Hello!
I have two github repositories. The first repo produces some artifacts with Github Actions, which the second repo downloads and uses to build and test its own code. With Github Actions the second repo can download the artifacts with the following command, authenticating with GITHUB_TOKEN:
wget --output-document output.file --header=“Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}” $url
I want to move the Github Actions flow of the second repo onto drone.
I have a .drone.yml file in the root of my second repo, but I don’t see any way to get the ${{ secrets.GITHUB_TOKEN }} in my drone script to authorize with API key.
I tried wget or with drone-download plugin. The plugin allows username and password but doesn’t seem to accept the github token which is necessary to access the artifacts from another repository of the same project/user on github.
I also tried many other things, which may or may not be silly, but with no results. Having searched for quite a while I though I’d ask for help. Does anyone know how to authenticate the download of an artifact from a github repo with GITHUB_TOKEN?
You should be able to achieve the same workflow in drone. Here is an example yaml to demonstrate:
kind: pipeline
type: docker
name: default
steps:
- name: download
image: alpine
environment:
GITHUB_TOKEN:
from_secret: <name of your secret>
commands:
- wget --output-document output.file --header=“Authorization: Bearer $GITHUB_TOKEN” https://...
Thanks a lot for a quick reply, @bradrydzewski !
I think the issue here is that in Github Actions I could use the token without setting up any secrets in the project, I could simply call ${{ secrets.GITHUB_TOKEN }} and it was there for me.
Do I understand correctly that I now need to ask the project administrator to explicitly set up a secret in the project for Drone to use?
Then I could set
from_secret: ${DRONE_GITHUB_TOKEN}
and use it in the drone script?
I now tried setting
from_secret: ${{ secrects.GITHUB_TOKEN }}
but I keep getting
yaml: unmarshal errors: line 20: cannot unmarshal !!map into string
The syntax you are using in your examples is invalid. Here is a reference documentation that describes how to create and use secrets https://docs.drone.io/secret/repository/, and also answers your question regarding required permissions to create a secret.
Thanks again for your time and help, @bradrydzewski .
It turned out that I was facing a bug in yaml marshal and managed to get rid of the unmarshall error by using a multiline command, as described here.
Still - I cannot authenticate after I created a github token and added it to my second repo secrets as DRONE_GITHUB_TOKEN. I tried echo-ing the token, but it didn’t print out anything.
I also tried passing it as password (or as username, or as both 
) to the download plugin, as you suggested here, but still could not authenticate correctly.
I wonder if using the GITHUB_TOKEN is actually supported… I’m okay with using the download plugin or wget from a bash script, but it seems I am missing some important detail here…
I also tried passing it as password (or as username, or as both ) to the download plugin, as you suggested here, but still could not authenticate correctly.
the gh-pages plugin and download plugin are separate programs with their own unique inputs and outputs. the inputs for gh-pages plugin would not apply to the download plugin.
Still - I cannot authenticate after I created a github token and added it to my second repo secrets as DRONE_GITHUB_TOKEN. I tried echo-ing the token, but it didn’t print out anything.
See Problems with Secrets which details common problems when using secrets. See the Still Experiencing Issues? section which describes the information we need in order to help provide support if you are experiencing issues.
I actually missed the additional “$” to escape the variable, but even after adding it I could not authenticate.
Apologies, but I am not sure how to obtain some of the information requested, but I will provide what I have
-
Version of Drone. If using drone exec please make this clear. - I do not have my own instance of drone, my yaml scripts sits in the root of the github repo and I am using cloud.drone.io to view the build results.
-
Full result of drone repo info <repository> (Do not redact the repository name) - I tried running the command on the image, but it did not work. Not sure where I should run this?
-
Full result of drone build info <repository> <build>
-
Full result of drone secret info <repository> <secret> for each secret
-
Full yaml configuration file:
kind: pipeline
name: arm64_gcc_make
platform:
os: linux
arch: arm64
clone:
disabled: true
steps:
- name: Build and Test
image: ubuntu
environment:
GITHUB_TOKEN:
from_secret: DRONE_GITHUB_TOKEN
commands:
- apt update
- apt install -y wget
- |
echo $${GITHUB_TOKEN}
wget --output-document output.file --header="Authorization: Bearer $${GITHUB_TOKEN}" https://api.github.com/repos/michalpasztamobica/classic-flang-llvm-project/actions/artifacts/47743037/zip
-
Full logs for the failed pipeline step, copied from the user interface
I dare to only paste the relevant logs, full log is here.
echo {GITHUB_TOKEN}
wget --output-document output.file --header="Authorization: Bearer {GITHUB_TOKEN}" https://api.github.com/repos/michalpasztamobica/classic-flang-llvm-project/actions/artifacts/47743037/zip
–2021-03-23 17:54:38-- https://api.github.com/repos/michalpasztamobica/classic-flang-llvm-project/actions/artifacts/47743037/zip
Resolving api.github.com (api.github.com)… 140.82.121.6
Connecting to api.github.com (api.github.com)|140.82.121.6|:443… connected.
HTTP request sent, awaiting response… 401 Unauthorized
Username/Password Authentication Failed.
- Runner configuration. - also not sure how to provide this
I checked that I can run the wget command on my laptop and pass authentication with this token pasted to the command line.
@michalpasztamobica I see you referenced a secret in your yaml named DRONE_GITHUB_TOKEN, however, when I look at your repository settings I do not see any secrets in the list.
You can learn more about Drone secrets at this link:
https://docs.drone.io/secret/repository/
That was the issue - I misunderstood the instructions and added my secret to github, instead of adding it to drone. The download now works fine.
Thanks a lot for your advice, help and patience, @bradrydzewski !
