angular-cn/.circleci
Paul Gschwendtner d2c60cc216 ci: cache downloaded bazel version in circleci (#36098)
Similarly to what is done in `angular/components`, we should
cache the downloaded Bazel version (from `bazelisk`).

This reduces the overhead of downloading Bazel, and also avoids
the dependency on the external download server. We should avoid
external server dependencies as much as possible (see how the yarn
registry was flaky in the past).

PR Close #36098
2020-03-18 10:01:50 -07:00
..
README.md
bazel.common.rc refactor: simplify bazel saucelabs targets using karma pre-test wrapper and shared saucelabs connection between tests (#34769) 2020-01-28 13:47:00 -08:00
bazel.linux.rc ci: move setup of bazel configurations into the env init scripts (#34834) 2020-01-22 14:37:02 -05:00
bazel.windows.rc ci: always set up RBE for bazel executions on CI (#34834) 2020-01-22 14:37:02 -05:00
config.yml ci: cache downloaded bazel version in circleci (#36098) 2020-03-18 10:01:50 -07:00
env-helpers.inc.sh
env.sh build: remove legacy integration test runner (#35985) 2020-03-11 15:12:33 -07:00
gcp_token ci: update gcp_token (#31405) 2019-07-03 08:54:02 -07:00
github_token
setup_cache.sh
trigger-webhook.js
windows-env.ps1 build: depend on bazelisk rather than directly on Bazel (#36078) 2020-03-16 10:58:06 -07:00

README.md

Encryption

Based on https://github.com/circleci/encrypted-files

In the CircleCI web UI, we have a secret variable called KEY https://circleci.com/gh/angular/angular/edit#env-vars which is only exposed to non-fork builds (see "Pass secrets to builds from forked pull requests" under https://circleci.com/gh/angular/angular/edit#advanced-settings)

We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.

To create the github_token file, we take this approach:

  • Find the angular-builds:token in http://valentine
  • Go inside the CircleCI default docker image so you use the same version of openssl as we will at runtime: docker run --rm -it circleci/node:10.12
  • echo "https://[token]:@github.com" > credentials
  • openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
  • If needed, base64-encode the result so you can copy-paste it out of docker: base64 github_token