update input descriptions in adr

2025-10-31 10:08:37 +08:00 · 2020-03-19 10:06:47 -04:00 · 2020-03-19 10:06:47 -04:00 · 2b9e015a77
commit 2b9e015a77
parent 9a3a9ade82
1 changed files with 25 additions and 6 deletions
--- a/adrs/0153-checkout-v2.md
+++ b/adrs/0153-checkout-v2.md
@ -29,14 +29,26 @@ We want to take this opportunity to make behavioral changes, from v1. This docum
    description: >
      Personal access token (PAT) used to fetch the repository. The PAT is configured
      with the local git config, which enables your scripts to run authenticated git
-      commands. The post-job step removes the PAT. [Learn more about creating and using
-      encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
+      commands. The post-job step removes the PAT.
+
+
+      We recommend using a service account with the least permissions necessary.
+      Also when generating a new PAT, select the least scopes necessary.
+
+
+      [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
    default: ${{ github.token }}
  ssh-key:
    description: >
-      SSH key used to fetch the repository. SSH key is configured with the local
+      SSH key used to fetch the repository. The SSH key is configured with the local
      git config, which enables your scripts to run authenticated git commands.
-      The post-job step removes the SSH key. [Learn more about creating and using
+      The post-job step removes the SSH key.
+
+
+      We recommend using a service account with the least permissions necessary.
+
+
+      [Learn more about creating and using
      encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
  ssh-known-hosts:
    description: >
@ -44,7 +56,10 @@ We want to take this opportunity to make behavioral changes, from v1. This docum
      SSH keys for a host may be obtained using the utility `ssh-keyscan`. For example,
      `ssh-keyscan github.com`. The public key for github.com is always implicitly added.
  ssh-strict:
-    description: 'Whether to perform strict host key checking'
+    description: >
+      Whether to perform strict host key checking. When true, adds the options `StrictHostKeyChecking=yes`
+      and `CheckHostIP=no` to the SSH command line. Use the input `ssh-known-hosts` to
+      configure additional hosts.
    default: true
  persist-credentials:
    description: 'Whether to configure the token or SSH key with the local git config'
@ -64,7 +79,11 @@ We want to take this opportunity to make behavioral changes, from v1. This docum
    description: >
      Whether to checkout submodules: `true` to checkout submodules or `recursive` to
      recursively checkout submodules.
-    default: 'false'
+
+
+      When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
+      converted to HTTPS.
+    default: false
 ```

 Note: