Closed phlax closed 1 year ago
Currently Envoy CI uses an SSH key with all powers to sync this repo by pushing to it
This is not optimally secure, and furthermore this pattern regularly causes Envoy CI to flake racing to checkout/push downstream repos.
I have created an app with just wf trigger permissions and added it to this repo
This PR adds a workflow that can be triggered by the app to sync Envoy by pulling from it
Currently Envoy CI uses an SSH key with all powers to sync this repo by pushing to it
This is not optimally secure, and furthermore this pattern regularly causes Envoy CI to flake racing to checkout/push downstream repos.
I have created an app with just wf trigger permissions and added it to this repo
This PR adds a workflow that can be triggered by the app to sync Envoy by pulling from it