Problem with action/chekout another private repo, PAT not working #26195
-
Hi, I’ve a job in repo_a which also needs a checkout of repo_b. Both are private repositories within the same organization (call it “the_org”). I followed allt the guides: https://github.com/actions/checkout#Checkout-multiple-repos-private and there’s also https://github.community/t5/GitHub-Actions/Best-way-to-clone-a-private-repo-during-script-run-of-private/m-p/20221 but none of this works. This is the job definition:
I made double sure that the secret is there, that it’s named correctly, etc. I always end up with this error
I tried the PAT locally and it worked, though indeed locally I was asked interactively for a username; I entered mine and the PAT was accepted a the password. Is there something I’m missing? thanks,
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
Hi @mfn , Your sample code works fine on my side, it can checkout repo_b without any problem. I can reproduce your error if i delete the secrets in repo_a. Hence, please check the secrets setting for repo_a, confirm secrets with correct PAT is created, and there’s not any typo, or you can create a new PAT and set it as secrets for testing. Thanks. |
Beta Was this translation helpful? Give feedback.
-
You’re absolutely right, it works as documented / expected. I’m officially an idiot because I was pre-testing stuff on separate repos first and simply added the secret to the wrong repository 💥 Curious question: I did try out the PAT on git cli locally to confirm it works. I was asked for a username there and the PAT instead of my password, it worked. A github checkout action doesn’t have my “username”, why does it work there? Or: why is the username for a PAT not required? Or why is required for the https endpoint? :slight_smile: Thanks! |
Beta Was this translation helpful? Give feedback.
-
The config option ‘actions/checkout’ use is the .extraheader property which directly adds the auth header to the http requests in git and that is very likely what is being using to authenticate even if the action the user is trying to use specifies a PAT in the URL. That’s why user name is not needed. Thanks. |
Beta Was this translation helpful? Give feedback.
Hi @mfn ,
Your sample code works fine on my side, it can checkout repo_b without any problem.
I can reproduce your error if i delete the secrets in repo_a.
Hence, please check the secrets setting for repo_a, confirm secrets with correct PAT is created, and there’s not any typo, or you can create a new PAT and set it as secrets for testing.
Thanks.