Re: [PATCH v1] travis-ci: build and test Git on Windows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 23, 2017 at 05:22:51PM +0100, Johannes Schindelin wrote:

> > The benefit is that Windows CI does not have to subscribe to the
> > GitHub repository to get notified (instead uses Travis as a relay
> > for update notification) and the result can be seen at the same
> > place as results on other platforms Travis natively support are
> > shown?  
> 
> Almost... Windows CI *cannot* subscribe to the GitHub repository, as only
> owners can install web hooks and give permission to update build status.
> 
> But yeah, you understand correctly: this innocuous change (along with a
> ton of work I already finished on my side) allows us to let Travis trigger
> Windows build & test and to attach the log in the same place as the
> Linux/OSX results are already accessible.

I don't mind adding a webhook if it helps. If I understand correctly
that would just handle the notification site. But then if the Windows
build status were public, we could have Travis simply fetch it to keep
the build reports all together, without having to worry about a secret
token.

I don't mind proceeding with the secret token, though. You're the owner
of the service the token accesses, so if you're comfortable with it, I
am.

> > > Things, that would need to be done:
> > > * Someone with write access to https://travis-ci.org/git/git would need
> > >   to add the secret token as "GFW_CI_TOKEN" variable in the TravisCI
> > >   repository setting [1]. Afterwards the build should just work.
> > 
> > We need to make sure this does not leak to the execution log of
> > Travis.
> [...]
> 
> Right, typically there is a way in CI setups that marks certain strings as
> secret and whenever they appear in the log, they will be blotted out.

I think both Junio and I have access to the Travis config. Travis does
have a "this is secret" flag for setup config. But I think we'd need to
verify that running the Travis build does not leak the variable in any
other way.

For instance, if it's in the environment, can I push up a branch that
does "set | grep GFW_CI_TOKEN", open a PR, and see it? I don't know the
answer.

-Peff
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]