Comments (3)
I like the sharing aspect that it brings, but also would like to make sure operational concerns are left outside the development scope. build.yml should remain a developer concern so the same file can be sent over to a build server for example. While it is possible to think of command line parameters overriding the content of the file, it would not be clear and also makes the configuration process messy and potentially expose to security concerns for multi-tenanted environments.
We can potentially solve this by allowing configuration files to be provided as a file and then use conventions to read it from the same location as with the build.yml based on naming conventions.
from habitus.
build.yml should remain a developer concern so the same file can be sent over to a build server for example
Good point! This sentence made a lot of sense to me.
At glance, your explanation made me think that secrets: true
in build.yml would still make sense to be added without any concern.
But after thinking twice, I now believe secrets
should also be avoided. The reasoning is that, we tend to curl http://$host:8080/v1/secrets/$secret_id
inside Dockerfile to obtain the secret. Here, whether $host
is served by habitus or any other webapp is completely up to the operator. That being said, fixing it as secrets: true
in build.yml sounds just wrong.
We can potentially solve this by allowing configuration files to be provided as a file and then use conventions to read it from the same location as with the build.yml based on naming conventions.
Good idea!
Suppose it is named config.yml
, I'd want to git-commit multiple different config.yml
per build environment(dev, ci), may be encyrpted or not. I'll revisit the idea after I come up with a more concrete use-case.
from habitus.
Given the original issue has been discussed and agreed not to be eligible for addition, I'm closing this.
Thanks again for the discussion!
from habitus.
Related Issues (20)
- Habitus on Windows HOT 2
- ssh -T [email protected] error HOT 3
- Habitus Install script not updated HOT 1
- Cleaning Intermediate images & Flag "noprune-rmi" having no effect HOT 2
- Custom path for .dockerignore HOT 1
- Build for step opencv failed due to Invalid header type HOT 1
- Provide an Aarch64/Arm64 Linux release HOT 3
- Dockerfile.generated race with same Dockerfile and different build args HOT 3
- Remov e
- v1.0.5 does not run in docker:19.03.6 HOT 3
- [Feature Request] Ability to build dockerfile located inside sub-directories HOT 6
- Build tend to fail due to DOCKER_TLS_VERIFY=1 not respected by habitus HOT 1
- Failing Codeship build HOT 5
- [Feature request] Support for docker's multi-stage build HOT 2
- Add unit tests HOT 1
- Feature request: Containerized secret server for more accessibility
- doc: Basic usage guide for minikube users
- Dependency management? HOT 1
- Switch to the official docker client HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from habitus.