From 58070a9fc3a91197fc9cbf24841ea31a2ab19980 Mon Sep 17 00:00:00 2001 From: eric sciple Date: Thu, 19 Mar 2020 10:26:00 -0400 Subject: [PATCH] update input descriptions in adr (#189) --- adrs/0153-checkout-v2.md | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/adrs/0153-checkout-v2.md b/adrs/0153-checkout-v2.md index bdc126d..b9536a5 100644 --- a/adrs/0153-checkout-v2.md +++ b/adrs/0153-checkout-v2.md @@ -29,14 +29,26 @@ We want to take this opportunity to make behavioral changes, from v1. This docum description: > Personal access token (PAT) used to fetch the repository. The PAT is configured with the local git config, which enables your scripts to run authenticated git - commands. The post-job step removes the PAT. [Learn more about creating and using - encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets) + commands. The post-job step removes the PAT. + + + We recommend using a service account with the least permissions necessary. + Also when generating a new PAT, select the least scopes necessary. + + + [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets) default: ${{ github.token }} ssh-key: description: > - SSH key used to fetch the repository. SSH key is configured with the local + SSH key used to fetch the repository. The SSH key is configured with the local git config, which enables your scripts to run authenticated git commands. - The post-job step removes the SSH key. [Learn more about creating and using + The post-job step removes the SSH key. + + + We recommend using a service account with the least permissions necessary. + + + [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets) ssh-known-hosts: description: > @@ -44,7 +56,10 @@ We want to take this opportunity to make behavioral changes, from v1. This docum SSH keys for a host may be obtained using the utility `ssh-keyscan`. For example, `ssh-keyscan github.com`. The public key for github.com is always implicitly added. ssh-strict: - description: 'Whether to perform strict host key checking' + description: > + Whether to perform strict host key checking. When true, adds the options `StrictHostKeyChecking=yes` + and `CheckHostIP=no` to the SSH command line. Use the input `ssh-known-hosts` to + configure additional hosts. default: true persist-credentials: description: 'Whether to configure the token or SSH key with the local git config' @@ -64,7 +79,11 @@ We want to take this opportunity to make behavioral changes, from v1. This docum description: > Whether to checkout submodules: `true` to checkout submodules or `recursive` to recursively checkout submodules. - default: 'false' + + + When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are + converted to HTTPS. + default: false ``` Note: