Extract embedded secrets and make them configurable #30
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
Ndpnt
commented
Feb 15, 2024
•
Ndpnt
commented
- Extract embedded secrets and make them configurable
- Remove the insecure SSH option used to clone repositories, which disabled protection against Man-in-the-Middle attacks.
- No longer force the use of the OTA-Bot's SSH key to connect to GitHub.com at server level, it's now done at the command level
- Move the installation of the OTA-Bot's SSH key from the infrastructure role to the engine role, where it is actually used.
- Simplify the setup of snapshots and versions repositories by using the ansible builtin Git module
The `accept_hostkey` option disables protection against MITM attacks
Ndpnt
force-pushed
the
externalize-secrets
branch
from
bf00369 to
8e71cf4
Compare
MattiSG
reviewed
Feb 16, 2024
Co-authored-by: Matti Schneider <[email protected]>
The `accept_hostkey` option disables protection against MITM attacks
MattiSG
reviewed
Feb 16, 2024
README.md
Outdated
| @@ -168,6 +234,8 @@ Then the code can be deployed to the running machine with all the options descri | |||
|
|
|||
| ### Test collection | |||
|
|
|||
| _The testing environment is preconfigured for Open Terms Archive maintainers. For other contributors, the configuration file `tests/engine_config.json` needs to be updated to specify repositories where they have authorizations. Additionally, the `ota_engine_github_bot_private_key` value in the inventory file `tests/inventory.yml` should be updated._ | |||
|
|
|||
| Test locally the changes to the collection before opening a pull request: | |||
There was a problem hiding this comment.
Is there a missing command or sentence here? 🤔
MattiSG
approved these changes
Feb 16, 2024
README.md
Outdated
| @@ -168,6 +234,8 @@ Then the code can be deployed to the running machine with all the options descri | |||
|
|
|||
| ### Test collection | |||
|
|
|||
| _The testing environment is preconfigured for Open Terms Archive maintainers. For other contributors, the configuration file `tests/engine_config.json` needs to be updated to specify repositories where they have authorizations. Additionally, the `ota_engine_github_bot_private_key` value in the inventory file `tests/inventory.yml` should be updated._ | |||
There was a problem hiding this comment.
Not sure about the need to use italic 🙂
clementbiron
approved these changes
Feb 20, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.