Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate to GitHub Actions #126

Merged
merged 1 commit into from
Jun 16, 2020
Merged

Migrate to GitHub Actions #126

merged 1 commit into from
Jun 16, 2020

Conversation

foolip
Copy link
Member

@foolip foolip commented Jun 16, 2020

Part of whatwg/meta#173.

domenic
domenic reviewed Jun 16, 2020
View reviewed changes
@foolip foolip marked this pull request as ready for review June 16, 2020 18:55
@foolip
Copy link
Member Author

foolip commented Jun 16, 2020

I'm done tinkering with this now, but can't test that it's really going to work without publishing something to Docker Hub. I'd say it's 80% likely to work, so we could land it and see what happens.

@foolip foolip mentioned this pull request Jun 16, 2020
Closed
25 tasks
domenic
domenic approved these changes Jun 16, 2020
View reviewed changes
Copy link
Member

@domenic domenic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's try it!

@domenic domenic merged commit fc3c353 into master Jun 16, 2020
@domenic domenic deleted the github-actions branch June 16, 2020 19:02
@domenic
Copy link
Member

domenic commented Jun 16, 2020

It worked! https://hub.docker.com/repository/docker/whatwg/wattsi/tags?page=1

I wonder if using the official Docker action would have let us avoid the warnings on https://github.com/whatwg/wattsi/runs/777797241?check_suite_focus=true#step:6:9

@domenic
Copy link
Member

domenic commented Jun 16, 2020

Looks like no: docker/build-push-action#53 and https://github.com/docker/github-actions/blob/0f18e2abad9a4ac2963d2516246787375b5ec917/internal/command/args.go#L9

@foolip
Copy link
Member Author

foolip commented Jun 17, 2020

We could easily use --password-stdin and silence the warning, but we wouldn't really be improving the security, I think. Anyone with write access to this repo would be able to extract the secrets if they want to. The other attack vector would be some software running in the agent, but we're trusting GitHub with our secrets and to vet the software, so...

@domenic
Copy link
Member

domenic commented Jun 17, 2020

Yeah, I'm happy to wait for whatever the Docker team comes up with, and either copy it or revisit whether we can use the Docker action.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@domenic domenic domenic approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@foolip @domenic