On Thu, Jan 04 2018, Jeff King jotted: > On Thu, Jan 04, 2018 at 11:10:17AM +0100, Ævar Arnfjörð Bjarmason wrote: > >> That's badly explained, sorry, when I say "push" I mean "push and/or >> pull". >> >> I don't know about Github, but on Gitlab when you provision a deploy key >> and associate it with a repo it must be *globally* rw or ro, there's no >> way to on a per-repo basis say it should be rw ro. >> >> I have a job that's fetching a bunch of repos to review code in them >> (for auditing purposes). It then commits the results of that review to >> other git repos. >> >> Thus I want to have a ro key to all those reviewed repos, but rw keys to >> the audit repo itself (and it'll also pull with the rw key). > > OK, that part makes sense to me. > > But I'm not sure how your patch solves it. When you "git fetch" on the > audit repo, wouldn't your GIT_SSH_RECEIVE_COMMAND kick in and use the > wrong key? What am I missing? I add both the ro and rw key to some projects. Those are a tiny subset of the overall number.
