Add gh-action docs ♨️🥕#3051
Conversation
lilyminium
force-pushed
the
gh-docs
branch
3 times, most recently
from
ed794c2 to
3b32f95
Compare
This reverts commit eaf7051.
Codecov Report
@@ Coverage Diff @@
## gh-actions-ci #3051 +/- ##
=================================================
- Coverage 93.09% 89.85% -3.24%
=================================================
Files 186 174 -12
Lines 24665 23123 -1542
Branches 3196 0 -3196
=================================================
- Hits 22961 20778 -2183
- Misses 1656 2345 +689
+ Partials 48 0 -48
Continue to review full report at Codecov.
|
IAlibay
left a comment
IAlibay
left a comment
There was a problem hiding this comment.
Overall lgtm, just a couple of questions.
I saw some commits linking to your own repo, I'm assuming that was testing & it works?
| run: | | ||
| # place the deploy call here | ||
| echo "Oh, maple syrup roast parsnips [Richard Gowers]" | ||
| python -c 'import os,sys,fcntl; flags = fcntl.fcntl(sys.stdout, fcntl.F_GETFL); fcntl.fcntl(sys.stdout, fcntl.F_SETFL, flags&~os.O_NONBLOCK);' |
There was a problem hiding this comment.
I know this has been around forever, but mostly out of curiosity, what does it actually do?
There was a problem hiding this comment.
I think there used to be a comment somewhere... related to hanging builds? @lilyminium had explained it to me and I promptly forgot.
| cd package/MDAnalysis | ||
| export VERSION=$(python -c "import version; print(version.__version__)") | ||
| cd - | ||
| export GH_DOC_BRANCH=$GITHUB_REF |
There was a problem hiding this comment.
not that it really matters (especially since I think you still need to do the cd - either way), but these could be all put inside an env: block if you happened to think it was cleaner that way.
| git config user.name "${GIT_CI_USER}" | ||
| git config user.email "${GIT_CI_EMAIL}" | ||
| git config user.name github-actions | ||
| git config user.email github-actions@github.com |
There was a problem hiding this comment.
I can't find the gh actions details on this, do you have a reference for these? I keep finding "github-action@users.noreply.github.com", but that's in random github repos :/
There was a problem hiding this comment.
Do you think it matters? Didn't we use in the past "TravisCI@mdanlysis.org" – if anyone wants the commits associated with their name then they could put in theirs, e.g. lilyminium@users.noreply.github.com.
There was a problem hiding this comment.
I guess probably not? This whole area of using gh actions to push to repos just seems sparingly documented (unless I'm missing a really important page), particularly when it comes to examples. But I guess you're right, git doesn't really care if the email address is real.
There was a problem hiding this comment.
@IAlibay you're right I do see the noreply credentials more often; I'm not sure where I stole the original from.
| export VERSION=$(python -c "import version; print(version.__version__)") | ||
| cd - | ||
| export GH_DOC_BRANCH=$GITHUB_REF | ||
| export GH_TOKEN=${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
Does GH-actions obscure encrypted tokens in the logs?
There was a problem hiding this comment.
Is this the old oauth2 token or a new one?
There was a problem hiding this comment.
The secrets.GITHUB_TOKEN is automatically created by GH (edit: so not the old oauth2 token). But, no, Github does not redact secrets if they are printed.
There was a problem hiding this comment.
So yeah this could be an issue if someone is really determined to get it and knows how to google "how to see git secrets"
Edit: https://github.bokerqi.topmunity/t/how-to-see-my-git-secrets/123668/7 actually let's just not merge anything that prints it
There was a problem hiding this comment.
Update: Yes, you can echo {{ secrets.GITHUB_TOKEN }}, but it's a) single-use and b) read-only on forked repositories. This PR from my alt account fails to write to lilyminium/mdanalysis:gh-pages with a permission error.
| cd package/MDAnalysis | ||
| export VERSION=$(python -c "import version; print(version.__version__)") | ||
| cd - | ||
| export GH_DOC_BRANCH=$GITHUB_REF |
There was a problem hiding this comment.
Every env var (except the oauth2 token) could also become a commandline argument for the deploy_docs.sh script. However, as long as it's working the way it is I don't see much need to change it.
There was a problem hiding this comment.
I don't like those because I can never remember which order things are in 😅 Regardless it's probably better than cluttering up the environment. I think I will actually take @IAlibay's suggestion and move things to env / move the whole deployment within gh-ci.yaml, unless there are objections; the general pros for having a separate script (modularity, being able to deploy docs outside of CI) are somewhat negated by the heavy dependence on environment variables set in the CI.
| mv ../${VERSION} $VERSION | ||
|
|
||
| git remote add upstream "https://${GH_TOKEN}@${GH_REPOSITORY}" | ||
| git remote add upstream "https://github-actions:${GH_TOKEN}@${GH_REPOSITORY}" |
There was a problem hiding this comment.
A user name is needed now?
Does it in any way relate to the user.name config?
If this is the case then I would make the script more robust by also passing the name (as env var or commandline argument); I would avoid having hard-coded dependencies between the gh-actions script and the deploy script.
I don't mind, I don't think it really matters either way. If #3040 is ready to merge now (was there anything else left @orbeckst?), then I'd say let's just go ahead and squash merge that one and then have this one target |
|
Sorry I accidentally closed by deleting the gh-actions-ci branch 😱 I've re-added it for now just in case. |
|
Superseded by #3053. |
3 participants
Fixes #3046
Changes made in this Pull Request:
Built dev / 2.0.0 docs here
Targeted to #3040 but could target to develop instead of we prefer to keep this separate.
PR Checklist