strider-cd / core Goto Github PK
View Code? Open in Web Editor NEWStrider Core
License: BSD 3-Clause "New" or "Revised" License
Strider Core
License: BSD 3-Clause "New" or "Revised" License
Core can send arbitrary (shell) commands to drones. Thus, it is very important to have a
well-designed security concept in place.
Therefore, I'd like to ask all of you:
How do you think security should be handled for:
For people who haven't looked into the source code of core, drone and client yet, the communication
between those entities follows this pattern:
A drone polls core for new jobs via a HTTP GET request and communicates any generated output via primus (a web socket) to core. Client queries core via a REST API and displays information about jobs (current status, results, output etc.). Additionally it is planed that client gets live updates
from drones (trough core) via primus (job output / status etc.).
My random thoughts on securing all of this:
Currently there is a github endpoint, but really it should be api/v1/projects/<projectId>/webhook/github
This will then trigger any environments that respond to the type of webhook triggered.
I've started using standard which is a full package with no options. It is pretty standard, except for the possible use of no semicolons. The reason I chose this is so we can just start working, and so that we can have people contributing without wondering what standard to follow. There are less reasons not to use semicolons then there are to use them. See the link above, and let me know if this sounds acceptable.
The alternative would be to adopt an existing ESLint config (and maybe tweak).
We should really have a code of conduct to make open source contributions more accessible. I really recommend http://todogroup.org/opencodeofconduct
HTTP with streams?
HTTP long-poll?
RabbitMQ?
etc..
This is regarding core<->drone
... it mentions missing semicolons, es6 features, etc.
Picking up from Strider-CD/strider#667
Thin API that communicates with drones and supports plugins. No UI in core, since it can be implemented as a plugin.
Lay-down a basic design and non-negotiables that should be in core.
I'm just wondering if Core really needs providers e.g. Github, Bitbucket, etc, since the work will be done by the drones, core only handles the webhooks to trigger drones.
What would be the benefit of providers on core?
Running npm test
, I get several failed tests (e.g. "โ Drone has a token" as the first one because the drone doesn't have an authorization header).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.