Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Homebrew installation method #111

Closed
wants to merge 1 commit into from
Closed

Add Homebrew installation method #111

wants to merge 1 commit into from

Conversation

kmcquade
Copy link
Contributor

Homebrew basically installs from any Git repo (GitHub by default) so you can try the installation by pointing to my fork:

brew tap kmcquade/parliament https://github.com/kmcquade/parliament
brew install parliament
parliament --help

^^ The above shows that when this is merged into duo-labs/parliament, you can install via brew tap duo-labs/parliament https://github.com/duo-labs/parliament

FYI @0xdabbad00

@0xdabbad00
Copy link
Collaborator

It sounds like I don't need to get a "homebrew account" or something? And that people will just have to run that brew tap command before brew install. That seems easier. It looks like this means the following:

  • The head on master needs to be the release version at all times. This is fine, as that has been the case anyway.
  • Anytime I update the libraries in the requirements.txt, I need to run update-brew.

@kmcquade
Copy link
Contributor Author

Homebrew basically points to a Git repository. By default, it points to GitHub. No "homebrew account" or anything.

  • In master, the only thing that needs to be up to date is the HomebrewFormula/parliament.rb file. That gathers the most recent package published to PyPi at the time the command is run.

Anytime I update the libraries in the requirements.txt, I need to run update-brew.

Kind of. When you run brew install after brew tap <point to git repo>, it looks in the git repo for HomebrewFormula/parliament.rb and nothing else from the Git repo. Then it downloads and installs the packages specified in parliament.rb following the Homebrew approach.

So, let me explain how it impacts workflow:

  • Tag new release
  • This causes GitHub actions to publish a new package to PyPi
    • At the point in time before the PyPi package is published, the tagged commit will actually include a parliament.rb file that refers to the previous version.
    • After it publishes to PyPi, you'd have to push a new commit and update the parliament.rb file in order to have the brew install actually install the latest version.
  • It's odd that because of this, it will always lag behind. But it's a simpler installation method for many people and I'd argue the extra commits are worth it.
  • If you want to use GitHub actions to automate the above process, you can follow the process that checkov uses - https://github.com/bridgecrewio/checkov/blob/master/.github/workflows/build.yml#L97

@0xdabbad00
Copy link
Collaborator

0xdabbad00 commented May 11, 2020

@kylelady Thoughts on this? I don't think it really changes any concerns we would have and shouldn't add any work for us to maintain. I don't know if this open any threats, like maybe someone makes a "real" brew package named "parliament" that is backdoored and gets priority in downloads?

Part of me wants to focus Parliament on doing as few things as possible for me to worry about breaking/maintaining/supporting, but I don't think this would cause any problems and we can back it out. In general this LGTM, but I don't have a compelling reason to include parliament n Homebrew.

@0xdabbad00
Copy link
Collaborator

In thinking about this more, although it shouldn't add any work for me. I want to keep Parliament as simple as possible (for me), and being able to brew install it, I don't think it improves the project much. Thank you for taking the time @kmcquade to put this together and explain it, but I'm going to close this without merging it.

@0xdabbad00 0xdabbad00 closed this May 18, 2020
@0xdabbad00 0xdabbad00 mentioned this pull request Jan 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants