#gitops (2023-08)

Discuss continuous delivery of infrastructure

Archive: https://archive.sweetops.com/gitops/



Alex avatar

My company has dozens of application repos in with GitHub action pipelines push changes to other GitOps repos. I.e. Repo A1 pushes to repo A2, B1 > B2, C1 > C3, etc. What are the best practices for allowing application repos write access? We are thinking of either a) Use deploy keys. Each GitOps repo gets a unique key and then we add it as a secret to a corresponding app repo. b) Create a GitHub application and install it into every GitOps repo. And then add its private key to all application repos as a secret. This creates a problem with the key being exposed to many repositories though. As a workaround, we can create a microservice to dynamically generate GitHub installation tokens and never expose the key itself.