From 3fcc3107dbeea0718ed1f119ce3d31b6d79739bf Mon Sep 17 00:00:00 2001 From: eric sciple Date: Thu, 19 Mar 2020 10:49:34 -0400 Subject: [PATCH] Revise ADR: Use the auth token to fetch the workflow repo --- adrs/0153-checkout-v2.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/adrs/0153-checkout-v2.md b/adrs/0153-checkout-v2.md index b9536a5..998c30a 100644 --- a/adrs/0153-checkout-v2.md +++ b/adrs/0153-checkout-v2.md @@ -40,9 +40,12 @@ We want to take this opportunity to make behavioral changes, from v1. This docum default: ${{ github.token }} ssh-key: description: > - SSH key used to fetch the repository. The SSH key is configured with the local - git config, which enables your scripts to run authenticated git commands. - The post-job step removes the SSH key. + The SSH key to use. The SSH key is configured with the local git config, which enables + your scripts to run authenticated git commands. The post-job step removes the SSH key. + + + When fetching the repository the workflow is running in, the auth token will be used + and configured instead. This enables the SSH key to be used only for submodules. We recommend using a service account with the least permissions necessary.