-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Repair demo console and challenge pages #590
Conversation
With rawgit gone, what's the best way to turn this into a live web page? |
I’ve set up an account for Agoric on Vercel, which I’ve enjoyed as a Github pages alternative in general. Vercel sets itself up for continuous deployment, so every PR would have a link to the demo as deployed off the PR branch that we could use for manual and automated validation. I’ve kicked off the process. |
Why does it need "write access to administration, ..." ? I am reluctant to grant that if there is another way. |
I don’t know but it seems like an overreach. There is a separate permission
for repository hooks, but perhaps they need something more. I can send a
question up their support channel.
…On Sun, Feb 28, 2021 at 6:18 PM Mark S. Miller ***@***.***> wrote:
With rawgit gone, what's the best way to turn this into a live web page?
I’ve set up an account for Agoric on Vercel, which I’ve enjoyed as a
Github pages alternative in general. Vercel sets itself up for continuous
deployment, so every PR would have a link to the demo as deployed off the
PR branch that we could use for manual and automated validation.
https://vercel.com/agoric
I’ve kicked off the process.
Why does it need "write access to administration, ..." ? I am reluctant to
grant that if there is another way.
[image: Screen Shot 2021-02-28 at 6 08 33 PM]
<https://user-images.githubusercontent.com/273868/109444028-11582280-79f1-11eb-897b-28b9c18f642f.png>
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub
<#590 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAOXBSJALSW2YNGLNAWMUDTBL2O3ANCNFSM4YKWAU2A>
.
|
Please do. What are other good options? |
From the support documentation,
[image: image.png]
I have followed up with a support ticket (#88382) to ask whether they can
relax this constraint on our behalf.
I assume that we can still use Github Pages, which deploys a branch of the
repository as a static site. Github Pages are different than Raw Github, I
believe. I don’t know whether @warner has a reason to rule that out, though.
I’ve also used Amazon S3 directly, which requires some tooling and
credential management. We should probably be using something like Last
Pass or Dashlane for that in any case, if we’re not already.
Other than that, I have no ready research on deployment alternatives. These
are the ones I’ve used and among them Vercel is the most useful and
easiest. Apart from that, I’ve heard Heroku still exists.
…On Sun, Feb 28, 2021 at 6:42 PM Mark S. Miller ***@***.***> wrote:
Please do. What are other good options?
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub
<#590 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAOXBSRTS5OBTENL6IOILTTBL5IPANCNFSM4YKWAU2A>
.
|
I'm not quite sure what we're trying to do, but if it's to have a static web site that gets updated on push, I've had good luck with netlify. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I haven't studied the security properties of the challenge code before this change, I would be an expensive reviewer.
I see #203 in the icebox, so I'm going to leave this to others to review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Yeah, this is a lot simpler now that we can just provide/withhold the real Date
as an endowment.
For the deployment question.. hm. GitHub Pages could work, but would require some changes. You only get one Pages site per repo, and it kinda wants to live in the top of the repository, so we'd have to move this demo out of In the intersection between the tools that have been proposed, and the ones I have used, I think Heroku may be the easiest. We'd need a few files at the directory root that know where the HTML lives, and we'd need some sort of deployment script to auto-push to Heroku every time we push to trunk here. I don't have a lot of cycles to build that right now, though, so if someone else does (or if someone else knows some different tool well enough to implement it in their sleep), I'm not wedded to the Heroku option. |
netlify took a couple minutes to set up: https://eager-turing-52622a.netlify.app/demos/console/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one case of baby vs. bathwater. Otherwise LGTM.
https://eager-turing-52622a.netlify.app/demos/ is now on this branch, sort of temporarily. But it should pick up changes to master going forward, and we should get previews of all PRs going forward. Obviously, if we like this service, we'll want a nicer domain name. I can change to *.netlify.app for the price of one form submit, or we can add a custom domain. |
Netlify looks good to me! Let’s carve out a domain. |
The old demo console and challenge pages were nice simple demonstrations of using SES in a browser. The challenge page in particular was rhetorically powerful to explain how ocaps can help defend against side channels. It is pleasing how little needed to change to update this to work in modern SES.
Fixes #203
Will help diagnose #525