From 2f45173370be73d6a1475c18fdadaf89c54cf7a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mislav=20Marohni=C4=87?= <mislav@github.com>
Date: Mon, 13 Sep 2021 13:28:47 +0200
Subject: [PATCH] Publish docs site using a deploy key instead of PAT

I'd like to decommission SITE_GITHUB_TOKEN as it's a PAT that has write
access to all my `github/*` repositories. Instead, I've created a deploy
key that only has access to `github/cli.github.com`.

    ssh-keygen -t ed25519 -C "gh docs push" -N "" -f ~/.ssh/gh-docs-publish
    gh repo -R github/cli.github.com deploy-key add ~/.ssh/gh-docs-publish.pub

    # testing:
    GIT_SSH_COMMAND='ssh -i $HOME/.ssh/gh-docs-publish' git push ...
---
 .github/workflows/releases.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml
index 79e150113..6f9f6547a 100644
--- a/.github/workflows/releases.yml
+++ b/.github/workflows/releases.yml
@@ -33,7 +33,7 @@ jobs:
           repository: github/cli.github.com
           path: site
           fetch-depth: 0
-          token: ${{secrets.SITE_GITHUB_TOKEN}}
+          ssh-key: ${{secrets.SITE_SSH_KEY}}
       - name: Update site man pages
         env:
           GIT_COMMITTER_NAME: cli automation