Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch off BrowserStack for PRs from community #7077

Closed
pomek opened this issue Jan 29, 2018 · 3 comments
Closed

Switch off BrowserStack for PRs from community #7077

pomek opened this issue Jan 29, 2018 · 3 comments
Assignees
@pomek
Labels
package:dev type:task This issue reports a chore (non-production change) and other types of "todos".
Milestone
iteration 14

Comments

@pomek
Copy link
Member

pomek commented Jan 29, 2018

The problem occurs here – ckeditor/ckeditor5-image#168.

We have a PR created from the forked repository. Unfortunately, Travis does not allow decrypting variables in such cases.

A pull request sent from a fork of the upstream repository could be manipulated to expose any environment variables. The upstream repository’s maintainer would have no protection against this attack, as pull requests can be sent by anyone with a fork.

Travis CI makes encrypted variables and data available only to pull requests coming from the same repository. These are considered trustworthy, as only members with write access to the repository can send them.

Pull requests sent from forked repositories do not have access to encrypted variables or data.

So, we have to change our dev script. BrowserStack cannot be used if a PR comes from the forked repositories.

We also cannot change a way how we want to decrypt the variables because a user can put in forked .travis.yml file something like echo VARIABLE_NAME and our secret will not be a secret anymore.
@pomek pomek self-assigned this Jan 29, 2018
@pomek
Copy link
Member Author

pomek commented Feb 13, 2018 

const enableBrowserStack = () => {
	return process.env.TRAVIS_EVENT_TYPE !== 'pull_request' || process.env.TRAVIS_PULL_REQUEST_SLUG === process.env.TRAVIS_REPO_SLUG;
};

The code above allows detecting whether BrowserStack should be enabled or disabled during the build.

Reinmar referenced this issue in ckeditor/ckeditor5-dev Feb 13, 2018
@Reinmar
Merge pull request #364 from ckeditor/t/358
b4f98ac 
Fix: BrowserStack will be disabled for PR builds that come from the community. Closes #358.
@pomek
Copy link
Member Author

pomek commented Apr 24, 2018

Unfortunately, https://travis-ci.org/ckeditor/ckeditor5-enter/builds/370395961 proves that the bug still exists.

@pomek
Copy link
Member Author

pomek commented Apr 24, 2018

Reported as a new issue – https://github.com/ckeditor/ckeditor5-dev/issues/402.

@mlewand mlewand transferred this issue from ckeditor/ckeditor5-dev May 18, 2020
@mlewand mlewand added this to the iteration 14 milestone May 18, 2020
@mlewand mlewand added type:task This issue reports a chore (non-production change) and other types of "todos". package:dev labels May 18, 2020
@pomek pomek mentioned this issue May 18, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pomek pomek

Labels
package:dev type:task This issue reports a chore (non-production change) and other types of "todos".
Projects
None yet
Milestone
iteration 14
Development

No branches or pull requests
2 participants
@pomek @mlewand