PHPCI
PHPCI copied to clipboard
dancryer
Storing "secret" data in phpci.yml
If you use something like codeclimate you need to set an environmental variable CODECLIMATE_REPO_TOKEN for the test-reporter to know which repo the test results are for, this would be different per repo.
You can set a env variable in .phpci.yml but this then makes your token public, although no one will be able to do much with it other than submit fake test results it still isn't great to do that.
A way around this is to define the variable in the supervisor config, but that will only work if you have one project using it as you can obviously only set one value.
I am thinking there either needs to be be a way in PHPCI to set variables like this in the UI which get defined whenever a project builds, or we do something like travis does
i.e. a command like php console phpci:encrypt VALUE which will encrypt it using a key which is private to your install (obviously we'd need something to generate a key on install as well) and you can then put the encrypted value in the .phpci.yml and the job runner will then decrypt it when actually running a build
Does that make sense? @dancryer
think it makes more sense we have the ability to set global ,group and projects specific environment variables inside of phpci. like the %BUILD_PATH% so in your .phpci.yml you can use %CODECLIMATE_REPO_TOKEN% and inside the phpci you can add, say a group environment Variable CODECLIMATE_REPO_TOKEN with value "your token123". This is also a good choice for database password and for anything else what should be hidden and not plaintext in an yml file.
