Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat!: update to work with w3up api #89

Merged
merged 13 commits into from
Jan 17, 2024
Merged

feat!: update to work with w3up api #89

merged 13 commits into from
Jan 17, 2024

Conversation

olizilla
Copy link
Contributor

@olizilla olizilla commented Jan 16, 2024

Rewrite of the add-to-web3 github action to work with the new w3up web3.storage api.

w3cli does everything we need to upload files to web3.storage, so this action now provides a very thin wrapper around that cli in the form of a composite action.

Breaking changes

Auth is based on UCANs now. Use w3cli to create a signing key for this action to use, and create a ucan that delegates upload abilities to that key.

  • input: web3_token has been removed, as token based auth as been removed.
    • set secret_key to a base64 encoded siging key you create via w3 key create.
    • set proof to the a base64 CAR encoded UCAN delegating capabilities to the secret_key's DID.
  • input: wrap_with_directory has been removed. w3cli does not wrap directories in directories by default now. Only single files get wrapped to preserve their filename.
    • set wrap: false to disable the wrapping of single files.
  • input: web3_api has been removed. Targeting other services is not currently supported. Open an issue if you need that.
  • input: include_hidden has been renamed to hidden to match the w3cli flag name

Fixes #87

Needs storacha/w3cli#158

License: MIT

Rebuild of the github action to work with the new w3up web3.storage api.

[`w3cli`](https://github.com/web3-storage/w3cli) does everything we need to upload files to web3.storage, so this action now provides a thin wrapper around that cli in the form of a composite action.

Auth is based on UCANs now. Use w3cli to create a signing key for this action to use, and create a ucan that delegates upload abilities to that key.

- input: `web3_token` has been removed, as token based auth as been removed.
  - set `secret_key` to a base64 encoded siging key you create via `w3 key create`.
  - set `proof` to the a base64 CAR encoded UCAN delegating capabilities to the secret_key's DID.
- input: `wrap_with_directory` has been removed. w3cli does not wrap directories in directories by default now. Only single files get wrapped to preserve their filename.
  - set `no_wrap: 'true'` to disable the wrapping of single files.
- input: `web3_api` has been removed. Targeting other services is not currently supported. Open an issue if you need that.

License: MIT
Signed-off-by: Oli Evans <[email protected]>
action.yml Outdated
Comment on lines 62 to 68
- id: get_cid
run: echo "::set-output name=cid::$(jq --exit-status --raw-output '.root."/"' ./w3_up_output.json)"
shell: bash

- id: get_url
run: echo "::set-output name=url::https://${{ steps.get_cid.outputs.cid }}.ipfs.w3s.link"
shell: bash
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deprecation warning

Warning: The set-output command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Copy link
Contributor

@vasco-santos vasco-santos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🎉 small nits in review comments

web3_api: 'https://api-staging.web3.storage'
web3_token: ${{ secrets.WEB3_STORAGE_TOKEN }}
proof: ${{ secrets.W3_PROOF }}
secret_key: ${{ secrets.W3_PRINCIPAL }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: consider using same names here instead of secret key and principal?

README.md Outdated

If you do want to capture the `path_to_add` path itself in the IPFS DAG then you want to set `wrap_with_directory:true`.
Create using `w3 delegation create --base64`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we mention in the docs that delegation can be narrowed to a set of capabilities and they should make it only for their needs pointing to the docs https://github.com/web3-storage/w3cli?tab=readme-ov-file#w3-delegation-create-audience-did ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah it is good practice for us to recommend restricting caps.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may even be a good idea to change this to use limited capability set because this action only uploads no need to give the read access to it.

Copy link
Member

@alanshaw alanshaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I have left some feedback for your considerations.

README.md Outdated Show resolved Hide resolved
action.yml Outdated Show resolved Hide resolved
action.yml Outdated Show resolved Hide resolved
README.md Outdated

If you do want to capture the `path_to_add` path itself in the IPFS DAG then you want to set `wrap_with_directory:true`.
Create using `w3 delegation create --base64`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah it is good practice for us to recommend restricting caps.

README.md Outdated Show resolved Hide resolved
Copy link

@Gozala Gozala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

README.md Outdated

If you do want to capture the `path_to_add` path itself in the IPFS DAG then you want to set `wrap_with_directory:true`.
Create using `w3 delegation create --base64`
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may even be a good idea to change this to use limited capability set because this action only uploads no need to give the read access to it.

README.md Outdated

Useful for testing against staging deployments by setting to the api origin of your choice.
Advanced: if `path_to_add` points to a file it will be wrapped in a directory to preserve the filename. To disable that set no_wrap: "true".
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I find no_wrap bit confusing, was wondering maybe it would be better to just make things more explicit by replacing path_to_add with dir_to_add and file_to_add where later could have wrap_file option.

@gobengo gobengo mentioned this pull request Jan 16, 2024
License: MIT
Signed-off-by: Oli Evans <[email protected]>
License: MIT
Signed-off-by: Oli Evans <[email protected]>
License: MIT
Signed-off-by: Oli Evans <[email protected]>
License: MIT
Signed-off-by: Oli Evans <[email protected]>
License: MIT
Signed-off-by: Oli Evans <[email protected]>
License: MIT
Signed-off-by: Oli Evans <[email protected]>
License: MIT
Signed-off-by: Oli Evans <[email protected]>
@olizilla olizilla merged commit 6b67289 into main Jan 17, 2024
1 check passed
@olizilla olizilla deleted the v3 branch January 17, 2024 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Upgrade to work with w3up
4 participants