Thanks! I gave some comment on the merge request. Where are we with enabling Salsa CI pipeline for all Go projects by default? Given that Go packages often need new dependencies, I would suggest to add `SALSA_CI_DISABLE_APTLY: 0` so that you can easily access the Salsa-built *.deb packages for use when building other new packages that need a new version of some build dependency. /Simon Otto Kekäläinen <otto@debian.org> writes: > Hi Simon and others, > > You raised earlier a concern that using GITLAB_TOKEN directly in glab > is a security concern > as users may end up storing API keys in plain text in .bashrc files or similar. > > I just filed https://salsa.debian.org/go-team/infra/pkg-go-tools/-/merge_requests/5 > that uses the secret-tool to store and retrieve the API key from the > Gnome keyring. > > You can try this: > > sudo apt install libsecret-tools > > secret-tool lookup application glab host salsa.debian.org > # No output, only exit code 1 > > secret-tool store --label='GitLab API access token for Salsa' > application glab host salsa.debian.org > Password: glpat-1234567890 > > secret-tool lookup application glab host salsa.debian.org > glpat-1234567890 > > > I might submit this to >
Attachment:
signature.asc
Description: PGP signature