6:27 p.m.
Hello CIistas (I've just invented this term, probably not good, sorry).
Do we have something like encrypted secrets [0] for the Fedora CI?
I'd like to add CI tests for twine [1] that would:
- create a Python package named fedora-ci-canary, versioned as 0+<uuid>
- upload the package to Test PyPI [2][3]
- verify it is there
For this however, we would need to store credentials for a Test PyPI account.
I don't mind if the credentials are compromised via malicious Pull Request (they
are to a test environment only), but I don't feel comfortable to store them in
git in plaintext (or obfuscated).
Thanks for hints.
[0] https://docs.travis-ci.com/user/encryption-keys/
[1] https://pypi.org/project/twine/
[2] https://test.pypi.org/
[3] https://packaging.python.org/guides/using-testpypi/
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
7:34 p.m.
Hi,
On Tue, Apr 28, 2020 at 1:27 AM Miro Hrončok <mhroncok(a)redhat.com> wrote:
Hello CIistas (I've just invented this term, probably not good,
sorry).
Sound like some worms or something :D
Do we have something like encrypted secrets [0] for the Fedora CI?
Unfortunately I am not aware of anything like this :(
I was trying to start a discussion with Packit folks about a similar use
case, but seems
there is no interest yet:
https://github.com/packit-service/packit-service/issues/400
It would be awesome if in the future we would have some solution for this,
but I am not
sure yet how would it exactly work. I would see somehow FAS involved ...
Any ideas are more than welcome ...
Best regards,
/M
I'd like to add CI tests for twine [1] that would:
- create a Python package named fedora-ci-canary, versioned as 0+<uuid>
- upload the package to Test PyPI [2][3]
- verify it is there
For this however, we would need to store credentials for a Test PyPI
account.
I don't mind if the credentials are compromised via malicious Pull Request
(they
are to a test environment only), but I don't feel comfortable to store
them in
git in plaintext (or obfuscated).
Thanks for hints.
[0] https://docs.travis-ci.com/user/encryption-keys/
[1] https://pypi.org/project/twine/
[2] https://test.pypi.org/
[3] https://packaging.python.org/guides/using-testpypi/
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
CI mailing list -- ci(a)lists.fedoraproject.org
To unsubscribe send an email to ci-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
--
Miroslav Vadkerti :: Principal QE :: Testing Farm / OSCI / BaseOS QE
IRC mvadkert #tft #baseosci #osci :: GPG 0x7B5B2E95
TPB-C 2C215 :: Mobile +420 773 944 252
Red Hat Czech s.r.o, Purkyňova 115, 612 00, Brno, CR
1:04 a.m.
On Tue, Apr 28, 2020 at 1:27 AM Miro Hrončok <mhroncok(a)redhat.com> wrote:
Hello CIistas (I've just invented this term, probably not good,
sorry).
Do we have something like encrypted secrets [0] for the Fedora CI?
I'd like to add CI tests for twine [1] that would:
- create a Python package named fedora-ci-canary, versioned as 0+<uuid>
- upload the package to Test PyPI [2][3]
- verify it is there
For this however, we would need to store credentials for a Test PyPI
account.
I don't mind if the credentials are compromised via malicious Pull Request
(they
are to a test environment only), but I don't feel comfortable to store
them in
git in plaintext (or obfuscated).
Hi,
If you can use Zuul, there is support for secrets:
https://zuul-ci.org/docs/zuul/reference/secret_def.html
If you choose this road, let me know and I'll help you setup your job.
--
Fred - May the Source be with you
2:42 a.m.
On 28. 04. 20 8:04, Frederic Lepied wrote:
On Tue, Apr 28, 2020 at 1:27 AM Miro Hrončok <mhroncok(a)redhat.com
<mailto:mhroncok@redhat.com>> wrote:
Hello CIistas (I've just invented this term, probably not good, sorry).
Do we have something like encrypted secrets [0] for the Fedora CI?
I'd like to add CI tests for twine [1] that would:
- create a Python package named fedora-ci-canary, versioned as 0+<uuid>
- upload the package to Test PyPI [2][3]
- verify it is there
For this however, we would need to store credentials for a Test PyPI account.
I don't mind if the credentials are compromised via malicious Pull Request
(they
are to a test environment only), but I don't feel comfortable to store them in
git in plaintext (or obfuscated).
Hi,
If you can use Zuul, there is support for secrets:
https://zuul-ci.org/docs/zuul/reference/secret_def.html
If you choose this road, let me know and I'll help you setup your job.
Awesome, thanks. Zuul would work.
I'll prep the actual test and will get back to you with a WIP PR.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
2:53 a.m.
Alternatively, if you want to go the extra mile, you could also use Zuul to
deploy a test PyPI server using devpi, set up a user and its credentials on
the go, and test the upload process on the test PyPI server. This would
prevent side effects like networking problems from interfering with your
testing, and solve the credentials problem. Of course, if the point is to
test the upload to test PyPI itself, disregard my comment. :)
On Tue, Apr 28, 2020 at 9:43 AM Miro Hrončok <mhroncok(a)redhat.com> wrote:
On 28. 04. 20 8:04, Frederic Lepied wrote:
> On Tue, Apr 28, 2020 at 1:27 AM Miro Hrončok <mhroncok(a)redhat.com
> <mailto:mhroncok@redhat.com>> wrote:
>
> Hello CIistas (I've just invented this term, probably not good,
sorry).
>
> Do we have something like encrypted secrets [0] for the Fedora CI?
>
> I'd like to add CI tests for twine [1] that would:
>
> - create a Python package named fedora-ci-canary, versioned as
0+<uuid>
> - upload the package to Test PyPI [2][3]
> - verify it is there
>
> For this however, we would need to store credentials for a Test PyPI
account.
> I don't mind if the credentials are compromised via malicious Pull
Request
> (they
> are to a test environment only), but I don't feel comfortable to
store them in
> git in plaintext (or obfuscated).
>
>
> Hi,
>
> If you can use Zuul, there is support for secrets:
> https://zuul-ci.org/docs/zuul/reference/secret_def.html
>
> If you choose this road, let me know and I'll help you setup your job.
Awesome, thanks. Zuul would work.
I'll prep the actual test and will get back to you with a WIP PR.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
CI mailing list -- ci(a)lists.fedoraproject.org
To unsubscribe send an email to ci-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
--
Matthieu Huin
Senior Software Developer
Red Hat <https://www.redhat.com>
<https://red.ht/sig>
3:32 a.m.
On 28. 04. 20 9:53, Matthieu Huin wrote:
Alternatively, if you want to go the extra mile, you could also use
Zuul to
deploy a test PyPI server using devpi, set up a user and its credentials on the
go, and test the upload process on the test PyPI server. This would prevent side
effects like networking problems from interfering with your testing, and solve
the credentials problem. Of course, if the point is to test the upload to test
PyPI itself, disregard my comment. :)
That is my backup plan, but I'd rather use a "real" testing PyPI in sch
integration test. The unit tests already test against local PyPI-like things.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
1459
days inactive
1460
days old
5 comments
4 participants
participants (4)
-
Frederic Lepied -
Matthieu Huin -
Miro Hrončok -
Miroslav Vadkerti