diff --git a/aio/aio-builds-setup/docs/01. VM setup - Set up secrets.md b/aio/aio-builds-setup/docs/01. VM setup - Set up secrets.md index b9d73bd722..7c3206886c 100644 --- a/aio/aio-builds-setup/docs/01. VM setup - Set up secrets.md +++ b/aio/aio-builds-setup/docs/01. VM setup - Set up secrets.md @@ -18,8 +18,8 @@ Necessary secrets: **Note:** `TEST_GITHUB_TOKEN` and `TEST_PREVIEW_DEPLOYMENT_TOKEN` can also be created similar to their -non-TEST counterparts and they will be loaded when running `aio-verify-setup`, but it currently not -clear if/how they can be used in tests. +non-TEST counterparts and they will be loaded when running `aio-verify-setup`, but it is currently +not clear if/how they can be used in tests. ## Create secrets @@ -33,6 +33,14 @@ clear if/how they can be used in tests. - Add it to `.travis.yml` under `addons -> jwt -> secure`. Can be added automatically with: `travis encrypt --add addons.jwt PREVIEW_DEPLOYMENT_TOKEN=` +**Note:** +Due to [travis-ci/travis-ci#7223](https://github.com/travis-ci/travis-ci/issues/7223) it is not +currently possible to use the JWT addon (as described above) for anything other than the +`SAUCE_ACCESS_KEY` variable. You can get creative, though... + +**WARNING** +TO avoid arbitrary uploads, make sure the `PREVIEW_DEPLOYMENT_TOKEN` is NOT printed in the Travis log. + ## Save secrets on the VM diff --git a/aio/scripts/deploy-preview.sh b/aio/scripts/deploy-preview.sh index 9d8f383793..d624b3c4ef 100755 --- a/aio/scripts/deploy-preview.sh +++ b/aio/scripts/deploy-preview.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash -set -eux -o pipefail +# WARNING: NGBUILDS_IO_KEY should NOT be printed. +set +x -eu -o pipefail INPUT_DIR=dist/ diff --git a/scripts/ci/env.sh b/scripts/ci/env.sh index 40c30f6aeb..ceaf75c0e2 100755 --- a/scripts/ci/env.sh +++ b/scripts/ci/env.sh @@ -74,6 +74,7 @@ if [[ ${TRAVIS:-} ]]; then # If NGBUILDS_IO_KEY not set yet, export the NGBUILDS_IO_KEY using the JWT token that Travis generated and exported for SAUCE_ACCESS_KEY. # This is a workaround for travis-ci/travis-ci#7223 + # WARNING: NGBUILDS_IO_KEY should NOT be printed export NGBUILDS_IO_KEY=${NGBUILDS_IO_KEY:-$SAUCE_ACCESS_KEY} # Used by karma and karma-chrome-launcher