I'm trying to access another github repo with gh cli as a part of a workflow.
I am using the gh release view
command as below
run: |
echo "::set-output name=description::$(gh release view --repo <owner/repo>)"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
The workflow is failing with 404, I understand it's because the repo is private, even though both repositories have the same owner. When authenticated locally, the command works just fine.
Is there any way to access that repo in the workflow?
CodePudding user response:
The GITHUB_TOKEN is scoped only to the triggering repository. If you need to access any resources in other repositories or in other accounts then you need to pass a token with a wider scope to the checkout step. This can be a GitHub App token, a Personal Access Token etc.
Store the token in the Secrets/Actions and pass it to the checkout task's token parameter.
Alternatively you can pass in an ssh key through the 'ssh-key' parameter.
- uses: actions/checkout@v2
with:
# Repository name with owner. For example, actions/checkout
# Default: ${{ github.repository }}
repository: ''
# Personal access token (PAT) used to fetch the repository. The PAT is configured
# with the local git config, which enables your scripts to run authenticated git
# commands. The post-job step removes the PAT.
#
# We recommend using a service account with the least permissions necessary. Also
# when generating a new PAT, select the least scopes necessary.
#
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
#
# Default: ${{ github.token }}
token: ''
# SSH key used to fetch the repository. The SSH key is configured with the local
# git config, which enables your scripts to run authenticated git commands. The
# post-job step removes the SSH key.
#
# We recommend using a service account with the least permissions necessary.
#
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
ssh-key: ''
The same applies to calling resources in other repositories through an API or GitHub CLI.