Setup
Note
Summary: choose between one of the two authentication methods which needs to be set up before using the GitHub Action: SSH deploy keys (recommended) or Personal Access Token (probably easier to setup). Then follow the setup example.
SSH_DEPLOY_KEY
Vs. API_TOKEN_GITHUB
The Action, entirely executed in your GitHub continuous integration environment, needs to be able to push to the destination repository.
There are two options that give permission for the Action (that executes in your workflow) to push to the destination repository:
Using SSH deploy keys: This key is restricted to the destination repository only (recommended)
Using GitHub Personal Access Token: The Token has access to all your repositories
Using the Personal Access Token, someone with write access to your repository or to this Action, could technically add code to leak the Token. Thus, it is recommended to use the SSH deploy key method to minimise the impact if this were to happen.
Initially, this Action only used the Personal Access Token method. It still supports both methods to maintain backwards compatibility.
Setup using SSH deploy keys
Refer to the section Using SSH deploy keys. Not needed if you chose to use the Personal Access Token setup.
Setup using Personal Access Token
Refer to the section Using GitHub Personal Access Token. Not needed if you chose to use the SSH deploy keys.
Write your .github/workflow/ci.yml
Refer to Setup example.