Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Toggle for SSH GitHub Fetch #107

Open
wavefunction91 opened this issue May 17, 2023 · 2 comments · May be fixed by #108
Open

Add Toggle for SSH GitHub Fetch #107

wavefunction91 opened this issue May 17, 2023 · 2 comments · May be fixed by #108
Labels
enhancement New feature or request

Comments

@wavefunction91
Copy link

Is your feature request related to a problem? Please describe.

Proper OpSec requires expiring OAuth tokens -> Expiring OAuth tokens means needing to update CMake toolchains entirely too often. Luckily, every GH Repo can be accessed via SSH (https://github.com/REPO -> [email protected]:REPO) which allows us to use our super-secret-ssh-key to access private repositories without the headache!

Seems that you've thought about this based on the comments, but no solution other than manual specification of the URL as an SSH URL is possible at this time. As there's a one-to-one with (default) HTTPS/SSH access to GH, it might make sense to enable this with a simple toggle

Describe the solution you'd like

Having an option (e.g. CMAIZE_GITHUB_USE_SSH) to switch to SSH GH access would be desireable. I've done this locally via addition of the following to CMaize/cmake/cmaize/package_managers/cmake/dependency/github.cmake after URL discovery:

if ( _bd_private AND CMAIZE_GITHUB_USE_SSH )
  string(REPLACE "github.com/" "${CMAIZE_GITHUB_SSH_PREFIX}:" _bd_url "${_bd_url}")
endif( )

where CMAIZE_GITHUB_SSH_PREFIX defaults to [email protected]. If this is a sufficient fix, I'll PR it, if there's more that would need to be done infrastructurally, this is meant to start the discussion.
@wavefunction91 wavefunction91 added the enhancement New feature or request label May 17, 2023
@zachcran
Copy link
Contributor

Is the idea that you would be able to enable this CMAIZE_GITHUB_USE_SSH toggle from the command line (-DCMAIZE_GITHUB_USE_SSH=ON) or the toolchain file? I like that idea, since you don't have to modify every CMakeLists.txt file to use the SSH versions of the repo URLs anymore.

It would be awesome if you would get a PR started! As for the PR, CMAIZE_GITHUB_USE_SSH and CMAIZE_GITHUB_SSH_PREFIX should be defined and documented in cmake/cmaize/globals.cmake, which is in alphabetical order aside from the two project variables that are grouped together.

@wavefunction91
Copy link
Author

CLI vs Toolchain

I would expect these to have the same behaviour

PR + globals

Sounds good, I'll do that now

@wavefunction91 wavefunction91 linked a pull request May 18, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enable default SSH access to private GitHub repositories wavefunction91/CMakePackagingProject
2 participants
@wavefunction91 @zachcran