-
Notifications
You must be signed in to change notification settings - Fork 225
GitHubBinding should align with expectations of the hub
CLI
#1185
Comments
Here's a sample where we did this for the |
If I understand well this proposal, it seems contrary to proper security best practices which it to not use environment variables for storing secrets. Just saying... |
@lionelvillard could one not load the token into ~/.config/hub instead of envvar? |
Determining the home die may be tricky, but that is also what I would prefer. An alternative would be to file a feature request to support overriding the location of the file (like DOCKER_CONFIG), if it doesn’t exist already. In fact it might even be possible to send a PR 🤔 |
@lberk yes that should work for the single-tenant github receive adapter. |
I can tackle this if no one mind /assign |
off-topic:
will provide |
TBH, I think we can surface both, assuming they don't conflict. I knew Github had two CLIs (I just figured they'd deprecated one 🙄), but we should align with whichever is more popular, or newer, or both. 🤣 |
Okay, turned out that both |
@antoineco any thoughts on this one ? |
This issue is stale because it has been open for 90 days with no |
I was musing about this with @lberk this morning, wanted to get it into an issue so we don't lose the idea.
Essentially the idea is that instead of inventing our own contract for projecting credentials into a process that we align with the credential model of established tooling. When @evankanderson was talking about the
hub
CLI in another context this morning it made me realize that we should probably makeGitHubBinding
setup the environment such thathub
"just works(tm)".@lberk found this description of the
hub
auth model:This seems like it would be fairly trivial for us to align on.
The text was updated successfully, but these errors were encountered: