Skip to content
This repository was archived by the owner on Sep 26, 2023. It is now read-only.

build: fetch release notification secrets from secret manager#1196

Merged
chingor13 merged 2 commits intomasterfrom
fix-release
Oct 5, 2020
Merged

build: fetch release notification secrets from secret manager#1196
chingor13 merged 2 commits intomasterfrom
fix-release

Conversation

@chingor13
Copy link
Contributor

@chingor13 chingor13 commented Sep 30, 2020

The release reporter now needs secrets from secret manager as the GitHub Magic Proxy is blocked.

@chingor13 chingor13 requested a review from a team September 30, 2020 23:02
@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Sep 30, 2020
@codecov
Copy link

codecov bot commented Sep 30, 2020
edited
Loading

Codecov Report

Merging #1196 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #1196   +/-   ##
=========================================
  Coverage     79.06%   79.06%           
  Complexity     1197     1197           
=========================================
  Files           205      205           
  Lines          5268     5268           
  Branches        435      435           
=========================================
  Hits           4165     4165           
  Misses          930      930           
  Partials        173      173

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9977dd2...e0a381b. Read the comment docs.

vam-google
vam-google reviewed Sep 30, 2020
View reviewed changes
Copy link
Contributor

@vam-google vam-google left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but one question about the populate_secrets script.

.kokoro/populate_secrets.sh
# See the License for the specific language governing permissions and
# limitations under the License.

set -eo pipefail
Copy link
Contributor

@vam-google vam-google Sep 30, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it a script shared by multiple repositories (i.e. was it copied here, or was it written from scratch)? I'm asking mainly from the security perspective (if it has been tested before for a potential secrets "leaks", since it does some non-trivial stuff on them).

Copy link
Contributor Author

@chingor13 chingor13 Sep 30, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the same secret loader in all the java client libraries (managed by templates). The gax repo does not share the same templates as many are related to maven builds and not gradle.

@product-auto-label product-auto-label bot added the api: cloudbuild Issues related to the Cloud Build API. label Oct 1, 2020
@miraleung miraleung self-requested a review October 5, 2020 20:30
@chingor13 chingor13 merged commit 0976e20 into master Oct 5, 2020
@chingor13 chingor13 deleted the fix-release branch October 5, 2020 20:42
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@vam-google vam-google vam-google left review comments

@miraleung miraleung miraleung approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

api: cloudbuild Issues related to the Cloud Build API. cla: yes This human has signed the Contributor License Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chingor13 @miraleung @vam-google