update-flake-lock icon indicating copy to clipboard operation
update-flake-lock copied to clipboard
verified publisher icon DeterminateSystems

Cannot find private repo while using personal access token

Open cterence opened this issue 1 year ago • 9 comments

Hello, I'm trying to use this action with a personal access token because I have a flake input from a private repo that I fetch over HTTPS. Even though using the same token in a curl yields results and using it in my nix.conf fetches the flake fine as well, passing it to the action returns a 404. I don't understand what I'm doing wrong. It seems like the action does not use the token when fetching the flakes. Can someone help me with this please ?

cterence avatar Oct 07 '24 19:10 cterence

You may be able to get this to work in the meantime by adding it to your nix.conf -- since you're using our nix-installer-action, that should be as simple as adding with: token: ${{ secrets.THE_TOKEN }} to your workflow (of course, in proper YAML).

cole-h avatar Oct 07 '24 20:10 cole-h

Thanks for your suggestion, however I just solved it by adding the token as a nix option. A successful job run ! This might be a good addition to the README if it's the intended way to pass the access token to the nix command.

cterence avatar Oct 07 '24 20:10 cterence

I think we (used to?) support a with: token: argument to this action, but that might have gotten forgotten / lost / broken when we transitioned this to a TypeScript-based action.

cole-h avatar Oct 07 '24 20:10 cole-h

I actually use this option in my workflow. The action probably uses it only for the PR creation and does not pass it to the nix command ?

cterence avatar Oct 07 '24 20:10 cterence

I actually use this option in my workflow. The action probably uses it only for the PR creation and does not pass it to the nix command ?

I'm actually experiencing the same issue; I tried copying your workflow but it still doesn't work... I don't know if there is any difference, but I am using git+ssh instead of git+https.

Are you using a PAT or a classic token?

telometto avatar Dec 10 '24 15:12 telometto

In my case it's a fine-grained token. I precisely had the problem because I was trying to use HTTPS for fetching instead of SSH, so you might have a problem with SSH keys rather than tokens.

cterence avatar Dec 10 '24 16:12 cterence

[...] so you might have a problem with SSH keys rather than tokens.

Thanks for the feedback. I think you're right; how did you get around this?

telometto avatar Dec 10 '24 20:12 telometto

In your workflow, you'll need your job to have access to an SSH key which has the ability to clone your private repo. Something like this : https://github.com/webfactory/ssh-agent.

cterence avatar Dec 11 '24 09:12 cterence

In your workflow, you'll need your job to have access to an SSH key which has the ability to clone your private repo. Something like this : https://github.com/webfactory/ssh-agent.

I managed to find out 😊 I (shamelessly) copied yours and actually added exactly that Action. Again, thanks 💯

telometto avatar Dec 11 '24 09:12 telometto