Add support for GitHub token

[rvignolo]

It would be great if we could be able to send a GitHub token to the docker image such that it can fetch private repositories and perform the reproducible build with this as well.

What do you think?

[andreibancioiu]

Hello @rvignolo,

Generally speaking, the GitHub token should not be passed to the workflow that does the reproducible build.

In your private repository, do this:

...

permissions:
  contents: write

jobs:
  build:
    uses: multiversx/mx-sc-actions/.github/workflows/reproducible-build.yml...

Let us know how it goes 🙏

Additional references:

• https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[rvignolo]

Hi @andreibancioiu!

Sorry, let me better explain. Our actions are working properly. The issue arises when there is a dependency of one smart contract A with another smart contract B, and the smart contract B is hosted in a private repository. Then, we need to give credentials for the CI.

This can be solved using GitHub Deploy Keys. We are using those in conjunction with the following action:

      - name: Setup Credentials
        uses: webfactory/[email protected]
        if: inputs.has-private-dependencies
        with:
          ssh-private-key: |
            ${{ secrets.sc-1-deploy-pk }}
            ${{ secrets.sc-2-deploy-pk }}
            ${{ secrets.sc-3-deploy-pk }}

and it works.

The problem is with the reproducible build. We need to give credentials to the docker instance. We are currently using cargo vendor to solve the problem. Any ideas?

[rvignolo]

@andreibancioiu I can open a PR if wanted! Thanks!

[rvignolo]

@andreibancioiu PR has been opened here. Thanks!

[andreibancioiu]

Hello @rvignolo,

Sorry for the delay 🙏

We'll have a look (at the general matter and on the PR) 🙌

[rvignolo]

Thank you so much @andreibancioiu!