Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improvement: Moving secrets from USER_SETTINGS.cpp to platformio config #662

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

No-Signal
Copy link

What

This PR moves user secrets from USER_SETTINGS.cpp & USER_SETTINGS.h into a platformio config file USER_SECRETS.ini

Why

This change makes it less likely that secrets are accidentally exposed by users committing them and makes it easier to maintain these secrets during development

How

  • USER_SECRETS.ini is included as additional platformio configuration in platformio.ini
  • A template file USER_SECRETS_TEMPLATE.ini is copied to USER_SECRETS.ini if it does not exist and acts as a base configuration file
  • USER_SECRETS.ini has been added to .gitignore to ensure it is not accidentally tracked

@obbardc
Copy link
Contributor

obbardc commented Dec 8, 2024

I'm in favour of this !

@dalathegreat
Copy link
Owner

Nice improvement! Does it work good for Arduino IDE users also?

@beadon
Copy link
Contributor

beadon commented Dec 10, 2024

I also like this approach. Testing ..

@No-Signal
Copy link
Author

A different approach would be required to support Arduino IDE users which would require a one time manual action which I avoided with Platformio.

The best option I can see to support both Arduino IDE and Platformio is to create a USER_SECRETS_TEMPLATE.h file that users would need to copy to USER_SECRETS.h once manually. USER_SECRETS.h would be added to .gitignore to avoid accidental commits.

@dalathegreat
Copy link
Owner

Yeah well 99% of users are Arduino IDE users, so I guess we would need to cater to those 😅

@No-Signal No-Signal force-pushed the feature/user_secrets branch from f02bb31 to 3126607 Compare December 19, 2024 19:38
@No-Signal
Copy link
Author

I have updated the method to support both Arduino & VSCode users, it does require the manual step of copying the template file which I have added to the readme

@No-Signal No-Signal force-pushed the feature/user_secrets branch from 3126607 to 100ba0d Compare December 19, 2024 20:33
@dalathegreat
Copy link
Owner

Doing this change will be a kind of "breaking" change that will require a new Youtube video to be put up. Otherwise my email will explode 😅

But I like the change!

@No-Signal
Copy link
Author

For such a small code change the impact is significant. If there are other settings to move now is the time to do it

@lenvm
Copy link
Collaborator

lenvm commented Dec 20, 2024

@No-Signal, you should be able to add and commit the file USER_SECRETS.h in one commit, and only add this file to .gitignore in the next commit. That removes the need for all users to do the copy from USER_SECRETS.template.h to USER_SECRETS.h.

@No-Signal
Copy link
Author

@lenvm my understanding is that once a file is being tracked in git adding it to .gitignore won't stop it tracking future changes

@lenvm
Copy link
Collaborator

lenvm commented Dec 20, 2024

@No-Signal, this can be solved.

Please do the following on your branch:

  • comment USER_SECRETS.h in .gitignore
  • git add .gitignore; git commit -m "comment USER_SECRETS.h in .gitignore"
  • git mv Software/USER_SECRETS.TEMPLATE.h Software/USER_SECRETS.h
  • git commit -m "rename USER_SECRETS.TEMPLATE.h to USER_SECRETS.h
  • uncomment USER_SECRETS.h in .gitignore
  • git add .gitignore; git commit -m "uncomment USER_SECRETS.h in .gitignore"

@No-Signal
Copy link
Author

@lenvm if I follow your steps then all subsequent changes to USER_SECRETS.h are tracked by git which is what I'm attempting to avoid with this PR

@lenvm
Copy link
Collaborator

lenvm commented Dec 20, 2024

Git shouldn’t be tracking those changes after the last commit, where you add it to .gitignore.

Please ensure to run the following command.

git rm --cached USER_SECRETS.h

This I did not include in the steps above, but seems necessary if you are the one that created the file that you want to commit, and later not track anymore.

Try it out for yourself to confirm!

@No-Signal
Copy link
Author

@lenvm my understanding is that everyone that pulls the code would need to run the git rm command for this approach to work

@lenvm
Copy link
Collaborator

lenvm commented Dec 20, 2024

Let’s try it out and see!

Even if that would be the case, it would be less intrusive than a breaking change for every user of the code, especially those that just download and compile and never plan to do any coding.

@No-Signal
Copy link
Author

I have pushed my test feature branch up so you can test https://github.com/No-Signal/Battery-Emulator/tree/feature/user_secrets2

This solution is certainly easier for people to get up and running and was the initial method I tried before testing platformio then the template approach

The downside is it makes it much easier for people to accidentally commit secrets which is why most projects I have seen use a template file instead

@lenvm
Copy link
Collaborator

lenvm commented Dec 21, 2024

I have checked cloned your repository, and you are right.

Conclusions:

  • Directly after checking out the repository, the change made to USER_SECRETS.h are indeed tracked by git.
  • The changes are not tracked once you run the command git rm --cached Software/USER_SECRETS.h. Running this command leaves you with a changes to be committed: deleted:.
  • As per this GitHub Gist, and "example" file (i.e. template) is the way to go, like you mentioned. If we go this route, we should add the copy step to the GitHub Actions as well (cp Software/USER_SECRETS.template.h Software/USER_SECRETS.h), to make sure the workflows don't fail.

@@ -92,7 +92,6 @@

/* MQTT options */
// #define MQTT // Enable this line to enable MQTT
#define MQTT_SERVER "192.168.xxx.yyy"
#define MQTT_PORT 1883
Copy link
Collaborator

@lenvm lenvm Dec 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps also include MQTT_PORT in USER_SECRETS.h.

@No-Signal No-Signal force-pushed the feature/user_secrets branch from c5db54b to 4f53a3b Compare December 21, 2024 11:13
@No-Signal No-Signal force-pushed the feature/user_secrets branch from af715bc to b4474e5 Compare December 22, 2024 11:34
@lenvm
Copy link
Collaborator

lenvm commented Dec 22, 2024

@dalathegreat, what do you say? Shall we merge this?

The change is a real improvement, but does still impact your YouTube video :)

Copy link
Owner

@dalathegreat dalathegreat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍 Let's merge this since we are indeed releasing a major update :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants