feat: Add token auth to GitLab/GitHub hosting providers #1761
Conversation
tdido
changed the title
tdido
changed the title
tdido
changed the title
tdido
changed the title
|
Converting to draft as during some testing I realised the "conda_env" path doesn't contain the token e.g. when using a module in a private repo that contains a conda environment. Looking into it now. @johanneskoester any comments would be appreciated. |
|
Example error message: So it's treating the environment URL as local. I guess the module import requires redefining the env in this case? |
Co-authored-by: Johannes Köster <johannes.koester@uni-due.de>
|
Kudos, SonarCloud Quality Gate passed!
|
|
@johanneskoester seems like conda env files are still fetched without the token. I've tested hardcoding it in the conda deployment file [1] and it works. Any pointers on the best way to make the token available there? |
|
Kudos, SonarCloud Quality Gate passed!
|
|
Kudos, SonarCloud Quality Gate passed!
|
|
Hey @johanneskoester. I've had to change the approach since I couldn't find a way to get environment files to use the token with the previous approach. It now would seem like all cases are covered, although it implies adding a command line argument for the hosting provider token. Please let me know what you think. |
|
A cli arg for the token is not an option IMHO, because then the token will be inside of the bash history, which is a security risk. Can you explain what exactly fails when just fetching the token from os.environ? |
|
Right, yes, that makes sense. The failure I was referring to was the one when adding the argument to the gitlab() function, where it doesn't pass the token to the conda environments it fetches. I'll change the cli arg to os.environ instead, should be straightforward. |
|
@johanneskoester I've switched to using an env variable for the token and it seems to be working fine. Please let me know whether the implementation looks OK. |
|
Can you please run black on your changes? |
There was a problem hiding this comment.
Almost forgot: could you also add a sentence about the use of the two env vars to the respective section in the docs? (this one)
|
Kudos, SonarCloud Quality Gate passed!
|
🤖 I have created a release *beep* *boop* --- ## [7.20.0](v7.19.1...v7.20.0) (2023-01-18) ### Features * add tes token ([#1966](#1966)) ([59a8fa0](59a8fa0)) * Add token auth to GitLab/GitHub hosting providers ([#1761](#1761)) ([e03a3b4](e03a3b4)), closes [#1301](#1301) * allow for human friendly resource definitions (e.g. mem="5GB", runtime="1d") ([#1861](#1861)) ([24610ac](24610ac)) ### Bug Fixes * 🐛 - fix hyperlink ([#2046](#2046)) ([9519d31](9519d31)) * Catch missing error stream in Slurm executor ([#2063](#2063)) ([c21fc7e](c21fc7e)) * correctly parse empty values in config cli ([#2032](#2032)) ([1b0689d](1b0689d)) * Correctly parse UserDicts in executors ([#2016](#2016)) ([e3926fa](e3926fa)) * Fix handling of --jobs in no-exec state ([#2029](#2029)) ([e8e8222](e8e8222)) * make `--show-failed-logs` handle empty log files ([#2039](#2039)) ([683c6f2](683c6f2)), closes [#2023](#2023) * make python version check more robust ([#2058](#2058)) ([e685621](e685621)) * parsing error when last line is comment ([#2054](#2054)) ([a928dd4](a928dd4)) * prevent overriding of retries when set to 0 ([#2053](#2053)) ([a328f3e](a328f3e)) * propagate attempt count from group to subjobs ([#2052](#2052)) ([da3f1c0](da3f1c0)) * remove overflow from rulegraph div in report ([9a0aaa7](9a0aaa7)) * skip type checks of missing dir in touch mode ([#2051](#2051)) ([ae00c25](ae00c25)) * slurm default_resources quoting ([#2043](#2043)) ([47d3fc3](47d3fc3)) * Update list of python versions in classifiers ([#2020](#2020)) ([7a98100](7a98100)) * use short argument name for `--chdir` for compatibility with Slurm <=v17 ([#2040](#2040)) ([a9ed3ec](a9ed3ec)) ### Documentation * Fix typo in SLURM help text ([#2049](#2049)) ([79b7025](79b7025)) * mention XDG_CACHE_HOME ([#2057](#2057)) ([ec2ef45](ec2ef45)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
🤖 I have created a release *beep* *boop* --- ## [7.20.0](snakemake/snakemake@v7.19.1...v7.20.0) (2023-01-18) ### Features * add tes token ([snakemake#1966](snakemake#1966)) ([59a8fa0](snakemake@59a8fa0)) * Add token auth to GitLab/GitHub hosting providers ([snakemake#1761](snakemake#1761)) ([e03a3b4](snakemake@e03a3b4)), closes [snakemake#1301](snakemake#1301) * allow for human friendly resource definitions (e.g. mem="5GB", runtime="1d") ([snakemake#1861](snakemake#1861)) ([24610ac](snakemake@24610ac)) ### Bug Fixes * 🐛 - fix hyperlink ([snakemake#2046](snakemake#2046)) ([9519d31](snakemake@9519d31)) * Catch missing error stream in Slurm executor ([snakemake#2063](snakemake#2063)) ([c21fc7e](snakemake@c21fc7e)) * correctly parse empty values in config cli ([snakemake#2032](snakemake#2032)) ([1b0689d](snakemake@1b0689d)) * Correctly parse UserDicts in executors ([snakemake#2016](snakemake#2016)) ([e3926fa](snakemake@e3926fa)) * Fix handling of --jobs in no-exec state ([snakemake#2029](snakemake#2029)) ([e8e8222](snakemake@e8e8222)) * make `--show-failed-logs` handle empty log files ([snakemake#2039](snakemake#2039)) ([683c6f2](snakemake@683c6f2)), closes [snakemake#2023](snakemake#2023) * make python version check more robust ([snakemake#2058](snakemake#2058)) ([e685621](snakemake@e685621)) * parsing error when last line is comment ([snakemake#2054](snakemake#2054)) ([a928dd4](snakemake@a928dd4)) * prevent overriding of retries when set to 0 ([snakemake#2053](snakemake#2053)) ([a328f3e](snakemake@a328f3e)) * propagate attempt count from group to subjobs ([snakemake#2052](snakemake#2052)) ([da3f1c0](snakemake@da3f1c0)) * remove overflow from rulegraph div in report ([9a0aaa7](snakemake@9a0aaa7)) * skip type checks of missing dir in touch mode ([snakemake#2051](snakemake#2051)) ([ae00c25](snakemake@ae00c25)) * slurm default_resources quoting ([snakemake#2043](snakemake#2043)) ([47d3fc3](snakemake@47d3fc3)) * Update list of python versions in classifiers ([snakemake#2020](snakemake#2020)) ([7a98100](snakemake@7a98100)) * use short argument name for `--chdir` for compatibility with Slurm <=v17 ([snakemake#2040](snakemake#2040)) ([a9ed3ec](snakemake@a9ed3ec)) ### Documentation * Fix typo in SLURM help text ([snakemake#2049](snakemake#2049)) ([79b7025](snakemake@79b7025)) * mention XDG_CACHE_HOME ([snakemake#2057](snakemake#2057)) ([ec2ef45](snakemake@ec2ef45)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Description
This PR adds
an optional "token" argumentthe ability to get a token from environment variables to thegitlab()andgithub()code hosting provider. This allows for the usage of modules stored in private repositories.QC
docs/) is updated to reflect the changes or this is not necessary (e.g. if the change does neither modify the language nor the behavior or functionalities of Snakemake).Closes #1301