angular-cn/.circleci
Joey Perrott f40d51733a fix(dev-infra): use commit message validation from @angular/dev-infra-private (#36172)
Prior to this change we manage a local version of commit message validation
in addition to the commit message validation tool contained in the ng-dev
tooling.  By adding the ability to validate a range of commit messages
together, the remaining piece of commit message validation that is in the
local version is replicated.

We use both commands provided by the `ng-dev commit-message` tooling:
- pre-commit-validate: Set to automatically run on an git hook to validate
    commits as they are created locally.
- validate-range: Run by CI for every PR, testing that all of the commits
    added by the PR are valid when considered together.  Ensuring that all
    fixups are matched to another commit in the change.

PR Close #36172
2020-04-06 09:28:52 -07:00
..
README.md build: use bazel version from node modules (#26691) 2018-10-30 16:19:13 -04:00
bazel.common.rc refactor: simplify bazel saucelabs targets using karma pre-test wrapper and shared saucelabs connection between tests (#34769) 2020-01-28 13:47:00 -08:00
bazel.linux.rc ci: move setup of bazel configurations into the env init scripts (#34834) 2020-01-22 14:37:02 -05:00
bazel.windows.rc ci: always set up RBE for bazel executions on CI (#34834) 2020-01-22 14:37:02 -05:00
config.yml fix(dev-infra): use commit message validation from @angular/dev-infra-private (#36172) 2020-04-06 09:28:52 -07:00
env-helpers.inc.sh ci(docs-infra): use the tests from the stable branch in `aio_monitoring_stable` CircleCI job (#30110) 2019-04-26 16:33:45 -07:00
env.sh build: update to clang 1.4.0 and only run clang format on changed files (#36203) 2020-04-01 13:18:09 -07:00
gcp_token ci: update gcp_token (#31405) 2019-07-03 08:54:02 -07:00
github_token ci: re-encrypt .circleci/github_token (#26698) 2018-10-23 13:31:48 -07:00
setup_cache.sh Revert "build: update to newer circleCI bazel remote cache proxy (#25054)" (#25076) 2018-07-24 16:05:58 -07:00
trigger-webhook.js ci(docs-infra): manually trigger the preview server webhook (#27458) 2018-12-04 13:59:54 -08:00
windows-env.ps1 build: depend on bazelisk rather than directly on Bazel (#36078) 2020-03-16 10:58:06 -07:00

README.md

Encryption

Based on https://github.com/circleci/encrypted-files

In the CircleCI web UI, we have a secret variable called KEY https://circleci.com/gh/angular/angular/edit#env-vars which is only exposed to non-fork builds (see "Pass secrets to builds from forked pull requests" under https://circleci.com/gh/angular/angular/edit#advanced-settings)

We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.

To create the github_token file, we take this approach:

  • Find the angular-builds:token in http://valentine
  • Go inside the CircleCI default docker image so you use the same version of openssl as we will at runtime: docker run --rm -it circleci/node:10.12
  • echo "https://[token]:@github.com" > credentials
  • openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
  • If needed, base64-encode the result so you can copy-paste it out of docker: base64 github_token