Following is the step in the Github workflow of repository A
- name: Checkout repo-b
uses: actions/checkout@v2
with:
repository: myorg/repo-b
fetch-depth: 1
ref: master
token: ${{ secrets.GITHUB_TOKEN }}
The github action throws the following error:
...
...
Fetching the repository
/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin refs/heads/master*:refs/remotes/origin/master* refs/tags/master*:refs/tags/master*
remote: Repository not found.
Error: fatal: repository 'https://github.com/myorg/repo-b/' not found
...
...
I have specified following permissions in the workflow job containing this step:
permissions:
contents: write
packages: write
Do I need to enable any repository settings of these repos?
Using the same GITHUB_TOKEN it is able to access github's npm/docker registry in other steps.
CodePudding user response:
You cannot clone another repository using the secrets.GITHUB_TOKEN
. That token is only scoped to the repository running the workflow. If you wish to clone another repository, you will need set a repository secret with a PAT that has the permissions to perform the clone.
When you enable GitHub Actions, GitHub installs a GitHub App on your repository. The GITHUB_TOKEN secret is a GitHub App installation access token. You can use the installation access token to authenticate on behalf of the GitHub App installed on your repository. The token's permissions are limited to the repository that contains your workflow. For more information, see "Permissions for the GITHUB_TOKEN."