Make private changes on Github repo before deploy? - deployment

On GitHub sadly, a private repo is for premium users, and i uploaded a repo, but it has lot of login third party, and i want to make those login information private, and i have a MongoHQ connection, and want to make the database private, to deploy it on CloudControl.
How CloudControl and Heroku work, is that by taking the file AFTER the clone on disk or the clone is only 'temporary' file, and they take the one hosted on Github?

There is no need to have any credentials in the repository. It's actually highly discouraged to do so. The recommended way is to have your code read the credentials from the environment.
Refer to the Add-on credential section in the documentation for more details: https://www.cloudcontrol.com/dev-center/Platform%20Documentation#add-on-credentials

Related

Why does GitLab need full access read and write permissions when importing a GitHub repo?

I just signed up for GitLab, after learning about this cool feature where you can import your GitHub repositories and keep the two in sync. The import feature seems simple enough, but I paused when I got to the step where I authorize GitLab to my GitHub account. Why does it need so many permissions? Some make sense to me, others not so much. Specifically:
Personal user data
Full access
This application will be able to read and write all user data. This
includes the following:
Private email addresses
Private profile information
Followers
I understand why it needs to read and write to all public and private repository data. It's moving all that data to GitLab, and it needs to write to keep it in sync. What I don't understand is why it needs write permissions to my email and profile information?
I know that GitLab is a reputable company that didn't just pop up yesterday, but I am still wary when giving full access permissions to any service. If someone could help me understand, that would be appreciated.
You have two options when migrating a repository from GitHub to GitLab. You can migrate using only the url, in which case what you’ll have on GitLab is more similar to what you’d get if you simply added an additional remote in the repo - the full repo will be there, but everything specific to GitHub - the pull requests, comments, issues, etc, as well as all users tagged or participating - will be lost.
Alternatively, you can use the GitHub importer. This option fully migrates the GitHub repo to GitLab, setting up the GitLab equivalents of GitHub features (pull requests become merge requests, etc.). And part of this involves assigning users to each comment, mention, PR, etc.
From the gitlab docs:
When issues and pull requests are being imported, the importer attempts to find their GitHub authors and assignees in the database of the GitLab instance. Pull requests are called merge requests in GitLab.
For this association to succeed, each GitHub author and assignee in the repository must meet one of the following conditions prior to the import:
Have previously logged in to a GitLab account using the GitHub icon.
Have a GitHub account with a public-facing email address that matches their GitLab account’s email address.
GitLab content imports that use GitHub accounts require that the GitHub public-facing email address is populated. This means all comments and contributions are properly mapped to the same user in GitLab. GitHub Enterprise does not require this field to be populated so you may have to add it on existing accounts.
So yes, these are required if you want the full GitHub mirror or migration. If you just want the git repo contents, use the import from url tool, and the requirements will be much less extensive.

Using github packages without personal access token?

The project I'm working on currently deploys our private node packages via github packages. Our current workflow is for each developer to create and maintain their own personal access token, and then we use a central account's PAT for automation in AWS.
I was wondering if it's possible to authenticate with github packages without the use of Actions or PAT's?
As of 2022-07-30
No, it is not possible to use github packages without a personal access token (PAT):
It is not possible to upload without a PAT (which makes sense as it prevents random people to upload binaries to your package repo);
It is not possible to download without a PAT (not even publicly available packages can be used);
As early as 2019-10-20, people have requested github to remove PATs as a requirement for mainly downloading public packages.
The idea is that users of libraries should not need to have a github account to access a developer's package.
Sadly, the request for pat-less package downloads was not granted by Github to this day.
If you want a package registry without a hassle, it might be wise to look for other registries, such as MavenCentral or JitPack (not necessarily meant for node packages),
or host a service yourself.
I even had to link a cached webpage, as the original question has been removed from Github community along with a bunch of related questions.
Another question on github, stating pat-less access to packages is still on the roadmap for "fall 2021" is here.
I could not find what the current status of this feature is.
Edit: It is possible to download binaries without a PAT for public repositories using jitpack.io. Jitpack builds the given jar/aar on their servers.
You can add jitpack as a repository to your build system, and use the jitpack-specified URL to reference releases, branches, or specific commits.
Sadly, there is no way to refer to packages (yet).
However, this system allows your users to use your code without needing PATs nor a Github account.
I'd like to offer an alternative.
You may use a Gradle plugin of mine (magik, I was exactly in your shoes) to easier the consumption of artifacts from your Github Packages for Gradle clients.
It require you to save your read-only PAT on the repo itself, so that the users don't have to deal with any authentication (apart using the plugin above mentioned)

Can a private github repo be synced with pythonaywhere

I want to sync a Django project with pythonanywhere. But the Django repo is private is it possible to do so. So, that the deployment is up to date with the repo.
Yes, it is possible. You could set ssh key-pair on your PythonAnywhere account and add it to your GitHub account. Then pull your code on the PythonAnywhere side and re-load your web app.
You could also automate the whole process. See the tutorial: https://blog.pythonanywhere.com/191/

Heroku doesn't see an repository that I don't own, but I have write access

I want to connect to GitHub using Heroku, and I want to connect to repository, which I don't own, but I have write access to.
But only my repositories are shown, and I can pick only my name!
So the question is:
Is it possible and how to connect to GitHub repository, which I don't own, but have write access to, to Heroku?
Assuming you want to enable automatic deployment, write access is not sufficient:
GitHub repo admin access is required for you to configure automatic GitHub deploys. This is because Heroku has to register a service hook on the GitHub repo, and this action requires admin access. For GitHub organisations, your GitHub account will also need to be a member of the organisation and not an outside collaborator.
So:
Do you have admin-level access to the repository?
Is this repository an organizational repository? If so, are you a member of the organization, or an outside collaborator?

Serve public executable from private GitHub repository?

I'm a contractor developing an app for a client and the code and exes are stored in a private github repository. They plan to sell the app through a WordPress-based store. I assumed or thought I read somewhere that files could be hosted on GitHub and in my tests it seemed to work – except it only worked because I was logged in to GitHub, with access to the private repo.
Is there some setting or "feature" on GitHub which will allow us to link to an exe (or zip) from another site or from a link in a "purchase confirmation" type email?
I've seen Hosting executable on github but it is quite old now and not really about private repos.
GitHub does allow you to host release assets as part of a release based on a tag, but these assets are controlled with the permissions of the repository. If the repository is public, then the release assets will also be public; if it is private, then they will also be private, with the same permissions of the repository.
If what you're trying to do is use GitHub with a custom access control system to allow only people who have purchased the software to download it, then that's not possible, and you'll need to set up your own server with the binaries. GitHub provides release assets so that folks can distribute binaries and other compiled stuff without needing to check them in, but it's not designed to be your CDN or web store.