With GitHub, it’s easy to create Actions and use them in GitHub Workflow as long as they are accessible from a public repository. This blog post shows you how to use Actions from a private repository.
The problem
Reusing Workflows is working out of the box with GitHub Actions. But using Actions from private repositories is not possible. When you want to use an Action in a private Repo you can do the following:
The solution
We are making use of the Action described in the previous blogpost. We are going to use the Action described there and add another. We are going to make use of the following 2 Actions:
tibdex/github-app-token to get a token
actions/checkout. To check out the private repo using the token. Make sure to configure a path. Otherwise, you are checking out the other repo and removing sources of the current repo.
Prerequisites
- You need a GitHub App configured like described in the previous blogpost.
- Also, add the needed secrets to this repository. (Preferably by Organizational secrets)
In this example the secrets TECHDRIVEN_APP_CLIENTID and TECHDRIVEN_APP_SECRET
The working example
Create a workflow like this:
name: Use Private Action Workflow
on:
workflow_dispatch:
permissions:
id-token: write
contents: read
pull-requests: write
jobs:
demo:
runs-on: ubuntu-latest
environment: dev
steps:
- name: Checkout
uses: actions/checkout@v3
- name: "Get Application Token"
id: get_app_token
uses: tibdex/github-app-token@v1
with:
app_id: ${{ secrets.TECHDRIVEN_APP_CLIENTID }}
private_key: ${{ secrets.TECHDRIVEN_APP_SECRET }}
- name: Checkout Actions
uses: actions/checkout@v3
with:
repository: techdrivennl/blogpost-actions-central
token: ${{ steps.get_app_token.outputs.token }}
path: blogpost-actions-central
ref: main
# Here we use the private Action
- name: Echo
uses: ./blogpost-actions-central/.github/actions/echo
with:
text: "Hello World!"We are using the Action in the other private repo that looks like this:
name: "Echo some text"
description: "Really important Action so we can echo some text"
inputs:
text:
description: 'text to echo'
required: true
runs:
using: "composite"
steps:
- name: Echo
id: echo
shell: bash
run: |
echo ${{ inputs.text }}
Conclusion
Since we are able to use a GitHub app in the previous blog post, we can use it to access anything in a private repo. Also Private Actions.
The source can be found in the following 2 repositories: (which are both public, but otherwise, you would not be able to see the workings :-))
https://github.com/techdrivennl/blogpost-actions-project
https://github.com/techdrivennl/blogpost-actions-central
Pascal Naber 