I’ve got a team of 2 others working with me on a project which requires a few different games being developed. We are at the point where I want to start using libraries shared between us, but not at the point where I want to make the projects publicly accessible.
It seems that this is possible if we have setup personal access tokens (https://defold.com/manuals/libraries/) however I was hoping to get more details on how we set this up with defold when fetching libraries? If each of the developers has a private access token for their github accounts setup then will they be able to fetch any repos that they have access to?
Any help you can provide on this is greatly appreciated.
I’ve been thinking about this, and the only problem is I don’t want my github username and access token to be in the project. To your knowledge is there any way to ensure the username and access token aren’t shared with others working on the project?
When creating an access token on Github you setup it’s access. But you can’t setup “Can only pull this one repo” which I would be fine with being accessible to others. All you can setup is “Can completely access all private repositories you have access to” or none. At least that’s my understanding. Any assistance with this would be greatly appreciated.
Our approach to this was to create a separate github user and add it with read access to only the relevant repos. Also the token was generated as read-only access. This access token was safe to push to the Interrogation repo, since it only provided access to repos needed for building Interrogation.
@Pkeod thank you for responding, to be clear, you mean have the username and access token as environment variables on my computer whilst I press “fetch libraries”?
Oh. I was under the impression that there’s an option. I’m mistaken then. Anyway, you should be fine if you only give read permissions to the user when you add it to your private repo.
Cannot seem to use environment variables unless I’m setting them up wrong.
I’ve got a terminal where I run Defold from. Before running defold in that terminal I created the environment variables:
GIT_USERNAME=’<username>’
GIT_TOKEN=’<token>’
Then the included libary was https://GIT_USERNAME:GIT_TOKEN@github.com/<username>/<repo>/archive/main.zip
Now when I use just the contents of the environment variables in place of those environment variables it does work.
Is there any mistakes I’m making in accessing these environment variables from Defold?
Also note that we check for the auth arguments first in the path, then use the X-Email and X-Auth as fallback. (code). The latter two are only available via bob.jar (“–email” and “–auth”).
I’m sorry I don’t understand what you are suggesting here? How would I use environment variables in the dependency path without Auth arguments? Just running it without any Authentication does not pull in the repo since it is private. I tried using the ssh version of the repo as I have ssh keys setup on github, but that didn’t work either.
Going through the other options here, your solution seems to be the only one that really solves all of my problems completely. To be honest I wanted to avoid creating a new account, but at this point it seems to work fairly well and won’t scare my less command line savvy team mates.
If going through this process would be useful on a tutorial or showcase or something let me know.
Hi, I am just wondering whether it is possible to use ssh keys for authenticating to fetch libraries. It would be easier than setting up access tokens.
