[master] submodule issue about https and user

[kwladyka]

    - name: checkout
      uses: actions/checkout@master
      with:
        submodules: recursive
        fetch-depth: 1
        token: ${{ secrets.OWNER_PAT }}

[submodule "themes"]
	path = themes
	url = https://[email protected]/owner/repo.git

The point is the user has to be added in https url, because of the error:

##[error]fatal: could not read Username for 'https://github.com': terminal prompts disabled
##[error]fatal: clone of 'https://github.com/owner/repo.git' into submodule path '/foo/themes' failed

But when add URL with a owner@ and other user (not an owner) will want to do git submodule update, then he will be prompted about owner password.

So using current method of authorisation with token for user which is set in submodule HTTPS URL is not functional.

How to solve it? Deploy key? Let set also user as parameter in action?

Just discovered it works on actions/checkout@v1. But issue still valid for @master and generally worth to implement deploy keys.

[thboop]

Related to #60

As a general rule, we would recommend you bind to the major tag (@v1), otherwise you run the risk of your workflows breaking as we make changes.

We are looking into this issue.

[zivkaziv]

Hey,
I'm trying to checkout different private repository using the following configuration

  - name: Checkout server
        uses: actions/checkout@v1
        with:
          repository: <account>/<repo>
          ref: refs/heads/master
          token: ${{ secrets.GitHub_PAT }}

And I'm getting this error too

##[error]fatal: could not read Username for 'https://github.com': terminal prompts disabled

Is it relted too?
Please help...

[kwladyka]

@zivkaziv I guess changing url from https to ssh link to repo should help in your case. But yes, it is related.

[zivkaziv]

Thank you for the quick answer..
Do you mean running something like this?
run: echo -e '[url "[email protected]:"]\n insteadOf = "https://github.com/[email protected]:"' >> ~/.gitconfig

[kwladyka]

I think git remote set-url origin [email protected]:user/repo.git. Oh but in github actions it can not work. You can always use https://[email protected]/user/repo.git to set an user.

[zivkaziv]

Sorry for being so junior:)
Is it instead of uses: actions/checkout@v1?

[kwladyka]

Do you have this issue on uses: actions/checkout@v1?
It is not instead.

Generally with https://github.com/user/repo.git there is no username info.
With https://[email protected]/user/repo.git it is username. Also with [email protected]:user/repo.git.

In my case the solution was actions/checkout@v1 with https://github.com/user/repo.git instead of actions/checkout@master. But I was solving submodules issue.

[zivkaziv]

So do you mean to set the step something like this?

  - name: Checkout server
        uses: actions/checkout@v1
        with:
          repository: https://[email protected]/user/repo.git
          ref: refs/heads/master
          token: ${{ secrets.GitHub_PAT }}

And yes. actions/checkout@v1 didn't solve it in my case

[kwladyka]

yes, or [email protected]:user/repo.git. I didn't try your case. One of this should work.

[zivkaziv]

Well.. Unfortunately it didn't work.. It seems that I have to use SSH for it

[thboop]

@zivkaziv, I've been trying to reproduce your issue but have been unable to do so. Could you please try the following:

- uses: actions/checkout@v1
  with:
    repository: myAccount/myRepository  #For example thboop/test-repo
    ref: refs/heads/master
    token: ${{ secrets.GitHub_PAT }} 

and make sure you have the secret GitHub_PAT set in your secrets and ensure it has the correct reading permissions

[zivkaziv]

Thank you @thboop for your response.
I modify my mail.yml to have only one step (like you wrote).
In My GitHub_PAT I signed all the scopes.
But still getting this error

##[error]fatal: could not read Username for 'https://github.com': terminal prompts disabled
##[warning]Git fetch failed with exit code 128, back off 4.193 seconds before retry.

Do I need to modify something on the private repository\organization in order to support it?

[thboop]

Thank you @thboop for your response.
I modify my mail.yml to have only one step (like you wrote).
In My GitHub_PAT I signed all the scopes.
But still getting this error

##[error]fatal: could not read Username for 'https://github.com': terminal prompts disabled
##[warning]Git fetch failed with exit code 128, back off 4.193 seconds before retry.

Do I need to modify something on the private repository\organization in order to support it?

Hey @zivkaziv, you need add your pat as a secret named GitHub_PAT under settings on the repository in the secrets tab. You may need elevated permissions on the repo to access settings and the secrets tab. There are instructions on how to set a secret here