Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GOOGLE_APPLICATION_CREDENTIALS is not documented and not Docker friendly #3427

Open
flodolo opened this issue Oct 24, 2024 · 5 comments
Open
Labels
P3 Default, possibly shipping in the following two quarters task

Comments

@flodolo
Copy link
Collaborator

flodolo commented Oct 24, 2024

Looks like Pontoon is set up in Heroku with a GOOGLE_CREDENTIALS setting that is unused.

I had to look into the code to find GOOGLE_APPLICATION_CREDENTIALS, which was introduced in #2873 but not documented.
This is supposed to point to a local JSON file, which makes its use in Docker very complicated, as such file is removed every time the container is rebuilt. Not completely sure how that works on Heroku.

@github-project-automation github-project-automation bot moved this to 🆕 Needs triage in Pontoon Roadmap Oct 24, 2024
@flodolo flodolo changed the title GOOGLE_APPLICATION_CREDENTIALS is not documented and not docker friendly GOOGLE_APPLICATION_CREDENTIALS is not documented and not Docker friendly Oct 24, 2024
@flodolo
Copy link
Collaborator Author

flodolo commented Oct 25, 2024

I can't find any code or pull request that used GOOGLE_CREDENTIALS. Is it there just to store that info?

@mathjazz mathjazz moved this from 🆕 Needs triage to 🔖 Ready in Pontoon Roadmap Oct 25, 2024
@mathjazz mathjazz added task P3 Default, possibly shipping in the following two quarters labels Oct 25, 2024
@mathjazz
Copy link
Collaborator

We use https://github.com/gerynugrh/heroku-google-application-credentials-buildpack, which requires these variables. It is indeed not documented.

@flodolo
Copy link
Collaborator Author

flodolo commented Oct 25, 2024

Should we have a special hidden file that is copied over like the .env file?

@flodolo
Copy link
Collaborator Author

flodolo commented Nov 4, 2024

BTW, not sure how reliable this is

for env in $(grep -r 'os.environ.get("' pontoon --include="*.py" | sed -n 's/.*os.environ.get("\([^"]*\)".*/\1/p' | sort | uniq); do
  if ! grep -qr "$env" --include="*.rst" .; then
    echo "$env"
  fi
done

Some of these seem unrelated, but others should probably be documented

ADMIN_PASSWORD
DJANGO_LOG_LEVEL
DJANGO_SQL_LOG
GITHUB_CLIENT_ID
GITHUB_SECRET_KEY
GITLAB_CLIENT_ID
GITLAB_SECRET_KEY
GITLAB_URL
GOOGLE_APPLICATION_CREDENTIALS
GOOGLE_AUTOML_WARMUP_INTERVAL
GOOGLE_CLIENT_ID
GOOGLE_SECRET_KEY
HEROKU_DEMO
KEYCLOAK_CLIENT_ID
KEYCLOAK_CLIENT_SECRET
KEYCLOAK_REALM
KEYCLOAK_URL
RAYGUN_APIKEY
SENDGRID_USERNAME
SESSION_COOKIE_HTTPONLY
STATIC_ROOT
SYSTRAN_TRANSLATE_PROFILE_OWNER
SYSTRAN_TRANSLATE_SERVER
TERSER_BINARY
YUGLIFY_BINARY

@mathjazz
Copy link
Collaborator

mathjazz commented Nov 5, 2024

I'd only take care of documenting GOOGLE_APPLICATION_CREDENTIALS & Co. in this issue, and then work on #2234, #2386 and possibly file more related bugs as needed.

I'm not very opinionated on handling the file referenced by GOOGLE_APPLICATION_CREDENTIALS, because it's used rarely locally.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
P3 Default, possibly shipping in the following two quarters task
Projects
Status: 🔖 Ready
Development

No branches or pull requests

2 participants