如何在github动作中使用私人子模块的私人仓库Git克隆？

发布于 2025-02-09 08:05:59 字数 947 浏览 0 评论 0原文

我的组织（或用户）内有两个私人GitHub存储库。其中一个包含另一个作为子模块。如何用包含的子模块克隆其他私人存储库？

但是，我尝试了

- uses: actions/checkout@v3
  with:
    submodules: true

这件在子模块部分上的错误消息失败，我应该添加一些权限还是其他权限？

Fetching submodules
  /usr/bin/git submodule sync
  /usr/bin/git -c protocol.version=2 submodule update --init --force --depth=1
  Submodule '.github/workflows/MYPROJECT1' (https://github.com/MYUSER/MYPROJECT1.git) registered for path '.github/workflows/MYPROJECT1'
  Cloning into '/home/runner/work/MYPROJECT2/MYPROJECT2/.github/workflows/MYPROJECT1'...
  remote: Repository not found.
  Error: fatal: repository 'https://github.com/MYUSER/MYPROJECT1.git/' not found
  Error: fatal: clone of 'https://github.com/MYUSER/MYPROJECT1.git' into submodule path '/home/runner/work/MYPROJECT2/MYPROJECT2/.github/workflows/MYPROJECT1' failed
  Failed to clone '.github/workflows/MYPROJECT1'. Retry scheduled
  ... more errors

原文

I have two private GitHub repositories within my organisation (or my user). One of them contains the other as a submodule. How can I clone this other private repository with its containing submodule?

I tried

- uses: actions/checkout@v3
  with:
    submodules: true

However this failed with an error message on the submodule part, is there some permission I should add or other?

Fetching submodules
  /usr/bin/git submodule sync
  /usr/bin/git -c protocol.version=2 submodule update --init --force --depth=1
  Submodule '.github/workflows/MYPROJECT1' (https://github.com/MYUSER/MYPROJECT1.git) registered for path '.github/workflows/MYPROJECT1'
  Cloning into '/home/runner/work/MYPROJECT2/MYPROJECT2/.github/workflows/MYPROJECT1'...
  remote: Repository not found.
  Error: fatal: repository 'https://github.com/MYUSER/MYPROJECT1.git/' not found
  Error: fatal: clone of 'https://github.com/MYUSER/MYPROJECT1.git' into submodule path '/home/runner/work/MYPROJECT2/MYPROJECT2/.github/workflows/MYPROJECT1' failed
  Failed to clone '.github/workflows/MYPROJECT1'. Retry scheduled
  ... more errors

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

雨后咖啡店 2025-02-16 08:05:59

您可以尝试使用SSH URL。

第116页“私人子模型结帐失败”选择：

当您要保持URL存储库的灵活性并仍使用带有部署密钥的GitHub操作以访问私有子模型时，此解决方案可以使用：

  - name: Checkout
    uses: actions/checkout@v3

  - name: Clone Submodule
    run: |
        mkdir -p $HOME/.ssh
        echo '${{ secrets.SUBMODULE_REPO_DEPLOY_KEY }}' > $HOME/.ssh/ssh.key
        chmod 600 $HOME/.ssh/ssh.key
        export GIT_SSH_COMMAND="ssh -i $HOME/.ssh/ssh.key"
        git submodule set-url <path-to-submodule> [email protected]:<organization/submodule>.git
        git submodule update --init --recursive
        git submodule set-url <path-to-submodule> https://github.com/<organization/submodule>.git
        unset GIT_SSH_COMMAND

第287期（“支持私人存储库和私有子模块”）还包括：

您可以使用 web-factory/ssh-agent Action> Action < /a>为多个子模块存储库提供单独的部署键：
  ...
       步骤：
          - 用途：Action/Checkout@V3

          - 名称：为子模块存储库中添加SSH私钥
           用途：webfactory/
           和：
             ssh-Provate-key：|
               $ {{{secrets.ssh_private_key_key_submodule_1}}}
               $ {{{secrets.ssh_private_key_key_submodule_2}}}

          - 运行：git suppodule Update -Init -init-回复 - 记录
   ...
 
这对我有用，除了- 远程正在使其结帐不正确的ref（master suppodule，而不是引用的提交）。
只是做git suppodule update - init - recursive让我获得了所需的行为

，而这个评论确认 ssh-agent方法。

前面提到的第116期也包括：

这对我有用。在检查了主要存储库后，我的管道运行此操作以检查任何子模块。有点骇客，但对我有用。
   - 名称：结帐库
        用途：action/
        和：
          持久性：false

 - 名称：结帐supodule
        运行：|
          git subsodule同步 - 恢复
          git -c stoloption.version = 2个子模块更新-Init -force -depth = 1-回复
 

You can try and use an SSH URL instead.

The issue 116 "private submodule checkout fails" now (July 2022) illustrates that as an alternative:

This solution works when you want to keep flexibility of URL repos and still use GitHub Actions with Deploy Keys to access private submodules:

  - name: Checkout
    uses: actions/checkout@v3

  - name: Clone Submodule
    run: |
        mkdir -p $HOME/.ssh
        echo '${{ secrets.SUBMODULE_REPO_DEPLOY_KEY }}' > $HOME/.ssh/ssh.key
        chmod 600 $HOME/.ssh/ssh.key
        export GIT_SSH_COMMAND="ssh -i $HOME/.ssh/ssh.key"
        git submodule set-url <path-to-submodule> [email protected]:<organization/submodule>.git
        git submodule update --init --recursive
        git submodule set-url <path-to-submodule> https://github.com/<organization/submodule>.git
        unset GIT_SSH_COMMAND

Issue 287 ("Support private repositories and private submodule") also includes:

You can use webfactory/ssh-agent action to provide individual deploy keys for multiple submodule repositories like so:
   ...
       steps:
         - uses: actions/checkout@v3

         - name: Add SSH private keys for submodule repositories
           uses: webfactory/[email protected]
           with:
             ssh-private-key: |
               ${{ secrets.SSH_PRIVATE_KEY_SUBMODULE_1 }}
               ${{ secrets.SSH_PRIVATE_KEY_SUBMODULE_2 }}

         - run: git submodule update --init --recursive --remote
   ...
This worked for me, except that --remote was causing it to checkout the incorrect ref (master of the submodule, not the referenced commit).
Just doing git submodule update --init --recursive got me the desired behavior

And this comment confirms the ssh-agent approach.

The previously mentioned issue 116 also includes:

This worked for me. After checking out the main repository, my pipeline runs this action to checkout any submodules. It's a little bit hacky, but it has worked for me.
- name: Checkout the repo
        uses: actions/[email protected]
        with:
          persist-credentials: false

- name: Checkout submodule
        run: |
          git submodule sync --recursive
          git -c protocol.version=2 submodule update --init --force --depth=1 --recursive

回复收藏 0 原文

长梦不多时 2025-02-16 08:05:59

这是使用GitHub Pats对我有用的两种方法。私人存储库和私有子模块被克隆。参数是从GHA或K8S Secrets Store中提取的。

github操作步骤

- name: Checkout Repository
  uses: actions/checkout@v4
  with:
    submodules: true
    token: ${{ secrets.READ_ONLY_PAT }}

argo工作流程步骤，但脚本通常适用：

container:
  image: alpine/git
  command: ["/bin/sh", "-c"]
  args:
  - |
    echo "Setting up URL substitution..."
    && git config --global url.https://{{inputs.parameters.github-username}}:${READ_ONLY_PAT}@github.com/.insteadOf https://github.com/
    && echo "Configured URL substitution:" 
    && git config --get-regexp 'url.*.insteadOf' 
    && echo "Cloning repository..."
    && git clone --recurse-submodules https://github.com/{{inputs.parameters.org-name}}/{{inputs.parameters.private-repo-name}}.git /workspace/repo 
    && cd /workspace/repo && git status && ls 
  env:
  - name: READ_ONLY_PAT
    valueFrom:
      secretKeyRef:
        name: github-secret-{{inputs.parameters.github-username}}
        key: READ_ONLY_PAT

Here are 2 approaches that worked for me using Github PATs. The private repo and private submodule(s) are cloned. Parameters are pulled from either GHA or K8s secrets store.

Github Actions step

- name: Checkout Repository
  uses: actions/checkout@v4
  with:
    submodules: true
    token: ${{ secrets.READ_ONLY_PAT }}

Argo Workflows step, but the script should be generally applicable:

container:
  image: alpine/git
  command: ["/bin/sh", "-c"]
  args:
  - |
    echo "Setting up URL substitution..."
    && git config --global url.https://{{inputs.parameters.github-username}}:${READ_ONLY_PAT}@github.com/.insteadOf https://github.com/
    && echo "Configured URL substitution:" 
    && git config --get-regexp 'url.*.insteadOf' 
    && echo "Cloning repository..."
    && git clone --recurse-submodules https://github.com/{{inputs.parameters.org-name}}/{{inputs.parameters.private-repo-name}}.git /workspace/repo 
    && cd /workspace/repo && git status && ls 
  env:
  - name: READ_ONLY_PAT
    valueFrom:
      secretKeyRef:
        name: github-secret-{{inputs.parameters.github-username}}
        key: READ_ONLY_PAT

回复收藏 0 原文

~没有更多了~