- From: Denis Ah-Kang <denis@w3.org>
- Date: Fri, 22 Jan 2021 15:20:53 +0400
- To: Spec-prod <spec-prod@w3.org>, "Tab Atkins Jr." <jackalmage@gmail.com>, sidvishnoi8@gmail.com
- Cc: Philippe Le Hegaret <plh@w3.org>
Hi all, As you might already know, Echidna currently supports 2 ways of submitting documents: 1/ URL or manifest [1] that requires the URL of the document/manifest and a token (provided by a W3C team contact) 2/ tar file [2] submitted by POST with your W3C credentials While the second method can be useful if your document isn't accessible on the web, e.g. bikeshed produces snapshots locally, it cannot be safely integrated in a continuous integration workflow, simply because you want to keep your W3C credentials private. To solve that issue, we decided to allow the use of tokens for both methods but *only* for requests coming from travis-ci and GitHub actions [3], to limit potential token leaks. I'm expecting to deploy that change on *Feb 1, 2021*. This means if you want to manually trigger a request to echidna, you will have to submit your document using the tar method and your W3C credentials. [1] will no longer work outside travis-ci or GitHub actions. Of course, if you need help switching methods, you can email me or ping me on irc (#pub). Also, if your repository is already configured with Travis as described in the wiki [4], then you don't have to do anything. Let me know if you have any concern or if something isn't clear. Denis [1] https://github.com/w3c/echidna/wiki/How-to-use-Echidna#url-or-manifest [2] https://github.com/w3c/echidna/wiki/How-to-use-Echidna#tar-file [3] https://github.com/w3c/echidna/issues/492 [4] https://github.com/w3c/echidna/wiki/Setting-up-Echidna-as-a-GitHub-hook
Received on Friday, 22 January 2021 11:21:02 UTC