Installing Private GitHub Dependencies in Workflows

September 25, 2021

Overview

A GitHub Action workflow is a configurable, automated process made up of one or more jobs. Workflows allow you to leverage GitHub-hosted runners (or self-hosted runners) to build a continuous integration and continuous delivery pipeline. Workflows may be run on every major operating system and support a variety of programming languages. You can even configure matrix builds that let you run multiple combinations of configurations.

Configuration

Workflow files use YAML syntax (with a .yml or .yaml file extension) and are stored in a .github/workflows directory. An example Python workflow that checks out your latest code, installs your dependencies and runs your test suite could look like this:

name: Tests

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  tests:
    runs-on: ubuntu-latest
    steps:
    - name: Check out Latest Code
      uses: actions/checkout@v3

    - name: Setup Python
      uses: actions/setup-python@v3
      with:
        python-version: 3.9
        architecture: x64

    - name: Install Dependencies
      run: |
        pip install -r requirements.txt

    - name: Run Tests
      run: |
        pytest tests

This workflow will run automatically when a push or pull request is made to the main branch.

Private Workflow Dependencies

There may be times when your code relies on private GitHub repositories. However, when you try to install these dependencies, the workflow will fail because GitHub is unable to access them without the necessary authentication.

To use private GitHub repositories in you workflows:

  • Create a Personal Access Token (creating a PAT):
    • Set the scope to repo and workflow (available scopes)
    • Specify a token name
      • A token value will be created and appear on the screen (copy and store this somewhere safe)
  • Create a repository Secret for your private GitHub repository (creating a repository secret):
    • The secret name can be anything (you will use this name in the workflow)
    • The secret value must include the Personal Access Token value that was created above, following this format:
https://<github_username>:<personal_access_token>@github.com/
  • Configure your workflow file to load your git credentials, allowing you to install private GitHub repositories using HTTP authentication:
    • Add the following code to your workflow (where PAT in secrets.PAT is the name of the Personal Access Token you created above)
- name: Setup Git Credentials
  uses: fusion-engineering/setup-git-credentials@v2
  with:
    credentials: ${{secrets.PAT}}

When your workflow runs, it will use the credentials you provided to install private GitHub repositories.