diff options
| author | Drew DeVault <sir@cmpwn.com> | 2019-04-11 17:28:39 -0400 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2019-04-11 17:28:39 -0400 |
| commit | 9d3d07468a962ac70c2d54f9c8ae79bff52fe82f (patch) | |
| tree | b235c37276aef662bffb068100d5b455e6986df4 | |
| parent | a5fb4e2ec21ed4647cf7bacd39b3081027569fb9 (diff) | |
| download | sr.ht-docs-9d3d07468a962ac70c2d54f9c8ae79bff52fe82f.tar.gz | |
Add docs for private repo builds
| -rw-r--r-- | builds.sr.ht/private-repos.md | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/builds.sr.ht/private-repos.md b/builds.sr.ht/private-repos.md new file mode 100644 index 0000000..9231517 --- /dev/null +++ b/builds.sr.ht/private-repos.md @@ -0,0 +1,25 @@ +# Private repos in builds.sr.ht jobs + +<div class="alert alert-danger"> + <strong>Warning!</strong> The list of commands run in a builds.sr.ht job, as + well as their stdout and stderr, are visible to the public - even if the job + uses a private repository. Take care not to leak any secrets this way. +</div> + +builds.sr.ht can use private repos on git.sr.ht and elsewhere, but you have to +configure each job with an SSH key that has access to your account. + +1. Generate an SSH key and [add it to your account](https://meta.sr.ht/keys) +1. Add a secret using the [secrets management page](https://builds.sr.ht/secrets) +1. Copy the secret's UUID into your build manifest's secrets list. +1. Update your sources list to use the SSH clone URL - not the https clone URL. + +The resulting build manifest should look something like this: + +```yaml +image: # ... +secrets: +- c043e12e-a297-4ece-b09c-bb5a99dc4094 +sources: +- git@git.sr.ht:~yourname/your-private-repo +``` |