actions / checkout

Action for checking out a repo
https://github.com/features/actions
MIT License
5.93k stars 1.76k forks source link

Unable to npm install private repo via ssh using with `ssh-key` #195

Open RobinBol opened 4 years ago

RobinBol commented 4 years ago

I am trying to setup an action which checks out a git repo which has private npm dependencies (e.g. "my-package": "git+ssh://git@github.com/myOrg/myPrivateRepo.git".

Previously I would use:

- uses: webfactory/ssh-agent@v0.2.0
   with:
      ssh-private-key: ${{ secrets.SSH_KEY }}

Running npm ci afterwards results in a successful installation of my-package.

Now I saw checkout@v2 has its own ssh-key property, so I'd like to use that instead of the webfactory/ssh-agent@v0.2.0 action.

However the following configuration results in a git@github.com: Permission denied (publickey).:


- name: Checkout git repository
   uses: actions/checkout@v2
      with:
         ssh-key: ${{ secrets.SSH_KEY }}
         token: ${{ secrets.PAT }}

- name: Build
   run: npm ci
Full error log ``` Run npm ci npm ERR! code 128 npm ERR! Command failed: git clone --mirror -q ssh://git@github.com/myOrg/myPackage.git /home/runner/.npm/tmp/git-clone-60d07701/.git npm ERR! warning: templates not found in /tmp/pacote-git-template-tmp/git-clone-5994cbe0 npm ERR! git@github.com: Permission denied (publickey). npm ERR! fatal: Could not read from remote repository. npm ERR! npm ERR! Please make sure you have the correct access rights npm ERR! and the repository exists. npm ERR! npm ERR! A complete log of this run can be found in: npm ERR! /home/runner/.npm/_logs/2020-03-24T10_03_37_383Z-debug.log ##[error]Process completed with exit code 1. ```

I would expect that the ssh-key option would setup the ssh key in the local git config similar to webfactory/ssh-agent@v0.2.0 but that does not seems to be the case. Anyone an idea what is happening here?

Thanks!

ericsciple commented 4 years ago

@RobinBol when ssh-key is provided, it is configured in the local git config using core.sshCommand

alexrindone commented 4 years ago

Was there a solution to this? I am having a similar issue.

RobinBol commented 4 years ago

@alexrindone as stated in the issue description, I worked around this by:

       - uses: webfactory/ssh-agent@v0.2.0
        with:
          ssh-private-key: ${{ secrets.SSH_KEY }}

But, I did not manage to get it working without webfactory/ssh-agent, it seems as @ericsciple suggests there is a difference between the way the two approaches setup ssh in the action workspace.

rockerbacon commented 4 years ago

I had the same problem on a different context.

My project contains bash scripts that manage git submodules in a project. One of the tests checks for compatibility with SSH and that test would not pass when using ssh-key.

The specific line of code run during the tests can be found here and the Actions workflow can be found here.

erin-doyle commented 4 years ago

I agree in that I would expect this to work, especially based on this from the README:

The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup.

So I'm not sure if I'm setting up the secret wrong or this really doesn't work with regards to npm package installs. I'm using the private key for our service user (as recommended in the docs). Is that correct?

erin-doyle commented 3 years ago

It looks like the workaround to this, using webfactory/ssh-agent no longer works. I'm getting this error:

Error: Unable to process command '::set-env name=SSH_AUTH_SOCK::/tmp/ssh-pt8h3REXijrf/agent.2441' successfully.
Error: The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
Error: Unable to process command '::set-env name=SSH_AGENT_PID::2442' successfully.
Error: The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

So it looks like Github has disabled some key capability that may prevent this action from working altogether? Removing it I find myself right back to the original problem, getting the error:

npm ERR! git@github.com: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.

when trying to use actions/checkout@v2 with ssh-key. This really needs to be fixed or else more clear usage instructions in the case that something else needs to be done either than:

- uses: actions/checkout@v2
        with:
          ssh-key: ${{ secrets.MACHINE_USER_KEY }}
erin-doyle commented 3 years ago

FYI to those relying on the workaround of using webfactory/ssh-agent you can update to the latest version v0.4.1 where its been fixed.