-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Investigate support for GitHub Enterprise #4
Comments
The current implementation is also incompatible with private repositories on GitHub. I have an idea to solve this by having the option to push a source archive (zip/tarball) from GitHub Actions to an S3 bucket, and using this as the source for CodeBuild — rather than having CodeBuild clone from GitHub itself. This wouldn't require any additional authentication/authorisation pieces on the GitHub Actions side, and would require a user to give IAM permissions to an S3 bucket in addition to the CodeBuild/Cloudwatch Logs permissions already required. Is this something you'd consider for this issue, or would you like me to separate this into a new separate issue? |
I think that this should go into a separate issue. If you could throw into that issue, how you see this working, |
I’m wondering - as an alternative, could one set the codebuild project to NO_SOURCE, and pass in the GITHUB_TOKEN and GITHUB_ACTOR is a environment variables? This would require the project to manually clone the repo, though. You would also need to fork this action and change the overrides... but it would probably work. |
I gave it a go and can confirm that passing GITHUB_ACTOR and the secret variable GITHUB_TOKEN, you can configure a codebuild job with source configured as NO_SOURCE to pull from github. The only issue is that you have to write the step to pull the code within the codebuild buildspec and you miss out on the built-in source caching capabilities of codebuild. I also hacked it a bit and provided the token as a PLAIN_TEXT environment variable because it was the least amount of work - the current implementation is propogating all environment variables prepend with 'GITHUB_' the environment variable overrides. Tokens are valid for roughly 60 minutes according to github documentation, but ideally, they would be configured as secrets in the codebuild startBuild overrides. |
Glad there seems to be a workaround, but leaving this open as a valid feature request for the future. |
For one approach see #57 (comment) |
Is this something that will still be done as a feature? |
The URL that we pass to CodeBuild to check out the code is currently hard-coded to use
https://github.com
. Because GitHub Actions is available in GitHub Enterprise, it would be nice if this action worked there too.The text was updated successfully, but these errors were encountered: