Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secrets Mechanism #68

Merged
merged 4 commits into from
May 23, 2018
Merged

Secrets Mechanism #68

merged 4 commits into from
May 23, 2018

Conversation

jleandroperez
Copy link
Collaborator

Description:

This PR implements a (hopefully cute) mechanism which will allow us to locally store all of the App "Secrets" (API Keys and so on), and prevent exposing them to GH.

This mechanism mirrors what we've got for WPiOS, with a slight difference: we're performing a replacement OP over placeholders (while WPiOS actually generates the ApiCredentials file, entirely in Swift).

Details:

  1. Secrets are to be stored at ~/.woo_app_credentials.json)
  2. Credentials "Template" at Credentials/ApiCredentials.swift. This file is not part of any target, and never gets built directly.
  3. New Build Phase, in charge of running replace_credentials.rb
  4. This cute script will perform replacement OP's over the Template
  5. Generated file is stored at /tmp/WooCommerce.build/ApiCredentials.swift
  6. The project loads the generated file (at the absolute path)

Testing:

  1. Try to build the app (without ~/.woo_app_credentials.json. Verify you get a build error
  2. Install ~/.woo_app_credentials.json. Verify everything turns green!
  3. Delete any entry in the credentials.json file. Verify you get an error.

Aaron, what do you think?. I've got the same process in bash, but i've learnt using eval is a really bad idea. Ruby feels swifty!

cc @mindgraffiti @astralbodies

@jleandroperez jleandroperez added the type: task An internally driven task. label May 23, 2018
@jleandroperez jleandroperez added this to the Internal alpha release milestone May 23, 2018
@jleandroperez jleandroperez self-assigned this May 23, 2018
houndci-bot
houndci-bot reviewed May 23, 2018
View reviewed changes
WooCommerce/Credentials/ApiCredentials.swift Outdated
/// WooCommerce API Credentials. Generated on %{timestamp}
///
struct ApiCredentials {

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trailing Whitespace Violation: Lines should not have trailing whitespace. (trailing_whitespace)

mindgraffiti
mindgraffiti approved these changes May 23, 2018
View reviewed changes
Copy link
Contributor

@mindgraffiti mindgraffiti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know nothing about shell scripts D: but the tests all check out! It fails to build when the secrets file does not exist. It builds when secrets exist. It fails to build when a field has been omitted. (Command /bin/sh failed with exit code 1)

@jleandroperez
Copy link
Collaborator Author

On purpose 😄. The idea is for this to break... if there's a missing secret, so that we notice and don't ship with missing keys.

Thanks Thuy!!!

@jleandroperez jleandroperez merged commit 60e2111 into develop May 23, 2018
@jleandroperez jleandroperez deleted the issue/22-secrets-mechanism branch May 23, 2018 19:58
@astralbodies astralbodies mentioned this pull request May 25, 2018
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@houndci-bot houndci-bot houndci-bot left review comments

@mindgraffiti mindgraffiti mindgraffiti approved these changes

@astralbodies astralbodies Awaiting requested review from astralbodies

Assignees

@jleandroperez jleandroperez

Labels
type: task An internally driven task.
Projects
None yet
Milestone
Internal alpha release
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jleandroperez @mindgraffiti @houndci-bot