Stream: t-lang/wg-unsafe-code-guidelines

Topic: deploy keys


nikomatsakis (Apr 18 2019 at 15:35, on Zulip):

I'd prioritize getting something working, but if you're setting up CI I'd recommend using a deploy key instead of a token so it's scoped to just one repo rather than "all repos the user who created the token has access to"

@Alex Crichton so I'm reading the [github docs on deploy keys](https://developer.github.com/v3/guides/managing-deploy-keys/ and the travis docs (which recommend user keys, but anyway). I guess that I would need to upload the private key to travis and set the public key on GH, that's the idea?

nikomatsakis (Apr 18 2019 at 15:35, on Zulip):

I'm sort of leaning towards "not worth it"

nikomatsakis (Apr 18 2019 at 15:35, on Zulip):

but I guess I see the advantages

nikomatsakis (Apr 18 2019 at 15:43, on Zulip):

Woah, this travis thing that curls https://github.com/alexcrichton/rust-travis-deploy/ and runs rustc on it kind of creeps me out :)

nikomatsakis (Apr 18 2019 at 15:43, on Zulip):

But I guess that https://github.com/alexcrichton/rust-travis-deploy/blob/master/add-travis-deploy.rs will do the work for me, eh?

nikomatsakis (Apr 18 2019 at 15:44, on Zulip):

@Alex Crichton do you have some instructions for this repo? :)

Alex Crichton (Apr 18 2019 at 15:47, on Zulip):

I would personally recommend getting deploy keys working but if it's too much hassle it's not worth it, it can always be configured later

Alex Crichton (Apr 18 2019 at 15:47, on Zulip):

but yes that repo should have all that's necessary to do it

Alex Crichton (Apr 18 2019 at 15:47, on Zulip):

if you execute add-travis-deploy it should print out instructions

Alex Crichton (Apr 18 2019 at 15:48, on Zulip):

(and it'll add a key to the github repo, print out what to put in travis, and also add the env var to travis)

Alex Crichton (Apr 18 2019 at 15:48, on Zulip):

there's currently no instructions and it's not super well documented, I largely just wanted to make it for my own usage to start out ;0

Alex Crichton (Apr 18 2019 at 15:48, on Zulip):

:)*

gnzlbg (Apr 18 2019 at 16:00, on Zulip):

FYI I tried it on macosx and it did not work as is for me - once I got it working things failed because I did not have permisions to upload deploy keys to travis, but the script appeared to fail to capture that - @Alex Crichton you might want to add the disclaimer to the readme that it is linux only or something

Alex Crichton (Apr 18 2019 at 16:04, on Zulip):

I didn't really write it to be the most robust thing in the world, I just wrote it to work for me...

gnzlbg (Apr 18 2019 at 16:48, on Zulip):

@Alex Crichton i wasn't suggesting otherwise, just mentioning what I tried, what worked, and what did not

nikomatsakis (May 02 2019 at 15:43, on Zulip):

OK, i've invested quite a bit of time in this and I still can't quite get it to work. Admittedly, for reasons that are probably just me being silly.

nikomatsakis (May 02 2019 at 15:44, on Zulip):

(e.g., I can't install the travis tool, etc)

nikomatsakis (May 02 2019 at 15:46, on Zulip):

but also the travis docs etc for this stuff just seem totally wrong

nikomatsakis (May 02 2019 at 15:46, on Zulip):

or else I am confused :)

nikomatsakis (May 02 2019 at 15:51, on Zulip):

Running @Alex Crichton's script seems to give me:

{
  "message": "Not Found",
  "documentation_url": "https://developer.github.com/v3/repos/keys/#add-a-new-deploy-key"
}

Is that the same problem you saw, @gnzlbg? I guess not

nikomatsakis (May 02 2019 at 15:51, on Zulip):

I suppose I can add the github key myself

nikomatsakis (May 02 2019 at 15:52, on Zulip):

but my bigger problem is not having the travis tool

gnzlbg (May 02 2019 at 15:52, on Zulip):

no that was not the error i got, I did use the travis tool

gnzlbg (May 02 2019 at 15:53, on Zulip):

if you are on mac it can be easily installed via homebrew

nikomatsakis (May 02 2019 at 15:57, on Zulip):

I'm not on mac

nikomatsakis (May 02 2019 at 15:57, on Zulip):

I think I got it building now, at least on my fedora machine

nikomatsakis (May 02 2019 at 16:03, on Zulip):

now I can't get it to login

nikomatsakis (May 02 2019 at 16:13, on Zulip):

ok, I have to give up on this

gnzlbg (May 02 2019 at 17:04, on Zulip):

:/ we should just use normal GITHUB_TOKENS, and publish the book, and let the infra team that we are doing that, and if they want to switch to deploy keys, they can send a PR

gnzlbg (May 02 2019 at 17:05, on Zulip):

the intersection of people that have travis rights and know how to use deploy keys is really small

nikomatsakis (May 02 2019 at 20:20, on Zulip):

yeah

nikomatsakis (May 02 2019 at 20:21, on Zulip):

it's not worth it :)

RalfJ (May 05 2019 at 13:21, on Zulip):

also WTF why is that so hard?^^

gnzlbg (May 06 2019 at 10:28, on Zulip):

@RalfJ there is just less documentation for deploy keys than for github tokens, and while everybody has used tokens at one point or another, very few have used deploy keys. Then there is also the permission issues. Github tokens requires only rust-lang github permissions, which many people have, but deploy keys requires also travis CI permissions, which very few people have - and these people also have very little time to dig into this.

RalfJ (May 06 2019 at 11:44, on Zulip):

(FWIW I was directing this more at GH/Travis)

gnzlbg (May 06 2019 at 14:44, on Zulip):

I think deploy keys aren't necessarily hard, alex wrote a tool that does that kind of automatically, but for some reason that does not appear to work as is in nikos' system, and debugging travis issues takes time that they might not have (you basically need to work on the repo's master, since the book is only built there, and you have to modify something, wait for travis to finish, etc. so the iteration loop is long).

nikomatsakis (May 09 2019 at 16:55, on Zulip):

Hmm, maybe these instructions help.

Last update: Nov 19 2019 at 18:35UTC