3

I'd like to pip install a library from a private GitHub repository in a GitHub Actions job. I can install it on my computer just fine because I've configured GitHub to accept the SSH key. But how do I give an SSH key to a GitHub Actions runner?

On my computer, this works fine:

python -m pip install "git+ssh://git@github.com/ORG/LIBRARY.git@main#egg=SOMETHING&subdirectory=SOMETHING"
Collecting LIBRARY
  Cloning ssh://****@github.com/ORG/LIBRARY.git (to revision main) to /tmp/pip-install-_kw52ce5/LIBRARY_35c4fb5cf6a64e30914beaec4a768bd1
  Installing build dependencies ... done
...
Successfully built LIBRARY-0.1.1

I changed the name of the library, organization, and directories for privacy. Documentation for pip installations from GitHub repos are here.

I have tried this guide with this GitHub action with no luck. In GitHub Actions, I get this error message:

Step 15/20 : RUN pip install -r requirements.txt
 ---> Running in 5ece3eb6572e
  Collecting LIBRARY@ git+ssh://git@github.com/ORG/LIBRARY.git@main#egg=SOMETHING&subdirectory=SOMETHING
  Cloning ssh://****@github.com/ORG/LIBRARY.git (to revision main) to /tmp/pip-install-ohx86p2h/LIBRARY_2972ab1296ce45afa73bbb3c5a036bd1
  Running command git clone -q 'ssh://****@github.com/ORG/LIBRARY.git' /tmp/pip-install-ohx86p2h/LIBRARY_2972ab1296ce45afa73bbb3c5a036bd1
  Host key verification failed.
  fatal: Could not read from remote repository.

  Please make sure you have the correct access rights
  and the repository exists.

How do I give an SSH key to a GitHub Actions runner?

phd
  • 82,685
  • 13
  • 120
  • 165
Matthew Trotter
  • 74
  • 1
  • 4
  • Not a complete solution but if you have your public SSH key for your runner (on a specified user account), did you look into adding it to your SSH key for your GitHub account? – astrochun Jul 22 '21 at 15:17
  • Yeah I made the public SSH key a deploy key on the repository I'm trying to `pip install` from. – Matthew Trotter Jul 22 '21 at 15:27
  • https://stackoverflow.com/search?q=%5Bssh%5D+Host+key+verification+failed – phd Jul 22 '21 at 19:48

1 Answers1

3

I think the "Host key verification failed" points to an issue with the ~/.ssh/known_hosts file. Typically, the first time you connect to a host via ssh you are prompted with something similar to:

The authenticity of host 'domain.com (a.b.c.d)' can't be established.
RSA key fingerprint is XX:XX:...:XX.
Are you sure you want to continue connecting (yes/no)?

When you answer yes, the host key is automatically added to the known_hosts file. You can manually add the host key to the known_hosts file of the user that is running your Github Actions:

  1. Get the host key directly from a github admin or once logged into github.com (more secure - highly suggest).
  2. use ssh-keyscan -H github.com >> ~/.ssh/known_hosts
j_b
  • 1,975
  • 3
  • 8
  • 14