honeymoose
/
angular-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
angular-cn/.circleci
History
George Kalpakas b5eda603a2 ci: work around `CIRCLE_COMPARE_URL` not being available wih CircleCI Pipelines (#32537) 
The commit range that is associated with a CI build is used for a couple
of things (mostly related to payload-size tracking):
- Determine whether a size change was caused by application code or
  dependencies (or both).
- Add the messages of the commits associated with the build (and thus
  the payload-size change).

NOTE: The commit range is only used on push builds.

Previously, the commit range was computed based on the
`CIRCLE_COMPARE_URL` environment variable. With [CircleCI Pipelines][1]
enabled, `CIRCLE_COMPARE_URL` is no longer available and the commit
range cannot be reliably detected.

This commit switches `CI_COMMIT_RANGE` to only include the last commit.
This can be less accurate in some rare cases, but is true in the
majority of cases (on push builds). Additionally, it stores the CircleCI
build URL in the database along with the payload data, so the relevant
info can be retrieved when needed.

[1]: https://circleci.com/docs/2.0/build-processing

PR Close #32537
 		2019-09-09 12:21:44 -04:00
..
README.md build: use bazel version from node modules (#26691) 2018-10-30 16:19:13 -04:00
bazel.common.rc ci: use circleci windows preview (#31266) 2019-08-19 13:32:14 -07:00
bazel.linux.rc ci: use circleci windows preview (#31266) 2019-08-19 13:32:14 -07:00
bazel.windows.rc ci: use circleci windows preview (#31266) 2019-08-19 13:32:14 -07:00
config.yml ci: re-run flaky docs examples e2e tests in `test_docs_examples[_ivy]` jobs (#32497) 2019-09-05 18:10:31 -04:00
env-helpers.inc.sh ci(docs-infra): use the tests from the stable branch in `aio_monitoring_stable` CircleCI job (#30110) 2019-04-26 16:33:45 -07:00
env.sh ci: work around `CIRCLE_COMPARE_URL` not being available wih CircleCI Pipelines (#32537) 2019-09-09 12:21:44 -04:00
gcp_token ci: update gcp_token (#31405) 2019-07-03 08:54:02 -07:00
get-commit-range.js ci: work around `CIRCLE_COMPARE_URL` not being available wih CircleCI Pipelines (#32537) 2019-09-09 12:21:44 -04:00
github_token ci: re-encrypt .circleci/github_token (#26698) 2018-10-23 13:31:48 -07:00
setup-rbe.sh test(ivy): update Material to recent commit from master branch (#31569) 2019-07-25 13:08:33 -07:00
setup_cache.sh Revert "build: update to newer circleCI bazel remote cache proxy (#25054)" (#25076) 2018-07-24 16:05:58 -07:00
trigger-webhook.js ci(docs-infra): manually trigger the preview server webhook (#27458) 2018-12-04 13:59:54 -08:00
windows-env.ps1 ci: use circleci windows preview (#31266) 2019-08-19 13:32:14 -07:00

README.md

Encryption

Based on https://github.com/circleci/encrypted-files

In the CircleCI web UI, we have a secret variable called KEY https://circleci.com/gh/angular/angular/edit#env-vars which is only exposed to non-fork builds (see "Pass secrets to builds from forked pull requests" under https://circleci.com/gh/angular/angular/edit#advanced-settings)

We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.

To create the github_token file, we take this approach:

  • Find the angular-builds:token in http://valentine
  • Go inside the CircleCI default docker image so you use the same version of openssl as we will at runtime: docker run --rm -it circleci/node:10.12
  • echo "https://[token]:@github.com" > credentials
  • openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
  • If needed, base64-encode the result so you can copy-paste it out of docker: base64 github_token