Update deployment to use public source repository

clue · Nov 23, 2021 · 96cfe01 · 96cfe01
1 parent 96506a9
commit 96cfe01
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 25 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,29 +1,19 @@
 name: Deploy
 
-# Uses "pull_request_target" to expose the DEPLOY_KEY secret to PRs from forks in order to allow installing Framework X from a private repository.
-# We need to explicitly check out the PR head which may potentially expose the secrets to malicious PR authors.
-# Accordingly, we use the DEPLOY_KEY only to clone Framework X and then discard its value before running commands from the Makefile.
-# Additionally, the DEPLOY_KEY is limited in scope may change over time.
 on:
   push:
-  pull_request_target:
-  workflow_dispatch:
+  pull_request:
 
 jobs:
   Deploy:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v2
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - run: mkdir -p ~/.ssh && echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_rsa && chmod 400 ~/.ssh/id_rsa
-      - run: git config --global user.name "GitHub Actions" && git config --global user.email "actions@github.com"
-      - run: git clone git@github.com:clue-access/framework-x.git source/
-      - run: rm -r ~/.ssh/id_rsa
-        if: ${{ github.event_name == 'pull_request_target' }}
+      - run: git clone https://github.com/clue/framework-x.git source/
       - run: make
       - run: make served
       - run: make test
+      - run: git config --global user.name "GitHub Actions" && git config --global user.email "actions@github.com"
       - run: git config --global url."https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/"
       - run: make deploy
-        if: ${{ github.ref == 'refs/heads/main' && github.event_name != 'pull_request_target' }}
+        if: ${{ github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}
diff --git a/Makefile b/Makefile
@@ -10,7 +10,7 @@ build:
 	cp src/* build/src/
 
 pull:
-	test -d source/ && git -C source/ pull || git clone git@github.com:clue-access/framework-x.git source/
+	test -d source/ && git -C source/ pull || git clone git@github.com:clue/framework-x.git source/
 
 serve: build
 	docker run -it --rm -p 8080:80 -v "$$PWD"/build:/usr/local/apache2/htdocs/ httpd:2.4-alpine sh -c \

diff --git a/README.md b/README.md
@@ -15,9 +15,6 @@ You can build the website like this:
 $ make
 ```
 
-> Note that this command will clone Framework X which is currently in early access.
-  See https://github.com/clue/framework-x for more details.
-
 If you've pulled Framework X before and want to update its source code, you can
 pull an up-to-date version and rebuild the website like this:
 
@@ -72,10 +69,3 @@ The website can be automatically deployed via the GitHub Pages feature.
 Any time a commit is merged (such as when a PR is merged), GitHub actions will
 automatically build and deploy the website. This is done by running the above
 deployment script (see previous chapter).
-
-> Repository setup:
-> Note that this command will clone Framework X which is currently in early access.
-> We're using a read-only SSH deploy key for reading from this source repository.
-> Make sure the required `DEPLOY_KEY` secret is set in the repository settings on GitHub.
-> See [action documentation](https://github.com/JamesIves/github-pages-deploy-action#using-an-ssh-deploy-key-)
-> for more details.