Closed Bug 1214899 Opened 9 years ago Closed 7 years ago

[TaskCluster GitHub] Support jobs against private repos.

Categories

(Taskcluster :: Services, defect)

Product:
Taskcluster
Component:
Services
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: mrrrgn, Unassigned)

References

Details

This will require a working secrets system, so that we can distributed a private key to tasks that need to check out private repositories.
Summary: [Taskcluster GitHub] Support jobs against private repos. → [TaskCluster GitHub] Support jobs against private repos.
Depends on: 1214905
Assignee: nobody → winter2718
No longer depends on: 1214905
Blocks: 1214907
The next step here is to add an endpoint to taskcluster github that allows repository owners to set secrets for their repository. Then tc-gh can start jobs along with a secrets proxy that has read only credentials for the secrets. see: http://docs.taskcluster.net/services/secrets/
Assignee: winter2718 → nobody
I'd be willing to mentor this bug.
Component: Other → Github
Product: Release Engineering → Taskcluster
QA Contact: mshal
This should no longer be an issue.  We now have an awesome github integration that repos can install to get access to our tc-gh scheduling and with a little setup, secrets can be added for a given repo that can be used in tasks.

Our open cloud configuration setup for windows workers does just this....new commits will trigger tasks that pull some secrets from our secrets store to be able to publish new AMIs.

That said, one thing to note is that while you are technically able to retrieve secrets within these tasks, there is the potential of leaking them in the logs.  only docker-worker allows one to specify an alternative log location as far as I'm aware that make those logs private.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
Component: Github → Services
You need to log in before you can comment on or make changes to this bug.