Generally, GitHub Actions is incredibly simple when interacting with private repositories, either through the GITHUB_TOKEN or through creation a Personal Access Token. However, when the tools that your GitHub Action interacts with require to authenticate, injecting that personal access token can become challenging.

Here I show two easy ways to enable your GitHub Actions to interact with private repositories for:

In both of these examples, it’s incredibly important to use GitHub Action’s secrets to store the personal access token, and then inject that token into the environment of the job that requires it. This ensures it is redacted in any runner logs and not visible in plain text.

Cloning Private Repositories through Ruby

There’s an obscure variable that Bundler uses to authenticate with GitHub, BUNDLE_GITHUB__COM:

Specify the variable BUNDLE_GITHUB__COM: x-access-token:${{ secrets.$SOME_PAT }} in your job’s env` key and ensure the URL to clone the ruby gem is using https.

gem 'private-dependency', git: ''
name: "Deploy"  
    name: "Deploy Beta"
    runs-on: ubuntu-latest
    timeout-minutes: 10
      BUNDLE_GITHUB__COM: x-access-token:${{ secrets.PRIVATE_GITHUB_PAT }}  
    - name: "Checkout ${{ github.ref }} in ${{ github.repository }}"  
      uses: actions/checkout@v4
    - name: "Install dependencies"  
      run: |  
        bundle install

Cloning Private Repositories through Swift Package Manager

When Xcode clones dependencies through Swift Package Manager, because it is using the machines git configuration, we can harness that and the insteadOf key to modify the remote URL.

Use the following step in your GitHub Action to modify the git config remote URL:

- name: "Setup Authenticated URL"
  shell: bash
    GIT_AUTH_TOKEN: ${{ secrets.GIT_AUTH_TOKEN }}
  run: |
    git config --global --add url."https://oauth2:${GIT_AUTH_TOKEN}".insteadOf ""
    git config --global "$GIT_AUTHOR_NAME"  
    git config --global "$GIT_AUTHOR_EMAIL"  
    git config --global credential.username "$GIT_USERNAME"