New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tests: support for travis jwt ends on april 17th #9508

Open
cajus opened this Issue Mar 20, 2018 · 7 comments

Comments

Projects
None yet
3 participants
@cajus
Contributor

cajus commented Mar 20, 2018

We're currently using JWT for our tests in saucelabs. This was needed, because we do not want to expose credentials inside PR builds. Sadly there seem to be some concerns with it, so travis decided to shut it down.

Loosing JWT also shuts down our saucelabs tests, so we've to act somehow. I had no time to think/work on an alternative way of authenticating. Ideas are welcome.

@oetiker

This comment has been minimized.

Member

oetiker commented Mar 20, 2018

I have done some research and it seems that no one has yet come up with a good solution ... saucelabs does not say anything on their blog or otherwise ...

so, for now, I guess we have to go back to our old solution ...

@cajus

This comment has been minimized.

Contributor

cajus commented Mar 20, 2018

Not sure. I've some vague ideas, but I've to think about them more in detail. Will come up with them if they might work for further discussion.

@cajus

This comment has been minimized.

Contributor

cajus commented Mar 20, 2018

What about this approach:

  • disable automatic tests in travis
  • create a webhook in github which calls a simple service (which i.e. our company could host)
  • let the service trigger the travis build by completely providing the .travis.yml information via the travis API
  • let the service provide the credentials which get directly removed after setting up the tunnel
  • all this must happen before scripts in our .travis directory are executed

The service should keep a blacklist of files (i.e. .travis.*) when a travis build must not be triggered.

I know that this involves an additional service, but it's a realtive simple one. We already have the travis ci config, just the handling of secure env variables can be disabled, because we can control when to expose them.

@oetiker

This comment has been minimized.

Member

oetiker commented Mar 20, 2018

yes, an external service seems to be the only way around this ... taking the ability to mess with the test suit away ... is it possible to set up the saucelab link before any user code is run?

@level420

This comment has been minimized.

Member

level420 commented Apr 4, 2018

@cajus seems like ampproject found a way to use saucelabs with something they call "temporary per-run token".
See ampproject/amphtml#14034
Could you have a look? Thanky you!

@level420

This comment has been minimized.

Member

level420 commented Jul 26, 2018

now after a long grace period it seems that travis really took jwt offline.

"He's dead Jim!"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment