-
Notifications
You must be signed in to change notification settings - Fork 32
Feature: Update with deploy key
Josh Soref edited this page Feb 25, 2024
·
12 revisions
Included in v0.0.20
Deploy keys allow repository workflows to make pushes that trigger workflows, unlike the GITHUB_TOKEN
:
When you use the repository's
GITHUB_TOKEN
to perform tasks, events triggered by theGITHUB_TOKEN
will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository'sGITHUB_TOKEN
, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.
The easiest way to set up a deploy key (or lots of them) is via scripting.
This is possible using the gh
cli.
This script will:
- create an ssh key,
- add it as a deploy key to your repository (controlled by the
REPO
environment variable, or as automatically determined by thegh
command), - add a corresponding secret.
create-check-spelling-deploy-key.sh
:
#!/bin/sh
# create-check-spelling-deploy-key.sh
set -e
REPO=${REPO:-$(gh repo view --json 'nameWithOwner' -q .nameWithOwner)}
SECRET_NAME=${SECRET_NAME:-CHECK_SPELLING}
scratch=$(mktemp -d)
ssh-keygen -f "$scratch/check-spelling" -q -N "" -C "check-spelling key for $REPO"
gh repo deploy-key add "$scratch/check-spelling.pub" -R "$REPO" -w -t 'check-spelling-talk-to-bot'
cat "$scratch/check-spelling" | gh secret -R "$REPO" set "$SECRET_NAME"
rm -rf "$scratch"
- Run
create-check-spelling-deploy-key.sh
from the repository to which you want to add the key (or useREPO=...
to specify it). - In the
update
job of the.github/workflows/spelling.yml
workflow, add a reference to the secret created by the script:
update:
name: Update PR
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
if: ${{
github.event_name == 'issue_comment' &&
github.event.issue.pull_request &&
contains(github.event.comment.body, '@check-spelling-bot apply')
}}
concurrency:
group: spelling-update-${{ github.event.issue.number }}
cancel-in-progress: false
steps:
- name: checkout
uses: actions/checkout@v2
+ with:
+ ssh-key: "${{ secrets.CHECK_SPELLING }}"
- name: check-spelling
uses: check-spelling/check-spelling@main
with:
experimental_apply_changes_via_bot: 1
Improvements in v0.0.21
The advice is now tailored to based on the workflow configuration.