| [mdt-papyrus.dev] TR: [incubation] Having Hudson push to GitHub |
Deal all, Here is a discussion thread that may be of interest for us. Cheer, Séb. Sébastien Gérard Head of the LISE labs CEA Research Director Papyrus project Leader (www.eclipse.org/papyrus) Commissariat à l'énergie atomique et aux énergies alternatives Institut List | CEA Saclay Nano-INNOV | Bât. 862- PC174 F-91191 Gif-sur-Yvette Cedex M. +33 6 88 20 00 47 T. +33 1 69 08 58 24 sebastien.gerard@xxxxxx www-list.cea.fr [SG] >-----Message d'origine----- [SG] >De : incubation-bounces@xxxxxxxxxxx [mailto:incubation- [SG] >bounces@xxxxxxxxxxx] De la part de Christoph Daniel Schulze [SG] >Envoyé : jeudi 3 novembre 2016 14:49 [SG] >À : incubation@xxxxxxxxxxx [SG] >Objet : Re: [incubation] Having Hudson push to GitHub [SG] > [SG] >Hi everyone, [SG] > [SG] >many thanks for your helpful replies! :) [SG] > [SG] >Cheers, [SG] > Christoph Daniel [SG] > [SG] >On 02/11/16 09:24, Mikaël Barbero wrote: [SG] >> Everything Gunnar said regarding security is true. However, we do [SG] >> support this use case and webmaster can setup a ssh deploy for your [SG] >> Hudson instance. You just need to fill a bug on the Community > Hudson [SG] >> component [SG] >> [SG] >(https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&comp [SG] >one [SG] >> nt=Hudson) [SG] >> and ask for it. [SG] >> [SG] >> Cheers, [SG] >> Mikael [SG] >> [SG] >>> Le 1 nov. 2016 à 13:52, Gunnar Wagenknecht [SG] ><gunnar@xxxxxxxxxxxxxxx [SG] >>> <mailto:gunnar@xxxxxxxxxxxxxxx>> a écrit : [SG] >>> [SG] >>> GitHub support's the notion of dedicated repository SSH deploy keys. [SG] >>> Those are decoupled from your user account and can be granted write [SG] >>> access to a repository. [SG] >>> [SG] >>> However, issues remains to any Hudson instance using such a key. As [SG] >>> the Hudson user needs read access to the key and it's passphrase, [SG] >>> it's possible for an attacker to create a Gerrit review or pull [SG] >>> request that might expose the key. There is no way to prevent it unless [SG] >it. [SG] >>> Thus, the Mylyn team did put a whitelisting mechanism in place to [SG] >>> auto-build/verify reviews only from trusted people. [SG] >>> [SG] >>> As a GitHub hosted OSS project, you should use Travis. [SG] >>> [SG] >>> See: [SG] >>> https://github.com/alrra/travis-scripts/blob/master/doc/github-deploy [SG] >>> -keys.md [SG] >>> and [SG] >>> https://docs.travis-ci.com/user/pull-requests#Pull-Requests-and-Secur [SG] >>> ity-Restrictions [SG] >>> [SG] >>> -Gunnar [SG] >>> [SG] >>> -- [SG] >>> Gunnar Wagenknecht [SG] >>> gunnar@xxxxxxxxxxxxxxx <mailto:gunnar@xxxxxxxxxxxxxxx>, [SG] >>> http://guw.io/ [SG] >>> [SG] >>> [SG] >>> [SG] >>> [SG] >>> [SG] >>> [SG] >>>> On 1 Nov 2016, at 09:43, Christoph Daniel Schulze [SG] >>>> <cds@xxxxxxxxxxxxxxxxxxxxxx <mailto:cds@xxxxxxxxxxxxxxxxxxxxxx>> [SG] >wrote: [SG] >>>> [SG] >>>> Hi everyone, [SG] >>>> [SG] >>>> at the Eclipse Layout Kernel we are currently thinking about how [SG] >>>> best to provide documentation about layout algorithms and [SG] >supported [SG] >>>> layout options to our users. The main place where we host [SG] >>>> documentation is our GitHub wiki. What we are currently thinking [SG] >>>> about is to generate Wiki documentation from the meta data about [SG] >our [SG] >>>> algorithms at compile time and push that to the wiki repository. [SG] >>>> [SG] >>>> For this to work, our Hudson instance would need write access to [SG] >>>> that repository. One way to do that would be to give it an SSH key [SG] >>>> for my GitHub account, but that solution doesn't appeal to me very [SG] >>>> much for security reasons. Does anyone do something similar with [SG] >>>> less security problems? [SG] >>>> [SG] >>>> I presume that it would probably be easier to give our Hudson write [SG] >>>> access to our Eclipse website repository. However, I would prefer to [SG] >>>> keep all documentation bundled up at a single place instead of [SG] >>>> spreading it out over different websites. [SG] >>>> [SG] >>>> Cheers, [SG] >>>> Christoph Daniel [SG] >>>> [SG] >>>> _______________________________________________ [SG] >>>> incubation mailing list [SG] >>>> incubation@xxxxxxxxxxx <mailto:incubation@xxxxxxxxxxx> To change [SG] >>>> your delivery options, retrieve your password, or unsubscribe from [SG] >>>> this list, visit https://dev.eclipse.org/mailman/listinfo/incubation [SG] >>> [SG] >>> _______________________________________________ [SG] >>> incubation mailing list [SG] >>> incubation@xxxxxxxxxxx <mailto:incubation@xxxxxxxxxxx> To change [SG] >your [SG] >>> delivery options, retrieve your password, or unsubscribe from this [SG] >>> list, visit https://dev.eclipse.org/mailman/listinfo/incubation [SG] >> [SG] >> [SG] >> [SG] >> _______________________________________________ [SG] >> incubation mailing list [SG] >> incubation@xxxxxxxxxxx [SG] >> To change your delivery options, retrieve your password, or [SG] >> unsubscribe from this list, visit [SG] >> https://dev.eclipse.org/mailman/listinfo/incubation [SG] >>
Attachment:
signature.asc
Description: OpenPGP digital signature.asc
_______________________________________________ incubation mailing list incubation@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/incubation