Authenticating To Use Private GO Modules

Go works on top of git, using tags to version software rather than a traditional package manager. These tags need to follow SemVer and are prefixed with a v, ie v0.0.1.

Letting GO know what is private

GO uses prefixes to determine what may or may not be public. In my opinion, its a bit shit. You can explicitly set a path like so and any repo in that namespace will try use auth.

export GOPRIVATE=github.com/Vyra-io

Human Access

For human access from endpoints, the GitHub CLI is is best, to authenticate:

gh auth login

Note that you must have the scope of repo at a minimum.

Machine Access

Machines can be a bit harder and must ensure that there are no prompts. We can use .netrc to achieve this. In your user's home dir, you can add the following .netrc file.

machine github.com
login some-user
password gh_mytoken

Alternatively, here are the workflow steps to do so:

- name: Generate GitHub App Token for Go 🔑
  id: github-app-token
  uses: actions/create-github-app-token@v2
  with:
    app-id: ${{ secrets.GH_APP_ID }}
    private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
    owner: Vyra-io

- name: Setup .netrc for Go 🔧
  run: |
    touch ./.netrc
    echo "machine github.com" >> ./.netrc
    echo "login vyra-soar-operator" >> ./.netrc
    echo "password ${{ steps.github-app-token.outputs.token }}" >> ./.netrc
    chmod 600 ./.netrc