Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitLab: Alternative approach to cml-send-comment and cml-publish #298

Closed
tmaier opened this issue Oct 8, 2020 · 5 comments
Closed

GitLab: Alternative approach to cml-send-comment and cml-publish #298

tmaier opened this issue Oct 8, 2020 · 5 comments
Assignees
@casperdcl
Labels
cml-publish Subcommand

Comments

@tmaier
Copy link

tmaier commented Oct 8, 2020

  • CML currently posts its results as a comment to a merge request

This raises multiple concerns

  • One user must expose a PRIVATE_TOKEN as secret variable in the project. There is the danger of leaking the credentials and thus, access rights
  • cml-publish stores images on an external server, which is again a security validation in certain scenarios. (see Self-host https://assets.cml.dev #291)

Proposed solution
@dmpetrov dmpetrov mentioned this issue Oct 14, 2020
Closed
@DavidGOrtega
Copy link
Contributor

DavidGOrtega commented Oct 16, 2020
edited
Loading

@tmaier this proposal is for GL mostly right?

The thing is that we have to provide the same API for any scm vendor. base64 images idea its not supported in GH however I like the idea of offering a base64 output in cml-publish for other vendors. We might see the viability and scm limits with this approach.

One user must expose a PRIVATE_TOKEN as secret variable in the project. There is the danger of leaking the credentials and thus, access rights

I don't see the issue here, its a secret inside your scm. They already know it and there is not way to retrieve it because its a secret.

@DavidGOrtega DavidGOrtega added the cml-publish Subcommand label Feb 23, 2021
@clamydo
Copy link

clamydo commented Mar 19, 2021

An additional base64 option wouldn't hurt scm agnosticism, so I do not see a downside. Or to put it differently, I like the idea 👍

This could partly also solve the issues with proxies #336, or if I am not allowed to share pictures/plots with external providers.

@clamydo
Copy link

clamydo commented Mar 23, 2021
edited
Loading

For people navigating here through search, I'd like to point out the now possibility to use Gitlabs Artifact system within CML with something like

vl2png vega.json | cml-publish --md --gitlab-uploads >> report.md

or rather

vl2png vega.json | cml-publish --md --native >> report.md

@dacbd
Copy link
Contributor

dacbd commented Jun 10, 2022

I feel this is closable? If not let's reopen with a clear change that needs to happen? @iterative/cml

@dacbd dacbd closed this as completed Jun 10, 2022
@casperdcl
Copy link
Contributor

seems to be closable in favour of #291

@casperdcl casperdcl self-assigned this Jun 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@casperdcl casperdcl

Labels
cml-publish Subcommand
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tmaier @DavidGOrtega @dacbd @casperdcl @clamydo