b5ec5a7fca
Because the compiler-cli tests modify node_modules, this can cause failures on windows CI specifically as node_modules are symlinked to rather than copied. By running the test and build actions in separate commands, all of the tests are built to be executed before and tests are executed and modify the node_modules content. PR Close #39289 |
||
|---|---|---|
| .. | ||
| README.md | ||
| bazel.common.rc | ||
| bazel.linux.rc | ||
| bazel.windows.rc | ||
| config.yml | ||
| env-helpers.inc.sh | ||
| env.sh | ||
| gcp_token | ||
| github_token | ||
| setup_cache.sh | ||
| trigger-webhook.js | ||
| windows-env.ps1 | ||
README.md
Encryption
Based on https://github.com/circleci/encrypted-files
In the CircleCI web UI, we have a secret variable called KEY
https://circleci.com/gh/angular/angular/edit#env-vars
which is only exposed to non-fork builds
(see "Pass secrets to builds from forked pull requests" under
https://circleci.com/gh/angular/angular/edit#advanced-settings)
We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.
To create the github_token file, we take this approach:
- Find the angular-builds:token in the internal pw database
- Go inside the CircleCI default docker image so you use the same version of openssl as we will at runtime:
docker run --rm -it circleci/node:10.12 - echo "https://[token]:@github.com" > credentials
- openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
- If needed, base64-encode the result so you can copy-paste it out of docker:
base64 github_token