7b6ee5e0d9
Previously, the `test_saucelabs_bazel` job was run as part of the `saucelabs_test` workflow every hour (for every "publish branch"; currently 8.0.x, 8.1.x and master). Since this job runs a subset of the tests in `legacy-unit-tests-saucelabs` (see [BUILD.bazel][1]) and is just a proof-of-concept for running tests on SauceLabs via bazel, there is little point in running is on all branches. It is also wasteful to run it every hour, even if there were no changes pushed into the branch since the last run. This commit makes the job part of `default_workflow`, but limits it to only be run on master builds (not on other branches or PRs). Based on its recent history, the job is relatively stable and (since it will only be run on master builds) it is not expected to affect our dev workflow. [1]: https://github.com/angular/angular/blob/ef44f51d5/BUILD.bazel#L66-L92 PR Close #31636
Encryption
Based on https://github.com/circleci/encrypted-files
In the CircleCI web UI, we have a secret variable called KEY
https://circleci.com/gh/angular/angular/edit#env-vars
which is only exposed to non-fork builds
(see "Pass secrets to builds from forked pull requests" under
https://circleci.com/gh/angular/angular/edit#advanced-settings)
We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.
To create the github_token file, we take this approach:
- Find the angular-builds:token in http://valentine
- Go inside the CircleCI default docker image so you use the same version of openssl as we will at runtime:
docker run --rm -it circleci/node:10.12 - echo "https://[token]:@github.com" > credentials
- openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
- If needed, base64-encode the result so you can copy-paste it out of docker:
base64 github_token