Closed proudust closed 4 years ago
peter-evans
commented
4 years ago Interesting idea. This would only work to trigger checks run in on: push workflows though. Checks run in on: pull_request workflows would still not fire because a GitHub auth token will be needed to create the PR.
I will do some research and think about how to support this feature.
peter-evans
commented
4 years ago @proudust I don't see options in GitHub for scoping an SSH key to a specific repository. SSH keys set here are tied to an account and so can be used to access all repositories. Is there something I'm missing?
proudust
commented
4 years ago @peter-evans Try using Deploy keys.
peter-evans
commented
4 years ago What I've decided to do is make sure the action will work when a repository is checked out via SSH. I don't think handling the SSH key itself should be the responsibility of this action.
How to use SSH (deploy keys) with create-pull-request action:
webfactory/ssh-agent action to install the key and clone your repository. Remember to checkout the base of your pull request if it's not the default branch, e.g. git checkout my-branch. steps:
- uses: webfactory/ssh-agent@v0.2.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Checkout via SSH
run: git clone git@github.com:peter-evans/create-pull-request.git .
# Make changes to pull request here
- name: Create Pull Request
uses: peter-evans/create-pull-request@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}Added to the documentation here: https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md#push-using-ssh-deploy-keys
peter-evans
commented
4 years ago Thank you for this idea!
proudust
commented
4 years ago Thank you, I will try that workflow.
To get around #48, would be great if create-pull-request could support push using ssh. It is more secure than using a personal token because it can be set for each repository.