How to verify links to other private repos

gaurav-nelson / github-action-markdown-link-check

Check all links in markdown files if they are alive or dead. 🔗✔️

MIT License

406 stars 76 forks source link

How to verify links to other private repos #108

Open dvdstelt opened 3 years ago

dvdstelt commented 3 years ago

I have 2 private repos with documentation. RepositoryA has a .md file with a link to a .md file in RepositoryB. GitHub actions in RepositoryA by default doesn't have access to RepositoryB. Is there a way to achieve this?

gaurav-nelson commented 3 years ago

Thank you @dvdstelt

I'm not 100% sure if it will work or if there are any security implications of using this approach.

Maybe you can use GITHUB_TOKEN (https://docs.github.com/en/actions/reference/authentication-in-a-workflow) with the httpHeaders and urls options in your config.json file.

gaurav-nelson commented 3 years ago

@dvdstelt Is this still an issue? Were you able to address it?

If yes, can you share the configuration? I can maybe add it as an example in the README.

dvdstelt commented 3 years ago

It needs to be a code change, not possible via config alone, from what I can see.

gaurav-nelson commented 3 years ago

@dvdstelt when you say:

RepositoryA has a .md file with a link to a .md file in RepositoryB

Is it a hyperlink?

dvdstelt commented 3 years ago

It is indeed a hyperlink. In my case to a different repo in within the same organization.

fharper commented 2 years ago

I would love to see that feature!

khanguslee commented 2 years ago

Any updates on your end @gaurav-nelson ?

It looks like you can't use the value ${{ secrets.GITHUB_TOKEN }} inside the .json file for the markdown link config file. I would like to have this feature as our README.md file in our private repo, links to documentation found on our wiki page in our private repo. We also have the same issue where we reference other private repositories too.

gbmarc1 commented 1 year ago

Hi! I would also be in need of that feature! My organization links https://github.com/<organization> are all failing. I feel like this could be resolved by providing a template for the mlc_config.json to resolve the github_token in the Authorization header.

{
  "httpHeaders": [
    {
      "urls": ["https://github.com/<organization>"],
      "headers": {
        "Authorization": "Bearer ${{ secrets.GITHUB_TOKEN }}"
      }
    }
  ]
}

AndersBennedsgaard commented 6 days ago

Just FYI, the default GITHUB_TOKEN in Github workflows are scoped to the repository where the workflow is run: https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication

So if you need to check if hyperlinks to other private repositories are valid, you will need to make use of a Github app or a PAT with permissions to both repositories