lix-project/lix-install-action
1
0
Fork 0
Code Issues 11 Pull requests Actions Packages Projects Releases Wiki Activity

Support private flakes on FlakeHub #38

Merged
grahamc merged 6 commits from flakehub into main 2023-10-04 21:35:18 +00:00
Conversation 1 Commits 6 Files changed 6 +194 -107
grahamc commented 2023-10-03 22:53:24 +00:00 (Migrated from github.com)
Copy link
Description

Use the GitHub Actions-issued JWT to authenticate with FlakeHub.
The repository will be granted its due permissions on FlakeHub,
and be able to pull the user's private flakes.

Note that private flakes are in a closed beta, and interested users should contact support@flakehub.com to get access.

Checklist
  • Tested changes against a test repository
  • Added or updated relevant documentation (leave unchecked if not applicable)
  • (If this PR is for a release) Updated README to point to the new tag (leave unchecked if not applicable)
##### Description Use the GitHub Actions-issued JWT to authenticate with FlakeHub. The repository will be granted its due permissions on FlakeHub, and be able to pull the user's private flakes. Note that private flakes are in a closed beta, and interested users should contact support@flakehub.com to get access. ##### Checklist - [x] Tested changes against a test repository - [x] Added or updated relevant documentation (leave unchecked if not applicable) - [x] (If this PR is for a release) Updated README to point to the new tag (leave unchecked if not applicable)
Hoverbear (Migrated from github.com) reviewed 2023-10-03 23:36:54 +00:00
src/main.ts
Hoverbear (Migrated from github.com) commented 2023-10-03 23:36:54 +00:00
Copy link

How about a --netrc arg on the installer? I don't really want to shell out for this. (I'd prefer this, I think!)

Otherwise, I suggest writing this data using nodejs's standard library instead of using shell commands, then using sudo to move the file. Here's an example of writing a binary out from this repo: 3ebd1aebb4/src/main.ts (L363-L401)

Alternatively, we can rig up a way for this to call a specific function as root to do this without shelling out.

If we choose a method that does not include a --netrc arg on nix-installer, we will also need to make a check to pick up any extra-conf set netrc and either error or use that.

How about a `--netrc` arg on the installer? I don't really want to shell out for this. (I'd prefer this, I think!) Otherwise, I suggest writing this data using `nodejs`'s standard library instead of using shell commands, then using `sudo` to move the file. Here's an example of writing a binary out from this repo: https://github.com/DeterminateSystems/nix-installer-action/blob/3ebd1aebb47f95493b62de6eec0cac3cd74e50a9/src/main.ts#L363-L401 Alternatively, we can rig up a way for this to call a specific function as root to do this without shelling out. If we choose a method that does not include a `--netrc` arg on `nix-installer`, we will also need to make a check to pick up any `extra-conf` set `netrc` and either error or use that.
grahamc (Migrated from github.com) reviewed 2023-10-04 00:28:54 +00:00
src/main.ts
grahamc (Migrated from github.com) commented 2023-10-04 00:28:54 +00:00
Copy link

We chatted on Discord and decided it'd be better to write out a separate netrc and pass in a netrc-file option.

We chatted on Discord and decided it'd be better to write out a separate netrc and pass in a netrc-file option.
lucperkins (Migrated from github.com) reviewed 2023-10-04 01:19:27 +00:00
README.md
lucperkins (Migrated from github.com) commented 2023-10-04 01:19:26 +00:00
Copy link
|
| `flakehub`               | Log in to FlakeHub using the GitHub Actions [JSON Web Token](https://jwt.io) (JWT), which is bound to the `flakehub` audience. Logging in enables you to pull private flakes.
```suggestion | | `flakehub` | Log in to FlakeHub using the GitHub Actions [JSON Web Token](https://jwt.io) (JWT), which is bound to the `flakehub` audience. Logging in enables you to pull private flakes. ```
lucperkins (Migrated from github.com) reviewed 2023-10-04 01:21:41 +00:00
action.yml
lucperkins (Migrated from github.com) commented 2023-10-04 01:21:41 +00:00
Copy link
    description: Automatically log in to your [FlakeHub](https://flakehub.com) account to access private flakes.
```suggestion description: Automatically log in to your [FlakeHub](https://flakehub.com) account to access private flakes. ```
lucperkins (Migrated from github.com) reviewed 2023-10-04 01:22:56 +00:00
.envrc
lucperkins (Migrated from github.com) commented 2023-10-04 01:22:56 +00:00
Copy link

Add newline at the end (I need to change fh init to do that)

Add newline at the end (I need to change `fh init` to do that)
grahamc commented 2023-10-04 01:56:15 +00:00 (Migrated from github.com)
Copy link

Thanks @lucperkins, pushed all those edits!

Thanks @lucperkins, pushed all those edits!
Hoverbear (Migrated from github.com) reviewed 2023-10-04 17:38:46 +00:00
src/main.ts
Hoverbear (Migrated from github.com) commented 2023-10-04 17:38:46 +00:00
Copy link

This will falsely flag if the user has netrc-file anywhere in their config, even at the end of a line. Could we use a regex to ensure it's start of the line?

This will falsely flag if the user has `netrc-file` anywhere in their config, even at the end of a line. Could we use a regex to ensure it's start of the line?
Hoverbear (Migrated from github.com) approved these changes 2023-10-04 17:38:59 +00:00
Hoverbear (Migrated from github.com) left a comment
Copy link

Rest looks good, just one nit.

Rest looks good, just one nit.
grahamc (Migrated from github.com) reviewed 2023-10-04 20:51:51 +00:00
src/main.ts
grahamc (Migrated from github.com) commented 2023-10-04 20:51:51 +00:00
Copy link

Ohp, that's great idea! Yes.

Ohp, that's great idea! Yes.
grahamc (Migrated from github.com) reviewed 2023-10-04 21:26:36 +00:00
src/main.ts
grahamc (Migrated from github.com) commented 2023-10-04 21:26:36 +00:00
Copy link

fixed!

fixed!
Hoverbear (Migrated from github.com) reviewed 2023-10-04 21:33:49 +00:00
src/main.ts
Hoverbear (Migrated from github.com) commented 2023-10-04 21:33:49 +00:00
Copy link

Sometimes silly looking things make it into production. For example: Most of the code I write. :)

Sometimes silly looking things make it into production. For example: Most of the code I write. :)
Hoverbear (Migrated from github.com) approved these changes 2023-10-04 21:34:01 +00:00
grahamc (Migrated from github.com) reviewed 2023-10-04 21:34:46 +00:00
src/main.ts
grahamc (Migrated from github.com) commented 2023-10-04 21:34:46 +00:00
Copy link

🤭

🤭
Sign in to join this conversation.
Reviewers
No reviewers
Hoverbear
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lix-project/lix-install-action#38
No description provided.
Delete branch "flakehub"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?