Can't fetch private UPM Packages from github because can't add my github credentials to Unity #161
Comments
|
I'd say a workaround would be to clone these projects as part of your CI actions before building unity project. Related question on Support community: You'll need a personal access token generated from here. Check the In your action file, you can add a step like this: - uses: actions/checkout@v1
with:
repository: my-private/repo-name
token: ${{ secrets.ACCESS_TOKEN }}Set Note: I did not try this solution, but it should work unless Unity needs to do something special when adding a private UPM package. |
|
Hi ! I have the exact same need as @Podden. I tried @GabLeRoux workaround by cloning dependencies directly to Unity's package cache folder but it looks like it's not working. Dependencies referenced by the Packages/manifest.json can be written as follow : "yourpackagename": "git+ssh://[email protected]/company/yourpackagename.git#tag-or-sha1"This way git doesn't ask for username/password on the command line and will look for your ssh keys instead. Here is my log extract when trying with git+ssh in manifest.json Googling things like 'No user exists for uid 1001' shows that it seems to be related to how docker changes user but I'm not really used to Docker and clean permission handling on linux... I tried (with no luck) adding entries in /etc/passwd as suggested here Here is another link that seems relevant to me , but I really have no idea on how to apply that. Here is my workflow file : name: Build App
on:
push: { branches: [master] }
workflow_dispatch: { branches: [master] }
jobs:
build:
name: Build project
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
projectPath:
- ./
unityVersion:
- 2019.4.4f1
targetPlatform:
- StandaloneWindows64
steps:
# Checkout
- name: Checkout repository
uses: actions/checkout@v2
with:
lfs: false
- name: Checkout repository
uses: actions/checkout@v2
with:
token: ${{ secrets.PRIVATE_TOKEN }}
repository: company/mypackage
ref: 1.0.0
path: ${{ matrix.projectPath }}/Library/PackageCache/mypackage
# Cache
- uses: actions/[email protected]
with:
path: ${{ matrix.projectPath }}/Library
key: Library-${{ matrix.projectPath }}-${{ matrix.targetPlatform }}
restore-keys: |
Library-${{ matrix.projectPath }}-
Library-
- name: Create SSH key
env:
SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}}
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
run: |
sudo mkdir -p /home/github/.ssh/
sudo ssh-keyscan github.com >> /home/github/.ssh/known_hosts
sudo ssh-agent -a $SSH_AUTH_SOCK > /dev/null
sudo echo $SSH_PRIVATE_KEY > /home/github/.ssh/private.key
sudo echo "Host *" > /home/github/.ssh/config
sudo echo " IdentityFile /home/github/.ssh/private.key" >> /home/github/.ssh/config
sudo chown -R runner:runner /home/github/
sudo chmod 0600 /home/github/.ssh/private.key
shell: bash
# Build
- name: Unity - Builder
uses: webbertakken/[email protected]
env:
# Unity Pro Licence Activation
# UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
# UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
# UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
# Unity Personal License Activation
UNITY_LICENSE: ${{ secrets.UNITY_LICENSE }}
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
with:
customParameters: -nographics
projectPath: ${{ matrix.projectPath }}
unityVersion: ${{ matrix.unityVersion }}
targetPlatform: ${{ matrix.targetPlatform }}
# Output
- uses: actions/upload-artifact@v1
with:
name: Build
path: build |
|
@TheoRealcast maybe try again with unity-builder@main because the proper user PR was reverted because of another problem. Maybe that works ;-) |
|
Closing this until there is more information available. Right this is probably solved in the latest version of builder. If not, feel free to drop a comment and we'll reopen it. |
|
Is there some other context I do not get? while works flawless, this gives me the "cannot access repository" error I tried the above without the fusion-engineering/setup-git-credentials@v2, git clone gives a correct permission error so this seems to work and my credentials are correct. I'm guessing I have to inject my git credentias in the docker container in which unity runs as well? Any guesses how this can be done? Happy new year btw :) |
|
Currently I think the only way is to put your ssh key in |
|
Hmm, my Problem with this is on the usability side, because I have to change the manifest.json to SSH and teach all my non-dev collaborateurs how to install SSH Keys on Windows :(. I'll another way by, maybe rewriting the manifest.json in the Action. |
|
Isn't there a point in your action to inject custom Terminal commands in the container before Unity starts?
|
|
That's a fair point and thank you for elaborating on your use case, this is very helpful. I suppose we could add gitUser and gitPassword as parameters and pass them into the image. I believe unity has specific ENV variables it wants to use for UPM. Open for contributions. |
|
Does anyone work on this? |
Feel free to take a stab at it. |
Hi all, |
|
Closing this as solved by above PRs |
|
Hi @webbertakken , I am in a similar situation to Podden above. For most of my team it's easier to have https urls rather that getting ssh keys setup for everyone. I'm interested in passing an additional 2 parameters: gitubUsername and gitubPersonalAccessToken. In addition if these variables are set I would add an insteadof command like: I believe this is a useful alternative to provide as it's a lot easier for users to configure git using oauth and use https. This then means you have to use Personal Tokens for CI. Also using PAT instead of GITHUB_TOKEN means you can authenticate against other repos (from I have read the scope of the GITHUB_TOKEN is repository scoped). I am happy to have a stab at this and submit a PR if you feel there is a chance of it getting in. |
|
So using a token to authenticate and pull other reps sounds fine to me. All mentioned tokens are GitHub related, private and for access, so we can simply call it Please note however that CI is not any user and as such shouldn't use usernames or personal access tokens in principle. Perhaps we could add a flag named |
|
The use case we have is as follows: my understanding from reading https://docs.github.com/en/actions/security-guides/automatic-token-authentication is that the githubToken provided to the context of the action is restricted to the repo in which the action is executing. Hence this token only gives me access to MYREPO. "The token's permissions are limited to the repository that contains your workflow." Since MYPACKAGE is a different repo i'm not sure this is going to work. In te last section of the page linked above https://docs.github.com/en/actions/security-guides/automatic-token-authentication#granting-additional-permissions it suggests that if you need more permissions that are given to the githubToken you would need to create a PAT (which would need to belong to a user). Either way, I am going to test just using githubToken and see. But my suspiscion is that if the package is in a separate private repo it won't work. I am going to try to get it working and then see how best it can be integrated. From my current understanding there are 3 cases:
Andre |
I see. If that is GitHub official answer (for now) then so is ours. I stand corrected. Conceptually though not everyone has their own tokens for CI, just the person setting it up configures a token. Not sure if this is obvious for everyone or not. As for the cases let's also consider:
That is to say that I think we'd like to support a similar solution as the one you proposed, as long as it works for everyone or is forward compatible with all cases in some way. Finally, let's see how much of the problem would get solved by https://github.com/game-ci/unity-builder/pull/278/files or how much of that PR can be reused. Thank you for your extended explanation and consideration. :) |
|
The |
|
Thank you @davidmfinol. Looks like it indeed. Closing in favour of making new issues based on the latest iterations. |
Bug description
We're using private packages from github in the Unity Package Manager. Building does not work with this because Unity asks for my github credentials. On my local Windows machine, Github Crendetial Manager pops up and I can insert them. What do I have to do in an github action to add them?
I've tried to add my github credentials with fusion-engineering/[email protected] but does not work either.
How to reproduce
Try building a project with UPM dependency from a private github URL.
Expected behavior
Project builds :)
Additional details
I've added my script and the logfiles
build.zip
logs_51.zip
The text was updated successfully, but these errors were encountered: