Closed hansvancalster closed 2 years ago
@ThierryO , @florisvdh I think most is covered but maybe something about checklist
package can be added or about GHA?
@peterdesmet I wasn't sure who best to ask as reviewer from your team. Feel free to dispatch.
Note to self:
start with mentioning the different options, and group these options in such way that readers can just choose one of these options without having to struggle through the whole manual to figure out which steps they have to take to make it all work. In my opinion this can be done in one sentence or one alinea in 'before we start'. maybe instead of the difficult section 'modes of authentication' (with a lot of difficult terminology that is hardly explained),
shortly explain the mechanisms behind 2FA and SSH (key-value-pair with public and private key), give some examples where they use it already at INBO, and add some links for further reading. It may help some people to know what they are doing. But as not everyone may be interested, make sure they can also use the manual without it. And maybe this part can also contain advantages and disadvantages of the different options, or a link to it?
Everybody at INBO already knows about 2FA, because it is used for our Google account. Regarding SSH, the weblink you provided is added.
for the practical sections: just enumerate ALL steps that have to be done for a certain option in one list, don't expect readers to search for additional steps written in full text everywhere in the document, or figure out which parts have to be combined. For this, keep in mind that when giving git courses or in package manuals, it would be nice to be able to refer to a step-by-step guide without overload.
See the rewritten TL;DR section which has this purpose. The SSH option is still included for completeness, but is not really needed (but it's a different story for Linux users) and therefor not mentioned in the TL;DR section.
I would suggest to promote checklist as it sets the .gitignore per project.
@ThierryO See 095c785 (your comments somehow got messed up apparently)
_(copy from https://github.com/inbo/tutorials/pull/309#discussion_r865719144)_
These are two different things: 2FA is not needed, but recommended as an extra security layer next to the password when logging into github.com. AFAIK it's unrelated to git operations. See https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa.
Maybe this separation can be made more clear in the tutorial, but maybe it's clear already.
@ElsLommelen can you try out the steps in the TL;DR section of the tutorial on your machine? If you still think 2FA needs more guidance, can you document what you did to make it work (possibly including some screenshots)?
Below my notes on the installation of 2FA. I described the installation of the TOTP into detail, as this is not described at all in the manual. I leave it up to you to decide on to what detail it should be added to the manual. The github manual on 2FA is very well documented, here I only listed possible caveats and where decisions have to be made.
(I'll try logging out and back in on github now (step 10), after which I'll continue your TL;DR section, so other comments may follow)
step 8: save recovery codes: it is recommended to save them with a secure password manager
Actually any decent (and locally controlled) encryption approach will suffice to guard against compromises. Many are available, e.g. with password managers such as KeepassXC, or with general disk or file encryption programs like Veracrypt, CryFS, LUKS. Unencrypted files can be considered less safe. Having backups (e.g. in the cloud) is another aspect, it guards against loss.
Description
Tutorial about Git / GitHub authentication.
Related Issue
Closes #287
Task list
tutorials/content
index.md
. In case of an Rmarkdown tutorial I have knitted myindex.Rmd
toindex.md
(both files are pushed to the repo).tags
in the YAML header (see the tags listed in the tutorials website side bar for tags that have been used before)categories
to the YAML header and my category tags are from the list of category tagsPreviewing the pull request
Thanks to GitHub Actions, an artifact (=zip file) of the rendered website is automatically created for each pull request.
Instructions
1) On the PR page, you can find a "details" link under "checks - On PR, build the site and ...". Go there, click on the top link in the left sidebar ("Summary"), and download the generated artifact at the bottom of the page. 2) Decompress it and make sure the target directory is called 'tutorials' (you may need to rename it) 3) From the parent directory (just above the
tutorials
folder you created/renamed), runpython -m http.server 8887
, or launch the Google Chrome Web Server app and point it at the parent directory. 4) Point your browser to http://localhost:8887/tutorials. 5) Review the updated website and accept/refuse/comment the PRNote: for step 3, you can use any other simple HTTP server to serve the current directory if you don't have a Python 3 environment or Google Chrome available.