Open jshellen opened 3 years ago
Hi! Have you managed to solve it? I faced with the same one.
Likewise...
This is how I did it... not sure if it's the best solution:
Make a Github Personal Access Token (PAT) as per https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
In your .github/workflows/ yaml file:
env:
GH_PAT: ${{ secrets.GH_PAT }}
jobs: build: runs-on: ubuntu-22.04 steps:
if(DEFINED ENV{GITHUB_ACTION})
set(GIT_REPO https://<username>:$ENV{GH_PAT}@github.com/MyOrg/other-repo)
else()
set(GIT_REPO https://github.com/MyOrg/other-repo)
endif()
FetchContent_Declare( OtherRepo GIT_REPOSITORY ${GIT_REPO} GIT_TAG e35e6fe2402137b31e813d5290e2a9d123951d1e )
FetchContent_MakeAvailable(OtherRepo)
Replace `<username>` with that used in generating the PAT.
The conditional in CMakeLists.txt allows local builds.
I found this solution (based on PAT as well):
git config --global credential.helper store
works well
A slightly modified version of @catpatris's solution to keep the CMakeLists.txt as simple as possible. The github actions CI file gets a bit messier with this strategy, but I think it's worth keeping the CMakeLists.txt clean because more people will interact with that file (for my use case at least).
CMakeLists.txt
include(FetchContent)
FetchContent_Declare(
<repo_name>
GIT_REPOSITORY git@github.com:<my_org>/<repo_nam>.git
GIT_TAG <repo_hash>
)
CI config file (note that we don't need any username here, just the PAT):
- name: Configure CMake
env:
GH_PAT: ${{ YOUR_PAT }}
run: |
# Need a little regex here so we can download repo with PAT
sed -i 's|git@github.com:|https://$ENV\{GH_PAT\}@github.com/|g' CMakeLists.txt
cmake -S . -B build
I just stumbled upon this issue. The weird thing is that fetchcontent works if I use this:
git config --global url."https://${{ secrets.GH_ACCESS_TOKEN }}@github.com/".insteadOf "git@github.com:"
in a step before the cmake one. Please note I always use SSH to access repos, so the deps are declared like this:
FetchContent_Declare(
mdtk
GIT_REPOSITORY git@github.com:<org>/mdtk
GIT_TAG fc8a658
)
However, passing the same secret in the token
parameter of the checkout action do not work, apparently fetchcontent still wants to use ssh to get the sources, ignoring the previous global settings from the action:
[ 11%] Creating directories for 'mdtk-populate'
[ 22%] Performing download step (git clone) for 'mdtk-populate'
-- Configuring incomplete, errors occurred!
Cloning into 'mdtk-src'...
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
I am still not sure if this is a problem with the action or cmake/fetchcontent, can anyone help diagnose?
Is there a good example of how to do this properly yet?
I found this on the web as well - for supporting keys: https://github.com/webfactory/ssh-agent?tab=readme-ov-file#ssh-agent-github-action
I would like to refrain from using a PAT as it is tied to a particular user I know I can use deploy keys but that is one per repo.
Any suggestions here? I know it's not a one-size fits all issue but an example would be nice.
Just use webfactory/ssh-agent
github action and add your private ssh key to it via env var.
- uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.YOUR_SSH_PRIVATE_KEY }}
Then in cmake fetch repo like
FetchContent_Declare(your_private_repo
GIT_REPOSITORY git@github.com:your_org/your_private_repo.git
GIT_TAG ...
)
TLDR: CMake configuration step fails to FetchContent_MakeAvailable when trying to clone a private repository.
Background: We have a C++ project which uses CMake and FetchContent to manage external dependencies. All external dependencies are contained in private repositories under our own organization. We are trying to automate unit testing using GitHub Actions but are unable to make this work due to the fact that FetchContent_MakeAvailable fails when trying to clone into private repositories.
cmake.yml
Error log:
How can we fix this?