Allow send SSH into runner info. to DM
#33346
Conversation
| #because the SSH can be enabled dynamically if the workflow failed, so we need to store slack infos to be able to retrieve them during the waitforssh step | ||
| shell: bash | ||
| run: | | ||
| if [ "${{ secrets[format('{0}_{1}', github.actor, 'SLACK_ID')] }}" != "" ]; then |
There was a problem hiding this comment.
If a GitHub secret is added to the repository: for example, YDSHIEH_SLACK_ID with a value being the corresponding slack user ID
There was a problem hiding this comment.
Quick Q, should the slack id not be an argument to workflow_dispatch 🤗
There was a problem hiding this comment.
It is an ID like X13JMGOCTSU, and has to be copied from the Slack user profile.
Being an input might add some friction to this process (but browser usually remember input)
The more IMPORTANT point is: we want to keep it as a secret (and not show on log), like what we did so far for
${{ secrets.SLACK_CIFEEDBACK_CHANNEL }}
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
| if [ "${{ secrets[format('{0}_{1}', github.actor, 'SLACK_ID')] }}" != "" ]; then | ||
| echo "SLACKCHANNEL=${{ secrets[format('{0}_{1}', github.actor, 'SLACK_ID')] }}" >> $GITHUB_ENV | ||
| else | ||
| echo "SLACKCHANNEL=${{ secrets.SLACK_CIFEEDBACK_CHANNEL }}" >> $GITHUB_ENV |
There was a problem hiding this comment.
As we're adding this to the GITHUB_ENV, is this less secure? Previously the information was stored in secrets - will making it persistent like this make it more accessible?
There was a problem hiding this comment.
No, it would still be masked by GitHub Actions.
At least, it follows what has been done by Guillaume.
There was a problem hiding this comment.
we need to test. normally github keep it obfuscated on the logs.
if it's not the case, eventually we can add this kind of command : echo "::add-mask::$the_secret"
There was a problem hiding this comment.
FYI: there is a run page
https://github.com/huggingface/transformers/actions/runs/10736292447/job/29775922690
In its raw log page, searching SLACKCHANNEL, all places are masked ***
There was a problem hiding this comment.
Cool ! Can you have @glegendre01 review this just for security purposes?
|
Thanks for the review. Sure I will ping him. |
| if [ "${{ secrets[format('{0}_{1}', github.actor, 'SLACK_ID')] }}" != "" ]; then | ||
| echo "SLACKCHANNEL=${{ secrets[format('{0}_{1}', github.actor, 'SLACK_ID')] }}" >> $GITHUB_ENV | ||
| else | ||
| echo "SLACKCHANNEL=${{ secrets.SLACK_CIFEEDBACK_CHANNEL }}" >> $GITHUB_ENV |
There was a problem hiding this comment.
we need to test. normally github keep it obfuscated on the logs.
if it's not the case, eventually we can add this kind of command : echo "::add-mask::$the_secret"
| if [ "${{ secrets[format('{0}_{1}', github.actor, 'SLACK_ID')] }}" != "" ]; then | ||
| echo "SLACKCHANNEL=${{ secrets[format('{0}_{1}', github.actor, 'SLACK_ID')] }}" >> $GITHUB_ENV | ||
| else | ||
| echo "SLACKCHANNEL=${{ secrets.SLACK_CIFEEDBACK_CHANNEL }}" >> $GITHUB_ENV |
allow send DM Co-authored-by: ydshieh <ydshieh@users.noreply.github.com>
What does this PR do?
Easier to get notified.