From 767ac1de1087c0a1b82e25f89c2519d5c8c7e9a0 Mon Sep 17 00:00:00 2001 From: Austin Shalit Date: Mon, 4 Jan 2021 15:21:47 -0800 Subject: [PATCH] [build] Use deploy key for doc publish (#3048) This allows us to limit the scope of personal access tokens --- .github/workflows/documentation.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index cdeb44dbda..d3220f431f 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -9,11 +9,12 @@ jobs: publish: name: "Documentation - Publish" runs-on: ubuntu-latest - if: github.repository_owner == 'wpilibsuite' + if: github.repository_owner == 'wpilibsuite' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) steps: - uses: actions/checkout@v2 with: fetch-depth: 0 + persist-credentials: false - uses: actions/setup-java@v1 with: java-version: 13 @@ -33,10 +34,14 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, 'alpha') && !contains(github.ref, 'beta') - name: Build with Gradle run: ./gradlew docs:generateJavaDocs docs:doxygen -PbuildServer ${{ env.EXTRA_GRADLE_ARGS }} + - name: Install SSH Client 🔑 + uses: webfactory/ssh-agent@v0.4.1 + with: + ssh-private-key: ${{ secrets.GH_DEPLOY_KEY }} - name: Deploy Java 🚀 uses: JamesIves/github-pages-deploy-action@3.7.1 with: - ACCESS_TOKEN: ${{ secrets.GH_PAT }} + SSH: true REPOSITORY_NAME: wpilibsuite/wpilibsuite.github.io BRANCH: main CLEAN: true @@ -45,7 +50,7 @@ jobs: - name: Deploy C++ 🚀 uses: JamesIves/github-pages-deploy-action@3.7.1 with: - ACCESS_TOKEN: ${{ secrets.GH_PAT }} + SSH: true REPOSITORY_NAME: wpilibsuite/wpilibsuite.github.io BRANCH: main CLEAN: true