Update docs to cover v3, Heroku, spam handling, email notifications #13
Conversation
| @@ -20,7 +20,11 @@ body { | |||
| line-height: 1; | |||
| } | |||
|
|
|||
| ol, ul { | |||
| ol { | |||
There was a problem hiding this comment.
Without this change and the above deletes in _list.scss, ordered lists wouldn't show any numbers when generated from the markdown text. Not sure if there's a better way to fix it
|
|
||
| Forms on your static site should `POST` to: | ||
|
|
||
| `{STATICMAN_BASE_URL}/v3/entry/{GIT_PROVIDER}/{GIT_PROVIDER_USERNAME}/{REPO}/{BRANCH}/{property (optional)}` |
There was a problem hiding this comment.
It is stated that Option 1. Authenticate as a GitHub application* is the recommended approach. It uses /v1 however. In that case, will user use the same format for POST, i.e., replace v3 with v1 or the URL format will also change? This needs some clarification in my humble opinion.
There was a problem hiding this comment.
Also, is the GIT_PROVIDER_USERNAME the name of the Bot? Or name of the repository owner?
There was a problem hiding this comment.
GIT_PROVIDER_USERNAME is the name of the repository owner, similar to how github links are structured.
|
|
||
| You can use the [sample config file](https://github.com/eduardoboucas/staticman/blob/master/staticman.sample.yml) as a starting point and check the [available configuration parameters](/docs/configuration) for more information. | ||
| This is the recommended way to authenticate with GitHub. This method will give the most control over what Staticman can and can't access. |
There was a problem hiding this comment.
even though this (v1) is the recommended approach, almost all the examples later on in Getting Started are based on v3, which may potentially confuse user. My suggestion: either use v3 examples and make the option 2 recommended, or continue using option 1 as recommended and give examples based on v1.
There was a problem hiding this comment.
@LordAmit To clarify this further, v3 is the current API version and is thus the recommended path to use except in the case of the webhook endpoint. It's on my plate to bring the webhook endpoint up to speed with everything else, but for now it's stuck using /v1.
Again, this is only for the webhook callback. All other API calls should be using v3 currently.
| - Pull Requests: `Read & Write` - Necessary to merge pull requests | ||
| - Subscribe to `Pull request` events | ||
| 1. Generate a private key for the app and note it down along with your app ID. | ||
| 1. Install the app on your GitHub account. You can limit its access to only the repo from which you host your static site |
There was a problem hiding this comment.
I use a setup of two repos, one that contains source and the other which contains the deployment. In this case, we are probably referring to the source version, since it will contain _data. Maybe adding a source version of static site will make it more specific.
|
|
||
| #### **Option 3. Authenticate to GitHub using a personal access token on your main account** | ||
|
|
||
| This option is not recommended as it gives Staticman direct and complete access to your primary GitHub account. Simply, create a personal access token on your primary account. |
There was a problem hiding this comment.
I think we should add more clarification here. How about,
This option is not recommended as it gives Staticman direct and complete access to your primary GitHub account. In the unfortunate incident where your Staticman instance is compromised, it will get full access to all your repositories, private and public alike as well as you account and may result in irreversible damage across repositories and possibly organizational repositories you are member of. If you still want to proceed, start by creating a personal access token on your primary account.
There was a problem hiding this comment.
maybe it is supposed to be {GIT_PROVIDER/GIT_PROVIDER_USERNAME} instead of {GIT_PROVIDER_USERNAME} ?
| @@ -63,14 +111,14 @@ | |||
| { | |||
| "doc": "RSA private key to encrypt sensitive configuration parameters with.", | |||
| "docExample": "rsaPrivateKey: \"-----BEGIN RSA PRIVATE KEY-----\\nkey\\n-----END RSA PRIVATE KEY-----\"", | |||
| "default": null, | |||
| "default": "", | |||
| "env": "RSA_PRIVATE_KEY", | |||
There was a problem hiding this comment.
For me, this is a bit confusing. User will be creating a rsaprivatekey in heroku deployment, and will provide the private key contents there. What about the RSA_PRIVATE_KEY? Where is it expected to be used?
There was a problem hiding this comment.
I'm not quite sure what you mean, but I'll try to clarify. This default empty string is just to avoid an exception. The user is still expected to supply this RSA_PRIVATE_KEY, either as an environment variable (i.e. heroku vars) or in the config json directly.
It's needed when you have encrypted secrets in the site config such as your recaptcha key.
|
Hello @alexwaibel ! Fantastic level of detail! I have added some comments based on my understanding. I hope these will be helpful for making the doc even better. Thank you so much for the effort. 😄 |
|
I wonder what is blocking the merge of this PR. An update on the official site will clear a large part of users' doubts. |
|
Thanks for the review folks. I got some free time over the holiday break to get to this finally, but quickly got busy with work afterwards |
|
Updating the webhook endpoint to v3 will hopefully clarify a lot of the confusion. hispanic made great progress on that front, but there's still some work to do wrapping up his PR. |
|
Excuse me I was so excited to see v3 gets into the docs that I forgot to proofread the info. I'm going to raise a few issues about the errors that I've found. |
| ## Step 3. Hook up your forms | ||
| 1. <a href="https://docs.github.com/en/free-pro-team@latest/developers/apps/creating-a-github-app" class="cta">Create a new GitHub application</a>. Ensure you use the following: | ||
| - Homepage: `"https://staticman.net/"` | ||
| - Webhook URL: `"{STATICMAN_BASE_URL}/v1/webhook"` - e.x. `"https://mystaticmaninstance.herokuapp.com/v1/webhook"` |
There was a problem hiding this comment.
Thank you for the much needed update to the documentations. I was hoping this would be smooth... but alas it is not to be. So I'm just going through this and it already mentions a heroku instance already set up, but there's nothing about it since this is step 1!
I'm in heroku, which I just setup, but maybe I need to setup something else in heroku as well to get this instance name. Maybe it's in the later steps, but that doesn't make sense since it would be done later, there's no reason why you would have this URL at this point.
Confused.
I threw together some updated docs:
I'd love some review on this. I'll mention the PR in some of the existing threads requesting updated docs.
I have a corresponding PR going up on Staticman repo with some Heroku app manifest changes that should make Heroku deployments more straightforward for new users as well as some GitHub dependency updates.