c049cf2206
We keep a version of yarn in the repo, at `third_party/github.com/yarnpkg/`. All CI jobs should use that version for consistency (and easier updates). Previously, the Windows jobs did not use the local version. They used the version that came pre-installed on the docker image that we used. This made it more difficult to update the yarn version (something that we might want to do independently of updating other dependencies, such as Node.js). This commit fixes this by setting up the Windows CI jobs to also use the local, vendored version of yarn. PR Close #34384 |
||
|---|---|---|
| .. | ||
| README.md | ||
| bazel.common.rc | ||
| bazel.linux.rc | ||
| bazel.windows.rc | ||
| config.yml | ||
| env-helpers.inc.sh | ||
| env.sh | ||
| gcp_token | ||
| get-commit-range.js | ||
| get-vendored-yarn-path.js | ||
| github_token | ||
| setup-rbe.sh | ||
| setup_cache.sh | ||
| trigger-webhook.js | ||
| windows-env.ps1 | ||
| windows-yarn-setup.ps1 | ||
| windows-yarn.ps1.template | ||
README.md
Encryption
Based on https://github.com/circleci/encrypted-files
In the CircleCI web UI, we have a secret variable called KEY
https://circleci.com/gh/angular/angular/edit#env-vars
which is only exposed to non-fork builds
(see "Pass secrets to builds from forked pull requests" under
https://circleci.com/gh/angular/angular/edit#advanced-settings)
We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.
To create the github_token file, we take this approach:
- Find the angular-builds:token in http://valentine
- Go inside the CircleCI default docker image so you use the same version of openssl as we will at runtime:
docker run --rm -it circleci/node:10.12 - echo "https://[token]:@github.com" > credentials
- openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
- If needed, base64-encode the result so you can copy-paste it out of docker:
base64 github_token