Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Pilot Lvl 1
Message 1 of 4

How to checkout a private submodule from a github action?

Solved! Go to Solution.

Apparently the $GITHUB_TOKEN only has permissions for the current repo (which makes sense) -- is there a way to allow access to another private repo?

It's currently failing:

Submodule 'secrets' (git@github.com:{}/{}.git) registered for path 'secrets'
Cloning into '/home/runner/work/{}/{}/secrets'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of 'git@github.com:{}/{}.git' into submodule path '/home/runner/work/{}/{}/secrets' failed
Failed to clone 'secrets'. Retry scheduled
3 Replies
Highlighted
Solution
Pilot Lvl 2
Message 2 of 4

Re: How to checkout a private submodule from a github action?

You should be able to set a custom token when using the checkout action. So, if you have a token that you know will have access to both your current repo as well as the submodule(s), you can run a step like:

 

- uses: actions/checkout@v1
  with:
    token: ${{ secrets.ACCESS_TOKEN }}
    submodules: true

Which would use a secret called "ACCESS_TOKEN" (which you should then create in the repository that runs your workflow) to pull the repositories.

Pilot Lvl 1
Message 3 of 4

Re: How to checkout a private submodule from a github action?

Cool yeah that makes sense. I only wish there were a way to generate a custom token with restricted access to only a couple of repos :/ I guess I'll probably make a bot account with limited permissions and go with that.

Thanks!

Highlighted
Ground Controller Lvl 1
Message 4 of 4

Re: How to checkout a private submodule from a github action?

Sadly they broke that with actions@v2 so beware when updating! You now have to use something like this if you want to keep using SSH URLs instead of HTTPS:

 

steps:
      - uses: actions/checkout@v2
      - name: Checkout submodules
        uses: actions/checkout@v2
        with:
          repository: yourPrivateOrg/yourPrivateRepo
          token: ${{ secrets.ACCESS_TOKEN }}
          path: yourPrivateRepo