Changes between Version 1 and Version 2 of Ticket #4098, comment 17


Ignore:
Timestamp:
2024-11-12T16:49:48Z (37 hours ago)
Author:
btlogy
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #4098, comment 17

    v1 v2  
    1717* There is an alternative way to create an org. on CircleCI using mostly email and password, but it involved a lot of manual steps and does not cover (easily) all the usual workflows (e.g.: PR from fork)
    1818* CircleCI should checkout the code of a project using HTTPS, unless there is a private SSH key available in the CircleCI settings.
    19 * There is at least 3 different way CircleCI can have that key setup:
    20   1. a CircleCI/Tahoe-LAFS admin user manually add an authorized private key (preferably a deploy key unique to the project/repo)
    21   2. a CircleCI/Tahoe-LAFS admin gives (way too many) permissions to CircleCI/OAuth to automatically create and authorize a new key.
     19* CircleCI propose 2 different ways to setup an SSH key for checkout:
     20  1. a CircleCI/Tahoe-LAFS admin user manually add an authorized private key (preferably a '''deploy key''' unique to the project/repo)
     21  2. a CircleCI/Tahoe-LAFS admin gives (way too many) permissions to CircleCI/OAuth to automatically create and authorize a new '''user key'''.
    2222* However, we've found a few projects where there is currently no SSH key, maybe automatically removed by someone leaving the project (unlikely IMHO), and regardless, CircleCI tries and fails to checkout via SSH (`Load key "/tmp/nobody/.ssh/id_rsa": error in libcrypto`).
    2323* As we are suspecting for other project, adding a new SSH key and removing it directly after seems to cleanup the dirt in the pipe and forces CircleCI to using HTTPS to checkout (WiP).