Closed oraNod closed 4 months ago
When the environment is created, specify it in the workflow: https://github.com/ansible/ansible-documentation/pull/1353/files#diff-556c4624ec829c57c68bca98085f1fac2a96f6af1ff4dc3c42e4a8f20e2a10abR131
Closing as we can actually specify the environment in the workflow and it will be created when merged. https://github.com/ansible/ansible-documentation/pull/1353/files#diff-556c4624ec829c57c68bca98085f1fac2a96f6af1ff4dc3c42e4a8f20e2a10abR145
Required for https://github.com/ansible/ansible-documentation/pull/1353 Blocked by https://github.com/ansible-community/community-team/issues/525
The purpose of this issue is to create an environment in the
ansible-documentation
repo that holds secrets for the GitHub app with read/write permissions to the contents of the destination repo in the ansible-community org. This is needed to push resources from theansible-documentation
repo to the destination repo that builds on ReadTheDocs.As Sviat mentioned in the PR, we can also use a deployment key. It's public part is added to the target repo and the private one goes to this repo's secrets.
Additionally, we should restrict access to the deploy job in the workflow to members of the
community-docs-maintainers
group. The environment should be configured so that members of that group control when the job runs.