Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upSupport login tokens for multiple registries #4680
Conversation
dethoter
and others
added some commits
Jun 22, 2017
rust-highfive
assigned
matklad
Oct 30, 2017
This comment has been minimized.
This comment has been minimized.
rust-highfive
commented
Oct 30, 2017
|
r? @matklad (rust_highfive has picked a reviewer for you, use r? to override) |
cswindle
referenced this pull request
Oct 30, 2017
Merged
Add support for publish to optionally take the index that can be used #4568
alexcrichton
reviewed
Oct 30, 2017
| let config = src.config()?.unwrap(); | ||
| options.flag_host.clone().unwrap_or(config.api.unwrap()) | ||
| } | ||
| }; | ||
| println!("please visit {}me and paste the API Token below", host); |
This comment has been minimized.
This comment has been minimized.
alexcrichton
Oct 30, 2017
Member
Hm I think this should only get printed for the crates.io registry, right? We may not want to assume the layout of another registry per se just yet, and instead we could probably just return an error if no token was passed and --registry was passed?
This comment has been minimized.
This comment has been minimized.
cswindle
Oct 30, 2017
Author
Contributor
I was wondering if the /me API should be required for publish, I am happy to switch to just return an error stating that the token should be provided.
This comment has been minimized.
This comment has been minimized.
alexcrichton
Oct 30, 2017
Member
Yeah this is one where we haven't done much to sketch out the path towards "what does a custom registry need HTTP-wise", so I think it's ok to err on the side of caution for now and just return an error
alexcrichton
reviewed
Oct 30, 2017
| let (index, token) = match registry { | ||
| Some(registry) => { | ||
| let index = Some(config.get_registry_index(®istry)?); | ||
| let table = config.get_table(&format!("registry.{}", registry))?.map(|t| t.val); |
This comment has been minimized.
This comment has been minimized.
alexcrichton
Oct 30, 2017
Member
Could this use get_string perhaps? That'll allow overrides via env var (table support isn't implemented there yet)
This comment has been minimized.
This comment has been minimized.
cswindle
Oct 30, 2017
Author
Contributor
I did originally try using get_string, but that caused problems if there was a '.' in the registry name (which I think is allowed). I will have a play and see if I can get something working.
This comment has been minimized.
This comment has been minimized.
cswindle
Oct 31, 2017
Author
Contributor
Turns out it does just work switching to get_string, so I have made the change.
alexcrichton
reviewed
Oct 30, 2017
| @@ -545,6 +545,14 @@ impl Config { | |||
| } | |||
| } | |||
|
|
|||
| /// Gets the index for a registry. | |||
| pub fn get_registry_index(&self, registry: &str) -> CargoResult<String> { | |||
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
Looking great! Could this also be sure to place the support behind a feature gate? To do something like rustc it means we'd add a |
alexcrichton
referenced this pull request
Oct 30, 2017
Closed
Replace `cargo login --host` with `cargo login --index`. #4613
cswindle
added some commits
Oct 30, 2017
This comment has been minimized.
This comment has been minimized.
|
@alexcrichton, I have now made all the changes that you requested as part of your review. |
| // Now perform the actual publish | ||
| assert_that(p.cargo("publish").masquerade_as_nightly_cargo() | ||
| .arg("--registry").arg("alternative").arg("-Zunstable-options"), | ||
| execs().with_status(101)); |
This comment has been minimized.
This comment has been minimized.
alexcrichton
Oct 31, 2017
Member
Could you add an assertion about stderr here to ensure it prints the right error message?
| // Now perform the actual publish | ||
| assert_that(p.cargo("publish").masquerade_as_nightly_cargo() | ||
| .arg("--registry").arg("alternative").arg("-Zunstable-options"), | ||
| execs().with_status(0)); |
This comment has been minimized.
This comment has been minimized.
alexcrichton
Oct 31, 2017
Member
Hm could you describe the behavior of this test a bit? Presumably this is sending a POST which I guess is "uploading" a file to the local filesystem?
If that's the case, can this assert that the file was created? I think the binary format is pretty crazy so it's ok to not actually look inside the file, but asserting at least that it exists may be good?
This comment has been minimized.
This comment has been minimized.
cswindle
Oct 31, 2017
Author
Contributor
This is just performing an upload to the local registry in the same way that publish_clean currently works (with the only change that we are going to an alternate registry), I am not too keen on adding too much extra checking of the actual registry contents as that will likely be a remote server which we will be receiving the package normally. Are you happy for me to not make this change?
This comment has been minimized.
This comment has been minimized.
alexcrichton
Oct 31, 2017
Member
Oh yeah I was just thinking we could assert that a file exists on the filesystem somewhere. Basically assert that the upload happened to the alternative registry here and not the "main registry"
| @@ -7,7 +7,7 @@ extern crate toml; | |||
| use std::io::prelude::*; | |||
This comment has been minimized.
This comment has been minimized.
alexcrichton
Oct 31, 2017
Member
This (and I think at least one other file?) I think changed from 644 permissions to 755, mind reverting back?
This comment has been minimized.
This comment has been minimized.
| [registries.test-reg] | ||
| index = "http://dummy_index/" | ||
| [registries.test.reg] |
This comment has been minimized.
This comment has been minimized.
alexcrichton
Oct 31, 2017
Member
This actually reminds me, at some point we're going to want validation on the names of registries I think? Probably for now (to start conservative at least) we probably want to restrict registries to [a-zA-Z0-9_-] probably?
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
cswindle
Oct 31, 2017
Author
Contributor
In that case I will remove the test for test.reg and remove this entry. I will also add this to the issue list for stabilization.
| if let Some(registry) = registry { | ||
| let mut map = HashMap::new(); | ||
| map.insert(key, value); | ||
| (registry, CV::Table(map, file.path().to_path_buf())) |
This comment has been minimized.
This comment has been minimized.
alexcrichton
Oct 31, 2017
Member
I think this is building up a TOML file like:
[my-registry-name]
token = "..."right?
That seems fine by me for now (although maybe registry.foo for consistency with specifying the index?), but one thing I'm a little worried about is that we're making a lot of decisions in a bit of an ad-hoc fashion. I think all the conclusions are fine so far, but it'd be good to have a list of "here's the design decisions that were made" when we go for stabilizing custom registries.
Mind opening a tracking issue for custom registries (or appending to one that already exists?). I'm thinking we could track things like the --registry flag, my concern below for the naming of the registry identifiers, the format of the credentials file, the configuration syntax in .cargo/config for custom registries, etc.
Basically I'm thinking we should just track somewhere "here's what we need to be sure about for stabilization" and we can throw concerns/thoughts/implementation details on that as they arise.
This comment has been minimized.
This comment has been minimized.
cswindle
added some commits
Oct 31, 2017
This comment has been minimized.
This comment has been minimized.
|
Ok looks great! r=me with an assertion that the publish happens to the right registry (asserting that a file exists) |
This comment has been minimized.
This comment has been minimized.
|
@alexcrichton, I have added the additional test that you asked for. |
This comment has been minimized.
This comment has been minimized.
cswindle
referenced this pull request
Nov 1, 2017
Closed
Areas requiring agreement for stabilization of alternative registries #4688
This comment has been minimized.
This comment has been minimized.
|
@bors: r+ Looks great! |
This comment has been minimized.
This comment has been minimized.
|
|
This comment has been minimized.
This comment has been minimized.
bors
added a commit
that referenced
this pull request
Nov 1, 2017
This comment has been minimized.
This comment has been minimized.
|
|
cswindle commentedOct 30, 2017
This pull request builds on #4206 to support login using the the registry from alternate registries (RFC 2141). This includes the following changes:
Note that this does not include a feature gate on the use of --registry as the publish code blocks publish if we use any features. @alexcrichton, are you happy with this approach, or is there a way that you would recommend this should be relaxed for testing purposes?