pdaire
commented
10 years ago @kinlane this is my comment that is missing in your post.
Open pdaire opened 10 years ago
pdaire
commented
10 years ago @kinlane this is my comment that is missing in your post.
kinlane
commented
10 years ago Great thoughts on this subject. Right in line with what I was working towards with many of my prototypes that run on Github.
This is all a work in progress for me and seeing where I can push the boundaries. So far here is what I have.
You can create a repository on Github. You can make the repository private. You can then make a Github Pages for that repository which is public.
Now this gives you two branches to work with, one that is private and purely storage, and one that is public and will run HTML, JS and CSS with a domain pointed at it.
This opens up a lot of possibilities, which I tested out in the stealth launch of my apicommons.org project. The entire site runs on Github, but I needed to keep private until the launch date yesterday. Here is the story of how I pulled this together - http://kinlane.com/2013/11/06/private-web-application-running-on-github/
Basically you can have all your private data in the private repo. But you need an oAuth key to get at it.
So you have to either provide users with a private link that contains an oAuth key, or you use native Github oAuth and make sure a users github account is added to the Github repo as a collaborator or team member. depending on the account setup. Then I use oAuth.io to handle the oAuth flow using JS. Either way the oAuth key is the "key" to unlock the private repo data and make it show in the public site / app.
That is as far as I've pushed it. It has allowed me to build apps that run 100% on Github. Should work for your purposes. Where anyone who could fork the github or execute would either have to be added as a collaborator or given an OAuth key via email or private invite of some sort.
I hope that helps...I think I got your motivations, and happy to help talk through more to bring into focus.
These types of application implementations that run 100% on Github, or even 90% with API hooks to private APIs I think is the future of Civic apps.
Happy to discuss more.
pdaire
commented
10 years ago thank you for your answer... we'll be chewing it for a while. My only concern is that private repos are paid, so it creates a barrier for our audience, it is a cheap barrier but will try a little bit harder to keep it free for civic groups.
I was thinking in creating a widget of the messaging tool (writeit) that do all the work instead of pushing through the API from github page (the exact same way that disqus works)
we'll keep an eye in your projects, they look very interesting.
best pedro
On Wed, Nov 6, 2013 at 7:24 PM, Kin Lane notifications@github.com wrote:
Great thoughts on this subject. Right in line with what I was working towards with many of my prototypes that run on Github.
This is all a work in progress for me and seeing where I can push the boundaries. So far here is what I have.
You can create a repository on Github. You can make the repository private. You can then make a Github Pages for that repository which is public.
Now this gives you two branches to work with, one that is private and purely storage, and one that is public and will run HTML, JS and CSS with a domain pointed at it.
This opens up a lot of possibilities, which I tested out in the stealth launch of my apicommons.org project. The entire site runs on Github, but I needed to keep private until the launch date yesterday. Here is the story of how I pulled this together - http://kinlane.com/2013/11/06/private-web-application-running-on-github/
Basically you can have all your private data in the private repo. But you need an oAuth key to get at it.
So you have to either provide users with a private link that contains an oAuth key, or you use native Github oAuth and make sure a users github account is added to the Github repo as a collaborator or team member. depending on the account setup. Then I use oAuth.io to handle the oAuth flow using JS. Either way the oAuth key is the "key" to unlock the private repo data and make it show in the public site / app.
That is as far as I've pushed it. It has allowed me to build apps that run 100% on Github. Should work for your purposes. Where anyone who could fork the github or execute would either have to be added as a collaborator or given an OAuth key via email or private invite of some sort.
I hope that helps...I think I got your motivations, and happy to help talk through more to bring into focus.
These types of application implementations that run 100% on Github, or even 90% with API hooks to private APIs I think is the future of Civic apps.
Happy to discuss more.
— Reply to this email directly or view it on GitHubhttps://github.com/ciudadanointeligente/pokeit/issues/1#issuecomment-27920037 .
here I go again. I arrived to your post looking for some help regarding keeping private some parts of a github page. Your post isn't what I was looking for but it's by far the closest one, so I will tell you my need, just in case. I work in Ciudadanointeligente.org developing civic webtools. We are trying to create a super light campaigning tool. We want to create a basic github page that allow people to harass public persons (decision makers) through different channels (e-mail, twitter, sms, etc). We already have a service that store profile information and another service for messaging. We intended that users (some other ngo's) could fork the repo in order to create a new -custom- campaigning site, and create a list of people of their interest in the profile service a create a intance in the messaging service a connect both services into the github page. That's easy now. the thing is that the messaging service will be receiving messages through the API from the github page, so the API key should be in the repo (public) a that could be risky because some bad guy could take that info and make some misuse of the tool pretending to be the site of the ngo. so my question is if you know any way to keep private some values like the api key, maybe in the github account setting of the owner of the fork, or in some other way that we haven't thought. thank you in advance!