b637b9322e
The `aio_monitoring_stable` CI job is triggered as a cronjob on the master branch and its purpose is to run some e2e tests against the deployed stable version of the docs web-app at https://angular.io/. In order for the tests to be compatible with the deployed version of the web-app (which gets deployed from the stable branch), the stable branch is checked out in git as part of the CI job. Previously, we only checked out the `aio/` directory from the stable branch, leaving the rest of the code at master. This doesn't matter as long as the commands used to run the tests do not rely on code outside of `aio/`. However, it turns out that there _is_ code outside of `aio/` that affects the executed commands: It is our vendored version of yarn (in `third_party/github.com/yarnpkg/`), which overwrites the global yarn installed on the docker image on CI and must match the version range specified in `aio/package.json > engines`. Using the yarn version checked out from the master branch with the `aio/` code checked out from the stable branch can lead to failures such as [this one][1]. This commit fixes the problem by checking out both the `aio/` and `third_party/github.com/yarnpkg/` directories from the stable branch and re-running the steps to overwrite the global yarn executable with our own version from `third_party/github.com/yarnpkg/`. This ensures that the version of yarn used will be compatible with the version range specified in `aio/package.json > engines`. NOTE: We cannot checkout everything from the stable branch, since the CI config (`.circleci/config.yml` from the master branch) may try to run certain scripts (such as `.circleci/get-vendored-yarn-path.js`) that are not available on the stable branch. Therefore, we should only check out the necessary bits from the stable branch. [1]: https://circleci.com/gh/angular/angular/567315 PR Close #34451 |
||
|---|---|---|
| .. | ||
| README.md | ||
| bazel.common.rc | ||
| bazel.linux.rc | ||
| bazel.windows.rc | ||
| config.yml | ||
| env-helpers.inc.sh | ||
| env.sh | ||
| gcp_token | ||
| get-commit-range.js | ||
| get-vendored-yarn-path.js | ||
| github_token | ||
| setup-rbe.sh | ||
| setup_cache.sh | ||
| trigger-webhook.js | ||
| windows-env.ps1 | ||
| windows-yarn-setup.ps1 | ||
| windows-yarn.ps1.template | ||
README.md
Encryption
Based on https://github.com/circleci/encrypted-files
In the CircleCI web UI, we have a secret variable called KEY
https://circleci.com/gh/angular/angular/edit#env-vars
which is only exposed to non-fork builds
(see "Pass secrets to builds from forked pull requests" under
https://circleci.com/gh/angular/angular/edit#advanced-settings)
We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.
To create the github_token file, we take this approach:
- Find the angular-builds:token in http://valentine
- Go inside the CircleCI default docker image so you use the same version of openssl as we will at runtime:
docker run --rm -it circleci/node:10.12 - echo "https://[token]:@github.com" > credentials
- openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
- If needed, base64-encode the result so you can copy-paste it out of docker:
base64 github_token