I'm trying to add NODE variable to travis through travis encrypt feature. However, the text is too large that I cannot run it.
travis encrypt super=large-text --add
I tried to look into the instruction through Travis Encryption Files. However, it doesn't show the content of the encrypt file. I'm not sure how to encrypt a large variable to travis. Please help to take a look at this. Thanks
Just go to Travis CI Dashboard and add your secret variables.
Related
I am working on setting up CI/CD for my organization. I am trying to build an automated system that will deploy our changes to our Shopify theme when we push to a branch.
I have a config.yml file that contains information like password, themeID and so on. I am trying to find a way to hide these variables in our repo. Github secrets have not seemed to work, as I can't figure out how to pass those secrets from my workflow yaml file to my root level config.yml file. Any help would be greatly appreciated!
I've been using AWS amplify to build my iOS app's backend.
I have created 4 DTAP environments in the backend, with 4 different configurations, and use a run-script to switch in the correct versions of awsconfiguration.json and amplifyconfiguration.json at compile-time based on the selected scheme.
Since these auto-generated config files contain a number of secrets and API keys, I am keeping them away from source control in my .gitignore as this would be a point of failure, and I don't want to expose my entire backend in this way.
This works fine locally, but when I run my CI on Bitrise, the build fails since these config files aren't present. I need to find a way to get these AWS and Amplify config files into the CI to be able to create my test builds.
If I am being overly cautious, and the config files are actually fine to keep in source control (i.e. not secret), please let me know. I really don't want to set up secrets as individual environment variables, since Amplify will have several secrets and endpoints for each environment I need, and it feels too messy and complicated to have a script building these config files as a CI stage.
Things I've tried:
Creating mock config files with fake secrets that is copied in at compile time - this fails because the compile-time script still tries to copy the non-existent config files for the real environment
Using individual environment variables as secrets in Bitrise - this is likely to work, but will be a monumental effort for my 1-dev startup to maintain
Touching a fake config file to copy over - this works but means the actual AWS infra doesn't work in the test builds
I'll be grateful for any thoughts, suggestions or experience anyone has.
Thanks
Jacob
I would recommend using Generic File Storage and the related step to download them. This will inject them into your build and you will be able to put them where they need to be before the project is compiled.
The Rails Team introduced a new way to handle secrets in the application using a new concept called credentials (http://weblog.rubyonrails.org/2017/9/23/this-week-in-rails-new-credentials-configuration-bugfixes-and-more/).
To encrypt and decrypt the credentials files you need the master.key file. I'm running my test suite using CircleCI but the master.key is not available in the github repository and therefore CircleCI can not build the application correctly.
What is the best way to handle this situations in CircleCI?
According to the release notes the key can either be in a key file or an environment variable called RAILS_MASTER_KEY
Under settings in CircleCI you can go Build Settings > Environment Variables and place the key there.
I'm developing an open source project containing a number of optimization tools. I've uploaded the project to github and I would like to automatically run the test suite every time someone submits a pull request. To this extend I was planning on using travis-ci. Problem is that the test suite depends on a 3rd party solver (IBM cplex).
To run the test suite locally on my computer, I would do the following:
Download and install solver IBM Cplex
Install cplex.jar in my local maven repository: mvn install:install-file -DgroupId=cplex -DartifactId=cplex -Dversion=12.6.1 -Dpackaging=jar -Dfile=/opt/ILOG/CPLEX_Studio1261/cplex/lib/cplex.jar
Set my LD_LIBRARY_PATH variable to point to the solver's native libraries: export LD_LIBRARY_PATH=/opt/ILOG/CPLEX_Studio1261/cplex/bin/x86-64_linux/:$LD_LIBRARY_PATH
Compile/run the test suite.
Problems:
Cplex is not open source; I don't want to upload it to my github repository. In addition, its unpacked size is quite big (1GB).
Is there a way to uploaded the necessary solver files to travis-ci without making them publicly available? This stack overflow question describes how I could get my cplex.jar into travis, but as far as I can tell I would have to put the jar on some webserver and add a clearly readable link to in in the .travis.yml file.
Even if I manage to get cplex.jar into travis, how do I get the native libraries there as well? Their size is quite big, so it would be undesirable if travis has to download these libraries every time it has to perform a build. Furthermore, I don't want to make these libraries available to anyone but the travis test system.
If it turns out that the above is not possible. Is there another CI system, perhaps one that I can run on a private server, that could do this and run whenever a pull-request is submitted through github?
You may want to look at Travis file encryption. You would still need to add the (albeit) encrypted cplex.jar to your git repository, but at least it wouldn't be public. I can see why this would not be ideal in your type of situation but since you didn't mention it, I wrote this answer just in case.
Alternatively, you could also store the cplex.jar on your own server, and then store the URL in an encrypted environment variable.
I'm using Jenkins to create a build for my Node.js project. I use Grunt to build my project and I use a plugin called config-leaf so that I can encrypt my Gruntfile prior to putting it in our repo since there are sensitive things in that file.
When Jenkins downloads my code, I need to be able to decrypt the file stored in Git using npm run decrypt to run the decryption script. I am prompted for the password by the command. How can I have Jenkins enter the password when it reaches this point?