Comments (12)
@tpiskula -- I'm also interested in getting this to work; if you put up a WIP; I may have a little bandwidth to help out -- so feel free to ping me or post here.
from openfaas-cloud.
@alexellis it shouldn't be difficult to programatically do it in go, I could probably knock something up to do it
from openfaas-cloud.
I can confirm that cloning works with an installation id + auth token generated with the GitHub app's private key.
I made my sofia-test1
repo private, then observed a token from the logs of github-status
(adding debug_token
env-var to make this print out)
$ git clone https://INSTALLATION:[email protected]/alexellis/sofia-test1
Cloning into 'sofia-test1'...
remote: Counting objects: 144, done.
remote: Compressing objects: 100% (126/126), done.
remote: Total 144 (delta 63), reused 11 (delta 0), pack-reused 0
Receiving objects: 100% (144/144), 27.75 KiB | 0 bytes/s, done.
Resolving deltas: 100% (63/63), done.
Checking connectivity... done.
from openfaas-cloud.
Hi @tpiskula the roadmap is represented in GitHub issues at the moment - there's lots of ways you can get involved with testing and building out the project. I think the idea of private repos would be a great addition to OpenFaaS Cloud.
Here's instructions for how to join Slack where we also have a private demo of a shared/hosted OpenFaaS cloud - http://docs.openfaas.com/community/
from openfaas-cloud.
I've looked into private repos and I think there is a good option for pulling / cloning. If you add a "Deploy Key" to the repo then you can clone over SSH. This does need a public/private key-pair for every repo supported - unfortunately GitHub won't allow one deploy key to be added to multiple repos.
I think this means that OpenFaaS Cloud needs to generate a key/pair for each user and repo - this could potentially be done via the API if OpenFaaS Cloud is given repository administration access via https://github.com/google/go-github/blob/master/github/repos_keys.go
We'd also need to check whether the key already existed and use a name to index it.
We can find out whether a repo is private by looking for X-GitHub-Event: installation_repositories
:
"repositories_added": [
{
"id": 133999179,
"name": "my-fn",
"full_name": "alexellis/my-fn",
"private": true
}
],
from openfaas-cloud.
OpenFaaS private repo flow.pdf.pdf
Attaching workflow/design.
We will need to generate private/public key-pairs for each repo we manage. These have to be stored for future use and the public key must be installed on the GitHub repo needing additional OAuth Scopes.
from openfaas-cloud.
Workflow looks good!
I imagine it something like:
Authorize Github Account -> Select Repo -> If repo is private, install Deploy Key via API and save it somewhere -> Run CI/CD, run CI/CD on every push (maybe allow filter on branch?)
Where would you suggest to store the generated keys?
In a k8s secret?
from openfaas-cloud.
This part (Authorize Github Account
) is done via the installation event when you click to install the GitHub app on your repo in the GitHub UI.
Run CI/CD is triggered on the push.
I think we have to store them in K8s secrets, possibly SealedSecrets could be useful for us too.
The other alteration needed is to:
- connect installation event via github-event function
- generate the keys in Go or via
ssh-keygen
CLI cc @affix - store keys against repos
- pull in a private key on demand
- change from
git clone https://
togit clone git://
with the private key in scope. - handle installation removed event and de-provision keys when needed
from openfaas-cloud.
I'm looking for someone to take on the task incrementally. We have at least a couple of people ready to test it too. Keiran if you can start work on the implementation that would be great.
from openfaas-cloud.
This looks promising - I think we can use the existing auth mechanism to clone the code from a private repo over HTTP, but I'd like someone to validate the idea first.
https://developer.github.com/apps/differences-between-apps/#git-access
It would mean avoiding creating and storing deploy keys per repo.
from openfaas-cloud.
@tpiskula @shaunc @affix I'll try to check that and help with it :-)
from openfaas-cloud.
Next we need to start parsing whether a repo is private or not and passing that through the stack. If we encounter a repo which is private, then we should clone with an auth token. That should be about all that is needed.
from openfaas-cloud.
Related Issues (20)
- Feature: support cloudflare integration HOT 3
- GitHub events time out with network policy
- minor doc tidy HOT 3
- Add CI variable to git-tar
- Deprecate passing Oauth client secret in environment for OFC chart
- Make Network Policies optional in OFC chart
- Remove redundant `global.scheme` from ofc helm chart
- Migrate from Travis to Github Actions
- Migrate go Go Modules
- Implement all openfaass cloud components in the Helm chart
- Use GHCR in helm chart
- Build remaining images for AWS and GitLab YAML files HOT 1
- Dashboard image missing bundled assets HOT 1
- Link to GitHub app from dashboard HOT 5
- [Feature request] Support GitLab container registry HOT 1
- [Feature request] Support GitLab group as functions' owner in dashboard HOT 1
- system-metrics on the dashboard is showing 0 HOT 3
- Docs: Update user-guide to newer template
- failed to deploy functions using openfaas operator HOT 4
- Pipeline not triggered: gitlab-event: System Hook required cannot handle: Tag Push Hook HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openfaas-cloud.