Comments (9)
It's absolutely possible and safe to give public access to push branches I suppose in this case.
put the credentials in a config file in the repo- I think, with GDrive, this is often alright?
you mean JSON file? it means that people will have read/write access to that Drive. It's probably fine if we create some demo account. But it's not safe in general case.
from cml.
will we have to worry about secrets not being passed to workflows "triggered by a pull request from a fork"?
yes, we won't have to worry as far as I remember ... i would ask @efiop and @DavidGOrtega to double check.
from cml.
@dmpetrov I think giving access to the PRs is the main thing I'm interested in.
Just to clarify- if, as @shcheklein said, we did give public access to push branches, will we have to worry about secrets not being passed to workflows "triggered by a pull request from a fork"?
from cml.
hmm so jorge made a PR for a test repo I made and it did trigger a Git Action, but it seems that the credentials from the secret are not getting passed:
Google drive DVC remote found but no credentials found
Pulling from DVC remote ...
so the job won't complete. We'll have to figure something out as @DavidGOrtega suggested if we want to use this workflow in a tutorial- assuming everyone is okay from a security POV to have the client ID/secret/access codes for the project GDrive folder exposed in this case? @shcheklein @efiop
from cml.
@andronovhopf what provides better user experience from the blog post point of view? The Demo account credentials or giving access for PRs in our repo? Or both? 😄
from cml.
I didn't spend enough time with github actions yet, but with things like trravis secrets are indeed not passed to PRs that are not coming from upstream branches. Not sure what secrets we currently use for crml action and whether or not they could be put into a public config, so can't say anything for sure here 🙁 CC @DavidGOrtega
from cml.
This is a Github (and possibly any other vendor) limitation. Why maybe don't just set the variables not as a secret? If anyone can upload there an specific google account with Gdrive for that project would work.
Another solution would be storing the variables in the project and setup them if the Github event is running against your project. That's the way the Pillow guys have resolved this.
- name: Prepare coverage token
if: success() && github.repository == 'python-pillow/Pillow'
run: cp .github/codecov-upstream.yml .codecov.yml
- name: Upload coverage
if: success()
uses: codecov/codecov-action@v1
with:
token: ${{ secrets.CODECOV_TOKEN }}
name: ${{ matrix.os }} Python ${{ matrix.python-version }}
I can help you to setup something like the last thing if you need it
from cml.
Has this been addressed @andronovhopf ? Is there anything we can do o our side?
from cml.
Hi @DavidGOrtega it won't work; to do dvc push/pull
there's no way around needing to set credentials as Git secrets that I can find. We'll just have users setup credentials for themselves. So nothing to be done from the CML side!
from cml.
Related Issues (20)
- pr + comment create Error: PR for commit sha not found HOT 14
- Socket hang up when publishing assets HOT 4
- Resource not accessible by integration Http error. HOT 4
- Invalid URL error HOT 4
- Invalid URL error HOT 3
- Error: cml comment create report.md HOT 9
- Token not found error HOT 4
- Stale secret deletion HOT 1
- Error when trying to use `latest-gpu` container inside GitHub actions workflow. HOT 1
- How to setup multiple GPU for CML runner in GCP HOT 2
- Resource not accessble while creating report
- cml runner seems to try and pull images from a quay.io repo instead of dockerhub HOT 6
- Error: URL Parsing Failed {"subject_url":"[email protected]:...\n"} HOT 2
- New Feature HOT 1
- Use of kernel 5.4 in base AWS image HOT 2
- Error: Resource not accessible by integration HOT 1
- How to set instance recreation times count (exceeded maximum number of attempts error on start up)? HOT 1
- Is it possible to provide a comment in a task that is inside an issue in gitlab? HOT 1
- Config to config output_limit in Gitlab runner
- Support bitbucket access token authorization
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cml.