Feature/init command #273
Feature/init command #273
Conversation
There was a problem hiding this comment.
I had a quick first look at this and wrote some comments. :-)
Some more that don't fit in the code:
- The Zenodo oauth application says "Application 'hermes-init-oauth' by '' wants permission to access your 'd.pape@hzdr.de' account." It would be nice if this was the hermes mailbox address instead of your private one.
- The same for GitHub which currently says "hermes-init-oauth by nheeb". Maybe the softwarepub group can be used here?
- During GitHub OAuth, I run into an error. Afterwards the CLI was stuck.
An error occurred during execution of init
ERROR:hermes.cli:An error occurred during execution of init
DEBUG:hermes.cli:Original exception was: Failed to retrieve public key: 404 {"message":"Not Found","documentation_url":"https://docs.github.com/rest/actions/secrets#get-a-repository-public-key","status":"404"}
Unfortunately, I'm clueless about OAuth, so I have no idea what is going wrong.
| client_id = 'Ov23ctl0gNzr9smeVIHR' | ||
| client_secret = 'd516303374f7e55189fe74fb2af77f31a965ad57' |
There was a problem hiding this comment.
Is this supposed to be here?
There was a problem hiding this comment.
At least the secrets should be stored somewhere else in the end.
There was a problem hiding this comment.
Looking at https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps the only way to avoid storing this secret somewhere is by using a different flow, like the device flow.
It might be a good idea to switch to this, as there is a possibility this first idea of using a browser redirect might not work with JupyterHub. Needs testing.
There was a problem hiding this comment.
On a related note: let's create an organization based OAuth app for this, avoiding a bus factor = 1.
https://github.com/organizations/softwarepub/settings/applications
In the same go, we should probably also create an app on Helmholtz Codebase (https://codebase.helmholtz.cloud/groups/softwarepub/-/settings/applications)
| sandbox_client_id = 'QJ8Q9GBI78uOdNmVNK1Vd0oAOJHqmYGvxRxiSFxt' | ||
| sandbox_client_secret = 'nGuOqoDtd2tckP6lmQS3If3cY39lPLKLU8skcv72JeowNupMD2bnLparsGO9' | ||
| real_client_id = 'L0d9HQVW4Ig9PnC6qh6zkOAwgvYy08GcmHJqVVvV' | ||
| real_client_secret = '0HIvtC2D2aPvpq2W0GtfWdeivwkqvnvrOTGx14nUJA5lDXrEDSaQAnqxHbLH' |
There was a problem hiding this comment.
Is this supposed to be here?
There was a problem hiding this comment.
It should be possible to use a public client with Zenodo, at least you can create a client of type "public"
There was a problem hiding this comment.
Also: we should probably create a shared softwarepub account to create these clients, avoiding a bus factor = 1.
(I created an account on Zenodo + Sandbox explicitely for Oauth, happy to share)
|
Oh I see. I got a 404 because I gave a random git remote URI that doesn't exist but the code actually accesses my repo. 🤦🏻♂️ |
Co-authored-by: David Pape <d.pape@hzdr.de>
Co-authored-by: David Pape <d.pape@hzdr.de>
Co-authored-by: David Pape <d.pape@hzdr.de>
Co-authored-by: David Pape <d.pape@hzdr.de>
There was a problem hiding this comment.
Overall this is a very good start. I agree with all of the points from @zyzzyxdonta and added some more 🙈
@nheeb I also noticed flake8 is unhappy. You can execute it locally using poetry run task flake8 with our configuration.
| client_id = 'Ov23ctl0gNzr9smeVIHR' | ||
| client_secret = 'd516303374f7e55189fe74fb2af77f31a965ad57' |
There was a problem hiding this comment.
On a related note: let's create an organization based OAuth app for this, avoiding a bus factor = 1.
https://github.com/organizations/softwarepub/settings/applications
In the same go, we should probably also create an app on Helmholtz Codebase (https://codebase.helmholtz.cloud/groups/softwarepub/-/settings/applications)
| # 3. Check if you want to run with '--initial', as this may potentially create a completely new record (collection), | ||
| # rather than a new version of the same collection! | ||
| - run: hermes deposit --initial -O invenio_rdm.auth_token ${{ secrets.ZENODO_SANDBOX }} --file showcase.zip --file README.md | ||
| - if: ${{ env.ZENODO_TOKEN_REFRESH != '' }} |
There was a problem hiding this comment.
I'm pretty sure this will not work. Within GH Actions you need to use sth like echo "key=value" >> "${GITHUB_ENV}" to actually get the desired var out ouf one step into the runner env. I suggest using files to cache this.
src/hermes/commands/init/base.py
Outdated
| if line.startswith("*"): | ||
| info.current_branch = line.split()[1].strip() | ||
| break | ||
| info.uses_github = "github" in info.git_remote_url |
There was a problem hiding this comment.
info.git_remote_url.startswith("https://github.com") would be safest (or use urlparse and check netloc == "github.com").
The init command is now working with Oauth. Zenodo Oauth saves the refresh token in the secret and deposit can now use a refresh token to get an access token.