Open rvignolo opened 2 months ago
Hello @rvignolo,
Generally speaking, the GitHub token should not be passed to the workflow that does the reproducible build.
In your private repository, do this:
...
permissions:
contents: write
jobs:
build:
uses: multiversx/mx-sc-actions/.github/workflows/reproducible-build.yml...
Let us know how it goes :pray:
Additional references:
Hi @andreibancioiu!
Sorry, let me better explain. Our actions are working properly. The issue arises when there is a dependency of one smart contract A
with another smart contract B
, and the smart contract B
is hosted in a private repository. Then, we need to give credentials for the CI.
This can be solved using GitHub Deploy Keys. We are using those in conjunction with the following action:
- name: Setup Credentials
uses: webfactory/ssh-agent@v0.9.0
if: inputs.has-private-dependencies
with:
ssh-private-key: |
${{ secrets.sc-1-deploy-pk }}
${{ secrets.sc-2-deploy-pk }}
${{ secrets.sc-3-deploy-pk }}
and it works.
The problem is with the reproducible build. We need to give credentials to the docker instance. We are currently using cargo vendor
to solve the problem. Any ideas?
@andreibancioiu I can open a PR if wanted! Thanks!
Hello @rvignolo,
Sorry for the delay :pray:
We'll have a look (at the general matter and on the PR) :raised_hands:
Thank you so much @andreibancioiu!
It would be great if we could be able to send a GitHub token to the docker image such that it can fetch private repositories and perform the reproducible build with this as well.
What do you think?