mariobehling
commented
8 years ago Pablo suggests: the simplest/fastest solution I could suggest is to keep the Spreadsheet URL in a config file and do not push the config into a public Git repo.
Closed mariobehling closed 8 years ago
mariobehling
commented
8 years ago Pablo suggests: the simplest/fastest solution I could suggest is to keep the Spreadsheet URL in a config file and do not push the config into a public Git repo.
niranjan94
commented
8 years ago Users with write access to the repo can set a secret environment variable at https://travis-ci.org/OpenTechSummit/open-event-orga-server/settings .
We can set the API key there and refer the environment variable in our script.
mananwason
commented
8 years ago @mariobehling We can basically create a config file which will contain the sheet Id (Without which the sheet can't be accessed), add the config file to gitignore and import it in scraper.py. Then we can just share the file over drive to the relevant people. As for automation, we can store this file on heroku with only people having access to heroku able to see it. I think this should solve the problem.
championswimmer
commented
8 years ago travis encrypt GDOCS_SHEET_URL=https://.....
That should do it if I am not wrong? If we agree on that, I'll put a PR with this method On 02-May-2016 21:07, "Manan Wason" notifications@github.com wrote:
@mariobehling https://github.com/mariobehling We can basically create a config file which will contain the sheet Id (Without which the sheet can't be accessed), add the config file to gitignore and import it in scraper.py. Then we can just share the file over drive to the relevant people. As for automation, we can store this file on heroku with only people having access to heroku able to see it. I think this should solve the problem.
— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/OpenTechSummit/2016.opentechsummit.net/issues/48#issuecomment-216270298
mariobehling
commented
8 years ago @niranjan94 @championswimmer @mananwason It all sounds good. All we need is a method that works. We do not want to test if it works or not on the live repo. Please show us that is works and make a PR then.
championswimmer
commented
8 years ago Closing this, as we have had a private SHEET_ID already now for a long time.
The discussion so far below. Let's follow up here.
@SaptakS @championswimmer is there any way to allow access to the spreadsheet only to registered users and still have a working scraper? Could we somehow let the scraper run through a google account authentication? The problem is that currently all private data is public too. @leto waves
Arnav Gupta @championswimmer Apr 27 18:54 @mariobehling i am trying to see if that's possible. even if it is. Some api key must be stored (not on github) with the script to work I guess that'll be an acceptable solution
Duke Leto @leto Apr 27 18:56 @championswimmer you can read in the API key from an environment variable
Arnav Gupta @championswimmer Apr 27 18:57 It's possible https://mashe.hawksey.info/2015/10/setting-up-oauth2-access-with-google-apps-script-blogger-api-example/
Saptak Sengupta @SaptakS Apr 27 18:58 But how would this API key available to travis.yml? If it is not stored in github, won't the travis.yml have problem creating index.html and storing it in 2016.opentechsummit.net ?
Duke Leto @leto Apr 27 18:59 travis shouldn't be using a production API key, I would think @SaptakS which .travis.yml are you talking about? I haven't seen it
Saptak Sengupta @SaptakS Apr 27 19:01 Travis is used to auto generate the index.html for the page after scraping data from spreadsheet.. So if we have an API authentication, I guess that API key should be available to build.sh which is being run by travis.yml.. @leto the travis.yml in open-event-scraper runs the build.sh file which does all the scraping.. So, for the scraping to be done automatically, even if we use API authentication, won't it need to be aware of the key?
Niranjan Rajendran @niranjan94 Apr 27 19:02 Travis allows us to set environment variables at https://travis-ci.org ... maybe that could be used ?
Duke Leto @leto Apr 27 19:02 what is this "secure" token in .travis.yml? https://github.com/fossasia/open-event-scraper/blob/master/.travis.yml because it isn't that secure....
Niranjan Rajendran @niranjan94 Apr 27 19:04 @leto Check this out ... https://docs.travis-ci.com/user/encryption-keys/ This explains the secure
Duke Leto @leto Apr 27 19:06 ok, now I see. so that is the GH_TOKEN, encrypted seems like we could use the same thing to store another api key
Niranjan Rajendran @niranjan94 Apr 27 19:07 Yep.
Arnav Gupta @championswimmer Apr 27 19:10 yeah. using the travis ruby gem, it's easy to make encrypted tokens can be used to save any secret env variables we'll use that for the API key