docs: clarify limitations of push-to-fork with restricted token
This commit is contained in:
Peter Evans
parent
88bf0de51c
commit
6c704eb7a8
1 changed files with 2 additions and 1 deletions
|
|
@ -214,8 +214,9 @@ How to use SSH (deploy keys) with create-pull-request action:
|
||||||
|
|
||||||
Instead of pushing pull request branches to the repository you want to update, you can push them to a fork of that repository.
|
Instead of pushing pull request branches to the repository you want to update, you can push them to a fork of that repository.
|
||||||
This allows you to employ the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) by using a dedicated user acting as a [machine account](https://docs.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements).
|
This allows you to employ the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) by using a dedicated user acting as a [machine account](https://docs.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements).
|
||||||
This user has no access to the main repository.
|
This user only has `read` access to the main repository.
|
||||||
It will use their own fork to push code and create the pull request.
|
It will use their own fork to push code and create the pull request.
|
||||||
|
Note that if you choose to use this method (not give the machine account `write` access to the repository) the following inputs cannot be used: `labels`, `assignees`, `reviewers`, `team-reviewers` and `milestone`.
|
||||||
|
|
||||||
1. Create a new GitHub user and login.
|
1. Create a new GitHub user and login.
|
||||||
2. Fork the repository that you will be creating pull requests in.
|
2. Fork the repository that you will be creating pull requests in.
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue