Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: Add S3 documentation #2835

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions docs/advanced/authentication.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ You can authenticate pixi with a server like prefix.dev, a private quetz instanc
Different servers use different authentication methods.
In this documentation page, we detail how you can authenticate against the different servers and where the authentication information is stored.

TODO: update --help string

```shell
Usage: pixi auth login [OPTIONS] <HOST>

Expand Down Expand Up @@ -53,6 +55,17 @@ Login to a basic HTTP secured server:
pixi auth login myserver.com --username user --password password
```

Login to an S3 bucket:

```shell
pixi auth login s3://my-bucket --access-key-id <access-key-id> --secret-access-key <secret-access-key>
# if your key uses a session token, you can also use:
pixi auth login s3://my-bucket --access-key-id <access-key-id> --secret-access-key <secret-access-key> --session-token <session-token>
```

!!!note
S3 authentication is also supported through AWS's typical `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables, see the [S3 section](../advanced/s3.md) for more details.

## Where does pixi store the authentication information?

The storage location for the authentication information is system-dependent. By default, pixi tries to use the keychain to store this sensitive information securely on your machine.
Expand Down Expand Up @@ -96,6 +109,13 @@ The JSON should follow the following format:
},
"conda.anaconda.org": {
"CondaToken": "your_token"
},
"s3://my-bucket": {
"S3Credentials": {
"access_key_id": "my-access-key-id",
"secret_access_key": "my-secret-access-key",
"session_token": null
}
}
}
```
Expand Down
47 changes: 33 additions & 14 deletions docs/advanced/github_actions.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ We created [prefix-dev/setup-pixi](https://github.com/prefix-dev/setup-pixi) to
## Usage

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
pixi-version: v0.39.4
cache: true
Expand All @@ -24,7 +24,7 @@ We created [prefix-dev/setup-pixi](https://github.com/prefix-dev/setup-pixi) to

!!!warning "Pin your action versions"
Since pixi is not yet stable, the API of this action may change between minor versions.
Please pin the versions of this action to a specific version (i.e., `prefix-dev/setup-pixi@v0.8.0`) to avoid breaking changes.
Please pin the versions of this action to a specific version (i.e., `prefix-dev/setup-pixi@v0.8.2`) to avoid breaking changes.
You can automatically update the version of this action by using [Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot).

Put the following in your `.github/dependabot.yml` file to enable Dependabot for your GitHub Actions:
Expand Down Expand Up @@ -66,7 +66,7 @@ You can specify the behavior by setting the `cache` input argument.
This can be done by setting the `cache-write` argument.

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
cache: true
cache-write: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
Expand Down Expand Up @@ -111,7 +111,7 @@ test:
environment: [py311, py312]
steps:
- uses: actions/checkout@v4
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
environments: ${{ matrix.environment }}
```
Expand All @@ -121,7 +121,7 @@ test:
The following example will install both the `py311` and the `py312` environment on the runner.

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
environments: >- # (1)!
py311
Expand All @@ -147,6 +147,7 @@ There are currently three ways to authenticate with pixi:
- using a token
- using a username and password
- using a conda-token
- using an S3 key pair

For more information, see [Authentication](./authentication.md).

Expand All @@ -161,7 +162,7 @@ Specify the token using the `auth-token` input argument.
This form of authentication (bearer token in the request headers) is mainly used at [prefix.dev](https://prefix.dev).

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
auth-host: prefix.dev
auth-token: ${{ secrets.PREFIX_DEV_TOKEN }}
Expand All @@ -173,7 +174,7 @@ Specify the username and password using the `auth-username` and `auth-password`
This form of authentication (HTTP Basic Auth) is used in some enterprise environments with [artifactory](https://jfrog.com/artifactory) for example.

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
auth-host: custom-artifactory.com
auth-username: ${{ secrets.PIXI_USERNAME }}
Expand All @@ -186,14 +187,32 @@ Specify the conda-token using the `conda-token` input argument.
This form of authentication (token is encoded in URL: `https://my-quetz-instance.com/t/<token>/get/custom-channel`) is used at [anaconda.org](https://anaconda.org) or with [quetz instances](https://github.com/mamba-org/quetz).

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
auth-host: anaconda.org # (1)!
conda-token: ${{ secrets.CONDA_TOKEN }}
```

1. or my-quetz-instance.com

#### S3

Specify the S3 key pair using the `auth-access-key-id` and `auth-secret-access-key` input arguments.
You can also specify the session token using the `auth-session-token` input argument.

```yaml
- uses: prefix-dev/setup-pixi@v0.8.2
with:
auth-host: s3://my-s3-bucket
access-key-id: ${{ secrets.ACCESS_KEY_ID }}
secret-access-key: ${{ secrets.SECRET_ACCESS_KEY }}
session-token: ${{ secrets.SESSION_TOKEN }} # (1)!
```

1. only needed if your key uses a session token

See the [S3 section](../advanced/s3.md) for more information about S3 authentication.

### Custom shell wrapper

`setup-pixi` allows you to run command inside of the pixi environment by specifying a custom shell wrapper with `shell: pixi run bash -e {0}`.
Expand Down Expand Up @@ -265,15 +284,15 @@ To this end, `setup-pixi` adds all environment variables set when executing `pix
As a result, all installed binaries can be accessed without having to call `pixi run`.

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
activate-environment: true
```

If you are installing multiple environments, you will need to specify the name of the environment that you want to be activated.

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
environments: >-
py311
Expand All @@ -290,7 +309,7 @@ You can specify whether `setup-pixi` should run `pixi install --frozen` or `pixi
See the [official documentation](https://prefix.dev/docs/pixi/cli#install) for more information about the `--frozen` and `--locked` flags.

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
locked: true
# or
Expand Down Expand Up @@ -320,7 +339,7 @@ The second type is the debug logging of the pixi executable.
This can be specified by setting the `log-level` input.

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
log-level: vvv # (1)!
```
Expand All @@ -347,7 +366,7 @@ If nothing is specified, `post-cleanup` will default to `true`.
On self-hosted runners, you also might want to alter the default pixi install location to a temporary location. You can use `pixi-bin-path: ${{ runner.temp }}/bin/pixi` to do this.

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
post-cleanup: true
pixi-bin-path: ${{ runner.temp }}/bin/pixi # (1)!
Expand All @@ -363,7 +382,7 @@ You can also use a preinstalled local version of pixi on the runner by not setti
This can be overwritten by setting the `manifest-path` input argument.

```yaml
- uses: prefix-dev/setup-pixi@v0.8.0
- uses: prefix-dev/setup-pixi@v0.8.2
with:
manifest-path: pyproject.toml
```
Expand Down
Loading
Loading