Git commits from gameserver userid

[davedotluebke]

When a wizard edits or uploads a file, we'd like to do a git commit on the spot - this would be kicked off by the game server, which is run by the "gameserver" userid.

Then the "gitbot" userid uses crontab to run nightly "git pull; git push" actions to pull in any changes to the core game code and to store all wizard-made changes on the production branch on github. The "gitbot" userid has permission to write to the entire game tree, unlike gameserver which can read all the game tree code but can only write to the domain directories where rank-and-file wizards will make their changes.

We specifically don't want gameserver to have git push access, since we want to limit the damage that a rogue wizard (or just incompetent wizard) can do.

Is it possible to configure git and github such that gameserver can do git commit operations, and gitbot can do git push operations?

[1Bayshore]

Here's an idea:

Have the gitbot user running a simple webserver for localhost only and on an obscure port (e.g. 6553). When it receives a request, then it will make a git commit of the specified file with the specified message. This avoids problems overwriting base game files (nobody can use this to run code as the gitbot, only tell it to make commits, and they can't change protected files as gameserver) and is relatively efficient.

In the upload function, after a wizard uploads a file, gameserver makes a POST request to localhost:6553 containing the file and commit message. gitbot commits.

IMPORTANT: The webserver code MUST make checks for base files, etc.

[rivques]

The gitbot server is now implemented. Now all we need to do is change the upload function to send a POST request with the requests module to localhost:6553.

[1Bayshore]

While this is almost working, there are still a couple of strange bugs the upload and download code. We need to do some additional testing before closing this issue.

[rivques]

I'm not sure if these are the bugs you are talking about, but here are a few:

• [ ] In console.py, the upload_file() function does not make a commit if you are replacing a file.

• [ ] #140 needs to be implemented. One thing that needs to happen is that gitbot_committer.py need to receive more information about the player (i.e. admin status). This could be done by generating a player save file but passing it to the gitbot in the POST request.

• [ ] In gitbot_comitter.py we need to add better checks around this. I have started working on this with the function check_if_dir_forbidden, but need to implement the above point first.

[1Bayshore]

This mostly works now. I'm going to close this issue, permission-specific items and other problems can be opened in their own issues.