Skip to content
/ artifact-upload-handler Public

⛔️ [DEPRECATED] A secure webserver to handle uploading conda build artifacts to a specified conda channel.

License

BSD-3-Clause license
0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SciTools-incubator/artifact-upload-handler

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

handler

handler

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

artifact-upload-handler

A secure webserver to handle uploading CI conda build artifacts to a specified conda channel.

To use, simply clone this repo and run the Python webserver, observing the Usage and Requirements instructions below.

Usage

usage: artifact_upload_handler.py [-h] -d WRITE_DIR -p PORT -e CONDA_EXE -c
                                  CERTFILE -k KEYFILE -t TOKEN_HASH

optional arguments:
  -h, --help            show this help message and exit
  -d WRITE_DIR, --write_dir WRITE_DIR
                        directory to write artifacts to
  -p PORT, --port PORT  webserver port number
  -e CONDA_EXE, --conda_exe CONDA_EXE
                        full path to conda executable
  -c CERTFILE, --certfile CERTFILE
                        full path to certificate file for SSL
  -k KEYFILE, --keyfile KEYFILE
                        full path to keyfile for SSL
  -t TOKEN_HASH, --token_hash TOKEN_HASH
                        hash of secure token

Usage Example

For example, to start a secure webserver running on port 9999 that will write linux-64 packages to the (imaginary) conda channel at /path/to/conda/channel:

$ python artifact_upload_handler.py -d /path/to/conda/channel/linux-64 \
                                    -p 9999 \
                                    -e /path/to/env/bin/conda \
                                    -c /path/to/mycertfile.crt \
                                    -k /path/to/mykeyfile.key \
                                    -t eccd989b

To test the webserver:

import requests

artifacts = [open('my-artifact1-1.0.0-2.tar.bz2', 'rb'),
             open('my-artifact2-3.4.2-0.tar.bz2', 'rb'),
             open('my-artifact3-0.9.1-0.tar.bz2', 'rb'),
            ]
url = 'https://localhost:9999/'
token = 'mysecuretoken'

for artifact in artifacts:
    requests.post(url, data={'token': token}, files={'artifact': artifact},
                  verify=False)

The webserver handles one artifact per POST request, which is replicated here by the loop over the sample artifacts. The dictionary key names 'token' and 'artifact' in the request must be observed. These keys are expected by the webserver when handling the request.

Note that in order to prevent unauthorised uploads to the channel, the request must be accompanied by a secure token that, when salted and hashed, matches the salted and hashed token specified when the webserver is set up (see Usage above). An expected use-case of this server is to handle build artifacts produced from CI. In such a use-case, this secure token would be defined in the CI pipeline and is passed in unhashed form. We rely on the secured nature of the server to prevent the unhashed token being revealed.

Requirements

Requires tornado and hmac v2.7.7+.

About

⛔️ [DEPRECATED] A secure webserver to handle uploading conda build artifacts to a specified conda channel.

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages