chore: adjust ci to use license file instead of license key #445
Conversation
toph-allen
changed the title
jonkeane
left a comment
jonkeane
left a comment
There was a problem hiding this comment.
We can (and should) cleanup the RSC_LICENSE stuff a bit more here.
We can do this as a follow on, but I think there's still significant complexity still around, for example, if license files are the way then we should remove the license key portions of places like
Lines 6 to 29 in 365b2f0
I suspect untangling that + deleting the paths that would go that direction might get us to a much much simpler place (and one where we would be able to more effectively notice funky things like accidentally using one or the other more easily!). If I'm following this code through, basically we are passing around (1) the contents of the license file and (2) an env var of a file on the runner that will ultimately "just" get mounted to /var/lib/rstudio-connect/license.lic (
connectapi/inst/ci/test-connect-lic.yml
Lines 12 to 13 in 365b2f0
RSC_LICENSE(_FILE))
| env: | ||
| CONNECT_VERSION: ${{ matrix.version }} | ||
| GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} | ||
| RSC_LICENSE: ${{ secrets.RSC_LICENSE }} |
There was a problem hiding this comment.
This line could be RSC_LICENSE: /tmp/connect.lic
And then you wouldn't need to do line 58 below at all (which is extra good cause >> $GITHUB_ENV should be used sparingly). Though, if it is just hardcoded, maybe this should be hardcoded in the makefile instead?
But also, stepping back and thinking about this: should this be specified at all? Where does it get used, maybe we can get rid of it entirely?
There was a problem hiding this comment.
Another option would be to add this(hardcoded in our CI yamls) as the connect_license argument to
connectapi/.github/workflows/integration-tests.yaml
Lines 61 to 62 in 365b2f0
There was a problem hiding this comment.
Yeah, I'd like to keep the flexibility to specify a different license key path if running these functions locally. Passing it directly as an argument to connectapi:::build_test_env() is the route I went.
Yeah, you're right. The current code retains a lot of complexity by retaining the ability to use a license file or a license key. I can't think of a reason we wouldn't be able to use license files locally, so I'll go ahead and do that extra bit of cleanup now! Save our future selves the complexity. |
| This has some additional requirements. | ||
|
|
||
| - You need a valid Connect license key or file. Put the contents of the license key, or the path to the license file, in the `RSC_LICENSE` environment variable. | ||
| - You need a valid Connect license file (`.lic` file). Place it in the root of the repository as `connect-license.lic`. |
There was a problem hiding this comment.
.gitignore already covers *.lic :)
R/utils-ci.R
Outdated
| wait_for_connect_ready(hosts[1]) | ||
| wait_for_connect_ready(hosts[2]) | ||
| wait_for_connect_ready(hosts[1], container_name = "ci-connect-1") | ||
| wait_for_connect_ready(hosts[2], container_name = "ci-connect-2") |
There was a problem hiding this comment.
what if we return the name from compose_find_hosts (or a separate function) so we don't have to hard code these?
Co-authored-by: Kara Woo <[email protected]>
jonkeane
left a comment
jonkeane
left a comment
There was a problem hiding this comment.
Pulling this thread even more (sorry, this is scope creeping, but I keep wondering "but why?") Do we need to be setting RSC_LICENSE* at all (in the Makefile, but then also in utils-ci.R line 42)?
If I'm reading https://github.com/rstudio/rstudio-docker-products/blob/edd6d68702e27f1e25d9239784ea7e90142b8e63/connect/startup.sh#L31-L45 correctly (which I think is where that stuff is used), we don't need to so long as we've got a file in /var/lib/rstudio-connect/*.lic Or maybe that chmod 0600 is important for us?
| version: '2.3' | ||
| services: | ||
|
|
||
| connect: | ||
| hostname: connect | ||
| image: ghcr.io/rstudio/rstudio-connect:${CONNECT_VERSION} | ||
| scale: 2 | ||
| ports: | ||
| - 3939 | ||
| privileged: true | ||
| environment: | ||
| - RSC_LICENSE | ||
| - RSC_HASTE_ENABLED=true | ||
| platform: linux/amd64 | ||
| # if you need to customize Connect config until we have env vars | ||
| # volumes: | ||
| # - ../../tmp.gcfg:/etc/rstudio-connect/rstudio-connect.gcfg |
There was a problem hiding this comment.
I totally believe that this file is superfluous, but would you mind mentioning what it used to be / if something else superseded it?
There was a problem hiding this comment.
Oh, I think I see now, this is all the connect where it was using license keys, yeah? Do we need to remove these (and maybe other?) references from the makefile too then?
Lines 49 to 58 in 365b2f0
There was a problem hiding this comment.
Yes — this one was the "license key" compose file.
I think it's fine to keep pulling at it here. I probably just missed the Makefile instances. :) |
To my understanding, the The references in the Makefile are the superfluous ones, and I'm removing them. |
|
There seems to be a lot of cruft in the Makefile. For example, there were I'm not going to expand the scope of this PR to deal with that, but I'll file an issue to track. [edit] Tracked in #446. |
Ah, yes ok we do use that envvar to pass that around there. There are other options we could take, but those are bigger, and ...
💯 agree, let's ship this with as much cleaning as we can now and we will follow up (and we should! Soon! but not here) |
Intent
CI now uses the license file instead of a license key. It's now no longer possible to use a license key via an environment variable — pass the license file path directly to
build_test_env()instead. The license key secret has been removed from this repo.Fixes #438
Approach
utils-ci.Rto print the logs andinspectof docker containers where Connect fails to become available.utils-ci.R. Functions there now only expect license files.build_test_env().Checklist
Does this change updateNEWS.md(referencing the connected issue if necessary)?Does this change need documentation? Have you rundevtools::document()?