You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thinking we can do this without access control, in all honesty. This command would only deploy things to roobot-prod heroku app that are already on roobot-test. And things only get to roobot-test if they're tagged commits on "master", as that's all the travis is told to deploy.
Thinking this would pair nicely with a custom heroku buildpack that allowed us to use an envvar to set keybase.io users who must sign the tag in order for it to compile and deploy.
So basically, here's the pieces:
set up travis to only deploy tagged commits on master to heroku
custom heroku buildpack that expects something like this: HEROKU_BUILDPACK_SIGS=whit537,patcon,seanlinsley,<etc>
Thinking we can do this without access control, in all honesty. This command would only deploy things to
roobot-prod
heroku app that are already onroobot-test
. And things only get toroobot-test
if they're tagged commits on "master", as that's all the travis is told to deploy.Thinking this would pair nicely with a custom heroku buildpack that allowed us to use an envvar to set keybase.io users who must sign the tag in order for it to compile and deploy.
So basically, here's the pieces:
HEROKU_BUILDPACK_SIGS=whit537,patcon,seanlinsley,<etc>
heroku labs:enable user-env-compile
(See: https://discussion.heroku.com/t/passing-environment-variables-to-slug-compiler/75)roobot-test
(ie. everything onroobot-test
is cryptographically guaranteed trusted by us)roobot-test
toroobot-prod
EDIT: Apparently
heroku labs:enable user-env-compile
is enabled by default now:http://stackoverflow.com/a/22909608/504018
The text was updated successfully, but these errors were encountered: