Skip to content

ci: protect deploy key behind an environment #1465

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mschoettle merged 10 commits into from
Jan 7, 2026
Merged

ci: protect deploy key behind an environment #1465

mschoettle merged 10 commits into from
Jan 7, 2026

Conversation

@mschoettle
Copy link
Member

@mschoettle mschoettle commented Dec 17, 2025
edited
Loading

Use an environment secret to protect the SSH deploy key that is allowed to write to the repo (and bypass the branch protection on main).

@mschoettle mschoettle deployed to semantic-release December 18, 2025 15:36 — with GitHub Actions Active
@mschoettle
Copy link
Member Author

mschoettle commented Jan 5, 2026

@staceybeard Let's continue with this. Can you have a look and if you agree, I will get it ready for review?

@staceybeard
Copy link
Member

staceybeard commented Jan 5, 2026

@staceybeard Let's continue with this. Can you have a look and if you agree, I will get it ready for review?

Looks good to me. My only thought is about what to call the environment (currently semantic-release). Would we also want a prod env eventually to limit store deployment? If yes, would they conflict? But we can cross that bridge when we get to it.

@mschoettle mschoettle force-pushed the ms/protect-deploy-key branch from 8727b65 to e9df62d Compare January 6, 2026 19:10
@mschoettle mschoettle marked this pull request as ready for review January 6, 2026 19:14
@mschoettle mschoettle requested a review from staceybeard January 6, 2026 19:14
staceybeard
staceybeard approved these changes Jan 7, 2026
View reviewed changes
Copy link
Member

@staceybeard staceybeard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@mschoettle
Copy link
Member Author

mschoettle commented Jan 7, 2026

Looks good to me. My only thought is about what to call the environment (currently semantic-release). Would we also want a prod env eventually to limit store deployment? If yes, would they conflict? But we can cross that bridge when we get to it.

Good question. I don't know :) Let's see when we get there.

@mschoettle mschoettle merged commit e1d32ff into main Jan 7, 2026
5 checks passed
@mschoettle mschoettle deleted the ms/protect-deploy-key branch January 7, 2026 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@staceybeard staceybeard staceybeard approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mschoettle @staceybeard