On 4 April 2016 at 12:54, Sam Ruby <[email protected]> wrote: > On Fri, Apr 1, 2016 at 9:21 AM, sebb <[email protected]> wrote: >> On 1 April 2016 at 14:10, Sam Ruby <[email protected]> wrote: >>> On Fri, Apr 1, 2016 at 9:02 AM, sebb <[email protected]> wrote: >>>> On 1 April 2016 at 13:48, Sam Ruby <[email protected]> wrote: >> >> I meant that the function would do a git pull or whatever it is that >> the scheduled service does anyway. >> I did not mean that the function would be able to add arbitrary code. >> The code would still have to be committed to the git repo first. >> >> The auth would only be needed to prevent it being done unnecessarily. > > I'll look into this. > > As of a few hours ago gitpubsub was enabled for git-dual repositories, > including whimsy. > > It does mean that we would have another process that would need to be > monitored, but that's no problem. > > That process would need to be able to update code, install gems, and > touch files in the docroot. I'd like to do what I should have done > from the beginning: create a local role account do to these updates.
Why not just use the _www account? That's what is done on projects.a.o. The account does not need auth to do a pull from the main git repo, but it does need to create files which are readable by the _www id, and directories which are writable. So if we use something other than _www, care will need to be taken to ensure that the writable permissions are not affected. > - Sam Ruby
