Authenticating Laravel Nova in a GitHub Actions workflow

Published on

If you are using Laravel Nova, and you build your application with GitHub Actions, then you'll have to make sure the runner is authorized to download Nova. Your workflow can't type in the credentials like you would locally.

If instead of typing your credentials you use an auth.json file, make sure you don't commit this to your repository. The secrets inside this file do not belong in version control.

Instead, add the following two secrets to your GitHub repository:

And then use them in your workflow like this:

- name: Install Composer dependencies
  run: |
    composer config "http-basic.nova.laravel.com" "${{ secrets.NOVA_USERNAME }}" "${{ secrets.NOVA_LICENSE_KEY }}"
    composer install --no-interaction --optimize-autoloader --no-dev    

Your workflow can now install Nova and your secrets stay secret.

Do you want to deploy Laravel with GitHub Actions?

I've spent an unreasonable amount of time making the perfect deployment script for Laravel.

Deploy Laravel with GitHub Actions