Open shawnzhu opened 7 years ago
I've managed to made option 2 via https://github.com/shawnzhu/travis-web/commit/3765ce41eaa537eb8c9fae2a19bdb4e5749dfc33
travis-web
by configuring a private key in travis-web
travis-web
will talk to the artifacts server via CORSSo far, the problem is user has to acquire a new JWT from travis-web
after JWT expires.
This is an important question needs an answer because the design that a Travis CI user interacts with artifacts data determines the architecture:
server-to-server
JWT token.These are generated from internal feedback from Travis CI enterprise users.
Hey @shawnzhu
I'm sorry for my delayed feedback. Maybe we can setup a call to go over any remaining questions?
@joshk suggests travis-web
sends API calls to Artifacts server directly.
travis-api
/repos/{repo-slug}
of travis-api
with the API token to do authentication and perform access control (whether user can access the repo associated with build job)travis-api
There are also good inputs on improvements:
Thanks for writing this up @shawnzhu
I believe the URL would need to be /job/:id
as that is the only thing kept in the DB
I've made travis-build to provide an addon to enable travis-worker uploading artifacts into artifacts server via a JWT token. There're two options in my mind to expose artifacts meta info to
travis-web
:travis-api
like/api/jobs/<job-id>/artifacts
so Travis web can pick up artifacts meta info via existing authentication oftravis-api
. Then the architecture design is,travis-api
will serve as gateway of artifacts server for all API traffic.travis-api
today to this artifacts server so thattravis-web
can redirect user to artifacts server directly. Then the artifacture design is, artifacts-server needs to access Redis and/or Postgres database of Travis CI.@josh @meatballhat @rkh comments?