浏览代码

update input descriptions in adr (#189)

eric sciple 5 年之前
父节点
当前提交
58070a9fc3
共有 1 个文件被更改,包括 25 次插入6 次删除
  1. 25 6
      adrs/0153-checkout-v2.md

+ 25 - 6
adrs/0153-checkout-v2.md

@@ -29,14 +29,26 @@ We want to take this opportunity to make behavioral changes, from v1. This docum
     description: >
     description: >
       Personal access token (PAT) used to fetch the repository. The PAT is configured
       Personal access token (PAT) used to fetch the repository. The PAT is configured
       with the local git config, which enables your scripts to run authenticated git
       with the local git config, which enables your scripts to run authenticated git
-      commands. The post-job step removes the PAT. [Learn more about creating and using
-      encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
+      commands. The post-job step removes the PAT.
+
+
+      We recommend using a service account with the least permissions necessary.
+      Also when generating a new PAT, select the least scopes necessary.
+
+
+      [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
     default: ${{ github.token }}
     default: ${{ github.token }}
   ssh-key:
   ssh-key:
     description: >
     description: >
-      SSH key used to fetch the repository. SSH key is configured with the local
+      SSH key used to fetch the repository. The SSH key is configured with the local
       git config, which enables your scripts to run authenticated git commands.
       git config, which enables your scripts to run authenticated git commands.
-      The post-job step removes the SSH key. [Learn more about creating and using
+      The post-job step removes the SSH key.
+
+
+      We recommend using a service account with the least permissions necessary.
+
+
+      [Learn more about creating and using
       encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
       encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
   ssh-known-hosts:
   ssh-known-hosts:
     description: >
     description: >
@@ -44,7 +56,10 @@ We want to take this opportunity to make behavioral changes, from v1. This docum
       SSH keys for a host may be obtained using the utility `ssh-keyscan`. For example,
       SSH keys for a host may be obtained using the utility `ssh-keyscan`. For example,
       `ssh-keyscan github.com`. The public key for github.com is always implicitly added.
       `ssh-keyscan github.com`. The public key for github.com is always implicitly added.
   ssh-strict:
   ssh-strict:
-    description: 'Whether to perform strict host key checking'
+    description: >
+      Whether to perform strict host key checking. When true, adds the options `StrictHostKeyChecking=yes`
+      and `CheckHostIP=no` to the SSH command line. Use the input `ssh-known-hosts` to
+      configure additional hosts.
     default: true
     default: true
   persist-credentials:
   persist-credentials:
     description: 'Whether to configure the token or SSH key with the local git config'
     description: 'Whether to configure the token or SSH key with the local git config'
@@ -64,7 +79,11 @@ We want to take this opportunity to make behavioral changes, from v1. This docum
     description: >
     description: >
       Whether to checkout submodules: `true` to checkout submodules or `recursive` to
       Whether to checkout submodules: `true` to checkout submodules or `recursive` to
       recursively checkout submodules.
       recursively checkout submodules.
-    default: 'false'
+
+
+      When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
+      converted to HTTPS.
+    default: false
 ```
 ```
 
 
 Note:
 Note: