Using github auth token within build to check out another private repo

I have a setup where the build process for a repo pulls in a separate private repo in the same organization. The setup doesn’t really lend itself to a submodule (it’s a very opinionated drupal build process). I don’t need circleci to build that repo, just check it out.

It seems like the only way to do this right now is to add github credentials to the build as environment secrets. Is there a better way I’m missing?

1 Like

…the answer is adding a user key, isn’t it?

The simplest option is to add a user key, yes.

Another option is to create a machine user with access only to the repos you need and add its user key to the build.

One more option would be to generate a deploy key for this other project on GitHub and then add it to CircleCI on the SSH permissions tab in your project’s settings.

Please let me know if any of those options works for you.

1 Like

One more option would be to generate a deploy key for this other project on GitHub and then add it to CircleCI on the SSH permissions tab in your project’s settings.

I’m trying this solution with a NodeJS application, but npm install fails if I add the key but leave the hostname blank, just as if I had never added a key.

If I add the key under ‘SSH Permissions’ with a hostname of ‘github.com’, the initial project checkout fails.

You can’t add the same public deploy key to multiple projects on GitHub, so its impossible to get the main project and the dependency both using the same key.

Is there a workaround, short of a user or machine account?

Sorry for the confusion here. You are right: adding the deploy key, which does not have access to the repo tied to the current project, will result in a checkout error.

The only solution I can think of is, as you said, to add a user key, generated with a machine account.

I am very sorry for the inconvenience.

Yup, I used a machine account user key, and that worked. Its a bit of a pain (mostly with juggling the browser sessions) but it works. I feel a bit lousy about it because it creates extra accounts on both GH and CircleCI, but I guess that doesn’t matter.

I definitely agree that this is not the best solution. We will figure out a better way.

Any resolution to this?

@huhlig For now this is still the solution we suggest. I am very sorry for the inconvenience.

I am using bitbucket with chain of private repositories. I’ve created machine user as described (added private key to circleCi and public to bitbucket user account) but it cannot make git clone on another private repository even if machine user can build it itself. Can you help me? @alexey

I am an collaborator to one organization and I’m not able to add the private repository
please give me any suggestions .

I am in the same boat as brs. Was this resolved?