Skip to main content
설명서에 자주 업데이트를 게시하며 이 페이지의 번역이 계속 진행 중일 수 있습니다. 최신 정보는 영어 설명서를 참조하세요.

사전 빌드에서 다른 리포지토리에 액세스할 수 있도록 허용

사전 빌드가 성공적으로 빌드될 수 있도록 다른 GitHub 리포지토리에 액세스하는 것을 허용할 수 습니다.

이 기능을 사용할 수 있는 사용자

People with admin access to a repository can configure prebuilds for the repository.

GitHub Codespaces에 대한 리포지토리 수준 설정은 개인 계정이 소유한 모든 리포지토리에 사용할 수 있습니다.

조직이 소유한 리포지토리의 경우 GitHub Team 및 GitHub Enterprise 플랜의 조직에서 GitHub Codespaces에 대한 리포지토리 수준 설정을 사용할 수 있습니다. 설정에 액세스하려면 organization 또는 부모 엔터프라이즈가 결제 방법을 추가하고 GitHub Codespaces에 대한 지출 한도를 설정해야 합니다. 자세한 내용은 "조직에 Github Codespaces를 사용하도록 설정" 및 "AUTOTITLE"을 참조하세요.

By default, the GitHub Actions workflow for a prebuild configuration can only access its own repository contents. Your project may use additional resources, located elsewhere, to build the development environment.

Allowing a prebuild read access external resources

You can configure read access to other GitHub repositories, with the same repository owner, by specifying permissions in the devcontainer.json file used by your prebuild configuration. For more information, see "Managing access to other repositories within your codespace."

Note: You can only authorize read permissions in this way, and the owner of the target repository must be the same as the owner of the repository for which you're creating a prebuild. For example, if you're creating a prebuild configuration for the octo-org/octocat repository, then you'll be able to grant read permissions for other repositories, such as octo-org/octodemo, if this is specified in the devcontainer.json file, and provided you have the permissions yourself.

When you create or edit a prebuild configuration for a devcontainer.json file that sets up read access to other repositories with the same repository owner, you'll be prompted to grant these permissions when you click Create or Update. For more information, see "Configuring prebuilds."

Allowing a prebuild write access external resources

If your project requires write access to resources, or if the external resources reside in a repository with a different owner to the repository for which you are creating a prebuild configuration, you can use a personal access token to grant this access.

You will need to create a new personal account and then use this account to create a personal access token (classic) with the appropriate scopes.

  1. Create a new personal account on GitHub.

    Warning: Although you can generate the personal access token (classic) using your existing personal account, we strongly recommend creating a new account with access only to the target repositories required for your scenario. This is because the access token's repository permission grants access to all of the repositories that the account has access to. For more information, see "Signing up for a new GitHub account" and "Security hardening for GitHub Actions."

  2. Give the new account read access to the required repositories. For more information, see "Managing an individual's access to an organization repository."

  3. While signed into the new account, create a personal access token (classic) with the repo scope. Optionally, if the prebuild will need to download packages from the GitHub Container registry, also select the read:packages scope. For more information, see "Creating a personal access token."

    Screenshot of the "Select scopes" configuration options for a personal access token (classic), with the "repo" and "read:packages" scopes selected.

    If the prebuild will use a package from the GitHub Container registry, you will need to either grant the new account access to the package or configure the package to inherit the access permissions of the repository you are prebuilding. For more information, see "Configuring a package's access control and visibility."

  4. Click Configure SSO and authorize the token for use with SAML single sign-on (SSO), so that it can access repositories that are owned by organizations with SSO enabled. For more information, see "Authorizing a personal access token for use with SAML single sign-on."

    Screenshot of the "Personal access tokens (classic)" page. The "Configure SSO" button for a PAT is highlighted with a dark orange outline.

  5. Copy the token string. You will assign this to a Codespaces repository secret.

  6. Sign back into the account that has admin access to the repository.

  7. In the repository for which you want to create GitHub Codespaces prebuilds, create a new Codespaces repository secret called CODESPACES_PREBUILD_TOKEN, giving it the value of the token you created and copied. For more information, see "Managing encrypted secrets for your repository and organization for GitHub Codespaces."

The personal access token will be used for all subsequent prebuilds created for your repository. Unlike other Codespaces repository secrets, the CODESPACES_PREBUILD_TOKEN secret is only used for prebuilding and will not be available to use in codespaces created from your repository.

Further reading