Closed
Bug 1214899
Opened 9 years ago
Closed 7 years ago
[TaskCluster GitHub] Support jobs against private repos.
Categories
(Taskcluster :: Services, defect)
Taskcluster
Services
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: mrrrgn, Unassigned)
References
Details
This will require a working secrets system, so that we can distributed a private key to tasks that need to check out private repositories.
Reporter | ||
Updated•9 years ago
|
Summary: [Taskcluster GitHub] Support jobs against private repos. → [TaskCluster GitHub] Support jobs against private repos.
Reporter | ||
Comment 1•9 years ago
|
||
The next step here is to add an endpoint to taskcluster github that allows repository owners to set secrets for their repository. Then tc-gh can start jobs along with a secrets proxy that has read only credentials for the secrets. see: http://docs.taskcluster.net/services/secrets/
Reporter | ||
Updated•9 years ago
|
Assignee: winter2718 → nobody
Reporter | ||
Comment 2•9 years ago
|
||
I'd be willing to mentor this bug.
Updated•7 years ago
|
Component: Other → Github
Product: Release Engineering → Taskcluster
QA Contact: mshal
Comment 3•7 years ago
|
||
This should no longer be an issue. We now have an awesome github integration that repos can install to get access to our tc-gh scheduling and with a little setup, secrets can be added for a given repo that can be used in tasks. Our open cloud configuration setup for windows workers does just this....new commits will trigger tasks that pull some secrets from our secrets store to be able to publish new AMIs. That said, one thing to note is that while you are technically able to retrieve secrets within these tasks, there is the potential of leaking them in the logs. only docker-worker allows one to specify an alternative log location as far as I'm aware that make those logs private.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
Updated•5 years ago
|
Component: Github → Services
You need to log in
before you can comment on or make changes to this bug.
Description
•