Comments (5)
rarkins
commented on May 18, 2024
I quite like option 3 because it means one less manual step using the GitHub web interface. i.e. user only needs to generate access token for designated bot account and not also mess with SSH keys if they're not familiar with them.
This would work well for most environments, e.g. the script could look for ~/.ssh/id_rsa.pub` and upload that via GitHub API the first run.
We could perhaps make it fail gracefully or with non-error warning message if the user doesn't want to grant key read/write permissions for the API. In a way then option 1 would be backwards compatible with option 3.
AWS lambda doesn't have the concept of a full user directory with .ssh directory, but it could pull the key pair from a secure S3 prior to run.
from renovate.
rarkins
commented on May 18, 2024
Conclusion:
- Assume we will use
~/.ssh/id_rsafor now and users will manually add that public key to GitHub - Add functionality later to attempt adding public key automatically using API
Leaving this issue open for part 2
from renovate.
rarkins
commented on May 18, 2024
I realised a problem just now. I was attempting to add my public key (id_rsa.pub) to a bot account I'd set up, but GitHub gives me this error message:
i.e. public keys are used to identify GitHub users, so you can't add it to more than one GitHub account.
This makes me more inclined to generate a custom key pair just for this tool/bot, to avoid any such conflict.
from renovate.
rarkins
commented on May 18, 2024
In theory it would be possible to generate a temporary key pair every run, then add it to the GitHub account, then remove it at the end.
One problem of course would be if the program crashes and doesn't remove the key, but GitHub's API lets you give a "title" to each key so we could name it renovate for example and have a first step that deletes it if found.
A second problem might be latency - e.g. does it work instantly once you add it via API, or is there a delay until it's active? This needs to be tested as it would be a problem for the first run of the script regardless.
from renovate.
rarkins
commented on May 18, 2024
In that case, the logic would be approximately:
- Delete "renovate" key if exists
- Generate temporary key pair
- Add temporary public key via GitHub API, with title "renovate"
- [Rest of script]
- Delete renovate key
from renovate.
Related Issues (20)
- Explain better how to get logs when self-hosting
- gitlabci manager: support multidoc yaml HOT 3
- Wrong warning for `customizeDashboard.repoProblemsHeader` validation HOT 4
- cleanupHttpCache: invalid cache data warning HOT 5
- Support `description` on custom datasources HOT 7
- Support pnpm v9 lockfiles HOT 7
- go.mod directive incorrectly bumped HOT 1
- Support source and changelog links for sbt-package datasource in the same way as for maven datasource
- Support source and changelog links for sbt manager in the same way as for maven manager HOT 3
- Gitea PR list cache does not detect deleted PRs HOT 1
- Support GOINSECURE
- Support poetry range syntax with non-semver versions HOT 1
- Intelligent repo http cache cleanup for branch statuses
- Package lookup fails with Golang submodules In Gitlab.com HOT 1
- Support pnpm aliases
- Convert matchPackage* and excludePackage* rules to use matchGlobOrRegexList
- Throw config validation error if combining * with other values in a matchRegexOrGlobList field HOT 3
- Validate relative links with docs tests HOT 5
- Add Ubuntu 24.04 to datasource when upstream marks it as beta
- AZDO: paginate getTeams() call as there may exist over 100
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from renovate.