repo: Add README #13
repo: Add README #13
Conversation
README.md
Outdated
| This repository contains source for the authentication CLI that manages | ||
| credentials for EngFlow clusters. |
There was a problem hiding this comment.
Rephrase to emphasize the problem this solves for user:
| This repository contains source for the authentication CLI that manages | |
| credentials for EngFlow clusters. | |
| This repository provides `engflow_auth`, a [Bazel credential helper](https://blog.engflow.com/2023/10/20/secure-builds-with-credential-helpers/) that helps you automatically obtain and securely store EngFlow authentication tokens. |
README.md
Outdated
|
|
||
| ## Reporting Issues | ||
|
|
||
| To report bugs/vulnerabilities on `engflow_auth`, please send an email to |
There was a problem hiding this comment.
For normal bugs and feature requests, I think it's easiest to use GitHub issues.
For security vulnerability reports, [email protected] is a good idea. That should be used when the issue shouldn't be disclosed to the open internet until it's fixed.
There was a problem hiding this comment.
For normal bugs and feature requests, I think it's easiest to use GitHub issues.
We have issues disabled on this repo (I guess I was wrong about issues being coupled with pull requests!) and I think that's the right choice - issues invite a sense of urgency/SLA that we may not be ready for.
For features/bugs, I don't mind going through DSE's so that the rest of the org is aware, and priority is assigned correctly. Though - it may be beneficial to have some line of communication as a "fast path" for quicker turnaround, or to hear feedback from people who may not be customers
There was a problem hiding this comment.
Either way is fine I think. We do have a well-established support channel for the platform, and we can use that for the CLI.
Mainly I think it's important to distinguish security vulnerability reports that need to be kept secret from everything else.
There was a problem hiding this comment.
I think it's important here to distinguish two separate channels. [email protected] is only for vulnerability reports that need to be handled discreetly. All other bugs and feature requests should go through DSE.
In our public documentation, we do have https://docs.engflow.com/support/index.html to explain our support channels (though it appears that page could use some clean up).
There was a problem hiding this comment.
Ok - I think all the reports will end up in the non-urgent category, so I linked deeper to https://docs.engflow.com/support/get-day-to-day-support.howto.html - PTAL
README.md
Outdated
|
|
||
| ## Building | ||
|
|
||
| The CLI can be built via either the Golang toolchain or Bazel; released binaries |
There was a problem hiding this comment.
I apologize, I'm give the most pedantic of nits here.
Use "Go" as the name of the language. "Golang" is not an official name and shouldn't be used in a formal context like documentation. https://go.dev/doc/faq#go_or_golang
| The CLI can be built via either the Golang toolchain or Bazel; released binaries | |
| The CLI can be built via either the Go toolchain or Bazel; released binaries |
README.md
Outdated
| Since we have no CLA set up for `engflow_auth`, we are not accepting pull | ||
| requests from external contributors at this time. |
There was a problem hiding this comment.
| Since we have no CLA set up for `engflow_auth`, we are not accepting pull | |
| requests from external contributors at this time. | |
| We are not accepting pull requests from external contributors at this time. |
Let's omit the rationale here. We could set up a CLA if we wanted to, but most changes here also require a change to a proprietary server-side component, so we want to decide and coordinate those changes ourselves.
There was a problem hiding this comment.
Made the rationale a bit more vague - no rationale sounds a bit standoffish to me, which I'd like to avoid
minor-fixes
force-pushed
the
scott/CUS-360
branch
from
d9f93b6
to
59d0ce3
Compare
README.md
Outdated
| instance: | ||
|
|
||
| ``` | ||
| build:example --credential_helper=example.cluster.engflow.com=/path/to/engflow_auth |
There was a problem hiding this comment.
Use engflow as the config name rather than example, following https://docs.engflow.com/re/client/bazel-first-time.html#4-set-up-bazelrc. The user needs a bunch of other flags like --remote_executor, and we use engflow as the configuration name in those instructions.
README.md
Outdated
|
|
||
| ### Use | ||
|
|
||
| 1. Each day, run `engflow_auth login [CLUSTER URL]` each day to obtain an auth |
There was a problem hiding this comment.
This feels a little awkward as a list with only one step. Maybe make "click the URL" a second step, or just format as a paragraph.
Also "each day" is here twice in the same sentence. Drop at least one.
README.md
Outdated
|
|
||
| ## Reporting Issues | ||
|
|
||
| To report bugs/vulnerabilities on `engflow_auth`, please send an email to |
There was a problem hiding this comment.
I think it's important here to distinguish two separate channels. [email protected] is only for vulnerability reports that need to be handled discreetly. All other bugs and feature requests should go through DSE.
In our public documentation, we do have https://docs.engflow.com/support/index.html to explain our support channels (though it appears that page could use some clean up).
minor-fixes
force-pushed
the
scott/CUS-360
branch
from
59d0ce3
to
3d5fd80
Compare
|
Still needs resolution, looks good otherwise.
|
This change adds the beginning of a README, which covers basic topics such as: * how to build * how to report vulnerabilities * how to contribute Tested: N/A Bug: linear/CUS-360
minor-fixes
force-pushed
the
scott/CUS-360
branch
from
3d5fd80
to
e7f021c
Compare
This change adds the beginning of a README, which covers basic topics such as:
Tested: N/A
Bug: linear/CUS-360