From 275ddfdf4bbd923036403b40cafa131e202e2635 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Wed, 27 May 2020 13:32:07 +0200
Subject: [PATCH] bin/autoresolve: Use ssh

---
 .github/workflows/automatic-resolve.yml |  1 +
 bin/autoresolve                         | 17 ++++-------------
 2 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/automatic-resolve.yml b/.github/workflows/automatic-resolve.yml
index b035150b..b7b3efda 100644
--- a/.github/workflows/automatic-resolve.yml
+++ b/.github/workflows/automatic-resolve.yml
@@ -22,6 +22,7 @@ jobs:
       - name: Checkout code base
         uses: actions/checkout@v2
         with:
+          ssh-key: ${{ secrets.ICINGABOT_SSHKEY }}
           ref: ${{ github.head_ref }}
           fetch-depth: 0
 
diff --git a/bin/autoresolve b/bin/autoresolve
index da8f6111..0c93ce60 100755
--- a/bin/autoresolve
+++ b/bin/autoresolve
@@ -5,7 +5,6 @@
 : "${ICINGABOT_TOKEN:=}"
 
 RE_IS_CONFLICTING="^UU (.*)"
-RE_HTTPS_REPO_URL="^https://(.*)"
 RE_IS_SOURCE_CATALOG="^UU src/([a-z]{2}_[A-Z]{2})/LC_MESSAGES/icinga.po"
 RE_LABEL="automatic conflict resolution \(UTC([-+][0-9])?\)"
 
@@ -25,7 +24,7 @@ query {
           maintainerCanModify
           headRefName
           headRepository {
-            url
+            sshUrl
           }
           comments(first: 100) {
             totalCount
@@ -208,7 +207,7 @@ for (( i = 0; i < $TOTAL_PULL_REQUESTS; i++ )); do
 
   PR_AUTHOR=$(read_json_var "$PULL_REQUESTS" .[$i].node.author.login)
   PR_BRANCH=$(read_json_var "$PULL_REQUESTS" .[$i].node.headRefName)
-  PR_REPO=$(read_json_var "$PULL_REQUESTS" .[$i].node.headRepository.url)
+  PR_REPO=$(read_json_var "$PULL_REQUESTS" .[$i].node.headRepository.sshUrl)
 
   echo "Resolving pull request #$PR_NUMBER (Author: $PR_AUTHOR, Branch: $PR_BRANCH, Repo: $PR_REPO)"
 
@@ -256,15 +255,7 @@ for (( i = 0; i < $TOTAL_PULL_REQUESTS; i++ )); do
 
   echo "Successfully resolved pull request #$PR_NUMBER. Pushing the changes now"
 
-  # Set an upstream push url with credentials
-  [[ "$PR_REPO" =~ $RE_HTTPS_REPO_URL ]]
-  git remote set-url --push $PR_AUTHOR "https://$ICINGABOT_TOKEN@${BASH_REMATCH[1]}"
-
   # Push the new changes
-  git push $PR_AUTHOR pull/$PR_NUMBER:$PR_BRANCH 2>/dev/null || rc=$?
-  if [ -n "$rc" ] && [ "$rc" -gt 0 ]; then
-    echo "Unable to push changes to '$PR_AUTHOR/$PR_BRANCH'"
-  else
-    send_success_message "$PR_ID"
-  fi
+  git push $PR_AUTHOR pull/$PR_NUMBER:$PR_BRANCH
+  send_success_message "$PR_ID"
 done