angular-docs-cn/aio/aio-builds-setup/docs/vm-setup--set-up-secrets.md

1.7 KiB

VM Setup - Set up secrets

Overview

Necessary secrets:

  1. GITHUB_TOKEN

    • Used for:
      • Retrieving open PRs without rate-limiting.
      • Retrieving PR author.
      • Retrieving members of the trusted GitHub teams.
      • Posting comments with preview links on PRs.
  2. PREVIEW_DEPLOYMENT_TOKEN

    • Used for:
      • Decoding the JWT tokens received with /create-build requests.

Note: TEST_GITHUB_TOKEN and TEST_PREVIEW_DEPLOYMENT_TOKEN can also be created similar to their non-TEST counterparts and they will be loaded when running aio-verify-setup, but it is currently not clear if/how they can be used in tests.

Create secrets

  1. GITHUB_TOKEN

  2. PREVIEW_DEPLOYMENT_TOKEN

    • Just generate a hard-to-guess character sequence.
    • Add it to .travis.yml under addons -> jwt -> secure. Can be added automatically with: travis encrypt --add addons.jwt PREVIEW_DEPLOYMENT_TOKEN=<access-key>

Note: Due to travis-ci/travis-ci#7223 it is not currently possible to use the JWT addon (as described above) for anything other than the SAUCE_ACCESS_KEY variable. You can get creative, though...

WARNING TO avoid arbitrary uploads, make sure the PREVIEW_DEPLOYMENT_TOKEN is NOT printed in the Travis log.

Save secrets on the VM

  • sudo mkdir /aio-secrets
  • sudo touch /aio-secrets/GITHUB_TOKEN
  • Insert <github-token> into /aio-secrets/GITHUB_TOKEN.
  • sudo touch /aio-secrets/PREVIEW_DEPLOYMENT_TOKEN
  • Insert <access-token> into /aio-secrets/PREVIEW_DEPLOYMENT_TOKEN.
  • sudo chmod 400 /aio-secrets/*