarn build

      - name: Test and Coverage
        run: |
          yarn test

This implies that you’re trying to install a dependency over SSH, which is not going to work unless you set up SSH authentication first. It looks like the repository is public though, so the easier solution would be to use HTTPS to fetch it without any authentication needed.

Yes I figured so, but not sure why it’s installing it over SSH. How do I get it to install over HTTPS ?

For reference, here’s how the package is defined in package.json:

  "devDependencies": {
    "@boringcrypto/boring-solidity": "boringcrypto/BoringSolidity#e06e943",
  ..
  }

I’m not sure, I’m not familiar with yarn. However, you should be able to change that to a full git+https:// URL: