-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat!: update to work with w3up api #89
Conversation
Rebuild of the github action to work with the new w3up web3.storage api. [`w3cli`](https://github.com/web3-storage/w3cli) does everything we need to upload files to web3.storage, so this action now provides a thin wrapper around that cli in the form of a composite action. Auth is based on UCANs now. Use w3cli to create a signing key for this action to use, and create a ucan that delegates upload abilities to that key. - input: `web3_token` has been removed, as token based auth as been removed. - set `secret_key` to a base64 encoded siging key you create via `w3 key create`. - set `proof` to the a base64 CAR encoded UCAN delegating capabilities to the secret_key's DID. - input: `wrap_with_directory` has been removed. w3cli does not wrap directories in directories by default now. Only single files get wrapped to preserve their filename. - set `no_wrap: 'true'` to disable the wrapping of single files. - input: `web3_api` has been removed. Targeting other services is not currently supported. Open an issue if you need that. License: MIT Signed-off-by: Oli Evans <[email protected]>
action.yml
Outdated
- id: get_cid | ||
run: echo "::set-output name=cid::$(jq --exit-status --raw-output '.root."/"' ./w3_up_output.json)" | ||
shell: bash | ||
|
||
- id: get_url | ||
run: echo "::set-output name=url::https://${{ steps.get_cid.outputs.cid }}.ipfs.w3s.link" | ||
shell: bash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
deprecation warning
Warning: The
set-output
command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
License: MIT Signed-off-by: Oli Evans <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! 🎉 small nits in review comments
web3_api: 'https://api-staging.web3.storage' | ||
web3_token: ${{ secrets.WEB3_STORAGE_TOKEN }} | ||
proof: ${{ secrets.W3_PROOF }} | ||
secret_key: ${{ secrets.W3_PRINCIPAL }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: consider using same names here instead of secret key and principal?
README.md
Outdated
|
||
If you do want to capture the `path_to_add` path itself in the IPFS DAG then you want to set `wrap_with_directory:true`. | ||
Create using `w3 delegation create --base64` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we mention in the docs that delegation can be narrowed to a set of capabilities and they should make it only for their needs pointing to the docs https://github.com/web3-storage/w3cli?tab=readme-ov-file#w3-delegation-create-audience-did ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah it is good practice for us to recommend restricting caps.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It may even be a good idea to change this to use limited capability set because this action only uploads no need to give the read access to it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, I have left some feedback for your considerations.
README.md
Outdated
|
||
If you do want to capture the `path_to_add` path itself in the IPFS DAG then you want to set `wrap_with_directory:true`. | ||
Create using `w3 delegation create --base64` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah it is good practice for us to recommend restricting caps.
Co-authored-by: Alan Shaw <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❤️
README.md
Outdated
|
||
If you do want to capture the `path_to_add` path itself in the IPFS DAG then you want to set `wrap_with_directory:true`. | ||
Create using `w3 delegation create --base64` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It may even be a good idea to change this to use limited capability set because this action only uploads no need to give the read access to it.
README.md
Outdated
|
||
Useful for testing against staging deployments by setting to the api origin of your choice. | ||
Advanced: if `path_to_add` points to a file it will be wrapped in a directory to preserve the filename. To disable that set no_wrap: "true". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: I find no_wrap
bit confusing, was wondering maybe it would be better to just make things more explicit by replacing path_to_add
with dir_to_add
and file_to_add
where later could have wrap_file
option.
License: MIT Signed-off-by: Oli Evans <[email protected]>
License: MIT Signed-off-by: Oli Evans <[email protected]>
License: MIT Signed-off-by: Oli Evans <[email protected]>
License: MIT Signed-off-by: Oli Evans <[email protected]>
License: MIT Signed-off-by: Oli Evans <[email protected]>
License: MIT Signed-off-by: Oli Evans <[email protected]>
License: MIT Signed-off-by: Oli Evans <[email protected]>
License: MIT Signed-off-by: Oli Evans <[email protected]>
License: MIT Signed-off-by: Oli Evans <[email protected]>
Rewrite of the add-to-web3 github action to work with the new w3up web3.storage api.
w3cli
does everything we need to upload files to web3.storage, so this action now provides a very thin wrapper around that cli in the form of a composite action.Breaking changes
Auth is based on UCANs now. Use w3cli to create a signing key for this action to use, and create a ucan that delegates upload abilities to that key.
web3_token
has been removed, as token based auth as been removed.secret_key
to a base64 encoded siging key you create viaw3 key create
.proof
to the a base64 CAR encoded UCAN delegating capabilities to the secret_key's DID.wrap_with_directory
has been removed. w3cli does not wrap directories in directories by default now. Only single files get wrapped to preserve their filename.wrap: false
to disable the wrapping of single files.web3_api
has been removed. Targeting other services is not currently supported. Open an issue if you need that.include_hidden
has been renamed tohidden
to match the w3cli flag nameFixes #87
Needs storacha/w3cli#158
License: MIT