Skip to content

Problem: Support for Private Git Collections/Roles authentication in requirements.yml #3677

New issue
New issue
Open
Open
Problem: Support for Private Git Collections/Roles authentication in requirements.yml#3677
@stucki-stuck

Description

@stucki-stuck
stucki-stuck
opened on Mar 2, 2026

Issue

Issue Description

When using a private Git repository for Ansible Collections or Roles in a requirements.yml file via HTTPS, the automated installation process fails because ansible-galaxy cannot authenticate against the private server.

requirements.yml

collections:
  - name: https://git.private.repo/my.collection.git
    type: git
    version: 1.0.0

Current Behavior

When a task starts, SemaphoreUI runs the dependency installation. If requirements.yml contains a private HTTPS URL, the task fails with the following error:

Starting galaxy collection install process
Process install dependency map
Cloning into '/tmp/semaphore/project_1/repository_1_template_9_home/.ansible/tmp/ansible-local-xxxx/...'...
fatal: could not read Username for 'https://git.private.repo': No such device or address
ERROR! Failed to clone a Git repository from `https://git.private.repo/my.collection.git`.
Failed to install requirements: exit status 1

Current Workaround

Currently, we have to manually inject Git credentials using Variable Groups with the following environment variables:


GIT_CONFIG_COUNT=1
GIT_CONFIG_KEY_0="credential.https://git.private.repo.helper"
GIT_CONFIG_VALUE_0='!f() { echo "username=xxx"; echo "password=yyyy"; }; f'

This approach is cumbersome to maintain across multiple projects and sensitive data is harder to manage.

Proposed Solution

It would be ideal to provide a way to link Key Store credentials or Repository configurations directly to the dependency installation process within the UI

Impact

Ansible (task execution)

Installation method

Docker

Database

Postgres

Browser

Firefox

Semaphore Version

v2.17.14-44e6c8d-1771624574

Ansible Version

ansible --version 
ansible [core 2.18.13]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/semaphore/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/semaphore/apps/ansible/11.1.0/venv/lib/python3.12/site-packages/ansible
  ansible collection location = /home/semaphore/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/semaphore/apps/ansible/11.1.0/venv/bin/ansible
  python version = 3.12.12 (main, Oct 10 2025, 13:30:56) [GCC 14.2.0] (/opt/semaphore/apps/ansible/11.1.0/venv/bin/python3)
  jinja version = 3.1.6
  libyaml = True

Logs & errors

Starting galaxy collection install process
2:39:13 PM
Process install dependency map
2:39:13 PM
Cloning into '/tmp/semaphore/project_1/repository_1_template_9_home/.ansible/tmp/ansible-local-24001b4lnm7b/tmp_6ikloia/xxxxxx'...
2:39:13 PM
fatal: could not read Username for 'https://git.xxxx': No such device or address
2:39:13 PM
ERROR! Failed to clone a Git repository from `https://git.xxxx/xxxxx.yyyy.git`.
2:39:13 PM
Failed to install requirements: exit status 1
2:39:13 PM
Failed to run task: exit status 1

Manual installation - system information

No response

Configuration

No response

Additional information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions