docker-builder icon indicating copy to clipboard operation
docker-builder copied to clipboard

Published 20 hours ago verified publisher icon rafecolton

Providing GitHub API token if building with webhook?

Open rafecolton opened this issue 9 years ago • 3 comments

If no API token is provided to the build server itself, and the request comes through on a webhook as opposed to a request to /docker-build, it wouldn't be possible to clone down a private repo. Do we care? If so, proposed solutions?

rafecolton avatar Jul 11 '14 21:07 rafecolton

I care :smiley_cat:

Why can't we accept an API token in the body of the webhook request? In the case of Travis webhooks, the entire .travis.yml is sent in the payload, so there's an opportunity to read the token from there in the case of private repositories that aren't encrypting the value.

meatballhat avatar Jul 14 '14 15:07 meatballhat

Yeah, that would handle the above case, since it would not be necessary to encrypt the value in a private repo. Are there any standards around where in the .travis.yml to put the value?

rafecolton avatar Jul 14 '14 19:07 rafecolton

It's nice to namespace your stuff, but that's about it.

meatballhat avatar Jul 21 '14 15:07 meatballhat