Test PR **DO NOT MERGE**

[autopulated]

I think the git/hg test repos should ideally be accessed via git/hg, rather than http, otherwise they aren't using the access classes the way that they would be normally (http:// would be ambiguous in package.json?)

[thegecko]

Problem here is that I enabled CI tests for PRs (makes sense, no?) but hg SSH checkouts require an SSH key which doesn't get injected into PR builds (security). https checkouts work, but yotta can't tell it's an HG repo using that scheme. Options are:

1. Disable CI for PRs (seems a step backwards and would require a manual test run)
2. Disable external HG/GIT tests for PRs
3. Set up a restricted SSH key for a bot account for these test repos (requires investigating whether bitbucket keys can be scoped + account setup and repo migration)
4. Something else?

[autopulated]

The user for the bitbucket keys (https://bitbucket.org/yottatest/) is already a bot/has access to nothing else, so I think it should be safe to just share the keys.

(also the corresponding github user is https://github.com/yottatest, I believe)

Github scans for exposed keys and disables them, and possibly bitbucket does the same, but I don't think they'd see them if they're just exposed to builds.

[thegecko]

@autopulated In that case, can we move the test repos used under the yottatest accounts?

github.com/autopulated/testing-dummy.git and bitbucket.org/autopulated/hg-testing-dummy

[autopulated]

I've forked the github one under github/yottatest.

I can't fork the bitbucket one because I can't log in with the yottatest account there – Atlasssian have introduced some messed up new One Account To Rule Them All scheme that needs to re-verify the email address 🙄 sooo for that one it might be easier just to create a new account, sorry!