[Python-Dev] Get a running instance of the doc for a PR.
On 04. 11. 18 16:49, Stephane Wirtel wrote:
> On 11/04, Serhiy Storchaka wrote:
>> 04.11.18 17:00, Julien Palard via Python-Dev ????:
>>> Considering feedback from Ned, what about building this as an
>>> independent service? We don't really need to interface with
>>> python.org at all, we just need some hardware, a domain, some code to
>>> interface with github API and... to start it's probably enough? It
>>> would be a usefull POC.
>> This will just move risks to this service.
>> Ned mentioned potential abuse. We will host unchecked content.
>> Malicious user can create a PR which replaces Python documentation
>> with malicious content.
> The content will be generated by the build/html directory from Travis.
> If Travis is green we upload the doc, if Travis is red, we do not
> publish it. If there is an abuse, we close/drop the PR, maybe Bedevere
> can receive this notification via the webhooks and notify the server to
> remove the doc.
>> The Doc/ directory includes Python scripts and Makefile which are used
>> for building documentation. Malicious user can use this for executing
>> arbitrary code on our server.
> Currently, we use Travis. The malicious code will be execute in the
> container of Travis, not on the server. We only copy the static files
> and if we use nginx/apache, we don't execute the .py files. Just serve
> the .html,.css,.js files
Yet you need to let Travis CI know how to upload the results (HTML
files) somewhere. That usually involves some kind of credentials.
You can secretly tell Travis the credentials, however somebody would be
able to modify the Makefile (or anything else) to send the credentials
to their webservice/e-mail/whatever.
That is in fact not possible, for exactly this reason: Travis CI builds
from PRs don't see the "secret" stuff.