I think it would be great to update our README to showcase how to use a GitHub Action from another private repository.
As of actions/checkout@v2-beta, it is possible to checkout a different private repository:
https://github.com/actions/checkout#checkout-a-different-private-repository
If the just-cloned private repository is a Docker container action containing a Dockerfile, action metadata file, and entrypoint, it's possible to run it since uses syntax supports citing actions in the same repository as the workflow:
https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#example-using-action-in-the-same-repository-as-the-workflow
Example:
name: CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2-beta
with:
# Private version of https://github.com/actions/hello-world-docker-action
repository: USER/private-hello-world-docker-action
ref: refs/tags/v1
token: ${{ secrets.GitHub_PAT }} # `GitHub_PAT` is a secret that contains your PAT to clone that private repo
- name: Run the private action
uses: ./
with:
who-to-greet: "Mona the Octocat"
If the team is open to getting this documented, I'm happy to cut a PR. :v:
@chrispat for thoughts.
This is very interesting.
Would this page on help.github.com would be a better place to document the product scenario? This repo is just about the checkout action.
Do we have an ETA for first class support for private-actions?
Although the proposal does enable the scenario, I also wonder how prominently should we advertise this two-step workaround as a solution?
It makes me wonder whether a good first class solution would be to token as a sibiling to uses. For example:
- uses: USER/private-hello-world-docker-action@v1
token: ${{ secrets.GitHub_PAT }}
...on the other hand i also worry about extra concept of token at that level. What is the correct long term solution? Scopes on the job token? Or something else?
That is a side effect but also something that could be accomplished before this update. I don't think it really belongs in this repo. Perhaps we can look at a location in the help docs or perhaps a community post on this work around.
Eric, Chris: thanks for your feedback! I'll noodle on this a bit more and talk with our colleagues internally to see where we can field this workaround. Cheers!
Thanks for the documentation!
Are there any concrete plans to support private actions natively in GH Actions?
same here, looking for native support for private actions, to be able to share the action in the organization for better reusability.
Hi @francisfuzz, what is your decision on how/where to address the workaround using checkout to enable GitHub Action from another private repository?
There has been an ongoing discussion in the community about this concern.
https://github.community/t/github-action-action-in-private-repository/16063/28?u=haokanga
@haokanga - Hello! Thanks for raising the question here. I opened an internal issue for our documentation team to review, though I can't speak to when GitHub Help will be updated with those instructions.
As far as looking for native support for running GitHub Actions in other private repositories, I'm personally not able to speak to that. The best way to surface any support for that feature would be to our product team via this form:
https://support.github.com/contact/feedback
Sorry I couldn't be of more help here, though I do hope the approach posed here and in that thread are beneficial in the meantime!
Thanks for the documentation @francisfuzz , i've been trying to figure out the best way to go about this and this seems like a solid solution. I like how github actions makes ci flows nice and composable, but the lack of support for abstraction into private repos is a real flaw at the moment when managing multiple codebases.
This feature has been added to the roadmap https://github.com/github/roadmap/issues/74
and has also removed from the Q1-2021 milestone :(
yup and not even Q2 or Q3. that's really a bold move to postpone so far in the future after being planned for months :'(
Most helpful comment
Thanks for the documentation!
Are there any concrete plans to support private actions natively in GH Actions?