Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Gitea secrets storage and management #14483
Add Gitea secrets storage and management #14483
Changes from 25 commits
6b24ada
47c472a
64a91b4
9f2d204
368c97e
d39f7c4
9465c13
eb2b139
f4df973
abde871
b1e8915
a077ee2
5b1044a
834c7c1
8e1291d
1788de5
0a3be05
a0ebf78
319da15
b08114b
073656c
f89bd80
850d936
41310a7
e54785a
ccb57c8
e30f532
29e4f6b
b01b2a9
a1aee64
4c8f590
bc999bd
41e9be0
2c7ae0c
dd84d07
f5effc1
c08fc15
44ca6bf
6fcb7bf
b79b156
acc0c12
c754525
eb5bcec
3183368
e86e30f
e6cee41
641d37a
7c82f7a
f9d58d4
aa10928
f738069
5103f1d
a23241f
9f8fdaa
b32bb7a
23dd7a7
a8c192d
f1ef5ae
4a2676e
5aa55fe
d1a729b
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OwnerID
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Solved.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we also store
UpdatedUnix
?Or should we perhaps only store
UpdatedUnix
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think so, we can only add or remove a secret, so there's no "updated time".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and given my suggestion above, the case
case s.UserID == 0
should also return an error.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why? If it's a repo secret, the OwnerID(aka UserID) should be 0. So the secret has nothing to do with the repo's owner, and works well with repo transferring.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, since we don't need to change our assumptions anymore, that's not needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't that placeholder redundant?
It doesn't serve any purpose.
It would only have a purpose if it clarified for example how surounding whitespace is handled.
Speaking of which: Do we strip surrounding whitespace already? I hope so as that is in general much more user-friendly…
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Assuming my suggestion above is implemented:
Then suddenly this placeholder isn't redundant anymore.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Solved in the new PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm almost in favor of setting
context.OrgAssignment(true, true)
here as a duplicate middleware simply to ensure that there is no chance ever that someone changes the permissions below and doesn't notice that the secrets are now publicly available.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's unnecessary. Even if it does happen, the secret value is still not visible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we copyright the year the code was written, or the year it is merged?
I would have thought it is the year it is merged…
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I've also mentioned it above, but here it is again:
I think it would be a good idea to strip leading and trailing whitespace from secrets.
There is only a marginal benefit in not doing it (who has a secret that starts or ends with whitespace?).
However, there is a huge benefit for usability, since many copying programs add for example whitespace at the end, meaning you would get an invalid secret that you first have to debug why it isn't working.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Solved in the new PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a name mismatch here:
InsertOrgSecret
andFindUserSecrets
. I would rename both toOwner
. Maybe change the structs member too.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree about the struct fields.
But we should find a name to stick with as
OwnerSecret
sounds abolutely wrong to me and doesn't clarify the difference toRepoSecret
s enough.What about
UserSecret
s instead, even if they can also be for an organization?