mirror of
https://code.tvl.fyi/depot.git:/tools/nixery.git
synced 2025-03-14 21:51:52 +00:00
docs: document unset GOOGLE_APPLICATION_CREDENTIALS
In case the `GOOGLE_APPLICATION_CREDENTIALS` environment variable is not set, a redirect to storage.googleapis.com is issued, which means the underlying bucket objects need to be publicly accessible. This wasn't really obvious until now, so further clarify it.
This commit is contained in:
parent
fd3dc4422f
commit
8aef070dc6
|
@ -94,6 +94,10 @@ account key, Nixery will also use this key to create [signed URLs][] for layers
|
|||
in the storage bucket. This makes it possible to serve layers from a bucket
|
||||
without having to make them publicly available.
|
||||
|
||||
In case the `GOOGLE_APPLICATION_CREDENTIALS` environment variable is not set, a
|
||||
redirect to storage.googleapis.com is issued, which means the underlying bucket
|
||||
objects need to be publicly accessible.
|
||||
|
||||
### Storage
|
||||
|
||||
Nixery supports multiple different storage backends in which its build cache and
|
||||
|
|
|
@ -222,6 +222,10 @@ func signingOptsFromEnv() (*storage.SignedURLOptions, error) {
|
|||
// Signing the URL allows unauthenticated clients to retrieve objects from the
|
||||
// bucket.
|
||||
//
|
||||
// In case signing is not configured, a redirect to storage.googleapis.com is
|
||||
// issued, which means the underlying bucket objects need to be publicly
|
||||
// accessible.
|
||||
//
|
||||
// The Docker client is known to follow redirects, but this might not be true
|
||||
// for all other registry clients.
|
||||
func (b *GCSBackend) constructLayerUrl(digest string) (string, error) {
|
||||
|
|
Loading…
Reference in New Issue
Block a user