Yunchi Luo

It turns out that setting `ssh-key` on the checkout command only impacts git commands run on the current repo. It does not change `git clone` behavior. I tested a different...

It seems like `${{ secrets.DEPLOY_SSH_KEY }}` is not resolving. Can you double-check the config for me? It looks like this in my test repo

Ah good catch! That's going to be a problem 😕 I believe the deploy key only grants read-only access to the repo, basically what's already available to everyone. How about...

Ah, another option I just found. The `pull_request_target` hook for GitHub actions was added for the purpose of allowing forks to access secrets. This adds some security concerns that GitHub...

Had a chat with @KnVerey about these options. ### Concerns about `pull_request_target`: From @KnVerey > - By default, the Github token the flow runs with will have write permissions to...

@KnVerey I've updated the PR with `pull_request_target`

Summarizing some offline conversation with @KnVerey Only ssh keys belonging to valid github users can clone from github, even for public repos. [Deploy Key](https://docs.github.com/en/developers/overview/managing-deploy-keys) provides an alternative if one only...

@KnVerey we also discussed removing anna's repo from the tests since we only want to clone this repo. I took a look. It’s being used as an example of a...

There are a few of them, here's one https://github.com/kubernetes-sigs/kustomize/blob/416eed97c49aa8e9ea44d627c15dafd395b61739/api/krusty/remoteload_test.go#L132-L137. You can find the rest if you search `annasong20` in that file.

@annasong20 @KnVerey can this be closed?