~sircmpwn/sr.ht-docs

9d3d07468a962ac70c2d54f9c8ae79bff52fe82f — Drew DeVault 2 years ago a5fb4e2
Add docs for private repo builds
1 files changed, 25 insertions(+), 0 deletions(-)

A builds.sr.ht/private-repos.md
A builds.sr.ht/private-repos.md => builds.sr.ht/private-repos.md +25 -0
@@ 0,0 1,25 @@
# Private repos in builds.sr.ht jobs

<div class="alert alert-danger">
  <strong>Warning!</strong> The list of commands run in a builds.sr.ht job, as
  well as their stdout and stderr, are visible to the public - even if the job
  uses a private repository. Take care not to leak any secrets this way.
</div>

builds.sr.ht can use private repos on git.sr.ht and elsewhere, but you have to
configure each job with an SSH key that has access to your account.

1. Generate an SSH key and [add it to your account](https://meta.sr.ht/keys)
1. Add a secret using the [secrets management page](https://builds.sr.ht/secrets)
1. Copy the secret's UUID into your build manifest's secrets list.
1. Update your sources list to use the SSH clone URL - not the https clone URL.

The resulting build manifest should look something like this:

```yaml
image: # ...
secrets:
- c043e12e-a297-4ece-b09c-bb5a99dc4094
sources:
- git@git.sr.ht:~yourname/your-private-repo
```