iSharkFly-Docs
/
angular-docs-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
angular-docs-cn/.circleci
History
George Kalpakas c53bae839d ci: fail CI jobs when rebasing on master fails (#40161) 
As part of the `setup` CI job (which is a prerequisite for all other CI
jobs), we rebase the current code on master to make sure the PR changes
are compatible with the latest code from master, even if the PR has not
been rebased recently.

When it is not possible to automatically rebase (i.e. when there are
conflicts that need to be resolved manually), the job and subsequently
the entire workflow should fail.

This behavior has been accidentally broken in #39592, so that the job
would succeed even if the rebase operation failed.

This commit fixes it by ensuring the `exec()` helper used in
`rebase-pr.js` will throw an error if the underlying command execution
fails. Previously, the function would always return stdout output as a
string and attach a `code` property indicating the exit code of the
command.

Since the exit code isn't necessary in the `rebase-pr.js` script, this
commit simplifies the `exec()` helper by making it return the stdout
output as a plain string (without extra properties) and re-throw any
errors (unless the `ignoreError` argument is set to `true`).

(Initially reported [here][1] by @JoostK.)

[1]: https://angular-team.slack.com/archives/C042EU9T5/p1608070403128900

PR Close #40161
 		2020-12-17 09:43:48 -08:00
..
README.md docs(dev-infra): update .circleci/README.md (#37212) 2020-05-20 09:40:51 -07:00
bazel.common.rc refactor: simplify bazel saucelabs targets using karma pre-test wrapper and shared saucelabs connection between tests (#34769) 2020-01-28 13:47:00 -08:00
bazel.linux.rc ci: use larger resource classes for bazel builds (#39124) 2020-10-05 17:06:48 -07:00
bazel.windows.rc ci: separate the windows CI tests into build and test (#39289) 2020-10-16 14:22:22 -07:00
config.yml ci: remove unnecessary retry for docs examples tests (#39905) 2020-12-01 11:39:49 -08:00
env-helpers.inc.sh ci(docs-infra): use the tests from the stable branch in `aio_monitoring_stable` CircleCI job (#30110) 2019-04-26 16:33:45 -07:00
env.sh test: update components repo to test against recent revision (#38273) 2020-08-06 15:21:02 -07:00
gcp_token ci: update gcp_token (#31405) 2019-07-03 08:54:02 -07:00
github_token ci: re-encrypt .circleci/github_token (#26698) 2018-10-23 13:31:48 -07:00
rebase-pr.js ci: fail CI jobs when rebasing on master fails (#40161) 2020-12-17 09:43:48 -08:00
setup_cache.sh Revert "build: update to newer circleCI bazel remote cache proxy (#25054)" (#25076) 2018-07-24 16:05:58 -07:00
trigger-webhook.js style(dev-infra): enforce format on newly included files (#36940) 2020-06-12 15:06:41 -07:00
windows-env.ps1 ci: run windows CI jobs on PRs (#39139) 2020-10-14 14:09:49 -07:00

README.md

Encryption

Based on https://github.com/circleci/encrypted-files

In the CircleCI web UI, we have a secret variable called KEY https://circleci.com/gh/angular/angular/edit#env-vars which is only exposed to non-fork builds (see "Pass secrets to builds from forked pull requests" under https://circleci.com/gh/angular/angular/edit#advanced-settings)

We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.

To create the github_token file, we take this approach:

  • Find the angular-builds:token in the internal pw database
  • Go inside the CircleCI default docker image so you use the same version of openssl as we will at runtime: docker run --rm -it circleci/node:10.12
  • echo "https://[token]:@github.com" > credentials
  • openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
  • If needed, base64-encode the result so you can copy-paste it out of docker: base64 github_token