However, GitHub Actions fails to fetch this particular dependency:
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
** (Mix) Command "git --git-dir=.git fetch --force --quiet --progress" failed
##[error]Process completed with exit code 1.
How to fetch a private dependency on GitHub Actions?
I’ve been looking for how to add an SSH key to GitHub Actions, stumbled onto this blogpost which refers to this action.
I created a SSH key with the following command: ssh-keygen -t ed25519 -a 100 -f /path/to/file
copied the whole private key file to both to the repository where I run the action from and to the private repository that I use as a dependency under the secret configuration of each repository on GitHub
copied the whole public key file to the deploy_key configuration of the repository where I ran GitHub Actions
then I updated my GitHub Actions configurations with the webfactory/ssh-agent action.
However, I still get the following error message:
fatal: could not read Username for 'https://github.com': No such device or address
** (Mix) Command "git --git-dir=.git fetch --force --quiet --progress" failed
##[error]Process completed with exit code 1.
You will need to generate a token with valid claims for this private repo and include it in your repo’s secrets. Notice how git is being configured to always include your token in the URL (https://${GITHUB_TOKEN}:x-oauth-basic@github.com) instead of just calling https://github.com/. Hopefully this configuration will suffice, but you’ll have to test it out.
In my mix.exs file, I fetched the private dependency with SSH. Then I updated my workflow definition file with the webfactory/ssh-agent action; followed the steps in the README and added a deploy_key to the private dependency that GHA was trying to fetch.
Thanks for the tip, I had the additional problem, that my build runs mostly inside a Dockerfile, so I had to add an SSH mount as well. Maybe it helps someone:
# ...
RUN --mount=type=ssh <<EOT
set -e
echo "Setting Git SSH protocol"
git config --global url."git@github.com:".insteadOf "https://github.com/"
(
set +e
ssh -T git@github.com
if [ ! "$?" = "1" ]; then
echo "ERROR: No GitHub SSH key loaded"
exit 1
fi
)
EOT
ENV MIX_ENV="prod"
COPY mix.exs mix.lock ./
# IMPORTANT: add the --mount=type=ssh when running mix deps.get
RUN --mount=type=ssh mix deps.get --only ${MIX_ENV}
# ...