Find a better way to upload SSH pubkeys to GitHub
marcus-grant opened this issue · 1 comments
The way we currently add SSH pubkeys through the GH client is way to complex for what it is, and requires feeding new tokens to the role every time testing happens after the token expires. AS IT SHOULD. Try using the GitHub API with an SSH only token and using either curl or ansible uri module tasks to upload the key instead. If it doesn't help much then this task should probably just become its own play to be run once before the rest of this role when it's placed in a regular playbook, kind of like the init.yml play you run on cloud servers.
One option is to simply control a local instance of gh to upload SSH keys from the controller as a handler task after generating a git ssh key on the remote. This fulfills the web of trust concept it just needs to have a way to indicate whether the controller is actually capable of it and if it's something that's actually desired