From: Petr Vorel <pvorel@suse.cz>
To: Richard Palethorpe <rpalethorpe@suse.de>
Cc: ltp@lists.linux.it, Aleks L <aleksandrosansan@gmail.com>
Subject: Re: [LTP] [PATCH v2 1/1] ci: Add hook to mirror docparse to homepage
Date: Tue, 13 Dec 2022 20:18:38 +0100 [thread overview]
Message-ID: <Y5jQDt7A/VmUZp9G@pevik> (raw)
In-Reply-To: <87bko7sinw.fsf@suse.de>
Hi Richie,
first, thank you for your review!
> Hello,
> Petr Vorel <pvorel@suse.cz> writes:
> > GitHub Actions git push hook generates metadata HTML and push it
> > to LTP homepage.
> > Hook pushes only if there are actual changes in generated doc.
> IIUC we have to do most of the work to generate the meta data, but then
> don't push it if there is no diff?
> What are we saving with this optimisation?
This saves number of commits which will change nothing.
Because the page itself has also other changes for the web page itself,
which will be buried with these changes.
But sure, I'll remove this check, if considered useless.
If your comment is about to do the detection earlier,
I'd have to do some smart 'git diff'. Could be done with:
git diff $old_commit testcases/ | grep '^+ \* '
in step "Check metadata need to be updated"
(i.e. after both checkouts).
> > NOTE: this change requires to add:
> > 1) Personal Access Token (PAT) to any developer which has write access
> > to homepage git repository [3]. In Developer settings -> Personal access
> > tokens -> Tokens (classic) [4]), where set:
> > Note: GH_PERSONAL_ACCESS_TOKEN
> > Select scopes: public_repo (minimal permission)
> > Expiration: either never or regularly renew.
> > 2) Allow PAT in LTP organisation (I dared to already set it)
> > Iin linux-test-project group -> Settings -> Third-party Access -> Personal
> > access tokens -> Settings [5]
> > select:
> > Allow access via personal access tokens (classic)
> > API and Git access will be allowed using an organization member's personal access token (classic)
> > 3) Add repository action secret to ltp repository
> > IN Settings -> Actions -> New repository secret [6]:
> > name: GH_PERSONAL_ACCESS_TOKEN
> > value: the value of previously created token.
> > Because using token, default permission is just read.
> This seems like a very convoluted process. Can't we just put the
> metadata generation in the docs build and upload the assets as usual?
> I've never had to use a PAT to deploy a github page.
Do you mean to have this Action in linux-test-project.github.com git repo?
What would trigger the build? Some kind of cron behavior?
Using PAT is a weak point thus I'm really open to other solutions.
...
> > +++ b/.github/workflows/metadata-mirror.yml
...
> > + steps:
> > + - name: Check secret
> > + env:
> > + GH_PERSONAL_ACCESS_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
> > + run: |
> > + if [ -z "$GH_PERSONAL_ACCESS_TOKEN" ]; then
> > + echo "::error::GH_PERSONAL_ACCESS_TOKEN environment variable is not set"
> > + exit 1
> > + fi
> Do we not trust Github to set an env variable?
If I delete my PAT, this will catch it. Of course error message could be
improved.
...
> > + - name: Push generated html metadata to LTP homepage
> > + env:
> > + GH_PERSONAL_ACCESS_TOKEN: ${{
> > secrets.GH_PERSONAL_ACCESS_TOKEN }}
> Why put a credential in an env variable anyway? Can we not simply write
> ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} below?
I can test if it's supported inside "run:", but github hides env content,
thus no big deal to use env. See:
https://github.com/foo-pevik/ltp_foo/actions/runs/3660784474
GH_PERSONAL_ACCESS_TOKEN: ***
https://github.com/foo-pevik/ltp_foo/actions/runs/3660784474/jobs/6188315802
GH_PERSONAL_ACCESS_TOKEN: ***
(Hidden on all places.)
> > + run: |
...
> > + printf "metadata.nightly.html: Update to $commit\n\nUpdate metadata.nightly.html to $commit_desc\n" > /tmp/msg
> > + git commit -F /tmp/msg .
> > +
> > + echo "::notice::GH_PERSONAL_ACCESS_TOKEN: $GH_PERSONAL_ACCESS_TOKEN"
> Won't this print your PAT for the world to use?
No (described above, see the links of actual run).
> > + git push
> > https://${GH_PERSONAL_ACCESS_TOKEN}@github.com/linux-test-project/linux-test-project.github.com.git
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2022-12-13 19:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-09 14:10 [LTP] [PATCH v2 1/1] ci: Add hook to mirror docparse to homepage Petr Vorel
2022-12-09 21:17 ` Petr Vorel
2022-12-12 7:54 ` Petr Vorel
2022-12-13 9:59 ` Richard Palethorpe
2022-12-13 19:18 ` Petr Vorel [this message]
2022-12-15 8:45 ` Richard Palethorpe
2023-03-23 7:30 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y5jQDt7A/VmUZp9G@pevik \
--to=pvorel@suse.cz \
--cc=aleksandrosansan@gmail.com \
--cc=ltp@lists.linux.it \
--cc=rpalethorpe@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox