Closed
Bug 1037466
Opened 10 years ago
Closed 9 years ago
Let's grant a-team permission to upload (certain) pypi packages
Categories
(Release Engineering :: General, defect)
Release Engineering
General
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: pmoore, Unassigned)
References
Details
Currently ateam has to request a package to be uploaded to pypi server.
Maybe we can grant them access, to avoid a releng bottleneck?
What are your thoughts on this dustin? I think setuptools provides a publish mechanism, but I don't know if that is compatible with our setup on the web heads. (something like python setup.py sdist upload ?) or maybe pip has a similar mechanism? Not sure what we need on the relengwebadm side though to achieve this, and how we'd handle authentication/authorization?
This might be more suitable than setting up full ssh access. Also not sure how we would make sure a-team couldn't accidentally change releng existing packages...
This could be one of the steps in line with our goal this year to eliminate monkey work from build duty.
Updated•10 years ago
|
Summary: Let's grant a team permission to upload (certain) pypi packages → Let's grant a-team permission to upload (certain) pypi packages
Comment 1•10 years ago
|
||
To be honest, I don't have any good ideas on how to solve this. The sdist upload stuff seems to hard-code pypi.python.org.
The closest thing I can think of at Mozilla is the tooltool uploads, and that wound up being a decent amount of infrastructure (a dedicated VM, with a lot of puppety goodness to handle ssh logins).
Other options I can think of:
* a checked-in manifest somewhere with names, URLs, and hashes
- and a crontask to update that manifest and download anything not already in place
- benefit: hashes checked regularly on all packages
- benefit: automatically get history on why package X was added, from 'hg blame'
- downside: delay between checkin and package appearing
* an LDAP-authenticated webapp allowing uploads
- this could check for filename collisions by opening files with O_EXCL
- could be part of relengapi (meaning uploads could be scripted using tokens!)
My plate's a little full to do much of the work on either of those, but I'm happy to work with someone else!
Reporter | ||
Comment 2•9 years ago
|
||
Shall we close this as WONTFIX now? Or are there any new mechanisms e.g. in RelEngAPI that would enable this?
Flags: needinfo?(dustin)
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(dustin)
Resolution: --- → WONTFIX
Assignee | ||
Updated•8 years ago
|
Component: Tools → General
You need to log in
before you can comment on or make changes to this bug.
Description
•