Checkout private dependency from github using pip and a deploy key


#1

We have an application that uses pip to download a package from a private github repo. Naturally, we added the deploy key of that repo to the main application.

The problem is that when we did that, the next build couldn’t checkout the application. It seems that Circle is using the second key we added (deploy key of the package repo) instead of the first (deploy key of the application repo).

If we add the package deploy key, but don’t specify the host, Circle is able to checkout the application, but not to download the package.

The only way I found to fix this was to add my own checkout key. This way, Circle was able to both checkout the application and to download the package. But, as you can imagine, this is far from ideal.

Can someone help us setup this?


#2

Hello @denislins,

As an alternative, how about adding the private repo key as an environment variable?

This should keep things separated nicely as you desire.


#3