latest 20 messages by jlk
+
[2020-03-06T20:35:05Z]
jlk
there is no standard way. Developers can use a wide array of methods to version their software.
+
[2020-02-25T17:55:39Z]
jlk
https://www.githubstatus.com/
+
[2020-01-28T21:57:23Z]
jlk
You are rebasing locally and then force pushing the results? Sounds like then you need something configured in your local git settings to sign all the rebased commits
+
[2019-10-07T17:44:17Z]
jlk
allowing everybody to create new branches in a repository would be a huge abuse venue. People could add all sorts of unsavory things to one's repository.
+
[2019-10-07T17:43:47Z]
jlk
it's necessary if you do not otherwise have write access to the original repository
+
[2019-10-07T17:42:51Z]
jlk
Birdface: you'll need to create a fork of the repository. THen you'll be able to push your branch to your fork, and from there create a pull request.
+
[2019-10-01T21:47:52Z]
jlk
I've fallen for that trap before
+
[2019-10-01T00:13:44Z]
jlk
or make use of a different secret store inside the action.
+
[2019-10-01T00:13:37Z]
jlk
playing around, I see what you mean. You'r egoing to have to decide if you trust the people you've given write access to or not.
+
[2019-10-01T00:07:38Z]
jlk
Gandalf84: you either need to trust them, or remove direct write access to only those that are trusted and ask that the others use read access to create forks and open PRs
+
[2019-10-01T00:07:12Z]
jlk
Gandalf84: anybody with write access to your repository can already read and use secrets.
+
[2019-09-30T23:20:51Z]
jlk
I think you'd want to be careful about who you grant write access to in. your repository
+
[2019-09-18T21:24:34Z]
jlk
That isn't really recorded in git metadata
+
[2019-09-17T17:44:15Z]
jlk
https://developer.github.com/v3/apps/permissions/#permission-on-issues
+
[2019-09-17T17:42:57Z]
jlk
if the're provided the right authorization to do so
+
[2019-09-17T17:42:49Z]
jlk
yes
+
[2019-09-17T17:31:56Z]
jlk
so you can't use it against another repo I believe.
+
[2019-09-17T17:31:46Z]
jlk
a GITHUB_TOKEN is a GitHub App token that's scoped to the specific repo the Action is associated with
+
[2019-09-13T16:59:34Z]
jlk
https://developer.github.com/v3/guides/managing-deploy-keys/#deploy-keys
+
[2019-09-13T16:59:04Z]
jlk
Even API calls will require authentication. SOME logged in user will have to add the public side of your key. The public side can be added as a "deploy key" which would allow for a robot or otherwise "non-account" to gain access to the code.