doc changes for Github Artifacts #593
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
✅ Deploy Preview for docs-rapids-ai ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
The Limitations section on this page has a few S3 references that should be updated as well.
There was a problem hiding this comment.
The references in that section primarily refer to downloads. Considering we didn't switch over downloads just yet, I did not change those sections of the documentation. Let me know if you want me to preemptively change them.
There was a problem hiding this comment.
I think you can preemptively make those changes. I assume we won't merge any of these doc updates until after all of the repository PRs are completely merged.
Co-authored-by: AJ Schmidt <[email protected]>
Co-authored-by: AJ Schmidt <[email protected]>
Co-authored-by: AJ Schmidt <[email protected]>
Co-authored-by: AJ Schmidt <[email protected]>
Co-authored-by: AJ Schmidt <[email protected]>
Co-authored-by: AJ Schmidt <[email protected]>
resources/reproducing-ci.md
Outdated
| --volume $PWD:/repo \ | ||
| --workdir /repo \ | ||
| rapidsai/ci-conda:cuda11.8.0-ubuntu22.04-py3.10 | ||
| ``` | ||
|
|
||
| Note: The `--env GITHUB_TOKEN=$(gh auth token)` flag is required to authenticate with GitHub for accessing artifacts. This token is automatically generated from your GitHub CLI authentication and passed to the container. Make sure you have the GitHub CLI (`gh`) installed and authenticated on your host machine. |
There was a problem hiding this comment.
What if I'm working on a remote machine where gh isn't installed? Can I pass a custom GH token? What permissions do I need at a minimum to prevent the need for a token with too broad scope (and thus reduce security concerns)? Could we document that?
There was a problem hiding this comment.
I'll get all of this into docs in the replacement PR (#601), but to answer here:
What if I'm working on a remote machine where gh isn't installed?
The CI images come with the gh CLI installed already and the relevant gha-tools tools will now prompt you to login interactively if it looks like you haven't authenticated with GitHub.
That interactive auth will last for as long as the container stays up, and won't leave any credentials behind on the system you ran docker run from.
Can I pass a custom GH token? What permissions do I need at a minimum to prevent the need for a token with too broad scope (and thus reduce security concerns)?
Yes, you can provide a GitHub personal access token in the GH_TOKEN environment variable for any processes using the gh CLI to pull these artifacts.
It only needs the repo scope (see "How I tested this" in the description of rapidsai/gha-tools#172)
Could we document that?
Yes, I'll explain these topics in #601
Pin cuml-cpu drop notice (rapidsai#597)
VenkateshJaya
changed the title
There was a problem hiding this comment.
@ajschmidt8 I see you have some comments about when this is appropriate to merge. Everything looks fine to me. Please merge when you are ready.
|
I'm putting this back into draft. I'd like to resolve the open questions around auth (maybe accompanied by changes like rapidsai/gha-tools#168 or similar) before merging. I am working on this right now. |
|
Could someone with write access here (@bdice ?) please close this? I'd like to continue this work in a separate PR: #601 Why a new PR?
|
|
Closing as requested. |
|
Thank you! I do now have write access here, shouldn't have to bug you for that again 😅 |
Build artifacts across CI workflows on RAPIDS are now available through Github Artifacts. These docs changes provide information for developers and maintainers on how to download and use these artifacts directly from Github without needing any VPN access like with
downloads.rapids.ai