github_access_token not working with private github flake input - Githubissues

cachix / install-nix-action

Installs Nix on GitHub Actions for the supported platforms: Linux and macOS.

Apache License 2.0

498 stars 78 forks source link

github_access_token not working with private github flake input #205

Closed sg-qwt closed 5 months ago

sg-qwt commented 5 months ago

steps to reproduce:

flake has private github repo input xxx = { url = "github:myuser/myprivaterepo"; };
run those two steps:
- name: Install Nix uses: cachix/install-nix-action@v25 with: github_access_token: ${{ secrets.GITHUB_TOKEN }}
- name: Flake Meta run: nix flake metadata github:myuser/myprivaterepo

error: unable to download 'https://api.github.com/repos/myuser/myprivaterepo/commits/HEAD': HTTP error 404

Same kind of error with nix flake check for example. In fact, any of the non root nix command will be blocked by api.github.com with 404 even though the token is valid to fetch private repo.

I suspect this has to do with the permission of running nix as non root. For example, if I put access-tokens = github.com=xxx into that file and make sure my user can access /my/github/access_token_file

then

  nix.extraOptions = ''
    !include /my/github/access_token_file
  '';

nix flake metadata github:xxx/xxx or any of the other nix flake command can go through with the token successfully. Otherwise only the sudo nix command can access github private repo.

My observation is tested on my local nixos box, but it's probably the same cause for the CI failure.

sg-qwt commented 5 months ago

Sorry, I accidentally used a wrong access token this case. github_access_token is working as expected with private repos. Sry for the noise.