too much data exposed here #70
Comments
|
I guess there's a desire to have a single place to run the grader against multiple assignments, however it seems like the sensitive data associated with the assignments should be in private repos. I wonder if there's some way we can set up travis to pull in the specs for the individual assignments from the private repos without compromising them ... |
|
the travis build sequence is fully customizable - the travis build environment provides full shell access where you can run any shell commend - to accomplish what you are suggesting is just a matter of adding a wget line to the .travis.yml to get any external resources - with the container based build environment they can even be cached |
|
right @bill-auger but if that is a private repo that needs authorization, then that auth has to go in .travis.yml or similar and then others can access the private repo no? |
|
not neccessarily - you can define serect ENV vars in the travis web interface - this is where API keys and such typically go travis will define these in the setup phase and the build log will show something like this: you simply reference them in the repo .travis.yml like: |
|
oh right - thanks @bill-auger - that could be the solution ... |
|
and as i mentioned - entire directories can be cached when using the container-based environment - so if these do not change often you could upload them anywhere temporarily and have the build download them once and cache them - i have not used the container-based environment tho so ymmv - i read about it in the travis docs |
|
I don't think we need to cache entire directories as such - just a key that allows Travis (but not anyone else) access to the necessary directories should sort this issue. And in fact it presents the possibility of a completely different grader architecture where students submit their code via pull requests - hmm - although that still exposes their actual code, which is not quite what Armando wants. What we need is a setup so students can see each others code, but only after they've submitted their own - like codewars has. I think to really learn from looking at other solutions you have to try to solve a problem yourself. However being prevented from looking at other solutions after you have developed your own is actually a barrier to learning ... |
|
if we had some kind of private repo for submissions, that you could send PRs to but couldn't see the actual repo (and other PRs) until you had submitted your own ... I wonder if the github hub tool could be retrofitted to support that ... and everyone would get full access to all the PRs once they submitted their first (and their grade would be based on that ...) |
@zhangaaron @armandofox - we should probably review how much of the assignment solutions are being exposed here:
https://github.com/saasbook/rag/tree/master/features/support
The text was updated successfully, but these errors were encountered: