Cachet 3.x is under development. Learn more.

Installing Private Repositories using GitHub Actions

I've been testing out the new Laravel Spark package before it gets launched and implemented it into my new side project (more details coming soon).

Because I'm part of the Laravel GitHub organisation, I'm able to install the repository into my composer.json file like so:

    "repositories": [
            "type": "vcs",
            "url": "[email protected]:laravel/spark-paddle.git"
    "require": {
        "laravel/spark-paddle": "@dev"

This all works great and I've been able to use Spark Paddle just fine however, when I pushed my changes to GitHub the tests immediately started failing because of the private repository.

My first thought was to use the ${{ secrets.GITHUB_TOKEN }} secret but this didn't work. After a lot of trial and error, this is the solution I came up with:

First, we need to generate a new token. This token needs full control of private repositories. You'll need to copy this token as it won't be displayed again. In our repository's secrets section, we need to create a new Repository secret. I called mine COMPOSER_AUTH and copy the token we generated into the value.

In our tests file, we need to tell Composer to use the new token:

- name: Install Dependencies
    COMPOSER_AUTH: '{"github-oauth": {"": "${{secrets.COMPOSER_AUTH}}"} }' # [tl! **]
  run: |
    composer update --${{ matrix.dependency-version }} --prefer-dist --no-interaction --no-suggest

That's it. Our tests will now use the token we generated and we'll be able to access all of the repositories that we have access to.