honeymoose/angular-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
angular-cn/.circleci
History
Paul Gschwendtner 4adf95ed6f ci: publish snapshots job is unable to decode github token (#31099) 
The publish_snapshots job is currently not able to decode the Github
token because the openssl version changed. This is because the default
digest for more recent openssl version has been updated and the github
token file has been encrypted with an old digest. We need to ensure
that the md5 digest is used for decryption as that matches the
digest used for encryption.

PR Close #31099
2019-06-17 13:56:12 -07:00
..
bazel.rc
build: fix bazel repositories not cached on circleci (#28515)
2019-02-05 13:06:24 -05:00
config.yml
ci: publish snapshots job is unable to decode github token (#31099)
2019-06-17 13:56:12 -07:00
env-helpers.inc.sh
ci(docs-infra): use the tests from the stable branch in aio_monitoring_stable CircleCI job (#30110)
2019-04-26 16:33:45 -07:00
env.sh
ci: update nodejs version to v10.16.0 (#31088)
2019-06-17 13:07:27 -07:00
gcp_token
build(bazel): Run build-packages-dist on RBE (#25237)
2018-08-20 16:34:45 -07:00
get-commit-range.js
docs: minor fix in get-commit-range.js docs (#31049)
2019-06-14 10:41:43 -07:00
github_token
ci: re-encrypt .circleci/github_token (#26698)
2018-10-23 13:31:48 -07:00
README.md
build: use bazel version from node modules (#26691)
2018-10-30 16:19:13 -04:00
setup_cache.sh
Revert "build: update to newer circleCI bazel remote cache proxy (#25054)" (#25076)
2018-07-24 16:05:58 -07:00
trigger-webhook.js
ci(docs-infra): manually trigger the preview server webhook (#27458)
2018-12-04 13:59:54 -08:00

README.md

Encryption

Based on https://github.com/circleci/encrypted-files

In the CircleCI web UI, we have a secret variable called KEY https://circleci.com/gh/angular/angular/edit#env-vars which is only exposed to non-fork builds (see "Pass secrets to builds from forked pull requests" under https://circleci.com/gh/angular/angular/edit#advanced-settings)

We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.

To create the github_token file, we take this approach:

  • Find the angular-builds:token in http://valentine
  • Go inside the CircleCI default docker image so you use the same version of openssl as we will at runtime: docker run --rm -it circleci/node:10.12
  • echo "https://[token]:@github.com" > credentials
  • openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
  • If needed, base64-encode the result so you can copy-paste it out of docker: base64 github_token