From 5cb7ef1f73c6118c6827f17698eb3db048caf538 Mon Sep 17 00:00:00 2001
From: Alex Waygood <Alex.Waygood@Gmail.com>
Date: Tue, 4 Oct 2022 14:13:18 -0700
Subject: [PATCH] stubsabot: use an ssh-key when checking out typeshed (#8844)

Fixes #8434.

This uses a new ssh key that @JelleZijlstra just set up for our repo ([this option](https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#push-using-ssh-deploy-keys) in Peter Evans's guide to getting checks to run on automated PRs. It seems to be a good option in terms of both security and usability. It's also the option used by `oddbird/MetaDeploy` [here](https://github.com/oddbird/MetaDeploy/blob/main/.github/workflows/upgrade-deps.yml#L20), and they seem pretty happy about it (they wrote a nice blog post about their automated PRs for uprading dependencies [here](https://www.oddbird.net/2022/06/01/dependabot-single-pull-request/).)
---
 .github/workflows/stubsabot.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/stubsabot.yml b/.github/workflows/stubsabot.yml
index 0a0756b3c..f4a1909ab 100644
--- a/.github/workflows/stubsabot.yml
+++ b/.github/workflows/stubsabot.yml
@@ -17,6 +17,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+        with:
+          # use an ssh key so that checks automatically run on stubsabot PRs
+          ssh-key: ${{ secrets.STUBSABOT_SSH_PRIVATE_KEY }}
       - uses: actions/setup-python@v4
         with:
           python-version: "3.10"