Private dependencies

If your repository contains private dependencies, you can fetch them using build actions. Buddy supports the following authorization methods:

  1. SSH keys
  2. HTTP authorization
  3. Environment variables

Authorization with SSH key

Select this method if your defined dependencies use the SSH protocol. Dependencies can be fetched using either Buddy's public key or your own private key.

Buddy SSH key

SSH keys generated in Buddy are unique for each project, which means that only pipelines belonging to this particular project are permitted to fetch the authorized dependencies.

To add the Buddy Public Key, go to Project Options and click Buddy Public Key in the right menu.

Adding Buddy key

Private SSH key

You can also define your own private SSH key and use it for authorization by adding it to the project's environment variables. This can be done in the Variables tab of the project's options.

Make sure the key is not secured with a passphrase or it won't work.

Adding private key

HTTP authorization

If your dependencies are fetched over HTTP, you should include the authorization data in the repository URL:

https://ci-user:mypassword123@github.com/myorg/lib1.git

ENV VAR authorization

Some package managers support authorization with special authorization tokens, for example npm. In order to make the token to be available in the build action, it should be added to the project's environment variables with a proper name:

Adding authorization token

See also

Questions?

Not sure how to configure a pipeline for your process? Reach out on the live-chat, contact support, or ask our community on our forum.

Sign up for Buddy Digest

Best practices on CI/CD and fresh changelogs delivered weekly to your inbox.