Open ScottTodd opened 1 week ago
Hi, @ScottTodd. Thank you very much for these detailed issues. To support public access to Azure without credentials, we need efforts from both the opendal and sccache sides:
AZBLOB_NO_CREDENTIALS
.Would you like to cross post this issue to opendal side too?
Would you like to cross post this issue to opendal side too?
I'm not familiar with opendal or the implementation details of sccache, so I wouldn't really know what to say there 😅
Another option we're considering is running our own server to use with sccache, possibly hosted on Azure close to our build machines, instead of using Azure Blob Storage. That would give us more direct control over endpoints, authentication, etc.
We're trying to set up our GitHub project to use sccache with Azure Blob Storage to speed up our CMake builds in GitHub Actions running on
pull_request
andpush
events. We'd like for contributors sending pull requests from forks to be able to read from the shared cache without granting them write access.bearer-token
parameter in the URL and untrusted workflows instead passing theread-only
parameter.SCCACHE_S3_NO_CREDENTIALS
environment variable, documented here: https://github.com/mozilla/sccache/blob/main/docs/S3.mdWe configured an Azure Blob Storage container with "anonymous read access" then followed the docs here: https://github.com/mozilla/sccache/blob/main/docs/Azure.md. Here's what we've tried so far to get readonly / unauthenticated access to the shared cache:
SCCACHE_AZURE_BLOB_CONTAINER
andSCCACHE_AZURE_CONNECTION_STRING
environment variables to real values.SCCACHE_AZURE_CONNECTION_STRING
environment variable to a connection string withAccountKey=${THE_SECRET_KEY_HERE};
omitted, hoping that would fall back to anonymous/readonly access.SCCACHE_AZURE_BLOB_CONTAINER
andSCCACHE_AZURE_CONNECTION_STRING
environment variables then try to read from the storage by first downloading the files (e.g. withazcopy
), then treating the downloaded folder as a local storage cache by following instructions at https://github.com/mozilla/sccache/blob/main/docs/Local.md.Am I missing something? Would it be possible to add direct support for public readonly access? Any suggestions for other things to try?
Thanks!