🥳 cloud.jolin.io - A new Pluto deployment, integrated with GitHub

schlichtanders · July 13, 2023, 8:20am

NEW - Jolin Cloud

Pluto.jl for your company

Dear Julia and Pluto enthusiasts,

I am very happy to announce Jolin Cloud.

you can start right away - it is hosted at cloud.jolin.io

Awesome Extras on top of normal Pluto.jl:

build self-updating notebooks for real-time streaming analysis
integrated with GitHub for version control and dev → test →prod automation
easily authenticate at AWS, Azure, Google Cloud, or HashiCorp Vault (using tokens)

Jolin Cloud is in alpha phase. Please write me an email if you have any questions.

best,
Stephan Sahm
Founder of jolin.io

gvdr · July 13, 2023, 9:15am

Very nice!

gdalle · July 13, 2023, 10:44am

Sounds cool, but I’m a bit surprised by the level of access I need to give Jolin in order to subscribe

schlichtanders · July 13, 2023, 2:20pm

Thank you for the reply.
TLDR: Access to private/public repos is crucial for cloud.jolin.io to provide its services. If you don’t want cloud.jolin.io to see your existing repos, you can create a new github user.

How Jolin Cloud requests github rights

cloud.jolin.io currently requests github access tokens with the following scopes:

“user repo”

Looking into it, I just changed this to

“read:user user:email repo”

Github docs don’t show any useful subscopes for the “repo” scope for Jolin Cloud. Hence this needs to stay.

The changes are already live:

Of course, your credentials are 100% secured from other users access, and I myself and also others working on Jolin Cloud will never use your credentials. They are only used in automated ways for the features of Jolin Cloud.
Also note that you can always reject the permissions for the github access token later on.

gdalle · July 13, 2023, 2:37pm

But why would Jolin require write access to all my repos? I mean, I wouldn’t give that to anyone
Can’t it be on a case-by-case basis?

schlichtanders · July 13, 2023, 2:42pm

Please take a look at the mentioned Github docs. Github oauth tokens do not offer this possibility. Restricting access is really best done via the creation of a respective new user.

bilderbuchi · July 13, 2023, 5:28pm

Note that it is against Github TOS to have more than one free (non-bot) account, so this might be relevant if you are currently using a free account.

schlichtanders · July 13, 2023, 5:44pm

Researching more about alternative options, JolinCloud may migrate from being an OAuth app to a Github App in the future. That would offer more fine grained permissions, but the transition is not straight forward, as different APIs are supported by each system, and the documentation misses some parts which are crucial for cloud.jolin.io (hence needs testing, and maybe contact to GitHub itself).

I put it onto the internal development board as a feature request. Thank you @gdalle for bringing this up.

gdalle · July 13, 2023, 5:56pm

Right, I was asking because I had the experience of apps like codecov.io, to which I give repo-specific read-only permissions. Based on your follow up, it seems codecov might be a GitHub app instead of an OAuth app, which would explain the difference (I wasn’t familiar with the specifics).

I don’t know if I’m alone in this, but creating a new user might be enough of a hurdle to discourage me from using Jolin in the first place… I love Pluto, and I have no doubt that Jolin is an awesome product, I’m just very lazy

I appreciate you taking the time!

cpfiffer · July 13, 2023, 6:13pm

This is cool! Appreciate you putting out out there.

schlichtanders · July 24, 2023, 8:52pm

I am very glad to announce that JolinCloud now runs as a Github App (instead of OAuth app, which it was before).

This allows for much better permission control