dcppc / uncle-archie

Uncle Archie is a home-brewed continuous integration server for pull request checks and push-to-deploy functionality. https://pages.charlesreid1.com/uncle-archie
Other
1 stars 0 forks source link

Dealing with credentials #3

Open charlesreid1 opened 6 years ago

charlesreid1 commented 6 years ago

Uncle Archie needs to run tests, and sometimes that requires credentials. So, let's talk credentials.

There are two sets of credentials that we're talking about here.

The first set of credentials are Uncle Archie's credentials - those are the Github credentials Uncle Archie uses internally to be able to access repositories (to clone them, run tests, mark things as working or broken, etc.). This requires Uncle Archie to be linked to a Github account with specific access levels. Those won't change. Those will be dependent on what we want to use Uncle Archie for (i.e., if it is for an organization, it should be using an account that can modify repositories needing CI testing). These are not the credentials we're interested in here.

The other set of credentials are test-specific credentials. Let's take an example: suppose we're testing a web application that has a user authentication layer that requires Github credentials to log in.

The easy way to test this might be to use Uncle Archie's existing credentials, but that's not a good general solution. We might want to check the web application authentication layer using multiple credentials, to test different groups or finer-grained permissions details.

We need a mechanism for providing Uncle Archie with secrets, in a secure manner.

Maybe we just create an Uncle Archie secrets file in the repo directory (that is in .gitignore)?

charlesreid1 commented 6 years ago

Use config.json to provide custom credentials with arbitrary names. Only caveat with running tests like these is, secrets need to get to UA somehow.

charlesreid1 commented 6 years ago

This is an issue now that we are opening pull requests - the commits are by @charlesreid1 but the PR is by @fp9695253

charlesreid1 commented 6 years ago

as user florence:

to redeploy:

to test, need to wait for some pull requests in organize or internal to be merged.

also, need to add mkdocs-material-dib to the whitelist

charlesreid1 commented 6 years ago

Got this working. We had a few additional tasks that we had to do:

charlesreid1 commented 6 years ago

We haven't actually tested whether commits are successfully created from the new account. For that, we'll have to wait for a submodule update.

Meanwhile, we can check that we can make commits as Florence Python...

charlesreid1 commented 6 years ago

Yes. Yes we can. https://github.com/dcppc/private-www/pull/99