Private dependencies
If your repository contains private dependencies, you can fetch them using build actions. Buddy supports the following authorization methods:
- SSH keys
- HTTP authorization
- Environment variables
Authorization with SSH key
Select this method if your defined dependencies use the SSH protocol. Dependencies can be fetched using either Buddy's public key or your own private key.
Buddy SSH key
SSH keys generated in Buddy are unique for each project, which means that only pipelines belonging to this particular project are permitted to fetch the authorized dependencies.
To add the Buddy Public Key, go to Project Options and click Buddy Public Key in the right menu.
Private SSH key
You can also define your own private SSH key and use it for authorization by adding it to the project's environment variables. This can be done in the Variables tab of the project's options.
Make sure the key is not secured with a passphrase or it won't work.
HTTP authorization
If your dependencies are fetched over HTTP, you should include the authorization data in the repository URL:
https://ci-user:mypassword123@github.com/myorg/lib1.git
ENV VAR authorization
Some package managers support authorization with special authorization tokens, for example npm. In order to make the token to be available in the build action, it should be added to the project's environment variables with a proper name: