1.7 KiB
1.7 KiB
VM Setup - Set up secrets
Overview
Necessary secrets:
-
GITHUB_TOKEN
- Used for:
- Retrieving open PRs without rate-limiting.
- Retrieving PR author.
- Retrieving members of the trusted GitHub teams.
- Posting comments with preview links on PRs.
- Used for:
-
PREVIEW_DEPLOYMENT_TOKEN
- Used for:
- Decoding the JWT tokens received with
/create-build
requests.
- Decoding the JWT tokens received with
- Used for:
Note:
TEST_GITHUB_TOKEN
and TEST_PREVIEW_DEPLOYMENT_TOKEN
can also be created similar to their
non-TEST counterparts and they will be loaded when running aio-verify-setup
, but it is currently
not clear if/how they can be used in tests.
Create secrets
-
GITHUB_TOKEN
- Visit https://github.com/settings/tokens.
- Generate new token with the
public_repo
scope.
-
PREVIEW_DEPLOYMENT_TOKEN
- Just generate a hard-to-guess character sequence.
- Add it to
.travis.yml
underaddons -> jwt -> secure
. Can be added automatically with:travis encrypt --add addons.jwt PREVIEW_DEPLOYMENT_TOKEN=<access-key>
Note:
Due to travis-ci/travis-ci#7223 it is not
currently possible to use the JWT addon (as described above) for anything other than the
SAUCE_ACCESS_KEY
variable. You can get creative, though...
WARNING
TO avoid arbitrary uploads, make sure the PREVIEW_DEPLOYMENT_TOKEN
is NOT printed in the Travis log.
Save secrets on the VM
sudo mkdir /aio-secrets
sudo touch /aio-secrets/GITHUB_TOKEN
- Insert
<github-token>
into/aio-secrets/GITHUB_TOKEN
. sudo touch /aio-secrets/PREVIEW_DEPLOYMENT_TOKEN
- Insert
<access-token>
into/aio-secrets/PREVIEW_DEPLOYMENT_TOKEN
. sudo chmod 400 /aio-secrets/*