Cannot access private repository with `github-token`

[aliphys]

Describe the problem

GitHub Runner does not have access to private repositories, even when the github-token field is set.

To reproduce

As part of a compile-examples workflow, I have a private repository that I want to include in the libraries field.

      - name: Compile examples
        uses: arduino/compile-sketches@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          fqbn: ${{ matrix.board.fqbn }}
          platforms: ${{ matrix.board.platforms }}
          libraries: |
            - source-path: ./
            - name: Arduino_PF1550
            - name: Arduino_LowPowerPortentaH7
            - source-url: https://github.com/arduino-libraries/Arduino_LowPowerPortentaC33.git
            - source-url: https://github.com/bcmi-labs/Arduino_LowPowerNiclaVision.git
          sketch-paths: |
            ${{ env.UNIVERSAL_SKETCH_PATHS }}
            ${{ matrix.board.additional-sketch-paths }}
          enable-deltas-report: true
          sketches-report-path: ${{ env.SKETCHES_REPORTS_PATH }}

As stated in the README section the token is provided to the GitHub API: github-token: ${{ secrets.GITHUB_TOKEN }} https://github.com/arduino/compile-sketches/blob/8ac27e99289705c4abec832089575d687b859227/README.md?plain=1#L210-L214

However, the internal library is not accessible to the GitHub Runner according to the logs.

git.exc.GitCommandError: Cmd('git') failed due to: exit code(128)
  cmdline: git clone -v --depth=1 --recurse-submodules -- https://github.com/bcmi-labs/Arduino_LowPowerNiclaVision.git /tmp/compilesketches-205fms1c/install_from_repository-iu_c__ge
  stderr: 'Cloning into '/tmp/compilesketches-205fms1c/install_from_repository-iu_c__ge'...
fatal: could not read Username for 'https://github.com/': No such device or address
'
Error: Process completed with exit code 1.

Expected behavior

If I enter a private GitHub repository for the source-url key, and I have access to it, then the GitHub Runner should also have access to it and load the library.

'arduino/compile-sketches' version

arduino/compile-sketches@v1

Additional context

No response

Issue checklist

• [X] I searched for previous reports in the issue tracker
• [X] I verified the problem still occurs when using the latest version
• [X] My report contains all necessary details

[per1234]

Hi @aliphys. The token is only used for GitHub API requests. The operation that is failing is just a standard git clone, which doesn't use the GitHub API at all.

I documented how to do this in the FAQ after the last time you reported it (https://github.com/arduino/compile-sketches/issues/167):

https://github.com/arduino/compile-sketches/blob/main/docs/FAQ.md#how-can-i-install-a-platform-or-library-dependency-from-an-external-private-repository

---

Alternatively, you could use a dedicated step in the workflow to checkout the private repository to the runner workspace prior to the step that runs the arduino/compile-sketches action. You would use the actions/checkout action in this step. actions/checkout has support specifically for checking out private repositories using a PAT:

https://github.com/actions/checkout#checkout-multiple-repos-private

Then instead of using a "repository" source for the private library dependency in the arduino/compile-sketches action step, you would use the "local path" source for the library dependency, which will now be possible since the actions/checkout step has placed it in the local path under the runner workspace.

Using actions/checkout might be superior to the source-url: https://<PAT>@<URL> approach described in the FAQ since programmatically cloning private repositories with a PAT via actions/checkout is explicitly supported by GitHub, whereas I just did some searching and was not able to find any authoritative reference for git clone https://<PAT>@<URL> (even though I'm sure I learned about this from the official GitHub documentation at some point in the past).