angular-cn/.circleci
Sergej 8f0fcc3f71 feat(docs-infra): Add opensearch description (#25479)
Enables Chrome users to search angular.io and its subdomains from the browsers navigation bar.
Not sure if compatible with Firefox yet.
The queried term in the URL is removed after closing the search-results.

PR Close #25479
2018-09-19 15:31:49 -07:00
..
README.md ci: hide encryption key from circleci logs (#23585) 2018-05-02 16:43:13 -07:00
bazel.rc test(bazel): Run Angular test on RBE (#25370) 2018-09-18 13:29:54 -07:00
config.yml feat(docs-infra): Add opensearch description (#25479) 2018-09-19 15:31:49 -07:00
gcp_token build(bazel): Run build-packages-dist on RBE (#25237) 2018-08-20 16:34:45 -07:00
github_token ci: fix github_token following README (#23658) 2018-05-02 21:41:10 -07:00
rbe-bazel.rc test(bazel): Run Angular test on RBE (#25370) 2018-09-18 13:29:54 -07:00
setup_cache.sh Revert "build: update to newer circleCI bazel remote cache proxy (#25054)" (#25076) 2018-07-24 16:05:58 -07:00

README.md

Encryption

Based on https://github.com/circleci/encrypted-files

In the CircleCI web UI, we have a secret variable called KEY https://circleci.com/gh/angular/angular/edit#env-vars which is only exposed to non-fork builds (see "Pass secrets to builds from forked pull requests" under https://circleci.com/gh/angular/angular/edit#advanced-settings)

We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.

To create the github_token file, we take this approach:

  • Find the angular-builds:token in http://valentine
  • Go inside the ngcontainer docker image so you use the same version of openssl as we will at runtime: docker run --rm -it angular/ngcontainer
  • echo "https://[token]:@github.com" > credentials
  • openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
  • If needed, base64-encode the result so you can copy-paste it out of docker: base64 github_token