diff --git a/README.md b/README.md index 397c53b..cb604a5 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ jobs: name: "Bump version and create changelog with commitizen" steps: - name: Check out - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 token: "${{ secrets.GITHUB_TOKEN }}" @@ -66,7 +66,8 @@ jobs: | Name | Description | Default | | ------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | -| `github_token` | Token for the repo. Can be passed in using `${{ secrets.GITHUB_TOKEN }}` **required** | - | +| `github_token` | Token for the repo. Can be passed in using `${{ secrets.GITHUB_TOKEN }}`. Required if `use_ssh: false` | - | +| `use_ssh` | Set to true if ssh-key has been configured for the `actions/checkout` | `false` | | `dry_run` | Run without creating commit, output to stdout | false | | `repository` | Repository name to push. Default or empty value represents current github repository | current one | | `branch` | Destination branch to push changes | Same as the one executing the action by default | @@ -94,6 +95,37 @@ jobs: The new version is also available as an environment variable under `REVISION` or you can access using `${{ steps.cz.outputs.version }}` +## Using SSH with deploy keys + +1. Create a [deploy key](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys) (which is the SSH **public key**) +2. Add the **private key** as a [Secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) in your repository, e.g: `COMMIT_KEY` +3. Set up your action + +```yaml +name: Bump version + +on: + push: + branches: + - main + +jobs: + bump-version: + if: "!startsWith(github.event.head_commit.message, 'bump:')" + runs-on: ubuntu-latest + name: "Bump version and create changelog with commitizen" + steps: + - name: Check out + uses: actions/checkout@v3 + with: + fetch-depth: 0 + ssh-key: '${{ secrets.COMMIT_KEY }}' + - name: Create bump and changelog + uses: commitizen-tools/commitizen-action@master + with: + use_ssh: true +``` + ## Troubleshooting ### Other actions are not triggered when the tag is pushed diff --git a/action.yml b/action.yml index 521b253..546a303 100644 --- a/action.yml +++ b/action.yml @@ -36,7 +36,11 @@ inputs: required: false github_token: description: 'Token for the repo. Can be passed in using $\{{ secrets.GITHUB_TOKEN }}' - required: true + required: false + use_ssh: + description: 'Set to true if ssh-key has been configured for the actions/checkout' + required: false + default: "false" repository: description: 'Repository name to push. Default or empty value represents current github repository (${GITHUB_REPOSITORY})' default: '' diff --git a/entrypoint.sh b/entrypoint.sh index 8ed659a..3a33dad 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -6,8 +6,8 @@ set -e gpg --version git --version -if [[ -z $INPUT_GITHUB_TOKEN ]]; then - echo 'Missing input "github_token: ${{ secrets.GITHUB_TOKEN }}".' >&2 +if [[ -z $INPUT_GITHUB_TOKEN && $INPUT_USE_SSH != "true" ]]; then + echo 'Missing input "github_token: ${{ secrets.GITHUB_TOKEN }}" or "use_ssh", choose one.' >&2 exit 1 fi @@ -92,6 +92,10 @@ if [[ $INPUT_PUSH == 'true' ]]; then if [[ $INPUT_MERGE != 'true' && $GITHUB_EVENT_NAME == 'pull_request' ]]; then echo "Refusing to push on pull_request event since that would merge the pull request." >&2 echo "You probably want to run on push to your default branch instead." >&2 + elif [[ $INPUT_USE_SSH == "true" ]]; then + echo "Pushing to branch using SSH..." + REMOTE_REPO="git@github.com:${INPUT_REPOSITORY}.git" + git push "$REMOTE_REPO" "HEAD:${INPUT_BRANCH}" --tags else echo "Pushing to branch..." REMOTE_REPO="https://${GITHUB_ACTOR}:${INPUT_GITHUB_TOKEN}@github.com/${INPUT_REPOSITORY}.git"