Authenticating Laravel Nova in a GitHub Actions workflow

If you are using Laravel Nova, and you build your application with GitHub Actions, then you'll have to make sure the runner is authorized to download Nova. Your workflow can't type in the credentials like you would locally.

If instead of typing your credentials you use an auth.json file, make sure you don't commit this to your repository. The secrets inside this file do not belong in version control.

Instead, add the following two secrets to your GitHub repository:

• NOVA_USERNAME
• NOVA_LICENSE_KEY

And then use them in your workflow like this:

- name: Install Composer dependencies
  run: |
    composer config "http-basic.nova.laravel.com" "${{ secrets.NOVA_USERNAME }}" "${{ secrets.NOVA_LICENSE_KEY }}"
    composer install --no-interaction --optimize-autoloader --no-dev    

Your workflow can now install Nova and your secrets stay secret.