Creating script without parent u/username/scriptname - What does this means ?
I created two workspaces manually on self-hosted windmill webapp.
In workspace1 , I added a script and a flow
In cli , I pulled that workspace 1, So locally I have the script and flow
Now I copied this to another local directory (say new directory)
I added workspace 2 to cli
In this new directory, I ran
wmill sync push --skip-pull
so it applied the flow and script changes to workspace 2 . I confirmed in the hosted webapp too.
But in cli after push command, I got the message as in title.
So what does without parent means ?
Thanks in advance!12 Replies
We have our own lineage in windmill because scripts are immutable and don't overwrite each other.. This just mean the script has no parent, he is the root of his own lineage.
It does not indicate any issue, it means then , correct ?
correct
thanks!
I actually needed this because our use case was , developers will write the scripts/flows on one workspace
and then we will copy the files to another prod git branch
and from that branch push to prod workspace directly
in this way secrets of prod workspace, developers cannot see. they can only see their workspaces's secrets which are of non-prod environment
yes, we actually want to write a guide on how to do this
note that there will be an incoming improvement of the CLI where variables and secrets can be made workspace specific in the same layout
<variable>.<workspace>.variable.yaml
will be only pushed to the given workspace
Currently also, variables and secrets are workspace specific only, right ?
Workspace-1 users cannot access secrets of Workspace-2
users can only access items of workspaces they are in
additionally secrets are encrypted with a workspace specific key
okay then what does this means
let me tell my usecase
Developers create a secret secret-1 in their workspace with value secret-value1, along with flows and scripts
They pull it locally and commit to their branch say development
Then we will merge it to prod branch
and push to prod workspace, everything secrets, flows, scripts
just I want secret-1 value to be different in prod workspace say secret-value-2
how to do this ?
And this should not cause issue (overwrite secret value of prod with development) in next development iteration (next push to prod workspace)
so a few things to note
secrets are workspace specific encrypted
(unless you pull with a specific option)
so having access to the variable file is not sufficient to decrypt it
current variables on github are as follows:
<x>.variable.yaml
where x is the path of the variable
we will add
<x>.<workspace>.variable.yaml that when present will be ignored except when the command is to pull and push from that specific workspace
which mean you will be able to co-locate <x>.prod.variable and <x>.staging.variable in the same repo
that's all
workspace-1 git branch wil contain all flows, variables of workspace-1 . whatever the value of variable
We merge this branch with workspace-2 git branch
Now this branch has same flows, variables with some value (we dont care same as ws-1 branch or different, not bothered how it will be decrypted and final value will be what)
Now we push from workspace-2 git branch to workspace-2
Variable and flow are created on workspace-2
Variable will have some value (ignore what value)
Now we will manually change variable value on hosted webapp (step ###)
iteraction-1 over
========
iteration-2 started
flow updated in workspace-1 git branch and workspace-1
we merged this branch to workspace-2 git branch
Now workspace-2 git branch WILL HAVE SAME VALUE of variable as in workspace-1 branch
Now if we push to workspace-2 (USING
skip-pull because we dont want to fetch updated variable value of workspace-2 in its git branch), variable value should not affected in workspace-2 (it will retain its updated value of step ###)
i assume you are assuming same folder state (in git words, same branch)
If branches are different for workspaces, <x>.prod.variable and <x>.staging.variable co-location will not happen at same time.
as each one will be present in its branch and NOT together
If you switch to prod branch, you will see prod variable
if you switch to staging branch, you will see staging branch
so in short, if branches are different, even this would work just that when merging staging branch to prod branch, staging branch variable of same name should not update value of prod branch of same name
(this is possible currently using --skip-pull but only disadvantage is skip-pull applies to all)
There can be option to use it only for one type i.e. variables
I tried this flow , just now, after step ### near before iteration-1 over
When in workspace-2, I tap on Load secret value, i get Internal Block Error which might be due to different encryption key of this workspace
I think I found the way to solve for our use case 🥳 🥳
Just add **/*variable.yaml to .wmillignore
It will neither pull/push from/to any of workspace
Variable addition will be done manually on both the workspaces directly
I did a small demo, it worked for me
Any issue you see in this @rubenf for future ?No issues, that's one way to do it, happy to see creative ways of using the tool 🙂
👍