Conversation
Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
✅ Deploy Preview for ornate-narwhal-088216 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>
matthewhelmke
left a comment
matthewhelmke
left a comment
There was a problem hiding this comment.
I did not test the new code, but it passes a sanity check. It should work. If you trust the source and/or have tested it yourself, I think this LGTM.
| in the [access documentation](/chainguard/libraries/access/#pull-token). | ||
|
|
||
| For npm, pnpm, and Yarn, registry credentials must be supplied via their own | ||
| configuration systems (for example, `.npmrc` or .`yarnrc.yml`). The `.netrc` |
There was a problem hiding this comment.
Why are we saying that .netrc is not supported here .. its not necessary to say that .. we never imply anywhere that it is supported and there are many others ways that are also not supported.
There was a problem hiding this comment.
I made this update in response to some internal confusion around this process. I removed this direct callout
There was a problem hiding this comment.
If there is still confusion we could maybe consider reordering those sections for each tool and basically documenting the minimal example first (which uses direct access) and then expand towards repo manager and so on. It might be a good time to think this through now while you are working towards doing the same minimal examples for Java and Python build tools.
In all cases though you have to keep in mind that the language ecosystem is just the umbrella.. really you have to document the approach for each tool since they all behave differently.
Happy to chat on a call any time as well btw @s-stumbo
| sections](#minimal-example-project) on this page for per-tool authentication | ||
| setup. | ||
|
|
||
| The fastest way to get credentials and configure your project in one step is |
There was a problem hiding this comment.
Why duplicate this here and not just refer to the minimal example?
|
|
||
| The fastest way to get credentials and configure your project in one step is | ||
| with chainctl: | ||
| ```bash |
There was a problem hiding this comment.
Also keep in mind that this all is for direct access only .. which we still consider not as good as using a repo manager .. so it should not be as prominent
| The fastest way to get credentials and configure your project in one step is | ||
| with chainctl: | ||
| ```bash | ||
| eval $(chainctl auth pull-token --output env --repository=javascript --parent=<your-org>) |
There was a problem hiding this comment.
This only works for npm .. so it should not be documented here in the generic section
There was a problem hiding this comment.
oops, updated the existing command in the npm section. The internal feedback was that the command needed auth pull-token --output env to work
There was a problem hiding this comment.
This is documented in the access site and its not really recommended to run the eval all the time .. that way you get a new token all the time .. its better to create a .env file once and then just source that .. I can show you more
3 participants
[ ] Check if this is a typo or other quick fix and ignore the rest :)
Type of change
Clarify existing content around direct access for JS
What should this PR do?
chainctl auth pull-token --output envas path for direct npm accessWhy are we making this change?
What are the acceptance criteria?
How should this PR be tested?
Follow the docs to test out setting up Chainguard repo for JS