Can't sync with private repo

[veerendra2]

I want to sync my private repo with other original private repo. I have added secrets to forked repo and ran workflow. But I get struck by below error

0s
Run aormsby/[email protected]
/bin/sh /home/runner/work/_actions/aormsby/Fork-Sync-With-Upstream-action/v2.1/upstream-sync.sh
Git user and email credentials set for action
remote: Repository not found.
fatal: repository 'https://github.com/xxx/xxxxx.git/' not found. <---- I can access this private repo
Error: The process '/bin/sh' failed with exit code 128

From this question --> https://stackoverflow.com/questions/56269686/git-repository-not-found-error-for-private-repository-on-github

I understood, I have to use SSH. So, manually specified ssh url like below

    - name: Pull (Fast-Forward) upstream changes
      id: sync
      uses: aormsby/[email protected]
      with:
        upstream_repository: [email protected]:xxxx/xxxx.git.  <-------
        upstream_branch: "14.0"
        target_branch: "14.0"
        git_pull_args: --ff-only                    # optional arg use, defaults to simple 'pull'
        github_token: ${{ secrets.USER_TOKEN }}   # optional, for accessing repos that require authentication

Got blow error. It is appending HTTP url to exiting one

Run aormsby/[email protected]
/bin/sh /home/runner/work/_actions/aormsby/Fork-Sync-With-Upstream-action/v2.1/upstream-sync.sh
Git user and email credentials set for action
fatal: unable to access 'https://github.com/[email protected]:xxx/xxxxx.git.git/': The requested URL returned error: 400
Error: The process '/bin/sh' failed with exit code 128

My workflow file

on:
  schedule:
    - cron:  '0 7 * * 1,4'
    # scheduled at 07:00 every Monday and Thursday

  workflow_dispatch:  # click the button on Github repo!


jobs:
  sync_with_upstream:
    runs-on: ubuntu-latest
    name: Sync main with upstream latest

    steps:
    # Step 1: run a standard checkout action, provided by github
    - name: Checkout main
      uses: actions/checkout@v2
      with:
        ref: "14.0"
        # submodules: 'recursive'     ### may be needed in your situation

    # Step 2: run this sync action - specify the upstream repo, upstream branch to sync with, and target sync branch
    - name: Pull (Fast-Forward) upstream changes
      id: sync
      uses: aormsby/[email protected]
      with:
        upstream_repository: [email protected]:xx/xxx.git
        upstream_branch: "14.0"
        target_branch: "14.0"
        git_pull_args: --ff-only                    # optional arg use, defaults to simple 'pull'
        github_token: ${{ secrets.USER_TOKEN }}   # optional, for accessing repos that require authentication

    # Step 3: Display a message if 'sync' step had new commits (simple test)
    - name: Check for new commits
      if: steps.sync.outputs.has_new_commits
      run: echo "There were new commits."

    # Step 4: Print a helpful timestamp for your records (not required, just nice)
    - name: Timestamp
      run: date

[bdaley]

I'm having the same error of "Repository not found" when trying to merge a private repo via HTTPS. In an attempt to debug, I've run this action locally, using nektos/act. What's weird is that everything works perfectly when I run this action locally. (I.e., no "Repository not found" error.) As soon as I publish and use the action on GitHub, I get the same error as @veerendra2 (albeit, without using the SSH URL).

FWIW - I'm using the @nektos local runner from here: https://hub.docker.com/r/nektos/act-environments-ubuntu/tags?page=1&ordering=last_updated

As far as I can tell, the only major difference is that the local runner is using Git 2.25.0, while GitHub's runner is using 2.29.2, IIRC. I'm not sure if that's the issue, or whether GitHub's runner is stripping out the TOKEN from the remote/upstream URL.

BTW @veerendra2, I'm not sure your solution to utilize the ssh url will work. I think that this action is only works on HTTPS.

Fork-Sync-With-Upstream-action/upstream-sync.sh

Line 63 in c86999d

UPSTREAM_REPO="https://${GITHUB_ACTOR}:${INPUT_GITHUB_TOKEN}@github.com/${INPUT_UPSTREAM_REPOSITORY}.git"

[aormsby]

@veerendra2 I see a couple of issues here, so let's see if we can drill down to the underlying problem you're having.

First, @bdaley is correct - this action only works with HTTPS right now. This is not your core problem, but I added #17 to note this.

Second, I noticed two problems related to the UPSTREAM_REPO URL @bdaley posted.

• On my end, I use the GITHUB_ACTOR environment variable in the URL, which causes a problem - you will only be able to connect to repositories that the acting user owns (i.e. your own repos). If you're trying to sync with another user's repositories, that would be why it fails. I made GITHUB_ACTOR does not support repos not owned by the action user #18 to work out a quick solution for this.

• On your end, I'm not sure if you're using the entire repo URL in your workflow file (since you only showed the SSH try), but you shouldn't be. The HTTPS link is pre-written in the script and gets populated with key repo info - the user and the repo name. Let's say your remote repo has a full link of https://github.com/aormsby/Advent-Of-Code-2020. Your input would be:

upstream_repository: aormsby/Advent-Of-Code-2020

Using the entire URL would not work (as you've seen).

So between these two issues - using a remote repo you don't own OR having the wrong URL - would fixing either of these solve your problem? Let me know.

(@bdaley - No idea about nektos, sorry. Happy to look at your workflow/action log, though.)

[aormsby]

@veerendra2 Actually, I made a mistake. My code is fine. #18 was not a bug.

So my only idea for you is to check your input variable and make sure you aren't using the full repo link. Let me know if this works.

[tobytes]

I am having the same problem as @veerendra2.

We have access to a private repo from another company with our github account. So on a local machine or a server I can clone / update this repo with
git clone https://<PERSONAL_ACCESS_TOKEN>@github.com/****/****.git

I now stored our PERSONAL_ACCESS_TOKEN in a secret on the workflow repo as ADMIN_TOKEN and added this secret in the configuration together with the private repo:
github_token: ${{ secrets.ADMIN_TOKEN }}
upstream_repository: ****/****

So the upstream repo with my configuration injected should look like this:
UPSTREAM_REPO: "https://${GITHUB_ACTOR}:<PERSONAL_ACCESS_TOKEN>@github.com/****/****.git"

So this should work at first glance, but I do not know what GITHUB_ACTOR does and if it could cause problems.

I am also getting:
fatal: repository 'https://github.com/xxxx/xxxx.git/' not found.

[aormsby]

GITHUB_ACTOR is an Action environment variable that substitutes in your username, basically. So if I ran an action from one of my repos, the link would show up as https://aormsby:<PAT>@github.......

Github docs:

GITHUB_ACTOR | The name of the person or app that initiated the workflow. For example, octocat.

I can't think of any reason why this would suddenly stop working, though. I'll continue to look into it. And let me know what release versions you're all using, please.

---

In the meantime, please try latest - v2.3

There was a mixup with the user/email config data before around the same time this all started. I don't see why that would cause this issue, but who knows at this point?

[bdaley]

Thanks, @aormsby! 

The repo that I was trying to merge from was not my own, but I do have collaborator access to it. FWIW - I was using v2.2 when I ran into this issue, but I'll give 2.3 a try and report back.

[tobytes]

Thank you for the explanation @aormsby.

i tried it with version 2.3 as I was using version 2.2 before too.
Sadly I still get the same error.

[aormsby]

@tobytes Okay, good to know. I'm working on setting up a new test case, but I may not have much time for it until next weekend. I'll update when I can.

[tobytes]

@aormsby Any news regarding this issue?
I forked your repo and tried to find a solution myself, but so far without a result.
Manually on my lokal machine the process with adding the remote works fine, and the "actions/checkout@v2" action can handle the private repo too, so it should not be an access problem.

[aormsby]

Hi everyone, I've been too busy with my current work to sit down with this recently. I apologize for the delay on my end, and I want to thank you for trying things out on your end. I have some notes from previous work on another computer that I'll post here later. Perhaps they will further the conversation in the meantime. Thanks for your patience.

[king-11]

@aormsby any further updates on this am also facing the issue where I have contributor access to a private repo and I have to update the fork with original upstream. The error am getting is

/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +refs/heads/master*:refs/remotes/origin/master* +refs/tags/master*:refs/tags/master*
Error: The process '/usr/bin/git' failed with exit code 1

[Sow1995]

I had a problem with this as well. But got it fixed after adding my pat token to the checkout.

It seems the problem is not with this action, but how you checkout the repository.

- name: Checkout main
   uses: actions/checkout@v2
   with:
     token: <YOUR_PAT_TOKEN>

[aormsby]

Yes, I do think authentication during the checkout process is key to this action working as expected, and I plan on adding something about that in the readme in coming updates. v2 is also missing much needed tests to verify repo connections and authenticated access, which is something I'm working on for v3. Hopefully, that will help deal with config issues in a more straightforward way. Will update when something is ready, should be pretty soon.

[aormsby]

I have a solution!

So - the problem with accessing a private upstream repository is actually not the upstream access token. That should be working fine. What I found out during my v3 update is that when the first step checkout action has persist-credentials: true (which is the default), the action runner attempts to access your upstream repo with the stored key from the checkout. Even if we add the token to the URL (which we do), trying to use the stored token immediately fails.

What you have to do is set persist-credentials: false in the checkout action and then store the target repo token in an input variable as {{ secrets.GITHUB_TOKEN }} so the sync action has both tokens available at the appropriate times. More details in the new wiki.

As of right now, v2 actually doesn't support this. But v3 does! I recommend trying v3 available in PR #31 and letting me know if the private repos work for you. (In fact, try test mode!) I will also add this change to v2 since it's pretty crucial to the whole private sync.

[aormsby]

Input changed and readme updated in v2.4 and v3.0