honeymoose/angular-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
angular-cn/.circleci
History
George Kalpakas 7ad6b0378c ci(docs-infra): manually trigger the preview server webhook (#27458) 
With this change, we no longer depend on CircleCI to trigger the webhook
(which it sometimes does with considerable delay or not at all).

This has the added benefit that other jobs will not unnecessarily
trigger webhooks and spam the preview server logs. It is only the
`aio_preview` job's webhook that we care about.

Related to #27352.

PR Close #27458
2018-12-04 13:59:54 -08:00
..
bazel.rc
build: fix size artifacts not measured by github robot (#27042)
2018-11-20 10:44:12 -08:00
config.yml
ci(docs-infra): manually trigger the preview server webhook (#27458)
2018-12-04 13:59:54 -08:00
env-helpers.inc.sh
ci: move CircleCI env variables definition to shell script (#26596)
2018-10-26 13:22:52 -04:00
env.sh
ci(docs-infra): notify caretaker about aio_monitoring failures (#26649)
2018-10-29 13:00:20 -04:00
gcp_token
build(bazel): Run build-packages-dist on RBE (#25237)
2018-08-20 16:34:45 -07:00
github_token
ci: re-encrypt .circleci/github_token (#26698)
2018-10-23 13:31:48 -07:00
rbe-bazel.rc
test(bazel): Run Angular test on RBE (#25370)
2018-09-18 13:29:54 -07:00
README.md
build: use bazel version from node modules (#26691)
2018-10-30 16:19:13 -04:00
setup_cache.sh
Revert "build: update to newer circleCI bazel remote cache proxy (#25054)" (#25076)
2018-07-24 16:05:58 -07:00
trigger-webhook.js
ci(docs-infra): manually trigger the preview server webhook (#27458)
2018-12-04 13:59:54 -08:00

README.md

Encryption

Based on https://github.com/circleci/encrypted-files

In the CircleCI web UI, we have a secret variable called KEY https://circleci.com/gh/angular/angular/edit#env-vars which is only exposed to non-fork builds (see "Pass secrets to builds from forked pull requests" under https://circleci.com/gh/angular/angular/edit#advanced-settings)

We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.

To create the github_token file, we take this approach:

  • Find the angular-builds:token in http://valentine
  • Go inside the CircleCI default docker image so you use the same version of openssl as we will at runtime: docker run --rm -it circleci/node:10.12
  • echo "https://[token]:@github.com" > credentials
  • openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
  • If needed, base64-encode the result so you can copy-paste it out of docker: base64 github_token