0

I have two repos A and B in the same organization on our self-hosted Github enterprise instance. Repo B is a dependency for the code in repo A, so I want to create a workflow in repo A, where both repos are checked out.

Here is the workflow I tried so far:

  • create a SSH-key with git-bash:
    1. ssh-keygen -t ed25519 -C "myemail@company.com"
    2. no passphrase
    3. This creates two files one .pub for the public key and one for the private key
  • In Repo B go to Settings->deploy keys->add deploy key and copy the contents of the public key as the value- In Repo A go to Settings->Secrets and variables->Actions->New Repository Secret and copy the content of the private key as value
  • Test the following workflow yaml
name: My Workflow

on:
  workflow_dispatch:

jobs:
  build-and-push-image:
    name: test
    runs-on: [ self-hosted, fast]

    steps:
      - name: Check out repo A
        uses: actions/checkout@v3
        with:
          path: path_to_A

      - name: Check out repo A
        uses: actions/checkout@v3
        with:
          repository: myorg/b
          path: path_to_B
          ssh-key: ${{ secrets.PRIVATE_KEY_B }}

      - name: debug # just to debug
        run: find .

Unfortunately this does not work and I get the following errors:

No ECDSA host key is known for github.company.com and you have requested strict checking. Host key verification failed. Error: fatal: Could not read from remote repository.

I am not sure what the issue is here. I have also already tried to set the private key for the ssh agent as described here, but also without success. Any pointers would be much appreciated!

Edit Just to add some information, the error only appears while checking out repo B. Checkout for repo A works flawlessly. I am actually not sure, why there should be different access rights between the two repos.

Roland Deschain
  • 2,211
  • 19
  • 50
  • Did you try using a `PAT` instead of the `ssh-key`? (I agree it should work for both, but this is just to check, as the action README gives an example with a PAT [here](https://github.com/actions/checkout#checkout-multiple-repos-private)). – GuiFalourd Jun 12 '23 at 13:21
  • 1
    @GuiFalourd I did not so far, but honestly I don't want to use a PAT, since the new ones (which can be restricted to a single repo) are not available in our Enterprise version and the classic one would allow access to all of the repos and organizations I have access to. – Roland Deschain Jun 12 '23 at 13:25
  • 1
    I might however test out a PAT just to know if it would work. – Roland Deschain Jun 12 '23 at 13:26
  • @GuiFalourd I finally got around to test with a PAT and this works nicely. As mentioned I would really like to avoid using a PAT – Roland Deschain Jun 19 '23 at 11:23
  • Nice! I would suggest opening an ISSUE to the repository `actions/checkout` explaining what you want to achieve, because it doesn't seem to me that this is currently supported for ssh-key. Only for PAT. – GuiFalourd Jun 19 '23 at 11:31
  • 1
    Already done :) – Roland Deschain Jun 19 '23 at 12:14
  • Just saw it [here](https://github.com/actions/checkout/issues/1382) :D – GuiFalourd Jun 19 '23 at 12:15

0 Answers0