We are considering storing the testing suites in a private repo as a way of preventing users from simply accessing the code directly and thus evading any requirement to actually develop their own code.
Job 1 in implementing that approach is being able to access a (separate/different) private repo from a GitHub Action. The key elements of the GitHub Action required are as follows:
jobs:
build:
# ...other stuff here...
steps:
- name: Access contents of private repo # You can call this whatever you want
uses: actions/checkout@v2 # This refers to the GitHub Action. Nothing to do with your target repo
with:
repository: TSSlade/autograder_secrets # This is your target repo. Uses `orgname/reponame` format
token: ${{ secrets.w241_autograder }} # This is your PAT (personal access token). Uses `secrets.your-PAT-name-here` format
The critical piece which is not self-evident or easily Google-able (but I found β here β) is that you need to specifically add your PAT to the source repo of the GitHub Action. (This StackOverflow respondent apparently had a similarly mystifying experience.) π‘
Once you've created your PAT (and saved it elsewhere, please!!), you add it to your repo like so:
- Go to your repo's
Settings
tab - Select the
Secrets
option in the left navbar - Select the
New repository secret
button in the top-right corner - Add in the name you're going to enter in that
${{ secrets.your-PAT-name-here }}
line in the YAML file, then paste the token itself into the next field
Docs consulted along the way:
- GitHub Actions Docs: Creating a Personal Access Token ππ»
- GitHub Actions Docs: Authentication in a Workflow ππ»
- GitHub Actions Docs: Quickstart
- GitHub Actions issues: possible to checkout or clone another repo?
- GitHub Actions issues: retrieving the default branch name failed
The key issue in getting this working is figuring out the proper location of the various component files and how to set the relative paths. This community post (Path to Action in the same repository as workflow) was the one that finally got everything clicking. The final arrangement looks something like this:
βββ .github
βΒ Β βββ actions # Separating actions (components) from workflows makes sense
βΒ Β βΒ Β βββ Dockerfile # Pulls the image from Dockerhub, copies in and executes the entrypoint.sh
βΒ Β βΒ Β βββ action.yml # Defines inputs, outputs; -runs/image- has to resolve as a proper path
βΒ Β βΒ Β βββ entrypoint.sh # Does stuff. This is specific to our GitHub Action, not to Actions in general
βΒ Β βββ workflows # This is where we store the YML files that link up the actions we store above
βΒ Β βββ ...elided...
βΒ Β βββ main.yml # This is the one we care about. --uses-- paths are either relative to GitHub public repos OR to your project root
βββ README.md
...elided for parsimony...
The action.yml file has been cleaned up now, but see the below commits on the greetings
branch for the errors generated by various permutations of the addresses/paths if you wish to reconstruct how we traced our way to this result.
2c69415 HEAD@{1}: commit: Updated paths, moved Dockerfile local to action.yml
9eee5ae HEAD@{2}: commit: Placed action in subfolder, updated paths
96cf275 HEAD@{3}: commit: Backing out the folder hierarchy
b50cdea HEAD@{4}: commit: Systematically testing addresses
51eee84 HEAD@{5}: commit: Consolidated yml files, updated address
b8c0755 HEAD@{6}: commit: Updated address of -uses-
da46f94 HEAD@{7}: commit: Updated repo name and Dockerfile pointer
c0b2e1c HEAD@{8}: commit: Updated to point to action file
b870579 HEAD@{9}: commit: Moved workflow to workflows
c731f1d HEAD@{10}: commit: Triggering a change...
There was also an issue with making sure the shebang
on the entrypoint.sh
hadn't been displaced out of the first-line position
by my comments giving credit to original sources. (Don't trample over conventions, kids.) Realized and resolved that via this StackOverflow answer: standard_init_linux.go:211: exec user process caused βexec format errorβ
The default / MWE version used an ENTRYPOINT
value of entrypoint.sh
. After significant painful trial and error, I think I've settled on the following:
- Verify you've made your
ENTRYPOINT
script executable (i.e.,$ chmod +x the-file-name-here.sh
) - You cannot execute that on the file until the file is within the Docker volume you're creating.
- This means that your
COPY src-file-here /target-file-here
line in the Dockerfile needs to precede your$ chmod +x
command. - It also appears that the
src-file-here
is living in a sort of no-man's land - your$ chmod +x
can only act upon it once it has been moved into the scope of the volume (i.e., pay attention to the leading/
in/target-file-here
.)
Multiline strings in YAML syntax are π bananas π: How do I break a string in YAML over multiple lines?