Warn when using secrets without --trusted

[helenlyang]

Summary

This updates the CLI to print a warning if a Truss has secrets defined in its config but is pushed without --trusted.

Testing

truss push

Commands below were for pushing a Truss with a dummy secret in config.yaml:

secrets:
  dummy_access_token: null

Without --trusted: poetry run truss push

With --trusted: poetry run truss push --trusted
Output:

Compressing... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
Uploading... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
✨ Model test-model was successfully pushed ✨

|---------------------------------------------------------------------------------------|
| Your model has been deployed as a draft. Draft models allow you to                    |
| iterate quickly during the deployment process.                                        |
|                                                                                       |
| When you are ready to publish your deployed model as a new version,                   |
| pass `--publish` to the `truss push` command. To monitor changes to your model and    |
| rapidly iterate, run the `truss watch` command.                                       |
|                                                                                       |
|---------------------------------------------------------------------------------------|

🪵  View logs for your deployment at https://app.baseten.co/models/7wl16p0q/versions/qrjrg13/logs

[linear]

BT-8704 Add warning when using secrets without trusted

The trusted flag in truss push is not super discoverable. If you have a Truss with secrets in it, we should:

• Add a warning if you haven't used the --trusted flag
• Update the missing secrets exceptions in Truss to verify with the user that they used the --trusted flag

Some additional context

What is the --trusted flag?

When deploying a model with Baseten, there's often a need to have secrets. Check out the baseten guide on how to use Secrets: https://docs.baseten.co/observability/secrets

https://truss.baseten.co/guides/secrets

Code Pointers

The change to make here is in the Truss CLI (See Repo: https://github.com/basetenlabs/truss). This file is the entrypoint to the CLI: https://github.com/basetenlabs/truss/blob/main/truss/cli/cli.py

how to print a warning: https://github.com/basetenlabs/truss/pull/717/files

The easiest path to developing in this repo is to use Github Codespaces.

[helenlyang]

Feedback on messaging, formatting, etc. welcome!

I could also stack this PR on top of #717 and use console.print(not_trusted_text, style=yellow).

[squidarth]

I just merged #717, so you can merge master and use the colors

One other thought here, how does this look if we put it after the "Model was successfully pushed" copy? I worry that it gets lost if it's above the big block of development model text

[helenlyang]

Done, I think both changes help!

[squidarth]

lgtm, awesome work @helenlyang! one small note, from the screenshot, the yellow might be a little subtle, it might be better as red.

another non-blocking this is that it might be good to pull the check into a config_warnings function that we could add more warnings too, but I think it's ok to run without that

[helenlyang]

Thanks @squidarth! Made the readability changes and updated the screenshot. I added a TODO for the config_warnings item--think it might make sense to add that once we have multiple config checks

[squidarth]

TODO for the config_warnings item--think it might make sense to add that once we have multiple config checks

agreed