From Pavlo Kerestey to ~sircmpwn/sr.ht-discuss
On 26 Mar 2020, at 14:22, Drew DeVault wrote: > I wouldn't necessarily be opposed to using SSH to add new build secrets, > e.g. uuid=$(ssh builds@builds.sr.ht add-secret < .ssh/id_ed25519) This would actually be fantastic, and I would be happy to help with patches for this. Will try something out and get back to you…
From Pavlo Kerestey to ~sircmpwn/sr.ht-discuss
Hi Drew, > I appreciate that the current workflow of submitting secrets is > deliberate and only done in one place, it helps to prevent errors while > handling sensitive data. This makes a lot of sense to me and I really like the approach. Submitting secrets should be done with cation. > I would be open to an API, but only with a compelling use-case - and > I'm not sure I understand yours. I would like to deploy some vm’s and I want to be able do it through a CI/CD pipeline as well as locally from my machine for example to a staging
From Pavlo Kerestey to ~sircmpwn/sr.ht-discuss
Hi, is there an API documentation for submitting the secrets? I would like to use my secrets manager (gopass in my case) as the single source of truth, and have a script that publishes the secrets there to build.sr.ht, so they can be used in the CI runs. I understand that the .build.yml has to be regenerated after such a run, but updating many secrets for different parts of the CI run can become tedious otherwise. Thanks, Pavlo.
From Pavlo Kerestey to ~sircmpwn/sr.ht-discuss
Hi, I am wondering if there is a way to cache the intermediate build artifacts to speed up builds on builds.sr.ht, and stumbled over this thread. Currently my builds (https://builds.sr.ht/~ptek/ledge.link) take over 20 minutes and most of the time is spent on building dependencies. Is there a canonical way or a best practice of doing this nowadays? Pavlo.