R packages in private organization - how to install private dependencies within organization?

Question

Our GitHub organization is private and is developing multiple private R packages within multiple different repositories in our organization. Some of these packages have dependencies on other repositories in our private organization. How can I set up GitHub actions to be able to install these private dependencies? My description file currently contains:

Imports:
    MyPackageDep
Remotes:
    MyOrg/MyPackageDep

The relevant portion of my GitHub Actions .yaml is:

  - name: Install dependencies
    run: |
      remotes::install_deps(dependencies = TRUE)
      remotes::install_cran("rcmdcheck")
    shell: Rscript {0}

I tried following the advice of this SO post by storing my PAT in an .Renviron file. But not only does this still not work, I still am not sure how this would work with multiple contributors to the package. Would they all just need to set up their own local GITHUB_PAT in their own .Renviron?

I also tried following the advice of this GitHub issue by including the following in my GitHub workflow:

 env:
      GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}

The workflow still failed to download the dependency.

Is there anyway with GitHub Secrets to pre-configure the repository to have access to all other private repositories in an organization?

Answer 1

The GITHUB_TOKEN only gives you access to the current repository. You need to generate a PAT and grant it access to your organization: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token

Then add the PAT as a secret to your repository:

Then in your action yaml you can add:

    env:
      # This allows installation of private github repos
      GITHUB_PAT: ${{ secrets.PAT }}

Then the r-lib/actions should be able to access the internal repos.