1880c9531f
Some of the `aio`-/`docs`-related jobs rely on the locally built Angular packages. When these jobs fail, it could mean that there is an issue with the Angular packages (e.g. an unintentional breaking change). This commit ensures that the `publish_artifacts` job is not run, unless those `aio`-/`docs`-related jobs pass. (The `test_aio_tools` job also uses the locally built Angular packages, but it does not exercise them in a meaningful way to be worth making it a prerequisite for `publish_artifacts`.) PR Close #26722 |
||
|---|---|---|
| .. | ||
| README.md | ||
| bazel.rc | ||
| config.yml | ||
| gcp_token | ||
| github_token | ||
| rbe-bazel.rc | ||
| setup_cache.sh | ||
README.md
Encryption
Based on https://github.com/circleci/encrypted-files
In the CircleCI web UI, we have a secret variable called KEY
https://circleci.com/gh/angular/angular/edit#env-vars
which is only exposed to non-fork builds
(see "Pass secrets to builds from forked pull requests" under
https://circleci.com/gh/angular/angular/edit#advanced-settings)
We use this as a symmetric AES encryption key to encrypt tokens like a GitHub token that enables publishing snapshots.
To create the github_token file, we take this approach:
- Find the angular-builds:token in http://valentine
- Go inside the ngcontainer docker image so you use the same version of openssl as we will at runtime:
docker run --rm -it angular/ngcontainer - echo "https://[token]:@github.com" > credentials
- openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
- If needed, base64-encode the result so you can copy-paste it out of docker:
base64 github_token