Feature Request - Support for syncing actions from private repos about actions-sync HOT 8 CLOSED

actions-sync sync --cache-dir . --destination-token "${{ secrets.GHE_TOKEN }}" --destination-url "${{ secrets.GHE_HOST}}" --source-url "https://${{ secrets.GH_USER }}:${{ secrets.GH_PAT }}@github.com" --repo-name-list-file ./repo_name_list.txt

Well... it turns out that i had some escaping problem with source-url, using single quotes instead of double quotes resolved the problem.

Thanks for your time and support, pretty sure this issue can be closed!

from actions-sync.

I'm also having this problem!
Pretty sure that adding --source-token and --source-user flags should resolve this problem

from actions-sync.

I believe this capability is already supported (albeit undocumented). For example the following worked for me when I tried to pull a private repo. Could you give this a try?

actions-sync pull --source-url https://$USER_NAME:[email protected] --repo-name $REPO_NAME

from actions-sync.

Hi, unfortunately this doesn't solve the problem, actions-sync errors out requesting authentication

pulling $REPO to $CACHE/$REPO ...
could not pull $REPO, the repository may require authentication or does not exist

from actions-sync.

Hi, unfortunately this doesn't solve the problem, actions-sync errors out requesting authentication

pulling $REPO to $CACHE/$REPO ...
could not pull $REPO, the repository may require authentication or does not exist

😕 I tested again on main and can pull both personal private repos, as well as internal and private org owned repos using the example command I posted in #74 (comment). Silly question; are you replacing the $ in my example with actual values (the error message looks like you forgot, unless you're redacting them 😄)? In addition, you'll also need to make sure of the following:

• when setting the repo, include the owner name (e.g. my-org/my-repo)
• when pulling org owned repos make sure to enable SSO on the token

from actions-sync.

Hi i'll try to give you some more context:
i'm using a self-hosted runner to syncronize some private actions, the specific call that I've tried to make is

actions-sync sync --cache-dir . --destination-token "${{ secrets.GHE_TOKEN }}" --destination-url "${{ secrets.GHE_HOST}}" --source-url "https://${{ secrets.GH_USER }}:${{ secrets.GH_PAT }}@github.com" --repo-name-list-file ./repo_name_list.txt

# repo_name_list.txt
ORG/action-1
ORG/action-2

This command will fail with the error code that you referenced.

Does go-git support this kind of url?
I haven't found any information about it.

Compiling and running the executable including the changes in this PR will sync all the repositories.

actions-sync sync --cache-dir . --destination-token "${{ secrets.GHE_TOKEN }}" --destination-url "${{ secrets.GHE_HOST}}" --source-token "${{ secrets.GH_PAT }}" --source-user "${{ secrets.GH_USER }}" --repo-name-list-file ./repo_name_list.txt

I also have to note that i don't have the option to enable SSO, I'm using standard Token (classic)

from actions-sync.

Does go-git support this kind of url?

Looking at the code it seems like that this type of auth is not supported (correct me if i'm wrong).
To support it we'd need to parse the url to extract those informations, then pass them to go-git like I did in this PR.

from actions-sync.

Hi i'll try to give you some more context: i'm using a self-hosted runner to syncronize some private actions, the specific call that I've tried to make is

actions-sync sync --cache-dir . --destination-token "${{ secrets.GHE_TOKEN }}" --destination-url "${{ secrets.GHE_HOST}}" --source-url "https://${{ secrets.GH_USER }}:${{ secrets.GH_PAT }}@github.com" --repo-name-list-file ./repo_name_list.txt

# repo_name_list.txt
ORG/action-1
ORG/action-2

This command will fail with the error code that you referenced.

Odd, we're not observing the same behavior even when running the sync command. For example, we're able to sync a private repo to a GHES instance using an action that runs on a self-hosted runner (in this case darwin/arm64). The value of secrets.ACTIONS_SYNC_SOURCE_URL is of the form https://<USERNAME>:<PAT_TOKEN>@github.com

name: sync actions
on:
  workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  sync:
    # The type of runner that the job will run on
    runs-on: [ self-hosted ]

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:      
      - name: download actions-sync
        run: |
          wget https://github.com/actions/actions-sync/releases/download/v202404051308/gh_202404051308_darwin_arm64.tar.gz
          tar -xf gh_202404051308_darwin_arm64.tar.gz
              
      - name: sync actions
        run: |
          mkdir -p cache
          ./bin/actions-sync sync \
          --cache-dir "cache" \
          --source-url "${{secrets.ACTIONS_SYNC_SOURCE_URL}}" \
          --destination-url "${{secrets.ACTIONS_SYNC_DEST_URL}}" \
          --destination-token "${{secrets.ACTIONS_DEST_TOKEN}}" \
          --repo-name-list "<OWNER>/<REPO>"

Does go-git support this kind of url? I haven't found any information about it.

It supports this type of url b/c under the hood the pkg uses net/url types from the standard library which supports the user info component in URIs.

Example:https://go.dev/play/p/gpbDmQ0ct14

That being said, I'm not opposed to the additional flags that's being proposed in #114 as it would make the API of the CLI more consistent and explicit. However, I'd like to see if we achieve more consistency such as not requiring a --source-user. For example, the push command only requires a token (b/c it creates its client differently).

from actions-sync.