Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CI focused content to api key docs #1196

Merged
merged 1 commit into from
Jul 25, 2024
Merged

Add CI focused content to api key docs #1196

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/astro.config.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ export default defineConfig({
link: "/nativelink-cloud/pants/",
},
{
label: "API Keys in Production",
label: "API Keys in CI",
link: "/nativelink-cloud/api-key/",
},
],
Expand Down
52 changes: 49 additions & 3 deletions docs/src/content/docs/nativelink-cloud/api-key.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,46 @@
---
title: "API Keys in Production"
description: "How to use NativeLink Cloud API keys in production"
title: "API Keys in CI"
description: "How to use NativeLink Cloud API keys in CI"
pagefind: true
---

## GitHub Actions

### Add NativeLink Cloud to a GitHub Actions Workflow

To run NativeLink cloud in your workflow, you will need to create a YAML in
your `.github/workflows` folder with the following added to your `jobs` section:


```yaml
jobs:
build-test:
runs-on: ubuntu-22.04
environment: production
steps:
- name: Checkout
uses: >- # v4.1.1
actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Setup Bazelisk
uses: >- # v0.8.1
bazel-contrib/setup-bazel@b388b84bb637e50cdae241d0f255670d4bd79f29
with:
bazelisk-cache: true
- name: Run Bazel tests
shell: bash
run: |
bazel test \
--remote_cache=${{ vars.NATIVELINK_COM_REMOTE_CACHE_URL }} \
--remote_header=${{ secrets.NATIVELINK_COM_API_HEADER }} \
--bes_backend=${{ vars.NATIVELINK_COM_BES_URL }} \
--bes_header=${{ secrets.NATIVELINK_COM_API_HEADER }} \
--bes_results_url=${{ vars.NATIVELINK_COM_BES_RESULTS_URL }} \
--remote_header=x-nativelink-project=nativelink-ci \
//...
```

### Configure Secrets in your GitHub Repository

GitHub Repository Secrets is the recommended way
to store your NativeLink Cloud API keys
for use with GitHub Actions.
Expand All @@ -16,7 +52,6 @@ They can be access via the secrets context i.e.
${{ secrets.YourSecretKeyName }}
```

### Read Only keys
:::note
If your repository uses forks for pull requests (PRs), note that the secrets
context isn't accessible from PRs originating from forks. To address this,
Expand All @@ -26,13 +61,24 @@ we introduced Read-Only keys.
Read-Only keys can be used for PRs and stored in the vars context. For
merge-to-main actions, use a Read/Write key stored in the secrets context.

## Read Only keys

For Read Only API Keys you need to set these two flags:

```bash
--nogenerate_json_trace_profile
--remote_upload_local_results=false
```

## BEP Disabled Keys

For keys where BEP is disabled, remove the following flags from your Config:

```bash
build --bes_backend=YOUR_BEP_URL
build --bes_header=x-nativelink-api-key=YOUR_KEY
```

## Third-Party Secrets Management
If you need info on setting up API keys for different CI environments, ask in
the [Slack channel](https://nativelink.slack.com/join/shared_invite/zt-281qk1ho0-krT7HfTUIYfQMdwflRuq7A#/shared-invite/email)
Expand Down