search

HumanCompatibleAI / adversarial-policies

Find best-response to a fixed policy in multi-agent RL
MIT License
275 stars 47 forks source link

Avoid leaking license keys #19

Closed AdamGleave closed 5 years ago

AdamGleave commented 5 years ago

Docker stores build ARG in caching layer, which leaks URL to a license key when we upload the image. This is despite us explicitly deleting the key.

I've resolved this by making an empty license key file during build. The real key is only passed in when running the container.

I also upgraded us to MuJoCo 2.x for aprl branch. This could probably have been done in a separate PR, but I recalled having issues with 1.5.x installation if you didn't give it a real license key (hence the initial setup). I can't reproduce that problem, though, so I might be wrong or it could have been fixed in a minor release.

codecov[bot] commented 5 years ago

Codecov Report

:exclamation: No coverage uploaded for pull request base (master@0e52bf3). Click here to learn what that means. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master      #19   +/-   ##
=========================================
  Coverage          ?   58.28%           
=========================================
  Files             ?       57           
  Lines             ?     4893           
  Branches          ?        0           
=========================================
  Hits              ?     2852           
  Misses            ?     2041           
  Partials          ?        0
Flag Coverage Δ
#aprl 10.85% <ø> (?)
#modelfree 51.31% <ø> (?)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 0e52bf3...6c1bd21. Read the comment docs.

AdamGleave commented 5 years ago

Somehow Travis never tested master after the most recent merge so codecov is confused, but this shouldn't change coverage (we've not changed any actual source files).

AdamGleave commented 5 years ago

Just so I understand, is the pattern now to pass in either the URL or the key itself when running the Docker container, because the python library won't have been built using it?

We always need the key when running the library, whether or nor it was built with it. We are, as before, running the container with --env MUJOCO_KEY=... set to the URL.

The difference is before we were also passing it in via a --build-arg, and the key was downloaded before installing mujoco_py, and then deleted afterwards. We're now just making an empty file which is enough to make (recent versions) of mujoco_py build.